JP6101088B2 - Status change notification method, subscriber authentication device, status change detection device, and mobile communication system - Google Patents

Description

  The present invention relates to a state change notification method, a subscriber authentication device, a state change detection device, and a mobile communication system for notifying a change in authority state or the like in a user terminal or a subscriber authentication module.

  In mobile communications based on 3GPP standard specifications such as IMT-2000 (3G) and LTE, the subscriber authentication module (USIM (Universal Subscriber Identity Module) using the quintet in the 3G security context of 3GPP TS 33.102) is physically and geographically separated. Mutual authentication is performed with a network node (network device).

  A user terminal, a subscriber authentication module, and an accompanying device (which can be linked to a user terminal or a subscriber authentication module) (hereinafter collectively referred to as “user equipment”) are usually homes that have issued the subscriber authentication module. The user equipment is used by a legitimate user at a point physically and geographically distant from the network operator's business place through a telecommunication equipment connected via wireless communication. A legitimate user is a user who has concluded a contract for telecommunication service with a home network operator.

  Conventionally, in Japan, various function implementations (such as implementation of a digital content copyright management function) in user facilities are realized by software operating exclusively on user terminals. This is due to the fact that it is a closed platform architecture in which it is extremely difficult for the user to work on the platform of the user terminal, in principle, called a feature phone that the architecture of the user terminal commonly refers to.

  In recent years, when focusing on so-called open platforms such as smartphones that are rapidly spreading in the market, at least from the viewpoint of telecommunication facilities of home network operators, open platform user terminals are not necessarily trusted nodes. I can't say that. It can also be said that the only node trusted by the home network operator in the user equipment corresponds to the subscriber authentication module.

  In fact, if we look at mainly European network operators who have moved from GSM (registered trademark) to IMT-2000 and LTE, only the subscriber authentication module issued by the network operator can be regarded as a reliable node in user equipment. It is positioned. For this reason, the original service provided by the network operator in the form that the Sim Application Toolkit (SAT) or the Universal Sim Application Toolkit (USAT) is highly developed (eg, mail service connected to Email, not SMS) Has been developing.

  Conventionally, in the open platform, the root authority (superuser authority), which is the highest authority for the use of functions in the user terminal and the change of settings, is illegally obtained, or the restriction of user authority in the user terminal is illegally removed. There is a risk that privilege deprivation (such as jailbreak) may be performed illegally by a malicious user. For this reason, various measures for preventing unauthorized use of a user terminal due to privilege capture by a malicious user have been studied (for example, Patent Document 1).

JP 2012-003488 A

  However, in any of the above forms, for example, it is indicated to the network operator that the user equipment has been transitioned to a state unintended by the network operator by a user or other person having a valid title. There was no means that could be communicated reliably.

  The reason for this is, for example, in the case of an open platform user terminal, the privilege of the basic system running on the open platform is taken, as expressed by the word “root authority” or jailbreak. (In other words, by elevating privileges from the so-called user rights that are usually available to the user and allowed for the user by the network operator), conceptually the open platform Access to all file systems and process control are possible. For this reason, if it is detected on the system that the privilege has been taken, even if a report is made to the network operator, the privilege takeover reporting mechanism itself does not operate normally (suppressing the report, Alternatively, it was technically possible to send out altered information).

  The present invention has been made in view of such points, and a state change notification method and subscriber authentication capable of reliably notifying a network operator of a state change such as an authority state in a user terminal, a subscriber authentication module, or an incidental device. An object is to provide a device, a state change detection device, and a mobile communication system.

  A state change notification method according to a first aspect of the present invention is a state change notification method using a subscriber authentication module provided in a user terminal, and receives an authentication token transmitted from a network device to which the user terminal is connected. A step of detecting a state change of the user terminal, the subscriber authentication module, or an incidental device associated with the user terminal based on a state in the user terminal, and when the state change is detected, the network A step of transmitting a resynchronization token instead of the authentication response when an authentication response to the authentication token is transmitted to the apparatus.

  The state change notification method of the present invention is a state change notification method using a subscriber authentication module provided in a user terminal, the step of receiving an authentication token transmitted from a network device connected to the user terminal; Detecting a change in authority state relating to the user terminal (including authority for a subscriber authentication module provided in the terminal) based on a state of a system area in the user terminal; and A step of transmitting a resynchronization token instead of an authentication response to the network device in response to the authentication token.

A subscriber authentication device according to a second aspect of the present invention is a subscriber authentication device using a subscriber authentication module provided in a user terminal, and receives an authentication token transmitted from a network device to which the user terminal is connected. A receiving unit that transmits an authentication response to the network device based on the authentication token, the user terminal, the subscriber authentication module, or an incidental device that cooperates with the user terminal based on a state in the user terminal A detection unit that detects a change in the state, and when the state change is detected, the transmission unit, when transmitting an authentication response to the network device, instead of the authentication response, A resynchronization token is transmitted.

  The subscriber authentication device of the present invention is a subscriber authentication device using a subscriber authentication module provided in a user terminal, and receives a authentication token transmitted from a network device to which the user terminal is connected. A transmission unit that transmits an authentication response to the network device based on the authentication token, and a detection unit that detects a change in authority state in the user terminal based on a state of a system area in the user terminal, And the transmission unit transmits a resynchronization token instead of the authentication response when the change of the authority state is detected by the detection unit.

  The state change detection device according to the third aspect of the present invention is connected to a user terminal provided with a subscriber authentication module via a network, and a state change occurs in the user terminal, the subscriber authentication module, or an auxiliary device linked thereto. A state change detection device for detecting that an occurrence has occurred, when receiving an authentication response sent by the user terminal in response to an authentication token transmitted from a network device, and when the state change has occurred A reception unit that receives a resynchronization token transmitted instead of the authentication response from the user terminal, and a detection unit that detects the occurrence of the state change based on the resynchronization token, To do.

  The state change detection device of the present invention is a state change detection device for detecting a change in authority state in a user terminal provided with a subscriber authentication module, wherein an authentication token transmitted from a network device to which the user terminal is connected. Accordingly, a receiving unit that receives the resynchronization token transmitted from the subscriber authentication module instead of the authentication response to the network device from the network device, and the authority state in the user terminal based on the resynchronization token And a detecting section for detecting a change in the above.

A mobile communication system according to a fourth aspect of the present invention includes a subscriber authentication device using a subscriber authentication module or an auxiliary device provided in a user terminal, and a change in state in the user terminal, the subscriber authentication module or the auxiliary device. A mobile communication system including a state change detection device to detect, wherein the subscriber authentication device is based on the authentication token , a receiving unit that receives an authentication token transmitted from a network device to which the user terminal is connected, and the authentication token And a transmission unit that transmits an authentication response to the network device, and the state change detection device is associated with the user terminal, the subscriber authentication module, or these based on the state in the user terminal. Detecting a change in the state of the device, and detecting the change in the state by the detection unit When, instead of the authentication response, and transmits the re-synchronization token.

  According to the present invention, a state change notification method, a subscriber authentication device, a state change detection device, and mobile communication capable of reliably notifying a state change such as an authority state in a user terminal, a subscriber authentication module or an incidental device by a network operator. Can provide a system.

It is a figure which shows an example of a mutual authentication process. 1 is a schematic configuration diagram of a mobile communication system according to a first embodiment. 1 is a schematic configuration diagram of a mobile communication system including an MVNO subscriber management server in a network configuration. FIG. It is a functional block diagram of the user terminal and subscriber authentication module which concern on 1st Embodiment. It is a figure which shows an example of the authentication token and authentication vector which concern on 1st Embodiment. It is a functional lineblock diagram of HLR concerning a 1st embodiment. It is a sequence diagram which shows an example of the state change detection operation | movement which concerns on 1st Embodiment. It is a sequence diagram which shows an example of the state change detection operation | movement which concerns on 1st Embodiment. It is a functional block diagram of the user terminal and subscriber authentication module which concern on 2nd Embodiment. It is a sequence diagram which shows an example of the state change detection operation | movement which concerns on 2nd Embodiment. It is a sequence diagram which shows an example of the state change detection operation | movement which concerns on 2nd Embodiment. It is a figure which shows the structural example of a mobile telephone terminal. It is a block diagram of the functional block of the subscriber authentication module in 3rd Embodiment. It is a figure which shows the structure of the user terminal in 4th Embodiment, a subscriber authentication module, and a non-contact IC card function part. It is a figure which shows the structure of the user terminal in 5th Embodiment, a subscriber authentication module, and a non-contact IC card function part. It is a figure which shows the structure by which the user terminal was integrated in the contact type IC card payment terminal.

  When the user terminal has changed to an authority state not intended by the network operator, the cause of the failure to reliably notify the network operator of the change in the authority state of the user terminal is unauthorized acquisition of root authority (superuser authority) or jail It is considered that the function of notifying the network operator of the change of authority state itself does not operate normally due to privilege acquisition such as breaks or privilege escalation in which the operation authority is illegally upgraded.

  For example, as a function of notifying the change of the authority state to the network operator, in response to a request from the network operator by HTTP / HTTPS communication over SMS (Short Message Service) or packet communication using a terminal state monitoring application, It is conceivable to notify the network operator of the change in the authority state detected in the user terminal via the HTTP / HTTPS communication over SMS or packet communication by the function of the monitoring application. However, if the user terminal is privileged such as unauthorized acquisition of root authority (superuser authority), jail break, or privilege escalation where the operation authority is illegally upgraded, a request from the network operator by SMS The notification information based on HTTP / HTTPS communication on SMS or packet communication is falsified so that the notification function according to the security level is illegally deterred and the change in authority state such as privilege deprivation and privilege escalation at the user terminal cannot be detected by the network operator. There is a risk of being. In addition, SMS roaming or packet communication may not be permitted between the network operator and the roaming operator during roaming.

  As described above, in the notification function of the change of authority state using various network services (for example, the above-mentioned SMS or HTTP / HTTPS communication on packet communication) that can be used after the location registration of the user terminal, Due to the falsification of the notification information, there is a problem that the notification function itself of the change of authority state for the network operator does not operate normally. Therefore, the present inventors notify the network operator of the change of the authority state in the user terminal in the mutual authentication process between the subscriber authentication module and the network node before location registration where various network services can be used. I got the idea.

  In addition, from the viewpoint of transmitting to the network operator that the user equipment has been transitioned to a state unintended by the network operator by a legitimate user or another person, not only the change of the authority state in the user terminal, Electromagnetic induction including subscriber authentication module and incidental devices (for example, non-contact IC chip, external storage medium), and peripheral devices (for example, connection by short-range wireless communication, connection using non-contact IC technology, charger, etc. (Devices that can be connected to user terminals by wire or wireless, such as connection by wireless, infrared connection, USB connection, Bluetooth (registered trademark) connection, wireless LAN connection, and HDMI connection, and software installed in the devices) Against attacks (for example, leakage of stored information, tampering and other abnormal conditions) That information (hereinafter, also referred to as a state change information) about also, it is desired to transfer to the network operator.

  The gist of the present invention is that, in a mutual authentication process with a network node using a subscriber authentication module provided in a user terminal, the user equipment is transitioned to a state unintended by the network operator by a legitimate user or another person. Is communicated to the network node by means of a resynchronization token (AUTS).

  In the case of the state notification change method for notifying the change of the authority state of the user terminal to the network node, the step of receiving the authentication token transmitted from the network device to which the user terminal is connected, and the state of the system area in the user terminal And a step of detecting a change in authority state in the user terminal, and when a change in the authority state is detected, a resynchronization token is transmitted instead of an authentication response to the network device in response to the authentication token. And a step of performing.

  In the mutual authentication process between the subscriber authentication module before the location registration of the user terminal and the network node, as shown in FIG. 1, depending on the authentication token (AUTN) from the network side device (for example, VLR or SGSN) The authentication response (RES) is transmitted from the subscriber authentication module (USIM). In the present invention, in place of this authentication response (RES) returned from the terminal side (subscriber authentication module) to the network side device in the mutual authentication process, a resynchronization token (AUTS) is transmitted, so that the user equipment can The network operator is notified of the transition to a state unintended by the network operator (including a change in the authority state of the user terminal).

  As a result, in the mutual authentication process between the subscriber authentication module before location registration where various network services can be used and the network node, the state transition of the user equipment such as the change of the authority state in the user terminal is attached to the MAC. Since the network operator can be notified by the AUTS, it is possible to prevent the notification function from malfunctioning due to unauthorized suppression of the notification function or falsification of the notification information. The network operator can be notified of the state transition more reliably. As a matter of course, in the mutual authentication process in the location registration that is performed shortly after the user terminal is turned on, the subscriber authentication module continues to notify the user equipment state transition unless the AUTS is accepted from the network side. Then, in the authentication token (AUTN) reissued again from the network side device (for example, VLR or SGSN), the normal mutual authentication is received by receiving the information indicating the acceptance of the state transition of the user equipment. By making the procedure of notifying the operation result of the process to the network node, the state transition notification of the user equipment is surely notified to the network side device (for example, VLR or SGSN) without clearly indicating to the user terminal operator. Conversely, until the notification is completed Since the location registration The terminal does not complete the call or packet communications various applications of the user terminal operator and the user terminal attempts to perform can not be executed, it will have a feature that.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In the embodiment of the present invention, the subscriber authentication device transmits a resynchronization token (AUTS) instead of the authentication response (RES) when a change in the authority state of the user terminal is detected. This subscriber authentication device may be a user terminal or a subscriber authentication module provided in the user terminal. Hereinafter, in the first embodiment, a case where the subscriber authentication device is a user terminal will be described, and in the second embodiment, a case where the subscriber authentication device is a subscriber authentication module will be described. Further, in the third to sixth embodiments, a resynchronization token (AUTS) is transmitted to the network node by the method of either the first embodiment or the second embodiment. The

(First embodiment)
FIG. 2A is a schematic configuration diagram of the mobile communication system according to the first embodiment. As shown in FIG. 2A, the mobile communication system 1 is provided in a user terminal 10, a subscriber authentication module 20 provided in the user terminal 10, a mobile communication network 30 to which the user terminal 10 is connected, and the mobile communication network 30. A VLR (Visitor Location Register) 40, an HLR (Home Location Register) 50 connected to the VLR 40, and a terminal management server 60 connected to the HLR 50 are configured.

  The user terminal (User Equipment) 10 is, for example, a terminal device such as a mobile phone terminal or a notebook computer. The user terminal may be called a mobile device. The user terminal 10 supports various communication methods such as UMTS (Universal Mobile Telecommunications System), LTE (Long Term Evolution), and LTE-A (Long Term Evolution-Advanced).

  The subscriber authentication module 20 is a module used for mutual authentication performed before the location registration of the user terminal 10 when the user terminal 10 is connected to the mobile communication network 30. The subscriber authentication module 20 is composed of, for example, a contact IC card that can be attached to the user terminal 10. The subscriber authentication module 20 may be called a USIM (User Subscriber Identity Module) or the like. Further, the form in which the subscriber authentication module 20 is provided in the user terminal 10 may be a form (for example, insertion) attached to the user terminal 10 or a form that is fixedly embedded in the user terminal 10. In some cases, various forms such as an IC chip having a shape accommodated in a package such as a resin such as DIP can be applied.

  The mobile communication network 30 is a network to which the user terminal 10 is connected via a radio base station (not shown). Communication between the user terminals 10 is performed via the mobile communication network 30.

  The VLR 40 is one of network devices used for mutual authentication between the subscriber authentication module 20 and the mobile communication network 30. Via the VLR 40, connection processing (attach processing) of the user terminal 10 to the mobile communication network 30, location registration processing, and the like are performed. The VLR 40 may be called an MME (Mobile Management Entity) or the like.

  The HLR 50 is a state change detection device that detects a change in authority state in the user terminal 10 during mutual authentication between the subscriber authentication module 20 and the mobile communication network 30. A location registration process for the user terminal 10 is performed via the HLR 50. The HLR 50 may be called an HSS (Home Subscriber Server) or the like.

  The terminal management server 60 is a state management device that manages the state of the user terminal 10. The terminal management server 60 updates the state of the user terminal 10 based on the state change notification from the HLR 50. The terminal management server 60 is managed by a network operator.

  In FIG. 2A, the mobile communication network 30 is configured by a single carrier network, but may include a plurality of networks (for example, a roaming network and a home network). In addition, in the case of an operator (MVNO: Mobile Virtual Network Operator) that borrows a wireless communication infrastructure from another company and provides a communication service, various forms such as owning an HLR or not having an HLR can be assumed. Yes, it operates its own subscriber management server.

  FIG. 2B illustrates a network configuration including a roaming network, a home network, and an MVNO subscriber management server. The mobile communication network 30 is operated by an operator A that provides communication infrastructure, and the subscriber management server 70 is operated by an operator B that borrows communication infrastructure from the operator A and provides communication services. . The VLR 41 is a network device arranged in an overseas roaming network and is used for mutual authentication between the subscriber authentication module 20 and the mobile communication network 30.

  Next, a detailed configuration of the mobile communication system according to the first embodiment will be described with reference to FIGS. Each device (for example, the user terminal 10, the subscriber authentication module 20, the VLR 40, the HLR 50, etc.) constituting the mobile communication system 1 has hardware including a communication interface, a processor, a memory, a transmission / reception circuit, and the like. The memory stores software modules executed by the processor. The functional configuration of each device to be described later may be realized by the hardware described above, may be realized by a software module executed by a processor, or may be realized by a combination of both.

  FIG. 3 is a functional configuration diagram of the user terminal and the subscriber authentication module according to the first embodiment. As shown in FIG. 3, the user terminal 10 includes a communication unit 11 that communicates with a network node via a radio base station (not shown), a detection unit 12 that detects a change in authority state, and a subscriber authentication module 20. Interface section 13 and determination section 14.

  The communication unit 11 has various types of mobile communication functions such as UMTS, LTE, and LTE-A. Specifically, the communication unit 11 receives an authentication message (for example, a user authentication request) from the VLR 40 as processing related to the authentication process, and subscribes an authentication parameter included in the authentication message via the interface unit 13. After being converted into an authentication calculation command for the subscriber authentication module, it is transmitted to the subscriber authentication module 20. Further, the communication unit 11 extracts an authentication parameter from the response received from the subscriber authentication module 20 via the interface unit 13 to the authentication calculation command, and an authentication message (for example, a user authentication response) including the authentication parameter. Send.

  Here, the authentication parameters include, for example, a random number (RAND: RANDom challenge), an authentication token (AUTN: Authentication TokeN), an authentication response (RES: authentication RESponse), and a resynchronization token (resynchronization token (AUTS): Re described later). -synchronization token).

  The detection unit 12 detects a change in authority state in the user terminal 10. Here, the change in the authority state in the user terminal 10 is, for example, that the highest operating authority (for example, root authority, superuser (su) authority, etc.) of the operating system implemented in the user terminal 10 has been acquired (privileged. Capture), or the user authority of the user terminal 10 has been upgraded to an authority capable of performing more operations (privilege promotion). The detection unit 12 is not limited to the change in the authority state, and the application is downloaded to the user terminal 10, the image is downloaded, the operation is performed, the application is executed, and the detection unit 12 is moved to a certain place. Detecting changes in various states of the user terminal 10 such as having made a settlement act, communicating with a certain external device, or having transitioned to a certain device abnormal state (eg, device failure detected) Also good.

  For example, the detection unit 12 may detect the above-described privilege takeover or privilege promotion depending on whether or not a super user (SU) file is generated in a predetermined area (for example, a system area) in the user terminal 10. Further, the detection unit 12 may detect the above-described privilege acquisition or privilege promotion depending on whether or not the read-only system area has been changed to be writable. In addition, the detection method of the change of the authority state in the user terminal 10 is not limited to this.

  When detecting a change in authority state in the user terminal 10, the detection unit 12 inputs detection information to the determination unit 14. Here, the detection information is information indicating that a change in the authority state such as privilege acquisition or privilege promotion is detected.

  The determination unit 14 determines whether the detection unit 12 has detected a change in authority state in the user terminal 10. Specifically, when the detection information is input from the detection unit 12, the determination unit 14 replaces the authentication response (RES) received from the subscriber authentication module 20 via the interface unit 13 with a resynchronization token ( The communication unit 11 is instructed to transmit (AUTS).

  Here, the resynchronization token (AUTS) is usually the resynchronization between the subscriber authentication module 20 and the HLR 50 when the sequence number (SQN) is not in the normal range in the arithmetic processing in the subscriber authentication module 20 described later. Used for procedures. On the other hand, the resynchronization token (AUTS) according to the first embodiment is used not only for the resynchronization procedure but also for notifying the change of the authority state in the user terminal 10.

  The resynchronization token (AUTS) for notifying the change of the authority state in the user terminal 10 may include notification information for notifying the change of the authority state, for example, a data string indicating privilege acquisition or privilege promotion. Note that the resynchronization token may have the same data length as that used in the resynchronization procedure or may be different.

  The subscriber authentication module 20 includes a transmission / reception unit 21 (reception unit, transmission unit), a storage unit 22, and a calculation unit 23.

  The transmission / reception unit 21 transmits / receives signals to / from the interface unit 13 of the user terminal 10. Specifically, the transmission / reception unit 21 receives an authentication parameter (for example, a random number (RAND) and an authentication token (AUTN)) from the interface unit 13, and outputs it to the calculation unit 23. In addition, the transmission / reception unit 21 transmits the authentication parameter (for example, the authentication response (RES) or the resynchronization token (AUTS)) input from the calculation unit 23 to the interface unit 13.

  The storage unit 22 stores a subscriber identifier such as an IMSI (International Mobile Subscriber Identity), an authentication algorithm, a secret key, and the like.

  The calculation unit 23 performs a calculation for mutual authentication between the subscriber authentication module 20 and the mobile communication network 30. Specifically, the calculation unit 23 performs a predetermined calculation based on a random number (RAND) and an authentication token (AUTN) received by the transmission / reception unit 21. An authentication token (AUTN) and an authentication vector (AV) will be described with reference to FIG. 4A.

  As shown in FIG. 4A, an authentication token (AUTN) includes a calculation result of a sequence number (SQN: SeQuence Number) and an anonymous key (AK), an authentication management field (AMF: Authentication and key Management Field), and a message. It consists of an authentication code (MAC: Message Authentication Code).

  As shown in FIG. 4A, the authentication vector (AV) includes five authentication parameters called a quintet, that is, a random number (RAND), an expected authentication response (XRES: eXpected authentication RESponse), and a secret key (CK: Cypher Key). , An integrity key (IK) and the above-described authentication token (AUTN). The authentication vector (AV) is generated by the HLR 50 described later and transmitted to the VLR 40. Of the authentication parameters constituting the authentication vector (AV), a random number (RAND) and an authentication token (AUTN) are received from the VLR 40 by the transmitting / receiving unit 21 via the user terminal 10.

  As illustrated in FIG. 4B, the calculation unit 23 calculates an anonymous key (AK) based on the random number (RAND) received by the transmission / reception unit 21, and based on the calculated anonymous key (AK), the transmission / reception unit 21 A sequence number (SQN) is extracted from the received authentication token (AUTN).

  As shown in FIG. 4B, the calculation unit 23 extracts an authentication management field (AMF) and a message authentication code (MAC) from the authentication token (AUTN) received by the transmission / reception unit 21. On the other hand, the calculation unit 23 calculates an expected message authentication code (XMAC) based on the extracted sequence number (SQN), the authentication management field (AMF), and the received random number (RAND). . Authentication of the mobile communication network 30 is performed based on whether or not the calculated expected message authentication code (XMAC) matches the extracted message authentication code (MAC).

  Further, as illustrated in FIG. 4B, the calculation unit 23 calculates an authentication response (RES) to the VLR 40 (network device) based on the above calculation result. Specifically, when the expected message authentication code (XMAC) matches the message authentication code (MAC) and the sequence number (SQN) is within the normal range, the arithmetic unit 23 performs authentication based on the random number (RAND). The response (RES) is calculated. Here, the authentication response (RES) is a predetermined value calculated based on a random number (RAND). The authentication response (RES) and the expected authentication response (XRES) generated by the HLR 50 are collated in a network side device such as the VLR 40 as will be described later. If the authentication response (RES) matches the expected authentication response (XRES), the authentication is successful.

  The calculation unit 23 calculates a resynchronization token (AUTS) used for a resynchronization procedure between the subscriber authentication module 20 and the HLR 50 when the sequence number (SQN) is not in the normal range. The resynchronization token (AUTS) includes a sequence number (SQN).

  FIG. 5 is a functional configuration diagram of the HLR according to the first embodiment. As shown in FIG. 5, the HLR 50 (state change detection device) includes a transmission / reception unit 51 (reception unit), an authentication vector generation unit 52, and a detection unit 53.

  The transmission / reception unit 51 transmits / receives signals to / from the VLR 40 and the terminal management server 60. Specifically, the transmission / reception unit 51 receives an authentication data request from the VLR 40 and transmits an authentication data response including an authentication vector (AV) described later to the VLR 40. The authentication data request may include a subscriber identifier or a resynchronization token (AUTS). Further, the transmission / reception unit 51 transmits a state change notification to the terminal management server 60 based on an instruction from the detection unit 53 described later.

  The authentication vector generation unit 52 generates an authentication vector (AV) used for mutual authentication between the subscriber authentication module 20 and the mobile communication network 30 in response to the authentication data request received by the transmission / reception unit 51. Specifically, the authentication vector generation unit 52 generates the authentication vector (AV) shown in FIG. 4A and outputs it to the transmission / reception unit 51.

  The detection unit 53 detects a change in authority state in the user terminal 10 based on the resynchronization token (AUTS) received by the transmission / reception unit 51. When detecting a change in authority state in the user terminal 10, the detection unit 53 transmits a state change notification to the terminal management server 60 via the transmission / reception unit 51.

  For example, the detection unit 53 may detect a change in the authority state in the user terminal 10 when the above-described notification information is included in the resynchronization token (AUTS). The notification information described above is included in the resynchronization token (AUTS) used for notification of the change in authority state in the user terminal 10, but is not included in the resynchronization token (AUTS) used for the resynchronization procedure. It is.

  Moreover, the detection part 53 may detect the change of the authority state in the user terminal 10, when the sequence number (SQN) contained in a resynchronization token (AUTS) is in a normal range. This is because if the sequence number (SQN) is within the normal range, the resynchronization token (AUTS) used for the resynchronization procedure is not transmitted. In this case, even if the data length of the resynchronization token (AUTS) is the same as that used for the resynchronization procedure, it is possible to detect a change in authority state in the user terminal 10.

  Next, the state change notification method according to the first embodiment will be described with reference to FIGS. The state notification method according to the first embodiment is used in the mobile communication system 1 shown in FIG.

  As illustrated in FIG. 6, the user terminal 10 detects a change in authority state in the terminal itself (step S <b> 101). Here, the change in the authority state in the user terminal 10 is the above-described privilege acquisition, privilege promotion, or the like.

  In order for the user terminal 10 to be usable by a network operator, the subscriber authentication module 20 is used at a predetermined time, and the network is used by a unique number (for example, IMSI, TMSI) stored in the subscriber authentication module 20. The node (HLR 50) must perform an authentication operation (at the time of power-on, restoration within a range, periodic location registration after a certain period of time) or an authentication operation (at the time of outgoing / incoming calls) associated with location registration. The user terminal 10 performs a connection request (attachment) or outgoing / incoming process to the VLR 40 at a predetermined timing (step S102). Here, the predetermined timing is, for example, when a network connection request related to an authentication calculation associated with location registration for the mobile communication network 30, a user operation for transmitting a telephone or packet communication, or an incoming request from the network side is accepted. It is. The connection request may include a subscriber identifier (for example, IMSI, TMSI) stored in the storage unit 22 of the subscriber authentication module 20.

  In response to the connection request from the user terminal 10, the VLR 40 transmits an authentication data request to the HLR 50 (step S103). Here, the authentication data request is for requesting an authentication vector for authenticating the subscriber authentication module 20, and includes a subscriber identifier (for example, IMSI).

  The HLR 50 generates an authentication vector (AV) in response to the authentication data request from the VLR 40 (step S104). Specifically, the HLR 50 generates an authentication vector (AV) based on a subscriber identifier (for example, IMSI) included in the authentication data request. As shown in FIG. 4A, each authentication vector (AV) includes a random number (RAND), an expected authentication response (XRES), a secret key (CK), an integrity key (IK), and an authentication token (AUTN).

  The HLR 50 transmits an authentication data response including the generated authentication vector (AV) to the VLR 40 (step S105). The VLR 40 includes a random number (RAND) and an authentication token (AUTN) among the five authentication parameters constituting the authentication vector (AV) generated by the HLR 50, and transmits it to the user terminal 10 (step S106). ). The user terminal 10 transmits a random number (RAND) and an authentication token (AUTN) included in the authentication request from the VLR 40 to the subscriber authentication module 20 (step S107).

  The subscriber authentication module 20 performs a predetermined calculation based on the authentication token (AUTN) from the user terminal 10, and calculates an authentication response (RES) for the VLR 40 based on the calculation result (step S108).

  Specifically, as shown in FIG. 4B, the subscriber authentication module 20 calculates an anonymous key (AK) based on a random number (RAND), and an authentication token (AUTN) based on the calculated anonymous key (AK). ) To extract the sequence number (SQN). Further, the subscriber authentication module 20 extracts an authentication management field (AMF) and a message authentication code (MAC) from the authentication token (ATUN). Meanwhile, the subscriber authentication module 20 calculates an expected message authentication code (XMAC) based on the sequence number (SQN) extracted from the authentication token (AUTN), the authentication management field (AMF), and the random number (RAND).

  Further, the subscriber authentication module 20 verifies whether or not the calculated expected message authentication code (XMAC) matches the extracted message authentication code (MAC). If they do not match, an authentication failure message (not shown) indicating that the authentication of the mobile communication network 30 has failed is transmitted, and this operation ends. Here, since both match, this operation continues.

  In addition, when the message authentication code (MAC) is successfully verified, the subscriber authentication module 20 verifies whether or not the extracted sequence number (SQN) is within a normal range. If the sequence number (SQN) is not within the normal range, a resynchronization token (AUTS) including this sequence number (SQN) is transmitted, and this operation ends. This resynchronization token (AUTS) is used for the resynchronization procedure between the subscriber authentication module 20 and the HLR 50. Here, since the sequence number (SQN) is within the normal range, this operation continues.

  Further, when the subscriber authentication module 20 succeeds in verifying the sequence number (SQN), the subscriber authentication module 20 calculates an authentication response (RES) to the VLR 40.

  As shown in FIG. 7, when the subscriber authentication module 20 succeeds in verifying the message authentication code (MAC) and the sequence number (SQN) in step S108, the subscriber authentication module 20 sends the authentication response (RES) calculated in step S108 to the user terminal 10. (Step S109).

  In response to the authentication response (RES) from the subscriber authentication module 20, the user terminal 10 determines whether or not a change in authority state in the terminal itself has been detected (step S110).

  When the change of the authority state in the user terminal 10 is not detected (step S110; NO), the user terminal 10 includes the authentication response (RES) received from the subscriber authentication module 20 in the user authentication response and transmits it to the VLR 40. (Step S111).

  The VLR 40 verifies whether or not the authentication response (RES) included in the user authentication response from the user terminal 10 matches the expected authentication response (XRES) constituting the authentication vector (AV) received from the HLR 50 (step). S112). If they do not match, the authentication of the subscriber authentication module 20 fails and the operation ends. On the other hand, if the two match, the authentication of the subscriber authentication module 20 is successful, and the location registration process is performed between the VLR 40 and the HLR 50 (step S113). When the location registration process is completed, the user terminal 10 can use various network services.

  On the other hand, when the change of the authority state in the user terminal 10 is detected (step S110; YES), the user terminal 10 replaces the authentication response (RES) received from the subscriber authentication module 20 with the resynchronization token (AUTS). ) Is transmitted to the VLR 40 (step S114). Here, the resynchronization token (AUTS) is used to notify the change of the authority state in the user terminal 10. The resynchronization token (AUTS) may include notification information that clearly indicates that it is used for notification of a change in authority state, for example, a data string indicating privilege seizure or privilege escalation.

  The VLR 40 includes the resynchronization token (AUTS) from the user terminal 10 in the authentication data request and transmits it to the HLR 50 (step S115).

  The HLR 50 detects a change in authority state in the user terminal 10 based on the resynchronization token (AUTS) included in the authentication data request from the VLR 40 (step S116). For example, the HLR 50 may detect a change in authority state in the user terminal 10 when the above-described notification information is included in the resynchronization token (AUTS). Alternatively, the HLR 50 may detect a change in the authority state in the user terminal 10 when the sequence number (SQN) included in the resynchronization token (AUTS) is within the normal range.

  When the HLR 50 detects a change in the authority state in the user terminal 10, the HLR 50 transmits a state change notification indicating the change to the terminal management server 60 (step S117). The terminal management server 60 updates the terminal management information for the user terminal 10 in response to the state change notification from the HLR 50 (step S118).

  Also, in the network configuration shown in FIG. 2B, it is assumed that the authority state in the user terminal 10 has changed, and the mutual authentication procedure is executed via, for example, the VLR 41 of the roaming network. In this case, the user terminal 10 that has detected the change in the authority state transmits a resynchronization token (AUTS) instead of the authentication response (RES) to the VLR 40. The normal authentication response (RES) is authenticated by the VLR 41 of the roaming network and is not transmitted to the HLR 50, but the resynchronization token (AUTS) is transmitted to the HLR 50. Therefore, the mechanism for transmitting the change in the authority state in the user terminal 10 using the resynchronization token (AUTS) is extremely effective in reliably transmitting to the HLR 50.

  In addition, the subscriber management server 70 operated by the operator B that borrows communication infrastructure from the home network operator A detects a resynchronization token (AUTS) that notifies the change of the authority state, and changes the state of the user terminal 10. A state management server (a server for managing privilege acquisition status, which is installed as equipment in the home network operator B, or some management entity (for example, owns or manages the user equipment) Communicate to facilities installed by companies)).

  According to the mobile communication system according to the first embodiment, the user terminal 10 transmits the resynchronization token (AUTS) instead of the authentication response (RES) to the VLR 40, whereby the authority state in the user terminal 10 changes. Is sent to the HLR 50. Thereby, the change of the authority state in the user terminal 10 can be notified to the HLR 50 at the time of mutual authentication between the subscriber authentication module 20 and the mobile communication network 30 before location registration where various network services can be used. Therefore, it is possible to prevent the notification function from not operating normally due to unauthorized suppression of the notification function or falsification of the notification information, and it is possible to more reliably notify the network operator of the change of the authority state in the user terminal.

  In other words, there is a possibility that the function of notifying the user terminal administrator such as a network operator of a user terminal that is not trusted from the network node (for example, the privilege-privileged state and the privilege-privileged state). Even if it is a user terminal), all calls and communications (including so-called packet communications in addition to SMS) are performed in the user terminal unless location registration is performed in the network node (HLR 50). Impossible. In the present embodiment, in addition to performing notification of privilege seizure at the location registration stage, even if the resynchronization token (AUTS) can be detected, falsification or prevention is based on the MAC. Since the detection in the HLR 50 works, it is practically impossible on the user terminal side, so the resynchronization token (AUTS) generated by the subscriber authentication module 20 is transparently reliable regardless of the presence or number of relay nodes. Is transmitted to. If the resynchronization token (AUTS) is falsified, the location registration of the user terminal 10 including the subscriber authentication module 20 is simply impossible as a result. For this reason, it is necessary for the user to use it for purposes other than network connection, and even if the issuance of the resynchronization token (AUTS) is blocked, the location registration is simply impossible. Therefore, it is considered that it cannot be determined that there is an advantageous factor to be modified on the user terminal side regarding the resynchronization token (AUTS).

  Further, in the mobile communication system according to the first embodiment, a change in authority state in the user terminal 10 is performed using a resynchronization token (AUTS) reaching the HLR 50 instead of an authentication response (RES) reaching only the VLR 40. Is notified to the HLR 50, for example, even when a connection by overseas roaming is performed, the change of the authority state in the user terminal 10 can be more reliably notified to the network operator.

  That is, the resynchronization token (AUTS) can be returned not only in the home network to which the subscriber authentication module 20 belongs, but also in the roaming network (however, it is limited to the network node that performs authentication using the 3GPP TS 33.102 quintet). The synchronization token (AUTS) can be issued and accepted, and it is guaranteed that the resynchronization token (AUTS) is reliably transmitted to the home network. For a roaming network that does not transmit a resynchronization token (AUTS) to the home network, call connection from the user terminal 10 cannot be achieved. Since the call charge revenue due to the inter-carrier settlement is not expected in the roaming network, it is expected that the design of the roaming network will normally be designed and operated to reliably transmit the resynchronization token (AUTS). The

(Second Embodiment)
In the first embodiment, when a change in authority state in the user terminal 10 is detected, the user terminal 10 transmits a resynchronization token (AUTS) instead of the authentication response (RES). On the other hand, the second embodiment is different from the first embodiment in that the subscriber authentication module 20 transmits a resynchronization token (AUTS) instead of the authentication response (RES) in the same case. In the following, the second embodiment will be described focusing on the differences from the first embodiment.

  FIG. 8 is a functional configuration diagram of the user terminal and the subscriber authentication module according to the second embodiment. As illustrated in FIG. 8, the user terminal 10 according to the second embodiment includes a communication unit 11, a detection unit 12, and an interface unit 13. That is, the user terminal 10 according to the second embodiment may not include the determination unit 14.

  In the second embodiment, when the detection unit 12 detects a change in authority state in the user terminal 10, the detection unit 12 transmits detection information to the subscriber authentication module 20 via the interface unit 13. As described above, the detection information is state change information indicating that a change in the authority state such as privilege acquisition or privilege promotion is detected. For example, the detection information may be transmitted using a proactive command issued by the subscriber authentication module 20.

  The subscriber authentication module 20 according to the second embodiment includes a determination unit 25 in addition to the transmission / reception unit 21, the storage unit 22, and the calculation unit 23. In the second embodiment, the determination as to whether or not a change in the authority state in the user terminal 10 has occurred, that is, the determination as to whether or not to send a resynchronization token (AUTS) instead of the authentication response (RES) This is performed by the subscriber authentication module 20. For this reason, the transmission / reception unit 21 receives the detection information from the detection unit 12 of the user terminal 10 via the interface unit 13 and outputs it to the storage unit 22. The storage unit 22 stores the detection information input from the transmission / reception unit 21.

  The determination unit 25 refers to the storage unit 22 to determine whether or not a change in authority state in the user terminal 10 has been detected. Specifically, when the above-described detection information is stored in the storage unit 22, the determination unit 25 instructs the calculation unit 23 to transmit a resynchronization token (AUTS) instead of the authentication response (RES). .

  Note that the resynchronization token (AUTS) transmitted instead of the authentication response (RES) includes notification information used for notifying a change in the authority state, for example, a data string indicating privilege acquisition, privilege promotion, and the like. But you can. Note that the resynchronization token may have the same data length as that used in the resynchronization procedure or may be different.

  Next, a state change notification method according to the second embodiment will be described with reference to FIGS. 9 and 10. As shown in FIG. 9, in the second embodiment, when a change in authority state in the user terminal 10 is detected in step S201, the user terminal 10 detects that a change in authority state has been detected. Is transmitted to the subscriber authentication module 20 (step S202). The subscriber authentication module 20 stores the detection information transmitted from the user terminal 10 in the storage unit 22. Note that steps S203 to S209 in FIG. 9 are the same as steps S102 to S108 in FIG.

  As shown in FIG. 10, when the subscriber authentication module 20 succeeds in verifying the message authentication code (MAC) and the sequence number (SQN) in step S209, whether or not a change in the authority state in the user terminal 10 is detected. Is determined (step S210). Specifically, the subscriber authentication module 20 determines whether or not the detection information transmitted from the user terminal 10 is stored in the storage unit 22.

  When the change of the authority state in the user terminal 10 is not detected (step S210; NO), the subscriber authentication module 20 transmits the authentication response (RES) calculated in step S209 to the user terminal 10 (step S211). . Note that steps S212 to S214 in FIG. 10 are the same as steps S111 to S113 in FIG.

  On the other hand, when a change in authority state in the user terminal 10 is detected (step S210; YES), the subscriber authentication module 20 replaces the authentication response (RES) calculated in step S209 with a resynchronization token (AUTS). ) Is transmitted to the user terminal 10 (step S215). Steps S216-S220 are the same as steps S114-S118 in FIG.

  According to the mobile communication system according to the second embodiment, the subscriber authentication module 20 transmits the resynchronization token (AUTS) instead of the authentication response (RES) to the VLR 40, so that Notify the HLR 50 of the change. Thereby, the change of the authority state in the user terminal 10 can be notified to the HLR 50 at the time of mutual authentication between the subscriber authentication module 20 and the mobile communication network 30 before location registration where various network services can be used. Therefore, it is possible to prevent the notification function from not operating normally due to unauthorized suppression of the notification function or falsification of the notification information, and it is possible to more reliably notify the network operator of the change of the authority state in the user terminal.

  Next, a notification method in the case where the subscriber authentication module or the incidental device which is user equipment has transitioned to a state unintended by the network operator will be described as a third embodiment to a sixth embodiment.

(Third embodiment)
In the third embodiment, when a state change in the subscriber authentication module 20 (transition to a state unintended by the network operator) is detected, the subscriber authentication module 20 re-executes instead of an authentication response (RES). Send a synchronization token (AUTS).

  The subscriber authentication module is issued along with the line contract between the operator operating the home network (or MVNO) and the user, and the home network operator generally owns the subscriber authentication module. Is. In view of this, unauthorized access to the subscriber authentication module (analysis of authentication algorithm, analysis of secret key, and other various security functions of the subscriber authentication module) or prevention of unauthorized modification (data stored in the subscriber authentication module) Detecting risks (problems) related to information leakage, falsification, and other abnormal operations inside the IC card, which is a subscriber authentication module, in order to guarantee reading, tampering, and theft without the prescribed authority) And reporting to HLR etc. is very meaningful. Therefore, when an attack on the IC card is detected, the state change is changed inside the subscriber authentication module, and then the resynchronization token (AUTS) indicating the state change at a timing at which the resynchronization token (AUTS) can be issued. Is effective.

  In this example, a mobile phone terminal will be described as an example of the user terminal 10. FIG. 11 shows a configuration example of the mobile phone terminal 100. The mobile phone terminal 100 includes a wireless unit 101, a display operation unit 102, a communication control unit 103, a memory unit 104, and a subscriber authentication module communication control unit 105. The wireless unit 101 is a functional part that performs wireless communication with a wireless communication facility such as a wireless base station, and the communication control unit 105 is based on a mobile communication system such as UMTS, LTE, or LTE-A. It is a functional part that controls communication between the illustrated radio base station), VLR 40, and HLR 50. The wireless unit 101 and the communication control unit 103 correspond to the communication unit 11 illustrated in FIG. The display operation unit 102 is a functional part that controls an operation screen operated by the user, and the memory unit 104 stores information related to authentication in addition to various programs. The subscriber authentication module communication control unit 105 is an interface unit that controls data transmission with the subscriber authentication module 200 provided in the mobile phone terminal 100, and corresponds to the interface unit 13 shown in FIG. In this example, since the mobile phone terminal 100 does not include a detection unit that detects a change in the authority state on the terminal side, the mobile phone terminal 100 does not notify the subscriber authentication module 200 of the detection result related to the authority state.

  FIG. 12 is a functional block diagram of the subscriber authentication module 200. Portions having the same functions as those of the subscriber authentication module 20 shown in FIG. The subscriber authentication module 200 includes a transmission / reception unit 21, a storage unit 22, a calculation unit 23, a determination unit 25, and a detection unit 24. The transmission / reception unit 21 transmits / receives authentication parameters to / from the interface unit 13 of the mobile phone terminal 100 in a mutual authentication process between the mobile communication network 30 and the subscriber authentication module 200. The storage unit 22 stores a subscriber identifier such as IMSI, an authentication algorithm, and the like, and the calculation unit 23 performs a calculation for mutual authentication between the subscriber authentication module 200 and the mobile communication network 30. The detection unit 24 detects a physical attack or a soft attack on the subscriber authentication module 200. Physical attacks include abnormal clocks, application of abnormal voltages and currents, induction of failure operations by light or electromagnetic irradiation, information modification or software destruction, file system destruction, and physical attacks such as cutting and grinding. It is done. Also, software attacks include repeated execution of various commands such as Verify PIN command and Authenticate command from a computer, and command execution that violates or deviates from the command interface communication protocol. When the detection unit 24 detects these attacks, the determination unit 25 writes state change information indicating a state change in the storage unit 22. When the transmission / reception unit 21 issues an authentication response (RES), if the state change information indicating the state change is stored in the storage unit 22, the transmission / reception unit 21 replaces the authentication response (RES) with a resynchronization token (AUTS). Send. As shown in FIG. 11, the subscriber authentication module communication control unit 105 of the mobile phone terminal 100 receives a resynchronization token (AUTS) from the subscriber authentication module 200. A resynchronization token (AUTS) is transmitted to the mobile communication network 30 by the wireless unit 101 and the communication control unit 103. The subsequent processing is the same as in the second embodiment.

  As described above, when an attack on the subscriber authentication module 200 is detected, the state change is stored inside the subscriber authentication module, and the next time the authentication response (RES) is issued, the authentication response (RES) is displayed. Instead, by issuing a resynchronization token (AUTS), an attack on the subscriber authentication module 200 can be reliably transmitted to the HLR 40 (41).

  In addition, after displaying that it is a resynchronization token (AUTS), insert a data string indicating that the internal data has changed state (for example, that there is a history of attacks), You may make it return to the network node (HLR40, 41) of the said network operator in the format of the data string of the predetermined data length prescribed | regulated as a resynchronization token (AUTS). If the HLR 40 or 41 determines that it is necessary to stop part or all of the functions of the subscriber authentication module, the reissued AV is included by including predetermined information in the AUTS when the next AV is generated. A part or all of the functions of the received subscriber authentication module may be stopped.

(Fourth embodiment)
The user terminal 10 can be provided with a non-contact IC card (for example, FeliCa (registered trademark)) function that can be used for a traffic ticket, for example. This non-contact IC card is an accessory device that provides a payment service or the like to the user in cooperation with the user terminal 10 or the subscriber authentication module 20.

  The non-contact IC chip realizing the non-contact IC card function has a function of detecting an attack against the IC card. When an attack is detected using the function, the subscriber authentication module is connected via the user terminal 10. The state change in the contactless IC card is transmitted to 20, and a resynchronization token (AUTS) for state change transmission is transmitted from the subscriber authentication module 20 according to the example of the state change of the user terminal 10. .

  FIG. 13 shows the configuration of a user terminal, a subscriber authentication module, and a non-contact IC card function unit according to the fourth embodiment.

  In the fourth embodiment, when a state change in the incidental device (transition to a state unintended by the network operator) is detected, the user terminal 10 or the subscriber authentication module 20 replaces the authentication response (RES). Send a resynchronization token (AUTS).

  A user terminal 10 according to the fourth embodiment includes a non-contact IC card function unit 80 in the user terminal 10. The user terminal 10 includes a communication unit 11 for communicating with the mobile communication network 30, and an interface unit 13 for transmitting data between the subscriber authentication module 20 and the non-contact IC card function unit 80. In addition, since this Embodiment has shown the example which does not detect the change of the authority state in the user terminal 10, the detection part 12 and the determination part 14 which were shown by FIG. 3 are not provided.

  The subscriber authentication module 20 includes a transmission / reception unit 21, a storage unit 22, and a calculation unit 23. In the fourth embodiment, a description will be given mainly of detecting a state change in the non-contact IC card function unit 80 and transmitting it to a network node. Therefore, the subscriber authentication module 20 may be the same as the configuration shown in FIG. 12, but the description thereof is omitted here.

  The non-contact IC card function unit 80 includes a wireless / wired transmission / reception unit 81, a storage unit 82, a calculation unit 83, a detection unit 84, and a determination unit 85. The wireless / wired transmission / reception unit 81 communicates with the reader / writer by modulating the carrier transmitted from the reader / writer, and writes a value to the non-contact IC card function unit 80 (storage unit 82). Done. In addition to the value information, the storage unit 82 stores information necessary for authentication, and when a state change in the non-contact IC card function unit 80 (transition to a state unintended by the network operator) is detected. State change information is stored. The calculation unit 83 performs calculations for mutual authentication, data encryption, and MAC addition between the reader / writer that performs non-contact communication with the non-contact IC card function unit 80. Similar to the subscriber authentication module 20 described in the third embodiment, the detection unit 84 detects a physical attack or a software attack on the non-contact IC card function unit 80. The determination unit 85 writes state change information indicating a state change in the storage unit 82 when an attack is detected by the detection unit 84. The wireless / wired transmission / reception unit 81 indicates a state change at a predetermined trigger (for example, information access from the interface unit 13 to the non-contact IC function unit 80 based on a request from an application in the user terminal 10). The change information is notified to the user terminal 10. When the subscriber authentication module 20 issues an authentication response (RES), the communication unit 11 of the user terminal 10 receives an authentication response (if the status change information indicating the status change is notified from the non-contact IC card function unit 80). A resynchronization token (AUTS) is transmitted instead of (RES). Or the notification method similar to 2nd Embodiment is also applicable. That is, when the subscriber authentication module 20 receives the state change information of the contactless IC card function unit 80 via the user terminal 10 and issues an authentication response (RES) in a mutual authentication process such as location registration, the authentication response (RES) A resynchronization token (AUTS) is transmitted instead of (RES). As a result, as well as preventing unauthorized access to the subscriber authentication module or unauthorized modification, it is extremely possible to detect risks (problems) related to information leakage, falsification and other abnormal operations inside the IC card and to notify the HLR etc. Meaningful. Therefore, when a problem with the IC card is detected, the state change is changed inside the subscriber authentication module, and then the resynchronization token (AUTS) indicating the state change at a timing at which the resynchronization token (AUTS) can be issued. Is effective.

  In addition, after displaying that it is a resynchronization token (AUTS), a data string indicating that the state has changed is inserted into the internal data, and a predetermined specified as the resynchronization token (AUTS) You may make it return to the network node (HLR40, 41) of the said network provider in the format of the data string of data length.

  The determination unit 85 may be provided on the user terminal 10 side. In this case, the state change information indicating the state change detected by the detection unit 84 is temporarily written in the storage unit 82 and can be read out and determined from the determination unit 85 of the user terminal 10.

(Fifth embodiment)
The non-contact IC card function unit 80 provided in the user terminal 10 can perform non-contact communication with other non-contact IC cards. When a state change in another non-contact IC card (transition to a state unintended by the network operator) is detected, the non-contact IC card function unit 80 indicates a state change when communicating with another non-contact IC card. The change information is received, the received change information of the other contactless IC card is transferred to the user terminal 10 or the subscriber authentication module 20, and is replaced with the authentication response (RES) in the course of the mutual authentication process by the subscriber authentication module 20. Send a synchronization token (AUTS).

  FIG. 14 shows the configuration of a user terminal, a subscriber authentication module, and a non-contact IC card function unit according to the fifth embodiment. A user terminal 10 according to the fifth embodiment includes a non-contact IC card function unit 80 in the user terminal 10. The non-contact IC card function unit 80 can perform non-contact data communication with other non-contact IC cards 90 as well as non-contact communication with the reader / writer as in the fourth embodiment. The non-contact IC card function unit 80 can be composed of a wireless / wired transmission / reception unit 81, a storage unit 82, and a calculation unit 83. If the mobile communication network 30 is not notified of an attack on the non-contact IC card function unit 80, FIG. As shown in FIG.

  Another non-contact IC card 90 includes a wireless transmission / reception unit 91, a storage unit 92, a calculation unit 93, a detection unit 94, and a determination unit 95. The wireless transmission / reception unit 91 performs non-contact communication with a reader / writer and writes values to the non-contact IC card 90 (storage unit 92). The wireless transmission / reception unit 91 further performs non-contact communication with the non-contact IC card function unit 80. In addition to the value information being written, the storage unit 92 stores information necessary for authentication, and when a state change in the non-contact IC card 90 (transition to a state unintended by the network operator) is detected. State change information is stored. The calculation unit 93 performs calculations for mutual authentication, data encryption, and MAC addition with a reader / writer or the like that performs non-contact communication with the non-contact IC card 90. Similar to the subscriber authentication module 20 described in the third embodiment, the detection unit 94 detects a physical attack or a soft attack on the non-contact IC card 90. The determination unit 95 writes state change information indicating a state change in the storage unit 92 when an attack is detected by the detection unit 94. The wireless transmission / reception unit 91 generates a predetermined opportunity (for example, generation of wireless communication involving exchange of value with the non-contact IC card function unit 80, data stored in the storage unit 92 (for example, member information)) The state change information indicating the state change is notified to the non-contact IC card function unit 80. The non-contact IC card function unit 80 indicates a state change at a predetermined opportunity (for example, information access from the interface unit 13 to the non-contact IC function unit 80 based on a request from an application in the user terminal 10). The state change information is notified to the user terminal 10.

  When the subscriber authentication module 20 issues an authentication response (RES), the communication unit 11 of the user terminal 10 receives an authentication response (if the status change information indicating the status change is notified from the non-contact IC card function unit 80). A resynchronization token (AUTS) is transmitted instead of (RES). Or the notification method similar to 2nd Embodiment is also applicable. That is, when the subscriber authentication module 20 receives the state change information of the contactless IC card 90 via the user terminal 10 and issues an authentication response (RES) in a mutual authentication process such as location registration, the authentication response (RES) Instead, a resynchronization token (AUTS) is transmitted.

  In addition, after displaying that it is a resynchronization token (AUTS), a data string indicating that the state has changed is inserted into the internal data, and a predetermined specified as the resynchronization token (AUTS) You may make it return to the network node (HLR40, 41) of the said network provider in the format of the data string of data length.

(Sixth embodiment)
Next, a case is assumed in which a user terminal (including a case where only a function sufficient for realizing the sixth embodiment is included regardless of the shape) is incorporated in a contact type IC card settlement terminal. A contact type IC card settlement terminal is an integrated terminal having a network connection function by a user terminal (or a device having a different network connection function by wire or wireless) when a credit card is settled exclusively using a contact type IC card in a retail store or the like However, it is not limited to these.

  When a contact type IC card connected to the contact type IC card settlement terminal detects that there is an abnormality inside the contact type IC card, the state change is detected by the contact type IC card settlement terminal and the user terminal. Via the mobile communication network 30 (HLR 50). At this time, as in the above-described embodiments, at the timing when the subscriber authentication module 20 issues an authentication response (RES), a resynchronization token (AUTS) is transmitted instead of the authentication response (RES).

  FIG. 15 shows a configuration in which a user terminal is incorporated in a contact type IC card settlement terminal. A mobile device main body 100 corresponding to the user terminal 10 is incorporated in the contact type IC card settlement function unit 110. The mobile device main body 100 is provided with a subscriber authentication module 20. The contact IC card payment function unit 110 communicates with the contact IC card 120 to provide a payment service.

  The mobile device main body 100 includes a communication unit 1101 and an interface unit 1102. The communication unit 1101 has the same function as the communication unit 11 described above. That is, it communicates with the mobile communication network 30 and notifies the HLR 50 of the state change detected by the contact type IC card 120. The interface unit 1102 transmits / receives authentication parameters to / from the subscriber authentication module 20 and transmits / receives data to / from the contact IC card payment function unit 110.

  The contact IC card settlement function unit 110 transmits and receives data by wire connection to the mobile device main body 100 and the contact IC card 120. The storage unit 112 stores information necessary for card payment, and the calculation unit 113 is a functional part that performs calculations necessary for card payment.

  The contact IC card 120 includes a wired transmission / reception unit 121, a storage unit 122, a calculation unit 123, a detection unit 124, and a determination unit 125. The wired transmission / reception unit 121 is connected to the contact type IC card payment function unit 110 by wire to transmit / receive payment information. In addition, the wired transmission / reception unit 121 uses the state change information stored in the storage unit 122 at a predetermined opportunity (for example, communication with the contact IC card payment function unit 110 based on the verification PIN code exchange at the time of payment). The contact type IC card settlement function unit 110 is notified. In the storage unit 122, information necessary for IC card settlement is written, and state change information indicating that the contact type IC card 120 has been tampered with or the like is written. The computing unit 123 is a functional part that performs computations necessary for card payment. Similar to the subscriber authentication module 20 described in the third embodiment, the detection unit 124 detects a physical attack or a soft attack on the contact IC card 120. The determination unit 125 writes state change information indicating a state change in the storage unit 122 when an attack is detected by the detection unit 124. The wired transmission / reception unit 121 notifies the contact IC card payment function unit 110 of the state change information at the predetermined trigger. The contact type IC card settlement function unit 110 is a predetermined opportunity (for example, information access from the interface unit 1102 to the contact type IC card settlement function unit 110 based on a request from an application in the mobile device body 100). The mobile device main body 100 is notified of state change information indicating a state change.

  When the subscriber authentication module 20 issues an authentication response (RES), the communication unit 1101 of the mobile device main body 100 authenticates if state change information indicating a state change is notified from the contact IC card payment function unit 110. A resynchronization token (AUTS) is transmitted instead of the response (RES). Or the notification method similar to 2nd Embodiment is also applicable. That is, when the subscriber authentication module 20 receives the state change information of the contact IC card 120 via the user terminal 10 and issues an authentication response (RES) in a mutual authentication process such as location registration, the authentication response (RES) Instead, a resynchronization token (AUTS) is transmitted.

  In addition, after displaying that it is a resynchronization token (AUTS), a data string indicating that the state has changed is inserted into the internal data, and a predetermined specified as the resynchronization token (AUTS) You may make it return to the network node (HLR40, 41) of the said network provider in the format of the data string of data length.

  In the above-described embodiment, the detection of the change in the authority state in the user terminal 10 based on the resynchronization token (AUTS) is performed by the HLR 50. However, other network side devices such as the VLR 40, the VSR, and the SGSN are used. It may be done at. In the above-described embodiment, the verification of the authentication response (RES) and the expected authentication response (XRES) is performed by the VLR 40, but may be performed by another network side device such as an MME. In other network side devices such as VSR or SGSN, in the case of a communication system that detects a change in authority state, when privilege acquisition information is transmitted in the same data string as the resynchronization token (AUTS) format length, RES and XRES Before the comparison, if it is the RES format, the conventional authentication process is executed, and if it is the resynchronization token (AUTS) format, the notification information in the data string, eg privilege acquisition, is executed. A parameter indicating information may be extracted and registered in the VLR and the HLR. In the above-described embodiment, the state change detection device is described as being the HLR 50. However, the HLR 50 and the terminal management server 60 may be configured on separate hardware (further installed close to each other). It may be installed in a place physically separated by a communication line or the like, or may exist as a device constituting another network (for example, MVNO), and the same hardware It can also be configured by software that functions on the wearer. Further, the HLR 50 may include information to that effect in the AUTN in the AV reissued to the subscriber authentication module 20 regarding the detection of the change in the authority state in the user terminal 10.

  Although the present invention has been described in detail using the above-described embodiments, it will be apparent to those skilled in the art that the present invention is not limited to the embodiments described herein. The present invention can be implemented as modified and changed modes without departing from the spirit and scope of the present invention defined by the description of the scope of claims. Therefore, the description of the present specification is for illustrative purposes and does not have any limiting meaning to the present invention.

  The contactless IC card described in the present embodiment is exemplified by FeliCa (registered trademark), but may be other short-range wireless communication types such as Type A and B such as NFC (Near Field Communication). good. Needless to say, the present invention can be applied not only to contactless but also to a contact IC card in a form capable of communicating via a reader, not shown or described.

DESCRIPTION OF SYMBOLS 1 ... Mobile communication system 10 ... User terminal 20 ... Subscriber authentication module 30 ... Mobile communication network 40 ... VLR
50, 51 ... HLR
60 ... terminal management server 11, 101 ... communication unit 12, 24, 84, 94, 124 ... detection unit 13, 102 ... interface unit 21 ... transmission / reception unit 22, 82, 92, 112, 122 ... storage unit 23, 83, 93 , 113, 123... Arithmetic units 25, 85, 95, 125... Determination unit 51 .. transmission / reception unit 52.

Claims (11)

A state change notification method using a subscriber authentication module provided in a user terminal,
Receiving an authentication token transmitted from a network device to which the user terminal is connected;
Detecting a change in the state of the user terminal, the subscriber authentication module, or an incidental device associated therewith based on the state in the user terminal;
When the state change is detected, when transmitting an authentication response for the authentication token to the network device, a step of transmitting a resynchronization token instead of the authentication response;
A state change notification method characterized by comprising:   The state change notification method according to claim 1, wherein the step of detecting the state change is detected based on a state of a system area in the user terminal.   3. The state change notification method according to claim 2, wherein the resynchronization token includes notification information used for notification of a change in authority state in the user terminal, subscriber authentication module, or incidental device. The state change, the user terminal status change notification method according to claim 1, characterized in that in the subscriber identity module or auxiliary device, a detection result of the changes or problems privilege state.   The method according to claim 2, wherein the resynchronization token has the same data length as that used in the resynchronization procedure by the subscriber authentication module. 6. The state according to claim 2 , wherein the state of the system area is the presence or absence of a superuser (su) file or the writable state of the system area. Change notification method. A subscriber authentication device using a subscriber authentication module provided in a user terminal,
A receiving unit that receives an authentication token transmitted from a network device to which the user terminal is connected;
A transmission unit for transmitting an authentication response to the network device based on the authentication token;
A detection unit that detects a change in the state of the user terminal, the subscriber authentication module, or an incidental device associated with the user terminal based on the state in the user terminal;
When the state change is detected, the transmission unit transmits a resynchronization token instead of the authentication response when transmitting an authentication response to the network device. apparatus. A state change detection apparatus that is connected to a user terminal having a subscriber authentication module via a network and detects that a state change has occurred in the user terminal, the subscriber authentication module, or an incidental device that cooperates with the user terminal. And
An authentication response sent by the user terminal in response to an authentication token sent from a network device is received, and a resynchronization token sent instead of the authentication response when the state change occurs is used as the user terminal A receiving unit for receiving from,
A state change detection apparatus comprising: a detection unit configured to detect occurrence of the state change based on the resynchronization token.   In the case where the resynchronization token includes notification information used for notification of a change in state in the user terminal, subscriber authentication module, or incidental device, the detection unit, based on the notification information, the user terminal, subscriber authentication module The state change detection apparatus according to claim 8, wherein the state change detection apparatus detects whether there is a change or a problem in the authority state in the incidental device.   When the resynchronization token has the same data length as that used in the resynchronization procedure by the subscriber authentication module, the detection unit has a sequence number (SQN) included in the resynchronization token within a normal range. 9. The state change detection apparatus according to claim 8, wherein a change in authority state in the user terminal is detected based on whether or not there is. A mobile communication system comprising: a subscriber authentication device using a subscriber authentication module or an accompanying device provided in a user terminal; and a state change detecting device for detecting a change in state in the user terminal, the subscriber authentication module or the accompanying device. Because
The subscriber authentication device comprises: a receiving unit that receives an authentication token transmitted from a network device to which the user terminal is connected; and a transmitting unit that transmits an authentication response to the network device based on the authentication token. And
The state change detection device includes a detection unit that detects a state change of the user terminal, the subscriber authentication module, or an incidental device that cooperates with the user terminal based on a state in the user terminal,
A mobile communication system characterized by transmitting a resynchronization token instead of the authentication response when the state change is detected by the detection unit.

Images