1. Field of the Invention
The present invention relates to cryptographic communication technologies in communication networks such as a mobile communication network, and more particularly, to a cryptographic communication method in a communication network which has a control plane (hereinafter called the “C-Plane”) separated from a user plane (U-Plane).
2. Description of the Related Art
First, a conventional cryptographic communication technology will be described in connection with an exemplary mobile communication system which employs an IMT-2000 logical system configuration.
FIG. 1 is a block diagram illustrating an exemplary configuration of a mobile communication system. Illustrated herein is a mobile communication system which includes radio access network (RAN) 100′ and a plurality of terminals 200′. RAN 100′ includes a plurality of base stations 101a′, 101b′, 101c′, . . . capable of communicating with terminals 200′, and radio network controller (RNC) 105 connected to these base stations through lines. RNC 105 is connected to core network 300 as required.
Radio access network 100′ is in synchronization with terminals 200′, and they have common frame numbers called “CFN” (Connection Frame Number). See, for example, DoCoMo Technical Journal Vol. 9, No. 1, pp. 61-79.
In such a system, RNC 105 specifies an encryption start timing using CFN upon encryption, so that a base station and a terminal, which have established the synchronization therebetween, start encryption at the same timing (same CFN).
FIG. 2 is a sequence diagram illustrating a conventional encryption procedure. Assume in this procedure that a secret key has been previously shared between RNC 105 and terminal 200′. As illustrated in FIG. 2, the conventional encryption starting procedure is performed in the following manner.
Step S1-1: RNC 105 indicates a “CFNs” (Connection Frame Number start) value indicative of an encryption start timing to terminal 200′. As described later, CFNs has a value larger than a current CFN.
Step S1-2: RNC 105 sets a terminal supporting function unit to start encryption of user signals if CFN matches CFNs.
Step S1-2′: Terminal 200′ also makes seftings therein to start the encryption of the user signals if CFN matches CFNs.
Step S1-3: When CFN=CFNs after the lapse of certain time, the encryption is started by RNC 105 and terminal 200′ in synchronization with each other.
Here, CFNs indicated at step S1-1 must be set to a larger value than CFN at the time of step S1-1. Specifically, the value of CFNs should be determined in consideration of a time margin for absorbing a transmission delay between RNC 105 and terminal 200′, and processing delays within RNC 105 and terminal 200′.
A cryptographic communication method similar to the above is disclosed in JP-6-237248-A. This conventional method involves previously transmitting temporal positional information to a communication partner for starting encryption, and changing a cryptographic key at a specified temporal position at both parties after confirmation. In this way, even during communications, encryption processing can be changed without interrupting the communications (see JP-6-237248, Paragraphs 0012-0014 and FIG. 3).
Some mobile communication network has a communication device associated with the C-Plane responsible for signaling such as call setting and disconnection of a network, separated from a communication device associated with the U-Plane responsible for transmission and reception of user data (C/U separation).
In such a C/U separated network system, the aforementioned RNC 105 is divided into an RNC server 103 associated with the C-Plane, and a media gateway (MG) 104 associated with the U-Plane. Specifically, RAN 100′ comprises a plurality of base stations, an RNC server, and an MG which are interconnected through an IP network, with the IP network being further connected to a core network.
FIG. 3 is a sequence diagram illustrating a conventional encryption starting procedure in a C/U separated mobile communication access network. Note herein, however, that a synchronization establishment procedure is omitted in FIG. 3. Assume that a secret key has been previously shared between the MG and terminal.
As illustrated in FIG. 3, the conventional encryption starting procedure is performed in the following manner.
Step S2-1: An RNC server indicates an encryption start timing CFNs to the MG. As later described, CFNs has a value larger than a current CFN.
Step S2-1′: The RNC server indicates the encryption start timing CFNs to the terminal.
Step S2-2: The MG sets a terminal support function unit to start the encryption of user signals if the value of CFN is equal to CFNs.
Step S2-2′: The terminal also makes settings therein to start the encryption of the user signals if the value of CFN is equal to CFNs.
Step S2-3: When CFN is equal to CFNs after the lapse of a certain time, the encryption is started by both the MG and terminal in synchronization.
CFNs indicated herein must be set to a larger value than CFN at the time of step S2-1, as is the case with the example illustrated in FIG. 2. However, in the C/U separated network system, CFNs must be set in consideration of a transmission delay between the RNC server and terminal, a transmission delay between the RNC server and MG, and a difference in delay in internal processing between the MG and terminal, in order to ensure that the MG and terminal, which are actually involved in the encryption, operate at the same timing.
However, in the C/U separated network system, a larger margin must be allowed for the encryption start timing CFNs, as compared with the system illustrated in FIG. 2, because the C/U separated network system must take into account a transmission delay on a network as well as a processing delay. Particularly, when the Internet is used as IP network 102, variations in transmission delay become larger, so that an even larger margin must be allowed for CFNs. As a result, a long standby time is required at all times before the MG and terminal actually start the encryption, resulting in an exacerbated response.