With recent advancement of mobile communication technology, standardization of mobile IPv6 has been under way in IETF (Internet Engineering Task Force).
FIG. 1 is a view illustrating an exemplary configuration of a conventional mobile communication system based on mobile IPv6.
As illustrated in FIG. 1, in this conventional example, there are provided two home agents 130a and 130b respectively having home core networks 131a and 131b, and communication based on transmission/reception of IP packet is performed between mobile terminal 110a having its movement information managed by home agent 130a and mobile terminal 110b having its movement information managed by home agent 130b. Mobile terminal 110a lies in access network 121a under access router 120a, and mobile terminal 110b lies in access network 121b under access router 120b. Mobile terminals 110a and 110b each have a home address (HoA: Home Address) being unique IP address, and these home addresses (HoA) are registered with home agents 130a and 130b, respectively.
The communication method between the two mobile terminals 110a and 110b in the mobile communication system illustrated in FIG. 1 will be described below.
First, the location registration processing of the mobile terminals 110a and 110b will be described.
When mobile terminal 110a moves from home core network 131a under home agent 130a or another access network to access network 121a under access router 120a, firstly CoA (Care of Address) being destination IP address is produced in mobile terminal 110a by use of prefix of IP address of access router 120a and MAC address of mobile terminal 110a, and a combination of a home address of mobile terminal 110a and this CoA is sent to home agent 130a, whereby location registration request (BU: Binding Update) is made. Similarly, in mobile terminal 110b, location registration request (BU) is made with home agent 130b by use of a home address of mobile terminal 110b and CoA produced in access network 121b. 
In home agent 130a, after receiving location registration request (BU) from mobile terminal 110a, its validity is verified, and then the home address and CoA sent from mobile terminal 110a are associated with each other and registered with BC (Binding Cache) in home agent 130a and at the same time, location registration acknowledgement (BA: Binding Acknowledgement) indicating that location registration has been made is sent to mobile terminal 110a. Similarly, in home agent 130b, location registration of mobile terminal 110b is made, and location registration acknowledgement (BA) is sent to mobile terminal 110b. 
In this way, the current locations of mobile terminals 110a and 110b are managed by home agents 130a and 130b, and thus the movement information of mobile terminals 110a and 110b is managed.
The processing performed when communication based on transmission/reception of IP packet is performed between mobile terminals 110a and 110b after the above described location registration processing has been performed, will now be described by taking as an example a case where an IP packet is sent from mobile terminal 110a to mobile terminal 110b. In the following description, the home addresses of mobile terminals 110a and 110b are referred to as “HoA1” and “HoA2”, respectively, and CoA's of mobile terminals 110a and 110b are referred to as “CoA1” and “CoA2”, respectively.
In sending an IP packet from mobile terminal 110a to mobile terminal 110b, firstly an IP packet having “HoA1” as originating address and “HoA2” as destination address is encapsulated in mobile terminal 110a by using “CoA1” as originating address and IP address “HA1” of home agent 130a as destination address, and this encapsulated IP packet is sent from mobile terminal 110a. 
The IP packet sent from mobile terminal 110a, having IP address “HA1” of home agent 130a as destination address, is delivered via access router 120a to home agent 130a. In home agent 130a, upon reception of the IP packet sent from mobile terminal 110a, the received IP packet is decapsulated and an IP packet having “HoA1” as originating address and “HoA2” as destination address is sent.
The IP packet sent from home agent 130a, having “HoA2” as destination address, is delivered to home agent 130b. In home agent 130b, upon reception of the IP packet sent from home agent 130a, binding cache (BC) in home agent 130b is consulted to recognize care of address “CoA2” of mobile terminal 110b as destination of the IP packet, and the received IP packet is encapsulated by using IP address “HA2” of home agent 130b as originating address and “CoA2” as destination address, and the encapsulated IP packet is sent from home agent 130b. 
The IP packet sent from home agent 130b, having “CoA2” as destination address, is delivered via access router 120b to mobile terminal 110b having “CoA2” as care of address. In mobile terminal 110b, upon reception of the IP packet sent from home agent 130b, the received IP packet is decapsulated, and the IP packet having “HoA1” as originating address and “HoA2” as destination address is received.
In this way, according to mobile IPv6, since the current locations of mobile terminals 110a and 110b are managed by home agents 130a and 130b, respectively, even when mobile terminals 110a and 110b move, IP packets directed to mobile terminals 110a and 110b are transferred via home agents 130a and 130b to mobile terminals 110a and 110b; thus movement penetration is ensured (for example, refer to Japanese Patent Laid-Open No. 2005-26941).
Here, the above described mobile IPv6 includes a technique of optimizing the communication route between mobile terminals 110a and 110b transmitting/receiving IP packets. The communication route optimization processing will be described below.
As described above, when an IP packet sent from mobile terminal 110a to mobile terminal 110b is encapsulated by using IP address “HA2” of home agent 130b as originating address and “CoA2” as destination address, mobile terminal 110b sends a combination of home address “HoA2” and care of address “CoA2” of mobile terminal 110b to mobile terminal 110a to make location registration request (BU).
In mobile terminal 110a, upon reception of the location registration request (BU) sent from mobile terminal 110b, its validity is verified, and then a combination of home address “HoA2” and care of address “CoA2” of mobile terminal 110b is registered with a memory for route optimization and at the same time, location registration acknowledgement (BA) is sent to mobile terminal 110b. 
Thereafter, in sending an IP packet directed to mobile terminal 110b from mobile terminal 110a, an IP packet having “CoA1” as originating address, “CoA2” as destination address and “HoA1” as home address option is sent from mobile terminal 110a. This IP packet is delivered to mobile terminal 110b without passing through home agents 130a and 130b. 
This communication route optimization processing prevents the communication route from becoming redundant to cause delay in transmitting/receiving IP packets between mobile terminals 110a and 110b (for example, refer to Japanese Patent Laid-Open No. 2005-33469).
However, in this technique of optimizing a communication route between mobile terminals 110a and 110b, care of address “CoA1” and care of address “CoA2” indicating the current location of mobile terminals 110a and 110b are transferred to the other communication party, so the current locations of each mobile terminal are known by the other communication party.
Thus, for the communication where communication route is optimized, there has been studied an edge mobility technique of access routers 120a and 120b encapsulating or decapsulating IP packets transmitted/received between mobile terminals 110a and 110b. According to this edge mobility technique, instead of mobile terminals 110a and 110b, access routers 120a and 120b perform the above described location registration request (BU) with home agents 130a and 130b, the generation of care of address “CoA” of mobile terminals 110a and 110b, and the route optimization processing.
Accordingly, care-of addresses “CoA1” and “CoA2” of mobile terminals 110a and 110b are managed not in mobile terminals 110a and 110b but in access routers 120a and 120b. Also, when mobile terminals 110a and 110b perform IP packet transmission/reception via the above described optimized route without using home agents 130a and 130b, care of addresses “CoA1” and “CoA2” of mobile terminals 110a and 110b are transmitted/received only between access routers 120a and 120b. Consequently, care of address is not transferred to the other communication party, thus allowing prevention of the current location of the mobile terminals from being known by the other communication party.
Further, in the above described mobile IPv6, there is used a technique of building security association (SA) for IP packet transmission/reception to/from mobile terminals 110a and 110b by delivering between access routers 120a and 120b and home agents 130a and 130b to which the edge mobility technique is applied, the unique information on mobile terminals 110a and 110b and the unique information on home agents 130a and 130b each stored in access routers 120a and 120b. The method of building security association between access router 120a and home agent 130a illustrated in FIG. 1 will be described below by taking as an example a case where security association is built up for IP packet transmission/reception to/from mobile terminal 110a. 
When mobile terminal 110a moves from home core network 131 a under home agent 130a or another access network to access network 121a under access router 120a, firstly care of address for mobile terminal 110a is produced in access router 120a under which lies access network 121a to which mobile terminal 110a has moved, by use of prefix of IP address of access router 120a and MAC address of mobile terminal 110a, and this care of address and the home address of mobile terminal 110a are associated with each other and registered with an internal memory. As a result, a proxy function for mobile terminal 110a using the produced care of address is set in access router 120a. 
Subsequently, an encryption transmission route for signaling between the care of address for mobile terminal 110a and the home address of home agent 130a is built between access router 120a and home agent 130a by use of IKE (Internet Key Exchange).
Subsequently, FQDN (Fully Qualified Domain Name) for mobile terminal 110a in access router 120a is transferred from access router 120a to home agent 130a on ISAKMP (Internet Security Association and Key Management Protocol.
Then, FQDN in home agent 130a is transferred from home agent 130a to access router 120a on ISAKMP.
Subsequently, the home address of mobile terminal 110a is transferred from access router 120a to home agent 130a on ISAKMP and in response to this, the IP address of home agent 130a is transferred from home agent 130a to access router 120a on ISAKMP.
Thereafter, a combination of the home address of mobile terminal 110a and the care of address produced for mobile terminal 110a is sent from access router 120a to home agent 130a, whereby location registration request (BU) is made.
Then, its validity is verified in home agent 130a, and thereafter the home address and care of address sent from the mobile terminal 110a are associated with each other and registered with binding cache (BC) in home agent 130a, and at the same time an encryption transmission route for user data between the care of address for mobile terminal 110a and the home address of home agent 130a is built between access router 120a and home agent 130a by use of IKE.
When security association is built in this way, home agents 130a and 130b receive only IP packets sent from the mobile terminals for which security association has been built.
As described above, when security association for the mobile terminal is built between the access router and home agent, the home address of the mobile terminal for which security association is to be built is transferred from the access router to the home agent; but when the mobile terminal moves, and the access router in which a proxy function for the mobile terminal is set is changed, and that access router similarly performs a processing for building security association between the home agent and the access router, since the home address of the mobile terminal has already been registered in the home agent as the home address of the mobile terminal for which security association has been built, security association for the mobile terminal cannot be built in the destination access router of the mobile terminal.