JP6477223B2 - Communication system and communication method - Google Patents

Description

  The present invention relates to a communication system and a communication method.

  Currently, communication systems such as mobile phone systems and wireless local area networks (LANs) are widely used. Further, in the field of wireless communication, there is ongoing discussion on next-generation communication technology in order to further improve communication speed and communication capacity. For example, the standardization organization 3GPP (3rd Generation Partnership Project) has completed or studied the standardization of a communication standard called LTE (Long Term Evolution) and a communication standard called LTE-A (LTE-Advanced) based on LTE. ing.

  In recent years, a tethering function has attracted attention as one of such communication technologies. The tethering function means that, for example, a device that cannot be connected to a mobile phone line such as a PC (personal computer) or a tablet terminal can connect to the Internet by using a wireless device that can be connected to the mobile phone line as an access point. It is a function to do. If there is a wireless device equipped with a tethering function, for example, it is possible to provide an Internet connection to a PC, a tablet terminal, a game machine, etc., whether indoors or outdoors.

  In addition, mobile terminals such as smartphones currently sold may have a tethering function. For this reason, it is becoming an environment where many access points can be provided outdoors by making the tethering function of the portable terminal owned by an individual available.

  Examples of such techniques include the following techniques.

  That is, when a third-party wireless terminal connects to the access point, the wireless terminal transmits an authentication request including an authentication key, and the access point accepts the connection if it matches the previously held authentication key. There is a technique related to an authentication method for connecting other wireless terminals.

  According to this technology, a simple data offload can be realized by connecting a third-party wireless terminal to an access point.

  There is also a technique relating to a method for selecting a tethering terminal, which detects a tethering terminal, receives condition information such as a contract content and a remaining battery level from the detected tethering terminal, and determines a terminal to be tethered based on the condition information.

  According to this technique, an appropriate tethering terminal for a user can be selected from a plurality of tethering terminals.

JP 2014-7634 A JP 2012-227610 A

  As for the above-described authentication method for connecting a third-party wireless terminal, the access point authenticates the terminal device that requests connection, but the terminal device itself does not authenticate the access point. Since the terminal device does not authenticate the access point, the terminal device may connect to an unauthorized access point. Therefore, in such a case, the security of the terminal device may not be protected, for example, the access point accesses the terminal device without permission and illegally acquires information in the terminal device.

  In addition, regarding the technique related to the method for selecting the tethering terminal described above, only the process of determining the terminal to be tethered according to the condition information is performed, and there is no disclosure about the security of the terminal device. .

  Therefore, one disclosure is to improve the security of a communication device that requests communication.

  In a communication system comprising: a communication network; first and second communication devices; and a first relay device that relays communication performed between the first communication device and the second communication device. The first relay device authenticates the first communication device when the second communication device is connected to the communication network via the first communication device connected to the communication network. A processor is provided.

  According to one disclosure, it is possible to provide a communication system that improves the security of a communication device that requests communication.

FIG. 1 shows a configuration example of a communication system in the first embodiment. FIG. 2 illustrates a configuration example of a communication system according to the second embodiment. FIG. 3 illustrates a configuration example of the terminal device. FIG. 4 shows a configuration example of the GW. FIG. 5 shows a configuration example of the management server. FIG. 6 shows an example of an authentication registration sequence. FIG. 7 shows an example of the authentication information table. FIG. 8 shows an example of a tethering provision condition information notification sequence. FIG. 9 shows an example of a tethering provision condition information table. FIG. 10 shows an example of the processing flow of the GW when the tethering provision condition information notification is received. FIG. 11 shows an example of the processing flow of the management server when an authentication information inquiry is received. FIG. 12 shows an example of a sequence of tethering connection requests. FIG. 13 illustrates an example of a processing flow of the terminal device when a tethering connection request is transmitted. FIG. 14 shows an example of the processing flow of the GW when a tethering connection request is received. FIG. 15 shows an example of a sequence during communication. FIG. 16 illustrates an example of the processing flow of the GW when the cumulative communication amount notification is received and when the determination result is received. FIG. 17 shows an example of the processing flow of the management server when the cumulative traffic notification is received. FIG. 18 shows an example of a sequence at the time of cutting. FIG. 19 shows an example of the accumulated traffic table. FIG. 20 illustrates an example of a processing flow of the GW when a tethering disconnection request is received. FIG. 21 shows an example of the processing flow of the management server when the cumulative traffic notification is received. FIG. 22 illustrates a configuration example of a communication system according to the third embodiment. FIG. 23 illustrates an example of a sequence before the terminal device moves. FIG. 24 illustrates an example of a sequence after the terminal device has moved. FIG. 25 illustrates a hardware configuration example of the terminal device. FIG. 26 illustrates a hardware configuration example of the GW. FIG. 27 illustrates a hardware configuration example of the management server. FIG. 28 illustrates a configuration example of a communication system in which no GW and management server exist.

  Hereinafter, modes for carrying out the present invention will be described.

[First Embodiment]
A first embodiment will be described.

  FIG. 1 is a diagram illustrating a configuration example of a communication system 10 according to the first embodiment.

  The communication system 10 includes a first communication device 100-1, a second communication device 100-2, a first relay device 200, and a communication network 500.

  The first communication device 100-1 is, for example, a terminal device such as a smartphone, and connects to the communication network 500 via wireless communication.

  The second communication device 100-2 is a communication device such as a computer or a tablet terminal, for example, and is connected to the communication network 500 via the first communication device 100-1. When the second communication device 100-2 is connected to the communication network 500 via the first communication device 100-1, for example, the second communication device 100-2 communicates with the first communication device 100-1 via the first relay device 200. To do. Further, when the second communication device 100-2 is connected to the communication network 500 via the first communication device 100-1, for example, the first communication device 100- does not go through the first relay device 200. 1 may be directly communicated with.

  The first relay device 200 includes a first processor 251. For example, the first relay device 200 is disposed between the first communication device 100-1 and the second communication device 100-2, and relays communication between the first and second communication devices 100-1 and 100-2. I do. For example, the first relay device 200 and the first and second communication devices 100-1 and 100-2 are connected wirelessly, but may be connected by wire.

  For example, when the second communication device 100-2 connects to the communication network 500 via the first communication device 100-1, the first processor 251 authenticates the first communication device 100-1. . For example, if the first processor 251 determines that the first communication device 100-1 is authenticated and registered as a result of authentication, the first processor 251 connects the first communication device 100-1 and the second communication device 100-2. May be.

  The communication network 500 is, for example, a network owned by an operator that provides communication for landline phones and mobile phones. For example, the first communication device 100-1 is connected to the communication network 500 via wireless, and transmits the packet received from the second communication device 100-2 to the communication network 500. The first communication device 100-1 transmits the packet received from the communication network 500 to the second communication device 100-2.

  Thus, the first relay device 200 authenticates the first communication device 100-1. By doing so, the second communication device 100-2 can be connected to the first communication device 100-1 that has been registered for authentication. In the first embodiment, the first communication device 100-1 that has been registered for authentication is considered to be safer than other communication devices that have not been registered for authentication. The security of the communication device 100-2 can be improved.

[Second Embodiment]
Next, a second embodiment will be described.

<Configuration example of communication system>
First, a configuration example of the communication system 10 will be described. FIG. 2 is a diagram illustrating a configuration example of the communication system 10 according to the second embodiment.

  The communication system 10 includes terminal devices 100-1 to 100-4, a GW (gateway) 200, a management server 300, an authentication information database 400, and a communication carrier network 500.

  The terminal devices 100-1 to 4 are communication devices that communicate with the GW 200 and the communication carrier network 500, for example. Examples of the terminal devices 100-1 to 100-4 include a smartphone, a feature phone, or a PC (Personal Computer). The terminal devices 100-1 to 100-4 and the GW 200 may be connected wirelessly or may be connected by wire. The terminal devices 100-1 and 100-2 are, for example, terminal devices on the requesting side of tethering connection. For example, when performing the tethering connection, the terminal devices 100-1 and 100-2 transmit a tethering connection request to the GW 200.

  The terminal devices 100-3 and 4 are, for example, terminal devices on the tethering connection providing side. For example, when the tethering connection can be provided, the terminal devices 100-3 and 4 transmit a tethering provision condition information notification to the GW 200. Further, the terminal devices 100-3 and 4 are connected to the communication carrier network 500 via wireless communication according to a communication standard such as LTE.

  Hereinafter, the terminal devices 100-1 to 100-4 may be referred to as the terminal device 100 without distinction between the tethering connection providing side or the requesting side.

  For example, the GW 200 manages tethering provision condition information of the terminal devices 100-3 and 4 on the tethering connection providing side. The tethering provision condition information is information relating to communication on the tethering connection providing side, such as the maximum communication speed and carrier of the terminal devices 100-3 and 4 for example. Details of the tethering provision condition information will be described later. Further, for example, when receiving a tethering connection request from the terminal device 100-1 or 2 on the requesting side of the tethering connection, the GW 200 transmits an authentication information inquiry of the terminal device 100-1 or 2 to the management server 300. The GW 200 is connected to the management server 300 via a wire, for example. Further, the GW 200 may be connected to the management server 300 via, for example, the Internet line.

  For example, the management server 300 manages authentication information of the terminal devices 100-1 to 100-4. For example, when the management server 300 receives an authentication information query of the terminal device 100-1 from the GW 200, the management server 300 queries the authentication information database 400 for the authentication information of the terminal device 100-1. In addition, the management server 300 is connected to the authentication information database 400 and the GW 200 via a wire, for example.

  For example, the authentication information database 400 stores authentication information of the terminal devices 100-1 to 100-4. For example, the authentication information database 400 confirms whether or not the authentication information of the terminal devices 100-1 to 4 is stored by an inquiry from the management server 300.

  The communication carrier network 500 is, for example, a network owned by a carrier that provides fixed telephone or mobile phone communication. The terminal devices 100-3 and 4 are connected to the communication carrier network 500 via wireless communication according to a communication standard such as LTE.

<Configuration example of terminal device>
Next, a configuration example of the terminal device 100 will be described. FIG. 3 is a diagram illustrating a configuration example of the terminal device 100.

  The terminal device 100 includes a wireless communication connection unit 110, a tethering management unit 120, a tethering condition unit 130, and a cumulative traffic unit 140.

  The wireless communication connection unit 110 communicates with, for example, the GW 200, the communication carrier network 500, and other terminal devices 100, and transmits and receives packets. The wireless communication connection unit 110 includes wireless line interfaces 111 and 112 and a packet transfer processing unit 113.

  The wireless line interfaces 111 and 112 transmit, for example, a packet received from the packet transfer processing unit 113 to another device in communication or a packet received from another device in communication. Or output to

  For example, the packet transfer processing unit 113 converts a packet received from the wireless line interfaces 111 and 112 into a message in the internal format of the terminal device 100 and outputs the message to the tethering management unit 120. Further, the packet transfer processing unit 113 converts, for example, a message received from the tethering management unit 120 into a packet having a format suitable for wireless communication, and outputs the packet to the wireless line interfaces 111 and 112.

  The tethering management unit 120 controls, for example, tethering connection. The tethering management unit 120 includes a tethering state control unit 121 and a tethering information storage unit 122.

  For example, the tethering state control unit 121 receives the tethering connection information presentation transmitted from the GW 200 from the wireless communication connection unit 110 and stores the tethering connection information in the internal memory 1221 of the tethering information storage unit 122. Further, the tethering state control unit 121 outputs the received tethering connection information to the tethering condition unit 130. Further, the tethering state control unit 121 receives, for example, a determination result as to whether or not to accept the presented tethering connection information from the tethering condition unit 130, and outputs it to the wireless communication connection unit 110 for transmission to the GW 200. Further, for example, when the tethering state control unit 121 receives a cumulative communication amount notification from the cumulative communication amount unit 140, the tethering state control unit 121 outputs the notification to the wireless communication connection unit 110 for transmission to the GW 200. Details of the tethering connection information and the accumulated communication amount will be described later. For example, when the tethering state control unit 121 receives a tethering connection start notification, the tethering state control unit 121 sets an interval for periodically transmitting the accumulated communication amount included in the tethering connection information stored in the internal memory 1221 to the accumulated communication amount unit. Output to 140.

  Note that the tethering state control unit 121 may perform the processing of the authentication processing unit 230 of the GW 200, for example. Further, the tethering state control unit 121 may perform processing of the tethering information unit 240 of the GW 200, for example. Further, the tethering state control unit 121 may perform the processing of the authentication processing unit 320 of the management server 300, for example. Further, the tethering state control unit 121 may perform processing of the authentication information database 400, for example.

  The tethering condition unit 130 manages condition information for tethering connection, for example. The tethering connection condition information is, for example, tethering connection condition information and tethering provision condition information. The tethering condition unit 130 includes a tethering condition information transmission / reception unit 131, a tethering condition information setting unit 132, and a tethering condition determination unit 133.

  The tethering condition information transmission / reception unit 131 outputs the message received from the tethering management unit 120 to the tethering condition information setting unit 132 or the tethering condition determination unit 133. Further, the tethering condition information transmission / reception unit 131 outputs the message received from the tethering condition information setting unit 132 and the tethering condition determination unit 133 to the tethering management unit 120.

  The tethering condition information setting unit 132 holds, for example, tethering connection condition information desired by the user of the terminal device 100, tethering provision condition information used for providing tethering connection, and authentication information in the internal memory 1321. Details of the tethering connection condition information, the tethering provision condition information, and the authentication information will be described later. For example, when requesting tethering connection, the tethering condition information setting unit 132 outputs tethering connection condition information and authentication information to the tethering condition information transmitting / receiving unit 131. For example, when providing a tethering connection, the tethering condition information setting unit 132 outputs tethering provision condition information and authentication information to the tethering condition information transmission / reception unit 131.

  For example, the tethering condition determination unit 133 determines whether to permit tethering connection based on the presented tethering connection information from the content of the tethering connection information presented from the GW 200. For example, the tethering condition determination unit 133 compares the tethering connection information with the tethering connection condition information stored in the internal memory 1321, and if they match, the tethering connection determination unit 133 permits tethering connection based on the tethering connection information. To do. The tethering condition determination unit 133 outputs the determination result of the tethering connection information to the tethering condition information transmission / reception unit 131 for transmission to the GW 200.

  The accumulated traffic unit 140 manages, for example, the accumulated traffic in tethering connection. The accumulated communication amount unit 140 includes an accumulated communication amount transmission / reception unit 141, an accumulated communication amount storage unit 142, and an accumulated communication amount notification interval monitoring unit 143.

  For example, the accumulated communication amount transmission / reception unit 141 outputs the message received from the tethering management unit 120 to the accumulated communication amount storage unit 142 or the accumulated communication amount notification interval monitoring unit 143. In addition, the accumulated communication amount transmission / reception unit 141 outputs, for example, messages received from the accumulated communication amount storage unit 142 and the accumulated communication amount notification interval monitoring unit 143 to the tethering management unit 120.

  The accumulated communication amount storage unit 142 stores, for example, the communication amount in tethering connection. The communication amount can be calculated by the tethering state control unit 121 of the tethering management unit 120 by, for example, passing all packets transmitted and received through the tethering connection via the tethering management unit. The accumulated communication amount storage unit 142 receives the communication amount from the tethering state control unit 121 and adds it to the internal memory 1421 as the accumulated communication amount. For example, when the accumulated communication amount notification interval monitoring unit 143 requests the accumulated communication amount notification unit 142 to transmit the accumulated communication amount notification, the accumulated communication amount storage unit 142 transmits the accumulated communication amount notification to the GW 200. 141, the accumulated communication amount stored in the internal memory 1421 is output.

  For example, the cumulative traffic notification interval monitoring unit 143 monitors the interval at which the cumulative traffic notification is transmitted to the GW 200. For example, when receiving the interval value included in the tethering connection information, the cumulative communication amount notification interval monitoring unit 143 issues a timer according to the interval value. For example, when the timer expires, the accumulated communication amount notification interval monitoring unit 143 requests the accumulated communication amount storage unit 142 to transmit the accumulated communication amount notification and issues a timer corresponding to the interval again.

<Example of GW configuration>
Next, a configuration example of the GW 200 will be described. FIG. 4 is a diagram illustrating a configuration example of the GW 200.

  The GW 200 includes a communication connection unit 210, a tethering management unit 220, an authentication processing unit 230, and a tethering information unit 240.

  For example, the communication connection unit 210 performs wireless communication with the terminal device 100 or performs communication with the management server 300 by wire. The communication connection unit 210 includes wireless line interfaces 211 and 212, a wired line interface 213, and a packet transfer processing unit 214.

  For example, the wireless line interfaces 211 and 212 and the wired line interface 213 transmit a packet received from the packet transfer processing unit 214 to the terminal device 100 or the management server 300. In addition, the wireless line interfaces 211 and 212 and the wired line interface 213 output packets received from the terminal device 100 or the management server 300 to the packet transfer processing unit 214.

  For example, the packet transfer processing unit 214 converts a packet received from the wireless line interfaces 211 and 212 and the wired line interface 213 into a message in the internal format of the GW 200 and outputs the message to the tethering management unit 220. Further, the packet transfer processing unit 214 converts, for example, a message received from the tethering management unit 220 into a packet having a format suitable for wireless or wired communication, and transmits the packet to the wireless line interface 211, 212 or the wired line interface 213. Output.

  The tethering management unit 220 controls tethering connection, for example. The tethering management unit 220 includes a tethering state control unit 221 and a tethering information storage unit 222.

  For example, when tethering connection is made, the tethering state control unit 221 stores tethering connection information agreed between the tethering connection providing side and the requesting side in the internal memory 2221 of the tethering information storage unit 222. Further, for example, when the tethering state control unit 221 receives the accumulated communication amount notification, the tethering state control unit 221 transmits the accumulated communication amount notification including the terminal names on the requesting side and the providing side of the tethering connection to the management server 300.

  The tethering information storage unit 222 stores the tethering connection information received from the tethering state control unit 221, for example, in the internal memory 2221. The tethering information storage unit 222 is also used as an area for temporarily storing, for example, a message transmitted and received by the tethering state control unit 221.

  For example, when receiving a tethering connection request or tethering provision condition information presentation from the terminal device 100, the authentication processing unit 230 performs an authentication process. The authentication processing unit 230 includes an authentication information transmission / reception unit 231, a management server address storage unit 232, and an authentication result determination unit 233.

  For example, the authentication information transmission / reception unit 231 outputs a message received from the tethering management unit 220 to the authentication result determination unit 233, or receives a message received from the authentication result determination unit 233 and the management server address storage unit 232 to the tethering management unit 220. Or output.

  For example, the management server address storage unit 232 stores the IP (Internet Protocol) address of the management server 300 in the internal memory 2321.

  For example, the authentication result determination unit 233 receives the authentication result received from the management server 300, creates an authentication result message including the authentication result, and outputs the authentication result message to the authentication information transmission / reception unit 231.

  Note that the authentication result determination unit 233 may perform the processing of the authentication processing unit 320 of the management server 300, for example. Further, the authentication result determination unit 233 may perform processing of the authentication information database 400, for example.

  The tethering information unit 240 manages, for example, condition information regarding tethering connection between the tethering connection requesting side and the providing side terminal device 100. The tethering information unit 240 includes, for example, a tethering information transmission / reception unit 241, a tethering provision condition information storage unit 242, and a tethering connection condition information search unit 243.

  For example, the tethering information transmission / reception unit 241 outputs the message received from the tethering management unit 220 to the tethering provision condition information storage unit 242 or the tethering connection condition information search unit 243. Further, the tethering information transmission / reception unit 241 outputs, for example, the message received from the tethering provision condition information storage unit 242 and the tethering connection condition information search unit 243 to the tethering management unit 220.

  The tethering provision condition information storage unit 242 stores, for example, a tethering provision condition information table (t2). Details of the tethering provision condition information table (t2) will be described later.

  For example, the tethering connection condition information search unit 243 searches for a tethering connection partner that satisfies the tethering connection condition information. For example, the tethering connection condition information search unit 243 compares the tethering connection request condition information with the tethering provision condition information stored in the tethering provision condition information table (t2). For example, the tethering connection condition information search unit 243 searches for the terminal device 100 that matches the conditions as a result of the comparison, or that does not match the conditions but has a small difference and is in an allowable range. Note that the number of terminal devices 100 that provide tethering connection may be one or more.

<Configuration example of management server and authentication information database>
Next, configuration examples of the management server 300 and the authentication information database 400 will be described. FIG. 5 is a diagram illustrating a configuration example of the management server 300 and the authentication information database 400.

  The management server 300 includes a communication connection unit 310, an authentication processing unit 320, and a cumulative communication amount unit 330.

  The communication connection unit 310 transmits and receives packets to and from the GW 200 via a wire, for example. The communication connection unit 310 includes wired line interfaces 311 and 312 and a packet transfer processing unit 313.

  For example, the wired line interfaces 311 and 312 transmit the packet received from the packet transfer processing unit 313 to the GW 200. Further, the wired line interfaces 311 and 312 output the packet received from the GW 200 to the packet transfer processing unit 313.

  For example, the packet transfer processing unit 313 converts the packets received from the wired line interfaces 311 and 312 into messages in the internal format of the management server 300 and outputs the messages to the authentication processing unit 320 or the accumulated traffic amount unit 330. Further, the packet transfer processing unit 313 converts, for example, messages received from the authentication processing unit 320 and the accumulated traffic unit 330 into a packet having a format suitable for wired communication, and outputs the packet to the wired line interfaces 311 and 312. .

  For example, the authentication processing unit 320 determines the result of the authentication process. The authentication processing unit 320 includes an authentication information transmission / reception unit 321, an authentication information database access unit 322, and an authentication result determination unit 323.

  For example, the authentication information transmission / reception unit 321 outputs the message received from the communication connection unit 310 to the authentication result determination unit 323 or the authentication information database access unit 322. Further, the authentication information transmission / reception unit 321 outputs, for example, messages received from the authentication result determination unit 323 and the authentication information database access unit 322 to the communication connection unit 310.

  The authentication information database access unit 322 communicates with the authentication information database 400, for example. For example, the authentication information database access unit 322 receives the authentication information determination result from the authentication information database 400 and outputs the authentication information determination result to the authentication result determination unit 323. For example, when the authentication information determination unit 323 requests the authentication information database 400 to inquire about the authentication information, the authentication information database access unit 322 transmits an authentication information query to the authentication information database 400.

  For example, the authentication result determination unit 323 determines whether or not the terminal device 100 is registered for authentication. For example, when an authentication information inquiry is received from the GW 200, the authentication result determination unit 323 requests the authentication information database access unit 322 to inquire authentication information. Further, for example, when the authentication result determination unit 323 receives the authentication information determination result from the authentication information database access unit 322, the authentication result determination unit 323 creates an authentication OK or authentication NG message from the determination result and transmits the message to the GW 200. To the unit 321.

  For example, the accumulated communication amount unit 330 stores the accumulated communication amount in the tethering connection, or confirms that there is no difference in the recognition of the communication amount in the terminal device 100 on the requesting side and the providing side of the tethering connection. . The accumulated communication amount unit 330 includes an accumulated communication amount transmission / reception unit 331, an accumulated communication amount storage unit 332, and an accumulated communication amount determination unit 333.

  For example, the cumulative communication amount transmission / reception unit 331 outputs the message received from the communication connection unit 310 to the cumulative communication amount determination unit 333 or the cumulative communication amount storage unit 332. In addition, the accumulated communication amount transmission / reception unit 331 outputs, for example, messages received from the accumulated communication amount determination unit 333 and the accumulated communication amount storage unit 332 to the communication connection unit 310.

  For example, the accumulated communication amount storage unit 332 stores the accumulated communication amount of the tethering connection in the accumulated communication amount table (t3). Details of the accumulated traffic table (t3) will be described later.

  For example, the cumulative communication amount determination unit 333 receives the cumulative communication amount notification from both the requesting side and the providing side of the tethering connection and stores the notification in the internal memory 3331. The accumulated traffic determination unit 333 compares both accumulated traffic stored in the internal memory 3331. As a result of the comparison, the accumulated communication amount determination unit 333 outputs the determination result OK to the GW 200, and outputs the determination result OK to the accumulated communication amount transmission / reception unit 331 and stores the accumulated communication amount in the internal memory 3331. Is stored in the cumulative communication amount table (t3). Further, if the result of the comparison indicates that they do not match, the accumulated traffic determination unit 333 outputs the determination result NG to the accumulated traffic amount transmission / reception unit 331 in order to transmit the determination result NG to the GW 200. Regarding the comparison of the accumulated traffic, for example, it is not determined that only when they completely match, but if both the accumulated traffic are values within a certain range, it may be determined that they match. Good.

  For example, the authentication information database 400 stores authentication information of the terminal device 100. The authentication information database 400 includes a control unit 401 and an authentication information storage unit 402.

  For example, the control unit 401 receives the authentication information registration from the management server 300, and stores the authentication information in the authentication information table (t1) of the authentication information storage unit 402. Details of the authentication information table (t1) will be described later. Further, the control unit 401 receives an authentication information inquiry from the management server 300, and determines whether authentication information included in the authentication information inquiry is registered in the authentication information table (t1).

  The authentication information storage unit 402 stores authentication information, for example. The authentication information storage unit 402 stores, for example, an authentication information table (t1).

<Operation example>
Next, an operation example in the second embodiment will be described. In the operation example, the terminal device 100 performs authentication registration, and is described in five stages from the communication in tethering connection to the tethering disconnection.

<1. Registration of authentication information>
Authentication information registration will be described with reference to the sequence of FIG. FIG. 6 shows an example of an authentication registration sequence in the communication system 10.

  When the terminal device 100-3 performs authentication registration, the tethering condition information setting unit 132 of the terminal device 100-3 reads the authentication information stored in the internal memory 1321 and creates an authentication information notification. The authentication information is, for example, an IMEI (International Mobile Equipment Identity), a telephone number, and a password of the terminal device 100-3. The tethering condition information setting unit 132 transmits the created authentication information notification to the GW 200 (S100).

  Upon receiving the authentication information notification, the tethering state control unit 221 of the GW 200 inquires the management server address storage unit 232 about the IP address of the management server 300. The management server address storage unit 232 reads the IP address of the management server 300 stored in the internal memory 2321 and outputs it to the tethering state control unit 221. Upon receiving the IP address of the management server 300, the tethering state control unit 221 creates an authentication information notification and transmits it to the management server 300 (S101).

  When the authentication information transmission / reception unit 321 of the management server 300 receives the authentication information notification from the GW 200, the authentication information transmission / reception unit 321 outputs the authentication information to the authentication information database access unit 322 and requests to be registered in the authentication information database 400. The authentication information database access unit 322 transmits an authentication information notification to the authentication information database 400 (S102).

  Upon receiving the authentication information notification, the authentication information database 400 performs authentication information registration (m100). In the authentication information registration (m100), the control unit 401 receives the authentication information notification and stores the received authentication information in the authentication information table (t1) of the authentication information storage unit 402. An example of the authentication information table (t1) is shown in FIG. The authentication information table (t1) is a list in which authentication information transmitted by the terminal device 100 is stored for each terminal device 100. Examples of information elements stored in the authentication information table (t1) include “terminal name”, “IMEI”, “phone number”, and “password”. “Terminal name” is, for example, the name of the terminal device 100. “IMEI” is, for example, an identification number assigned to the terminal device 100, and is a number uniquely determined for each terminal device 100. “Telephone number” is, for example, a telephone number when the terminal device 100 is a mobile phone. The “password” is, for example, an arbitrary combination of numbers and characters determined by the user who owns the terminal device 100. Note that the authentication information may include, for example, a credit card number or a bank account number. In this case, the card number of the credit card and the account number of the bank account are also stored in the authentication information table (t1).

  In the sequence of FIG. 6, an authentication information notification is transmitted from the terminal device 100-3 and an authentication registration process is performed. For example, a user who owns the terminal device 100-3 from a Web server for authentication registration or the like. Authentication information may be registered. Further, in the authentication registration process, for example, the administrator of the communication system 10 may directly access the authentication information database 400 for registration.

  In this way, by registering the authentication information of the terminal device 100 on the requesting side and the providing side of the tethering connection in advance, the terminal devices 100 on both the requesting side and the providing side of the tethering connection before performing the tethering connection. It is possible to perform authentication.

<2. Provision of tethering connection>
A process for starting provision of a tethering connection will be described. FIG. 8 shows an example of a sequence when the provision of tethering connection is started in the communication system 10. FIG. 9 shows an example of the tethering provision condition information table (t2). FIG. 10 shows an example of the processing flow of the GW 200. FIG. 11 shows an example of the processing flow of the management server 300.

  The tethering condition information setting unit 132 of the terminal device 100-3 performs, for example, processing for starting provision of a tethering connection by a user operation of the terminal device 100-3. The tethering condition information setting unit 132 reads tethering provision condition information and authentication information stored in the internal memory 1321 and creates a tethering provision condition information notification. The tethering provision condition information is information relating to tethering connection, such as the amount of communication that can be provided, the communication method, the maximum communication speed, the charging rate, and the maintenance interval. Details of the tethering provision condition information will be described in the tethering provision condition information table (t2). The tethering condition information setting unit 132 transmits the created tethering provision condition information notification to the GW 200 (S103).

  When receiving the tethering provision condition information (P100, P101), the tethering state control unit 221 of the GW 200 stores the tethering provision condition information and the authentication information in the internal memory 2221 of the tethering information storage unit 222. The tethering state control unit 221 transmits an authentication information inquiry to the management server 300 (S104, P102). The tethering state control unit 221 receives the IP address of the management server 300 from the management server address storage unit 232 and creates an authentication information query.

  Upon receiving the authentication information inquiry (P150, P151), the authentication result determination unit 323 of the management server 300 checks whether the received authentication information is registered in the authentication information database 400 (P152). The authentication result determination unit 323 outputs authentication information to the authentication information database access unit 322 and requests the authentication information database 400 to transmit an authentication information query. The authentication information database access unit 322 creates an authentication information query and transmits it to the authentication information database 400 (S105).

  When receiving the authentication information inquiry, the control unit 401 of the authentication information database 400 checks whether or not the received authentication information is stored in the authentication information table (t1) of the authentication information storage unit 402. If the authentication information is stored, the control unit 401 transmits authentication OK to the management server 300, and if not stored, the control unit 401 transmits authentication NG to the management server 300 (S106).

  The authentication information database access unit 322 of the management server 300 outputs the received authentication OK or authentication NG to the authentication result determination unit 323. Upon receiving the authentication OK, the authentication result determination unit 323 determines that the authentication information has been registered in the authentication information database 400 (Yes in P152), transmits the authentication OK to the GW 200 (S107, P153), and ends the processing. (P155). Further, when receiving the authentication NG, the authentication result determination unit 323 determines that the authentication information is not registered in the authentication information database 400 (No in P152), transmits the authentication NG to the GW 200 (P154), and performs the processing. The process ends (P155).

  When receiving the authentication OK (Yes in P103), the tethering state control unit 221 of the GW 200 outputs the authentication OK to the authentication result determination unit 233. The tethering state control unit 221 further stores the tethering provision condition information stored in the internal memory 2221 in the tethering provision condition information table (t2) of the tethering provision condition information storage unit 242 (P104), and ends the process. (P105). Further, when receiving the authentication NG (No in P103), the tethering state control unit 221 ends the process (P105).

  The tethering provision condition information table (t2) is a list in which tethering condition information received from the terminal device 100 is stored for each terminal device 100. Information elements stored in the tethering provision condition information table (t2) include, for example, “terminal name”, “providable communication amount”, “communication method / carrier”, “maximum communication speed”, “current execution communication speed”. , “Charging rate”, and “maintenance interval”. The “terminal name” is, for example, the name of the terminal device 100-3. “Providable communication amount” indicates, for example, the maximum communication amount that the terminal device 100-3 can provide, and its unit is GB (gigabyte). “Communication method / carrier” indicates, for example, a communication method such as LTE, and a communication carrier name such as “Company d”. The “maximum communication speed” is, for example, the fastest communication speed at which the terminal device 100-3 can communicate in the communication carrier network, and its unit is Mbps (mega bit per second). The “current execution communication speed” indicates, for example, an actual communication speed at which the terminal device 100-3 was able to communicate in the operator network 500, and may be a communication speed at a certain time or a fixed time. The average communication speed may be used. The “billing rate” is used, for example, when the tethering connection provided in the communication system 10 is charged. “Billing rate” indicates, for example, a ratio with respect to a set basic charge per 1 GB of traffic. For example, when the “billing rate” is “double” and the basic charge is set to 2000 yen per 1 GB of traffic, the actual charge is 4000 yen per 1 GB of traffic. The “maintenance interval” is, for example, a value indicating an interval at which the terminal device 100-3 in the tethering connection transmits the cumulative communication amount notification. The accumulated communication amount notification is a message that the terminal device 100-3 periodically transmits to the GW 200, and includes the accumulated communication amount since the start of the tethering connection. Details of the cumulative communication amount notification will be described later.

  In this way, the GW 200 authenticates the terminal device 100-3 on the tethering connection providing side, so that the terminal device 100-1 on the tethering request side connects to the terminal device 100-3 that is not registered for authentication. To prevent it. That is, the terminal device 100-3 registered for authentication is considered to be more reliable than the other terminal devices not registered for authentication, and the security of the terminal device 100-1 on the tethering connection request side is improved.

  Further, the GW 200 manages information such as communication speed and communication amount that can be provided in the tethering connection, so that a more appropriate terminal device 100-3 that meets the conditions requested by the terminal device 100-1 on the requesting side of the tethering connection. Can be elected as the provider of the tethering connection.

  In the communication system 10, for example, a configuration example when the GW 200, the management server 300, and the authentication information database 400 do not exist is illustrated in FIG. In this case, the fourth processor 151 in the second communication device 100-2 that is the requesting side of the tethering connection authenticates the first communication device 100-1 that is the providing side of the tethering connection. The first communication device 100-1 is connected to the communication network 500, and the second communication device 100-2 can be connected to the communication network 500 via the first communication device 100-1. . Even in this case, the first communication device 100-1 is authenticated, and the security of the second communication device 100-2 is improved.

<3. Request for tethering connection>
Processing for starting a tethering connection request will be described. FIG. 12 shows an example of a sequence when a tethering connection request is started in the communication system 10. FIG. 11 shows an example of the processing flow of the management server 300. FIG. 13 illustrates an example of a processing flow of the terminal devices 100-1 and 100-3. FIG. 14 illustrates an example of a processing flow of the GW 200.

  The tethering condition information setting unit 132 of the terminal device 100-1 starts tethering connection, for example, when the user of the terminal device 100-1 starts an application for performing tethering connection. At the start of tethering connection, the tethering condition information setting unit 132 creates a tethering connection request message and transmits it to the GW 200 (S201, P200, P210). The tethering condition information setting unit 132 posts tethering connection condition information and authentication information stored in the internal memory 1321 in the tethering connection request. The tethering connection condition information is, for example, a condition regarding tethering connection requested to the terminal device 100-3 on the tethering connection providing side. The tethering connection condition information may be one information element included in the tethering provision condition information of the terminal device 100-3, for example, “the maximum communication speed is 50 Mbps or more”. Also, the tethering connection condition information is a combination of a plurality of information elements included in the tethering provision condition information of the terminal device 100-3, for example, “The communication method is LTE and the charging rate is 1 or less”. Also good. Further, in the tethering connection, for example, when there is no requesting condition, the tethering connection condition information may not be set.

  Upon receiving the tethering connection request (P250, P251), the tethering state control unit 221 of the GW 200 stores the authentication information and the tethering connection condition information included in the tethering connection request in the internal memory 2221 of the tethering information storage unit 222. The tethering state control unit 221 transmits an authentication information inquiry to the management server 300 (S202, P252). The tethering state control unit 221 receives the IP address of the management server 300 from the management server address storage unit 232 and creates an authentication information query.

  Upon receiving the authentication information inquiry (P150, P151), the authentication result determination unit 323 of the management server 300 checks whether the received authentication information is registered in the authentication information database 400 (P152). The authentication result determination unit 323 outputs authentication information to the authentication information database access unit 322 and requests the authentication information database 400 to transmit an authentication information query. The authentication information database access unit 322 creates an authentication information query and transmits it to the authentication information database 400 (S203).

  When receiving the authentication information inquiry, the control unit 401 of the authentication information database 400 checks whether or not the received authentication information is stored in the authentication information table (t1) of the authentication information storage unit 402. The control unit 401 transmits authentication OK to the management server 300 if the authentication information is stored, and authentication NG if not stored (S204).

  The authentication information database access unit 322 of the management server 300 outputs the received authentication OK or authentication NG to the authentication result determination unit 323. Upon receiving the authentication OK, the authentication result determination unit 323 determines that the authentication information has been registered in the authentication information database 400 (Yes in P152), transmits the authentication OK to the GW 200 (S205, P153), and ends the processing. (P155). Further, when receiving the authentication NG, the authentication result determination unit 323 determines that the authentication information is not registered in the authentication information database 400 (No in P152), transmits the authentication NG to the GW 200 (P154), and performs the processing. The process ends (P155).

  When receiving the authentication OK (Yes in P253), the tethering state control unit 221 of the GW 200 outputs the authentication OK to the authentication result determination unit 233. Further, the tethering state control unit 221 outputs the tethering connection condition information stored in the internal memory 2221 to the tethering connection condition information search unit 243. Further, when receiving the authentication NG (No in P253), the tethering state control unit 221 ends the process (P261). Upon receiving the tethering connection condition information, the tethering connection condition information search unit 243 performs a tethering connection condition search process (m200, P254). The tethering connection condition search process is a process for searching, for example, the tethering provision condition information table (t2) for the terminal device 100-3 that is a connection partner that satisfies the tethering connection condition information.

  In the tethering connection condition search process, for example, when the tethering connection condition information is “charge rate is 1 or less”, “charge rate” is “0.8 times” in the tethering provision condition information table (t2). “Terminal C” is selected as a connection partner. Further, in the tethering connection condition search process, for example, when the tethering condition information is “providable communication amount is 2.5 GB”, the terminal device 100 that satisfies the condition with one unit in the tethering provision condition information table (t2) Cannot be elected. However, in the tethering provision condition information table (t2), the “providable communication amount” of “terminal C” is “2 GB”, and the “providable communication amount” of “terminal D” is “0.5 GB”. Therefore, the sum of “providable communication amount” of “terminal C” and “terminal D” is 2.5 GB. Therefore, in this case, in the tethering connection condition search process, two terminal devices 100 of “terminal C” and “terminal D” may be selected as connection partners. Further, when there is no tethering connection condition information, for example, priority is given to performing communication as cheaply as possible, and “terminal D” having a low “billing rate” may be selected, or may be selected at random. In the sequence of FIG. 12, the terminal device 100-3 is selected as the connection partner.

  When the tethering connection condition information search unit 243 can select a connection partner (Yes in P255), the tethering connection condition information search unit 243 transmits tethering connection information presentation to the related terminals (S206, S207, P257). The related terminals are the terminal devices 100 on the tethering connection requesting side and the tethering connection providing side, and in the case of the sequence of FIG. 12, the terminal devices 100-1 and 3 are shown. The tethering connection information is information for actually performing tethering connection, for example. In the case of the sequence of FIG. 12, the tethering connection information is, for example, tethering provision condition information of “terminal C” in the tethering provision condition information table (t2). If the connection partner cannot be selected (No in P255), the tethering connection condition information search unit 243 notifies the terminal device 100-1 that tethering connection is impossible (P256), and ends the process (P261). .

  Upon receiving the tethering connection information presentation (Yes in P202), the tethering state control unit 121 of the terminal device 100-1 outputs the received tethering connection information to the tethering condition determination unit 133. The tethering condition determination unit 133 determines whether the received tethering connection information satisfies the tethering connection condition information stored in the internal memory 1321 of the tethering condition information setting unit 132. The tethering condition determination unit 133 outputs the determined result to the tethering state control unit 121. The tethering state control unit 121 determines whether the tethering connection information can be accepted from the received determination result (P203). When it is determined that the tethering connection information can be accepted (Yes in P203), the tethering state control unit 121 transmits tethering connection information acceptance to the GW 200 (S209, P204).

  Upon receiving the tethering connection information presentation (Yes in P202), the tethering state control unit 121 of the terminal device 100-3 outputs the received tethering connection information to the tethering condition determining unit 133. The tethering condition determination unit 133 determines whether the received tethering connection information satisfies the tethering provision condition information stored in the internal memory 1321 of the tethering condition information setting unit 132. Note that, for example, the tethering connection condition information that can be provided by the terminal device 100-3 may change between when the tethering provision condition information notification is transmitted and when the tethering connection information presentation is received. In this case, the tethering condition determination unit 133 may determine that the tethering connection information does not satisfy the tethering provision condition information. The tethering condition determination unit 133 outputs the determined result to the tethering state control unit 121. The tethering state control unit 121 determines whether the tethering connection information can be accepted from the received determination result (P203). When the tethering state control unit 121 determines that the tethering connection information can be accepted (Yes in P203), the tethering connection information acceptance is transmitted to the GW 200 (S210, P204).

  When receiving the tethering connection information acceptance from the terminal devices 100-1 and 3 (Yes in P258), the tethering state control unit 221 of the GW 200 transmits a tethering connection start notification to the terminal devices 100-1 and 3 (S212, S213). , P260). The tethering start notification may include tethering connection information, for example. When the tethering information control unit 221 does not receive tethering information acceptance from the terminal devices 100-1 and 3 (No in P258), the tethering state control unit 221 notifies the terminal devices 100-1 and 3 that the tethering connection is impossible (P259), and ends the processing. (P261).

  When receiving the tethering connection start notification, the tethering state control unit 121 of the terminal device 100-1 or 3 starts tethering connection. The terminal devices 100-1 and 3 read the maintenance interval that is the information element of the tethering connection information stored in the internal memory 1221 of the tethering information storage unit, and outputs the maintenance interval to the cumulative communication amount notification interval monitoring unit 143. When the cumulative communication amount notification interval monitoring unit 143 receives the maintenance interval, it issues a timer corresponding to the value of the maintenance interval. The terminal device 100-1 may communicate with the terminal device 100-3 via the GW 200, for example. Also, the terminal device 100-1 receives, for example, a password for directly tethering connection to the terminal device 100-3 that is a connection partner from the GW 200, and directly communicates with the terminal device 100-3 without passing through the GW 200. You may go.

  In this way, by authenticating the terminal device 100 on the requesting side of the tethering connection, the terminal device 100-3 on the providing side of the tethering connection is prevented from being connected to the terminal device 100-1 that is not registered for authentication. it can. That is, the terminal device 100-1 registered for authentication is considered to be more reliable than the other terminal devices not registered for authentication, and the security of the terminal device 100-3 on the tethering connection providing side is improved.

  Also, the terminal device 100-1 on the tethering connection request side transmits information such as the requested communication speed and communication amount to the GW 200, so that the GW 200 satisfies the conditions of the terminal device 100-1 on the tethering connection request side. It is possible to select the terminal device 100-1 that is a matching connection partner.

  In addition, since the GW 200 authenticates the terminal device 100 on the requesting side and the providing side of the tethering connection, the terminal device 100 does not communicate with the terminal device 100 of the connection partner until the authentication is completed. By doing so, for example, compared with the case where the terminal devices 100 mutually authenticate each other, message transmission / reception with the unauthorized terminal device 100 is reduced, and the security of the terminal device 100 is further improved.

<4. During communication>
Processing during tethering connection communication will be described. FIG. 15 illustrates an example of a sequence during tethering connection communication in the communication system 10. FIG. 16 illustrates an example of a processing flow of the GW 200, where (A) is a flow when a cumulative traffic notification is received, and (B) is a flow when a determination result is received. FIG. 17 shows an example of the processing flow of the management server 300.

  When the issued timer expires, the accumulated traffic notification interval monitoring unit 143 of the terminal devices 100-1 and 3 reads the accumulated traffic stored in the internal memory 1421 of the accumulated traffic storage unit 142. The cumulative traffic notification interval monitoring unit 143 creates a cumulative traffic notification including the read cumulative traffic and transmits it to the GW 200 (S301, S303). As a method for calculating the accumulated communication amount, for example, the tethering state control unit 121 can calculate the communication amount by passing all packets used in the tethering connection through the tethering state control unit 121. The tethering state control unit 121 outputs the calculated communication amount to the accumulated communication amount storage unit 142, and the accumulated communication amount storage unit 142 calculates the accumulated communication amount by adding the communication amount to the internal memory 1421. To do.

  When the tethering state control unit 221 of the GW 200 receives the cumulative traffic notification (P300, P301), the terminal names of the terminal device 100-1 on the requesting side of the tethering connection and the terminal device 100-3 on the providing side of the tethering connection are set. Create a cumulative traffic notification. The tethering state control unit 221 transmits a cumulative communication amount notification to the management server 300 (S302, S304, P302), and ends the process (P303).

  When the cumulative communication amount determination unit 333 of the management server 300 receives the cumulative communication amount notification that is transmitted from the terminal device 100-1 (S302, P350, P351), the cumulative communication amount is stored in the internal memory 3331 (P352). . When the cumulative traffic determination unit 333 receives the cumulative traffic notification from the terminal device 100-3 (S303, Yes in P353), the cumulative traffic determination unit 333 stores the cumulative traffic in the internal memory 3331 (P354). If the cumulative communication amount notification whose connection partner is the transmission source cannot be received (No in P353), the determination result NG is transmitted to the GW 200 (P357), and the process is terminated (P359). The accumulated traffic determination unit 333 determines whether or not the accumulated traffic of the terminal devices 100-1 and 100-3 matches (P355). When the accumulated traffic volume matches (Yes in P355), the accumulated traffic volume determination unit 333 performs the accumulated traffic volume storage process (m300, P356), transmits the determination result OK to the GW 200 (S305, P358), and ends the process. (P359). If the accumulated traffic volume does not match (No in P355), the accumulated traffic determination unit 333 transmits the determination result NG to the GW 200 (P357), and ends the process (P359). The accumulated traffic volume storage process is a process of storing the accumulated traffic volume saved in the internal memory 3331 in the accumulated traffic volume table (t3) of the accumulated traffic volume storage unit 332, for example. FIG. 19A shows an example of the accumulated traffic table (t3). Examples of information elements stored in the cumulative communication amount table (t3) include “loan terminal”, “borrowing terminal”, “communication amount”, and “billing rate”. The “lending terminal” is, for example, the terminal device 100-3 on the tethering connection providing side. The “borrowing terminal” is, for example, the terminal device 100-1 on the tethering connection request side. The “communication amount” is, for example, the accumulated communication amount, and the unit is GB. “Billing rate” indicates, for example, a ratio with respect to a fixed amount charge set per 1 GB of traffic. In the accumulated communication amount storage process, the accumulated communication amount is stored in “communication amount” corresponding to “loan terminal” and “borrowing terminal” in tethering connection. The “billing rate” is not stored in the accumulated communication amount storage process, and is blank in FIG.

  When receiving the determination result OK (Yes in P310, P311, and P312), the tethering state control unit 221 of the GW 200 transmits the determination result OK to the terminal devices 100-1 and 3 (S306, S307, and P313), and ends the processing. (P315). When the tethering state control unit 221 receives the determination result NG (No in P310, P311, and P312), the tethering state control unit 221 transmits the determination result NG to the terminal devices 100-1 and 3 (P314), and ends the process (P315). .

  As described above, the management server 300 confirms that the terminal device 100 on the requesting side and the providing side of the tethering connection has no recognition deviation regarding the communication amount. By doing so, for example, in the case of charging according to the communication amount, the providing side terminal device 100 declares more communication amount than the actual amount, or the requesting side terminal device 100 performs communication less than the actual amount. It is possible to detect fraud that declares the amount at an early stage without waiting for the end of communication. In addition, when there is a difference in the amount of communication between both the terminal devices 100, for example, there is a possibility that congestion has occurred between one of the terminal devices 100 and the GW 200 due to an abnormality in communication between the GW 200 and the terminal device 100. There is also. Such communication abnormality can be detected early.

  Note that, in this sequence, the management server 300 confirms that there is no recognition deviation regarding the communication amount. However, for example, the GW 200 may confirm that there is no recognition deviation regarding the communication amount. In this case, for example, the GW 200 may include an accumulated communication amount table (t3).

<5. Cutting>
A tethering connection disconnection process will be described. FIG. 18 illustrates an example of a tethering connection disconnection sequence in the communication system 10. FIG. 19 shows an example of the accumulated traffic table. FIG. 20 shows an example of the processing flow of the GW 200. FIG. 21 shows an example of the processing flow of the management server 300. In addition, about the process (g1) of P351-P358 in the process flow of FIG. 21, it is the same as the process of P351-P358 in FIG. Further, the processing when the GW 200 receives the accumulated traffic notification will be described with reference to the flow in FIG.

  The tethering state control unit 121 of the terminal device 100-1 transmits a tethering disconnection request to the GW 200, for example, when detecting a tethering connection disconnection trigger by a user operation or the like (S401). Further, the tethering state control unit 121 receives the accumulated communication amount from the accumulated communication amount storage unit 142, and transmits the accumulated communication amount notification to the GW 200 (S403).

  When receiving the tethering disconnection request (P420, P421), the tethering state control unit 221 of the GW 200 transmits the tethering disconnection request to the terminal device 100-3 that is the tethering connection providing side (S402, P422).

  When receiving the tethering disconnection request, the tethering state control unit 121 of the terminal device 100-3 receives the accumulated communication amount from the accumulated communication amount storage unit 142, and transmits the accumulated communication amount notification to the GW 200 (S405).

  Until the management server 300 transmits the determination result OK to the GW 200 (S407) after the terminal devices 100-1 and 3 transmit the cumulative communication amount notification to the GW 200 (S403, S405), S301 described in FIG. It is the same as the processing from ~ S305.

  When the tethering state control unit 221 of the GW 200 receives the determination result OK (Yes in P423 and P424), the tethering state control unit 221 reads a charging rate that is an information element of the tethering connection information stored in the internal memory 2221. The tethering state control unit 221 posts billing rate information in the billing rate notification and transmits it to the management server 300 (S408, P425). The tethering state control unit 221 transmits a determination result OK to the terminal devices 100-1 and 3 (S409, S410, P426), and ends the process (P428). When the tethering state control unit 221 receives the determination result NG (No in P424), the tethering state control unit 221 transmits the determination result NG to the terminal devices 100-1 and 3 (P427) and ends the process (P428).

  When the cumulative communication amount determination unit 333 of the management server 300 receives the billing rate notification (P451), it performs billing rate recording processing (P452) and ends the processing (m400, P453). The billing rate recording process is a process for recording the received billing rate in the cumulative communication amount table (t3), for example. As shown in FIG. 19B, the accumulated communication amount determination unit 333 displays a billing rate notification in the “billing rate” column in which “loan terminal” is “C” and “borrowed terminal” is “A”. Is stored in the accumulated communication amount table (t3).

  As described above, when the tethering connection is disconnected, the accumulated communication amount and charging rate of the tethering connection are stored. By doing so, it is also possible to construct a billing system according to the tethering connection traffic. In addition, the charge set for a certain communication amount is not charged as it is, but the charge rate is used as the information element of the tethering connection information as the charge rate. In this way, for example, the terminal device 100 capable of high-speed communication has a high charge, and the terminal device 100 with a small maximum communication amount has a low charge, so that the terminal device 100 has a communication capability. It becomes possible to build a billing system according to the situation.

[Third Embodiment]
Next, a third embodiment will be described.

<Configuration example of communication system>
First, a configuration example of the communication system 10 will be described. FIG. 22 is a diagram illustrating a configuration example of the communication system 10 according to the third embodiment.

  The communication system 10 includes terminal devices 100-5 to 7, GWs 200-1 and 2, a management server 300, an authentication information database 400, and communication carrier networks 500-1 and 500-2.

  The terminal devices 100-5 to 7 are wireless communication devices that communicate with the GW 200-1 and the communication carrier network 500, for example. The third embodiment is an example in which the terminal device 100-6 moves from the subordinate of the GW 200-1 to the subordinate of the GW 200-2. Hereinafter, the terminal devices 100-5 to 7 may be referred to as the terminal device 100.

  In the third embodiment, there are two GWs GW200-1 and GW2. The GWs 200-1 and 200-2 have the same functions and configurations as the GW 200 in the second embodiment. In the third embodiment, there are two GWs GW200-1 and GW2, but three or more GWs may exist.

  The management server 300 and the authentication information database 400 have the same functions and configurations as the management server 300 and the authentication information database 400 in the second embodiment.

  The communication carrier networks 500-1 and 500-2 are networks owned by a carrier that provides fixed-line telephone and mobile phone communication, for example. The communication carrier networks 500-1 and 500-2 may be, for example, networks of different operators or the same operator.

<Operation example>
A sequence when the terminal device 100-6 moves from the subordinate of the GW 200-1 to the subordinate of the GW 200-2 will be described. FIG. 23 illustrates an example of a sequence when the terminal device 100-6 exists under the control of the GW 200-1 and is a tethering connection providing side. FIG. 24 illustrates an example of a sequence when the terminal device 100-6 moves under the control of the GW 200-2 and becomes the requesting side of the tethering connection.

  The terminal devices 100-5 to 7 have already completed authentication registration as a premise for performing the sequence processing, and the authentication information database 400 stores authentication information of the terminal devices 100-5 to 7-7. .

  The sequence of FIG. 23 will be described.

  S500 is a series of processes for the terminal device 100-6 to become a tethering connection provider under the control of the GW 200-1. The process of S500 is the same as the sequence of FIG. The GW 200 in FIG. 8 corresponds to the GW 200-1 in FIG. 23, and the terminal device 100-3 in FIG. 8 corresponds to the terminal device 100-6 in FIG. Moreover, the process of GW200-1 in S500 is the same as the process flow of FIG. 10, and the process of the management server 300 is the same as the process flow of FIG.

  S510 is a series of processes for the terminal device 100-7 to become a tethering connection providing side under the control of the GW 200-2. The process of S510 is the same as the sequence of FIG. The GW 200 in FIG. 8 corresponds to the GW 200-2 in FIG. 23, and the terminal device 100-3 in FIG. 8 corresponds to the terminal device 100-7 in FIG. Further, the processing of the GW 200-2 in S510 is the same as the processing flow of FIG. 10, and the processing of the management server 300 is the same as the processing flow of FIG.

  By performing the sequence of S500 and S510, the terminal device 100-6 can provide tethering connection through the GW 200-1, and the terminal device 100-7 can provide tethering connection through the GW 200-2. Become.

  S520 is a sequence in which the terminal device 100-5 requests a tethering connection to the GW 200-1. The process of S520 is the same as the sequence of FIG. The GW 200 in FIG. 12 corresponds to the GW 200-1 in FIG. 23, and the terminal apparatus 100-1 in FIG. 12 corresponds to the terminal apparatus 100-5 in FIG. Moreover, the process of GW200-1 in S520 is the same as the process flow of FIG. 14, and the process of the terminal devices 100-5 and 6 is the same as the process flow of FIG.

  By performing the sequence of S520, the terminal devices 100-5 and 6 can perform tethering connection.

  Next, the sequence of FIG. 24 will be described.

  In the sequence of FIG. 23, the terminal devices 100-5 and 6 are communicating, the tethering connection of the terminal devices 100-5 and 6 is disconnected, and the terminal device 100-6 moves under the control of the GW 200-2. is there.

  S530 is a sequence in which the terminal device 100-6 requests tethering connection to the GW 200-2. The process of S530 is the same as the sequence of FIG. The GW 200 in FIG. 12 corresponds to the GW 200-2 in FIG. 24, and the terminal apparatus 100-1 in FIG. 12 corresponds to the terminal apparatus 100-6 in FIG. Moreover, the process of GW200-2 in S530 is the same as the process flow of FIG. 14, and the process of the terminal devices 100-6 and 7 is the same as the process flow of FIG.

  By performing the sequence of S530, the terminal devices 100-6 and 7 can perform tethering connection.

  In the third embodiment, there are two GWs 200-1 and 2 for one management server 300. The processing of the terminal device 100, the GW 200, the management server 300, and the authentication information database 400 constituting the communication system 10 is the same regardless of whether the number of GWs 200 is one or more. Since the management server 300 collectively manages the authentication information, even if the terminal device 100 moves under the control of a different GW 200 in the communication system 10 in which a plurality of GWs 200 exist, there is no need to redo the authentication registration again.

  In the third embodiment, a case has been described in which the moving terminal device 100-6 is a side that provides a tethering connection before moving and is a side that requests a tethering connection after moving. . However, the moving terminal device 100-6 may be, for example, a side that requests a tethering connection before moving, or a side that provides a tethering connection after moving. Even if the terminal device 100-6 is a side that provides tethering connection or a side that requests tethering connection before and after movement, the effect that authentication registration does not need to be performed again is the same.

[Other embodiments]
Next, other embodiments will be described.

<Example of hardware configuration of terminal device>
FIG. 25 is a diagram illustrating a hardware configuration example of the terminal device 100.

  The terminal device 100 includes a CPU (Central Processing Unit) 151, a memory 152, a packet transfer engine 153, a tethering condition information management memory 154, a tethering traffic information management memory 155, and wireless line interfaces 156 and 157.

  For example, the CPU 151 executes a program loaded in the memory 152. For example, the CPU 151 includes, in addition to the internal memories 1221, 1321, and 1421 of the tethering management unit 120, the tethering condition unit 130, and the cumulative traffic unit 140 of FIG. 3, which is a configuration example of the terminal device 100 in the second embodiment. Applicable. The CPU 151 may be a processor or controller such as an MPU (Micro Processing Unit) or an FPGA (Field Programmable Gate Array).

  The memory 152 is used, for example, for storing a loaded program and for the CPU 151 to temporarily store information.

  For example, the packet transfer engine 153 converts packets received from the wireless line interfaces 156 and 157 into baseband signals and outputs the baseband signals to the CPU 151. The packet transfer engine 153 corresponds to, for example, the packet transfer processing unit 113 in FIG. 3 which is a configuration example of the terminal device 100 in the second embodiment.

  The tethering condition information management memory 154 stores, for example, information related to tethering, authentication information, and the like. The tethering condition information management memory 154 corresponds to, for example, the internal memories 1221 and 1321 in FIG. 3 that is a configuration example of the terminal device 100 in the second embodiment.

  The tethering traffic information management memory 155 stores, for example, the cumulative traffic of packets transmitted / received via the tethering connection. The tethering traffic information management memory 155 corresponds to, for example, the internal memory 1421 in FIG. 3 that is a configuration example of the terminal device 100 in the second embodiment.

  For example, the wireless line interfaces 156 and 157 perform transmission and reception of packets in wireless communication. The wireless line interfaces 156 and 157 correspond to, for example, the wireless line interfaces 111 and 112 in FIG. 3 which is a configuration example of the terminal device 100 in the second embodiment.

<Example of hardware configuration of GW>
FIG. 26 is a diagram illustrating a hardware configuration example of the GW 200.

  The GW 200 includes a CPU 251, a memory 252, a packet transfer engine 253, a tethering condition table management memory 254, a tethering connection information management memory 255, and a management server information management memory 256. The GW 200 further includes wireless line interfaces 257 and 258 and a line interface 259.

  For example, the CPU 251 executes a program loaded in the memory 252. The CPU 251 includes, for example, the tethering management unit 220, the authentication processing unit 230, the internal memories 2221 and 2221 of the tethering information unit 240, and the tethering provision condition information table in FIG. 4 which is a configuration example of the GW 200 in the second embodiment. It corresponds to other than (t2). Note that the CPU 251 may be, for example, a processor or controller such as an MPU or FPGA.

  The memory 252 is used, for example, for storing a loaded program and for the CPU 251 to temporarily store information.

  For example, the packet transfer engine 253 converts packets received from the wireless line interfaces 257 and 258 and the line interface 259 into baseband signals and outputs the baseband signals to the CPU 151. The packet transfer engine 253 corresponds to, for example, the packet transfer processing unit 214 in FIG. 4 which is a configuration example of the GW 200 in the second embodiment.

  The tethering condition table management memory 254 stores tethering provision condition information, for example. The tethering condition table management memory 254 corresponds to, for example, the tethering provision condition information table (t2) in FIG. 4 which is a configuration example of the GW 200 in the second embodiment.

  The tethering connection information management memory 255 stores, for example, tethering connection information. The tethering connection information management memory 255 corresponds to, for example, the internal memory 2221 in FIG. 4 that is a configuration example of the GW 200 in the second embodiment.

  For example, the management server information management memory 256 stores the IP address of the management server. The management server information management memory 256 corresponds to, for example, the internal memory 2321 in FIG. 4 that is a configuration example of the GW 200 in the second embodiment.

  For example, the wireless line interfaces 257 and 258 transmit and receive packets in wireless communication. The wireless line interfaces 257 and 258 correspond to, for example, the wireless line interfaces 211 and 212 in FIG. 4 which is a configuration example of the GW 200 in the second embodiment.

  For example, the line interface 259 transmits and receives packets in wired communication. The line interface 259 corresponds to, for example, the wired line interface 213 in FIG. 4 which is a configuration example of the GW 200 in the second embodiment.

<Example of hardware configuration of management server and authentication information database>
FIG. 27 is a diagram illustrating a hardware configuration example of the management server 300 and the authentication information database 400.

  The management server 300 includes a CPU 351, a memory 352, a packet transfer engine 353, a personal authentication information management memory 354, a tethering connection information management memory 355, and a tethering traffic information management memory 356. The management server 300 further includes a database interface 357 and line interfaces 358 and 359.

  For example, the CPU 351 executes a program loaded in the memory 352. The CPU 351, for example, the configuration example of the management server 300 in the second embodiment, the authentication processing unit 320, the accumulated communication amount unit 330, the internal memory 3331, the accumulated communication amount table (t3), and the authentication information in FIG. This corresponds to other than the database access unit 322. Note that the CPU 351 may be, for example, a processor or controller such as an MPU or FPGA.

  The memory 352 is used, for example, for storing a loaded program and for the CPU 351 to temporarily store information.

  For example, the packet transfer engine 353 converts a packet received from the line interfaces 358 and 359 into a baseband signal and outputs the baseband signal to the CPU 351. The packet transfer engine 353 corresponds to, for example, the packet transfer processing unit 313 in FIG. 5 which is a configuration example of the management server 300 in the second embodiment.

  The personal authentication information management memory 354 stores authentication information of the terminal device 100, for example. For example, the personal authentication information management memory 354 may not store the authentication information when managing the authentication information in the authentication information database.

  The tethering connection information management memory 355 stores, for example, tethering connection information. The tethering connection information management memory 355 does not need to store the tethering connection information, for example, when managing the tethering connection information with the GW 200.

  The tethering traffic information management memory 356 stores, for example, cumulative traffic and billing rates. The tethering traffic information management memory 356 corresponds to, for example, the internal memory 3331 and the cumulative traffic table (t3) in FIG. 5 which is a configuration example of the management server 300 in the second embodiment.

  The database interface 357 communicates with the authentication information database 400, for example. The database interface 357, for example, corresponds to the authentication information database access unit 322 in FIG. 5 which is a configuration example of the management server 300 in the second embodiment.

  For example, the line interfaces 358 and 359 transmit and receive packets in wired communication. The line interfaces 358 and 359 correspond to, for example, the wired line interfaces 311 and 312 in FIG. 5 which is a configuration example of the management server in the second embodiment.

  The authentication information database 400 includes an external interface 453, a CPU 451, and a memory 452.

  The external interface 453 communicates with the management server 300, for example. The external interface 453 corresponds to the communication function of the control unit 401 in FIG. 5 which is a configuration example of the authentication information database 400 in the second embodiment, for example.

  For example, the CPU 451 executes a program loaded in the memory 452. The CPU 451 corresponds to, for example, other than the authentication information table (t1) of the control unit 401 and the authentication information storage unit 402 in FIG. 5 which is a configuration example of the authentication information database 400 in the second embodiment. Note that the CPU 451 may be a processor or controller such as an MPU or FPGA, for example.

  The memory 452 is used, for example, for storing a loaded program and for the CPU 351 to temporarily store information. The memory 452 stores, for example, authentication information. The memory 452 corresponds to, for example, the authentication information table (t1) in FIG. 5 which is a configuration example of the authentication information database 400 in the second embodiment.

  The above is summarized as an appendix.

(Appendix 1)
A communication network;
First and second communication devices;
In a communication system comprising: a first relay device that relays communication performed between the first communication device and the second communication device;
The first relay device authenticates the first communication device when the second communication device is connected to the communication network via the first communication device connected to the communication network. A communication system comprising: one processor.

(Appendix 2)
The communication system further includes a third communication device,
The first processor includes first tethering provision condition information indicating communication capability that the first communication device can provide to the second communication device, and the third communication device serves as the second communication device. The communication system according to claim 1, wherein the communication network is connected to the communication network via the first or third communication device based on second tethering provision condition information indicating communication capability that can be provided.

(Appendix 3)
The first processor determines whether to connect to the communication network based on first tethering provision condition information indicating communication capability that the first communication device can provide to the second communication device. The communication system according to supplementary note 1, wherein:

(Appendix 4)
The first tethering provision condition information includes a maximum communication amount that can be provided when the first communication device communicates with the second communication device, and a maximum communication speed of the first communication device in the communication network. And a communication rate of the first communication device at the time t in the communication network and a charge rate indicating a ratio to a charge set for a certain communication amount. system.

(Appendix 5)
The first and second communication devices periodically calculate a cumulative communication amount indicating a cumulative value of the communication amount transmitted and received in communication performed between the first communication device and the second communication device. A second processor for transmitting to the relay device, wherein the first processor receives the accumulated communication when a difference in the accumulated traffic received from the first and second communication devices is within a certain range. The communication system according to supplementary note 1, characterized by storing a quantity.

(Appendix 6)
The communication system according to appendix 1, wherein the first processor authenticates the second communication device.

(Appendix 7)
The communication system further includes a management server,
The management server includes a memory that stores first authentication information that is information related to authentication of the first communication device;
The first authentication information received from the first relay device is compared with the first authentication information stored in the memory, and the comparison result is transmitted to the first relay device. With a processor
The first processor transmits the first authentication information to the management server, and authenticates the first communication device based on the result received from the management server. The communication system described.

(Appendix 8)
The communication system further includes a fourth communication device;
A second relay device,
The communication system according to appendix 7, wherein the second relay device includes a third processor that authenticates the fourth communication device.

(Appendix 9)
The third processor determines whether to connect to the communication network based on third tethering provision condition information indicating communication capability that the fourth communication device can provide to the second communication device. The communication system according to appendix 8, wherein:

(Appendix 10)
A communication network;
First and second communication devices;
A communication method in a communication system comprising: a first relay device that relays communication performed between the first communication device and the second communication device,
When the second communication device is connected to the communication network via the first communication device connected to the communication network, the first communication device authenticates the first communication device. A communication method characterized by the above.

(Appendix 11)
A communication network;
In a communication system comprising first and second communication devices,
The second communication device includes a fourth processor that authenticates the first communication device when connected to the communication network via the first communication device connected to the communication network. A featured communication system.

DESCRIPTION OF SYMBOLS 10 ... Communication system 100 ... Terminal device (communication apparatus)
DESCRIPTION OF SYMBOLS 110 ... Wireless communication connection part 120 ... Tethering management part 130 ... Tethering condition part 140 ... Cumulative traffic part 151 ... CPU 154 ... Tethering condition information management memory 155 ... Tethering traffic information management memory 200 ... GW (relay apparatus)
210 ... Communication connection unit 220 ... Tethering management unit 230 ... Authentication processing unit 240 ... Tethering information unit 251 ... CPU 254 ... Tethering condition table management memory 255 ... Tethering connection information management memory 256 ... Management server information management memory 300 ... Management server 310 ... Communication connection unit 320 ... Authentication processing unit 330 ... Cumulative communication amount unit 351 ... CPU 354 ... Personal authentication information management memory 355 ... Tethering connection information management memory 356 ... Tethering communication amount information management memory 357 ... Database interface 400 ... Authentication information database 401 ... Control unit 402 ... Authentication information storage unit 451 ... CPU 453 ... External interface
500 ... Communication network (telecom carrier network)

Claims (4)

A communication network;
First and second communication devices;
In a communication system comprising: a first relay device that relays communication performed between the first communication device and the second communication device;
The first relay device authenticates the first communication device when the second communication device is connected to the communication network via the first communication device connected to the communication network. A communication system comprising: one processor. The communication system further includes a third communication device,
The first processor includes first tethering provision condition information indicating communication capability that the first communication device can provide to the second communication device, and the third communication device serves as the second communication device. 2. The communication system according to claim 1, wherein the communication network is connected via the first or third communication device based on second tethering provision condition information indicating communication capability that can be provided to the communication network. .   The first processor determines whether to connect to the communication network based on first tethering provision condition information indicating communication capability that the first communication device can provide to the second communication device. The communication system according to claim 1. A communication network;
First and second communication devices;
A communication method in a communication system comprising: a first relay device that relays communication performed between the first communication device and the second communication device,
When the second communication device is connected to the communication network via the first communication device connected to the communication network, the first communication device authenticates the first communication device. A communication method characterized by the above.

Images