JP2022180105A - Communication apparatus, device, communication system, and application writing method - Google Patents

Abstract

To continuously enable a tamper detection function to operate, even if a profile is changed in a SIM with the tamper detection function.SOLUTION: A communication apparatus includes a SIM which has a profile area for storing a profile to be used for using a line of a mobile network operator and an application area for storing an application for tamper detection. The profile area is separated from the application area.SELECTED DRAWING: Figure 1

Description

TECHNICAL FIELD The present invention relates to technology for converting non-IoT (Internet of Things) devices to IoT.

Due to the recent spread of IoT, there are many services using devices that have been commercialized as IoT devices from the beginning. An IoT device is a device that can connect to a network and exchange information with the outside.

On the other hand, there are many non-IoT devices such as machine tools that have been in use since before the spread of IoT.

In order to convert such non-IoT devices to IoT, there are cases where data collection and the like are realized by connecting external devices having network functions such as mobile networks and wireless LANs to non-IoT devices.

Among external devices with network functions, there are also devices in which a SIM (Subscriber Identity Module) is embedded, enabling construction of a more secure network. For example, data from non-IoT devices can be securely transmitted to a server or cloud.

JP 2014-164565 A

However, since the security of the non-IoT devices themselves has not been improved, there is a possibility that a virus or the like may be installed directly in the non-IoT devices to tamper with the information. In order to deal with this, it is conceivable to improve the security of non-IoT devices by incorporating a function to detect falsification into non-IoT devices or external devices.

However, unless the tampering detection function is installed in a secure environment, the tampering detection itself may be tampered with. In order to deal with this, it is conceivable to improve the security of the tampering detection function itself by installing tampering detection in the applet area of the SIM with high tamper resistance.

However, SIM in the prior art has a dependent relationship between the communication profile area and the applet area. Therefore, there is a problem that the falsification detection function is also turned off by switching the profile (that is, turning off the profile).

SUMMARY OF THE INVENTION The present invention has been made in view of the above points, and aims to provide a technique that enables the tampering detection function to continue to operate even when profile switching occurs in a SIM equipped with a tampering detection function. aim.

According to the disclosed technique, a communication device including a SIM,
The SIM is
a profile area for storing profiles used to utilize lines of mobile network operators;
an application area for storing an application for tampering detection,
A communication device is provided wherein the profile area and the application area are separated.

According to the disclosed technology, there is provided a technology that enables the tampering detection function to continue to operate even when profile switching occurs in a SIM having the tampering detection function.

1 is a configuration diagram of a communication system in Example 1; FIG. 4 is a sequence diagram in Example 1. FIG. FIG. 10 is a configuration diagram of a communication system in Example 2; FIG. 11 is a sequence diagram in Example 2; It is an example of the whole system configuration in Example 3. It is a figure which shows the outline|summary of a structure of SIM. FIG. 4 is a diagram showing an example of a configuration in which profiles and applets are linked; FIG. 4 is a diagram showing the concept of profile switching; FIG. 10 is a diagram showing an operation example of profile switching; It is a figure which shows the structural example of SIM. It is a figure which shows the hardware structural example of SIM. It is a figure which shows the software structural example of SIM. FIG. 10 is a diagram showing an example of applet writing operation; 1 is a diagram showing a configuration example of a communication device/equipment equipped with a SIM; FIG.

An embodiment (this embodiment) of the present invention will be described below with reference to the drawings. The embodiments described below are merely examples, and embodiments to which the present invention is applied are not limited to the following embodiments.

(Overview of Embodiment)
In the present embodiment, in order to convert non-IoT devices to IoT, the SIM applet area is modified as a SIM installed in a communication device that is used by connecting to a non-IoT device, or as a SIM installed inside a non-IoT device. Using a SIM loaded with a program (application) that performs sensing. In this embodiment, "tampering detection" refers to various processes for detecting fraud, such as detecting that information has been tampered with by malware, etc., and detecting attack traffic for downloading malware, etc. including. Further, "tampering detection" may include not only detection but also countermeasures such as guiding an attacker to a honeypot, which will be described later.

In addition, in this embodiment, by using a SIM in which the profile area and the applet area are separated, it is possible to keep the tampering detection function running even when the profile is switched. there is Note that the SIM in this embodiment may be called eSIM. An applet may also be called an application.

Examples 1 to 3 will be described below as examples of specific configurations and operations in this embodiment.

(Example 1)
FIG. 1 is a configuration diagram of a communication system according to the first embodiment. As shown in FIG. 1 , the communication system according to the first embodiment includes equipment 100 and communication device 200 . Communication device 200 is connected to network 300 .

The network 300 is, for example, a network including a radio access network, a core network (such as 5G core), and the Internet.

Device 100 is a non-IoT device. As an example, a machine tool or the like is used as the device 100 . Device 100 includes the functionality of a computer consisting of a CPU and memory.

The communication device 200 is an external device with a SIM and is used by being connected to the equipment 100 . Communication device 200 may also be referred to as a "dongle." Although the communication device 200 is assumed to be small, it is not limited to being small, and may be a PC or the like.

The communication device 200 may be any device as long as it has a wireless communication function, and may be, for example, a mobile terminal such as a smartphone, an M2M device, an IoT terminal, or the like.

As shown in FIG. 1, communication device 200 has communication control section 201 and SIM 202 . The SIM 202 also has a falsification detection unit 203 . A falsification detection unit 203 is a program (applet) for detecting falsification. The SIM 202 has a processor (CPU) and can execute programs by itself.

A communication control unit 201 communicates with the network 300 . The SIM 202 has a profile area and an applet area, which are separated. Details of the SIM 202 will be described in a third embodiment.

In the communication system according to the first embodiment having the above configuration, the communication device 200 is connected to the device 100, and the power supply to the communication device 200 is started, or the power supply of the communication device 200 is turned on and the communication device 200 is a device. 100, authentication processing is performed by the communication control unit 201, for example.

The authentication process is, for example, SIM authentication. Also, for example, the communication device 200 acquires device information from the device 100, transmits the device information to the network 300 side, and performs authentication (referred to as device authentication) by collating it with correct device information on the network 300 side. You can do it. Alternatively, both SIM authentication and device authentication may be performed.

An operation example related to tampering detection will be described below with reference to the sequence in FIG. Here, a Web server 400, an attack server 500, and a decoy server 600 are shown as examples of devices on the network 300. FIG. Decoy server 600 may be referred to as a honeypot. Also, here, a case is assumed in which the device 100 operates to acquire information from the web server 400 .

In S101, the device 100 transmits an information request, and the falsification detection unit 203 receives the information request. In S<b>102 , the falsification detection unit 203 transmits an information request to the communication control unit 201 . In S<b>103 , the communication control unit 201 transmits an information request to the web server 400 .

It is assumed that the Web server 400 is provided with automatic transfer content that automatically transfers the communication to the attack server 500 . In S<b>104 , the web server 400 transmits information including the content for automatic transfer to the communication control unit 201 . In S<b>105 , the communication control unit 201 transmits information to the falsification detection unit 203 .

Here, since the tampering detection unit 203 detects that the received information includes content for automatic transfer, the communication transmitted from the attack server 500, which is the automatic transfer destination, is not directed to the communication device 200, An information request including information for guiding to the decoy server 600 is created, and the information request is transmitted to the communication control unit 201 in S106.

In S107, the communication control unit 201 transfers the information request to the attack server 500, which is the transfer destination. The attack server 500 that has received the information request transmits the attack code to the decoy server 600 (honeypot) instead of the communication device 200 in S108. The bait server 600 downloads malware, for example, by attack code.

As described above, the falsification detection unit 203 installed in the SIM 202 can guide an attacker (attack communication for falsification) to a honeypot. Note that the method described with reference to FIG. 2 is merely an example of a method of guiding attack traffic to a honeypot. The tampering detection unit 203 may guide the attack communication to the honeypot by a method other than the method described above.

In addition, pre-settings for guidance (such as the address of the guidance destination) may be stored on the SIM 202 or may be stored in the storage device of the communication device 200 instead of on the SIM 202 . Further, the falsification detection unit 203 may only detect attacking communication, and the processing for guidance (for example, information request generation processing for guidance) may be performed by a functional unit other than the falsification detection unit 203 . The functional unit may be provided on SIM 202 or may be provided on communication device 200 instead of on SIM 202 .

(Example 2)
Next, Example 2 will be described. FIG. 3 is a configuration diagram of a communication system according to the second embodiment. As can be seen by comparing FIG. 3 and FIG. 1 (Embodiment 1), in Embodiment 2, the communication device 200, which is an external SIM-equipped device, is not used. is provided in the device 100 . That is, in the second embodiment, the device 100 itself is equipped with a SIM having the tampering detection unit 104 as an applet.

Specifically, as shown in FIG. 3, the device 100 of the second embodiment has a device control section 101, a communication control section 102, and a SIM 103. FIG. The SIM 103 also has a falsification detection unit 104 .

The device control unit 101 requests and acquires information in the device 100 . The functions of the communication control unit 102 and SIM 103 are the same as those of the communication control unit 201 and SIM 102 in the communication device 200, respectively.

In the communication system according to the second embodiment having the above configuration, authentication processing is performed, for example, when the device 100 is powered on. The authentication process is, for example, SIM authentication. Further, for example, the device 100 may transmit internal device information to the network 300 side, and the network 300 side may perform authentication (referred to as device authentication) by collating the device information with correct device information. Alternatively, both SIM authentication and device authentication may be performed.

An operation example related to tampering detection will be described below with reference to the sequence in FIG. As in the first embodiment, a web server 400, an attack server 500, and a decoy server 600 (honeypot) are shown as examples of devices on the network 300. FIG.

In S201, the information control unit 101 in the device 100 transmits an information request, and the falsification detection unit 104 receives the information request. In S<b>202 , the falsification detection unit 203 transmits an information request to the communication control unit 102 . In S<b>203 , the communication control unit 102 transmits an information request to the web server 400 .

It is assumed that the Web server 400 is provided with automatic transfer content that automatically transfers the communication to the attack server 500 . In S<b>204 , the web server 400 transmits information including the content for automatic transfer to the communication control unit 102 . In S<b>205 , the communication control unit 102 transmits information to the falsification detection unit 104 .

Here, since the falsification detection unit 104 detects that the information contains content for automatic transfer, the communication sent from the attack server 500, which is the automatic transfer destination, is directed to the decoy server 600 instead of the device 100. An information request including information for guiding to the destination is created, and the information request is transmitted to the communication control unit 201 in S206.

In S207, the communication control unit 201 transfers the information request to the attack server 500, which is the transfer destination. The attack server 500 that has received the information request transmits the attack code to the decoy server 600 (honeypot) instead of the device 100 in S208. The bait server 600 downloads malware, for example, by attack code.

As described above, the falsification detection unit 104 installed in the SIM 103 can guide an attacker (attack communication for falsification) to a honeypot. Note that the method described with reference to FIG. 4 is merely an example of a method of guiding attack traffic to a honeypot. The tampering detection unit 104 may guide the attack communication to the honeypot by a method other than the above method.

In addition, pre-settings for guiding (such as a guidance destination address) may be stored on the SIM 103 or may be stored in the storage device of the device 100 instead of on the SIM 103 . Alternatively, the tampering detection unit 104 may only detect attacking communication, and the processing for guidance (for example, information request generation processing for guidance) may be performed by a functional unit other than the tampering detection unit 104 . The functional unit may be provided on the SIM 103 or may be provided on the device 100 instead of on the SIM 103 .

(Example 3)
Next, Example 3 will be described. The third embodiment is an embodiment that is applied to both the first embodiment and the second embodiment, but here, the SIM 202 of the first embodiment will be described as an example.

As described above, in this embodiment, the SIM 202 in which the applet area and the profile area are separated is used, and the tampering detection unit 203 is mounted on the applet area of the SIM 202 . As a result, tampering detection can continue to operate regardless of the communication environment such as the connected carrier. Details of the SIM 202 will be described below as a third embodiment.

<System configuration example>
FIG. 5 shows a configuration example of a system according to the third embodiment. As shown in FIG. 5, this system has a communication device 200 equipped with a SIM 202, a management device 900, a user terminal 700, and a network 300, and each device is connected to the network 300. FIG. Note that FIG. 5 shows a system configuration from the viewpoint of performing processing related to the SIM 202, such as switching profiles in the SIM 202 and loading an applet.

The SIM 202 is a SIM separately provided with an applet area, which is a tamper-resistant secure area, and a profile area. The SIM 202 may be a card-type SIM or a chip-type SIM.

Communication device 200 is a device having a wireless communication function. As described above, the communication device 200 is, for example, a mobile terminal such as a smart phone, an M2M device, an IoT terminal, or the like.

The management device 900 is a device that creates, manages, and transmits profiles. The management device 900 has, for example, SM-DP (Subscription. Manager-Data Preparation) and SM-SR (Subscription. Manager-Secure Routing) functions.

The user terminal 700 can instruct the management device 900 to switch profiles in the SIM 202 . Also, the user terminal 700 has a key for accessing the applet area, and can write the applet in the SIM 202 .

Note that the user terminal 700 may be the communication device 200 . In other words, the communication device 200 itself may instruct the management device 900 to switch profiles or write an applet to the SIM 202 by the user's operation.

The network 300 is a network including a radio access network, a core network (such as 5G core), and the Internet, as described above. Communication device 200 accesses the Internet from a radio access network via a core network.

<Outline configuration of SIM 202>
FIG. 6 is a diagram showing a schematic configuration of SIM 202 in this embodiment. As shown in FIG. 6, the SIM 202 has an applet area 210 for storing applets and a profile area 220 for storing profiles. Also, the applet area 210 and the profile area 220 are separated.

Only mobile network operators with SIM issuing rights, for example, can access profile area 220 . The mobile network operator has a key for accessing the profile area 220, and can use the key to access the profile area from the management device 900 and perform profile writing and the like.

The key for accessing the applet area 210 is a key different from the key for accessing the profile area 220, and can be provided to a person other than the person who has the SIM issuing right (for example, a third party who develops the applet). be.

Hereinafter, the key for accessing the profile area will be called the profile area key, and the key for accessing the applet area will be called the applet area key.

The applet domain key is different for each SIM. That is, the applet region key of one SIM cannot be used to access the applet region of another SIM.

In addition, the SIM 202 may be provided with a plurality of applet areas, a separate and different applet area key may be provided for each of the plurality of applet areas in the SIM 202, or an applet area that can be used in common for the plurality of applet areas. A key may be provided.

FIG. 7 shows an example of conventional SIM950 for comparison. As shown in FIG. 7, conventionally, applets are stored in a profile area that can only be accessed by those who have the right to issue a SIM. Therefore, it is difficult for a third party that develops an applet to develop, test, and commercially implement the applet.

On the other hand, in the present embodiment, a third party that develops an applet can have an applet area key different from the profile area key. , tests, and commercial implementations.

<About switching profiles>
The profile stored in the SIM 202 consists of information (eg, MSISDN, IMSI) for connecting to the mobile network operator's network, and a different profile is used for each connecting mobile network operator. When a plurality of profiles are stored in the SIM 202, one profile among them becomes the enable state profile, and the other profiles become the disable state profiles.

A profile in the enabled state is recognized by the communication device 200 and used for communication. Disabled profiles are not recognized by the communication device 200 .

As shown in FIG. 8, for example, when SIM 202 stores profile 1 of mobile network operator 1 and profile 2 of mobile network operator 2, communication device 200 communicates in the network of mobile network operator 1. In this case, profile 1 is enabled, and when communication device 200 communicates in the network of mobile network operator 2, profile 2 is enabled.

Here, in the conventional SIM 950 shown in FIG. 7, profile 1 and applet 1 linked to profile 1 are stored in profile area 951 . Therefore, for example, when applet 1 is being used for communication using profile 1, if the enable profile is switched from profile 1 to profile 2, profile 1 and applet 1 associated therewith cannot be used.

On the other hand, in the SIM 202 of this embodiment, as shown in FIG. 6, the applet area 210 and the profile area 220 are separated so that the applet does not depend on the profile. Therefore, for example, even if communication using applet 1 is switched to communication using applet 2, applet A can be used continuously.

A sequence example at the time of profile switching will be described with reference to FIG. Here, it is assumed that the network used by the communication device 200 for communication is switched from the network of mobile network operator 1 to the network of mobile network operator 2 .

When communication device 200 is communicating in the network of mobile network operator 1 using profile 1, the user wishes to switch profile 1 to profile 2. FIG.

In S301, an instruction to switch from profile 1 to profile 2 is sent from the user terminal 700 to the management device 900 based on a user operation. In S302, an instruction to switch from profile 1 to profile 2 is sent from management device 900 to SIM 202 via the network of mobile network operator 1. FIG. Here, it is assumed that profile 2, which is the profile to switch to, has already been stored in the SIM 202. If not stored, profile 2 is also downloaded in S302.

At S303, profile 1 is disabled and profile 2 is enabled within the SIM 100 . After this switching is completed, the communication device 200 communicates with the network of the mobile network operator 2 . In S304, a notification of completion of switching is transmitted from the SIM 202 to the management device 300 via the network of the mobile network operator 2. FIG.

In this embodiment, even if the profile is switched as described above, the SIM 202 applet can be used continuously.

<Detailed configuration example of SIM100>
FIG. 10 is a diagram showing a detailed configuration example of the profile area 220 and the applet area 210 of the SIM 202. As shown in FIG. The profile area 220 itself has the same configuration as the conventional profile area, having ISD-R241, ISD-P242 and ECASD243. ISD-R is an abbreviation for Issuer Security Domain Root. ISD-P is an abbreviation for Issuer Security Domain Profile. ECASD is an abbreviation for eUICC Controlling Authority Security Domain.

ISD-R241 is an interface between the inside of SIM202 and the outside of SIM220. ISD-P242 is created for each installed profile. ECASD 243 is an area for storing a key used for data protection when downloading a profile.

In the example shown in FIG. 10, there are three applet areas, a first applet area 221, a second applet area 222, and a third applet area 223, as applet areas. There is no particular limitation on the number of applet areas, and the number of applet areas may be two or less, or the number of applet areas may be four or more. Note that the applet area may also be called a secure element or a secure domain. Also, an "applet" may be called an "application".

Also shown in FIG. 10 are an authentication unit 230 that performs authentication when accessing the applet area, and an IF unit 240 that is an interface between the inside and outside of the SIM 202 regarding the applet. Here, it is assumed that the authentication unit 230 and the IF unit 240 are functional units for the applet area, but the authentication unit 230 and the IF unit 240 are common to the applet area and the profile area. good too.

For example, upon receiving an access (authentication request) using an applet area key from the user terminal 700, the authentication unit 230 reads the corresponding key information from the applet area and performs authentication processing using the key information. Also, the IF unit 240 writes, for example, an applet received from the user terminal 700 into the applet area.

Each applet area can store one or more applets. Also, for each applet area, an applet area key is individually provided to the user. For example, the first applet area key for accessing the first applet area 221, the second applet area key for accessing the second applet area 222, and the third applet area key for accessing the third applet area 223 are provided.

For example, a first user provided with the first applet area key can access the first applet area 221, and a second user provided with the second applet area key can access the second applet area 222. A third user provided with the third applet area key can access the third applet area 223 . Note that the first user, the second user, and the third user may be three different users, or may be one same user.

Each applet area stores a key corresponding to the applet area key. For example, the first applet area 221 stores the key corresponding to the first applet area key, the second applet area 222 stores the key corresponding to the second applet area key, and the third applet area 223 stores the key corresponding to the second applet area key. stores a key corresponding to the third applet area key.

Although the authentication method is not limited to a specific method, for example, when the ID/password method is used as the authentication method, the applet area key is an ID and a password, and the key corresponding to the applet area key is the same ID as the applet area key. and password are stored. Also, for example, when a method using a secret key and a public key is used as an authentication method, for example, the applet area key is the secret key, and the key corresponding to the applet area key is the public key.

The SIM 202 can authenticate access using the applet domain key by reading the key corresponding to the applet domain key from the applet domain and using it. Note that the key corresponding to the applet area key may be stored in an area separate from the applet area.

As shown in FIG. 10, when the SIM 202 is provided with a plurality of applet areas, the destination of the applet area key may be changed according to the usage of the applet areas.

For example, the first applet area 221 is an area that can be accessed only by a partner company of a company that has the right to issue the SIM 202, and only the partner is provided with the first applet area key. As a result, for example, the partner can write an applet developed by the partner himself or provided by an applet development vendor into the first applet area 221 of the SIM 202 .

Also, for example, the second applet area 222 is an area that can be accessed only by companies that have the right to issue a SIM, and only companies that have the right to issue a SIM are provided with the second applet area key. In this case, for example, an applet developed by an applet development vendor can be written into the second applet area 222 of the SIM 202 by a company that has SIM issuing rights.

Also, for example, the third applet area 223 is an area that can be accessed only by the applet development vendor, and the third applet area key is provided to the applet development vendor. In this case, applet development vendors can write their own developed applets in the third applet area 223 .

<Hardware/software configuration example of SIM100>
FIG. 11 shows a hardware configuration example of the SIM 202. As shown in FIG. As shown in FIG. 11, SIM 202 has CPU 250 , memory 270 and input/output unit 260 .

The CPU 250 is a processor that reads programs stored in the memory 270 and performs processing according to the instructions thereof. The programs include an OS, an applet execution environment, an applet, a program for authentication processing, a program for communication processing, a profile enabler, and the like. The input/output unit 260 is an interface with the communication device 200 . The functions of the IF section 240 described above are included in the input/output section 260 .

The memory 270 stores data such as profiles, applets, and programs other than applets.

The applet area for storing the applet and the profile area for storing the profile in this embodiment are realized by the memory 270 (storage unit), for example. Separation of the applet area and the profile area may be realized by physically dividing the areas in the memory 270, or by using a plurality of memories (memory for the applet area and memory for the profile area). good too. Also, separation of the applet area and the profile area may be realized by a method other than these (for example, encryption technology).

FIG. 12 is a diagram showing a software configuration example of the SIM 202. As shown in FIG. As shown in FIG. 12, an OS 280 operates as software for the SIM 202, and software for realizing an applet execution environment 281 and basic functions 282 such as authentication operates on the OS 280. FIG. Each applet operates on the applet execution environment 281 .

<Operation example related to applet writing>
An operation example when writing an applet from the user terminal 400 to the SIM 202 will be described with reference to FIG. Here, as an example, an example in which an applet is written in the third applet area 223 shown in FIG. 10 will be described.

User terminal 700 securely holds the third applet domain key. First, in S401, the user terminal 700 transmits an authentication request to the SIM202. In S402, the SIM 202 authenticates the user terminal 700 based on the authentication request. Here, it is assumed that the authentication has succeeded. In S<b>403 , the SIM 202 returns an authentication OK response to the user terminal 700 .

Regarding the above-described authentication processing, as an example, when ID/password authentication is performed, the authentication request includes the ID and password as the third applet region key. The SIM 202 compares the key information (ID, password) stored in the third applet area with the third applet area key, and determines that the authentication is OK if they match.

As an example, when performing authentication using a private key and a public key, authentication processing can be performed by various methods. For example, authentication processing can be performed by the following method.

Upon receiving the authentication request from the user terminal 700 , the SIM 202 returns a random number to the user terminal 700 . The user terminal 700 generates an electronic signature by encrypting the random number using the secret key, which is the third applet domain key, and transmits the electronic signature to the SIM 202 . The SIM 202 decrypts the electronic signature using the public key stored in the third applet area, and if the decrypted electronic signature matches the original random number, the authentication is OK.

The authentication method described above is merely an example, and any authentication method may be used. For example, a method using an electronic certificate, a method using a common key, or the like may be used.

In the example of FIG. 13, the SIM 202 authenticates the user terminal 700 before transmitting the applet. may be performed.

In S404 of FIG. 13, the user terminal 700 transmits the applet to the SIM202. The SIM 202 receives the applet and stores (installs) the received applet in the third applet area in S405. At S406, the applet is activated and begins to operate according to the applet specifications.

The applet in this embodiment corresponds to the tampering detection unit 203 described in the first and second embodiments. Note that an applet other than the applet corresponding to the tampering detection unit 203 may be used as the applet.

<Configuration example of communication device 200 in which SIM 100 is mounted)
FIG. 14 shows an example of the configuration of communication device 200 in which SIM 100 is installed. A mobile terminal, an IoT terminal, a server, various machines, and the like assumed as the communication device 200 have a basic configuration of a computer having a CPU, a memory, and the like, as shown in FIG. 14 . Note that FIG. 14 is also an example of the configuration of the device 100 .

The communication device 200 shown in FIG. 14 includes a drive device 1000, an auxiliary storage device 1002, a memory device 1003, a CPU 1004, an interface device 1005, a display device 1006, an input device 1007, an output device 1008, etc., which are interconnected by a bus BS. have Also, as shown, a SIM 202 is connected.

A program for realizing processing in the communication device 200 is provided by a recording medium 1001 such as a memory card, for example. When the recording medium 1001 storing the program is set in the drive device 1000 , the program is installed from the recording medium 1001 to the auxiliary storage device 1002 via the drive device 1000 . However, the program does not necessarily need to be installed from the recording medium 1001, and may be downloaded from another computer via the network. The auxiliary storage device 1002 stores installed programs, as well as necessary files and data.

The memory device 1003 reads and stores the program from the auxiliary storage device 1002 when a program activation instruction is received. The CPU 1004 implements functions related to the communication device 200 according to programs stored in the memory device 1003 . The interface device 1005 is a communication device used as an interface for connecting to a network. A display device 1006 displays a program-based GUI (Graphical User Interface) or the like. An input device 1007 is composed of a keyboard, a mouse, buttons, a touch panel, or the like, and is used to input various operational instructions. The output device 1008 outputs the calculation result.

In the configuration of FIG. 14 , for example, an authentication request from the user terminal 700 is input to the communication device 200 by the interface device 1005 and sent to the SIM 202 . A processing result (authentication OK, etc.) by the SIM 202 is passed to the interface device 1005 and transmitted from the interface device 1005 to the user terminal 700 . Also, an applet transmitted from the user terminal 700 is input to the communication device 200 by the interface device 1005 , sent to the SIM 202 , and stored in the applet area within the SIM 202 .

Further, as described in the first and second embodiments, when the applet on the applet area performs the tampering detection operation, the CPU on the SIM 202 performs the tampering detection operation, and communication with the outside is performed through the interface device 1005. It may be done through

(Effect of Embodiment)
As described above, in the present embodiment, the tampering detection function is installed in the applet area of the SIM in which the applet area and the profile area are separated. be able to.

In other words, since the profile area and the applet area can be managed separately, even if the profile is switched (profile is turned off), the applet area can continue to operate. can be done.

Moreover, the SIM of the present embodiment enables not only the person who has the right to issue the SIM, but also the user who has the individual key to the applet area to access the applet area. This allows the user to install, for example, an applet created by him/herself (for example, an upgraded tampering detection applet) in the SIM 202 .

(Summary of embodiment)
This specification describes at least a communication device, an apparatus, a communication system, and an application writing method described in each of the following sections.
(Section 1)
A communication device comprising a SIM,
The SIM is
a profile area for storing profiles used to utilize lines of mobile network operators;
an application area for storing an application for tampering detection,
A communication device, wherein the profile area and the application area are separated.
(Section 2)
a first profile and a second profile are stored in the profile area;
2. The communication device of claim 1, wherein the application continues to run on the SIM when available profiles are switched from the first profile to the second profile.
(Section 3)
3. The communication device according to claim 1 or 2, wherein the communication device guides attack communication to a honeypot by the application.
(Section 4)
A communication system comprising: the communication device according to any one of items 1 to 3; and a non-IoT device to which the communication device is connected.
(Section 5)
A device comprising a SIM,
The SIM is
a profile area for storing profiles used to utilize lines of mobile network operators;
an application area for storing an application for tampering detection,
A device wherein the profile area and the application area are separated.
(Section 6)
An application writing method in a system comprising a user terminal and a communication device equipped with the SIM according to any one of items 1 to 4, comprising:
the user terminal accessing the SIM using a key for accessing the application area;
the user terminal transmits the application to the SIM when authentication by the SIM is successful;
The application writing method, wherein the SIM writes the application to the application area.

Although the present embodiment has been described above, the present invention is not limited to such a specific embodiment, and various modifications and changes can be made within the scope of the gist of the present invention described in the claims. It is possible.

100 device 101 device control unit 102 communication control unit 103 SIM
104 falsification detection unit 200 communication device 201 communication control unit 202 SIM
203 falsification detection unit 300 network 213 applet A
214 Profile 1
215 Profile 2
210 applet area 221 first applet area 222 second applet area 223 third applet area 241 ISD-R
242 ISD-P
243 ECAD
220, 951, 952 Profile area 230 Authentication unit 240 IF unit 250 CPU
260 input/output unit 270 memory 280 OS
281 applet execution environment 282 basic function 900 management device 700 user terminal 1000 drive device 1001 recording medium 1002 auxiliary storage device 1003 memory device 1004 CPU
1005 interface device 1006 display device 1007 input device 1008 output device 1009 SIM

Claims (6)

A communication device comprising a SIM,
The SIM is
a profile area for storing profiles used to utilize lines of mobile network operators;
an application area for storing an application for tampering detection,
A communication device, wherein the profile area and the application area are separated. a first profile and a second profile are stored in the profile area;
The communication device of claim 1, wherein the application continues to run on the SIM when available profiles are switched from the first profile to the second profile. The communication device according to claim 1 or 2, wherein the communication device guides attack communication to a honeypot by the application. A communication system comprising the communication device according to any one of claims 1 to 3, and a non-IoT device to which the communication device is connected. A device comprising a SIM,
The SIM is
a profile area for storing profiles used to utilize lines of mobile network operators;
an application area for storing an application for tampering detection,
A device wherein the profile area and the application area are separated. An application writing method in a system comprising a user terminal and a communication device equipped with the SIM according to any one of claims 1 to 4,
the user terminal accessing the SIM using a key for accessing the application area;
the user terminal transmits the application to the SIM when authentication by the SIM is successful;
The application writing method, wherein the SIM writes the application to the application area.

Images