JP2009094940A - Roaming system, roaming method, and, terminal identification method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a roaming system for protecting privacy. <P>SOLUTION: Both a server and a terminal share a first hash function H and an initial value S(k, 0) unique to each terminal. At the server and the terminal, respectively, a temporary ID is calculated on the basis of a value S(k, i) obtained by hashing the initial value S(k, 0) with the first hash function H (i) times, the same temporary ID is calculated at the server and the terminal by performing hashing the same number of times in the server and the terminal, and the temporary ID is used to identify the terminal. When the terminal performs roaming, a destination server receives the number of times of hashing from a server of a home network, the same temporary ID is calculated at the destination server and the terminal by performing hashing the same number of times in the destination server and the terminal, and the temporary ID is used to identify the terminal. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a roaming technology between public wireless network operators such as mobile phones, and more particularly to a roaming technology that can protect privacy by making it difficult to track a terminal ID.

In general, when roaming between public wireless NW providers such as mobile phones, communication is performed using a fixed terminal ID that can be uniquely identified across the providers (for example, see Non-Patent Document 1).
Practical Introductory Network IMS (IP Multimedia Subsystem) Standard Text-NGN Core Technology, Publisher: Rick Telecom, ISBN4897976456

  However, when a fixed terminal ID is used, tracking the fixed terminal ID may cause a privacy infringement problem, such as the movement status being tracked by a third party by eavesdropping on the wireless section. is there.

  The present invention has been made in view of such circumstances, and an object thereof is to provide a roaming system that can protect privacy.

  The present invention has been made to solve the above-described problems. The invention according to claim 1 is a home network server that accommodates a terminal and a home network that accommodates the terminal, and the network identifier is a home network identifier. A roaming system comprising a server and a roaming network server that is a roaming destination of the terminal, the network identifier being a roaming network identifier, wherein the home network server, the roaming network server, and the terminal Means that the first hash function H is stored in advance in each of the terminals, and the terminal has the home network identifier, a predetermined initial temporary ID hash type unique to the terminal, and the initial temporary ID hash type. Based on the initial temporary ID generated in advance to be unique in the home network and the number of times the initial temporary ID hash type is hashed. A terminal storage unit that stores a temporary ID hash count; a roaming detection unit that detects that the terminal has entered the range of the roaming network based on the home network identifier and the roaming network identifier; and the roaming A terminal authentication request transmission unit that associates the home network identifier read from the terminal storage unit with an initial temporary ID and transmits it as a terminal authentication request when the detection unit detects that the terminal has entered the roaming range. The roaming network server receives the terminal authentication request, and receives the initial temporary ID included in the received terminal authentication request based on the home network identifier included in the received terminal authentication request. A terminal authentication request transfer unit that transfers to a network server, and the home network server uniquely identifies the terminal in all networks An ID management storage unit that stores the initial temporary ID hash type, the temporary ID hash count, and the initial temporary ID in association with each other, and the received initial temporary ID in response to receiving the initial temporary ID. The real ID detection unit that reads and detects the real ID corresponding to the real ID, the real ID detected by the real ID detection unit, the temporary ID hash count and the initial temporary ID hash type corresponding to the real ID And a terminal authentication response transmitting unit that transmits the terminal authentication response as a terminal authentication response in association with the ID management storage unit, and the roaming network server receives the terminal authentication response from the roaming network server, Next temporary ID generation that generates a temporary ID based on the temporary ID hash count, the initial temporary ID hash type, and the first hash function H included in the terminal authentication response Authentication, a temporary ID generated by the NEXT temporary ID generation unit, and a temporary ID hash number that is the number of hashes that the NEXT temporary ID generation unit has generated the temporary ID as a terminal authentication response to the terminal. A temporary transmission ID included in the terminal authentication response, the terminal receiving the terminal authentication response from the roaming network server and receiving the temporary ID hash count stored in the terminal storage unit. A terminal temporary ID that is updated with the hash count and generates a temporary ID by hashing the initial temporary ID hash type read from the terminal storage section with the first hash function H by the temporary ID hash count read from the terminal storage section. A generating unit, and the terminal and the roaming network server identify each other by determining that the generated temporary IDs match each other. It is roaming system characterized.

  According to a second aspect of the present invention, the roaming network server includes an ID management unit that stores a temporary ID of a roamed terminal in the roaming network, and the NEXT temporary ID generation unit includes the ID management unit. The temporary ID hash count is updated so as not to match the temporary ID stored in the temporary ID to generate the temporary ID, and the terminal and the roaming network server determine the generated temporary ID and the home network identifier. 2. The roaming system according to claim 1, wherein the roaming system identifies each other by transmitting and receiving as a pair and determining that the pair of the generated temporary ID and the home network identifier matches each other.

  According to a third aspect of the present invention, the roaming network server includes an ID management unit that stores a temporary ID of a roamed terminal in the roaming network, and the NEXT temporary ID generation unit includes the ID management unit. The temporary ID hash count is updated so as not to match the temporary ID stored in the temporary ID to generate the temporary ID, and the terminal and the roaming network server determine that the generated temporary ID and the terminal are roaming terminals. A pair of roaming terminal identifiers indicating whether or not there is a pair is transmitted and received, and the pair of the generated temporary ID and the roaming terminal identifier is determined to match each other, thereby identifying each other. The roaming system according to Item 1.

  According to a fourth aspect of the present invention, the roaming network server includes an ID management unit that stores a temporary ID of a roamed terminal in the roaming network, and the NEXT temporary ID generation unit includes the ID management unit. The temporary ID hash count is set so that it does not match the temporary ID stored in the ID and includes identification information, which is information indicating whether the terminal is a roaming terminal, as part of the temporary ID. The roaming system according to claim 1, wherein the temporary ID that is updated and unique in the roaming network is generated.

  According to a fifth aspect of the present invention, the roaming network server includes an ID management unit that stores temporary IDs of all terminals in the roaming network, and the NEXT temporary ID generation unit includes the ID management unit. The roaming system according to claim 1, wherein the temporary ID hash number is updated so as not to match the temporary ID stored in the roaming network to generate the temporary ID that is unique in the roaming network. .

  According to a sixth aspect of the present invention, the terminal storage unit of the terminal includes the home network identifier, the initial temporary ID hash type, the initial temporary ID, the temporary ID hash count, the initial temporary ID hash type, and a logical operation. The initial registration count, which is information for generating a new initial temporary ID hash type, is stored, and the ID management storage unit of the home network server stores the main ID, the initial temporary ID hash type, and the temporary ID. The hash count, the initial temporary ID, and the initial registration count are stored in association with each terminal, and the terminal authentication response transmission unit of the home network server includes the initial registration count corresponding to the real ID in the terminal authentication response. NEXT temporary ID generation unit of the roaming network server receives the terminal authentication response, and receives the initial temporary ID hash type included in the received terminal authentication response. A logical operation is performed based on the initial registration count included in the answer to generate a new initial temporary ID hash type, the temporary ID is generated based on the generated initial temporary ID hash type, and a terminal authentication response of the roaming network server The transmission unit transmits a terminal authentication response including the initial registration count included in the received terminal authentication response to the terminal, and the terminal temporary ID generation unit of the terminal receives the terminal authentication response from the roaming network server. Then, the initial temporary ID hash type read from the terminal storage unit is logically calculated based on the initial registration count included in the received terminal authentication response to generate a new initial temporary ID hash type, and the generated initial temporary ID hash type 6. The roaming system according to claim 1, wherein the temporary ID is generated based on a seed.

  The invention according to claim 7 is a terminal, a home network server that accommodates the terminal, a home network server whose network identifier is a home network identifier, and a roaming network server that is a roaming destination of the terminal, A roaming system having a roaming network server whose network identifier is a roaming network identifier, wherein the home network server, the roaming network server, and the terminal store a first hash function H in advance therein. The terminal is generated in advance so as to be unique in the home network based on the home network identifier, a predetermined initial temporary ID hash type unique to the terminal, and the initial temporary ID hash type. A terminal storage unit for storing the initial temporary ID and the temporary ID hash count that is the number of times to hash the initial temporary ID hash type; A roaming detection unit for detecting that the terminal has entered the range of the roaming network based on the network network identifier and the roaming network identifier, and that the roaming detection unit has entered the roaming range of the terminal. A terminal authentication request transmission unit that associates the home network identifier read from the terminal storage unit with the initial temporary ID and transmits it as a terminal authentication request, and the roaming network server includes the terminal authentication. A terminal authentication request transfer unit that receives a request and transfers an initial temporary ID included in the received terminal authentication request to the home network server based on a home network identifier included in the received terminal authentication request; The home network server uniquely identifies the terminal in all networks, the initial temporary ID hash type, the temporary ID hash count, and the previous An ID management storage unit that associates an initial temporary ID with each terminal and stores the initial temporary ID, and in response to receiving the initial temporary ID, reads the main ID corresponding to the received initial temporary ID from the ID management storage unit. A real ID detection unit to be detected, a temporary ID hash count corresponding to the real ID detected by the real ID detection unit, and an initial temporary ID hash type are read from the ID management storage unit, and the read temporary ID hash count and initial A NEXT temporary ID generation unit that generates a temporary ID unique in the home network that is different from the temporary ID stored in the ID management storage unit, based on the temporary ID hash type and the first hash function H; The terminal authentication response includes the temporary ID generated by the NEXT temporary ID generation unit and the temporary ID hash number that is the number of hashes generated by the NEXT temporary ID generation unit. A terminal authentication response transmission unit for transmitting, and the roaming network server has a terminal authentication response transfer unit for transferring a terminal authentication response received from the home network server to the terminal, and the terminal Receiving the terminal authentication response, updating the temporary ID hash count stored in the terminal storage unit with the temporary ID hash count included in the received terminal authentication response, and only the temporary ID hash count read from the terminal storage unit A terminal temporary ID generation unit that generates a temporary ID by hashing the initial temporary ID hash type read from the terminal storage unit with the first hash function H, and the terminal and the roaming network server include By transmitting and receiving the generated temporary ID and the home network identifier as a set, and determining that the set of the generated temporary ID and the home network identifier match each other, Identifying a have a roaming system, characterized in that.

  According to an eighth aspect of the present invention, the terminal storage unit of the terminal includes the home network identifier, the initial temporary ID hash type, the initial temporary ID, the temporary ID hash count, the initial temporary ID hash type, and a logical operation. The initial registration count, which is information for generating a new initial temporary ID hash type, is stored, and the ID management storage unit of the home network server stores the main ID, the initial temporary ID hash type, and the temporary ID. The hash number, the initial temporary ID, and the initial registration number are associated with each other and stored for each terminal, and the NEXT temporary ID generation unit of the home network server corresponds to the temporary ID hash detected by the main ID detection unit. The number of times, the initial temporary ID hash type, and the initial registration number are read from the ID management storage unit, and the read initial temporary ID hash type is logically calculated based on the read initial registration number. A temporary initial ID hash type is generated, the temporary ID is generated based on the generated initial temporary ID hash type, and the terminal authentication response transmission unit of the home network server includes the read initial registration count A terminal that transmits a terminal authentication response transmission unit, a terminal temporary ID generation unit of the terminal receives the terminal authentication response, and receives the temporary ID hash count and initial registration count stored in the terminal storage unit The temporary ID hash number and the initial registration number included in the authentication response are updated, and the initial temporary ID hash type read from the terminal storage unit is logically calculated based on the initial registration number read from the terminal storage unit, and a new initial temporary The roaming system according to claim 7, wherein an ID hash type is generated, and the temporary ID is generated based on the generated initial temporary ID hash type.

  The invention according to claim 9 is a terminal, a home network server that accommodates the terminal, a home network server whose network identifier is a home network identifier, and a roaming network server that is a roaming destination of the terminal, A roaming system having a roaming network server whose network identifier is a roaming network identifier, wherein the home network server, the roaming network server, and the terminal store a first hash function H in advance therein. The terminal is generated in advance so as to be unique in the home network based on the home network identifier, a predetermined initial temporary ID hash type unique to the terminal, and the initial temporary ID hash type. A terminal storage unit for storing the initial temporary ID and the temporary ID hash count that is the number of times to hash the initial temporary ID hash type; A roaming detection unit for detecting that the terminal has entered the range of the roaming network based on the network network identifier and the roaming network identifier, and that the roaming detection unit has entered the roaming range of the terminal. A terminal authentication request transmission unit that associates the home network identifier read from the terminal storage unit with the temporary ID and transmits the terminal authentication request as a terminal authentication request, and the roaming network server includes the terminal authentication request And a terminal authentication request transfer unit that transfers a temporary ID included in the received terminal authentication request to the home network server based on a home network identifier included in the received terminal authentication request. The network server uniquely identifies the terminal in all networks, the initial temporary ID hash type, the temporary ID hash count, and the temporary ID. ID management storage unit that associates and stores the ID for each terminal, and a main ID detection unit that reads and detects the real ID corresponding to the received temporary ID from the ID management storage unit in response to receiving the temporary ID And the real ID detected by the real ID detection unit, the number of temporary ID hashes corresponding to the real ID, and the initial temporary ID hash type are read from the ID management storage unit and associated and transmitted as a terminal authentication response A response transmission unit, wherein the roaming network server receives the terminal authentication response from the roaming network server, the temporary ID hash count and the initial temporary ID hash type included in the received terminal authentication response, A NEXT temporary ID generation unit that generates a temporary ID based on the first hash function H, a temporary ID generated by the NEXT temporary ID generation unit, and the NEXT temporary ID generation unit Includes a terminal authentication response transmission unit that transmits a temporary ID hash number that is the number of hashes generated as the temporary ID to the terminal as a terminal authentication response, and the terminal transmits the terminal authentication response to the roaming network server. And the temporary ID hash count stored in the terminal storage unit is updated with the temporary ID hash count included in the received terminal authentication response, and the terminal storage unit is updated by the temporary ID hash count read from the terminal storage unit. A terminal temporary ID generation unit that generates a temporary ID by hashing the initial temporary ID hash type read from the first hash function H, and the terminal and the roaming network server generate the generated temporary ID. The roaming system is characterized by discriminating each other by determining that they match each other.

  According to a tenth aspect of the present invention, the terminal storage unit of the terminal includes the home network identifier, the initial temporary ID hash type, the initial temporary ID, the temporary ID hash count, the initial temporary ID hash type, and a logical operation. The initial registration count, which is information for generating a new initial temporary ID hash type, is stored, and the ID management storage unit of the home network server stores the main ID, the initial temporary ID hash type, and the temporary ID. The hash count, the initial temporary ID, and the initial registration count are stored in association with each terminal, and the terminal authentication response transmission unit of the home network server includes the initial registration count corresponding to the real ID in the terminal authentication response. The NEXT temporary ID generation unit of the roaming network server receives the terminal authentication response, and receives the initial temporary ID hash type included in the received terminal authentication response. A logical operation is performed based on the number of initial registrations included in the response to generate a new initial temporary ID hash type, the temporary ID is generated based on the generated initial temporary ID hash type, and a terminal authentication response of the roaming network server The transmission unit transmits a terminal authentication response including the initial registration count included in the received terminal authentication response to the terminal, and the terminal temporary ID generation unit of the terminal receives the terminal authentication response from the roaming network server. Then, the initial temporary ID hash type read from the terminal storage unit is logically calculated based on the initial registration count included in the received terminal authentication response to generate a new initial temporary ID hash type, and the generated initial temporary ID hash type The roaming system according to claim 9, wherein the temporary ID is generated based on a seed.

  According to an eleventh aspect of the present invention, in response to the fact that the roaming network server has received the authentication completion from the terminal, the terminal information notification including the real ID corresponding to the terminal and the number of initial registrations in the received authentication completion And the ID management storage corresponding to the real ID included in the received terminal information notification when the roaming network server receives the terminal information notification. 11. The roaming system according to claim 10, further comprising: an initial registration number updating unit configured to update the initial registration number stored in the unit to the initial registration number included in the received terminal information notification.

  In the invention described in claim 12, the terminal authentication response transmission unit of the home network server transmits the set of the main ID detected by the main ID detection unit and the temporary ID included in the terminal authentication response, The roaming network server has a holding data storage unit that stores the real ID and the temporary ID included in the terminal authentication response received from the home network server in association with each other, and the roaming network server stores the data in the holding data storage unit The roaming system according to any one of claims 1 to 11, wherein information transmitted / received to / from the terminal is transmitted / received based on the real ID and the temporary ID.

  In the invention described in claim 13, the ID management storage unit of the home network server associates the roaming network identifier, the main ID, the initial temporary ID hash type, the temporary ID hash count, and the initial temporary ID. Stored for each terminal, and in response to the home network server receiving the terminal authentication request from the roaming network server, a communication connection between the roaming network server or a terminal authentication request transfer unit of the roaming network server A roaming network identifier detection unit that detects and acquires a roaming network identifier of the roaming network server based on the information; and a roaming network identifier of the ID management storage unit corresponding to the initial temporary ID included in the received terminal authentication request A roaming network recording unit that updates the roaming network identifier acquired by the roaming network identifier detection unit, When the roaming detection unit of the terminal detects movement of the terminal from the roaming network to the home network, the terminal authentication request transmission unit transmits the initial temporary ID as the terminal authentication request, and When the network server receives a terminal authentication request including only the initial temporary ID, the real ID corresponding to the initial temporary ID included in the received terminal authentication request and the roaming network identifier are received from the ID management storage unit. Terminal information that transmits a terminal information deletion request including the read main ID for deleting information related to the terminal identified by the read main ID to the roaming network server identified by the read roaming network identifier A deletion request unit, and the roaming network server receives the terminal information deletion request in response to receiving the terminal information deletion request. Terminal information deletion unit for deleting the information Murrell stored in the retained data storage unit corresponding to the ID, a roaming system according to claim 12, characterized in that it comprises a.

  In the invention described in claim 14, the home network server reports the home network identifier as a notification signal, the roaming network server reports the roaming network identifier as a notification signal, and the terminal stores the terminal storage. A network identifier that is a network identifier included in the previously received notification signal, and the roaming detection unit in response to receiving the notified network identifier; By sequentially determining whether or not the visited network identifier and the home network identifier read from the terminal storage unit match, movement of the terminal within the home network and from the home network to the roaming network Movement, from the roaming network to the home network, or from within the roaming network or from the roaming network to another roaming network. Detecting whether the mobile is roaming system of claim 13 claim 1, wherein the.

  In the invention described in claim 15, the home network server, the home network server, and the terminal each store a second hash function G in advance, and the NEXT temporary ID generation unit and the terminal 12. The roaming system according to claim 1, wherein the temporary ID generation unit further generates the temporary ID by hashing the generated temporary ID with the second hash function G. is there.

  The invention according to claim 16 is a terminal, a home network server that accommodates the terminal, a home network server whose network identifier is a home network identifier, and a roaming network server that is a roaming destination of the terminal, A roaming method used in a roaming system having a roaming network server in which the network identifier is a roaming network identifier, wherein the home network server, the roaming network server, and the terminal each have a first hash function H The terminal detects that the terminal has entered the range of the roaming network based on the home network identifier and the roaming network identifier, and detects the roaming network of the terminal. When it is detected that it has entered the area, the home network identifier, a predetermined initial temporary ID hash type unique to the terminal, A terminal storage that stores an initial temporary ID generated in advance so as to be unique in the home network based on an initial temporary ID hash type, and a temporary ID hash count that is the number of times the initial temporary ID hash type is hashed The home network identifier read from the unit and the initial temporary ID are associated and transmitted as a terminal authentication request, the roaming network server receives the terminal authentication request, and the initial temporary ID included in the received terminal authentication request is Transferring to the home network server based on the home network identifier included in the received terminal authentication request, and the home network server uniquely identifies the terminal in all networks in response to receiving the initial temporary ID ID tube for storing each real terminal, the initial temporary ID hash type, the temporary ID hash count, and the initial temporary ID in association with each other The real ID corresponding to the received initial temporary ID is read from the storage unit and detected, and the detected real ID, the temporary ID hash count and the initial temporary ID hash type corresponding to the real ID are stored in the ID management storage. And the roaming network server receives the terminal authentication response from the roaming network server, and the temporary ID hash count and the initial temporary ID hash included in the received terminal authentication response. A temporary ID is generated based on the seed and the first hash function H, and the generated temporary ID and the temporary ID hash count that is the hash count that generated the temporary ID are sent to the terminal as a terminal authentication response. And the terminal receives the terminal authentication response from the roaming network server and receives the temporary ID hash count stored in the terminal storage unit Update with the temporary ID hash number included in the terminal authentication response, and hash the initial temporary ID hash type read from the terminal storage unit by the temporary hash number read from the terminal storage unit with the first hash function H In the roaming method, a temporary ID is generated, and the terminal and the roaming network server identify each other by determining that the generated temporary IDs match each other.

  The invention according to claim 17 is a terminal identification method for identifying the terminal in communication via a network between a home network server and a terminal and a roaming network server and the terminal, wherein the home network server and the roaming network server And the terminal share the first hash function H in advance, and both the home network server and the terminal share the initial value S (k, 0) unique to each terminal in advance. In each of the network server and the terminal, a temporary ID is calculated based on a value S (k, i) obtained by hashing the initial value S (k, 0) i times with the first hash function H, and the home network server And the terminal, the same temporary ID is calculated by the home network server and the terminal, and the terminal is identified using the temporary ID. When the terminal roams to the roaming network server, the roaming network server receives the initial value S (k, 0) and the number of times of hashing from the home network server, and the roaming network server and the In each terminal, a temporary ID is calculated based on a value S (k, i) obtained by hashing the initial value S (k, 0) i times with the first hash function H, and the roaming network server, the terminal, The same temporary ID is calculated by the roaming network server and the terminal by using the same number of times of hashing between the terminals, and the terminal is identified using the temporary ID. .

  According to the present invention, even when roaming is performed, the roaming is realized by adding the information indicating the business operator belonging only when performing communication from the roaming network without using a fixed terminal ID. Communication is possible using the ID, and it is possible to protect the privacy of communication.

<Overview>
First, an outline of the present embodiment will be described. As a precondition, the wireless terminal performs communication using a temporary terminal ID (temporary ID) synchronized with the NW carrier when non-roaming. The temporary terminal ID is ensured unique only by the contracted NW carrier.

  Here, in the present embodiment, the wireless terminal detects that it is in a roaming network based on broadcast information from a wireless base station including an NW carrier identification code (network identifier) and the like. Next, the wireless terminal that has detected that it is in the roaming network performs registration and authentication processing using the belonging NW carrier identification code and temporary ID.

  Next, the NW carrier of the roaming network confirms authentication with respect to the NW carrier to which the wireless terminal belongs based on the NW carrier identification code transmitted from the wireless terminal. Next, when the validity is confirmed by the authentication by the belonging NW carrier, the NW carrier of the roaming network pays out the temporary ID managed by itself to the wireless terminal. Next, the wireless terminal whose authenticity is confirmed in the roaming network performs communication using the temporary ID paid out from the roaming network.

  As described above, in this embodiment, roaming is possible without using a fixed terminal ID for communication. In addition, a temporary ID is used even when roaming is performed because roaming is realized by adding information indicating the belonging NW carrier only when communicating from the roaming network without using a fixed terminal ID. Thus, communication can be performed, and the privacy of communication can be protected.

<Terminal identification method using temporary ID>
Embodiments of the present invention will be described below with reference to the drawings. First, a case where there is no roaming will be described for a terminal identification method using a temporary ID used in the present embodiment. Here, a case where the terminal is RFID (Radio Frequency Identification) will be described as an example of the terminal, but the terminal may be, for example, a mobile phone.

  First, the point of the terminal identification method using temporary ID is demonstrated. First, a bidirectional communication between the wireless terminal and the NW is assumed. When mutual authentication is performed, the ID management server calculates an increment d of i representing the ID generation together with the NW authentication information. The ID management server stores the increment d in the ID management DB (temporary ID reservation in the embodiment), and further notifies the wireless terminal (terminal authentication response in the embodiment), whereby the wireless terminal and the ID management server (ID management server) As for the storage destination in the server, both i on the ID management DB) increase by d, and S (k, i) of the wireless terminal and S (k, i) on the ID management server are always synchronized.

  The increment d of i must be calculated so that the new ID does not collide with the IDs of other wireless terminals already in use. Therefore, the ID management server arranged on the NW side registers the ID of the next wireless terminal to be used in the ID management DB. If it is detected that IDs collide when trying to newly register an already registered ID, registration in the ID management DB is rejected. If the IDs do not collide, they are registered in the ID management DB. If rejected, i is incremented to generate the next ID and re-register. The ID management server measures the number of increments of i until registration is successful, and sets it as the increment d of i.

  The wireless terminal that has been notified of the increase d in i generates a new ID by applying a hash function d times. Thereafter, i + d is set as a new i. In this way, a network unique temporary ID can be generated.

  Further, in the network between the ID management server and the wireless terminal, since the wireless terminal is identified by the temporary ID, it is difficult to track the wireless terminal even if the access network of the wireless terminal is wiretapped.

  Even when each wireless terminal transmits a variable ID according to time and prevents tracking of the wireless terminal, the same ID is not notified to the NW side from different wireless terminals at the same time. Thereby, on the NW side, it is possible to uniquely identify a wireless terminal and to prevent tracking, and to transfer to a necessary destination.

  In addition, in an access network that accommodates wireless terminals, since wireless terminals are identified by IDs that are variable according to the above time, tracking of wireless terminals becomes difficult.

  Next, a wireless identification method using a temporary ID used in this embodiment will be described. FIG. 1 is a schematic block diagram of a data communication system. The wireless terminal 101 is identified by a temporary ID, which is a temporary ID, and is identified by a real ID as a universal ID. The temporary ID and the real ID are unique for all wireless terminals, and a specific wireless terminal can be identified without fail.

  The wireless terminal 101 is a device that collects information such as sensors and transmits the information to the terminal 102 together with a temporary ID. At this time, the ID management server 103 is relayed, the ID management server 103 converts the temporary ID into the real ID, and the real ID and sensor data are transmitted to the terminal 102. Alternatively, sensor setting information or the like is transmitted from the terminal 102 together with the real ID, and the ID management server 103 converts the real ID into a temporary ID. The wireless terminal 101 is called by the temporary management ID from the ID management server. Sensor setting information and the like are received together with NW authentication information.

  The ID management server 103 accesses the ID management DB 104 to acquire a temporary ID from the real ID, acquire the real ID from the temporary ID, or generate a new temporary ID. The ID management DB 104 stores the correspondence between the real ID and the temporary ID. The wireless base station 105 terminates the wireless line of the wireless terminal 101 and connects to the network 108. The radio base station 105 and the ID management server 103 are connected to the network 108. In the network 108, the wireless terminal 101 is identified by a temporary ID. Accordingly, it is difficult to track the wireless terminal in the network 108 between the ID management server 103 and the wireless terminal 101 and the wireless section between the wireless base station 105 and the wireless terminal 101. The ID management server 103 and the terminal 102 are connected to the network 109. In the network 109, the wireless terminal is identified by this ID. Although communication to each wireless terminal can be captured in the network 109, the location of the wireless terminal cannot be tracked because it is not known which wireless base station is accommodated.

  For example, let us consider a case where the trajectory of a visitor at an event venue is tracked by RFID. In this case, the wireless terminal 101 is a sensor that can measure the position in the venue, an RFID tag associated with the sensor, and the like, which is added to the attendee card distributed to the event attendee. The location information of the visitors is transmitted from the RFID at regular intervals. The transmitted information is received by the wireless base station 105 installed in the event venue, and as the position (trajectory) of the visitors to the terminal 102 via the network 108, the ID management server 103, the ID management DB 104, and the network 108. Saved.

Based on the trajectory of the visitors, the terminal 102 can also send information related to the booth that visited the visitors to the mobile phone held by the visitors as an email.
It is also possible to check the booth where the visitor visited by the visitor by accessing the terminal 102 separately using a PC later.
Even in such an example, the privacy of what kind of booth the visitor has visited with respect to a third party is protected by the effect of the present embodiment.
Further, when an event attendee enters or leaves the venue, it is possible to perform transmission for setting the wireless terminal 101 from the terminal 102 and change the setting of the time interval transmitted by the wireless terminal 101. For example, it is possible to set the position sensor and RFID so that transmission is performed every minute when in the venue, and transmission is performed every five minutes when not in the venue.

  The method for calculating the temporary ID is shown in FIG. The wireless terminal 101 whose ID is k and the ID management server 103 share S (k, 0) (step S201). In FIG. 2, since the case where the real ID is k is shown, the subscript k is omitted. Each of the wireless terminal 101 and the ID management server 103 uses the hash function H to hash the hash type S (k, 0) i times, obtains S (k, i) (step S202), and hashes from S (k, i) A (k, i) hashed with the function G is used as a temporary ID (step S203). In this case, the wireless terminal 101 and the ID management server 103 (ID management DB 104) store k and S (k, i). Thereafter, in order to calculate a temporary ID (NEXT temporary ID) to be used next, S (k, i) is hashed d times with the hash function H to obtain S (k, i + d) (step S204). The a (k, i + d) hashed with the function G (step S205) is used as the NEXT temporary ID. The calculation for obtaining the NEXT temporary ID is performed independently by the wireless terminal 101 and the ID management server 103. In FIG. 2, the case where d is 1 is illustrated.

  FIG. 3 shows an example of the contents stored in the ID management DB 104. In the ID management DB 104, some combinations of the real ID and (temporary ID, temporary ID pointer, hash count), the latest hash type S (k, i), the initial hash type S (0, i), and the previous temporary ID are stored. The updated temporary ID update time is stored for each wireless terminal.

  FIG. 4 shows an update flow in which the ID management server 103 updates the temporary ID of a certain wireless terminal 101 after a certain number of communication times or after a certain time has elapsed. The ID management server 103 first connects to the ID management DB 104 and acquires the temporary ID hash type S (k, i) using the real IDk as a key (steps S401 and S402). Next, the hash type S (k, i) of the temporary ID is hashed once with the hash function H to generate S (k, i + 1), and by hashing it with the hash function G, a (k, i + 1) is obtained. Calculate (step S403). The calculated a (k, i + 1) is registered in the ID management DB 104 and a temporary ID is reserved (step S404). The ID management DB 104 compares the temporary IDs (a) of all the registered wireless terminals. If they do not match, the reservation is permitted, and if they match, the reservation is rejected, and the result is returned to the ID management server 103 (step S405). . If the ID management server 103 returns a reservation rejection, it further hashes S (k, i + 1) with the hash function H to calculate a (k, i + 2) (step S406), registers it in the ID management DB 104, Reserve an ID. In this way, the ID management server 103 hashes the hash function H until a temporary ID can be reserved in the ID management DB 104. When this hash count is d, the next NEXT temporary ID to be used is a (k, i + d). When the NEXT temporary ID is registered in the ID management DB 104, S (k, i + d) is set as a new hash type. In the next NEXT temporary ID, the new S (k, i) becomes S (k, i + d) and the above procedure is repeated.

  Each temporary ID has a temporary ID pointer. The temporary ID is associated with the temporary ID pointer and the hash count for generation and stored in the ID management DB (steps S407, S408, S409). The temporary ID pointer indicates that 0 is the temporary ID that should be used at present and -1 is the temporary ID of the previous time.

Next, FIG. 5 shows a procedure in which the ID management server 103 accesses the ID management DB 104 and searches for the real ID from the temporary ID, and a flow for updating the temporary ID information in the ID management DB 104.
The ID management server 103 transmits a real ID search request including a temporary ID to the ID management DB 104 (step S501). The ID management DB 104 that has received this ID search request collates with all temporary IDs in the ID management DB 104. If they match, the real ID is specified, and the previous temporary ID update time, the temporary ID pointer associated with the temporary ID, and the hash count are acquired (step S502). The acquired real ID, the previous temporary ID update time, the temporary ID pointer, and the hash count are used as parameters, and are sent to the ID management server 103 as a real ID search response (step S503). The ID management server 103 that has received this ID search response confirms the temporary ID pointer, and if the temporary ID pointer is 0 (if the previous temporary ID has been updated successfully), the old temporary ID deletion request is ID managed. The data is transmitted to the DB 104 (step S504), and the temporary ID whose pointer corresponding to the designated book ID is -1 is deleted (step S505). Thereafter, if the difference between the current time and the previous temporary ID update time is longer than the temporary ID update interval, a temporary ID generation flow (FIG. 4) is executed (step S506). The ID management server 103 determines the number of hashes for transfer to the wireless terminal 101 (step S507). When the temporary ID pointer is −1 (when the previous temporary ID update has failed), the hash count of the main ID search response received from the ID management server is set (step S508). If the difference between the current time and the previous temporary ID update time is shorter than the temporary ID update interval, the hash count is set to 0 (step S509). If the difference between the current time and the previous temporary ID update time is longer than the temporary ID update interval, the temporary ID is set. The number of hashes obtained in the generation flow (FIG. 4) is set (step S507).

  As described above, hashing is performed while the wireless terminal 101 and the ID management server 103 are synchronized. However, assuming an unstable communication path, the number of times of communication such as ACK failure, ACK failure, etc. Can not be perfectly synchronized. Therefore, the flow of the ID search flow in FIG. 5 is to detect and recover from one synchronization shift.

Next, how actual data communication is performed will be described.
First, FIG. 6 shows a case where data is uploaded from the wireless terminal 101 to the terminal 102. First, the wireless terminal 101 generates a wireless terminal authentication key (step S601). Thereafter, a terminal authentication request is transmitted to the terminal 102 using the temporary ID, wireless terminal authentication key, and data as parameters (step S602). In this case, the ID management server 103 that relays communication between the wireless terminal 101 and the terminal 102 is unclear as to which wireless terminal 101 that has transmitted the terminal authentication request is a legitimate terminal. Keep the data you put on hold. Thereafter, the ID management server 103 performs a real ID search according to the flow of FIG. 5 (step S603), and identifies the wireless terminal 101 that has sent the terminal authentication request by converting the temporary ID to the real ID (step S604). . If the temporary ID needs to be updated, the hash count d required for the update is obtained. Next, using this wireless terminal authentication key, it is confirmed that the specified wireless terminal is a valid sender. Next, it generates its own NW authentication key (step S605) and transmits it to the wireless terminal 101 as a terminal authentication response (step S606). The parameters of the terminal authentication response are temporary ID, NW authentication key, and hash count. As the hash count, the hash count determined by the ID management server in the ID search flow of FIG. 5 is used. Upon receiving the terminal authentication response (step S607), the wireless terminal 101 uses the NW authentication key to check the validity of the NW device (ID management server 103) that relayed the data. Thereafter, the completion of authentication is transmitted to the ID management server 103 (step S608). The ID management server 103 that has received the authentication completion transmits the data for the terminal 102 that has been suspended to the terminal 102 together with the real ID (step S609). In addition, the wireless terminal 101 hashes S (k, i) with the hash function H by the hash count d notified in the terminal authentication response, calculates S (k, i + d), and hashes it with the hash function G a (k, i + d) is set as a temporary ID to be used next (step S610). Thereafter, the new S (k, i) is set to S (k, i + d), and the above flow is repeated.

  Next, FIG. 7 shows a case where data is downloaded from the terminal 102 to the wireless terminal 101. Although it is basically the same as data upload, the terminal 102 transmits the real ID of the transmission destination wireless terminal 101 and transmission data to the ID management server 103 (step S701). The ID management server 103 converts the received real ID into a temporary ID (steps S702 and S703), uses the terminal call function of the radio base station 105 (step S704), and calls the temporary ID as a parameter (step S705). The wireless terminal 101 that has received the call accesses the terminal 102 in the same procedure as the data upload. The difference between Upload and Download is whether data is transmitted with a terminal authentication request or a terminal authentication response. If there are a plurality of temporary IDs for the same ID in the ID management DB 104, the ID management server 103 needs to call each temporary ID until the call is successful.

  As an example of Upload, it is conceivable that information from the sensor is transmitted from the wireless terminal 101 to the terminal 102. For example, when used for crime prevention, transmission is started from the wireless terminal 101 when the window glass is broken, and the security company detects an abnormality of the house where the wireless terminal 101 is located using the terminal 102. Further, it is possible to perform periodic temperature measurement and transmit the wireless terminal 101 to the terminal 102, and the terminal 102 can adjust the temperature around the wireless terminal 101 in accordance with the transmitted temperature.

  As an example of Download, setting of sensor measurement conditions and methods can be considered. For example, switching the sensor on and off. It is possible to set whether the measurement interval time of the sensor is performed every minute or every ten minutes. If the communication is performed when the temperature is more than once, a temperature threshold can be set.

  Note that the terminal 102, the ID management server 103, and the ID management DB 104 cannot confirm whether or not the hash count is correctly transmitted to the wireless terminal by the terminal authentication response. For this reason, the wireless terminal does not generate a temporary ID (step S610 is not executed), and the temporary ID of the temporary ID pointer 0 is used because the old temporary ID may be used in the next communication. Until, the temporary ID of the temporary ID pointer-1 described in the ID management DB 104 should not be deleted (the temporary ID of the temporary ID pointer-1 is deleted in step S505).

  In the above embodiment, the ID management server 103 and the ID management DB 104 have been described as separate devices. However, the present invention can also be applied to a case where the ID management server and the ID management DB are designed as a unit.

  Further, in the above embodiment, on both the server side (the ID management server 103 and the ID management DB 104) and the wireless terminal 101, as shown in FIG. A hash is performed (S (i + d)), and a (i + d) obtained by further hashing with the hash function G is used as a temporary ID. However, the hash function G is omitted on both the server side and the wireless terminal side, and S It is also possible to use (i + d) as a temporary ID. Even in this case, it is important to synchronize the number of times of hashing by the hash function H between the server side and the terminal side.

However, as described above, if the hash function G is omitted on both the server side and the wireless terminal side and only S (i) or S (i + d) is used as the temporary ID, the temporary ID S (i ), And then hashing the wireless communication, it may be easy to guess S (i + d), which is the next temporary ID.
Even in this case, it is possible to create a temporary ID that is difficult to track for a terminal from a third party by devising how to create a function as follows.
For example, the function is configured as the following Expression 1.

S (i + 1) = H (S (i) XOR (i + 1)) (Formula 1)

(Here, the function H is a function that hashes the factor with the hash function H, and the function XOR is a function that performs exclusive OR of the bit strings.)
In this configuration, i that does not flow to the wireless part is used to perform processing by the XOR function, and then hashing is performed. Therefore, even if a third party eavesdrops, it is difficult to estimate S (i + 1), which is the next temporary ID.
Such a configuration is not limited to XOR, and other functions are possible. The important point is that S (i), which is the current temporary ID, is not hashed as it is to create S (i + 1), which is the next temporary ID. In other words, preprocessing is performed with a function relating to the number of times i of the hash, which is a portion that does not flow, and then the next temporary ID is obtained by hashing the preprocessed temporary ID.
As described above, from S (i) which is the temporary ID, first, pre-processing is performed on the number of times i of the hash which does not flow to the wireless part, and the next temporary ID S (i + 1) is obtained by hashing this. By making it, it becomes possible to create a temporary ID that can be difficult to guess even if it is eavesdropped.

  As described above, the terminal identification method using the temporary ID is a terminal identification method for identifying a terminal in communication via a network between the server and one or more terminals. A hash function H and a unique initial value S (k, 0) for each terminal are shared, and the initial value S (k, 0) is hashed i times with the first hash function H in each of the server and the terminal. By calculating the temporary ID based on (k, i) and making the number of times of hashing between the server and the terminal the same, the same temporary ID is calculated on the server and the terminal, and the terminal is determined using the temporary ID. It is characterized by identifying.

  Further, the terminal identification method using the temporary ID is obtained by hashing the hashed value S (k, i) with the second hash function G shared between the server and the terminal at both the server and the terminal. The provisional ID is calculated.

  The terminal identification method using the temporary ID is based on the value S (k, i) obtained by hashing the initial value S (k, 0) i times with the first hash function H in each of the server and the terminal. Is calculated, the initial value S (k, 0) is preprocessed with respect to the number of times i of the hash, and the preprocessed initial value S (k, 0) is hashed i times with the first hash function H. Thus, a temporary ID is calculated.

  Further, the terminal identification method using the temporary ID is characterized in that the number of times of hashing is changed after a predetermined number of times of communication between the server and the terminal, or after a predetermined time has elapsed.

  The terminal identification method using a temporary ID is characterized in that after changing the number of times of hashing in the server, the server notifies the terminal of the number of times of hashing.

  The terminal identification method using a temporary ID is characterized in that the server holds the difference between the temporary ID before and after the change, and the hash count before and after the change.

  Also, in the terminal identification method using a temporary ID, when the temporary ID before the change is received at the server, the temporary ID is updated at the terminal by notifying the terminal of the difference in the number of hashes before and after the change. It is characterized by doing.

  Further, the terminal identification method using the temporary ID is characterized in that when the server receives the changed temporary ID, the temporary ID before the change held in the server is deleted.

  In addition, the terminal identification method using the temporary ID, when performing communication from the server to the terminal, sequentially uses one or more temporary IDs before and after the change of the terminal held in the server to the terminal. On the other hand, the server is requested to send a signal.

  The terminal identification method using a temporary ID is a temporary ID that does not compete with other terminals when the newly calculated temporary ID conflicts with the temporary ID of another terminal when the temporary ID is changed in the server. A new temporary ID is calculated by changing the number of times of hashing until it is calculated.

  Also, the terminal identification method using the temporary ID notifies the terminal of the hash count information for updating the temporary ID from the server to the terminal by authenticating the terminal using the terminal authentication key when communicating from the terminal to the server. It is characterized by that.

  In addition, the terminal identification method using the temporary ID performs the authentication of the server using the NW (network) authentication key when performing communication from the server to the terminal, thereby obtaining the temporary ID update signal received by the terminal. This is characterized in that it is reflected in the temporary ID change in the terminal.

  In addition, in a server that communicates with a terminal connected via a network, a storage unit that holds an initial value S (k, 0) that is the same as the initial value held in the terminal, and an initial value S that is held in the storage unit Provisional ID calculation means for calculating a temporary ID based on a value S (k, i) obtained by hashing (k, 0) with the hash function H, i times the same as the hash calculation in the terminal. The terminal is identified using the temporary ID calculated by the above.

  Further, in a terminal that communicates with a server connected via a network, a storage unit that holds an initial value S (k, 0) that is the same as the initial value held in the server, and an initial value S that is held in the storage unit Provisional ID calculation means for calculating a temporary ID based on a value S (k, i) obtained by hashing (k, 0) with the hash function H, i times the same as the hash calculation in the server. Communication with the server is performed using the temporary ID calculated by the above.

<Points of invention>
The “terminal identification method using a temporary ID” described above is a “terminal identification method using a temporary ID” in a data communication system by one NW carrier. In order to use this “terminal identification method using temporary ID” in a data communication system by a plurality of NW carriers, the terminal is identified by temporary ID in the roaming destination roaming network as well as the home network. To do.

  However, the information necessary for generating the temporary ID of the terminal (for example, information such as the temporary ID hash count) has only the home network. Therefore, the roaming network receives information necessary for generating a temporary ID corresponding to the roamed terminal from the home network in response to the terminal roaming, and generates a temporary ID based on the received information. To identify the roamed terminal.

  However, since the temporary ID is generated so as to have uniqueness only in the home network, the temporary ID is generated so that the uniqueness can be secured even in the roaming network, and the terminal is identified by the temporary ID having this uniqueness. Alternatively, the temporary ID and other identification information are paired, and the pair ensures uniqueness in the roaming network, and the terminal is identified by the pair having this uniqueness.

  The above content will be described in detail as follows. First, in a terminal identification method for identifying a terminal in communication via a network between a home network server and a terminal and a roaming network server and a terminal, the first hash function is used in both the home network server, the roaming network server, and the terminal. H is shared in advance, and both the home network server and the terminal share the initial value S (k, 0) unique to each terminal in advance, and the home network server and the terminal respectively set the initial value S (k, 0) By calculating the temporary ID based on the value S (k, i) hashed i times by the first hash function H and making the number of times of hashing between the home network server and the terminal equal, The same temporary ID is calculated at the terminal, and the terminal is identified using the temporary ID.

  Here, when the terminal roams to the roaming network server, the roaming network server receives the initial value S (k, 0) and the number of times of hashing from the home network server. A temporary ID is calculated based on a value S (k, i) obtained by hashing S (k, 0) i times with the first hash function H, and the number of times of hashing between the roaming network server and the terminal is the same. Thus, the same temporary ID is calculated by the roaming network server and the terminal, and the terminal is identified using the temporary ID.

<Details of the points of the invention>
First, details of the points of the invention will be described. The roaming system is a terminal, a home network server that accommodates the terminal, a home network server whose network identifier is a home network identifier, and a roaming network server that is a roaming destination of the terminal, and the network identifier is a roaming network identifier And a roaming network server. Here, the home network server, the home network server, and the terminal each store the first hash function H in advance.

  The terminal includes a terminal storage unit, a roaming detection unit, and a terminal temporary ID generation unit. The terminal storage unit includes a home network identifier, a predetermined initial temporary ID hash type unique to the terminal, and an initial temporary ID generated in advance so as to be unique in the home network based on the initial temporary ID hash type. And the temporary ID hash count which is the number of times the initial temporary ID hash type is hashed.

  The roaming detection unit detects that the terminal has entered the roaming network based on the home network identifier and the roaming network identifier. When the roaming detection unit detects that the roaming detection unit has entered the roaming range of the terminal, the terminal authentication request transmission unit associates the home network identifier read from the terminal storage unit with the initial temporary ID, and transmits it as a terminal authentication request .

  The terminal temporary ID generation unit receives the terminal authentication response from the roaming network server, updates the temporary ID hash count stored in the terminal storage unit with the temporary ID hash count included in the received terminal authentication response, and the terminal storage unit A temporary ID is generated by hashing the initial temporary ID hash type read from the terminal storage unit with the first hash function H by the number of temporary ID hashes read from.

  The home network server includes a main ID detection unit, an ID management storage unit, and a terminal authentication response transmission unit. The ID management storage unit stores the main ID for uniquely identifying the terminal in all networks, the initial temporary ID hash type, the temporary ID hash count, and the initial temporary ID in association with each terminal.

  The real ID detection unit reads and detects the real ID corresponding to the received initial temporary ID from the ID management storage unit in response to receiving the initial temporary ID. The terminal authentication response transmission unit reads out the real ID detected by the real ID detection unit, the number of temporary ID hashes corresponding to the real ID, and the initial temporary ID hash type from the ID management storage unit and transmits them as a terminal authentication response. To do.

  The roaming network server includes a terminal authentication request transfer unit, a NEXT temporary ID generation unit, and a terminal authentication response transmission unit. The terminal authentication request transfer unit receives the terminal authentication request and transfers the initial temporary ID included in the received terminal authentication request to the home network server based on the home network identifier included in the received terminal authentication request.

  The NEXT temporary ID generation unit receives a terminal authentication response from the roaming network server, and based on the temporary ID hash count, the initial temporary ID hash type, and the first hash function H included in the received terminal authentication response. ID is generated. The terminal authentication response transmission unit transmits the temporary ID generated by the NEXT temporary ID generation unit and the temporary ID hash number that is the number of hashes generated by the NEXT temporary ID generation unit to the terminal as a terminal authentication response.

  Based on the above configuration, the terminal and the roaming network server identify each other by determining that the generated temporary IDs match each other in the same manner as the “terminal identification method using a temporary ID” described above. To do. However, since the generated temporary ID does not necessarily guarantee uniqueness in the roaming network, the uniqueness is guaranteed as follows.

  First, in the first embodiment to be described later, the roaming network server has an ID management unit that stores the temporary ID of the roamed terminal in the roaming network, and the NEXT temporary ID generation unit is in the ID management unit. A temporary ID is generated by updating the temporary ID hash count so that it does not match the stored temporary ID. Then, the terminal and the roaming network server transmit and receive the generated temporary ID and home network identifier as a pair, and identify each other by determining that the generated temporary ID and home network identifier pair match each other. .

  In the second embodiment to be described later, the roaming network server has an ID management unit that stores the temporary ID of the roamed terminal in the roaming network, and the NEXT temporary ID generation unit is the ID management unit. A temporary ID is generated by updating the temporary ID hash count so that it does not match the stored temporary ID. Then, the terminal and the roaming network server transmit and receive the generated temporary ID and the roaming terminal identifier indicating whether the terminal is a roaming terminal as a set, and the generated temporary ID and the roaming terminal identifier match each other. By distinguishing them from each other, they are distinguished from each other.

  In a third embodiment to be described later, the roaming network server has an ID management unit that stores the temporary ID of the roamed terminal in the roaming network, and the NEXT temporary ID generation unit is included in the ID management unit. Roaming by updating the temporary ID hash count so that it does not match the stored temporary ID and includes identification information, which is information indicating whether or not the terminal is a roaming terminal, as part of the temporary ID A temporary ID that is unique on the network is generated. Then, the terminal and the roaming network server identify each other by determining that the generated temporary IDs match each other.

  In a fifth embodiment to be described later, the roaming network server has an ID management unit that stores temporary IDs of all terminals in the roaming network, and the NEXT temporary ID generation unit is included in the ID management unit. The temporary ID hash count is updated so as not to match the stored temporary ID to generate a temporary ID that is unique in the roaming network. Then, the terminal and the roaming network server identify each other by determining that the generated temporary IDs match each other.

  In the above, the temporary ID is generated using the initial hash type. However, in order to uniquely generate temporary IDs not only in the home network but also in a plurality of roaming networks, it is desirable that various temporary IDs can be generated even from one initial temporary ID hash type. In order to generate a variety of temporary IDs, an initial registration number is introduced which is information for generating a new initial temporary ID hash type by performing a logical operation with the initial temporary ID hash type. Is used to generate more various temporary IDs.

  In this configuration, the terminal storage unit of the terminal performs a logical operation on the home network identifier, the initial temporary ID hash type, the initial temporary ID, the temporary ID hash number, and the initial temporary ID hash type to generate a new initial temporary ID hash. The initial registration count, which is information for generating seeds, is stored. In addition, the ID management storage unit of the home network server stores the real ID, the initial temporary ID hash type, the temporary ID hash count, the initial temporary ID, and the initial registration count in association with each terminal.

Further, the terminal authentication response transmission unit of the home network server transmits the initial registration count corresponding to this ID included in the terminal authentication response, the NEXT temporary ID generation unit of the roaming network server receives the terminal authentication response, and The initial temporary ID hash type included in the received terminal authentication response is logically calculated based on the number of initial registrations included in the received terminal authentication response to generate a new initial temporary ID hash type, and the generated initial temporary ID hash A temporary ID is generated based on the seed, and the terminal authentication response transmitter of the roaming network server transmits a terminal authentication response including the initial registration count included in the received terminal authentication response to the terminal.
In addition, the terminal temporary ID generation unit of the terminal receives a terminal authentication response from the roaming network server, and performs a logical operation on the initial temporary ID hash type read from the terminal storage unit based on the number of initial registrations included in the received terminal authentication response A new initial temporary ID hash type is generated, and a temporary ID is generated based on the generated initial temporary ID hash type.

  In the above roaming system, the roaming network server has the NEXT temporary ID generation unit. However, the NEXT temporary ID generation unit may be included in the home network server. When the home network server has a NEXT temporary ID generation unit, the configuration is as follows. The details when the home network server has a NEXT temporary ID generation unit will be described in detail in a fourth embodiment to be described later.

  The configuration of the roaming system when the home network server has a NEXT temporary ID generation unit is different from the configuration of the roaming system when the roaming network server described above has a NEXT temporary ID generation unit. The temporary ID hash count and the initial temporary ID hash type corresponding to the real ID detected by the real ID detection unit are read from the ID management storage unit, and the read temporary ID hash count, the initial temporary ID hash type, and the first hash are read. Based on the function H, a NEXT temporary ID generation unit that generates a unique temporary ID in a home network different from the temporary ID stored in the ID management storage unit is provided. In addition, the home network server transmits the temporary ID generated by the NEXT temporary ID generation unit and the temporary ID hash number that is the number of times the NEXT temporary ID generation unit has generated the temporary ID as a terminal authentication response. To have a part.

  The roaming network server has a terminal authentication response transfer unit that transfers the terminal authentication response received from the home network server to the terminal. Also, the terminal receives the terminal authentication response, updates the temporary ID hash count stored in the terminal storage unit with the temporary ID hash count included in the received terminal authentication response, and reads the temporary ID read from the terminal storage unit A terminal temporary ID generation unit that generates a temporary ID by hashing the initial temporary ID hash type read from the terminal storage unit by the number of times of hashing with the first hash function H is provided.

  Further, the terminal and the roaming network server transmit and receive the generated temporary ID and home network identifier as a pair, and identify each other by determining that the generated temporary ID and home network identifier pair match each other. .

In addition, in the configuration of the roaming system when this home network server has the NEXT temporary ID generation unit, the configuration of the roaming system when generating more various temporary IDs using the initial registration count is as follows. It becomes like this.

  First, the terminal storage unit of the terminal generates a new initial temporary ID hash type by performing a logical operation on the home network identifier, the initial temporary ID hash type, the initial temporary ID, the temporary ID hash count, and the initial temporary ID hash type. And the number of initial registrations, which is information for this purpose. Further, the ID management storage unit of the home network server stores the real ID, the initial temporary ID hash type, the temporary ID hash count, the initial temporary ID, and the initial registration count in association with each terminal.

  Further, the NEXT temporary ID generation unit of the home network server reads the temporary ID hash number, the initial temporary ID hash type, and the initial registration number corresponding to the main ID detected by the main ID detection unit from the ID management storage unit, The initial temporary ID hash type is logically calculated based on the read initial registration count to generate a new initial temporary ID hash type, and a temporary ID is generated based on the generated initial temporary ID hash type. Further, the terminal authentication response transmitter of the home network server transmits a terminal authentication response transmitter including the read initial registration count.

  Further, the terminal temporary ID generation unit of the terminal receives the terminal authentication response, and the temporary ID hash number and the initial registration number stored in the terminal storage unit are included in the received temporary ID hash number The initial temporary ID hash type read out from the terminal storage unit is logically calculated based on the initial registration number read out from the terminal storage unit, and a new initial temporary ID hash type is generated. A temporary ID is generated based on the ID hash type.

  By generating a temporary ID using the initial registration count as described above, for example, as shown in FIG. 36, even from one initial temporary ID hash type (B0), the initial registration is based on the initial registration count. A plurality of temporary ID sequences (temporary ID sequence 0, temporary ID sequence 1, temporary ID sequence 2,...) Can be generated. After the initial registration, based on the temporary ID hash count as usual, for example, if the temporary ID series is 0, the temporary ID (A01), the temporary ID (A02), the temporary ID (A03),. The temporary ID is updated based on the temporary ID hash count. This is the same as the temporary ID update described with reference to FIG.

For example, when the initial registration is performed, the initial registration count is incremented by the initial registration count value. Therefore, the same temporary ID series will continue to be used until initial registration occurs.
This initial registration generates an initial temporary ID from the initial temporary ID hash type and the initial temporary ID hash count stored in the internal nonvolatile memory when the terminal is reset or roamed. The initial temporary ID is registered in the ID management server via a nearby radio base station and communicated. In this case, the terminal transmits the authentication type of the terminal authentication request to be transmitted as initial registration. The terminal generates an initial temporary ID from the initial temporary ID hash type that the terminal holds in advance in the internal non-volatile memory and the predetermined initial temporary ID hash count. Same ID (= initial temporary ID).

  In a sixth embodiment to be described later, even when roaming, the temporary ID used in the home network is used as it is. However, when the terminal is restarted at the roaming destination, it is necessary to newly register a temporary ID between the terminal and the roaming network server. When the temporary ID is registered, since the value of the initial registration number is updated at the roaming destination, the initial registration number in the home network server and the initial registration number in the terminal are different. Therefore, when the roaming network server updates the initial registration count, the updated initial registration count is transmitted to the home network server, and the initial registration count held by the home network server is updated to the received initial registration count. As a result, even when the wireless terminal is roaming, the initial registration count can be matched between the wireless terminal and the home network server. Further, by generating a temporary ID using the initial registration count, it is possible to generate a temporary ID by matching the wireless terminal and the home network server.

  In the configuration of the roaming system in this case, when the roaming network server receives the authentication completion from the terminal, a terminal information notification including the real ID corresponding to the terminal and the number of initial registrations in the received authentication completion is sent. It has a terminal information notification unit for transmitting to the home network server. Further, when the roaming network server receives the terminal information notification, the initial registration count stored in the ID management storage unit corresponding to the real ID included in the received terminal information notification is set to the received terminal. It has an initial registration number updating unit for updating to the initial registration number included in the information notification.

  The roaming network server transmits / receives data to / from the terminal using a temporary ID. However, when transmitting / receiving data to / from the terminal, data from another terminal is transmitted to the terminal, or data from the terminal is transmitted. Is transmitted to other terminals, data is transmitted / received to / from other terminals based on this ID. Therefore, the roaming network server needs to convert the temporary ID and the real ID. As a configuration for this conversion, the roaming system further includes the following configuration. Thereby, the roaming network server can convert the temporary ID and the real ID to the terminal.

  First, the terminal authentication response transmission unit of the home network server transmits a set of the real ID and the temporary ID detected by the real ID detection unit as a pair included in the terminal authentication response. Further, the roaming network server has a holding data storage unit that stores the real ID and the temporary ID included in the terminal authentication response received from the home network server in association with each other. Further, the roaming network server transmits / receives information to / from the terminal based on the real ID and the temporary ID stored in the retained data storage unit.

  Here, as the terminal roams, the roaming network server also stores information such as a temporary ID and a real ID related to the terminal. However, when the terminal leaves the roaming network, for example, when the terminal returns to the home network, the roaming network server does not need to store information about the terminal. Also, from the viewpoint of protecting information about the terminal, it is not desirable for the roaming network server to store information about the terminal indefinitely. Therefore, when the terminal returns from the roaming network to the home network, information on the terminal is deleted from the roaming network with the following configuration. Thereby, the information regarding the terminal can be protected.

  First, the ID management storage unit of the home network server stores the roaming network identifier, the real ID, the initial temporary ID hash type, the temporary ID hash count, and the initial temporary ID in association with each terminal.

<Recording Method 1 of Roaming Network Identifier in Home Network Server>
As a first method for recording the roaming network identifier, first, when the home network server receives a terminal authentication request from the roaming network server, the roaming network server or the terminal authentication request transfer of the roaming network server A roaming network identifier detection unit that detects and acquires a roaming network identifier of the roaming network server based on communication connection information (for example, communication session information). Next, the home network server updates the roaming network identifier in the ID management storage unit corresponding to the initial temporary ID included in the received terminal authentication request to the roaming network identifier acquired by the roaming network identifier detection unit. A recording unit.

<Recording Method 2 of Roaming Network Identifier in Home Network Server>
As a second method of recording the roaming network identifier, first, the terminal authentication request transfer unit of the roaming network server receives the terminal authentication request, and the initial temporary ID included in the received terminal authentication request is received as the received terminal. When transferring to the home network server based on the home network identification included in the authentication request, the roaming network identifier is added and transferred. Next, when the home network server receives the terminal authentication request from the roaming network server, the roaming network identifier of the ID management storage unit corresponding to the initial temporary ID included in the received terminal authentication request is received. A roaming network recording unit that updates the roaming network identifier included in the terminal authentication request.

  According to the first or second method of recording the roaming network identifier in the home network server, the home network server identifies the roaming network identifier for identifying the roaming network that is the nearest roaming destination of the terminal. It can be stored in the storage unit.

  Next, when the roaming detection unit of the terminal detects movement of the terminal from the roaming network to the home network, the terminal authentication request transmission unit transmits the initial temporary ID as a terminal authentication request. In addition, when the home network server receives a terminal authentication request including only the initial temporary ID, the ID and the roaming network identifier corresponding to the initial temporary ID included in the received terminal authentication request are received from the ID management storage unit. Terminal information that transmits a terminal information deletion request including the read main ID for deleting information related to the terminal identified by the read main ID to the roaming network server identified by the read roaming network identifier A deletion request section.

  In addition, when the roaming network server receives the terminal information deletion request, the terminal information deletion that deletes the information stored in the retained data storage unit corresponding to the real ID included in the received terminal information deletion request Part.

  The roaming detection unit detects as follows. The home network server notifies the home network identifier as a notification signal, and the roaming network server notifies the roaming network identifier as a notification signal. Further, the terminal stores a visited network identifier, which is a network identifier included in the previously received notification signal, in the terminal storage unit.

  Further, in response to the reception of the broadcasted network identifier by the roaming detection unit, whether or not the received network identifier matches the visited network identifier and the home network identifier read from the terminal storage unit in order. By determining, the movement of the terminal in the home network, the movement from the home network to the roaming network, the movement from the roaming network to the home network, or the roaming network or from the roaming network to another roaming network It is detected which one of the movements.

  In the roaming system described above, as described in the terminal identification method using the temporary ID, further hashing is performed using the second hash function G. In the configuration in this case, the home network server, the home network server, and the terminal each store the second hash function G in advance. Further, the NEXT temporary ID generation unit and the terminal temporary ID generation unit further generate a temporary ID by hashing the generated temporary ID with the second hash function G. This makes it possible to further protect communication privacy.

<First Embodiment>
FIG. 8 is a schematic block diagram of the configuration of the roaming system according to the embodiment of the present invention. This roaming system uses the terminal identification method using the temporary ID described above. In the figure, portions corresponding to the respective portions in FIG.

  In FIG. 1, the data communication system is one NW provider, whereas in the roaming system in FIG. 8, two NW providers are connected by a network 301. Here, the data communication system by two network operators will be referred to as a first data communication system and a second data communication system.

  As in the data communication system of FIG. 1, the first data communication system includes a wireless base station 105 that communicates with the wireless terminal 101 via wireless communication and an ID management server 103 connected via a network 108. An ID management DB 104 is connected to the management server 103. In addition, the ID management server 103 and the terminal 102 are connected via a network 109. The first data communication system further includes a roaming ID management server 106 connected to the radio base station 105 and the ID management server 103 via the network 108. The roaming ID management server 106 includes a roaming ID management server 106. An ID management DB 107 is connected. The roaming ID management server 106 is connected to the second data communication system via the network 301.

  As in the data communication system of FIG. 1, the second data communication system includes a wireless base station 205 that communicates with the wireless terminal 201 via wireless communication and an ID management server 203 connected via a network 208, and an ID An ID management DB 204 is connected to the management server 203. Further, the ID management server 203 and the terminal 202 are connected via the network 209. Furthermore, the second data communication system has a roaming ID management server 206 connected to the radio base station 205 and the ID management server 203 via the network 208, and the roaming ID management server 206 includes a roaming ID management server 206. An ID management DB 207 is connected. The roaming ID management server 206 is connected to the first data communication system via the network 301.

  Here, the first data communication system and the second data communication system have the same configuration, and the wireless base station 105, the wireless base station 205, the ID management server 103, the ID management server 203, the ID management DB 104, The ID management DB 204, the roaming ID management server 106 and the roaming ID management server 206, the roaming ID management DB 107, and the roaming ID management DB 207 have the same configuration. Therefore, hereinafter, only the configuration of the first data communication system will be described.

  Further, the ID management server 103, the roaming ID management server 106, the ID management server 203, the roaming ID management server 206, and the wireless terminal 101 have a common first hash function H and second hash function G. Sharing. For example, the ID management server 103, the roaming ID management server 106, the ID management server 203, the roaming ID management server 206, and the wireless terminal 101 may use the first hash function H or the second hash function G respectively. When the hash calculation is performed using the first hash function H or the second hash function G, the first hash is stored from each function storage unit. The function H or the second hash function G is read, and a hash operation is executed based on the read first hash function H or second hash function G.

Further, in the roaming system of FIG. First, there are two terminal IDs, a temporary ID (temporary ID) used by the terminal for communication and a fixed ID (main ID) used only within the network. Thus, the terminal is identified in the network.
Further, the registration management system of the NW provider manages a set of a temporary ID for identifying a certain terminal and a real ID. The temporary ID is guaranteed to be unique for each NW provider. In addition, the uniqueness of this ID is guaranteed globally across a plurality of NW providers.

  In addition, here, it is assumed that the situation is as follows. First, the home network of the wireless terminal 101 is the NW provider X. The NW operator Y is a network that can roam with the NW operator X. Further, the NW operator X manages the first data communication system, and the NW operator Y manages the second data communication system. When the wireless terminal 101 is in the NW provider X (home network), the temporary ID of the wireless terminal 101 is managed by the ID management server 203. In addition, the wireless terminal 101 holds the identification information of the NW business operator X, which is a contract business operator, inside.

  Further, the wireless terminal 101 communicates with another terminal such as the terminal 202 via a nearby wireless base station using the temporary ID. A nearby radio base station converts the temporary ID into a real ID and relays communication between the radio terminal 101 and the terminal 202. This will be described in detail with reference to FIG. FIG. 37 illustrates a case where the wireless terminal 101 located in the network of the NW carrier Y communicates with the terminal 202 located in the network of the NW carrier X. First, between the wireless terminal 101 and the wireless base station 105 close to the wireless terminal 101, the wireless terminal 101 and the wireless base station 105 communicate with each other by using the temporary ID of the wireless terminal 101. Yes. Communication between the wireless base station 105 and the terminal 202 is performed using the real ID of the wireless terminal 101.

  This ID is an ID that is permanently assigned during the service period so that the NW provider uniquely identifies the terminal, and is an ID that guarantees uniqueness across the NW providers. Further, the temporary ID is an ID that flows through the wireless section so that the network operator can uniquely identify the terminal. The initial value of the temporary ID is permanently assigned during the service period. A temporary ID other than the initial value is an ID temporarily assigned.

Next, information stored in the roaming ID management DB 107 will be described with reference to FIG. In the roaming ID management DB 107, the real ID, temporary ID, home network operator identifier, temporary ID pointer, temporary ID hash count, temporary ID, temporary ID pointer, initial temporary ID hash count, temporary ID update time, temporary ID The hash type, initial temporary ID hash type, wireless terminal authentication secret information, and NW authentication secret information are associated and stored as a roaming ID management table.
The information stored in the roaming ID management DB 107 shown in FIG. 9 is different from the information stored in the ID management DB 104 shown in FIG. 3 in that the home network operator identifier, the wireless terminal authentication secret information, and NW authentication secret information has been added.
Note that the temporary ID hash count, initial temporary ID hash count, temporary ID hash type, and initial temporary ID hash type in FIG. 9 correspond to the hash count, hash count, hash type, and initial hash type in FIG. 3, respectively.

  Next, information stored in the ID management DB 104 will be described with reference to FIG. The ID management DB 104 includes a real ID, a temporary ID, a roaming network operator identifier, a temporary ID pointer, a temporary ID hash count, a temporary ID, a temporary ID pointer, an initial temporary ID hash count, a temporary ID update time, and a temporary ID hash type. The initial temporary ID hash type, the wireless terminal authentication secret information, and the NW authentication secret information are associated and stored as an ID management table. The roaming network operator identifier is the roaming network operator identifier in which the wireless terminal is located immediately before. The wireless terminal authentication secret information and the NW authentication secret information are information used for authentication of the wireless terminal.

  The information stored in the ID management DB 104 shown in FIG. 10 is different from the information stored in the ID management DB 104 shown in FIG. 3 in terms of roaming network operator identifier, wireless terminal authentication secret information, and NW authentication. Confidential information has been added. Note that the temporary ID hash count, initial temporary ID hash count, temporary ID hash type, and initial temporary ID hash type in FIG. 9 correspond to the hash count, hash count, hash type, and initial hash type in FIG. 3, respectively.

  Further, the information stored in the ID management DB 104 shown in FIG. 10 and the information stored in the roaming ID management DB 107 shown in FIG. 9 are the same as the information stored in the ID management DB 104 shown in FIG. The information is the roaming network operator identifier, and the information stored in the roaming ID management DB 107 shown in FIG. 9 is the home network operator identifier, and the information other than the home network operator identifier is the same.

  Next, data retained by the radio base station 105 will be described with reference to FIG. The radio base station 105 stores, as a radio base station held data table, held data in which the real ID, temporary ID, and home network operator identifier are associated. For example, the radio base station 105 stores a radio base station holding data table in a radio base station storage unit included therein.

  Next, information stored as retained data in the wireless terminal 101 will be described with reference to FIG. The wireless terminal 101 has retained data as wireless terminal authentication secret information, NW authentication secret information, initial temporary ID hash type, initial temporary ID hash number, initial registration number, temporary ID hash number, temporary ID hash type, home network business The service provider identifier and the visited network service provider identifier are stored in association with each other. For example, the wireless terminal 101 stores retained data in a wireless terminal storage unit included therein.

  This wireless terminal authentication secret information is information that is used to generate a wireless terminal authentication key and is preset. The NW authentication secret information is information that is used for generating an NW authentication key and is preset. The initial temporary ID hash type is information set in advance. The initial temporary ID hash count is information that is set in advance. The initial registration count is information notified by a terminal authentication response in the case of initial registration. The temporary ID hash count is information notified by a terminal authentication response in the case of initial registration and normal authentication. The temporary ID hash type is information obtained by calculation inside the wireless terminal. The home network operator identifier is information set in advance. The visited network operator identifier is information notified by broadcast information from the radio base station.

  Next, a method for determining the movement of a wireless terminal between networks will be described with reference to FIG. First, broadcast information is received (step S1301). Next, it is determined whether or not the NW carrier identifier (broadcast NW carrier identifier) included in the received broadcast information matches the visited network carrier identifier held inside the wireless terminal (step S1302). If the determination results in step S1302 match, it is determined whether or not the notified NW carrier identifier matches the home network operator identifier held inside the wireless terminal (step S1303). If the determination results in step S1303 match, determination is made as home network normal authentication, which is normal authentication in movement within the home network, for example, the value of the roaming terminal identifier is set to 1 (step S1304), and determination processing is performed. finish.

  Here, when the value of the roaming terminal identifier is 1, it is normal authentication in movement within the home network, and when the value is 0, other than normal authentication such as movement within the home network, for example, Description will be made assuming that the authentication is normal authentication in movement within the roaming network, initial registration in return to the home network, or initial registration in movement to the roaming network or across the roaming networks. Whether the terminal is located in the home network or the roaming network can be determined based on whether the value of the roaming terminal identifier is 1 or 0, for example.

  On the other hand, if the determination result of step S1303 does not match, it is determined as roaming network normal authentication, which is normal authentication such as intra-roaming network movement shown in FIG. 14 or FIG. 15 described later, and the value of the roaming terminal identifier is set to 0. (Step S1305), the determination process ends.

  On the other hand, if the determination result in step S1302 does not match, it is determined whether the notified NW carrier identifier matches the home network operator identifier held in the wireless terminal (step S1306). If the determination results in step S1306 match, determination is made as home network return initial registration, which is initial registration in home network return as shown in FIG. 16, and the value of the roaming terminal identifier is set to 0 (step S1307). The process ends.

  On the other hand, if the determination result of step S1306 does not match, it is determined as roaming network movement initial registration that is initial registration in the roaming network or roaming network as shown in FIG. Is set to 0 (step S1308), and the determination process is terminated.

  The wireless terminal uses a determination result indicating whether it is home network normal authentication, roaming network normal authentication, home network return initial registration, or roaming network movement initial registration according to the determination method of movement between networks described above. Based on this, the information to be transmitted is changed. In addition, the wireless base station 105, the roaming ID management server 106, the wireless base station 205, or the roaming ID management server 206 that has received the information transmitted by the wireless terminal changes the processing based on the received information. .

  For example, if the determination result determined by the above-described method for determining movement between networks is home network normal authentication, the wireless terminal performs an operation on the home network. And already explained.

  For example, when the determination result is roaming network normal authentication, the wireless terminal generates a wireless terminal authentication key, and generates an authentication type indicating normal authentication, a temporary ID, and a home network operator identifier. A terminal authentication request including the wireless terminal authentication key is transmitted. The operation of the entire roaming system in this case will be described later with reference to FIG. 15 or FIG.

  Further, for example, when the determination result is home network return initial registration, the wireless terminal generates an initial temporary ID, generates a wireless terminal authentication key, generates an authentication type indicating initial registration, and generates The terminal authentication request including the initial temporary ID and the generated wireless terminal authentication key is transmitted. The operation of the entire roaming system in this case will be described later with reference to FIG.

  Further, for example, when the determination result is roaming network movement initial registration, the wireless terminal generates an initial temporary ID, generates a wireless terminal authentication key, and generates an authentication type indicating initial registration, The terminal authentication request including the initial temporary ID, the home network operator identifier, and the generated wireless terminal authentication key is transmitted. The operation of the entire roaming system in this case will be described later with reference to FIG.

  Here, the information included in the terminal authentication request transmitted by the wireless terminal differs depending on the determination result. The wireless base station or the roaming ID management server or ID management server changes the processing or operation based on information included in the terminal authentication request transmitted by the wireless terminal.

  Here, in the first embodiment, the roaming network performs combination management of the real ID and the temporary ID. In addition, the uniqueness of the temporary ID in the roaming network is determined based on the combination of the temporary ID and the home network operator identifier. Further, the distribution at the radio base station is performed to the home terminal ID management server and the roaming terminal roaming ID management server based on the presence or absence of the home network operator identifier.

Next, the operation of the roaming system when performing the first authentication process (initial registration) when the wireless terminal 101 roams will be described with reference to FIG.
First, the radio base station 105 broadcasts broadcast information including an NW provider identifier that is information for identifying the NW provider (step S1401). Next, the wireless terminal 101 that has received the broadcast information receives the NW carrier identifier included in the received broadcast information, the home network operator identifier stored in the wireless terminal 101 as retained data, and the visited network carrier. Based on the identifier (see FIG. 12), it is detected whether or not the mobile terminal has moved to the roaming network (step S1402).
Here, it is assumed that the radio base station 105 has moved from the broadcast information to the roaming network. Note that the detection method using FIG. 13 described above is used as the method of detecting whether or not the mobile terminal has moved to the roaming network in step S1402.

  Next, when the wireless terminal 101 detects in step S1402 that the wireless terminal 101 has moved to the roaming network from the broadcast information of the wireless base station 105, first, the initial temporary ID is based on the initial temporary ID hash type and the initial temporary ID hash count. Next, a wireless terminal authentication key is generated based on the wireless terminal authentication secret information (step S1405). Next, the generated initial temporary ID, wireless terminal authentication key, and initial registration are indicated. A terminal authentication request including the authentication type and the home network operator identifier that is stored data stored therein is transmitted to the radio base station 105 (step S1406). The generation of the initial temporary ID in step S1403 will be described later with reference to FIG.

  Next, the wireless base station 105 that has received the terminal authentication request from the wireless terminal 101 determines whether it is a roaming terminal based on the presence / absence of a home network operator identifier in the terminal authentication request. In this case, since it is a roaming terminal, the radio base station 105 transfers the received terminal authentication request to the roaming ID management server 106 based on the received home network operator identifier (step S1407). The radio base station 105 sorts and transfers the received terminal authentication request to the roaming ID management server 106 or the ID management server 103 based on the presence / absence of the home network operator identifier.

  Next, the roaming ID management server 106 that has received the terminal authentication request records the home network operator identifier of the wireless terminal 101 included in the received terminal authentication request in the roaming ID management DB 107 (step S1408). The terminal authentication request is transferred to the roaming ID management server 206 of the home network of the wireless terminal 101 corresponding to the network operator identifier (step S1409). Next, the roaming ID management server 206 transfers the terminal authentication request to the ID management server 203 of the home network of the wireless terminal 101 (step S1410).

  Next, based on the received terminal authentication request, the ID management server 203 records the in-service roaming network operator of the wireless terminal 101 in the ID management DB 204 (step S1411), and the ID is based on the initial temporary ID. A search is made from the management DB 204 (step S1412), a wireless terminal authentication key is generated based on the wireless terminal authentication secret information stored in advance in the ID management DB 204, and a match with the wireless terminal authentication key included in the terminal authentication request is made. By confirming, authentication processing for the wireless terminal 101 is performed (step S1413), an NW authentication key is generated based on the NW authentication secret information (step S1414), and the retrieved main ID and an authentication result as a result of the authentication processing are generated. The NW authentication key is returned to the roaming ID management server 206 (step S1415). Note that the search for the real ID in step S1412 is executed by the method described with reference to FIG.

Next, the roaming ID management server 206 that has received the retrieved real ID, the authentication result, and the generated NW authentication key, the temporary ID hash count, temporary ID hash type, and initial temporary ID hash type corresponding to the received real ID. The initial registration count, the wireless terminal authentication secret information, and the NW authentication secret information are read from the roaming ID management table of the roaming ID management server 106. Note that these pieces of information are information necessary for generating a temporary ID in the roaming network.
Next, the roaming ID management server 206 receives the received real ID, the authentication result, the generated NW authentication key, the read temporary ID hash count, the temporary ID hash type, the initial temporary ID hash type, the wireless terminal authentication secret information, Then, the terminal authentication response including the NW authentication secret information is transferred to the roaming ID management server 106 (step S1416).

Next, based on the initial temporary ID hash type, the initial registration count, and the temporary ID hash count included in the received terminal authentication response, the roaming ID management server 106 uses a NEXT temporary ID that is a temporary ID used in the next communication. An ID is generated (step S1417), and the generated NEXT temporary ID is stored in the roaming ID management DB.
Next, the roaming ID management server 106, together with the authentication result, the temporary ID hash count, initial registration count, initial temporary ID, home network operator identifier, NW authentication necessary for generating the temporary ID in the wireless terminal 101 A terminal authentication response including the key and the real ID is transferred to the radio base station 105 (step S1418).

  In the generation of the NEXT temporary ID in step S1417, a unique temporary ID is generated in the roaming ID management server 106. Further, there is a possibility of collision with the temporary ID generated by the ID management server 103. Therefore, uniqueness is ensured by a set of temporary ID and home network operator identifier.

  Next, based on the received terminal authentication response, the wireless base station 105 sends a terminal authentication response including the initial temporary ID, home network operator identifier, NW authentication key, temporary ID hash count, and initial registration count to the wireless terminal 101. A reply is made (step S1419).

  The wireless terminal 101 that has received the terminal authentication response generates an NW authentication key based on the previously held NW authentication secret information and confirms the match with the NW authentication key included in the terminal authentication response, thereby The validity of the roaming ID management server 106) is authenticated (step S1420), and its own temporary ID is updated based on the number of hashes designated by the roaming ID management server 106. That is, when the hash count is greater than 0, the wireless terminal 101 generates a NEXT temporary ID based on the hash count (step S1425).

  Further, the wireless terminal 101 transmits an authentication completion including the initial temporary ID and the home network operator identifier to the wireless base station 105 (step S1421). Next, the wireless base station 105 that has received the authentication completion including the initial temporary ID and the home network operator identifier holds the real ID corresponding to the received initial temporary ID and home network operator identifier in the internal wireless base station. The authentication completion read from the data table and including the read real ID is transmitted to the roaming ID management server 206 via the roaming ID management server 106 (steps S1422 and S1423). Next, the roaming ID management server 206 that has received the authentication completion including the real ID completes the initial registration process when roaming by transferring the received real ID to the ID management server 203.

  Thereafter, while in the roaming network, the wireless terminal 101 performs communication using the temporary ID instructed from the roaming ID management server 106 thereafter.

<Upload when roaming>
Next, the operation of the roaming system when uploading in the case of roaming will be described with reference to FIG. 15, taking as an example the case where data is uploaded from the wireless terminal 101 to the terminal 202.
First, the radio base station 105 broadcasts broadcast information including an NW provider identifier that is information for identifying the NW provider (step S1501). Next, the wireless terminal 101 detects whether or not it has moved to the roaming network from the broadcast information of the wireless base station 105 (step S1502). Here, it is assumed that the radio base station 105 has moved from the broadcast information to the roaming network. Note that the detection method using FIG. 13 described above is used to detect whether or not the mobile terminal has moved to the roaming network in step S1502.

  Next, when it is detected in step S1502 that the wireless terminal 101 has moved to the roaming network from the broadcast information of the wireless base station 105, the wireless terminal 101 generates a wireless terminal authentication key (step S1503), and the generated line terminal authentication key and Then, a terminal authentication request including an authentication type indicating normal authentication, a temporary ID, and a home network operator identifier is transmitted to the roaming ID management server 106 via the wireless base station 105 (steps S1504 and S1505). . In step S1505, the radio base station 105 distributes and transfers the received terminal authentication request to the roaming ID management server 106 or the ID management server 103 based on the presence / absence of the home network operator identifier.

  Next, the roaming ID management server 106 performs a real ID search according to the flow of FIG. 5 (step S1506), and identifies the wireless terminal 101 that has sent the terminal authentication request by converting the temporary ID to the real ID ( Authentication) (step S1507). Further, if the temporary ID needs to be updated, the roaming ID management server 106 obtains the hash count d necessary for the update. Next, the roaming ID management server 106 uses this wireless terminal authentication key to confirm that the specified wireless terminal is a valid sender. Next, the roaming ID management server 106 generates its own NW authentication key (step S1508), generates a NEXT temporary ID according to the flow of FIG. 4 (step S1509), and sets the temporary ID, home provider identifier, A terminal authentication response including the NW authentication key, the temporary ID hash count, and the real ID is transmitted to the radio base station 105 (step S1510).

  The roaming ID management server 106 generates a unique temporary ID in the roaming ID management server 106 when generating the NEXT temporary ID in step S1509. Further, there is a possibility of collision with the temporary ID generated by the ID management server 103. Therefore, uniqueness is ensured by the set of the temporary ID and the home network operator identifier.

  Next, based on the terminal authentication response including the received temporary ID, home operator identifier, NW authentication key, temporary ID hash count, and real ID, the wireless base station 105 receives the temporary ID, home operator identifier, and NW authentication. The terminal authentication response including the key and the temporary ID hash count is transmitted to the wireless terminal 101 corresponding to the received real ID (step S1511). The roaming ID management server 106 uses the hash ID determined by the roaming ID management server 106 in the ID search flow of FIG. 5 as the temporary ID hash count.

  Next, when receiving the terminal authentication response, the wireless terminal 101 uses the NW authentication key to confirm the validity of the NW device (roaming ID management server 106) that relayed the data (step S1512). Next, the wireless terminal 101 transmits authentication completion including the temporary ID and the home network operator identifier to the roaming ID management server 106 via the wireless base station 105 (steps S1513 and S1514). The wireless base station 105 that has received the authentication completion including the temporary ID and the home network operator identifier stores the temporary ID and the home network operator identifier in the wireless base station holding data table in association with each other.

  Next, the wireless terminal 101 that has been authenticated transmits data transmission including the temporary ID, home network operator identifier, and data to the terminal 202 via the wireless base station 105. Next, the wireless base station 105 that has received the data transmission reads the temporary ID and the real ID corresponding to the home network operator identifier included in the received data transmission from the wireless base station holding data table, and the read real ID and data. Is transmitted to the terminal 202 via the roaming ID management server 206 and the ID management server 203.

  In addition, the wireless terminal 101 hashes S (k, i) with the hash function H by the hash count d notified in the terminal authentication response, calculates S (k, i + d), and hashes it with the hash function G a (k, i + d) is set as a temporary ID to be used next (step S1520). Thereafter, the new S (k, i) is set to S (k, i + d), and the above flow is repeated.

<Download when roaming (Download)>
Next, with reference to FIG. 16, the operation of the roaming system in the case of downloading in the case of roaming will be described using the case where data is downloaded from the terminal 202 to the wireless terminal 101 as an example.
First, the terminal 202 transmits the real ID and transmission data of the transmission destination wireless terminal 101 to the ID management server 203 (step S1601). Based on the received real ID, the ID management server 203 reads the real ID, temporary ID, and roaming network operator identifier from the ID management DB 204 (step S1603). Next, based on the received roaming network operator identifier, the ID management server 203 makes a call including the real ID, data, and roaming network operator identifier via the roaming ID management server 206. (Step S1604, Step S1605).

  Next, the roaming ID management server 106 reads the real ID, the temporary ID, and the home provider identifier from the roaming ID management DB 107 based on the real ID included in the received call (steps S1606 and S1607), Based on the read temporary ID and home operator identifier, a call including the read temporary ID and home operator identifier is transmitted to the wireless terminal 101 via the wireless base station 105, thereby calling the wireless terminal 101 ( Step S1608, Step S1609). The wireless terminal 101 that has received the call accesses the terminal 202 in the same procedure as the data upload.

  In the embodiment of FIG. 16, similarly to the upload of FIG. 6 or the download of FIG. 7, in step S1605, the roaming ID management server 106 temporarily holds the received data. Next, after confirming the authentication of the wireless terminal 101 in step S1621, the roaming ID management server 106 transmits the pending data to the wireless base station 105 as a data transmission together with the real ID (step S1622). The radio base station 105 transmits data to the radio terminal 101 corresponding to the received real ID (step S1623).

Next, with reference to FIG. 17, the operation of the roaming system when the wireless terminal 101 returns to the home network will be described as an example.
First, the radio base station 205 broadcasts broadcast information including an NW carrier identifier that is information for identifying the NW carrier (step S1701). Next, the wireless terminal 101 that has received the broadcast information receives the NW carrier identifier included in the received broadcast information, the home network operator identifier stored in the wireless terminal 101 as retained data, and the visited network carrier. Based on the identifier (see FIG. 12), it is detected whether or not the mobile terminal has moved to the roaming network (step S1702).
Here, description will be made assuming that the broadcast information of the radio base station 205 has returned to the home network, that is, the mobile network has moved from the roaming network to the home network. Note that the detection method using FIG. 13 described above is used as the method for detecting whether or not the network has returned to the home network in step S1702.

  Next, when the wireless terminal 101 detects in step S1702 that it has returned to the home network from the broadcast information of the wireless base station 105, first, the initial temporary ID based on the initial temporary ID hash type and the initial temporary ID hash count. Next, a wireless terminal authentication key is generated based on the wireless terminal authentication secret information (step S1704). Next, the generated initial temporary ID, wireless terminal authentication key, and initial registration are indicated. A terminal authentication request including the authentication type is transmitted to the radio base station 205 (step S1705). The generation of the initial temporary ID in step S1703 will be described later with reference to FIG. Since the wireless terminal 101 has detected that it has returned to the home network, the terminal authentication request transmitted in step S1705 does not include the home network operator identifier that is stored data stored inside. .

  Next, the wireless base station 205 that has received the terminal authentication request from the wireless terminal 101 determines whether or not it is a home terminal based on the presence / absence of a home network operator identifier in the terminal authentication request. In this case, since it is a home terminal, the radio base station 105 transfers the received terminal authentication request to the ID management server 203 (step S1706). The radio base station 205 sorts and transfers the received terminal authentication request to the roaming ID management server 206 or the ID management server 203 based on the presence / absence of the home network operator identifier.

  Next, the ID management server 203 retrieves the real ID from the ID management DB 204 based on the initial temporary ID included in the received terminal authentication request (step S1707), and the wireless terminal authentication stored in the ID management DB 204 in advance. An authentication process for the wireless terminal 101 is performed by generating a wireless terminal authentication key based on the secret information and confirming a match with the wireless terminal authentication key included in the terminal authentication request (step S1708), and based on the NW authentication secret information Next, an NW authentication key is generated (step S1709), and a NEXT temporary ID that is a temporary ID used in the next communication is generated based on the initial temporary ID hash type, the initial registration count, and the temporary ID hash count (step S1710). ). Note that the search for the real ID in step S1707 is executed by the method described with reference to FIG.

  Next, the ID management server 203 sends a terminal authentication response including the initial temporary ID, the searched real ID, the generated NW authentication key, the temporary ID hash count, the initial registration count, and the real ID to the wireless terminal. 101 is replied to via the wireless base station 205 (step S1711).

  Next, the wireless base station 205 that has received the terminal authentication response stores the temporary ID and the real ID included in the received terminal authentication response in association with each other in the wireless base station holding data table and is included in the received terminal authentication response. A terminal authentication response including the initial temporary ID, NW authentication key, temporary ID hash count, and initial registration count is transmitted to the wireless terminal 101 (step S1712).

  Next, the wireless terminal 101 that has received the terminal authentication response generates an NW authentication key based on previously held NW authentication secret information and confirms a match with the NW authentication key included in the terminal authentication response. The authenticity of the network device (roaming ID management server 106) is authenticated (step S1713), and its own temporary ID is updated based on the number of hashes designated by the roaming ID management server 106. That is, when the hash count is greater than 0, the wireless terminal 101 generates a NEXT temporary ID based on the hash count (step S1720).

  In addition, the wireless terminal 101 transmits authentication completion including the initial temporary ID to the wireless base station 105 (step S1714). Next, the radio base station 105 that has received the authentication completion including the initial temporary ID reads the real ID corresponding to the received initial temporary ID from the internal radio base station holding data table, and completes the authentication completion including the read real ID. And transmitted to the ID management server 203 (step S1715).

  Next, the ID management server 203 that has received the authentication completion including the real ID reads the roaming network identifier corresponding to the real ID included in the received authentication completion from the ID management DB 204, and the roaming network identifier corresponding to the read roaming network identifier. A terminal information deletion request including this ID is transmitted to the ID management server for roaming (in this case, to the roaming ID management server 106) via the roaming ID management server 206 (steps S1716 and S1717).

  Next, the roaming ID management server 106 that has received the terminal information deletion request deletes information corresponding to the real ID included in the received terminal information deletion request, and sends a terminal information deletion response including the real ID to the ID management server 203. Is transmitted via the roaming ID management server 206 (steps S1718 and S1719). Next, the ID management server 203 that has received the terminal information deletion response indicates that the deletion of information in response to the terminal information deletion request has been completed in the roaming ID management server 106 by receiving this terminal information deletion response. Check.

Next, an initial temporary ID generation method as an example will be described with reference to FIG. First, based on the initial temporary ID hash type (128 bits) and the initial temporary ID hash count (8 bits), the initial temporary ID hash type is hash-calculated by the initial temporary ID hash count (step S1801).
Next, the temporary ID hash type (48 bits) (step S1802), which is the operation result of step S1801, is bit-inverted (step S1803), hashed (step S1804), and the first 48 bits of the operation result (128 bits) of step S1804 Is extracted to generate an initial temporary ID (48 bits) (step S1806).

  Note that the initial temporary ID may be calculated in advance and stored in the storage unit in advance. For example, the wireless terminal stores the initial temporary ID calculated in advance in the wireless terminal storage unit shown in FIG. 12, and generates the initial temporary ID by reading the initial temporary ID from the wireless terminal storage unit. Also good. Further, the roaming ID management server 206 stores the initial temporary ID calculated in advance in the roaming ID management DB 207 shown in FIG. 9 and reads the initial temporary ID from the roaming ID management DB 207 to thereby obtain the initial temporary ID. May be generated.

  Next, a temporary ID generation method after initial registration will be described as an example with reference to FIGS. 19 and 20. First, the initial temporary ID hash type (128 bits) and the initial registration count (8 bits) padded (128 bits) are logically calculated by, for example, exclusive OR (step S1901). The padding here is, for example, an operation of filling a portion that is less than the number of digits prepared beforehand with “0” with respect to a symmetrical numerical value (initial registration count (8 bits)). Next, a hash calculation is performed on the calculation result of step S1901 by the temporary ID hash count (8 bits) (step S1902).

  Next, the temporary ID hash type (48 bits) (step S1903), which is the operation result of step S1902, is bit-inverted (step S1904), hashed (step S1905), and the first 48 bits of the operation result (128 bits) of step S1905. Is extracted to generate a temporary ID (48 bits) (step S1907).

Next, in response to input of the temporary ID hash count (8 bits) or each time this temporary ID hash count (8 bits) is input, the temporary ID hash type (48 bits) in step S1903 in FIG. That is, the hash calculation is performed on the temporary ID hash type (48 bits) in step S2001 of FIG. 20 by the input temporary ID hash count (8 bits) (step S2002).
Next, the temporary ID hash type (48 bits) (step S2003), which is the operation result of step S2002, is bit-inverted (step S2004), hashed (step S2005), and the first 48 bits of the operation result (128 bits) of step S2005. Is extracted to generate a temporary ID (48 bits) (step S2007).

<Second Embodiment>
Next, a roaming system according to the second embodiment will be described. Here, only a difference between the roaming system according to the first embodiment and the roaming system according to the second embodiment will be described.

  In the second embodiment, the combination management of the real ID and the temporary ID is performed by the roaming network. Further, as a method for ensuring the uniqueness of the temporary ID in the roaming network, in the initial authentication when roaming, uniqueness is ensured by the combination of the temporary ID and the home network operator identifier, and when uploading and downloading. In this case, uniqueness is ensured by a set of a temporary ID and a roaming terminal identifier. Further, unlike the home network operator identifier, the roaming terminal identifier is an identifier indicating only whether roaming is performed. In addition, the distribution at the radio base station is performed to the home terminal ID management server and the roaming terminal roaming ID management server according to the presence / absence of the home network operator identifier and the presence / absence of the roaming terminal identifier.

  Next, the operation of the roaming system in the case of uploading in the case of roaming will be described using FIG. 21 as an example of the case where data is uploaded from the wireless terminal 101 to the terminal 202.

  The difference between the upload by the roaming system according to the first embodiment shown in FIG. 15 and the upload by the roaming system according to the second embodiment shown in FIG. 21 is that the roaming destination according to the first embodiment On the other hand, the wireless terminal 101 is identified on the basis of the home operator identifier and the temporary ID in the network of FIG. 5, whereas the roaming system according to the fourth embodiment uses the roaming terminal identifier instead of the home operator identifier. Thus, the wireless terminal 101 is identified based on the roaming terminal identifier and the temporary ID.

  For example, in step 2105, the radio base station 105 distributes the received terminal authentication request to the roaming ID management server 106 or the ID management server 103 based on the presence or absence of the roaming terminal identifier. Other operations are the same as the uploading by the roaming system according to the first embodiment shown in FIG. 15 and the uploading by the roaming system according to the second embodiment shown in FIG.

  Next, with reference to FIG. 22, the operation of the roaming system in the case of downloading in the case of roaming will be described using the case where data is downloaded from the terminal 202 to the wireless terminal 101 as an example.

  The difference between the download by the roaming system according to the first embodiment shown in FIG. 16 and the download by the roaming system according to the second embodiment shown in FIG. 22 is the same as in the case of the upload. In the roaming system according to the second embodiment, the wireless terminal 101 is identified based on the home operator identifier and the temporary ID in the roaming destination network, whereas in the roaming system according to the second embodiment, the home operator identifier is used. Instead, the wireless terminal 101 is identified based on the roaming terminal identifier and the temporary ID using the roaming terminal identifier.

  For example, in step S2212, the radio base station 105 distributes the received terminal authentication request to the roaming ID management server 106 or the ID management server 103 based on the presence or absence of the roaming terminal identifier. Other operations are the same as the download by the roaming system according to the first embodiment shown in FIG. 16 and the download by the roaming system according to the second embodiment shown in FIG.

<Third Embodiment>
Next, a roaming system according to the third embodiment will be described. Here, only a difference between the roaming system according to the first embodiment and the roaming system according to the third embodiment will be described.

  In the third embodiment, the combination management of the real ID and the temporary ID is performed by the roaming network. As a method for ensuring the uniqueness of the temporary ID in the roaming network, the uniqueness is ensured by dividing the range of the temporary ID for home use and for roaming. Further, the distribution at the radio base station is performed to the home terminal ID management server and the roaming ID management server according to the presence / absence of the home network operator identifier and the range of the temporary ID. Here, dividing the range of the temporary ID is to include identification information, which is information indicating whether or not the terminal is a roaming terminal, as part of the temporary ID.

  First, with reference to FIG. 26, a temporary ID generation flow in which a range is divided as an example will be described. In the temporary ID generation flow of FIG. 26, step S403A is added after step S403, in contrast to the temporary ID generation flow of FIG. In step S403A, it is determined whether or not the most significant bit of the temporary ID generated in the NEXT temporary ID generation in step S403 is 0. If the result of determination in step S403A is that the most significant bit is not 0 (NO), step 403 is repeated again. On the other hand, if the result of the determination in step S403A is that the most significant bit is 0 (YES), the process proceeds to the next step as in FIG.

  As described above, the temporary ID generated by the temporary ID generation flow of FIG. 26 determines whether or not the most significant bit of the temporary ID generated in the NEXT temporary ID generation in step S403 is “0”. Is added, the most significant bit is always 0.

  Here, in the temporary ID generation flow of FIG. 26, instead of the previous step S430A, it is determined whether or not “the most significant bit of the temporary ID generated in the NEXT temporary ID generation in step S403 is 1”. And In this case, the temporary ID generated by the temporary ID generation flow of FIG. 26 is determined by step S403B in which “determine whether the most significant bit of the temporary ID generated in the NEXT temporary ID generation in step S403 is 1” or not. Due to the addition, the most significant bit is always 1.

  Therefore, for example, in the roaming ID management server 106 or the roaming ID management server 206 that generates a temporary ID for a roaming terminal, the temporary ID generation flow in FIG. 26 in which step S403B is added to the temporary ID generation flow in FIG. Execute, and generate a temporary ID with “the most significant bit is 1.”

  Conversely, the ID management server 103 or ID management server 203 that generates a temporary ID for the home terminal executes the temporary ID generation flow of FIG. 26 in which step S403A is added to the temporary ID generation flow of FIG. A temporary ID whose upper bit is “0” is generated.

As described above, by detecting whether the most significant bit of the temporary ID is 1 or 0, it is determined whether the terminal of the temporary ID is a roaming terminal or a home terminal. It becomes possible to judge.
Further, the roaming terminal has uniqueness within the roaming network and the home terminal has uniqueness within the home network due to the temporary ID other than the most significant bit. Therefore, the terminal has uniqueness in the roaming network and the home network by all the bits of the temporary ID.

  Here, the identification is made based on whether the most significant bit of the temporary ID is 1 or 0. However, the identification is not limited to this, and can be identified by an arbitrary bit position or an arbitrary number of bits in the temporary ID. It may be.

  Note that, based on the value of the roaming terminal identifier described with reference to FIG. 13, the wireless terminal adds the temporary ID by adding Step S403A or Step S403B described above to the temporary ID generation flow of FIG. You may make it produce | generate. Further, an ID management server such as the roaming ID management server 206 also generates a temporary ID based on the roaming terminal identifier so as to add step S403A or step S403B described above to the temporary ID generation flow of FIG. You may make it do. The ID management server based on the roaming terminal identifier means based on information included in the terminal authentication request received from the wireless terminal 101.

Next, the operation of the roaming system in the case where the first authentication is performed when the wireless terminal 101 roams when the temporary ID range is divided will be described with reference to FIG. Here, only differences from the initial authentication when the wireless terminal 101 in FIG. 14 roams will be described.
In FIG. 23, when the roaming ID management server 106 generates a temporary ID in step S2316, the temporary ID is generated in the roaming range. In step S2316, the roaming ID management server 106 generates a temporary ID in which the ranges described above are divided. Further, the wireless base station 105 and the wireless terminal 101 identify each other only with a temporary ID that is divided into ranges.

Next, the operation of the roaming system when uploading data from the wireless terminal 101 to the terminal 202 when the range of the temporary ID is divided will be described with reference to FIG. Here, only differences from the operation of the roaming system when data is uploaded from the wireless terminal 101 to the terminal 202 in FIG. 15 will be described.
In step 2409, when the roaming ID management server 106 generates a temporary ID, it generates a temporary ID in the roaming range. Further, the wireless base station 105 and the wireless terminal 101 identify each other only with a temporary ID that is divided into ranges. For example, in step 2405, the radio base station 105 looks at the temporary ID range and assigns it to the roaming ID management server 106 or the ID management server 103.

Next, the operation of the roaming system when data is downloaded from the terminal 202 to the wireless terminal 101 when the temporary ID range is divided will be described using FIG. Here, only differences from the operation of the roaming system when data is downloaded from the terminal 202 of FIG. 16 to the wireless terminal 101 will be described.
In step 2516, when the roaming ID management server 106 generates a temporary ID, it generates a temporary ID in the roaming range. Further, the wireless base station 105 and the wireless terminal 101 identify each other only with a temporary ID that is divided into ranges. For example, in step 2511, the radio base station 105 looks at the temporary ID range and assigns it to the roaming ID management server 106 or the ID management server 103.

<Fourth Embodiment>
Next, a roaming system according to the fourth embodiment will be described. Here, only the difference between the roaming system according to the first embodiment and the roaming system according to the fourth embodiment will be described.

  In the fourth embodiment, the home network executes a combination management process of the real ID and the temporary ID. Further, as a method for ensuring the uniqueness of the temporary ID in the roaming network, the uniqueness is determined by the combination of the temporary ID and the home network operator identifier. Further, the distribution at the radio base station is performed according to the presence / absence of the home network operator identifier, to the ID management server for the home terminal and the roaming ID management server for the roaming terminal.

Next, the operation of the roaming system when the first authentication is performed when the wireless terminal 101 roams when the home network executes the combination management process of the real ID and the temporary ID will be described with reference to FIG. Here, only differences from the initial authentication when the wireless terminal 101 in FIG. 14 roams will be described.
In step S2714, the ID management server 203 generates a NEXT temporary ID. In step S2714, the ID management server 203 generates a temporary ID that is unique within the home network.

  In steps S2715 and S2716, the ID management server 203 determines that the initial temporary ID, home network operator identifier, NW authentication key, temporary ID hash count, initial registration count, real ID, wireless terminal authentication secret information, and NW A terminal authentication response including authentication secret information is transmitted to the roaming ID management server 106 via the roaming ID management server 206. In this terminal authentication response, since the temporary ID has already been generated in step S2714, information for generating the temporary ID, for example, the initial temporary ID hash type may not be included.

  Next, the operation of the roaming system when data is uploaded from the wireless terminal 101 to the terminal 202 when the home network executes the combination management process of the real ID and the temporary ID will be described with reference to FIG. Here, only differences from the operation of the roaming system when data is uploaded from the wireless terminal 101 to the terminal 202 in FIG. 15 will be described.

  In steps S2808 to S2811, the ID management server 203 searches for the real ID (step S2808), authenticates the wireless terminal (step S2809), generates an NW authentication key (step S2810), and generates a NEXT temporary ID. (Step S2811). In step S2811, the ID management server 203 generates a temporary ID that is unique within the home network.

  Next, the operation of the roaming system when data is downloaded from the terminal 202 to the wireless terminal 101 when the home network executes the combination management process of the real ID and the temporary ID will be described with reference to FIG. Here, only differences from the operation of the roaming system when data is downloaded from the terminal 202 of FIG. 16 to the wireless terminal 101 will be described.

  In steps S2915 to S2918, the ID management server 203 searches the real ID (step S2915), authenticates the wireless terminal (step S2916), generates an NW authentication key (step S2917), and generates a NEXT temporary ID. (Step S2018). In step S2918, the ID management server 203 generates a temporary ID that is unique within the home network.

<Fifth Embodiment>
Next, a roaming system according to the fifth embodiment will be described. Here, only a difference between the roaming system according to the first embodiment and the roaming system according to the fifth embodiment will be described.

  In the fifth embodiment, the combination management of the real ID and the temporary ID is performed by the roaming network. In addition, to ensure the uniqueness of the temporary ID in the roaming network, the roaming terminal and the home terminal are managed by one ID management server, and the temporary ID is generated by using the ID management server to ensure the uniqueness. To do. Further, the distribution at the wireless base station does not distribute the roaming or home ID management server at the wireless base station.

  First, an ID management DB table stored in the ID management DB 104 according to the fifth embodiment will be described with reference to FIG. The ID management DB table stored in the ID management DB 104 in the fifth embodiment shown in FIG. 33 is compared with the ID management DB table stored in the ID management DB 104 in the first embodiment described with reference to FIG. A home network operator identifier has been added. The ID management DB 104 in the fifth embodiment stores all home network operator identifiers and roaming network operator identifiers in the ID management DB table stored in the ID management DB 104 shown in FIG. You can manage the terminal. Therefore, the ID management server 103 can uniquely generate a temporary ID for all terminals in the area using the ID management DB 104.

  Next, the operation of the roaming system when the wireless terminal 101 performs roaming when the roaming terminal and the home terminal are managed by one ID management server will be described with reference to FIG. Here, only differences from the initial authentication when the wireless terminal 101 in FIG. 14 roams will be described.

  The roaming ID management server 106 and the roaming ID management DB 107 in FIG. 14 are changed to the ID management server 103 and the ID management DB 104 in FIG. 30, and the ID management server 103 is changed to the wireless terminal 101 in step S3007. Next home network is recorded, and a NEXT temporary ID is generated in step S3018. In step S3018, the ID management server 103 uses the ID management server 103 of the roaming network, regardless of whether the terminal for which the temporary ID is generated is a roaming terminal or a home terminal. A temporary ID that is unique among the temporary IDs stored in is generated.

  Also, the wireless terminal 101 and the wireless base station 105 identify each other using only the temporary ID. In addition, the roaming ID management server 206 executes processing for transferring information between the ID management server 103 and the roaming ID management server 206.

  As described above, in the fifth embodiment, since the information in the roaming ID management DB 107 is integrated into the ID management DB 104, the roaming ID management DB 107 is not necessarily required. Further, since the ID management server 103 executes the processing of the roaming ID management server 106 in roaming, the roaming ID management server 106 is not necessarily required, and the roaming ID management server 106 may be used as a gateway server.

  Next, the operation of the roaming system when uploading data from the wireless terminal 101 to the terminal 202 when the roaming terminal and the home terminal are managed by one ID management server will be described with reference to FIG. Here, only differences from the operation of the roaming system when data is uploaded from the wireless terminal 101 to the terminal 202 in FIG. 15 will be described.

  Similarly to the description in FIG. 30, the roaming ID management server 106 and the roaming ID management DB 107 in FIG. 15 are changed to the ID management server 103 and the ID management DB 104 in FIG. Further, the ID management server 103 searches the real ID (step S3106), authenticates the wireless terminal (step S3107), generates an NW authentication key (step S3108), and generates a NEXT temporary ID (step S3109). In step S3109, the ID management server 103 uses the ID management server 103 of the roaming network, regardless of whether the terminal for which the temporary ID is generated is a roaming terminal or a home terminal. A temporary ID that is unique among the temporary IDs stored in is generated.

  Next, the operation of the roaming system when data is downloaded from the terminal 202 to the wireless terminal 101 when the roaming terminal and the home terminal are managed by one ID management server will be described using FIG. Here, only differences from the operation of the roaming system when data is downloaded from the terminal 202 of FIG. 16 to the wireless terminal 101 will be described.

  Similarly to the description in FIG. 30, the roaming ID management server 106 and the roaming ID management DB 107 in FIG. 16 are changed to the ID management server 103 and the ID management DB 104 in FIG. Further, the ID management DB 104 searches the real ID (step S3214), authenticates the wireless terminal (step S3215), generates an NW authentication key (step S3216), and generates a NEXT temporary ID (step S3217). In step S3217, the ID management server 103 uses the ID management server 103 of the roaming network, regardless of whether the terminal for which the temporary ID is generated is a roaming terminal or a home terminal. A temporary ID that is unique among the temporary IDs stored in is generated.

<Sixth Embodiment>
Next, a roaming system according to a sixth embodiment will be described. Here, only a difference between the roaming system according to the first embodiment and the roaming system according to the sixth embodiment will be described.

  The roaming system according to the sixth embodiment is a roaming system when initial registration is not performed in the initial authentication when roaming. In the first to fifth embodiments described above, the wireless terminal 101 immediately after roaming performs initial registration. On the other hand, in the roaming system according to the sixth embodiment, the wireless terminal 101 immediately after roaming takes over the temporary ID between the home network and the roaming network, so that the wireless terminal 101 does not perform initial registration. Makes it possible to roam.

  Here, in the sixth embodiment, like the fifth embodiment, the ID management server 103 and the ID management DB 104 manage all the terminals in the service area without distinguishing between home terminals and roaming terminals. It will be described as being.

Next, the operation of the roaming system when the first authentication is performed when the wireless terminal 101 roams in the sixth embodiment will be described with reference to FIG. Here, only differences from the initial authentication when the wireless terminal 101 roams in the fifth embodiment of FIG. 30 will be described.
First, in the fifth embodiment of FIG. 30, the wireless terminal 101 generates an initial temporary ID in step S3003. However, in the sixth embodiment of FIG. 34, no initial temporary ID is generated. As will be described below, this is because the wireless terminal 101 transmits a temporary ID instead of an initial temporary ID in step S3404.

  In step S3404, the wireless terminal 101 sends a terminal authentication request including an authentication type indicating normal authentication, a temporary ID, a home network operator identifier, and a wireless terminal authentication key to the ID via the wireless base station 105. Transmit to the management server 103.

  Further, in steps S3418 to S3421, the initial temporary ID is used in the fifth embodiment, whereas the wireless terminal 101 and the wireless base station 105 use the temporary ID in the sixth embodiment. Are distinguished from each other.

  Further, in step S3416, although the ID management server 103 performs normal authentication, initial registration has occurred when performing the first authentication at the time of roaming, such as when the terminal described next with reference to FIG. 35 is restarted. The ID management DB 104 stores the initial registration count and the initial temporary ID hash type, which are information required at this time.

  Next, the operation of the roaming system when the wireless terminal 101 performs initial registration in the roaming network will be described using FIG. Note that the initial registration here refers to, for example, when an initial temporary ID is generated again when the terminal is turned on from a state where the terminal is in the roaming network, and when the terminal is turned on. This means initial registration when the initial temporary ID generated in the roaming network is registered for the first time after activation.

  When the wireless terminal 101 is initially registered in the roaming network, the difference from the case where the wireless terminal 101 is initially registered in the home network is that, after the initial temporary ID is registered, in step S3518, the ID management server 103 A terminal information notification including the real ID and the initial registration count is transmitted to the ID management server 203 via the roaming ID management server 106 and the roaming ID management server 206. In step S3521, the ID management server 203 The initial registration count corresponding to the real ID included in the information notification is updated to the initial registration count included in the received terminal information notification.

  Thereby, the initial registration count of the wireless terminal 101 can be centrally managed by the ID management server of the home network, in this case, the ID management server 203. Therefore, it is possible to share a temporary ID between the wireless terminal 101 and the ID management server 203 and identify each other using the temporary ID.

  The ID management DB 104, the roaming ID management DB 107, the roaming ID management server 206, the roaming ID management DB 207, the wireless base station storage unit, or the wireless terminal storage unit are a hard disk device, a magneto-optical disk device, a flash memory, or the like. Non-volatile memory, a storage medium that can only be read, such as a CR-ROM, a volatile memory such as a RAM (Random Access Memory), or a combination thereof.

  The server that is the ID management server 103, the roaming ID management server 106, the ID management server 203, or the roaming ID management server 206 may be realized by dedicated hardware. This server may be configured by a memory and a CPU (central processing unit), and the function may be realized by loading a program for realizing the function of the processing unit 30 into the memory and executing the program.

  Further, the server function may be performed by recording a program for realizing the server function on a computer-readable recording medium, causing the computer system to read and execute the program recorded on the recording medium. Good. Here, the “computer system” includes an OS and hardware such as peripheral devices.

Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW system is used.
The “computer-readable recording medium” refers to a portable medium such as a flexible disk, a magneto-optical disk, a ROM, and a CD-ROM, and a storage device such as a hard disk built in the computer system. Furthermore, the “computer-readable recording medium” dynamically holds a program for a short time like a communication line when transmitting a program via a network such as the Internet or a communication line such as a telephone line. In this case, a volatile memory in a computer system serving as a server or a client in that case, and a program that holds a program for a certain period of time are also included. The program may be a program for realizing a part of the functions described above, and may be a program capable of realizing the functions described above in combination with a program already recorded in a computer system.

  The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes design and the like within a scope not departing from the gist of the present invention.

It is a block diagram which shows the structure of the data communication system to which the terminal identification method used by this invention is applied. It is the block diagram which showed the calculation method of temporary ID used in the data communication system of FIG. FIG. 2 is a block diagram showing an example of stored contents of an ID management DB 104 used in the data communication system of FIG. 1. It is the flowchart which showed the temporary ID production | generation flow used in the data communication system of FIG. It is the flowchart which showed this ID search flow used in the data communication system of FIG. 3 is a flowchart for illustrating upload from a terminal in the data communication system of FIG. 1. 2 is a flowchart for explaining a download from a terminal in the data communication system of FIG. 1. It is a block diagram which shows the structure of the roaming system by this embodiment. It is explanatory drawing explaining the ID management table for roaming memorize | stored in ID management DB107 for roaming. It is explanatory drawing explaining the ID management table memorize | stored in ID management DB104. It is explanatory drawing explaining the radio base station holding | maintenance data table which the radio base station 105 hold | maintains. FIG. 6 is an explanatory diagram illustrating retained data stored in a wireless terminal storage unit of the wireless terminal 101. It is a flowchart which determines the movement of a wireless terminal between networks. It is a sequence diagram of the roaming system in the case of roaming according to the first embodiment. It is a sequence diagram of a roaming system when uploading according to the first embodiment. It is a sequence diagram of a roaming system when downloading according to the first embodiment. It is a sequence diagram of the roaming system when returning to the home network according to the first embodiment. It is a flowchart which produces | generates initial temporary ID. It is the flowchart 1 which produces | generates temporary ID. It is the flowchart 2 which produces | generates temporary ID. It is a sequence diagram of a roaming system when uploading according to the second embodiment. It is a sequence diagram of the roaming system in the case of downloading according to the second embodiment. It is a sequence diagram of the roaming system in the case of roaming by 3rd Embodiment. It is a sequence diagram of a roaming system when uploading according to a third embodiment. It is a sequence diagram of the roaming system in the case of downloading by 3rd Embodiment. It is a flowchart figure which produces | generates temporary ID by 3rd Embodiment. It is a sequence diagram of the roaming system in the case of roaming by 4th Embodiment. It is a sequence diagram of the roaming system in the case of uploading by 4th Embodiment. It is a sequence diagram of the roaming system in the case of downloading by 4th Embodiment. It is a sequence diagram of the roaming system in the case of roaming by 5th Embodiment. It is a sequence diagram of a roaming system when uploading according to a fifth embodiment. It is a sequence diagram of the roaming system in the case of downloading by 5th Embodiment. It is explanatory drawing explaining the ID management table memorize | stored in ID management DB104 by 5th Embodiment. It is a sequence diagram of the roaming system in the case of roaming by 6th Embodiment. It is a sequence diagram of the roaming system when the terminal by 6th Embodiment starts. It is explanatory drawing explaining transition of temporary ID. It is explanatory drawing explaining the use range of real ID and temporary ID in a roaming system.

Explanation of symbols

101, 201 Wireless terminal 102, 202 Terminal 103, 203 ID management server 104, 204 ID management DB
105, 205 Wireless base station 108, 109, 208, 209, 301 Network 106, 206 Roaming ID management server 107, 207 Roaming ID management DB

Claims (17)

A terminal, a home network server that accommodates the terminal, a home network server whose network identifier is a home network identifier, a roaming network server that is a roaming destination of the terminal, and the network identifier is a roaming network identifier A roaming system having a roaming network server,
The home network server, the roaming network server, and the terminal each store a first hash function H in advance,
The terminal is
The home network identifier, a predetermined initial temporary ID hash type unique to the terminal, an initial temporary ID generated in advance so as to be unique in the home network based on the initial temporary ID hash type, and the initial A terminal storage unit that stores a temporary ID hash number that is the number of times the temporary ID hash type is hashed;
Based on the home network identifier and the roaming network identifier, a roaming detection unit that detects that the terminal has entered the range of the roaming network;
If the roaming detection unit detects that the terminal has entered the roaming area, the terminal authentication request is transmitted as a terminal authentication request in association with the home network identifier read from the terminal storage unit and the initial temporary ID. A transmission unit;
Have
The roaming network server is
A terminal authentication request transfer unit that receives the terminal authentication request and transfers an initial temporary ID included in the received terminal authentication request to the home network server based on a home network identifier included in the received terminal authentication request;
Have
The home network server is
An ID management storage unit that associates the main ID for uniquely identifying the terminal in all networks, the initial temporary ID hash type, the temporary ID hash count, and the initial temporary ID for each terminal;
A main ID detection unit that reads and detects a main ID corresponding to the received initial temporary ID from the ID management storage unit in response to receiving the initial temporary ID;
Terminal authentication response transmission that reads the real ID detected by the real ID detection unit, the number of temporary ID hashes corresponding to the real ID, and the initial temporary ID hash type from the ID management storage unit and transmits them as a terminal authentication response And
Have
The roaming network server is
The terminal authentication response is received from the roaming network server, and a temporary ID is generated based on the temporary ID hash count, the initial temporary ID hash type, and the first hash function H included in the received terminal authentication response. A NEXT temporary ID generation unit;
A terminal authentication response transmission unit that transmits a temporary ID generated by the NEXT temporary ID generation unit and a temporary ID hash number that is the number of hashes generated by the NEXT temporary ID generation unit to the terminal as a terminal authentication response. When,
Have
The terminal is
The terminal authentication response is received from the roaming network server, the temporary ID hash count stored in the terminal storage unit is updated with the temporary ID hash count included in the received terminal authentication response, and read from the terminal storage unit A terminal temporary ID generation unit that generates a temporary ID by hashing the initial temporary ID hash type read from the terminal storage unit by the number of temporary ID hashes with the first hash function H;
Have
The terminal and the roaming network server;
Identifying each other by determining that the generated temporary IDs match each other;
Roaming system characterized by that. The roaming network server is
An ID management unit storing a temporary ID of a roamed terminal in the roaming network;
The NEXT temporary ID generation unit
Update the temporary ID hash count so that it does not match the temporary ID stored in the ID management unit to generate the temporary ID,
The terminal and the roaming network server;
Send and receive the generated temporary ID and the home network identifier as a set,
By identifying that the set of the generated temporary ID and the home network identifier match each other,
The roaming system according to claim 1. The roaming network server is
An ID management unit storing a temporary ID of a roamed terminal in the roaming network;
The NEXT temporary ID generation unit
Update the temporary ID hash count so that it does not match the temporary ID stored in the ID management unit to generate the temporary ID,
The terminal and the roaming network server;
Transmitting and receiving the generated temporary ID and a roaming terminal identifier indicating whether or not the terminal is a roaming terminal as a set;
By identifying that the set of the generated temporary ID and the roaming terminal identifier match each other,
The roaming system according to claim 1. The roaming network server is
An ID management unit storing a temporary ID of a roamed terminal in the roaming network;
The NEXT temporary ID generation unit
The temporary ID is included in a part of the temporary ID so as not to match the temporary ID stored in the ID management unit and includes identification information, which is information indicating whether or not the terminal is a roaming terminal. Update the ID hash count to generate the temporary ID that is unique in the roaming network,
The roaming system according to claim 1. The roaming network server is
An ID management unit that stores temporary IDs of all terminals in the roaming network;
The NEXT temporary ID generation unit
Updating the temporary ID hash count so that it does not match the temporary ID stored in the ID management unit to generate the temporary ID that is unique in the roaming network;
The roaming system according to claim 1. The terminal storage unit of the terminal is
Information for generating a new initial temporary ID hash type by performing a logical operation on the home network identifier, the initial temporary ID hash type, the initial temporary ID, the temporary ID hash count, and the initial temporary ID hash type. Memorize the initial registration count,
The ID management storage unit of the home network server
Storing the real ID, the initial temporary ID hash type, the temporary ID hash count, the initial temporary ID, and the initial registration count in association with each terminal;
The terminal authentication response transmitter of the home network server,
The initial registration count corresponding to the real ID is included in the terminal authentication response and transmitted,
The NEXT temporary ID generation unit of the roaming network server
The terminal authentication response is received, and an initial temporary ID hash type included in the received terminal authentication response is logically calculated based on the number of initial registrations included in the received terminal authentication response to generate a new initial temporary ID hash type And generating the temporary ID based on the generated initial temporary ID hash type,
The terminal authentication response transmitter of the roaming network server,
Transmitting a terminal authentication response including the initial registration count included in the received terminal authentication response to the terminal;
The terminal temporary ID generation unit of the terminal
The terminal authentication response is received from the roaming network server, and the initial temporary ID hash type read out from the terminal storage unit is logically calculated based on the initial registration count included in the received terminal authentication response, and a new initial temporary ID hash type And generating the temporary ID based on the generated initial temporary ID hash type,
The roaming system according to claim 1, wherein: A terminal, a home network server that accommodates the terminal, a home network server whose network identifier is a home network identifier, a roaming network server that is a roaming destination of the terminal, and the network identifier is a roaming network identifier A roaming system having a roaming network server,
The home network server, the home network server, and the terminal each store a first hash function H in advance,
The terminal is
The home network identifier, a predetermined initial temporary ID hash type unique to the terminal, an initial temporary ID generated in advance so as to be unique in the home network based on the initial temporary ID hash type, and the initial A terminal storage unit that stores a temporary ID hash number that is the number of times the temporary ID hash type is hashed;
Based on the home network identifier and the roaming network identifier, a roaming detection unit that detects that the terminal has entered the range of the roaming network;
If the roaming detection unit detects that the terminal has entered the roaming area, the terminal authentication request is transmitted as a terminal authentication request in association with the home network identifier read from the terminal storage unit and the initial temporary ID. A transmission unit;
Have
The roaming network server is
A terminal authentication request transfer unit that receives the terminal authentication request and transfers an initial temporary ID included in the received terminal authentication request to the home network server based on a home network identifier included in the received terminal authentication request;
Have
The home network server is
An ID management storage unit that associates the main ID for uniquely identifying the terminal in all networks, the initial temporary ID hash type, the temporary ID hash count, and the initial temporary ID for each terminal;
A main ID detection unit that reads and detects a main ID corresponding to the received initial temporary ID from the ID management storage unit in response to receiving the initial temporary ID;
The temporary ID hash count and initial temporary ID hash type corresponding to the real ID detected by the real ID detection unit are read from the ID management storage unit, and the read temporary ID hash count, initial temporary ID hash type and the first temporary ID hash type are read out from the ID management storage unit. A NEXT temporary ID generation unit that generates a unique temporary ID in the home network that is different from the temporary ID stored in the ID management storage unit, based on the hash function H of
A terminal authentication response transmission unit that transmits, as a terminal authentication response, a temporary ID generated by the NEXT temporary ID generation unit and a temporary ID hash number that is the number of hashes that the NEXT temporary ID generation unit has generated the temporary ID;
Have
The roaming network server is
A terminal authentication response transfer unit for transferring a terminal authentication response received from the home network server to the terminal;
Have
The terminal is
Receiving the terminal authentication response, updating the temporary ID hash number stored in the terminal storage unit with the temporary ID hash number included in the received terminal authentication response, and reading the temporary ID hash number read from the terminal storage unit A temporary terminal ID generation unit that generates a temporary ID by hashing the initial temporary ID hash type read from the terminal storage unit with the first hash function H,
Have
The terminal and the roaming network server;
Send and receive the generated temporary ID and the home network identifier as a set,
By identifying that the set of the generated temporary ID and the home network identifier match each other,
Roaming system characterized by that. The terminal storage unit of the terminal is
Information for generating a new initial temporary ID hash type by performing a logical operation on the home network identifier, the initial temporary ID hash type, the initial temporary ID, the temporary ID hash count, and the initial temporary ID hash type. Memorize the initial registration count,
The ID management storage unit of the home network server
Storing the real ID, the initial temporary ID hash type, the temporary ID hash count, the initial temporary ID, and the initial registration count in association with each terminal;
The NEXT temporary ID generation unit of the home network server
The temporary ID hash number, the initial temporary ID hash type, and the initial registration number corresponding to the real ID detected by the real ID detection unit are read from the ID management storage unit, and the read initial temporary ID hash type is read from the initial stage. A logical operation is performed based on the number of registrations to generate a new initial temporary ID hash type, the temporary ID is generated based on the generated initial temporary ID hash type,
The terminal authentication response transmitter of the home network server,
Send the terminal authentication response transmitter including the read initial registration count,
The terminal temporary ID generation unit of the terminal
Receiving the terminal authentication response, updating the temporary ID hash count and initial registration count stored in the terminal storage unit with the temporary ID hash count and initial registration count included in the received terminal authentication response, The initial temporary ID hash type read from the terminal storage unit is logically calculated based on the initial registration count read from the terminal storage unit to generate a new initial temporary ID hash type, and based on the generated initial temporary ID hash type Generate a temporary ID,
The roaming system according to claim 7. A terminal, a home network server that accommodates the terminal, a home network server whose network identifier is a home network identifier, a roaming network server that is a roaming destination of the terminal, and the network identifier is a roaming network identifier A roaming system having a roaming network server,
The home network server, the roaming network server, and the terminal each store a first hash function H in advance,
The terminal is
The home network identifier, a predetermined initial temporary ID hash type unique to the terminal, an initial temporary ID generated in advance so as to be unique in the home network based on the initial temporary ID hash type, and the initial A terminal storage unit that stores a temporary ID hash number that is the number of times the temporary ID hash type is hashed;
Based on the home network identifier and the roaming network identifier, a roaming detection unit that detects that the terminal has entered the range of the roaming network;
When the roaming detection unit detects that the terminal has entered the roaming area, a terminal authentication request transmission is performed in which the home network identifier read from the terminal storage unit is associated with the temporary ID and transmitted as a terminal authentication request. And
Have
The roaming network server is
A terminal authentication request transfer unit that receives the terminal authentication request and transfers a temporary ID included in the received terminal authentication request to the home network server based on a home network identifier included in the received terminal authentication request;
Have
The home network server is
An ID management storage unit that associates the main ID for uniquely identifying the terminal in all networks, the initial temporary ID hash type, the temporary ID hash count, and the temporary ID, and stores the ID for each terminal;
A main ID detection unit that reads and detects a main ID corresponding to the received temporary ID from the ID management storage unit in response to receiving the temporary ID;
Terminal authentication response transmission that reads the real ID detected by the real ID detection unit, the number of temporary ID hashes corresponding to the real ID, and the initial temporary ID hash type from the ID management storage unit and transmits them as a terminal authentication response And
Have
The roaming network server is
The terminal authentication response is received from the roaming network server, and a temporary ID is generated based on the temporary ID hash count, the initial temporary ID hash type, and the first hash function H included in the received terminal authentication response. A NEXT temporary ID generation unit;
A terminal authentication response transmission unit that transmits a temporary ID generated by the NEXT temporary ID generation unit and a temporary ID hash number that is the number of hashes generated by the NEXT temporary ID generation unit to the terminal as a terminal authentication response. When,
Have
The terminal is
The terminal authentication response is received from the roaming network server, the temporary ID hash count stored in the terminal storage unit is updated with the temporary ID hash count included in the received terminal authentication response, and read from the terminal storage unit A terminal temporary ID generation unit that generates a temporary ID by hashing the initial temporary ID hash type read from the terminal storage unit by the number of temporary ID hashes with the first hash function H;
Have
The terminal and the roaming network server;
Identifying each other by determining that the generated temporary IDs match each other;
Roaming system characterized by that. The terminal storage unit of the terminal is
Information for generating a new initial temporary ID hash type by performing a logical operation on the home network identifier, the initial temporary ID hash type, the initial temporary ID, the temporary ID hash count, and the initial temporary ID hash type. Memorize the initial registration count,
The ID management storage unit of the home network server
Storing the real ID, the initial temporary ID hash type, the temporary ID hash count, the initial temporary ID, and the initial registration count in association with each terminal;
The terminal authentication response transmitter of the home network server,
The initial registration count corresponding to the real ID is included in the terminal authentication response and transmitted,
The NEXT temporary ID generation unit of the roaming network server
The terminal authentication response is received, and an initial temporary ID hash type included in the received terminal authentication response is logically calculated based on the number of initial registrations included in the received terminal authentication response to generate a new initial temporary ID hash type And generating the temporary ID based on the generated initial temporary ID hash type,
A terminal authentication response transmitter of the roaming network server transmits a terminal authentication response including an initial registration count included in the received terminal authentication response to the terminal;
The terminal temporary ID generation unit of the terminal
The terminal authentication response is received from the roaming network server, and the initial temporary ID hash type read out from the terminal storage unit is logically calculated based on the initial registration count included in the received terminal authentication response, and a new initial temporary ID hash type And generating the temporary ID based on the generated initial temporary ID hash type,
The roaming system according to claim 9. The roaming network server is
A terminal information notifying unit for transmitting a terminal information notification including the real ID corresponding to the terminal and the initial registration count to the received authentication completion to the home network server in response to receiving the authentication completion from the terminal;
The roaming network server is
In response to receiving the terminal information notification, the received terminal information notification includes the initial registration count stored in the ID management storage unit corresponding to the real ID included in the received terminal information notification. The initial registration number update part to update to the initial registration number,
The roaming system according to claim 10, comprising: The terminal authentication response transmitter of the home network server,
The main ID detected by the main ID detection unit and the temporary ID are included in the terminal authentication response as a set and transmitted.
The roaming network server is
A holding data storage unit for storing the main ID and the temporary ID included in the terminal authentication response received from the home network server in association with each other;
The roaming network server is
Based on the real ID and temporary ID stored in the retained data storage unit, send and receive information to and from the terminal,
The roaming system according to claim 1, wherein the system is a roaming system. The ID management storage unit of the home network server
Storing the roaming network identifier, the main ID, the initial temporary ID hash type, the temporary ID hash count, and the initial temporary ID in association with each terminal;
The home network server is
In response to receiving the terminal authentication request from the roaming network server, based on communication connection information between the roaming network server or a terminal authentication request transfer unit of the roaming network server, the roaming network of the roaming network server A roaming network identifier detection unit for detecting and acquiring the identifier;
A visited roaming network recording unit that updates the roaming network identifier of the ID management storage unit corresponding to the initial temporary ID included in the received terminal authentication request to the roaming network identifier acquired by the roaming network identifier detection unit;
Have
When the roaming detection unit of the terminal detects movement of the terminal from the roaming network to the home network, the terminal authentication request transmission unit transmits the initial temporary ID as the terminal authentication request,
The home network server is
When a terminal authentication request including only the initial temporary ID is received, the real ID and the roaming network identifier corresponding to the initial temporary ID included in the received terminal authentication request are read from the ID management storage unit, and the read A terminal information deletion request unit that transmits a terminal information deletion request including the read main ID for deleting information related to the terminal identified by the real ID to the roaming network server identified by the read roaming network identifier;
Have
The roaming network server is
In response to receiving the terminal information deletion request, a terminal information deletion unit that deletes information stored in the retained data storage unit corresponding to the main ID included in the received terminal information deletion request,
The roaming system according to claim 12, comprising: The home network server reports the home network identifier as a notification signal;
The roaming network server broadcasts the roaming network identifier as a broadcast signal;
The terminal is
In the terminal storage unit, a visited network identifier that is a network identifier included in the previously received notification signal is stored,
The roaming detection unit
In response to receiving the broadcasted network identifier, by sequentially determining whether or not the received network identifier matches the visited network identifier and the home network identifier read from the terminal storage unit, Movement of the terminal in the home network, movement from the home network to the roaming network, movement from the roaming network to the home network, or other in the roaming network or from the roaming network Detect which of the movements to the roaming network,
The roaming system according to claim 1, wherein: The home network server, the roaming network server, and the terminal each store a second hash function G in advance,
The NEXT temporary ID generation unit and the terminal temporary ID generation unit are
The temporary ID generated is further hashed with the second hash function G to generate the temporary ID.
The roaming system according to claim 1, wherein the system is a roaming system. A terminal, a home network server that accommodates the terminal, a home network server whose network identifier is a home network identifier, a roaming network server that is a roaming destination of the terminal, and the network identifier is a roaming network identifier A roaming method used in a roaming system having a roaming network server,
The home network server, the roaming network server, and the terminal each store a first hash function H in advance,
The terminal is
Based on the home network identifier and the roaming network identifier, detecting that the terminal has entered the roaming network,
If it is detected that the terminal has entered the roaming network, the home network identifier, a predetermined initial temporary ID hash type unique to the terminal, and the home based on the initial temporary ID hash type The home network identifier and the initial temporary ID read from the terminal storage unit storing the initial temporary ID generated in advance so as to be unique in the network and the temporary ID hash count that is the number of times the initial temporary ID hash type is hashed. Send the device authentication request in association with the ID,
The roaming network server is
Receiving the terminal authentication request, transferring an initial temporary ID included in the received terminal authentication request to the home network server based on a home network identifier included in the received terminal authentication request;
The home network server is
In response to receiving the initial temporary ID, the terminal identifies each terminal uniquely identifying the terminal in all networks, associates the initial temporary ID hash type, the temporary ID hash count, and the initial temporary ID with each terminal. Read and detect the real ID corresponding to the received initial temporary ID from the stored ID management storage unit,
The detected real ID, the temporary ID hash count corresponding to the real ID, and the initial temporary ID hash type are read from the ID management storage unit and associated with each other, and transmitted as a terminal authentication response.
The roaming network server is
The terminal authentication response is received from the roaming network server, and a temporary ID is generated based on the temporary ID hash count, the initial temporary ID hash type, and the first hash function H included in the received terminal authentication response. ,
The generated temporary ID and the temporary ID hash count that is the hash count that generated the temporary ID are transmitted to the terminal as a terminal authentication response,
The terminal is
The terminal authentication response is received from the roaming network server, the temporary ID hash count stored in the terminal storage unit is updated with the temporary ID hash count included in the received terminal authentication response, and read from the terminal storage unit Hashing the initial temporary ID hash type read from the terminal storage unit by the number of temporary ID hashes with the first hash function H to generate a temporary ID,
The terminal and the roaming network server;
Identifying each other by determining that the generated temporary IDs match each other;
A roaming method characterized by the above. In a terminal identification method for identifying the terminal in communication via a network between a home network server and a terminal and a roaming network server and the terminal,
The first hash function H is shared in advance by both the home network server, the roaming network server, and the terminal,
The home network server and the terminal both share an initial value S (k, 0) unique to each terminal in advance,
In each of the home network server and the terminal, a temporary ID is calculated based on a value S (k, i) obtained by hashing the initial value S (k, 0) i times with the first hash function H,
By calculating the same temporary ID between the home network server and the terminal by using the same number of times of hashing between the home network server and the terminal, the terminal is identified using the temporary ID,
When the terminal roams to the roaming network server,
The roaming network server receives the initial value S (k, 0) and the number of times of hashing from the home network server;
In each of the roaming network server and the terminal, a temporary ID is calculated based on a value S (k, i) obtained by hashing the initial value S (k, 0) i times with the first hash function H;
By calculating the same temporary ID between the roaming network server and the terminal by using the same number of times of hashing between the roaming network server and the terminal, the terminal is identified using the temporary ID.
The terminal identification method characterized by the above-mentioned.

Images