Abstract: According to one embodiment, a method for establishing a connection of a mobile terminal to a mobile radio communication network is described comprising a radio access network of a mobile radio communication network receiving a connection request from a mobile terminal, the radio access network establishing a control plane communication having as a first endpoint the radio access network, the radio access network forwarding the mobile terminal's connection request to a first common control plane function via the control plane communication, the radio access network receiving a message indicating that the second endpoint of the control plane communication should be set to the second common control plane function and the radio access network setting the second endpoint of the control plane communication to the second common control plane function.

Abstract: A base station includes a receiving unit that receives terminal capability from a terminal before a security procedure, and a control unit that eliminates the terminal capability acquired before the security procedure in response to a release of a terminal context related to the terminal.

Abstract: According to one embodiment, a method for establishing a connection of a mobile terminal to a mobile radio communication network is described comprising a first common control plane function of a mobile radio communication network receiving a connection request from a mobile terminal; the first common control plane function authenticating the mobile terminal including generating an authentication context of the mobile terminal; the first common control plane function forwarding the connection request and transmitting the authentication context of the mobile terminal to a second common control plane function of the mobile radio communication network and the second common control plane function connecting the mobile terminal to the mobile radio communication network.

Abstract: A base station includes a receiving unit that receives a terminal capability from a terminal before a security procedure, and a transmitting unit that transmits, to other nodes, a message that does not include the terminal capability acquired before the security procedure or transmits, to other nodes, the terminal capability together with an information element indicating that the terminal capability acquired before the security procedure is invalid.

Abstract: A security establishment method includes generating a pair of keys via mutual authentication between a terminal device (110) and a serving network, and the terminal device (110) and the serving network sharing KASME by using the generated pair of keys (Steps S50 and S100), the terminal device (110) and a roaming destination network of the terminal device (110) generating, by using the KASME, KSEAF mapped with SEAF (50) (Steps S140 and S150), and the terminal device (110) and the roaming destination network generating, by using at least the KSEAF and SUPI used to recognize a subscriber in the serving network, KAMF mapped with AMF (60) (Steps S140 and S150).

Abstract: A switch is provided. The switch is connected to a control apparatus for controlling Lawful Interception, and relays packets transmitted and received between a user apparatus and an IMS apparatus in the home network of the user apparatus. The switch includes a determination unit configured to determine whether the user apparatus is a Lawful Interception target or whether the user apparatus is a roaming user; and a transmission unit configured to, in the case where the user apparatus is a Lawful Interception target or in the case where the user apparatus is a roaming user, transmit to a mobile management switch information indicating to the user apparatus that the user apparatus should transmit and receive the packets to and from the IMS apparatus without encryption.

Abstract: A network node includes a receiver configured to receive, from a user equipment, a message requesting an initial registration or a location registration from a user equipment; and a transmitter configured to transmit a message to the user equipment when the user equipment is disallowed to connect to any one of one or more network slices, the message allowing the initial registration or the location registration including information related to a connection restriction that causes the user equipment to transition into a state in which the user equipment is registered and the user equipment is not allowed to use a service.

Abstract: According to one embodiment, a method for establishing a connection of a mobile terminal to a mobile radio communication network is described comprising a radio access network of a mobile radio communication network receiving a connection request from a mobile terminal, the radio access network establishing a control plane communication having as a first endpoint the radio access network, the radio access network forwarding the mobile terminal's connection request to a first common control plane function via the control plane communication, the radio access network receiving a message indicating that the second endpoint of the control plane communication should be set to the second common control plane function and the radio access network setting the second endpoint of the control plane communication to the second common control plane function.

Abstract: A security establishment method includes generating a pair of keys via mutual authentication between a terminal device (110) and a serving network, and the terminal device (110) and the serving network sharing KASME by using the generated pair of keys (Steps S50 and S100), the terminal device (110) and a roaming destination network of the terminal device (110) generating, by using the KASME, KSEAF mapped with SEAF (50) (Steps S140 and S150), and the terminal device (110) and the roaming destination network generating, by using at least the KSEAF and SUPI used to recognize a subscriber in the serving network, KAMF mapped with AMF (60) (Steps S140 and S150).

Abstract: vSEPP (210) encapsulates a predetermined element included in an original message received via a mobile communication network and adds a first signature to a first message of which the predetermined element is encapsulated. A relay device (310) receives the first message, decapsulates the predetermined element included in the first message, and then executes a modification to the predetermined element. The relay device (310) adds a second signature to a second message including the modified predetermined element and relays the second message to HPLMN (30).

Abstract: A security establishment method includes generating a pair of keys via a mutual authentication between a terminal device (110) and a serving network, and the terminal device (110) and the serving network sharing KASME by using the generated pair of keys (Steps S50 and S100), generating in which the terminal device (110) generates KSEAF by using the KASME and SUPI used to recognize a subscriber in the serving network (Step S140), and generating in which a roaming destination network of the terminal device (110) generates the KSEAF by using the KASME, notified from the serving network, and the SUPI (Step S150).

Abstract: According to one embodiment, a method for establishing a connection of a mobile terminal to a mobile radio communication network is described comprising a first common control plane function of a mobile radio communication network receiving a connection request from a mobile terminal; the first common control plane function authenticating the mobile terminal including generating an authentication context of the mobile terminal; the first common control plane function forwarding the connection request and transmitting the authentication context of the mobile terminal to a second common control plane function of the mobile radio communication network and the second common control plane function connecting the mobile terminal to the mobile radio communication network.

Abstract: A switch is provided. The switch is connected to a control apparatus for controlling Lawful Interception, and relays packets transmitted and received between a user apparatus and an IMS apparatus in the home network of the user apparatus. The switch includes a determination unit configured to determine whether the user apparatus is a Lawful Interception target or whether the user apparatus is a roaming user; and a transmission unit configured to, in the case where the user apparatus is a Lawful Interception target or in the case where the user apparatus is a roaming user, transmit to a mobile management switch information indicating to the user apparatus that the user apparatus should transmit and receive the packets to and from the IMS apparatus without encryption.

Abstract: An eUICC 100 embedded in an UE 200 authenticates an AUTN transmitted from an HSS 300, and calculates a transfer key TK by using a secret key K. The eUICC 100 acquires a transfer Token by decoding an enc Token by using the transfer key TK, and acquires a new Customer ID by decoding an enc New ID by using the transfer key TK. The eUICC 100 transmits a user auth resp in response to a User auth+transfer Setup Req including the AUTN, the enc Token, and the enc New ID to the HSS 300. The eUICC 100 generates a shared-Secret Key shared between the eUICC 100 and an HSS 400 by using the transfer Token, and executes an attach procedure for the HSS 400 by using the generated shared-Secret Key and the new Customer ID.

Abstract: To protect a key (K_eNB-int) and a key (K_eNB-enc) that are used in a radio base station (MeNB), even when a malicious third party has stolen a key (K_SeNB) from a radio base station (SeNB). A mobile communication method according to the present invention includes, upon starting “Inter-eNB CA” configured such that downlink data is distributed to the radio base station (MeNB) and the radio base station (SeNB) by a serving gateway device (S-GW), generating, by the radio base station (MeNB), the key (K_SeNB) based on a key (KeNB) and transmitting the key (KSeNB) to the radio base station (SeNB), and generating, by the radio base station (SeNB), a key (K_SeNB-enc) and a key (K SeNB-int) used for communication with a mobile station (UE) in the “Inter-eNB CA”, based on the key (K_SeNB).

Abstract: An eUICC 100 embedded in an UE 200 authenticates an AUTN transmitted from an HSS 300, and calculates a transfer key TK by using a secret key K. The eUICC 100 acquires a transfer Token by decoding an enc Token by using the transfer key TK, and acquires a new Customer ID by decoding an enc New ID by using the transfer key TK. The eUICC 100 transmits a user auth resp in response to a User auth+transfer Setup Req including the AUTN, the enc Token, and the enc New ID to the HSS 300. The eUICC 100 generates a shared-Secret Key shared between the eUICC 100 and an HSS 400 by using the transfer Token, and executes an attach procedure for the HSS 400 by using the generated shared-Secret Key and the new Customer ID.

Abstract: In an attach process executed as a relay node RN, the wasteful use of a resource is avoided. A mobile communication method according to the present invention includes a step of transmitting, by a radio base station DeNB, “(S1) Initial UE message” indicating the attach process executed as the relay node RN to a mobile management node MME in response to “Attach Request (RN)” received from the relay node RN having a secure channel established between the relay node RN and USIM-RN, a step of starting, by the mobile management node MME, “EPS-AKA” between the relay node RN and the USIM-RN in response to the “(S1) Initial UE message”, and a step of failing in the “EPS-AKA” when it is determined that the USIM-RN cannot be used for the attach process executed as the relay node RN.

Abstract: A mobile communication method according to the present invention including the steps of: generating, at a mobile station (UE), first verification information by use of a first key, a first parameter and an algorithm for “Integrity Protection”; generating, at the mobile station (UE), second verification information by extracting predetermined bits of the first verification information; and performing, at the mobile station (UE), cell selection processing, and transmitting, from the mobile station to a radio base station that manages the selected cell, an RRC-PDU for RRC connection re-establishment request through a common control channel, upon detection of a radio link failure in an RRC connection, the second verification information being set in the RRC-PDU for RRC connection re-establishment request.

Abstract: In a wireless communication system where the data transmission is optimized with respect to the channel state information fed back by the users, a service degradation attack can be made by feeding back faked channel state information. A method for preventing a service degradation attack on a first wireless communication device by a second wireless communication device in a wireless communication system, said method comprising: verifying by a base station whether the channel state information sent to the base station by the second wireless communication device corresponds to its real channel.

Abstract: In an attach process executed as a relay node RN, the wasteful use of a resource is avoided. A mobile communication method according to the present invention includes a step of transmitting, by a radio base station DeNB, “(S1) Initial UE message” indicating the attach process executed as the relay node RN to a mobile management node MME in response to “Attach Request (RN)” received from the relay node RN having a secure channel established between the relay node RN and USIM-RN, a step of starting, by the mobile management node MME, “EPS-AKA” between the relay node RN and the USIM-RN in response to the “(S1) Initial UE message”, and a step of failing in the “EPS-AKA” when it is determined that the USIM-RN cannot be used for the attach process executed as the relay node RN.