TW202231084A - Information processing device, information processing method, and non-transitory storage medium storing program - Google Patents

Abstract

An information processing device that is mounted on a vehicle and that performs Long-Term Evolution wireless communication, the information processing device including a processor configured to: send a request for update of a tracking area where the vehicle is located to a first base station in the tracking area where the vehicle is located; determine whether a predetermined condition is satisfied when the information processing device has received from the first base station a signal rejecting the request for a reason that the information processing device is not identifiable; and forbid communication with the first base station when the processor determines that the predetermined condition is satisfied.

Description

Information processing device, information processing method, and non-transitory storage medium for storing programs

The present disclosure relates to an information processing apparatus, an information processing method, and a non-transitory storage medium for storing programs.

A technique of grabbing a base station located within a predetermined distance from the vehicle based on the position information of the base station and the position information of the vehicle and attempting to communicate with the base station having the highest radio wave reception level among the grabbed base stations is known in the art (See, for example, Japanese Unexamined Patent Publication No. 2010-288153 [JP 2010-288153 A]).

An object of the present disclosure is to provide a technique for effectively reducing communication with a device disguised as a base station.

One aspect of the present disclosure pertains to an information processing device mounted on a vehicle and performing Long-Term Evolution (LTE) wireless communication, the information processing device including a processor configured to send an update tracking of where the vehicle is located the request of the area to the first base station in the tracking area where the vehicle is located; when the information processing device has received a signal from the first base station rejecting the request on the grounds that the information processing device is not identifiable, determining whether the predetermined condition is satisfied; and When the processor determines that the predetermined condition is met, communication with the first base station is prohibited.

Another aspect of the present disclosure pertains to an information processing method controlled by a computer mounted on a vehicle and in Long Term Evolution (LTE) wireless communication, the information processing method comprising causing the computer to: send an update of a tracking area in which the vehicle is located. request to the first base station in the tracking area where the vehicle is located; determine whether the predetermined condition is satisfied when the computer has received a signal from the first base station rejecting the request on the grounds that the computer is not identifiable; and when the computer determines that the predetermined condition is satisfied When , communication with the first base station is prohibited.

Another aspect of the present disclosure relates to a non-transitory storage medium installed on a vehicle and stored with a program that causes a computer in Long Term Evolution (LTE) wireless communication to: send a request to update the tracking area where the vehicle is located to the tracking area where the vehicle is located the first base station in the area; when the computer has received a signal from the first base station rejecting the request on the grounds that the computer is not identifiable, determine whether the predetermined condition is satisfied; and when the computer determines that the predetermined condition is satisfied, prohibit the communication with the first base station base station communication.

The present disclosure can also be interpreted as an information processing program, which enables a computer installed in a vehicle and connected to a core network via a base station through long-term evolution (LTE) wireless communication to perform the above information processing method; A temporary storage medium that stores the information processing program.

The present disclosure can provide techniques for effectively reducing communication with devices masquerading as base stations.

A mobile communication system based on the Long Term Evolution (LTE) standard includes a radio access network (RAN) and a core network (evolved packet core (EPC)), which complies with the 3rd Generation Partnership Project ( 3rd generation partnership project, 3GPP).

A Radio Access Network (RAN) consists of user equipment (UE) and base stations (evolved NodeBs [eNodeBs]). The core network (EPC) is composed of a control plane (C plane) functional group and a user plane (U plane) functional group. The control plane functional group includes a mobile management entity (MME). The MME is the control entity that manages the movement and communication paths of the user equipment. The user plane functional group includes a serving gateway (SGW), which relays user data, and a packet data network gateway (PGW), which is a relay point for external networks.

In a mobile communication system such as the above, the location of the user equipment is managed in a unit called a tracking area (TA). A tracking area (TA) is composed of one or more cells, and a base station (eNodeB) is located in each cell. The cell is the communication range of the base station. This may be the communication range for which the base station is designed or the range that radio waves can actually reach. The base station (eNodeB) in each cell has the following function: under the management of the base station, the identification code (tracking area identity [TAI]) of the tracking area (TA) to which the cell belongs is periodically notified to the eNodeB in the cell. user equipment. The user equipment that has received the tracking area identifier (hereinafter also referred to as "TAI") compares the TAI received last time with the TAI received this time. For example, when the tracking area (TA) where the user equipment is located has changed as the user equipment moves, the TAI received last time is different from the TAI received this time. In this case, the user equipment sends a request (TAU request) to the MME via the base station (eNodeB). This request (TAU request) is a request to update the tracking area (TA) in which the user equipment is located (tracking area update [TAU]). In response to the TAU request, the information about the tracking area (TA) in which the user equipment is located is updated on the core network (EPC) side including the MME. For example, the procedure to authenticate the user equipment, the procedure to reset the carrier (the logical communication path from the base station (eNodeB) in the tracking area (TA) where the user equipment is located to the external network)...etc are at the core on the network (EPC) side. This allows the user equipment to connect to external networks even when the user equipment moves to a different tracking area (TA).

In some cases, a device disguised as a base station (eNodeB) (hereinafter sometimes referred to as "counterfeit base station") is installed in the tracking area by a malicious third party. When a user equipment located in such a tracking area (TA) sends a TAU request to a counterfeit base station, the user equipment may receive a signal rejecting the TAU request on the grounds that the user equipment is not recognizable (e.g. including the reason value# 9 signal, as defined by 3GPP, hereinafter sometimes referred to as "TAU rejection signal").

One possible way to reduce unauthorized information leakage caused by such counterfeit base stations is to disable communication between the tracking area (TA) where the counterfeit base station is located and the user equipment when the user equipment receives a TAU rejection signal. An example is to register the TAI of the tracking area (TA) where the counterfeit base station is located in the prohibition list (the list of the TAIs that register the tracking area (TA) to be prohibited) set in each user equipment.

However, for example, even when the user equipment returns to the radio access network (RAN) coverage area after moving out of the radio access network (RAN) coverage area, the TAU request is sent to the MME via the legitimate base station (eNodeB) , the TAU request may be denied on the same grounds as described above. This is because the so-called "implicit detach procedure" is performed when the UE is outside the coverage area of the Radio Access Network (RAN) for a certain period of time (eg, about 70 minutes) or more. . That is, the information of the user equipment (eg, globally unique temporary identity (GUTI), etc.) registered in the core network (EPC) in the previous attach procedure is deleted. In this case, when the type of user equipment is switchable between the LTE wireless communication method and the 3rd generation (3G) wireless communication method, the user equipment will be attached by using the 3G wireless communication method. It becomes accessible to the external network by connecting the program. However, when the type of user equipment is only capable of LTE wireless communication, the user equipment may not be able to access the external network for a long time. As a result, the user of the user equipment may not be able to use the Internet for a long time, etc. For example, when the user equipment is a vehicle-mounted communication device, the user of the user equipment may not be able to use connection services such as emergency calls. Therefore, it is desired to correctly determine whether the source of the TAU rejection signal is a counterfeit base station and effectively prohibit communication with the counterfeit base station.

In the information processing device according to the present disclosure (which is responsive to the user equipment installed on the vehicle), when the tracking area (TA) in which the vehicle (information processing device) is located has changed (including the following situation: the vehicle is accessing from the radio) After the network [RAN] coverage area is moved out, it returns to the radio access network [RAN] coverage area where the tracking area [TA] is different from the tracking area [TA] where the vehicle was last), and the control unit of the information processing device sends a TAU request To the base station (first base station) of the tracking area (TA) where the vehicle is located. When the TAU rejection signal is sent from the first base station to the information processing device, the control unit determines whether a predetermined condition is satisfied. A "predetermined condition" here refers to a condition specific to a counterfeit base station and, for example, requires the subscriber identification information (international mobile subscriber identity (IMSI)) assigned to the information processing device The signal has been sent to the information processing device. In addition to the above conditions, the predetermined conditions may also include the following conditions: the first base station does not initiate encrypted communication involving the authentication procedure (in other words, clear data communication continues between the user equipment and the first base station). Accordingly, when the information processing device has received a signal from the first base station requesting user identification information (IMSI), and/or when the information processing device has received a request for user identification information (IMSI) in clear text form from the first base station , etc., the control unit may determine that the predetermined condition is satisfied. It is then possible to correctly determine that a TAU rejection signal has been sent from a counterfeit base station or a legitimate base station. When the control unit determines that the predetermined condition is satisfied, the control unit may determine that the first base station is a counterfeit base station and prohibits communication with the first base station.

According to the present disclosure, since the counterfeit base station can be correctly determined, the communication with the counterfeit base station can be appropriately reduced.

In the information processing apparatus according to the present disclosure, when the communication with the first base station is prohibited, the control unit may only prohibit communication with the cell where the first base station is located in the tracking area (TA) where the vehicle is located. This allows the information processing device to access the external network via a base station (second base station) in a cell other than the cell where the first base station is located in the tracking area (TA) where the vehicle is located.

When the information processing device accesses the external network via the second base station, the control unit may send an attach request to the second base station. The attach request is a request to register the information processing device in the network. When the first base station is a counterfeit base station, this reduces the possibility that communication with the first base station may continue unnecessarily and the information processing device may become unable to connect to the external network. An "attach request" is a procedure for requesting a new configuration for transmission from a base station in a tracking area (TA) where an information processing device is located to an external network and assigning temporary identification information such as GUTI to the information processing device ( attach program) signal.

In some cases, there may be no cells other than the cell where the first base station is located that can be accessed by the information processing device in the tracking area (TA) where the vehicle is located. In this case, when communication with the cell continues to be disabled for a long time, the information processing device may be unable to access the external network for a long time. Accordingly, when the communication with the first base station is prohibited, the control unit may prohibit communication with the cell in which the first base station is located for a predetermined time of five minutes or less. This allows the information processing device to access the external network via a base station that is not the first base station in the cell when the predetermined time has elapsed. At this time, the control unit may send a TAU request to a base station other than the first base station, or may send an attach request to a base station other than the first base station.

When the information processing device has received the TAU rejection signal but the predetermined condition is not satisfied, it can be estimated that the first base station is a legitimate base station and not a counterfeit base station. In other words, it can be estimated that the TAU rejection signal has been sent from the first base station to the information processing device because the implicit disconnection procedure for the information processing device is performed on the core network (EPC) side. Accordingly, when the information processing device has received the TAU rejection signal but the predetermined condition is not satisfied, the control unit may send an attach request to the first base station. This reduces the possibility that communication between the information processing device and the first base station may be unnecessarily disabled when the first base station is a legitimate base station. As a result, the information processing device can be connected to the external network via the proper first base station. ＜Specific state＞

Certain aspects of the present disclosure will be described below with reference to the drawings. The architectures of the following specific aspects are exemplary, and the present disclosure is not limited to the architectures of the specific aspects. ＜Overall system architecture＞

FIG. 1 shows a schematic structure of a mobile communication system to which the information processing apparatus according to the present disclosure is applied. The mobile communication system of this embodiment includes a radio access network (RAN) and a core network (EPC).

A radio access network (RAN) includes a user equipment 100 installed on a vehicle 10 and a plurality of base stations (eNodeBs) 201 , 202 . The user equipment 100 is a communication device that connects various devices installed on the vehicle 10 to an external network (packet data network (PDN)). The user equipment 100 has a Long Term Evolution (LTE) wireless communication function and does not have a third generation (3G) wireless communication function. Such user equipment 100 corresponds to an "information processing device" according to the present disclosure. Only one vehicle 10 is shown on the radio access network (RAN) of FIG. 1 equipped with user equipment 100 . However, there may be multiple vehicles on the Radio Access Network (RAN).

The base stations (eNodeBs) 201 and 202 are connected to the mobile management entity (MME) 300 of the core network (EPC) via the S1 interface, and send and receive various control signals to and from the MME 300 . The base stations (eNodeBs) 201, 202 have a wireless interface function to wirelessly communicate with the user equipment 100 by a wireless communication method compliant with the 3rd Generation Partnership Project (3GPP) specification. For example, the base stations (eNodeBs) 201, 202 have the following functions: control the wireless connection with the user equipment 100 (radio resource control (RRC)), and periodically notify the identification of the tracking area (TA) The user equipment 100 in the cell of the code (Tracking Area Identity [TAI]). The base stations (eNodeBs) 201, 202 may be configured to have the function of encrypting the signals processed by the wireless communication with the user equipment 100 to compress the internet protocol (IP) header, . . . .

A tracking area (TA), two cells (a first cell and a second cell) in the tracking area (TA), a first base station (eNodeB) 201 located in the first cell, a first base station (eNodeB) 201 located in the second cell Two base stations (eNodeBs) 202 are illustrated in the example of FIG. 1 . However, the number of tracking areas (TA), the number of cells in the tracking area (TA), and the number of base stations (eNodeBs) located in the cells are not limited to the example of FIG. 1 .

The core network (EPC) includes an MME 300 , a service gateway (SGW) 400 , and a packet data gateway (PGW) 500 . Although only one MME 300, one SGW 400, and one PGW 500 are exemplified on the core network (EPC) of FIG. 1, there may be multiple MMEs 300, multiple SGWs 400, multiple PGWs 500 on the core network (EPC) .

The MME 300 forms the control plane functional group of the core network (EPC) and performs mobility control for the user equipment 100 such as location management, paging (simultaneous calls), handover. For example, for location management for user equipment 100, MME 300 adds and deletes a number of user equipments located in each tracking area (TA) with respect to the tracking area list generated for each tracking area (TA). 100. A further function of the MME 300 is to perform security procedures, such as mutual authentication and encryption with the user equipment 100 . The MME 300 further has functions such as adding the user equipment 100 to the tracking area list in response to an attach request from the user equipment 100, and newly setting the carrier, which is the tracking area where the user equipment 100 is located. The logical path between the base station (eNodeB) 201, 202 of the (TA) and the external network (Packet Data Network [PDN]). The MME 300 further has the functions of updating the tracking area list, resetting the transport, etc. based on the tracking area update (TAU) request from the user equipment 100 . The MME 300 only processes control signals and does not process user data.

SGW 400 is a gateway that relays packets sent as user data. The SGW 400 is configured to communicate with the base stations (eNodeBs) 201, 202 and can track the user equipment 100 to be handed over. The function of the SGW 400 is to operate in conjunction with the MME 300 to reconfigure or reset the transport.

PGW 500 is a gateway that acts as a connection point to an external network (PDN). Specifically, the functions of the PGW 500 are, for example, assigning an IP address to the user equipment 100, user authentication, and packet control at the application level.

An external network (PDN) is a network connected to the core network, and is typically the Internet. The external network (PDN) has various servers (web server, mail server, content server, etc.) that communicate with the user equipment 100 . <Hardware Architecture of User Equipment>

FIG. 2 shows an example of the hardware architecture of the user equipment 100 . The user equipment 100 of the present embodiment is a communication device installed on the vehicle 10 , and performs various processes to connect various devices installed in the vehicle 10 (eg, a car navigation system, an anti-theft locking system, an emergency call system) to the external network (PDN). As shown in FIG. 2 , the user equipment 100 includes a processor 101 , a main storage unit 102 , a secondary storage unit 103 , a communication unit 104 , and the like. The user equipment 100 uses the processor 101 to load the program stored in the recording medium into the work area of the main storage unit 102 and execute the program to implement a function matching the intended purpose.

The processor 101 is, for example, a central processing unit (CPU) or a digital signal processor (DSP). The processor 101 controls the user equipment 100 and performs various information processing calculations.

The main storage unit 102 includes, for example, random access memory (RAM) and read only memory (ROM). As described above, the work area where the processor 101 executes the program is set in the main storage unit 102 .

The secondary storage unit 103 includes, for example, an erasable programmable ROM (EPROM) or a hard disk drive (HDD). The secondary storage unit 103 may include removable media, in other words, portable recording media. Examples of removable media are universal serial bus (USB) memory or disc recording media (eg, compact disc (CD) or digital versatile disc (DVD)). The sub-storage unit 103 stores various programs, various data, and various forms in the recording medium in a readable and writable manner. In addition to the operating system (OS), etc., the programs stored in the secondary storage unit 103 also include programs that implement various functions to prohibit the communication between the user equipment 100 and the counterfeit base station. Some or all of the above information may be stored in the main storage unit 102 . Information stored in the primary storage unit 102 may be stored in the secondary storage unit 103 .

The communication unit 104 is a wireless communication circuit, which performs LTE wireless communication in compliance with 3GPP specifications. The wireless communication circuit uses LTE mobile communication to communicate with base stations (eNodeBs) 201 , 202 . . . .

A series of procedures performed by the user equipment 100 constructed above can be performed by hardware. However, this series of procedures may be performed in software. <Functional Architecture of User Equipment>

An example of the functional architecture of the user equipment 100 according to this embodiment will be described with reference to FIG. 3 . As shown in FIG. 3 , the user equipment 100 of this embodiment includes a TAU program unit F110 , a determination unit F120 , an attachment program unit F130 , a TAI storage unit M110 , and a prohibition list storage unit M120 as its functional components. The TAU program unit F110 , the determination unit F120 , and the attachment program unit F130 are implemented by the processor 101 executing the program loaded from the secondary storage unit 103 into the main storage unit 102 . The combination of the TAU program unit F110, the determination unit F120, and the attachment program unit F130 corresponds to a "control unit" according to the present disclosure. One of these three units (TAU program unit F110, decision unit F120, attach program unit F130) or some of these three units may be implemented in hardware circuits. The TAI storage unit M110 and the prohibition list storage unit M120 are storage areas set in the sub storage unit 103 .

The TAI storage unit M110 stores the TAI of the tracking area (TA) where the user equipment 100 (vehicle 10 ) is located. For example, when the attach process is completed and when the TAU process is completed, the data stored in the TAI storage unit M110 is updated.

The forbidden list storage unit M120 stores a list (hereinafter sometimes referred to as a "forbid list") in which objects to be forbidden to communicate with the user equipment 100 are registered. In this particular aspect, the target to be inhibited from communicating with the user equipment 100 is managed by the cell and not by the tracking area (TA). The cell whose communication with the user equipment 100 is to be prohibited is the cell in which the counterfeit base station is located, and is determined by the determination unit F120 which will be described later. A "fake base station" in this example is a device masquerading as a base station (eNodeB) and installed in a tracking area (TA) by a malicious third party.

FIG. 4 shows an example of the prohibition list stored in the prohibition list storage unit M120. As shown in FIG. 4, the prohibition list has a cell identification (ID) field and a prohibition time field. The structure of the forbidden list is not limited to the example shown in Figure 4, and fields may be added, changed or deleted as appropriate. Information (cell ID) that uniquely identifies the cell whose communication with the user equipment 100 is to be prohibited is registered in the cell ID field. The time to prohibit communication with the cell to prohibit communication with the user equipment 100 is registered in the prohibition time field. In the prohibited time field, five minutes are registered as the initial value, and then the remaining time is registered as the time counts down in seconds. When the remaining time of the cell reaches "0 minutes 00 seconds", the information of this cell is deleted from the forbidden list.

When the tracking area (TA) in which the vehicle 10 (user equipment 100) is located is changed, the TAU program unit F110 performs a procedure for updating the tracking area (TA) in which the vehicle 10 is located (tracking area update [TAU]). Specifically, when the user equipment 100 receives the TAI notification signal from the base station (eNodeB) 201 or 202 in the tracking area (TA) where the vehicle 10 is located, the TAU program unit F110 compares the received TAI with the stored TAI in the TAI storage unit M110. Stored TAI. When the received TAI is different from the TAI stored in the TAI storage unit M110, the TAU procedure unit F110 performs the establishment of a control link (such as Radio Resource Control [RRC] between the user equipment 100 and the base station (eNodeB) 201 or 202 connection) program. At this time, the TAU program unit F110 selects cells that are not registered on the prohibition list stored in the prohibition list storage unit M120 and have data from base stations (eNodeBs) 201 and 202 in the tracking area (TA) where the vehicle 10 is located. The base station with the highest radio field strength is used as the base station to establish the control link. When a control link is established between such a base station (eNodeB) 201 or 202 and the user equipment 100, the TAU program element F110 uses the control link to send a TAU request. The TAU request includes temporary identification information (Global Unique Temporary Identity [GUTI]), etc., assigned by the MME 300 to the user equipment 100.

The TAU request is sent to the MME 300 on the core network (EPC) via the base station (eNodeB) 201 or 202 that has established a control link to the user equipment 100 . In response to the TAU request, the MME 300 obtains information such as the IMSI and the carrier of the user equipment 100 based on the GUTI included in the TAU request. The MME 300 updates the tracking area list based on the acquired information. In other words, the MME 300 deletes the user equipment 100 from the tracking area list of the last tracking area (TA) where the user equipment 100 was located in the past, and adds the user equipment 100 to the tracking area of the tracking area (TA) where the user equipment 100 is currently located list. The MME 300 also resets the transport based on the acquired information. In other words, the MME 300 releases the base station carrying from the last tracking area (TA) where the user equipment 100 was in the past to the external network (PDN), and will carry the base station from the tracking area (TA) where the user equipment 100 is currently located. The base stations (eNodeBs) 201 and 202 in ) are newly set to the external network (PDN). When the update of the tracking area list and the reset of the bearer are thus completed, a signal indicating the completion of the TAU procedure on the core network (EPC) side (TAU accept) is sent from the MME 300 via the base station (eNodeB) 201 or 202 to the user device 100 . This signal (accepted by TAU) includes information such as the newly assigned GUTI of the MME 300.

When the communication unit 104 of the user equipment 100 receives the signal indicating the completion of the TAU procedure on the core network (EPC) side (TAU accept), the TAU procedure unit F110 changes (updates) the TAI stored in the TAI storage unit M110 to The TAI of the tracking area (TA) in which the user equipment 100 is currently located. The TAU procedure unit F110 also performs the procedure of releasing the RRC connection established between the user equipment 100 and the base station (eNodeB) 201 or 202 . When this procedure is completed, the TAU procedure unit F110 sends a signal indicating the completion of the TAU procedure on the user equipment 100 side (TAU finished) to the MME 300 via the base station (eNodeB) 201 or 202 .

In some cases, the MME 300 cannot obtain the IMSI of the user equipment 100 and the carried information based on the GUTI included in the TAU request. For example, when the user equipment 100 that has completed the attach procedure returns to the radio access network (RAN) coverage area after moving out of the radio access network (RAN) coverage area, and the user equipment 100 has been in the past Outside the radio access network (RAN) coverage area for a certain period of time (eg, about 70 minutes) or longer, the implicit disconnect procedure may be performed on the core network (EPC) side. The "detach procedure" is a procedure for releasing the load, not assigning an IP address, not assigning a GUTI, etc. When the implicit disconnect procedure is in progress, the MME 300 cannot obtain the IMSI and the carried information of the user equipment 100 based on the GUTI included in the TAU request. In this case, the MME 300 sends a signal to the UE 100 via the base station (eNodeB) 201 or 202 to reject the TAU request because the UE 100 is not identifiable (the signal includes the reason value #9 as defined by 3GPP [TAU rejection signal]).

In some cases, a counterfeit base station with a radio field strength greater than that of the legitimate base station may have been installed in the tracking area (TA). In this case, the TAU program element F110 may select the counterfeit base station as the base station for which the control link is to be established. As a result, TAU requests may be sent to counterfeit base stations rather than legitimate base stations. For example, when the first base station (eNodeB) 201 or the second base station (eNodeB) 202 installed in the tracking area (TA) shown in FIG. 1 is a counterfeit base station, the TAU request may be sent to the first base station The base station (eNodeB) 201 or the second base station (eNodeB) 202, whichever is the counterfeit base station. When a TAU request is sent to the spoofed base station, the TAU reject signal is sent from the spoofed base station to the user equipment 100 for the same reason as in the case of the implicit disconnection procedure. In this case, it is effective to prohibit communication with counterfeit base stations in order to reduce unauthorized information leakage caused by counterfeit base stations. However, even when the base station from which the TAU reject signal is sourced is a legitimate base station (even when the UE 100 receives a TAU reject signal because the implicit disconnect procedure has been performed), communication with this base station will still be prohibited. As a result, the user equipment 100 may become unable to connect to an external network (PDN), and the occupants of the vehicle 10 may not be able to use the Internet . . . and the like. In particular, the user equipment 100 with only LTE wireless communication function and no 3G wireless communication function tends to be unable to connect to an external network (PDN) for a long time. Therefore, it is necessary to correctly determine whether the TAU rejection signal has been sent from the legitimate base station or from the counterfeit base station. In this example, when the communication unit 104 has received the TAU rejection signal, the TAU program unit F110 notifies the determination unit F120 of the fact that the communication unit 104 has received the TAU rejection signal.

The determining unit F120 performs the procedure of determining whether the base station (eNodeB) 201 or 202 from which the TAU rejects the signal is a legitimate base station or a fake base station. In this example, the determination unit F120 determines whether a predetermined condition including the following two conditions is satisfied. The predetermined condition may include only one of the following two conditions. [Condition 1] The UE 100 has received a signal requesting IMSI from the base station. [Condition 2] The base station does not initiate encrypted communications involving authentication procedures (eg, signals that require IMSI to be sent and received in clear text).

The predetermined conditions are conditions specific to counterfeit base stations. Accordingly, when the predetermined conditions are satisfied (both conditions 1 and 2 are satisfied), the determination unit F120 determines that the base station (eNodeB) 201 or 202 from which the TAU rejects the signal originates is a fake base station. When the determination unit F120 determines that the base station (eNodeB) 201 or 202 from which the TAU rejects the signal is a fake base station, the determination unit F120 registers the cell where the base station (eNodeB) 201 or 202 is located in the prohibition list of the prohibition list storage unit M120 The initial value of cell ID and inhibition time (five minutes). The further function of the determination unit F120 is to update the time registered in the prohibition time field of the prohibition list in seconds. Accordingly, the determination unit F120 further has the function of deleting the information of the cell from the prohibition list when the prohibition time of the cell registered in the prohibition time field of the prohibition list reaches "0 minutes 00 seconds". When the predetermined condition is not satisfied, the determination unit F120 determines that the base station (eNodeB) 201 or 202 from which the TAU rejects the signal originates is a valid base station. The determination unit F120 sends the determination result to the attachment program unit F130.

The attaching procedure unit F130 performs the attaching procedure based on the determination result received from the determination unit F120. First, when the determining unit F120 determines that the base station (eNodeB) 201 or 202 from which the TAU reject signal is a valid base station, the attach procedure unit F130 sends an attach request via the base station (eNodeB) 201 or 202 from which the TAU reject signal comes from Give MME 300. The attach request is a signal requesting to newly configure a procedure carried to an external network (PDN) from a base station (eNodeB) 201 or 202 in the tracking area (TA) where the user equipment 100 is located. Attachment requirements include IMSI. The attachment request may include information specifying the address of the external network (PDN).

In response to the attach request, the MME 300 performs security procedures such as mutual authentication with the user equipment 100 and IMSI-based encryption. The MME 300 also sends a bearer configuration request to the SGW 400 based on the address of the external network (PDN). When the attach request does not include the address of the external network (PDN), the MME 300 sends the bearer setting request to the SGW 400 based on the preset address. The SGW 400 sends a request to the PGW 500 for setting a communication path (packet transfer path) between the SGW 400 and the PGW 500 . In response to this request, the PGW 500 assigns an IP address to the user equipment 100 and configures a communication path between the SGW 400 and the PGW 500 . The MME 300 also sends a bearer configuration request including the address of the SGW 400 to the base station (eNodeB) 201 or 202 . At this time, the MME 300 also transmits a signal (Attach Accept) to the base station (eNodeB) 201 or 202 indicating the completion of the attach procedure, the IP address assigned by the PGW 500, the GUTI assigned by the MME 300, etc. The base station (eNodeB) 201 or 202 sends a signal (Attach Accept) to the user equipment 100 indicating that the attach procedure is complete, IP address, GUTI, etc. The base station (eNodeB) 201 or 202 sets the communication path between the base station (eNodeB) 201 or 202 and the SGW 400 . The transmission from the base station (eNodeB) 201 or 202 in the tracking area (TA) where the user equipment 100 is located to the external network (PDN) is newly set in this way.

When the communication unit 104 of the user equipment 100 receives a signal indicating the completion of the attach procedure, IP address, GUTI, etc. (attach acceptance), the attach procedure unit F130 registers the location where the user equipment 100 is located in the TAI storage unit M110. Tracking Area (TA).

According to the above procedure, it is possible to reduce the possibility that the user equipment 100 may become unable to connect to the external network (PDN) when the implicit disconnection procedure is performed for the user equipment 100 .

Next, when the determining unit F120 determines that the base station (eNodeB) 201 or 202 from which the TAU rejects the signal is a counterfeit base station, the attaching procedure unit F130 passes through the base station (eNodeB) from the tracking area (TA) where the user equipment 100 is located. The base station (eNodeB) 201 or 202 (eNodeB 201 or 202 not registered in the forbidden list in the cell) which is not determined to be a counterfeit base station among 201 and 202 sends an attach request to the MME 300 . In this case, with a procedure similar to the case where the base station (eNodeB) 201 or 202 from which the TAU rejects the signal is a valid base station, the new settings are carried and IP addresses are newly assigned on the core network (EPC) side and GUTI both. When the base station (eNodeB) 201 or 202 from which the TAU rejects the signal is a counterfeit base station, this reduces the possibility that communication with the counterfeit base station may continue unnecessarily and the user equipment 100 may become unable to connect to the external network (PDN) sex.

A series of procedures performed by the user equipment 100 constructed above can be performed by hardware. However, this series of procedures may be performed in software. The functional architecture of the user equipment 100 is not limited to the example shown in FIG. 3 , and components may be omitted, replaced or added if appropriate. <Program flow>

Next, an overview of the data flow sent and received by the user equipment 100 of this embodiment and the program flow performed by the user equipment 100 will be given with reference to FIGS. 5 and 6 . FIG. 5 is a sequence diagram that schematically demonstrates the data streams and users sent and received by the user equipment 100 when a TAU request is sent to a legitimate base station (the first base station (eNodeB) 201 in the example shown in FIG. 5 ) Program flow performed by device 100 . FIG. 6 is a sequence diagram schematically illustrating the data streams and users sent and received by the user equipment 100 when a TAU request is sent to a counterfeit base station (the first base station (eNodeB) 201 in the example shown in FIG. 6 ) Program flow performed by device 100 .

5, when the first base station (eNodeB) 201 notifies the user equipment 100 of TAI (S10), the TAU program unit F110 of the user equipment 100 compares the received TAI with the TAI stored in the TAI storage unit M110. When the received TAI is different from the TAI stored in the TAI storage unit M110, the TAU program unit F110 determines that the tracking area (TA) where the user equipment 100 is located has changed (S11).

When the TAU program unit F110 determines that the tracking area (TA) where the user equipment 100 is located has changed, the TAU program unit F110 establishes a control link between the user equipment 100 and the first base station (eNodeB) 201 and uses the established control link to send the TAU request (S12). When the radio field strength of the second base station (eNodeB) 202 is greater than the radio field strength of the first base station (eNodeB) 201, the TAU procedure unit F110 may establish a connection between the user equipment 100 and the second base station (eNodeB) 202. The link is controlled and a TAU request is sent to the second base station (eNodeB) 202.

When the first base station (eNodeB) 201 is a valid base station, the first base station (eNodeB) 201 transmits the TAU request received from the user equipment 100 to the MME 300 . In the example shown in FIG. 5 , since the implicit disconnection procedure has been performed for the user equipment 100 , the MME 300 sends a TAU rejection signal including the reason value #9 to the first base station (eNodeB) 201 . In this case, the first base station (eNodeB) 201 transfers the TAU rejection signal received from the MME 300 to the user equipment 100 using the above control link (S13).

For the user equipment 100 that has received the TAU rejection signal, the TAU program unit F110 notifies the determination unit F120 of the fact that the user equipment 100 has received the TAU rejection signal. The determination unit F120 determines whether the above-mentioned predetermined condition is satisfied. In the example shown in FIG. 5 , since the user equipment 100 has not received the IMSI request in the form of plaintext data, the determining unit F120 determines that the first base station (eNodeB) 201 is a valid base station ( S14 ). The determination unit F120 sends the determination result to the attachment program unit F130.

The attach procedure unit F130 sends an attach request using the control link established between the user equipment 100 and the first base station (eNodeB) 201 (S15). As a result, the attach procedure is performed on the core network (EPC) side. That is, the transmission from the first base station (eNodeB) 201 to the external network (PDN) is newly set, and the IP address and GUTI are newly assigned to the user equipment 100 . The user equipment 100 thus becomes connectable to an external network (PDN) even when implicit disconnection has been performed, eg because the user equipment 100 has been outside the radio access network (RAN) coverage area for a certain period of time or more The same goes for the program.

6, when the second base station (eNodeB) 202, which is a valid base station, notifies the user equipment 100 of TAI (S20), the TAU program unit F110 compares the received TAI with the TAI stored in the TAI storage unit M110 and It is determined that the tracking area (TA) in which the user equipment 100 is located has changed (S21).

When the TAU procedure unit F110 determines that the tracking area (TA) where the user equipment 100 is located has changed, the TAU procedure unit F110 establishes a connection between the user equipment 100 and the first base station (eNodeB) 201 or the second base station (eNodeB) 202 control link. In the example of FIG. 6, since the radio field strength of the first base station (eNodeB) 201, which is a counterfeit base station, is greater than that of the second base station (eNodeB) 202, which is a legitimate base station, the TAU program unit F110 creates a user The control link between the device 100 and the first base station (eNodeB) 201 and the established control link is used to send the TAU request. In this case, the TAU request from the user equipment 100 is sent to the first base station (eNodeB) 201, which is a counterfeit base station, rather than the second base station (eNodeB) 202, which is a legitimate base station (S22).

When the first base station (eNodeB) 201, which is a counterfeit base station, receives the TAU request, the first base station (eNodeB) 201 sends an IMSI request signal to the user equipment 100 (S23). The IMSI request signal is a signal requesting to send the IMSI of the user equipment 100 to the first base station (eNodeB) 201 . When the user equipment 100 sends the response signal including the IMSI (S24), the first base station (eNodeB) 201 sends a TAU rejection signal to the user equipment 100 (S25).

Since the first base station (eNodeB) 201 , which is a counterfeit base station, is not connected to the core network (EPC), it is impossible to initiate encrypted communication involving mutual authentication with the user equipment 100 . The signals sent and received by S23 to S25 of FIG. 6 are thus signals in the form of clear text data. As a result, the determination unit F120 of the user equipment 100 determines that the first base station (eNodeB) 201 is a counterfeit base station (S26).

When the determination unit F120 determines that the first base station (eNodeB) 201 is a counterfeit base station, the cell ID of the cell (the first cell) where the first base station (eNodeB) 201 is located and the initial value of the prohibition time are registered in the prohibition list storage unit In the prohibition list of M120 (S27), and the prohibition time starts to count down (S28). Communication with the cell where the first base station (eNodeB) 201 is located will therefore be disabled for 5 minutes.

While disabling communication with the cell where the first base station (eNodeB) 201 is located, the attach procedure unit F130 sends an attach request to base stations located in other cells. In the example shown in FIG. 6, the attach request is sent to the second base station (eNodeB) 202 located in the second cell (S29). In response to the attach request, the carry from the second base station (eNodeB) 202 to the external network (PDN) is newly set, and the GUTI and IP address are newly assigned to the user equipment 100 . This reduces the possibility that the UE 100 may unnecessarily continue to communicate with the first base station (eNodeB) 201 which is a counterfeit base station and that the UE 100 may become unable to connect to the external network (PDN).

When the prohibition time of the first cell registered in the prohibition list reaches "0 minutes 00 seconds", the determination unit F120 deletes the information of the first cell from the prohibition list (S30).

Next, the program flow performed by the user equipment 100 of this embodiment will be described with reference to FIG. 7 . FIG. 7 is a flowchart illustrating the process flow performed by the user equipment 100 in response to the TAI notification signal. In the example shown in FIG. 7 , it is assumed that the user equipment 100 (vehicle 10 ) is located in the tracking area (TA) shown in FIG. 1 (the tracking area [TA] includes the first cell and the second cell). It is also assumed that the radio field strength of the first base station (eNodeB) 201 is greater than the radio field strength of the second base station (eNodeB) 202 .

In the program flow of FIG. 7 , when the communication unit 104 receives a signal notifying the TAI of the tracking area (TA) where the user equipment 100 is located (step S101 ), the communication unit 104 sends the signal to the TAU program unit F110 .

The TAU program unit F110 compares the TAI included in the signal with the TAI stored in the TAI storage unit M110 (hereinafter, the TAI stored in the TAI storage unit M110 is sometimes referred to as "TAI old"). In other words, the TAU program unit F110 determines whether TAI and TAI old match (step S102). When the TAI and the TAI are old matched (YES in step S102), the routine ends. When the TAI and the TAI do not match (NO in step S102), step S103 is performed.

In step S103, the TAU program unit F110 establishes the relationship between the user equipment 100 and the first base station (eNodeB) 201 (ie, the base station with the larger radio field strength among the first and second base stations (eNodeB) 201 and 202). and use the established control link to send TAU requests. As mentioned above, the TAU requirements include the GUTI assigned to the user equipment 100 .

After step S103, the TAU program unit F110 determines whether the communication unit 104 has received a TAU rejection signal including reason value #9 as a response signal to the TAU request (step S104). At this time, when the communication unit 104 has received the signal indicating the completion of the TAU procedure on the core network (EPC) side (TAU acceptance), the determination result of step S104 is NO. When step S104 is NO, the routine ends. As described above, the TAU program element F110 then returns a signal indicating the completion of the TAU program on the user equipment 100 side (TAU complete). On the other hand, when the communication unit 104 has received the TAU rejection signal, the determination result of step S104 is yes. When step S104 is YES, go to step S105.

In step S105, the determination unit F120 determines whether a predetermined condition is satisfied. The "predetermined condition" of this example is that both the above-mentioned condition 1 and condition 2 are satisfied. As shown in FIG. 6 above, when the communication unit 104 has received the IMSI request signal (Condition 1) and the transmission and reception of the signal including the IMSI request signal (the transmission and reception performed by S23 to S25 in FIG. 6 ) has been in the form of clear text data When proceeding (condition 2), the determination unit F120 determines that the predetermined condition is satisfied (YES in step S105).

When YES in step S105, the determination unit F120 determines that the first base station (eNodeB) 201 is a fake base station (step S106). In this case, the determination unit F120 registers the cell ID of the cell (first cell) where the first base station (eNodeB) 201 is located and the initial value of the prohibition time in the prohibition list of the prohibition list storage unit M120 (step S107). Subsequently, the determination unit F120 starts to count down the prohibition time for the first cell in the prohibition list (step S108).

When step S108 ends, the attach procedure unit F130 establishes a control link between the user equipment 100 and the second base station (eNodeB) 202 and sends an attach request using the established control link (step S109). The attach request is thus sent to the MME 300 via the second base station (eNodeB) 202 . Accordingly, on the core network (EPC) side, the carry from the second base station (eNodeB) 202 to the external network (PDN) is newly set, and the GUTI and IP address are newly assigned to the user equipment 100 . This reduces the possibility that the UE 100 may unnecessarily continue to communicate with the first base station (eNodeB) 201 which is a counterfeit base station and that the UE 100 may become unable to connect to the external network (PDN).

When step S109 ends, the determination unit F120 determines whether the prohibition time of the first cell registered in the prohibition list has reached "0 minutes and 00 seconds" (step S110). When step S110 is NO, step S110 is repeated. On the other hand, when step S110 is YES, the determination unit F120 deletes the information of the first cell from the prohibition list (step S111). When step S111 ends, the program flow ends. There may be situations where the legitimate base station is also located in the same first cell as the first base station (eNodeB) 201, and there are no cells accessible to the user equipment 100 other than the first cell. When the communication with the first cell continues to be suppressed for a long time in this situation, the user equipment 100 may be unable to connect to the external network (PDN) for a long time. However, setting the barring time for the first cell to a time as short as about 5 minutes allows the TAU request or attach request to be sent to the legitimate base station in the first cell after the barring time has elapsed. This also reduces the possibility that the user equipment 100 may become unable to connect to the external network (PDN) for an extended period of time.

When the determination unit F120 determines in step S105 that the predetermined condition is not satisfied (NO in step S105), it can be estimated that the implicit disconnection procedure has been performed on the core network (EPC) side. The determination unit F120 thus determines that the first base station (eNodeB) 201 is a valid base station (step S112).

When the determination unit F120 determines that the first base station (eNodeB) 201 is a valid base station, the attach procedure unit F130 sends an attach request using the control link established between the user equipment 100 and the first base station (eNodeB) 201 (step S113). When step S113 is completed, the program flow ends. This reduces the likelihood that communication with the first base station (eNodeB) 201, which is a legitimate base station, may be unnecessarily disabled when a TAU rejection signal is issued for valid reasons (eg, when a recessive disconnect procedure has been performed). As a result, the possibility that the user equipment 100 may become unable to connect to the external network (PDN) is reduced.

According to the program flow of FIG. 7, it is possible to correctly determine whether the TAU rejection signal including the reason value #9 is a signal sent from a counterfeit base station. Therefore, when the source of the TAU rejection signal is a counterfeit base station, it is possible to prohibit the communication between the user equipment 100 and the counterfeit base station. As a result, the likelihood that communications between the user equipment 100 and the counterfeit base station may continue unnecessarily is reduced. When the communication between the user equipment 100 and the fake base station is disabled, the user equipment 100 sends an attach request to the MME 300 via a legitimate base station other than the fake base station. This reduces the possibility that the user equipment 100 may become unable to connect to the external network (PDN). When the TAU rejection signal including reason value #9 is a signal sent from a legitimate base station, the possibility that communication between the user equipment 100 and the legitimate base station may be unnecessarily inhibited is also reduced. The user equipment 100 can thus send an attach request to the MME 300 via the legitimate base station. This reduces the possibility that the user equipment 100 may become unable to connect to the external network (PDN) when the TAU reject signal including reason value #9 is sent from a legitimate base station.

According to this embodiment, the possibility that the user equipment 100 may become unable to connect to the external network (PDN) is reduced, regardless of whether the source of the TAU rejection signal is a counterfeit base station or a legitimate base station. Therefore, the communication between the user equipment 100 and the counterfeit base station can be effectively reduced. As a result, the possibility that the occupants of the vehicle 10 may not be able to use the Internet . . . etc. is reduced. ＜Other＞

The specific aspects above are merely exemplary, and the present disclosure may be suitably modified without departing from the spirit and scope of the present disclosure. The procedures and architectures described in this disclosure can be combined as desired, so long as no technical conflict occurs. A program described as being performed by one device may be distributed and performed by a plurality of devices. Alternatively, procedures described as being performed by different devices may be performed by one device. The type of hardware architecture used to implement each function in a computer system can vary flexibly.

The present disclosure may also be practiced by supplying a computer program to a computer that implements the functions described in the specific aspects above, and causing one or more processors of the computer to read and execute the program. Such computer programs may be provided to the computer by means of a non-transitory computer-readable storage medium that may be connected to the bus of the computer system, or may be provided to the computer via a network. A non-transitory computer-readable storage medium is a recording medium that can store information such as data and programs electrically, magnetically, optically, mechanically or chemically and can be read by a computer . . . and the like. Such non-transitory computer-readable storage media is any type of disk or disk, such as a magnetic disk (such as a floppy (registered trademark) disk or a hard disk drive [HDD]) or an optical disk (such as a read-only memory). compact disc [CD-ROM], DVD or Blu-ray Disc). Non-transitory computer-readable storage media may be, for example, ROM, RAM, EPROM, electrically erasable programmable read-only memory (EEPROM), magnetic card, flash memory body, optical card, or solid-state drive (SSD) media.

10: Vehicles 100: User Equipment (UE) 101: Processor 102: main storage unit 103: Secondary storage unit 104: Communication unit 201: The first base station 202: Second base station 300: Action Management Entity (MME) 400: Service Gateway (SGW) 500: Packet Data Gateway (PGW) 600: External Network (Packet Data Network [PDN]) F110: Tracking Area Update (TAU) program unit F120: Judgment unit F130: Attachment Program Unit M110: Tracking Area Identity (TAI) storage unit M120: Forbidden list storage unit S10~S15: data flow and program flow related to the user equipment when the first base station is a legitimate base station S20~S30: data flow and program flow related to the user equipment when the first base station is a counterfeit base station S101~S113: The program flow performed by the user equipment in response to the TAI notification signal

The features, advantages, and technical and industrial significance of exemplary embodiments of the present invention are described below with reference to the accompanying drawings, wherein like symbols represent like elements, and wherein: [Fig. 1] shows an overview of the mobile communication system; [Fig. 2] shows an example of the hardware architecture of the user equipment; [FIG. 3] is a block diagram showing an example of the functional architecture of the user equipment; [Figure 4] An example showing the prohibition list; [FIG. 5] is a sequence diagram schematically demonstrating the data flow sent and received by the user equipment and the procedure flow performed by the user equipment when the first base station is a legitimate base station; [FIG. 6] is a sequence diagram schematically demonstrating the data flow sent and received by the user equipment and the program flow performed by the user equipment when the first base station is a counterfeit base station; and [ FIG. 7 ] is a flow chart illustrating a procedure flow performed by a user equipment in response to a tracking area identity (TAI) notification signal.

Claims (20)

An information processing device, which is installed on a vehicle and performs Long-Term Evolution (Long-Term Evolution) wireless communication, the information processing device includes a processor, and is constructed to: sending a request to update the tracking area in which the vehicle is located to the first base station in the tracking area in which the vehicle is located, when the information processing device has received a signal from the first base station rejecting the request on the grounds that the information processing device is not identifiable, determining whether a predetermined condition is satisfied, and When the processor determines that the predetermined condition is met, communication with the first base station is prohibited. The information processing apparatus according to claim 1, wherein the predetermined condition includes the following condition: the information processing apparatus has received a signal from the first base station requesting user identification information assigned to the information processing apparatus. The information processing apparatus according to claim 2, wherein the predetermined condition further includes the following condition: the first base station does not initiate encrypted communication involving an authentication procedure. The information processing apparatus according to any one of claims 1 to 3, wherein when communication with the first base station is prohibited, the processor is configured to prohibit communication with the first base station in the tracking area where the vehicle is located cellular communication. The information processing apparatus of claim 4, wherein when communication with the cell where the first base station is located has been disabled, the processor is configured to send an attach request to a location other than the cell where the first base station is located The second base station in the cell. The information processing apparatus according to claim 4 or 5, wherein when communication with the first base station is prohibited, the processor is configured to prohibit communication with the cell for a predetermined time. The information processing apparatus according to any one of claims 1 to 6, wherein when the processor determines that the predetermined condition is not satisfied, the processor is configured to send an attach request to the first base station. An information processing method controlled by a computer mounted on a vehicle and performing long-term evolution wireless communication, the information processing method comprising causing the computer to: sending a request to update the tracking area in which the vehicle is located to the first base station in the tracking area in which the vehicle is located, when the computer has received a signal from the first base station rejecting the request on the grounds that the computer is not identifiable, determining whether a predetermined condition is satisfied, and When the computer determines that the predetermined condition is met, communication with the first base station is prohibited. The information processing method according to claim 8, wherein the predetermined condition includes the following condition: the computer has received a signal from the first base station requesting user identification information assigned to the computer. The information processing method according to claim 9, wherein the predetermined condition further includes the following condition: the first base station does not start encrypted communication involving an authentication procedure. The information processing method according to any one of claims 8 to 10, wherein when communication with the first base station is prohibited, the computer prohibits communication with a cell where the first base station is located in the tracking area where the vehicle is located. The information processing method of claim 11, further comprising: when communication with the cell where the first base station is located has been disabled, causing the computer to send an attach request to the cell located at a different location than the first base station The second base station in the cell. The information processing method according to claim 11 or 12, wherein when communication with the first base station is prohibited, the computer prohibits communication with the cell for a predetermined time. The information processing method according to any one of claims 8 to 13, further comprising: when the computer determines that the predetermined condition is not satisfied, causing the computer to send an attachment request to the first base station. A non-transitory storage medium installed on a vehicle and stored in a program for a computer that performs long-term evolution wireless communication: sending a request to update the tracking area in which the vehicle is located to the first base station in the tracking area in which the vehicle is located, when the computer has received a signal from the first base station rejecting the request on the grounds that the computer is not identifiable, determining whether a predetermined condition is satisfied, and When the computer determines that the predetermined condition is met, communication with the first base station is prohibited. The non-transitory storage medium of claim 15, wherein the predetermined condition includes the following condition: the computer has received a signal from the first base station requesting user identification information assigned to the computer. The non-transitory storage medium of claim 16, wherein the predetermined condition further comprises the condition that the first base station does not initiate encrypted communication involving an authentication procedure. The non-transitory storage medium of any one of claims 15 to 17, wherein the program causes the computer to disable communication with the first base station in the tracking area where the vehicle is located when communication with the first base station is disabled where the cell communication. The non-transitory storage medium of claim 18, wherein when communication with the cell where the first base station is located has been disabled, the program further causes the computer to send an attach request to a computer located at a different location than the first base station the second base station in the cell's cell. The non-transitory storage medium according to any one of claims 15 to 19, wherein when the computer determines that the predetermined condition is not met, the program further causes the computer to send an attach request to the first base station.

Images