WO2014083724A1 - Emergency call establishment system, communication apparatus, emergency call establishment method, and nontemporary computer readable medium - Google Patents

Emergency call establishment system, communication apparatus, emergency call establishment method, and nontemporary computer readable medium Download PDF

Info

Publication number
WO2014083724A1
WO2014083724A1 PCT/JP2013/004691 JP2013004691W WO2014083724A1 WO 2014083724 A1 WO2014083724 A1 WO 2014083724A1 JP 2013004691 W JP2013004691 W JP 2013004691W WO 2014083724 A1 WO2014083724 A1 WO 2014083724A1
Authority
WO
WIPO (PCT)
Prior art keywords
emergency call
network device
network
security information
receiving
Prior art date
Application number
PCT/JP2013/004691
Other languages
French (fr)
Japanese (ja)
Inventor
雅幸 佐藤
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Publication of WO2014083724A1 publication Critical patent/WO2014083724A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/90Services for handling of emergency or hazardous situations, e.g. earthquake and tsunami warning systems [ETWS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to an emergency call establishment system, a communication device, an emergency call establishment method, and a program, and more particularly to an emergency call establishment system, a communication device, and an emergency call that establish an emergency call between a network that establishes a non-emergency call and a different network.
  • the present invention relates to a call establishment method and a program.
  • each mobile station UE (User Equipment) has an IMS (IP Multimedia Subsystem) session in the Packet Switched domain of the wireless network (E-UTRAN network or UTRAN network). Establish. Furthermore, the mobile station UE can establish an emergency call or a non-emergency call with the radio network.
  • IMS non-emergency call is a service called “Normal service”
  • IMS emergency call is a service called “Emergency service”.
  • Non-Patent Document 1 discloses an operation between two types of UE and NW (Network) as authentication at the time of IMS emergency call establishment. One is an operation of establishing "Authenticated IMS IMS Emergency Sessions” (authentication IMS emergency call), and the other is an operation of establishing "Unauthenticated IMS IMS Emergency Sessions” (unauthenticated IMS emergency call).
  • the establishment operation of the authentication IMS emergency call is the establishment of an IMS emergency call by the UE registered in the location of the Normal service, that is, the UE approved by the NW.
  • Security context established in the location registration procedure of Normal service is used.
  • the operation for establishing an unauthenticated IMS emergency call is establishment of an IMS emergency call in a UE that is not authenticated by the NW. Further, in the operation of establishing an unauthenticated IMS emergency call, the UE and NW operate as follows according to the setting policy on the NW side.
  • the NW having a policy that allows Unauthenticated IMS Emergency Sessions establishes an IMS emergency call without authenticating the UE in a situation defined as “security procedure not applied” in Non-Patent Document 1.
  • the status of "security procedure not applied” refers to the situation where USIM (User Subscriber Identity Module) is not installed, the authentication vector is not held on the NW side, the roaming agreement is not used, or IMSI (International Mobile Subscriber Identity) is used Is a situation where is prohibited. That is, the status of “security procedure not applied” is a status in which the USW has determined that the USIM is in the Limited Service Mode, or a status in which USIM authentication has failed for other reasons.
  • the NW transmits an authentication request (Authentication And Ciphering Request).
  • the UE receives the authentication request and performs an authentication process.
  • the UE does not hold security information in the NW that allows establishment of an unauthenticated IMS emergency call, the UE cannot perform authentication.
  • the UE transmits an authentication failure response (Authentication Failure) to the NW.
  • the NW uses the existing security context or once uses the existing security context but then disables the security, establishes an IMS emergency call and sends a message for IMS non-emergency call disconnection.
  • the NW transmits an authentication request (Authentication And Ciphering Request).
  • the UE receives the authentication request and performs an authentication process. Similarly to the operation 1, when the authentication fails, the UE transmits an authentication failure response (Authentication Failure) to the NW.
  • the UE After the retransmission wait timer of the authentication request (Authentication And Ciphering Request) started at the time of transmitting the authentication failure response expires, the UE transmits an IMS non-emergency call disconnect message established by the normal service while using the existing security context .
  • the NW transmits an IMS emergency call establishment message.
  • the authentication failure reason notified by the UE to the NW includes #Synch failure, #MAC failure, and #Authentication unacceptable.
  • an authentication-related message including an existing security context is transmitted and received between the UE and the NW when an IMS emergency call is established.
  • the NW side in the case where an authentication failure is detected in the UE, the NW side, for example, operates to maintain the Security context before the authentication procedure.
  • This rule is that on the NW side, the same Security context continues to be shared between two different NWs: “NW when UE registers location in Normal service” and “NW when UE tries to establish emergency call” Means that. Therefore, there is a problem that it cannot be said that it is a safe operation from the viewpoint of security to keep sharing the same Security context between two different NWs.
  • an object of the present invention is to provide an emergency call establishment system, a communication device, an emergency call establishment method, and a program that can execute a safe operation from the viewpoint of security.
  • the emergency call establishment system includes the communication device in a state where a non-emergency call is established between the communication device and the first network device arranged in the first network.
  • An emergency call establishment system for establishing an emergency call with a second network device arranged in a second network, wherein the second network device responds to an emergency call connection request notified from the communication device.
  • the communication device notifies the communication device of a message in which an emergency call indicator that prompts the communication device to execute emergency call establishment processing is set regardless of the authentication result of the communication device, and the communication device transmits the emergency call indicator. Is received, the security information defined between the first network device and the second network device is invalidated. It is intended to perform the emergency call establishment process.
  • the communication device is arranged in the second network in a state where a non-emergency call is established with the first network device arranged in the first network.
  • a data receiving unit that receives an emergency call indicator from the second network device when an emergency call is established with the second network device; and the first network device that receives the emergency call indicator,
  • a security information control unit that invalidates the security information defined between the two network devices and performs an emergency call establishment process with the second network device.
  • the emergency call establishment method is arranged in the second network in a state where a non-emergency call is established with the first network device arranged in the first network.
  • an emergency call is established with the second network device, an emergency call indicator is received from the second network device, and when the emergency call indicator is received, The security information defined between the two is invalidated, and an emergency call establishment process is performed with the second network device.
  • the program according to the fourth aspect of the present invention is a second program arranged in the second network in a state where a non-emergency call is established with the first network device arranged in the first network.
  • an emergency call establishment system it is possible to provide an emergency call establishment system, a communication device, an emergency call establishment method, and a program that can execute a safe operation from the viewpoint of security.
  • FIG. 1 is a configuration diagram of an emergency call establishment system according to a first exemplary embodiment.
  • 1 is a configuration diagram of a communication apparatus according to a first embodiment. It is a figure which shows the flow of the emergency call establishment process between UE and MME concerning Embodiment 1.
  • FIG. It is a figure which shows the flow of the emergency call establishment process in UE concerning Embodiment 1.
  • FIG. It is a figure which shows the flow of the emergency call establishment process between UE and SGSN concerning Embodiment 2.
  • the network constituting the emergency call establishment system includes a communication device 10, a network device 21, and a network device 31.
  • the network device 21 is a device arranged in the network 20
  • the network device 31 is a device arranged in the network 30.
  • the communication device 10 may be a terminal compatible with 3GPP LTE (Long Term Evolution) or a terminal capable of transmitting an IMS emergency call in a 3G system. Furthermore, the communication device 10 may be a mobile phone terminal, a tablet terminal, a smartphone terminal, a personal computer, or the like that incorporates an LTE communication modem (or 3G communication modem).
  • 3GPP LTE Long Term Evolution
  • 3G communication modem 3G communication modem
  • the network devices 21 and 31 may be devices that perform call processing control such as MME or SGSN defined in 3GPP. Data is transmitted between the communication device 10 and the network device 21 and between the communication device 10 and the network device 31 using wireless communication.
  • An emergency call is a communication call used for communication with the police or a fire department or the like that needs to have a higher priority than general communication.
  • a non-emergency call is a communication call other than an emergency call, and may be a communication call used for voice data transmitted between general mobile phone terminals, for example.
  • establishing a non-emergency call or an emergency call may be setting a communication bearer indicating a communication path between the communication device 10 and the network device 21 or between the communication device 10 and the network device 31.
  • the communication device 10 is in a state where a contract is made with a telecommunications carrier of the network 20 that does not support emergency calls, and communication is normally performed via the network 20. In such a state, when the communication device 10 needs to perform emergency communication, the above situation can occur.
  • the network device 31 receives an emergency call establishment request message requesting establishment of an emergency call from the communication device 10.
  • the network device 31 does not depend on whether or not the communication device 10 is permitted to connect to the network 30, that is, according to the authentication result of the communication device 10.
  • a forced emergency call indicator that prompts the communication device 10 to execute emergency call establishment processing is notified.
  • the communication device 10 invalidates the security information determined with the network device 21.
  • the security information may be authentication information used for determining whether or not the communication device 10 is connectable in the network device 21 or encryption information used between the communication device 10 and the network device 21.
  • the security information is referred to as Security context in the 3GPP technical specifications.
  • the Security context used in the E-UTRAN network is an eKSI key identification ID, a Kasme key and a set of keys based thereon, an EIA algorithm, an EEA algorithm, a UL NAS COUNT, and a DL NAS COUNT.
  • Security context used in the UTRAN network is KSI key identification ID, CK / IK key, UIA algorithm, UEA algorithm, UL COUNT and DL COUNT.
  • the key identification ID, key, and algorithm are static parameters, and UL / DL / NAC COUNT and UL / DL COUNT are dynamic parameters that are incremented by 1 each time a UL / DL message is transmitted.
  • the communication device 10 invalidates the security information determined with the network device 21 and then performs an emergency call establishment process with the network device 31.
  • the emergency call establishment process is, for example, setting a communication bearer used in emergency communication for urgently contacting the police or the fire department.
  • the communication device 10 receives a forced emergency call indicator from the network device 31 when establishing an emergency call. Since the communication device 10 can invalidate the security information determined with the network device 21 based on the compulsory emergency call indicator, the communication device 10 communicates with the network device 21 in establishing an emergency call with the network device 31. Security information determined between the two will not be used. As a result, it is possible to prevent security information in the network 20 from being used in the network 30.
  • the communication device 10 includes a data communication unit 11, a security information control unit 12, a bearer control unit 13, a location registration state management unit 14, and a security information storage unit 15.
  • the data communication unit 11 transmits / receives data to / from the network device 21 or the network device 31. For example, in a state where a non-emergency call is established between the communication device 10 and the network device 21, the communication device 10 transmits an emergency call establishment request message to the network device 31 via the data communication unit 11. . In addition, the communication device 10 receives the forced emergency call indicator transmitted from the network device 31 via the data communication unit 11. The data communication unit 11 outputs the forced emergency call indicator received from the network device 31 to the security information control unit 12, the bearer control unit 13, and the location registration state management unit 14.
  • the security information control unit 12 When the security information control unit 12 receives the compulsory emergency call indicator, the security information control unit 12 invalidates the security information stored in the security information storage unit 15. For example, the security information control unit 12 may delete the security information stored in the security information storage unit 15 or set an invalid flag in the security information.
  • the security information storage unit 15 includes an encryption algorithm used for encrypting data transmitted and received between the communication device 10 and the network device 21 as security information or Security context, and the communication device 10 and the network device 21. You may store the count value etc. which counted the number of data transmitted / received between.
  • the bearer control unit 13 sets a communication bearer with the network device 21 or the network device 31. Alternatively, the bearer control unit 13 deletes the communication bearer set with the network device 21 or the network device 31.
  • the communication bearer and the communication call have the same meaning.
  • the bearer control unit 13 executes an emergency call establishment process with the network device 31 that has transmitted the forced emergency call indicator. Further, when receiving the forced emergency call indicator from the data communication unit 11, the bearer control unit 13 executes a process of deleting a non-emergency call that has already been set up with the network device 21.
  • the location registration status management unit 14 manages the location registration status of the communication device 10.
  • the location registration state is a state in which location registration is performed with the network device 21 in order to establish a non-emergency call, or a location registration in the network device 31 in order to establish an emergency call.
  • the location registration state management unit 14 performs network registration from the state where the location registration is performed in the network device 21 in order to perform emergency call establishment processing with the network device 31. Transition to a state in which location registration is performed in the device 31.
  • the UE and the MME 32 are devices constituting a network specified in 3GPP.
  • the MME 32 is a device that constitutes a core network (EPC) defined in 3GPP.
  • EPC is a network that accommodates LTE, which is a radio access network defined in 3GPP.
  • the MME 32 is a device that performs UE mobility management, authentication, setting of a communication bearer (communication call) with the UE, and the like. Further, an emergency call established between the UE and the MME 32 will be described as an IMS emergency call, and a non-emergency call established between the UE and the network device 21 will be described as an IMS non-emergency call.
  • the UE enters a state where an IMS non-emergency call is established with a network different from the network 30 where the MME 32 is arranged, that is, the network device 21 of the network 20 (S101).
  • MME or SGSN may be used for the network device 21.
  • Establishing an IMS non-emergency call and performing data communication may be referred to as Normal Service.
  • the UE transmits a PDN CONNECTIVITY REQUEST (emergency) message to the MME 32 in order to establish an IMS emergency call (S102).
  • the MME 32 transmits an AUTHENTICATION REQUEST message to the UE (S103).
  • the AUTHENTICATION REQUEST message may include authentication information used for authentication processing in the UE.
  • the authentication information may be, for example, a challenge message used for generating response data in the UE or information on an encryption algorithm.
  • the UE executes an authentication process using the authentication information transmitted from the MME 32 (S104).
  • the UE transmits an authentication failure response (AUTHENTICATION FAILURE) message to the MME 32.
  • the UE is normally allowed to access the network 20 but is not allowed to access the network 30. Therefore, when the UE performs an authentication process based on the AUTHENTICATIONICREQUEST message transmitted in step S103, the authentication fails.
  • the MME 32 transmits an ACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST message to the UE in order to establish an IMS emergency call even when the authentication between the UE and the MME32 fails (S105).
  • the ACTIVATE-DEFAULT-EPS-BEARER-CONTEXT-REQUEST message contains a forced emergency call indicator.
  • the forced emergency call indicator is an identifier used to prompt the UE to perform a process of forcibly establishing an IMS emergency call between the UE and the MME 32 even when authentication between the UE and the MME 32 fails. .
  • the UE when receiving the forced emergency call indicator, the UE performs an emergency call establishment process and transmits an ACTIVATEACTDEFAULT EPS BEARER CONTEXT ACCEPT message to the MME 32 (S106).
  • an IMS emergency call is established by transmitting / receiving an ACTIVATEIVDEFAULT EPS BEARER CONTEXT REQUEST / ACCEPT message between the UE and the MME 32 (S107).
  • an EPS bearer context used for emergency communication is established between the UE and the MME 32. Establishing an emergency call and performing emergency communication may be referred to as Emergency Service.
  • the UE receives an ACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST message from the MME 32 (S201).
  • the data communication unit 11 included in the UE determines whether or not a forced emergency call indicator is included in the ACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST message (S202).
  • the security information control unit 12 receives the forced emergency call indicator output from the data communication unit 11.
  • the security information control unit 12 invalidates the security information used with the network in which the IMS non-emergency call has been established, that is, the network device 21 (S203). In other words, when the security information control unit 12 receives the compulsory emergency call indicator, the security information control unit 12 invalidates the Security context used with the network device 21.
  • the bearer control unit 13 when receiving the forced emergency call indicator, the bearer control unit 13 establishes an IMS emergency call with the MME 32 (S204). For example, the UE sends an ACTIVATE DEFAULT EPS BEARER CONTEXT ACCEPT message to the MME. Next, the bearer control unit 13 disconnects the IMS non-emergency call established with the network device 21 (S205). For example, an IMS non-emergency call may be established using EPS bearer context or PDP context.
  • the location registration state management unit 14 transitions from the state registered in the Normal service to the state registered in the Emergency service (S206).
  • step S202 if it is determined by the data communication unit 11 that the ACTIVATE DEFAULT EPS EPSEARER CONTEXT REQUEST message does not include a forced emergency call indicator, the process ends.
  • the data communication unit 11 may transmit a message indicating that DEFAULT / EPS / BEARER / CONTEXT cannot be set as a response signal to the ACTIVATE / DEFAULT / EPS / BEARER / CONTEXT / REQUEST message.
  • the MME 32 executes an emergency call establishment process in the same manner as the UE. For example, the MME 32 establishes an EPS bearer context that is used for emergency communication with the UE.
  • the UE can obtain the following effects by receiving the forced emergency call indicator from the MME 32.
  • the UE Upon receiving the forced emergency call indicator, the UE invalidates the security information or Security context established with the network that has established the IMS non-emergency call. For this reason, the UE does not use security information or Security context determined with the network that has established the IMS non-emergency call with the network that establishes the IMS emergency call. As a result, it is possible to eliminate the state in which the security information or Security context is shared in two different networks.
  • the DEREGISTERED state that occurs when the UE has not established a bearer with any network by performing a process to disconnect the IMS non-emergency call after receiving the forced emergency call indicator and establishing the IMS emergency call. Can be prevented.
  • An NW that allows establishment of an unauthenticated IMS emergency call is required to be in a state where an IMS non-emergency call is being authenticated by a different NW. Therefore, by preventing the DEREGISTERED state from being entered, the UE can establish an emergency call in the NW that allows the establishment of an unauthenticated IMS emergency call.
  • the UE does not know when the IMS non-emergency call disconnection is executed after the emergency call is established. It is necessary to maintain a state of waiting for a message prompting execution of disconnection of the IMS non-emergency call. Such a situation makes software design at the UE difficult. Therefore, a message prompting the disconnection of the IMS non-emergency call that is output asynchronously is established by setting the processing to disconnect the IMS non-emergency call after the UE receives the forced emergency call indicator and establishes the IMS emergency call. There is no need to wait and software design is simplified.
  • the IMS non-emergency call disconnection process is executed by receiving the forced emergency call indicator as a trigger, so that the IMS non-emergency call is disconnected. Since there is no need to use messages such as / Accept or Deactivate PDP Context Request / Accept, the increase in signaling amount can be eliminated.
  • EIA0 Null integrity protection
  • EEA0 No ciphering
  • FIG. 5 the flow of processing in which the communication apparatus 10 establishes an emergency call to the network apparatus 31 arranged in the UTRAN network will be described.
  • a description will be given using the UE as the communication device 10 and an SGSN 33 as the network device 31.
  • the UE and SGSN 33 are devices constituting a network defined in 3GPP.
  • the SGSN 33 is a device constituting a core network that accommodates a radio access network using a W-CDMA radio access scheme defined in 3GPP.
  • the SGSN 33 is a device that performs UE mobility management, authentication, setting of a communication bearer with the UE, and the like. Further, an emergency call established between the UE and the SGSN 33 will be described below as an IMS emergency call, and a non-emergency call established between the UE and the network device 21 will be described as an IMS non-emergency call.
  • the UE establishes an IMS non-emergency call with a network different from the network 30 in which the SGSN 33 is arranged, that is, the network device 21 of the network 20 (S301).
  • MME or SGSN may be used for the network device 21.
  • Establishing an IMS non-emergency call and performing data communication may be referred to as Normal Service.
  • the UE transmits an ACTIVATE PDP CONTEXT REQUEST (emergency) message to the SGSN 33 in order to establish an IMS emergency call (S302).
  • the SGSN 33 transmits an AUTHENTICATION REQUEST message to the UE (S303).
  • the AUTHENTICATION REQUEST message may include authentication information used for authentication processing in the UE.
  • the authentication information may be, for example, a challenge message used for generating response data in the UE or information on an encryption algorithm.
  • the UE executes an authentication process using the authentication information transmitted from the SGSN 33 (S304).
  • the UE transmits an authentication failure response (AUTHENTICATION ⁇ ⁇ ⁇ ⁇ ⁇ FAILURE) message to the SGSN 33.
  • the SGSN 33 transmits an ACTIVATE PDP CONTEXT ACCEPT message to the UE in order to establish an IMS emergency call even when the authentication between the UE and the SGSN 33 fails (S305).
  • the ACTIVATE PDP CONTEXT ACCEPT message contains a forced emergency call indicator.
  • the forced emergency call indicator is an identifier used to prompt the UE to perform a process of forcibly establishing an IMS emergency call between the UE and the SGSN 33 even when authentication between the UE and the SGSN 33 fails. .
  • the UE when receiving the forced emergency call indicator, the UE performs an emergency call establishment process, and an IMS emergency child is established between the UE and the SGSN 33 (S306). Since the emergency call establishment process in the UE is the same as the process described in FIG. 4, detailed description thereof is omitted.
  • the forced emergency call indicator is set in the IMS emergency call establishment message (ACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST or ACTIVATE PDP CONTEXT ACCEPT). Forced emergency call indicators may be set for different messages. In other words, after the UE registered for location in Normal service notifies the NW of the intention to establish an IMS emergency call, the NW assigns a forced emergency call indicator to the location registration message or Session Management message of DownLink (DL) May be.
  • DL DownLink
  • the DL location registration message corresponds to Tracking Area Update Accept when in the E-UTRAN network coverage area, and Routing Area Updating Acceptance when in the UTRAN network coverage area (PS domain).
  • the DL Session Management message corresponds to Modify EPS Bearer Context Request if the E-UTRAN network is located, and Request PDP Context Activation if the UTRAN network is located (PS domain).
  • the timing at which the UE registered in the location of Normal service notifies the NW of the intention to establish an IMS emergency call may be when RRC connection is established, that is, when RRC Connection Request is transmitted or when ATTACH REAUEST is transmitted. Good.
  • the hardware configuration has been described.
  • the present invention is not limited to this, and the emergency call establishment process in the UE is realized by causing a CPU (Central Processing Unit) to execute a computer program.
  • the computer program can be stored and supplied to a computer using various types of non-transitory computer readable media.
  • Non-transitory computer readable media include various types of tangible storage media (tangible storage medium).
  • non-transitory computer-readable media examples include magnetic recording media (eg flexible disks, magnetic tapes, hard disk drives), magneto-optical recording media (eg magneto-optical discs), CD-ROMs (Read Only Memory), CD-Rs, CD-R / W, semiconductor memory (for example, mask ROM, PROM (Programmable ROM), EPROM (Erasable ROM), flash ROM, RAM (random access memory)) are included.
  • the program may also be supplied to the computer by various types of temporary computer-readable media. Examples of transitory computer readable media include electrical signals, optical signals, and electromagnetic waves.
  • the temporary computer-readable medium can supply the program to the computer via a wired communication path such as an electric wire and an optical fiber, or a wireless communication path.
  • Appendix 4 The emergency communication according to appendix 3, wherein when the communication device receives the message in which the emergency call indicator is set, the communication device disconnects the non-emergency call without receiving a disconnection instruction signal instructing disconnection of the non-emergency call. Call establishment system.
  • a communication apparatus comprising: a security information control unit that performs an emergency call establishment process with the second network apparatus.
  • the bearer control unit when receiving the message in which the emergency call indicator is set, disconnects the non-emergency call without receiving a disconnection instruction signal instructing disconnection of the non-emergency call. Communication device.
  • appendix 10 The communication device according to appendix 8 or 9, further comprising a location registration state management unit that transitions to a state registered in an emergency service that communicates with the second network device when the non-emergency call is disconnected.

Abstract

The objective of the invention is to provide an emergency call establishment system, a communication apparatus, an emergency call establishment method and a program that enable an execution of an operation that is safe in light of security. An emergency call establishment system of the invention is to establish an emergency call between a communication apparatus (10) and a network apparatus (31) while a non-emergency call has been established between the communication apparatus (10) and a network apparatus (21). In response to an emergency call connection request transmitted from the communication apparatus (10), the network apparatus (31) transmits, regardless of a result of check of the authentication of the communication apparatus (10), a message, in which the network apparatus (31) has set an emergency call designator for urging the communication apparatus (10) to execute an emergency call establishment process, to the communication apparatus (10). Upon reception of the message in which the emergency call designator has been set, the communication apparatus (10) cancels security information specified between the communication apparatus (10) and the network apparatus (21), and performs the process of emergency call establishment between the communication apparatus (10) and the network apparatus (31).

Description

緊急呼確立システム、通信装置、緊急呼確立方法及び非一時的なコンピュータ可読媒体Emergency call establishment system, communication apparatus, emergency call establishment method, and non-transitory computer-readable medium
 本発明は緊急呼確立システム、通信装置、緊急呼確立方法及びプログラムに関し、特に非緊急呼を確立しているネットワークと異なるネットワークとの間において緊急呼を確立する緊急呼確立システム、通信装置、緊急呼確立方法及びプログラムに関する。 The present invention relates to an emergency call establishment system, a communication device, an emergency call establishment method, and a program, and more particularly to an emergency call establishment system, a communication device, and an emergency call that establish an emergency call between a network that establishes a non-emergency call and a different network. The present invention relates to a call establishment method and a program.
 3GPP(Third Generation Partnership Project)に規定される移動通信システムでは、各移動局UE(User Equipment)は、無線ネットワーク(E-UTRAN網ないしUTRAN網)のPacket SwitchedドメインにおいてIMS(IP Multimedia Subsystem)セッションを確立する。さらに、移動局UEは、無線ネットワークとの間において緊急呼もしくは非緊急呼の確立が可能である。3GPPにおいて、IMS非緊急呼は、"Normal service"と呼称されるサービスであり、IMS緊急呼は"Emergency service"と呼称されるサービスである。 In a mobile communication system defined by 3GPP (Third Generation Partnership Project), each mobile station UE (User Equipment) has an IMS (IP Multimedia Subsystem) session in the Packet Switched domain of the wireless network (E-UTRAN network or UTRAN network). Establish. Furthermore, the mobile station UE can establish an emergency call or a non-emergency call with the radio network. In 3GPP, an IMS non-emergency call is a service called “Normal service”, and an IMS emergency call is a service called “Emergency service”.
 非特許文献1には、IMS緊急呼確立時の認証として、2種類のUE及びNW(Network)間の動作が開示されている。一つは、"Authenticated IMS Emergency Sessions"(認証IMS緊急呼)の確立動作であり、もう一つは、"Unauthenticated IMS Emergency Sessions" (非認証IMS緊急呼)の確立動作である。 Non-Patent Document 1 discloses an operation between two types of UE and NW (Network) as authentication at the time of IMS emergency call establishment. One is an operation of establishing "Authenticated IMS IMS Emergency Sessions" (authentication IMS emergency call), and the other is an operation of establishing "Unauthenticated IMS IMS Emergency Sessions" (unauthenticated IMS emergency call).
 認証IMS緊急呼の確立動作は、Normal serviceに位置登録したUE、つまりNWから承認されたUEによるIMS緊急呼の確立である。認証IMS緊急呼の確立においては、Normal serviceの位置登録手順で確立したSecurity contextが利用される。一方、非認証IMS緊急呼の確立動作は、NWから認証されないUEにおけるIMS緊急呼の確立である。さらに、非認証IMS緊急呼の確立動作においては、NW側の設定ポリシによりUE及びNWは、以下の通り動作する。 The establishment operation of the authentication IMS emergency call is the establishment of an IMS emergency call by the UE registered in the location of the Normal service, that is, the UE approved by the NW. In establishing an authentication IMS emergency call, Security context established in the location registration procedure of Normal service is used. On the other hand, the operation for establishing an unauthenticated IMS emergency call is establishment of an IMS emergency call in a UE that is not authenticated by the NW. Further, in the operation of establishing an unauthenticated IMS emergency call, the UE and NW operate as follows according to the setting policy on the NW side.
 [NWポリシが"Unauthenticated IMS Emergency Sessions"(非認証IMS緊急呼の確立)を許容する場合]
 Unauthenticated IMS Emergency Sessionsを許容するポリシを持つNWは、非特許文献1に"security procedure not applied"として規定される状況において、UEの認証を行わないでIMS緊急呼の確立を行う。"security procedure not applied"の状況とは、USIM(User Subscriber Identity Module)が装着されない状況、NW側で認証ベクタを保有していない状況、ローミング同意がない状況もしくはIMSI(International Mobile Subscriber Identity)の使用が禁止されている状況等である。つまり、"security procedure not applied"の状況とは、NW側でそのUSIMがLimited Service Modeであると判断した状況あるいはその他の理由でUSIM認証を失敗した状況である。 [If the NW policy allows "Unauthenticated IMS Emergency Sessions"]
The NW having a policy that allows Unauthenticated IMS Emergency Sessions establishes an IMS emergency call without authenticating the UE in a situation defined as “security procedure not applied” in Non-Patent Document 1. The status of "security procedure not applied" refers to the situation where USIM (User Subscriber Identity Module) is not installed, the authentication vector is not held on the NW side, the roaming agreement is not used, or IMSI (International Mobile Subscriber Identity) is used Is a situation where is prohibited. That is, the status of “security procedure not applied” is a status in which the USW has determined that the USIM is in the Limited Service Mode, or a status in which USIM authentication has failed for other reasons.
 [NWポリシが"Unauthenticated IMS Emergency Sessions" (非認証IMS緊急呼の確立)を許容しない場合]
 このポリシを持つNWは、非特許文献1に"security procedure not applied"として規定される状況においても、UEの認証を必須とする。その為、NWは、"security procedure not applied"の状況において認証が失敗するとIMS緊急呼の確立を拒否する。 [If NW policy does not allow "Unauthenticated IMS Emergency Sessions"]
The NW having this policy makes it necessary to authenticate the UE even in the situation defined as “security procedure not applied” in Non-Patent Document 1. Therefore, the NW rejects establishment of an IMS emergency call if authentication fails in the situation of “security procedure not applied”.
 ここで、Normal serviceに位置登録したUEが、非認証IMS緊急呼の確立を許容するNWに接続を試み、NW/UE間で認証が失敗した時の動作について説明する。IMS緊急呼の確立は、緊急な利用目的である。そのため、UE及びNWは、認証を失敗しても失敗とみなさずにIMS緊急呼の確立を行う。その具体的な動作は以下動作1又は動作2のいずれかである。 Here, the operation when the UE whose location is registered in the Normal service attempts to connect to an NW that allows establishment of an unauthenticated IMS emergency call and authentication fails between the NW / UE will be described. The establishment of an IMS emergency call is an urgent usage purpose. For this reason, the UE and NW establish an IMS emergency call without considering the failure even if the authentication fails. The specific operation is either operation 1 or operation 2 below.
 (動作1)
 NWは、認証要求(Authentication And Ciphering Request)を送信する。UEは、認証要求を受信し、認証処理を行う。しかし、UEは、非認証IMS緊急呼の確立を許容するNWにおけるセキュリティ情報を保持していないため、認証を行うことができない。ここで、UEは、認証が失敗すると認証失敗応答(Authentication Failure)をNWへ送信する。その後、NWは、既存のSecurity contextを使用するか、または、一旦は既存のSecurity contextを使用するもののその後Securityを無効化し、IMS緊急呼を確立し及びIMS非緊急呼切断のメッセージを送信する。 (Operation 1)
The NW transmits an authentication request (Authentication And Ciphering Request). The UE receives the authentication request and performs an authentication process. However, since the UE does not hold security information in the NW that allows establishment of an unauthenticated IMS emergency call, the UE cannot perform authentication. Here, if the authentication fails, the UE transmits an authentication failure response (Authentication Failure) to the NW. Thereafter, the NW uses the existing security context or once uses the existing security context but then disables the security, establishes an IMS emergency call and sends a message for IMS non-emergency call disconnection.
 (動作2)
 NWは、認証要求(Authentication And Ciphering Request)を送信する。UEは、認証要求を受信し、認証処理を行う。UEは、動作1と同様に、認証が失敗すると認証失敗応答(Authentication Failure)をNWへ送信する。UEは、認証失敗応答送信時に起動した認証要求(Authentication And Ciphering Request)の再送待ちタイマが満了した後、既存Security contextを使用した状態でNormal serviceで確立したIMS非緊急呼切断のメッセージを送信する。また、NWはIMS緊急呼確立のメッセージを送信する。 (Operation 2)
The NW transmits an authentication request (Authentication And Ciphering Request). The UE receives the authentication request and performs an authentication process. Similarly to the operation 1, when the authentication fails, the UE transmits an authentication failure response (Authentication Failure) to the NW. After the retransmission wait timer of the authentication request (Authentication And Ciphering Request) started at the time of transmitting the authentication failure response expires, the UE transmits an IMS non-emergency call disconnect message established by the normal service while using the existing security context . In addition, the NW transmits an IMS emergency call establishment message.
 動作1及び動作2において、UEがNWに通知する認証失敗理由には、#Synch failure、#MAC failure及び#Authentication unacceptable等が含まれる。 In the operation 1 and operation 2, the authentication failure reason notified by the UE to the NW includes #Synch failure, #MAC failure, and #Authentication unacceptable.
 このように、NWが認証を要求しUE側で認証失敗を検出するケースにおいては、IMS緊急呼確立時に、UEとNWとの間において既存のSecurity contextを含む認証関連のメッセージが送受信される。 As described above, in the case where the NW requests authentication and the authentication failure is detected on the UE side, an authentication-related message including an existing security context is transmitted and received between the UE and the NW when an IMS emergency call is established.
 現行の3GPPの技術仕様書には、UEにおいて認証失敗を検出するケースにおいてNW側は、例えば認証手順前のSecurity contextを維持し続けるという動作が規定されている。この規定は、NW側において「UEがNormal serviceに位置登録した時のNW」と、「UEが緊急呼を確立しようとしている時のNW」という異なる2つのNW間において同じSecurity contextを共有し続けることを意味する。そのため、異なる2つのNW間において同じSecurity context を共有し続けることは、Security観点から安全な動作とは言えないという問題がある。 In the current 3GPP technical specifications, in the case where an authentication failure is detected in the UE, the NW side, for example, operates to maintain the Security context before the authentication procedure. This rule is that on the NW side, the same Security context continues to be shared between two different NWs: “NW when UE registers location in Normal service” and “NW when UE tries to establish emergency call” Means that. Therefore, there is a problem that it cannot be said that it is a safe operation from the viewpoint of security to keep sharing the same Security context between two different NWs.
 本発明はこのような問題を解決するために、Security観点から安全な動作を実行することができる緊急呼確立システム、通信装置、緊急呼確立方法及びプログラムを提供することを目的とする。 In order to solve such problems, an object of the present invention is to provide an emergency call establishment system, a communication device, an emergency call establishment method, and a program that can execute a safe operation from the viewpoint of security.
 本発明の第1の態様にかかる緊急呼確立システムは、通信装置と第1のネットワークに配置される第1のネットワーク装置との間において非緊急呼を確立している状態において、前記通信装置と第2のネットワークに配置される第2のネットワーク装置との間に緊急呼を確立する緊急呼確立システムであって、前記第2のネットワーク装置は、前記通信装置から通知される緊急呼接続要求に対して、前記通信装置の認証結果に依らず前記通信装置へ緊急呼確立処理の実行を促す緊急呼指示子を設定したメッセージを前記通信装置へ通知し、前記通信装置は、前記緊急呼指示子が設定されたメッセージを受信すると、前記第1のネットワーク装置との間において定められたセキュリティ情報を無効にして、前記第2のネットワーク装置との間に緊急呼確立処理を行うものである。 The emergency call establishment system according to the first aspect of the present invention includes the communication device in a state where a non-emergency call is established between the communication device and the first network device arranged in the first network. An emergency call establishment system for establishing an emergency call with a second network device arranged in a second network, wherein the second network device responds to an emergency call connection request notified from the communication device. On the other hand, the communication device notifies the communication device of a message in which an emergency call indicator that prompts the communication device to execute emergency call establishment processing is set regardless of the authentication result of the communication device, and the communication device transmits the emergency call indicator. Is received, the security information defined between the first network device and the second network device is invalidated. It is intended to perform the emergency call establishment process.
 本発明の第2の態様にかかる通信装置は、第1のネットワークに配置される第1のネットワーク装置との間において非緊急呼を確立している状態において、第2のネットワークに配置される第2のネットワーク装置との間に緊急呼を確立する際に、前記第2のネットワーク装置から緊急呼指示子を受信するデータ受信部と、前記緊急呼指示子を受信すると前記第1のネットワーク装置との間において定められたセキュリティ情報を無効にして、前記第2のネットワーク装置との間に緊急呼確立処理を行うセキュリティ情報制御部と、を備えるものである。 The communication device according to the second aspect of the present invention is arranged in the second network in a state where a non-emergency call is established with the first network device arranged in the first network. A data receiving unit that receives an emergency call indicator from the second network device when an emergency call is established with the second network device; and the first network device that receives the emergency call indicator, A security information control unit that invalidates the security information defined between the two network devices and performs an emergency call establishment process with the second network device.
 本発明の第3の態様にかかる緊急呼確立方法は、第1のネットワークに配置される第1のネットワーク装置との間において非緊急呼を確立している状態において、第2のネットワークに配置される第2のネットワーク装置との間に緊急呼を確立する際に、前記第2のネットワーク装置から緊急呼指示子を受信し、前記緊急呼指示子を受信すると、前記第1のネットワーク装置との間において定められたセキュリティ情報を無効にし、前記第2のネットワーク装置との間に緊急呼確立処理を行うものである。 The emergency call establishment method according to the third aspect of the present invention is arranged in the second network in a state where a non-emergency call is established with the first network device arranged in the first network. When an emergency call is established with the second network device, an emergency call indicator is received from the second network device, and when the emergency call indicator is received, The security information defined between the two is invalidated, and an emergency call establishment process is performed with the second network device.
 本発明の第4の態様にかかるプログラムは、第1のネットワークに配置される第1のネットワーク装置との間において非緊急呼を確立している状態において、第2のネットワークに配置される第2のネットワーク装置との間に緊急呼を確立する際に、前記第2のネットワーク装置から緊急呼指示子を受信するステップと、前記緊急呼指示子を受信すると、前記第1のネットワーク装置との間において定められたセキュリティ情報を無効にするステップと、前記第2のネットワーク装置との間に緊急呼確立処理を行うステップ、とをコンピュータに実行させるものである。 The program according to the fourth aspect of the present invention is a second program arranged in the second network in a state where a non-emergency call is established with the first network device arranged in the first network. Receiving an emergency call indicator from the second network device when establishing an emergency call with the other network device, and receiving the emergency call indicator between the network device and the first network device. And making the computer execute the step of invalidating the security information defined in step 1 and the step of performing an emergency call establishment process with the second network device.
 本発明により、Security観点から安全な動作を実行することができる緊急呼確立システム、通信装置、緊急呼確立方法及びプログラムを提供することができる。 According to the present invention, it is possible to provide an emergency call establishment system, a communication device, an emergency call establishment method, and a program that can execute a safe operation from the viewpoint of security.
実施の形態1にかかる緊急呼確立システムの構成図である。1 is a configuration diagram of an emergency call establishment system according to a first exemplary embodiment. 実施の形態1にかかる通信装置の構成図である。1 is a configuration diagram of a communication apparatus according to a first embodiment. 実施の形態1にかかるUE及びMME間における緊急呼確立処理の流れを示す図である。It is a figure which shows the flow of the emergency call establishment process between UE and MME concerning Embodiment 1. FIG. 実施の形態1にかかるUEにおける緊急呼確立処理の流れを示す図である。It is a figure which shows the flow of the emergency call establishment process in UE concerning Embodiment 1. FIG. 実施の形態2にかかるUE及びSGSN間における緊急呼確立処理の流れを示す図である。It is a figure which shows the flow of the emergency call establishment process between UE and SGSN concerning Embodiment 2. FIG.
 (実施の形態1)
 以下、図面を参照して本発明の実施の形態について説明する。はじめに、図1を用いて本発明の実施の形態1にかかる緊急呼確立システムのネットワーク構成について説明する。緊急呼確立システムを構成するネットワークは、通信装置10、ネットワーク装置21及びネットワーク装置31を有している。ネットワーク装置21は、ネットワーク20に配置されている装置であり、ネットワーク装置31は、ネットワーク30に配置されている装置である。 (Embodiment 1)
Embodiments of the present invention will be described below with reference to the drawings. First, the network configuration of the emergency call establishment system according to the first exemplary embodiment of the present invention will be described with reference to FIG. The network constituting the emergency call establishment system includes a communication device 10, a network device 21, and a network device 31. The network device 21 is a device arranged in the network 20, and the network device 31 is a device arranged in the network 30.
 通信装置10は、3GPPのLTE(Long Term Evolution)に対応する端末もしくは3GシステムにおいてIMS緊急呼を発信することができる端末であってもよい。さらに、通信装置10は、LTE通信モデム(もしくは3G通信モデム)を内蔵する携帯電話端末、タブレット端末、スマートフォン端末もしくはパーソナルコンピュータ等であってもよい。 The communication device 10 may be a terminal compatible with 3GPP LTE (Long Term Evolution) or a terminal capable of transmitting an IMS emergency call in a 3G system. Furthermore, the communication device 10 may be a mobile phone terminal, a tablet terminal, a smartphone terminal, a personal computer, or the like that incorporates an LTE communication modem (or 3G communication modem).
 ネットワーク装置21及び31は、3GPPにおいて規定されているMMEもしくはSGSN等の呼処理制御を行う装置であってもよい。通信装置10及びネットワーク装置21並びに通信装置10及びネットワーク装置31の間は、無線通信を用いてデータが伝送される。 The network devices 21 and 31 may be devices that perform call processing control such as MME or SGSN defined in 3GPP. Data is transmitted between the communication device 10 and the network device 21 and between the communication device 10 and the network device 31 using wireless communication.
 ここで、通信装置10は、ネットワーク装置21との間において非緊急呼を確立していることとする。緊急呼とは、警察もしくは消防等との通信であって一般の通信よりも優先度を高くする必要がある通信に用いられる通信呼である。非緊急呼とは、緊急呼以外の通信呼であり、例えば一般の携帯電話端末同士の間において伝送される音声データに用いられる通信呼であってもよい。さらに、非緊急呼もしくは緊急呼を確立するとは、通信装置10及びネットワーク装置21又は通信装置10及びネットワーク装置31の間における通信経路を示す通信ベアラを設定することであってもよい。 Here, it is assumed that the communication device 10 has established a non-emergency call with the network device 21. An emergency call is a communication call used for communication with the police or a fire department or the like that needs to have a higher priority than general communication. A non-emergency call is a communication call other than an emergency call, and may be a communication call used for voice data transmitted between general mobile phone terminals, for example. Furthermore, establishing a non-emergency call or an emergency call may be setting a communication bearer indicating a communication path between the communication device 10 and the network device 21 or between the communication device 10 and the network device 31.
 通信装置10がネットワーク装置21との間に非緊急呼を確立している状態において、通信装置10とネットワーク装置31との間に緊急呼を確立する場合の動作について説明する。このような状況は、例えば次のような状態に生じる。通信装置10は、緊急呼に対応していないネットワーク20の通信事業者と契約し、通常はネットワーク20を介して通信を行っている状態である。このような状態において、通信装置10が、緊急通信を行う必要が生じた場合に、上記の状況が起こりうる。 An operation when an emergency call is established between the communication device 10 and the network device 31 in a state where the communication device 10 has established a non-emergency call with the network device 21 will be described. Such a situation occurs in the following state, for example. The communication device 10 is in a state where a contract is made with a telecommunications carrier of the network 20 that does not support emergency calls, and communication is normally performed via the network 20. In such a state, when the communication device 10 needs to perform emergency communication, the above situation can occur.
 この場合、ネットワーク装置31は、通信装置10から緊急呼の確立を要求する緊急呼確立要求メッセージを受信する。緊急呼確立要求メッセージを受信すると、ネットワーク装置31は、通信装置10がネットワーク30に接続されることを許可されている装置であるか否かによらず、つまり、通信装置10の認証結果によらず通信装置10へ緊急呼確立処理の実行を促す強制緊急呼指示子を通知する。 In this case, the network device 31 receives an emergency call establishment request message requesting establishment of an emergency call from the communication device 10. When the emergency call establishment request message is received, the network device 31 does not depend on whether or not the communication device 10 is permitted to connect to the network 30, that is, according to the authentication result of the communication device 10. First, a forced emergency call indicator that prompts the communication device 10 to execute emergency call establishment processing is notified.
 通信装置10は、強制緊急呼指示子が通知された場合、ネットワーク装置21との間において定められたセキュリティ情報を無効とする。例えば、セキュリティ情報とは、ネットワーク装置21において通信装置10の接続可否の判定に用いられる認証情報もしくは通信装置10及びネットワーク装置21の間において用いられる暗号情報等であってもよい。また、セキュリティ情報は、3GPPの技術仕様書においてはSecurity contextと称される。 When the forced emergency call indicator is notified, the communication device 10 invalidates the security information determined with the network device 21. For example, the security information may be authentication information used for determining whether or not the communication device 10 is connectable in the network device 21 or encryption information used between the communication device 10 and the network device 21. The security information is referred to as Security context in the 3GPP technical specifications.
 さらに、Security contextの詳細について説明する。E-UTRAN網において用いられるSecurity contextは、eKSI鍵識別ID、Kasme鍵及びこれに基づく鍵一式、EIAアルゴリズム、EEAアルゴリズム、UL NAS COUNT及びDL NAS COUNTである。UTRAN網において用いられるSecurity contextは、KSI鍵識別ID、CK/IK鍵、UIAアルゴリズム、UEAアルゴリズム、UL COUNT及びDL COUNTである。鍵識別ID、鍵及びアルゴリズムは静的パラメータであり、UL/DL NAC COUNT及びUL/DL COUNTはUL/DLのメッセージ送信のたびに値が1ずつインクリメントされる動的パラメータである。 Furthermore, the details of Security context will be explained. The Security context used in the E-UTRAN network is an eKSI key identification ID, a Kasme key and a set of keys based thereon, an EIA algorithm, an EEA algorithm, a UL NAS COUNT, and a DL NAS COUNT. Security context used in the UTRAN network is KSI key identification ID, CK / IK key, UIA algorithm, UEA algorithm, UL COUNT and DL COUNT. The key identification ID, key, and algorithm are static parameters, and UL / DL / NAC COUNT and UL / DL COUNT are dynamic parameters that are incremented by 1 each time a UL / DL message is transmitted.
 通信装置10は、ネットワーク装置21との間において定められたセキュリティ情報を無効とした後に、ネットワーク装置31との間に緊急呼確立処理を行う。緊急呼確立処理は、例えば、警察もしくは消防に緊急に連絡を取る緊急通信において用いられる通信ベアラを設定することである。 The communication device 10 invalidates the security information determined with the network device 21 and then performs an emergency call establishment process with the network device 31. The emergency call establishment process is, for example, setting a communication bearer used in emergency communication for urgently contacting the police or the fire department.
 以上説明したように、図1にかかる緊急呼確立システムにおいては、通信装置10は、緊急呼を確立する際にネットワーク装置31から強制緊急呼指示子を受け取る。通信装置10は、強制緊急呼指示子に基づいてネットワーク装置21との間において定められたセキュリティ情報を無効とすることができるため、ネットワーク装置31との間の緊急呼確立においてネットワーク装置21との間において定められたセキュリティ情報を用いることがなくなる。これによって、ネットワーク20におけるセキュリティ情報がネットワーク30において用いられることを防止することができる。 As described above, in the emergency call establishment system according to FIG. 1, the communication device 10 receives a forced emergency call indicator from the network device 31 when establishing an emergency call. Since the communication device 10 can invalidate the security information determined with the network device 21 based on the compulsory emergency call indicator, the communication device 10 communicates with the network device 21 in establishing an emergency call with the network device 31. Security information determined between the two will not be used. As a result, it is possible to prevent security information in the network 20 from being used in the network 30.
 続いて、図2を用いて本発明の実施の形態1にかかる通信装置10の構成例について説明する。通信装置10は、データ通信部11、セキュリティ情報制御部12、ベアラ制御部13、位置登録状態管理部14及びセキュリティ情報格納部15を有している。 Subsequently, a configuration example of the communication apparatus 10 according to the first embodiment of the present invention will be described with reference to FIG. The communication device 10 includes a data communication unit 11, a security information control unit 12, a bearer control unit 13, a location registration state management unit 14, and a security information storage unit 15.
 データ通信部11は、ネットワーク装置21もしくはネットワーク装置31との間においてデータの送受信を行う。例えば、通信装置10とネットワーク装置21との間に非緊急呼が確立されている状態において、通信装置10は、データ通信部11を介してネットワーク装置31に対して緊急呼確立要求メッセージを送信する。また、通信装置10は、データ通信部11を介してネットワーク装置31から送信された強制緊急呼指示子を受信する。データ通信部11は、ネットワーク装置31から受信した強制緊急呼指示子をセキュリティ情報制御部12、ベアラ制御部13及び位置登録状態管理部14へ出力する。 The data communication unit 11 transmits / receives data to / from the network device 21 or the network device 31. For example, in a state where a non-emergency call is established between the communication device 10 and the network device 21, the communication device 10 transmits an emergency call establishment request message to the network device 31 via the data communication unit 11. . In addition, the communication device 10 receives the forced emergency call indicator transmitted from the network device 31 via the data communication unit 11. The data communication unit 11 outputs the forced emergency call indicator received from the network device 31 to the security information control unit 12, the bearer control unit 13, and the location registration state management unit 14.
 セキュリティ情報制御部12は、強制緊急呼指示子を受信すると、セキュリティ情報格納部15に格納されているセキュリティ情報を無効とする。例えば、セキュリティ情報制御部12は、セキュリティ情報格納部15に格納されているセキュリティ情報を削除するか、もしくは、セキュリティ情報に無効フラグを設定してもよい。例えば、セキュリティ情報格納部15は、セキュリティ情報もしくはSecurity contextとして通信装置10とネットワーク装置21との間において送受信するデータを暗号化するために用いる暗号化アルゴリズム、及び、通信装置10とネットワーク装置21との間において送受信されたデータ数をカウントしたカウント値等を格納してもよい。 When the security information control unit 12 receives the compulsory emergency call indicator, the security information control unit 12 invalidates the security information stored in the security information storage unit 15. For example, the security information control unit 12 may delete the security information stored in the security information storage unit 15 or set an invalid flag in the security information. For example, the security information storage unit 15 includes an encryption algorithm used for encrypting data transmitted and received between the communication device 10 and the network device 21 as security information or Security context, and the communication device 10 and the network device 21. You may store the count value etc. which counted the number of data transmitted / received between.
 ベアラ制御部13は、ネットワーク装置21もしくはネットワーク装置31との間に通信ベアラを設定する。または、ベアラ制御部13は、ネットワーク装置21もしくはネットワーク装置31との間に設定された通信ベアラを削除する。ここで、通信ベアラと通信呼とは同様の意味である。ベアラ制御部13は、データ通信部11から強制緊急呼指示子を受け取ると、強制緊急呼指示子を送信したネットワーク装置31との間において緊急呼確立処理を実行する。さらに、ベアラ制御部13は、データ通信部11から強制緊急呼指示子を受け取ると、ネットワーク装置21との間にすでに設定済みの非緊急呼の削除処理を実行する。 The bearer control unit 13 sets a communication bearer with the network device 21 or the network device 31. Alternatively, the bearer control unit 13 deletes the communication bearer set with the network device 21 or the network device 31. Here, the communication bearer and the communication call have the same meaning. When receiving the forced emergency call indicator from the data communication unit 11, the bearer control unit 13 executes an emergency call establishment process with the network device 31 that has transmitted the forced emergency call indicator. Further, when receiving the forced emergency call indicator from the data communication unit 11, the bearer control unit 13 executes a process of deleting a non-emergency call that has already been set up with the network device 21.
 位置登録状態管理部14は、通信装置10の位置登録状態を管理する。例えば、位置登録状態とは、非緊急呼を確立するためにネットワーク装置21に位置登録を行っている状態か、もしくは、緊急呼を確立するためにネットワーク装置31に位置登録を行っている状態かを管理する。ネットワーク装置31から強制緊急呼指示子を受け取った場合、ネットワーク装置31との間に緊急呼確立処理を行うため、位置登録状態管理部14は、ネットワーク装置21に位置登録を行っている状態からネットワーク装置31に位置登録を行っている状態へ遷移する。 The location registration status management unit 14 manages the location registration status of the communication device 10. For example, the location registration state is a state in which location registration is performed with the network device 21 in order to establish a non-emergency call, or a location registration in the network device 31 in order to establish an emergency call. Manage. When a forced emergency call indicator is received from the network device 31, the location registration state management unit 14 performs network registration from the state where the location registration is performed in the network device 21 in order to perform emergency call establishment processing with the network device 31. Transition to a state in which location registration is performed in the device 31.
 続いて、図3を用いて本発明の実施の形態1にかかる通信装置10とネットワーク装置31との間の緊急呼確立処理の流れについて説明する。図3においては、通信装置10が、E-UTRAN網に配置されるネットワーク装置31に対して緊急呼を確立する処理の流れを説明する。ここでは、通信装置10としてUEを用いて説明し、ネットワーク装置31としてMME32を用いて説明する。UE及びMME32は3GPPにおいて規定されているネットワークを構成する装置である。また、MME32は、3GPPに規定されているコアネットワーク(EPC)を構成する装置である。EPCは、3GPPに既定されている無線アクセスネットワークであるLTEを収容するネットワークである。MME32は、UEの移動管理、認証及びUEとの間の通信ベアラ(通信呼)の設定等を行う装置である。また、UEとMME32との間において確立される緊急呼をIMS緊急呼とし、UEとネットワーク装置21との間において確立される非緊急呼をIMS非緊急呼として、下記において説明する。 Subsequently, the flow of the emergency call establishment process between the communication device 10 and the network device 31 according to the first embodiment of the present invention will be described with reference to FIG. In FIG. 3, the flow of processing in which the communication device 10 establishes an emergency call to the network device 31 arranged in the E-UTRAN network will be described. Here, a description will be given using the UE as the communication device 10 and an MME 32 as the network device 31. The UE and the MME 32 are devices constituting a network specified in 3GPP. The MME 32 is a device that constitutes a core network (EPC) defined in 3GPP. EPC is a network that accommodates LTE, which is a radio access network defined in 3GPP. The MME 32 is a device that performs UE mobility management, authentication, setting of a communication bearer (communication call) with the UE, and the like. Further, an emergency call established between the UE and the MME 32 will be described as an IMS emergency call, and a non-emergency call established between the UE and the network device 21 will be described as an IMS non-emergency call.
 はじめに、UEは、MME32が配置されているネットワーク30とは異なるネットワーク、つまりネットワーク20のネットワーク装置21とIMS非緊急呼を確立している状態とする(S101)。ここで、ネットワーク装置21にはMMEもしくはSGSNが用いられてもよい。IMS非緊急呼を確立してデータ通信を行うことをNormal Serviceと称してもよい。 First, the UE enters a state where an IMS non-emergency call is established with a network different from the network 30 where the MME 32 is arranged, that is, the network device 21 of the network 20 (S101). Here, MME or SGSN may be used for the network device 21. Establishing an IMS non-emergency call and performing data communication may be referred to as Normal Service.
 次に、UEは、IMS緊急呼を確立するためにMME32へPDN CONNECTIVITY REQUEST(emergency)メッセージを送信する(S102)。次に、MME32は、UEへAUTHENTICATION REQUESTメッセージを送信する(S103)。AUTHENTICATION REQUESTメッセージには、UEにおける認証処理に用いられる認証情報が含まれてもよい。認証情報は、例えばUEにおいてレスポンスデータを生成するために用いられるチャレンジメッセージもしくは暗号化アルゴリズムに関する情報等であってもよい。 Next, the UE transmits a PDN CONNECTIVITY REQUEST (emergency) message to the MME 32 in order to establish an IMS emergency call (S102). Next, the MME 32 transmits an AUTHENTICATION REQUEST message to the UE (S103). The AUTHENTICATION REQUEST message may include authentication information used for authentication processing in the UE. The authentication information may be, for example, a challenge message used for generating response data in the UE or information on an encryption algorithm.
 次に、UEは、MME32から送信された認証情報を用いて認証処理を実行する(S104)。ここで、UEとMME32との間の認証が失敗した場合、UEは、MME32へ認証失敗応答(AUTHENTICATION FAILURE)メッセージを送信する。UEは、通常はネットワーク20へのアクセスは許可されているがネットワーク30へのアクセスは許可されていない。そのため、UEは、ステップS103において送信されるAUTHENTICATION REQUESTメッセージに基づく認証処理を行った場合、認証失敗となる。 Next, the UE executes an authentication process using the authentication information transmitted from the MME 32 (S104). Here, when the authentication between the UE and the MME 32 fails, the UE transmits an authentication failure response (AUTHENTICATION FAILURE) message to the MME 32. The UE is normally allowed to access the network 20 but is not allowed to access the network 30. Therefore, when the UE performs an authentication process based on the AUTHENTICATIONICREQUEST message transmitted in step S103, the authentication fails.
 次に、MME32は、UEとMME32との間の認証が失敗した場合においてもIMS緊急呼の確立を行うために、UEへACTIVATE DEFAULT EPS BEARER CONTEXT REQUESTメッセージを送信する(S105)。ACTIVATE DEFAULT EPS BEARER CONTEXT REQUESTメッセージは、強制緊急呼指示子を含む。強制緊急呼指示子は、UEとMME32との間において認証が失敗した場合においても、UEとMME32との間において強制的にIMS緊急呼を確立する処理をUEに促すために用いられる識別子である。 Next, the MME 32 transmits an ACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST message to the UE in order to establish an IMS emergency call even when the authentication between the UE and the MME32 fails (S105). The ACTIVATE-DEFAULT-EPS-BEARER-CONTEXT-REQUEST message contains a forced emergency call indicator. The forced emergency call indicator is an identifier used to prompt the UE to perform a process of forcibly establishing an IMS emergency call between the UE and the MME 32 even when authentication between the UE and the MME 32 fails. .
 次に、UEは、強制緊急呼指示子を受信すると、緊急呼確立処理を行いMME32へACTIVATE DEFAULT EPS BEARER CONTEXT ACCEPTメッセージを送信する(S106)。このように、UE及びMME32間においてACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST/ACCEPTメッセージが送受信されることにより、IMS緊急呼が確立される(S107)。言い換えると、UE及びMME32間において緊急通信用に用いられるEPS bearer contextが確立される。緊急呼を確立し、緊急通信を行うことをEmergency Serviceと称してもよい。 Next, when receiving the forced emergency call indicator, the UE performs an emergency call establishment process and transmits an ACTIVATEACTDEFAULT EPS BEARER CONTEXT ACCEPT message to the MME 32 (S106). Thus, an IMS emergency call is established by transmitting / receiving an ACTIVATEIVDEFAULT EPS BEARER CONTEXT REQUEST / ACCEPT message between the UE and the MME 32 (S107). In other words, an EPS bearer context used for emergency communication is established between the UE and the MME 32. Establishing an emergency call and performing emergency communication may be referred to as Emergency Service.
 続いて、図4を用いてUEにおける緊急呼確立処理の流れについて説明する。はじめに、UEは、MME32からACTIVATE DEFAULT EPS BEARER CONTEXT REQUESTメッセージを受信する(S201)。次に、UEに含まれるデータ通信部11は、ACTIVATE DEFAULT EPS BEARER CONTEXT REQUESTメッセージに強制緊急呼指示子が含まれているか否かを判定する(S202)。次に、データ通信部11において強制緊急呼指示子が含まれていると判定された場合、セキュリティ情報制御部12は、データ通信部11から出力される強制緊急呼指示子を受け取る。さらに、セキュリティ情報制御部12は、強制緊急呼指示子を受け取るとIMS非緊急呼を確立していたネットワーク、つまりネットワーク装置21との間において用いられていたセキュリティ情報を無効化する(S203)。言い換えると、セキュリティ情報制御部12は、強制緊急呼指示子を受け取るとネットワーク装置21との間において用いられていたSecurity contextを無効化する。 Subsequently, the flow of emergency call establishment processing in the UE will be described with reference to FIG. First, the UE receives an ACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST message from the MME 32 (S201). Next, the data communication unit 11 included in the UE determines whether or not a forced emergency call indicator is included in the ACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST message (S202). Next, when the data communication unit 11 determines that the forced emergency call indicator is included, the security information control unit 12 receives the forced emergency call indicator output from the data communication unit 11. Further, when receiving the forced emergency call indicator, the security information control unit 12 invalidates the security information used with the network in which the IMS non-emergency call has been established, that is, the network device 21 (S203). In other words, when the security information control unit 12 receives the compulsory emergency call indicator, the security information control unit 12 invalidates the Security context used with the network device 21.
 次に、ベアラ制御部13は、強制緊急呼指示子を受け取ると、MME32との間にIMS緊急呼の確立を行う(S204)。例えば、UEは、MMEに対してACTIVATE DEFAULT EPS BEARER CONTEXT ACCEPTメッセージを送信する。次に、ベアラ制御部13は、ネットワーク装置21との間で確立されているIMS非緊急呼を切断する(S205)。例えば、IMS非緊急呼は、EPS bearer contextもしくはPDP contextを用いて確立されていてもよい。 Next, when receiving the forced emergency call indicator, the bearer control unit 13 establishes an IMS emergency call with the MME 32 (S204). For example, the UE sends an ACTIVATE DEFAULT EPS BEARER CONTEXT ACCEPT message to the MME. Next, the bearer control unit 13 disconnects the IMS non-emergency call established with the network device 21 (S205). For example, an IMS non-emergency call may be established using EPS bearer context or PDP context.
 次に、位置登録状態管理部14は、強制緊急呼指示子を受け取ると、Normal serviceに位置登録した状態からEmergency serviceに位置登録した状態に遷移する(S206)。 Next, upon receiving the forced emergency call indicator, the location registration state management unit 14 transitions from the state registered in the Normal service to the state registered in the Emergency service (S206).
 ステップS202において、データ通信部11によってACTIVATE DEFAULT EPS BEARER CONTEXT REQUESTメッセージに強制緊急呼指示子が含まれていないと判定された場合、処理を終了する。もしくは、データ通信部11は、ACTIVATE DEFAULT EPS BEARER CONTEXT REQUESTメッセージに対する応答信号として、DEFAULT EPS BEARER CONTEXTを設定することができない旨のメッセージを送信してもよい。 In step S202, if it is determined by the data communication unit 11 that the ACTIVATE DEFAULT EPS EPSEARER CONTEXT REQUEST message does not include a forced emergency call indicator, the process ends. Alternatively, the data communication unit 11 may transmit a message indicating that DEFAULT / EPS / BEARER / CONTEXT cannot be set as a response signal to the ACTIVATE / DEFAULT / EPS / BEARER / CONTEXT / REQUEST message.
 また、MME32は、UEからACTIVATE DEFAULT EPS BEARER CONTEXT ACCEPTメッセージを受信すると、UEと同様に緊急呼確立処理を実行する。例えば、MME32は、UEとの間に緊急通信用に用いられるEPS bearer contextを確立する。 In addition, when the MME 32 receives an ACTIVATE DEFAULT EPS EPS BEARER CONTEXT ACCEPT message from the UE, the MME 32 executes an emergency call establishment process in the same manner as the UE. For example, the MME 32 establishes an EPS bearer context that is used for emergency communication with the UE.
 以上説明したように、UEは、MME32から強制緊急呼指示子を受け取ることにより次のような効果を得ることができる。 As described above, the UE can obtain the following effects by receiving the forced emergency call indicator from the MME 32.
 UEは、強制緊急呼指示子を受け取ることにより、IMS非緊急呼を確立していたネットワークとの間において定められたセキュリティ情報もしくはSecurity contextを無効化する。そのため、UEは、IMS緊急呼を確立するネットワークとの間において、IMS非緊急呼を確立していたネットワークとの間において定められたセキュリティ情報もしくはSecurity contextを用いることがなくなる。これにより、異なる2つのネットワークにおいて、セキュリティ情報もしくはSecurity contextを共有する状態を解消することができる。 Upon receiving the forced emergency call indicator, the UE invalidates the security information or Security context established with the network that has established the IMS non-emergency call. For this reason, the UE does not use security information or Security context determined with the network that has established the IMS non-emergency call with the network that establishes the IMS emergency call. As a result, it is possible to eliminate the state in which the security information or Security context is shared in two different networks.
 さらに、UEが強制緊急呼指示子を受け取りIMS緊急呼を確立した後にIMS非緊急呼を切断するように処理を行うことで、UEがいずれのネットワークともベアラを確立していない場合に生じるDEREGISTERED状態となることを防止することができる。非認証IMS緊急呼の確立を許容するNWにおいては、異なるNWにおいてIMS非緊急呼の認証を行っている状態であることが要求される。そのため、DEREGISTERED状態となることを防止することにより、UEは、非認証IMS緊急呼の確立を許容するNWにおいて緊急呼を確立することができる。 In addition, the DEREGISTERED state that occurs when the UE has not established a bearer with any network by performing a process to disconnect the IMS non-emergency call after receiving the forced emergency call indicator and establishing the IMS emergency call. Can be prevented. An NW that allows establishment of an unauthenticated IMS emergency call is required to be in a state where an IMS non-emergency call is being authenticated by a different NW. Therefore, by preventing the DEREGISTERED state from being entered, the UE can establish an emergency call in the NW that allows the establishment of an unauthenticated IMS emergency call.
 また、IMS緊急呼の確立とIMS非緊急呼の切断とが非同期に実行されると、例えばUEは、緊急呼の確立後にいつIMS非緊急呼の切断が実行されるかが不明であるため、IMS非緊急呼の切断の実行を促すメッセージを待つ状態を維持しなければならなくなる。このような状態は、UEにおけるソフトウェア設計を困難とする。そのため、UEが強制緊急呼指示子を受け取りIMS緊急呼を確立した後にIMS非緊急呼を切断するように処理を定めることにより、非同期に出力されるIMS非緊急呼の切断の実行を促すメッセージを待つ必要がなくなり、ソフトウェア設計が単純化される。 Also, if the IMS emergency call establishment and the IMS non-emergency call disconnection are executed asynchronously, for example, the UE does not know when the IMS non-emergency call disconnection is executed after the emergency call is established. It is necessary to maintain a state of waiting for a message prompting execution of disconnection of the IMS non-emergency call. Such a situation makes software design at the UE difficult. Therefore, a message prompting the disconnection of the IMS non-emergency call that is output asynchronously is established by setting the processing to disconnect the IMS non-emergency call after the UE receives the forced emergency call indicator and establishes the IMS emergency call. There is no need to wait and software design is simplified.
 さらに、強制緊急呼指示子を受け取ることをトリガーにしてIMS緊急呼の確立及びIMS非緊急呼の切断処理を実行することを定めることにより、IMS非緊急呼を切断するためにDeactivate EPS Bearer Context Request/AcceptもしくはDeactivate PDP Context Request/Accept等のメッセージを用いる必要がなくなるため、シグナリング量の増加を解消することができる。 Further, it is determined that the IMS emergency call is established and the IMS non-emergency call disconnection process is executed by receiving the forced emergency call indicator as a trigger, so that the IMS non-emergency call is disconnected. Since there is no need to use messages such as / Accept or Deactivate PDP Context Request / Accept, the increase in signaling amount can be eliminated.
 さらに、強制緊急呼指示子を受け取ることをトリガーにしてセキュリティ情報もしくはSecurity contextを無効化することを定めることにより、Security contextを無効化するためにEIA0(Null integrity protection)及びEEA0(No ciphering)を設定するNAS/AS Security Mode Command/Complete等のメッセージを用いる必要がなくなるため、シグナリング量の増加を解消することができる。また、強制緊急呼指示子を受け取ることをトリガーにしてセキュリティ情報もしくはSecurity contextを無効化することを定めることにより、NAS/AS Security Mode Command/Completeの伝搬遅延によるIMS緊急呼の確立遅延を防止することができる。 Furthermore, EIA0 (Null integrity protection) and EEA0 (No ciphering) are used to invalidate Security context by specifying that security information or Security context is invalidated by receiving a forced emergency call indicator. Since it is not necessary to use messages such as NAS / AS Security Mode Command / Complete to set, an increase in the amount of signaling can be eliminated. Also, it is possible to prevent delay of establishment of IMS emergency call due to propagation delay of NAS / AS Security Mode Command / Complete by deciding to invalidate security information or Security context triggered by receiving forced emergency call indicator be able to.
 (実施の形態2)
 続いて、図5を用いて本発明の実施の形態2にかかる通信装置10とネットワーク装置31との間の緊急呼確立処理の流れについて説明する。図5においては、通信装置10がUTRAN網に配置されるネットワーク装置31に対して緊急呼を確立する処理の流れを説明する。ここでは、通信装置10としてUEを用いて説明し、ネットワーク装置31としてSGSN33を用いて説明する。UE及びSGSN33は3GPPにおいて規定されているネットワークを構成する装置である。また、SGSN33は、3GPPに規定されているW-CDMA無線アクセス方式を用いた無線アクセスネットワークを収容するコアネットワークを構成する装置である。SGSN33は、UEの移動管理、認証及びUEとの間の通信ベアラの設定等を行う装置である。また、UEとSGSN33との間において確立される緊急呼をIMS緊急呼とし、UEとネットワーク装置21との間において確立される非緊急呼をIMS非緊急呼として、下記において説明する。 (Embodiment 2)
Next, the flow of the emergency call establishment process between the communication device 10 and the network device 31 according to the second embodiment of the present invention will be described using FIG. In FIG. 5, the flow of processing in which the communication apparatus 10 establishes an emergency call to the network apparatus 31 arranged in the UTRAN network will be described. Here, a description will be given using the UE as the communication device 10 and an SGSN 33 as the network device 31. The UE and SGSN 33 are devices constituting a network defined in 3GPP. The SGSN 33 is a device constituting a core network that accommodates a radio access network using a W-CDMA radio access scheme defined in 3GPP. The SGSN 33 is a device that performs UE mobility management, authentication, setting of a communication bearer with the UE, and the like. Further, an emergency call established between the UE and the SGSN 33 will be described below as an IMS emergency call, and a non-emergency call established between the UE and the network device 21 will be described as an IMS non-emergency call.
 はじめに、UEはSGSN33が配置されているネットワーク30とは異なるネットワーク、つまりネットワーク20のネットワーク装置21とIMS非緊急呼を確立している状態とする(S301)。ここで、ネットワーク装置21にはMMEもしくはSGSNが用いられてもよい。IMS非緊急呼を確立してデータ通信を行うことをNormal Serviceと称してもよい。 First, the UE establishes an IMS non-emergency call with a network different from the network 30 in which the SGSN 33 is arranged, that is, the network device 21 of the network 20 (S301). Here, MME or SGSN may be used for the network device 21. Establishing an IMS non-emergency call and performing data communication may be referred to as Normal Service.
 次に、UEは、IMS緊急呼を確立するためにSGSN33へACTIVATE PDP CONTEXT REQUEST(emergency)メッセージを送信する(S302)。次に、SGSN33は、UEへAUTHENTICATION REQUESTメッセージを送信する(S303)。AUTHENTICATION REQUESTメッセージには、UEにおける認証処理に用いられる認証情報が含まれてもよい。認証情報は、例えばUEにおいてレスポンスデータを生成するために用いられるチャレンジメッセージもしくは暗号化アルゴリズムに関する情報等であってもよい。 Next, the UE transmits an ACTIVATE PDP CONTEXT REQUEST (emergency) message to the SGSN 33 in order to establish an IMS emergency call (S302). Next, the SGSN 33 transmits an AUTHENTICATION REQUEST message to the UE (S303). The AUTHENTICATION REQUEST message may include authentication information used for authentication processing in the UE. The authentication information may be, for example, a challenge message used for generating response data in the UE or information on an encryption algorithm.
 次に、UEは、SGSN33から送信された認証情報を用いて認証処理を実行する(S304)。ここで、UEとSGSN33との間の認証が失敗した場合、UEは、SGSN33へ認証失敗応答(AUTHENTICATION FAILURE)メッセージを送信する。 Next, the UE executes an authentication process using the authentication information transmitted from the SGSN 33 (S304). Here, when the authentication between the UE and the SGSN 33 fails, the UE transmits an authentication failure response (AUTHENTICATION メ ッ セ ー ジ FAILURE) message to the SGSN 33.
 次に、SGSN33は、UEとSGSN33との間の認証が失敗した場合においてもIMS緊急呼の確立を行うために、UEへACTIVATE PDP CONTEXT ACCEPTメッセージを送信する(S305)。ACTIVATE PDP CONTEXT ACCEPTメッセージは、強制緊急呼指示子を含む。強制緊急呼指示子は、UEとSGSN33との間において認証が失敗した場合においても、UEとSGSN33との間において強制的にIMS緊急呼を確立する処理をUEに促すために用いられる識別子である。 Next, the SGSN 33 transmits an ACTIVATE PDP CONTEXT ACCEPT message to the UE in order to establish an IMS emergency call even when the authentication between the UE and the SGSN 33 fails (S305). The ACTIVATE PDP CONTEXT ACCEPT message contains a forced emergency call indicator. The forced emergency call indicator is an identifier used to prompt the UE to perform a process of forcibly establishing an IMS emergency call between the UE and the SGSN 33 even when authentication between the UE and the SGSN 33 fails. .
 次に、UEは、強制緊急呼指示子を受信すると緊急呼確立処理を行い、UEとSGSN33との間にIMS緊急子が確立される(S306)。UEにおける緊急呼確立処理は、図4に説明した処理と同様であるため詳細な説明を省略する。 Next, when receiving the forced emergency call indicator, the UE performs an emergency call establishment process, and an IMS emergency child is established between the UE and the SGSN 33 (S306). Since the emergency call establishment process in the UE is the same as the process described in FIG. 4, detailed description thereof is omitted.
 以上説明したように、強制緊急呼指示子を用いることによりUTRAN網を用いた場合においても、E-UTRAN網を用いた場合と同様の効果を得ることができる。 As described above, even when the UTRAN network is used by using the compulsory emergency call indicator, the same effect as when the E-UTRAN network is used can be obtained.
 なお、本発明は上記実施の形態に限られたものではなく、趣旨を逸脱しない範囲で適宜変更することが可能である。例えば、上記の実施の形態1及び2においては、IMS緊急呼確立メッセージ(ACTIVATE DEFAULT EPS BEARER CONTEXT REQUESTもしくはACTIVATE PDP CONTEXT ACCEPT)に強制緊急呼指示子を設定するが、NW側からのUEへ出力される異なるメッセージに強制緊急呼指示子を設定してもよい。つまり、Normal serviceに位置登録したUEが、NWに対してIMS緊急呼の確立意志を通知した後は、NWは、DownLink(DL)の位置登録メッセージもしくはSession Managementメッセージに強制緊急呼指示子を付与してもよい。 Note that the present invention is not limited to the above-described embodiment, and can be appropriately changed without departing from the spirit of the present invention. For example, in the first and second embodiments described above, the forced emergency call indicator is set in the IMS emergency call establishment message (ACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST or ACTIVATE PDP CONTEXT ACCEPT). Forced emergency call indicators may be set for different messages. In other words, after the UE registered for location in Normal service notifies the NW of the intention to establish an IMS emergency call, the NW assigns a forced emergency call indicator to the location registration message or Session Management message of DownLink (DL) May be.
 例えば、DLの位置登録メッセージとは、E-UTRAN網在圏時であればTracking Area Update Accept、UTRAN網在圏時(PSドメイン)であればRouting Area Updating Acceptが該当する。 For example, the DL location registration message corresponds to Tracking Area Update Accept when in the E-UTRAN network coverage area, and Routing Area Updating Acceptance when in the UTRAN network coverage area (PS domain).
 また、DLのSession Managementメッセージとは、E-UTRAN網在圏時であればModify EPS Bearer Context Request、UTRAN網在圏時(PSドメイン)であればRequest PDP Context Activationが該当する。 Also, the DL Session Management message corresponds to Modify EPS Bearer Context Request if the E-UTRAN network is located, and Request PDP Context Activation if the UTRAN network is located (PS domain).
 さらに、Normal serviceに位置登録したUEが、NWに対してIMS緊急呼の確立意志を通知するタイミングとは、RRC connection確立時、つまりRRC Connection Request送信時でもよく、ATTACH REAUEST送信時であってもよい。 Furthermore, the timing at which the UE registered in the location of Normal service notifies the NW of the intention to establish an IMS emergency call may be when RRC connection is established, that is, when RRC Connection Request is transmitted or when ATTACH REAUEST is transmitted. Good.
 上述の実施の形態では、ハードウェアの構成として説明したが、これに限定されるものではなく、UEにおける緊急呼確立処理を、CPU(Central Processing Unit)にコンピュータプログラムを実行させることにより実現することも可能である。この場合、コンピュータプログラムは、様々なタイプの非一時的なコンピュータ可読媒体(non-transitory computer readable medium)を用いて格納され、コンピュータに供給することができる。非一時的なコンピュータ可読媒体は、様々なタイプの実体のある記録媒体(tangible storage medium)を含む。非一時的なコンピュータ可読媒体の例は、磁気記録媒体(例えばフレキシブルディスク、磁気テープ、ハードディスクドライブ)、光磁気記録媒体(例えば光磁気ディスク)、CD-ROM(Read Only Memory)、CD-R、CD-R/W、半導体メモリ(例えば、マスクROM、PROM(Programmable ROM)、EPROM(Erasable PROM)、フラッシュROM、RAM(random access memory))を含む。また、プログラムは、様々なタイプの一時的なコンピュータ可読媒体(transitory computer readable medium)によってコンピュータに供給されてもよい。一時的なコンピュータ可読媒体の例は、電気信号、光信号、及び電磁波を含む。一時的なコンピュータ可読媒体は、電線及び光ファイバ等の有線通信路、又は無線通信路を介して、プログラムをコンピュータに供給できる。 In the above-described embodiment, the hardware configuration has been described. However, the present invention is not limited to this, and the emergency call establishment process in the UE is realized by causing a CPU (Central Processing Unit) to execute a computer program. Is also possible. In this case, the computer program can be stored and supplied to a computer using various types of non-transitory computer readable media. Non-transitory computer readable media include various types of tangible storage media (tangible storage medium). Examples of non-transitory computer-readable media include magnetic recording media (eg flexible disks, magnetic tapes, hard disk drives), magneto-optical recording media (eg magneto-optical discs), CD-ROMs (Read Only Memory), CD-Rs, CD-R / W, semiconductor memory (for example, mask ROM, PROM (Programmable ROM), EPROM (Erasable ROM), flash ROM, RAM (random access memory)) are included. The program may also be supplied to the computer by various types of temporary computer-readable media. Examples of transitory computer readable media include electrical signals, optical signals, and electromagnetic waves. The temporary computer-readable medium can supply the program to the computer via a wired communication path such as an electric wire and an optical fiber, or a wireless communication path.
 (付記1)
 通信装置と第1のネットワークに配置される第1のネットワーク装置との間において非緊急呼を確立している状態において、前記通信装置と第2のネットワークに配置される第2のネットワーク装置との間に緊急呼を確立する緊急呼確立システムであって、前記第2のネットワーク装置は、前記通信装置から通知される緊急呼接続要求に対して、前記通信装置の認証結果に依らず前記通信装置へ緊急呼確立処理の実行を促す緊急呼指示子を設定したメッセージを前記通信装置へ通知し、前記通信装置は、前記緊急呼指示子が設定されたメッセージを受信すると、前記第1のネットワーク装置との間において定められたセキュリティ情報を無効にして、前記第2のネットワーク装置との間に緊急呼確立処理を行う、緊急呼確立システム。 (Appendix 1)
In a state where a non-emergency call is established between the communication device and the first network device arranged in the first network, the communication device and the second network device arranged in the second network An emergency call establishment system for establishing an emergency call in between, wherein the second network device responds to an emergency call connection request notified from the communication device regardless of an authentication result of the communication device. A message in which an emergency call indicator that prompts execution of emergency call establishment processing is set is notified to the communication device, and when the communication device receives the message in which the emergency call indicator is set, the first network device An emergency call establishment system that performs an emergency call establishment process with the second network device by invalidating security information determined between the first network apparatus and the second network apparatus.
 (付記2)
 前記通信装置は、前記緊急呼指示子が設定されたメッセージを受信すると、前記セキュリティ情報の無効化を指示するセキュリティ情報無効化指示信号を受信することなく、前記セキュリティ情報を無効とする付記1に記載の緊急呼確立システム。 (Appendix 2)
Supplementary note 1 that, when receiving a message in which the emergency call indicator is set, the communication device invalidates the security information without receiving a security information invalidation instruction signal instructing invalidation of the security information. The described emergency call establishment system.
 (付記3)
 前記通信装置は、前記緊急呼指示子が設定されたメッセージを受信すると、前記緊急呼確立処理を実行した後に前記第1のネットワーク装置との間において確立されている非緊急呼を切断する、付記1又は2に記載の緊急呼確立システム。 (Appendix 3)
When the communication device receives a message in which the emergency call indicator is set, the communication device disconnects a non-emergency call established with the first network device after executing the emergency call establishment process. 3. The emergency call establishment system according to 1 or 2.
 (付記4)
 前記通信装置は、前記緊急呼指示子が設定されたメッセージを受信すると、前記非緊急呼の切断を指示する切断指示信号を受信することなく、前記非緊急呼を切断する付記3に記載の緊急呼確立システム。 (Appendix 4)
The emergency communication according to appendix 3, wherein when the communication device receives the message in which the emergency call indicator is set, the communication device disconnects the non-emergency call without receiving a disconnection instruction signal instructing disconnection of the non-emergency call. Call establishment system.
 (付記5)
 前記通信装置は、前記非緊急呼を切断すると、前記第2のネットワーク装置との間において通信する緊急サービスに登録した状態に遷移する、付記3又は4に記載の緊急呼確立システム。 (Appendix 5)
5. The emergency call establishment system according to appendix 3 or 4, wherein when the non-emergency call is disconnected, the communication device transitions to a state registered in an emergency service communicating with the second network device.
 (付記6)
 第1のネットワークに配置される第1のネットワーク装置との間において非緊急呼を確立している状態において、第2のネットワークに配置される第2のネットワーク装置との間に緊急呼を確立する際に、前記第2のネットワーク装置から緊急呼指示子を受信するデータ受信部と、前記緊急呼指示子を受信すると前記第1のネットワーク装置との間において定められたセキュリティ情報を無効にして、前記第2のネットワーク装置との間に緊急呼確立処理を行うセキュリティ情報制御部と、を備える通信装置。 (Appendix 6)
Establishing an emergency call with a second network device arranged in the second network in a state where a non-emergency call is established with the first network device arranged in the first network When receiving the emergency call indicator from the data receiving unit that receives the emergency call indicator from the second network device, invalidate the security information defined between the first network device, A communication apparatus comprising: a security information control unit that performs an emergency call establishment process with the second network apparatus.
 (付記7)
 前記セキュリティ情報制御部は、前記緊急呼指示子が設定されたメッセージを受信すると、前記セキュリティ情報の無効化を指示するセキュリティ情報無効化指示信号を受信することなく、前記セキュリティ情報を無効とする付記6に記載の通信装置。 (Appendix 7)
When the security information control unit receives a message in which the emergency call indicator is set, the security information control unit invalidates the security information without receiving a security information invalidation instruction signal instructing the invalidation of the security information. 6. The communication device according to 6.
 (付記8)
 前記緊急呼指示子が設定されたメッセージを受信すると、前記緊急呼確立処理を実行した後に前記第1のネットワーク装置との間において確立されている非緊急呼を切断するベアラ制御部をさらに備える、付記6又は7に記載の通信装置。 (Appendix 8)
A bearer control unit for disconnecting a non-emergency call established with the first network device after executing the emergency call establishment process upon receiving a message in which the emergency call indicator is set; The communication device according to appendix 6 or 7.
 (付記9)
 前記ベアラ制御部は、前記緊急呼指示子が設定されたメッセージを受信すると、前記非緊急呼の切断を指示する切断指示信号を受信することなく、前記非緊急呼を切断する付記8に記載の通信装置。 (Appendix 9)
The bearer control unit, when receiving the message in which the emergency call indicator is set, disconnects the non-emergency call without receiving a disconnection instruction signal instructing disconnection of the non-emergency call. Communication device.
 (付記10)
 前記非緊急呼を切断すると、前記第2のネットワーク装置との間において通信する緊急サービスに登録した状態に遷移させる位置登録状態管理部をさらに備える、付記8又は9に記載の通信装置。 (Appendix 10)
The communication device according to appendix 8 or 9, further comprising a location registration state management unit that transitions to a state registered in an emergency service that communicates with the second network device when the non-emergency call is disconnected.
 (付記11)
 第1のネットワークに配置される第1のネットワーク装置との間において非緊急呼を確立している状態において、第2のネットワークに配置される第2のネットワーク装置との間に緊急呼を確立する際に、前記第2のネットワーク装置から緊急呼指示子を受信し、前記緊急呼指示子を受信すると、前記第1のネットワーク装置との間において定められたセキュリティ情報を無効にし、前記第2のネットワーク装置との間に緊急呼確立処理を行う、緊急呼確立方法。 (Appendix 11)
Establishing an emergency call with a second network device arranged in the second network in a state where a non-emergency call is established with the first network device arranged in the first network When receiving the emergency call indicator from the second network device and receiving the emergency call indicator, the security information defined with the first network device is invalidated, and the second network device An emergency call establishment method for performing emergency call establishment processing with a network device.
 (付記12)
 第1のネットワークに配置される第1のネットワーク装置との間において非緊急呼を確立している状態において、第2のネットワークに配置される第2のネットワーク装置との間に緊急呼を確立する際に、前記第2のネットワーク装置から緊急呼指示子を受信するステップと、前記緊急呼指示子を受信すると、前記第1のネットワーク装置との間において定められたセキュリティ情報を無効にするステップと、前記第2のネットワーク装置との間に緊急呼確立処理を行うステップ、とをコンピュータに実行させるプログラム。 (Appendix 12)
Establishing an emergency call with a second network device arranged in the second network in a state where a non-emergency call is established with the first network device arranged in the first network A step of receiving an emergency call indicator from the second network device, and a step of invalidating security information defined with the first network device upon receiving the emergency call indicator; A program for causing a computer to execute an emergency call establishment process with the second network device.
 以上、実施の形態を参照して本願発明を説明したが、本願発明は上記によって限定されるものではない。本願発明の構成や詳細には、発明のスコープ内で当業者が理解し得る様々な変更をすることができる。 The present invention has been described above with reference to the embodiment, but the present invention is not limited to the above. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the invention.
 この出願は、2012年11月29日に出願された日本出願特願2012-260715を基礎とする優先権を主張し、その開示の全てをここに取り込む。 This application claims priority based on Japanese Patent Application No. 2012-260715 filed on November 29, 2012, the entire disclosure of which is incorporated herein.
 10 通信装置
 11 データ通信部
 12 セキュリティ情報制御部
 13 ベアラ制御部
 14 位置登録状態管理部
 15 セキュリティ情報格納部
 20 ネットワーク
 21 ネットワーク装置
 30 ネットワーク
 31 ネットワーク装置 DESCRIPTION OF SYMBOLS 10 Communication apparatus 11 Data communication part 12 Security information control part 13 Bearer control part 14 Location registration state management part 15 Security information storage part 20 Network 21 Network apparatus 30 Network 31 Network apparatus

Claims (10)

  1.  通信装置と第1のネットワークに配置される第1のネットワーク装置との間において非緊急呼を確立している状態において、前記通信装置と第2のネットワークに配置される第2のネットワーク装置との間に緊急呼を確立する緊急呼確立システムであって、
     前記第2のネットワーク装置は、
     前記通信装置から通知される緊急呼接続要求に対して、前記通信装置の認証結果に依らず前記通信装置へ緊急呼確立処理の実行を促す緊急呼指示子を設定したメッセージを前記通信装置へ通知し、
     前記通信装置は、
     前記緊急呼指示子が設定されたメッセージを受信すると、前記第1のネットワーク装置との間において定められたセキュリティ情報を無効にして、前記第2のネットワーク装置との間に緊急呼確立処理を行う、緊急呼確立システム。     In a state where a non-emergency call is established between the communication device and the first network device arranged in the first network, the communication device and the second network device arranged in the second network An emergency call establishment system for establishing an emergency call between,
    The second network device is:
    In response to an emergency call connection request notified from the communication device, the communication device is notified of a message in which an emergency call indicator that prompts the communication device to execute emergency call establishment processing is set regardless of the authentication result of the communication device. And
    The communication device
    When a message in which the emergency call indicator is set is received, the security information established with the first network device is invalidated, and an emergency call establishment process is performed with the second network device. Emergency call establishment system.
  2.  前記通信装置は、
     前記緊急呼指示子が設定されたメッセージを受信すると、前記セキュリティ情報の無効化を指示するセキュリティ情報無効化指示信号を受信することなく、前記セキュリティ情報を無効とする請求項1に記載の緊急呼確立システム。     The communication device
    The emergency call according to claim 1, wherein upon receiving a message in which the emergency call indicator is set, the security information is invalidated without receiving a security information invalidation instruction signal instructing invalidation of the security information. Established system.
  3.  前記通信装置は、
     前記緊急呼指示子が設定されたメッセージを受信すると、前記緊急呼確立処理を実行した後に前記第1のネットワーク装置との間において確立されている非緊急呼を切断する、請求項1又は2に記載の緊急呼確立システム。     The communication device
    3. When receiving a message in which the emergency call indicator is set, the non-emergency call established with the first network device is disconnected after executing the emergency call establishment process. The described emergency call establishment system.
  4.  前記通信装置は、
     前記緊急呼指示子が設定されたメッセージを受信すると、前記非緊急呼の切断を指示する切断指示信号を受信することなく、前記非緊急呼を切断する請求項3に記載の緊急呼確立システム。     The communication device
    4. The emergency call establishment system according to claim 3, wherein when the message in which the emergency call indicator is set is received, the non-emergency call is disconnected without receiving a disconnection instruction signal instructing disconnection of the non-emergency call.
  5.  前記通信装置は、
     前記非緊急呼を切断すると、前記第2のネットワーク装置との間において通信する緊急サービスに登録した状態に遷移する、請求項3又は4に記載の緊急呼確立システム。     The communication device
    The emergency call establishment system according to claim 3 or 4, wherein when the non-emergency call is disconnected, a transition is made to a state registered in an emergency service communicating with the second network device.
  6.  第1のネットワークに配置される第1のネットワーク装置との間において非緊急呼を確立している状態において、第2のネットワークに配置される第2のネットワーク装置との間に緊急呼を確立する際に、前記第2のネットワーク装置から緊急呼指示子を受信するデータ受信手段と、
     前記緊急呼指示子を受信すると前記第1のネットワーク装置との間において定められたセキュリティ情報を無効にして、前記第2のネットワーク装置との間に緊急呼確立処理を行うセキュリティ情報制御手段と、を備える通信装置。     Establishing an emergency call with a second network device arranged in the second network in a state where a non-emergency call is established with the first network device arranged in the first network Data receiving means for receiving an emergency call indicator from the second network device,
    Security information control means for invalidating security information defined with the first network device upon receiving the emergency call indicator and performing emergency call establishment processing with the second network device; A communication device comprising:
  7.  前記セキュリティ情報制御手段は、
     前記緊急呼指示子が設定されたメッセージを受信すると、前記セキュリティ情報の無効化を指示するセキュリティ情報無効化指示信号を受信することなく、前記セキュリティ情報を無効とする請求項6に記載の通信装置。     The security information control means includes
    The communication apparatus according to claim 6, wherein upon receiving a message in which the emergency call indicator is set, the security information is invalidated without receiving a security information invalidation instruction signal instructing invalidation of the security information. .
  8.  前記緊急呼指示子が設定されたメッセージを受信すると、前記緊急呼確立処理を実行した後に前記第1のネットワーク装置との間において確立されている非緊急呼を切断するベアラ制御手段をさらに備える、請求項6又は7に記載の通信装置。 And further comprising bearer control means for disconnecting a non-emergency call established with the first network device after executing the emergency call establishment process upon receiving the message in which the emergency call indicator is set. The communication apparatus according to claim 6 or 7.
  9.  第1のネットワークに配置される第1のネットワーク装置との間において非緊急呼を確立している状態において、第2のネットワークに配置される第2のネットワーク装置との間に緊急呼を確立する際に、前記第2のネットワーク装置から緊急呼指示子を受信し、
     前記緊急呼指示子を受信すると、前記第1のネットワーク装置との間において定められたセキュリティ情報を無効にし、
     前記第2のネットワーク装置との間に緊急呼確立処理を行う、緊急呼確立方法。     Establishing an emergency call with a second network device arranged in the second network in a state where a non-emergency call is established with the first network device arranged in the first network Upon receiving an emergency call indicator from the second network device,
    Upon receiving the emergency call indicator, invalidate the security information defined with the first network device,
    An emergency call establishment method for performing an emergency call establishment process with the second network device.
  10.  第1のネットワークに配置される第1のネットワーク装置との間において非緊急呼を確立している状態において、第2のネットワークに配置される第2のネットワーク装置との間に緊急呼を確立する際に、前記第2のネットワーク装置から緊急呼指示子を受信するステップと、
     前記緊急呼指示子を受信すると、前記第1のネットワーク装置との間において定められたセキュリティ情報を無効にするステップと、
     前記第2のネットワーク装置との間に緊急呼確立処理を行うステップ、とをコンピュータに実行させるプログラムが格納された非一時的なコンピュータ可読媒体。     Establishing an emergency call with a second network device arranged in the second network in a state where a non-emergency call is established with the first network device arranged in the first network Receiving an emergency call indicator from the second network device,
    Upon receiving the emergency call indicator, invalidating security information defined with the first network device;
    A non-transitory computer-readable medium storing a program for causing a computer to execute an emergency call establishment process with the second network device.
PCT/JP2013/004691 2012-11-29 2013-08-02 Emergency call establishment system, communication apparatus, emergency call establishment method, and nontemporary computer readable medium WO2014083724A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2012260715 2012-11-29
JP2012-260715 2012-11-29

Publications (1)

Publication Number Publication Date
WO2014083724A1 true WO2014083724A1 (en) 2014-06-05

Family

ID=50827390

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2013/004691 WO2014083724A1 (en) 2012-11-29 2013-08-02 Emergency call establishment system, communication apparatus, emergency call establishment method, and nontemporary computer readable medium

Country Status (1)

Country Link
WO (1) WO2014083724A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015192342A (en) * 2014-03-28 2015-11-02 Kddi株式会社 Communication system, emergency call restriction device and communication method
JP2016131308A (en) * 2015-01-14 2016-07-21 ソフトバンク株式会社 Communication terminal device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011504674A (en) * 2007-10-29 2011-02-10 クゥアルコム・インコーポレイテッド Method and apparatus for self-establishing network relationships
JP2011518532A (en) * 2008-04-22 2011-06-23 ノーテル・ネットワークス・リミテッド Limiting mobile station handover
JP2011521505A (en) * 2008-04-02 2011-07-21 クゥアルコム・インコーポレイテッド Method and apparatus for supporting emergency call (eCALL)
JP2012075107A (en) * 2010-09-29 2012-04-12 Kotatsu Kokusai Denshi Kofun Yugenkoshi Apparatuses and methods for handling of equivalent public land mobile network (plmn) list

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011504674A (en) * 2007-10-29 2011-02-10 クゥアルコム・インコーポレイテッド Method and apparatus for self-establishing network relationships
JP2011521505A (en) * 2008-04-02 2011-07-21 クゥアルコム・インコーポレイテッド Method and apparatus for supporting emergency call (eCALL)
JP2011518532A (en) * 2008-04-22 2011-06-23 ノーテル・ネットワークス・リミテッド Limiting mobile station handover
JP2012075107A (en) * 2010-09-29 2012-04-12 Kotatsu Kokusai Denshi Kofun Yugenkoshi Apparatuses and methods for handling of equivalent public land mobile network (plmn) list

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE); Security architecture (Release 12", 3GPP TS 33.401 V12.5.0, September 2012 (2012-09-01), pages 66 - 69 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015192342A (en) * 2014-03-28 2015-11-02 Kddi株式会社 Communication system, emergency call restriction device and communication method
JP2016131308A (en) * 2015-01-14 2016-07-21 ソフトバンク株式会社 Communication terminal device

Similar Documents

Publication Publication Date Title
US11653199B2 (en) Multi-RAT access stratum security
US9894054B2 (en) Secure method for MTC device triggering
US10320754B2 (en) Data transmission method and apparatus
JP2022536924A (en) Method and system for handling closed access group related procedures
CN109922474B (en) Method for triggering network authentication and related equipment
US11019495B2 (en) Communication terminal, network device, communication method, and non-transitory computer readable medium
EP3596985B1 (en) Method and apparatus for protection of privacy in paging of user equipment
EP2293610A1 (en) Method and device for preventing loss of network security synchronization
CN105830476A (en) Method and system for providing security from a radio access network
CN111886885B (en) Secure authentication when recovering an RRC connection
US20190274039A1 (en) Communication system, network apparatus, authentication method, communication terminal, and security apparatus
US10827557B2 (en) Network access control method and apparatus
US20190335329A1 (en) Mtc key management for sending key from network to ue
WO2012028020A1 (en) Method and system for realizing circuit domain fallback and method and system for testing circuit domain fallback
US9060028B1 (en) Method and apparatus for rejecting untrusted network
US20140071945A1 (en) Device Triggering Method and Network Element Device
WO2014194787A1 (en) Non-access layer and access layer security algorithm processing method and device
WO2016045293A1 (en) All-group calling method, system, related device and computer storage medium
WO2014083724A1 (en) Emergency call establishment system, communication apparatus, emergency call establishment method, and nontemporary computer readable medium
EP3045003B1 (en) Paging procedure control
CN111556505A (en) Method and device for connection release
ES2472425T3 (en) Communication system, access control entity and method to control the access of a user equipment
US11159944B2 (en) Wireless-network attack detection
KR102102858B1 (en) System with simplified authentication procedure when transitioning from WCDMA network into LTE network
WO2014169568A1 (en) Security context handling method and apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13858060

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13858060

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP