JP2010041591A - Communication system, connection apparatus, information notification method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To determine execution necessity of a maintenance function without having a correspondence table. <P>SOLUTION: A communication system includes a terminal, a server apparatus for managing the movement of the terminal and a connection apparatus for connecting the terminal to the server apparatus. The connection apparatus records the MAC address of the terminal and transmits a message including the MAC address of the terminal to the server apparatus using a Mobile IP. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a communication system, a connection device, an information notification method, and a program.

  Specs established by WiMAX (Worldwide Interoperability for Microwave Access) Forum define a wireless communication system as shown in FIG.

  As shown in FIG. 3, a WiMAX wireless communication system includes an MS (Mobile Station) 10, a BS (Base Station) 20 and an ASN-GW (ASN-Gateway) 30 arranged in an ASN (Access Service Network). HA (Home Agent) 40 and AAA (Authentication, Authorization, Accounting) server 50 arranged in CSN (Connectivity Service Network) (see, for example, Patent Documents 1 and 2).

  The BS 20 is a base station that performs radio communication with the MS 10 that is a terminal, and the ASN-GW 30 is a connection device that connects the MS 10 to the CSN via the BS 20.

  The HA 40 is a server device that manages the movement of the MS 10, and the AAA server 50 is a server device that performs authentication, authorization, and accounting for the MS 10. In FIG. 3, the HA 40 is connected to the Internet, but can be connected to an IP (Internet Protocol) network (such as a corporate network) other than the Internet.

  In the WiMAX wireless communication system, device authentication for authenticating whether the MS 10 is connected to the ASN and user authentication for authenticating whether the user of the MS 10 is a contractor of an ASN service are performed as authentication for the MS 10. Is called.

  Here, a device / user authentication sequence in a related WiMAX wireless communication system will be described with reference to FIG.

  Here, a device / user authentication sequence when Proxy Mobile IPv4 is applied will be described.

  Also, here, before the device / user authentication sequence shown in FIG. 4, in the DL (Down Link) -MAP sequence (not shown), the BS 20 acquires the MAC (Media Access Control) address of the MS 10 from the MS 10, In the MS-PreAttachment sequence (not shown), the ASN-GW 30 acquires the MAC address of the MS 10 from the BS 20, and the MS 10 can be identified by the MAC address in the ASN.

  As shown in FIG. 4, first, in step 401, the ASN-GW 30 sends the Auth. By using the Relay protocol, an EAP RQ (Request) / Identity message requesting the start of device / user authentication by EAP (Extensible Authentication Protocol) and the sending of Identity is transmitted.

  Next, in step 402, the MS 10 uses the EAP as a response to the EAP RQ / Identity message to the AAA server 50 via the BS 20 and the ASN-GW 30, and is a pseudo NAI (Network Access Identity) of the MS 10. An EAP RP (Response) / Identity message including the Pseudo-Identity and MAC address is transmitted.

  Thereby, the ASN-GW 30 acquires the Pseudo-Identity of the MS 10 and associates it with the acquired MAC address. In addition, the AAA server 50 acquires the pseudo-identity and MAC address of the MS 10.

  Next, when the device authentication for the MS 10 is successful, the AAA server 50 notifies the MS 10 via the ASN-GW 30 and the BS 20 that the device authentication is successful using EAP (this message) in step 403. (The name of this depends on the authentication method). Further, in step 404, the AAA server 50 transmits an EAP RQ message requesting transmission of a True-Identity, which is the true NAI of the MS 10, to the MS 10 via the ASN-GW 30 and the BS 20.

  Next, in Step 405, the MS 10 transmits an EAP RP message including the True-Identity of the MS 10 to the AAA server 50 via the BS 20 and the ASN-GW 30 using EAP as a response to the EAP RQ message. .

  As a result, the AAA server 50 acquires the True-Identity of the MS 10 and associates it with the acquired Pseudo-Identity.

  Next, when the user authentication to the MS 10 is successful, the AAA server 50 transmits an EAP Success message notifying that the user authentication has been successful to the ASN-GW 30 in step 406 using EAP. Subsequently, in step 407, the ASN-GW 30 sends the Auth. The EAP Success message is transferred using the Relay protocol.

  Next, in order to establish a session, the MS 10 requests the ASN-GW 30 via the BS 20 to allocate an IP (Internet Protocol) address using DHCP (Dynamic Host Configuration Protocol) in Step 408. Send a Discover message.

  Next, in step 409, the ASN-GW 30 transmits an RRQ (Registration Request) message for requesting the connection of the MS 10 to the CSN including the Pseudo-Identity of the MS 10 to the HA 40 using Mobile IP.

  Thereby, HA40 acquires Pseudo-Identity of MS10. Therefore, the HA 40 can use the NAI as user identification information thereafter.

  At this time, the reason why the NAI notified to the HA 40 is Pseudo-Identity is as follows. That is, since the NAI notified from the ASN-GW 30 to the HA 40 is included in the Extension field of Mobile IP, the plain data is ASN and CSN unless a security tunnel such as IPsec (Security Architecture for IP) is used. Flows up. Therefore, in the WiMAX wireless communication system, only the MS 10 and the AAA server 50 use true-identity, and the other nodes use pseudo-identity. For this reason, the NAI notified from the ASN-GW 30 to the HA 40 is pseudo-identity. Note that only the MS 10 and the AAA server 50 have a correspondence table between pseudo-identity and true-identity.

  Next, in step 410, the HA 40 requests the AAA server 50 for an authentication result for the MS 10 including the pseudo-identity of the MS 10 using the AAA protocol (for example, RADIUS (Remote Access Dial In User Service) protocol). To send an Access Request message.

  Next, in step 411, the AAA server 50 transmits an Access Accept message for notifying the authentication result for the MS 10 to the HA 40 using the AAA protocol as a response to the Access Request message.

  Thereby, HA40 confirms the authentication result with respect to MS10.

  Next, in step 412, the HA 40 transmits an RRP (Registration Response) message notifying that the connection of the MS 10 to the CSN is permitted to the ASN-GW 30 using Mobile IP as a response to the RRQ message. .

  Thereafter, in step 413, the ASN-GW 30 transmits a DHCP Offer message for notifying a candidate of an IP address to be assigned to the MS 10 using the DHCP as a response to the DHCP Discover message to the MS 10 via the BS 20.

  Thereby, MS10 acquires an IP address and starts the process for session establishment.

  Thus, in the WiMAX wireless communication system, the MS 10 uses three of True-Identity, Pseudo-Identity, and MAC address as its own user identification information.

  Further, the BS 20 and the ASN-GW 30 can use two of the pseudo-identity and the MAC address as user identification information of the MS 10.

  Further, the HA 40 can use only one of Pseudo-Identity as user identification information of the MS 10.

Further, the AAA server 50 can use three types of user identification information of the MS 10: True-Identity, Pseudo-Identity, and MAC address.
JP 2008-35248 A JP 2008-92577 A

By the way, each node of MS10, BS20, ASN-GW30, HA40, and AAA server 50 is provided with the maintenance function performed with respect to the user of MS10. An example of the maintenance function is shown below.
・ Signal monitoring function Function to record signals related to specified users. For example, the HA 40 records a signal related to the designated user among signals transferred using the Mobile IP and AAA protocols.
Connection restriction function A function that rejects connection requests from designated users. For example, the HA 40 returns an error in the RRP message as a response to the RRQ message requesting connection to the designated user's CSN.
Congestion restriction exclusion function A function for accepting a connection request by an RRQ message only for a designated user even when a connection request from a general user is discarded. For example, the HA 40 accepts a connection request only for a designated user even in an HA congestion state.
・ Communication interception function A function to record communication data of designated users. For example, after generating a tunnel through which communication data transferred using Mobile IP is passed, the HA 40 records the communication data actually transferred between the MS 10 and the CSN via this tunnel.

  However, the maintenance function executed for each user is different for each user. For example, all the four maintenance functions described above are executed for a certain user, but only the congestion restriction excluding function among the above four maintenance functions is executed for another user.

  Therefore, in order to execute the maintenance function, each node first needs to designate a user connected to itself and determine whether or not the maintenance function needs to be executed for the user.

  Since the MS 10 and the AAA 50 can perform user management using true-identity, there is no problem in performing user designation.

  Further, although the BS 20 and the ASN-GW 30 do not know the true-identity, the user management can be performed because the user management is performed using the MAC address separately from the NAI.

  However, the HA 40 can perform user management only with pseudo-identity.

  Since each session is guaranteed the uniqueness of pseudo-identity, the HA 40 can specify a user from the session after the session is established. However, since pseudo-identity may be randomly generated by the MS 10 in the authentication sequence by EAP, there is a problem that the HA 40 cannot designate a user before the session is established and cannot determine whether or not to execute the maintenance function. .

  Further, if there is no correspondence table between pseudo-identity and true-identity held by another node, the HA 40 cannot specify the user of the Mobile IP session and cannot determine whether or not to execute the maintenance function.

  Therefore, an object of the present invention is to provide a communication system, a connection device, an information notification method, and a program that can solve any of the above-described problems.

The communication system of the present invention includes:
A communication system comprising: a terminal; a server device that manages movement of the terminal; and a connection device that connects the terminal to the server device,
The connecting device is
Record the MAC address of the terminal,
A message including the MAC address of the terminal is transmitted to the server device using Mobile IP.

The connecting device of the present invention is
A connection device that connects a terminal to a server device that manages movement of the terminal;
A recording unit for recording the MAC address of the terminal;
A control unit including the MAC address of the terminal in a message;
A transmission unit that transmits the message to the server device using Mobile IP.

The information notification method of the present invention includes:
An information notification method by a connection device that connects a terminal to a server device that manages the movement of the terminal,
A recording step of recording the MAC address of the terminal;
A control step of including the MAC address of the terminal in a message;
Transmitting the message to the server device using Mobile IP.

The program of the present invention
A connection device that connects a terminal to a server device that manages the movement of the terminal,
A recording procedure for recording the MAC address of the terminal;
A control procedure for including the MAC address of the terminal in a message;
And a transmission procedure for transmitting the message to the server device using Mobile IP.

  According to the communication system of the present invention, the connection device transmits a message including the MAC address of the terminal to the server device using Mobile IP.

  Therefore, since the server device can specify the user using the MAC address of the terminal after receiving the message, the user can use the MAC address without having a correspondence table between the pseudo NAI and the true NAI. It is possible to obtain an effect that it is possible to determine whether or not the maintenance function is necessary by performing the designation.

  The best mode for carrying out the present invention will be described below with reference to the drawings.

  In the embodiment described below, a case where the communication system of the present invention is a WiMAX wireless communication system will be described as an example. However, the present invention is not limited to this, and wireless communication of other communication schemes. It may be a system, a wired communication system, or a wired and wireless mixed communication system.

  The wireless communication system of the present embodiment changes ASN-GW 30 to ASN-GW 30A among the components of the wireless communication system of FIG. 3, and relates to the RRQ message among the processes in the device / user authentication sequence of FIG. Step 409 is changed to step 409A.

  Therefore, the following description will be focused on the ASN-GW 30A that performs processing related to the RRQ message.

  FIG. 1 is a block diagram showing the configuration of the ASN-GW 30A in the present embodiment. FIG. 1 shows only the configuration of the part that performs processing related to the RRQ message.

  As illustrated in FIG. 1, the ASN-GW 30 </ b> A according to the present embodiment includes a recording unit 31, a control unit 32, and a transmission unit 33.

  The recording unit 31 records the correspondence table 311.

  The correspondence table 311 associates the MAC address of the MS 10 acquired in the MS-PreAttachment sequence (not shown) before the device / user authentication sequence with the pseudo-identity of the MS 10 acquired in the device / user authentication sequence. And recorded.

  The control unit 32 extracts the pseudo-identity and MAC address of the MS 10 from the correspondence table 311.

  Further, the control unit 32 adds an Extension field to the RRQ message, and includes the extracted pseudo-identity and the MAC address in the Extension field.

  The transmission unit 33 transmits an RRQ message including the pseudo-identity and the MAC address in the Extension field by the control unit 32 to the HA 40 using Mobile IP.

  Hereinafter, the device / user authentication sequence in the present embodiment will be described with reference to FIG. In FIG. 2, the same steps as those in FIG. 4 are denoted by the same reference numerals.

  As shown in FIG. 2, first, the processes of steps 401 to 408 similar to those in FIG. 4 are performed.

  Next, in Step 409A, the ASN-GW 30A extracts the pseudo-identity and MAC address of the MS 10 that has transmitted the DHCP Discover message in Step 408 from the correspondence table 311. Subsequently, the ASN-GW 30A includes the extracted pseudo-identity and the MAC address in the Extension field of the RRQ message, and transmits the RRQ message to the HA 40 using Mobile IP.

  Thereafter, the same processing of steps 410 to 413 as in FIG. 4 is performed.

  As described above, in the present embodiment, the ASN-GW 30A notifies the HA 40 of the MAC address of the MS 10 that is attempting to establish a session by using an RRQ message using Mobile IP.

  Therefore, the HA 40 can use the MAC address of the MS 10 after receiving the RRQ message, and can specify the user using the MAC address.

  Therefore, even if the HA 40 does not have a correspondence table between pseudo-identity and true-identity, it can determine whether or not the maintenance function needs to be performed by performing user designation using the MAC address before session establishment.

  In the present embodiment, the device / user authentication sequence when Proxy Mobile IPv4 is applied has been described. However, the present invention is not limited to this, and other device / user authentication sequences (for example, Client Mobile IPv4 are applied). May be applied).

  Moreover, although this embodiment demonstrated the case where the connection apparatus facing HA40 was ASN-GW30A, this invention is not limited to this. For example, when the present invention is applied to a network other than WiMAX, the connection device facing the HA 40 may not necessarily be the ASN-GW 30A but may be an FA (Foreign-Agent). In this case, the connection device of the present invention is applied to the FA, and the same function as the ASN-GW 30A shown in FIG.

  In addition, you may apply the method performed in ASN-GW30A of this invention to the program for making a computer perform. In addition, the program can be stored in a storage medium and can be provided to the outside via a network.

It is a block diagram which shows the structure of ASN-GW in the radio | wireless communications system of one Embodiment of this invention. It is a sequence diagram explaining the device / user authentication sequence in the radio | wireless communications system of one Embodiment of this invention. It is a figure which shows the whole structure of a radio | wireless communications system. It is a sequence diagram explaining the device / user authentication sequence in the related radio | wireless communications system.

Explanation of symbols

10 MS
20 BS
30,30A ASN-GW
31 recording unit 32 control unit 33 transmission unit 311 correspondence table 40 HA
50 AAA server

Claims (12)

A communication system comprising: a terminal; a server device that manages movement of the terminal; and a connection device that connects the terminal to the server device,
The connecting device is
Record the MAC (Media Access Control) address of the terminal,
The communication system which transmits the message containing the MAC address of the said terminal to the said server apparatus using Mobile IP (Internet Protocol).   The communication system according to claim 1, wherein the message is a Registration Request message. The connecting device is
The communication system according to claim 2, wherein an extension field is added to the registration request message, and the MAC address is included in the extension field. A connection device that connects a terminal to a server device that manages movement of the terminal;
A recording unit for recording the MAC address of the terminal;
A control unit including the MAC address of the terminal in a message;
And a transmission unit that transmits the message to the server device using Mobile IP.   The connection device according to claim 4, wherein the message is a Registration Request message. The controller is
The connection apparatus according to claim 5, wherein an extension field is added to the registration request message, and the MAC address is included in the extension field. An information notification method by a connection device that connects a terminal to a server device that manages the movement of the terminal,
A recording step of recording the MAC address of the terminal;
A control step of including the MAC address of the terminal in a message;
A transmission step of transmitting the message to the server device using Mobile IP.   The information notification method according to claim 7, wherein the message is a Registration Request message. In the control step,
The information notification method according to claim 8, wherein an Extension field is added to the Registration Request message, and the MAC address is included in the Extension field. A connection device that connects a terminal to a server device that manages the movement of the terminal,
A recording procedure for recording the MAC address of the terminal;
A control procedure for including the MAC address of the terminal in a message;
A transmission procedure for transmitting the message to the server device using Mobile IP.   The program according to claim 10, wherein the message is a Registration Request message. In the control procedure,
The program according to claim 11, wherein an Extension field is added to the Registration Request message, and the MAC address is included in the Extension field.

Images