WO2012011197A1 - Mediation server, control method therefor, communication device, control method therefor, account provisioning server, and control method therefor - Google Patents

Mediation server, control method therefor, communication device, control method therefor, account provisioning server, and control method therefor Download PDF

Info

Publication number
WO2012011197A1
WO2012011197A1 PCT/JP2010/062971 JP2010062971W WO2012011197A1 WO 2012011197 A1 WO2012011197 A1 WO 2012011197A1 JP 2010062971 W JP2010062971 W JP 2010062971W WO 2012011197 A1 WO2012011197 A1 WO 2012011197A1
Authority
WO
WIPO (PCT)
Prior art keywords
account
information
communication device
identification information
request
Prior art date
Application number
PCT/JP2010/062971
Other languages
French (fr)
Inventor
Ryoji Kato
Johan Hjelm
Shingo Murakami
Toshikane Oda
Shinta Sugimoto
Original Assignee
Telefonaktiebolaget L M Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget L M Ericsson (Publ) filed Critical Telefonaktiebolaget L M Ericsson (Publ)
Priority to US13/808,321 priority Critical patent/US9009269B2/en
Priority to CN201080068215.7A priority patent/CN103109554B/en
Priority to EP10855034.4A priority patent/EP2596654A4/en
Priority to PCT/JP2010/062971 priority patent/WO2012011197A1/en
Publication of WO2012011197A1 publication Critical patent/WO2012011197A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/18Selecting a network or a communication service

Definitions

  • the present invention generally relates to a mediation server, a control method therefor, a communication device, a control method therefor, an account provisioning server, and a control method therefor .
  • M2ME Machine-to-Machine equipment
  • TR 33.812 V9.0.0 3GPP TR 33.812 V9.0.0
  • PCID Connectivity ID
  • IMSI International Mobile Subscriber Identity
  • RO Registration Operator
  • M2ME accesses the RO using the PCID, and requests for subscription information called a Machine Communication Identity Module (MCIM) .
  • MCIM Machine Communication Identity Module
  • SHO Selected Home Operator
  • receives the MCIM issued by the SHO receives the MCIM issued by the SHO, and forwards the MCIM to the M2ME .
  • the M2ME is able to obtain the
  • the M2ME is able to attach a 3GPP network using the MCIM.
  • TR 33.812 The mechanism of TR 33.812 is convenient for a user of a communication device in that it is possible for the user to obtain subscription
  • TR 33.812 lacks flexibility in that it is difficult for a user of the M2ME to choose the SHO as he/she desires.
  • a Downloading and Provisioning Function (DPF) of the RO queries the SHO associated with the PCID.
  • DPF Downloading and Provisioning Function
  • TR 33.812 does not specify in detail how to associate a PCID with an SHO
  • a manufacturer or seller of the M2ME typically provides the M2ME with the PCID that is associated with a given SHO, and it is difficult for a user to
  • TR 33.812 Another problem involved in the mechanism of TR 33.812 relates to charging for use of an MCIM.
  • the M2ME is able to attach a 3GPP network and perform communication using the MCIM.
  • the SHO In order for the SHO to charge the user for the communication using the MCIM, it is necessary for the SHO to identify the user of the M2ME when the SHO provides the M2ME with its MCIM via the RO.
  • TR 33.812 does not specify how the SHO identifies the user of the M2ME.
  • the PCID identifies the M2ME, the PCID does not identify the user.
  • the present invention is intended to address the above-described problem, and it is a feature thereof to introduce an improved technology for providing a communication device with subscription information via a network.
  • subscription information is also referred to as “account information” in the present application, because the subscription
  • a mediation server for providing a first communication device with first account information, wherein the first account
  • the mediation server comprising:
  • a routing request receiving unit that receives, from an account provisioning server, a routing request including device identification information for
  • a storing unit that stores the operator
  • an account request receiving unit that receives an account request and the device identification information from the first communication device
  • a searching unit that searches the memory for the operator identification information that is associated with the device identification information received by the account request receiving unit
  • an account request forwarding unit that forwards, to an account managing server of the network operator identified by the operator identification information found by the searching unit, the account request together with information that enables the account managing server to identify the second account
  • an account information receiving unit that receives the first account information from the account managing server as a response to the account request forwarded by the account request forwarding unit; and an account information forwarding unit that forwards the first account information to the first communication device.
  • a mediation server for providing a first communication device with first account information, wherein the first account information is associated with second account information that enables a second communication device to be served by a network operator and the first account information enables the first communication device to be served by the network operator, the method comprising:
  • a communication device for providing another communication device with first account information, wherein the first account information is associated with second account
  • the communication device comprising:
  • provisioning server the device identification
  • the account provisioning server sends the routing request that is received by the routing request receiving unit of the mediation server according to the first aspect of the invention.
  • the method comprising: an obtaining step of obtaining device
  • provisioning server the device identification
  • account provisioning server sends the routing request that is received by the routing request receiving unit of the mediation server according the first aspect of the invention.
  • a communication device for providing another communication device with first account information, wherein the first account information is associated with second account
  • the communication device comprising:
  • an account request receiving unit that receives an account request from the other communication device
  • an account request forwarding unit that forwards, to an account provisioning server, the account request together with user identification information for identifying the second account information and operator identification information for identifying the network operator
  • the account provisioning server is configured to obtain, in response to the account request, the first account information from an account managing server of the network operator identified by the operator identification information;
  • an account information receiving unit that receives the first account information from the account provisioning server as a response to the account request forwarded by the account request forwarding unit;
  • an account information forwarding unit that forwards the first account information to the other communication device.
  • the first account information is associated with second account information that enables the communication device to be served by a network operator and the first account information enables the other communication device to be served by the network operator, the method comprising:
  • an account request receiving step of receiving an account request from the other communication device an account request forwarding step of forwarding, to an account provisioning server, the account request together with user identification information for identifying the second account information and operator identification information for identifying the network operator, wherein the account provisioning server is configured to obtain, in response to the account request, the first account information from an account managing server of the network operator identified by the operator identification information;
  • provisioning server for providing a first communication device with first account information via a second communication device, wherein the first account
  • the account provisioning server comprising:
  • an account request receiving unit that receives, from the second communication device, an account request together with user identification information for identifying the second account information and operator identification information for identifying the network operator;
  • an account request forwarding unit that forwards, to an account managing server of the network operator identified by the operator identification information, the account request together with the user
  • an account information receiving unit that receives the first account information from the account managing server as a response to the account request forwarded by the account request forwarding unit; and an account information forwarding unit that forwards the first account information to the second communication device, wherein the second communication device forwards the first account information to the first communication device.
  • the method comprising:
  • the main advantage of the present invention is as follows. If a user has a communication device
  • the network operator can identify the user who should pay for the other account information when the network operator generates and provides the other account information to the user.
  • FIG. 1 illustrates an overview of a
  • provisioning system 100 according to the first
  • Fig. 2 is a functional block diagram of the mediation server 30;
  • Fig. 3 is a sequence diagram illustrating an account provisioning procedure according to the first embodiment of the present invention.
  • Fig. 4 illustrates an example of the routing table stored in the memory 203
  • FIG. 5 illustrates an overview of a
  • provisioning system 500 according to the second embodiment of the present invention.
  • Fig. 6 is a functional block diagram of the mobile phone 60
  • Fig. 7 is a functional block diagram of the
  • Fig. 8 is a sequence diagram illustrating an account provisioning procedure according to the second embodiment of the present invention.
  • Fig. 1 illustrates an overview of a provisioning system 100 according to the first embodiment of the present invention.
  • Fig. 1 Connected Consumer
  • CCE 10 is a first communication device of a user, and contains a Provisional Connectivity ID (PCID) .
  • An example of the CCE 10 is a digital photo frame. Because the PCID identifies a communication device such as the CCE 10, the PCID can be used as device identification information for identifying the CCE 10.
  • the CCE 10 is intended to obtain a Machine Communication Identity Module (MCIM) of a Selected Home Operator (SHO) .
  • MCIM Machine Communication Identity Module
  • SHO Selected Home Operator
  • the CCE 10 corresponds to Machine-to-Machine equipment (M2ME) described in TR 33.812
  • M2ME Machine-to-Machine equipment
  • the term "CCE” is used in place of the term "M2ME” because communication made by the CCE 10 is not limited to machine-to-machine communication.
  • a mobile phone 20 is a second communication device of the user, and contains account information (e.g., a Universal Subscriber Identity Module (USIM) or an IMS Subscriber Identity Module (ISIM) ) of a network operator.
  • account information e.g., a Universal Subscriber Identity Module (USIM) or an IMS Subscriber Identity Module (ISIM)
  • USIM Universal Subscriber Identity Module
  • ISIM IMS Subscriber Identity Module
  • the subscription information enables the mobile phone 20 to access to a 3GPP network under the service by the network operator.
  • the network operator that serves the mobile phone 20 also acts as the SHO for the CCE 10.
  • the network operator charges the user of the mobile phone 20 through the account information.
  • the mobile phone 20 comprises an obtaining unit 21 and a sending unit 22. It should be noted that the functionality of each block in the mobile phone 20 may be implemented using dedicated hardware, using software executed by a processor (not shown) , or a combination thereof. The detailed operations of each block in the mobile phone 20 will be described later with reference to the sequence diagram of Fig. 3.
  • a mediation server 30 is a server for providing the CCE 10 with the MCIM of the SHO.
  • the mediation server 30 is illustrated as a single node, the functions of the mediation server 30 may be separated in two or more nodes.
  • the mediation server 30 is operated by a Registration Operator (RO) , which is identified by the PCID and serves the CCE 10 to enable the CCE 10 to access to a 3GPP network in order to obtain the MCIM.
  • RO Registration Operator
  • An account managing server 40 is a server for managing the account information such as the USIM and MCIM. Although the account managing server 40 is illustrated as a single node, the functions of the account managing server 40 may be separated in two or more nodes. The account managing server 40 is operated by the SHO.
  • a charge account provisioning server (CAPS)
  • the CAPS 50 is a server for configuring the mediation server 30 and the account managing server 40 so that the MCIM is appropriately provided to the CCE 10 and the SHO can appropriately charge the user of the CCE 10.
  • the CAPS 50 is illustrated as a single node, the functions of the CAPS 50 may be separated in two or more nodes. Moreover, the CAPS 50 may be integrated into the mobile phone 20, the mediation server 30, or the account managing server 40.
  • Fig. 2 is a functional block diagram of the mediation server 30.
  • the mediation server 30 comprises a routing request receiving unit 201, a storing unit 202, a memory 203, an account request receiving unit 204, a searching unit 205, an account request
  • each block in the mediation server 30 may be implemented using dedicated hardware, using software executed by a processor (not shown), or a combination thereof. The detailed operations of each block in the mediation server 30 will be described later with reference to the sequence diagram of Fig. 3.
  • Fig. 3 is a sequence diagram illustrating an account provisioning procedure according to the first embodiment of the present invention.
  • step S301 the obtaining unit 21 of the mobile phone 20 obtains the PCID of the CCE 10.
  • the transfer of the PCID from the CCE 10 to the mobile phone 20 may be performed over a secure bi-directional link between the CCE 10 and the mobile phone 20 in order to prevent a man-in-the-middle attack.
  • the transfer may be performed over a uni-directional link from the CCE 10 to the mobile phone 20.
  • a QR code reader provided in the mobile phone 20 may read QR code that is printed on the CCE 10 and represents the PCID
  • an RFID reader provided in the mobile phone 20 may read an RFID tag that is provided in the CCE 10 and contains the PCID.
  • the CAPS 50 authenticates each other.
  • the authentication may be performed by means of, for example, a Generic Bootstrapping Architecture (GBA) specified in 3GPP TS 33.220 V7.3.0 (2006-03) with support from the USIM of the mobile phone 20.
  • GBA Generic Bootstrapping Architecture
  • a secure channel is established between the mobile phone 20 and the CAPS 50.
  • step S303 the sending unit 22 of the mobile phone 20 sends the PCID to the CAPS 50 over the secure channel established in step S302.
  • the sending unit 22 also sends an International Mobile Subscriber Identity (IMSI) contained in the USIM to the CAPS 50.
  • IMSI International Mobile Subscriber Identity
  • the sending unit 22 may send the IMSI to the CAPS during the authentication procedure in step S302. Because the MCC+MNC part of the IMSI identifies the SHO and the MSIN part of the IMSI identifies the user of the mobile phone 20, the IMSI is used later as operator identification information for identifying the SHO and user identification information for identifying the user of the mobile phone 20.
  • step S302 may be omitted, and in step S303, the sending unit 22 may send the PCID to the CAPS 50 via Short Message Service (SMS) .
  • SMS Short Message Service
  • MSISDN Mobile Subscriber ISDN Number
  • identification information is sent to the CAPS 50 via the SMS. Accordingly, it is not necessary for the sending unit 22 to send the MSIN part of the IMSI, and the sending unit 22 may send the MSIN part of the IMSI to the CAPS 50 as the operator identification
  • step S304a the CAPS 50 requests the account managing server 40 to prepare to generate the MCIM that is associated with the user of the mobile phone 20.
  • the CAPS 50 sends the PCID and the IMSI to the account managing server 40. It should be noted that the
  • step S304a may be omitted.
  • step S304b the CAPS 50 sends, to the mediation server 30, a routing request.
  • the routing request includes the PCID and operator identification information (e.g., the MCC+MNC part of the IMSI) in order to identify the CCE 10 and the SHO.
  • the routing request receiving unit 201 of the mediation server 30 receives the routing request. In the case that the processing in step S304a has been omitted, it is
  • the routing request further includes user identification
  • step S305 the storing unit 202 stores the MCC+MNC part of the IMSI in the memory 203 in association with the PCID.
  • the storing unit 202 further stores the MSIN part of the IMSI in the memory 203 in association with the PCID.
  • the routing table as shown in Fig. 4 is generated in the memory 203.
  • the "User" column is generated in the case that the processing in step S304a has been omitted.
  • step S306 the CCE 10 establishes a communication channel with the mediation server 30 using the PCID.
  • step S307 the CCE 10 sends an account request and the PCID to the mediation server 30.
  • the account request receiving unit 204 of the mediation server 30 receives the account request and the PCID.
  • the account request receiving unit 204 may receive the PCID during the establishment procedure of the communication channel in step S306. In this step, the CCE 10 may also send
  • CCE/TRE related information to the mediation server 30.
  • the CCE/TRE related information is finally received by the account managing server 40 in step S309.
  • step S308 the searching unit 205
  • the searching unit 205 further searches the routing table stored in the memory 203 for the user identification information (the MSIN part of the IMSI) that is associated with the PCID received in step S307 (or step S306) .
  • step S309 the account request
  • forwarding unit 206 forwards, to the account managing server 40 of the SHO identified by the operator
  • step S308 the account request together with information that enables the account managing server 40 to identify the user
  • the information may be the PCID because the PCID is a PCID.
  • the information may be the user identification information
  • step S310 the account managing server
  • the account managing server 40 may confirm the validity of the CCE 10 using a Platform Validation Authority (PVA) as specified in TR 33.812.
  • PVA Platform Validation Authority
  • step S311 the account managing server
  • the account information receiving unit 207 of the mediation server 30 receives the MCIM.
  • step S312 the account information forwarding unit 208 forwards the MCIM to the CCE 10.
  • step S313 the CCE 10 provisions the
  • the CCE 10 is able to access a 3GPP network under the service by the SHO.
  • step S314 the CCE 10 reports the success (or failure) of the provisioning to the
  • step S315 the mediation server 30 forwards the report to the account managing server 40.
  • step S316 upon reception of the report indicating "success", the account managing server 40 associates the MCIM, which has been generated in step S310, with the user (i.e., the USIM) of the mobile phone 20.
  • the account managing server 40 is able to identify the user because the account managing server 40 has received the user identification information in step S304a or S309.
  • the SHO is able to charge the user of the mobile phone 20 for use of the MCIM by the CCE 10.
  • the account management server 40 upon reception of the report indicating "success"
  • the account managing server 40 associates the MCIM, which has been generated in step S310, with the user (i.e., the USIM) of the mobile phone 20.
  • the account managing server 40 is able to identify the user because the account managing server 40 has received the user identification information in step S304a or S309.
  • the SHO is able to charge the user of the mobile phone 20 for use of the MCIM by the CCE 10.
  • managing server 40 may associate the MCIM with the user in step S310, not step S316.
  • step S317 the account managing server
  • step S318 the CAPS 50 forwards the report to the mobile phone 20.
  • the mobile phone 20 obtains the PCID from the CCE 10, and sends the PCID and the IMSI of the USIM of the mobile phone 20 to the CAPS 50.
  • the MCC+MNC part of the IMSI is later used as the operator identification information by the
  • mediation server 30 which is operated by the RO, in order to identify the SHO for the CCE 10.
  • the MSIN part of the IMSI is later used as the user
  • identification information by the account managing server 40 which is operated by the SHO, in order to identify the user of the mobile phone 20.
  • mediation server 30 forwards the account request from the CCE 10 to the account managing server 40 of the SHO identified by the operator identification information.
  • the account managing server 40 generates the MCIM that is associated with the user identified by the user identification information.
  • the user of the CCE 10 chooses the network operator, which serves the mobile phone 20 of the user, as the SHO associated with the PCID of the CCE 10. Moreover, it is possible for the SHO to identify the user of the CCE 10 who should pay for an access to the 3GPP network using the MCIM, and charge the identified user through the account information of the mobile phone 20.
  • Fig. 5 illustrates an overview of a provisioning system 500 according to the second embodiment of the present invention. As shown in Fig. 5, the
  • provisioning system 500 is different from the
  • provisioning system 100 in that the provisioning system 500 does not comprise a mediation server.
  • a mobile phone 60 is a
  • the communication device of a user contains account information (e.g., a USIM or an ISIM) of a network operator.
  • account information e.g., a USIM or an ISIM
  • the subscription information enables the mobile phone 60 to access to a 3GPP network under the service by the network operator.
  • the network operator that serves the mobile phone 60 also acts as the SHO for a CCE 70, which is another communication device of the user.
  • the network operator charges the user of the mobile phone 60 through the account information.
  • Connected Consumer Electronics (CCE) 70 is intended to obtain an MCIM of the SHO.
  • the CCE 70 does not contain a PCID. Instead, the CCE 70 is configured to establish a secure bi-directional link with the mobile phone 60 and obtains the MCIM via the mobile phone 60.
  • the CCE 70 corresponds to Machine-to-Machine equipment (M2ME) described in TR 33.812, the term "CCE” is used in place of the term "M2ME" because
  • communication made by the CCE 70 is not limited to machine-to-machine communication.
  • An account managing server 80 is a server for managing the account information such as the USIM and MCIM. Although the account managing server 80 is illustrated as a single node, the functions of the account managing server 80 may be separated in two or more nodes. The account managing server 80 is operated by the SHO.
  • a charge account provisioning server (CAPS)
  • the CAPS 90 is a server for providing the CCE 70 with the MCIM via the mobile phone 60.
  • the CAPS 90 is illustrated as a single node, the functions of the CAPS 90 may be separated in two or more nodes. Moreover, the CAPS 90 may be integrated into the mobile phone 60 or the account managing server 80.
  • Fig. 6 is a functional block diagram of the mobile phone 60.
  • the mobile phone 60 comprises an account request receiving unit 601, an account request forwarding unit 602, an account information receiving unit 603, and an account information forwarding unit 604. It should be noted that the functionality of each block in the mobile phone 60 may be implemented using dedicated hardware, using software executed by a processor (not shown) , or a combination thereof. The detailed operations of each block in the mobile phone 60 will be described later with reference to the sequence diagram of Fig. 8.
  • Fig. 7 is a functional block diagram of the
  • the CAPS 90 comprises an account request receiving unit 701, an account request forwarding unit 702, an account information receiving unit 703, and an account information forwarding unit 704. It should be noted that the functionality of each block in the CAPS 90 may be implemented using dedicated hardware, using software executed by a processor (not shown) , or a combination thereof. The detailed operations of each block in the CAPS 90 will be described later with reference to the sequence diagram of Fig. 8.
  • Fig. 8 is a sequence diagram illustrating an account provisioning procedure according to the second embodiment of the present invention.
  • step S801 the CCE 70 establishes a secure bi-directional link with the mobile phone 60, and sends an account request to the mobile phone 60.
  • the account request receiving unit 601 of the mobile phone 60 receives the account request.
  • the CCE 70 may also send CCE/TRE related information to the mobile phone 60.
  • the CCE/TRE related information is finally received by the account managing server 80 in step S804.
  • step S802 the mobile phone 60 and the
  • CAPS 90 authenticates each other in a similar way to step S302 of Fig. 3. As a result of the authentication, a secure channel is established between the mobile phone 60 and the CAPS 90.
  • step S803 the account request
  • forwarding unit 602 of the mobile phone 60 forwards, to the CAPS 90, the account request together with the IMSI of the USIM of the mobile phone 60.
  • the request receiving unit 701 of the CAPS 90 receives the account request. Because the CC+MNC part of the IMSI identifies the SHO and the MSIN part of the IMSI
  • the IMSI is used later as operator identification information for identifying the SHO and user identification information for identifying the user of the mobile phone 60.
  • step S804 the account request forwarding unit 702 of the CAPS 90 forwards, to the account
  • the account request together with the user identification information (e.g., the MSIN part of the IMSI) .
  • step S805 the account managing server 80 generates the MCIM.
  • the account managing server 80 has received CCE/TRE related
  • the account managing server 80 may confirm the validity of the CCE 70 using a Platform Validation Authority (PVA) as specified in TR 33.812.
  • PVA Platform Validation Authority
  • step S806 the account managing server
  • step S807 the account information forwarding unit 704 of the CAPS 90 forwards the MCIM to the mobile phone 60.
  • the account information receiving unit 603 of the mobile phone 60 receives the MCIM.
  • step S808 the account information forwarding unit 604 of the mobile phone 60 forwards the MCIM to the CCE 70.
  • step S809 the CCE 70 provisions the
  • the CCE 70 is able to access a 3GPP network under the service by the SHO.
  • step S810 the CCE 70 reports the success (or failure) of the provisioning to the mobile phone 60.
  • step S811 the mobile phone 60 forwards the report to the CAPS 90.
  • step S812 the CAPS 90 forwards the report to the account managing server 80.
  • step S813 upon reception of the report indicating "success", the account managing server 80 associates the MCIM, which has been generated in step S805, with the user (i.e., the USIM) of the mobile phone 60.
  • the account managing server 80 is able to identify the user because the account managing server 80 has received the user identification information in step S804.
  • the SHO is able to charge the user of the mobile phone 60 for use of the MCIM by the CCE 70.
  • the account managing server 80 may associate the MCIM with the user in step S805, not step S813.
  • step S814 the account managing server
  • step S815 the CAPS 90 forwards the report to the mobile phone 60.
  • the mobile phone 60 obtains the MCIM on behalf of the CCE 70 from the account managing server 80 of the network operator, which serves the mobile phone 60 and also acts as the SHO for the CCE 70.
  • the mobile phone 60 sends the IMSI of the USIM of the mobile phone 60 to the account managing server 80 via the CAPS 90.
  • the account managing server 80 identifies the user of the mobile phone 60 based on the MSIN part of the IMSI, and generates the MCIM that is associated with the identified user.
  • the user of the CCE 70 chooses the network operator, which serves the mobile phone 60 of the user, as the SHO for the CCE 70. Moreover, it is possible for the SHO to identify the user of the CCE 70 who should pay for an access to the 3GPP network using the MCIM, and charge the

Abstract

In the first embodiment, the mobile phone 20 obtains the PCID from the CCE 10, and sends the PCID and the IMSI of the USIM of the mobile phone 20 to the CAPS 50. The MCC+MNC part of the IMSI is later used as the operator identification information by the mediation server 30, which is operated by the RO, in order to identify the SHO for the CCE 10. The MSIN part of the IMSI is later used as the user identification information by the account managing server 40, which is operated by the SHO, in order to identify the user of the mobile phone 20. The mediation server 30 forwards the account request from the CCE 10 to the account managing server 40 of the SHO identified by the operator identification information. The account managing server 40 generates the MCIM that is associated with the user identified by the user identification information.

Description

DESCRIPTION
MEDIATION SERVER, CONTROL METHOD THEREFOR, COMMUNICATION DEVICE, CONTROL METHOD THEREFOR, ACCOUNT PROVISIONING SERVER, AND CONTROL METHOD THEREFOR
TECHNICAL FIELD
[0001] The present invention generally relates to a mediation server, a control method therefor, a communication device, a control method therefor, an account provisioning server, and a control method therefor .
BACKGROUND
[0002] The 3rd Generation Partnership Project
(3GPP) discusses remote provisioning of subscription for Machine-to-Machine equipment (M2ME) (see 3GPP TR 33.812 V9.0.0). According to TR 33.812, M2ME, which is a kind of a communication device, is provided with a temporary private identity called a Provisional
Connectivity ID (PCID) . The PCID follows the same format as an International Mobile Subscriber Identity (IMSI), and a network operator identified by the PCID is called a Registration Operator (RO) . The M2ME accesses the RO using the PCID, and requests for subscription information called a Machine Communication Identity Module (MCIM) . Upon request, the RO accesses another network operator called a Selected Home Operator (SHO) , receives the MCIM issued by the SHO, and forwards the MCIM to the M2ME .
[0003] In this way, the M2ME is able to obtain the
MCIM from the SHO via the RO using the PCID just one time, and thereafter, the M2ME is able to attach a 3GPP network using the MCIM.
[0004] The mechanism of TR 33.812 is convenient for a user of a communication device in that it is possible for the user to obtain subscription
information for the communication device via a network.
[0005] However, the mechanism of TR 33.812 lacks flexibility in that it is difficult for a user of the M2ME to choose the SHO as he/she desires. Specifically, according to TR 33.812, a Downloading and Provisioning Function (DPF) of the RO queries the SHO associated with the PCID. In other words, the SHO, which shall provide the M2ME with the MCIM, is determined by
associating the PCID with the SHO. Although TR 33.812 does not specify in detail how to associate a PCID with an SHO, a manufacturer or seller of the M2ME typically provides the M2ME with the PCID that is associated with a given SHO, and it is difficult for a user to
associate the PCID with a desired SHO in a secure manner after the user obtains the M2ME.
[0006] Another problem involved in the mechanism of TR 33.812 relates to charging for use of an MCIM.
As described above, once the M2ME obtains the MCIM of the SHO, the M2ME is able to attach a 3GPP network and perform communication using the MCIM. In order for the SHO to charge the user for the communication using the MCIM, it is necessary for the SHO to identify the user of the M2ME when the SHO provides the M2ME with its MCIM via the RO. However, TR 33.812 does not specify how the SHO identifies the user of the M2ME. Although the PCID identifies the M2ME, the PCID does not identify the user.
SUMMARY
[0007] The present invention is intended to address the above-described problem, and it is a feature thereof to introduce an improved technology for providing a communication device with subscription information via a network.
[0008] Note that "subscription information" is also referred to as "account information" in the present application, because the subscription
information is associated with a charge account of the user .
[0009] According to the first aspect of the present invention, there is provided a mediation server for providing a first communication device with first account information, wherein the first account
information is associated with second account
information that enables a second communication device to be served by a network operator and the first account information enables the first communication device to be served by the network operator, the mediation server comprising:
a routing request receiving unit that receives, from an account provisioning server, a routing request including device identification information for
identifying the first communication device and operator identification information for identifying the network operator;
a storing unit that stores the operator
identification information in a memory in association with the device identification information;
an account request receiving unit that receives an account request and the device identification information from the first communication device;
a searching unit that searches the memory for the operator identification information that is associated with the device identification information received by the account request receiving unit;
an account request forwarding unit that forwards, to an account managing server of the network operator identified by the operator identification information found by the searching unit, the account request together with information that enables the account managing server to identify the second account
information; an account information receiving unit that receives the first account information from the account managing server as a response to the account request forwarded by the account request forwarding unit; and an account information forwarding unit that forwards the first account information to the first communication device.
[0010] According to the second aspect of the present invention, there is provided a method for controlling a mediation server for providing a first communication device with first account information, wherein the first account information is associated with second account information that enables a second communication device to be served by a network operator and the first account information enables the first communication device to be served by the network operator, the method comprising:
a routing request receiving step of receiving, from an account provisioning server, a routing request including device identification information for
identifying the first communication device and operator identification information for identifying the network operator;
a storing step of storing the operator
identification information in a memory in association with the device identification information;
an account request receiving step of receiving an account request and the device identification
information from the first communication device;
a searching step of searching the memory for the operator identification information that is associated with the device identification information received in the account request receiving step;
an account request forwarding step of forwarding, to an account managing server of the network operator identified by the operator identification information found in the searching step, the account request together with information that enables the account managing server to identify the second account
information;
an account information receiving step of
receiving the first account information from the account managing server as a response to the account request forwarded in the account request forwarding step; and
an account information forwarding step of
forwarding the first account information to the first communication device.
[0011] According to the third aspect of the present invention, there is provided a communication device for providing another communication device with first account information, wherein the first account information is associated with second account
information that enables the communication device to be served by a network operator and the first account information enables the other communication device to be served by the network operator, the communication device comprising:
an obtaining unit that obtains device
identification information for identifying the other communication device; and
a sending unit that sends, to an account
provisioning server, the device identification
information together with user identification
information for identifying the second account
information and operator identification information for identifying the network operator,
wherein the account provisioning server sends the routing request that is received by the routing request receiving unit of the mediation server according to the first aspect of the invention.
[0012] According to the fourth aspect of the present invention, there is provided a method for controlling a communication device for providing another communication device with first account
information, wherein the first account information is associated with second account information that enables the communication device to be served by a network operator and the first account information enables the other communication device to be served by the network operator, the method comprising: an obtaining step of obtaining device
identification information for identifying the other communication device; and
a sending step of sending, to an account
provisioning server, the device identification
information together with user identification
information for identifying the second account
information and operator identification information for identifying the network operator,
wherein the account provisioning server sends the routing request that is received by the routing request receiving unit of the mediation server according the first aspect of the invention.
[0013] According to the fifth aspect of the present invention, there is provided a communication device for providing another communication device with first account information, wherein the first account information is associated with second account
information that enables the communication device to be served by a network operator and the first account information enables the other communication device to be served by the network operator, the communication device comprising:
an account request receiving unit that receives an account request from the other communication device; an account request forwarding unit that forwards, to an account provisioning server, the account request together with user identification information for identifying the second account information and operator identification information for identifying the network operator, wherein the account provisioning server is configured to obtain, in response to the account request, the first account information from an account managing server of the network operator identified by the operator identification information;
an account information receiving unit that receives the first account information from the account provisioning server as a response to the account request forwarded by the account request forwarding unit; and
an account information forwarding unit that forwards the first account information to the other communication device.
[0014] According to the sixth aspect of the present invention, there is provided a method for controlling a communication device for providing another communication device with first account
information, wherein the first account information is associated with second account information that enables the communication device to be served by a network operator and the first account information enables the other communication device to be served by the network operator, the method comprising:
an account request receiving step of receiving an account request from the other communication device; an account request forwarding step of forwarding, to an account provisioning server, the account request together with user identification information for identifying the second account information and operator identification information for identifying the network operator, wherein the account provisioning server is configured to obtain, in response to the account request, the first account information from an account managing server of the network operator identified by the operator identification information;
an account information receiving step of
receiving the first account information from the account provisioning server as a response to the account request forwarded in the account request forwarding step; and
an account information forwarding step of
forwarding the first account information to the other communication device.
[0015] According to the seventh aspect of the present invention, there is provided an account
provisioning server for providing a first communication device with first account information via a second communication device, wherein the first account
information is associated with second account
information that enables the second communication device to be served by a network operator and the first account information enables the first communication device to be served by the network operator, the account provisioning server comprising:
an account request receiving unit that receives, from the second communication device, an account request together with user identification information for identifying the second account information and operator identification information for identifying the network operator;
an account request forwarding unit that forwards, to an account managing server of the network operator identified by the operator identification information, the account request together with the user
identification information;
an account information receiving unit that receives the first account information from the account managing server as a response to the account request forwarded by the account request forwarding unit; and an account information forwarding unit that forwards the first account information to the second communication device, wherein the second communication device forwards the first account information to the first communication device.
[0016] According to the eighth aspect of the present invention, there is provided a method for controlling an account provisioning server for
providing a first communication device with first account information via a second communication device, wherein the first account information is associated with second account information that enables the second communication device to be served by a network operator and the first account information enables the first communication device to be served by the network operator, the method comprising:
an account request receiving step of receiving, from the second communication device, an account request together with user identification information for identifying the second account information and operator identification information for identifying the network operator;
an account request forwarding step of forwarding, to an account managing server of the network operator identified by the operator identification information, the account request together with the user
identification information;
an account information receiving step of
receiving the first account information from the account managing server as a response to the account request forwarded in the account request forwarding step; and
an account information forwarding step of
forwarding the first account information to the second communication device, wherein the second communication device forwards the first account information to the first communication device.
[0017] The main advantage of the present invention is as follows. If a user has a communication device
(e.g., a mobile phone) provided with account
information for a given network operator, it is possible for the user to provide another communication device (e.g., a digital photo frame) with another account information for the same network operator.
Moreover, it is possible for the network operator to identify the user who should pay for the other account information when the network operator generates and provides the other account information to the user.
[0018] Further features of the present invention will become apparent from the following description of exemplary embodiments with reference to the attached drawings, in which like reference characters designate the same or similar parts throughout the figures thereof .
BRIEF DESCRIPTION OF DRAWINGS
[0019] Fig. 1 illustrates an overview of a
provisioning system 100 according to the first
embodiment of the present invention;
[0020] Fig. 2 is a functional block diagram of the mediation server 30;
[0021] Fig. 3 is a sequence diagram illustrating an account provisioning procedure according to the first embodiment of the present invention;
[0022] Fig. 4 illustrates an example of the routing table stored in the memory 203;
[0023] Fig. 5 illustrates an overview of a
provisioning system 500 according to the second embodiment of the present invention;
[0024] Fig. 6 is a functional block diagram of the mobile phone 60;
[0025] Fig. 7 is a functional block diagram of the
CAPS 90; and
[0026] Fig. 8 is a sequence diagram illustrating an account provisioning procedure according to the second embodiment of the present invention.
DETAILED DESCRIPTION
[0027] (First Embodiment)
Fig. 1 illustrates an overview of a provisioning system 100 according to the first embodiment of the present invention. In Fig. 1, Connected Consumer
Electronics (CCE) 10 is a first communication device of a user, and contains a Provisional Connectivity ID (PCID) . An example of the CCE 10 is a digital photo frame. Because the PCID identifies a communication device such as the CCE 10, the PCID can be used as device identification information for identifying the CCE 10. The CCE 10 is intended to obtain a Machine Communication Identity Module (MCIM) of a Selected Home Operator (SHO) . Although the CCE 10 corresponds to Machine-to-Machine equipment (M2ME) described in TR 33.812, the term "CCE" is used in place of the term "M2ME" because communication made by the CCE 10 is not limited to machine-to-machine communication.
[0028] A mobile phone 20 is a second communication device of the user, and contains account information (e.g., a Universal Subscriber Identity Module (USIM) or an IMS Subscriber Identity Module (ISIM) ) of a network operator. The subscription information enables the mobile phone 20 to access to a 3GPP network under the service by the network operator. In the provisioning system 100, the network operator that serves the mobile phone 20 also acts as the SHO for the CCE 10. The network operator charges the user of the mobile phone 20 through the account information.
[0029] The mobile phone 20 comprises an obtaining unit 21 and a sending unit 22. It should be noted that the functionality of each block in the mobile phone 20 may be implemented using dedicated hardware, using software executed by a processor (not shown) , or a combination thereof. The detailed operations of each block in the mobile phone 20 will be described later with reference to the sequence diagram of Fig. 3.
[0030] A mediation server 30 is a server for providing the CCE 10 with the MCIM of the SHO.
Although the mediation server 30 is illustrated as a single node, the functions of the mediation server 30 may be separated in two or more nodes. The mediation server 30 is operated by a Registration Operator (RO) , which is identified by the PCID and serves the CCE 10 to enable the CCE 10 to access to a 3GPP network in order to obtain the MCIM.
[0031] An account managing server 40 is a server for managing the account information such as the USIM and MCIM. Although the account managing server 40 is illustrated as a single node, the functions of the account managing server 40 may be separated in two or more nodes. The account managing server 40 is operated by the SHO.
[0032] A charge account provisioning server (CAPS)
50 is a server for configuring the mediation server 30 and the account managing server 40 so that the MCIM is appropriately provided to the CCE 10 and the SHO can appropriately charge the user of the CCE 10. Although the CAPS 50 is illustrated as a single node, the functions of the CAPS 50 may be separated in two or more nodes. Moreover, the CAPS 50 may be integrated into the mobile phone 20, the mediation server 30, or the account managing server 40.
[0033] Fig. 2 is a functional block diagram of the mediation server 30. The mediation server 30 comprises a routing request receiving unit 201, a storing unit 202, a memory 203, an account request receiving unit 204, a searching unit 205, an account request
forwarding unit 206, an account information receiving unit 207, and an account information forwarding unit 208. It should be noted that the functionality of each block in the mediation server 30 may be implemented using dedicated hardware, using software executed by a processor (not shown), or a combination thereof. The detailed operations of each block in the mediation server 30 will be described later with reference to the sequence diagram of Fig. 3.
[0034] Fig. 3 is a sequence diagram illustrating an account provisioning procedure according to the first embodiment of the present invention.
[0035] In step S301, the obtaining unit 21 of the mobile phone 20 obtains the PCID of the CCE 10. The transfer of the PCID from the CCE 10 to the mobile phone 20 may be performed over a secure bi-directional link between the CCE 10 and the mobile phone 20 in order to prevent a man-in-the-middle attack.
Alternatively, the transfer may be performed over a uni-directional link from the CCE 10 to the mobile phone 20. Specifically, for example, a QR code reader provided in the mobile phone 20 may read QR code that is printed on the CCE 10 and represents the PCID, or an RFID reader provided in the mobile phone 20 may read an RFID tag that is provided in the CCE 10 and contains the PCID. [0036] In step S302, the mobile phone 20 and the
CAPS 50 authenticates each other. The authentication may be performed by means of, for example, a Generic Bootstrapping Architecture (GBA) specified in 3GPP TS 33.220 V7.3.0 (2006-03) with support from the USIM of the mobile phone 20. As a result of the authentication, a secure channel is established between the mobile phone 20 and the CAPS 50.
[0037] In step S303, the sending unit 22 of the mobile phone 20 sends the PCID to the CAPS 50 over the secure channel established in step S302. The sending unit 22 also sends an International Mobile Subscriber Identity (IMSI) contained in the USIM to the CAPS 50. Alternatively, the sending unit 22 may send the IMSI to the CAPS during the authentication procedure in step S302. Because the MCC+MNC part of the IMSI identifies the SHO and the MSIN part of the IMSI identifies the user of the mobile phone 20, the IMSI is used later as operator identification information for identifying the SHO and user identification information for identifying the user of the mobile phone 20.
[0038] In some embodiments, the processing of step
S302 may be omitted, and in step S303, the sending unit 22 may send the PCID to the CAPS 50 via Short Message Service (SMS) . In this case, a Mobile Subscriber ISDN Number (MSISDN) , which can be used as the user
identification information, is sent to the CAPS 50 via the SMS. Accordingly, it is not necessary for the sending unit 22 to send the MSIN part of the IMSI, and the sending unit 22 may send the MSIN part of the IMSI to the CAPS 50 as the operator identification
information .
[0039] In step S304a, the CAPS 50 requests the account managing server 40 to prepare to generate the MCIM that is associated with the user of the mobile phone 20. In order to identify the user and the CCE 10, the CAPS 50 sends the PCID and the IMSI to the account managing server 40. It should be noted that the
processing of step S304a may be omitted.
[0040] In step S304b, the CAPS 50 sends, to the mediation server 30, a routing request. The routing request includes the PCID and operator identification information (e.g., the MCC+MNC part of the IMSI) in order to identify the CCE 10 and the SHO. The routing request receiving unit 201 of the mediation server 30 receives the routing request. In the case that the processing in step S304a has been omitted, it is
necessary for the mediation server 30 to know the user of the mobile phone 20. In this case, the routing request further includes user identification
information (e.g., the MSIN part of the IMSI).
[0041] In step S305, the storing unit 202 stores the MCC+MNC part of the IMSI in the memory 203 in association with the PCID. In the case that the processing in step S304a has been omitted, the storing unit 202 further stores the MSIN part of the IMSI in the memory 203 in association with the PCID. As a result of the processing in step S305, the routing table as shown in Fig. 4 is generated in the memory 203. In Fig. 4, the "User" column is generated in the case that the processing in step S304a has been omitted.
[0042] In step S306, the CCE 10 establishes a communication channel with the mediation server 30 using the PCID.
[0043] In step S307, the CCE 10 sends an account request and the PCID to the mediation server 30. The account request receiving unit 204 of the mediation server 30 receives the account request and the PCID.
Alternatively, regarding the PCID, the account request receiving unit 204 may receive the PCID during the establishment procedure of the communication channel in step S306. In this step, the CCE 10 may also send
CCE/TRE related information to the mediation server 30. The CCE/TRE related information is finally received by the account managing server 40 in step S309.
[0044] In step S308, the searching unit 205
searches the routing table stored in the memory 203 for the operator identification information (the MCC+MNC part of the IMSI) that is associated with the PCID received in step S307 (or step S306) . Through the processing in step S308, the mediation server 30 recognizes which SHO is associated with the PCID of the CCE 10. In the case that the processing in step S304a has been omitted, the searching unit 205 further searches the routing table stored in the memory 203 for the user identification information (the MSIN part of the IMSI) that is associated with the PCID received in step S307 (or step S306) .
[0045] In step S309, the account request
forwarding unit 206 forwards, to the account managing server 40 of the SHO identified by the operator
identification information found in step S308, the account request together with information that enables the account managing server 40 to identify the user
(i.e., USIM) of the mobile phone 20. In the case that the processing in step S304a has been performed, the information may be the PCID because the PCID is
associated with the user identification information
(the MSIN part of the IMSI) in step S304a. In the case that the processing in step S304a has been omitted, the information may be the user identification information
(the MSIN part of the IMSI) found in step S308.
[0046] In step S310, the account managing server
40 generates the MCIM. In the case that the account managing server 40 has received CCE/TRE related
information in step S309, before generating the MCIM, the account managing server 40 may confirm the validity of the CCE 10 using a Platform Validation Authority (PVA) as specified in TR 33.812.
[0047] In step S311, the account managing server
40 sends the MCIM to the mediation server 30. The account information receiving unit 207 of the mediation server 30 receives the MCIM.
[0048] In step S312, the account information forwarding unit 208 forwards the MCIM to the CCE 10.
[0049] In step S313, the CCE 10 provisions the
MCIM into its platform. As a result, the CCE 10 is able to access a 3GPP network under the service by the SHO.
[0050] In step S314, the CCE 10 reports the success (or failure) of the provisioning to the
mediation server 30.
[0051] In step S315, the mediation server 30 forwards the report to the account managing server 40.
[0052] In step S316, upon reception of the report indicating "success", the account managing server 40 associates the MCIM, which has been generated in step S310, with the user (i.e., the USIM) of the mobile phone 20. The account managing server 40 is able to identify the user because the account managing server 40 has received the user identification information in step S304a or S309. As a result, the SHO is able to charge the user of the mobile phone 20 for use of the MCIM by the CCE 10. Alternatively, the account
managing server 40 may associate the MCIM with the user in step S310, not step S316.
[0053] In step S317, the account managing server
40 reports the success (or failure) of the provisioning to the CAPS 50.
[0054] In step S318, the CAPS 50 forwards the report to the mobile phone 20.
[0055] As described above, according to the first embodiment of the present invention, the mobile phone 20 obtains the PCID from the CCE 10, and sends the PCID and the IMSI of the USIM of the mobile phone 20 to the CAPS 50. The MCC+MNC part of the IMSI is later used as the operator identification information by the
mediation server 30, which is operated by the RO, in order to identify the SHO for the CCE 10. The MSIN part of the IMSI is later used as the user
identification information by the account managing server 40, which is operated by the SHO, in order to identify the user of the mobile phone 20. The
mediation server 30 forwards the account request from the CCE 10 to the account managing server 40 of the SHO identified by the operator identification information. The account managing server 40 generates the MCIM that is associated with the user identified by the user identification information.
[0056] Accordingly, it is possible for the user of the CCE 10 to choose the network operator, which serves the mobile phone 20 of the user, as the SHO associated with the PCID of the CCE 10. Moreover, it is possible for the SHO to identify the user of the CCE 10 who should pay for an access to the 3GPP network using the MCIM, and charge the identified user through the account information of the mobile phone 20.
[0057] (Second Embodiment)
Fig. 5 illustrates an overview of a provisioning system 500 according to the second embodiment of the present invention. As shown in Fig. 5, the
provisioning system 500 is different from the
provisioning system 100 in that the provisioning system 500 does not comprise a mediation server.
[0058] In Fig. 5, a mobile phone 60 is a
communication device of a user, and contains account information (e.g., a USIM or an ISIM) of a network operator. The subscription information enables the mobile phone 60 to access to a 3GPP network under the service by the network operator. In the provisioning system 500, the network operator that serves the mobile phone 60 also acts as the SHO for a CCE 70, which is another communication device of the user. The network operator charges the user of the mobile phone 60 through the account information.
[0059] Connected Consumer Electronics (CCE) 70 is intended to obtain an MCIM of the SHO. However, in contrast to the first embodiment, the CCE 70 does not contain a PCID. Instead, the CCE 70 is configured to establish a secure bi-directional link with the mobile phone 60 and obtains the MCIM via the mobile phone 60. Although the CCE 70 corresponds to Machine-to-Machine equipment (M2ME) described in TR 33.812, the term "CCE" is used in place of the term "M2ME" because
communication made by the CCE 70 is not limited to machine-to-machine communication.
[0060] An account managing server 80 is a server for managing the account information such as the USIM and MCIM. Although the account managing server 80 is illustrated as a single node, the functions of the account managing server 80 may be separated in two or more nodes. The account managing server 80 is operated by the SHO.
[0061] A charge account provisioning server (CAPS)
90 is a server for providing the CCE 70 with the MCIM via the mobile phone 60. Although the CAPS 90 is illustrated as a single node, the functions of the CAPS 90 may be separated in two or more nodes. Moreover, the CAPS 90 may be integrated into the mobile phone 60 or the account managing server 80.
[0062] Fig. 6 is a functional block diagram of the mobile phone 60. The mobile phone 60 comprises an account request receiving unit 601, an account request forwarding unit 602, an account information receiving unit 603, and an account information forwarding unit 604. It should be noted that the functionality of each block in the mobile phone 60 may be implemented using dedicated hardware, using software executed by a processor (not shown) , or a combination thereof. The detailed operations of each block in the mobile phone 60 will be described later with reference to the sequence diagram of Fig. 8.
[0063] Fig. 7 is a functional block diagram of the
CAPS 90. The CAPS 90 comprises an account request receiving unit 701, an account request forwarding unit 702, an account information receiving unit 703, and an account information forwarding unit 704. It should be noted that the functionality of each block in the CAPS 90 may be implemented using dedicated hardware, using software executed by a processor (not shown) , or a combination thereof. The detailed operations of each block in the CAPS 90 will be described later with reference to the sequence diagram of Fig. 8.
[0064] Fig. 8 is a sequence diagram illustrating an account provisioning procedure according to the second embodiment of the present invention.
[0065] In step S801, the CCE 70 establishes a secure bi-directional link with the mobile phone 60, and sends an account request to the mobile phone 60. The account request receiving unit 601 of the mobile phone 60 receives the account request. In this step, the CCE 70 may also send CCE/TRE related information to the mobile phone 60. The CCE/TRE related information is finally received by the account managing server 80 in step S804.
[0066] In step S802, the mobile phone 60 and the
CAPS 90 authenticates each other in a similar way to step S302 of Fig. 3. As a result of the authentication, a secure channel is established between the mobile phone 60 and the CAPS 90.
[0067] In step S803, the account request
forwarding unit 602 of the mobile phone 60 forwards, to the CAPS 90, the account request together with the IMSI of the USIM of the mobile phone 60. The account
request receiving unit 701 of the CAPS 90 receives the account request. Because the CC+MNC part of the IMSI identifies the SHO and the MSIN part of the IMSI
identifies the user of the mobile phone 60, the IMSI is used later as operator identification information for identifying the SHO and user identification information for identifying the user of the mobile phone 60.
[0068] In step S804 the account request forwarding unit 702 of the CAPS 90 forwards, to the account
managing server 80 operated by the SHO identified by the operator identification information (e.g., the
MCC+MNC part of the IMSI), the account request together with the user identification information (e.g., the MSIN part of the IMSI) .
[0069] In step S805, the account managing server 80 generates the MCIM. In the case that the account managing server 80 has received CCE/TRE related
information in step S804, before generating the MCIM, the account managing server 80 may confirm the validity of the CCE 70 using a Platform Validation Authority (PVA) as specified in TR 33.812.
[0070] In step S806, the account managing server
80 sends the MCIM to the CAPS 90. The account
information receiving unit 703 of the CAPS 90 receives the MCIM.
[0071] In step S807, the account information forwarding unit 704 of the CAPS 90 forwards the MCIM to the mobile phone 60. The account information receiving unit 603 of the mobile phone 60 receives the MCIM.
[0072] In step S808, the account information forwarding unit 604 of the mobile phone 60 forwards the MCIM to the CCE 70.
[0073] In step S809, the CCE 70 provisions the
MCIM into its platform. As a result, the CCE 70 is able to access a 3GPP network under the service by the SHO.
[0074] In step S810, the CCE 70 reports the success (or failure) of the provisioning to the mobile phone 60.
[0075] In step S811, the mobile phone 60 forwards the report to the CAPS 90.
[0076] In step S812, the CAPS 90 forwards the report to the account managing server 80.
[0077 ] In step S813, upon reception of the report indicating "success", the account managing server 80 associates the MCIM, which has been generated in step S805, with the user (i.e., the USIM) of the mobile phone 60. The account managing server 80 is able to identify the user because the account managing server 80 has received the user identification information in step S804. As a result, the SHO is able to charge the user of the mobile phone 60 for use of the MCIM by the CCE 70. Alternatively, the account managing server 80 may associate the MCIM with the user in step S805, not step S813.
[0078] In step S814, the account managing server
80 reports the success (or failure) of the provisioning to the CAPS 90.
[0079] In step S815, the CAPS 90 forwards the report to the mobile phone 60.
[0080] As described above, according to the second embodiment of the present invention, the mobile phone 60 obtains the MCIM on behalf of the CCE 70 from the account managing server 80 of the network operator, which serves the mobile phone 60 and also acts as the SHO for the CCE 70. When the mobile phone 60 tries to obtain the MCIM, it sends the IMSI of the USIM of the mobile phone 60 to the account managing server 80 via the CAPS 90. The account managing server 80 identifies the user of the mobile phone 60 based on the MSIN part of the IMSI, and generates the MCIM that is associated with the identified user.
[0081] Accordingly, it is possible for the user of the CCE 70 to choose the network operator, which serves the mobile phone 60 of the user, as the SHO for the CCE 70. Moreover, it is possible for the SHO to identify the user of the CCE 70 who should pay for an access to the 3GPP network using the MCIM, and charge the
identified user through the account information of the mobile phone 60. Furthermore, because it is not necessary for the CCE 70 to have the PCID and access the RO, a manufacturer or seller of the CCE 70 is released from the cost relating to the preparation of the PCID and the communication between the CCE 70 and the RO.
[0082] While the present invention has been described with reference to exemplary embodiments, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. The scope of the following claims is to be accorded the broadest interpretation so as to encompass all such
modifications and equivalent structures and functions.

Claims

1. A mediation server (30) for providing a first communication device (10) with first account
information, wherein the first account information is associated with second account information that enables a second communication device (20) to be served by a network operator and the first account information enables the first communication device to be served by the network operator, the mediation server comprising: a routing request receiving unit (201) that receives, from an account provisioning server (50) , a routing request including device identification
information for identifying the first communication device and operator identification information for identifying the network operator;
a storing unit (202) that stores the operator identification information in a memory (203) in
association with the device identification information; an account request receiving unit (204) that receives an account request and the device
identification information from the first communication device;
a searching unit (205) that searches the memory for the operator identification information that is associated with the device identification information received by the account request receiving unit; an account request forwarding unit (206) that forwards, to an account managing server (40) of the network operator identified by the operator
identification information found by the searching unit, the account request together with information that enables the account managing server to identify the second account information;
an account information receiving unit (207) that receives the first account information from the account managing server as a response to the account request forwarded by the account request forwarding unit; and an account information forwarding unit (208) that forwards the first account information to the first communication device.
2. The mediation server according to Claim 1, wherein :
the routing request receiving unit further receives, from the account provisioning server, user identification information for identifying the second account information;
the storing unit further stores the user
identification information in the memory in association with the device identification information;
the searching unit further searches the memory for the user identification information that is
associated with the device identification information received by the account request receiving unit; and the account request forwarding unit uses the user identification information as said information that enables the account managing server to identify the second account information.
3. The mediation server according to Claim 1, wherein :
the account provisioning server obtains, from the second communication device, the device identification information, the operator identification information, and user identification information for identifying the second account information;
the account provisioning server sends, to the account managing server of the network operator
identified by the operator identification information, the device identification information in association with the user identification information; and
the account request forwarding unit uses the device identification information as said information that enables the account managing server to identify the second account information.
4. The mediation server according to any one of Claims 1-3, wherein:
the device identification information is a
Provisional Connectivity ID (PCID) ; the first account information is a Machine
Communication Identity Module (MCIM) ; and
the second account information is a Universal Subscriber Identity Module (USIM) or an IMS Subscriber Identity Module (ISIM) .
5. A method for controlling a mediation server (30) for providing a first communication device (10) with first account information, wherein the first account information is associated with second account
information that enables a second communication device (20) to be served by a network operator and the first account information enables the first communication device to be served by the network operator, the method comprising:
a routing request receiving step (S304b) of receiving, from an account provisioning server (50) , a routing request including device identification
information for identifying the first communication device and operator identification information for identifying the network operator;
a storing step (S305) of storing the operator identification information in a memory (203) in
association with the device identification information; an account request receiving step (S307) of receiving an account request and the device
identification information from the first communication device;
a searching step (S308) of searching the memory for the operator identification information that is associated with the device identification information received in the account request receiving step;
an account request forwarding step (S309) of forwarding, to an account managing server (40) of the network operator identified by the operator
identification information found in the searching step, the account request together with information that enables the account managing server to identify the second account information;
an account information receiving step (S311) of receiving the first account information from the account managing server as a response to the account request forwarded in the account request forwarding step; and
an account information forwarding step (S312) of forwarding the first account information to the first communication device.
6. A communication device (20) for providing another communication device (10) with first account
information, wherein the first account information is associated with second account information that enables the communication device to be served by a network operator and the first account information enables the other communication device to be served by the network operator, the communication device comprising:
an obtaining unit (21) that obtains device identification information for identifying the other communication device; and
a sending unit (22) that sends, to an account provisioning server (50), the device identification information together with user identification
information for identifying the second account
information and operator identification information for identifying the network operator,
wherein the account provisioning server (50) sends the routing request that is received by the routing request receiving unit (201) of the mediation server (30) according to any one of Claims 1-4.
7. The communication device according to Claim 6, wherein :
the first account information is a Machine
Communication Identity Module (MCIM) ; and
the second account information is a Universal Subscriber Identity Module (USIM) or an IMS Subscriber Identity Module (ISIM) .
8. A method for controlling a communication device (20) for providing another communication device (10) with first account information, wherein the first account information is associated with second account information that enables the communication device to be served by a network operator and the first account information enables the other communication device to be served by the network operator, the method
comprising :
an obtaining step (S301) of obtaining device identification information for identifying the other communication device; and
a sending step (S303) of sending, to an account provisioning server (50) , the device identification information together with user identification
information for identifying the second account
information and operator identification information for identifying the network operator,
wherein the account provisioning server (50) sends the routing request that is received by the routing request receiving unit (201) of the mediation server (30) according to any one of Claims 1-4.
9. A communication device (60) for providing another communication device (70) with first account
information, wherein the first account information is associated with second account information that enables the communication device to be served by a network operator and the first account information enables the other communication device to be served by the network operator, the communication device comprising:
an account request receiving unit (601) that receives an account request from the other
communication device;
an account request forwarding unit (602) that forwards, to an account provisioning server (90), the account request together with user identification information for identifying the second account
information and operator identification information for identifying the network operator, wherein the account provisioning server is configured to obtain, in
response to the account request, the first account information from an account managing server (80) of the network operator identified by the operator
identification information;
an account information receiving unit (603) that receives the first account information from the account provisioning server as a response to the account request forwarded by the account request forwarding unit; and
an account information forwarding unit (604) that forwards the first account information to the other communication device.
10. The communication device according to Claim 9, wherein :
the first account information is a Machine Communication Identity Module (MCIM) ; and the second account information is a Universal Subscriber Identity Module (USIM) or an IMS Subscriber Identity Module (ISIM) .
11. A method for controlling a communication device (60) for providing another communication device (70) with first account information, wherein the first account information is associated with second account information that enables the communication device to be served by a network operator and the first account information enables the other communication device to be served by the network operator, the method
comprising :
an account request receiving step (S801) of receiving an account request from the other
communication device;
an account request forwarding step (S803) of forwarding, to an account provisioning server (90), the account request together with user identification information for identifying the second account
information and operator identification information for identifying the network operator, wherein the account provisioning server is configured to obtain, in
response to the account request, the first account information from an account managing server (80) of the network operator identified by the operator identification information;
an account information receiving step (S807) of receiving the first account information from the account provisioning server as a response to the account request forwarded in the account request forwarding step; and
an account information forwarding step (S808) of forwarding the first account information to the other communication device.
12. An account provisioning server (90) for providing a first communication device (70) with first account information via a second communication device (60), wherein the first account information is associated with second account information that enables the second communication device to be served by a network operator and the first account information enables the first communication device to be served by the network operator, the account provisioning server comprising: an account request receiving unit (701) that receives, from the second communication device, an account request together with user identification information for identifying the second account
information and operator identification information for identifying the network operator;
an account request forwarding unit (702) that forwards, to an account managing server (80) of the network operator identified by the operator
identification information, the account request
together with the user identification information;
an account information receiving unit (703) that receives the first account information from the account managing server as a response to the account request forwarded by the account request forwarding unit; and an account information forwarding unit (704) that forwards the first account information to the second communication device, wherein the second communication device forwards the first account information to the first communication device.
13. The account provisioning server according to Claim 12, wherein:
the first account information is a Machine
Communication Identity Module (MCIM) ; and
the second account information is a Universal Subscriber Identity Module (USIM) or an IMS Subscriber Identity Module (ISIM) .
14. A method for controlling an account provisioning server (90) for providing a first communication device (70) with first account information via a second communication device (60), wherein the first account information is associated with second account
information that enables the second communication device to be served by a network operator and the first account information enables the first communication device to be served by the network operator, the method comprising :
an account request receiving step (S803) of receiving, from the second communication device, an account request together with user identification information for identifying the second account
information and operator identification information for identifying the network operator;
an account request forwarding step (S804) of forwarding, to an account managing server (80) of the network operator identified by the operator
identification information, the account request
together with the user identification information;
an account information receiving step (S806) of receiving the first account information from the account managing server as a response to the account request forwarded in the account request forwarding step; and
an account information forwarding step (S807) of forwarding the first account information to the second communication device, wherein the second communication device forwards the first account information to the first communication device.
PCT/JP2010/062971 2010-07-23 2010-07-23 Mediation server, control method therefor, communication device, control method therefor, account provisioning server, and control method therefor WO2012011197A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US13/808,321 US9009269B2 (en) 2010-07-23 2010-07-23 Mediation server, control method therefor, communication device, control method therefor, account provisioning server, and control method therefor
CN201080068215.7A CN103109554B (en) 2010-07-23 2010-07-23 Mediation server and control method, communication equipment and control method thereof, account provisioning server and control method thereof
EP10855034.4A EP2596654A4 (en) 2010-07-23 2010-07-23 Mediation server, control method therefor, communication device, control method therefor, account provisioning server, and control method therefor
PCT/JP2010/062971 WO2012011197A1 (en) 2010-07-23 2010-07-23 Mediation server, control method therefor, communication device, control method therefor, account provisioning server, and control method therefor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2010/062971 WO2012011197A1 (en) 2010-07-23 2010-07-23 Mediation server, control method therefor, communication device, control method therefor, account provisioning server, and control method therefor

Publications (1)

Publication Number Publication Date
WO2012011197A1 true WO2012011197A1 (en) 2012-01-26

Family

ID=45496637

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2010/062971 WO2012011197A1 (en) 2010-07-23 2010-07-23 Mediation server, control method therefor, communication device, control method therefor, account provisioning server, and control method therefor

Country Status (4)

Country Link
US (1) US9009269B2 (en)
EP (1) EP2596654A4 (en)
CN (1) CN103109554B (en)
WO (1) WO2012011197A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012169945A1 (en) * 2011-06-08 2012-12-13 Telefonaktiebolaget L M Ericsson (Publ) Subscription information managing apparatus and control method therefor

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103501329A (en) * 2013-09-29 2014-01-08 数标时代(北京)科技有限公司 Intelligent electronic photo frame system
KR101683251B1 (en) * 2014-03-27 2016-12-06 한국전자통신연구원 Method for setting sensor node and setting security in sensor network, and sensor network system including the same
WO2017161570A1 (en) * 2016-03-25 2017-09-28 华为技术有限公司 Communication method, apparatus and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1278126A1 (en) * 2000-04-24 2003-01-22 Yozan Inc. System for transfer control of telephone line
WO2008040120A1 (en) * 2006-10-03 2008-04-10 Sierra Wireless, Inc. Method and apparatus for sharing cellular account subscription among multiple devices

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7386600B1 (en) * 1998-09-11 2008-06-10 Lv Partners, L.P. Launching a web site using a personal device
JP2000222088A (en) * 1999-02-02 2000-08-11 Fujitsu Ltd Information providing server, intermediation server and browser terminal
US20050108096A1 (en) * 1999-09-28 2005-05-19 Chameleon Network Inc. Portable electronic authorization system and method
US7334016B2 (en) * 2001-11-15 2008-02-19 Globalview Software Inc. Data transfer system for providing non-buffered, real-time streaming data users
JP2003196500A (en) * 2001-12-26 2003-07-11 Nec Corp Information mediation system and method
FR2851870A1 (en) * 2003-02-28 2004-09-03 France Telecom MULTI-DOMAIN MULTI-PROVIDER MEDIATION BODY BETWEEN APPLICATION SERVICE PROVIDER AND RESOURCE PROVIDER IN A TELECOMMUNICATIONS NETWORK
US20050096012A1 (en) * 2003-10-31 2005-05-05 Utstarcom Incorporated Authentication and/or billing mediation service apparatus and method
US7624193B2 (en) * 2004-05-14 2009-11-24 International Business Machines Corporation Multi-vendor mediation for subscription services
CN100531212C (en) * 2006-01-21 2009-08-19 华为技术有限公司 System and method of consulting device information
US8935372B2 (en) * 2007-02-02 2015-01-13 Sony Corporation Mediation server, terminals and distributed processing method
US8996409B2 (en) * 2007-06-06 2015-03-31 Sony Computer Entertainment Inc. Management of online trading services using mediated communications
EP2321986A1 (en) * 2008-08-26 2011-05-18 Lucent Technologies Inc. Method for searching for the user equipments in the specific area and means for the same
JP4420471B1 (en) * 2008-11-07 2010-02-24 株式会社ナビタイムジャパン Route guidance mediation system, route guidance mediation server, and route guidance method
US20120054105A1 (en) * 2009-05-15 2012-03-01 Dong Seok Seo System for safe money transfer
JP4427631B1 (en) * 2009-08-05 2010-03-10 株式会社ナビタイムジャパン Route guidance system, route guidance server, route guidance mediation server, and route guidance method
CN102026149B (en) * 2009-09-14 2015-08-12 中兴通讯股份有限公司 The method and system that a kind of M2M equipment home network operator changes
CN102036222B (en) * 2009-09-25 2015-05-13 中兴通讯股份有限公司 Method and system for changing M2M equipment selected home operator
US9374710B2 (en) * 2010-08-16 2016-06-21 Telefonaktiebolaget Lm Ericsson (Publ) Mediation server, control method therefor, communication device, control method therefor, communication system, and computer program
EP2630757B1 (en) * 2010-10-22 2018-02-21 Telefonaktiebolaget LM Ericsson (publ) Operator selecting apparatus and method for selecting a home operator for each communication device in a group

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1278126A1 (en) * 2000-04-24 2003-01-22 Yozan Inc. System for transfer control of telephone line
WO2008040120A1 (en) * 2006-10-03 2008-04-10 Sierra Wireless, Inc. Method and apparatus for sharing cellular account subscription among multiple devices

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2596654A4 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012169945A1 (en) * 2011-06-08 2012-12-13 Telefonaktiebolaget L M Ericsson (Publ) Subscription information managing apparatus and control method therefor

Also Published As

Publication number Publication date
US20130124710A1 (en) 2013-05-16
EP2596654A4 (en) 2016-12-21
CN103109554B (en) 2015-08-26
US9009269B2 (en) 2015-04-14
EP2596654A1 (en) 2013-05-29
CN103109554A (en) 2013-05-15

Similar Documents

Publication Publication Date Title
CN110447251B (en) Method, server, storage medium and terminal for transmitting subscription profile
US8369823B2 (en) Method for legitimately unlocking a SIM card lock, unlocking server, and unlocking system for a SIM card lock
EP2850852B1 (en) Method and apparatus for associating service provider network identifiers with access network identifiers
US9497567B2 (en) Selection of M2M devices by external triggering
EP2601802B1 (en) Telephone and control method for call transfer subscription
US20090217038A1 (en) Methods and Apparatus for Locating a Device Registration Server in a Wireless Network
US20140086144A1 (en) Automatic Transfer of Machine-to-Machine Device Identifier to Network-External Service Providers
JP2013500613A (en) Terminal identifier in communication network
EP1527637B1 (en) Method for enabling a location service client to contact a user of a mobile device
EP3269084B1 (en) Subscriber identity pattern
US20230300736A1 (en) Securing the Choice of the Network Visited During Roaming
US9009269B2 (en) Mediation server, control method therefor, communication device, control method therefor, account provisioning server, and control method therefor
JP4648381B2 (en) Method and apparatus for sending a message to a mobile station by addressing a hardware part
EP3241374B1 (en) Method for accessing a roaming device and corresponding proxy network
EP3152927B1 (en) Establishing the location of unmanaged network access points
WO2016188022A1 (en) Roaming method, roaming server, mobile terminal and system
KR101514328B1 (en) Apparatus and method for storing of transmission/receipt data in a mobile communication system
EP3729847B1 (en) Msisdn registration
KR101059231B1 (en) UE and its network selection method
WO2013120506A1 (en) Apparatus, method, system and computer program product for handling request
KR20110047719A (en) System for providing mobile terminal rental service and method thereof

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201080068215.7

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10855034

Country of ref document: EP

Kind code of ref document: A1

REEP Request for entry into the european phase

Ref document number: 2010855034

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2010855034

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 10917/DELNP/2012

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 13808321

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE