JP7351498B2 - Communication system and communication control method - Google Patents

Description

The present invention relates to a communication system and a communication control method.

Conventionally, in LTE communication systems, ePDG (enhanced Packet Data Gateway) has been known as a component for accommodating non-3GPP (non-3GPP) terminals that perform non-3GPP (Third Generation Partnership Project) wireless access into EPC (Evolved Packet Core). (See Non-Patent Documents 1 and 2). That is, the ePDG operates as a gateway to which a mobile terminal connects when accommodating untrusted non-3GPP wireless access (Untrusted Non-3GPP IP Access) such as a public wireless LAN (Local Area Network).

Furthermore, IMEI (International Mobile Equipment Identity) is defined as identification information for identifying a 3GPP terminal that performs 3GPP wireless access (see Non-Patent Document 3).

“3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Architecture enhancements for non-3GPP accesses (Release 15)”, 3GPP TS 23.402 V15.0.0 (2017-06), P30-P31 Takehiro Nakamura, 5 others, “Activities and contributions to completion of 3GPP LTE/SAE standard specifications”, NTT DOCOMO Technical Journal Vol.17 No.2, P36-P45 “3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Numbering, addressing and identification (Release 13)”, 3GPP TS 23.003 V13.5.0 (2016-03), P28-P30

In 3GPP wireless access, authentication processing is performed using IMEI to improve the reliability of 3GPP wireless access. On the other hand, since conventional non-3GPP terminals do not hold IMEIs, it is difficult to physically identify and authenticate non-3GPP terminals (terminal authentication) when accommodating non-3GPP terminals in a 3GPP network. In particular, since non-3GPP terminals may include terminals with low reliability, it is desirable to improve the reliability of non-3GPP terminals. Furthermore, the conventional ePDG does not have a terminal authentication function such as authentication using IMEI.

The present invention has been made in view of the conventional situation described above, and provides a communication system and a communication control method that can improve the reliability of non-3GPP terminals when accommodating non-3GPP terminals in a 3GPP network.

One aspect of the present invention includes a core network device and a gateway device that accommodates a non-3GPP terminal placed in a non-3GPP (Third Generation Partnership Project) network in a 3GPP network and communicates with the non-3GPP terminal and the core network device. , wherein the core network device is generated based on first identification information for identifying the non-3GPP terminal in the non-3GPP network, and the core network device is configured to identify the non-3GPP terminal in the 3GPP network. holding second identification information different from the first identification information for identification, generated based on the first identification information when the non-3GPP terminal connects to the 3GPP network; Third identification information different from the first identification information for identifying the non-3GPP terminal in the 3GPP network is obtained from the non-3GPP terminal, and second identification information held by the core network device is acquired from the non-3GPP terminal. In the communication system, the non-3GPP terminal performs terminal authentication for connecting to the 3GPP network using the second identification information and the third identification information .

One aspect of the present invention is a communication control method in a core network device for accommodating a non-3GPP terminal placed in a non-3GPP network in a 3GPP network, the method comprising: identifying the non-3GPP terminal in the non-3GPP network; the core network device retaining second identification information , which is generated based on the first identification information and is different from the first identification information, for identifying the non-3GPP terminal in the 3GPP network; , generated based on the first identification information when the non-3GPP terminal connects to the 3GPP network, and different from the first identification information for identifying the non-3GPP terminal in the 3GPP network. obtaining third identification information from the non-3GPP terminal, and referring to second identification information held by the core network device in cooperation with the core network device; The communication control method includes the step of performing terminal authentication for the non-3GPP terminal to connect to the 3GPP network using third identification information .

According to the present invention, it is possible to improve the reliability of non-3GPP terminals when accommodating non-3GPP terminals in a 3GPP network.

A block diagram showing a configuration example of a communication system that accommodates non-3GPP terminals in a 3GPP network in an embodiment. Sequence diagram showing an example of communication system operation

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 is a diagram showing a configuration example of a communication system 5 in an embodiment. The communication system 5 includes UEs (User Equipment) 10A and 10B, a gateway 30A, an eNB (evolved Node B) 30B, and an EPC device 50. The gateway 30A includes a processing section 31, a storage section 32, and a communication section 33. The EPC device 50 includes a PGW 51 , an SGW 53 , a Mobility Management Entity (MME) 54 , and a Home Subscriber Server (HSS) 55 . The communication system 5 accommodates non-3GPP terminals in a 3GPP network.

The UE 10A is a non-3GPP terminal, and may be a terminal (for example, a wireless LAN terminal) that communicates with another communication device via the non-3GPP network N1. The non-3GPP network N1 may be a wireless LAN, a wired LAN, the Internet, etc. UE 10B is a 3GPP terminal, and may be a terminal (for example, an LTE terminal) that communicates with other communication devices via the 3GPP network N2. The 3GPP network N2 may be, for example, an LTE network.

UE 10A communicates with gateway 30A via non-3GPP network N1. UE 10B communicates with eNB 30B via 3GPP network N2. UEs 10A and 10B are owned by users. A plurality of UEs 10A and 10B may exist.

UE 10A has a configuration similar to a general non-3GPP terminal. The UE 10A may include a processing section, a communication section, a display section, an operation section, a storage section, and the like. UE 10B has a configuration similar to that of a general 3GPP terminal. The UE 10B may include a processing section, a communication section, a display section, an operation section, a storage section, and the like.

UE 10B holds IMEI as terminal information. The IMEI may be assigned by the manufacturer at the time of manufacturing the UE 10B, for example, and may be recorded in the UE 10B. On the other hand, the UE 10A does not hold the IMEI as terminal information. Therefore, for UE 10B, IMEI authentication using the IMEI of UE 10B can be performed, and for UE 10A, IMEI authentication cannot be performed. Further, a SIM card may be inserted into the UE 10A and the UE 10B, and information on the SIM (Subscriber Identity Module) card may be obtainable.

The gateway 30A manages the UE 10A under the gateway 30A, and relays communication between the UE 10A and the EPC device 50. For example, the gateway 30A has a function as an access point for performing LAN communication. The gateway 30A may be installed outdoors, for example, or may be installed in each building. There may be a plurality of gateways 30A. One or more UEs 10A may exist under each of the plurality of gateways 30A. The conventional LTE communication system has a mechanism for managing a large number of distributed base stations (eNBs (eNodeBs)), and this mechanism is also utilized in the communication system 5 that accommodates non-3GPP access to the 3GPP network N2. Note that the gateway 30A may not have a function as an access point, and the gateway 30A and an access point for LAN communication may be configured as separate entities.

The gateway 30A may operate as a base station that accommodates the UE 10A under the gateway 30A in the EPC device 50 for performing 3GPP communication. Unlike the ePDG, the gateway 30A is not directly connected to the PGW 51 and HSS 55 of the EPC device 50, but cooperates with the MME 54 and SGW 53 of the EPC device 50 to realize a relay function of control data and user data.

The gateway 30A performs data relay processing. The gateway 30A relays communication data (for example, control data or user data) from the UE 10A to the SGW 53, PGW 51, SG (EPC upper network), etc., or relays communication data from the SGW 53, PGW 51, SGi to the UE 10A. Relay. In this case, the gateway 30A may relay control data between the UE 10A and the MME 54. Further, the gateway 30A may relay user data between the UE 10A and the SGW 53. The data related to relaying may include data related to authentication used by the EPC device 50.

The gateway 30A includes, for example, a processing section 31, a storage section 32, and a communication section 33. The processing unit 31 realizes various functions by a processor (for example, a CPU (Central Processing Unit)) executing a program held in a memory. The storage unit 32 may include, for example, ROM (Read Only Memory), RAM (Random Access Memory), and various storages (for example, HDD (Hard Disk Drive), SSD (Solid State Drive)), and stores various information, data, and programs. , etc. The communication unit 33 communicates (wired communication or wireless communication) with the UE 10A and the EPC device 50.

The processing unit 31 performs various processes, and relays control data and user data via the communication unit 33, for example.

The eNB 30B is a general eNB placed between the UE 10B as a 3GPP terminal and the EPC device 50. The eNB 30B has a similar configuration to a general eNB. The eNB 30B may include a processing section, a communication section, a storage section, and the like. The eNB 30B performs user authentication using SIM information, terminal authentication using terminal information (for example, IMEI), data relaying, and the like.

The EPC device 50 is a device placed in the LTE core network, and communicates with the gateway 30A and eNB 30B according to the LTE protocol. Each node of the PGW 51, SGW 53, MME 54, and HSS 55 of the EPC device 50 may be a logical node or a physical node. In other words, functions may be consolidated into one device (server), or functions may be distributed among multiple individual devices (servers). Further, the EPC device 50 may include a PCRF node. Note that the EPC device 50 is not limited to this configuration, and may include other incidental elements.

The MME 54 and the HSS 55 process C plane data, which is control data, along with PCRF. The SGW 53 and the PGW 51 process U-plane data that is user data. Therefore, for example, when U-plane data, that is, U-plane traffic, from an external network (upstream side of the EPC device 50) to the UE 10A reaches the EPC device 50 from the external network, it passes through the PGW 51, the SGW 53, and the gateway 30A. It is transmitted to UE 10A. Further, when the U-plane data from the external network to the UE 10A reaches the EPC device 50 from the external network, it is transmitted to the UE 10B via the PGW 51, the SGW 53, and the eNB 30B.

The MME 54 is a node that provides movement control, etc., and performs movement control such as location registration, paging, and handover, and establishes or deletes bearers (data communication paths).

The HSS 55 is a node having a subscriber management database in, for example, LTE (an example of 3GPP communication), and manages subscriber contract information, terminal information, authentication information, location information, and the like. This subscriber may include users of both UE 10A and UE 10B.

The MME 54 performs user authentication based on the authentication information or contract information notified from the HSS 55. The authentication information includes a key held by the SIM card and information generated based on this key. This key may be written when the SIM card is generated and cannot be changed thereafter. The contract information may include, for example, information held by the SIM card (for example, ICCID (chip ID of the SIM card), IMSI (contract ID of the SIM card), MSISDN), and this information is written after the SIM card is generated. It may be possible.

Furthermore, the MME 54 performs terminal authentication based on the terminal information notified from the HSS 55. The terminal information may include IMEI and IMEI equivalent information. The IMEI is terminal-specific information held in the UE 10B as a 3GPP terminal. The IMEI equivalent information is terminal-specific information equivalent to the IMEI held in the UE 10A as a non-3GPP terminal. That is, the IMEI equivalent information is information equivalent to the IMEI used by a non-3GPP terminal that does not hold an IMEI, and is used for terminal authentication (IMEI equivalent authentication) instead of the IMEI.

The IMEI equivalent information is stored in the same area as the IMEI in the subscriber management database of the HSS 55, and may have the same format as the IMEI. Therefore, the MME 54 and HSS 55 handle the IMEI equivalent information in the same way as the IMEI. The IMEI of the UE 10A is registered in the subscriber management database of the HSS 55 at a predetermined timing.

The IMEI equivalent information may be generated based on terminal information regarding the terminal of the UE 10A. This terminal information may include a MAC address and a serial number. That is, the IMEI equivalent information may be generated based on the MAC address of the UE 10A. Like the IMEI, the MAC address is an ID guaranteed by the manufacturer, so the IMEI and MAC address have the same properties. Further, the IMEI equivalent information may be generated based on the serial number of the UE 10A. Like the IMEI, the serial number is also an ID guaranteed by the manufacturer, so the IMEI and the serial number have the same characteristics.

The IMEI equivalent information may be generated based on information (SIM information) held by a SIM card inserted into the UE 10A. The SIM information may include ICCID (Integrated Circuit Card ID), IMSI (International Mobile Subscriber Identity), and MSISDN (Mobile Subscriber Integrated Service Digital Network Number). That is, the IMEI equivalent information may be generated based on the ICCID of the SIM card of the UE 10A. The IMEI equivalent information may be generated based on the IMSI of the SIM card of the UE 10A. The IMEI equivalent information may be generated based on the MSISDN of the SIM card of the UE 10A. Note that the SIM information is an example of contract information regarding a contract for the UE 10A to use the 3GPP network N2.

The authentication function of the MME 54 may include an authentication function for a user using the UE 10A and an IMEI-equivalent authentication function for authenticating the validity of the terminal of the UE 10A. The IMEI-equivalent authentication function is a function that uses IMEI-equivalent information, which is information equivalent to (imitating IMEI), instead of IMEI authentication, in order to authenticate the UE 10A that does not have an IMEI. The IMEI equivalent authentication function is an example of terminal authentication.

The SGW 53 is a gateway that is connected to the gateway 30A, accommodates non-3GPP access, and transmits data to the UE 10A and the PGW 51. Further, the SGW 53 is a gateway that is connected to the eNB 30B, accommodates 3GPP access, and transmits data to the UE 10B and the PGW 51.

The PGW 51 is a gateway that allocates IP addresses to the UE 10A and the UE 10B, transfers packets, etc. at a connection point with an external network (PDN). The PGW 51 may operate in cooperation with the PCRF according to the policy (policy control information) that the PCRF has. The PGW 51 may control the amount of communication and communication speed communicated via each bearer according to the policy of the PCRF.

The PCRF is a node that performs QoS (Quality of Service; control of communication quality such as priority transfer of packets) of user data transfer and control for billing. The QoS value determined by the PCRF is notified to the PGW 51 and the SGW 53. The PGW 51 and the SGW 53 perform QoS control on the U-plane data according to the notified QoS values. The QoS value may be, for example, a setting value included in policy control information.

The EPC device 50 includes a processing section, a storage section, and a communication section. When each node of the EPC device 50 is a logical node, a processing section, a storage section, and a communication section may be provided in one device. When each node of the EPC device 50 is a physical node, each node may be provided with a processing section, a storage section, and a communication section.

The processing unit of the EPC device 50 realizes various functions by a processor (for example, a CPU) executing a program stored in a memory. The storage unit of the EPC device 50 may include, for example, ROM, RAM, and various types of storage (eg, HDD, SSD), and holds various information, data, and programs. The communication unit of the EPC device 50 communicates (wired communication or wireless communication) with the gateway 30A, eNB 30B, and various devices in an external network. Communication by EPC device 50 may include LTE communication. LTE communications may include VoLTE communications.

Next, the interface between the gateway 30A and eNB 30B and the EPC device 50 will be described.

A large number of gateways 30A and eNBs 30B can be arranged and managed under the EPC device 50. The gateway 30A and eNB 30B can also be distributed numerically and geographically.

For the interface between the gateway 30A and the EPC device 50, the same S1 interface as used when accommodating the eNB 30B as a general base station of a communication system of 3GPP communication (for example, LTE) may be used. That is, the gateway 30A and eNB 30B may use the same S1 interface. Note that the gateway 30A can use an interface that omits messages related to handover of S1AP (S1 Application Protocol) from among the message group included in the S1 interface.

Details of the S1AP protocol are described in the following reference non-patent document 2.
(Reference non-patent document 2: “3rd Generation Partnership Project; Technical Specification Group Radio Access Network; Evolved Universal Terrestrial Access Network E-UTRAN); S1 Application Protocol (S1AP) (Release 8)”, 3GPP TS 36.413 V8.0.0 (2007 -12), P22-P27, P44-P50)

S1AP includes messages related to handover such as HANDOVER REQUIRED, HANDOVER COMAND, HANDOVER PREPARATION FAILURE, HANDOVER REQUEST, HANDOVER REQUEST ACKNOWLEDGE, HANDOVER FAILURE, HANDOVER NOTIFY, HANDOVER CANCEL, HANDOVER CANCEL ACKNOWLEDGE. If the gateway 30A does not perform a handover, the gateway 30A does not have to respond to these handover-related messages compared to the eNB 30B.

In the 3GPP network N2, the eNB 30B and the EPC device 50 communicate with each other via the S1 interface. The S1 interface includes an authentication procedure.

Specifically, the UE 10B as a 3GPP terminal holds an IMEI for identifying the terminal of the UE 10B. The IMEI of the UE 10B is also held (registered) in the subscriber management database of the HSS 55 of the EPC device 50. The eNB 30B acquires the IMEI of the UE 10B from the UE 10B when the UE 10B is connected to the 3GPP network N2, and transmits the IMEI of the UE 10B to the MME 54 via the S1 interface. The MME 54 confirms that the IMEI from the eNB 30B matches the IMEI held (registered) in the HSS 55, and performs terminal authentication (IMEI authentication).

In this case, if the IMEI from the eNB 30B and the IMEI held by the HSS 55 match, the MME 54 may succeed in authentication, permit wireless connection to the eNB 30B, and establish a wireless connection between the UE 10B and the EPC device 50. On the other hand, if the IMEI from the eNB 30B and the IMEI held by the HSS 55 do not match, the MME 54 will fail the authentication, will not be permitted to connect the eNB 30B wirelessly, and will not have to establish a wireless connection between the UE 10B and the EPC device 50. . Note that identifying a terminal (individual) through terminal authentication using IMEI and permitting wireless connection only with a specific terminal is also called IMEI lock. On the other hand, identifying the user of a terminal through user authentication using SIM information and permitting wireless connection only with a specific user is also called SIM lock.

Similarly, in the 3GPP network N2, the gateway 30A and the EPC device 50 communicate with each other via the S1 interface. This S1 interface is a model of the S1 interface between the eNB 30B and the EPC device 50. This S1 interface includes an authentication procedure.

Specifically, the UE 10A as a non-3GPP terminal does not have an IMEI for identifying the terminal of the UE 10A, but retains IMEI-equivalent information. The IMEI equivalent information of the UE 10A is also held (registered) in the subscriber management database of the HSS 55 of the EPC device 50. When the UE 10A is connected to the 3GPP network N2, the gateway 30A acquires the IMEI equivalent information of the UE 10A from the UE 10A, and transmits the IMEI equivalent information of the UE 10A to the MME 54 via the S1 interface. The MME 54 confirms that the IMEI equivalent information from the gateway 30A matches the IMEI equivalent information held (registered) in the HSS 55, and performs authentication.

In this case, if the IMEI equivalent information from the gateway 30A and the IMEI equivalent information held by the HSS 55 match, the MME 54 succeeds in authentication, the wireless connection of the gateway 30A is permitted, and the wireless connection between the UE 10A and the EPC device 50. may be established. On the other hand, if the IMEI equivalent information from the gateway 30A and the IMEI equivalent information held by the HSS 55 do not match, the MME 54 will fail the authentication, prohibit the wireless connection of the gateway 30A, and prevent the wireless connection between the UE 10A and the EPC device 50. Does not need to be established.

Next, an example of the operation of the communication system 5 will be described.
FIG. 2 is a sequence diagram showing an example of the operation of the communication system 5. As shown in FIG.

FIG. 2 is a sequence diagram showing an example of the operation of the communication system 5. As shown in FIG. In FIG. 2, IMEI-equivalent authentication by the EPC device 50 using IMEI-equivalent information of the UE 10A will be mainly explained. IMEI authentication by the EPC device 50 using the IMEI of the UE 10B is the same as general IMEI authentication, so a description thereof will be omitted.

The operation example in FIG. 2 includes processing in the advance preparation phase and processing in the connection phase. The process of the advance preparation phase includes the process of registering the IMEI equivalent information of the UE 10A to the EPC device 50. The connection phase processing includes authentication processing using IMEI equivalent information registered in the EPC device 50.

In the advance preparation phase, the UE 10A as a non-3GPP terminal determines an ID (an ID to be substituted for the IMEI) that is the source of the IMEI equivalent information, and stores (registers) the determined ID in the memory of the UE 10A (S11). For example, the ID may be registered during the manufacturing process of the UE 10A by the manufacturer, or a distributed ID may be acquired and the ID may be registered. The ID here may be the MAC address, serial number, ICCID, IMSI, MSISDN, etc. of the SIM card inserted into the UE 10A.

The UE 10A notifies the management device 60 of the determined ID (S12). The UE 10A may notify the management device 60 of the determined ID via the gateway 30A.

In the management device 60, the processing unit 61 acquires the notified ID via the communication unit 63, and converts this ID into IMEI equivalent information. That is, the processing unit 61 generates IMEI equivalent information based on the notified ID (S13).

In S13, the processing unit 61 may generate IMEI equivalent information using the terminal information of the UE 10A. For example, the processing unit 61 may generate IMEI equivalent information based on the MAC address of the UE 10A. For example, the processing unit 61 may generate IMEI equivalent information based on the serial number of the UE 10A. Further, the processing unit 61 may generate the IMEI equivalent information using information on the SIM card inserted into the terminal of the UE 10A (SIM information). For example, the processing unit 61 may generate IMEI equivalent information based on the ICCID. For example, the processing unit 61 may generate IMEI equivalent information based on the IMSI. For example, the processing unit 61 may generate IMEI equivalent information based on MSISDN.

The processing unit 61 notifies the EPC device 50 of the converted (generated) IMEI equivalent information via the communication unit 63 (S14). The processing unit 61 may notify the IMEI equivalent information to the EPC device 50 via the gateway 30A via the communication unit 63. The processing unit 61 may store the converted (generated) IMEI equivalent information in the storage unit 62.

In the EPC device 50, the HSS 55 acquires the notified IMEI equivalent information via the MME 54, and stores (registers) this IMEI equivalent information (S15). In this case, the HSS 55 may store information corresponding to the IMEI of the UE 10A in the same storage area as the storage area for storing the IMEI of the UE 10B in the subscriber information management database in the same format as the IMEI. By registering this IMEI equivalent information, the preliminary preparation phase is completed.

The connection phase begins when a connection request occurs. The connection request may be detected, for example, by accepting a user input via the operation unit of the UE 10A.

The UE 10A generates IMEI equivalent information based on the ID determined and stored in S11 (S16). The method for generating the IMEI equivalent information may be the same as in S14. The UE 10A transmits a connection request including the generated IMEI equivalent information to the EPC device 50 (S17). The UE 10A and the management device 60 share a method of generating IMEI equivalent information (generation algorithm information), that is, a certain conversion rule for generating IMEI equivalent information, and store it in their respective storage units. good.

In the EPC device 50, the MME 54 receives a connection request including IMEI equivalent information. Based on the received connection request, the MME 54 performs IMEI-equivalent authentication to the EPC device 50 of the UE 10A using the IMEI-equivalent information. In this case, the MME 54 inquires whether the received IMEI equivalent information is stored (registered) in the subscriber information database of the HSS 55. That is, the EPC device 50 performs IMEI-equivalent authentication in cooperation with the MME 54 and HSS 55, and determines whether IMEI-equivalent information that matches the IMEI-equivalent information acquired at the time of the connection request has already been registered (S18).

The MME 54 allows the UE 10A to connect to the EPC device 50 if the received IMEI equivalent information is registered in the subscriber information database of the HSS 55. In this case, the UE 10A and the EPC device 50 establish a communication path connection via the MME 54 (S19).

On the other hand, if the received IMEI equivalent information is not registered in the subscriber information database of the HSS 55, the MME 54 prohibits the UE 10A from connecting to the EPC device 50. In this case, a communication path connection is not established between the UE 10A and the EPC device 50.

In this way, according to the IMEI equivalent authentication by the EPC device 50 using the IMEI equivalent information of the UE 10A, the communication system 5 generates the IMEI equivalent information based on the ID information that can be collected before the wireless connection by the UE 10A. can. The generated IMEI equivalent information is registered in the EPC device 50. The IMEI equivalent information may be registered, for example, before the UE 10A requests a wireless connection to the EPC device 50. Then, the communication system 5 can authenticate the terminal by confirming that the IMEI equivalent information of the UE 10A generated in advance matches the IMEI equivalent information of the UE 10A at the time of the connection request.

For example, in the 3GPP network N2, there is user authentication using SIM information, but this user authentication is successful if the same SIM card is inserted in the terminal (for example, UE 10A). In the communication system 5, information on individual physical terminals can be authenticated by performing terminal authentication in addition to user authentication, or by performing terminal authentication alone.

For example, when SIM information is duplicated or transferred from one UE 10A to another UE 10A, even if the user authentication that confirms the SIM information matches matches, the IMEI equivalent information does not match when the IMSI equivalent authentication uses IMEI equivalent information. There will be a mismatch. Therefore, since the IMEI equivalent information registered in the advance preparation phase and the IMEI equivalent information acquired in the connection phase are different, the EPC device 50 can detect that the physical terminal of the UE 10A is different. Therefore, the EPC device 50 can perform terminal authentication equivalent to IMEI authentication for non-3GPP terminals similarly to 3GPP terminals.

Furthermore, the ePDG located in the 3GPP network N2 does not have an authentication function using IMEI. On the other hand, in the communication system 5, the gateway 30A connects the non-3GPP network N1 and the 3GPP network N2 without using ePDG, performs necessary relay processing, and the EPC device 50 uses IMEI equivalent information. , IMEI equivalent authentication can be performed.

Also, when the communication system 5 manages the UE 10A using the EPC device 50, it can authenticate the physical terminal of the UE 10A by using the IMEI equivalent information. Therefore, the communication system 5 can ensure the same security when connecting the UE 10A as a non-3GPP terminal to the EPC device 50 as when connecting the UE 10B as a 3GPP terminal to the EPC device 50.

Furthermore, by having the gateway 30A, the communication system 5 separately prepares an ePDG having a cooperation function (authentication cooperation function) for terminal authentication of the MME 54 when accommodating the UE 10A as a non-3GPP terminal in the 3GPP network N2. There is no need to implement the functions of the MME 54 redundantly, and the functions for the UE 10A to perform 3GPP communication can be simplified.

Furthermore, the communication system 5 can use the existing S1 interface (S1AP) in order for the EPC device 50 to communicate with the gateway 30A as a virtual base station that accommodates the UE 10A as a non-3GPP terminal in the 3GPP network N2. . Therefore, the communication system 5 can eliminate the need to create a new interface for communication between the gateway 30A and the EPC device 50.

Further, since the gateway 30A is not directly connected to the HSS 55 or PCRF that handle subscriber information, it can safely handle subscriber information.

As described above, the communication system 5 of this embodiment accommodates a core network device (for example, the EPC device 50) and a non-3GPP terminal (for example, the UE 10A) arranged in the non-3GPP network N1 in the 3GPP network N2, and A gateway device (for example, gateway 30A) that communicates with the terminal and the core network device may be included. The core network device may hold third identification information (for example, IMEI equivalent information) for identifying non-3GPP terminals in the 3GPP network N2. The third identification information is first identification information (for example, terminal information such as a MAC address or serial number) for identifying a non-3GPP terminal in the non-3GPP network N1, or second identification information for identifying a user of a non-3GPP terminal. may be generated based on identification information (for example, SIM information). The core network device may acquire fourth identification information (for example, IMEI equivalent information) for identifying the non-3GPP terminal in the 3GPP network N2 from the non-3GPP terminal. The fourth identification information may be generated based on the first identification information or the second identification information when the non-3GPP terminal connects (for example, requests a connection) to the 3GPP network N2. The core network device refers to the third identification information held by the core network device, and uses the third identification information and the fourth identification information to perform terminal authentication for the non-3GPP terminal to connect to the 3GPP network N2. (For example, IMEI equivalent authentication) may be performed.

Thereby, when accommodating a non-3GPP terminal that does not hold an IMEI in the 3GPP network N2, the core network device cooperates with the core network device to provide third identification information and information for identifying the non-3GPP terminal in place of the IMEI. Using the fourth identification information, terminal authentication for accommodation in the 3GPP network N2 can be performed. Therefore, the core network device can improve the reliability of communication (3GPP wireless access) in the 3GPP network N2 even for non-3GPP terminals. For example, if the non-3GPP terminal requesting access to the 3GPP network N2 is different from the pre-registered non-3GPP terminal, the terminal authentication will fail, so the core network device will not be able to access the 3GPP network N2. The reliability of accessible non-3GPP terminals can be improved.

Furthermore, if the third identification information and the fourth identification information match, the core network device may permit communication of the non-3GPP terminal in the 3GPP network N2. If the third identification information and the fourth identification information do not match, the core network device may prohibit communication of the non-3GPP terminal in N2 in the 3GPP network.

Thereby, the core network device can easily perform terminal authentication by checking whether the pre-registered third identification information and the fourth identification information acquired at the time of the connection request match or do not match.

Further, the communication system 5 may include a management device 60. The management device 60 may receive the first identification information or the second identification information from the non-3GPP terminal. The management device 60 may generate the third identification information based on the first identification information or the second identification information. The management device 60 may transmit the third identification information to the core network device. The core network device may receive the third identification information and maintain the third identification information.

Thereby, the management device 60 can register the third identification information on behalf of the non-3GPP terminal in the core network device in advance (before the non-3GPP terminal connects to the 3GPP network N2). Therefore, the communication system 5 can reduce the load on the non-3GPP terminal required to pre-register the third identification information. Further, when there are many non-3GPP terminals, the management device 60 can pre-register the third identification information of the many non-3GPP terminals at once.

Additionally, the communication system 5 may include non-3GPP terminals. The non-3GPP terminal may transmit the first identification information or the second identification information to the management device 60. The non-3GPP terminal may generate fourth identification information based on the first identification information or the second identification information. The non-3GPP terminal may send the fourth identification information to the core network device.

As a result, the non-3GPP terminal sends the first identification information or the second identification information that is the basis of the third identification information, thereby enabling the management device 60 to generate the third identification information. Further, the non-3GPP terminal can generate the fourth identification information by itself when requesting connection to the 3GPP network N2. Therefore, terminal authentication can be performed to determine whether or not the non-3GPP terminal that is attempting to connect matches the pre-registered non-3GPP terminal.

Further, the third identification information and the fourth identification information may be information equivalent to IMEI (IMEI equivalent information).

Thereby, the communication system 5 can use the IMEI equivalent information for non-3GPP terminals to perform terminal authentication similar to IMEI authentication for 3GPP terminals. For example, the core network device stores the IMEI equivalent information of UE 10A in the same storage area as the storage area for storing the IMEI of the 3GPP terminal (for example, UE 10B) in the subscriber information management database, in the same format as the IMEI. may be memorized. In this case, the core network device performs similar terminal authentication without being aware of whether the terminal attempting to connect to the core network device is a non-3GPP terminal or a 3GPP terminal, and confirms that the non-3GPP terminal is a legitimate terminal. It is easy to determine what is there.

Further, the first identification information may include the MAC address of the non-3GPP terminal or the serial number assigned to the non-3GPP terminal.

As a result, the communication system 5 uses the MAC address and serial number determined for each non-3GPP terminal at the time of manufacture as the first identification information. identification information can be obtained.

Further, the second identification information may be information included in SIM information held in a non-3GPP terminal.

The SIM information may be held on a SIM card, which is attached to (eg, inserted into) a non-3GPP terminal. Therefore, the communication system 5 can determine the unique terminal corresponding to the SIM information by using the SIM information determined for use of the non-3GPP network N1 of the non-3GPP terminal as the second identification information. The communication system 5 can obtain second identification information that is highly relevant to the non-3GPP terminal corresponding to the SIM information.

Although various embodiments have been described above with reference to the drawings, it goes without saying that the present invention is not limited to such examples. It is clear that those skilled in the art can come up with various changes and modifications within the scope of the claims, and these naturally fall within the technical scope of the present invention. Understood.

INDUSTRIAL APPLICATION This invention is useful for the communication system and communication control method etc. which can improve the reliability of a non-3GPP terminal when accommodating a non-3GPP terminal in a 3GPP network.

5 Communication system 10A, 10B UE
20 APs
30A Gateway 30B eNB
31 Processing unit 32 Storage unit 33 Communication unit 50 EPC device 51 PGW
53 SGW
54 MME
55 HSS
60 Management device 61 Processing unit 62 Storage unit 63 Communication unit N1 Non-3GPP network N2 3GPP network

Claims (7)

A core network device; and a gateway device that accommodates a non-3GPP terminal located in a non-3GPP (Third Generation Partnership Project) network in a 3GPP (registered trademark) network and communicates with the non-3GPP terminal and the core network device. A communication system,
The core network device includes:
The first identification information for identifying the non-3GPP terminal in the non-3GPP network is generated based on the first identification information for identifying the non-3GPP terminal in the non-3GPP network , and is different from the first identification information for identifying the non-3GPP terminal in the 3GPP network. retains the identification information of 2 ;
Third identification information different from the first identification information, which is generated based on the first identification information when the non-3GPP terminal connects to the 3GPP network, and is for identifying the non-3GPP terminal in the 3GPP network. from the non-3GPP terminal,
Referring to second identification information held by the core network device, using the second identification information and the third identification information , perform terminal authentication for the non-3GPP terminal to connect to the 3GPP network. conduct,
Communications system. The core network device includes:
If the second identification information and the third identification information match, permit communication of the non-3GPP terminal in the 3GPP network;
If the second identification information and the third identification information do not match, prohibiting communication of the non-3GPP terminal in the 3GPP network;
The communication system according to claim 1. The communication system further includes a management device,
The management device includes:
receiving the first identification information from the non-3GPP terminal;
generating the second identification information based on the first identification information ;
transmitting the second identification information to the core network device;
The core network device includes:
receiving the second identification information ;
retaining the second identification information ;
The communication system according to claim 1 or 2. The communication system includes the non-3GPP terminal,
The non-3GPP terminal is
transmitting the first identification information to the management device;
generating the third identification information based on the first identification information ;
transmitting the third identification information to the core network device;
The communication system according to claim 3. The second identification information and the third identification information are information equivalent to an IMEI,
The communication system according to any one of claims 1 to 4. The first identification information includes a MAC (Media Access Control) address of the non-3GPP terminal or a serial number assigned to the non-3GPP terminal,
The communication system according to any one of claims 1 to 5. A communication control method in a core network device for accommodating a non-3GPP terminal placed in a non-3GPP network in a 3GPP network, the method comprising:
The first identification information for identifying the non-3GPP terminal in the non-3GPP network is generated based on the first identification information for identifying the non-3GPP terminal in the non-3GPP network , and is different from the first identification information for identifying the non-3GPP terminal in the 3GPP network. 2, the core network device retaining identification information ;
When the non-3GPP terminal connects to the 3GPP network, the first identification information is generated based on the first identification information , and is different from the first identification information for identifying the non-3GPP terminal in the 3GPP network. 3 from the non-3GPP terminal;
Referring to second identification information held by the core network device, using the second identification information and the third identification information , perform terminal authentication for the non-3GPP terminal to connect to the 3GPP network. steps to take and
A communication control method having the following.

Images