The present invention relates to a technology of acquiring a user identifier in a communication system.
As disclosed in Non-Patent Literature 1 for example, a service of executing high load processing such as encryption and transfer processing relating to an IoT device on a cloud has been provided.
In such a service, communication of an IoT device incapable of encryption processing due to CPU or power limitation can be encrypted (HTTP→HTTPS or the like), and troublesome processing such as management of a certificate and coping with vulnerability can be offloaded to a cloud. Thus, a user can easily utilize encrypted communication.
In addition, packets can be distributed to various kinds of servers for each user while fixing a transmission destination end point of the IoT device by transfer processing. That is, a different service can be provided for each user.
Non-Patent Literature 1: SORACOM “SORACOM Beam” https://soracom.jp/services/beam/
Non-Patent Literature 2: ITmedia@IT “Unknown LTE network configuration” https://www.atmarkit.co.jp/ait/articles/1001/13/news105_2.html
In order to provide a different service for each user, a transfer device which provides a transfer function needs to be able to identify the user. Therefore, it is conceivable that the transfer device is deployed on a network (a substantial carrier network) closely coupled with a carrier network so as to easily identify the user from a customer database held by a carrier or the like.
However, it is sometimes not easy to deploy a transfer device on a network closely coupled with a carrier network and provide services depending on a service provider from a viewpoint of profitability and operations or the like.
That is, depending on the service provider, there is a case where it is desired to deploy the transfer device on a network (service provider network or the like) different from the carrier network and provide a different service for each user. However, in a form that the transfer device is deployed on the network different from the carrier network, the user cannot be identified from a packet received by the transfer device so that the different service cannot be provided for each user.
The present invention is implemented in consideration of the point described above, and an object is to provide a technology which enables a transfer device provided on a service provider network different from a carrier network to provide a different service for each user.
According to a disclosed technology, a transfer device is provided on a service provider network different from a carrier network, and the transfer device includes:
an identifier inquiry unit configured to acquire a user identifier from an intra-carrier-network database storing an IP address and the user identifier using a transmission source IP address of a packet received from a user terminal to which the IP address is allocated from the carrier network; and
a data processing unit configured to execute processing to the packet according to the user identifier.
According to the disclosed technology, a different service can be provided for each user by the transfer device provided on the service provider network different from the carrier network.
Hereinafter, the embodiment of the present invention (the present embodiment) will be described with reference to the drawings. The embodiment described below is just an example, and the embodiment to which the present invention is applied is not limited to the embodiment below.
(Description of Related Technology)
Before describing a technology relating to the present embodiment, the related technology will be described first. The related technology is a form of deploying a transfer device on a network closely coupled with a carrier network.
A packet is transmitted from a user terminal 1 in S1, and the transfer device 2 receives the packet. In the carrier network 6, the packet is transferred by a tunneling protocol such as GTP-U of LTE so that the transfer device 2 can specify the user identifier by header information of the received packet.
In S2, the transfer device 2 acquires the information of a service subscribing situation of the user from the SO database 3 using the user identifier. In S3, the transfer device 2 executes data processing according to the service subscribing situation of the user. Note that the processing (such as encryption or transfer) to the received packet is generically referred to as the data processing.
In the related technology, it is a premise that the transfer device 2 can identify the user from the received packet. Accordingly, as illustrated in
In the configuration in
Hereinafter, as a technology for solving the problem described above, the system relating to the present embodiment will be described.
(About System Relating to Present Embodiment)
Similarly to the case of
The carrier network 6 is, for example, a mobile network of the LTE, 5G or the like or the fixed network of NGN or the like. Functions of individual devices are as follows.
The transfer device 100 receives the packet transmitted from the user terminal 1, acquires the user identifier (for example, IMSI (International Mobile Subscriber Identity) in the mobile network) of the user of the user terminal 1 from the intra-carrier-network database 400 via the identifier acquisition interface device 300 based on a transmission source IP address of the received packet, and acquires SO information (the information of the service that the user subscribes to or the like) from the SO database 200 based on the user identifier. The transfer device 100 executes the processing to the packet according to the service that the user subscribes to. Specifically, the transfer device 100 performs data encryption of the packet, packet transfer to the database 4 and packet transfer to the customer server or the like 5 or the like.
The intra-carrier-network database 400 installed on the carrier network 6 is a database which stores an IP address discharged to the user terminal 1 and the user identifier (the IMSI or the like) in correspondence.
The identifier acquisition interface device 300 receives an inquiry including the transmission source IP address of the packet from the transfer device 100, acquires the user identifier from the intra-carrier-network database 400 using the transmission source IP address, and performs transmission to the transfer device 100. In this way, by interposing the identifier acquisition interface device 300, inter-network connection is easily and flexibly achieved.
As already described, the carrier network 6 is the mobile network of the LTE, the 5G or the like or the fixed network of the NGN or the like.
In the case where the carrier network 6 is the mobile network, the intra-carrier-network database 400 corresponds to a subscriber information management device (such as an HLR (Home Location Register) or an HSS (Home Subscriber Server)) which stores the IP address and the IMSI.
In the case where the carrier network 6 is the fixed network, the intra-carrier-network database 400 corresponds to a database held by a DHCP server which discharges a global IP address.
The identifier acquisition interface device 300 can bear a connection point with one or more different carrier networks. The identifier acquisition interface device 300 is a Rasius server for example. The identifier acquisition interface device 300 may be configured to interact with the plurality of carrier networks by one device, or may be provided for each carrier network to be connected.
Since the intra-carrier-network database 400 is different for each carrier network, a method that the identifier acquisition interface device 300 acquires the user identifier from the intra-carrier-network database 400 is different according to the intra-carrier-network database 400 for each carrier network.
On the other hand, an inquiry method from the transfer device 100 to the identifier acquisition interface device 300 can be unified regardless of the carrier network. Thus, the transfer device 100 can inquire the user identifier without being conscious of a type (such as the fixed network or the mobile network) of the carrier network.
That is, by the technology relating to the present embodiment, in the transfer device 100, an inquiry function to the identifier acquisition interface device 300 does not need to be mounted for each kind of the carrier network. In addition, by the technology relating to the present embodiment, the plurality of different carrier networks can be handled as a group of the same user. For example, by the technology relating to the present embodiment, the same service can be provided in the fixed network and the mobile network.
(Device Configuration)
The packet reception unit 110 receives the packet from the user terminal 1. The identifier inquiry unit 120 transmits a user identifier inquiry to the identifier acquisition interface device 300 using the transmission source IP address of the packet, and receives the user identifier from the identifier acquisition interface device 300. The service subscribing situation acquisition unit 130 acquires the information indicating the service subscribing situation of the user (such as the service that the user subscribes to) from the SO database 200 using the user identifier.
The data processing unit 140 performs the data processing according to the service subscribing situation (the subscribing service or the like) of the user corresponding to the received packet.
The inquiry reception unit 310 receives the user identifier inquiry including the transmission source IP address from the transfer device 100. The identifier acquisition unit 320 acquires the user identifier from the intra-carrier-network database 400 using the transmission source IP address. The identifier transmission unit 330 transmits the user identifier acquired by the identifier acquisition unit 320 to the transfer device 100.
Both of the transfer device 100 and the identifier acquisition interface device 300 can be achieved by making a computer execute a program, for example. The computer may be a physical computer or may be a virtual machine.
That is, the device (the transfer device 100 or the identifier acquisition interface device 300) can be achieved by executing the program corresponding to the processing executed in the device using a hardware resource such as a CPU or a memory built in the computer. The program can be recorded in a computer-readable recording medium (such as a portable memory), preserved and distributed. In addition, it is also possible to provide the program via the network of the Internet or electronic mail or the like.
The program which achieves the processing in the computer is provided by a recording medium 1001 such as CD-ROM or a memory card, for example. When the recording medium 1001 storing the program is set to the drive device 1000, the program is installed from the recording medium 1001 to the auxiliary storage device 1002 via the drive device 1000. However, the program does not need to be always installed from the recording medium 1001, and may be downloaded from another computer via the network. The auxiliary storage device 1002 stores the installed program and also stores required files and data or the like.
In the case where activation of the program is instructed, the memory device 1003 reads and stores the program from the auxiliary storage device 1002. The CPU 1004 achieves the function relating to the device according to the program stored in the memory device 1003. The interface device 1005 is used as an interface to be connected to the network and functions as an input means and an output means via the network. The display device 1006 displays a GUI (Graphical User Interface) or the like by the program. The input device 157 is configured by a keyboard and a mouse, buttons or a touch panel or the like, and is used to input various operation instructions.
(Operation Example)
The operation example of the system relating to the present embodiment will be described with reference to a sequence diagram in
In S101, the user terminal 1 transmits the IP packet. The packet reception unit 110 of the transfer device 100 receives the IP packet.
In S102, the identifier inquiry unit 120 of the transfer device 100 transmits a user identifier inquiry signal including the transmission source IP address to the identifier acquisition interface device 300. The inquiry reception unit 310 of the identifier acquisition interface device 300 receives the inquiry signal.
In S103 and S104, the identifier acquisition unit 320 of the identifier acquisition interface device 300 acquires the user identifier corresponding to the transmission source IP address in the intra-carrier-network database 400 from the intra-carrier-network database 400 by transmitting the transmission source IP address to the intra-carrier-network database 400.
In S105, the identifier transmission unit 330 of the identifier acquisition interface device 300 transmits the user identifier acquired by the identifier acquisition unit 320 to the transfer device 100. In the transfer device 100, the identifier inquiry unit 120 receives the user identifier.
In S106 and S107, the service subscribing situation acquisition unit 130 of the transfer device 100 acquires the SO information (the information of the service that the user subscribes to or the like) corresponding to the user identifier in the SO database 200 from the SO database 200 by transmitting the user identifier to the SO database 200.
In S108, the data processing unit 140 of the transfer device 100 transfers the packet (data) to a transfer destination server 5 which is the customer server or the like, for example, based on the SO information of the user.
Note that, in the present embodiment, it is not essential to be provided with the identifier acquisition interface device 300, and the identifier acquisition interface device 300 may not be provided. In that case, the identifier inquiry unit 120 of the transfer device 100 includes a function of acquiring the user identifier from the intra-carrier-network database 400 based on the transmission source IP address similarly to the identifier acquisition interface device 300.
In addition, it is also not essential to inquire the SO database 200 (acquire the SO information) after the transfer device 100 acquires the user identifier. That is, the data processing unit 140 of the transfer device 100 may perform the data processing corresponding to the user identifier without inquiring the SO database 200 in the case where data processing contents can be identified directly from the user identifier.
(Effects of Embodiment)
As described above, in the present embodiment, in a transfer device deployed in a network (service provider network) loosely coupled with a carrier network, a user identifier (for example, IMSI in a mobile network) is acquired from a database installed in the carrier network based on a transmission source IP address of a packet when the packet is received, SO information is acquired based on the identifier, and service provision for each user is achieved. In addition, an interface device for inquiry installed within the service provider network is interposed for the inquiry to the database of the carrier network so that inter-network connection is easily and flexibly achieved.
As described above, even in the case where the transfer device is deployed in the network loosely coupled with the carrier network, the service provision for each user is made possible. Further, since the IP address discharged to the user terminal 1 and the SO information can be linked, the service provision for each user is possible even in the case where the IP address discharged to the user terminal changes.
(Summary of Embodiment)
The present description discloses at least a transfer device, a data processing method and a program of individual clauses below.
(Clause 1)
A transfer device provided on a service provider network different from a carrier network, the transfer device including:
an identifier inquiry unit configured to acquire a user identifier from an intra-carrier-network database storing an IP address and the user identifier using a transmission source IP address of a packet received from a user terminal to which the IP address is allocated from the carrier network; and
a data processing unit configured to execute processing to the packet according to the user identifier.
(Clause 2)
The transfer device according to Clause 1,
wherein the identifier inquiry unit transmits an identifier inquiry including the transmission source IP address to an identifier acquisition interface device provided on the service provider network, and receives the user identifier acquired from the intra-carrier-network database by the identifier acquisition interface device from the identifier acquisition interface device.
(Clause 3)
The transfer device according to Clause 1 or 2,
wherein the data processing unit acquires information of a service that a user corresponding to the user identifier subscribes to from a database storing the information of the service by transmitting the user identifier to the database, and executes processing corresponding to the service.
(Clause 4)
A data processing method executed by a transfer device provided on a service provider network different from a carrier network, the method comprising:
an identifier inquiry step of acquiring a user identifier from an intra-carrier-network database storing an IP address and the user identifier using a transmission source IP address of a packet received from a user terminal to which the IP address is allocated from the carrier network; and
a data processing step of executing processing to the packet according to the user identifier.
(Clause 5)
A program for making a computer function as individual units in the transfer device according to any one of Clauses 1 to 3.
The present embodiment has been described above, however, the present invention is not limited to the specific embodiment, and various modifications and changes are possible within a scope of the gist of the present invention described in the scope of claims.
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/JP2020/003039 | 1/28/2020 | WO |