JP6478043B2 - M2M terminal system, M2M terminal and IC card - Google Patents

Description

  The present invention relates to an M2M (Machine to Machine) in which machines communicate with each other autonomously, and more particularly to a technique for preventing unauthorized use of an IC card mounted on an M2M terminal.

  Mobile communication service provided by a mobile communication carrier that owns its own mobile communication network or a virtual mobile communication network that borrows a mobile communication network owned by a mobile communication carrier M2M, which uses machines to communicate autonomously between machines, is rapidly spreading.

  Like mobile phones and smartphones, M2M requires an IC card that stores at least the data required to use mobile communication services, and M2M-dedicated IC cards are sometimes referred to as MIM (Machine Identification Module). is there.

  An IC card storing at least data necessary for using a mobile communication service is attached to an M2M terminal, which is a terminal used in M2M, but the M2M terminal operates unattended. Prevention of unauthorized use of an IC card mounted on an M2M terminal has been an issue.

  As an invention related to prevention of unauthorized use of an M2M terminal into which an IC card is inserted, a personal mobile device identifier number created by a user who has been authorized by the mobile device to exchange a SIM (Subscriber Identity Module) to be inserted into the mobile device ( An invention that requires collation of (MDIN) is disclosed in Patent Document 1.

Special table 2012-530290 gazette

  However, the invention disclosed in Patent Document 1 is an invention that prevents unauthorized use of an M2M terminal into which an IC card (SIM) is inserted, and prevents the IC card removed from the M2M terminal from being used illegally. Can not. Therefore, an object of the present invention is to provide a system that can prevent unauthorized use of an IC card removed from an M2M terminal.

  In the first invention for solving the above-described problem, a base station list storing the base station number and the number of times of connection of a base station to which an M2M terminal has wirelessly connected, and the base station number of the base station to be wirelessly connected are the M2M When notified from the terminal, it is confirmed whether the base station is in a base station restricted state that restricts the base stations that can be wirelessly connected. If the base station is in the restricted state, the base station list is referred to and the base station is notified from the M2M terminal When the base station number is not included in the upper predetermined number of base station numbers selected according to the number of connections, the execution of IC card processing related to wireless connection is prohibited, and when the base station number is not in the base station restricted state, the M2M When the number of connections corresponding to the base station number notified from the terminal is incremented and the total number of connections stored in the base station list after the increment reaches a threshold value, the base station is in the base station restricted state. Select a base station to be wirelessly connected using an IC card having wireless connection management means to be transferred, an IC card slot for data communication with the IC card, and subscriber identification information read from the IC card. An M2M terminal system comprising at least an M2M terminal provided with wireless connection means for notifying the IC card of the base station number of the selected base station when wirelessly connecting to the base station. Further, the second invention is an IC card constituting the M2M terminal system according to the first invention. Further, the third invention is an M2M terminal constituting the M2M terminal system according to the first invention.

  According to the present invention described above, the base station number of a base station that can be wirelessly connected using an IC card after the total number of connections described in the base station list reaches a threshold is selected according to the number of connections. Therefore, it is possible to prevent the IC card illegally taken out from the M2M terminal from being illegally used in other places with different base station numbers.

The figure explaining the network structure containing an M2M terminal system. The figure explaining an IC card. The figure explaining a base station list. The figure explaining operation | movement of an IC card. The figure explaining an M2M terminal. The figure explaining operation | movement of an M2M terminal.

  From here, preferred embodiments of the present invention will be described. The following description is not intended to limit the technical scope of the present invention, but is provided to aid understanding.

  FIG. 1 is a diagram for explaining a network configuration including the M2M terminal system 6. The M2M terminal system 6 is wirelessly connected to the mobile communication network 3 owned by the mobile communication carrier and wirelessly communicated with other machines (the server 4a connected to the network 4 in FIG. 1). 1 includes an M2M terminal 2 that communicates and an IC card 1 that is attached to the M2M terminal 2, and FIG. 1 illustrates a mobile communication network 3 and a plurality of base stations 30 owned by a mobile communication operator. .

  The mobile communication network 3 owned by the mobile communication carrier is provided with an exchange 31 for each area. FIG. 1 shows the exchange 31a in the area A and the exchange 31b in the area B. The base station 30 transmits information including a base station number, which is data for identifying the base station 30, by radio waves, and the five base stations 30a installed in the area A are connected to the exchange 31a in the area A, and the area B The three base stations 30b installed in are connected to the exchange 31b in the area B.

  The M2M terminal 2 that is wirelessly connected to one base station 30 is called SIM or UICC (Universal Integrated Circuit Card) as in the case of a mobile phone or a smartphone, and is necessary for wireless connection to the mobile communication network 3. Is removably mounted, and data necessary for wireless connection to the base station 30 is stored in the IC card 1.

  When the IC card 1 is detachably attached to the M2M terminal 2, it can be assumed that the IC card 1 illegally removed from the M2M terminal 2 is illegally used. In FIG. 1, it can be assumed that the IC card 1 is illegally removed from the M2M terminal 2 used in the area A and illegally used in the area B. For this reason, the M2M terminal 2 and the IC card 1 according to the present embodiment are devised to prevent unauthorized use of the IC card 1.

  First, the IC card 1 according to the present embodiment will be described. The IC card 1 according to the present embodiment is a contact type IC card in which a contact type IC chip 1a communicating with an external device (here, M2M terminal) via a contact terminal 1g is embedded in a plastic substrate, and its outer dimensions. Is standardized by ISO / IEC 7816 and ETSI TS 102 221. The external dimensions of the IC card 1 standardized by ISO / IEC 7816 ID-1 are the same size as the credit card. In addition, ETSI TS 102 221 standardizes small external dimensions such as micro-SIM and nano-SIM.

  FIG. 2 is a diagram for explaining the IC card 1. As shown in FIG. 2, the IC chip 1a embedded in the IC card 1 includes a CPU (Central Processing Unit) 1b for executing processing corresponding to the purpose of use of the IC card 1, and a memory for storing a program for operating the CPU 1b. ROM (Read-Only Memory) 1e, a program for operating the CPU 1b, various data, and the like are stored, and an NVM (Nonvolatile Memory) 1c, which is an electrically rewritable memory, and the CPU 1b temporarily store data related to processing. Random Access Memory (RAM) 1d, which is a memory for storing data, and an I / O port 1f used for data input / output with an external device.

  The NVM 1 c of the IC chip stores at least subscriber identification information 12, an authentication key 13, and a base station list 11 as data used for wireless connection with the base station 30. The base station list 11 is a list that stores the base stations 30 to which the M2M terminal 2 has been connected and the number of connections. The subscriber identification information 12 is data called IMSI (International Mobile Subscriber Identity), and includes a country in which the subscriber lives, a mobile communication business to which the subscriber subscribes, and a unique number for each subscriber. . The authentication key 13 is a key used when the exchange 31 corresponding to the base station 30 to which the M2M terminal 2 is wirelessly connected authenticates the subscriber.

  FIG. 3 is a diagram for explaining the base station list 11. As can be seen from FIG. 3, in this embodiment, the base station list 11 stored in the IC card 1 is a record structure file, and one record included in the base station list 11 is data for identifying the record. A certain record number, the base station number of the base station 30 to which the M2M terminal 2 has been wirelessly connected, and the number of times that the M2M terminal 2 has been wirelessly connected to the base station 30 corresponding to the base station number are stored.

  In addition, the IC card 1 has a base station list 11 stored in the NVM 1c of the IC card 1 by operating hardware resources of the IC card 1 illustrated in FIG. 2 according to the computer program stored in the IC card 1. The wireless connection management means 10 for managing the base station 30 to which the M2M terminal 2 can wirelessly connect is provided.

  FIG. 4 is a diagram for explaining the operation of the IC card 1. As shown in FIG. 4, when the base station number of the base station 30 to be wirelessly connected is notified from the M2M terminal 2 (S1), the wireless connection management means 10 of the IC card 1 indicates that the state of the IC card 1 is Then, it is confirmed whether or not the base station 30 is in a base station restriction state that restricts the base stations 30 that can be wirelessly connected (S2). When the state of the IC card 1 is the base station restricted state, the wireless connection management means 10 of the IC card 1 refers to the base station list 11 and selects the base station number notified from the M2M terminal 2 according to the number of connections. It is confirmed whether it is included in the upper predetermined number of base station numbers (S10). If the base station number notified from the M2M terminal 2 is included in the upper predetermined number of base station numbers selected according to the number of connections, this procedure is performed without prohibiting the execution of the IC card processing related to the wireless connection. finish. If the base station number notified from the M2M terminal 2 is not included in the upper predetermined number of base station numbers selected according to the number of connections, the wireless connection management means 10 of the IC card 1 In step S11, the execution of the IC card processing related to wireless connection is prohibited (S11), and this procedure ends. Here, the IC card processing related to wireless connection is processing performed by the IC card 1 when wirelessly connecting to the base station 30. For example, every time the M2M terminal 2 wirelessly connects to the base station 30, the IC card 1. Therefore, it is preferable that the arithmetic processing using the authentication key 13 stored in the NVM 1c of the IC card 1 is the above IC card processing. Further, prohibiting the execution of the IC card processing related to wireless connection means that the IC card processing cannot be executed. For example, the IC card 1 is put in a closed state or a card lock state, or the IC card 1 Access to the authentication key 13 stored in the NVM 1c is prohibited.

  When the state of the IC card 1 is not a base station restriction state that restricts the base stations 30 that can be wirelessly connected, the wireless connection management means 10 of the IC card 1 records a base station number notified from the M2M terminal 2 If this record can be searched, the connection count of the searched record is incremented by one. If this record cannot be searched, a record corresponding to this base station number is newly added to the base station list 11. Thus, the base station list 11 is updated (S3). Next, the wireless connection management means 10 of the IC card 1 confirms whether the total number of connections described in the base station list 11 has reached the threshold at this time (S4). If the total number of connections described in the base station list 11 has not reached the threshold, this procedure ends. When the total number of connections described in the base station list 11 reaches the threshold, the wireless connection management means 10 of the IC card 1 changes the state of the IC card 1 to the base station restricted state, and this The procedure ends.

  When the IC card 1 performs the above-described operation, the base station number of the base station 30 that can be wirelessly connected using the IC card 1 after the total number of connections described in the base station list 11 reaches the threshold is , It is limited to a predetermined number of base station numbers selected in accordance with the number of connections. For example, in FIG. 3, when the threshold for the number of connections is 100 and the upper predetermined number is the upper three, the IC card is reached after the total number of connections described in the base station list 11 reaches 100. Base stations 30 that can be wirelessly connected using 1 are base stations A, B, and C. By limiting the base station numbers of the base stations 30 that can be wirelessly connected to the upper predetermined number of base station numbers selected according to the number of connections, the base station 30 that can be wirelessly connected can be used in the area where the M2M terminal 2 is installed. The base station 30 can be limited. In FIG. 3, the M2M terminal 2 installed in the area A is wirelessly connected to the base station 30a covering the area A, and the base station number of the base station 30 covering the area A is a predetermined number of higher-order base stations. It becomes a station number. When the IC card 1 is removed from the M2M terminal 2 installed in the area A and used in the area B, the base station number of the base station 30b in the area B is notified to the IC card 1, Even if the IC card 1 is removed from the M2M terminal 2 installed in A and used in the area B, the IC card 1 is not illegally used. Although it is conceivable that the base station number of the base station 30 that can be wirelessly connected is registered in the M2M terminal 2 in advance, when many M2M terminals 2 are installed, the base station 30 that can be wirelessly connected to the M2M terminal 2 in advance. It is difficult to register.

  Next, the M2M terminal 2 according to the present embodiment will be described. FIG. 5 is a diagram for explaining the M2M terminal 2. As shown in FIG. 5, the M2M terminal 2 according to the present embodiment relates to an antenna 2e that is a device that converts radio waves into electrical signals, a function that modulates / demodulates the frequency of the mobile communication network 3, and a predetermined communication protocol. The RFIC 2d having a function to perform processing, the application processor 2a that executes processing according to the purpose of use of the M2M terminal 2, the IC card slot 1f that is an external interface for the IC card 1, the application processor 2a, etc. temporarily A RAM 2b for storing data, and an NVM 2c for storing programs and data for operating the application processor 2a are provided.

  Further, the M2M terminal 2 operates the hardware of the M2M terminal 2 illustrated in FIG. 5 by the program stored in the M2M terminal 2, so that the IC card 1 installed in the IC card slot 1f of the M2M terminal 2 is operated. Is provided with wireless connection means 20 for wireless connection with the base station 30 of the mobile communication network 3.

  FIG. 6 is a diagram for explaining the operation of the M2M terminal 2. As shown in FIG. 6, when the power of the M2M terminal 2 is turned on (S20), the wireless connection means 20 of the M2M terminal 2 is connected to the IC card 1 mounted in the IC card slot 1f of the M2M terminal 2. After the subscriber identification information 12 is read from the mobile communication network 3 (S21), the mobile communication network 3 to which the M2M terminal 2 is wirelessly connected using the radio wave transmitted by the base station 30 of the mobile communication network 3 and its base station 30 is selected (S22). The mobile communication network 3 to which the M2M terminal 2 is wirelessly connected is a network corresponding to IMSI (specifically, Mobile Network Code) included in the subscriber identification information 12. Further, the base station 30 to which the M2M terminal 2 is connected becomes the base station 30 having the highest radio field intensity of the radio wave transmitted by the base station 30. Next, the wireless connection means 20 of the M2M terminal 2 notifies the base station number of the selected base station 30 to the IC card 1 (S23), and then wirelessly connects to the selected base station 30 using the IC card 1. The process for performing is performed (S24). When the total number of connections described in the base station list 11 stored in the IC card 1 has reached the threshold, the base station number notified to the IC card 1 is the upper predetermined number of base stations in the base station list 11 If it is included in the station number, the M2M terminal 2 can wirelessly connect to the selected base station 30, but if not included in the upper predetermined number of base station numbers in the base station list 11, the IC card related to wireless connection Since the processing is not performed in the IC card 1, the M2M terminal 2 cannot wirelessly connect to the selected base station 30. The base station number of the selected base station 30 can be notified to the IC card 1 using a command used for authentication, but a dedicated command for notifying the IC card 1 of the base station number can be prepared. Good.

DESCRIPTION OF SYMBOLS 1 IC card 10 Wireless connection management means 11 Base station list 12 Subscriber identification information 13 Authentication key 2 M2M terminal 20 Wireless connection means 3 Mobile communication network 30 Base station

Claims (3)

A base station list that stores the base station number of the base station that the M2M terminal has wirelessly connected to and the number of connections, and a base station that can be wirelessly connected when the base station number of the base station to be wirelessly connected is notified from the M2M terminal The base station number that is notified from the M2M terminal is selected according to the number of times of connection by referring to the base station list. If it is not included in the upper predetermined number of base station numbers, execution of IC card processing related to wireless connection is prohibited, and if it is not in the base station restriction state, the connection corresponding to the base station number notified from the M2M terminal An IC comprising wireless connection management means for incrementing the number of times and transitioning to the base station restricted state when the total number of connections stored in the base station list after the increment reaches a threshold value And over de,
Using the IC card slot for data communication with the IC card and the subscriber identification information read from the IC card, the base station to be wirelessly selected is selected, and the selected base station is wirelessly connected to the selected base station. An M2M terminal provided with a wireless connection means for notifying the IC card of the base station number of
An M2M terminal system comprising at least the following. An IC card that is detachably attached to an M2M terminal,
A base station list that stores the base station number of the base station to which the M2M terminal has wirelessly connected and the number of connections;
When the base station number of the base station to be wirelessly connected is notified from the M2M terminal, it is confirmed whether the base station is in a base station restricted state for restricting base stations that can be wirelessly connected. Referring to the list, if the base station number notified from the M2M terminal is not included in the upper predetermined number of base station numbers selected according to the number of connections, the execution of IC card processing related to wireless connection is prohibited. When the base station restriction state is not set, the number of connections corresponding to the base station number notified from the M2M terminal is incremented, and the total number of connections stored in the base station list after the increment reaches a threshold value. Radio connection management means for transitioning to the base station restricted state,
An IC card characterized by comprising. An IC card slot for detachably mounting the IC card according to claim 2 and performing data communication with the IC card;
Wireless connection for selecting a base station to be wirelessly connected using the subscriber identification information read from the IC card and notifying the IC card of the base station number of the selected base station when wirelessly connecting to the selected base station Means
An M2M terminal characterized by comprising.

Images