WIRELESS COMMUNICATION APPARATUS AND SERVER APPARATUS

Abstract

A wireless communication apparatus includes a storage, a communicator configured to perform wireless communication with a cellular network, and a controller configured to establish a first wireless connection with the cellular network when available Subscriber Identity Module (SIM) information is not stored in the storage, the first wireless connection being an unencrypted connection. The communicator is configured to transmit predetermined information to the cellular network through the first wireless connection, the predetermined information being used to establish a second wireless connection with the cellular network, and the second wireless connection being an encrypted connection. The controller is configured to, after the first wireless connection is released, establish the second wireless connection with the cellular network by using the predetermined information. The communicator is configured to receive the available SIM information through the second wireless connection.

Claims

1. A wireless communication apparatus comprising: a storage; a communicator configured to perform wireless communication with a cellular network; and a controller configured to establish a first wireless connection with the cellular network when available Subscriber Identity Module (SIM) information is not stored in the storage, the first wireless connection being an unencrypted connection, wherein the communicator is configured to transmit predetermined information to the cellular network through the first wireless connection, the predetermined information being used to establish a second wireless connection with the cellular network, and the second wireless connection being an encrypted connection, the controller is configured to, after the first wireless connection is released, establish the second wireless connection with the cellular network by using the predetermined information, and the communicator is configured to receive the available SIM information through the second wireless connection.

2. The wireless communication apparatus according to claim 1, wherein the controller is configured to calculate a shared key based on the predetermined information, the shared key is shared between the wireless communication apparatus and the cellular network, and the controller is configured to perform a shared key based authentication procedure with the cellular network to establish the second wireless connection.

3. The wireless communication apparatus according to claim 2, wherein the communicator is configured to transmit the predetermined information to a server apparatus in the cellular network through the first wireless connection, the predetermined information includes random number information indicating a random number, the communicator is configured to receive information indicating an algorithm from the server apparatus, and the controller is configured to calculate the shared key by applying the algorithm to the random number.

4. The wireless communication apparatus according to claim 3, wherein the random number is used as subscriber identification information of the wireless communication apparatus in the authentication procedure.

5. The wireless communication apparatus according to claim 2, wherein the communicator is configured to, after transmitting the predetermined information, receive information indicating a timer value based on validity period for the shared key from the cellular network, and the controller is configured to start a timer having the timer value and establish the second wireless connection before the timer expires.

6. A server apparatus comprising: a communicator configured to receive, from a wireless communication apparatus, predetermined information used to establish an encrypted wireless connection between the wireless communication apparatus and a cellular network, through an unencrypted wireless connection between the wireless communication apparatus and the cellular network.

7. The server apparatus according to claim 6, further comprising: a controller configured to calculate a shared key based on the predetermined information, wherein the communicator is configured to transmit the shared key to an authentication apparatus, and the communicator is configured to transmit a request to delete the shared key to the authentication apparatus in response to elapse of a predetermined period after transmission of the shared key.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0009] FIG. 1 is a diagram illustrating a configuration of a mobile communication system according to an embodiment.

[0010] FIG. 2 is a diagram illustrating a configuration of a wireless communication apparatus 100 according to an embodiment.

[0011] FIG. 3 is a diagram illustrating a configuration of a base station 200 according to an embodiment.

[0012] FIG. 4 is a diagram illustrating a configuration of a core network apparatus 400 according to an embodiment.

[0013] FIG. 5 is a diagram illustrating a configuration of a server apparatus 300 according to an embodiment.

[0014] FIG. 6 is a diagram illustrating an operation example of a mobile communication system according to an embodiment.

DESCRIPTION OF EMBODIMENTS

[0015] When a wireless communication apparatus acquires SIM information from a SIM management apparatus, a wireless communication means for accessing the SIM management apparatus is required. In particular, when a storage of the wireless communication apparatus includes no SIM information, such a wireless communication means needs to be provided separately, which problematically leads to inefficiency.

[0016] In view of this, the object of the present disclosure is to efficiently acquire the SIM information from the SIM management apparatus.

[0017] A cellular communication system according to an embodiment will be described with reference to the drawings. In the description of the drawings, the same or similar parts are denoted by the same or similar reference signs.

Configuration of Mobile Communication System

[0018] FIG. 1 is a diagram illustrating a configuration of a mobile communication system 1 according to an embodiment.

[0019] As illustrated in FIG. 1, the mobile communication system 1 includes a wireless communication apparatus 100, a SIM management apparatus 600, and a cellular network 10.

[0020] The wireless communication apparatus 100 may be any wireless communication apparatus, such as a communication module, an IoT apparatus, a mobile phone, a smartphone, and a personal computer.

[0021] The SIM management apparatus 600 manages a plurality of pieces of SIM information, each of which corresponds to a respective one of a plurality of different communication operators. The SIM information is information stored in a SIM card issued by the communication operator. The SIM information includes subscriber identification information for identifying a subscriber, operator identification information for identifying a communication operator, and contract information related to available services to which a subscriber has subscribed. The subscriber identification information is, for example, an International Mobile Subscriber Identity (IMSI).

[0022] The SIM management apparatus 600 transmits, to the wireless communication apparatus 100, the SIM information appropriate for the wireless communication apparatus 100 in response to a request from the wireless communication apparatus 100.

[0023] For example, the SIM management apparatus 600 manages X SIM cards corresponding to a communication operator A of a country A, Y SIM cards corresponding to a communication operator B of a country B, and Z SIM cards corresponding to a communication operator C of a country C. The SIM management apparatus 600 stores pieces of SIM information, each of which corresponds to a respective one of these SIM cards. The SIM management apparatus 600 transmits, to the wireless communication apparatus 100, the SIM information corresponding to one SIM card of X SIM cards corresponding to the communication operator A, in response to receiving a request message including information indicating that the wireless communication apparatus 100 is in the country A.

[0024] The SIM management apparatus 600 communicates with the cellular network 10 via another network (e.g., the Internet).

[0025] The cellular network 10 may support any mobile communication scheme including the second generation mobile communication scheme such as Global System for Mobile communications (GSM) (trade name), the third generation mobile communication scheme such as Code Division Multiple Access (CDMA), the fourth generation mobile communication scheme such as Long Term Evolution (LTE), and further the fifth generation mobile communication scheme. Such a mobile communication scheme may be referred to as Radio Access Technology (RAT). The fifth generation mobile communication scheme may be referred to as New RAT (NR). Such a mobile communication scheme may be a mobile communication scheme defined by a standardization entity. The standardization entity may be the 3rd Generation Partnership Project (3GPP), the Institute of Electrical and Electronics Engineers (IEEE), or the like.

[0026] The cellular network 10 includes a base station 200, a server apparatus 300, a core network apparatus 400, and an authentication apparatus 500.

[0027] The base station 200 provides a mobile communication service in a coverage area of the base station 200 by using at least one of the above-described mobile communication schemes. Such a coverage area may be referred to as a “cell”. The base station 200 manages one or more cells.

[0028] The core network apparatus 400 performs location management of the wireless communication apparatus 100, subscriber authentication, security, and the like. An example of the core network apparatus is a Mobility Management Entity (MME) or an Access and Mobility Management Function (AMF).

[0029] The authentication apparatus 500 includes a subscriber database in which the subscriber identification information of the subscriber and a shared key corresponding to the subscriber are associated with each other, and stored, the subscriber having a contract with the communication operator managing the cellular network 10. The SIM information held by the wireless communication apparatus 100 includes the subscriber identification information and the shared key. The shared key may be referred to as a K value.

[0030] The authentication apparatus 500 performs a shared key based authentication procedure on the wireless communication apparatus 100 accessing the cellular network 10. This encrypts a wireless connection between the wireless communication apparatus 100 and the cellular network 10.

[0031] The authentication procedure is a procedure for verifying the consistency between the shared key on the wireless communication apparatus 100 side and the shared key on the authentication apparatus 500 side. An example of such an authentication procedure is an Authentication and Key Agreement (AKA) procedure defined in the 3GPP. The AKA procedure is as follows.

[0032] Firstly, the core network apparatus 400 in the cellular network 10 acquires the subscriber identification information from the wireless communication apparatus 100, and transmits an authentication data request message including the subscriber identification information to the authentication apparatus 500.

[0033] Secondly, the authentication apparatus 500 refers to the subscriber database to identify the shared key to be associated with the received subscriber identification information, and calculates an expected response value by applying an algorithm to the shared key. The authentication apparatus 500 transmits, to the core network apparatus 400, an authentication data response message including the expected response value and algorithm information indicating the algorithm.

[0034] Thirdly, the core network apparatus 400 transmits a user authentication request message including the algorithm information to the wireless communication apparatus 100.

[0035] Fourthly, the wireless communication apparatus 100 calculates a response value by applying, to the shared key, an algorithm same as, and/or similar to, the algorithm applied by the authentication apparatus 500 regarding the algorithm, and transmits a user authentication response message including the response value to base station 200.

[0036] Fifthly, the core network apparatus 400 compares the expected response value with the response value and determines that the authentication procedure is successful if the expected value is the same as, and/or similar to the response value.

[0037] In response to the success of the authentication procedure, a wireless communication between the wireless communication apparatus 100 and the cellular network 10 is encrypted. This allows the wireless communication apparatus 100 to receive cellular communication services from the cellular network 10.

[0038] The server apparatus 300 performs each process related to the shared key described below.

Configuration of Wireless Communication Apparatus

[0039] FIG. 2 is a diagram illustrating a configuration of the wireless communication apparatus 100 according to an embodiment.

[0040] As illustrated in FIG. 2, the wireless communication apparatus 100 includes an antenna 110, a communicator 120, a controller 130, and a storage 140.

[0041] The antenna 110 transmits and receives radio signals to and from the base station 200. The communicator 120 performs wireless communication with the base station 200 via the antenna 110.

[0042] The communicator 120 supports at least one of the above-described mobile communication schemes. The communicator 120 receives the SIM information from the SIM management apparatus 600 through the wireless communication.

[0043] The controller 130 performs various types of processing and control in the wireless communication apparatus 100. The controller 130 includes at least one processor. The processor may include a baseband processor and a Central Processing Unit (CPU). The baseband processor performs modulation and demodulation, coding and decoding, and the like of a baseband signal. The CPU performs various types of processing by executing programs stored in the storage 140. The controller 130 stores the SIM information received by the communicator 120 in the storage 140.

[0044] The storage 140 stores the programs to be executed by the controller 130, and information and data to be used for the processing by the controller 130. The storage 140 includes a volatile memory and a non-volatile memory.

[0045] The storage 140 includes a SIM information region provided to store the SIM information received by the communicator 120. The non-volatile memory includes the SIM information region.

[0046] The controller 130 receives the cellular communication service from the communication operator corresponding to the SIM information by using the SIM information stored in the SIM information region.

[0047] When the SIM information is not stored in the SIM information region, the controller 130 is basically incapable of receiving the cellular communication service, but is capable of receiving some restricted cellular communication services. For example, when the SIM information is not stored in the SIM information region, the wireless communication apparatus 100 can establish an unencrypted wireless connection with the cellular network 10 as described below.

Base Station

[0048] FIG. 3 is a diagram illustrating a configuration of the base station 200 according to an embodiment.

[0049] As illustrated in FIG. 3, the base station 200 includes an antenna 210, a communicator 220, a controller 230, a storage 240, and a backhaul communicator 250.

[0050] The antenna 210 transmits and receives radio signals to and from the wireless communication apparatus 100. The communicator 220 performs wireless communication of the wireless communication apparatus 100 via the antenna 210.

[0051] The communicator 220 supports at least one of the above-described mobile communication schemes.

[0052] The controller 230 performs various types of processing and control in the base station 200. The controller 230 includes at least one processor. The processor may include a baseband processor and a CPU. The baseband processor performs modulation and demodulation, coding and decoding, and the like of a baseband signal. The CPU performs various types of processing by executing programs stored in the storage 240.

[0053] The storage 240 stores the programs to be executed by the controller 230, and information and data to be used for the processing by the controller 230.

[0054] The backhaul communicator 250 is connected to the core network apparatus 400 via an interface between the base station and the core network. The backhaul communicator 250 is connected to a neighboring base station via an inter-base station interface.

Core Network Apparatus

[0055] The core network apparatus 400 according to an embodiment will be described. FIG. 4 is a diagram illustrating a configuration of the core network apparatus 400 according to an embodiment.

[0056] As illustrated in FIG. 4, the core network apparatus 400 includes a controller 430, a storage 440, and a backhaul communicator 450.

[0057] The controller 430 performs various types of processing and control in the core network apparatus 400. The controller 430 includes at least one processor.

[0058] The storage 440 stores the programs to be executed by the controller 430, and information and data to be used for the processing by the controller 430.

[0059] The backhaul communicator 450 is connected to the base station 200 via the interface between the base station and the core network.

Server Apparatus

[0060] The server apparatus 300 according to an embodiment will be described. FIG. 5 is a diagram illustrating a configuration of the server apparatus 300 according to an embodiment.

[0061] As illustrated in FIG. 5, the server apparatus 300 includes a controller 330, a storage 340, and a backhaul communicator 350.

[0062] The controller 330 performs various types of processing and control in the server apparatus 300. The controller 330 includes at least one processor. The processor executes the programs stored in the storage 340 to perform various types of processing.

[0063] The storage 340 stores the programs to be executed by the controller 330, and information and data to be used for the processing by the controller 330.

[0064] The backhaul communicator 350 is connected to each of the base station 200, the core network apparatus 400, and the authentication apparatus 500 via predetermined interfaces.

[0065] The wireless communication apparatus 100 configured as described above needs to access the SIM management apparatus 600 to acquire the available SIM information when the SIM information is not stored in the storage 140, or when the SIM information stored in the storage 140 is not available. Here, “the SIM information is not available” means that the communication operator corresponding to the SIM information is not a communication operator in a region (country) where the wireless communication apparatus 100 is located, that the subscriber corresponding to SIM information has canceled the contract, and the like.

[0066] The wireless communication apparatus 100 needs to perform the authentication procedure with the cellular network 10 (authentication apparatus 500) to establish an encrypted wireless connection with the cellular network 10 in order to access the SIM management apparatus 600.

[0067] However, since the wireless communication apparatus 100 does not hold the available SIM information (or the available SIM information is not stored in the storage 140), the wireless communication apparatus 100 does not have the shared key necessary to perform the authentication procedure, and cannot perform the authentication procedure.

[0068] The embodiment is an embodiment for solving such a problem.

[0069] In an embodiment, the wireless communication apparatus 100 transmits predetermined information for calculating the shared key to the server apparatus 300 in the cellular network 10 through a first wireless connection, which is unencrypted, with the cellular network 10. The wireless communication apparatus 100 calculates the shared key based on the predetermined information.

[0070] The server apparatus 300 receives the predetermined information through the first wireless connection, and calculates the shared key based on the received predetermined information. The server apparatus 300 transmits the calculated shared key to the authentication apparatus 500. The authentication apparatus 500 stores the shared key.

[0071] This allows the shared key to be shared between the wireless communication apparatus 100 and the authentication apparatus 500.

[0072] The wireless communication apparatus 100 establishes a second wireless connection, which is encrypted, with the cellular network 10 by performing the shared key based authentication procedure with the authentication apparatus 500.

[0073] The wireless communication apparatus 100 accesses the SIM management apparatus 600 through the second wireless connection and receives available SIM information from the SIM management apparatus 600.

[0074] This allows the wireless communication apparatus 100, which holds no available SIM information, to acquire available SIM information from the SIM management apparatus 600.

[0075] The predetermined information is transmitted through the first wireless connection unencrypted, and may be intercepted by another wireless communication apparatus 100 (a wireless communication apparatus 100 which is not transmitting the predetermined information). Once having intercepted the predetermined information, another wireless communication apparatuses 100 can perform the shared key based authentication procedure, which negatively affects security of the cellular network 10.

[0076] The server apparatus 300 sets a validity period for the shared key, and when the validity period expires, the server apparatus 300 transmits a request to delete the shared key to the authentication apparatus 500. Thus, while the predetermined information is intercepted by another wireless communication apparatus 100, the security of the cellular network 10 is not negatively affected after the validity period expires.

Operation Example

[0077] FIG. 6 is a diagram illustrating an operation example of a mobile communication system according to an embodiment.

[0078] In step S101, the wireless communication apparatus 100 (controller 130) determines whether the available SIM information is stored in the storage 140. Here, when the SIM information is not stored in the storage 140 or the SIM information stored in the storage 140 is not available, the wireless communication apparatus 100 determines that the available SIM information is not stored in the storage 140, and proceeds to the processing of step S102.

[0079] In step S102, the wireless communication apparatus 100 (controller 130) performs a connection procedure with the base station 200, and establishes the first wireless connection. The first wireless connection is an unencrypted connection. For example, in the connection procedure, the wireless communication apparatus 100 notifies the base station 200 that the wireless communication apparatus 100 wants to establish a wireless connection for transmitting the predetermined information for generating the shared key. The base station 200 (core network apparatus 400) completes the connection procedure without performing the authentication procedure and establishes an unencrypted first wireless connection.

[0080] In step S103, the wireless communication apparatus 100 (communicator 120) transmits the predetermined information to the server apparatus 300.

[0081] The predetermined information includes at least random number information indicating a random number calculated in the wireless communication apparatus 100. The predetermined information may further include information indicating a time (current time) when the predetermined information is transmitted. The random number may have a format of IMSI. The random number having the format of IMSI may be used in the authentication procedure (the AKA procedure described above) as the temporary subscriber identification information of the wireless communication apparatus 100.

[0082] In step S104, the wireless communication apparatus 100 (controller 130) calculates the shared key based on the predetermined information.

[0083] In step S105, the server apparatus 300 (controller 430) calculates the shared key based on the predetermined information.

[0084] Here, the wireless communication apparatus 100 and the server apparatus 300 calculate the shared key by applying the same algorithm to the predetermined information. Such an algorithm may be shared in advance between the wireless communication apparatus 100 and the server apparatus 300. The server apparatus 300, in response to receiving the predetermined information, may notify the wireless communication apparatus 100 of the algorithm.

[0085] In step S106, the wireless communication apparatus 100 (controller 130) stores the calculated shared key in the storage 140. When the random number based on when the shared key is calculated has the format of IMSI, the wireless communication apparatus 100 stores the random number, as the subscriber identification information of the wireless communication apparatus 100, in association with the shared key.

[0086] In step S107, the server apparatus 300 transmits the calculated shared key to the authentication apparatus 500. When the random number based on when the shared key is calculated has the format of IMSI, the server apparatus 300 transmits the random number as the subscriber identification information of the wireless communication apparatus 100 together with the shared key. The server apparatus 300, in response to transmitting the shared key, sets the validity period for the shared key, and starts a first timer having a first timer value equal to a length of the validity period.

[0087] In step S108, the authentication apparatus 500 stores the shared key. When the random number (subscriber identification information) is transmitted together with the shared key in step S107, the authentication apparatus 500 stores the shared key in association with the random number.

[0088] In accordance with the processing of steps S102 to S108, the shared key is shared between the wireless communication apparatus 100 and the authentication apparatus 500.

[0089] In step S109, the wireless communication apparatus 100 releases the first wireless connection.

[0090] In step S110, the wireless communication apparatus 100 establishes the second wireless connection (encrypted wireless connection) with the base station 200.

[0091] Specifically, the wireless communication apparatus 100 performs the shared key based authentication procedure with the authentication apparatus 500 during the connection procedure with the base station 200. This allows the second wireless connection encrypted to be established between the wireless communication apparatus 100 and the base station 200.

[0092] Here, when the wireless communication apparatus 100 stores the subscriber identification information in step S106, the wireless communication apparatus 100 may perform the AKA procedure described above as the authentication procedure.

[0093] In step S111, the server apparatus 300 transmits a request to delete the shared key to the authentication apparatus 500, in response to expiration of the first timer started in step S107.

[0094] In step S112, the authentication apparatus 500 deletes the shared key stored in step S108.

[0095] In step S113, the wireless communication apparatus 100 accesses the SIM management apparatus 600 through the second wireless connection to acquire the available SIM information from the SIM management apparatus 600. The wireless communication apparatus 100 uses the acquired SIM information to receive the cellular communication service from the communication operator corresponding to the SIM information.

[0096] In the operation example described above, after the server apparatus 300 performs the processing in step S107, the server apparatus 300 may transmit information indicating a second timer value smaller than the first timer value to the wireless communication apparatus 100 through the first wireless connection. The wireless communication apparatus 100 starts the second timer having the second timer value in response to receiving the information, and performs the processing of step S110 to step S111 before the second timer expires. Accordingly, the wireless communication apparatus 100 can establish the second wireless connection before the shared key is deleted in the authentication apparatus 500.

Other Embodiments

[0097] In the embodiment described above, the server apparatus 300 is separate from the base station 200, but the server apparatus 300 and the base station 200 may constitute a single network apparatus. In this case, the processing performed by the server apparatus 300 in the above-described embodiment may be performed by the base station 200.

[0098] In the embodiment described above, the server apparatus 300 is separate from the core network apparatus 400, but the server apparatus 300 and the core network apparatus 400 may constitute a single network apparatus. In this case, the processing performed by the server apparatus 300 in the above-described embodiment may be performed by the core network apparatus 400.

[0099] A program that causes a computer to execute each of the processing operations according to the embodiments described above may be provided. The program may be recorded in a computer readable medium. Use of the computer readable medium enables the program to be installed on a computer. Here, the computer readable medium on which the program is recorded may be a non-transitory recording medium. The non-transitory recording medium is not particularly limited, and may be, for example, a recording medium such as a CD-ROM or a DVD-ROM.

[0100] Embodiments have been described above in detail with reference to the drawings, but specific configurations are not limited to those described above, and various design variation can be made without departing from the gist of the present disclosure.

Reference Signs

[0101] 1: Mobile communication system [0102] 10: Cellular network [0103] 100: Wireless communication apparatus [0104] 110: Antenna [0105] 120: Communicator [0106] 130: Controller [0107] 140: Storage [0108] 200: Base station [0109] 210: Antenna [0110] 220: Communicator [0111] 230: Controller [0112] 240: Storage [0113] 250: Backhaul communicator [0114] 300: Server apparatus [0115] 330: Controller [0116] 340: Storage [0117] 350: Backhaul communicator [0118] 400: Core network apparatus [0119] 430: Controller [0120] 440: Storage [0121] 450: Backhaul communicator [0122] 450: Backhaul communicator [0123] 600: SIM management apparatus

WIRELESS COMMUNICATION APPARATUS AND SERVER APPARATUS

Assignee

Inventors

Cpc classification

Classification Explorer

H04W8/20

ELECTRICITY

Classification Explorer

H04W12/041

ELECTRICITY

Classification Explorer

H04W12/06

ELECTRICITY

Classification Explorer

H04W12/0431

ELECTRICITY

Classification Explorer

H04W76/15

ELECTRICITY

Classification Explorer

H04W12/04

ELECTRICITY

Classification Explorer

H04W12/069

ELECTRICITY

Classification Explorer

H04W76/34

ELECTRICITY

Classification Explorer

H04W92/08

ELECTRICITY

Classification Explorer

H04W12/72

ELECTRICITY

Classification Explorer

H04W76/10

ELECTRICITY

International classification

Classification Explorer

H04W12/069

ELECTRICITY

Classification Explorer

H04W76/15

ELECTRICITY

Classification Explorer

H04W12/72

ELECTRICITY

Abstract

Claims

Description