+

WO2010058847A1 - Système d’authentification, station de base de petite taille et procédé d’authentification - Google Patents

Système d’authentification, station de base de petite taille et procédé d’authentification Download PDF

Info

Publication number
WO2010058847A1
WO2010058847A1 PCT/JP2009/069732 JP2009069732W WO2010058847A1 WO 2010058847 A1 WO2010058847 A1 WO 2010058847A1 JP 2009069732 W JP2009069732 W JP 2009069732W WO 2010058847 A1 WO2010058847 A1 WO 2010058847A1
Authority
WO
WIPO (PCT)
Prior art keywords
base station
authentication
address
global
small base
Prior art date
Application number
PCT/JP2009/069732
Other languages
English (en)
Japanese (ja)
Inventor
克久 中村
吉雄 和田
孝起 林
雄一郎 亀岡
Original Assignee
ソフトバンクBb株式会社
日本電気株式会社
日本電気通信システム株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ソフトバンクBb株式会社, 日本電気株式会社, 日本電気通信システム株式会社 filed Critical ソフトバンクBb株式会社
Priority to CN200980146809.2A priority Critical patent/CN102224763B/zh
Priority to JP2010539264A priority patent/JP5414692B2/ja
Priority to US13/129,896 priority patent/US9241266B2/en
Priority to EP09827628.0A priority patent/EP2360986A4/fr
Publication of WO2010058847A1 publication Critical patent/WO2010058847A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2514Translation of Internet protocol [IP] addresses between local and global IP addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/042Public Land Mobile systems, e.g. cellular systems
    • H04W84/045Public Land Mobile systems, e.g. cellular systems using private Base Stations, e.g. femto Base Stations, home Node B

Definitions

  • the present invention relates to an authentication system, a small base station, and an authentication method, and in particular, an authentication system, a small base station, and an authentication system that can authenticate whether or not the installation position of the small base station is valid on the server side. It relates to the authentication method.
  • cell As a concept representing a communication area covered by a base station.
  • “femtocell” has been attracting attention as a cover for covering a narrow range with a radius of several tens of meters, such as in a home or office.
  • “Femtocell” refers to a femto base station that outputs radio waves at a level that covers such a narrow range, such as an ADSL (Asymmetric Digital Subscriber Line) modem, ONU (Optical Network Unit), etc. It is constructed by connecting to a broadband line termination device installed in the network.
  • ADSL Asymmetric Digital Subscriber Line
  • ONU Optical Network Unit
  • the “femtocell” is limited to the residents of the house where the femto base station is installed.
  • a communication service is provided to a user.
  • the output level of the radio wave is small and the installation is only connected to the line terminator on the premises, as long as it is a base station of a mobile device, it is subject to legal regulations and meets the conditions as directed by the government. Need to be.
  • the femto base station is required to have a fixed installation position.
  • the femto base station if the installation position remains the position specified by the service provider, the femto cell service is provided, but if the installation position moves, the output of radio waves is stopped. It is necessary to have functions such as disabling services.
  • the present invention has been made in view of such a situation, and makes it possible to perform authentication on the server side as to whether or not the installation position of the small base station is valid.
  • a first authentication system of the present invention includes a small base station that communicates with a mobile device using an area that is narrower than a cover area of a macro base station that constitutes a public network, and a network that is connected to the small base station and a local area.
  • the small base station has its own identification information and a local IP address assigned in the local area network, in an authentication system comprising a line terminator connected to the wide area network and an authentication server.
  • Transmitting means for transmitting a first authentication request including: to the line terminator, wherein the line terminator sets the local IP address included in the first authentication request to a global IP address assigned to itself.
  • a second authentication request that is converted and includes the global IP address and the identification information transmitted from the small base station Transmitting means for transmitting to the authentication server via the wide area network, the authentication server including identification information of each small base station and a global IP assigned to a line termination device to which each small base station is connected.
  • the authentication server including identification information of each small base station and a global IP assigned to a line termination device to which each small base station is connected.
  • a storage unit that stores an address in association with each other, and the identification information included in the second authentication request and the global IP address are valid when stored in association with the storage unit,
  • An authentication unit that authenticates the small base station that transmitted the first authentication request as invalid if it is not stored in association with each other.
  • a second authentication system includes a small base station that communicates with a mobile device using an area that is narrower than a cover area of a macro base station that constitutes a public network, and a network that is connected to the small base station and a local area.
  • the small base station is And transmitting means for transmitting to the line terminator a first authentication request including its own identification information and a local IP address assigned in the local network, wherein the line terminator includes the first authentication.
  • the local IP address included in the request is converted into a global IP address assigned to itself, and the global IP address is converted.
  • the line concentrator comprising the line terminator Transmitting means for transmitting authentication information in which the identification information transmitted from the global IP address is associated with the authentication server, the authentication server including identification information of each small base station and each small size Storage means for storing the global IP address assigned to the line terminating device to which the base station is connected, and storing the identification information included in the authentication information and the global IP address in association with the storage means Before sending the first authentication request as valid if it has been stored, and invalid if not stored in association Authentication means for authenticating the small base station.
  • the first small base station of the present invention is a small base station that communicates with a mobile device using a cover area that is narrower than the cover area of the macro base station that constitutes the public network, including its own identification information, Transmission means for transmitting a first authentication request including a local IP address assigned in a local network to the line terminating device.
  • the authentication method of the present invention is an authentication method for a small base station that communicates with a mobile station using an area that is narrower than the cover area of a macro base station that constitutes a public network as a cover area. And transmitting a first authentication request including a local IP address assigned in the network to a line termination device, wherein the line termination device that has received the first authentication request includes: The local IP address assigned to the small base station is converted into a global IP address assigned to the line terminating device, and the converted IP address is transmitted as a second authentication request to the authentication server via the wide area network, In the authentication server that has received the second authentication request, the identification included in the second authentication request When the information and the global IP address are stored in association with the storage means, the small base station is authenticated as being valid, and when it is not stored in association with the information, the small base station is authenticated. .
  • the second small base station of the present invention is a small base station connected to a wide area network that communicates with a mobile device using an area narrower than the cover area of the macro base station constituting the public network as a cover area. And a transmission unit configured to transmit an authentication request including identification information and a global IP address assigned to the authentication information to an authentication server connected via the wide area network.
  • a third small base station of the present invention is a small base station connected to a wide area network that communicates with a mobile station using an area narrower than a cover area of a macro base station constituting a public network as a cover area.
  • An authentication unit that converts the local IP address included in the generated authentication request into a global IP address; and the authentication request that includes the identification information and the global IP address is connected via the wide area network.
  • a first authentication request including its own identification information and a local IP address assigned in the local network is transmitted to the line terminating device,
  • the local IP address included in the first authentication request is converted into a global IP address assigned to itself, and the global IP address, the identification information transmitted from the small base station, and Is sent to the authentication server via the wide area network.
  • the authentication server it is valid when the identification information included in the second authentication request and the global IP address are stored in association with each other, and when the authentication information is not stored in association with each other, Authentication of the small base station that transmitted the first authentication request is performed as invalid.
  • a first authentication request including its own identification information and a local IP address assigned in the local network is transmitted to the line terminator,
  • the local IP address included in the first authentication request is converted into a global IP address assigned to itself, and the global IP address and the identification information transmitted from the small base station are obtained.
  • the second authentication request including the request is transmitted to the concentrator via the wide area network.
  • authentication information in which the identification information transmitted from the line terminator is associated with the global IP address is transmitted to an authentication server, and the authentication server includes the authentication information included in the authentication information.
  • the small authentication device that transmitted the first authentication request as valid if identification information and the global IP address are stored in association with each other, and invalid if not stored in association with each other. Base station authentication is performed.
  • the first authentication request including its own identification information and the local IP address assigned in the local network is transmitted to the line terminating device.
  • an authentication request including the identification information and the global IP address assigned to itself is transmitted to an authentication server connected via the wide area network.
  • the third small base station of the present invention in a small base station connected to a wide area network, which communicates with a mobile device using an area narrower than the cover area of the macro base station constituting the public network as a cover area, An authentication request including identification information of a small base station and a local IP address assigned inside the small base station is generated, and the local IP address included in the generated authentication request is converted into a global IP address.
  • the authentication request including the identification information and the global IP address is transmitted to an authentication server connected via the wide area network.
  • the present invention it is possible to perform authentication on the server side whether or not the installation position of the small base station is valid.
  • FIG. 1 It is a figure which shows the example of a structure of the authentication system which concerns on one Embodiment of this invention, and the example of the flow of authentication. It is a figure which shows the example of a structure of an authentication system, and the example of the other flow of authentication. It is a block diagram which shows the structural example of a femto base station. It is a block diagram which shows the structural example of an authentication server. It is a flowchart explaining the process of each apparatus of the authentication system of FIG. It is a figure which shows the structural example of the authentication system which concerns on other embodiment of this invention, and the example of the flow of authentication. It is a flowchart explaining the process of each apparatus of the authentication system of FIG. It is a flowchart explaining the other process of each apparatus of an authentication system. It is a flowchart explaining the further another process of each apparatus of an authentication system. It is a block diagram which shows the other structural example of a femto base station.
  • FIG. 1 is a diagram showing a configuration example of an authentication system according to an embodiment of the present invention and an example of an authentication flow.
  • authentication of whether or not the installation position of the femto base station is valid is performed in a server managed by a communication carrier that provides a femto cell service or the like.
  • the installation position of the femto base station is valid means that the femto base station is installed at the position specified by the communication carrier.
  • a telecommunications carrier notifies a subscriber of a femtocell service that a femto base station is not used outside the premises of a provider such as a home or a workplace.
  • the authentication system of FIG. 1 basically includes a femto base station 1, a line terminating device 2, a network 3, a femto concentrator 4, and an authentication server 5.
  • the femto base station 1 and the line termination device 2 are installed at the home of a user A who is a contractor of femtocell service.
  • the line termination device 2 is provided to the user A by, for example, being lent out by a communication carrier when subscribing to a communication service using the network 3.
  • the femto base station 1 is provided to the user A from the same communication carrier when subscribing to the femtocell service in addition to the communication service.
  • the line terminating device 11 is installed at the home of the user B who is a non-contractor of the femtocell service.
  • User B is a user who has subscribed to a communication service using the network 3 by making a contract with the same carrier as user A, but has not subscribed to a femtocell service.
  • the line termination device 11 is provided to the user B when subscribing to the communication service.
  • the femto base station 1 communicates with the mobile device of the user A residing in the femtocell by starting to output radio waves.
  • the user A is allowed to use the femtocell. The flow of authentication will be described later.
  • the line termination device 2 is connected to the femto base station 1 via a LAN (Local Area Network) cable or the like.
  • LAN Local Area Network
  • the router device connected to the LAN constructed in the home of the user A by the line terminator 2 when the router function is installed in the line terminator 2 Is assigned a local IP address.
  • “192.168.3.x” is assigned as the local IP address as shown in the balloon based on the femto base station 1.
  • an IC card in which IMSI (International Mobile Subscriber Identity) information, which is unique identification information including a predetermined number of digits, is issued from a communication carrier.
  • IMSI International Mobile Subscriber Identity
  • the user A As a preparation for using the femtocell service, the user A, who is a contractor of the femtocell service, inserts an IC card into the slot provided in the femto base station 1 or the femto base station 1 and the line termination device 2. It is necessary to perform installation work such as connecting In the example of FIG. 1, the information in the IC card (IMSI information) stored in the IC card inserted in the femto base station 1 is “111... 111”.
  • the line termination device 2 is a termination device of the network 3 which is a wide area network using a broadband line such as an ADSL line or an optical fiber line.
  • the line terminator 2 is connected to the network 3 via a telephone line or the like, and transmits information transmitted from the femto base station 1 to other devices on the network 3 or from other devices via the network 3. The transmitted information is transmitted to the femto base station 1.
  • the line terminating device 2 transmits information from the femto base station 1 to the femto concentrator 4 via the network 3. Further, the line terminating device 2 receives information such as an authentication result when it is transmitted from the authentication server 5 via the femto concentrator 4 and the network 3, and transmits the received information to the femto base station 1.
  • a fixed global IP address is assigned to the line terminating device 2 in advance. For example, a global IP address in a predetermined range is assigned to the communication carrier, and a global IP address selected according to the home address of the user A is assigned. In the example of FIG. 1, “221.x.x.x” is assigned as the global IP address as shown on the line terminating device 2.
  • the line terminating device 2 has a NAT (Network Address Translation) function, and uses a global IP address assigned to itself as an IP address for identifying the source of information transmitted from the femto base station 1. Use.
  • a communication device such as a personal computer or a router device is appropriately connected to the line termination device 2 in addition to the femto base station 1.
  • the femto concentrator 4 receives information transmitted from each femto base station including the femto base station 1, and transmits the received information to the authentication server 5. For example, when an authentication request, which is a request for authentication of the installation position, is transmitted from the femto base station 1 via the line termination device 2 and the network 3, it is received and transmitted to the authentication server 5.
  • the femto concentrator 4 and the authentication server 5 may be connected via a dedicated line, or may be connected via a network such as the Internet.
  • the authentication server 5 is a server managed by a telecommunications carrier that provides communication services using the network 3 and femtocell services.
  • the authentication server 5 receives the authentication request transmitted from the femto concentrator 4 and performs authentication of the installation position of the femto base station that has transmitted the authentication request with reference to the authentication table.
  • the IC card information of the issued IC card and the global IP address of the provided line termination device are registered in association with each femtocell service contractor.
  • the information in the IC card and the global IP address are registered in the authentication table when, for example, a line terminator and a femto base station are provided to a user who has subscribed to a communication service and a femto cell service.
  • IC card internal information “111... 111” of the IC card issued to user A and global IP address “221.xxx” of the line terminating device 2 provided to user A are registered in association with each other.
  • the IC card information “222... 222” of the IC card issued to user D and the global IP address “221.yyy” of the line termination device provided to user D are registered in association with each other.
  • information in the IC card and a global IP address are registered in association with each other.
  • the global IP address of the line termination device 11 is “221.a.a.a”. Since user B has not subscribed to the femtocell service, the global IP address of the line termination device 11 is not registered in the authentication table of the authentication server 5.
  • the femto base station 1 transmits an authentication request to the line terminating device 2.
  • the packet transmitted by the femto base station 1 as an authentication request stores the IC card information “111... 111” of the IC card inserted into the femto base station 1 and is assigned to the femto base station 1 in its header. Local IP address "192.168.3.x" is described.
  • the line terminating device 2 that has received the authentication request from the femto base station 1 uses the local IP address “192.168.3.x” described in the header of the packet as the global IP address assigned to the line terminating device 2 itself. Convert to “221.xxx”.
  • the line terminating device 2 transmits the packet obtained by converting the IP address as an authentication request to the femto concentrator 4 via the network 3 as indicated by the white arrow # 3.
  • IC card internal information “111... 111” is stored in the packet transmitted by the line terminating device 2, and the global IP address “221.x.x.x” is described in the header.
  • the femto concentrator 4 that has received the authentication request from the line terminator 2 associates the IC card information “111... 111” stored in the packet with the global IP address “221.xxx” described in the header. As a result, the authentication information is generated and transmitted to the authentication server 5 together with the authentication request as indicated by the white arrow # 4.
  • the authentication server 5 that has received the authentication information from the femto concentrator 4 collates the authentication information with the information registered in the authentication table as indicated by the white arrow # 5, thereby installing the femto base station 1 Authenticate.
  • the authentication server 5 determines that the installation position of the femto base station 1 is valid when the information in the IC card included in the authentication information and the global IP address are associated and registered in the authentication table.
  • the authentication server 5 determines that the installation position of the femto base station 1 is not valid when the information in the IC card included in the authentication information and the global IP address are not registered in the authentication table in association with each other.
  • the same information as the IC card information included in the authentication information is registered, but the global IP address registered in association with it is different from the information included in the authentication information, or the global IP address included in the authentication information.
  • the information in the IC card registered in association with the same information is different from the information included in the authentication information, it is determined that the installation position is not valid.
  • the installation location of the femto base station 1 Is determined by the authentication server 5 to be valid.
  • the authentication server 5 transmits information indicating that the authentication is successful to the femto base station 1.
  • Information transmitted from the authentication server 5 is received by the femto base station 1 via the femto concentrator 4, the network 3, and the line terminator 2.
  • the femto base station 1 that has received the information indicating that the authentication has succeeded starts output of radio waves and communicates with the mobile device. As a result, the user A can perform a voice call using the femtocell managed by the femto base station 1.
  • the authentication system of FIG. 1 it is determined whether the user of the femto base station is a valid user and whether the transmission path to which the femto base station is connected is a valid transmission path. If it is valid, it is determined that the installation position of the femto base station is valid.
  • the information in the IC card indicates that the user of the femto base station is valid, that is, the user (service contractor) who subscribes to the femto cell service.
  • the global IP address is valid for the transmission path to which the femto base station is connected, that is, the transmission path for the information output from the femto base station such as the line termination device or the network 3 is specified by the communication carrier. It represents something.
  • FIG. 2 is a diagram illustrating another example of authentication of the femto base station 1.
  • the femto base station 1 provided to the user A is moved to the home of the user B as indicated by the white arrow # 11, and the femto base station 1 is provided to the user B.
  • An example in the case of being connected and installed is shown.
  • An IC card issued to user A is inserted into the slot of femto base station 1.
  • the femto base station 1 When the power of the femto base station 1 is turned on, the femto base station 1 transmits an authentication request to the line terminator 11 as indicated by the white arrow # 12.
  • the IC card information “111... 111” is stored in the packet transmitted as the authentication request by the femto base station 1, and the local IP address assigned to the femto base station 1 in the LAN in the home of the user B is stored in the header thereof. “192.168.3.x” is described.
  • the line termination device 11 that has received the authentication request from the femto base station 1 uses the local IP address “192.168.3.x” described in the header of the packet as the global IP address assigned to the line termination device 11 itself. Convert to “221.aaa”.
  • the line terminating device 11 After converting the IP address, the line terminating device 11 transmits the packet obtained by converting the IP address to the femto concentrator 4 via the network 3 as an authentication request, as indicated by the white arrow # 13.
  • the IC card information “111... 111” is stored in the packet transmitted by the line terminating device 11, and the global IP address “221.a.a.a” is described in the header.
  • the femto concentrator 4 that has received the authentication request from the line terminator 11 associates the IC card information “111... 111” stored in the packet with the global IP address “221.aaa” described in the header. As a result, the authentication information is generated and transmitted to the authentication server 5 as indicated by the white arrow # 14.
  • the authentication server 5 that has received the authentication information from the femto concentrator 4 verifies the authentication of the femto base station 1 by comparing the authentication information with the information registered in the authentication table, as indicated by the white arrow # 15. Do.
  • the same information as the IC card information “111... 111” included in the authentication information is registered in the authentication table, but the global IP address registered in association with it is included in the authentication information. Different from the global IP address “221.aaa”.
  • the authentication server 5 considers that the installation position of the femto base station 1 that has transmitted the authentication information has been moved, and determines that it is not valid.
  • the femto base station 1 Since the information indicating that the authentication is successful is not transmitted from the authentication server 5, the femto base station 1 does not start to output radio waves. The user B who borrows the femto base station 1 from the user A cannot use the femto cell.
  • FIG. 3 is a block diagram illustrating a configuration example of the femto base station 1 installed in the home of the user A.
  • the femto base station 1 includes a network communication unit 21, a control unit 22, a wireless communication unit 23, and an antenna 24.
  • An IC card 31 inserted in a slot formed in the housing is connected to the control unit 22.
  • the network communication unit 21 communicates with the line termination device 2 via wired or wireless according to a predetermined protocol such as TCP / IP (Transmission Control Protocol / Internet Protocol).
  • a predetermined protocol such as TCP / IP (Transmission Control Protocol / Internet Protocol).
  • IP Transmission Control Protocol / Internet Protocol
  • a local IP address is described in a header of a packet storing data transmitted from the network communication unit 21 to the line terminating device 2.
  • the network communication unit 21 outputs voice data from the mobile phone of the communication partner received by the line terminating device 2 to the wireless communication unit 23, while the mobile device used by the user A supplied from the wireless communication unit 23 Is output to the line terminator 2 and transmitted to the mobile phone of the communication partner.
  • the control unit 22 includes a CPU (Central Processing Unit), ROM (Read Only Memory), RAM (Random Access Memory), and the like, and executes a predetermined program to control the overall operation of the femto base station 1.
  • CPU Central Processing Unit
  • ROM Read Only Memory
  • RAM Random Access Memory
  • control unit 22 controls the network communication unit 21 to transmit a packet storing information in the IC card stored in the IC card 31 to the line terminating device 2. Further, the control unit 22 controls the wireless communication unit 23 to output radio waves when the network communication unit 21 receives information supplied from the authentication server 5 indicating that the authentication is successful. To start.
  • the wireless communication unit 23 outputs a radio wave having a predetermined intensity such as an antenna power of 20 mW or less from the antenna 24 and performs wireless communication with a mobile device such as a mobile phone used by the user A according to a standard such as W-CDMA and CDMA2000. Do.
  • the wireless communication unit 23 transmits voice data from the mobile phone of the communication partner supplied from the network communication unit 21 to the user A's mobile device, and receives the user A's mobile device based on the signal supplied from the antenna 24. Is output to the network communication unit 21.
  • the IC card 31 stores the information in the IC card in the memory, and outputs the information in the IC card read from the memory to the control unit 22.
  • FIG. 4 is a block diagram illustrating a configuration example of the authentication server 5.
  • the authentication server 5 is constituted by a computer.
  • the authentication server 5 may be configured by connecting a plurality of computers instead of a single computer.
  • the CPU 51, ROM 52, and RAM 53 are connected to each other by a bus 54.
  • an input / output interface 55 is connected to the bus 54.
  • an input unit 56 such as a keyboard and a mouse
  • an output unit 57 such as a display and a speaker.
  • the bus 54 is connected to a storage unit 58 such as a hard disk or a non-volatile memory, a network interface, etc., and a communication unit 59 that communicates with the femto concentrator 4 and a drive 60 that drives the removable media 61. .
  • the storage unit 58 stores an authentication table as shown in FIG.
  • the authentication unit 71 refers to the authentication table stored in the storage unit 58 and authenticates the installation position of the femto base station that has transmitted the authentication request.
  • the authentication unit 71 is realized by the CPU 51 executing a predetermined program.
  • This process is started when the femto base station 1 is installed and turned on, for example, by inserting an IC card or connecting to the line terminating device 2. While the power is on, the process of FIG. 5 may be repeatedly performed at a predetermined timing.
  • step S1 the control unit 22 of the femto base station 1 controls the network communication unit 21, and transmits a packet storing the information in the IC card stored in the IC card 31 to the line terminating device 2 as an authentication request.
  • step S11 the line terminating device 2 receives the authentication request from the femto base station 1, and in step S12, converts the local IP address described in the packet header into a global IP address.
  • step S ⁇ b> 13 the line terminating device 2 transmits the packet whose IP address is converted to the femto concentrator 4 via the network 3 as an authentication request.
  • step S21 the femto concentrator 4 receives the authentication request from the line terminating device 2, and authenticates by associating the IC card information stored in the packet with the global IP address described in the packet header. Generate information.
  • step S ⁇ b> 22 the femto concentrator 4 transmits the generated authentication information to the authentication server 5.
  • step S31 the authentication unit 71 of the authentication server 5 controls the communication unit 59 to receive authentication information.
  • step S32 the authentication unit 71 reads the authentication table stored in the storage unit 58, and compares the information registered in the read authentication table with the authentication information to authenticate the installation position of the femto base station 1. I do.
  • step S33 the authentication unit 71 controls the communication unit 59 and transmits the authentication result to the femto concentrator 4.
  • the authentication unit 71 controls the communication unit 59 and transmits the authentication result to the femto concentrator 4.
  • information indicating that fact is transmitted.
  • step S23 the femto concentrator 4 receives the authentication result transmitted from the authentication server 5, and transmits it to the line terminating device 2 via the network 3 in step S24.
  • step S14 the line terminating device 2 receives the authentication result transmitted from the femto concentrator 4, and transmits it to the femto base station 1 in step S15.
  • step S 2 the network communication unit 21 of the femto base station 1 receives the authentication result transmitted from the line terminating device 2 and outputs it to the control unit 22.
  • step S ⁇ b> 3 when information indicating that the authentication is successful is transmitted as an authentication result, the control unit 22 controls the wireless communication unit 23 to start outputting radio waves, and thereafter ends the process. .
  • the femto concentrator 4 generates authentication information by associating the information in the IC card with the global IP address, and transmits the authentication information to the authentication server 5. May be.
  • FIG. 6 is a diagram showing a configuration example of an authentication system according to another embodiment of the present invention and an example of an authentication flow.
  • the configuration of the authentication system shown in FIG. 6 is the same as the configuration shown in FIG. 1 except that the femto concentrator 4 is not provided.
  • the femto base station 1 transmits an authentication request to the line terminating device 2 as shown by the white arrow # 22.
  • the packet transmitted by the femto base station 1 as an authentication request stores the IC card information “111... 111” of the IC card inserted into the femto base station 1 and is assigned to the femto base station 1 in its header. Local IP address "192.168.3.x" is described.
  • the line terminating device 2 that has received the authentication request from the femto base station 1 associates the in-IC card information “111... 111” stored in the packet with the global IP address “221.xxx” assigned to itself. As a result, the authentication information is generated and transmitted to the authentication server 5 together with the authentication request as indicated by the white arrow # 23.
  • the authentication server 5 that has received the authentication information from the line terminating device 2 collates the authentication information with the information registered in the authentication table, as indicated by the white arrow # 24, so that the installation position of the femto base station 1 Authenticate and send the authentication result.
  • the femto base station 1 that has received the information indicating that the authentication is successful, the output of radio waves is started.
  • the line termination device 2 it is also possible to cause the line termination device 2 to generate the authentication information by associating the information in the IC card with the global IP address and transmit it to the authentication server 5.
  • the processing of FIG. 7 is basically the same processing as the processing described with reference to FIG. 5 except that the processing of the femto concentrator 4 is not performed and the transmission of authentication information is performed by the line termination device 2. It is. That is, in step S51, the control unit 22 of the femto base station 1 transmits a packet storing the information in the IC card to the line terminating device 2 as an authentication request.
  • step S61 the line terminating device 2 receives the authentication request from the femto base station 1.
  • step S62 the line terminating device 2 generates authentication information by associating the information in the IC card with the global IP address, and transmits the generated authentication information to the authentication server 5 together with the authentication request.
  • step S71 the authentication unit 71 of the authentication server 5 receives the authentication information, and authenticates the installation position of the femto base station 1 in step S72.
  • step S ⁇ b> 73 the authentication unit 71 transmits the authentication result to the line terminating device 2.
  • step S63 the line terminating device 2 receives the authentication result transmitted from the authentication server 5, and transmits it to the femto base station 1 in step S64.
  • step S52 the network communication unit 21 of the femto base station 1 receives the authentication result and outputs it to the control unit 22.
  • step S ⁇ b> 53 when information indicating that the authentication is successful is transmitted as an authentication result, the control unit 22 starts outputting radio waves, and thereafter ends the process.
  • the authentication server 5 can authenticate the correctness of the installation position of the femto base station 1 also by the above processing.
  • femto base station 1 separate devices are used as the femto base station 1 and the line terminator 2, but one device having the function of the femto base station 1 and the function of the line terminator 2 may be used. Good. That one device is provided to the contractor of the femtocell service.
  • description will be made assuming that the above-described femto base station 1 also has a function as a line terminating device.
  • a fixed global IP address is assigned in advance to the femto base station 1 in the same manner as assigned to the line terminating device.
  • a global IP address is described instead of a local IP address assigned in the local network to which the femto base station 1 is connected.
  • FIG. 8 shows a process when the femto concentrator 4 generates the authentication information by associating the information in the IC card with the global IP address.
  • step S81 the control unit 22 of the femto base station 1 transmits a packet storing the information in the IC card stored in the IC card 31 to the femto concentrator 4 via the network 3 as an authentication request.
  • step S91 the femto concentrator 4 receives the authentication request from the femto base station 1, and in step S92, transmits the authentication information generated by associating the IC card information with the global IP address to the authentication server 5.
  • step S101 the authentication unit 71 of the authentication server 5 receives the authentication information transmitted from the femto concentrator 4.
  • the authentication unit 71 collates the authentication information with the information registered in the authentication table. The installation position of the base station 1 is authenticated.
  • step S ⁇ b> 103 the authentication unit 71 transmits the authentication result to the femto concentrator 4.
  • step S93 the femto concentrator 4 receives the authentication result transmitted from the authentication server 5, and transmits it to the femto base station 1 via the network 3 in step S94.
  • step S82 the network communication unit 21 of the femto base station 1 receives the authentication result transmitted from the femto concentrator 4 and outputs it to the control unit 22.
  • step S ⁇ b> 83 when information indicating that the authentication is successful is transmitted as an authentication result, the control unit 22 controls the wireless communication unit 23 to start outputting radio waves, and thereafter ends the process. .
  • the authentication server 5 it is possible to cause the authentication server 5 to authenticate the installation position of the femto base station 1.
  • FIG. 9 shows processing when the authentication information is generated by associating the information in the IC card with the global IP address by the femto base station 1 that also has a function as a line terminating device.
  • the process of FIG. 9 is basically the same process as the process described with reference to FIG. 8 except that the process of the femto concentrator 4 is not performed and the authentication information is transmitted by the femto base station 1. It is.
  • step S111 the control unit 22 of the femto base station 1 sends authentication information generated by associating the information in the IC card stored in the IC card 31 with the global IP address assigned to the authentication server 5 to the authentication server 5. Send.
  • step S121 the authentication unit 71 of the authentication server 5 receives the authentication information transmitted from the femto base station 1, and authenticates the installation position of the femto base station 1 in step S122.
  • step S ⁇ b> 123 the authentication unit 71 transmits the authentication result to the femto base station 1.
  • step S112 the network communication unit 21 of the femto base station 1 receives the authentication result transmitted from the authentication server 5, and outputs the result to the control unit 22.
  • step S ⁇ b> 113 when information indicating that the authentication is successful is transmitted as an authentication result, the control unit 22 controls the wireless communication unit 23 to start outputting radio waves, and thereafter ends the process. .
  • the small base station is a base station that forms a small cell such as a femto cell, a pico cell, or a micro cell.
  • the information in the IC card written in the removable IC card is used as the identification information of the femto base station, but the storage means such as ROM or RAM built in the femto base station The identification information written at the time of manufacturing the femto base station may be used.
  • the global IP address assigned to the line terminating device 2 in FIG. 1 and the global IP address assigned to the femto base station having the function of the line terminating device are assumed to be fixed global IP addresses. It may be variable.
  • the global IP address is changed at a predetermined timing such as when a predetermined period has elapsed.
  • the authentication server 5 corresponds to the information in the IC card as an allowable IP address.
  • the managed global IP address is also changed to be the same as the changed global IP address.
  • the change of the global IP address in the authentication server 5 is performed by the authentication server 5 based on the notification from the line termination device 2 that has changed the setting of its own global IP address and the femto base station having the function of the line termination device.
  • the global IP address may be changed by the authentication server 5 based on a notification from the router apparatus that has changed the global IP address assignment.
  • the local IP address may be used inside the femto base station having the function of the line terminating device, and the authentication as described above may be performed.
  • FIG. 10 is a block diagram illustrating a configuration example of the femto base station 101 which is a femto base station having a function of a line termination device.
  • the configuration of the femto base station 101 shown in FIG. 10 is different from the configuration shown in FIG. 3 in that a line terminator 111 having a function as a modem is additionally provided. Further, data from the network communication unit 21 to the wireless communication unit 23 is transmitted via the control unit 22, and data from the wireless communication unit 23 to the network communication unit 21 is transmitted via the control unit 22 as shown in FIG. Different from the configuration shown in FIG.
  • the network communication unit 21 has a NAT function, and the network communication unit 21 assigns a local IP address to a module including the control unit 22 and the wireless communication unit 23.
  • the network communication unit 21 receives the authentication request transmitted from the control unit 22 when the femto base station 101 is authenticated.
  • the packet transmitted by the control unit 22 as an authentication request stores information in the IC card of the IC card 31, and the header is assigned to a module including the control unit 22 and the wireless communication unit 23.
  • the local IP address is described.
  • the network communication unit 21 that has received the authentication request from the control unit 22 converts the local IP address described in the header of the packet into a fixed or variable global IP address assigned to the network communication unit 21 itself. To do.
  • the network communication unit 21 controls the line terminating unit 111 so that the authentication information for the authentication server 5 is generated by the femto concentrator 4 as described with reference to FIG. If there is a packet, the IP address converted packet is transmitted as an authentication request to the femto concentrator 4 via the network 3.
  • the network communication unit 21 controls the line termination unit 111, and the authentication information for the authentication server 5 is generated by the femto base station side device as described with reference to FIG. Generates authentication information by associating the information in the IC card with the global IP address, and transmits the authentication information to the authentication server 5 via the network 3.
  • the network communication unit 21 has the NAT function.
  • the control unit 22 may have the NAT function, or the line termination unit 111 may have the NAT function. It may be.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Système d’authentification, station de base de petite taille et procédé d’authentification destiné à garantir qu’une authentification portant sur le fait que la position installée d’une station de base de petite taille est correcte ou non puisse être effectuée côté serveur. Un paquet émis en tant que demande d’authentification, par une femto-station (1) de base contient les informations de CI intra-carte d’une carte à CI insérée dans la femto-station (1) de base. Au niveau d’un équipement (2) de terminaison de circuit, une adresse IP locale décrite dans l’en-tête du paquet est convertie en adresse IP globale en vue de sa transmission à un femto-concentrateur (4) de lignes. Au niveau du femto-concentrateur (4) de lignes, les informations de CI intra-carte sont associées à l’adresse IP globale, produisant ainsi une information d’authentification qui est alors transmise à un serveur (5) d’authentification. Au niveau du serveur (5) d’authentification, si les informations de CI intra-carte et l’adresse IP globale contenues dans l’information d’authentification ont été inscrites dans une table d’authentification de telle manière que les informations de CI intra-carte soient associées à l’adresse IP globale, alors il est déterminé que la position installée de la femto-station (1) de base est correcte. La présente invention peut s’appliquer à une station de base de femtocellule.
PCT/JP2009/069732 2008-11-21 2009-11-20 Système d’authentification, station de base de petite taille et procédé d’authentification WO2010058847A1 (fr)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN200980146809.2A CN102224763B (zh) 2008-11-21 2009-11-20 认证系统、小型基站和认证方法
JP2010539264A JP5414692B2 (ja) 2008-11-21 2009-11-20 認証システム、小型基地局、認証方法
US13/129,896 US9241266B2 (en) 2008-11-21 2009-11-20 Authentication system, small base station, and authentication method
EP09827628.0A EP2360986A4 (fr) 2008-11-21 2009-11-20 Système d authentification, station de base de petite taille et procédé d authentification

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2008-298604 2008-11-21
JP2008298604 2008-11-21

Publications (1)

Publication Number Publication Date
WO2010058847A1 true WO2010058847A1 (fr) 2010-05-27

Family

ID=42198286

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2009/069732 WO2010058847A1 (fr) 2008-11-21 2009-11-20 Système d’authentification, station de base de petite taille et procédé d’authentification

Country Status (5)

Country Link
US (1) US9241266B2 (fr)
EP (1) EP2360986A4 (fr)
JP (1) JP5414692B2 (fr)
CN (1) CN102224763B (fr)
WO (1) WO2010058847A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010226637A (ja) * 2009-03-25 2010-10-07 Toshiba Digital Media Engineering Corp 無線基地局装置および無線通信システム
EP2378802A1 (fr) * 2010-04-13 2011-10-19 Alcatel Lucent Réseau de télécommunication sans fil et procédé d'authentification d'un message
JP2012156669A (ja) * 2011-01-25 2012-08-16 Nippon Telegraph & Telephone West Corp 無線基地局装置および送信信号制御方法
US20130225195A1 (en) * 2012-02-24 2013-08-29 Qualcomm Incorporated Methods and apparatus for selecting femtocell access modes and operational parameters based on the presence of nearby macrocells
JP2018007131A (ja) * 2016-07-06 2018-01-11 ソフトバンク株式会社 無線基地局、プログラム、通信システム及び認証装置

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104219664B (zh) * 2013-05-31 2019-04-12 上海评驾科技有限公司 基于设备地理位置坐标信息的身份认证方法
CN105228171B (zh) * 2014-05-30 2018-10-09 中国电信股份有限公司 异构网络中双连接小基站的自配置方法和系统

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007083541A1 (fr) * 2006-01-18 2007-07-26 Nec Corporation Système de communication et méthode de gestion des informations
JP2008017382A (ja) * 2006-07-10 2008-01-24 Hitachi Kokusai Electric Inc 基地局装置

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5771453A (en) * 1993-11-04 1998-06-23 Ericsson Inc. Multiple user base stations and methods for radio personal communications systems
KR100244979B1 (ko) * 1997-08-14 2000-02-15 서정욱 부호분할다중접속 방식의 개인휴대통신용 마이크로셀룰라 이동통신 시스템
US6496702B1 (en) * 1999-08-06 2002-12-17 Genesys Telecommunications Laboratories, Inc. Method and apparatus for providing enhanced communication capability for mobile devices on a virtual private network (VPN)
US6845094B1 (en) * 1999-12-16 2005-01-18 Ut Starcom, Inc. Network address translation based internet protocol mobility
US7313628B2 (en) 2001-06-28 2007-12-25 Nokia, Inc. Protocol to determine optimal target access routers for seamless IP-level handover
JP3854930B2 (ja) 2003-01-30 2006-12-06 松下電器産業株式会社 一元管理認証装置及び無線端末認証方法
JP2004260445A (ja) 2003-02-25 2004-09-16 Ntt Docomo Inc ネットワーク機器管理システム及びその方法並びにネットワーク機器設定制御装置、ネットワーク機器
JP2004304394A (ja) 2003-03-31 2004-10-28 Hitachi Ltd 無線通信システム
US8412274B2 (en) 2006-06-08 2013-04-02 Hitachi Kokusai Electric Inc. Wireless base station device
US20080076412A1 (en) * 2006-09-22 2008-03-27 Amit Khetawat Method and apparatus for registering an access point
CN101232700B (zh) 2007-01-26 2012-09-05 华为技术有限公司 一种提供位置业务的方法、装置及系统
KR100878755B1 (ko) * 2007-02-08 2009-01-14 한국과학기술원 무선인지 기반 이동통신시스템 및 이동통신 무선접속 방법
JP2007267424A (ja) 2007-07-06 2007-10-11 Softbank Mobile Corp 移動通信網およびマイクロセル装置
JP2009290282A (ja) * 2008-05-27 2009-12-10 Softbank Bb Corp 認証システム、認証方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007083541A1 (fr) * 2006-01-18 2007-07-26 Nec Corporation Système de communication et méthode de gestion des informations
JP2008017382A (ja) * 2006-07-10 2008-01-24 Hitachi Kokusai Electric Inc 基地局装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2360986A4 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010226637A (ja) * 2009-03-25 2010-10-07 Toshiba Digital Media Engineering Corp 無線基地局装置および無線通信システム
EP2378802A1 (fr) * 2010-04-13 2011-10-19 Alcatel Lucent Réseau de télécommunication sans fil et procédé d'authentification d'un message
WO2011128014A1 (fr) * 2010-04-13 2011-10-20 Alcatel Lucent Réseau de télécommunication sans fil et procédé permettant d'authentifier un message
US9473934B2 (en) 2010-04-13 2016-10-18 Alcatel Lucent Wireless telecommunications network, and a method of authenticating a message
JP2012156669A (ja) * 2011-01-25 2012-08-16 Nippon Telegraph & Telephone West Corp 無線基地局装置および送信信号制御方法
US20130225195A1 (en) * 2012-02-24 2013-08-29 Qualcomm Incorporated Methods and apparatus for selecting femtocell access modes and operational parameters based on the presence of nearby macrocells
US9924443B2 (en) * 2012-02-24 2018-03-20 Qualcomm Incorporated Methods and apparatus for selecting femtocell access modes and operational parameters based on the presence of nearby macrocells
JP2018007131A (ja) * 2016-07-06 2018-01-11 ソフトバンク株式会社 無線基地局、プログラム、通信システム及び認証装置

Also Published As

Publication number Publication date
CN102224763B (zh) 2014-11-26
EP2360986A1 (fr) 2011-08-24
US20110287742A1 (en) 2011-11-24
US9241266B2 (en) 2016-01-19
JP5414692B2 (ja) 2014-02-12
EP2360986A4 (fr) 2015-10-21
CN102224763A (zh) 2011-10-19
JPWO2010058847A1 (ja) 2012-04-19

Similar Documents

Publication Publication Date Title
JP5414692B2 (ja) 認証システム、小型基地局、認証方法
CN1988489B (zh) 一种智能家居监控的系统和方法
EP2244496B1 (fr) Système d'accès sans fil, procédé d'accès sans fil et dispositif de point d'accès
CN1229941C (zh) 认证方法、通信设备和中继装置
US8188857B2 (en) Authentication system and method thereof for wireless networks
WO2010046263A1 (fr) Système et procédé de communication
CN102057716A (zh) 接入点
JP5504437B2 (ja) 移動局のcsgメンバーシップで、サービング基地局を更新するメカニズム
CN102355710A (zh) 家庭基站位置限制方法、装置和系统
JP2016057672A (ja) 端末別認証払い出し制御装置、認証キー払い出し機能設定装置、方法およびプログラム
KR20120139777A (ko) 가입자 단말을 인증하기 위한 방법 및 장비
JP2005236537A (ja) 無線LANを利用したVoIPワイヤレス電話システム及び方法
CN101656964B (zh) Wi-Fi城域网的实现方法及家庭网关
EP3158490A1 (fr) Utilisation de codes lisibles optiquement, associés à un dispositif d'accès
JP2009290282A (ja) 認証システム、認証方法
JP2002185635A (ja) ホームサーバ及びインターネットサービスシステム
KR20020015909A (ko) 블루투스와 보이스 오버 아이피 서비스를 이용한 호 접속방법
CN107517491A (zh) 一种连接建立系统及方法
JP2010109986A (ja) 無線通信システム及び方法
CN101730098A (zh) 家庭基站鉴权方法、装置和系统
JP4630275B2 (ja) 無線通信端末及び無線通信方法
JP6233664B2 (ja) ドアホン親機および通信方法
JP4534323B2 (ja) 移動体網インタフェース手段を備えた電話機,および,その通信システム
JP6583833B2 (ja) サーバー装置、および、通信方法
KR20080001216A (ko) 유동 ip 환경에서의 원격 pc on 시스템 및 서비스방법

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200980146809.2

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09827628

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2010539264

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2009827628

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 13129896

Country of ref document: US

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载