WO2018066362A1 - 組込sim管理システム、ノード装置、組込sim管理方法、プログラム、情報登録者装置 - Google Patents
組込sim管理システム、ノード装置、組込sim管理方法、プログラム、情報登録者装置 Download PDFInfo
- Publication number
- WO2018066362A1 WO2018066362A1 PCT/JP2017/033950 JP2017033950W WO2018066362A1 WO 2018066362 A1 WO2018066362 A1 WO 2018066362A1 JP 2017033950 W JP2017033950 W JP 2017033950W WO 2018066362 A1 WO2018066362 A1 WO 2018066362A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- registration request
- embedded sim
- request transaction
- peer
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/183—Processing at user equipment or user record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/182—Distributed file systems
- G06F16/1824—Distributed file systems implemented using Network-attached Storage [NAS] architecture
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/182—Distributed file systems
- G06F16/1834—Distributed file systems implemented based on peer-to-peer networks, e.g. gnutella
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1042—Peer-to-peer [P2P] networks using topology management mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/047—Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
- H04W12/0471—Key exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
Definitions
- the present invention relates to an embedded SIM management system, a node device, an embedded SIM management method, a program, and an information registrant device.
- SIM Embedded Subscriber Identity Module
- M2M Machine to Machine
- IoT Internet of Things
- the embedded SIM is written with a profile for communication with a specific mobile carrier when the product is shipped from the factory, and is passed to the hands of the actual user.
- the information in the embedded SIM is remotely updated using OTA (Over-The-Air) technology.
- OTA Over-The-Air
- the technology is stored and managed in an eUICC appliance connected to an MNO (Mobile Network Operator) infrastructure via a network interface.
- the eUICC appliance stores and manages embedded SIM information in internal storage or external storage.
- the eUICC appliance has a SIM database.
- the SIM database stores information on devices authorized to use the embedded SIM, the current state of the embedded SIM, and current status (available, unavailable, etc.).
- a technology for securely transferring embedded SIM information between a plurality of communication carriers by a technology such as encryption is described.
- an operational profile (OP: Operational) which is set as an embedded SIM by a subscription manager (SM: Subscription Manager) managed by an individual company or group. Profile) is stored and managed in the auxiliary storage device.
- migration (SM swap) from a mobile communication network corresponding to an OP managed by one SM to a mobile communication network corresponding to an OP managed by another SM is performed. A more efficient method is described.
- Patent Document 3 a subscriber profile etc. required for activation of the embedded SIM can be safely transferred between communication carriers without using SM.
- the techniques to obtain are described.
- embedded SIM information is managed in a device such as a subscription manager operated by a specific company or group. For this reason, there is a problem that a device such as a subscription manager becomes a bottleneck and the capabilities such as reliability, availability, and maintainability decrease.
- An object of the present invention is to provide an embedded SIM management system that solves the problems described above.
- An embedded SIM management system is A peer-to-peer network composed of a plurality of node devices capable of peer-to-peer communication with each other, and an information registrant device;
- the information registrant device is A first network interface,
- An information registration request transaction generating unit for generating an information registration request transaction and broadcasting it to the peer-to-peer network through the first network interface;
- the information registration request transaction generation unit includes: embedded SIM information including SIM (Subscriber Identity Module) identification information and a profile; and an electronic signature signed by using an information registrant's private key with respect to the embedded SIM information.
- SIM Subscriber Identity Module
- Each of the node devices is A second network interface, A block chain management unit which stores the information registration request transaction received through the second network interface in a block chain based on a consensus forming algorithm executed in cooperation with another node device. Take the configuration.
- a node device is A node device constituting a peer-to-peer network, Network interface, An embedded SIM information including SIM (Subscriber Identity Module) identification information and a profile, and an electronic signature signed using the information registrant's private key to the embedded SIM information and the public key paired with the private key
- the information registration request transaction including the key and the information registration request transaction is received through the network interface, and the received information registration request transaction is performed based on a consensus forming algorithm executed in cooperation with other node devices configuring the peer-to-peer network.
- the embedded SIM management method is An embedded subscriber identity module (SIM) management method executed by a node device configuring a peer-to-peer network, comprising: Information including embedded SIM information including SIM identification information and a profile, an electronic signature signed to the embedded SIM information using an information registrant's private key, and a public key paired with the private key
- SIM subscriber identity module
- the registration request transaction is received through the network interface, and the received information registration request transaction is stored in a block chain based on an agreement forming algorithm executed in cooperation with other node devices configuring the peer-to-peer network. Do, Take the configuration.
- a program according to another aspect of the present invention is Computers that make up a peer-to-peer network, Network interface, An embedded SIM information including SIM (Subscriber Identity Module) identification information and a profile, and an electronic signature signed using the information registrant's private key to the embedded SIM information and the public key paired with the private key
- the information registration request transaction including the key and the information registration request transaction is received through the network interface, and the received information registration request transaction is performed based on a consensus forming algorithm executed in cooperation with other node devices configuring the peer-to-peer network.
- Block chain management unit that stores Is a program to make it function.
- an information registrant apparatus that broadcasts an information registration request transaction to a peer-to-peer network composed of a plurality of node apparatuses capable of peer-to-peer communication with each other, comprising: Network interface, An information registration request transaction generating unit that generates the information registration request transaction and broadcasts the information registration request transaction to the peer-to-peer network through the network interface;
- the information registration request transaction generation unit includes: embedded SIM information including SIM (Subscriber Identity Module) identification information and a profile; and an electronic signature signed by using an information registrant's private key with respect to the embedded SIM information. Configured to generate an information registration request transaction based on the private key and the public key paired with the private key Take the configuration.
- SIM Subscriber Identity Module
- the present invention can provide an embedded SIM management system with excellent reliability, availability, and maintainability by having the above-described configuration.
- FIG. 7 is a signal sequence diagram illustrating an example of a process from the embedded SIM manufacturer device to broadcasting an information registration request transaction to a peer-to-peer network.
- FIG. 6 is a flow chart illustrating an example of a process until an embedded SIM manufacturer device transmits an information registration request transaction signal to a peer-to-peer network.
- FIG. 17 is an explanatory diagram of a generation step ST43 of an information registration request transaction (for a new public key) shown in FIG. 16; It is another block diagram of the 6th Embodiment of this invention. It is a signal sequence diagram which shows an example of a process until an information registration request
- FIG. 17 is an explanatory diagram of a generation step ST43 of an information registration request transaction (for a new public key) shown in FIG. 16; It is another block diagram of the 6th Embodiment of this invention. It is a signal sequence diagram which shows an example of a process until an
- FIG. 21 is an explanatory diagram of a generation step ST53 of an information registration request transaction (for a new public key) shown in FIG. 20. It is another block diagram of the 6th Embodiment of this invention.
- FIG. 16 is a signal sequence diagram showing an example of processing from the embedded SIM-equipped product owner device to broadcasting an information registration request transaction to the peer-to-peer network.
- FIG. 6 is a flow chart showing an example of a process until an embedded SIM-equipped product owner device transmits an information registration request transaction signal to a peer-to-peer network.
- FIG. 25 is an explanatory diagram of a generation step ST63 of an information registration request transaction (for a new public key) shown in FIG. 24.
- FIG. 6 is a flowchart illustrating an example of processing of a joining node participating in a peer-to-peer network.
- FIG. 6 is a flowchart illustrating an example of processing of a joining node participating in a peer-to-peer network.
- FIG. 6 is a flowchart illustrating an example of processing of a joining node participating in a peer-to-peer network.
- FIG. 6 is a flowchart illustrating an example of processing of a joining node participating in a peer-to-peer network.
- FIG. 6 is a flowchart illustrating an example of processing of a joining node participating in a peer-to-peer network. It is a figure which shows an example of a scene where a malicious third party broadcasts an invalid information registration request transaction.
- FIG. 36 is an explanatory diagram of confidence information (encrypted with a contract carrier public key) included in the contract certificate shown in FIG. 35.
- FIG. 6 is a flowchart illustrating an example of processing of a joining node participating in a peer-to-peer network. It is a block diagram of the 8th Embodiment of this invention. It is a figure which shows an example of the information registration request
- FIG. 16 is a signal sequence diagram showing an example of processing until the embedded SIM-equipped product owner device 900 broadcasts an information registration request transaction including new information (remote setting program code, profile setting state).
- FIG. 6 is a flow chart showing an example of a process until an embedded SIM-equipped product owner device transmits an information registration request transaction signal to a peer-to-peer network.
- FIG. 16 is a signal sequence diagram showing an example of FIG. 16 is a flow chart showing an example of processing until the product installation location MNO device transmits an information registration request transaction signal to the peer-to-peer network.
- FIG. 16 is a block diagram of the 9th Embodiment of this invention. It is a figure which shows an example of a structure of the embedded SIM management system in the 1st Embodiment of this invention. It is a flowchart which shows an example of the registration procedure of embedded SIM information. It is a flowchart which shows an example of the utilization procedure of embedded SIM information. It is a block diagram of 10th Embodiment of this invention.
- the embedded SIM management system 1 according to the first embodiment of the present invention comprises a peer-to-peer network 2, an information registrant device 3 and an information user device 4.
- the information registrant device 3 is a device used by a person who registers embedded SIM information, and one or more information registrant devices 3 exist.
- the embedded SIM information includes, for example, SIM identification information that uniquely identifies the embedded SIM, and a profile having various types of information necessary for communication.
- the various types of information necessary for communication include, for example, International Mobile Subscriber Identity (IMSI), Mobile Subscriber ISDN number (MSISDN), and the like.
- the information registrant device 3 includes a network interface 3a, an arithmetic processing unit 3b, and a storage unit 3c.
- the network interface 3a comprises a dedicated data communication circuit.
- the network interface 3a performs data communication with a peer-to-peer network 2 or the like connected via a wired or wireless communication line.
- the storage unit 3c is formed of a storage device such as a hard disk or a memory.
- the storage unit 3c stores processing information and a program 3d necessary for various types of processing in the arithmetic processing unit 3b.
- the program 3 d is a program that realizes various processing units by being read and executed by the arithmetic processing unit 3 b.
- the program 3d is read in advance from an external device (not shown) or a program storage medium (not shown) via a data input / output function such as the network interface 3a and stored in the storage unit 3c.
- the arithmetic processing unit 3 b has a microprocessor such as a CPU and its peripheral circuits.
- the arithmetic processing unit 3 b reads the program 3 d from the storage unit 3 c and executes the program 3 d to cooperate with the hardware and the program 3 d to implement various processing units.
- An information registration request transaction generation unit 3e is a main processing unit realized by the arithmetic processing unit 3b.
- the information registration request transaction generation unit 3 e generates an information registration request transaction and broadcasts it to the peer-to-peer network 2 through the network interface 3 a.
- the information registration request transaction generation unit 3 e may include embedded SIM information including SIM identification information and a profile, an electronic signature obtained by signing the embedded SIM information using the secret key of the information registrant, and a secret key
- the above-mentioned information registration request transaction is generated on the basis of the public key paired with and.
- the information user device 4 is a device used by a person who uses the embedded SIM information, and one or more devices exist.
- the information user apparatus 4 includes a network interface 4a, an arithmetic processing unit 4b, and a storage unit 4c.
- the network interface 4a comprises a dedicated data communication circuit.
- the network interface 4a performs data communication with a peer-to-peer network 2 or the like connected via a wired or wireless communication line.
- the arithmetic processing unit 4 b has a microprocessor such as a CPU and its peripheral circuits.
- the arithmetic processing unit 4 b implements the various processing units by causing the hardware and the program 4 d to cooperate with each other by reading and executing the program 4 d from the storage unit 4 c.
- An information use request transaction generation unit 4e is a main processing unit realized by the arithmetic processing unit 4b.
- the information use request transaction generation unit 4 e generates an information use request transaction for querying embedded SIM information having desired SIM identification information, and broadcasts the information use request transaction to the peer-to-peer network 2 through the network interface 4 a.
- the information registration request transaction generation unit 3 e generates an information use request transaction including SIM identification information.
- the information use request transaction generation unit 4e receives a response to the inquiry by the information use request transaction through the network interface 4a.
- the peer-to-peer network 2 is composed of a plurality of node devices 2a capable of peer-to-peer communication with each other.
- Each of the node devices 2a includes a network interface 2b, an arithmetic processing unit 2c, and a storage unit 2d.
- the network interface 2b comprises a dedicated data communication circuit.
- the network interface 2b performs data communication with various devices such as another node device 2a, an information registrant device 3 and an information user device 4 connected via a wired or wireless communication line.
- the storage unit 2 d is configured of a storage device such as a hard disk or a memory.
- the storage unit 2d stores processing information and programs 2e necessary for various types of processing in the arithmetic processing unit 2c.
- the program 2e is a program that realizes various processing units by being read and executed by the arithmetic processing unit 2c.
- the program 2 e is read in advance from an external device (not shown) or a program storage medium (not shown) via a data input / output function such as the network interface 2 b and stored in the storage unit 2 d.
- a block chain 2f as main processing information stored in the storage unit 2d.
- the block chain 2 f is a data structure in which blocks obtained by putting together transactions of a fixed period are connected in a chain.
- the block chain 2f may use Ethereal's block chain, but is not limited thereto.
- the block chain 2 f is also referred to as embedded SIM information DB.
- the arithmetic processing unit 2c has a microprocessor such as a CPU and its peripheral circuits.
- the arithmetic processing unit 2c implements various processing units by causing the hardware and the program 2e to cooperate with each other by reading and executing the program 2e from the storage unit 2d.
- the main processing units realized by the arithmetic processing unit 2c include a block chain management unit 2g and an inquiry response unit 2h.
- the block chain management unit 2g stores the information registration request transaction received through the network interface 2b in the block chain 2f, based on the agreement forming algorithm executed in cooperation with the other node device 2a.
- the consensus forming algorithm refers to an algorithm in general for mutually approving a distributed ledger using Proof of Work (PoW) or the like. PoW is equivalent to the work called “digging” or “mining” in Bitcoin and Ethereum.
- the inquiry response unit 2 h generates a response corresponding to the received information use request transaction according to the received information use request transaction. For example, the inquiry response unit 2h receives an information use request transaction (information inquiry request) through the network interface 2b. Then, the inquiry response unit 2h acquires embedded SIM information having SIM identification information included in the information use request transaction from the information stored in the block chain 2f. Then, the inquiry response unit 2 h generates a response for transmission through the network interface 2 b.
- FIG. 46 is a flowchart of an example of a registration procedure of embedded SIM information.
- the information registrant apparatus 3 generates an information registration request transaction by the information registration request transaction generation unit 3e (F01).
- the information registration request transaction is paired with the embedded SIM information including the SIM identification information and the profile, and the electronic signature signed using the information registrant's private key to the embedded SIM information and the private key. It is comprised including a public key.
- the information registrant apparatus 3 broadcasts the information registration request transaction to the peer-to-peer network 2 by the network interface 3a (F02).
- Each of the node devices 2a receives the information registration request transaction broadcast to the peer-to-peer network 2 by the network interface 2b (F03). Next, each of the node devices 2a stores the received information registration request transaction in the block chain 2f by the block chain management unit 2g based on the agreement forming algorithm executed in cooperation with the other node devices 2a. To do (F04).
- FIG. 47 is a flowchart of an example of a procedure of using embedded SIM information.
- the information user apparatus 4 generates an information use request transaction for inquiring embedded SIM information having desired SIM identification information by the information use request transaction generation unit 4e (F11).
- the information user apparatus 4 broadcasts the information use request transaction to the peer-to-peer network 2 by the network interface 4a (F12).
- Each of the node devices 2a receives the information use request transaction broadcast to the peer-to-peer network 2 via the network interface 2b (F13). Next, each of the node devices 2a acquires embedded SIM information having SIM identification information included in the information use request transaction from the information stored in the block chain 2f by the inquiry response unit 2h (F14). Then, each of the node devices 2a transmits a response including the acquired information to the information user device 4 through the network interface 2b (F15).
- the information user apparatus 4 receives the response from the node apparatus 2a by the network interface 4a (F16).
- the information user device 4 receives responses from the plurality of node devices 2a in response to the transmitted information use request transaction, the information user device 4 adopts the response of one of the node devices 2a.
- the information user apparatus 4 may adopt, as a response node, the node apparatus 2a that has presented the embedded SIM information selected by majority vote the earliest.
- the information user apparatus 4 may define unique rules such as adopting information at the time when the number of minimum required nodes for returning the same embedded SIM information has been reached.
- the adoption node or the provision node of employment information may have a rule for paying some fee.
- embedded SIM information is managed by the block chain technology. Therefore, according to the present embodiment, it is possible to provide an embedded SIM information management system excellent in reliability, availability, and maintainability.
- the embedded SIM is a subscriber identification card module for mobile communication embedded in an M2M / IoT device or the like, and a profile for communication with a specific mobile carrier is written when the product is shipped from the factory.
- OTA Over The Air
- Non-Patent Document 3 a subscription information management device (SM: Subscription Manager), and an old contract Mobile communication carrier equipment and others involved in the new contract will cooperate.
- SM subscription information management device
- the present embodiment shows a method of managing by a common distributed DB as a method of managing an embedded SIM management subscription information management device database (hereinafter, embedded SIM management DB).
- embedded SIM management DB an embedded SIM management subscription information management device database
- the information written to the embedded SIM indicates any one of an eUICC-ID (Embedded Universal Integrated Circuit Card Identity) indicating a card number of the embedded SIM, and a plurality of profiles in the embedded SIM.
- ICCID Integrated Circuit Card ID
- IMSI International Mobile Subscriber Identity
- MSISDN Mobile Subscriber International ISDN Number
- IMSI and MSISDN can hold different contents for each profile indicated by ICCID.
- the profiles include an embedded SIM setting profile (Provisioning Profile) which is always written at the time of factory shipment, and a profile (Operational Profile) which is changed in setting after factory shipment and used in an actual communication service operation.
- a subscription information management device (SM: Subscription Manager) is defined as a network-side mechanism that supports management of such embedded SIM configuration information and configuration change.
- the subscription information management device is, in actual operation, a manufacturer of the embedded SIM, a manufacturer of a product equipped with the embedded SIM, and a mobile network operator (MNO written in the embedded SIM setting profile at the time of factory shipment). ) Or a third party will manage, or will be managed in cooperation with these. Further, according to Patent Document 4, an organization trusted by a plurality of MNOs bears the function of a subscription information management device.
- the function corresponding to the subscription information management device is not only the information management of the embedded SIM management DB but also the embedded information by actual mobile communication (OTA: Over The Air) Also includes remote configuration change function to SIM. Therefore, in actual operation, the subscription information management device will be operated by a mobile network operator (MNO) trusted by one or more organizations.
- MNO mobile network operator
- the possibility that the subscription information management apparatus itself of the product loaded with the embedded SIM may be transferred may also occur in actual operation.
- the embedded SIM management DB (subscription information management apparatus in the process of transfer of the embedded SIM installed product) Because there is a possibility that the operator who manages) may also be transferred, other operators should contact the contract operator information of the embedded SIM-equipped product (ie, the embedded SIM management DB operator or subscription information management device) Needs to be divided by product type or by pinpoint serial number etc. (Problem 4).
- the embedded SIM management system in the present embodiment includes information registrant device 10 (which may be plural) that registers information in the embedded SIM management DB, and information of the embedded SIM management DB. It is comprised from the information user apparatus 20 (it may be multiple) and the peer-to-peer network 30 to utilize.
- the information registrant device 10 and the information user device 20 include an embedded SIM manufacturer device, an embedded SIM installed product manufacturer device, a mobile network operator (MNO) device, an embedded SIM installed product owner device, an embedded SIM Included product devices, etc. Details of the embedded SIM manufacturer device, the embedded SIM mounted product manufacturer device, the mobile network operator (MNO) device, the embedded SIM mounted product owner device, and the embedded SIM mounted product device will be described later.
- the peer-to-peer network 30 is handled by Bitcoin (see, for example, Non-Patent Document 1), which is one of virtual currencies, and Ethereum (see, for example, Non-patent document 2), which is one of smart contract realization platforms using distributed ledger technology.
- Bitcoin see, for example, Non-Patent Document 1
- Ethereum see, for example, Non-patent document 2
- Manage blockchains chains of cryptographic hash blocks).
- a plurality of participating nodes 40 (node devices) participating in the peer-to-peer network 30 maintain and manage the embedded SIM management DB in the present embodiment.
- the plurality of participating nodes 40 participating in the peer-to-peer network 30 may belong to a carrier or a community of multiple operators, or may be an anonymous individual or an anonymous organization not belonging to any organization.
- a plurality of participating nodes 40 participating in the peer-to-peer network 30 not only hold information and respond to queries, but also have an auto-executable program in the information held in the DB.
- the participating node 40 executes the above program, for example, exchanges confidence information when the owner of the embedded SIM-equipped product changes the contract MNO, and incorporates it into the mobile network operator (MNO) apparatus by OTA. It also plays a role of promoting SIM information settings.
- MNO mobile network operator
- the information registrant apparatuses 10 in the present embodiment request information registration by broadcasting an information registration request transaction to the embedded SIM management DB to the entire peer-to-peer network 30.
- Each participating node 40 participating in the peer-to-peer network 30 verifies the broadcasted information registration request transaction, and if it determines that it is valid, generates a new block grouped as a block along with other valid information registration request transactions, Add to the end of The reward to the participating node 40 is paid, for example, when verifying the information registration request transaction and generating a new block.
- Non-Patent Document 1 and Non-Patent Document 2 a block chain connects blocks hashed together in a chain, and all nodes participating in a peer-to-peer network are recorded in a form in which the legitimacy of their contents is formed in agreement. . Therefore, it is generally said that the content recorded as a block chain is virtually unalterable. Also, even if a node intentionally records incorrect information or does not try to record the requested content, generally block chaining is performed in order to attempt to record the correct content while forming consensus among the participating nodes. The content recorded as is said to be accurate.
- the information user apparatus 20 queries the peer-to-peer network 30 for useful information held by the embedded SIM management DB.
- any of the participating nodes 40 participating in the peer-to-peer network 30 autonomously transfers information to the appropriate information user apparatus 20 according to the executable program code among the information held by the embedded SIM management DB Do.
- Information to be transferred autonomously includes confidence information when the owner of the embedded SIM-equipped product changes the contract MNO, and information prompting the mobile network operator (MNO) apparatus etc. to set information on the embedded SIM by OTA Etc. are included.
- the inquiry fee in the problem 3 described above it is not the settlement among the communication operators, but the fee by the cryptocurrency etc. to the execution node of the inquiry request transaction and the autonomous information transfer transaction among the participating nodes 40 participating in the peer-to-peer network 30 It may be solved in the form of Alternatively, the fee may be collected only at the time of information registration, and it may be solved as a rule of a peer-to-peer network which makes it free when inquiring information or autonomous information transfer.
- the bottleneck of a single DB in the common DB scheme of the problem 5 described above can be solved because it is covered by a plurality of participating nodes 40 participating in the peer-to-peer network 30 according to the present embodiment.
- the embedded SIM management system includes an embedded SIM manufacturer device 100, an embedded SIM-equipped product manufacturer device 110, an old contract MNO device 120, a new contract MNO device 130, and an embedded SIM.
- the embedded SIM-equipped product device 150 To the on-premises owner device 140, the embedded SIM-equipped product device 150, the peer-to-peer network 160 that manages the embedded SIM management DB block chain (ciphered hash block chain) handled in this embodiment, and the peer-to-peer network 160 Of optional participating nodes 170 (s).
- the embedded SIM-equipped product device 150 is an M2M device, an IoT device, or the like on which the embedded SIM is installed.
- the embedded SIM-equipped product owner device 140 is a device such as a personal computer or a smartphone owned by a person who owns the embedded SIM-equipped product device 150.
- the embedded SIM-equipped product owner apparatus 140 may be the embedded SIM-equipped product apparatus 150 itself (that is, the embedded SIM-equipped product owner apparatus 140 and the embedded SIM-equipped product apparatus 150 are identical to each other). May be shown).
- the embedded SIM manufacturer device 100 is a device corresponding to a manufacturer such as a manufacturer that manufactures the embedded SIM to be mounted on the embedded SIM mounted product device 150.
- the embedded SIM installed product manufacturer's device 110 is a device corresponding to a manufacturer such as a manufacturer that manufactures the embedded SIM installed product device 150.
- the old contract MNO device 120 and the new contract MNO device 130 are a device corresponding to the old contract MNO viewed from the embedded SIM-equipped product device 150 and a device corresponding to the new contract MNO.
- the embedded SIM manufacturer device 100, the embedded SIM mounted product manufacturer device 110, the old contract MNO device 120, the new contract MNO device 130, the embedded SIM mounted product owner device 140, and the embedded SIM mounted product device 150 1 may also be the information registrant device 10 and the information user device 20 of FIG. Therefore, the embedded SIM manufacturer device 100, the embedded SIM mounted product manufacturer device 110, the old contract MNO device 120, the new contract MNO device 130, the embedded SIM mounted product owner device 140, and the embedded SIM mounted product device 150
- the information registration device 10 and the information user device 20 are also referred to.
- the embedded SIM manufacturer device 100, the embedded SIM installed product manufacturer device 110, the old contract MNO device 120, the new contract MNO device 130, and the embedded SIM installed product owner device 140 are the information registrant devices 10 shown in FIG. If you want to function as the information about the embedded SIM that you can know itself, a timestamp, a digital signature that encrypts this information with a secret key, and a public key, as described in the second embodiment for managing the embedded SIM. Generate as DB registration request transaction. Then, the embedded SIM manufacturer device 100, the embedded SIM-equipped product manufacturer device 110, the old contract MNO device 120, the new contract MNO device 130, and the embedded SIM-equipped product owner device 140 Broadcast the generated information registration request transaction.
- the information on the relevant embedded SIM which can be known by oneself includes: embedded SIM number (SIM identification information) (eUICC-ID), embedded SIM mounted product serial number (product serial number), setting profile MNO access ID (old MNO-ID), IMSI for setting profile (old IMSI), MSISDN for setting profile (old MSISDN), MNO access ID for operation profile (new MNO-ID), IMSI for operation profile (new IMSI), and MSISDN for operation profile New MSISDN) etc. may be included.
- SIM identification information SIM identification information
- product serial number product serial number
- setting profile MNO access ID old MNO-ID
- IMSI for setting profile old IMSI
- MSISDN for setting profile
- MSISDN MNO access ID for operation profile
- new MNO-ID MNO access ID for operation profile
- IMSI for operation profile new IMSI
- MSISDN for operation profile New MSISDN
- the broadcasted information registration request transaction in the present embodiment is verified by all participating nodes 170 participating in the peer-to-peer network 160 for legitimacy, and the consensus building process by all participating nodes 170 is approved for the success or failure of the recording in the block chain. Ru.
- FIG. 3 is an information component diagram showing the relationship between a plurality of transactions and the contents of a plurality of blocks in a block chain.
- TX TX1, TX2,(7) Indicates an information registration request transaction.
- Hash Hash12, Hash45
- Hash is a hash value calculated by a cryptographic hash function of two transactions, and hash calculation of all transactions in one block generation period, and finally one ROOT-Hash value ( Each participating node 170 repeats verification of transaction validity and calculation of hash value until it becomes a Merkle-Root value).
- each participating node 170 receives the hash value of the block broadcasted at the previous block generation time (or the hash value from all past blocks recalculated to itself to the previous block), and the current block generation period
- the hash value of a new block is calculated using the Root-Hash value generated from the newly generated information registration request transaction.
- the hash value of the new block is obtained while adjusting the NONCE value etc. so that the hash value of the new block will be the value based on the rule in the consensus building process defined in the peer-to-peer network. Broadcast to 160.
- the broadcast may be performed by the information registrant device 10 itself or may be performed via a proxy device. However, it is assumed that the private key of the information registration device 10 is used as the electronic signature in the case of passing through the proxy device.
- the information registrant device 10 can generate a transaction for information registration, and can inquire the relevant devices of information necessary for DB registration before broadcasting this. That is, the information registrant device can generate a transaction for information registration and broadcast it after inquiring of the relevant device about the information necessary for DB registration. This situation will be described using FIG. 4 and FIG.
- FIG. 4 is a signal sequence diagram until information registration request transaction is broadcast from the information registrant device 10 to the peer-to-peer network 160 that manages the embedded SIM management DB.
- the information registrant inputs, to the information registrant device 10, information on a pair of a secret key and a public key, and a corresponding embedded SIM that can be known by itself.
- the information registrant device 10 acquires information necessary for other information registration.
- the information registrant apparatus 10 broadcasts to the peer-to-peer network 160 an information registration request transaction that is time-stamped to each of the above-mentioned information and is digitally signed by the secret key.
- a signal S01 indicates an information input signal to the information registrant device 10, which is performed by the information registrant.
- S01 includes a secret key, a public key, information which can be known by oneself, a reference (URL etc.) of necessary information.
- a signal S02 is an acquisition request signal of information necessary for information registration from the information registration device 10 to the necessary information inquiry destination device.
- the signal S03 is a response signal to the signal S02.
- S02 includes the contents of the inquiry, the URL of the inquiry destination, and the like.
- S03 includes the inquired result (response information).
- Signal S04 is an information registration request transaction signal broadcast from information registrant device 10 to peer-to-peer network 160. In S04, information on the relevant embedded SIM that the information registrant can know itself, information necessary for registration obtained in S03, a time stamp, an electronic signature calculated using such information and a secret key, and a public key included.
- the information necessary for registration set in the information registration request transaction to be broadcast varies depending on what the information registrant device 10 is and the contract form between related business operators.
- the information registrant device 10 is the embedded SIM-equipped product manufacturer device 110, and the information that can be known by itself is the embedded SIM number (eUICC-ID) and the in-house built-in SIM-equipped product serial number (product serial number) Suppose that).
- the embedded SIM installation product manufacturer's device 110 sends information such as MNO access ID (old MNO-ID) for setting profile, IMSI (old IMSI) for setting profile, and MSISDN (old MSISDN) for setting profile at the time of factory shipment.
- MNO access ID old MNO-ID
- IMSI old IMSI
- MSISDN old MSISDN
- the relevant MNO has concluded a contract form in which the relevant MNO is inquired, the information is set to the corresponding embedded SIM, and is shipped.
- the information necessary for registration in the embedded SIM-equipped product manufacturer device 110 is the setting profile MNO access ID (old MNO-ID), the setting profile IMSI (old IMSI), and the setting profile MSISDN. It becomes information such as (old MSISDN).
- the site to which the built-in SIM-equipped product manufacturer apparatus 110 inquires for the above information is the old contract MNO apparatus 120.
- FIG. 5 is a flowchart until the information registrant device 10 transmits an information registration request transaction signal to the peer-to-peer network 160 that manages the embedded SIM management DB.
- Step ST01 is a step for inputting information to the information registrant device 10, which is performed by the information registrant.
- a secret key, a public key, information that can be known by a requester (information registrant), and the like are input to the information registrant device 10.
- Step ST02 is a step in which the information registrant apparatus 10 inquires the necessary information from the inquiry destination (the necessary information inquiry destination apparatus).
- the information registrant apparatus 10 acquires a setting profile and the like from the necessary information inquiry apparatus.
- Step ST03 is a step in which the information registration device 10 generates an information registration request transaction.
- the information registration request transaction information that can be known by oneself, other information necessary for registration (including information obtained in step ST02), a time stamp, a digital signature obtained by encrypting these hash values with a secret key, and a public key included.
- Step ST04 is a step of broadcasting the information registration request transaction generated by the information registrant device 10 to the peer-to-peer network 160.
- FIG. 6 shows the relationship between the information registrant device holding information I10 which is information held by the information registrant device 10 and the contents of the information registration request transaction I20 which is an information registration request transaction to the embedded SIM management DB.
- the information registrant apparatus 10 holds an embedded SIM number, information necessary for other registration, a public key, and a secret key.
- the information registration request transaction broadcast by the information registrant device 10 includes an embedded SIM number, other information necessary for registration, a time stamp, a public key, and an electronic signature. Referring to FIG. 6, it can be seen that the electronic signature is generated by encrypting the embedded SIM number, other information necessary for registration, and the time stamp with the secret key.
- All participating nodes 170 participating in the peer-to-peer network 160 generate a plurality of information registration request transactions occurring in a predetermined period and their hash values as one block, and request information registration of all the plurality of blocks in a plurality of past periods. Connect the transaction and block hash values in a chain (hereinafter referred to as a block chain) and hold and manage this as a built-in SIM management DB.
- a block chain a chain
- the information consumer device 20 (including the information registrant device 10) inquires of the peer-to-peer network 160 the information necessary for processing regarding its embedded SIM.
- the embedded SIM installed product manufacturer's device 110 sets the embedded SIM number (eUICC-ID), the embedded SIM mounted product serial number (product serial number), and the embedded SIM installed in the product at the time of factory shipment.
- Write information such as MNO access ID for profile (old MNO-ID), IMSI for configuration profile (old IMSI), MSISDN for configuration profile (old MSISDN), etc. Broadcast to In that case, it is conceivable that a person (owner) who has purchased the embedded SIM-equipped product carries out the inquiry when using the product for the first time.
- the owner of the embedded SIM-equipped product device 150 concludes a mobile network usage contract with a new MNO at the actual usage location.
- the corresponding embedded SIM-equipped product device 150 is first connected to the mobile network managed by the new MNO.
- the new contract MNO device 130 of the connection destination transmits an information use request transaction to the peer-to-peer network 160 in order to determine the information issued by the embedded SIM-equipped product device 150.
- the new contract MNO device 130 obtains registration information on the corresponding embedded SIM in the response signal, and continues necessary processing.
- the acquired registration information includes, for example, a built-in SIM mounted product serial number (product serial number) linked to an embedded SIM number (eUICC-ID), a setting profile MNO access ID (old MNO-ID), and a setting profile.
- IMSI old IMSI
- MSISDN for configuration profile
- the new contract MNO device 139 determines whether or not the both information match based on the information issued by the connected embedded SIM-equipped product device 150 and the information acquired by the broadcast of the information use request transaction. Do. For example, if the two match (if a matching profile is included), the new contract MNO device 130 does not perform normal mobile network operator roaming, and the corresponding set in the new contract MNO device 130. It is judged that the setting information of embedded SIM can be rewritten to information of new contract MNO (new MNO-ID, new IMSI, new MSISDN) by OTA. Then, the new contract MNO device 130 continues the information rewriting process to the actual embedded SIM. These states will be described with reference to FIGS. 7 and 8.
- FIG. 7 shows the case where the owner of the embedded SIM-equipped product device 150 first connects the embedded SIM-equipped product device 150 to the new MNO-managed mobile network after entering into a mobile network usage contract with the new MNO.
- Signal S11 is an initial connection signal to new contract MNO device 130 of embedded SIM-equipped product device 150.
- the signal S1 includes an old MNO-ID, an old IMSI, an old MSISD, an embedded SIM number (eUICC-ID), and the like.
- Signal S12 is an information use request transaction signal broadcast from the new contract MNO device 130 to the peer-to-peer network 160.
- S12 includes the embedded SIM number (eUICC-ID) obtained by the signal S11.
- the signal S13 is a response signal from any one of the participating nodes 170 to the peer-to-peer network 160.
- the response signal includes information for the setting profile linked to the embedded SIM number (eUICC-ID) (ie, the old MNO-ID, the old IMSI, the old MSISD) and the like.
- the response signal may be returned from a plurality of nodes. Therefore, the new contract MNO device 130 can have a configuration for adopting one of the returned response signals. For example, the new contract MNO device 130 adopts, as a response node, the node which presented the information selected by majority vote etc. earliest, or adopts the information at the time of reaching the minimum required number of nodes returning the same information. It can be configured to have its own rules.
- the adoption node or the provision node of employment information may have a rule for paying some fee.
- the new contract MNO device 130 can be configured to always cache copies of all the information in the block chain at a constant cycle. In this case, the new contract MNO device 130 omits the processing by the signals S12 and S13, and instead, the setting profile information on the connected embedded SIM-equipped product device 150 (actually, the embedded SIM) is stored in the cache You may use it to ask.
- a signal S14 indicates information rewriting processing in the embedded SIM in the embedded SIM-equipped product apparatus 150 in the new contract MNO apparatus 130 after the connection by the signal S11 is determined to be appropriate. Details of the process of S14 will be described later.
- FIG. 8 is a flowchart showing an example of processing of the new contract MNO device 130. Specifically, FIG. 8 shows an example of the flow from when the new contract MNO device 130 receives the initial connection signal of the embedded SIM-equipped product device 150 to when the embedded SIM rewriting process is performed.
- the new contract MNO device 130 broadcasts an information use request transaction to the peer-to-peer network 160, and information for configuration profile (old MNO-ID, old IMSI, old MSISDN) linked to the corresponding embedded SIM number (eUICC-ID) To get Then, the new contract MNO device 130 determines the legitimacy of the initial connection signal using the obtained information, and executes the process of rewriting the information in the embedded SIM.
- the new contract MNO device 130 has information for setting profile (old MNO-ID, old IMSI, old MSISDN) linked to the corresponding embedded SIM number (eUICC-ID). Get Then, the new contract MNO device 130 determines the legitimacy of the initial connection signal using the obtained information, and executes the process of rewriting the information in the embedded SIM.
- Step ST11 is a step of receiving an initial connection signal in the new contract MNO device 130.
- Step ST12 is a processing branch step. In step ST12, whether the new contract MNO device 130 performs embedded SIM rewriting processing according to the conventional method (left branch in the drawing) or performs unique determination using a cache of block chain data (right branch in the drawing) ) Or broadcast to a peer-to-peer network 160 to make a decision (central branch in the figure).
- step ST13 setting profile information (old MNO-ID, old IMSI) associated with the embedded SIM eUICC-ID mounted on the embedded SIM-equipped product apparatus 150 from which the new contract MNO apparatus 130 issued the initial connection signal.
- Step ST14 is a step in which the new contract MNO device 130 waits for a response signal to the broadcast signal, and adopts any response content and response node from among them. Further, step ST14 is a step of determining the legitimacy of the information in the initial connection signal received in step ST11 based on the adopted response content. Step ST15 is a step in which the new contract MNO device 130 rewrites the information in the embedded SIM after the legitimacy is confirmed in step ST14. The details of step ST15 will be described later. Step ST15 also flows from the unique determination process (not shown) of the block chain data branched to the right in the figure at step ST12.
- Non-Patent Document 1 a person who has been able to record at the end of a block chain that has overcome the competition of hash calculation of new blocks in which transactions (transfer of owner) of bitcoin, which is a cryptocurrency, etc. Is given a specific bitcoin.
- coin mining mining
- new blocks are generated at intervals of about 10 minutes, and 25 bit coins are mined. The amount of mining coins every 10 minutes will be halved once every 4 years. Mining coins do not affect the issuer of the transaction.
- Non-Patent Document 2 not only the transaction (transfer of the owner) of the cryptographic currency Ether (Esa) in Ethereum but the execution of the contract (contract by computer) and the smart contract (computer-confirmable contract) Specific Ether is given to those who succeeded in the competition of hash calculation of a new block, which bundled transactions related to automatically executable code, and were able to record at the end of the block chain (hereinafter, mining successor).
- the reward given to the successful mining company includes 5 Ether per fixed mining and Ether corresponding to the amount of transaction information collected from the transaction issuer and the Etheriam-defined fuel (Gas) required to execute the contract fulfillment code.
- the information registration request transaction approval fee for recording in the block chain for the embedded SIM management DB is the same as those of the virtual currency or cryptographic currency, multipurpose points, etc. defined separately. It can be configured to pay.
- the consensus building process is performed by competition of cryptographic hash calculations at the time of block chain update or a separately established peer-to-peer network dedicated consensus rule.
- the allocation of the authorization fee to the participating nodes 170 of the peer-to-peer network 160 is done by a winner who has overcome the cryptographic hashing competition or a separately established consensus forming rule.
- the embedded SIM manufacturer device 100 as the information registrant device 10 in the second embodiment or the information registrant device 10 in the third embodiment, an embedded SIM mounted product manufacturer device 110, The old contract MNO device 120, the new contract MNO device 130, the embedded SIM-equipped product owner device 140, the embedded SIM-equipped product device 150, etc.
- the confirmation of the success or failure of the transaction it is possible for the information user apparatus 20 to confirm the registration information issued by itself, but it is not particularly required. That is, at the time of broadcasting the information registration request transaction, confirmation is not necessary if it believes that the transaction has been successful by the peer-to-peer network 160's consensus making process, but arbitrary confirmation is possible if it does not immediately believe. is there.
- a block chain is obtained by a plurality of transactions issued in the past and a plurality of blocks of cryptographic hash calculation generated in the past, and all nodes participating in the peer-to-peer network 160 share the same information by the consensus forming process. Hold Therefore, falsification such as change or deletion is practically impossible.
- a participating node 170 tries to falsify the past data, it re-hashs the hash calculation of all transactions generated after the transaction to be falsified, the block that holds it, and all the transactions that occurred thereafter, It is necessary for all other participating nodes 170 to continue to overcome the competition of cryptographic hash calculations or to show them in a consistent manner in the consensus building process, and the computer power vs.
- the update and deletion of the embedded SIM management DB takes the following form. That is, it broadcasts a transaction that describes the change of the transfer destination information (owner's public key, contract profile for the configuration profile or operation profile) with the embedded SIM number (eUICC-ID) as the primary key, and agreement formation It takes the form of appending to the block chain through the process.
- FIG. 9 is a flowchart illustrating an example of processing of a node participating in a peer-to-peer network.
- the processing of FIG. 9 corresponds to, for example, processing executed by the block chain management unit 2g of the node device 2a of FIG.
- the block chain management unit 2g receives the information registration request transaction broadcasted from the information registrant apparatus 3 (ST31). Then, the block chain management unit 2 g decrypts the electronic signature included in the received information registration request transaction using the public key included in the received information registration request transaction. Further, the block chain management unit 2g calculates a hash value from the contents of the received information registration request transaction (in the case of FIG. 6, the embedded SIM number, other necessary registration information, and time stamp) (ST32). Next, the block chain management unit 2g determines the validity of the electronic signature by comparing the hash value obtained by decrypting the electronic signature with the generated hash value (ST33). Then, if the electronic signature is incorrect, the block chain management unit 2g treats the information registration request transaction received this time as an incorrect transaction, and broadcasts a transaction error to the peer-to-peer network (ST34).
- the block chain management unit 2g causes the block chain 2f to approve all past approved SIM numbers relating to the embedded SIM number included in the information registration request transaction received this time.
- the information registration request transaction (and in the latest ungenerated block) is searched (ST35).
- the block chain management unit 2g matches all public keys, ie, one. It is determined whether there is a type of public key or a public key mismatch, that is, a public key that does not match other public keys (ST36). If all the public keys match, the block chain management unit 2g treats the information registration request transaction received this time as a valid transaction, and holds it in the latest ungenerated block (ST37).
- the block chain management unit 2 g compares the public key included in the information registration request transaction received this time with the new public key described in the fifth embodiment (ST 38). Then, when the public key included in the information registration request transaction received this time matches the new public key, the block chain management unit 2 g treats the information registration request transaction received this time as a valid transaction, and the latest ungenerated block Hold inside (ST37). On the other hand, when the public key included in the information registration request transaction received this time does not match the new public key, the block chain management unit 2 g treats the information registration request transaction received this time as an unauthorized transaction, and sets a transaction error to the peer-to-peer network. Broadcast (ST34). As described above, when the public key included in the information registration request transaction received this time and the new public key that is the latest public key at least match, the block chain management unit 2 g justifies the received information registration request transaction. Treat as a transaction.
- FIG. 10 is a conceptual diagram showing an example of the process of steps ST35 and ST36 of FIG.
- TX 8 indicates the information registration request transaction received this time.
- TX1 to TX7 indicate past accepted (and latest ungenerated blocks) information registration request transactions.
- the information registration request transaction TX2 indicates a transaction including an embedded SIM number identical to the embedded SIM number included in the information registration request transaction TX8.
- the block chain management unit 2g selects an information registration request transaction TX2 having the same embedded SIM number as the embedded SIM number included in the information registration request transaction TX8 among the past information registration request transactions. Search for. Subsequently, the block chain management unit 2g compares the public keys of the information registration request transactions TX2 and TX8. Then, when the public keys of the information registration request transactions TX2 and TX8 coincide with each other, the block chain management unit 2g treats the information registration request transaction TX8 received this time as a valid transaction.
- the owner of a legitimate embedded SIM-equipped product updates the private key-public key pair as a normal operation.
- the owner of the legitimate embedded SIM-equipped product usually abandons the usage contract of the embedded SIM-equipped product or hands over the ownership to another person.
- the above situation is dealt with by broadcasting an information registration request transaction including a new public key to the peer-to-peer network.
- information such as changing the authorized owner's public key for the embedded SIM number (eUICC-ID) to a new public key (including the public key of another who has handed over the ownership)
- eUICC-ID the authorized owner's public key for the embedded SIM number
- the contents of the information registration request transaction are resolved by broadcasting the contents to the peer-to-peer network only once (or each time the public key is updated or the ownership is transferred).
- FIG. 11 is a flow chart of information registration device 10 transmitting an information registration request transaction signal to peer-to-peer network 160.
- Step ST21 is a step in which the information registrant device 10 receives an input of information from the information registrant.
- a secret key, a public key, and information that the requester (information registrant) can know by itself is input.
- Step ST22 is a step in which the information registrant apparatus 10 inquires of necessary information from an inquiry destination (for example, the necessary information inquiry destination apparatus shown in FIG. 4).
- the information registrant apparatus 10 acquires a setting profile and the like from the necessary information inquiry apparatus and the like. In the present embodiment, step ST22 may be omitted.
- Step ST23 is a step to determine whether or not to update to a new key pair.
- Step ST24 is a step of generating an information registration request transaction when not updating to a new key pair. The process performed by step ST24 is the same as the process performed by step ST03 of FIG.
- Step ST25 is a step of generating an information registration request transaction when updating to a new key pair.
- Step ST26 is a step of broadcasting the information registration request transaction generated in steps ST24 and ST25 to the peer-to-peer network 160.
- FIG. 12 is an explanatory diagram of a generation step ST25 of the information registration request transaction in the case of updating to a new key pair.
- an information registration request transaction (for a new public key) I120 includes an embedded SIM number, profile information, a time stamp, a new public key, an old public key, and a digital signature.
- the electronic signature is an embedded SIM number, profile information, a timestamp, and a new public key signed by the old secret key. Profile information may be omitted.
- FIG. 13 shows an example of a plurality of information registration request transactions TX # 1 to TX # 4 related to the same embedded SIM number stored in a block chain of a certain node.
- the information registration request transaction TX # 1 includes the electronic signature A1 signed by the public key A with respect to the information including the embedded SIM number N and the profile X.
- the information registration request transaction TX # 2 is a transaction for updating a key pair, and includes a digital signature A2 signed with respect to information including an embedded SIM number N and a new public key B by the public key A. . Since the profile X is not changed, the information of the profile X is omitted in the information registration request transaction TX # 2.
- the information registration request transaction TX # 3 is a transaction for updating a profile, and includes a digital signature B1 signed with information including an embedded SIM number N and a new profile Y using a public key B.
- the information registration request transaction TX # 4 is a transaction for updating both the key pair and the profile, and the electronic key has signed information including the embedded SIM number N, the new profile Z and the new public key C by the public key B.
- the signature B2 is included.
- FIG. 9 is a flowchart illustrating an example of processing of a node participating in a peer-to-peer network.
- the process illustrated in FIG. 9 corresponds to, for example, the process executed by the block chain management unit 2g of the node device 2a illustrated in FIG.
- the entire flow of the process shown in FIG. 9 has already been described, and therefore, the flow of a scene in which the information registration request transactions TX # 2 to TX # 4 shown in FIG. 13 are processed will be described below.
- the block chain management unit 2g searches for the transaction TX # 1 (ST35). In this case, the public key matches in transactions TX # 1 and TX # 2. Therefore, the block chain management unit 2g holds the transaction TX # 2 in the latest ungenerated block as a valid transaction (ST37).
- the transaction TX # 2 includes the new public key B. Therefore, the public key B will be treated as a valid public key thereafter.
- the block chain management unit 2g determines that the electronic signature B1 is valid, it searches for transactions TX # 1 and TX # 2 (ST35). In this case, public keys do not match in transactions TX # 1 to TX # 3. Therefore, the block chain management unit 2g compares the public key B included in the transaction TX # 3 with the currently valid new public key B (ST38). Then, since the result matches, the block chain management unit 2g holds the transaction TX3 as a valid transaction in the latest ungenerated block (ST37). Since the transaction TX # 3 includes the new profile Y, the profile Y will be treated as a valid profile thereafter.
- the block chain management unit 2g determines that the electronic signature B2 is valid, it searches for transactions TX # 1 to TX # 3 (ST35).
- the public keys do not match in transactions TX # 1 to TX # 4. Therefore, the public key B included in the transaction TX # 4 is compared with the currently valid new public key B (ST38). Since the result matches, the block chain management unit 2g holds the transaction TX4 in the latest ungenerated block as a valid transaction (ST37).
- the transaction TX # 4 includes the new public key C and the new profile Z. Therefore, the public key C is subsequently treated as a valid public key, and the profile Z is subsequently treated as a valid profile.
- an information registration request transaction including a new public key is broadcast. Also, the block chain management unit 2g When the public key included in the information registration request transaction received this time matches the latest "new public key" included in the retrieved information registration request transaction, the received information registration request transaction is treated as a valid transaction. It is done. Such a configuration makes it possible to change the pair of the secret key and the public key.
- a malicious third party generates an arbitrary private key-public key pair for the purpose of taking ownership of any unused embedded SIM number (eUICC-ID) in the past.
- eUICC-ID embedded SIM number
- the corresponding set is for the manufacturer of the embedded SIM-equipped product which becomes the first owner of the embedded SIM number band by the embedded SIM manufacturer or which is the seller of the embedded SIM. Transfer ownership of the embedded SIM number (or number band). Then, the broadcast of the first information registration request transaction including the new public key for any embedded SIM number (or number band or multiple non-consecutive numbers) is sent to the embedded SIM manufacturer device or the embedded SIM manufacturer It is from the device or the buyer (ie owner) device of the first embedded SIM-equipped product.
- the public key and the electronic signature included in the information registration request transaction are often different depending on the source of the broadcast signal.
- the “new public key” included in the information registration request transaction includes the public key of a person recognized by the information registration request transaction originator as the owner of the legitimate built-in SIM (or its mounted product). The configuration and operation of this embodiment will be described below with reference to FIGS. 14 to 30.
- embedded SIM manufacturer device 400 embedded SIM equipped product manufacturer device 410, contract MNO device 420, peer-to-peer network 430 for managing embedded SIM management DB block chain, peer-to-peer network 430 thereof. It comprises a plurality of participating nodes 440 that participate.
- FIG. 15 is a signal sequence diagram from broadcasting of an information registration request transaction from the embedded SIM manufacturer device 400 to the peer-to-peer network 430 that manages the embedded SIM management DB.
- the embedded SIM manufacturer enters the necessary information into the embedded SIM manufacturer device 400.
- the embedded SIM manufacturer device 400 obtains necessary information from the embedded SIM installed product manufacturer device 410.
- the embedded SIM manufacturer device 400 broadcasts to the peer-to-peer network 430 an information registration request transaction that is time-stamped on each of the above information and electronically signed with the secret key.
- a signal S41 indicates an information input signal to the embedded SIM manufacturer device 400 from the embedded SIM manufacturer.
- S41 includes a secret key, a public key, information which can be known by oneself, and other information inquiries (URL etc.).
- Signal S42 is a request signal for obtaining necessary information for information registration from embedded SIM manufacturer apparatus 400 to embedded SIM installed product manufacturer apparatus 410.
- the signal S43 is a response signal to the signal S42.
- the embedded SIM number band management consignment to the embedded SIM installed product manufacturer's device 410, the inquiry of the public key of the embedded SIM installed product manufacturer, the URL of the inquiry destination, etc. are included.
- S43 contains the inquired response information.
- Signal S 44 is an information registration request transaction signal broadcast from embedded SIM manufacturer device 400 to peer-to-peer network 430.
- FIG. 16 is a flow chart up to the transmission of an information registration request transaction signal to the peer-to-peer network 430 that manages the embedded SIM management DB in the embedded SIM manufacturer device 400.
- Step ST41 is a step in which the embedded SIM manufacturer apparatus 400 inputs the information from the embedded SIM manufacturer.
- Step ST42 is a step in which the embedded SIM manufacturer apparatus 400 inquires the embedded SIM mounted article manufacturer apparatus 410 for the information.
- Step ST43 is a step in which the embedded SIM manufacturer device 400 generates an information registration request transaction (for a new public key).
- Step ST44 is a step of broadcasting the information registration request transaction generated by the embedded SIM manufacturer device 400 to the peer-to-peer network 430.
- FIG. 17 is an explanatory diagram of a generation step ST43 of an information registration request transaction (for a new public key).
- the information registration request transaction (for a new public key) I 220 is composed of an embedded SIM number band (or discontinuous plural numbers), profile information, a time stamp, a new public key, a public key, and a digital signature.
- the electronic signature is a built-in SIM number band (or discontinuous multiple numbers), profile information, a time stamp, and a new public key signed by a secret key. Profile information may be omitted.
- embedded SIM manufacturer device 500 embedded SIM-equipped article manufacturer device 510, contract MNO device 520, peer-to-peer network 530 for managing embedded SIM management DB, and a plurality of members participating in peer-to-peer network 530 Of the participating nodes 540 of FIG.
- FIG. 19 is a signal sequence diagram up to the broadcast of the information registration request transaction from the embedded SIM-equipped article manufacturer apparatus 510 to the peer-to-peer network 530 that manages the embedded SIM management DB.
- the person in charge of manufacturing an embedded SIM-equipped product inputs necessary information into the embedded SIM-equipped product maker apparatus 510.
- the embedded SIM-equipped article manufacturer device 510 obtains necessary information from the embedded SIM manufacturer device 500.
- the embedded SIM-equipped article manufacturer device 510 broadcasts to the peer-to-peer network 530 an information registration request transaction that is time-stamped to the above-mentioned information and is digitally signed with the secret key.
- a signal S51 indicates an information input signal from the person in charge of manufacturing the built-in SIM mounted product to the built-in SIM mounted product manufacturer device 510.
- S51 includes a pair of a secret key and a public key of the embedded SIM-equipped product manufacturer device, and information (URL and the like) of the embedded SIM manufacturer device 500.
- Signal S52 is an acquisition request signal for obtaining a built-in SIM number band commission certificate from built-in SIM mounted product manufacturer apparatus 510 to built-in SIM manufacturer apparatus 500.
- the signal S53 is a response signal to the signal S52.
- S52 includes the URL and the like of the embedded SIM manufacturer device 500.
- S53 includes an embedded SIM number band trust certificate.
- Signal S 54 is an information registration request transaction signal broadcast from the embedded SIM product manufacturer device 510 to the peer-to-peer network 530.
- FIG. 20 is a flow chart up to the transmission of an information registration request transaction signal to the peer-to-peer network 530 that manages the embedded SIM management DB in the embedded SIM-equipped article manufacturer device 510.
- Step ST51 is a step in which the built-in SIM-equipped product manufacturer apparatus 510 inputs the above information from the person in charge of manufacturing the built-in SIM-equipped product.
- Step ST52 is a step in which the built-in SIM-equipped product manufacturer device 510 inquires the embedded SIM manufacturer device 500 for the above-mentioned information.
- Step ST53 is a step in which the embedded SIM-equipped article manufacturer device 510 generates an information registration request transaction (for a new public key).
- Step ST 54 is a step of broadcasting the information registration request transaction generated by the embedded SIM-equipped article manufacturer device 510 to the peer-to-peer network 530.
- FIG. 21 is an explanatory diagram of a generation step ST53 of an information registration request transaction (for a new public key).
- Information registration request transaction (for new public key) I320 built-in SIM number band (or discontinuous multiple number / single number), consignment certificate (with a contractor's electronic signature) I310, profile information, time stamp, new publication It consists of a key (trustee public key), a public key (trustee public key), and a digital signature.
- the consignment certificate I 310 includes a consignment number band, a consignee public key, and a consignor electronic signature.
- the electronic signature included in the transaction is embedded SIM number band (or discontinuous multiple number / single number), consignment certificate (with the consignor's electronic signature), profile information, time stamp, new public key (consignee public key ) Is signed by the consignee's private key. Profile information may be omitted.
- the public key of the embedded SIM number holder may be used as the new public key.
- an embedded SIM-equipped product owner device 600 a new contract MNO device 610, an old contract MNO device 620, a peer-to-peer network 630 for managing an embedded SIM management DB, and a plurality of participating peer-to-peer networks 630. It consists of participating nodes 640.
- FIG. 23 is a signal sequence diagram up to the broadcast of the information registration request transaction from the embedded SIM-equipped product owner device 600 to the peer-to-peer network 630 that manages the embedded SIM management DB.
- the use contractor inputs necessary information to the embedded SIM-equipped product owner apparatus 600.
- the embedded SIM-equipped product owner device 600 obtains necessary information from the new contract MNO device 610. Thereafter, the embedded SIM-equipped product owner apparatus 600 broadcasts to the peer-to-peer network 630 an information registration request transaction electronically signed with a secret key by adding a time stamp to each item of information.
- a signal S61 indicates an information input signal from the user contractor to the embedded SIM-equipped product owner device 600.
- S61 includes a pair of the contractor's private key and public key, and information (URL and the like) of the new contract MNO device 610.
- a signal S62 is a request signal for obtaining profile information, a re-consignment certificate (and a consignment certificate), etc. from the embedded SIM-equipped product owner device 600 to the new contract MNO device 610.
- the signal S63 is a response signal to the signal S62.
- S62 includes the URL and the like of the new contract MNO device 610.
- S63 includes a re-consignment certificate (and a consignment certificate).
- Signal S 64 is an information registration request transaction signal broadcast from embedded SIM-equipped product owner device 600 to peer-to-peer network 630.
- FIG. 24 is a flow chart up to the transmission of an information registration request transaction signal to the peer-to-peer network 630 that manages the embedded SIM management DB in the embedded SIM-equipped product owner device 600.
- Step ST61 is a step in which the embedded SIM-equipped product owner apparatus 600 inputs the above-mentioned information from the user.
- Step ST62 is a step in which the embedded SIM-equipped product owner apparatus 600 inquires the new contract MNO apparatus 610 for the above information.
- Step ST63 is a step in which the embedded SIM-equipped product owner apparatus 600 generates an information registration request transaction (for a new public key).
- Step ST64 is a step of broadcasting the information registration request transaction generated by the embedded SIM-equipped product owner apparatus 600 to the peer-to-peer network 630.
- FIG. 25 is an explanatory diagram of a generation step ST63 of an information registration request transaction (for a new public key).
- Information registration request transaction (for new public key) I420 embedded SIM number, consignment certificate (with electronic signature of consignor), profile information, reconsignment certificate (with electronic signature of reconsigner) I410, timestamp , New public key (contractor public key), public key (contractor public key), and electronic signature.
- the re-consignment certificate I 410 is composed of a re-consignment embedded SIM number, a re-consignee's public key, and the electronic signature of the re-consigner (new contract MNO).
- Electronic signatures included in the transaction include embedded SIM number, consignment certificate (with the consignor's electronic signature), profile information, reconsignment certificate (with the subcontractor's electronic signature), time stamp, new public key (contract) Public key) is signed by the contractor private key.
- the consignment certificate may be omitted.
- I430 is a key pair of a re-outsourcee (contractor), and is composed of a contractor public key and a contractor private key.
- 26 to 30 are flowcharts showing an example of processing of the joining nodes 440, 540, and 640 joining the peer-to-peer network. These processes correspond to, for example, processes executed by the block chain management unit 2g of the node device 2a in FIG.
- the block chain management unit 2g is the information registrant device 3 (embedded SIM manufacturer device 400 in the case of FIG. 14, embedded SIM installed product manufacturer device 510 in the case of FIG. In the case of FIG. 22, the information registration request transaction broadcasted from the embedded SIM-equipped product owner apparatus 600) is received (ST71). Then, after the block chain management unit 2g performs processing such as determination of the validity of the electronic signature, which is not shown in FIG.
- the information registration request received this time from the block chain All past approved (and latest ungenerated blocks) for the embedded SIM number (or number band, discontinuous multiple numbers) identical to the embedded SIM number (or number band, discontinuous multiple numbers) included in the transaction
- the information registration request transaction of is searched (ST75).
- the block chain management unit 2g determines whether the information registration request transaction received this time is the first transaction related to the embedded SIM number (or number band, discontinuous plural numbers). It determines (ST76). If it is not the first transaction, processing not shown in FIG. 26 is executed. On the other hand, if it is the first transaction, the following processing is executed.
- the block chain management unit 2g determines whether or not the received information registration request transaction includes a certificate, and if so, determines the type (ST77). Then, the processing according to the determination result is executed.
- the block chain management unit 2g has an embedded SIM manufacturer and issues a transaction using its public key, or there is no embedded SIM manufacturer and uses a known public key. If there is, it is determined that the transaction is a legitimate transaction, and other than that, it is determined that the transaction is an invalid transaction (ST81, ST82, ST83 in FIG. 27).
- the block chain management unit 2g determines that the embedded SIM manufacturer has a valid transaction if it is a consignment certificate issued by the manufacturer and that the transaction is not valid. It is determined (ST91 and ST92 in FIG. 28).
- the block chain management unit 2g determines that the re-consignee has a re-consignment certificate and if it is a re-consignment certificate that it has issued, it is determined that the transaction is a valid transaction. It is determined (ST101 and ST102 in FIG. 29).
- the blockchain management unit 2g has a re-consignee and if it is a re-consignment certificate issued by it, as in the case where there is a re-consignment certificate.
- the legitimacy of the transaction is determined by the process of FIG. Further, the block chain management unit 2g determines that the transaction is an unfair transaction if there is no re-outsourcer, or if there is no out-source certificate issued by the re-outsourcer (ST 111 and ST 112 in FIG. 30).
- the block chain management unit 2g treats the information registration request transaction received this time as a valid one, and holds it in the latest ungenerated block (ST37 in FIG. 26). On the other hand, when it is determined that the transaction is an invalid transaction in FIGS. 27 to 30, the block chain management unit 2g treats the information registration request transaction received this time as an unauthorized transaction and broadcasts a transaction error to the peer-to-peer network (ST34 in FIG. 26). ).
- a malicious third party can be built against the attack of broadcasting an information registration request transaction with the unspecified number of embedded SIM numbers as the same profile information in order to attack the communication carrier by DoS.
- the SIM management system will be described.
- FIG. 31 shows a communication carrier device with no contract for a large number of embedded SIM numbers, as a malicious third party 790 is a person re-outsourced etc. by a legitimate embedded SIM number (multiple numbers) owner 700 again.
- a scene where an invalid information registration request transaction is broadcasted is shown.
- the peer-to-peer communication is performed for the inquiry from the connection destination MNO device 720 of the embedded SIM-equipped product.
- the network 730 returns an invalid response, and as a result, the MNO device 720 to which the embedded SIM-equipped product is connected will cause a DoS attack on the communication carrier device 710 without a contract.
- FIG. 32 is a block diagram of the embedded SIM management system according to the present embodiment, which shows a valid embedded SIM number (multiple number) owner (user contractor device) 800, a usage contract communication carrier device 810, an embedded SIM The MNO apparatus 820 to which the on-board product is connected, the peer-to-peer network 830, and the participating nodes 840 thereof. 890 indicates a malicious third party.
- FIG. 33 is a signal sequence diagram until the information subscriber request transaction is broadcast from the subscriber device 800 to the peer-to-peer network 830 that manages the embedded SIM management DB.
- the use contractor inputs necessary information to the use contractor apparatus 800.
- the subscriber device 800 obtains necessary information from the subscriber communication carrier device 810. Thereafter, the subscriber device 800 broadcasts to the peer-to-peer network 830 an information registration request transaction that is time-stamped to each of the above information and electronically signed with the secret key.
- a signal S71 indicates an information input signal from the subscriber to the subscriber device 800.
- S71 includes a pair of the contractor's private key and public key, and information (URL and the like) of the contract communication carrier device 810.
- a signal S72 is an acquisition request signal such as profile information from the contract subscriber device 800 to the contract communication carrier device 810, a contract certificate (with a digital signature of the contract carrier), and the like.
- the signal S73 is a response signal to the signal S72.
- S72 includes the URL of the usage contract communication carrier device 810 and the like.
- S73 includes profile information and a contract certificate (with a contract carrier's electronic signature).
- Signal S 74 is an information registration request transaction signal broadcasted from the subscriber device 800 to the peer-to-peer network 830.
- FIG. 34 is a flow chart up to the transmission of an information registration request transaction signal to the peer-to-peer network 830 which manages the embedded SIM management DB in the subscriber device 800.
- Step ST121 is a step in which the subscriber device 800 inputs the information from the user.
- Step ST122 is a step in which the subscriber device 800 inquires of the usage contract communication carrier device 810 for the above information.
- Step ST123 is a step in which the subscriber device 800 generates an information registration request transaction.
- Step ST124 is a step of broadcasting the information registration request transaction generated by the subscriber device 800 to the peer-to-peer network 830.
- FIG. 35 is an explanatory diagram of the information registration request transaction generation step ST123.
- the information registration request transaction I 620 is composed of an embedded SIM number, profile information, contract certificate (with electronic signature of contract carrier) I 610, time stamp, public key (contractor public key), and electronic signature.
- Contract certificate (with contract carrier's digital signature) I 610 consists of embedded SIM number, contract carrier public key, contractor public key, and trust information (encrypted with contract carrier public key), included in the transaction
- the electronic signature is an embedded SIM number, profile information, contract certificate (with contract carrier's digital signature), and time stamp, signed by the contractor private key.
- FIG. 36 is an explanatory diagram of trust information (encrypted with contract carrier public key) I 520 included in contract certificate I 610.
- the trust information encrypts the encrypted value I 510 of the contract-specific secret information (secret information that only the user and the contract carrier know) in the contract communication carrier device 810 with the public key of the contract communication carrier, and a valid embedded SIM number It is given to the owner.
- FIG. 37 is a flowchart illustrating an example of processing of a joining node 840 joining a peer-to-peer network. These processes correspond to, for example, processes executed by the block chain management unit 2g of the node device 2a in FIG.
- the block chain management unit 2g is the information registrant device 3 (in FIG. 32, a valid embedded SIM number (multiple number) owner (user contractor device) 800, or a malicious third party
- the information registration request transaction broadcasted from 890 is received (ST31 or ST71)
- the block chain management unit 2 g treats the information registration request transaction received this time as an unauthorized one, and broadcasts a transaction error to the peer-to-peer network (ST 34).
- the block chain management unit 2g confirms the content of the contract certificate (ST132). In the content confirmation of the contract certificate, the legitimacy of the contract party's public key linked to the embedded SIM number and the legitimacy of the confidence information are confirmed. If the block chain management unit 2g determines that the contract certificate is invalid (ST133, illegal), it treats the information registration request transaction received this time as an illegal one, and broadcasts a transaction error to the peer-to-peer network (ST34). Further, when determining that the contract certificate is valid (ST133, valid), the block chain management unit 2g treats the information registration request transaction received this time as a valid one, and holds it in the latest ungenerated block (ST37). ).
- the information registration request transaction is configured to include the contract certificate including the confidence information obtained by encrypting the secret information known only to the user and the contract carrier with the contract carrier's public key. .
- the malicious third party can not issue the information registration request transaction including the confidence information because the malicious third party does not know the confidence information. Therefore, the influence of the above-mentioned improper information registration request transaction can be prevented.
- the embedded SIM management system includes an embedded SIM-equipped product owner apparatus 900, an embedded SIM-equipped product apparatus 910, a product installation location MNO apparatus 920, a usage contract MNO apparatus 930, and a combination. It includes a peer-to-peer network 940 for managing an embedded SIM management DB, and a plurality of participating nodes 950 participating in the peer-to-peer network 940.
- FIG. 39 shows an example of the information registration request transaction generated in this embodiment.
- the information registration request transaction in this embodiment includes an embedded SIM number, profile information, a contract certificate, a time stamp, a public key, and an electronic signature.
- the profile information also includes a contract MNO-ID, a contract IMSI, a contract MSISDN, a remote setting program code (program code), and a profile setting state. That is, according to FIG. 39, as a new information element in the present embodiment, there are a remote setting program code in profile information managed for each usage contract MNO, and a profile setting state.
- the remote setting program code is held along with other information of the transaction in each participating node 950 participating in peer-to-peer network 940, and is automatically executed based on the network predetermined rule and the corresponding program code.
- the network predetermined rule is like the contract fulfillment automatic execution rule of the smart contract in (non-patent document 2) Etheriam mentioned above.
- the program code mentioned here is mainly a program code for prompting the product installation location MNO device (that is, the MNO device connected with the relevant product) to remotely set the profile of the relevant embedded SIM by the OTA.
- the remote setting program code is executed in response to the received profile setting request transaction, and generates an embedded SIM remote setting instruction signal prompting remote setting of the profile by the OTA of the corresponding embedded SIM.
- the embedded SIM remote setting instruction signal generated by the remote setting program code is sent to the product location MNO device, which will prompt the remote setting of the profile by OTA.
- the profile setting state refers to a state as to whether or not the profile has been set remotely to an actual embedded SIM, and is configured in a state such as unset / requested for setting / already set.
- FIG. 40 is a signal sequence diagram until broadcast of an information registration request transaction including new information (remote setting program code, profile setting state) from the embedded SIM-equipped product owner device 900.
- the embedded SIM-equipped product owner inputs necessary information into the embedded SIM-equipped product owner apparatus 900.
- the embedded SIM-equipped product owner apparatus 900 obtains necessary information from the usage contract MNO apparatus 930.
- the embedded SIM-equipped product owner apparatus 900 broadcasts an information registration request transaction electronically signed with a secret key to the peer-to-peer network 940 by giving a time stamp to each item of information.
- a signal S81 indicates a signal for the owner of the embedded SIM-equipped product to input the contract MNO information and the like to the embedded SIM-equipped product owner apparatus 900 which itself manages.
- a signal S 82 indicates a signal for querying the usage contract MNO device 930 from the embedded SIM-equipped product owner device 900 for necessary information.
- a signal S83 is a response signal from the usage contract MNO device 930 to the signal S82.
- S 82 includes an embedded SIM number (eUICC-ID) and the like.
- S83 includes profile information for the usage contract.
- the profile information included in the signal in S83 includes a contract MNO-ID, a contract IMSI, a contract MSISDN, a remote setting program code, a contract certificate, and the like.
- Signal S 84 is an information registration request transaction signal broadcast from embedded SIM-equipped product owner device 900 to peer-to-peer network 940.
- S84 includes an information setting request transaction in which the information included in S83 and the profile setting state are not set, the information is electronically signed, and the public key and the electronic signature are added.
- FIG. 41 is a flow chart up to the transmission of an information registration request transaction signal to the peer-to-peer network 940 for managing the embedded SIM management DB in the embedded SIM-equipped product owner apparatus 900.
- Step ST201 is a step in which the embedded SIM-equipped product owner apparatus 900 receives input of information from the embedded SIM-equipped product owner.
- Step ST202 is a step in which the embedded SIM-equipped product owner apparatus 900 inquires of the usage contract MNO apparatus 930 for necessary information.
- Step ST203 is a step in which the embedded SIM-equipped product owner apparatus 900 generates an information registration request transaction.
- Step ST 204 is a step of broadcasting an information registration request transaction generated by the embedded SIM-equipped product owner apparatus 900 to the peer-to-peer network 830.
- FIG. 42 shows an information registration request transaction for rewriting the setting result through remote setting of profile information by OTA to the actual embedded SIM after the embedded SIM-equipped product device 910 initially connects to the product installation location MNO device 920 It is a signal sequence diagram until it broadcasts.
- the signals S91 to S93 in FIG. 42 are the same as the signals S11 to S13 in FIG. Therefore, the detailed description is omitted.
- Signal S94 in FIG. 42 shows a broadcast signal of a profile setting request transaction (setting state update request) from the product installation location (connection location) MNO device 920 to the embedded SIM that broadcasts to the peer-to-peer network 940.
- a signal S 95 indicates an embedded SIM remote setting instruction signal from any of the participating nodes 950 to the peer-to-peer network 940 to the product installation location MNO device (setting state update request source) 920.
- the embedded SIM remote setting instruction signal is automatically generated by the remote setting program code executed in response to the profile setting request transaction.
- Signal S96 shows a series of signals for actual remote setting by OTA between the product installation location MNO device (connection MNO device) 920 and the embedded SIM-equipped product device 910.
- Signal S 97 is a remote setting result information registration request transaction signal broadcasted from product location MNO device 920 to peer-to-peer network 940.
- FIG. 43 is a flow chart up to the transmission of an information registration request transaction signal to the peer-to-peer network 940 that manages the embedded SIM management DB in the product installation location MNO device 920.
- Step ST301 is a step of receiving an initial connection signal in the product installation location MNO device 920.
- Step ST302 is a processing branch step. In step ST302, whether the product installation location MNO device 920 performs embedded SIM rewriting processing according to the conventional method (left branch in the drawing) or does it use the cache of block chain data to perform unique determination (right in the drawing) Branching is performed by broadcasting an information use request transaction to a peer-to-peer network 940 and determining (central branch in the figure).
- step ST303 the product installation location MNO apparatus 920 inquires for setting profile information associated with the eUICC-ID of the embedded SIM installed in the apparatus (embedded SIM installed product apparatus 910) that has generated the initial connection signal. Broadcasting an information usage request transaction to the peer-to-peer network 940; Step ST304 is a step in which the product installation location MNO device 920 waits for a response signal to the broadcast signal, and adopts any response content and response node from among them. In addition, step ST304 is a step of determining the legitimacy of the information in the initial connection signal received in step ST301 based on the adopted response content. Step ST305 is a step of broadcasting a profile setting request transaction (setting state update request) to the embedded SIM.
- Step S306 is a step in which each participating node 950 executes the remote setting program code in the profile information automatically according to the profile setting request transaction.
- Step S307 is a step of instructing the embedded SIM remote setting to the product installation location MNO device (setting state update request source) 920 from any of the participating nodes 950 in the peer-to-peer network 940.
- Step ST308 is a step for performing profile remote setting to the embedded SIM (of the embedded SIM-equipped product device 910) by the OTA in the product installation location MNO device 920.
- Step ST309 is a step of broadcasting a remote setting result information registration request transaction.
- participant node 950 manages profile information including remote configuration program code. Also, the participant node 950 executes the remote setting program code in response to the profile setting request transaction, and generates and transmits an embedded signal remote setting instruction signal. As a result, the product installation location MNO device 920 transmits the built-in SIM (in the built-in SIM mounted product device 910) to the built-in SIM mounted product device 910 in response to the received built-in signal remote setting instruction signal. Profile remote settings can be made automatically. In other words, according to this embodiment, based on the initial connection signal from the embedded SIM-equipped product device 910, it is possible to automatically perform profile remote setting to the embedded SIM by OTA.
- the embedded SIM management system in the present embodiment includes an embedded SIM-equipped product apparatus 1100, (a participating node constituting the peer-to-peer network) 1200, and a product installation location MNO apparatus 1300. Also, the embedded SIM management system in the present embodiment includes an embedded SIM-equipped product manufacturer's device, an embedded SIM-equipped product owner's device, a usage contract MNO device, etc. (not shown).
- the embedded SIM number eUICC-ID
- the embedded SIM mounted product serial number product serial number
- the setting profile MNO access ID old
- Information such as MNO-ID
- setting profile IMSI old IMSI
- setting profile MSISDN old MSISDN
- an information registration request transaction including the above pieces of information is broadcast to the peer-to-peer network 1200 by the embedded SIM-equipped product manufacturer's device corresponding to the manufacturer such as the manufacturer who manufactures the embedded SIM-equipped product device 1100 ( ST 401).
- the purchaser of the embedded SIM-equipped product device 1100 concludes a mobile network usage contract with the new MNO. Then, an information registration request transaction including a remote setting program code, new profile setting information, and the like is broadcast to the peer-to-peer network 1200 by the embedded SIM-equipped product owner apparatus or the like (ST 402).
- the processing of ST402 is similar to, for example, the processing of FIG. 40 in the eighth embodiment.
- the embedded SIM-equipped product apparatus 1100 transmits an initial connection signal from an arbitrary place to the product installation place MNO apparatus 1300 (ST 403, S 91). Thereafter, the process as described in FIG. 42 is performed.
- the product installation location MNO apparatus 1300 that has received the initial connection signal broadcasts an information use request transaction to the peer-to-peer network 1200 (ST 92).
- the peer-to-peer network (each participant node) 1200 returns a response signal in response to the received information use request transaction (S93).
- the product installation location MNO device 1300 broadcasts a profile setting request transaction to the peer-to-peer network 1200 after confirming the validity of the connection based on the received response signal (S94).
- the peer-to-peer network (each participant node) 1200 executes remote configuration program code based on the profile configuration request transaction.
- the embedded SIM remote setting instruction signal generated as a result of the execution of the remote setting program code is transmitted to the product installation location MNO device 1300 (S95).
- the product installation location MNO device 1300 uses the OTA for setting information of the embedded SIM of the embedded SIM-equipped product device 1100 based on the received embedded SIM remote setting instruction signal. It rewrites to a new one (S96). Thereafter, the product installation location MNO device 1300 broadcasts an information registration request transaction indicating the remote setting result to the peer-to-peer network 1200 (S97).
- the embedded SIM management system 2000 in the present embodiment includes a peer-to-peer network 3000 configured of a plurality of node devices 5000 capable of peer-to-peer communication with each other, and an information registrant device 4000.
- the information registrant device 4000 includes a network interface 4100 and an information registration request transaction generation unit 4200.
- the information registration request transaction generation unit 4200 generates an information registration request transaction, and broadcasts the generated information registration request transaction to the peer-to-peer network 3000 through the network interface 4100. More specifically, the information registration request transaction generation unit 4200 includes embedded SIM information including SIM identification information and a profile, and an electronic signature signed using the secret key of the information registrant with respect to the embedded SIM information.
- the information registration request transaction is configured to be generated based on the secret key and the public key paired with the secret key.
- the information registration request transaction generation unit 4200 can be configured the same as the information registration request transaction generation unit described in the first to ninth embodiments, but is not limited thereto.
- Each of the node devices 5000 includes a network interface 5100, a block chain 5200, and a block chain management unit 5300.
- the block chain 5200 is a data structure in which blocks obtained by collecting transactions for a fixed period are connected in a chain.
- block chain 5200 may use Ethereal's block chain, but is not limited thereto.
- the block chain 5200 is also called an embedded SIM management DB.
- the block chain management unit 5300 stores the information registration request transaction received through the network interface 5100 in the block chain 5200 based on an agreement formation algorithm executed in cooperation with another node device 5000.
- the block chain management unit 5300 can be configured similarly to the block chain management unit described in the first to ninth embodiments, but is not limited thereto.
- the embedded SIM management system 2000 operates as follows. That is, the information registration person device 4000 is signed by the information registration request transaction generation unit 4200 using the embedded SIM information including the SIM identification information and the profile, and the embedded SIM information using the secret key of the information registrant. An information registration request transaction is generated based on the electronic signature and the public key paired with the private key. Next, the information registrant device 4000 broadcasts the information registration request transaction to the peer-to-peer network 3000 by the network interface 4100.
- Each of the node devices 5000 receives the broadcasted information registration request transaction through the network interface 5100. Next, each of the node devices 5000 stores the received information registration request transaction in the block chain 5200 by the block chain management unit 5300 based on the agreement forming algorithm executed in cooperation with the other node devices 5000. Do.
- the embedded SIM information is managed by the block chain technology, an embedded SIM management system excellent in reliability, availability, and maintainability can be provided.
- a node device constituting a peer-to-peer network, Network interface, An embedded SIM information including SIM (Subscriber Identity Module) identification information and a profile, and an electronic signature signed using the information registrant's private key to the embedded SIM information and the public key paired with the private key
- the information registration request transaction including the key and the information registration request transaction is received through the network interface, and the received information registration request transaction is performed based on a consensus forming algorithm executed in cooperation with other node devices configuring the peer-to-peer network.
- the block chain management unit searches the block chain for another information registration request transaction including the same SIM identification information as the SIM identification information included in the received information registration request transaction, and the other information searched for The validity of the received information registration request transaction is determined based on the result of comparing the public key included in the registration request transaction with the public key included in the received information registration request transaction. Being The node device according to appendix 1.
- the block chain management unit receives the public key when the public key included in the received information registration request transaction matches the public key included in all the other information registration request transactions searched for Determine that the information registration request transaction is valid; The node device according to appendix 2.
- the block chain management unit receives the received public key. Configured to determine that the information registration request transaction is valid, The node device according to appendix 2.
- the block chain management unit receives the public key when the public key included in the received information registration request transaction matches at least the latest public key included in the other information registration request transaction retrieved. Configured to determine that the information registration request transaction is valid; The node device according to appendix 2.
- the block chain management unit is configured to determine the legitimacy of the received information registration request transaction based on a consignment certificate or a re-consignment certificate included in the received information registration request transaction. , The node device according to appendix 1.
- the embedded SIM information corresponding to the SIM identification information included in the information inquiry request is acquired from the information stored in the block chain, and is transmitted through the network interface Including a query response unit that generates a response, The node device according to any one of appendices 1 to 4.
- the embedded SIM information includes a program code, When the profile setting request transaction is received through the network interface, the program code is executed according to the received profile setting request transaction to generate an embedded SIM remote setting instruction signal, and the generated embedded SIM remote setting instruction signal.
- the node device according to any one of appendices 1 to 5, configured to transmit through the network interface.
- An embedded subscriber identity module (SIM) management method executed by a node device configuring a peer-to-peer network, comprising: Information including embedded SIM information including SIM identification information and a profile, an electronic signature signed to the embedded SIM information using an information registrant's private key, and a public key paired with the private key
- SIM subscriber identity module
- the registration request transaction is received through the network interface, and the received information registration request transaction is stored in a block chain based on an agreement forming algorithm executed in cooperation with other node devices configuring the peer-to-peer network.
- Do Embedded SIM management method.
- An information registrant apparatus that broadcasts an information registration request transaction to a peer-to-peer network composed of a plurality of node apparatuses capable of peer-to-peer communication with each other, comprising: Network interface, An information registration request transaction generating unit that generates the information registration request transaction and broadcasts the information registration request transaction to the peer-to-peer network through the network interface;
- the information registration request transaction generation unit includes: embedded SIM information including SIM (Subscriber Identity Module) identification information and a profile; and an electronic signature signed by using an information registrant's private key with respect to the embedded SIM information. Configured to generate an information registration request transaction based on the private key and the public key paired with the private key Information registrant device.
- the information registration request transaction generation unit is configured to pair an electronic signature signed using the secret key with information including the SIM identification information and a new public key used instead of the public key, and the secret key Configured to generate the information registration request transaction based on the public key being The information registrant device according to appendix 9.
- the information registration request transaction generation unit is configured to use an electronic signature signed by using the secret key of the user terminal with respect to information including the SIM identification information and a new profile used instead of the profile, and the secret key
- the information registration request transaction is configured to be generated based on the public key paired with the public key.
- the information registration request transaction generating unit includes: an electronic signature signed using a predetermined secret key with respect to information including the SIM identification information and a new public key and including a consignment certificate or a re-consignment certificate;
- the information registration request transaction is configured to be generated based on a secret key and a public key paired with the secret key.
- the information registrant device according to appendix 9.
- the information registration request transaction generation unit is configured to include, in the information registration request transaction, confidence information obtained by encrypting secret information known only to the user and the contract carrier with the contract carrier's public key.
- the information registrant device according to any one of appendices 9 to 12.
- a peer-to-peer network composed of a plurality of node devices capable of peer-to-peer communication with each other, and an information registrant device;
- the information registrant device is A first network interface,
- An information registration request transaction generating unit for generating an information registration request transaction and broadcasting it to the peer-to-peer network through the first network interface;
- the information registration request transaction generation unit includes: embedded SIM information including SIM (Subscriber Identity Module) identification information and a profile; and an electronic signature signed by using an information registrant's private key with respect to the embedded SIM information.
- SIM Subscriber Identity Module
- Each of the node devices is A second network interface, A block chain management unit which stores the information registration request transaction received through the second network interface in a block chain based on a consensus forming algorithm executed in cooperation with another node device.
- Embedded SIM management system [Supplementary Note 15] The block chain management unit searches the block chain for another information registration request transaction including the same SIM identification information as the SIM identification information included in the received information registration request transaction, and the other information searched for The validity of the received information registration request transaction is determined based on the result of comparing the public key included in the registration request transaction with the public key included in the received information registration request transaction. Being The embedded SIM management system according to appendix 14.
- the block chain management unit receives the public key when the public key included in the received information registration request transaction matches the public key included in all the other information registration request transactions searched for Determine that the information registration request transaction is valid; The embedded SIM management system according to appendix 15.
- the block chain management unit receives the received public key. Configured to determine that the information registration request transaction is valid, The embedded SIM management system according to appendix 15.
- the block chain management unit receives the public key when the public key included in the received information registration request transaction matches at least the latest public key included in the other information registration request transaction retrieved.
- the information registration request transaction generation unit is configured to pair an electronic signature signed using the secret key with information including the SIM identification information and a new public key used instead of the public key, and the secret key Configured to generate the information registration request transaction based on the public key being The embedded SIM management system according to appendix 14.
- the information registration request transaction generation unit is configured to use an electronic signature signed by using the secret key of the user terminal with respect to information including the SIM identification information and a new profile used instead of the profile, and the secret key
- the information registration request transaction is configured to be generated based on the public key paired with the public key.
- the embedded SIM management system includes: an electronic signature signed using a predetermined secret key with respect to information including the SIM identification information and a new public key and including a consignment certificate or a re-consignment certificate; The information registration request transaction is configured to be generated based on a secret key and a public key paired with the secret key.
- the block chain management unit is configured to determine the legitimacy of the received information registration request transaction, based on the entrusted certificate or the re-consignment certificate included in the received information registration request transaction. Yes, An embedded SIM management system according to appendix 21.
- the information registration request transaction generation unit is configured to include, in the information registration request transaction, confidence information obtained by encrypting secret information known only to the user and the contract carrier with the contract carrier's public key.
- the embedded SIM management system according to any one of appendages 14 to 22.
- Each of the node devices further comprises: When the information inquiry request is received through the second network interface, the embedded SIM information corresponding to the SIM identification information included in the information inquiry request is acquired from the information stored in the block chain and transmitted through the network interface Including a query response unit that generates a response to The embedded SIM management system according to any one of appendices 14-23.
- the embedded SIM information includes a program code
- Each of the node devices further comprises: When a profile setting request transaction is received through the second network interface, a program code is executed according to the received profile setting request transaction to generate an embedded SIM remote setting instruction signal, and the generated embedded SIM remote setting is generated.
- Clause 18 The embedded SIM management system according to any of clauses 14-24, configured to transmit an indication signal through the network interface.
- the programs described in each of the above-described embodiments and the supplementary notes are stored in a storage device or recorded in a computer-readable recording medium.
- the recording medium is a portable medium such as a flexible disk, an optical disk, a magneto-optical disk, and a semiconductor memory.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Power Engineering (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
互いにピアツーピア通信が可能な複数のノード装置から構成されたピアツーピアネットワークと、情報登録者装置とを含み、
前記情報登録者装置は、
第1のネットワークインターフェースと、
情報登録要求トランザクションを生成して前記第1のネットワークインターフェースを通じて前記ピアツーピアネットワークにブロードキャストする情報登録要求トランザクション生成部と、を含み、
前記情報登録要求トランザクション生成部は、SIM(Subscriber Identity Module)識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とに基づいて、前記情報登録要求トランザクションを生成するように構成され、
前記ノード装置のそれぞれは、
第2のネットワークインターフェースと、
他のノード装置と協働して実行される合意形成アルゴリズムに基づいて、前記第2のネットワークインターフェースを通じて受信した前記情報登録要求トランザクションをブロックチェーンに蓄積するブロックチェーン管理部と、を含む、
という構成を採る。
ピアツーピアネットワークを構成するノード装置であって、
ネットワークインターフェースと、
SIM(Subscriber Identity Module)識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とを含む情報登録要求トランザクションを、前記ネットワークインターフェースを通じて受信し、前記ピアツーピアネットワークを構成する他のノード装置と協働して実行される合意形成アルゴリズムに基づいて、前記受信した前記情報登録要求トランザクションをブロックチェーンに蓄積するブロックチェーン管理部と、を含む、
という構成を採る。
ピアツーピアネットワークを構成するノード装置が実行する組込SIM(Subscriber Identity Module)管理方法であって、
SIM識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とを含む情報登録要求トランザクションを、前記ネットワークインターフェースを通じて受信し、前記ピアツーピアネットワークを構成する他のノード装置と協働して実行される合意形成アルゴリズムに基づいて、前記受信した前記情報登録要求トランザクションをブロックチェーンに蓄積する、
という構成を採る。
ピアツーピアネットワークを構成するコンピュータを、
ネットワークインターフェースと、
SIM(Subscriber Identity Module)識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とを含む情報登録要求トランザクションを、前記ネットワークインターフェースを通じて受信し、前記ピアツーピアネットワークを構成する他のノード装置と協働して実行される合意形成アルゴリズムに基づいて、前記受信した前記情報登録要求トランザクションをブロックチェーンに蓄積するブロックチェーン管理部と、
して機能させるためのプログラムである。
互いにピアツーピア通信が可能な複数のノード装置から構成されたピアツーピアネットワークに情報登録要求トランザクションをブロードキャストする情報登録者装置であって、
ネットワークインターフェースと、
前記情報登録要求トランザクションを生成して前記ネットワークインターフェースを通じて前記ピアツーピアネットワークにブロードキャストする情報登録要求トランザクション生成部と、を含み、
前記情報登録要求トランザクション生成部は、SIM(Subscriber Identity Module)識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とに基づいて、情報登録要求トランザクションを生成するように構成されている、
という構成を採る。
[第1の実施形態]
図45を参照すると、本発明の第1の実施形態にかかる組込SIM管理システム1は、ピアツーピアネットワーク2と情報登録者装置3と情報利用者装置4とから構成されている。
次に本発明の第2の実施形態について説明する。
<本実施形態が解決しようとする課題>
組込SIMは、M2M/IoT機器などに組み込まれたモバイル通信用の加入者識別カードモジュールであり、製品の工場出荷時には特定のモバイルキャリアとの通信用プロファイルが書き込まれている。工場出荷後に実際のユーザの手に製品が渡り、別のモバイルキャリアとの契約に切替えたい場合、旧キャリアの新キャリアへのローミングという形を取り、実際のモバイル通信(OTA:Over The Air)によって組込SIMへのリモート設定変更が行われる。
図1を参照すると、本実施形態における組込SIM管理システムは、組込SIM管理用DBへ情報を登録する情報登録者装置10(複数で構わない)と、組込SIM管理用DBの情報を利用する情報利用者装置20(複数で構わない)と、ピアツーピアネットワーク30と、から構成される。
本実施形態における情報登録者装置10(複数)は、ピアツーピアネットワーク30全体に対して組込SIM管理用DBへの情報登録要求トランザクションをブロードキャストすることで、情報登録の要求を行う。
本実施形態によると、組込SIM管理用DBはピアツーピアネットワーク30に参加する参加ノード40全体で管理するため、前述した課題1、2および4は解決できる。
図2を参照すると、本実施形態における組込SIM管理システムは、組込SIM製造者装置100、組込SIM搭載品製造者装置110、旧契約MNO装置120、新契約MNO装置130、組込SIM搭載品所有者装置140、組込SIM搭載製品装置150、本実施形態で扱う組込SIM管理用DB用ブロックチェーン(暗号学的ハッシュブロックの連鎖)を管理するピアツーピアネットワーク160、およびピアツーピアネットワーク160への任意の参加ノード170(複数)から構成される。
本実施形態では、他人の組込SIM番号(eUICC-ID)を知った悪意の第三者が任意の秘密鍵と公開鍵のペアを生成し、出鱈目の情報登録要求トランザクションをブロードキャストする攻撃に対して頑健な組込SIM管理システムについて説明する。以下、本実施形態の構成および動作を、図9、図10を参照して説明する。
本実施形態では、秘密鍵と公開鍵のペアを変更することができるように構成した番号ポータビリティ情報管理システムについて説明する。
今回受信した情報登録要求トランザクションに含まれる公開鍵と検索した情報登録要求トランザクションに含まれる最も新しい「新しい公開鍵」とが一致する場合、当該受信した情報登録要求トランザクションを正当なトランザクションとして扱うよう構成されている。
このような構成により、秘密鍵と公開鍵のペアを変更することが可能となる。
本実施形態では、悪意の第三者が、過去に未使用の任意の組込SIM番号(eUICC-ID)の所有権を奪取する目的で、任意の秘密鍵と公開鍵のペアを生成し、新しい公開鍵を含む情報登録要求トランザクションを最初にブロードキャストする攻撃に対して頑健な組込SIM管理システムについて説明する。
本実施形態では、悪意の第三者が、通信キャリアをDoS攻撃する目的で、不特定多数の組込SIM番号を同一のプロファイル情報として情報登録要求トランザクションをブロードキャストする攻撃に対して頑健な組込SIM管理システムについて説明する。
これまでの実施形態では、主にブロックチェーンに書き込む組込SIM管理用DBの内容の更新や問い合わせについて述べてきた。本実施形態では、実際の組込SIMに対するOTAによるリモート設定方法について、図38から図43を用いて説明する。
続いて、第1の実施形態から第8の実施形態までで説明した一連の処理の流れの一例について、図44を参照して説明する。
本実施形態では、本発明の概要を説明する。
[付記1]
ピアツーピアネットワークを構成するノード装置であって、
ネットワークインターフェースと、
SIM(Subscriber Identity Module)識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とを含む情報登録要求トランザクションを、前記ネットワークインターフェースを通じて受信し、前記ピアツーピアネットワークを構成する他のノード装置と協働して実行される合意形成アルゴリズムに基づいて、前記受信した前記情報登録要求トランザクションをブロックチェーンに蓄積するブロックチェーン管理部と、を含む、
ノード装置。
[付記2]
前記ブロックチェーン管理部は、受信した前記情報登録要求トランザクションに含まれる前記SIM識別情報と同一のSIM識別情報を含む他の情報登録要求トランザクションを前記ブロックチェーンから検索し、前記検索した前記他の情報登録要求トランザクションに含まれる前記公開鍵と前記受信した前記情報登録要求トランザクションに含まれる前記公開鍵とを比較した結果に基づいて、前記受信した前記情報登録要求トランザクションの正当性を判定するように構成されている、
付記1に記載のノード装置。
[付記2A]
前記ブロックチェーン管理部は、前記受信した前記情報登録要求トランザクションに含まれる前記公開鍵が、前記検索した全ての前記他の情報登録要求トランザクションに含まれる前記公開鍵と一致したときは、前記受信した前記情報登録要求トランザクションを正当であると判定する、
付記2に記載のノード装置。
[付記2B]
前記ブロックチェーン管理部は、前記受信した前記情報登録要求トランザクションに含まれる前記公開鍵が、前記検索した前記他の情報登録要求トランザクションに含まれる最新の公開鍵と一致したときは、前記受信した前記情報登録要求トランザクションを正当であると判定するように構成されている、
付記2に記載のノード装置。
[付記3]
前記ブロックチェーン管理部は、前記受信した前記情報登録要求トランザクションに含まれる前記公開鍵が、少なくとも、前記検索した前記他の情報登録要求トランザクションに含まれる最新の公開鍵と一致したとき、前記受信した前記情報登録要求トランザクションを正当であると判定するように構成されている、
付記2に記載のノード装置。
[付記4]
前記ブロックチェーン管理部は、前記受信した前記情報登録要求トランザクションに含まれる委託証明書または再委託証明書に基づいて、前記受信した前記情報登録要求トランザクションの正当性を判定するように構成されている、
付記1に記載のノード装置。
[付記5]
前記ネットワークインターフェースを通じて情報問い合わせ要求を受信すると、前記情報問い合わせ要求に含まれるSIM識別情報に対応する前記組込SIM情報を前記ブロックチェーンに蓄積された情報から取得し、前記ネットワークインターフェースを通じて送信するための応答を生成する問い合わせ応答部を含む、
付記1乃至4の何れかに記載のノード装置。
[付記6]
前記組込SIM情報には、プログラムコードが含まれており、
前記ネットワークインターフェースを通じてプロファイル設定要求トランザクションを受信すると、受信した前記プロファイル設定要求トランザクションに応じて前記プログラムコードを実行して組込SIMリモート設定指示信号を生成し、生成した前記組込SIMリモート設定指示信号を、前記ネットワークインターフェースを通じて送信するよう構成されている
付記1乃至5のいずれかに記載のノード装置。
[付記7]
ピアツーピアネットワークを構成するノード装置が実行する組込SIM(Subscriber Identity Module)管理方法であって、
SIM識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とを含む情報登録要求トランザクションを、前記ネットワークインターフェースを通じて受信し、前記ピアツーピアネットワークを構成する他のノード装置と協働して実行される合意形成アルゴリズムに基づいて、前記受信した前記情報登録要求トランザクションをブロックチェーンに蓄積する、
組込SIM管理方法。
[付記8]
ピアツーピアネットワークを構成するコンピュータを、
ネットワークインターフェースと、
SIM(Subscriber Identity Module)識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とを含む情報登録要求トランザクションを、前記ネットワークインターフェースを通じて受信し、前記ピアツーピアネットワークを構成する他のノード装置と協働して実行される合意形成アルゴリズムに基づいて、前記受信した前記情報登録要求トランザクションをブロックチェーンに蓄積するブロックチェーン管理部と、
して機能させるためのプログラム。
[付記9]
互いにピアツーピア通信が可能な複数のノード装置から構成されたピアツーピアネットワークに情報登録要求トランザクションをブロードキャストする情報登録者装置であって、
ネットワークインターフェースと、
前記情報登録要求トランザクションを生成して前記ネットワークインターフェースを通じて前記ピアツーピアネットワークにブロードキャストする情報登録要求トランザクション生成部と、を含み、
前記情報登録要求トランザクション生成部は、SIM(Subscriber Identity Module)識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とに基づいて、情報登録要求トランザクションを生成するように構成されている、
情報登録者装置。
[付記10]
前記情報登録要求トランザクション生成部は、前記SIM識別情報と前記公開鍵の代わりに使用する新しい公開鍵とを含む情報に対して前記前記秘密鍵を用いて署名した電子署名と、前記秘密鍵とペアになっている前記公開鍵とに基づいて、前記情報登録要求トランザクションを生成するように構成されている、
付記9に記載の情報登録者装置。
[付記11]
前記情報登録要求トランザクション生成部は、前記SIM識別情報と前記プロファイルの代わりに使用する新しいプロファイルとを含む情報に対して前記ユーザ端末の前記秘密鍵を用いて署名した電子署名と、前記秘密鍵とペアになっている前記公開鍵とに基づいて、前記情報登録要求トランザクションを生成するように構成されている、
付記9に記載の情報登録者装置。
[付記12]
前記情報登録要求トランザクション生成部は、前記SIM識別情報と新しい公開鍵を含み且つ委託証明書または再委託証明書を含む情報に対して所定の秘密鍵を用いて署名した電子署名と、前記所定の秘密鍵とペアになっている公開鍵とに基づいて、前記情報登録要求トランザクションを生成するように構成されている、
付記9に記載の情報登録者装置。
[付記13]
前記情報登録要求トランザクション生成部は、前記情報登録要求トランザクションに、ユーザと契約キャリアしか知らない秘密の情報を契約キャリアの公開鍵で暗号化した信任情報を含めるように構成されている、
付記9乃至12の何れかに記載の情報登録者装置。
[付記14]
互いにピアツーピア通信が可能な複数のノード装置から構成されたピアツーピアネットワークと、情報登録者装置とを含み、
前記情報登録者装置は、
第1のネットワークインターフェースと、
情報登録要求トランザクションを生成して前記第1のネットワークインターフェースを通じて前記ピアツーピアネットワークにブロードキャストする情報登録要求トランザクション生成部と、を含み、
前記情報登録要求トランザクション生成部は、SIM(Subscriber Identity Module)識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とに基づいて、前記情報登録要求トランザクションを生成するように構成され、
前記ノード装置のそれぞれは、
第2のネットワークインターフェースと、
他のノード装置と協働して実行される合意形成アルゴリズムに基づいて、前記第2のネットワークインターフェースを通じて受信した前記情報登録要求トランザクションをブロックチェーンに蓄積するブロックチェーン管理部と、を含む、
組込SIM管理システム。
[付記15]
前記ブロックチェーン管理部は、受信した前記情報登録要求トランザクションに含まれる前記SIM識別情報と同一のSIM識別情報を含む他の情報登録要求トランザクションを前記ブロックチェーンから検索し、前記検索した前記他の情報登録要求トランザクションに含まれる前記公開鍵と前記受信した前記情報登録要求トランザクションに含まれる前記公開鍵とを比較した結果に基づいて、前記受信した前記情報登録要求トランザクションの正当性を判定するように構成されている、
付記14に記載の組込SIM管理システム。
[付記16]
前記ブロックチェーン管理部は、前記受信した前記情報登録要求トランザクションに含まれる前記公開鍵が、前記検索した全ての前記他の情報登録要求トランザクションに含まれる前記公開鍵と一致したときは、前記受信した前記情報登録要求トランザクションを正当であると判定する、
付記15に記載の組込SIM管理システム。
[付記17]
前記ブロックチェーン管理部は、前記受信した前記情報登録要求トランザクションに含まれる前記公開鍵が、前記検索した前記他の情報登録要求トランザクションに含まれる最新の公開鍵と一致したときは、前記受信した前記情報登録要求トランザクションを正当であると判定するように構成されている、
付記15に記載の組込SIM管理システム。
[付記18]
前記ブロックチェーン管理部は、前記受信した前記情報登録要求トランザクションに含まれる前記公開鍵が、少なくとも、前記検索した前記他の情報登録要求トランザクションに含まれる最新の公開鍵と一致したとき、前記受信した前記情報登録要求トランザクションを正当であると判定するように構成されている、
付記15に記載の組込SIM管理システム。
[付記19]
前記情報登録要求トランザクション生成部は、前記SIM識別情報と前記公開鍵の代わりに使用する新しい公開鍵とを含む情報に対して前記前記秘密鍵を用いて署名した電子署名と、前記秘密鍵とペアになっている前記公開鍵とに基づいて、前記情報登録要求トランザクションを生成するように構成されている、
付記14に記載の組込SIM管理システム。
[付記20]
前記情報登録要求トランザクション生成部は、前記SIM識別情報と前記プロファイルの代わりに使用する新しいプロファイルとを含む情報に対して前記ユーザ端末の前記秘密鍵を用いて署名した電子署名と、前記秘密鍵とペアになっている前記公開鍵とに基づいて、前記情報登録要求トランザクションを生成するように構成されている、
付記14に記載の組込SIM管理システム。
[付記21]
前記情報登録要求トランザクション生成部は、前記SIM識別情報と新しい公開鍵を含み且つ委託証明書または再委託証明書を含む情報に対して所定の秘密鍵を用いて署名した電子署名と、前記所定の秘密鍵とペアになっている公開鍵とに基づいて、前記情報登録要求トランザクションを生成するように構成されている、
付記14に記載の組込SIM管理システム。
[付記22]
前記ブロックチェーン管理部は、前記受信した前記情報登録要求トランザクションに含まれる前記委託証明書または再委託証明書に基づいて、前記受信した前記情報登録要求トランザクションの正当性を判定するように構成されている、
付記21に記載の組込SIM管理システム。
[付記23]
前記情報登録要求トランザクション生成部は、前記情報登録要求トランザクションに、ユーザと契約キャリアしか知らない秘密の情報を契約キャリアの公開鍵で暗号化した信任情報を含めるように構成されている、
付記14乃至22の何れかに記載の組込SIM管理システム。
[付記24]
前記ノード装置のそれぞれは、さらに、
前記第2のネットワークインターフェースを通じて情報問い合わせ要求を受信すると、前記情報問い合わせ要求に含まれるSIM識別情報に対応する前記組込SIM情報を前記ブロックチェーンに蓄積された情報から取得し、前記ネットワークインターフェースを通じて送信するための応答を生成する問い合わせ応答部を含む、
付記14至23の何れかに記載の組込SIM管理システム。
[付記25]
前記組込SIM情報には、プログラムコードが含まれており、
前記ノード装置のそれぞれは、さらに、
前記第2のネットワークインターフェースを通じてプロファイル設定要求トランザクションを受信すると、受信した前記プロファイル設定要求トランザクションに応じてプログラムコードを実行して組込SIMリモート設定指示信号を生成し、生成した前記組込SIMリモート設定指示信号を、前記ネットワークインターフェースを通じて送信するよう構成されている
付記14乃至24の何れかに記載の組込SIM管理システム。
2 ピアツーピアネットワーク
2a ノード装置
2b ネットワークインターフェース
2c 演算処理部
2d 記憶部
2e プログラム
2f ブロックチェーン
2g ブロックチェーン管理部
2h 問い合わせ応答部
3 情報登録者装置
3a ネットワークインターフェース
3b 演算処理部
3c 記憶部
3d プログラム
3e 情報登録要求トランザクション生成部
4 情報利用者装置
4a ネットワークインターフェース
4b 演算処理部
4c 記憶部
4d プログラム
4e情報利用要求トランザクション生成部
10 情報登録者装置
20 情報利用者装置
30 ピアツーピアネットワーク
40 参加ノード
100 組込SIM製造者装置
110 組込SIM搭載品製造者装置
120 旧契約MNO装置
130 新契約MNO装置
140 組込SIM搭載品所有者装置
150 組込SIM搭載製品装置
160 ピアツーピアネットワーク
170 参加ノード
400 組込SIM製造者装置
410 組込SIM搭載品製造者装置
420 契約MNO装置
430 ピアツーピアネットワーク
440 参加ノード
500 組込SIM製造者装置
510 組込SIM搭載品製造者装置
520 契約MNO装置
530 ピアツーピアネットワーク
540 参加ノード
600 組込SIM搭載製品所有者装置
610 新契約MNO装置
620 旧契約MNO装置
630 ピアツーピアネットワーク
640 参加ノード
700 正当な組込SIM番号所有者
710 契約の無い通信キャリア装置
720 組込SIM搭載製品の接続先MNO装置
730 ピアツーピアネットワーク
740 参加ノード
790 悪意の第三者
800 正当な組込SIM番号所有者(利用契約者装置)
810 利用契約通信キャリア装置
820 組込SIM搭載製品の接続先MNO装置
830 ピアツーピアネットワーク
840 参加ノード
890 悪意の第三者
900 組込SIM搭載製品所有者装置
910 組込SIM搭載製品装置
920 製品設置場所MNO装置
930 利用契約MNO装置
940 ピアツーピアネットワーク
950 参加ノード
1100 組込SIM搭載製品装置
1200 ピアツーピアネットワーク
1300 製品設置場所MNO装置
2000 組込SIM管理システム
3000 ピアツーピアネットワーク
4000 情報登録者装置
4100 ネットワークインターフェース
4200 情報登録要求トランザクション生成部
5000 ノード装置
5100 ネットワークインターフェース
5200 ブロックチェーン
5300 ブロックチェーン管理部
Claims (10)
- ピアツーピアネットワークを構成するノード装置であって、
ネットワークインターフェースと、
SIM(Subscriber Identity Module)識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とを含む情報登録要求トランザクションを、前記ネットワークインターフェースを通じて受信し、前記ピアツーピアネットワークを構成する他のノード装置と協働して実行される合意形成アルゴリズムに基づいて、前記受信した前記情報登録要求トランザクションをブロックチェーンに蓄積するブロックチェーン管理部と、を含む、
ノード装置。 - 前記ブロックチェーン管理部は、受信した前記情報登録要求トランザクションに含まれる前記SIM識別情報と同一のSIM識別情報を含む他の情報登録要求トランザクションを前記ブロックチェーンから検索し、前記検索した前記他の情報登録要求トランザクションに含まれる前記公開鍵と前記受信した前記情報登録要求トランザクションに含まれる前記公開鍵とを比較した結果に基づいて、前記受信した前記情報登録要求トランザクションの正当性を判定するように構成されている、
請求項1に記載のノード装置。 - 前記ブロックチェーン管理部は、前記受信した前記情報登録要求トランザクションに含まれる前記公開鍵が、少なくとも、前記検索した前記他の情報登録要求トランザクションに含まれる最新の公開鍵と一致したとき、前記受信した前記情報登録要求トランザクションを正当であると判定するように構成されている、
請求項2に記載のノード装置。 - 前記ブロックチェーン管理部は、前記受信した前記情報登録要求トランザクションに含まれる委託証明書または再委託証明書に基づいて、前記受信した前記情報登録要求トランザクションの正当性を判定するように構成されている、
請求項1に記載のノード装置。 - 前記ネットワークインターフェースを通じて情報問い合わせ要求を受信すると、前記情報問い合わせ要求に含まれるSIM識別情報に対応する前記組込SIM情報を前記ブロックチェーンに蓄積された情報から取得し、前記ネットワークインターフェースを通じて送信するための応答を生成する問い合わせ応答部を含む、
請求項1乃至4の何れかに記載のノード装置。 - 前記組込SIM情報には、プログラムコードが含まれており、
前記ネットワークインターフェースを通じてプロファイル設定要求トランザクションを受信すると、受信した前記プロファイル設定要求トランザクションに応じて前記プログラムコードを実行して組込SIMリモート設定指示信号を生成し、生成した前記組込SIMリモート設定指示信号を、前記ネットワークインターフェースを通じて送信するよう構成されている
請求項1乃至5のいずれかに記載のノード装置。 - ピアツーピアネットワークを構成するノード装置が実行する組込SIM(Subscriber Identity Module)管理方法であって、
SIM識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とを含む情報登録要求トランザクションを、ネットワークインターフェースを通じて受信し、前記ピアツーピアネットワークを構成する他のノード装置と協働して実行される合意形成アルゴリズムに基づいて、前記受信した前記情報登録要求トランザクションをブロックチェーンに蓄積する、
組込SIM管理方法。 - ピアツーピアネットワークを構成するコンピュータを、
ネットワークインターフェースと、
SIM(Subscriber Identity Module)識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とを含む情報登録要求トランザクションを、前記ネットワークインターフェースを通じて受信し、前記ピアツーピアネットワークを構成する他のノード装置と協働して実行される合意形成アルゴリズムに基づいて、前記受信した前記情報登録要求トランザクションをブロックチェーンに蓄積するブロックチェーン管理部と、
して機能させるためのプログラム。 - 互いにピアツーピア通信が可能な複数のノード装置から構成されたピアツーピアネットワークに情報登録要求トランザクションをブロードキャストする情報登録者装置であって、
ネットワークインターフェースと、
前記情報登録要求トランザクションを生成して前記ネットワークインターフェースを通じて前記ピアツーピアネットワークにブロードキャストする情報登録要求トランザクション生成部と、を含み、
前記情報登録要求トランザクション生成部は、SIM(Subscriber Identity Module)識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とに基づいて、情報登録要求トランザクションを生成するように構成されている、
情報登録者装置。 - 互いにピアツーピア通信が可能な複数のノード装置から構成されたピアツーピアネットワークと、情報登録者装置とを含み、
前記情報登録者装置は、
第1のネットワークインターフェースと、
情報登録要求トランザクションを生成して前記第1のネットワークインターフェースを通じて前記ピアツーピアネットワークにブロードキャストする情報登録要求トランザクション生成部と、を含み、
前記情報登録要求トランザクション生成部は、SIM(Subscriber Identity Module)識別情報とプロファイルとを含む組込SIM情報と前記組込SIM情報に対して情報登録者の秘密鍵を用いて署名した電子署名と前記秘密鍵とペアになっている公開鍵とに基づいて、前記情報登録要求トランザクションを生成するように構成され、
前記ノード装置のそれぞれは、
第2のネットワークインターフェースと、
他のノード装置と協働して実行される合意形成アルゴリズムに基づいて、前記第2のネットワークインターフェースを通じて受信した前記情報登録要求トランザクションをブロックチェーンに蓄積するブロックチェーン管理部と、を含む、
組込SIM管理システム。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2018543828A JP6933221B2 (ja) | 2016-10-04 | 2017-09-20 | 組込sim管理システム、ノード装置、組込sim管理方法、プログラム、情報登録者装置 |
US16/338,543 US11212665B2 (en) | 2016-10-04 | 2017-09-20 | Embedded SIM management system, node device, embedded SIM management method, program, and information registrant device |
EP17858201.1A EP3525389B1 (en) | 2016-10-04 | 2017-09-20 | Embedded sim management system, node device, embedded sim management method, program, and information registrant device |
KR1020197011918A KR20190058584A (ko) | 2016-10-04 | 2017-09-20 | 임베디드 sim 관리 시스템, 노드 장치, 임베디드 sim 관리 방법, 프로그램, 및 정보 등록자 장치 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2016196566 | 2016-10-04 | ||
JP2016-196566 | 2016-10-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018066362A1 true WO2018066362A1 (ja) | 2018-04-12 |
Family
ID=61832017
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2017/033950 WO2018066362A1 (ja) | 2016-10-04 | 2017-09-20 | 組込sim管理システム、ノード装置、組込sim管理方法、プログラム、情報登録者装置 |
Country Status (5)
Country | Link |
---|---|
US (1) | US11212665B2 (ja) |
EP (1) | EP3525389B1 (ja) |
JP (1) | JP6933221B2 (ja) |
KR (1) | KR20190058584A (ja) |
WO (1) | WO2018066362A1 (ja) |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108600261A (zh) * | 2018-05-09 | 2018-09-28 | 济南浪潮高新科技投资发展有限公司 | 一种疾病信息的处理系统及处理疾病信息的方法 |
CN109067870A (zh) * | 2018-08-01 | 2018-12-21 | 长沙龙生光启新材料科技有限公司 | 一种区块链中构成对等网络的节点设备 |
US10230605B1 (en) | 2018-09-04 | 2019-03-12 | Cisco Technology, Inc. | Scalable distributed end-to-end performance delay measurement for segment routing policies |
US10235226B1 (en) | 2018-07-24 | 2019-03-19 | Cisco Technology, Inc. | System and method for message management across a network |
US10285155B1 (en) | 2018-09-24 | 2019-05-07 | Cisco Technology, Inc. | Providing user equipment location information indication on user plane |
US10284429B1 (en) | 2018-08-08 | 2019-05-07 | Cisco Technology, Inc. | System and method for sharing subscriber resources in a network environment |
US10299128B1 (en) | 2018-06-08 | 2019-05-21 | Cisco Technology, Inc. | Securing communications for roaming user equipment (UE) using a native blockchain platform |
CN109981750A (zh) * | 2019-03-06 | 2019-07-05 | 北京百度网讯科技有限公司 | 业务流程系统、业务数据处理方法和装置 |
US10374749B1 (en) | 2018-08-22 | 2019-08-06 | Cisco Technology, Inc. | Proactive interference avoidance for access points |
WO2019168435A1 (ru) | 2018-09-26 | 2019-09-06 | Олег Дмитриевич ГУРИН | Способ и система обеспечения взаимодействия устройств интернета вещей (iot) |
US10491376B1 (en) | 2018-06-08 | 2019-11-26 | Cisco Technology, Inc. | Systems, devices, and techniques for managing data sessions in a wireless network using a native blockchain platform |
JP2020005102A (ja) * | 2018-06-27 | 2020-01-09 | 日本電気株式会社 | 利用制限情報管理システム、利用制限情報管理装置、利用制限方法、及びプログラム |
US10601724B1 (en) | 2018-11-01 | 2020-03-24 | Cisco Technology, Inc. | Scalable network slice based queuing using segment routing flexible algorithm |
WO2020071974A1 (en) * | 2018-10-05 | 2020-04-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Authorization of a device being equipped with an embedded universal integrated circuit card |
CN111132165A (zh) * | 2019-12-30 | 2020-05-08 | 全链通有限公司 | 基于区块链的5g通信无卡接入方法、设备及存储介质 |
US10652152B2 (en) | 2018-09-04 | 2020-05-12 | Cisco Technology, Inc. | Mobile core dynamic tunnel end-point processing |
WO2020144527A1 (en) * | 2019-01-10 | 2020-07-16 | Innolab Engineering Sàrl | Network-connectable sensing device |
US10779188B2 (en) | 2018-09-06 | 2020-09-15 | Cisco Technology, Inc. | Uplink bandwidth estimation over broadband cellular networks |
JP2020161112A (ja) * | 2019-03-26 | 2020-10-01 | ベイジン バイドゥ ネットコム サイエンス アンド テクノロジー カンパニー リミテッド | イーサリアムに基づく改ざんされたトランザクションの処理方法、デバイス及び記憶媒体 |
JP2020166732A (ja) * | 2019-03-29 | 2020-10-08 | 株式会社オージス総研 | 情報処理装置、情報処理方法及びコンピュータプログラム |
RU2740780C1 (ru) * | 2019-11-22 | 2021-01-21 | Вадим Павлович Цывьян | Способ эксплуатации электронного устройства, оснащенного системой безопасности, и система безопасности электронных устройств |
US10949557B2 (en) | 2018-08-20 | 2021-03-16 | Cisco Technology, Inc. | Blockchain-based auditing, instantiation and maintenance of 5G network slices |
JP2021532494A (ja) * | 2018-07-27 | 2021-11-25 | バク ギオブPARK, Ki Eob | システムに含まれるノードに対してグループを運営する分散ネットワークシステム |
US11558288B2 (en) | 2018-09-21 | 2023-01-17 | Cisco Technology, Inc. | Scalable and programmable mechanism for targeted in-situ OAM implementation in segment routing networks |
US12021701B2 (en) | 2015-07-23 | 2024-06-25 | Cisco Technology, Inc. | Refresh of the binding tables between data-link-layer and network-layer addresses on mobility in a data center environment |
Families Citing this family (52)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10609069B2 (en) | 2018-02-23 | 2020-03-31 | Bank Of America Corporation | Reflexive benign service attack on IoT device(s) |
US10817829B2 (en) * | 2018-02-23 | 2020-10-27 | Bank Of America Corporation | Blockchain-based supply chain smart recall |
US11055658B2 (en) | 2018-02-23 | 2021-07-06 | Bank Of America Corporation | Blockchain-based supply chain certification systems and methods |
US11122037B2 (en) | 2018-02-27 | 2021-09-14 | Bank Of America Corporation | Internet of things (“IoT”) protection retro-system |
US10700867B2 (en) | 2018-03-09 | 2020-06-30 | Bank Of America Corporation | Internet of things (“IoT”) multi-layered embedded handshake |
US10721132B2 (en) | 2018-03-12 | 2020-07-21 | Bank Of America Corporation | IoT circuitry modules |
US10574651B2 (en) | 2018-03-13 | 2020-02-25 | Bank Of America Corporation | Internet of things (“IoT”) chain link |
US10645108B2 (en) | 2018-03-19 | 2020-05-05 | Bank Of America Corporation | Smart Internet of Things (“IoT”) web of trust |
US10637873B2 (en) * | 2018-03-20 | 2020-04-28 | Bank Of America Corporation | Smart internet of things (“IOT”) relay monitors |
US10819746B2 (en) | 2018-03-21 | 2020-10-27 | Bank Of America Corporation | Nodes on an internet of things (“IoT”) with dual-network access ports |
US10831914B2 (en) | 2018-03-26 | 2020-11-10 | Bank Of America Corporation | Secure extensible wireless communication with IoT devices |
US10567390B2 (en) * | 2018-03-26 | 2020-02-18 | Bank Of America Corporation | Peer to peer internet of things (“IoT”) validation system |
US11057462B2 (en) | 2018-03-27 | 2021-07-06 | Bank Of America Corporation | Asset management block chain |
US10848588B2 (en) | 2018-03-27 | 2020-11-24 | Bank Of America Corporation | Reverse proxy server for an internet of things (“IoT”) network |
US10602930B2 (en) | 2018-03-29 | 2020-03-31 | Bank Of America Corporation | Multi-biometric-factor, internet of things (IOT), secured network |
US10841303B2 (en) | 2018-04-12 | 2020-11-17 | Bank Of America Corporation | Apparatus and methods for micro-segmentation of an enterprise internet-of-things network |
US11132673B1 (en) * | 2018-04-25 | 2021-09-28 | Dmitry Mikhailov | Use of secure chips for storage of hashed data and private keys in hardware cryptowallets |
US11550299B2 (en) | 2020-02-03 | 2023-01-10 | Strong Force TX Portfolio 2018, LLC | Automated robotic process selection and configuration |
US11669914B2 (en) | 2018-05-06 | 2023-06-06 | Strong Force TX Portfolio 2018, LLC | Adaptive intelligence and shared infrastructure lending transaction enablement platform responsive to crowd sourced information |
US11544782B2 (en) | 2018-05-06 | 2023-01-03 | Strong Force TX Portfolio 2018, LLC | System and method of a smart contract and distributed ledger platform with blockchain custody service |
EP3791347A4 (en) * | 2018-05-06 | 2022-05-25 | Strong Force TX Portfolio 2018, LLC | METHODS AND SYSTEMS FOR IMPROVING MACHINES AND SYSTEMS THAT AUTOMATE THE EXECUTION OF DISTRIBUTED LEADER AND OTHER TRANSACTIONS IN SPOT AND FUTURES MARKETS FOR ENERGY, COMPUTING, STORAGE AND OTHER RESOURCES |
US11556874B2 (en) * | 2018-06-11 | 2023-01-17 | International Business Machines Corporation | Block creation based on transaction cost and size |
CN108881240B (zh) * | 2018-06-26 | 2021-04-30 | 广州天高软件科技有限公司 | 基于区块链的会员隐私数据保护方法 |
GB201811263D0 (en) * | 2018-07-10 | 2018-08-29 | Netmaster Solutions Ltd | A method and system for managing digital using a blockchain |
US10911945B1 (en) * | 2018-11-19 | 2021-02-02 | Sprint Spectrum L.P. | Automated eUICC service profile configuration in view of operational issue with respect to eUICC service profile |
US10949417B2 (en) | 2018-11-26 | 2021-03-16 | Bank Of America Corporation | Blockchain augmented internet of things (“IoT”) device-based system for dynamic supply chain tracking |
CN110046992A (zh) * | 2018-12-12 | 2019-07-23 | 阿里巴巴集团控股有限公司 | 一种基于区块链智能合约的交易哈希获取方法及系统 |
US11469881B2 (en) * | 2018-12-26 | 2022-10-11 | Korea Institute Of Science And Technology | Apparatus and method for forgery prevention of digital information |
US11366910B2 (en) * | 2018-12-27 | 2022-06-21 | Eli Talmor | Method and system for secure applications using blockchain |
JP6965352B2 (ja) * | 2019-02-28 | 2021-11-10 | アドバンスド ニュー テクノロジーズ カンパニー リミテッド | デジタル・マークを生成するためのシステム及び方法 |
JPWO2020209106A1 (ja) * | 2019-04-12 | 2020-10-15 | ||
US11095512B2 (en) | 2019-04-17 | 2021-08-17 | Bank Of America Corporation | Internet of things (“IoT”) versatile nodes |
WO2020256277A1 (en) * | 2019-06-19 | 2020-12-24 | Samsung Electronics Co., Ltd. | System and method for universal mobile device lock using blockchain |
US10873849B1 (en) | 2019-06-19 | 2020-12-22 | Samsung Electronics Co., Ltd. | System and method for universal mobile device lock using blockchain |
CN112449343B (zh) * | 2019-08-30 | 2022-08-19 | 华为技术有限公司 | 用户身份标识管理的方法、设备及系统 |
EP3679534B1 (en) * | 2019-09-02 | 2021-06-23 | Advanced New Technologies Co., Ltd. | Managing blockchain-based centralized ledger systems |
EP3673446B1 (en) | 2019-09-02 | 2021-08-18 | Advanced New Technologies Co., Ltd. | Managing blockchain-based centralized ledger systems |
US10848942B1 (en) * | 2020-01-08 | 2020-11-24 | T-Mobile Usa, Inc. | Validating over-the-air configuration commands |
US11982993B2 (en) | 2020-02-03 | 2024-05-14 | Strong Force TX Portfolio 2018, LLC | AI solution selection for an automated robotic process |
EP3876129B1 (en) * | 2020-03-04 | 2024-04-03 | Nokia Solutions and Networks Oy | Integrity for mobile network data storage |
WO2020143855A2 (en) | 2020-04-22 | 2020-07-16 | Alipay (Hangzhou) Information Technology Co., Ltd. | Managing transaction requests in ledger systems |
EP3837657B1 (en) | 2020-04-22 | 2022-12-07 | Alipay (Hangzhou) Information Technology Co., Ltd. | Managing transaction requests in ledger systems |
WO2020143856A2 (en) | 2020-04-22 | 2020-07-16 | Alipay (Hangzhou) Information Technology Co., Ltd. | Managing transaction requests in ledger systems |
US11109220B1 (en) * | 2020-05-29 | 2021-08-31 | T-Mobile Usa, Inc. | Enterprise embedded subscriber identification module solutions |
CN112637832A (zh) * | 2020-12-16 | 2021-04-09 | 中国联合网络通信集团有限公司 | 基于区块链网络的携号转网方法、系统和用户终端 |
CN112862481B (zh) * | 2021-01-25 | 2024-05-14 | 联通雄安产业互联网有限公司 | 一种基于sim卡的区块链数字资产密钥管理方法及系统 |
CN113014676B (zh) * | 2021-04-21 | 2023-11-03 | 联通雄安产业互联网有限公司 | 一种基于sim卡的物联网数据存储到区块链的系统及方法 |
JP2023012361A (ja) * | 2021-07-13 | 2023-01-25 | キヤノン株式会社 | システム及びシステムの制御方法 |
CN115694847A (zh) * | 2021-07-22 | 2023-02-03 | 华为技术有限公司 | 一种设备管理方法、系统以及装置 |
CN114640535B (zh) * | 2022-03-30 | 2024-05-03 | 深圳前海环融联易信息科技服务有限公司 | 一种基于区块链的多方安全计算任务调度方法及系统 |
CN114867007B (zh) * | 2022-04-15 | 2023-05-23 | 中国联合网络通信集团有限公司 | 携号转网方法、系统、电子设备及存储介质 |
CN114786170B (zh) * | 2022-05-09 | 2023-06-23 | 中国联合网络通信集团有限公司 | 上链数据安全处理实体切换方法、终端、usim及系统 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016505929A (ja) * | 2012-11-21 | 2016-02-25 | アップル インコーポレイテッド | アクセス制御を管理するためのポリシーベース技法 |
JP2016081134A (ja) * | 2014-10-10 | 2016-05-16 | 山下 健一 | 広告閲覧促進システム、情報処理方法及びプログラム |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS5724039A (en) | 1980-07-18 | 1982-02-08 | Sony Corp | Information recording medium |
US9100810B2 (en) * | 2010-10-28 | 2015-08-04 | Apple Inc. | Management systems for multiple access control entities |
US9100393B2 (en) * | 2010-11-04 | 2015-08-04 | Apple Inc. | Simulacrum of physical security device and methods |
US9009475B2 (en) | 2011-04-05 | 2015-04-14 | Apple Inc. | Apparatus and methods for storing electronic access clients |
US8887257B2 (en) * | 2011-04-26 | 2014-11-11 | David T. Haggerty | Electronic access client distribution apparatus and methods |
KR101716743B1 (ko) * | 2012-02-14 | 2017-03-15 | 애플 인크. | 복수의 액세스 제어 클라이언트를 지원하는 모바일 장치, 및 대응 방법들 |
JP5724039B2 (ja) | 2012-10-22 | 2015-05-27 | 株式会社Nttドコモ | 通信システム、移動通信装置、移行制御装置、移行制御方法及び移行制御プログラム |
JP6260540B2 (ja) | 2012-12-21 | 2018-01-17 | 日本電気株式会社 | 無線通信システム、無線アクセスネットワークノード、及び通信デバイス |
JP6062828B2 (ja) | 2013-08-26 | 2017-01-18 | 株式会社Nttドコモ | 加入者プロファイル転送方法、加入者プロファイル転送システム及びユーザ装置 |
EP3164960B1 (en) * | 2014-07-03 | 2019-05-15 | Apple Inc. | Methods and apparatus for establishing a secure communication channel |
EP3703401B1 (en) * | 2014-11-17 | 2022-07-13 | Samsung Electronics Co., Ltd. | Apparatus and method for profile installation in communication system |
KR102240829B1 (ko) * | 2014-12-01 | 2021-04-15 | 삼성전자주식회사 | 데이터 서비스를 제공하는 방법과 이를 지원하는 전자 장치 |
AU2016235539B2 (en) * | 2015-03-20 | 2019-01-24 | Rivetz Corp. | Automated attestation of device integrity using the block chain |
KR102303504B1 (ko) * | 2015-03-25 | 2021-09-17 | 삼성전자 주식회사 | 무선 통신 시스템에서 단말의 프로파일 설치 방법 및 장치 |
WO2016178548A1 (ko) * | 2015-05-07 | 2016-11-10 | 삼성전자 주식회사 | 프로파일 제공 방법 및 장치 |
EP3346637B1 (en) * | 2015-08-31 | 2019-10-23 | Samsung Electronics Co., Ltd. | Method and device for downloading profile in communication system |
WO2017082697A1 (en) * | 2015-11-13 | 2017-05-18 | Samsung Electronics Co., Ltd. | Method and apparatus for downloading profile on embedded universal integrated circuit card of terminal |
US10630490B2 (en) * | 2016-02-26 | 2020-04-21 | Apple Inc. | Obtaining and using time information on a secure element (SE) |
US10498531B2 (en) * | 2016-05-23 | 2019-12-03 | Apple Inc. | Electronic subscriber identity module (eSIM) provisioning error recovery |
US10142917B2 (en) * | 2016-07-21 | 2018-11-27 | Apple Inc. | Electronic subscriber identity module (eSIM) assignment for carrier channel devices |
US10182338B2 (en) * | 2016-08-31 | 2019-01-15 | Apple Inc. | Techniques for provisioning bootstrap electronic subscriber identity modules (eSIMs) to mobile devices |
US10492045B2 (en) * | 2016-08-31 | 2019-11-26 | Apple Inc. | Dynamic provisioning of device configuration files for electronic subscriber identity modules |
-
2017
- 2017-09-20 WO PCT/JP2017/033950 patent/WO2018066362A1/ja unknown
- 2017-09-20 KR KR1020197011918A patent/KR20190058584A/ko not_active Application Discontinuation
- 2017-09-20 US US16/338,543 patent/US11212665B2/en active Active
- 2017-09-20 EP EP17858201.1A patent/EP3525389B1/en active Active
- 2017-09-20 JP JP2018543828A patent/JP6933221B2/ja active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016505929A (ja) * | 2012-11-21 | 2016-02-25 | アップル インコーポレイテッド | アクセス制御を管理するためのポリシーベース技法 |
JP2016081134A (ja) * | 2014-10-10 | 2016-05-16 | 山下 健一 | 広告閲覧促進システム、情報処理方法及びプログラム |
Non-Patent Citations (2)
Title |
---|
FUCHITA, YASUYUKI: "Nomura capital markets quarterly), non-official translation", BLOCK CHAIN AND INNOVATION IN FINANCIAL TRANSACTION, vol. 19, no. 2, November 2015 (2015-11-01), pages 11 - 35, XP009514398 * |
See also references of EP3525389A4 * |
Cited By (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US12021701B2 (en) | 2015-07-23 | 2024-06-25 | Cisco Technology, Inc. | Refresh of the binding tables between data-link-layer and network-layer addresses on mobility in a data center environment |
CN108600261A (zh) * | 2018-05-09 | 2018-09-28 | 济南浪潮高新科技投资发展有限公司 | 一种疾病信息的处理系统及处理疾病信息的方法 |
US10505718B1 (en) | 2018-06-08 | 2019-12-10 | Cisco Technology, Inc. | Systems, devices, and techniques for registering user equipment (UE) in wireless networks using a native blockchain platform |
US10742396B2 (en) | 2018-06-08 | 2020-08-11 | Cisco Technology, Inc. | Securing communications for roaming user equipment (UE) using a native blockchain platform |
US10299128B1 (en) | 2018-06-08 | 2019-05-21 | Cisco Technology, Inc. | Securing communications for roaming user equipment (UE) using a native blockchain platform |
US10361843B1 (en) | 2018-06-08 | 2019-07-23 | Cisco Technology, Inc. | Native blockchain platform for improving workload mobility in telecommunication networks |
US10673618B2 (en) | 2018-06-08 | 2020-06-02 | Cisco Technology, Inc. | Provisioning network resources in a wireless network using a native blockchain platform |
US10491376B1 (en) | 2018-06-08 | 2019-11-26 | Cisco Technology, Inc. | Systems, devices, and techniques for managing data sessions in a wireless network using a native blockchain platform |
JP2020005102A (ja) * | 2018-06-27 | 2020-01-09 | 日本電気株式会社 | 利用制限情報管理システム、利用制限情報管理装置、利用制限方法、及びプログラム |
JP7192267B2 (ja) | 2018-06-27 | 2022-12-20 | 日本電気株式会社 | 利用制限情報管理システム、利用制限情報管理装置、利用制限方法、及びプログラム |
US10235226B1 (en) | 2018-07-24 | 2019-03-19 | Cisco Technology, Inc. | System and method for message management across a network |
JP2021532494A (ja) * | 2018-07-27 | 2021-11-25 | バク ギオブPARK, Ki Eob | システムに含まれるノードに対してグループを運営する分散ネットワークシステム |
CN109067870A (zh) * | 2018-08-01 | 2018-12-21 | 长沙龙生光启新材料科技有限公司 | 一种区块链中构成对等网络的节点设备 |
US10284429B1 (en) | 2018-08-08 | 2019-05-07 | Cisco Technology, Inc. | System and method for sharing subscriber resources in a network environment |
US10949557B2 (en) | 2018-08-20 | 2021-03-16 | Cisco Technology, Inc. | Blockchain-based auditing, instantiation and maintenance of 5G network slices |
US10374749B1 (en) | 2018-08-22 | 2019-08-06 | Cisco Technology, Inc. | Proactive interference avoidance for access points |
US11606298B2 (en) | 2018-09-04 | 2023-03-14 | Cisco Technology, Inc. | Mobile core dynamic tunnel end-point processing |
US10652152B2 (en) | 2018-09-04 | 2020-05-12 | Cisco Technology, Inc. | Mobile core dynamic tunnel end-point processing |
US10230605B1 (en) | 2018-09-04 | 2019-03-12 | Cisco Technology, Inc. | Scalable distributed end-to-end performance delay measurement for segment routing policies |
US11201823B2 (en) | 2018-09-04 | 2021-12-14 | Cisco Technology, Inc. | Mobile core dynamic tunnel end-point processing |
US10779188B2 (en) | 2018-09-06 | 2020-09-15 | Cisco Technology, Inc. | Uplink bandwidth estimation over broadband cellular networks |
US11864020B2 (en) | 2018-09-06 | 2024-01-02 | Cisco Technology, Inc. | Uplink bandwidth estimation over broadband cellular networks |
US11558288B2 (en) | 2018-09-21 | 2023-01-17 | Cisco Technology, Inc. | Scalable and programmable mechanism for targeted in-situ OAM implementation in segment routing networks |
US10660061B2 (en) | 2018-09-24 | 2020-05-19 | Cisco Technology, Inc. | Providing user equipment location information indication on user plane |
US10285155B1 (en) | 2018-09-24 | 2019-05-07 | Cisco Technology, Inc. | Providing user equipment location information indication on user plane |
WO2019168435A1 (ru) | 2018-09-26 | 2019-09-06 | Олег Дмитриевич ГУРИН | Способ и система обеспечения взаимодействия устройств интернета вещей (iot) |
US11120145B2 (en) | 2018-09-26 | 2021-09-14 | Oleg Dmitrievich Gurin | Method and system of ensuring interaction of devices of the internet of things (IoT) |
WO2020071974A1 (en) * | 2018-10-05 | 2020-04-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Authorization of a device being equipped with an embedded universal integrated circuit card |
US11743712B2 (en) | 2018-10-05 | 2023-08-29 | Telefonaktiebolaget Lm Ericsson (Publ) | Authorization of a device being equipped with an embedded universal integrated circuit card |
US10601724B1 (en) | 2018-11-01 | 2020-03-24 | Cisco Technology, Inc. | Scalable network slice based queuing using segment routing flexible algorithm |
US11627094B2 (en) | 2018-11-01 | 2023-04-11 | Cisco Technology, Inc. | Scalable network slice based queuing using segment routing flexible algorithm |
WO2020144527A1 (en) * | 2019-01-10 | 2020-07-16 | Innolab Engineering Sàrl | Network-connectable sensing device |
US11963003B2 (en) | 2019-01-10 | 2024-04-16 | Stefan Meyer | Network-connectable sensing device |
US11521176B2 (en) | 2019-03-06 | 2022-12-06 | Beijing Baidu Netcom Science And Technology Co., Ltd. | Service flow system and service data processing method and apparatus |
CN109981750B (zh) * | 2019-03-06 | 2021-09-17 | 北京百度网讯科技有限公司 | 业务流程系统、业务数据处理方法和装置 |
CN109981750A (zh) * | 2019-03-06 | 2019-07-05 | 北京百度网讯科技有限公司 | 业务流程系统、业务数据处理方法和装置 |
US11436604B2 (en) | 2019-03-26 | 2022-09-06 | Beijing Baidu Netcom Science And Technology Co., Ltd. | Method, apparatus and storage medium for processing ethereum-based falsified transaction |
JP6992036B2 (ja) | 2019-03-26 | 2022-01-13 | ベイジン バイドゥ ネットコム サイエンス テクノロジー カンパニー リミテッド | イーサリアムに基づく改ざんされたトランザクションの処理方法、デバイス及び記憶媒体 |
JP2020161112A (ja) * | 2019-03-26 | 2020-10-01 | ベイジン バイドゥ ネットコム サイエンス アンド テクノロジー カンパニー リミテッド | イーサリアムに基づく改ざんされたトランザクションの処理方法、デバイス及び記憶媒体 |
JP2020166732A (ja) * | 2019-03-29 | 2020-10-08 | 株式会社オージス総研 | 情報処理装置、情報処理方法及びコンピュータプログラム |
RU2740780C1 (ru) * | 2019-11-22 | 2021-01-21 | Вадим Павлович Цывьян | Способ эксплуатации электронного устройства, оснащенного системой безопасности, и система безопасности электронных устройств |
CN111132165A (zh) * | 2019-12-30 | 2020-05-08 | 全链通有限公司 | 基于区块链的5g通信无卡接入方法、设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
US20190289454A1 (en) | 2019-09-19 |
EP3525389A1 (en) | 2019-08-14 |
US11212665B2 (en) | 2021-12-28 |
JP6933221B2 (ja) | 2021-09-08 |
JPWO2018066362A1 (ja) | 2019-08-08 |
EP3525389B1 (en) | 2021-02-17 |
EP3525389A4 (en) | 2019-08-14 |
KR20190058584A (ko) | 2019-05-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018066362A1 (ja) | 組込sim管理システム、ノード装置、組込sim管理方法、プログラム、情報登録者装置 | |
JP6930539B2 (ja) | 番号ポータビリティ情報管理システム | |
CN110855791B (zh) | 一种区块链节点部署方法及相关设备 | |
TW469714B (en) | Secure wireless electronic-commerce system with wireless network domain | |
CN110191153B (zh) | 基于区块链的社交通信方法 | |
CN102405630A (zh) | 多个域和域所有权的系统 | |
KR20160050876A (ko) | 스마트 카드에 저장된 공개키와 개인키를 이용한 비트코인 거래방법 | |
WO2015056009A1 (en) | Method of establishing a trusted identity for an agent device | |
KR20190082620A (ko) | 무선신호를 송출하는 가맹점 무선단말과 암호화폐를 이용한 비동기식 역방향 결제 방법 | |
KR20190081548A (ko) | 음파장치와 암호화폐를 이용한 비동기식 역방향 결제 방법 | |
CN111259450A (zh) | 一种基于区块链的业务处理方法、装置、设备及存储介质 | |
WO2024074207A1 (en) | Method and system for managing bootstrapping | |
Ahamad et al. | Formal verification of secure payment framework in MANET for disaster areas | |
CN116012009A (zh) | 基于区块链的交易验证方法、装置、电子设备和可读介质 | |
KR20190082622A (ko) | 무선신호를 송출하는 가맹점 무선단말과 암호화폐를 이용한 비동기식 역방향 결제 방법 | |
KR20190082626A (ko) | 음파신호를 송출하는 가맹점 무선단말과 암호화폐를 이용한 비동기식 역방향 결제 방법 | |
KR20190082619A (ko) | 무선신호를 송출하는 가맹점 무선단말과 암호화폐를 이용한 비동기식 역방향 결제 방법 | |
KR20190082625A (ko) | 음파신호를 송출하는 가맹점 무선단말과 암호화폐를 이용한 비동기식 역방향 결제 방법 | |
KR20190082621A (ko) | 무선신호를 송출하는 가맹점 무선단말과 암호화폐를 이용한 비동기식 역방향 결제 방법 | |
KR20190082627A (ko) | 음파신호를 송출하는 가맹점 무선단말과 암호화폐를 이용한 비동기식 역방향 결제 방법 | |
KR20190081554A (ko) | 음파장치와 암호화폐를 이용한 비동기식 역방향 결제 방법 | |
KR20190081567A (ko) | 음파장치와 암호화폐를 이용한 비동기식 역방향 결제 방법 | |
KR20190082639A (ko) | 무선신호를 송출하는 가맹점 무선단말과 암호화폐를 이용한 비동기식 역방향 결제 방법 | |
KR20190082374A (ko) | 음파장치와 암호화폐를 이용한 비동기식 역방향 결제 방법 | |
KR20190081551A (ko) | 음파장치와 암호화폐를 이용한 비동기식 역방향 결제 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17858201 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2018543828 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20197011918 Country of ref document: KR Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2017858201 Country of ref document: EP Effective date: 20190506 |