WO2018101452A1 - Communication method and relay apparatus - Google Patents

Communication method and relay apparatus Download PDF

Info

Publication number
WO2018101452A1
WO2018101452A1 PCT/JP2017/043215 JP2017043215W WO2018101452A1 WO 2018101452 A1 WO2018101452 A1 WO 2018101452A1 JP 2017043215 W JP2017043215 W JP 2017043215W WO 2018101452 A1 WO2018101452 A1 WO 2018101452A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication
terminal
communication system
group
relay device
Prior art date
Application number
PCT/JP2017/043215
Other languages
French (fr)
Japanese (ja)
Inventor
可久 伊藤
浩 江副
基樹 嶋尾
Original Assignee
株式会社Lte-X
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社Lte-X filed Critical 株式会社Lte-X
Publication of WO2018101452A1 publication Critical patent/WO2018101452A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M11/00Telephonic communication systems specially adapted for combination with other electrical systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Definitions

  • the present invention relates to a communication method and a relay device.
  • IoT Internet of Things
  • Patent Document 1 discloses a so-called “LTE over Wi-Fi” technology that operates an unlicensed Wi-Fi (registered trademark) access point like an LTE (Long Term Evolution) base station. Disclosure. According to the present technology, communication based on the LTE protocol can be virtually operated over wireless communication such as a wireless LAN (Local Area Network) represented by Wi-Fi. While securing the secrecy of communication by using LTE, an unlicensed and easy and inexpensive communication system can be realized by using a wireless LAN.
  • LTE Long Term Evolution
  • Patent Document 1 By applying a technology suitable for IoT realization as disclosed in Patent Document 1, it is expected that data from various objects can be acquired and effectively used in all industrial fields. For example, big data realized by collecting such a large amount of data is expected to be used in all industrial fields.
  • the present invention provides a communication technique capable of individually managing reachability when terminals communicate with each other. Furthermore, the present invention provides a communication technique that can easily and inexpensively transmit data transmitted from a transmission source to a desired destination corresponding to the identification information of the transmission source while utilizing the advantages of LTE that have already been realized. provide.
  • the communication method of the present invention is a communication method performed by a relay device that relays communication between a plurality of terminals, and determines whether or not a plurality of terminals belong to a predetermined group, If it is determined that the terminal belongs to the one group, communication is permitted, and if it is determined that the plurality of terminals do not belong to the one group, communication is stopped.
  • the relay device of the present invention is a relay device that relays communication between a plurality of terminals, and determines whether or not the plurality of terminals belong to a predetermined group, and the plurality of terminals If it is determined that it belongs to one group, communication is permitted, and if it is determined that the plurality of terminals do not belong to the one group, communication is stopped.
  • the communication method according to the present invention is a communication method using a first communication system and a second communication system different from the first communication system, and the first communication system communicates LTE protocol data.
  • the communication system of the second communication system wherein the agent application of the first node and the agent application of the second node cooperate to perform authentication and enable transmission of LTE protocol data.
  • a path is established, and the first node transmits the LTE protocol data including the identification information of the first node to the second node through the communication path of the second communication system, A core network in which the second node secures connection with an external network in the first communication system.
  • the relay device that transmits the LTE protocol data and relays between the core network and the external network, based on the identification information in the LTE protocol data, specifies corresponding to the identification information in the external network
  • the LTE protocol data is transferred to the network path.
  • the communication method of the present invention is a communication method implemented by a relay device that relays between the core network and the external network of the first communication system, wherein the first communication system treats LTE protocol data as a communication target.
  • An LTE communication system wherein a first node for transmitting data in the LTE communication system and a second node are connected by a communication path using a second communication system different from the first communication system
  • the relay device receives the LTE protocol data transmitted from the first node via the second node on the communication path using the second communication system, and receives the LTE protocol data. Based on the identification information for identifying the first node in the data, the specification corresponding to the identification information in the external network Transferring data of the LTE protocol network path.
  • the relay device of the present invention is a relay device that relays between a core network and an external network of a first communication system, and the first communication system is an LTE communication system that targets LTE protocol data.
  • a first node transmitting data in the LTE communication system and a second node are connected by a communication path using a second communication system different from the first communication system, and the relay device Receives the LTE protocol data transmitted from the first node via the second node on the communication path using the second communication system, and receives the first data in the LTE protocol data.
  • a specific network route corresponding to the identification information in the external network To transfer the data of the serial LTE protocol.
  • FIG. 1 is a schematic diagram of a network system that implements an embodiment of a communication method of the present invention.
  • FIG. 2 is a conceptual diagram illustrating a situation in which the second communication system establishes a communication path between a terminal and an access point, and FIGS. 2A1 and 2A2 are logical views illustrating a control plane protocol stack. A software diagram is shown, and FIGS. 2B1 and 2B2 are logical software diagrams showing a user plane protocol stack.
  • FIG. 3 is a block diagram showing an outline of the EPC network.
  • FIG. 4 is a conceptual diagram showing an outline of the process from terminal attachment to detachment.
  • FIG. 5 is a sequence diagram of terminal attachment and bearer setting processing.
  • FIG. 6 is a block diagram showing an outline of the relay unit.
  • FIG. 7 is a conceptual diagram showing a situation in which the relay device of the relay unit transfers packet data.
  • FIG. 8 is a block diagram showing an outline of another embodiment of the relay unit.
  • FIG. 9A is a conceptual diagram showing reachability between three terminals, and
  • FIG. 9B shows a group number assigned to each group and terminals belonging to the group (terminal identification information).
  • FIG. 9C is a table showing the identification information given to each terminal and the IP address corresponding to the identification information.
  • FIG. 10 is a sequence diagram illustrating a procedure of a communication method using the relay device according to another embodiment.
  • FIG. 11 is a conceptual diagram illustrating a situation in which the relay device according to another embodiment transfers packet data in communication between terminals belonging to a specific group.
  • FIG. 12A is a conceptual diagram showing reachability between two terminals and a group of one subordinate concept
  • FIG. 12B is a group number assigned to each group and belongs to the group
  • FIG. 12C is a table showing the relationship between terminals or groups (terminal or group identification information), and FIG. 12C shows the identification information assigned to each terminal and the IP address corresponding to the identification information.
  • FIG. 13 is a sequence diagram illustrating a procedure of a communication method using a relay device according to still another embodiment.
  • FIG. 1 is a schematic diagram of a network system 500 to which the communication method of the present invention is applied.
  • the illustrated network system 500 is merely an embodiment, and the network system to which the present invention is applied is not limited to such a form.
  • the communication method of the embodiment applied to the network system 500 uses the first communication system 100 and the second communication system 200 different from the first communication system 100.
  • the first communication system 100 is an LTE communication system that uses LTE protocol data (specifically, packet data) as a communication protocol.
  • LTE is a further increase in the speed of the third generation mobile communication standard (3G) established by 3GPP (Third Generation Partnership Project) and is called 3.9G or 4G.
  • the network system 500 includes an external network 300 connected to the first communication system 100 in addition to the first communication system 100 and the second communication system 200.
  • the first communication system 100 and the external network 300 are connected to an EPC (Evolved Packet Core) network 20 via a relay device (switching device) 30.
  • the EPC network 20 is a part of the first communication system 100 and is a core network of the LTE communication system that is the first communication system 100.
  • the relay device 30 plays a role of switching a network route for transmitting packet data. Details of the EPC network 20 and the relay device 30 will be described later.
  • the EPC network 20 and the relay device 30 are formed as an integrated relay unit 40.
  • the relay device 30 serves as a central hub, and the EPC network 20 Various elements are connected to the relay device 30 (see FIG. 6 described later). For example, a specific business operator may provide the relay unit 40.
  • the relay device 30 serves only as a path and does not perform substantial processing.
  • the second communication system 200 establishes a communication path between a terminal (UE: User Equipment) 10 as a first node and an access point (AP; Access Point) 15 as a second node. Play a role.
  • UE User Equipment
  • AP Access Point
  • the second communication system 200 is a wireless communication system, for example, an unlicensed band communication using a license-free frequency band (unlicensed band) instead of a communication system using a licensed band (licensed band) like the LTE communication system. It is conceivable to use a system.
  • An unlicensed band communication system can be constructed by anyone relatively freely.
  • a wireless local area network such as Wi-Fi can be adopted, but the type is not particularly limited.
  • the second communication system 200 is not limited to wireless communication, and may be realized by wired communication like a wired local area network.
  • a first node such as equipment or machine arranged in a closed space of a factory or the like is connected to a second node similarly arranged in the factory or the like by a predetermined wired cable.
  • Ethernet registered trademark
  • the wired local area network Ethernet (registered trademark) or the like can be adopted, but the type is not particularly limited.
  • the first node is a terminal 10 such as a smartphone
  • the second node is an access point 15 such as a Wi-Fi router
  • the first node and the second node are such It is not limited to examples.
  • the first node may be not only the terminal 10 but also other stationary electronic devices (such as home appliances), and may be disposed outdoors or indoors. It may be a chip, a sensor or the like.
  • a sensor arranged in an infrastructure such as a water supply facility or an expressway can transmit data reflecting the state of the infrastructure.
  • the type of the second node is not particularly limited as long as it is a device (router, switch, etc.) having a wireless communication unit capable of receiving radio waves reflecting data transmitted from the first node.
  • the first node may be a facility, a machine, etc., a chip, a sensor, etc. installed in these devices as described above.
  • the type of the second node is not particularly limited as long as it is a device (router, switch, etc.) that can receive data via a wired cable connected to the first node.
  • the terminal 10 is exclusively used by the user, but the access point 15 may be prepared by a provider that provides the relay unit 40 or may be prepared by the user of the terminal 10.
  • the user prepares the terminal 10 and the access point 15, the user's own local communication network can be constructed.
  • An external network 300 is connected to the relay device 30, and the external network 300 is called a PDN (Packet Data Network), and is a network existing outside as viewed from the first communication system 100 and the second communication system 200. Including various network paths.
  • a network path 301 that is a general Internet
  • a network path 302 that is a cloud service network
  • a network path 303 that is a private network are included.
  • a network path 301 is connected to a computer device 401 such as a server or personal computer on the Internet
  • a network path 302 is connected to a cloud server 402 that performs a cloud computing service
  • a network path 303 is connected to a private server 403 such as an in-house server. Yes.
  • FIG. 2 is a conceptual diagram showing a situation in which the second communication system 200 establishes a communication path between a terminal (UE) 10 as a first node and an access point 15 as a second node.
  • UE terminal
  • This figure shows a so-called “LTE over Wi-Fi” technology that operates an access point 15 such as a Wi-Fi access point disclosed in Patent Document 1 like an LTE base station, and its specific contents are as follows.
  • This technology is capable of virtually operating communication using the LTE protocol on an unlicensed band communication system such as Wi-Fi and a physical wireless communication path using a wireless LAN. An environment can be realized.
  • FIG. 2 (a1) is a logical software diagram showing a control plane (C-plane) protocol stack that operates between a terminal (UE) and an LTE base station (referred to as eNodeB) in a general LTE communication system. Indicates. “Relay” in the figure indicates the concept of relaying.
  • C-plane control plane
  • UE terminal
  • eNodeB LTE base station
  • the second communication system 200 operates under the RLC sublayer.
  • each of the terminal 10 and the access point 15 has an “agent application” (agent) for authenticating and establishing a Wi-Fi communication path and authenticating and establishing a communication path of the LTE communication system. Pre-installed.
  • Agent application is application software installed on the terminal 10 and the access point 15 by, for example, a company operating the relay device 30, a company installing the access point 15, a user of the terminal 10, and the like.
  • the agent application is installed in each of the terminal 10 and the access point 15, thereby enabling authentication and establishment of communication paths of different communication systems such as the Wi-Fi and LTE communication systems.
  • the second communication system (Wi-Fi) 200 includes a MAC sublayer and an L1 layer (PHY layer) in the LTE communication system that is the first communication system.
  • Buffer and MUX / DeMUX assemblies 1002, 1004 Wi-Fi pipe (Wi-Fi PIPE) 1006, VPHY (virtualized PHY) 1008, UE-MAC 1010 that virtually operates as a MAC sublayer on the terminal side, access point It is replaced with AP-MAC 1012 that virtually operates as the MAC sublayer on the side.
  • Wi-Fi PIPE Wi-Fi pipe
  • VPHY virtualized PHY
  • the agent application of the terminal 10 and the agent application of the access point 15 cooperate to establish Wi-Fi between the terminal 10 and the access point 15 separately from the LTE communication system that is the first communication system 100. Authenticate and establish a wireless communication path. Further, the agent application of the terminal 10 and the agent application of the access point 15 cooperate to authenticate and establish the LTE communication system (first communication system 100).
  • the terminal 10 converts the LTE protocol data (packet data) including the identification information (for example, telephone number) of the terminal 10 described later into the second in the procedure of FIG. Transmission to the access point 15 is started through the communication path of the communication system 200.
  • FIG. 2 (b1) is a logical software diagram showing a user plane (U-plane; User Plane) protocol stack operating between a terminal (UE) and an LTE base station (eNodeB) in a general LTE communication system. .
  • U-plane User Plane
  • eNodeB LTE base station
  • the agent application of the terminal 10 After establishing the wireless communication path of FIG. 2 (a2), the agent application of the terminal 10 tries to connect to the access point 15, and the agent application of the access point 15 receives authentication information corresponding to this connection. After transmitting the authentication information to the agent application of the terminal 10 and exchanging such authentication information, transmission / reception of LTE protocol data starts as shown in FIG.
  • the second communication system (Wi-Fi in this example) 200 establishes a communication path between the terminal 10 and the access point 15 according to the configuration shown in FIGS. 2 (a2) and (b2)
  • the upper layer For example, the RLC sublayer, PDCP sublayer, RRC layer, etc.
  • the communication path of the virtual LTE communication system (first communication system 100) is established on the communication path of the physical Wi-Fi (second communication system 200), and data passing through the communication path is only LTE. Since it is protocol data (packet data), it is possible to realize transmission of data ensuring confidentiality.
  • the above-described technique it is possible to realize data transmission that secures secrecy by the LTE protocol on a wireless communication path using a wireless LAN such as Wi-Fi.
  • a wireless LAN such as Wi-Fi
  • the above-described method is an embodiment to which the technology of Patent Document 1 is applied, and the wireless communication path is not limited to that using Wi-Fi.
  • wired communication instead of establishing a wireless communication path, data transmission that secures secrecy by the LTE protocol is performed using a wired communication path.
  • FIG. 3 is a block diagram showing an outline of the EPC network 20 that is a core network.
  • the EPC network 20 is a core network standardized by Release 8 of 3GPP, and is established at the same time as LTE and can accommodate various wireless accesses.
  • the access point 15 here, a virtual LTE base station
  • receives packet data transmitted from a terminal here, a virtual UE
  • the EPC network 20 fulfills the function of ensuring the connection between the terminal 10 and the relay device 30 and further the external network 300.
  • packet data transmitted from the terminal 10 via the access point 15 can be transmitted to the relay device 30 and further to the external network 300.
  • the EPC network 20 includes an MME (Mobility Management Entity) 21, an HSS (Home Subscriber Server) 22, a PCRF (Policy and Charging Rules Rules) 26, and an AAA server (Triple A Server) 27. Contains.
  • MME Mobility Management Entity
  • HSS Home Subscriber Server
  • PCRF Policy and Charging Rules Rules
  • AAA server Triple A Server
  • the MME 21 is a logical node that accommodates the access point 15 and provides mobility control, and performs mobility control such as location registration, paging, and handover.
  • the HSS 22 is a subscriber management database in LTE, and manages subscriber contract information, authentication information, location information, and the like.
  • the MME 21 performs user authentication based on the authentication information notified from the HSS 22.
  • the S-GW 23 is a packet gateway that accommodates the 3GPP access system and transmits data.
  • the P-GW 24 is a gateway that performs IP address assignment, packet transfer, and the like at a connection point with an external network (PDN).
  • PDN external network
  • the PCRF 26 is a logical node that performs QoS for user data transfer (Quality of Service; control of communication quality such as packet priority transfer) and charging.
  • the QoS value determined by the PCRF 26 is notified to the P-GW 24, S-GW 23, and access point 15, and each node performs QoS control on the user data packet according to the notified QoS value.
  • the AAA 27 exclusively establishes a bearer (data transmission path).
  • the EPC network 20 and the relay device 30 are physically and mechanically formed as an integrated relay unit 40, and specifically, the relay device 30 is a central hub. , MME21, HSS22, and PCRF26 are connected. However, in this figure, the relay device 30 is omitted, and there is a relay device ahead of the arrow B, and data is sent.
  • FIG. 4 is a conceptual diagram showing an outline of steps from attachment to detachment of the terminal (UE) 10 as the first node.
  • Attach is a process for registering the terminal 10 in the network, which is performed when the terminal 10 is powered on
  • detach is a process for separating the terminal 10 from the network, which is performed when the terminal 10 is powered off.
  • bearer setting and assignment of an IP address to the terminal 10 are performed, and communication can be started (attached).
  • the constant bearer between the access point and the S-GW 23 in the EPC network 20 and between the S-GW 23 and the P-GW 24 is always set when the power is turned on.
  • the terminal 10 corresponds to a virtual UE in the LTE communication system
  • the access point 15 corresponds to a virtual LTE base station (virtual eNodeB) in the LTE communication system.
  • FIG. 5 is a sequence diagram of the attach and bearer setting process of the terminal (UE) 10 which is the first node.
  • the terminal 10 that is the first node transmits an attach request to the MME 21 via the access point 15 that is the second node (step 1).
  • the MME 21 performs user authentication based on the authentication information acquired from the HSS 22, and the AAA 27 acquires and manages contract information necessary for bearer setting from the HSS 22 (steps 2 to 4).
  • the MME 21 selects the S-GW 23 and P-GW 24 to which bearers are set by DNS (Domain Name System), and sets the bearer for the selected S-GW 23.
  • a setting request signal is transmitted (step 5).
  • the S-GW 23 performs bearer setting processing on the P-GW 24 set in the bearer setting request signal (step 6).
  • the P-GW 24 cooperates with the PCRF 26 to acquire charging information to be applied, and further performs connection processing to the relay device 30 and the external network (PDN) 300.
  • the S-GW 23 notifies the transmission information for the access point 15 to the MME 21 (step 7).
  • the MME 21 notifies the transmission information received from the S-GW 23 to the access point 15 as a radio bearer setting request.
  • This setting request includes an attach acceptance signal to the terminal 10.
  • the access point 15 establishes a radio bearer with the terminal 10 and simultaneously transmits an attach acceptance signal to the terminal 10 (step 8).
  • a radio bearer setting response signal is received from the terminal 10, and transmission information for the S-GW 23 is notified to the MME 21 (step 9).
  • the MME 21 When the MME 21 receives the attach completion signal from the terminal 10 (Step 10), it notifies the S-GW 23 of the bearer update request received from the access point 15 (Step 11).
  • the S-GW 23 completes the bearer update between the access point 15 and the S-GW 23 based on the received information (step 12).
  • the S-GW 23 transmits a bearer update response to the MME 21 (step 13).
  • bearer setting between the terminal 10 to the access point 15 to the S-GW 23 to the P-GW 24 is completed.
  • data from the terminal 10 is sent via the communication path of the second communication system such as Wi-Fi, but the terminal 10 functions as a virtual UE in the LTE communication system.
  • the access point 15 functions as a virtual LTE base station (virtual eNodeB) in the LTE communication system. Since the transmission target is LTE protocol data (packet data), the processes of FIGS. 4 and 5 are the same as the processes of a normal LTE communication system.
  • LTE protocol data packet data
  • FIG. 6 is a block diagram showing an outline of the relay unit 40 including the EPC network 20 and the relay device 30.
  • the EPC network 20 and the relay device 30 are physically and mechanically formed as an integrated relay unit 40.
  • the MME 21 is configured with the relay device 30 as a central hub.
  • the HSS 22, the S-GW 23, the P-GW 24, the PCRF 26, and the AAA 27 are connected.
  • the relay device 30 serves only as a path and does not perform substantial processing.
  • a solid line connection means a control signal and user data path
  • a broken line connection means a control signal path.
  • the relay device 30 (relay unit 40) is connected to the access point 15 as the second node via connection nodes (gateways) 31A and 31B, and also connected to the external network 300 via a connection note (not shown). Has been.
  • two first relay devices 30A and second relay devices 30B are prepared as the relay device 30, and two MME21, HSS22, S-GW23, P-GW24, PCRF26, and AAA27 are also provided.
  • First MME 21A, second MME 21B, first HSS 22A, second HSS 22B, first S-GW 23A, second S-GW 23B, first P-GW 24A, second P-GW 24B, first PCRF26A, second PCRF26B, first AAA27A, and second AAA27B are prepared.
  • Two elements of the relay device 30 and the EPC network 20 are provided (dual type), and parallel processing is possible in each element, and the processing capability is improved.
  • the numbers “1” and “2” of the relay device 30 are connections for connection with “first ... (MME 21B etc.)” and “second ... (MME 21A etc.)”, respectively. Port.
  • FIG. 7 is a conceptual diagram showing a situation in which the relay device 30 that relays between the EPC network 20 and the external network 300 transfers packet data (LTE protocol data) P1, P2, and P3.
  • the relay device 30 transfers the packet data to specific network paths 301 to 303 corresponding to the identification information in the external network 300 based on the identification information in the packet data P1, P2, and P3.
  • the identification information is information for individually identifying and specifying the first node, and various types of information can be applied.
  • the identification information is, for example, a memory card that is detachably mounted on the terminal 10 that is the first node, such as a SIM (Subscriber Identity Module) card, a USIM (Universal Subscriber Identity Module) card, or a memory that is fixed inside the terminal 10. Is stored in a virtual SIM or the like realized by being stored in If the first node is a sensor or a chip, the identification information is stored in its internal memory.
  • the packet data P1, P2, and P3 of the terminal 10 are received by the access point 15 as the second node, and the packet data passes through the connection nodes 31A and 31B of the EPC network 20.
  • P-GW 24 receives.
  • the P-GW 24 makes an inquiry about the packet data to the AAA 27 when the bearer is established, and the AAA 27 confirms the identification information in each packet data received by the P-GW 24.
  • the AAA 27 has in advance a correspondence table in which the telephone numbers of the terminals 10A, 10B, and 10C as shown in Table 1 below are associated with the IP addresses of the transfer destinations.
  • the IP address “XXX.XXX.XX.XX” is associated with the telephone number “aaa-bbb-cccc” of the terminal 10A that transmits the packet data P1.
  • the IP address “YYY.YYY.YYYYYYYYYYYYYYY” is associated with the telephone number “ddd-eeee-ffff” of the terminal 10B that transmits the packet data P2.
  • IP address “ZZZ.ZZZZ.ZZZZZ” is associated with the terminal 10C telephone number “ggg-hhh-iii” that transmits the packet data P3.
  • the telephone number of each terminal is identification information for identifying the terminal, but the IP address associated with the telephone number also serves as identification information for identifying the terminal.
  • the AAA 27 notifies the P-GW 24 of the IP address corresponding to the identification information in the packet data P1, P2, and P3 received from each of the terminals 10A, 10B, and 10C, and the P-GW 24 sends this IP address. Notify the relay device 30.
  • the relay device 30 has a destination IP address of each of the network paths 301 to 303 previously permitted as a transfer destination in advance corresponding to the IP address which is identification information.
  • the relay device 30 refers to the IP address received from the P-GW 24 and transfers the packet data to the network paths 301 to 303 having the destination IP address permitted in advance with respect to this IP address. That is, after the bearer is established, the P-GW 24 associates the telephone numbers of the terminals 10A, 10B, and 10C with the IP addresses, and the relay device 30 identifies the identification information (telephone number and the terminal 10A, 10B, and 10C). It plays a role of transferring data to the network paths 301, 302, and 303 having destination IP addresses permitted in advance with respect to (IP address).
  • the IP address in the packet data P1 is “XXX.XXX.XXX.XX”, and the relay device 30 transfers the packet data P1 to the network path 301 permitted in advance.
  • the relay device 30 transfers the packet data P2 to the network path 302 that has been previously permitted.
  • the relay device 30 transfers the packet data P2 to the network path 302 permitted in advance.
  • the relay device 30 assumes that the terminal 10 as the first node and the access point 15 as the second node are connected by a communication path using the second communication system. Receives the packet data (LTE protocol data) of the first communication system transmitted over the communication path using the second communication system and transmitted through the access point 15, and the terminal 10 in the packet data is Based on the identification information to be identified, a communication method (relay method) for transferring packet data to specific, previously permitted network paths 301 to 303 corresponding to the identification information in the external network 300 is performed.
  • LTE protocol data LTE protocol data
  • the network path 301 is connected to a computer device 401 such as a general server or personal computer on the Internet. That is, the IP address “XXX.XXX.XX.XX” of the packet data P1 indicates data that is permitted to be sent to the computer device 401 via the publicly released Internet.
  • the network path 302 is connected to the cloud server 402. That is, the IP address “YYY.YYY.YY.YYYY” of the packet data P2 indicates data that is permitted to be sent to the cloud server 402 via the cloud service network constructed to provide the cloud service. Yes.
  • the network path 303 is connected to a private server 403 such as an in-company server. That is, the IP address “ZZZ.ZZZ.ZZZ.ZZZ.” Of the packet data P3 indicates data permitted to be sent to the cloud server 402 via a private network constructed to provide a closed environment. ing.
  • the relay device 30 determines the type of the packet data based on the identification information indicated by the packet data, and thus the IP address, and sends the packet data to an appropriate transfer destination, that is, a transfer destination permitted in advance (transfer destination having the destination IP address). be able to.
  • the user can manage the identification information of the terminal 10 from the management portal site 50.
  • the management portal site 50 is a multi-tenant system that can handle a plurality of customers (tenants) using the terminal 10, it is possible to easily perform information management for each customer and setting of an arbitrary policy for each customer.
  • Information management includes management of identification information (SIM information and the like) of each terminal 10, monitoring of traffic, setting of communication band, and the like, and the type is not limited to such.
  • the arbitrary policy includes a communication authority (connection policy) corresponding to the identification information of the terminal 10, and the type thereof is not limited to such.
  • the relay device 30 connects a plurality of cloud service networks (network paths 302).
  • the connection route is constructed by data center premises wiring including an EPC network and a line or network connected to the data center, VPN (Virtual Private Network), line pull-in, etc. It is conceivable to perform control.
  • the relay device 30 can connect not only the cloud service network but also other specific destinations (network path 303) such as a data center of a customer company that uses this system.
  • FIG. 8 is a block diagram showing an outline of another embodiment of the relay unit 40.
  • the access point 15 plays a role of a second node that establishes a communication path using the second communication system in cooperation with the first node.
  • the second node is not limited to the access point 15 and can be constructed by installing an agent application in any other device.
  • a virtual base station 60 that is virtually set is connected to the access point 15 instead of the connection nodes (gateways) 31A and 31B in FIG.
  • the virtual base station 60 is constructed by installing an agent application in a normal gateway, for example, and plays the role of a second node.
  • a part of the relay unit 40 may function as the second node, and the second node is not limited to a specific position and device physically. That is, the virtual base station 60 that is the second node has the agent application that cooperates with the agent application of the first node to set the communication path of the second communication system and the communication path of the virtual LTE communication system.
  • This is a virtual LTE base station that can be established, and has the same function as the access point 15 in FIGS.
  • the access point 15 simply acts as a path point for transmitting and receiving radio waves and does not serve as the second node. Therefore, the existing access point can be used as it is, and is inexpensive. A transceiver can also be used.
  • the second communication system employs a communication path including a plurality of communication systems such as Wi-Fi and wired LAN. Although an existing Wi-Fi access point or the like can be used for the access point 15 in this example, since security is often not secured as it is, the access point 15 is connected to the second node (virtual base in this example). It is desirable to prepare a secure communication path such as VPN between the gateways of the stations 60).
  • the present invention it is possible to smoothly transmit information from all things such as terminals and sensors to an external network while utilizing the advantages of LTE that have already been realized.
  • An enormous amount of data can be obtained at low cost, and more effective use of data is expected in all industrial fields.
  • IoT it is necessary to exchange an enormous amount of data with high confidentiality, and the communication method according to the present invention is considered to be highly useful.
  • the data of the LTE protocol is sent to the second communication system using a communication path of a cheap and easy-to-handle communication system such as Wi-Fi, it is possible to easily and inexpensively maintain data while maintaining confidentiality. Transmission can be realized.
  • a provider that provides a communication service following the communication system of the present embodiment (for example, a provider that provides the relay unit 40) is independent of a carrier that has received a license to perform LTE mobile communication.
  • a SIM or virtual SIM having identification information of each terminal is issued to the user.
  • identification information is acquired to authenticate each terminal, and data from the authenticated terminal is transferred to a network path corresponding to the terminal identification information. Send to the destination set according to.
  • the identification information of each user's terminal is set as an overview for each user, a setting according to the type of terminal, and an individual terminal It is possible to freely change or extend the identification information such as the setting of the ID, and change or extend various settings corresponding to the identification information. In addition, the degree of freedom of network configuration is great.
  • a private LTE communication becomes possible simply by preparing a plurality of destination network routes in advance and connecting the terminal side and the external network side respectively.
  • the terminal is connected to an access point prepared by a provider, or connected to an access point of a communication network built by the user.
  • connection nodes corresponding to the Internet, cloud network, private network, etc., respectively, so that they can connect to each external network.
  • LTE communication by connecting a terminal and a core network using an unlicensed communication system (wireless LAN or the like) and construct a private LTE communication system.
  • LTE communication in which confidentiality, QoS, and the like are established can be realized in various network configurations that meet user needs.
  • the relay device since the relay device transfers the LTE protocol data to a specific network path corresponding to the identification information based on the identification information in the LTE protocol data, the data may be transmitted to the intended destination without fail. it can. It is also possible to enhance the security between the terminal and the server of the destination network route (end-to-end).
  • a relay device in a network generally controls communication between terminals connected to the device collectively.
  • Each terminal hangs on the relay device in a grouped state by a base station or the like from the viewpoint of a physical network, but from the viewpoint of a logical network important in terms of communication protocol, each terminal hangs in parallel with the relay device. ing.
  • the relay device since the relay device cannot distinguish each terminal belonging to the network by a specific attribute, the relay device generally prohibits communication between a plurality of terminals in a lump or permits it in a lump. is there.
  • a relay device On the other hand, it is required to individually manage reachability with which terminals communicate with each other. Therefore, in the embodiment described below, terminals connected to the relay device in the network (including both wired and wireless) are managed collectively for each group from the viewpoint of specific attributes, and communicated only within the group. Is permitted, that is, reachability is recognized.
  • the relay apparatus of this embodiment relays communication between a plurality of terminals belonging to a predetermined group. Note that “reachability” is sometimes called “communicability”.
  • FIG. 9A is a conceptual diagram showing reachability between, for example, three terminals.
  • the first terminal (terminal 1) and the second terminal (terminal 2) are allowed to communicate in advance (reach).
  • the first terminal and the third terminal (terminal 3) are also permitted to communicate in advance (with reachability).
  • the first terminal and the second terminal belong to a group of terminals owned by a specific company, and the first terminal and the third terminal belong to a group of terminals that enjoy a specific IoT service. That is, a plurality of reachable terminals belong to a specific group that has been generated in advance after being classified according to some attribute.
  • FIG. 9B is a table showing a relationship between a group number (group ID) assigned to each group and a terminal (terminal identification information) belonging to the group.
  • group ID group ID
  • terminal identification information terminal identification information belonging to the group.
  • the first terminal (ID1) and the second terminal (ID2) belong to the group 1 with the predetermined group number 1.
  • the first terminal (ID1) and the third terminal (ID3) belong to the group 2 with the predetermined group number 2.
  • the number of groups may be three or more, and is not limited. Further, the number of terminals belonging to each group is not particularly limited.
  • FIG. 9C is a table showing identification information given to each terminal and an IP address corresponding to the identification information.
  • the identification information here includes, for example, IMSI (International Mobile Subscriber Identity), a telephone number, and other unique information (such as a unique ID uniquely assigned for a specific communication system).
  • the line ID (customer ID) to be provided is included.
  • An IP address of 192.168.1.1 is assigned to the first terminal (ID1)
  • an IP address of 192.168.1.2 is assigned to the second terminal (ID2)
  • 192.168.1.3 is assigned to the third terminal (ID3). IP address is assigned.
  • the relationship between each group shown in FIG. 9B and the terminal to which it belongs and the relationship between each terminal shown in FIG. 9C and the IP address assigned to it (according to its identification information) are established in advance.
  • the relay device can refer to tables such as FIG. 9B and FIG. 9C held in a storage device owned by itself or a storage device of another server in the network, for example.
  • the relay apparatus receives packet data transmitted from the transmission source terminal to another transmission destination terminal, and identifies the IP address of the transmission source terminal and the IP address of the transmission destination terminal. Further, the relay device identifies the identification information of the transmission source terminal and the identification information of the transmission destination terminal based on the identified IP addresses by referring to the tables of FIGS. 9B and 9C. To do. Thereby, the relay apparatus determines the presence / absence of a group to which each of the transmission source terminal and the transmission destination terminal belongs and the group number thereof. As a result of this determination, the relay apparatus can determine whether or not a plurality of terminals belong to a predetermined group, such as a transmission source terminal and a transmission destination terminal.
  • the relay device permits communication when it is determined that a plurality of terminals belong to one group (when the group number of each terminal is the same). Specifically, the relay device transfers packet data received directly or indirectly from the transmission source terminal to the transmission destination terminal. On the other hand, when the relay apparatus determines that a plurality of terminals do not belong to one group (when the group numbers of the terminals are different), the relay apparatus stops communication. Specifically, the relay device discards the received packet data. Thereby, the relay apparatus can permit only communication between terminals belonging to a specific group, and can provide a detailed communication service. Further, for example, it is possible to ensure secure communication that ensures confidentiality. Furthermore, an increase in communication volume can be suppressed.
  • one terminal can also belong to a plurality of groups like the first terminal in FIG.
  • the first terminal is a terminal owned by a specific company (belonging to group 1) and a terminal that enjoys a specific IoT service (belonging to group 2).
  • the relay apparatus can realize an operation in accordance with a more complicated relationship such as sharing of a terminal or concurrent duties by belonging to a plurality of groups of one terminal.
  • this embodiment is a method in which the relay device manages reachability between terminals as a group. It is also recognized that one terminal belongs to a plurality of groups.
  • the function of the relay device can be realized as a part of the EPC P-GW. That is, it is possible to incorporate the relay device of this embodiment in the core network.
  • FIG. 10 is a sequence diagram showing a procedure of a communication method using the relay device 30A of the present embodiment.
  • the first terminal 11, the access point 15, and the bearer of the EPC network 20 are established in advance (step 21).
  • the bearers of the second terminal 12, the access point 15, and the EPC network 20 are also established in advance (step 22).
  • the third terminal 13, the access point 15, and the bearer of the EPC network 20 are also established in advance (step 23).
  • Such bearer establishment is performed according to a normal procedure.
  • the first terminal 11 transmits packet data to the second terminal 12 (step 24).
  • the relay device 30A of this embodiment confirms whether or not the first terminal 11 and the second terminal 12 belong to the same group (step 25). This confirmation can be performed by referring to the IP address of the first terminal 11, the IP address of the second terminal 12, and the tables of FIGS. 9B and 9C.
  • the relay device 30A determines that the first terminal 11 and the second terminal 12 belong to the same group, permits communication, and transfers the packet data to the second terminal 12 (step 26).
  • the second terminal 12 transmits packet data to the third terminal 13 (step 27).
  • the relay device 30A checks whether the second terminal 12 and the third terminal 13 belong to the same group (step 28). This confirmation can be performed by referring to the IP address of the second terminal 12, the IP address of the third terminal 13, and the tables of FIGS. 9B and 9C.
  • the relay device 30A determines that the second terminal 12 and the third terminal 13 do not belong to the same group, stops communication, and discards packet data.
  • FIG. 11 is a conceptual diagram showing a situation in which the relay device of this embodiment transfers packet data in communication between terminals belonging to a specific group.
  • the network shown in this figure is similar to that shown in FIG. 7, but each terminal belongs to a specific group in accordance with the concept described in FIG.
  • a plurality of terminals 10D1 and 10D2 that can be connected to a plurality of access points 15D1 and 15D2 belong to the group G1.
  • the relay device 30A transmits (transfers) the packet data P1 transmitted from one terminal 10D1 belonging to the group G1 to another terminal 10D2 belonging to the same group G1.
  • a plurality of terminals 10E1 and 10E2 that can be connected to one access point 15E belong to the group G2.
  • the relay device 30A transmits (transfers) the packet data P2 transmitted from one terminal 10E1 belonging to the group G2 to another terminal 10E2 belonging to the same group G2.
  • the group G2 is an example in which terminals that are close to each other in distance and belong to the same group from the viewpoint of the physical network belong (accidentally) to the same group also from the viewpoint of the logical network.
  • the group G3 is an example of a group to which a plurality of terminals 10F can belong from the viewpoint of a logical network, not from the viewpoint of a physical network.
  • the one terminal 10F1 belongs to the second communication system that can communicate with the relay device 30A (relay unit 40) via the first communication system (LTE communication system) 100 described in the previous embodiment. It is a terminal.
  • the other terminal 10F2 is a terminal that is under the management of the private server 403 and exists on the network path 303 in the external network 300 outside as viewed from the relay device 30A.
  • the two terminals 10F1 and 10F2 are far from each other in distance and cannot belong to the same group from the viewpoint of a physical network, but belong to the same group from the viewpoint of a logical network.
  • the relay device 30A transmits (transfers) the packet data P3 transmitted from one terminal 10F1 belonging to the group G3 to another terminal 10F2 belonging to the same group G3.
  • FIG. 12 shows still another embodiment of the present invention.
  • a plurality of reachable terminals belong to a specific group that is generated in advance after being classified according to some attribute.
  • a lower concept group belongs to a higher concept group
  • a terminal belongs to the lower concept group. That is, groups with different concept levels constitute a hierarchy, and the present invention can be applied even in such a case.
  • FIG. 12A is a conceptual diagram showing reachability between two terminals and one group, for example, and communication between the first terminal (terminal 1) and the second terminal (terminal 2) is permitted in advance.
  • the first terminal, and the third terminal (terminal 3) and the fourth terminal (terminal 4) belonging to the group 3 are also permitted to communicate in advance (with reachability).
  • the first terminal and the second terminal belong to a group of terminals owned by a specific company
  • the first terminal, the third terminal, and the fourth terminal belong to a group of terminals that enjoy a specific IoT service. belong to. That is, a plurality of reachable terminals belong to a specific group that has been generated in advance after being classified according to some attribute.
  • the third terminal and the fourth terminal belong to a group (group 3) of terminals that enjoy the special menu in the IoT service. That is, there is a hierarchical structure in which a lower concept group to which the third terminal and the fourth terminal belong belongs to a higher concept group to which the first terminal and the third terminal and the fourth terminal belong. Is formed.
  • FIG. 12B is a table showing a relationship between a group number (group ID) given to each group and a terminal (terminal identification information) belonging to the group.
  • a first terminal (UE-ID1) and a second terminal (UE-ID2) belong to a group 1 with a predetermined group number 1.
  • the first terminal (terminal-ID1) and the group 3 (GR-ID3) of group number 3 belong to the group 2 of the predetermined group number 2.
  • the third terminal (UE-ID3) and the fourth terminal (UE-ID4) belong to the group 3 with the group number 3.
  • the number of groups may be three or more, and is not limited. Further, the number of terminals belonging to each group is not particularly limited.
  • FIG. 12C is a table showing the identification information given to each terminal and the IP address corresponding to the identification information.
  • the identification information here is the same type as that of the above-described embodiment.
  • An IP address of 192.168.1.1 is assigned to the first terminal (ID1)
  • an IP address of 192.168.1.2 is assigned to the second terminal (ID2)
  • 192.168.1.3 is assigned to the third terminal (ID3)
  • the IP address of 192.168.1.4 is assigned to the fourth terminal (ID4).
  • each group shown in FIG. 12B and the terminal to which it belongs and the relationship between each terminal shown in FIG. 12C and the IP address assigned to it (according to its identification information) are established in advance.
  • the relay device can refer to tables such as FIG. 12B and FIG. 12C held in a storage device owned by itself or a storage device of another server in the network.
  • the relay apparatus receives packet data transmitted from the transmission source terminal to another transmission destination terminal, and identifies the IP address of the transmission source terminal and the IP address of the transmission destination terminal. Further, the relay device specifies the identification information of the transmission source terminal and the identification information of the transmission destination terminal based on the identified IP addresses by referring to the tables of FIGS. 12B and 12C. To do. Thereby, the relay apparatus determines the presence / absence of a group to which each of the transmission source terminal and the transmission destination terminal belongs and the group number thereof. As a result of this determination, the relay apparatus can determine whether or not a plurality of terminals belong to a predetermined group, such as a transmission source terminal and a transmission destination terminal.
  • the relay device permits communication when it is determined that a plurality of terminals belong to one group (when the group number of each terminal is the same). Specifically, the relay device transfers packet data received directly or indirectly from the transmission source terminal to the transmission destination terminal. On the other hand, when the relay apparatus determines that a plurality of terminals do not belong to one group (when the group numbers of the terminals are different), the relay apparatus stops communication. Specifically, the relay device discards the received packet data. Thereby, the relay apparatus can permit only communication between terminals belonging to a specific group, and can provide a detailed communication service. Further, for example, it is possible to ensure secure communication that ensures confidentiality. Furthermore, an increase in communication volume can be suppressed.
  • the relay apparatus includes the IDs, UE-ID3, and UE-ID4 of all terminals belonging to the lower concept group 2 in a plurality of terminals belonging to the higher concept group 2.
  • the transmission destination terminal belongs to the hierarchical concept group
  • the terminals belonging to the lower concept group are clearly registered in advance, and the relay device is added to the higher concept group.
  • the received packet data can be transferred appropriately.
  • FIG. 13 is a sequence diagram showing a procedure of a communication method using the relay device 30A of the present embodiment. Steps 21 to 23 are the same as in the previous embodiment.
  • the first terminal 11 transmits packet data to the third terminal 13 (step 30).
  • the relay device 30A acquires all cases of group numbers (group IDs) belonging to the same group as the group to which the first terminal 11 belongs (step 31). This process can be performed by referring to the IP address of the first terminal 11 and the tables shown in FIGS. 12B and 12C.
  • the relay device 30A acquires the UE-ID2 of the second terminal of the group 1 to which the first terminal 11 belongs, and the GR-ID3 of the group 3 of the group 2 to which the first terminal 11 also belongs. .
  • the relay device 30A determines whether or not a group ID (group number) is included in all acquired IDs (step 32).
  • group ID group number
  • relay apparatus 30A determines the terminal ID from group 3, that is, UE-ID4 of the third terminal and UE of the fourth terminal. Extract ID4 (step 33).
  • the relay device 30A performs the processes of step 31 and step 32 again.
  • the relay device 30A next includes all the terminal IDs acquired by the ID of the target terminal, that is, the terminal ID of the transmission destination that transmits the packet data. It is determined whether it is included (step 34).
  • UE-ID2 which is the terminal ID of the transmission destination, is included, relay device 30A transfers the packet data to third terminal 13 (step 35).
  • step 34 if the ID of the target terminal, that is, the terminal ID of the transmission destination is not included in all the acquired terminal IDs, the relay device 30A stops communication. Specifically, relay device 30A discards the received packet data.
  • the first communication system 100 is an LTE communication system, and the data of the LTE protocol is transferred under the unlicensed band communication by the action of the agent application of two nodes. Communication is possible.
  • the invention brought about by the embodiment of FIGS. 9 to 13 does not necessarily have the LTE communication system as its element, and the data to be communicated is not limited to the data of the LTE protocol.
  • each terminal can belong to any group and communication reachability can be ensured. is there.
  • FIG. 9 (b), FIG. 9 (c), FIG. 12 (b), and FIG. 12 (c) show the data in the table format. It is also possible to store the relationship between the terminal and the relationship between each terminal and the IP address.
  • the type of the IP address of the terminal here is not particularly limited, and not only the IP address assigned to each individual terminal shown in FIGS. 9C and 12C, but also for one group. It may be an IP address assigned. In the latter case, the relay device realizes communication between groups, for example.
  • the first node corresponding to the terminal 10 is not particularly limited, but specific examples thereof include a monitoring camera, a data measuring device (sensor device), and a person himself / herself.
  • Various mobile terminals used at the will of the company are included. Mobile terminals include mobile phones, smartphones, tablets, game machines, VR (Virtual Reality) terminals, AR (Augmented Reality) terminals, and the like.
  • the data transmitted from the first node naturally includes voice data (voice packet data).
  • the communication method of the present invention can be applied to fields where it is necessary to obtain a huge amount of data from any object such as terminals and sensors at low cost, and is expected to contribute particularly to the realization of IoT.
  • terminal 10 terminal (first node, UE) 15 access point (second node) 20 EPC network (core network) 30, 30A Relay device 40 Relay unit 50 Management portal site 100 First communication system (LTE communication system) 200 Second communication system 300 External network 301, 302, 303 Network path 401 Computer device 402 Cloud server 403 Private server 500 Network system

Abstract

This communication method implemented by a relay apparatus that relays communication among a plurality of terminals, determines whether the terminals belong to a predetermined group, permits communication when it is determined that the terminals belong to the group, and halts communication when it is determined that the terminals do not belong to the group.

Description

通信方法および中継装置Communication method and relay device
 本発明は、通信方法および中継装置に関する。 The present invention relates to a communication method and a relay device.
 昨今、電子機器、チップ、センサーなどあらゆるモノをインターネットなどの通信網に接続し、情報交換を促すことによりモノを相互に制御する「モノのインターネット」、いわゆるIoT(Internet of Things)実現に向けての動きが活発化している。IoTにおいては、膨大な量のデータのやり取りがなされる一方で、秘匿性の高い情報も含まれると考えられる。よって、秘匿性を確保しつつ、手軽かつ安価に利用可能な通信システムの実現が求められている。 In recent years, all things such as electronic devices, chips, and sensors are connected to communication networks such as the Internet, and the Internet of Things is controlled by promoting information exchange, so-called IoT (Internet of Things). The movement of is becoming active. In IoT, an enormous amount of data is exchanged, but highly confidential information is also included. Therefore, realization of a communication system that can be used easily and inexpensively while ensuring secrecy is desired.
 例えば特許文献1は、アンライセンスな(免許が不要な)Wi-Fi(登録商標)アクセスポイントをLTE(Long Term Evolution)基地局のように動作させる、いわゆる「LTE over Wi-Fi」の技術を開示している。本技術によれば、Wi-Fiに代表される無線LAN(Local Area Network;ローカルエリアネットワーク)の如き無線通信の上で、LTEのプロトコルによる通信を仮想的に動作させることが可能である。LTEの利用により通信の秘匿性を確保しつつ、無線LANの利用によりアンライセンスで手軽かつ安価な通信システムを実現することができる。 For example, Patent Document 1 discloses a so-called “LTE over Wi-Fi” technology that operates an unlicensed Wi-Fi (registered trademark) access point like an LTE (Long Term Evolution) base station. Disclosure. According to the present technology, communication based on the LTE protocol can be virtually operated over wireless communication such as a wireless LAN (Local Area Network) represented by Wi-Fi. While securing the secrecy of communication by using LTE, an unlicensed and easy and inexpensive communication system can be realized by using a wireless LAN.
日本国特表2016-507993号公報Japanese National Table 2016-507993
 特許文献1に開示された様な、IoTの実現に適した技術を応用することにより、あらゆる産業分野において様々なモノからのデータを取得し、有効活用することが期待される。例えばこのような膨大なデータの収集により実現されるビッグデータは、その活用があらゆる産業分野において期待されている。 By applying a technology suitable for IoT realization as disclosed in Patent Document 1, it is expected that data from various objects can be acquired and effectively used in all industrial fields. For example, big data realized by collecting such a large amount of data is expected to be used in all industrial fields.
 また、このような実情に鑑みネットワークに接続するあらゆる種類の端末の数が飛躍的に増加している。そして、端末同士が通信する到達性を個別に管理することが求められつつある。 In view of this situation, the number of all types of terminals connected to the network has increased dramatically. And it is being demanded to manage individually the reachability with which terminals communicate.
 本発明は、端末同士が通信する際の到達性を個別に管理し得る通信技術を提供する。更に本発明は、既に実現されているLTEの長所を活用しつつ、送信元から送信されたデータを、送信元の識別情報に対応した所望の宛先に、手軽かつ安価に送信可能な通信技術を提供する。 The present invention provides a communication technique capable of individually managing reachability when terminals communicate with each other. Furthermore, the present invention provides a communication technique that can easily and inexpensively transmit data transmitted from a transmission source to a desired destination corresponding to the identification information of the transmission source while utilizing the advantages of LTE that have already been realized. provide.
 本発明の通信方法は、複数の端末間の通信を中継する中継装置が行う通信方法であって、複数の端末が予め定められた一のグループに所属しているか否かを判定し、前記複数の端末が前記一のグループに所属していると判定した場合は、通信を許可し、前記複数の端末が前記一のグループに所属していないと判定した場合は、通信を停止する。 The communication method of the present invention is a communication method performed by a relay device that relays communication between a plurality of terminals, and determines whether or not a plurality of terminals belong to a predetermined group, If it is determined that the terminal belongs to the one group, communication is permitted, and if it is determined that the plurality of terminals do not belong to the one group, communication is stopped.
 本発明の中継装置は、複数の端末間の通信を中継する中継装置であって、複数の端末が予め定められた一のグループに所属しているか否かを判定し、前記複数の端末が前記一のグループに所属していると判定した場合は、通信を許可し、前記複数の端末が前記一のグループに所属していないと判定した場合は、通信を停止する。 The relay device of the present invention is a relay device that relays communication between a plurality of terminals, and determines whether or not the plurality of terminals belong to a predetermined group, and the plurality of terminals If it is determined that it belongs to one group, communication is permitted, and if it is determined that the plurality of terminals do not belong to the one group, communication is stopped.
 本発明の通信方法は、第1の通信システムおよび当該第1の通信システムとは異なる第2の通信システムを利用した通信方法であって、前記第1の通信システムがLTEプロトコルのデータを通信対象としたLTE通信システムであり、第1のノードのエージェントアプリケーションおよび第2のノードのエージェントアプリケーションが協働して認証を行い、LTEプロトコルのデータの送信を可能にする前記第2の通信システムの通信経路を確立し、前記第1のノードが、前記第1のノードの識別情報を含む前記LTEプロトコルのデータを、前記第2の通信システムの前記通信経路を通じて、前記第2のノードに送信し、前記第2のノードが、前記第1の通信システムにおいて、外部ネットワークとの接続を確保するコアネットワークに前記LTEプロトコルのデータを送信し、前記コアネットワークと前記外部ネットワークとを中継する中継装置が、前記LTEプロトコルのデータ中の前記識別情報に基づき、前記外部ネットワーク中の当該識別情報に対応した特定のネットワーク経路に前記LTEプロトコルのデータを転送する。 The communication method according to the present invention is a communication method using a first communication system and a second communication system different from the first communication system, and the first communication system communicates LTE protocol data. The communication system of the second communication system, wherein the agent application of the first node and the agent application of the second node cooperate to perform authentication and enable transmission of LTE protocol data. A path is established, and the first node transmits the LTE protocol data including the identification information of the first node to the second node through the communication path of the second communication system, A core network in which the second node secures connection with an external network in the first communication system. The relay device that transmits the LTE protocol data and relays between the core network and the external network, based on the identification information in the LTE protocol data, specifies corresponding to the identification information in the external network The LTE protocol data is transferred to the network path.
 また、本発明の通信方法は、第1の通信システムのコアネットワークと外部ネットワークとを中継する中継装置が実施する通信方法であって、前記第1の通信システムがLTEプロトコルのデータを通信対象としたLTE通信システムであり、前記LTE通信システムにおけるデータを送信する第1のノードと、第2のノードとが、前記第1の通信システムとは異なる第2の通信システムを利用した通信経路により接続され、前記中継装置は、 前記第1のノードから前記第2の通信システムを利用した通信経路上を前記第2のノードを経て伝送されてきた前記LTEプロトコルのデータを受信し、前記LTEプロトコルのデータ中の前記第1のノードを識別する識別情報に基づき、前記外部ネットワーク中の当該識別情報に対応した特定のネットワーク経路に前記LTEプロトコルのデータを転送する。 The communication method of the present invention is a communication method implemented by a relay device that relays between the core network and the external network of the first communication system, wherein the first communication system treats LTE protocol data as a communication target. An LTE communication system, wherein a first node for transmitting data in the LTE communication system and a second node are connected by a communication path using a second communication system different from the first communication system The relay device receives the LTE protocol data transmitted from the first node via the second node on the communication path using the second communication system, and receives the LTE protocol data. Based on the identification information for identifying the first node in the data, the specification corresponding to the identification information in the external network Transferring data of the LTE protocol network path.
 また、本発明の中継装置は、第1の通信システムのコアネットワークと外部ネットワークとを中継する中継装置であって、前記第1の通信システムがLTEプロトコルのデータを通信対象としたLTE通信システムであり、前記LTE通信システムにおけるデータを送信する第1のノードと、第2のノードとが、前記第1の通信システムとは異なる第2の通信システムを利用した通信経路により接続され、前記中継装置は、前記第1のノードから前記第2の通信システムを利用した通信経路上を前記第2のノードを経て伝送されてきた前記LTEプロトコルのデータを受信し、前記LTEプロトコルのデータ中の前記第1のノードを識別する識別情報に基づき、前記外部ネットワーク中の当該識別情報に対応した特定のネットワーク経路に前記LTEプロトコルのデータを転送する。 The relay device of the present invention is a relay device that relays between a core network and an external network of a first communication system, and the first communication system is an LTE communication system that targets LTE protocol data. A first node transmitting data in the LTE communication system and a second node are connected by a communication path using a second communication system different from the first communication system, and the relay device Receives the LTE protocol data transmitted from the first node via the second node on the communication path using the second communication system, and receives the first data in the LTE protocol data. Based on the identification information for identifying one node, a specific network route corresponding to the identification information in the external network To transfer the data of the serial LTE protocol.
 本発明によれば、既に実現されているLTEの長所を活用しつつ、端末等、あらゆるモノからの情報を円滑に外部ネットワークへ送信することが可能となる。膨大な量のデータを安価に取得することが可能となり、あらゆる産業分野においてより有効なデータの活用が期待される。 According to the present invention, it is possible to smoothly transmit information from any object such as a terminal to an external network while utilizing the advantages of LTE that have already been realized. An enormous amount of data can be obtained at low cost, and more effective use of data is expected in all industrial fields.
図1は、本発明の通信方法の一実施形態を実施するネットワークシステムの概要図である。FIG. 1 is a schematic diagram of a network system that implements an embodiment of a communication method of the present invention. 図2は、第2の通信システムが端末およびアクセスポイントの間の通信経路を確立する状況を示す概念図であり、図2(a1)、(a2)は、制御平面プロトコルスタックを示した論理的ソフトウェア図を示し、図2(b1)、(b2)は、ユーザ平面プロトコルスタックを示した論理的ソフトウェア図を示す。FIG. 2 is a conceptual diagram illustrating a situation in which the second communication system establishes a communication path between a terminal and an access point, and FIGS. 2A1 and 2A2 are logical views illustrating a control plane protocol stack. A software diagram is shown, and FIGS. 2B1 and 2B2 are logical software diagrams showing a user plane protocol stack. 図3は、EPCネットワークの概要を示すブロック図である。FIG. 3 is a block diagram showing an outline of the EPC network. 図4は、端末のアタッチからデタッチまでの工程の概略を示す概念図である。FIG. 4 is a conceptual diagram showing an outline of the process from terminal attachment to detachment. 図5は、端末のアタッチおよびベアラ設定処理のシーケンス図である。FIG. 5 is a sequence diagram of terminal attachment and bearer setting processing. 図6は、中継ユニットの概要を示すブロック図である。FIG. 6 is a block diagram showing an outline of the relay unit. 図7は、中継ユニットの中継装置がパケットデータを転送する状況を示す概念図である。FIG. 7 is a conceptual diagram showing a situation in which the relay device of the relay unit transfers packet data. 図8は、中継ユニットの他の実施形態の概要を示すブロック図である。FIG. 8 is a block diagram showing an outline of another embodiment of the relay unit. 図9(a)は、三つの端末間の到達性を示す概念図であり、図9(b)は、各グループに付与されたグループ番号と、当該グループに所属する端末(端末の識別情報)の関係を示すテーブルであり、図9(c)は、各端末に付与された識別情報と、当該識別情報に対応するIPアドレスを示すテーブルである。FIG. 9A is a conceptual diagram showing reachability between three terminals, and FIG. 9B shows a group number assigned to each group and terminals belonging to the group (terminal identification information). FIG. 9C is a table showing the identification information given to each terminal and the IP address corresponding to the identification information. 図10は、他の実施形態の中継装置を用いた通信方法の手順を示すシーケンス図である。FIG. 10 is a sequence diagram illustrating a procedure of a communication method using the relay device according to another embodiment. 図11は、他の実施形態の中継装置が、特定のグループに所属する端末間の通信においてパケットデータを転送する状況を示す概念図である。FIG. 11 is a conceptual diagram illustrating a situation in which the relay device according to another embodiment transfers packet data in communication between terminals belonging to a specific group. 図12(a)は、二つの端末及び一つの下位概念のグループ間の到達性を示す概念図であり、図12(b)は、各グループに付与されたグループ番号と、当該グループに所属する端末またはグループ(端末またはグループの識別情報)の関係を示すテーブルであり、図12(c)は、各端末に付与された識別情報と、当該識別情報に対応するIPアドレスを示すテーブルである。FIG. 12A is a conceptual diagram showing reachability between two terminals and a group of one subordinate concept, and FIG. 12B is a group number assigned to each group and belongs to the group. FIG. 12C is a table showing the relationship between terminals or groups (terminal or group identification information), and FIG. 12C shows the identification information assigned to each terminal and the IP address corresponding to the identification information. 図13は、更に他の実施形態の中継装置を用いた通信方法の手順を示すシーケンス図である。FIG. 13 is a sequence diagram illustrating a procedure of a communication method using a relay device according to still another embodiment.
 以下、図面を用いて、本発明に係る通信方法の具体的な実施の形態について詳述する。 Hereinafter, specific embodiments of the communication method according to the present invention will be described in detail with reference to the drawings.
 図1は、本発明の通信方法が適用されるネットワークシステム500の概要図である。図示したネットワークシステム500はあくまで一実施形態であり、本発明が適用されるネットワークシステムはこのような形態に限定されるものではない。 FIG. 1 is a schematic diagram of a network system 500 to which the communication method of the present invention is applied. The illustrated network system 500 is merely an embodiment, and the network system to which the present invention is applied is not limited to such a form.
 ネットワークシステム500に適用される実施形態の通信方法は、第1の通信システム100と、第1の通信システム100とは異なる第2の通信システム200を利用するものである。ここで、第1の通信システム100は、通信プロトコルとしてLTEプロトコルのデータ(具体的にはパケットデータ)を通信対象としたLTE通信システムである。LTEは、3GPP(Third Generation Partnership Project)により制定された、第3世代移動体通信規格(3G)を更に高速化させたものであり、3.9Gまたは4Gと呼ばれる。 The communication method of the embodiment applied to the network system 500 uses the first communication system 100 and the second communication system 200 different from the first communication system 100. Here, the first communication system 100 is an LTE communication system that uses LTE protocol data (specifically, packet data) as a communication protocol. LTE is a further increase in the speed of the third generation mobile communication standard (3G) established by 3GPP (Third Generation Partnership Project) and is called 3.9G or 4G.
 ネットワークシステム500は、第1の通信システム100、第2の通信システム200に加えて、第1の通信システム100に接続される外部ネットワーク300をも含む。本実施形態では、第1の通信システム100と外部ネットワーク300は、EPC(Evolved Packet Core)ネットワーク20と、中継装置(スイッチング装置)30を介して接続されている。EPCネットワーク20は、第1の通信システム100の一部であって、第1の通信システム100であるLTE通信システムのコアネットワークである。中継装置30は、パケットデータを送信するネットワーク経路を切り替える役割を果たす。EPCネットワーク20、中継装置30の詳細は後述する。 The network system 500 includes an external network 300 connected to the first communication system 100 in addition to the first communication system 100 and the second communication system 200. In the present embodiment, the first communication system 100 and the external network 300 are connected to an EPC (Evolved Packet Core) network 20 via a relay device (switching device) 30. The EPC network 20 is a part of the first communication system 100 and is a core network of the LTE communication system that is the first communication system 100. The relay device 30 plays a role of switching a network route for transmitting packet data. Details of the EPC network 20 and the relay device 30 will be described later.
 尚、本実施形態において、物理的、機械的には、EPCネットワーク20と中継装置30が一体の中継ユニット40として形成されており、具体的には中継装置30を中心のハブとしてEPCネットワーク20の諸要素が中継装置30に接続されている(後述する図6参照)。例えば特定の事業者が、中継ユニット40を提供する場合があり得る。EPCネットワーク20の諸要素の間でデータのやり取りが行われる場合、中継装置30は単なる経路としての役割を果たすだけであり、実質的な処理は行わない。 In this embodiment, physically and mechanically, the EPC network 20 and the relay device 30 are formed as an integrated relay unit 40. Specifically, the relay device 30 serves as a central hub, and the EPC network 20 Various elements are connected to the relay device 30 (see FIG. 6 described later). For example, a specific business operator may provide the relay unit 40. When data is exchanged between the elements of the EPC network 20, the relay device 30 serves only as a path and does not perform substantial processing.
 第2の通信システム200は、第1のノードである端末(LTEの場合はUE;User Equipment)10および第2のノードであるアクセスポイント(AP;Access Point)15の間の通信経路を確立する役割を果たす。第2の通信システム200が無線通信システムの場合、例えば、LTE通信システムのような免許帯域(ライセンスバンド)を用いる通信システムではなく、免許不要の周波数帯域(アンライセンスバンド)を用いるアンライセンスバンド通信システムを用いることが考えられる。アンライセンスバンド通信システムは、比較的誰もが自由に構築することが可能である。アンライセンスバンド通信システムとしては、Wi-Fiのような無線ローカルエリアネットワークが採用され得るが、その種類は特に限定されない。 The second communication system 200 establishes a communication path between a terminal (UE: User Equipment) 10 as a first node and an access point (AP; Access Point) 15 as a second node. Play a role. When the second communication system 200 is a wireless communication system, for example, an unlicensed band communication using a license-free frequency band (unlicensed band) instead of a communication system using a licensed band (licensed band) like the LTE communication system. It is conceivable to use a system. An unlicensed band communication system can be constructed by anyone relatively freely. As the unlicensed band communication system, a wireless local area network such as Wi-Fi can be adopted, but the type is not particularly limited.
 また、第2の通信システム200は、無線通信には限定されず、有線ローカルエリアネットワークのように、有線通信により実現してもよい。例えば、工場等の閉じた空間に配置された設備、機械等のごとき第1のノードを所定の有線ケーブルにより、同じく工場等に配置された第2のノードに接続した態様である。有線ローカルエリアネットワークの例としてはイーサネット(Ethernet)(登録商標)等が採用され得るが、その種類は特に限定されない。 The second communication system 200 is not limited to wireless communication, and may be realized by wired communication like a wired local area network. For example, a first node such as equipment or machine arranged in a closed space of a factory or the like is connected to a second node similarly arranged in the factory or the like by a predetermined wired cable. As an example of the wired local area network, Ethernet (registered trademark) or the like can be adopted, but the type is not particularly limited.
 本実施形態においては、第1のノードはスマートフォンの如き端末10であり、第2のノードがWi-Fiルータの如きアクセスポイント15であるが、第1のノード、第2のノードはこのような例には限定されない。第2の通信システム200が無線通信システムである場合、第1のノードとしては端末10のみならず、他の据え置き型の電子機器(家電等)であってもよいし、屋外、屋内に配置されたチップ、センサー等であってもよい。例えば、水道設備や高速道路などのインフラに配置されたセンサーは、インフラの状態を反映したデータを送信することができる。第2のノードも第1のノードから送信されるデータを反映した電波を受信可能な無線通信部を有する機器(ルーター、スイッチなど)であれば特にその種類は限定されない。 In the present embodiment, the first node is a terminal 10 such as a smartphone, and the second node is an access point 15 such as a Wi-Fi router, but the first node and the second node are such It is not limited to examples. When the second communication system 200 is a wireless communication system, the first node may be not only the terminal 10 but also other stationary electronic devices (such as home appliances), and may be disposed outdoors or indoors. It may be a chip, a sensor or the like. For example, a sensor arranged in an infrastructure such as a water supply facility or an expressway can transmit data reflecting the state of the infrastructure. The type of the second node is not particularly limited as long as it is a device (router, switch, etc.) having a wireless communication unit capable of receiving radio waves reflecting data transmitted from the first node.
 第2の通信システム200が有線通信システムである場合、第1のノードとしては、上述したように、設備、機械等やこれらの機器に設置されたチップ、センサー等であってもよい。第2のノードも第1のノードに接続された有線ケーブルを介してデータを受信可能な機器(ルーター、スイッチなど)であれば特にその種類は限定されない。 When the second communication system 200 is a wired communication system, the first node may be a facility, a machine, etc., a chip, a sensor, etc. installed in these devices as described above. The type of the second node is not particularly limited as long as it is a device (router, switch, etc.) that can receive data via a wired cable connected to the first node.
 尚、端末10は専らユーザが使用するものであるが、アクセスポイント15は中継ユニット40を提供する事業者が用意する場合もあれば、端末10のユーザが用意する場合もある。ユーザが端末10とアクセスポイント15を用意することにより、ユーザ独自のローカルな通信網を構築することができる。 Note that the terminal 10 is exclusively used by the user, but the access point 15 may be prepared by a provider that provides the relay unit 40 or may be prepared by the user of the terminal 10. When the user prepares the terminal 10 and the access point 15, the user's own local communication network can be constructed.
 中継装置30には、外部ネットワーク300が接続されており、外部ネットワーク300はPDN(Packet Data Network)と呼ばれ、第1の通信システム100、第2の通信システム200から見て外部に存在するネットワークであり、種々のネットワーク経路を含む。本実施形態では、一般的なインターネットであるネットワーク経路301、クラウドサービスネットワークであるネットワーク経路302、プライベートネットワークであるネットワーク経路303を含む。ネットワーク経路301はインターネット上のサーバーやパーソナルコンピュータ等のコンピュータ装置401、ネットワーク経路302はクラウドコンピューティングサービスを行うクラウドサーバー402、ネットワーク経路303は、企業内サーバーの様なプライベートサーバー403にそれぞれ接続されている。 An external network 300 is connected to the relay device 30, and the external network 300 is called a PDN (Packet Data Network), and is a network existing outside as viewed from the first communication system 100 and the second communication system 200. Including various network paths. In this embodiment, a network path 301 that is a general Internet, a network path 302 that is a cloud service network, and a network path 303 that is a private network are included. A network path 301 is connected to a computer device 401 such as a server or personal computer on the Internet, a network path 302 is connected to a cloud server 402 that performs a cloud computing service, and a network path 303 is connected to a private server 403 such as an in-house server. Yes.
 図2は、第2の通信システム200が第1のノードである端末(UE)10および第2のノードであるアクセスポイント15の間の通信経路を確立する状況を示す概念図である。この図は、特許文献1が開示しているWi-Fiアクセスポイントの如きアクセスポイント15をLTE基地局のように動作させる、いわゆる「LTE over Wi-Fi」の技術を示し、その具体的内容は、特許文献1の特表2016-507993号公報に説明されている。本技術は、Wi-Fiの如きアンライセンスバンド通信システム、無線LANによる物理的な無線通信経路の上に、LTEのプロトコルによる通信を仮想的に動作させることが可能であり、手軽かつセキュアな通信環境を実現することができる。 FIG. 2 is a conceptual diagram showing a situation in which the second communication system 200 establishes a communication path between a terminal (UE) 10 as a first node and an access point 15 as a second node. This figure shows a so-called “LTE over Wi-Fi” technology that operates an access point 15 such as a Wi-Fi access point disclosed in Patent Document 1 like an LTE base station, and its specific contents are as follows. Japanese Patent Application Publication No. 2016-507993 of Patent Document 1. This technology is capable of virtually operating communication using the LTE protocol on an unlicensed band communication system such as Wi-Fi and a physical wireless communication path using a wireless LAN. An environment can be realized.
 図2(a1)は、一般的なLTE通信システムにおける端末(UE)およびLTE基地局(eNodeBと呼ばれる)の間で動作する制御平面(Cプレーン;Control Plane)プロトコルスタックを示した論理的ソフトウェア図を示す。図中の「リレー」は中継する概念を示している。 FIG. 2 (a1) is a logical software diagram showing a control plane (C-plane) protocol stack that operates between a terminal (UE) and an LTE base station (referred to as eNodeB) in a general LTE communication system. Indicates. “Relay” in the figure indicates the concept of relaying.
 そして、第2の通信システム200がWi-Fiである本実施形態では、図2(a2)に示すように、第2の通信システム200はRLC副層の下で動作する。そして、本例では、端末10およびアクセスポイント15の各々に、Wi-Fiの通信経路を認証および確立するとともに、LTE通信システムの通信経路を認証および確立するための「エージェントアプリケーション」(エージェント)が予めインストールされている。 In the present embodiment in which the second communication system 200 is Wi-Fi, as shown in FIG. 2 (a2), the second communication system 200 operates under the RLC sublayer. In this example, each of the terminal 10 and the access point 15 has an “agent application” (agent) for authenticating and establishing a Wi-Fi communication path and authenticating and establishing a communication path of the LTE communication system. Pre-installed.
 「エージェントアプリケーション」は、例えば中継装置30を運営する事業者や、アクセスポイント15を設置する事業者、端末10のユーザ等が、端末10およびアクセスポイント15にインストールするアプリケーションソフトウェアである。本実施形態では、エージェントアプリケーションが端末10およびアクセスポイント15の各々にインストールされることにより、Wi-FiおよびLTE通信システムという互いに異なる通信システムの通信経路の認証および確立が可能となる。 “Agent application” is application software installed on the terminal 10 and the access point 15 by, for example, a company operating the relay device 30, a company installing the access point 15, a user of the terminal 10, and the like. In the present embodiment, the agent application is installed in each of the terminal 10 and the access point 15, thereby enabling authentication and establishment of communication paths of different communication systems such as the Wi-Fi and LTE communication systems.
 図2(a2)に示すようにプロトコルスタックの観点からは、第2の通信システム(Wi-Fi)200は、第1の通信システムであるLTE通信システムにおけるMAC副層およびL1層(PHY層)を、バッファおよびMUX/DeMUXアセンブリ1002、1004、Wi-Fiパイプ(Wi-Fi PIPE)1006、VPHY(仮想化PHY)1008、端末側のMAC副層として仮想的に動作するUE-MAC1010、アクセスポイント側のMAC副層として仮想的に動作するAP-MAC1012で置換する。 As shown in FIG. 2 (a2), from the viewpoint of the protocol stack, the second communication system (Wi-Fi) 200 includes a MAC sublayer and an L1 layer (PHY layer) in the LTE communication system that is the first communication system. , Buffer and MUX / DeMUX assemblies 1002, 1004, Wi-Fi pipe (Wi-Fi PIPE) 1006, VPHY (virtualized PHY) 1008, UE-MAC 1010 that virtually operates as a MAC sublayer on the terminal side, access point It is replaced with AP-MAC 1012 that virtually operates as the MAC sublayer on the side.
 すなわち、端末10のエージェントアプリケーションと、アクセスポイント15のエージェントアプリケーションが協働して、第1の通信システム100であるLTE通信システムとは別に、端末10およびアクセスポイント15の間の、Wi-Fiの無線通信経路を認証し、確立する。さらに端末10のエージェントアプリケーションと、アクセスポイント15のエージェントアプリケーションが協働してLTE通信システム(第1の通信システム100)を認証し、確立する。 That is, the agent application of the terminal 10 and the agent application of the access point 15 cooperate to establish Wi-Fi between the terminal 10 and the access point 15 separately from the LTE communication system that is the first communication system 100. Authenticate and establish a wireless communication path. Further, the agent application of the terminal 10 and the agent application of the access point 15 cooperate to authenticate and establish the LTE communication system (first communication system 100).
 このWi-Fiの無線通信経路の認証、確立により、Wi-Fiの無線通信経路上で、LTEプロトコルのデータの制御信号の通信経路が仮想的に確立されることになる。認証が確立されると、後述する図2(b2)の手順にて、端末10が、後述する端末10の識別情報(例えば電話番号など)を含むLTEプロトコルのデータ(パケットデータ)を、第2の通信システム200の通信経路を通じて、アクセスポイント15に送信開始する。 By authenticating and establishing the Wi-Fi wireless communication path, a communication path for LTE protocol data control signals is virtually established on the Wi-Fi wireless communication path. When the authentication is established, the terminal 10 converts the LTE protocol data (packet data) including the identification information (for example, telephone number) of the terminal 10 described later into the second in the procedure of FIG. Transmission to the access point 15 is started through the communication path of the communication system 200.
 図2(b1)は、一般的なLTE通信システムにおける端末(UE)およびLTE基地局(eNodeB)の間で動作するユーザ平面(Uプレーン; User Plane)プロトコルスタックを示した論理的ソフトウェア図を示す。 FIG. 2 (b1) is a logical software diagram showing a user plane (U-plane; User Plane) protocol stack operating between a terminal (UE) and an LTE base station (eNodeB) in a general LTE communication system. .
 本実施形態では、図2(a2)の無線通信経路を確立した後、端末10のエージェントアプリケーションが、アクセスポイント15に接続を試み、この接続に対応してアクセスポイント15のエージェントアプリケーションが認証情報を端末10のエージェントアプリケーションに対して送信し、このような認証情報のやり取り後、図2(b2)に示すように、LTEプロトコルのデータの送受信が開始する。 In this embodiment, after establishing the wireless communication path of FIG. 2 (a2), the agent application of the terminal 10 tries to connect to the access point 15, and the agent application of the access point 15 receives authentication information corresponding to this connection. After transmitting the authentication information to the agent application of the terminal 10 and exchanging such authentication information, transmission / reception of LTE protocol data starts as shown in FIG.
 図2(a2)、(b2)に示す構成に従い、第2の通信システム(本例ではWi-Fi)200が、端末10およびアクセスポイント15の間の通信経路を確立しても、上位層(例えばRLC副層、PDCP副層、RRC層など)は既存の手順に従いつつ、仮想的なLTE通信システムの実現で処理される。すなわち、物理的なWi-Fi(第2の通信システム200)の通信経路の上に、仮想的なLTE通信システム(第1の通信システム100)の通信経路が確立され、通過するデータはあくまでLTEプロトコルのデータ(パケットデータ)であるため、秘匿性を確保したデータの送信を実現することができる。 Even if the second communication system (Wi-Fi in this example) 200 establishes a communication path between the terminal 10 and the access point 15 according to the configuration shown in FIGS. 2 (a2) and (b2), the upper layer ( For example, the RLC sublayer, PDCP sublayer, RRC layer, etc.) are processed in the realization of a virtual LTE communication system while following existing procedures. That is, the communication path of the virtual LTE communication system (first communication system 100) is established on the communication path of the physical Wi-Fi (second communication system 200), and data passing through the communication path is only LTE. Since it is protocol data (packet data), it is possible to realize transmission of data ensuring confidentiality.
 上述した技術によれば、Wi-Fiの如き無線LANによる無線通信経路上において、LTEプロトコルによる秘匿性を確保したデータ送信を実現することができる。もちろん上述の方法は特許文献1の技術を応用した一実施形態であり、無線通信経路はWi-Fiによるものには限定されない。有線通信を利用する場合は、無線通信経路を確立するのではなく、有線の通信経路を利用してLTEプロトコルによる秘匿性を確保したデータ送信を行うこととなる。 According to the above-described technique, it is possible to realize data transmission that secures secrecy by the LTE protocol on a wireless communication path using a wireless LAN such as Wi-Fi. Of course, the above-described method is an embodiment to which the technology of Patent Document 1 is applied, and the wireless communication path is not limited to that using Wi-Fi. When using wired communication, instead of establishing a wireless communication path, data transmission that secures secrecy by the LTE protocol is performed using a wired communication path.
 図3は、コアネットワークであるEPCネットワーク20の概要を示すブロック図である。EPCネットワーク20は、3GPPのRelease8で標準化されたコアネットワークであり、LTEと同時期に制定され多様な無線アクセスを収容することができる。図1、図2および図3の矢印Aで示すように、アクセスポイント15(ここでは仮想的なLTE基地局)が端末(ここでは仮想的なUE)10から送信されたパケットデータを受信し、EPCネットワーク20に送信する。EPCネットワーク20は、端末10と中継装置30、さらには外部ネットワーク300との接続を確保する機能を果たす。この接続が確立されると、矢印Bで示すように、端末10からアクセスポイント15を経由して送信されたパケットデータが、中継装置30、さらには外部ネットワーク300に送信可能となる。 FIG. 3 is a block diagram showing an outline of the EPC network 20 that is a core network. The EPC network 20 is a core network standardized by Release 8 of 3GPP, and is established at the same time as LTE and can accommodate various wireless accesses. As shown by arrow A in FIGS. 1, 2, and 3, the access point 15 (here, a virtual LTE base station) receives packet data transmitted from a terminal (here, a virtual UE) 10, Transmit to the EPC network 20. The EPC network 20 fulfills the function of ensuring the connection between the terminal 10 and the relay device 30 and further the external network 300. When this connection is established, as indicated by an arrow B, packet data transmitted from the terminal 10 via the access point 15 can be transmitted to the relay device 30 and further to the external network 300.
 本実施形態では、EPCネットワーク20は、MME(Mobility Management Entity)21と、HSS(Home Subscriber Server)22と、PCRF(Policy and Charging Rules Function)26と、AAAサーバー(トリプルエーサーバー)27と、を含んでいる。ただし、EPCネットワーク20はこのような構成には限定されず、他の付随的な要素を含むことができる。 In this embodiment, the EPC network 20 includes an MME (Mobility Management Entity) 21, an HSS (Home Subscriber Server) 22, a PCRF (Policy and Charging Rules Rules) 26, and an AAA server (Triple A Server) 27. Contains. However, the EPC network 20 is not limited to such a configuration, and may include other incidental elements.
 MME21はアクセスポイント15を収容し、移動制御などを提供する論理ノードであって、位置登録、ページング、ハンドオーバー等の移動制御を行う。HSS22は、LTEにおける加入者管理データベースあって、加入者の契約情報、認証情報、位置情報等の管理を行う。MME21は、HSS22から通知される認証情報に基づき、ユーザ認証を実施する。S-GW23は3GPPアクセスシステムを収容し、データを伝送するパケットゲートウェイである。P-GW24は外部ネットワーク(PDN)との接続点でIPアドレスの割り当てや、パケット転送等を行うゲートウェイである。PCRF26は、ユーザデータ転送のQoS(Quality of Service;パケットの優先転送等、通信の品質の制御)及び課金の為の制御を行う論理ノードである。PCRF26が決定したQoS値はP-GW24、S-GW23、アクセスポイント15に通知され、各ノードは通知されたQoS値に従って、ユーザデータパケットに対してQoS制御を実施する。AAA27は、専らベアラ(データの伝送経路)の確立を行う。 The MME 21 is a logical node that accommodates the access point 15 and provides mobility control, and performs mobility control such as location registration, paging, and handover. The HSS 22 is a subscriber management database in LTE, and manages subscriber contract information, authentication information, location information, and the like. The MME 21 performs user authentication based on the authentication information notified from the HSS 22. The S-GW 23 is a packet gateway that accommodates the 3GPP access system and transmits data. The P-GW 24 is a gateway that performs IP address assignment, packet transfer, and the like at a connection point with an external network (PDN). The PCRF 26 is a logical node that performs QoS for user data transfer (Quality of Service; control of communication quality such as packet priority transfer) and charging. The QoS value determined by the PCRF 26 is notified to the P-GW 24, S-GW 23, and access point 15, and each node performs QoS control on the user data packet according to the notified QoS value. The AAA 27 exclusively establishes a bearer (data transmission path).
 尚、先述した通り、本実施形態において、物理的、機械的には、EPCネットワーク20と中継装置30が一体の中継ユニット40として形成されており、具体的には中継装置30を中心のハブとして、MME21と、HSS22と、PCRF26とが接続されている。ただし、本図では中継装置30が省略されており、矢印Bの先に中継装置があり、データが送られる。 As described above, in the present embodiment, the EPC network 20 and the relay device 30 are physically and mechanically formed as an integrated relay unit 40, and specifically, the relay device 30 is a central hub. , MME21, HSS22, and PCRF26 are connected. However, in this figure, the relay device 30 is omitted, and there is a relay device ahead of the arrow B, and data is sent.
 図4は、第1のノードである端末(UE)10のアタッチからデタッチまでの工程の概略を示す概念図である。アタッチとは、端末10の電源オン時に実施される端末10をネットワークに登録する処理であり、デタッチとは、端末10の電源オフ時に実施される端末10をネットワークから分離する処理である。まず、端末10の電源オンと同時にベアラ設定および端末10へのIPアドレスの付与が実施され、通信が開始可能な状態となる(アタッチ)。ここでアクセスポイントからEPCネットワーク20内のS-GW23及びS-GW23とP-GW24との間の常時ベアラは、電源オン時は常に設定されている。その後、端末10の電源オフと同時にベアラが切断される(デタッチ)。尚、上述した通りこの例では、端末10がLTE通信システムにおける仮想的なUEに相当し、アクセスポイント15がLTE通信システムにおける仮想的なLTE基地局(仮想的なeNodeB)に相当する。 FIG. 4 is a conceptual diagram showing an outline of steps from attachment to detachment of the terminal (UE) 10 as the first node. Attach is a process for registering the terminal 10 in the network, which is performed when the terminal 10 is powered on, and detach is a process for separating the terminal 10 from the network, which is performed when the terminal 10 is powered off. First, at the same time when the terminal 10 is turned on, bearer setting and assignment of an IP address to the terminal 10 are performed, and communication can be started (attached). Here, the constant bearer between the access point and the S-GW 23 in the EPC network 20 and between the S-GW 23 and the P-GW 24 is always set when the power is turned on. Thereafter, the bearer is disconnected (detached) simultaneously with the power-off of the terminal 10. As described above, in this example, the terminal 10 corresponds to a virtual UE in the LTE communication system, and the access point 15 corresponds to a virtual LTE base station (virtual eNodeB) in the LTE communication system.
 図5は、第1のノードである端末(UE)10のアタッチおよびベアラ設定処理のシーケンス図である。第1のノードである端末10は、第2のノードであるアクセスポイント15を介してアタッチ要求をMME21へ送信する(ステップ1)。MME21は、HSS22から取得した認証情報を基にユーザ認証を行い、AAA27が、HSS22からベアラ設定に必要な契約情報を取得し管理する(ステップ2~4)。 FIG. 5 is a sequence diagram of the attach and bearer setting process of the terminal (UE) 10 which is the first node. The terminal 10 that is the first node transmits an attach request to the MME 21 via the access point 15 that is the second node (step 1). The MME 21 performs user authentication based on the authentication information acquired from the HSS 22, and the AAA 27 acquires and manages contract information necessary for bearer setting from the HSS 22 (steps 2 to 4).
 MME21は、端末10が通知したAPN(Access Point Name)を基に、DNS(Domain Name System)によりベアラ設定の先のS-GW23、P-GW24を選択し、選択したS-GW23に対してベアラ設定要求信号を送信する(ステップ5)。S-GW23は、ベアラ設定要求信号に設定されたP-GW24に対して、ベアラ設定処理を実施する(ステップ6)。P-GW24はPCRF26と連携し、適用すべき課金情報を取得し、さらに中継装置30、外部ネットワーク(PDN)300への接続処理を実施する。S-GW23とP-GW24の間のベアラ設定が完了すると、S-GW23は、アクセスポイント15向けの伝達情報をMME21へ通知する(ステップ7)。 Based on the APN (Access Point Name) notified by the terminal 10, the MME 21 selects the S-GW 23 and P-GW 24 to which bearers are set by DNS (Domain Name System), and sets the bearer for the selected S-GW 23. A setting request signal is transmitted (step 5). The S-GW 23 performs bearer setting processing on the P-GW 24 set in the bearer setting request signal (step 6). The P-GW 24 cooperates with the PCRF 26 to acquire charging information to be applied, and further performs connection processing to the relay device 30 and the external network (PDN) 300. When the bearer setting between the S-GW 23 and the P-GW 24 is completed, the S-GW 23 notifies the transmission information for the access point 15 to the MME 21 (step 7).
 MME21は、S-GW23から受信した伝達情報をアクセスポイント15へ無線ベアラ設定要求として通知する。本設定要求には、端末10へのアタッチ受入れ信号も含まれる。アクセスポイント15は、端末10との間で無線ベアラを確立すると同時に、アタッチ受入れ信号を端末10へ送信する(ステップ8)。また、端末10より無線ベアラ設定応答信号を受信し、S-GW23向けの伝達情報をMME21へ通知する(ステップ9)。 The MME 21 notifies the transmission information received from the S-GW 23 to the access point 15 as a radio bearer setting request. This setting request includes an attach acceptance signal to the terminal 10. The access point 15 establishes a radio bearer with the terminal 10 and simultaneously transmits an attach acceptance signal to the terminal 10 (step 8). In addition, a radio bearer setting response signal is received from the terminal 10, and transmission information for the S-GW 23 is notified to the MME 21 (step 9).
 MME21は、端末10よりアタッチ完了信号を受信すると(ステップ10)、アクセスポイント15から受信したベアラ更新要求をS-GW23へ通知する(ステップ11)。S-GW23は、受信した情報を基に、アクセスポイント15とS-GW23との間のベアラ更新を完了する(ステップ12)。S-GW23は、ベアラ更新応答をMME21に送信する(ステップ13)。以上の手順により、端末10~アクセスポイント15~S-GW23~P-GW24間のベアラ設定が完了する。尚、本実施形態では、端末10からのデータは、Wi-Fiの如き第2の通信システムの通信経路を介して送られてくるが、端末10はLTE通信システムにおける仮想的なUEとして機能し、アクセスポイント15はLTE通信システムにおける仮想的なLTE基地局(仮想的なeNodeB)として機能している。そして、送信対象はLTEプロトコルのデータ(パケットデータ)であるため、図4、図5の処理は、通常のLTE通信システムの処理と同じである。 When the MME 21 receives the attach completion signal from the terminal 10 (Step 10), it notifies the S-GW 23 of the bearer update request received from the access point 15 (Step 11). The S-GW 23 completes the bearer update between the access point 15 and the S-GW 23 based on the received information (step 12). The S-GW 23 transmits a bearer update response to the MME 21 (step 13). With the above procedure, bearer setting between the terminal 10 to the access point 15 to the S-GW 23 to the P-GW 24 is completed. In this embodiment, data from the terminal 10 is sent via the communication path of the second communication system such as Wi-Fi, but the terminal 10 functions as a virtual UE in the LTE communication system. The access point 15 functions as a virtual LTE base station (virtual eNodeB) in the LTE communication system. Since the transmission target is LTE protocol data (packet data), the processes of FIGS. 4 and 5 are the same as the processes of a normal LTE communication system.
 図6は、EPCネットワーク20および中継装置30を含む中継ユニット40の概要を示すブロック図である。先述した通り、本実施形態においては、物理的、機械的に、EPCネットワーク20と中継装置30が一体の中継ユニット40として形成されており、具体的には中継装置30を中心のハブとして、MME21と、HSS22と、S-GW23と、P-GW24と、PCRF26と、AAA27が接続されている。EPCネットワーク20の諸要素の間(例えばMME21とS-GW23の間)でデータのやり取りが行われる場合、中継装置30は単なる経路としての役割を果たすだけであり、実質的な処理は行わない。尚、図6において、実線の接続は制御信号およびユーザデータの経路、破線の接続は制御信号の経路を意味する。 FIG. 6 is a block diagram showing an outline of the relay unit 40 including the EPC network 20 and the relay device 30. As described above, in this embodiment, the EPC network 20 and the relay device 30 are physically and mechanically formed as an integrated relay unit 40. Specifically, the MME 21 is configured with the relay device 30 as a central hub. The HSS 22, the S-GW 23, the P-GW 24, the PCRF 26, and the AAA 27 are connected. When data is exchanged between the elements of the EPC network 20 (for example, between the MME 21 and the S-GW 23), the relay device 30 serves only as a path and does not perform substantial processing. In FIG. 6, a solid line connection means a control signal and user data path, and a broken line connection means a control signal path.
 中継装置30(中継ユニット40)は、第2のノードであるアクセスポイント15に接続ノード(ゲートウェイ)31A、31Bを介して接続されるとともに、図示せぬ接続ノートを介して、外部ネットワーク300に接続されている。 The relay device 30 (relay unit 40) is connected to the access point 15 as the second node via connection nodes (gateways) 31A and 31B, and also connected to the external network 300 via a connection note (not shown). Has been.
 本実施形態では、中継装置30として2台の第1の中継装置30A、第2の中継装置30Bが用意され、MME21、HSS22、S-GW23、P-GW24、PCRF26、AAA27それぞれについても2台の第1のMME21A、第2のMME21B、第1のHSS22A、第2のHSS22B、第1のS-GW23A、第2のS-GW23B、第1のP-GW24A、第2のP-GW24B、第1のPCRF26A、第2のPCRF26B、第1のAAA27A、第2のAAA27Bが用意されている。中継装置30およびEPCネットワーク20の各要素が2台ずつ設けられており(デュアル形式)、各要素にて並列した処理が可能であり、処理能力が向上している。尚、中継装置30の「1」、「2」の数字は、それぞれ「第1の・・・(MME21B等)」、「第2の・・・(MME21A等)」との接続のための接続ポートである。 In the present embodiment, two first relay devices 30A and second relay devices 30B are prepared as the relay device 30, and two MME21, HSS22, S-GW23, P-GW24, PCRF26, and AAA27 are also provided. First MME 21A, second MME 21B, first HSS 22A, second HSS 22B, first S-GW 23A, second S-GW 23B, first P-GW 24A, second P-GW 24B, first PCRF26A, second PCRF26B, first AAA27A, and second AAA27B are prepared. Two elements of the relay device 30 and the EPC network 20 are provided (dual type), and parallel processing is possible in each element, and the processing capability is improved. The numbers “1” and “2” of the relay device 30 are connections for connection with “first ... (MME 21B etc.)” and “second ... (MME 21A etc.)”, respectively. Port.
 図7は、EPCネットワーク20と外部ネットワーク300とを中継する中継装置30がパケットデータ(LTEプロトコルのデータ)P1、P2、P3を転送する状況を示す概念図である。中継装置30は、パケットデータP1、P2、P3中の識別情報に基づき、外部ネットワーク300中の識別情報に対応した特定のネットワーク経路301~303に当該パケットデータを転送する。 FIG. 7 is a conceptual diagram showing a situation in which the relay device 30 that relays between the EPC network 20 and the external network 300 transfers packet data (LTE protocol data) P1, P2, and P3. The relay device 30 transfers the packet data to specific network paths 301 to 303 corresponding to the identification information in the external network 300 based on the identification information in the packet data P1, P2, and P3.
 識別情報は、第1のノードを個別に識別し特定するための情報であり、種々のものが適用可能である。識別情報は、例えば第1のノードである端末10に着脱可能に搭載されるメモリカード、例えばSIM(Subscriber Identity Module)カード、USIM(Universal Subscriber Identity Module)カードや、端末10内部に固定されたメモリに記憶されることで実現される仮想SIM等に記憶される。また、第1のノードがセンサーやチップである場合は、識別情報はその内部メモリに記憶される。 The identification information is information for individually identifying and specifying the first node, and various types of information can be applied. The identification information is, for example, a memory card that is detachably mounted on the terminal 10 that is the first node, such as a SIM (Subscriber Identity Module) card, a USIM (Universal Subscriber Identity Module) card, or a memory that is fixed inside the terminal 10. Is stored in a virtual SIM or the like realized by being stored in If the first node is a sensor or a chip, the identification information is stored in its internal memory.
 図6に示す中継ユニット40の場合、端末10のパケットデータP1、P2、P3を第2のノードであるアクセスポイント15が受信し、このパケットデータがEPCネットワーク20の接続ノード31A、31Bを通過し、P-GW24が受信する。ここで、P-GW24は、ベアラの確立時にAAA27に対し、パケットデータに関する問い合わせを行い、AAA27が、P-GW24が受信した各パケットデータ中の識別情報を確認する。 In the relay unit 40 shown in FIG. 6, the packet data P1, P2, and P3 of the terminal 10 are received by the access point 15 as the second node, and the packet data passes through the connection nodes 31A and 31B of the EPC network 20. , P-GW 24 receives. Here, the P-GW 24 makes an inquiry about the packet data to the AAA 27 when the bearer is established, and the AAA 27 confirms the identification information in each packet data received by the P-GW 24.
 AAA27は、下記表1に示したような各端末10A、10B、10Cの電話番号と、転送先のIPアドレスが対応付けられた対応表を予め有している。例えば、パケットデータP1を送信する端末10Aの電話番号「aaa-bbb-cccc」に対し、「XXX.XXX.XXX.XXX」のIPアドレスが対応付けられている。また、パケットデータP2を送信する端末10Bの電話番号「ddd-eee-ffff」に対し、「YYY.YYY.YYY.YYY」のIPアドレスが対応付けられている。また、パケットデータP3を送信する端末10C電話番号「ggg-hhh-iiii」に対し、「ZZZ.ZZZ.ZZZ.ZZZ」のIPアドレスが対応付けられている。各端末の電話番号は、端末を識別する識別情報であるが、電話番号に対応付けられるIPアドレスも端末を識別する識別情報の役割を果たしている。 The AAA 27 has in advance a correspondence table in which the telephone numbers of the terminals 10A, 10B, and 10C as shown in Table 1 below are associated with the IP addresses of the transfer destinations. For example, the IP address “XXX.XXX.XXX.XXX” is associated with the telephone number “aaa-bbb-cccc” of the terminal 10A that transmits the packet data P1. Further, the IP address “YYY.YYY.YYY.YYY” is associated with the telephone number “ddd-eeee-ffff” of the terminal 10B that transmits the packet data P2. Further, the IP address “ZZZ.ZZZ.ZZZ.ZZZ” is associated with the terminal 10C telephone number “ggg-hhh-iii” that transmits the packet data P3. The telephone number of each terminal is identification information for identifying the terminal, but the IP address associated with the telephone number also serves as identification information for identifying the terminal.
Figure JPOXMLDOC01-appb-T000001
Figure JPOXMLDOC01-appb-T000001
 この対応表に従って、AAA27は、各端末10A、10B、10Cから受信したパケットデータP1、P2、P3中の識別情報に対応したIPアドレスをP-GW24に通知し、P-GW24がこのIPアドレスを中継装置30に通知する。 According to this correspondence table, the AAA 27 notifies the P-GW 24 of the IP address corresponding to the identification information in the packet data P1, P2, and P3 received from each of the terminals 10A, 10B, and 10C, and the P-GW 24 sends this IP address. Notify the relay device 30.
 中継装置30は、予め識別情報であるIPアドレスに対応して、予め転送先として許可した各ネットワーク経路301~303の宛先IPアドレスを有している。中継装置30はP-GW24から受信したIPアドレスを参照して、このIPアドレスに対して、予め許可した宛先IPアドレスを有するネットワーク経路301~303にパケットデータを転送する。すなわち、ベアラの確立後は、P-GW24が、各端末10A、10B、10Cの電話番号とIPアドレスの紐付けを行い、中継装置30が、端末10A、10B、10Cの識別情報(電話番号およびIPアドレス)に対して予め許可した宛先IPアドレスを有するネットワーク経路301、302、303へデータを転送する役割を果たす。 The relay device 30 has a destination IP address of each of the network paths 301 to 303 previously permitted as a transfer destination in advance corresponding to the IP address which is identification information. The relay device 30 refers to the IP address received from the P-GW 24 and transfers the packet data to the network paths 301 to 303 having the destination IP address permitted in advance with respect to this IP address. That is, after the bearer is established, the P-GW 24 associates the telephone numbers of the terminals 10A, 10B, and 10C with the IP addresses, and the relay device 30 identifies the identification information (telephone number and the terminal 10A, 10B, and 10C). It plays a role of transferring data to the network paths 301, 302, and 303 having destination IP addresses permitted in advance with respect to (IP address).
 パケットデータP1中のIPアドレスは「XXX.XXX.XXX.XXX」であり、中継装置30は、パケットデータP1を予め許可したネットワーク経路301に転送する。パケットデータP2中のIPアドレスが「YYY.YYY.YYY.YYY」の場合、中継装置30は、パケットデータP2を予め許可したネットワーク経路302に転送する。パケットデータP3中のIPアドレスが「YYY.YYY.YYY.YYY」の場合、中継装置30は、パケットデータP2を予め許可したネットワーク経路302に転送する。 The IP address in the packet data P1 is “XXX.XXX.XXX.XXX”, and the relay device 30 transfers the packet data P1 to the network path 301 permitted in advance. When the IP address in the packet data P2 is “YYY.YYY.YYY.YYY”, the relay device 30 transfers the packet data P2 to the network path 302 that has been previously permitted. When the IP address in the packet data P3 is “YYY.YYY.YYY.YYY”, the relay device 30 transfers the packet data P2 to the network path 302 permitted in advance.
 すなわち、中継装置30は、第1のノードである端末10と第2のノードであるアクセスポイント15とが、第2の通信システムを利用した通信経路により接続されていることを前提として、端末10から第2の通信システムを利用した通信経路上を伝送され、アクセスポイント15を経て伝送されてきた第1の通信システムのパケットデータ(LTEプロトコルのデータ)を受信し、パケットデータ中の端末10を識別する識別情報に基づき、外部ネットワーク300中の当該識別情報に対応した特定の、予め許可したネットワーク経路301~303にパケットデータを転送する通信方法(中継方法)を実施する。 In other words, the relay device 30 assumes that the terminal 10 as the first node and the access point 15 as the second node are connected by a communication path using the second communication system. Receives the packet data (LTE protocol data) of the first communication system transmitted over the communication path using the second communication system and transmitted through the access point 15, and the terminal 10 in the packet data is Based on the identification information to be identified, a communication method (relay method) for transferring packet data to specific, previously permitted network paths 301 to 303 corresponding to the identification information in the external network 300 is performed.
 ネットワーク経路301はインターネット上の一般的なサーバーやパーソナルコンピュータ等のコンピュータ装置401に接続されている。すなわち、パケットデータP1のIPアドレス「XXX.XXX.XXX.XXX」は、公に解放されたインターネットを介してコンピュータ装置401に送られることが許可されたデータを示している。ネットワーク経路302はクラウドサーバー402に接続されている。すなわち、パケットデータP2のIPアドレス「YYY.YYY.YYY.YYY」は、クラウドサービスを提供するために構築されたクラウドサービスネットワークを介してクラウドサーバー402に送られることが許可されたデータを示している。また、ネットワーク経路303は、企業内サーバーの様なプライベートサーバー403に接続されている。すなわち、パケットデータP3のIPアドレス「ZZZ.ZZZ.ZZZ.ZZZ.」は、閉じた環境を提供するために構築されたプライベートネットワークを介してクラウドサーバー402に送られることが許可されたデータを示している。 The network path 301 is connected to a computer device 401 such as a general server or personal computer on the Internet. That is, the IP address “XXX.XXX.XXX.XXX” of the packet data P1 indicates data that is permitted to be sent to the computer device 401 via the publicly released Internet. The network path 302 is connected to the cloud server 402. That is, the IP address “YYY.YYY.YYY.YYY” of the packet data P2 indicates data that is permitted to be sent to the cloud server 402 via the cloud service network constructed to provide the cloud service. Yes. The network path 303 is connected to a private server 403 such as an in-company server. That is, the IP address “ZZZ.ZZZ.ZZZ.ZZZ.” Of the packet data P3 indicates data permitted to be sent to the cloud server 402 via a private network constructed to provide a closed environment. ing.
 このように中継装置30は、パケットデータが示す識別情報ひいてはIPアドレスにより、パケットデータの種類を判定して、適切な転送先、すなわち予め許可した転送先(宛先IPアドレスを有する転送先)に送ることができる。 As described above, the relay device 30 determines the type of the packet data based on the identification information indicated by the packet data, and thus the IP address, and sends the packet data to an appropriate transfer destination, that is, a transfer destination permitted in advance (transfer destination having the destination IP address). be able to.
 尚、ユーザは、管理ポータルサイト50から端末10の識別情報が管理可能である。管理ポータルサイト50が、端末10を利用する複数の顧客(テナント)に対応可能なマルチテナント型システムである場合、顧客毎の情報管理、顧客毎の任意ポリシーの設定を容易に行うことが可能となる。情報管理には、各端末10の識別情報(SIM情報等)の管理、通信量のモニタ、通信帯域の設定等が含まれ、その種類は等に限定されない。任意ポリシーには、端末10の識別情報に対応した通信権限(接続ポリシー)等が含まれ、その種類は等に限定されない。 The user can manage the identification information of the terminal 10 from the management portal site 50. When the management portal site 50 is a multi-tenant system that can handle a plurality of customers (tenants) using the terminal 10, it is possible to easily perform information management for each customer and setting of an arbitrary policy for each customer. Become. Information management includes management of identification information (SIM information and the like) of each terminal 10, monitoring of traffic, setting of communication band, and the like, and the type is not limited to such. The arbitrary policy includes a communication authority (connection policy) corresponding to the identification information of the terminal 10, and the type thereof is not limited to such.
 また、中継装置30は、複数のクラウドサービスネットワーク(ネットワーク経路302)を接続する。この場合、接続経路は、別途EPCネットワークを含むデータセンタ構内配線とこれに接続される回線やネットワーク、VPN(Virtual Private Network)、回線引き込み等により構築し、経路途中のL3機器を介して、経路制御を行うことが考えられる。尚、中継装置30は、クラウドサービスネットワークのみならず、本システムを利用する顧客企業のデータセンタなど、その他特定の宛先(ネットワーク経路303)も互いに接続することが可能である。 Also, the relay device 30 connects a plurality of cloud service networks (network paths 302). In this case, the connection route is constructed by data center premises wiring including an EPC network and a line or network connected to the data center, VPN (Virtual Private Network), line pull-in, etc. It is conceivable to perform control. The relay device 30 can connect not only the cloud service network but also other specific destinations (network path 303) such as a data center of a customer company that uses this system.
 図8は、中継ユニット40の他の実施形態の概要を示すブロック図である。上述の実施形態では、アクセスポイント15が、第1のノードと協働して第2の通信システムを利用した通信経路を確立する第2のノードの役割を果たしている。しかしながら、第2のノードは、アクセスポイント15には限定されず、他の任意の機器にエージェントアプリケーションをインストールすることにより構築することが可能である。 FIG. 8 is a block diagram showing an outline of another embodiment of the relay unit 40. In the above-described embodiment, the access point 15 plays a role of a second node that establishes a communication path using the second communication system in cooperation with the first node. However, the second node is not limited to the access point 15 and can be constructed by installing an agent application in any other device.
 図8の例では、図6における接続ノード(ゲートウェイ)31A、31Bの代わりに、仮想的に設定される仮想基地局60がアクセスポイント15と接続している。仮想基地局60は、例えば通常のゲートウェイにエージェントアプリケーションをインストールして構築されており、第2のノードの役割を果たす。このように、中継ユニット40の一部が第2のノードとして機能するような場合もあるのであって、第2のノードは、物理的に特定の位置、機器に限定されることはない。すなわち、第2のノードである仮想基地局60は、そのエージェントアプリケーションが、第1のノードのエージェントアプリケーションと協働して第2の通信システムの通信経路および仮想的なLTE通信システムの通信経路を確立可能な、いわば仮想的なLTE基地局であって、図1~図7におけるアクセスポイント15と同じ機能を奏する。そして、図8の場合、アクセスポイント15は単に電波を送受信する経路ポイントとして作用し、第2のノードの役割を果たさないため、既存のアクセスポイントをそのまま利用することも可能であるし、安価な送受信機を利用することもできる。尚、この例では、第2の通信システムは、Wi-Fiと有線LAN等、複数の通信システムを含む構成の通信経路が採用されることになる。本例のアクセスポイント15には既存のWi-Fiアクセスポイント等が利用可能であるが、そのままではセキュリティが確保されていないことが多いため、アクセスポイント15から第2のノード(本例では仮想基地局60)のゲートウェイ間はVPN等のセキュアな通信経路を用意することが望ましい。 In the example of FIG. 8, a virtual base station 60 that is virtually set is connected to the access point 15 instead of the connection nodes (gateways) 31A and 31B in FIG. The virtual base station 60 is constructed by installing an agent application in a normal gateway, for example, and plays the role of a second node. Thus, a part of the relay unit 40 may function as the second node, and the second node is not limited to a specific position and device physically. That is, the virtual base station 60 that is the second node has the agent application that cooperates with the agent application of the first node to set the communication path of the second communication system and the communication path of the virtual LTE communication system. This is a virtual LTE base station that can be established, and has the same function as the access point 15 in FIGS. In the case of FIG. 8, the access point 15 simply acts as a path point for transmitting and receiving radio waves and does not serve as the second node. Therefore, the existing access point can be used as it is, and is inexpensive. A transceiver can also be used. In this example, the second communication system employs a communication path including a plurality of communication systems such as Wi-Fi and wired LAN. Although an existing Wi-Fi access point or the like can be used for the access point 15 in this example, since security is often not secured as it is, the access point 15 is connected to the second node (virtual base in this example). It is desirable to prepare a secure communication path such as VPN between the gateways of the stations 60).
 本発明によれば、既に実現されているLTEの長所を活用しつつ、端末、センサー等、あらゆるモノからの情報を円滑に外部ネットワークへ送信することが可能となる。膨大な量のデータを安価に取得することが可能となり、あらゆる産業分野においてより有効なデータの活用が期待される。特にIoTにおいては、膨大な量のデータを高い秘匿性をもってやり取りする必要があり、本発明による通信方法は有用性が高いと考えられる。 According to the present invention, it is possible to smoothly transmit information from all things such as terminals and sensors to an external network while utilizing the advantages of LTE that have already been realized. An enormous amount of data can be obtained at low cost, and more effective use of data is expected in all industrial fields. Particularly in IoT, it is necessary to exchange an enormous amount of data with high confidentiality, and the communication method according to the present invention is considered to be highly useful.
 また、第2の通信システムにWi-Fiの如き安価で取り扱いの容易な通信システムの通信経路を使用しつつ、LTEプロトコルのデータを送るため、秘匿性を保持しつつも手軽かつ安価なデータの送信を実現することができる。 In addition, since the data of the LTE protocol is sent to the second communication system using a communication path of a cheap and easy-to-handle communication system such as Wi-Fi, it is possible to easily and inexpensively maintain data while maintaining confidentiality. Transmission can be realized.
 また、本実施形態の通信システムに倣った通信サービスを提供する事業者(例えば中継ユニット40を提供する事業者)は、LTEのモバイル通信を行うためのライセンスを受けたキャリアとは関係なく、独自に各端末の識別情報を持つSIM又は仮想SIM等を発行し、ユーザに付与する。ユーザの端末が本通信システムに接続を試みると、識別情報を取得して各端末を認証し、認証された端末からのデータを、端末の識別情報に対応したネットワーク経路に転送し、ユーザや端末に応じて設定された送信先に送信する。このような構成によれば、プライベートのLTEシステムを容易に構築することが可能であるため、各ユーザの端末の識別情報は、ユーザごとの概要の設定、端末の種別に応じた設定、端末個別の設定など、識別情報の変更や拡張、識別情報に対応する各種設定の変更や拡張などを自由に行える。また、ネットワーク構成の自由度も大きい。 Further, a provider that provides a communication service following the communication system of the present embodiment (for example, a provider that provides the relay unit 40) is independent of a carrier that has received a license to perform LTE mobile communication. A SIM or virtual SIM having identification information of each terminal is issued to the user. When a user terminal tries to connect to the communication system, identification information is acquired to authenticate each terminal, and data from the authenticated terminal is transferred to a network path corresponding to the terminal identification information. Send to the destination set according to. According to such a configuration, since it is possible to easily construct a private LTE system, the identification information of each user's terminal is set as an overview for each user, a setting according to the type of terminal, and an individual terminal It is possible to freely change or extend the identification information such as the setting of the ID, and change or extend various settings corresponding to the identification information. In addition, the degree of freedom of network configuration is great.
 予め事業者が、複数の送信先のネットワーク経路を用意しておき、端末側と外部ネットワーク側をそれぞれ接続するだけで、プライベートのLTE通信が可能になる。 A private LTE communication becomes possible simply by preparing a plurality of destination network routes in advance and connecting the terminal side and the external network side respectively.
 尚、端末は、事業者が用意したアクセスポイントに接続するか、或いは、ユーザが自ら構築した通信網のアクセスポイントに接続することとなる。 Note that the terminal is connected to an access point prepared by a provider, or connected to an access point of a communication network built by the user.
 外部ネットワーク側においては、事業者がインターネット、クラウドネットワーク、プライベートネットワークなどにそれぞれ対応して接続ノードを設け、それぞれの外部ネットワークと接続可能にする。 On the external network side, operators will establish connection nodes corresponding to the Internet, cloud network, private network, etc., respectively, so that they can connect to each external network.
 そして、アンライセンスドの通信システム(無線LANなど)を利用して端末とコアネットワークとを接続してLTE通信を実現し、プライベートのLTE通信システムを構築することが可能となる。この結果、秘匿性、QoSなどが確立されたLTE通信を、ユーザのニーズに合わせた種々のネットワーク形態において実現することできる。 And, it becomes possible to realize LTE communication by connecting a terminal and a core network using an unlicensed communication system (wireless LAN or the like) and construct a private LTE communication system. As a result, LTE communication in which confidentiality, QoS, and the like are established can be realized in various network configurations that meet user needs.
 また、中継装置が、LTEプロトコルのデータ中の識別情報に基づき、この識別情報に対応した特定のネットワーク経路にLTEプロトコルのデータを転送するため、データを確実に意図した送信先に送信することができる。端末から宛先のネットワーク経路のサーバーなどの間(エンドトゥエンド)のセキュリティを強化することも可能である。 Further, since the relay device transfers the LTE protocol data to a specific network path corresponding to the identification information based on the identification information in the LTE protocol data, the data may be transmitted to the intended destination without fail. it can. It is also possible to enhance the security between the terminal and the server of the destination network route (end-to-end).
 続いて、本発明の他の実施形態を説明する。LTE通信システムを含む従来の通信システムにおいては、ネットワーク中における中継装置が、当該装置に接続する端末間の通信をまとめて制御するのが一般的である。各端末は、物理的ネットワークの観点からは基地局等によりグルーピングされた状態で中継装置にぶら下がっているが、通信規約上重要な論理ネットワークの観点からは、中継装置に並列にぶら下がった形になっている。すなわち中継装置は、ネットワークに属する各端末を特定の属性により判別することはできないため、中継装置は、複数の端末間の通信を一括で禁止したり、一括で許可したりするのが一般的である。 Subsequently, another embodiment of the present invention will be described. In a conventional communication system including an LTE communication system, a relay device in a network generally controls communication between terminals connected to the device collectively. Each terminal hangs on the relay device in a grouped state by a base station or the like from the viewpoint of a physical network, but from the viewpoint of a logical network important in terms of communication protocol, each terminal hangs in parallel with the relay device. ing. In other words, since the relay device cannot distinguish each terminal belonging to the network by a specific attribute, the relay device generally prohibits communication between a plurality of terminals in a lump or permits it in a lump. is there.
 最近のIoT技術の進展やその他の要因に伴い、ネットワークに接続する端末の数は飛躍的に増大しており、通信の秘匿性確保、通信量の増大への対応等の観点から、例えば中継装置に対し、端末同士が通信する到達性(Reachability)を個別に管理することが求められつつある。そこで、次に述べる実施形態では、中継装置がネットワークにおいて、自己に接続(有線、無線の双方を含む)する端末を特定の属性の観点からグループ毎にまとめて管理し、グループの内部でのみ通信を許可、すなわち到達性を認めることにする。本実施形態の中継装置は、所定のグループに所属する複数の端末間の通信を中継することとなる。尚、「到達性」とは「疎通性」と呼ばれることもある。 With the recent progress of IoT technology and other factors, the number of terminals connected to the network has increased dramatically. From the viewpoint of ensuring the confidentiality of communication and dealing with an increase in communication volume, for example, a relay device On the other hand, it is required to individually manage reachability with which terminals communicate with each other. Therefore, in the embodiment described below, terminals connected to the relay device in the network (including both wired and wireless) are managed collectively for each group from the viewpoint of specific attributes, and communicated only within the group. Is permitted, that is, reachability is recognized. The relay apparatus of this embodiment relays communication between a plurality of terminals belonging to a predetermined group. Note that “reachability” is sometimes called “communicability”.
 図9(a)は、例えば三つの端末間の到達性を示す概念図であり、第1の端末(端末1)と第2の端末(端末2)は、予め通信が許可されており(到達性あり)、第1の端末と第3の端末(端末3)も、予め通信が許可されている(到達性あり)。例えば第1の端末と第2の端末は特定の企業が保有する端末のグループに属し、第1の端末と第3の端末は特定のIoTサービスを享受する端末のグループに属している。すなわち、到達性がある複数の端末は、何らかの属性により分類されて予め生成された特定のグループに所属している。 FIG. 9A is a conceptual diagram showing reachability between, for example, three terminals. The first terminal (terminal 1) and the second terminal (terminal 2) are allowed to communicate in advance (reach). The first terminal and the third terminal (terminal 3) are also permitted to communicate in advance (with reachability). For example, the first terminal and the second terminal belong to a group of terminals owned by a specific company, and the first terminal and the third terminal belong to a group of terminals that enjoy a specific IoT service. That is, a plurality of reachable terminals belong to a specific group that has been generated in advance after being classified according to some attribute.
 図9(b)は、各グループに付与されたグループ番号(グループID)と、当該グループに所属する端末(端末の識別情報)の関係を示すテーブルである。図9(a)に示す通り、予め定められたグループ番号1のグループ1には、第1の端末(ID1)、第2の端末(ID2)が所属している。予め定められたグループ番号2のグループ2には、第1の端末(ID1)、第3の端末(ID3)が所属している。もちろんグループの数は3以上であってもよく、限定はされない。また、各グループに所属する端末の数も特に限定はされない。 FIG. 9B is a table showing a relationship between a group number (group ID) assigned to each group and a terminal (terminal identification information) belonging to the group. As shown in FIG. 9A, the first terminal (ID1) and the second terminal (ID2) belong to the group 1 with the predetermined group number 1. The first terminal (ID1) and the third terminal (ID3) belong to the group 2 with the predetermined group number 2. Of course, the number of groups may be three or more, and is not limited. Further, the number of terminals belonging to each group is not particularly limited.
 図9(c)は、各端末に付与された識別情報と、当該識別情報に対応するIPアドレスを示すテーブルである。ここでの識別情報には、例えば、IMSI(International Mobile Subscriber Identity)、電話番号、他の独自情報(特定の通信システム用に独自に付与された独自ID等)があり、例えば通信会社が顧客毎に提供する回線ID(顧客ID)を含む。第1の端末(ID1)には192.168.1.1のIPアドレスが付与され、第2の端末(ID2)には192.168.1.2のIPアドレスが付与され、第3の端末(ID3)には192.168.1.3のIPアドレスが付与されている。 FIG. 9C is a table showing identification information given to each terminal and an IP address corresponding to the identification information. The identification information here includes, for example, IMSI (International Mobile Subscriber Identity), a telephone number, and other unique information (such as a unique ID uniquely assigned for a specific communication system). The line ID (customer ID) to be provided is included. An IP address of 192.168.1.1 is assigned to the first terminal (ID1), an IP address of 192.168.1.2 is assigned to the second terminal (ID2), and 192.168.1.3 is assigned to the third terminal (ID3). IP address is assigned.
 図9(b)に示す各グループと所属する端末との関係と、図9(c)に示す各端末と(その識別情報に従って)それに付与されるIPアドレスとの関係は、予め構築されている。中継装置は、例えば自身が保有する記憶装置やネットワークの他のサーバーの記憶装置に保持した図9(b)、図9(c)の如きテーブルを参照することができる。 The relationship between each group shown in FIG. 9B and the terminal to which it belongs and the relationship between each terminal shown in FIG. 9C and the IP address assigned to it (according to its identification information) are established in advance. . The relay device can refer to tables such as FIG. 9B and FIG. 9C held in a storage device owned by itself or a storage device of another server in the network, for example.
 中継装置は、送信元の端末から別の送信先の端末に送信されるパケットデータを受信し、送信元の端末のIPアドレスと、送信先の端末のIPアドレスを識別する。更に中継装置は、図9(b)、図9(c)のテーブルを参照することにより、これら識別されたIPアドレスに基づき、送信元の端末の識別情報及び送信先の端末の識別情報を特定する。これにより、中継装置は、送信元の端末及び送信先の端末各々が所属するグループの有無及びそのグループ番号を判定する。この判定の結果、中継装置は、送信元の端末及び送信先の端末のように、複数の端末が予め定められた一のグループに所属しているか否かを判定することができる。 The relay apparatus receives packet data transmitted from the transmission source terminal to another transmission destination terminal, and identifies the IP address of the transmission source terminal and the IP address of the transmission destination terminal. Further, the relay device identifies the identification information of the transmission source terminal and the identification information of the transmission destination terminal based on the identified IP addresses by referring to the tables of FIGS. 9B and 9C. To do. Thereby, the relay apparatus determines the presence / absence of a group to which each of the transmission source terminal and the transmission destination terminal belongs and the group number thereof. As a result of this determination, the relay apparatus can determine whether or not a plurality of terminals belong to a predetermined group, such as a transmission source terminal and a transmission destination terminal.
 中継装置は、複数の端末が一のグループに所属していると判定した場合(各端末のグループ番号が同じ場合)は、通信を許可する。具体的には中継装置は、送信元の端末から直接または間接に受信したパケットデータを送信先の端末に対して転送する。一方、中継装置は、複数の端末が一のグループに所属していないと判定する場合(各端末のグループ番号が異なる場合)は、通信を停止する。具体的には中継装置は、受信したパケットデータを破棄する。これにより、中継装置は、特定の一のグループに所属する端末間の通信だけを許可し、きめ細かな通信サービスを提供することができる。また、例えば機密性等を確保した安全な通信を確保することができる。さらには通信量の増大も抑えることができる。 The relay device permits communication when it is determined that a plurality of terminals belong to one group (when the group number of each terminal is the same). Specifically, the relay device transfers packet data received directly or indirectly from the transmission source terminal to the transmission destination terminal. On the other hand, when the relay apparatus determines that a plurality of terminals do not belong to one group (when the group numbers of the terminals are different), the relay apparatus stops communication. Specifically, the relay device discards the received packet data. Thereby, the relay apparatus can permit only communication between terminals belonging to a specific group, and can provide a detailed communication service. Further, for example, it is possible to ensure secure communication that ensures confidentiality. Furthermore, an increase in communication volume can be suppressed.
 尚、図9の第1の端末の様に、一の端末が複数のグループに所属することも認められる。例えば、第1の端末が特定の企業が保有する端末であり(グループ1に所属)、かつ特定のIoTサービスを享受する端末である(グループ2に所属)場合である。このような場合、中継装置は、一の端末の複数のグループへの帰属により、端末の共有や兼務といった、より複雑な関係性に即した動作を実現できる。 It should be noted that one terminal can also belong to a plurality of groups like the first terminal in FIG. For example, the first terminal is a terminal owned by a specific company (belonging to group 1) and a terminal that enjoys a specific IoT service (belonging to group 2). In such a case, the relay apparatus can realize an operation in accordance with a more complicated relationship such as sharing of a terminal or concurrent duties by belonging to a plurality of groups of one terminal.
 すなわち、本実施形態は、中継装置が、端末間の到達性をグループとして管理する方式である。また、一の端末が複数のグループに所属することも認めるものである。 That is, this embodiment is a method in which the relay device manages reachability between terminals as a group. It is also recognized that one terminal belongs to a plurality of groups.
 なお、中継装置の機能は、EPCのP-GWの一部として実現することも可能である。すなわち、コアネットワークに本実施形態の中継装置を盛り込むことが可能である。 It should be noted that the function of the relay device can be realized as a part of the EPC P-GW. That is, it is possible to incorporate the relay device of this embodiment in the core network.
 図10は本実施形態の中継装置30Aを用いた通信方法の手順を示すシーケンス図である。前提として、第1の端末11と、アクセスポイント15と、EPCネットワーク20のベアラは予め確立している(ステップ21)。第2の端末12と、アクセスポイント15と、EPCネットワーク20のベアラも予め確立している(ステップ22)。第3の端末13と、アクセスポイント15と、EPCネットワーク20のベアラも予め確立している(ステップ23)。このようなベアラの確立は、通常の手順に従って行われる。 FIG. 10 is a sequence diagram showing a procedure of a communication method using the relay device 30A of the present embodiment. As a premise, the first terminal 11, the access point 15, and the bearer of the EPC network 20 are established in advance (step 21). The bearers of the second terminal 12, the access point 15, and the EPC network 20 are also established in advance (step 22). The third terminal 13, the access point 15, and the bearer of the EPC network 20 are also established in advance (step 23). Such bearer establishment is performed according to a normal procedure.
 まず、第1の端末11が、第2の端末12宛にパケットデータを送信する(ステップ24)。本実施形態の中継装置30Aは、第1の端末11及び第2の端末12が同一のグループに所属しているか否かを確認する(ステップ25)。この確認は、第1の端末11のIPアドレス及び第2の端末12のIPアドレス並びに図9(b)、図9(c)のテーブルを参照することにより行うことができる。中継装置30Aは、第1の端末11及び第2の端末12が同一のグループに所属していると判定し、通信を許可し、パケットデータを第2の端末12に転送する(ステップ26)。 First, the first terminal 11 transmits packet data to the second terminal 12 (step 24). The relay device 30A of this embodiment confirms whether or not the first terminal 11 and the second terminal 12 belong to the same group (step 25). This confirmation can be performed by referring to the IP address of the first terminal 11, the IP address of the second terminal 12, and the tables of FIGS. 9B and 9C. The relay device 30A determines that the first terminal 11 and the second terminal 12 belong to the same group, permits communication, and transfers the packet data to the second terminal 12 (step 26).
 次に、他の例として、第2の端末12が、第3の端末13宛にパケットデータを送信する(ステップ27)。中継装置30Aは、第2の端末12及び第3の端末13が、同一のグループに所属しているか否かを確認する(ステップ28)。この確認は、第2の端末12のIPアドレス及び第3の端末13のIPアドレス並びに図9(b)、図9(c)のテーブルを参照することにより行うことができる。中継装置30Aは、第2の端末12及び第3の端末13が同一のグループに所属していないと判定し、通信を停止し、パケットデータを破棄する。 Next, as another example, the second terminal 12 transmits packet data to the third terminal 13 (step 27). The relay device 30A checks whether the second terminal 12 and the third terminal 13 belong to the same group (step 28). This confirmation can be performed by referring to the IP address of the second terminal 12, the IP address of the third terminal 13, and the tables of FIGS. 9B and 9C. The relay device 30A determines that the second terminal 12 and the third terminal 13 do not belong to the same group, stops communication, and discards packet data.
 図11は、本実施形態の中継装置が、特定のグループに所属する端末間の通信においてパケットデータを転送する状況を示す概念図である。本図が示すネットワークは、図7で示したものと類似しているが、図9で説明した考え方に従い、各端末が特定のグループに所属している。例えば、複数のアクセスポイント15D1、15D2に接続し得る複数の端末10D1、10D2がグループG1に所属している。中継装置30Aは、グループG1に所属する一の端末10D1から送信されたパケットデータP1を、同じグループG1に所属する他の端末10D2に送信(転送)する。 FIG. 11 is a conceptual diagram showing a situation in which the relay device of this embodiment transfers packet data in communication between terminals belonging to a specific group. The network shown in this figure is similar to that shown in FIG. 7, but each terminal belongs to a specific group in accordance with the concept described in FIG. For example, a plurality of terminals 10D1 and 10D2 that can be connected to a plurality of access points 15D1 and 15D2 belong to the group G1. The relay device 30A transmits (transfers) the packet data P1 transmitted from one terminal 10D1 belonging to the group G1 to another terminal 10D2 belonging to the same group G1.
 例えば、一つのアクセスポイント15Eに接続し得る複数の端末10E1、10E2がグループG2に所属している。中継装置30Aは、グループG2に所属する一の端末10E1から送信されたパケットデータP2を、同じグループG2に所属する他の端末10E2に送信(転送)する。 For example, a plurality of terminals 10E1 and 10E2 that can be connected to one access point 15E belong to the group G2. The relay device 30A transmits (transfers) the packet data P2 transmitted from one terminal 10E1 belonging to the group G2 to another terminal 10E2 belonging to the same group G2.
 グループG2は、距離的に近接し、物理的なネットワークの観点から同じグループに所属する端末が、(偶然にも)論理的なネットワークの観点からも同じグループに所属する例である。一方、グループG3は、物理的なネットワークの観点からではなく、論理的なネットワークの観点から複数の端末10Fが所属し得るグループの例である。 The group G2 is an example in which terminals that are close to each other in distance and belong to the same group from the viewpoint of the physical network belong (accidentally) to the same group also from the viewpoint of the logical network. On the other hand, the group G3 is an example of a group to which a plurality of terminals 10F can belong from the viewpoint of a logical network, not from the viewpoint of a physical network.
 すなわち、一の端末10F1は、中継装置30A(中継ユニット40)に対し、先の実施形態で説明した第1の通信システム(LTE通信システム)100を介して通信し得る第2の通信システムに属する端末である。一方、他の端末10F2は、プライベートサーバー403の管理下にあり、中継装置30Aから見て外側の外部ネットワーク300におけるネットワーク経路303上に存在する端末である。二つの端末10F1、10F2は距離的には遠く離れ、物理的なネットワークの観点からは同じグループに所属し得ないが、論理的なネットワークの観点からは、同一のグループに所属する。中継装置30Aは、グループG3に所属する一の端末10F1から送信されたパケットデータP3を、同じグループG3に所属する他の端末10F2に送信(転送)する。 That is, the one terminal 10F1 belongs to the second communication system that can communicate with the relay device 30A (relay unit 40) via the first communication system (LTE communication system) 100 described in the previous embodiment. It is a terminal. On the other hand, the other terminal 10F2 is a terminal that is under the management of the private server 403 and exists on the network path 303 in the external network 300 outside as viewed from the relay device 30A. The two terminals 10F1 and 10F2 are far from each other in distance and cannot belong to the same group from the viewpoint of a physical network, but belong to the same group from the viewpoint of a logical network. The relay device 30A transmits (transfers) the packet data P3 transmitted from one terminal 10F1 belonging to the group G3 to another terminal 10F2 belonging to the same group G3.
 図12は、本発明の更に他の実施形態を示す。先に述べた実施形態では、到達性がある複数の端末が、何らかの属性により分類されて予め生成された特定のグループに所属している。一方、次に述べる実施形態では、例えば上位概念のグループの中に下位概念のグループが所属しており、当該下位概念のグループの中に端末が所属している。すなわち、概念レベルの異なるグループが階層を構成しており、このような場合であっても本発明は適用可能である。 FIG. 12 shows still another embodiment of the present invention. In the above-described embodiment, a plurality of reachable terminals belong to a specific group that is generated in advance after being classified according to some attribute. On the other hand, in the embodiment described below, for example, a lower concept group belongs to a higher concept group, and a terminal belongs to the lower concept group. That is, groups with different concept levels constitute a hierarchy, and the present invention can be applied even in such a case.
 図12(a)は、例えば二つの端末及び一つのグループ間の到達性を示す概念図であり、第1の端末(端末1)と第2の端末(端末2)は、予め通信が許可されており(到達性あり)、第1の端末と、グループ3に所属する第3の端末(端末3)及び第4の端末(端末4)も、予め通信が許可されている(到達性あり)。例えば第1の端末と第2の端末は特定の企業が保有する端末のグループに属し、第1の端末と、第3の端末及び第4の端末は特定のIoTサービスを享受する端末のグループに属している。すなわち、到達性がある複数の端末は、何らかの属性により分類されて予め生成された特定のグループに所属している。 FIG. 12A is a conceptual diagram showing reachability between two terminals and one group, for example, and communication between the first terminal (terminal 1) and the second terminal (terminal 2) is permitted in advance. The first terminal, and the third terminal (terminal 3) and the fourth terminal (terminal 4) belonging to the group 3 are also permitted to communicate in advance (with reachability). . For example, the first terminal and the second terminal belong to a group of terminals owned by a specific company, and the first terminal, the third terminal, and the fourth terminal belong to a group of terminals that enjoy a specific IoT service. belong to. That is, a plurality of reachable terminals belong to a specific group that has been generated in advance after being classified according to some attribute.
 更に本実施形態では、例えば、第3の端末と第4の端末が、前記IoTサービスにおける特別メニューを享受する端末のグループ(グループ3)に属している。すなわち、第1の端末と、第3の端末及び第4の端末が所属する上位概念のグループの中に、第3の端末及び第4の端末が所属する下位概念のグループが所属する階層構造が形成されている。 Furthermore, in the present embodiment, for example, the third terminal and the fourth terminal belong to a group (group 3) of terminals that enjoy the special menu in the IoT service. That is, there is a hierarchical structure in which a lower concept group to which the third terminal and the fourth terminal belong belongs to a higher concept group to which the first terminal and the third terminal and the fourth terminal belong. Is formed.
 図12(b)は、各グループに付与されたグループ番号(グループID)と、当該グループに所属する端末(端末の識別情報)の関係を示すテーブルである。図12(a)に示す通り、予め定められたグループ番号1のグループ1には、第1の端末(UE-ID1)、第2の端末(UE-ID2)が所属している。予め定められたグループ番号2のグループ2には、第1の端末(端末-ID1)、グループ番号3のグループ3(GR-ID3)が所属している。そして、このグループ番号3のグループ3には、第3の端末(UE-ID3)、第4の端末(UE-ID4)が所属している。もちろんグループの数は3以上であってもよく、限定はされない。また、各グループに所属する端末の数も特に限定はされない。 FIG. 12B is a table showing a relationship between a group number (group ID) given to each group and a terminal (terminal identification information) belonging to the group. As shown in FIG. 12 (a), a first terminal (UE-ID1) and a second terminal (UE-ID2) belong to a group 1 with a predetermined group number 1. The first terminal (terminal-ID1) and the group 3 (GR-ID3) of group number 3 belong to the group 2 of the predetermined group number 2. The third terminal (UE-ID3) and the fourth terminal (UE-ID4) belong to the group 3 with the group number 3. Of course, the number of groups may be three or more, and is not limited. Further, the number of terminals belonging to each group is not particularly limited.
 図12(c)は、各端末に付与された識別情報と、当該識別情報に対応するIPアドレスを示すテーブルである。ここでの識別情報は先に述べた実施形態のものと同種類である。第1の端末(ID1)には192.168.1.1のIPアドレスが付与され、第2の端末(ID2)には192.168.1.2のIPアドレスが付与され、第3の端末(ID3)には192.168.1.3のIPアドレスが付与され、第4の端末(ID4)には192.168.1.4のIPアドレスが付与されている。 FIG. 12C is a table showing the identification information given to each terminal and the IP address corresponding to the identification information. The identification information here is the same type as that of the above-described embodiment. An IP address of 192.168.1.1 is assigned to the first terminal (ID1), an IP address of 192.168.1.2 is assigned to the second terminal (ID2), and 192.168.1.3 is assigned to the third terminal (ID3). The IP address of 192.168.1.4 is assigned to the fourth terminal (ID4).
 図12(b)に示す各グループと所属する端末との関係と、図12(c)に示す各端末と(その識別情報に従って)それに付与されるIPアドレスとの関係は、予め構築されている。中継装置は、例えば自身が保有する記憶装置やネットワークの他のサーバーの記憶装置に保持した図12(b)、図12(c)の如きテーブルを参照することができる。 The relationship between each group shown in FIG. 12B and the terminal to which it belongs and the relationship between each terminal shown in FIG. 12C and the IP address assigned to it (according to its identification information) are established in advance. . For example, the relay device can refer to tables such as FIG. 12B and FIG. 12C held in a storage device owned by itself or a storage device of another server in the network.
 中継装置は、送信元の端末から別の送信先の端末に送信されるパケットデータを受信し、送信元の端末のIPアドレスと、送信先の端末のIPアドレスを識別する。更に中継装置は、図12(b)、図12(c)のテーブルを参照することにより、これら識別されたIPアドレスに基づき、送信元の端末の識別情報及び送信先の端末の識別情報を特定する。これにより、中継装置は、送信元の端末及び送信先の端末各々が所属するグループの有無及びそのグループ番号を判定する。この判定の結果、中継装置は、送信元の端末及び送信先の端末のように、複数の端末が予め定められた一のグループに所属しているか否かを判定することができる。 The relay apparatus receives packet data transmitted from the transmission source terminal to another transmission destination terminal, and identifies the IP address of the transmission source terminal and the IP address of the transmission destination terminal. Further, the relay device specifies the identification information of the transmission source terminal and the identification information of the transmission destination terminal based on the identified IP addresses by referring to the tables of FIGS. 12B and 12C. To do. Thereby, the relay apparatus determines the presence / absence of a group to which each of the transmission source terminal and the transmission destination terminal belongs and the group number thereof. As a result of this determination, the relay apparatus can determine whether or not a plurality of terminals belong to a predetermined group, such as a transmission source terminal and a transmission destination terminal.
 中継装置は、複数の端末が一のグループに所属していると判定した場合(各端末のグループ番号が同じ場合)は、通信を許可する。具体的には中継装置は、送信元の端末から直接または間接に受信したパケットデータを送信先の端末に対して転送する。一方、中継装置は、複数の端末が一のグループに所属していないと判定する場合(各端末のグループ番号が異なる場合)は、通信を停止する。具体的には中継装置は、受信したパケットデータを破棄する。これにより、中継装置は、特定の一のグループに所属する端末間の通信だけを許可し、きめ細かな通信サービスを提供することができる。また、例えば機密性等を確保した安全な通信を確保することができる。さらには通信量の増大も抑えることができる。 The relay device permits communication when it is determined that a plurality of terminals belong to one group (when the group number of each terminal is the same). Specifically, the relay device transfers packet data received directly or indirectly from the transmission source terminal to the transmission destination terminal. On the other hand, when the relay apparatus determines that a plurality of terminals do not belong to one group (when the group numbers of the terminals are different), the relay apparatus stops communication. Specifically, the relay device discards the received packet data. Thereby, the relay apparatus can permit only communication between terminals belonging to a specific group, and can provide a detailed communication service. Further, for example, it is possible to ensure secure communication that ensures confidentiality. Furthermore, an increase in communication volume can be suppressed.
 そして本実施形態では、図12(b)に示す様に、上位概念のグループ2の中に、下位概念のグループ3が所属する階層構造が形成されている。この場合中継装置は、下位概念のグループ2に所属する全ての端末のID、UE-ID3、UE-ID4を、上位概念のグループ2に所属する複数の端末に含ませることにする。 In this embodiment, as shown in FIG. 12B, a hierarchical structure to which the lower concept group 3 belongs is formed in the higher concept group 2. In this case, the relay apparatus includes the IDs, UE-ID3, and UE-ID4 of all terminals belonging to the lower concept group 2 in a plurality of terminals belonging to the higher concept group 2.
 これにより、送信先の端末が階層構造の下位概念のグループに所属している場合も、予め当該下位概念のグループに所属する端末を明確にして登録しておき、中継装置が上位概念のグループに所属する端末と同格にすることにより、受信したパケットデータを適切に転送することができる。 As a result, even when the transmission destination terminal belongs to the hierarchical concept group, the terminals belonging to the lower concept group are clearly registered in advance, and the relay device is added to the higher concept group. By making it equivalent to the terminal to which it belongs, the received packet data can be transferred appropriately.
 図13は本実施形態の中継装置30Aを用いた通信方法の手順を示すシーケンス図である。ステップ21~ステップ23は先の実施形態と同じである。 FIG. 13 is a sequence diagram showing a procedure of a communication method using the relay device 30A of the present embodiment. Steps 21 to 23 are the same as in the previous embodiment.
 まず、第1の端末11が、第3の端末13宛にパケットデータを送信する(ステップ30)。本実施形態の中継装置30Aは、第1の端末11が所属するグループと同一のグループに所属するグループ番号(グループID)の全件を取得する(ステップ31)。この処理は、第1の端末11のIPアドレスおよび図12(b)、図12(c)のテーブルを参照することにより行うことができる。ここでは、中継装置30Aは、第1の端末11が所属するグループ1の第2の端末のUE-ID2と、同じく第1の端末11が所属するグループ2のグループ3のGR-ID3を取得する。 First, the first terminal 11 transmits packet data to the third terminal 13 (step 30). The relay device 30A according to the present embodiment acquires all cases of group numbers (group IDs) belonging to the same group as the group to which the first terminal 11 belongs (step 31). This process can be performed by referring to the IP address of the first terminal 11 and the tables shown in FIGS. 12B and 12C. Here, the relay device 30A acquires the UE-ID2 of the second terminal of the group 1 to which the first terminal 11 belongs, and the GR-ID3 of the group 3 of the group 2 to which the first terminal 11 also belongs. .
 次に中継装置30Aは、取得した全てのIDの中に、グループID(グループ番号)が含まれているか否かを判定する(ステップ32)。ここでは、上述した通り、取得したIDの中にグループ3のIDが含まれるため、中継装置30Aはグループ3から端末のID、すなわち、第3の端末のUE-ID4及び第4の端末のUE-ID4を抽出する(ステップ33)。この抽出処理を行うことにより、中継装置30Aは、再びステップ31、ステップ32の処理を行う。ステップ33の処理を行った結果、もはやグループIDは存在しないので、次に中継装置30Aは、対象端末のID、すなわちパケットデータを送信する送信先の端末IDが取得した全ての端末IDの中に含まれているか否かを判定する(ステップ34)。ここでは送信先の端末IDであるUE-ID2が含まれているため、中継装置30Aは、パケットデータを第3の端末13に転送する(ステップ35)。 Next, the relay device 30A determines whether or not a group ID (group number) is included in all acquired IDs (step 32). Here, as described above, since the ID of group 3 is included in the acquired ID, relay apparatus 30A determines the terminal ID from group 3, that is, UE-ID4 of the third terminal and UE of the fourth terminal. Extract ID4 (step 33). By performing this extraction process, the relay device 30A performs the processes of step 31 and step 32 again. As a result of performing the process of step 33, the group ID no longer exists, so the relay device 30A next includes all the terminal IDs acquired by the ID of the target terminal, that is, the terminal ID of the transmission destination that transmits the packet data. It is determined whether it is included (step 34). Here, since UE-ID2, which is the terminal ID of the transmission destination, is included, relay device 30A transfers the packet data to third terminal 13 (step 35).
 ステップ34で、もし対象端末のID、すなわち送信先の端末IDが取得した全ての端末IDの中に含まれていない場合、中継装置30Aは通信を停止する。具体的には中継装置30Aは、受信したパケットデータを破棄する。 In step 34, if the ID of the target terminal, that is, the terminal ID of the transmission destination is not included in all the acquired terminal IDs, the relay device 30A stops communication. Specifically, relay device 30A discards the received packet data.
 尚、図1から図8の実施形態は、第1の通信システム100がLTE通信システムであり、二つのノードのエージェントアプリケーションの作用により、例えばアンライセンスバンドの通信の下で、LTEプロトコルのデータを通信可能とするものである。しかしながら、図9~図13の実施形態によってもたらされる発明は、必ずしもLTE通信システムをその要素として有する必要はなく、通信対象とするデータはLTEプロトコルのデータには限定されない。図11の例では、第1の通信システム100は、必ずしもLTE通信システムでなくても、各端末をいずれかのグループに所属させることは可能であり、通信の到達性を確保することが可能である。 In the embodiment shown in FIGS. 1 to 8, the first communication system 100 is an LTE communication system, and the data of the LTE protocol is transferred under the unlicensed band communication by the action of the agent application of two nodes. Communication is possible. However, the invention brought about by the embodiment of FIGS. 9 to 13 does not necessarily have the LTE communication system as its element, and the data to be communicated is not limited to the data of the LTE protocol. In the example of FIG. 11, even if the first communication system 100 is not necessarily an LTE communication system, each terminal can belong to any group and communication reachability can be ensured. is there.
 また、表1、図9(b)、図9(c)、図12(b)、図12(c)はテーブル形式のデータを示したが、グラフ形式等他の形式により、各グループと所属する端末との関係や、各端末とIPアドレスとの関係等を保存してもよい。また、ここでの端末のIPアドレスは特にその種類は限定されず、図9(c)、図12(c)に示す個別の端末それぞれに付与されるIPアドレスのみならず、一のグループに対して付与されるIPアドレスであってもよい。後者の場合、中継装置は例えばグループ同士の通信を実現する。 Table 1, FIG. 9 (b), FIG. 9 (c), FIG. 12 (b), and FIG. 12 (c) show the data in the table format. It is also possible to store the relationship between the terminal and the relationship between each terminal and the IP address. The type of the IP address of the terminal here is not particularly limited, and not only the IP address assigned to each individual terminal shown in FIGS. 9C and 12C, but also for one group. It may be an IP address assigned. In the latter case, the relay device realizes communication between groups, for example.
 実施形態における端末10(端末11、12、13等も含む)に対応する第1のノードは特に限定はされないが、その具体例には、監視カメラ、データ測定器(センサデバイス)、人が自らの意志で使用する各種の携帯端末等が含まれる。携帯端末には、携帯電話、スマートフォン、タブレット、ゲーム機、VR(Virtual Reality)端末、AR(Augmented Reality)端末等が含まれる。尚、第1のノードから送信されるデータには、当然ながら音声データ(音声パケットデータ)も含まれる。 The first node corresponding to the terminal 10 (including the terminals 11, 12, 13 and the like) in the embodiment is not particularly limited, but specific examples thereof include a monitoring camera, a data measuring device (sensor device), and a person himself / herself. Various mobile terminals used at the will of the company are included. Mobile terminals include mobile phones, smartphones, tablets, game machines, VR (Virtual Reality) terminals, AR (Augmented Reality) terminals, and the like. The data transmitted from the first node naturally includes voice data (voice packet data).
 尚、本発明は、上述した実施形態に限定されるものではなく、適宜、変形、改良、等が可能である。その他、上述した実施形態における各構成要素の材質、形状、寸法、数値、形態、数、配置箇所、等は本発明を達成できるものであれば任意であり、限定されない。 Note that the present invention is not limited to the above-described embodiment, and modifications, improvements, and the like can be made as appropriate. In addition, the material, shape, dimension, numerical value, form, number, arrangement location, and the like of each component in the above-described embodiment are arbitrary and are not limited as long as the present invention can be achieved.
 本出願は、2016年11月30日に日本国特許庁に出願した特願2016-232736号に基づく優先権を主張するものであり、特願2016-232736号の全内容を本出願に援用する。 This application claims priority based on Japanese Patent Application No. 2016-23272736 filed with the Japan Patent Office on November 30, 2016, the entire contents of which are hereby incorporated by reference. .
 本発明の通信方法は、端末、センサー等、あらゆるモノからの膨大な量のデータを安価に取得する必要のある分野に適用可能であり、特にIoTの実現に向けての寄与が期待される。 The communication method of the present invention can be applied to fields where it is necessary to obtain a huge amount of data from any object such as terminals and sensors at low cost, and is expected to contribute particularly to the realization of IoT.
10  端末(第1のノード、UE)
15  アクセスポイント(第2のノード)
20  EPCネットワーク(コアネットワーク)
30、30A 中継装置
40  中継ユニット
50  管理ポータルサイト
100 第1の通信システム(LTE通信システム)
200 第2の通信システム
300 外部ネットワーク
301、302、303 ネットワーク経路
401 コンピュータ装置
402 クラウドサーバー
403 プライベートサーバー
500 ネットワークシステム 10 terminal (first node, UE)
15 access point (second node)
20 EPC network (core network)
30, 30A Relay device 40 Relay unit 50 Management portal site 100 First communication system (LTE communication system)
200 Second communication system 300 External network 301, 302, 303 Network path 401 Computer device 402 Cloud server 403 Private server 500 Network system

Claims (20)

  1.  複数の端末間の通信を中継する中継装置が行う通信方法であって、
     複数の端末が予め定められた一のグループに所属しているか否かを判定し、
     前記複数の端末が前記一のグループに所属していると判定した場合は、通信を許可し、
     前記複数の端末が前記一のグループに所属していないと判定した場合は、通信を停止する、
     通信方法。     A communication method performed by a relay device that relays communication between a plurality of terminals,
    Determine whether multiple devices belong to a predetermined group,
    If it is determined that the plurality of terminals belong to the one group, communication is permitted,
    If it is determined that the plurality of terminals do not belong to the one group, communication is stopped.
    Communication method.
  2.  請求項1に記載の通信方法であって、
     送信元の端末から送信されたパケットデータから、前記送信元の端末のIPアドレスと、送信先の端末のIPアドレスを識別し、
     前記送信元の端末のIPアドレス及び前記送信先の端末のIPアドレスに基づき、前記送信元の端末の識別情報及び前記送信先の端末の識別情報を特定し、
     特定された前記送信元の端末の識別情報及び前記送信先の端末の識別情報の双方が所属する前記グループの有無を判定する、
     通信方法。     The communication method according to claim 1,
    From the packet data transmitted from the source terminal, the IP address of the source terminal and the IP address of the destination terminal are identified,
    Based on the IP address of the transmission source terminal and the IP address of the transmission destination terminal, the identification information of the transmission source terminal and the identification information of the transmission destination terminal are specified,
    Determining the presence or absence of the group to which both the identification information of the identified terminal of the transmission source and the identification information of the transmission destination terminal belong;
    Communication method.
  3.  請求項2に記載の通信方法であって、
     前記グループが存在する場合、前記パケットデータを前記送信先の端末に転送し、
     前記グループが存在しない場合、前記パケットデータを破棄する、
     通信方法。     The communication method according to claim 2,
    If the group exists, transfer the packet data to the destination terminal,
    If the group does not exist, discard the packet data;
    Communication method.
  4.  請求項1に記載の通信方法であって、
     前記一のグループが上位概念のグループであり、当該上位概念のグループに下位概念のグループが所属する場合、当該下位概念のグループに所属する全ての端末を、前記上位概念のグループに所属する前記複数の端末に含ませる、
     通信方法。     The communication method according to claim 1,
    In the case where the one group is a superordinate concept group and a subordinate concept group belongs to the superordinate concept group, all the terminals belonging to the subordinate concept group belong to the superordinate concept group. Included in your device,
    Communication method.
  5.  複数の端末間の通信を中継する中継装置であって、
     複数の端末が予め定められた一のグループに所属しているか否かを判定し、
     前記複数の端末が前記一のグループに所属していると判定した場合は、通信を許可し、
     前記複数の端末が前記一のグループに所属していないと判定した場合は、通信を停止する、
     中継装置。     A relay device that relays communication between a plurality of terminals,
    Determine whether multiple devices belong to a predetermined group,
    If it is determined that the plurality of terminals belong to the one group, communication is permitted,
    If it is determined that the plurality of terminals do not belong to the one group, communication is stopped.
    Relay device.
  6.  請求項5に記載の中継装置であって、
     送信元の端末から送信されたパケットデータから、前記送信元の端末のIPアドレスと、送信先の端末のIPアドレスを識別し、
     前記送信元の端末のIPアドレス及び前記送信先の端末のIPアドレスに基づき、前記送信元の端末の識別情報及び前記送信先の端末の識別情報を特定し、
     特定された前記送信元の端末の識別情報及び前記送信先の端末の識別情報の双方が所属するグループの有無を判定する、
     中継装置。     The relay device according to claim 5,
    From the packet data transmitted from the source terminal, the IP address of the source terminal and the IP address of the destination terminal are identified,
    Based on the IP address of the transmission source terminal and the IP address of the transmission destination terminal, the identification information of the transmission source terminal and the identification information of the transmission destination terminal are specified,
    It is determined whether or not there is a group to which both the identification information of the identified terminal of the transmission source and the identification information of the transmission destination terminal belong,
    Relay device.
  7.  請求項6に記載の中継装置であって、
     前記グループが存在する場合、前記パケットデータを前記送信先の端末に転送し、
     前記グループが存在しない場合、前記パケットデータを破棄する、
     中継装置。     The relay device according to claim 6,
    If the group exists, transfer the packet data to the destination terminal,
    If the group does not exist, discard the packet data;
    Relay device.
  8.  請求項5に記載の中継装置であって、
     前記一のグループが上位概念のグループであり、当該上位概念のグループに下位概念のグループが所属する場合、当該下位概念のグループに所属する全ての端末を、前記上位概念のグループに所属する前記複数の端末に含ませる、
     中継装置。     The relay device according to claim 5,
    In the case where the one group is a superordinate concept group and a subordinate concept group belongs to the superordinate concept group, all the terminals belonging to the subordinate concept group belong to the superordinate concept group. Included in your device,
    Relay device.
  9.  請求項5から8のいずれか1項に記載の中継装置を含むコアネットワーク。 A core network including the relay device according to any one of claims 5 to 8.
  10.  第1の通信システムおよび当該第1の通信システムとは異なる第2の通信システムを利用した通信方法であって、前記第1の通信システムがLTEプロトコルのデータを通信対象としたLTE通信システムであり、
     第1のノードのエージェントアプリケーションおよび第2のノードのエージェントアプリケーションが協働して認証を行い、LTEプロトコルのデータの送信を可能にする前記第2の通信システムの通信経路を確立し、
     前記第1のノードが、前記第1のノードの識別情報を含む前記LTEプロトコルのデータを、前記第2の通信システムの前記通信経路を通じて、前記第2のノードに送信し、
     前記第2のノードが、前記第1の通信システムにおいて、外部ネットワークとの接続を確保するコアネットワークに前記LTEプロトコルのデータを送信し、
     前記コアネットワークと前記外部ネットワークとを中継する中継装置が、前記LTEプロトコルのデータ中の前記識別情報に基づき、前記外部ネットワーク中の当該識別情報に対応した特定のネットワーク経路に前記LTEプロトコルのデータを転送する、通信方法。     A communication method using a first communication system and a second communication system different from the first communication system, wherein the first communication system is an LTE communication system that uses LTE protocol data as a communication target. ,
    The agent application of the first node and the agent application of the second node cooperate to authenticate and establish a communication path of the second communication system that enables transmission of LTE protocol data;
    The first node transmits the LTE protocol data including the identification information of the first node to the second node through the communication path of the second communication system;
    The second node transmits the LTE protocol data to a core network that secures a connection with an external network in the first communication system;
    Based on the identification information in the LTE protocol data, a relay device that relays the core network and the external network transfers the LTE protocol data to a specific network path corresponding to the identification information in the external network. The communication method to transfer.
  11.  請求項10に記載の通信方法であって、
     前記中継装置は、前記コアネットワークにおいて前記識別情報と対応付けられたIPアドレスを参照し、前記LTEプロトコルのデータを前記特定のネットワーク経路に転送する、通信方法。     The communication method according to claim 10, comprising:
    The communication method, wherein the relay device refers to an IP address associated with the identification information in the core network and transfers the LTE protocol data to the specific network path.
  12.  請求項10に記載の通信方法であって、
     前記第2の通信システムはアンライセンスバンド通信システムである、通信方法。     The communication method according to claim 10, comprising:
    The communication method, wherein the second communication system is an unlicensed band communication system.
  13.  請求項12に記載の通信方法であって、
     前記アンライセンスバンド通信システムは無線ローカルエリアネットワークである、通信方法。     The communication method according to claim 12, comprising:
    The communication method, wherein the unlicensed band communication system is a wireless local area network.
  14.  請求項10に記載の通信方法であって、
     前記第2の通信システムは有線ローカルエリアネットワークである、通信方法。     The communication method according to claim 10, comprising:
    The communication method, wherein the second communication system is a wired local area network.
  15.  請求項10に記載の通信方法であって、
     前記識別情報が前記第1のノードに着脱可能に搭載されるメモリカードまたは前記第1のノード内のメモリに記憶される、通信方法。     The communication method according to claim 10, comprising:
    The communication method, wherein the identification information is stored in a memory card that is detachably mounted on the first node or a memory in the first node.
  16.  請求項10に記載の通信方法であって、
     管理ポータルサイトから前記第1のノードの識別情報を管理可能な、通信方法。     The communication method according to claim 10, comprising:
    A communication method capable of managing the identification information of the first node from a management portal site.
  17.  請求項10に記載の通信方法であって、
     前記ネットワーク経路は、インターネット、クラウドサービスネットワーク、プライベートネットワークの少なくともいずれか一つを含む、通信方法。     The communication method according to claim 10, comprising:
    The communication method, wherein the network path includes at least one of the Internet, a cloud service network, and a private network.
  18.  請求項17に記載の通信方法であって、
     前記中継装置が、複数のクラウドサービスネットワークを接続する、通信方法。     The communication method according to claim 17, comprising:
    A communication method in which the relay device connects a plurality of cloud service networks.
  19.  第1の通信システムのコアネットワークと外部ネットワークとを中継する中継装置が実施する通信方法であって、
     前記第1の通信システムがLTEプロトコルのデータを通信対象としたLTE通信システムであり、
     前記LTE通信システムにおけるデータを送信する第1のノードと、第2のノードとが、前記第1の通信システムとは異なる第2の通信システムを利用した通信経路により接続され、
     前記中継装置は、
     前記第1のノードから前記第2の通信システムを利用した通信経路上を前記第2のノードを経て伝送されてきた前記LTEプロトコルのデータを受信し、
     前記LTEプロトコルのデータ中の前記第1のノードを識別する識別情報に基づき、前記外部ネットワーク中の当該識別情報に対応した特定のネットワーク経路に前記LTEプロトコルのデータを転送する、通信方法。     A communication method performed by a relay device that relays between a core network and an external network of a first communication system,
    The first communication system is an LTE communication system that targets LTE protocol data;
    A first node for transmitting data in the LTE communication system and a second node are connected by a communication path using a second communication system different from the first communication system;
    The relay device is
    Receiving the LTE protocol data transmitted from the first node via the second node on a communication path using the second communication system;
    A communication method for transferring the LTE protocol data to a specific network path corresponding to the identification information in the external network based on identification information for identifying the first node in the LTE protocol data.
  20.  第1の通信システムのコアネットワークと外部ネットワークとを中継する中継装置であって、
     前記第1の通信システムがLTEプロトコルのデータを通信対象としたLTE通信システムであり、
     前記LTE通信システムにおけるデータを送信する第1のノードと、第2のノードとが、前記第1の通信システムとは異なる第2の通信システムを利用した通信経路により接続され、
     前記中継装置は、
     前記第1のノードから前記第2の通信システムを利用した通信経路上を前記第2のノードを経て伝送されてきた前記LTEプロトコルのデータを受信し、
     前記LTEプロトコルのデータ中の前記第1のノードを識別する識別情報に基づき、前記外部ネットワーク中の当該識別情報に対応した特定のネットワーク経路に前記LTEプロトコルのデータを転送する、中継装置。     A relay device that relays between a core network and an external network of a first communication system,
    The first communication system is an LTE communication system that targets LTE protocol data;
    A first node for transmitting data in the LTE communication system and a second node are connected by a communication path using a second communication system different from the first communication system;
    The relay device is
    Receiving the LTE protocol data transmitted from the first node via the second node on a communication path using the second communication system;
    A relay device that transfers the LTE protocol data to a specific network path corresponding to the identification information in the external network based on the identification information that identifies the first node in the LTE protocol data.
PCT/JP2017/043215 2016-11-30 2017-11-30 Communication method and relay apparatus WO2018101452A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2016-232736 2016-11-30
JP2016232736 2016-11-30

Publications (1)

Publication Number Publication Date
WO2018101452A1 true WO2018101452A1 (en) 2018-06-07

Family

ID=62241704

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2017/043215 WO2018101452A1 (en) 2016-11-30 2017-11-30 Communication method and relay apparatus

Country Status (2)

Country Link
JP (1) JP2018093492A (en)
WO (1) WO2018101452A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3972319A4 (en) * 2019-05-14 2023-01-18 Japan Radio Co., Ltd. Wireless communication unit and wireless network system using same

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6917482B2 (en) * 2020-01-14 2021-08-11 三菱電機株式会社 Communication control system, master device, communication control method and communication control program

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11163913A (en) * 1997-11-26 1999-06-18 Hitachi Cable Ltd Repeater with virtual lan function
WO2005027438A1 (en) * 2003-09-11 2005-03-24 Fujitsu Limited Packet relay device
WO2016049353A1 (en) * 2014-09-25 2016-03-31 Behzad Mohebbi Methods and apparatus for hybrid access to a core network based on proxied authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11163913A (en) * 1997-11-26 1999-06-18 Hitachi Cable Ltd Repeater with virtual lan function
WO2005027438A1 (en) * 2003-09-11 2005-03-24 Fujitsu Limited Packet relay device
WO2016049353A1 (en) * 2014-09-25 2016-03-31 Behzad Mohebbi Methods and apparatus for hybrid access to a core network based on proxied authentication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3972319A4 (en) * 2019-05-14 2023-01-18 Japan Radio Co., Ltd. Wireless communication unit and wireless network system using same

Also Published As

Publication number Publication date
JP2018093492A (en) 2018-06-14

Similar Documents

Publication Publication Date Title
US10582369B2 (en) Mobile station, position management apparatus, mobile communication system and communication method
CN113518319B (en) Service processing method, device and system for proximity service
CN102960018B (en) Method and apparatus for communicating via a gateway
KR101899182B1 (en) Mobile router in eps
JP2022517176A (en) Methods and equipment to support local area networks (LANs)
CN109891832A (en) The discovery of network slice and selection
JP7449309B2 (en) Enabling uplink routing to support multi-connectivity in a converged access backhaul network
CN106576395A (en) Inter-system handover and multi-connectivity via an integrated small cell and wifi gateway
KR101678720B1 (en) Broadband network system and implementation method thereof
CN108029007A (en) For the service layer in small subzone network and the notice of application and triggering
US8611358B2 (en) Mobile network traffic management
TW200803301A (en) Automatic selection of a home agent
CN106105381B (en) Control method, wireless access gateway and the wireless network of wireless access gateway
EP3214805B1 (en) Method and device for transmitting control signalling
WO2006123021A1 (en) System and base station for wireless networks
WO2010130174A1 (en) Method for enabling local access control and corresponding communication system
EP2469962A1 (en) Methods and systems for implementing inter-network roam, querying and attaching network
JP2017528074A5 (en)
WO2018101452A1 (en) Communication method and relay apparatus
KR101480703B1 (en) NETWORK SYSTEM FOR PROVIDING TERMINAL WITH IPSec MOBILITY BETWEEN LET NETWORK AND WLAN AND PACKET TRANSMITTING METHOD FOR PROVIDING TERMINAL WITH IPSec MOBILITY
CN110351772B (en) Mapping between wireless links and virtual local area networks
JP6009242B2 (en) Authentication method, access point, and program for connecting third-party wireless terminal to user-owned access point
JP6954385B2 (en) Wireless devices, base stations, terminal devices, wireless communication systems and communication methods
JP5937563B2 (en) Communication base station and control method thereof
KR20130009836A (en) A wireless telecommunications network, and a method of authenticating a message

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17875143

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17875143

Country of ref document: EP

Kind code of ref document: A1