Patent Application
20240414535
This application claims the benefit of Japanese Patent Application No. 2023-094056, filed on Jun. 7, 2023, which is hereby incorporated by reference herein in its entirety.
The present disclosure relates to a communication technique.
Techniques for increasing robustness of communication using a cellular communication network have been developed.
With regard thereto, for example, Japanese Patent Laid-Open No. 2022-180105 discloses a communication apparatus equipped with a SIM card capable of storing a plurality of communication profiles.
An object of the present disclosure is to reduce costs for authenticating a communication terminal.
The present disclosure in its one aspect provides a communication system comprises a storage configured to store authentication data for authenticating a mobile communication terminal; a gateway configured to accommodate access from an untrusted first communication network; and a controller configured to execute: authenticating the mobile communication terminal connected through the gateway via the first communication network, using the authentication data; and providing first information about a result of the authentication of the mobile communication terminal, to a first server which is a communication destination of the mobile communication terminal.
The present disclosure in its another aspect provides an authentication method comprising: a first step of authenticating a mobile communication terminal connected through a gateway configured to accommodate access from an untrusted first communication network, using authentication data stored in a storage; and a second step of providing first information about a result of the authentication of the mobile communication terminal, to a first server which is a communication destination of the mobile communication terminal.
Further, as another aspect, a program for causing a computer to execute the above method or a computer-readable storage medium that non-transitorily stores the program is exemplified.
According to the present disclosure, it is possible to reduce costs for authenticating a communication terminal.
Recently, connectedness of automobiles has progressed, and the number of vehicles mounted with an in-vehicle apparatus having a wireless communication function has been increasing. The in-vehicle apparatus can provide various kinds of services for a driver of a vehicle, for example, by communicating with a server apparatus (such as an application server) via a cellular communication network.
The server apparatus to be a communication destination of the in-vehicle apparatus is not necessarily arranged in a network the security of which is ensured. Therefore, in the course of communication, it is preferred for the in-vehicle apparatus to authenticate the server apparatus, which is a communication counterpart, for example, by a method such as SSL (Secure Sockets Layer) to confirm the authenticity thereof.
It is assumed that, when the amount of processing by in-vehicle apparatuses increases in the future, more resources for authentication will be consumed. For example, when the number of communication counterparts increases, resources for exchange and confirmation of certificates are consumed each time. For many processors of in-vehicle apparatuses, however, available resources are restricted unlike general computers, and it is not preferred to allocate many resources to authentication. A communication system according to the present disclosure solves such a problem.
A communication system according to a first aspect of the present disclosure includes: a storage configured to store authentication data for authenticating a mobile communication terminal; a gateway configured to accommodate access from an untrusted first communication network; and a controller configured to execute: authenticating the mobile communication terminal connected through the gateway via the first communication network, using the authentication data; and providing first information about a result of the authentication of the mobile communication terminal, to a first server which is a communication destination of the mobile communication terminal.
The mobile communication terminal is typically an in-vehicle terminal mounted on a vehicle, but is not limited thereto.
The gateway is a terminal apparatus that accommodates access via the untrusted first communication network in the communication system. The communication system includes the storage that stores authentication data, the controller, and the gateway; and the controller authenticates the mobile communication terminal based on the authentication data stored in the storage.
The controller provides information (the first information) about the result of the authentication of the mobile communication terminal to the first server which is a communication counterpart of the mobile communication terminal. The first sever may be arranged in an insecure network such as the Internet. The controller may relay communication from the authenticated mobile communication terminal to the first server.
That the first information corresponding to a certain mobile communication terminal exists means that the mobile communication terminal has been already authenticated by the communication system. Therefore, having provided the first information to the first server can be regarded as the mobile terminal having been authenticated by the first server. That is, it becomes possible to omit the process for the first server to authenticate the mobile communication terminal.
The controller may authenticate the first server using an electronic certificate corresponding to the first server. It is preferred that the authentication is performed before authentication of the mobile communication terminal.
Further, the controller may provide second information about a result of the authentication of the first server to the mobile communication terminal. The mobile communication terminal may treat the first server the second information about which has been provided, as a trustable communication counterpart.
According to such a configuration, it is possible to cause the mobile communication terminal to know that the first server is a trustable apparatus, and it is also possible to cause the first server to know that the mobile communication terminal is a trustable apparatus. That is, it becomes possible for the mobile communication terminal and the first server to mutually ensure the authenticity without directly performing mutual authentication.
The communication system may further include a second gateway that connects to a cellular communication network. Further, the controller may authenticate the mobile communication terminal using the same authentication data in a case of the mobile communication terminal having connected via the gateway and in a case of the mobile communication terminal having connected via the second gateway.
Further, the authentication data may be data corresponding to SIM profile information that the mobile communication terminal includes. The SIM profile information may be SIM profile information issued by a business operator that operates the communication system.
Specific embodiments of the present disclosure will be described below based on drawings. A hardware configuration, a module configuration, a functional configuration, and the like described in each embodiment are not intended to limit the technical scope of the disclosure only thereto unless otherwise described.
An overview of a vehicle communication network according to a first embodiment will be described with reference to
The vehicle 1 is a connected vehicle capable of communication with any server apparatus via wireless communication. The vehicle 1 can provide various kinds of services by communicating with an external server apparatus (for example, the server apparatus 3) via the DCM 10 which is a wireless communication apparatus. As the various kinds of services, for example, a navigation service, a remote control (for example, remote air conditioning) service, an in-car Wi-Fi (registered trademark) service, and an emergency call service can be exemplified. The vehicle 1 may have an in-vehicle terminal for providing the services in addition to the apparatuses illustrated in
The DCM 10 is an apparatus for performing wireless communication with a predetermined network in order to connect a component of the vehicle 1 (for example, the in-vehicle terminal) and the server apparatus 3. In the present embodiment, the DCM 10 is configured to be connectable to a cellular communication network determined in advance. The DCM 10 includes an eUICC (embedded universal integrated circuit card) for identifying a user. The eUICC may be a physical SIM card or may be eSIM. Hereinafter, the eUICC that the DCM 10 includes will be referred to as a first SIM.
In the example illustrated in
In the present embodiment, the carrier network A is connected to the communication system 2. The communication system 2 is a network that connects the carrier network A and a PDN (packet data network) such as the Internet.
It can be assumed that the carrier network A is a network operated by a carrier, and the communication system 2 is a system operated by the manufacturer of the vehicle 1. By mutually communicating them, it becomes possible to provide, for example, a service unique for the vehicle 1 by the communication system 2.
In the present embodiment, the carrier network A provides only a communication line, and the communication system 2 provides authentication of the DCM 10 and provides services for the DCM 10. The DCM 10 includes the first SIM that stores profile information for receiving authentication by the communication system 2. The first SIM was issued by a business operator that operates the communication system 2 (for example, a vehicle manufacturer). The communication system 2 includes the authentication apparatus 20 for authenticating the DCM 10.
The DCM 10 connects to the communication system 2 via the carrier network A and receives authentication from the communication system 2 using the profile information stored in the first SIM. In the present embodiment, the authentication apparatus 20 of the communication system 2 performs authentication of the DCM 10 based on the profile information included in the first SIM. It becomes possible for the DCM 10, which has been authenticated, to communicate with a PDN (for example, the Internet) and start communication with the server apparatus 3.
In the form in which the DCM 10 directly connects to a cellular communication network (the carrier network A) as illustrated in
In order to cope with this, a technique is also proposed in which a plurality of pieces of profile information are stored in a SIM to switch a network according to a situation (for example, connect to another carrier network).
Even in the case of adopting such a configuration, however, it is not possible to respond to generational changes in cellular communication standards. For example, as for conventional communication standards such as 3G, it is expected that services will be sequentially stopped. Meanwhile, since automobiles are generally used over a long span such as ten years or more, it is assumed that communication apparatuses such as DCMs equipped at the time of manufacture cannot be used in the future. In order to change a carrier network, it is necessary to change a SIM card and a communication module, which requires a large amount of cost.
In order to cope with this, the DCM 10 is configured so that another communication apparatus can be externally connected thereto in the present embodiment. Thereby, when it becomes impossible to use the carrier network A, an alternative communication route is secured via the communication apparatus.
As illustrated in
The communication apparatus 11 is an apparatus capable of performing wireless communication according to any communication standard. For example, even when services according to the communication standard adopted by the DCM 10 end, the DCM 10 can continue communication via the communication apparatus 11.
The communication apparatus 11 is an apparatus having a communication function similar to that of the DCM 10. The communication apparatus 11 includes a second SIM and can connect to the carrier network B based on profile information stored in the second SIM.
The carrier network B is a cellular communication network independent of the carrier network A and the communication system 2. For example, the user of the vehicle 1 selects the carrier network B, makes a contract, and prepares the communication apparatus 11 corresponding to the contract.
Since the carrier network B is a network independent of the communication system 2, it is not possible to immediately connect the carrier network B and the communication system 2 with each other. Therefore, in the present embodiment, it is possible to, by the DCM 10, which has connected to the carrier network B, establishing an IPsec tunnel with an ePDG (the enhanced Packet Data Gateway) of the communication system 2, connect to the communication system 2 via the carrier network B and an IP communication network beyond the carrier network B.
The communication system 2 includes a gateway (ePDG) for accommodating access from the IP communication network. The ePDG is a gateway for accommodating untrusted non-3GPP wireless access. Thereby, the communication system 2 can accept access via the IP communication network (via the carrier network B) in addition to access via a wireless access network (the carrier network A). The IP communication network is typically the Internet but may be a network other than the Internet.
Thereby, it becomes possible for the DCM 10, which has connected to the carrier network B, to communicate with the communication system 2 through a route via the IP communication network (the Internet).
According to such a configuration, it becomes possible for the user of the vehicle 1 to, even when the carrier network A is not available, continue communication between the DCM 10 and the communication system 2 through any route.
When the DCM 10 connects to the communication system 2 via the carrier network A, the communication system 2 can confirm the authenticity of the DCM 10 by a SIM issued by the communication system 2 itself (the first SIM). On the other hand, when the DCM 10 is connected via the carrier network B, the communication system 2 cannot immediately trust the DCM 10 because only authentication by the carrier network B (authentication using the second SIM) has been performed.
Therefore, in the present embodiment, the communication system 2 (the authentication apparatus 20) authenticates the DCM 10 connected via the ePDG, using authentication information that the first SIM includes, similarly to the case of connection via the carrier network A.
Thereby, even when the communication route between the DCM 10 and the communication system 2 changes, the communication system 2 can continue robust authentication equal to that of cellular communication without changing the apparatus configuration.
Furthermore, in the present embodiment, the authentication apparatus 20 shares a result of authenticating the DCM 10 as described above, with the server apparatus 3. Further, the authentication apparatus 20 has a function of authenticating the server apparatus 3 and shares a result of authenticating the server apparatus 3 with the DCM 10. The authentication result may be transmitted or shared using a predetermined API (application programming interface).
In the present embodiment, since the authentication apparatus 20 shares results of authenticating the DCM 10 and the server apparatus 3, with the server apparatus 3 and the DCM 10, respectively, it is possible for the DCM 10 and the server apparatus 3 to confirm that their communication counterparts are authenticated, without locally executing an authentication process. Further, thereby, it becomes unnecessary to exchange certificates between the DCM 10 and the server apparatus 3, and, therefore, a processing load on the DCM 10 can be reduced.
Furthermore, the authentication apparatus 20 can confirm that the user of the vehicle 1 is a contractor himself by authenticating the DCM 10. That is, by the authentication apparatus 20 and the server apparatus 3 sharing an authentication result, it becomes possible for the server apparatus 3 to confirm that the user of the vehicle 1 is the contractor himself. Thereby, an advantage occurs that, at the time of starting use of a service, it becomes unnecessary to perform an identity verification process (for example, acquisition of an identification card, or the like).
The carrier network A includes the cellular communication base station (hereinafter, the eNodeB), a control apparatus (a mobile management entity, hereinafter, an MME) that manages mobile communication terminals including the DCM 10, and a gateway (a serving gateway, hereinafter, an S-GW) that relays data.
The communication system 2 includes a gateway (a packet gateway, hereinafter, a P-GW) for connecting an EPC network to the Internet and an apparatus (hereinafter, a PCRF) that performs network policy and accounting management.
Further, as described before, the communication system 2 includes the gateway (the ePDG) that accommodates access from the IP communication network and the authentication apparatus 20.
The authentication apparatus 20 is also called an AAA (authentication authorization and accounting) server, and executes a process for authenticating mobile communication terminals including the DCM 10. The authentication apparatus 20 has a function of performing authentication instead of an MME of an ordinary EPC network. The authentication apparatus 20 is connected to a database (a home subscriber server, hereinafter, an HSS) that manages subscriber information, and performs authentication of a mobile communication terminal based on information (authentication information corresponding to each first SIM) stored in the database.
The carrier network B has a function of authenticating the mobile communication terminal (the communication apparatus 11) via a base station (an eNodeB). The carrier network B includes a P-GW connected to the IP communication network (for example, the Internet). Thereby, the mobile communication terminal (the communication apparatus 11) connected to the carrier network B can perform communication with the IP communication network.
In the case of establishing connection using its own wireless communication module, the DCM 10 transmits a connection request to the communication system 2 via the carrier network A. At this time, the DCM 10 receives authentication from the authentication apparatus 20, using the authentication information included in the profile information (hereinafter referred to as a first profile) stored in the first SIM.
Further, in the case of establishing connection via the communication apparatus 11, the DCM 10 transmits a connection request to the communication system 2 with the ePDG of the communication system 2 as a destination. Since the ePDG is a gateway that accommodates access from the IP communication network as described before, the DCM 10 can communicate with the communication system 2 via the ePDG. At this time, the DCM 10 receives authentication from the authentication apparatus 20, using the authentication information included in the profile information (the first profile) stored in the first SIM.
That is, the DCM 10 is configured to receive authentication from the authentication apparatus 20 with the same authentication information (the authentication information included in the first profile) irrespective of a route to the communication system 2.
The connection request is processed by the authentication apparatus 20 of the communication system 2, and authentication is executed between the DCM 10 and the authentication apparatus 20. The authentication apparatus 20 performs authentication of the DCM 10 based on the authentication information included in the first profile. When the authentication is completed, a route from the DCM 10 to the PDN is established, and it becomes possible for the DCM 10 and the server apparatus 3 to perform communication.
In the present embodiment, the DCM 10 receives authentication from the authentication apparatus 20 with the same authentication information (profile information) in the case of a route for directly connecting to the communication system 2 via the cellular communication network (a first route illustrated in
Furthermore, the authentication apparatus 20 shares a result of authenticating the DCM 10 with the server apparatus 3. Further, the authentication apparatus 20 authenticates the server apparatus 3, which is a communication counterpart of the DCM 10, in advance and shares a result of the authentication with the DCM 10. If there are a plurality of server apparatuses 3, the plurality of server apparatuses 3 may be authenticated in advance. Thereby, the DCM 10 and the server apparatus(es) 3 can mutually confirm authenticity of their counterparts without exchange of certificates, and the like.
Next, a hardware configuration of each of the apparatuses constituting the system will be described.
The DCM 10 can be configured as a computer including processors (a CPU, a GPU, and the like), main memories (a RAM, a ROM, and the like), and auxiliary storage devices (an EPROM, a hard disk drive, a removable medium, and the like). In an auxiliary storage device, an operating system (OS), various kinds of programs, various kinds of tables, and the like are stored, and each of functions (software modules) corresponding to predetermined purposes, as described later, can be realized by executing a program stored in the auxiliary storage device. A part or all of the functions may be realized as a hardware module by a hardware circuit such as an ASIC, an FPGA, or the like.
The DCM 10 includes a controller 101, a storage 102, a wireless communication module 103, a CAN communication module 104, and an expansion interface 105.
The controller 101 is an arithmetic unit that realizes various kinds of functions of the DCM 10 by executing a predetermined program. The controller 101 can be realized by a hardware processor, for example, a CPU. Further, the controller 101 may include a RAM, a ROM (read-only memory), a cache memory, and the like.
The storage 102 is means for storing information, and is configured with a storage medium such as a RAM, a magnetic disk, or a flash memory. In the storage 102, programs executed by the controller 101, and data and the like used by the programs are stored.
The wireless communication module 103 is a communication device that performs wireless communication with a predetermined network. In the present embodiment, the wireless communication module 103 is configured to be communicable with a predetermined cellular communication network (the carrier network A).
The wireless communication module 103 includes a SIM card 103A. The SIM card 103A is the first SIM in
The CAN communication module 104 is a communication interface for connecting the DCM 10 to the in-car network of the vehicle 1. The CAN communication module 104 may be configured to include a network interface board for performing communication according to the CAN (Controller Area Network) protocol. The DCM 10 can perform data communication with the other components (for example, the in-vehicle terminal) of the vehicle 1 via the CAN communication module 104.
The expansion interface 105 is an interface for mutually connecting the DCM 10 and the communication apparatus 11. The expansion interface 105 is, for example, a USB interface. The DCM 10 is configured to be connectable to the communication apparatus 11, for example, via the USB interface.
Next, the hardware configuration of the communication apparatus 11 will be described.
The communication apparatus 11 includes a controller 111, a storage 112, a wireless communication module 113, and an interface 114.
Similarly to the controller 101, the controller 111 is an arithmetic unit that realizes various kinds of functions of the communication apparatus 11 by executing a predetermined program. The controller 111 can be realized by a hardware processor, for example, a CPU.
The storage 112 is means for storing information, and is configured with a storage medium such as a RAM, a magnetic disk, or a flash memory. In the storage 112, programs executed by the controller 111, and data and the like used by the programs are stored.
The wireless communication module 113 is a communication device that performs wireless communication with a predetermined network. In the present embodiment, the wireless communication module 113 is configured to be communicable with a predetermined cellular communication network (the carrier network B).
The wireless communication module 113 includes a SIM card 113A. The SIM card 113A is the second SIM in
The interface 114 is an interface for mutually connecting the DCM 10 and the communication apparatus 11. The communication apparatus 11 is configured to be connectable to the DCM 10, for example, via an interface such as a USB interface.
Next, the hardware configuration of the authentication apparatus 20 will be described.
The authentication apparatus 20 is configured as a computer that includes a controller 201, a storage 202, and a communication module 203.
The authentication apparatus 20 can be configured as a computer including processors (a CPU, a GPU, and the like), main memories (a RAM, a ROM, and the like), and auxiliary storage devices (an EPROM, a hard disk drive, a removable medium, and the like). A part or all of the functions (software modules) may be realized as a hardware module by a hardware circuit such as an ASIC, an FPGA, or the like.
The controller 201 is an arithmetic unit that realizes various kinds of functions (software modules) of the authentication apparatus 20 by executing a predetermined program. The controller 201 can be realized by a hardware processor, for example, a CPU.
The storage 202 is means for storing information, and is configured with a storage medium such as a RAM, a magnetic disk, or a flash memory. In the storage 202, programs executed by the controller 201, and data and the like used by the programs are stored.
The communication module 203 is a communication interface for connecting the authentication apparatus 20 to the communication system 2. The authentication apparatus 20 is capable of performing data communication with other apparatuses arranged in the communication system 2 via the communication module 203.
Next, a software configuration of each of the apparatuses constituting the system will be described.
In the present embodiment, the controller 101 of the DCM 10 includes a software module of a communication controller 1011. The software module may be realized by executing a program stored in the storage 102 by the controller 101 (the CPU). Information processing executed by the software module is the same as the information processing executed by the controller 101 (the CPU).
Further, the SIM card 103A (the first SIM) included in the wireless communication module 103 is configured to store the first profile, which is SIM profile information. The first profile is a profile issued by a business operator that manages the communication system 2. The first profile includes, for example, identification information such as an IMSI (international mobile subscription identity) and an ICCID (integrated circuit card ID), and authentication information (key information) for receiving SIM authentication including AKA authentication.
The communication controller 1011 establishes a network connection in response to a request from a vehicle component of the vehicle 1. The communication controller 1011 may be configured to be capable of selecting a network used for connection. For example, when the first SIM is inserted in the DCM 10, the DCM 10 can perform network connection via the carrier network A. Further, when the communication apparatus 11 including the second SIM is connected to the DCM 10, the DCM 10 can perform network connection via the carrier network B. When a plurality of networks are available, the communication controller 1011 may decide a network used for connection based on selection by the user.
In the case of performing network connection via the carrier network A, the communication controller 1011 receives authentication from the authentication apparatus 20 using the profile information (the first profile) stored in the first SIM.
In the case of performing network connection via the carrier network B, the communication controller 1011 executes a process for requesting the communication apparatus 11 to connect to the carrier network B first. Secondly, after the communication apparatus 11 connecting to the carrier network B, the communication controller 1011 interacts with the communication system 2 (the authentication apparatus 20) via the carrier network B and executes a process for receiving authentication from the authentication apparatus 20.
Next, the software configuration of the communication apparatus 11 will be described.
In the present embodiment, the controller 111 of the communication apparatus 11 includes a software module of a communication controller 1111. The software module may be realized by executing a program stored in the storage 112 by the controller 111 (the CPU). Information processing executed by the software module is the same as the information processing executed by the controller 111 (the CPU).
Further, the SIM card 113A (the second SIM) included in the wireless communication module 113 is configured to store a second profile, which is SIM profile information. The second profile is a profile issued by a carrier that manages the carrier network B. Similarly to the first profile, the second profile includes, for example, identification information such as an IMSI and an ICCID, and authentication information (key information) for receiving SIM authentication.
The communication controller 1111 establishes a network connection in response to a request from the DCM 10. When connection is requested by the DCM 10, the communication controller 1111 performs network connection via the carrier network B. At this time, the communication controller 1111 receives authentication from a control apparatus (an MME) of the carrier network B, using the profile information (the second profile) stored in the second SIM.
Next, the software configuration of the authentication apparatus 20 will be described.
In the present embodiment, the controller 201 of the authentication apparatus 20 includes two software modules, a terminal authentication unit 2011 and a server authentication unit 2012. Each software module may be realized by executing a program stored in the storage 202 by the controller 201 (the CPU). Information processing executed by the software module is the same as the information processing executed by the controller 201 (the CPU).
In response to a request from the DCM 10, the terminal authentication unit 2011 executes a process for authenticating the DCM 10. The authentication process can be executed, for example, according to the following sequence stipulated by 3GPP (registered trademark):
Further, the terminal authentication unit 2011 may execute processes required to register the DCM 10 with the communication system 2 in addition to the above.
The server authentication unit 2012 executes a process for authenticating the server apparatus 3 which is a communication counterpart of the DCM 10. For example, the server authentication unit 2012 acquires an electronic certificate issued by a certificate authority from the server apparatus 3 which is the communication counterpart of the DCM 10. The server authentication unit 2012 can verify whether the acquired electronic certificate corresponds to the server apparatus 3 or not, by decrypting the electronic certificate with a public key of the authentication authority. A process for the server authentication unit 2012 to authenticate the server apparatus 3 is not limited to such a process using an electronic certificate as exemplified above.
The authentication process is executed at any timing before the DCM 10 starts communication with the server apparatus 3.
The terminal authentication unit 2011 that has confirmed the authenticity of the DCM 10 by authentication and the server authentication unit 2012 that has confirmed the authenticity of the server apparatus 3 share the authentication results with each other. That is, the terminal authentication unit 2011 transmits the result of authentication of the DCM 10 to the server apparatus 3, and the server authentication unit 2012 transmits the result of authentication of the server apparatus 3 to the DCM 10. Thereby, the DCM 10 and the server apparatus 3 can confirm that their communication counter parts are authenticated. The authentication results can be treated as valid until the DCM 10 is disconnected from the communication system 2.
Next, details of the process executed at the time of the DCM 10 connecting to the communication system 2 will be described.
First, at step S11, the communication controller 1011 of the DCM 10 decides a network to be used for connection. For example, when a valid first SIM is inserted in the DCM 10, the communication controller 1011 can decide to perform connection using the carrier network A illustrated in
When a plurality of networks are available, which of the networks is to be used may be decided based on a selection made by the user.
Next, at step S12, the communication controller 1011 determines whether the network to be used for connection is for direct connection via the cellular communication network or for connection by tethering. The direct connection via the cellular communication network is a form in which the DCM 10 connects to the communication system 2 via the carrier network A, using the built-in wireless communication module 103. The connection by tethering is a form in which the communication apparatus 11 connected to the DCM 10 connects to the carrier network B, and the DCM 10 connects to the communication system 2 via the IP communication network, through the communication apparatus 11.
If the network to be used for connection is the direct connection via the cellular communication network, the process transitions to step S13. If the network to be used for connection is the connection by tethering, the process transitions to step S14.
At step S13, the communication controller 1011 transmits an authentication request to the carrier network A, and the communication system 2 authenticates the DCM 10.
At the present step, the communication controller 1011 transmits the authentication request to the carrier network A, for example, via the base station of the carrier network A. The authentication request may be data for starting an authentication procedure (for example, an attach request stipulated by 3GPP) or may be data that includes substantial data required for authentication. The authentication request reaches the communication system 2 via the carrier network A. For example, the MME of the carrier network A that receives the authentication request may transfer the authentication request to the authentication apparatus 20 of the communication system 2.
Next, the authentication apparatus 20 of the communication system 2 starts authentication of the DCM 10 according to the authentication request. For example, the authentication apparatus 20 request data to be used for authentication (hereinafter, authentication-related data) from the HSS of the communication system 2. The authentication apparatus 20 authenticates the DCM 10 using the received authentication-related data and the information recorded in the first SIM included in the DCM 10 (details will be described later).
If the authentication apparatus 20 succeeds in the authentication of the DCM 10, establishment of a communication line in a control plane and a user plane is executed by the communication system 2. Thereby, the DCM 10 is into a state of being communicable with the server apparatus 3 via the P-GW of the communication system 2.
If the process transitions to step S14, the DCM 10 instructs the communication apparatus 11 to perform network connection. In response thereto, the communication apparatus 11 starts connection using the carrier network B. Specifically, the controller 111 of the communication apparatus 11 transmits an authentication request to the carrier network B via the base station of the carrier network B. The authentication request is received by the MME of the carrier network B, and the MME authenticates the communication apparatus 11 based on the authentication-related data acquired from the HSS. For the authentication, the profile information stored in the second SIM is used.
When the authentication is completed, a communication line is established between the communication apparatus 11 and the carrier network B, and, thereby, the communication apparatus 11 becomes communicable with the IP communication network via the P-GW.
When the communication apparatus 11 becomes communicable with the IP communication network, authentication is started between the DCM 10 and the communication system 2 at step S15. At step S15, the DCM 10 transmits an authentication request to the communication system 2 through a route via a tethering-destination carrier network (that is, the carrier network B). The authentication request reaches the communication system 2 via the IP communication network and the ePDG and is received by the authentication apparatus 20.
Next, the authentication apparatus 20 starts authentication of the DCM 10 according to the received authentication request. A procedure for the authentication is similar to that described in the description of step S13. That is, at this step also, authentication of the DCM 10 is executed based on the profile information stored in the first SIM.
If the authentication apparatus 20 succeeds in the authentication of the DCM 10, establishment of a communication line is executed by the communication system 2. Thereby, the DCM 10 connected to the communication system 2 via the ePDG is into a state of being communicable with the server apparatus 3 via the P-GW. The establishment of a communication line and relay of data using the communication line may be executed by the authentication apparatus 20 or may be executed by another apparatus included in the communication system 2.
The communication system 2 does not relay communication between apparatuses between which a communication line has not been established. Thereby, for example, communication with the DCM 10 performed by a server apparatus that has not been authenticated is blocked by the communication system 2.
Next, an authentication-related process executed by the authentication apparatus 20 will be described.
As described before, in the present embodiment, the authentication apparatus 20 provides information about a result of authentication of the DCM 10 for the server apparatus 3 which is a communication counterpart of the DCM 10. Similarly, the authentication apparatus 20 authenticates the server apparatus 3 in advance and provides a result of the authentication for the DCM 10. Thereby, the DCM 10 and the server apparatus 3 can mutually confirm authenticity without directly performing mutual authentication.
Therefore, it is necessary for the communication system 2 to authenticate the server apparatus 3 at a timing before the DCM 10 is connected. Step S21 is a step for the authentication apparatus 20 to authenticate the server apparatus 3 on the Internet (the PDN). At this step, for example, the authentication apparatus 20 (the server authentication unit 2012) acquires an electronic certificate from the server apparatus 3 and decrypts the electronic certificate with a public key of the certificate authority. Thereby, it is possible to verify whether the acquired electronic certificate corresponds to the server apparatus 3 or not. The present step may be skipped after authentication of the server apparatus 3 is completed.
Next, at step S22, the terminal authentication unit 2011 acquires authentication-related data from the HSS. The authentication-related data is data used to authenticate the DCM 10. As the authentication-related data, for example, a challenge, authentication token, expected response value, or the like issued by the HSS (in the case of performing AKA authentication between the authentication apparatus 20 and the DCM 10) can be exemplified. The AKA authentication is an authentication method using a challenge response, which is for performing authentication of a terminal using a SIM card. The authentication-related data may be subscriber information.
At step S23, the terminal authentication unit 2011 authenticates the DCM 10 based on the authentication-related data. In the case of performing AKA authentication, the authentication apparatus 20 transmits a challenge to the DCM 10, and the DCM 10 generates a response in response thereto. The response is generated based on the authentication information (the key information) included in the profile information stored in the first SIM. If the generated response corresponds to the authentication-related data provided by the HSS, the authentication of the DCM 10 can be regarded as being successful.
Though AKA authentication has been exemplified as a method for authenticating the DCM 10, authentication may be executed by any other method if the method is a method of performing authentication based on information stored in a SIM card.
Next, at step S24, the terminal authentication unit 2011 transmits a result of authenticating the DCM 10 to the server apparatus 3. For example, the terminal authentication unit 2011 generates data in which an IP address or MAC address assigned to the DCM 10 and the authentication result are associated and transmits the data to the server apparatus 3. Thereby, the server apparatus 3 can confirm that the connected DCM 10 is authenticated. Especially, the DCM 10 which is connected to the communication system 2 and for which authentication has been completed can be regarded as being authenticated unless it is disconnected from the communication system 2.
Next, at step S25, the server authentication unit 2012 transmits a result of authenticating the server apparatus 3 to the DCM 10. For example, the server authentication unit 2012 generates data in which an IP address or MAC address assigned to the server apparatus 3 and the authentication result are associated and transmits the data to the DCM 10. Thereby, the DCM 10 can confirm that the server apparatus 3, which is a connection destination, is authenticated.
Though the DCM 10 performs communication via the IP communication network for which security is not ensured, it is possible to regard a counterpart-side apparatus (the server apparatus 3) as a trustable counterpart as far as the DCM 10 performs communication via the ePDG of the communication system 2.
As described above, the DCM 10 according to the first embodiment is configured such that the communication apparatus 11 can be connected thereto, and can perform communication with the communication system 2 via any cellular communication network through the communication apparatus 11. Thereby, even if it becomes impossible to use the wireless communication module included in the DCM 10, it is possible to secure an alternative communication route and continue communication.
Furthermore, the authentication apparatus 20 according to the first embodiment performs authentication of the DCM 10 and the server apparatus 3 in the communication system 2 using the profile information stored in the first SIM, irrespective of a route of access from the DCM 10, and shares results of the authentications with the server apparatus 3 and the DCM 10, respectively. Thereby, it becomes unnecessary to exchange certificates and the like between the DCM 10 and the server apparatus 3 each time, and resources for authentication can be saved.
Furthermore, since the authentication information used for authentication by the DCM 10 relates to a SIM contract, it can be considered that identity verification has been performed, by the authentication apparatus 20 having authenticated the DCM 10. Therefore, the server apparatus 3 can recognize that the user of the vehicle 1 is a contractor himself without performing an additional identity verification process.
In the first embodiment, a communication route other than the carrier network A is added by connecting the communication apparatus 11 to the DCM 10. Since the communication route is a route utilizing tethering, it is also possible to use still another carrier network by replacing the communication apparatus 11.
As illustrated in
Furthermore, though an example of securing an alternative route by USB tethering is shown in the first embodiment, an alternative route may be a route by Wi-Fi tethering. In this case, the DCM 10 may be configured to be wirelessly connectable to a smartphone or the like owned by the user of the vehicle 1. In this case, the communication apparatus 11 exemplified in the first embodiment is replaced with the smartphone or the like.
The above embodiment is merely an example, and the present disclosure can be appropriately changed and practiced within a range not departing from the spirit thereof.
For example, the processes and means described in the present disclosure can be freely combined and implemented as far as technical contradiction does not occur.
Further, though 4G (LTE-Advanced) is exemplified as the standard of the cellular communication network in the description of the embodiment, 3G, 5G or the like can be also adopted as the communication standard. In this case, the ePDG can be replaced with an N3IWF (non-3GPP Interworking Function) (in the case of 5G), a PDG (in the case of 3G), or the like.
Further, though the DCM 10 is exemplified as a mobile communication terminal in the description of the embodiment, the mobile communication terminal may be an IoT terminal.
Further, though the DCM 10 is assumed to be connectable to the carrier network A in the description of the embodiment, the DCM 10 does not necessarily have to include the wireless communication module 103, and may not have a function of connecting to the carrier network A. That is, the DCM 10 may be configured such that it is necessary to perform communication via the communication apparatus 11. Even in this case, the DCM 10 receives authentication from the authentication apparatus 20 using the profile information stored in the first SIM. In such a configuration, the first SIM is not used to connect to a carrier network but used only for authentication.
Further, though an example of authenticating the DCM 10 using profile information stored in a SIM is given in the description of the embodiment, the DCM 10 may be authenticated by any other method. For example, the DCM 10 may hold a pair of key information and an electronic certificate (for example, issued by the certificate authority) for proving the authenticity of the key information in the storage 102. It is also possible for the authentication apparatus 20 to authenticate the DCM 10 using such information. In any case, authentication is executed using the same authentication information irrespective of a communication route.
Further, a process described as being performed by one apparatus may be shared and executed by a plurality of apparatuses. Or alternatively, processes described as being performed by different apparatuses may be executed by one apparatus. In a computer system, in what hardware configuration (server configuration) each function is realized can be flexibly changed.
The present disclosure can be realized by supplying a computer program implemented with the functions described in the above embodiment to a computer, and one or more processors of the computer reading out and executing the program. Such a computer program may be provided for the computer by a non-transitory computer-readable storage medium connectable to the system bus of the computer or may be provided for the computer via a network. As the non-transitory computer-readable storage medium, for example, any type of disk such as a magnetic disk (a floppy (registered trademark) disk, a hard disk drive (HDD), or the like) and an optical disc (a CD-ROM, a DVD disc, a Blu-ray disc, or the like), a read-only memory (ROM), a random-access memory (RAM), an EPROM, an EEPROM, a magnetic card, a flash memory, an optical card, and any type of medium that is appropriate for storing electronic commands are included.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2023-094056 | Jun 2023 | JP | national |
