1. Field of the Invention
The present invention relates to a communication system and a gateway apparatus, and, more particularly to a communication system and a gateway apparatus that increase the speed of handover between heterogeneous access networks. The present invention relates to, for example, a technique for increasing the speed of handover between 3.9th generation mobile communication system UMB (Ultra Mobile Broadband) of 3GPP2 (3rd Generation Partnership Project 2) and WiMAX (Worldwide Interoperability for Microwave Access). However, the present invention is not limited to this and can be applied to various access networks.
2. Description of the Related Art
In recent years, services for seamlessly associating mobile communication networks having different coverage areas, throughputs, and communication costs are examined. As an example of systems studied in the technical field, there is a system that provides a WiMAX area with low equipment cost in a UMB area for covering a wide range and provides users in the WiMAX area with data communication at low cost.
A method of associating a UMB access network and a WiMAX access network is specified in X.P0046 of 3GPP2 (Non-Patent Document 1), “WiMAX Forum Network Architecture Stage 2: 3GPP2-WiMAX Interworking” of WiMAX Forum (Non-Patent Document 2) and “WiMAX Forum Network Architecture Stage 3 Annex: 3GPP2-WiMAX Interworking” of WiMAX Forum (Non-Patent Document 3), and the like. In these standards, a system in which respective access networks loosely associate with one another via an HA (Home Agent) of a Mobile IP (Non-Patent Documents 4 and 5) is adopted. Such an association system is referred to as Loosely Coupled Interworking.
A handover procedure between WiMAX-UMBs by the Loosely Coupled Interworking is explained with reference to FIGS. 15 to 19.
1. System Configuration
FIG. 15 is a diagram of a configuration example of a network configured by the related art. An MN (Mobile Node: mobile terminal) 3040 is a terminal that has access means to both a WiMAX access network 3020 and a UMB access network 3030. A CN (Correspondent Node: counter node) 3050 is a terminal or a server that communicates with the MN 3040.
A core network 3010 is a communication network that accommodates both the WiMAX access network 3020 and the UMB access network 3030. An AAA (Authentication Authorization Accounting) 3011 and an HA (Home Agent) 3012 are connected to the core network 3010. The AAA 3011 is a server that manages association between an identifier and authentication information of a terminal and authenticates the terminal. The HA 3012 is a node specified by the Mobile IP (Non-Patent Documents 4 and 5) and manages association between an HoA (Home Address: an IP address that does not change even if a position of the MN changes) and a CoA (Care of Address: an IP address allocated to the MN by a moving destination network) of the MN 3040. The HA 3012 converts an IP packet addressed to the HoA of the MN 3040 received from the CN 3050 into an IPinIP packet (Non-Patent Document 6) addressed to the CoA of the MN 3040 and transfers the IPinIP packet to the MN 3040 such that communication by the HoA can be continued even when the MN 3040 moves to another network. Conversely, the HA 3012 decapsulates an IPinIP packet received from the MN 3040 and transfers the IPinIP packet to the CN 3050.
BSs (Base Stations) 3022 (a to c) and an ASN-GW (Access Service Network—Gateway) 3021 are connected to the WiMAX access network 3020. The BSs 3022 (a to c) are nodes that inter-convert a WiMAX wireless signal from the MN 3040 into a wired signal and transfer the wired signal. The BSs 3022 (a to c) transmit and receive control signals and user data to and from the MN 3040 and the ASN-GW 3021.
FIG. 16A is a diagram of a protocol stack of user data in the WiMAX access network 3020. As shown in FIG. 16A, the BSs 3022 (a to c) extract an IP packet from the WiMAX wireless signal received from the MN 3040, apply GRE (Generic Routing Encapsulation) (Non-Patent Document 7) to the IP packet, and transfer the IP packet to the ASN-GW 3021. The BSs 3022 (a to c) receive a GRE packet from the ASN-GW 3021, convert the GRE packet into a WiMAX wireless signal, and transfer the WiMAX wireless signal to the MN 3040.
The ASN-GW 3021 is an access router that accommodates the MN 3040 and has a function of a PMA of the Proxy MIP (Non-Patent Document 8: a Mobile IP protocol with which a node called PMA (Proxy Mobile Agent) registers the association between the HoA and the CoA in the HA on behalf of a terminal). In other words, the ASN-GW 3021 registers an IP address thereof in the HA 3012 as the CoA on behalf of the MN 3040. The ASN-GW 3021 transmits and receives control signals and user data to and from the HA 3012 and the BSs 3022 (a to c).
As shown in FIG. 16A, the ASN-GW 3021 receives a GRE-encapsulated user packet from the BSs 3022 (a to c), converts the user packet into an IPinIP packet, and transfers the IPinIP packet to the HA 3012. The ASN-GW 3021 receives the IPinIP packet from the HA 3012, converts the IPinIP packet into a GRE packet, and transfers the GRE packet to the BSs 3022 (a to c).
eBSs (Evolved Basic Stations) 3033 (a to c), an AGW (Access Gateway) 3031, and an SRNC (Session Reference Network Controller) 3032 are connected to the UMB access network 3030. The eBSs 3033 (a to c) are nodes that inter-convert a UMB wireless signal into a wired signal and transfer the wired signal. Each of the eBSs 3033 (a to c) transmits and receives control signals to and from the MN 3040, the AGW 3031, the SRNC 3032, and the other eBS 3033 (a to c). Each of the eBSs 3033 (a to c) transmits and receives user data to and from the MN 3040, the AGW 3031, and the other eBSs 3033 (a to c).
FIG. 16B is a diagram of a protocol stack of user data in the UMB access network 3030. As shown in FIG. 16B, the eBSs 3033 (a to c) extract an IP packet from the UMB wireless signal received from the MN 3040, GRE-encapsulate the IP packet, and transfer the IP packet to the AGW 3031. The eBSs 3033 (a to c) receive a GRE packet from the AGW 3031, convert the GRE packet into a UMB wireless signal, and transfer the UMB wireless signal to the MN 3040.
The AGW 3031 is an access router that accommodates the MN 3040 and has a function of a PMA of the Proxy MIP. In other words, the AGW 3031 registers an IP address thereof in the HA 3012 as the CoA on behalf of the MN 3040. The AGW 3031 transmits and receives control signals to and from the HA 3012, the SRNC 3032, and the eBSs 3033 (a to c). The AGW 3031 transmits and receives user data to and from the HA 3012 and the eBSs 3033 (a to c).
As shown in FIG. 16B, the AGW 3031 receives a GRE-encapsulated user packet from the eBSs 3033 (a to c), converts the user packet into an IPinIP packet, and transfers the IPinIP packet to the HA 3012. The AGW 3031 receives the IPinIP packet from the HA 3012, converts the IPinIP packet into a GRE packet, and transfers the GRE packet to the eBSs 3033 (a to c).
The SRNC 3032 is a node that manages communication session information (i.e., an ID of an eBS to which a terminal is connected, an ID of an AGW, and a state of wireless connection) in the UMB access network 3030. The SRNC 3032 transmits and receives control signals to and from the eBSs 3033 (a to c) and the AGW 3031.
2. Handover Processing
FIG. 17 is a diagram of a procedure in which the MN 3040 performs handover from the WiMAX access network 3020 to the UMB access network 3030 according to the Loosely Coupled Interworking of the related art.
First, the MN 3040 is connected to only the WiMAX access network 3020 and performs data communication with the CN 3050 through the BS 3022c, the ASN-GW 3021, and the HA 3012 (3101). At this point, the MN 3040 stores a communication context of the WiMAX on a memory thereof. The communication context of the WiMAX includes at least an ID of a connected BS (the BS 3022c), QoS information for each IP flow (a filter TFT (Traffic Flow Template) for identifying the IP flow), a QoS class of each IP flow, etc.), and an encryption key for protecting wireless communication between the MN 3040 and the BS 3022c. The ID of the connected BS is acquired from an advertisement message periodically informed by the BS. The QoS information for each IP flow is set during connection to the WiMAX access network 3020 or during the start of data communication with the CN 3050. However, explanation of a setting procedure is omitted. The encryption key for protecting the wireless communication between the MN 3040 and the BS 3022c is generated in user authentication processing performed during connection to the WiMAX access network 3020 and MN-BS key exchange processing performed during connection to the BS 3022c (since these kinds of processing are performed before step 3101, these kinds of processing are not shown in FIG. 17).
A method of generating a WiMAX encryption key based on the related art is shown in FIG. 18. A procedure in which the MN 3040 and the BS 3022c generate an encryption key in a wireless section is explained below with reference to FIG. 18.
First, when the MN 3040 makes connection to the WiMAX access network 3020, user authentication by an EAP (Extensible Authentication Protocol) is performed and the AAA 3011 and the MN 3040 share an MSK (Master Session Key). The MSK is notified from the AAA 3011 to the ASN-GW 3021 in an EAP authentication process. The ASN-GW 3021 generates a PMK (Pairwise Master Key) from the MSK and stores the PMK on a memory. Thereafter, when the MN 3040 makes connection to the BS 3022c, the ASN-GW 3021 generates an AK (Authorization Key)_BS from the PMK and the ID of the BS 3022c and notifies the BS 3022c of the AK_BS. Since the AK_BS is a function of a BS ID, the AK_BS has a different value for each of the BSs. On the other hand, the MN 3040 generates the AK_BS for the BS 3022c using an algorithm set beforehand, which is the same as that for the ASN-GW 3021. At this point, the MN 3040 and the BS 3022c share the same AK_BS. The MN 3040 and the BS 3022c perform key exchange processing using the AK_BS and exchange an encryption key TEK (Transport Encryption Key)_BS in the wireless section. The generation of the encryption key (TEK_BS) in the wireless section is completed.
Referring back to FIG. 17, the explanation of the handover procedure of the related art is continued. After step 3101, the MN 3040 determines handover to the UMB access network 3030 because, for example, a wireless wave state of WiMAX is deteriorated (3102). The MN 3040 starts a connection procedure (3103 to 3111) for connection to the UMB access network 3030. The connection procedure (3103 to 3111) for connection to the UMB access network 3030 specified by Non-Patent Document 9 is explained below.
First, the MN 3040 measures a wireless wave state of the UMB access network 3030 and requests an eBS in a best wireless wave state (e.g., eBS 3033a) to make connection (3103). A connection request transmitted from the MN 3040 to the eBS 3033a includes at least a terminal ID generated by the MN 3040 at random (RATI: Random Access Terminal Identifier) and an identifier allocated to a route in the UMB access network 3030 by the MN 3040 (a route counter). The eBS 3033a receives the connection request of the MN 3040 and returns a success response. The eBS 3033a notifies the MN 3040 of an ID of an SRNC (the SRNC 3032) to which the MN 3040 should make connection.
The MN 3040 requests the SRNC (the SRNC 3032), the ID of which is notified in step 3103, to make connection (3104). The connection request transmitted to the SRNC 3032 by the MN 3040 includes at least the RATI generated by the MN 3040 and the route counter for identifying a route to the SRNC 3032. The SRNC 3032 returns a success response to the MN 3040 and allocates a unicast ID (UATI: Unicast Access Terminal Identifier) to the MN 3040.
Subsequently, EAP-AKA (Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement) authentication (Non-Patent Documents 10 and 11) is performed (3105). As a result of the EAP-AKA authentication, the MN 3040 and the SRNC 3032 share the MSK and MN-SRNC key exchange is performed between the MN 3040 and the SRNC 3032 (3106). Parameters related to the MN-SRNC key exchange are explained with reference to FIG. 19 later. As a result of the key exchange, an encryption key (TSK_SRNC (see FIG. 19, explained later)) for protecting communication between the MN 3040 and the SRNC 3032 is generated. Thereafter, wireless data link setting and the like between the MN 3040 and the SRNC 3032 are performed in a message protected by the encryption key (TSK_SRNC) (3107).
The SRNC 3032 notifies the eBS 3033a of UMB connection information (an ID of the AGW 3031) and UMB authentication information (a parameter MSK_eBS generated from the MSK (see FIG. 19, explained later) (3108). The eBS 3033a performs key exchange with the MN 3040 using the UMB authentication information (the MSK_eBS) and generates an encryption key (TSK_eBS (see FIG. 19, explained later) for protecting communication between the MN 3040 and eBS 3033a (3109).
A method of generating a UMB encryption key based on the related art is shown in FIG. 19. Parameters treated in the key exchange processing (steps 3106 and 3109 shown in FIG. 17) between the MN 3040 and the SRNC 3032 and between the MN 3040 and the eBS 3033a are explained below with reference to FIG. 19. (Details of the key exchange processing explained below are specified in Non-Patent Documents 12 and 13). First, in the EAP-AKA authentication in step 3105 shown in FIG. 17, the AAA 3011 and the MN 3040 share an MSK (Master Session Key)_SRNC. The MSK_SRNC is notified from the AAA 3011 to the SRNC 3032 in an EAP-AKA authentication process. The MN 3040 and the SRNC 3032 generate a PMK (Pairwise Master Key)_SRNC from the MSK_SRNC using the same algorithm set beforehand and perform the MN-SRNC key exchange processing (step 3106 shown in FIG. 17) using the PMK_SRNC. As a result of the MN-SRNC key exchange processing, an encryption key TSK (Transient Session Key)_SRNC for protecting communication between the SRNC 3032 and the MN 3040 is generated.
Thereafter, in step 3108 shown in FIG. 17, the SRNC 3032 notifies the eBS 3033a of a route counter for identifying a route to the eBS 3033a and the parameter MSK_eBS generated from the MSK_SRNC. Since the MSK_eBS is a function of the route counter for identifying a route in the UMB access network, the MSK_eBS has a different value for each of the eBSs. The eBS 3033a generates a PMK_eBS from the MSK_eBS using the shared algorithm set beforehand in the same manner as the SRNC 3032 and performs the key exchange processing (step 3109 shown in FIG. 17) with the eBS 3033a using the PMK_eBS. As a result, an encryption key (TSK_eBS) for protecting communication between the MN 3040 and the eBS 3033a is generated.
Referring back to FIG. 17, the explanation of the handover procedure based on the related art is continued. After the key exchange (step 3109) between the MN 3040 and the eBS 3033a, the MN 3040 and the eBS 3033a perform setting of a wireless data link in a message protected by the encryption key (TSK_eBS) (3110). Finally, GRE tunnel setting between the eBS 3033a and the AGW 3031, IPinIP tunnel setting between the AGW 3031 and the HA 3012, and IP address allocation from the AGW 3031 to the MN 3040 are performed (3111) and the connection to the UMB access network 3030 is completed. After this, the MN 3040 performs data communication with the CN 3050 through the eBS 3033a, the AGW 3031, and the HA 3012 (3112). The handover procedure based on the related art is completed.
As an example of other systems that perform association between heterogeneous access networks according to the Loosely Coupled Interworking, there is an association system of W-CDMA (Wideband Code Division Multiple Access) and a WLAN (Wireless Local Area Network) specified in Non-Patent Documents 14 to 16. In handover between the W-CDMA and the WLAN, as in the handover between the WiMAX and the UMB explained above, switching of a data path is performed after processing for connection to an access network at a moving destination is completed.
As an invention for increasing the speed of the handover between the W-CDMA and the WLAN, JP-A-2006-203641 is disclosed. In JP-A-2006-203641, a packet control apparatus (SGSN: Serving GPRS Support Node) of the W-CDMA and mobile network packet relay apparatus (GGSN: Gateway GPRS Support Node) perform setting of an IP address, change of a data path, and an increase in the speed of re-authentication processing by housing WLAN relay apparatuses (WAG: WLAN Access Gateway) of the WLAN as well.
Patent Document 1: JP-A-2006-203641
Non Patent Document 1: 3GPP2 X.P0046-0 v0.4, TEF: Technology Evolution Framework, Sec.7, Sec.9
Non Patent Document 2: WiMAX Forum Network Architecture -Stage2-3GPP2-WiMAX Interworking-Release1.1.0
Non Patent Document 3: WiMAX Forum Network Architecture -Stage3-Annex: 3GPP2-WiMAX Interworking-Release1.1.0
Non Patent Document 4: IETF RFC3344, IP Mobility Support for IPv4
Non Patent Document 5: IETF RFC3775, Mobility Support in IPv6
Non Patent Document 6: IETF RFC2003, IP Encapsulation within IP
Non Patent Document 7: IETF RFC2784, Generic Routing Encapsulation (GRE)
Non Patent Document 8: IETF draft-ietf-netlmm-proxymip6-01, Proxy Mobile Ipv6, http://www.ietf.org/internet -drafts/draft-ietf-netlmm-proxymip6-01.txt
Non Patent Document 9: 3GPP2 A.S0020-0 v0.4, Interoperability Specification (IOS) for Ultra Mobile Broadband (UMB) Radio Access Network Interfaces, Sec. 3.1.1
Non Patent Document 10: IETF RFC3748, Extensible Authentication Protocol (EAP)
Non Patent Document 11: IETF RFC4187, Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)
Non Patent Document 12: 3GPP C.S0084-005-0 v1.6, Security Functions for Ultra Mobile Broadband (UMB) Air Interface Specification Sec. 4
Non Patent Document 13: 3GPP2 S40-20070618-007R7 UMB Access Authentication Architecture
Non Patent Document 14: 3GPP TS22.234, Requirements on 3GPP system to Wireless Local Area Network (WLAN) interworking
Non Patent Document 15: 3GPP TS23.234, 3GPP system to Wireless Local Area Network (WLAN) interworking; System description
Non Patent Document 16: 3GPP TS33.234, 3G security; Wireless Local Area Network (WLAN) inteworking security