Abstract: Facilitate configuration of authentication information for a service provided over IP network when there is no shared authentication information between IoT device and service provider device for a service used by IoT device, an intermediary device capable of authenticating legitimate access mediates between devices. An example: a cipher key CK stored in intermediary device and IoT device, as a result of SIM authentication of the SIM of the IoT device, is used as master key for services used by IoT device. By generating unique application key for a service used by IoT device on the intermediary device and IoT device on the basis of master key, and sending it to service provider apparatus from intermediary device by secure connection, common keys are set as authentication information to IoT device and service provider apparatus. A SIM authentication process for generating cipher key can suppress SQN attack based on a bad request.

Abstract: Updating a subscriber identity module, SIM, on a host device by deriving a pre-shared key by requesting a SIM identifier via communication module of the host device; receiving SIM identifier and deriving an agent identifier from SIM identifier; transmitting agent and SIM identifiers to SIM update server; receiving a random value from SIM update server and supplying it to the SIM to initiate SIM authentication procedure. In reply, receiving an authentication response from the SIM; and deriving pre-shared key from authentication response; transmitting an update request message to SIM update server, wherein the update request message comprises the agent identifier and is encrypted before transmission using the pre-shared key; receiving an update response message from the SIM update server which has update data and is encrypted using pre-shared key; and following decryption of update response message using derived pre-shared key, transmitting update data to communication module.

Abstract: A server for providing a token to a mobile terminal includes a network interface and a processing unit coupled to the network interface. The processing unit is configured to receive from the mobile terminal a request asking for the token, to obtain subscriber identification information of the mobile terminal, to obtain a token which includes a user profile associated with the subscriber identification information and to which an electronic signature is added, and to transmit the token to the mobile terminal.

Abstract: A control apparatus for a gateway functioning as the endpoint of a core network in a mobile communication system is provided. The gateway includes a first server configured to receive data from a user apparatus and one or more second servers configured to transfer the data received by the first server to an external network. The control apparatus performs an operation of changing performance of the one or more second servers, an operation of monitoring a processing status of the one or more second servers, and an operation of selecting, from the one or more second servers in accordance with the processing status of the one or more second servers, a second server as a transfer destination of the data received from the user apparatus by the first server.

Abstract: A connection management apparatus of a relay system specifies, when terminal identification information for identifying a target terminal is acquired from a client terminal, a first relay apparatus that relays communication, and specifies connecting information for the client terminal to connect to the first relay apparatus. The connection management apparatus stores the specified connecting information and the terminal identification information in a storage in association with each other, and notifies the client terminal of the specified connecting information. When the specified first relay apparatus receives access based on the connecting information from the client terminal, the specified first relay apparatus relays the communication between the client terminal and the target terminal on the basis of the terminal identification information associated with the connecting information.

Abstract: A communication system for providing an access to an IP network to a wireless terminal, comprising a gateway for passing data from the wireless terminal to the IP network, wherein the gateway comprises a first group of servers with a receiving unit for receiving data from the wireless terminal, a selecting unit for selecting one of a plurality of destination addresses based on a header of the received data, and a forwarding unit for forwarding the data to the destination address selected by the selecting unit, wherein each of the first group of servers forwards the data to a server constituting a second group of servers corresponding to one of the plurality of destination addresses.

Abstract: A second network which communicates with a communication system for providing access to a network other than a first network, via the second network, to a wireless terminal on which an identification number for accessing the first network is stored, configured to: receive a connection initiation request on C-plane from the wireless terminal to send the connection initiation request to the communication system, receive a gateway ID of a gateway on U-plane to the network connected to the second network, selected on the communication system based on a network ID of the second network, in response to the connection initiation request, wherein the gateway is within a third network other than the first network, and establish a communication path between the gateway on U-plane designated by the gateway ID.

Abstract: A control apparatus for a gateway functioning as the endpoint of a core network in a mobile communication system is provided. The gateway includes a first server configured to receive data from a user apparatus and one or more second servers configured to transfer the data received by the first server to an external network. The control apparatus performs an operation of changing performance of the one or more second servers, an operation of monitoring a processing status of the one or more second servers, and an operation of selecting, from the one or more second servers in accordance with the processing status of the one or more second servers, a second server as a transfer destination of the data received from the user apparatus by the first server.

Abstract: Facilitate configuration of authentication information for a service provided over IP network when there is no shared authentication information between IoT device and service provider device for a service used by IoT device, an intermediary device capable of authenticating legitimate access mediates between devices. An example: a cipher key CK stored in intermediary device and IoT device, as a result of SIM authentication of the SIM of the IoT device, is used as master key for services used by IoT device. By generating unique application key for a service used by IoT device on the intermediary device and IoT device on the basis of master key, and sending it to service provider apparatus from intermediary device by secure connection, common keys are set as authentication information to IoT device and service provider apparatus. A SIM authentication process for generating cipher key can suppress SQN attack based on a bad request.

Abstract: Updating a subscriber identity module, SIM, on a host device by deriving a pre-shared key by requesting a SIM identifier via communication module of the host device; receiving SIM identifier and deriving an agent identifier from SIM identifier; transmitting agent and SIM identifiers to SIM update server; receiving a random value from SIM update server and supplying it to the SIM to initiate SIM authentication procedure. In reply, receiving an authentication response from the SIM; and deriving pre-shared key from authentication response; transmitting an update request message to SIM update server, wherein the update request message comprises the agent identifier and is encrypted before transmission using the pre-shared key; receiving an update response message from the SIM update server which has update data and is encrypted using pre-shared key; and following decryption of update response message using derived pre-shared key, transmitting update data to communication module.

Abstract: A communication system for providing an access to an IP network to a wireless terminal, comprising a gateway for passing data from the wireless terminal to the IP network, wherein the gateway comprises a first group of servers with a receiving unit for receiving data from the wireless terminal, a selecting unit for selecting one of a plurality of destination addresses based on a header of the received data, and a forwarding unit for forwarding the data to the destination address selected by the selecting unit, wherein each of the first group of servers forwards the data to a server constituting a second group of servers corresponding to one of the plurality of destination addresses.

Abstract: A server for providing a token to a mobile terminal includes a network interface and a processing unit coupled to the network interface. The processing unit is configured to receive from the mobile terminal a request asking for the token, to obtain subscriber identification information of the mobile terminal, to obtain a token which includes a user profile associated with the subscriber identification information and to which an electronic signature is added, and to transmit the token to the mobile terminal.

Abstract: A communication system for providing access to a network via a second network to a wireless terminal on which an identification number for accessing a first network is stored, comprising: a receiving unit for receiving a connection initiation request on C-plane from the wireless terminal; a selection unit for selecting a gateway on U-plane to the network connected to the second network based on an obtained network ID of the second network, in response to the connection initiation request; and a sending unit for sending a gateway ID of the selected gateway on U-plane toward the second network.

Abstract: An apparatus for transmitting and receiving data to/from an IoT device to accelerate the spread of IoT. The IoT device 110 generates a message to be transmitted, and transmits, via SMS, the message to the phone number of a first server 101, which is stored in the IoT device 110. The first server 101 notifies the IoT terminal 110, as needed, of having received SMS data including the message, and thereafter delivers the SMS data to a second server 102. The second server 102 specifies a destination with reference to associations between destination identifiers includable in the SMS data and destinations. The second server 102 transmits, to a third external server 123, a portion obtained by excluding the destination identifier from the message or the whole message including the destination identifier.

Abstract: We describe a system for activating SI Ms, where the system comprises more SI Ms than will be authorised for use on a mobile network. The system comprises a plurality of SIMs, each of the SIMs being configured to provide a first SIM identifier. The first SIM identifiers are reused amongst said plurality of SIMs such that one of the SIMs may provide the same SIM identifier as another of the SIMs. The system includes a SIM authorisation server configured to receive the first SIM identifier from a SIM requesting activation and, in response, to provide a new SIM identifier. The new SIM identifier enables the SIM requesting activation to communicate traffic over the mobile network.

Abstract: An apparatus for transmitting and receiving data to/from an IoT device to accelerate the spread of IoT. The IoT device 110 generates a message to be transmitted, and transmits, via SMS, the message to the phone number of a first server 101, which is stored in the IoT device 110. The first server 101 notifies the IoT terminal 110, as needed, of having received SMS data including the message, and thereafter delivers the SMS data to a second server 102. The second server 102 specifies a destination with reference to associations between destination identifiers includable in the SMS data and destinations. The second server 102 transmits, to a third external server 123, a portion obtained by excluding the destination identifier from the message or the whole message including the destination identifier.

Abstract: In a management method and a management server for using a plurality of SIM cards, a large number of users can start use easily. First, an MVNO 230A that has obtained one or more SIM cards logs in to a management screen provided by an MVNE 210 in association with a user ID of the MVNO 230A. From the standpoint of the MVNE 210, it is determined whether a user ID of a user who has accessed a management screen of a management server of the MVNE 210 is under MVNO contract (S301). When the user ID is under MVNO contract, an identification number given to each SIM card and a passcode for authentication given as needed are received as registration information (S302).

Abstract: First, an MVNO 230A that has obtained one or more SIM cards logs in to a management screen provided by an MVNE 210 in association with a user ID of the MVNO 230A. From the standpoint of the MVNE 210, it is determined whether a user ID of a user who has accessed a management screen of a management server of the MVNE 210 is under MVNO contract (S301). When the user ID is under MVNO contract, an identification number given to each SIM card and a passcode for authentication given as needed are received as registration information (S302). If the management server of the MVNE 210 can receive necessary registration information, each SIM card of which an identification number is specified by the registration information is associated with the user ID as an SIM card used by the MVNO 230A (S303).