WO2018169070A1 - 通信端末、ネットワーク装置、通信方法、及び非一時的なコンピュータ可読媒体 - Google Patents
通信端末、ネットワーク装置、通信方法、及び非一時的なコンピュータ可読媒体 Download PDFInfo
- Publication number
- WO2018169070A1 WO2018169070A1 PCT/JP2018/010572 JP2018010572W WO2018169070A1 WO 2018169070 A1 WO2018169070 A1 WO 2018169070A1 JP 2018010572 W JP2018010572 W JP 2018010572W WO 2018169070 A1 WO2018169070 A1 WO 2018169070A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- communication
- communication area
- destination
- eps
- communication terminal
- Prior art date
Links
- 238000004891 communication Methods 0.000 title claims abstract description 464
- 238000000034 method Methods 0.000 title claims description 54
- 238000012508 change request Methods 0.000 claims description 9
- 230000008859 change Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 35
- 238000012545 processing Methods 0.000 description 19
- 238000007726 management method Methods 0.000 description 9
- 230000004044 response Effects 0.000 description 9
- 230000006870 function Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/12—Reselecting a serving backbone network switching or routing node
- H04W36/125—Reselecting a serving backbone network switching or routing node involving different types of service backbones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/037—Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/14—Reselecting a network or an air interface
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/14—Reselecting a network or an air interface
- H04W36/144—Reselecting a network or an air interface over a different radio air interface technology
- H04W36/1443—Reselecting a network or an air interface over a different radio air interface technology between licensed networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/18—Selecting a network or a communication service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/13—Cell handover without a predetermined boundary, e.g. virtual cells
Definitions
- the present disclosure relates to a communication terminal, a network device, a communication method, and a program.
- Non-Patent Document 1 discloses a system configuration including both EPS and 5GS.
- Non-Patent Document 1 does not disclose a specific process when the UE switches the communication system used between EPS and 5GS. Therefore, there is a problem that when the UE moves, the communication system used between EPS and 5GS cannot be switched, and the UE cannot use the communication system provided in the moved area. .
- An object of the present disclosure is to provide a communication terminal, a network device, a communication method, and a program corresponding to switching of a communication system between EPS and 5GS in view of the above-described problems.
- the communication terminal moves from a communication area formed by 5GS (5 Generation System) to a communication area formed by EPS (Evolved Packet System), or a communication area formed by the EPS
- a control unit that determines whether or not a communication system forming a destination communication area can satisfy a service requirement condition when moving to a communication area formed by the 5GS, and the destination communication area
- a communication unit that transmits a connection request message to the communication system that forms the communication area of the destination when it is determined that the communication system that forms the network can satisfy the service requirement conditions.
- the communication terminal moves from a communication area formed by 5GS (5 Generation System) to a communication area formed by EPS (Evolved Packet System), or when the communication terminal
- 5GS 5 Generation System
- EPS Evolved Packet System
- a communication unit that transmits a change request message is determined whether or not the communication system forming the communication area to which the communication terminal is moved can satisfy the service requirements.
- a communication area formed by an EPS (Evolved Packet System) or a communication area formed by the EPS is transferred from a communication area formed by 5GS (5 Generation System).
- 5GS 5 Generation System
- the mobile station moves to the communication area formed by the 5GS, it is determined whether or not the communication system forming the destination communication area can satisfy the service requirement condition, and the destination communication area is formed.
- a connection request message is transmitted to the communication system forming the destination communication area.
- the program according to the fourth aspect of the present disclosure moves from a communication area formed by 5GS (5 Generation System) to a communication area formed by EPS (Evolved Packet System) or from a communication area formed by the EPS.
- 5GS 5 Generation System
- EPS Evolved Packet System
- the system causes the computer to transmit a connection request message to the communication system forming the destination communication area.
- a communication terminal it is possible to provide a communication terminal, a network device, a communication method, and a program that support switching of a communication system between EPS and 5GS.
- FIG. 1 is a configuration diagram of a communication terminal according to a first embodiment.
- FIG. 3 is a configuration diagram of a communication system according to a second exemplary embodiment. It is a figure which shows the hierarchical structure of the security key used in EPS concerning Embodiment 2.
- FIG. It is a figure which shows the hierarchical structure of the security key used in 5GS concerning Embodiment 2.
- FIG. It is a figure which shows the flow of a process when UE of the non-communication state concerning Embodiment 2 moves. It is a figure which shows the flow of a process when UE of the communication state concerning Embodiment 2 moves. It is a figure which shows the flow of a process when UE of the communication state concerning Embodiment 2 moves. It is a figure which shows the flow of a process when UE of the communication state concerning Embodiment 2 moves.
- FIG. 3 is a configuration diagram of a network device according to a second exemplary embodiment.
- the communication terminal 10 may be a computer device that operates when a processor executes a program stored in a memory.
- the communication terminal 10 may be, for example, a mobile phone terminal, a smartphone terminal, or a tablet terminal.
- the communication terminal 10 may be an IoT (Internet of Things) terminal or an MTC (Machine Type Communication) terminal.
- the communication terminal 10 includes a communication unit 11 and a control unit 12.
- the communication unit 11 and the control unit 12 may be software or a module in which processing is executed by a processor executing a program stored in a memory.
- the communication unit 11 and the control unit 12 may be hardware such as a circuit or a chip.
- the control unit 12 determines whether or not the communication system forming the destination communication area can satisfy the service requirement condition.
- the communication area formed by 5GS may be a cell defined as a communication area by gNB (g) Node ⁇ ⁇ ⁇ ⁇ B) used in 5GS, for example.
- the communication area formed by the EPS may be, for example, a cell defined as a communication area by an eNB (evolvedvolveNode B) used in the EPS.
- the movement of the communication terminal 10 means, for example, that the communication terminal 10 is registered in one of the EPS and 5GS communication systems, but moves to an area formed by the other communication system in a state where communication is not performed. It may be. Alternatively, the movement of the communication terminal 10 means that the communication terminal 10 moves to an area formed by the other communication system in a state in which the communication terminal 10 performs communication using one of the EPS and 5GS communication systems. Also good.
- 5GS and EPS each provide communication services.
- 5GS and EPS provide services related to data transmission to the communication terminal 10.
- the requirements for communication services provided by 5GS and EPS are determined by a service provider or the like.
- the requirement condition may be, for example, a condition regarding delay, throughput, security algorithm, or the like.
- the security level changes according to the provided security algorithm.
- the service for determining whether or not the control unit 12 can satisfy the required condition may be, for example, a service that can be used by the communication terminal 10.
- Information on services that can be used by the communication terminal 10 may be stored in the communication terminal 10 in advance.
- the service for determining whether the control unit 12 can satisfy the required condition may be a service currently used by the communication terminal 10.
- the control unit 12 may hold information on the capabilities of each communication system regarding service requirements such as delay, throughput, or security algorithm. Furthermore, the control part 12 may hold
- the control unit 12 determines whether or not the communication system forming the destination communication area of the communication terminal 10 satisfies the service requirement condition using the stored information.
- the communication unit 11 transmits a connection request message to the communication area forming the destination communication area when it is determined that the communication system forming the destination communication area can satisfy the service request condition.
- the communication terminal 10 moves between the communication area formed by 5GS and the communication area formed by EPS, the communication terminal 10 is connected to the communication system that forms the communication area of the destination. It is determined whether or not the required conditions can be satisfied. Furthermore, the communication terminal 10 transmits a connection request message to the communication system that can satisfy the service requirement conditions. As a result, the communication terminal 10 can continue to receive services even in the communication system that forms the communication area of the movement destination. That is, since the communication terminal 10 can receive a service that requests use even in a communication system that forms a communication area of a movement destination, the communication terminal 10 can be switched.
- the communication system in FIG. 2 includes a node device defined in 3GPP.
- the communication system of FIG. 2 includes UE (User Equipment) 31, E-UTRAN 32, MME (Mobility Management Entity) 33, SGW (Serving Gateway) 34, UE 35, 5G RAN 36, AMF (Access and Mobility Management Function).
- Entity 37 (hereinafter referred to as AMF 37), UPF (User Plane Function) + PGW (Packet Data Network) -U38, SMF (Session Management Function) + PGW-C39, PCF (Policy Control Function) + PCRF (Policy and Charging Rules Function) It has an entity 40 (hereinafter referred to as PCF + PCRF 40) and an HSS (Home Subscriber Server) + UDM (Unified Data Management) 41.
- An entity may be rephrased as a node device or a device.
- the UE31 and UE35 are used as a general term for communication terminals in 3GPP.
- the E-UTRAN 32 is a radio access network that uses LTE as a radio communication standard.
- the E-UTRAN 32 communicates with the UE 31 using, for example, an eNB (evolved) Node B) as a base station.
- eNB evolved Node B
- the MME 33 is a device that mainly performs mobility management of the UE 31, a bearer setting request, a bearer setting instruction, a bearer deletion request, or a bearer deletion instruction. Further, the MME 33 performs authentication processing of the UE 31 in cooperation with the HSS + UDM 41.
- the SGW 34 is a device that is connected to the E-UTRAN 32 and transfers U (User) -Plane data between the E-UTRAN 32 and the UPF + PGW-U38.
- U-Plane data may be paraphrased as user data.
- the MME 33 and the SGW 34 are node devices arranged in the EPC.
- 5G RAN36 is a radio access network that uses the next generation radio communication standard after LTE as a radio communication standard.
- the next-generation wireless communication standard may be referred to as, for example, 5G or NR (New Radio).
- the 5G5RAN 36 communicates with the UE 35 using, for example, gNB as a base station. Further, the 5G RAN 36 may communicate with the UE 31 that has been handed over from the communication area formed by the E-UTRAN 32. Further, the E-UTRAN 32 may communicate with the UE 35 that has been handed over from the communication area formed by the 5G RAN 36.
- the 5G RAN 36 transfers U-Plane data between the UE 35 and the UPF + PGW-U 38.
- the AMF 37 performs mobility management related to the UE 35 and authentication processing related to the UE 35 in cooperation with the PCF + PCRF 40 or the HSS + UDM 41 or the like.
- the AMF 37 is a node device arranged in the 5G core network.
- UPF + PGW-U38, SMF + PGW-C39, PCF + PCRF40, and HSS + UDM41 perform interworking between 5G RAN36 and 5G core networks and E-UTRAN32 and EPC.
- UPF + PGW-U38 communicates with SGW34 and 5G5RAN36.
- SMF + PGW-C39 communicates with SGW 34 and AMF 37.
- the HSS + UDM 41 communicates with the MME 33 and the AMF 37.
- PCF + PCRF 40 communicates with AMF 37.
- the PCF + PCRF 40 communicates with the MME 33 via the SMF + PGW-C39 and the SGW 34.
- UPF + PGW-U38 transfers user data between 5G core network and EPC.
- the SMF + PGW-C39 transfers C (Control) -Plane data between the 5G core network and the EPC, for example, transfers information related to session management.
- the PCF + PCRF 40 transfers information about policy information between the 5G core network and the EPC.
- the HSS + UDM 41 manages subscriber data between the UE 35 that performs communication via the 5G core network and the UE 31 that performs communication via the EPC.
- reference points set between nodes in the communication system of FIG. 2 will be described.
- the reference point may be replaced with an interface.
- the name of the reference point shown below may be changed with the update of a standard.
- An S1-MME reference point is defined between the E-UTRAN 32 and the MME 33. Between the E-UTRAN 32 and the SGW 34, an S1-U reference point is defined. An S11 reference point is defined between the MME 33 and the SGW 34. An S5-U reference point is defined between SGW 34 and UPF + PGW-U38. An S5-C reference point is defined between SGW 34 and SMF + PGW-C39. An S6a reference point is defined between the MME 33 and the HSS + UDM 41.
- N1 reference point is defined between UE35 and AMF37.
- An N2 reference point is defined between the 5G37RAN 36 and the AMF 37.
- An N3 reference point is defined between the 5G RAN 36 and UPF + PGW ⁇ U38.
- An N11 reference point is defined between the AMF 37 and SMF + PGW-C39.
- An N15 reference point is defined between the AMF 37 and the PCF + PCRF 40.
- An N8 reference point is defined between the AMF 37 and the HSS + UDM 41.
- N4 reference point is defined between UPF + PGW-U38 and SMF + PGW-C39. Between the SMF + PGW-C39 and the PCF + PCRF 40, an N7 reference point is defined. An N10 reference point is defined between SMF + PGW-C39 and HSS + UDM41. Further, an Nx reference point is defined between the MME 33 and the AMF 37.
- the USIM Universal Subscriber Identification Module
- the USIM may be a module that stores subscriber information regarding the UE 31.
- An AuC Authentication Center (not shown) is a node device that is arranged in the core network and executes processing related to security. USIM and AuC each have a security key K.
- the USIM and AuC derive an encryption key CK (Cipher Key) and an integrity guarantee key IK (Integrity Key) from the security key K.
- the USIM outputs the encryption key CK and the integrity guarantee key IK to the UE 31, and the AuC transmits the encryption key CK and the integrity guarantee key IK to the HSS + UDM 41.
- the HSS + UDM 41 is a node device that manages subscriber information related to the UE.
- the UE 31 and the HSS + UDM 41 derive a security key K ASME from the encryption key CK and the integrity guarantee key IK.
- the HSS + UDM 41 transmits the security key K ASME to the MME 33.
- UE31 and MME33 the security key K security from ASME key K NASenc, security key K NASint, and generates a security key K eNB / NH.
- the security key K NASenc is used for encryption of a NAS message transmitted between the UE 31 and the MME 33.
- the security key K NASint is used to guarantee the integrity of the NAS message transmitted between the UE 31 and the MME 33.
- the MME 33 transmits the security key K eNB / NH to the eNB.
- the eNB is a base station included in the E-UTRAN 32, for example.
- the UE 31 and the eNB derive a security key K UPint , a security key K UPenc , a security key K RRCint , and a security key K RRCenc from the security key K eNB / NH.
- the security key K UPint is used for guaranteeing the integrity of user data.
- the security key K UPenc is used for encrypting user data.
- the security key K RRCenc is used for encryption of an RRC (Radio Resource Control) message.
- the security key K RRCint is used to guarantee the integrity of the RRC message.
- the UE 35 and HSS + UDM 41 have a security key K.
- the security key K may be referred to as a master key K.
- the HSS + UDM 41 may execute ARPF (Authentication Credential Repository and Processing Function).
- the UE 35 and HSS + UDM 41 derive security key K SEAF from security key K.
- the UE 35 and the HSS + UDM 41 may derive from the security key K a CK (Ciphering Key) used for encryption and an IK (Integrity Key) used for integrity guarantee processing.
- the UE 35 and the HSS + UDM 41 may derive the security key K SEAF from the security key K or CK and IK.
- the HSS + UDM 41 transmits the security key K SEAF to the AMF 37.
- the UE 35 and the AMF 37 derive a security key K 3GPP_AN , a security key K non-3GPP_AN , a security key K NAS_MM , a security key K NAS_SM , a security key K AN_other and a security key K AN / NH from the security key K SEAF .
- the UE 35 and the AMF 37 derive the security key K NAS_SM from the security key K SEAF for each network slice using information for identifying the network slice where the SMF + PGW-C 39 is arranged.
- the security key K 3GPP_AN is a security key used in an access network before LTE.
- the access network before LTE includes, for example, an access network using a communication method called LTE, 3G, or 2G.
- the security key K non-3GPP_AN is a security key used in an access network that is not defined in 3GPP.
- the security key K AN_other is a different security key from the security key K 3GPP_AN and the security key K non-3GPP_AN .
- the security key K NAS_MM is used in the MM process.
- the security key K NAS_SM is used in SM (Session Management) processing.
- the UE 35 and the AMF 37 derive the security key K NAS-MMenc and the security key K NAS-MMint from the security key K NAS_MM .
- the security key K NAS-MMenc is used for encrypting the MM message.
- the security key K NAS-MMint is used for the integrity guarantee process of the MM message.
- the AMF 37 transmits the security key K NAS_SM to SMF + PGW-C39. Further, the AMF 37 transmits the security key K AN / NH to the 5G RAN 36.
- the SMF + PGW-C39 derives the security key KNAS -SMenc and the security key KNAS-SMint from the security key KNAS_SM . In addition, SMF + PGW-C39 derives the security key K UP from the security key K NAS_SM.
- the security key K NAS-SMenc is used for encrypting the SM message.
- Security key K NAS-SMint are used in integrity assurance process of SM message.
- the security key KUP is applied to U-Plane data.
- SMF + PGW-C39 derives the security key K Sess1enc and security key K Sess1int from the security key K UP.
- the security key K Sess1enc and the security key K Sess1int are used, for example, in the network slice that is the network slice 1.
- the security key K SessNenc and the security key K SessNint are used in a network slice that is a network slice N (N is an integer of 1 or more).
- the security key K SessNenc is used for encryption of U-Plane data.
- Security key K SessNint is used in the U-Plane data integrity assurance process.
- the 5G RAN 36 derives a security key K RRCenc, a security key K RRCint, a security key K UPenc, and a security key K UPint from the security key K AN / NH .
- the security key K RRCenc , the security key K RRCint, the security key K UPenc, and the security key K UPint are security keys used in the wireless zone.
- the security key K ASME may be derived from the security key K SEAF .
- the security key K SEAF may be derived from the security key K ASME .
- the security key used for the NAS and the AS in the 5GS may be used in the EPS.
- a security key K NAS-MMenc and a security key K NAS-MMint may be used as security keys used for encryption and integrity assurance of NAS messages in EPS.
- a security key generated in 5GS may be used as a security key used for encryption and integrity assurance of AS messages in EPS.
- the security key K RRCenc , the security key K RRCint, the security key K UPenc, and the security key K UPint generated in 5GS may be used.
- a security key K 3GPP_AN generated in 5GS may be used as a security key used for encryption and integrity assurance of AS messages in EPS.
- FIG. 5 shows a communication method regarding each network device including the UE 35.
- the UE 35, eNB, MME 33, and AMF 37 have radio access information (radio access information) and service coverage area information to which the UE 35 can connect.
- the radio access information is information for identifying, for example, an area, a cell, an eNB, or a gNB to which the UE 35 can connect.
- UE35, eNB, MME33, and AMF37 have at least one of the information regarding the permitted area (allowed area), non-allowed area, and forbidden area regarding UE35. .
- the UE 35 checks whether it can execute a TAU (Tracking Area Update) process (S11). For example, the UE 35 checks based on at least one of UE's capability, security capability, radio access information, service requirements, and operator policy necessary for connection to the eNB.
- TAU Track Area Update
- Security capability is, for example, an encryption and integrity guarantee algorithm supported by UE35.
- the radio access information is information held by the UE 35.
- the service requirement is a requirement for a service provided to the UE 35.
- the UE 35 further checks whether there is a security context related to EPS (S12).
- the security context may be a root key such as a security key K ASME and a security key K SEAF , for example.
- the UE 35 transmits a TAU request message to the eNB (S13).
- the TAU request message may be protected with respect to encryption and integrity assurance. Alternatively, only the encryption protection may be performed on the TAU request message.
- the security key used for encryption and integrity assurance may be derived from the root key or an existing security key may be updated. When updating the security key, NAS ⁇ ⁇ uplink count may be used. Whether to update the security key or to protect against encryption and integrity assurance may be determined based on the lifetime of the security key or the operator's policy.
- the TAU request message includes a KSI (Key Set Identifier) and an identifier of the UE 35.
- KSI Key Set Identifier
- the identifier of the UE 35 may be, for example, GUTI (Globally Unique Temporary Identifier). Further, the TAU request message may include information regarding a service provided to the network slice or the UE 35. Information about the network slice may be transmitted as NSAI (Network Slice Selection Assistance Information), for example. The TAU request message may be transmitted directly to the MME 33.
- GUTI Globally Unique Temporary Identifier
- the eNB confirms whether or not the TAU process related to the UE 35 can be performed using the same method as the UE 35 in Step S11 (S14).
- the confirmation result in the eNB may be different from the confirmation result of the UE 35 in step S11.
- the eNB may transmit the radio access information to the UE 35 together with a response to the TAU request message.
- the eNB determines that the TAU process related to the UE 35 can be performed, the eNB transmits a TAU request message to the MME 33 (S15).
- the MME 33 confirms whether or not the TAU process related to the UE 35 can be performed using the same method as the UE 35 in Step S11 (S16).
- the MME 33 may transmit the radio access information held by the MME 33 to the UE 35 and the eNB together with a response to the TAU request message.
- the MME 33 determines that the TAU process related to the UE 35 can be performed, the MME 33 checks whether or not the security context related to the EPS exists (S17).
- the MME 33 transmits a security context request message to the AMF 37 or the HSS + UDM 41 (S18).
- the AMF 37 checks whether or not the TAU process related to the UE 35 can be performed using the same method as the UE 35 in Step S11 (S19).
- the radio access information held by the AMF 37 may be transmitted to the MME 33, the UE 35, and the eNB together with a response to the TAU request message.
- security context is, for example, a root key such as the security key K ASME and the security key K SEAF.
- steps S18 to S20 may be omitted.
- the MME 33 updates the root key in the same manner as the UE 35 in step S13, and derives a security key that is used for guaranteeing integrity and protecting the encryption (S21).
- downlink data or if there is a TAU Request message containing the active flag, MME33 derives the security key K eNB, and transmits the security key K eNB to eNB.
- AKA Authentication and Key Agreement
- NAS security is established between the UE 35 and the MME 33 (S22). NAS security may be used to protect the TAU request message. If there is a TAU Request message including downlink data or active flag, AS security may be further established.
- the MME 33 transmits a TAU Accept message protected by the NAS security to the UE 35 (S23).
- the identifier of the UE 35 such as GUTI is included in the TAUTAAccept message.
- the UE 35 transmits a TAU complete message to the MME 33 (S24).
- the process when the UE 35 moves from the communication area formed by the EPS to the communication area formed by the 5GS is also described as a procedure similar to the process illustrated in FIG.
- the eNB and MME 33 shown in FIG. 5 are replaced with gNB and AMF 37.
- NAS security in step S22 of FIG. 5 is described as NAS MM security.
- the configurations related to NAS MM security and AS security are changed according to the service.
- FIG. 6 shows a process flow when the UE 35 performs a handover from a communication area formed by 5GS to a communication area formed by EPS.
- FIG. 6 shows a communication method related to each network device including the UE 35 and base stations (eNB and gNB).
- the gNB confirms whether the UE's capability and the access right (access right) are valid as information used for determining whether to transmit a Relocation request message (S31).
- the access right is, for example, a right to access a radio access network that is allowed to be accessed by the UE 35 in the permitted area, the non-permitted area, and the prohibited area.
- the gNB determines that the UE's capability and the access right are valid, the gNB transmits a Relocation request message to the AMF 37 (S32).
- the Relocation request message includes the UE 35 identifier (eg, GUTI), UE's capability, gNB identifier, and destination eNB identifier.
- the AMF 37 checks whether or not the UE's capability and the access right are valid as information used for determining whether to transmit a HO (Handover) request message (S33).
- the AMF 37 requests an SM (Session Management) context from the SMF + PGW-C39, and the SMF + PGW-C39 transmits the SM context to the AMF 37 (S34).
- the AMF 37 transmits a request message for requesting SM context to the plurality of SMF + PGW-C39.
- various messages may be transmitted to a plurality of SGWs 34, a plurality of SMF + PGW-C39, and a plurality of UPF + PGW-U38.
- the AMF 37 selects an MME and transmits a Relocation request message to the selected MME (S35).
- the Relocation request message includes an identifier of the source gNB and the target eNB, an MM (Mobility Management) context, and an SM context.
- the format used in EPS is applied to the format of MM context and SM context.
- the Relocation request message may include a security context (eg, security key K SEAF ), a security key identifier, a required security configuration identifier, and an algorithm to be used.
- the security key identifier may be, for example, KSI or Key Set Identifier.
- the required security configuration may be information indicating whether integrity guarantee and encryption are necessary.
- the MME 33 confirms whether the UE's capability and the access right are valid as information used for determining whether to accept the Relocation request message (S36).
- the MME 33 transmits a Security context request message to the HSS + UDM 41 (S37).
- the HSS + UDM 41 transmits a Security context response message to the MME 33 (S38).
- the Security context response message includes the requested security context.
- step S35 NAS security is established between the UE 35 and the MME 33 based on the security configuration transmitted from the AMF 37 to the MME 33 (S40).
- the MME 33 transmits a Create session request message to the SGW 34 based on the SM context.
- the SGW 34 allocates resources to the session related to the UE 35 and transmits a Create session response message to the MME 33 (S41).
- the MME 33 transmits a HO request message to the eNB (S42).
- the HO request message includes information on session and bearer establishment.
- the HO request message further includes the security context used for AS security such as the security key K eNB and the security configuration transmitted from the AMF 37 to the MME 33 in step S35.
- the eNB confirms whether the UE's capability and the access right are valid as information used for determining whether to accept the HO request message (S43).
- AS security is established between the UE 35 and the eNB based on the security configuration (S44).
- the eNB allocates resources related to the UE 35 necessary for bearer establishment, and transmits a HO request Ack message to the MME 33 (S45).
- the MME 33 transmits a Relocation response message to the AMF 37 (S46).
- the Relocation response message includes a HO command.
- the HO command includes necessary information such as an identifier of the target eNB.
- the AMF 37 transmits a Relocation command message to the gNB (S47).
- the Relocation command message includes a HO command.
- the AMF 37 deletes a security context related to the UE 35 used in 5GS.
- gNB transmits a HO command message to UE 35 (S48).
- the gNB deletes the security context related to the UE 35 used in 5GS.
- UE35 transmits HO complete message to gNB (S49).
- the eNB transmits an HO notify message to the MME 33 (S50).
- Bearer modification and Session modification are executed among the MME 33, SGW 34, SMF + PGW-C39, and UPF + PGW-U 38 (S51).
- step S31 when each device checks in step S31, step S33, step S36, and step S13, the requirements for the service provided to the UE 35 are also taken into consideration. If the target system (e.g., EPS) does not meet the service requirements provided to the UE 35 in 5GS, the handover for the UE 35 is not performed.
- the service requirement is, for example, delay, throughput, security algorithm, or the like.
- the MME 33 may receive the security key K SEAF from the AMF 37 in step S35. Further, the MME 33 may derive the security key K ASME from the security key K SEAF .
- FIG. 7 shows a process flow when the UE 31 performs a handover from a communication area formed by EPS to a communication area formed by 5GS.
- the procedure shown in FIG. 7 is described as a procedure similar to the process shown in FIG. However, the process performed in eNB and MME33 shown by FIG. 6 is performed in gNB and AMF37 in FIG. Further, the process executed in the gNB and the AMF 37 shown in FIG. 6 is executed in the eNB and the MME 33 in FIG. Steps S61 to S69 in FIG. 7 are substantially the same as steps S31 to S39 in FIG.
- the NAS security established in step S40 of Fig. 6 is described as NAS MM security being established in step S70 of Fig. 7. Further, after step S71 of FIG. 7, the AMF 37 transmits a NAS SM security command message to the SMF + PGW-C39 (S72). Further, after step S72, NAS SM security is established between the UE 31 and the SMF + PGW-C39 (S73).
- step S83 the AMF 37 transmits an UP security command message to the SMF + PGW-C39 (S84).
- the UP security command message contains the security key used for UP security.
- the SMF + PGW-C 39 transmits an UP security command message to the UPF + PGW-U 38 (S85).
- UP security is established between the UE 31 and the UPF + PGW-U 38 (S86).
- the UE 35 transmits an Attach request message to the eNB (S91).
- the Attach request message includes UE's capability for wireless access and security.
- the eNB checks whether the UE's capability and the access right are valid as information used for determining whether to accept the Attach request message (S92).
- the eNB transmits an Attach request request to the MME 33 (S93).
- the MME 33 confirms whether the UE's capability and the access right are valid as information used for determining whether to accept the Attach request message (S94).
- AKA is executed between the UE 35 and the MME 33, and NAS security is established (NAS security establishment) (S95).
- NAS security establishment NAS security establishment
- AS security is established between the UE 35 and the eNB (AS security establishment) (S96).
- the MME 33 stores UE's capability information regarding wireless access, information regarding security, and information regarding access rights (S97).
- Information about security (security capability) is added to the MME 33 based on a security policy or service request condition in the network.
- the MME 33 transmits a create session request message to the SGW 34 (S98).
- the SGW 34 transmits a create session request message to the MME 33 (S99).
- the MME 33 transmits an Attach accept message to the eNB (S100).
- the Attach accept message includes UE's capability and access rights.
- the eNB transmits an Attach request message to the UE 35 (S101).
- the Attach accept message includes an RRC reconfiguration request message.
- the UE 35 transmits an RRC “reconfiguration” complete message to the eNB (S102).
- the eNB transmits an Attach complete message to the MME 33 (S103).
- eNB preserve
- the UE 31 transmits a Registration request message to the gNB (S111).
- the Attach request message includes UE's capability for wireless access and security.
- the gNB checks whether the UE's capability and the access right are valid as information used for determining whether to accept the Registration request message (S112).
- the gNB transmits a Registration request message to the AMF 37 (S113).
- the AMF 37 checks whether the UE's capability and the access right are valid as information used for determining whether to accept the Attach request message (S114).
- AKA is executed between the UE 31 and the AMF 37, and NAS MM security is established (NAS MM security establishment) (S115).
- NAS MM security establishment NAS MM security establishment
- AS security is established between the UE 35 and the gNB (AS security establishment) (S116).
- AS security establishment the AMF 37 stores UE's capability information regarding wireless access, information regarding security, and information regarding access rights (S117).
- Information related to security is added to the AMF 37 based on a security policy or a service request condition in the network.
- the AMF 37 transmits a Registration accept message to the gNB (S118).
- the Registration accept message includes information on UE's capability held by the AMF 37 and access rights.
- the gNB transmits a Registration ⁇ ⁇ ⁇ ⁇ ⁇ accept message to the UE 31 (S119).
- the Registration accept message includes an RRC reconfiguration request message.
- the UE 31 transmits an RRC “reconfiguration” complete message to the gNB (S120).
- the gNB transmits a Registration complete message to the AMF 37 (S121).
- the gNB stores UE's capability and access right information received from the AMF 37 (S122).
- NAS SM security is established between the UE 31 and the SMF + PGW-C39 (NAS SM security establishment) (S123).
- NAS SM security establishment NAS SM security establishment
- a PDU session is established between the UE 31 and UPF + PGW-U38.
- security that enables integrity guarantee and encryption may be established between the UE 31 and the UPF + PGW-U 38.
- Security that enables integrity assurance and encryption may be established between the UE 31 and the gNB.
- the UE 31 and the UE 35 can perform communication using the destination communication system.
- the UE 31 includes a network interface 51, a processor 52, and a memory 53.
- the network interface 51 may include, for example, an antenna used for performing wireless communication. Furthermore, the network interface 51 may include a baseband processor that performs digital baseband signal processing. Alternatively, the network interface 51 may include a network interface card (NIC) compliant with IEEE 802.3 series or IEEE 802.11. The network interface 51 is used to execute a function or process in the communication unit 11 of FIG. Further, the network interface 51 transmits or receives the message described with reference to FIGS.
- NIC network interface card
- the processor 52 is used to execute a function or process in the control unit 12 of FIG. Further, the processor 52 reads software (computer program) from the memory 53 and executes the processes described in FIGS. Further, the processor 52 executes the processing related to the generation of the security key described in FIGS. 3 and 4.
- the processor 52 may be, for example, a microprocessor, an MPU (Micro Processing Unit), or a CPU (Central Processing Unit).
- the processor 52 may include a plurality of processors.
- the memory 53 is composed of a combination of a volatile memory and a nonvolatile memory.
- Memory 53 may include storage located remotely from processor 52. In this case, the processor 52 may access the memory 53 via an I / O interface not shown.
- the memory 53 is used for storing software or software module groups.
- the processor 52 reads these software or software module groups from the memory 53 and executes them.
- the memory 53 may store a security key generated in the processor 52, for example.
- the network device 61 includes, for example, eNB, gNB, MME33, SGW34, AMF37, UPF + PGW-U38, SMF + PGW-C39, PCF + PCRF40, and HSS + UDM41.
- the network device 61 includes a network interface 71, a processor 72, and a memory 73.
- the network interface 71 has a communication unit 81
- the processor 72 has a control unit 82.
- the network interface 71 communicates with, for example, another network device, the UE 31 or the UE 35. Furthermore, the network interface 71 may include a baseband processor that performs digital baseband signal processing. The network interface 51 transmits or receives the message described with reference to FIGS.
- the processor 72 reads the software (computer program) from the memory 73 and executes the processes described in FIGS. Furthermore, the processor 72 executes the processing related to the generation of the security key described in FIGS.
- the processor 72 may be, for example, a microprocessor, an MPU (Micro Processing Unit), or a CPU (Central Processing Unit).
- the processor 72 may include a plurality of processors.
- the memory 73 is composed of a combination of a volatile memory and a nonvolatile memory.
- Memory 73 may include storage located remotely from processor 72. In this case, the processor 72 may access the memory 73 via an I / O interface not shown.
- the memory 73 is used for storing software or software module groups.
- the processor 72 reads these software or software module groups from the memory 73 and executes them.
- the memory 73 may store a security key generated in the processor 72, for example.
- Non-transitory computer readable media include various types of tangible storage media (tangible storage medium). Examples of non-transitory computer readable media include magnetic recording media (eg, flexible disks, magnetic tapes, hard disk drives), magneto-optical recording media (eg, magneto-optical disks). Furthermore, examples of non-transitory computer-readable media include CD-ROM (Read Only Memory), CD-R, and CD-R / W. Further examples of non-transitory computer readable media include semiconductor memory.
- the semiconductor memory includes, for example, a mask ROM, a PROM (Programmable ROM), an EPROM (Erasable ROM), a flash ROM, and a RAM (Random Access Memory).
- the program may also be supplied to the computer by various types of temporary computer-readable media. Examples of transitory computer readable media include electrical signals, optical signals, and electromagnetic waves.
- the temporary computer-readable medium can supply the program to the computer via a wired communication path such as an electric wire and an optical fiber, or a wireless communication path.
- the communication unit is When the communication system forming the destination communication area is determined to be capable of satisfying service requirements, and further, the destination communication area is determined to be a communication area permitted to be accessed, The communication terminal according to appendix 1, wherein a connection request message is transmitted to a communication system that forms the communication area of the destination.
- the controller is Determining whether or not it has a security key to be used in the destination communication area;
- the communication unit is It is determined that the communication system forming the destination communication area can satisfy service requirements, the destination communication area is determined to be a communication area that is allowed to be accessed, and the movement
- the communication terminal according to appendix 2 wherein when it is determined that the security key used in the previous communication area is possessed, a connection request message is transmitted to the communication system forming the destination communication area.
- the controller is The communication terminal according to appendix 3, wherein the security key is used to derive an integrity guarantee key used for protecting integrity, or update the integrity guarantee key.
- connection request message is: The communication terminal according to appendix 4, which includes an identifier of the integrity guarantee key.
- connection request message is: The communication terminal according to any one of appendices 1 to 5, including information related to a network slice.
- a communication unit that forms a communication area to which the communication terminal is moved can determine whether or not a service request condition can be satisfied; When it is determined that the communication system forming the destination communication area of the communication terminal can satisfy the service requirement condition, a location change request message is transmitted to the communication system forming the destination communication area.
- the controller is Whether the communication system forming the communication area of the destination of the communication terminal can satisfy service request conditions, and whether the communication terminal is permitted to access in the destination communication area Determine whether or not The communication unit is It is determined that the communication system forming the communication area of the destination of the communication terminal can satisfy service request conditions, and further, it is determined that the communication terminal is permitted to access in the destination communication area. 8. The network device according to appendix 7, wherein, when it is done, a location change request message is transmitted to a communication system forming the destination communication area.
- the second network device is: The communication system according to appendix 9, wherein a security key used in a communication area after movement of the communication terminal is derived using the security key received from the first network device.
- the second network device is: The communication system according to supplementary note 10, wherein an integrity guarantee key used for protecting integrity and an encryption key used for message encryption are derived using the derived security key.
- the first network device is The communication system according to any one of appendices 9 to 11, wherein a communication system forming a communication area to which the communication terminal is moved can determine whether or not a service requirement condition can be satisfied.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
以下、図面を参照して本開示の実施の形態について説明する。はじめに、図1を用いて実施の形態1にかかる通信端末10の構成例について説明する。通信端末10は、プロセッサがメモリに格納されたプログラムを実行することによって動作するコンピュータ装置であってもよい。通信端末10は、例えば、携帯電話端末、スマートフォン端末、タブレット型端末であってもよい。また、通信端末10は、IoT(Internet of Things)端末、もしくは、MTC(Machine Type Communication)端末であってもよい。
続いて、図2を用いて実施の形態2にかかる通信システムの構成例について説明する。図2の通信システムは、3GPPにおいて規定されているノード装置を含む。具体的には、図2の通信システムは、UE(User Equipment)31、E-UTRAN32、MME(Mobility Management Entity)33、SGW(Serving Gateway)34、UE35、5G RAN36、AMF(Access and Mobility Management Function)エンティティ37(以下、AMF37とする)、UPF(User Plane Function)+PGW(Packet Data Network)-U38、SMF(Session Management Function)+PGW-C39、PCF(Policy Control Function)+PCRF(Policy and Charging Rules Function)エンティティ40(以下、PCF+PCRF40とする)、及びHSS(Home Subscriber Server)+UDM(Unified Data Management)41を有している。なお、エンティティは、ノード装置もしくは装置と言い換えられてもよい。
(付記1)
5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動した場合、もしくは、前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動した場合、移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定する制御部と、
前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定された場合、前記移動先の通信エリアを形成する通信システムへ接続要求メッセージを送信する通信部と、を備える通信端末。
(付記2)
前記制御部は、
前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定するとともに、前記移動先の通信エリアが、アクセスを許可されている通信エリアか否かを判定し、
前記通信部は、
前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定され、さらに、前記移動先の通信エリアが、アクセスを許可されている通信エリアと判定された場合、前記移動先の通信エリアを形成する通信システムへ接続要求メッセージを送信する、付記1に記載の通信端末。
(付記3)
前記制御部は、
前記移動先の通信エリアにおいて用いられるセキュリティ鍵を有しているか否かを判定し、
前記通信部は、
前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定され、前記移動先の通信エリアが、アクセスを許可されている通信エリアと判定され、さらに、前記移動先の通信エリアにおいて用いられるセキュリティ鍵を有していると判定された場合、前記移動先の通信エリアを形成する通信システムへ接続要求メッセージを送信する、付記2に記載の通信端末。
(付記4)
前記制御部は、
前記セキュリティ鍵を用いて、完全性(integrity)を保護するために用いられる完全性保証鍵を導出する、もしくは、前記完全性保証鍵を更新する、付記3に記載の通信端末。
(付記5)
前記接続要求メッセージは、
前記完全性保証鍵の識別子を含む、付記4に記載の通信端末。
(付記6)
前記接続要求メッセージは、
ネットワークスライスに関する情報を含む、付記1乃至5のいずれか1項に記載の通信端末。
(付記7)
通信端末が5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動した場合、もしくは、前記通信端末が前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動した場合、前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定する制御部と、
前記通信端末の前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定された場合、前記移動先の通信エリアを形成する通信システムへ位置変更要求メッセージを送信する通信部と、を備えるネットワーク装置。
(付記8)
前記制御部は、
前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定するとともに、前記通信端末が前記移動先の通信エリアにおいてアクセスを許可されているか否かを判定し、
前記通信部は、
前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定され、さらに、前記通信端末が前記移動先の通信エリアにおいてアクセスを許可されていると判定された場合、前記移動先の通信エリアを形成する通信システムへ位置変更要求メッセージを送信する、付記7に記載のネットワーク装置。
(付記9)
通信端末が5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動する場合、もしくは、前記通信端末が前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動する場合、前記通信端末の移動前の通信エリアを形成する通信システムにおいて、前記通信端末のアクセス権及びsecurity capabilityが有効か否かを判定する第1のネットワーク装置と、
前記第1のネットワーク装置から、前記通信端末の移動後の通信エリアを形成する通信システムにおいて、前記通信端末の位置変更に関するメッセージを受信する第2のネットワーク装置と、を含む通信システム。
(付記10)
前記第2のネットワーク装置は、
前記第1のネットワーク装置から受信したセキュリティ鍵を用いて、前記通信端末の移動後の通信エリアにおいて用いられるセキュリティ鍵を導出する、付記9に記載の通信システム。
(付記11)
前記第2のネットワーク装置は、
導出した前記セキュリティ鍵を用いて、完全性を保護するために用いられる完全性保証鍵及びメッセージの暗号化に用いられる暗号化鍵を導出する、付記10に記載の通信システム。
(付記12)
前記第1のネットワーク装置は、
前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定する、付記9乃至11のいずれか1項に記載の通信システム。
(付記13)
5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動した場合、もしくは、前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動した場合、移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定し、
前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定された場合、前記移動先の通信エリアを形成する通信システムへ接続要求メッセージを送信する、通信方法。
(付記14)
通信端末が5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動した場合、もしくは、前記通信端末が前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動した場合、前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定し、
前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定された場合、前記移動先の通信エリアを形成する通信システムへ位置変更要求メッセージを送信する、通信方法。
(付記15)
5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動した場合、もしくは、前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動した場合、移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定し、
前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定された場合、前記移動先の通信エリアを形成する通信システムへ接続要求メッセージを送信することをコンピュータに実行させるプログラムが格納された非一時的なコンピュータ可読媒体。
(付記16)
通信端末が5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動した場合、もしくは、前記通信端末が前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動した場合、前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定し、
前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定された場合、前記移動先の通信エリアを形成する通信システムへ位置変更要求メッセージを送信することをコンピュータに実行させるプログラムが格納された非一時的なコンピュータ可読媒体。
11 通信部
12 制御部
31 UE
32 E-UTRAN
33 MME
34 SGW
35 UE
36 5G RAN
37 AMF
38 UPF+PGW-U
39 SMF+PGW-C
40 PCF+PCRF
41 HSS+UDM
51 ネットワークインタフェース
52 プロセッサ
53 メモリ
61 ネットワーク装置
71 ネットワークインタフェース
72 プロセッサ
73 メモリ
81 通信部
82 制御部
Claims (16)
- 5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動した場合、もしくは、前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動した場合、移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定する制御部と、
前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定された場合、前記移動先の通信エリアを形成する通信システムへ接続要求メッセージを送信する通信部と、を備える通信端末。 - 前記制御部は、
前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定するとともに、前記移動先の通信エリアが、アクセスを許可されている通信エリアか否かを判定し、
前記通信部は、
前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定され、さらに、前記移動先の通信エリアが、アクセスを許可されている通信エリアと判定された場合、前記移動先の通信エリアを形成する通信システムへ接続要求メッセージを送信する、請求項1に記載の通信端末。 - 前記制御部は、
前記移動先の通信エリアにおいて用いられるセキュリティ鍵を有しているか否かを判定し、
前記通信部は、
前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定され、前記移動先の通信エリアが、アクセスを許可されている通信エリアと判定され、さらに、前記移動先の通信エリアにおいて用いられるセキュリティ鍵を有していると判定された場合、前記移動先の通信エリアを形成する通信システムへ接続要求メッセージを送信する、請求項2に記載の通信端末。 - 前記制御部は、
前記セキュリティ鍵を用いて、完全性(integrity)を保護するために用いられる完全性保証鍵を導出する、もしくは、前記完全性保証鍵を更新する、請求項3に記載の通信端末。 - 前記接続要求メッセージは、
前記完全性保証鍵の識別子を含む、請求項4に記載の通信端末。 - 前記接続要求メッセージは、
ネットワークスライスに関する情報を含む、請求項1乃至5のいずれか1項に記載の通信端末。 - 通信端末が5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動した場合、もしくは、前記通信端末が前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動した場合、前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定する制御部と、
前記通信端末の前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定された場合、前記移動先の通信エリアを形成する通信システムへ位置変更要求メッセージを送信する通信部と、を備えるネットワーク装置。 - 前記制御部は、
前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定するとともに、前記通信端末が前記移動先の通信エリアにおいてアクセスを許可されているか否かを判定し、
前記通信部は、
前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定され、さらに、前記通信端末が前記移動先の通信エリアにおいてアクセスを許可されていると判定された場合、前記移動先の通信エリアを形成する通信システムへ位置変更要求メッセージを送信する、請求項7に記載のネットワーク装置。 - 通信端末が5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動する場合、もしくは、前記通信端末が前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動する場合、前記通信端末の移動前の通信エリアを形成する通信システムにおいて、前記通信端末のアクセス権及びsecurity capabilityが有効か否かを判定する第1のネットワーク装置と、
前記第1のネットワーク装置から、前記通信端末の移動後の通信エリアを形成する通信システムにおいて、前記通信端末の位置変更に関するメッセージを受信する第2のネットワーク装置と、を含む通信システム。 - 前記第2のネットワーク装置は、
前記第1のネットワーク装置から受信したセキュリティ鍵を用いて、前記通信端末の移動後の通信エリアにおいて用いられるセキュリティ鍵を導出する、請求項9に記載の通信システム。 - 前記第2のネットワーク装置は、
導出した前記セキュリティ鍵を用いて、完全性を保護するために用いられる完全性保証鍵及びメッセージの暗号化に用いられる暗号化鍵を導出する、請求項10に記載の通信システム。 - 前記第1のネットワーク装置は、
前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定する、請求項9乃至11のいずれか1項に記載の通信システム。 - 5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動した場合、もしくは、前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動した場合、移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定し、
前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定された場合、前記移動先の通信エリアを形成する通信システムへ接続要求メッセージを送信する、通信方法。 - 通信端末が5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動した場合、もしくは、前記通信端末が前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動した場合、前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定し、
前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定された場合、前記移動先の通信エリアを形成する通信システムへ位置変更要求メッセージを送信する、通信方法。 - 5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動した場合、もしくは、前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動した場合、移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定し、
前記移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定された場合、前記移動先の通信エリアを形成する通信システムへ接続要求メッセージを送信することをコンピュータに実行させるプログラムが格納された非一時的なコンピュータ可読媒体。 - 通信端末が5GS(5 Generation System)が形成する通信エリアからEPS(Evolved Packet System)が形成する通信エリアへ移動した場合、もしくは、前記通信端末が前記EPSが形成する通信エリアから前記5GSが形成する通信エリアへ移動した場合、前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができるか否かを判定し、
前記通信端末の移動先の通信エリアを形成する通信システムが、サービスの要求条件を満たすことができると判定された場合、前記移動先の通信エリアを形成する通信システムへ位置変更要求メッセージを送信することをコンピュータに実行させるプログラムが格納された非一時的なコンピュータ可読媒体。
Priority Applications (11)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311324946.9A CN117377012A (zh) | 2017-03-17 | 2018-03-16 | 第一网络装置及其方法和第二网络装置及其方法 |
ES18767595T ES2870553T3 (es) | 2017-03-17 | 2018-03-16 | Dispositivo de red, método de comunicación y programa informático |
EP18767595.4A EP3598804B1 (en) | 2017-03-17 | 2018-03-16 | Network device, communication method, and computer program |
CN202311324521.8A CN117377011A (zh) | 2017-03-17 | 2018-03-16 | 第一网络装置及其方法和第二网络装置及其方法 |
EP21155868.9A EP3840481A1 (en) | 2017-03-17 | 2018-03-16 | Communication terminal, network devices and communication method |
US16/494,600 US11019495B2 (en) | 2017-03-17 | 2018-03-16 | Communication terminal, network device, communication method, and non-transitory computer readable medium |
CN201880032545.7A CN110651504A (zh) | 2017-03-17 | 2018-03-16 | 通信终端、网络装置、通信方法及非暂时性计算机可读介质 |
JP2019506313A JP6791353B2 (ja) | 2017-03-17 | 2018-03-16 | 端末、第1のネットワーク装置、及び第2のネットワーク装置 |
US17/201,280 US11553345B2 (en) | 2017-03-17 | 2021-03-15 | Communication terminal, network device, communication method, and non-transitory computer readable medium |
US18/080,184 US11956636B2 (en) | 2017-03-17 | 2022-12-13 | Communication terminal, network device, communication method, and non-transitory computer readable medium |
US18/588,124 US20240196218A1 (en) | 2017-03-17 | 2024-02-27 | Communication terminal, network device, communication method, and non-transitory computer readable medium |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IN201711009358 | 2017-03-17 | ||
IN201711009358 | 2017-03-17 |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/494,600 A-371-Of-International US11019495B2 (en) | 2017-03-17 | 2018-03-16 | Communication terminal, network device, communication method, and non-transitory computer readable medium |
US17/201,280 Continuation US11553345B2 (en) | 2017-03-17 | 2021-03-15 | Communication terminal, network device, communication method, and non-transitory computer readable medium |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018169070A1 true WO2018169070A1 (ja) | 2018-09-20 |
Family
ID=63522476
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2018/010572 WO2018169070A1 (ja) | 2017-03-17 | 2018-03-16 | 通信端末、ネットワーク装置、通信方法、及び非一時的なコンピュータ可読媒体 |
Country Status (6)
Country | Link |
---|---|
US (4) | US11019495B2 (ja) |
EP (2) | EP3840481A1 (ja) |
JP (4) | JP6791353B2 (ja) |
CN (3) | CN117377012A (ja) |
ES (1) | ES2870553T3 (ja) |
WO (1) | WO2018169070A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020144856A1 (ja) * | 2019-01-11 | 2020-07-16 | 株式会社Nttドコモ | 通信管理装置、及びデータ管理装置 |
WO2023199386A1 (ja) * | 2022-04-11 | 2023-10-19 | 楽天モバイル株式会社 | 異なるネットワークにおけるサービスの継続性の向上 |
US11889409B2 (en) | 2018-06-15 | 2024-01-30 | Telefonaktiebolaget Lm Ericsson (Publ) | Method of and a device for operating network gateway services in a service based telecommunications system |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6791353B2 (ja) * | 2017-03-17 | 2020-11-25 | 日本電気株式会社 | 端末、第1のネットワーク装置、及び第2のネットワーク装置 |
US11553388B2 (en) * | 2017-06-16 | 2023-01-10 | Htc Corporation | Device and method of handling mobility between long-term evolution network and fifth generation network |
EP3852411A4 (en) * | 2019-03-28 | 2021-12-15 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | METHOD AND DEVICE FOR DISTRIBUTION OF SKILL IDENTIFICATIONS |
JP2023515428A (ja) * | 2020-02-20 | 2023-04-13 | テレフオンアクチーボラゲット エルエム エリクソン(パブル) | アプリケーションのための認証および鍵管理のための鍵材料生成最適化 |
CN114980105A (zh) * | 2021-02-21 | 2022-08-30 | 华为技术有限公司 | 通信方法及通信装置 |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015160329A1 (en) * | 2014-04-15 | 2015-10-22 | Nokia Solutions And Networks Oy | Interworking with bearer-based system |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9706395B2 (en) * | 2008-04-28 | 2017-07-11 | Nokia Technologies Oy | Intersystem mobility security context handling between different radio access networks |
KR101224230B1 (ko) * | 2008-06-13 | 2013-01-21 | 노키아 코포레이션 | 시스템간 모빌리티 동안에 프레시 보안 콘텍스트를 제공하는 방법, 장치 및 컴퓨터 판독가능 저장 매체 |
CN101686233B (zh) * | 2008-09-24 | 2013-04-03 | 电信科学技术研究院 | Ue与网络安全算法不匹配的处理方法、系统及装置 |
CN103200631B (zh) * | 2009-01-19 | 2016-01-27 | 华为技术有限公司 | 切换控制的实现方法、相关设备及通信系统 |
CN105704764A (zh) | 2014-11-26 | 2016-06-22 | 中兴通讯股份有限公司 | 一种网络切换方法及网络系统 |
EP3251407A4 (en) * | 2015-01-30 | 2018-07-04 | Nokia Solutions and Networks Oy | Improvements in handovers between different access networks |
US10536917B2 (en) | 2015-02-03 | 2020-01-14 | Nokia Solutions And Networks Oy | Dual connectivity for different access networks |
CN109565746B (zh) * | 2016-08-16 | 2021-10-19 | Idac控股公司 | Wtru以及wtru中实施的用于无线通信的方法 |
US11240660B2 (en) * | 2016-09-18 | 2022-02-01 | Alcatel Lucent | Unified security architecture |
JP6763435B2 (ja) | 2016-10-26 | 2020-09-30 | 日本電気株式会社 | ソースコアネットワークのノード、端末、及び方法 |
US11096053B2 (en) * | 2016-11-07 | 2021-08-17 | Lg Electronics Inc. | Method for managing session |
CN110249646B (zh) | 2017-01-30 | 2023-01-03 | 瑞典爱立信有限公司 | 在从5g切换到4g系统之前进行安全性管理的方法、装置、计算机程序以及载体 |
EP3574678B1 (en) | 2017-01-30 | 2021-02-03 | Telefonaktiebolaget LM Ericsson (PUBL) | Management of security contexts at idle mode mobility between different wireless communication systems |
JP6905065B2 (ja) * | 2017-02-07 | 2021-07-21 | テレフオンアクチーボラゲット エルエム エリクソン(パブル) | ベアラ変換 |
JP6791353B2 (ja) * | 2017-03-17 | 2020-11-25 | 日本電気株式会社 | 端末、第1のネットワーク装置、及び第2のネットワーク装置 |
CN110574449B (zh) * | 2017-04-27 | 2022-06-07 | Lg电子株式会社 | 在无线通信系统中通过udm执行amf注册相关过程的方法及其装置 |
EP3603189B1 (en) * | 2017-05-05 | 2021-02-17 | Sony Corporation | Communications device, infrastructure equipment, wireless communications network and methods |
CN110637477B (zh) * | 2017-06-13 | 2022-05-13 | 苹果公司 | 用于蜂窝通信系统中的遗留系统回退的系统、方法和设备 |
WO2018230730A1 (ja) * | 2017-06-16 | 2018-12-20 | 株式会社Nttドコモ | ユーザ装置、無線通信システム及び無線通信方法 |
WO2019074334A1 (ko) * | 2017-10-13 | 2019-04-18 | 삼성전자 주식회사 | 무선 통신 시스템에서의 데이터 송수신 방법 및 장치 |
EP3863467A4 (en) * | 2018-10-10 | 2022-07-06 | Zoya Company | BEAUTY CARE SYSTEM IN SMART PODS |
-
2018
- 2018-03-16 JP JP2019506313A patent/JP6791353B2/ja active Active
- 2018-03-16 CN CN202311324946.9A patent/CN117377012A/zh active Pending
- 2018-03-16 EP EP21155868.9A patent/EP3840481A1/en active Pending
- 2018-03-16 WO PCT/JP2018/010572 patent/WO2018169070A1/ja active Application Filing
- 2018-03-16 US US16/494,600 patent/US11019495B2/en active Active
- 2018-03-16 CN CN201880032545.7A patent/CN110651504A/zh active Pending
- 2018-03-16 ES ES18767595T patent/ES2870553T3/es active Active
- 2018-03-16 CN CN202311324521.8A patent/CN117377011A/zh active Pending
- 2018-03-16 EP EP18767595.4A patent/EP3598804B1/en active Active
-
2020
- 2020-11-04 JP JP2020184240A patent/JP7074177B2/ja active Active
-
2021
- 2021-03-15 US US17/201,280 patent/US11553345B2/en active Active
-
2022
- 2022-05-10 JP JP2022077622A patent/JP7287534B2/ja active Active
- 2022-12-13 US US18/080,184 patent/US11956636B2/en active Active
-
2023
- 2023-05-24 JP JP2023085224A patent/JP2023109930A/ja active Pending
-
2024
- 2024-02-27 US US18/588,124 patent/US20240196218A1/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015160329A1 (en) * | 2014-04-15 | 2015-10-22 | Nokia Solutions And Networks Oy | Interworking with bearer-based system |
Non-Patent Citations (2)
Title |
---|
"NEC, pCR to TR 33.899: Solution for key issue #13.1", 3GPP TSG SA WG3 #866 S 3-170823, 20 March 2017 (2017-03-20), XP051258511, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_86b_Busan/Docs/S3-170823.zip> [retrieved on 20180524] * |
"Presentation of Specification/Report to TSG: TR 33.899", 3GPP TSG SA #75 SP-170096, 3 March 2017 (2017-03-03), XP051235299, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/tsg_sa/TSG_SA/TSGS_75/Docs/SP-170096.zip> [retrieved on 20180524] * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11889409B2 (en) | 2018-06-15 | 2024-01-30 | Telefonaktiebolaget Lm Ericsson (Publ) | Method of and a device for operating network gateway services in a service based telecommunications system |
WO2020144856A1 (ja) * | 2019-01-11 | 2020-07-16 | 株式会社Nttドコモ | 通信管理装置、及びデータ管理装置 |
WO2023199386A1 (ja) * | 2022-04-11 | 2023-10-19 | 楽天モバイル株式会社 | 異なるネットワークにおけるサービスの継続性の向上 |
Also Published As
Publication number | Publication date |
---|---|
JP7074177B2 (ja) | 2022-05-24 |
US20210014688A1 (en) | 2021-01-14 |
EP3598804A1 (en) | 2020-01-22 |
EP3598804A4 (en) | 2020-01-22 |
JP7287534B2 (ja) | 2023-06-06 |
EP3840481A1 (en) | 2021-06-23 |
US20210204133A1 (en) | 2021-07-01 |
ES2870553T3 (es) | 2021-10-27 |
US11956636B2 (en) | 2024-04-09 |
JP2021016189A (ja) | 2021-02-12 |
CN117377011A (zh) | 2024-01-09 |
US11553345B2 (en) | 2023-01-10 |
EP3598804B1 (en) | 2021-04-21 |
CN117377012A (zh) | 2024-01-09 |
JP6791353B2 (ja) | 2020-11-25 |
JP2023109930A (ja) | 2023-08-08 |
US20230104549A1 (en) | 2023-04-06 |
CN110651504A (zh) | 2020-01-03 |
US20240196218A1 (en) | 2024-06-13 |
JPWO2018169070A1 (ja) | 2020-01-23 |
US11019495B2 (en) | 2021-05-25 |
JP2022110058A (ja) | 2022-07-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7074177B2 (ja) | Amf及びmme | |
JP7020536B2 (ja) | ターゲット無線アクセスネットワークノード及びその方法 | |
US11297542B2 (en) | Base station handover method, system, and computer storage medium | |
US11228560B2 (en) | Mobility functionality for a cloud-based access system | |
KR102187869B1 (ko) | 이동 통신 시스템에서 nh 및 ncc 쌍을 이용하여 보안 문제를 해결하기 위한 방법 | |
JPWO2018079691A1 (ja) | ソースコアネットワークノード、端末、及び方法 | |
KR102200821B1 (ko) | 작은 셀 아키텍처에서 로컬 브레이크아웃을 지원하기 위한 방법, 시스템 및 장치 | |
US10959132B2 (en) | Handover method and apparatus | |
JP2023073492A (ja) | Ranノード及びranノードにより行われる方法 | |
EP3703462B1 (en) | COMMUNICATION METHODS AND, A COMMUNICATIONS APPARATUS, A COMMUNICATIONS SYSTEM, A COMPUTER &#xA;READABLE STORAGE MEDIUM, AND A COMPUTER PROGRAM PRODUCT | |
US20230388802A1 (en) | Method for configuring evolved packet system non-access stratum security algorithm and related apparatus | |
KR20220166294A (ko) | 슬라이스 정보 업데이트를 위한 방법 | |
JP6473171B2 (ja) | Msc間ハンドオーバのためのmapを介したimeisvの指示 | |
WO2021073382A1 (zh) | 注册方法及装置 | |
WO2021238280A1 (zh) | 一种通信方法、装置及系统 | |
WO2024000191A1 (en) | Network Architecture and Stateless Design for a Cellular Network | |
JP2017200128A (ja) | 通信システム及び制御方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18767595 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2019506313 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2018767595 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2018767595 Country of ref document: EP Effective date: 20191017 |