JP6774890B2 - Name resolution device - Google Patents

Description

The present invention relates to a name resolution device that returns an IP address of a reference destination in response to an inquiry request based on the domain name of the reference destination from a terminal.

Patent Document 1 below discloses a name resolution device that responds to a domain name name resolution request from a terminal by selecting one of a plurality of IP addresses assigned to a plurality of service providing devices. ing.

Japanese Unexamined Patent Publication No. 2015-073314

In the name resolution device of Patent Document 1, when selecting an IP address, for example, one IP address is randomly selected and responded. In that case, there is a problem that the IP address of the inquiry destination according to the terminal cannot be returned.

Therefore, the present invention has been made in view of such a problem, and an object of the present invention is to provide a name resolution device capable of returning an IP address of a reference destination according to a terminal.

In order to solve the above problems, the name resolution device according to one aspect of the present invention is a name resolution device that returns an IP address of a reference destination in response to an inquiry request from a terminal, and is a name resolution device that returns terminal information related to the terminal and the reference destination. Inquiry request acquisition to acquire an inquiry request including the IP address of the terminal and the domain name of the inquiry from the terminal and the inquiry information storage means for storing the inquiry information in which the domain name and the IP address of the inquiry are associated with each other. From the means and the terminal information management system that can acquire the terminal information about the terminal based on the IP address of the terminal, the terminal information about the terminal based on the IP address of the terminal included in the inquiry request acquired by the inquiry request acquisition means is obtained. In the inquiry destination information stored by the terminal information acquisition means to be acquired and the inquiry destination information storage means, the reference destination included in the terminal information about the terminal acquired by the terminal information acquisition means and the inquiry request acquired by the inquiry request acquisition means. It is provided with a reference IP address reply means for acquiring the IP address of the reference destination associated with the domain name of the above and returning the acquired IP address of the reference destination to the terminal of the request source of the inquiry request.

According to such a name resolution device, when the IP address of the inquiry destination is inquired from the terminal, the IP address of the inquiry destination associated with the terminal information related to the terminal in the inquiry destination information is returned to the terminal. It is possible to return the IP address of the inquiry destination according to.

According to the present invention, it is possible to return the IP address of the reference destination according to the terminal.

It is a system block diagram of the name resolution system including the name resolution apparatus which concerns on this embodiment. It is a functional block diagram of the name resolution apparatus which concerns on this embodiment. It is a hardware block diagram of the name resolution apparatus which concerns on this embodiment. It is a figure which shows the table example of the 1st terminal information. It is a figure which shows the table example of the 2nd terminal information. It is a figure which shows the table example of the inquiry destination information. It is a sequence diagram which shows the name resolution process which is executed by the name resolution system including the name resolution apparatus which concerns on this embodiment. It is a figure which shows the name resolution by a prior art.

Hereinafter, embodiments of the name resolution device will be described in detail together with the drawings. In the description of the drawings, the same elements are designated by the same reference numerals, and duplicate description will be omitted. Further, the embodiments in the following description are specific examples of the present invention, and are not limited to these embodiments unless otherwise specified to limit the present invention.

FIG. 1 is a system configuration diagram of a name resolution system 5 including a name resolution device 1 according to the present embodiment. As shown in FIG. 1, the name resolution system 5 includes a name resolution device 1, a mobile terminal 2 (one or more mobile terminals such as the mobile terminal 2a and the mobile terminal 2b are collectively referred to as the mobile terminal 2) (terminal). Includes a TLS (Transport Layer Security) termination device 3 (one or more TLS termination devices such as the TLS termination device 3a and the TLS termination device 3b are collectively referred to as the TLS termination device 3), and a terminal information management system 4. Will be done. Further, the terminal information management system 4 includes a RADIUS (Remote Authentication Dial In User Service) server 40 and a subscriber information DB (Database) 41. Each device and system included in the name resolution system 5 are communicated with each other by a network such as a mobile communication network composed of a base station or the like, and can transmit and receive information to and from each other.

In the present embodiment, it is assumed that the mobile terminal 2 is connected to the TLS termination device 3 when performing TLS communication, which is communication using a cryptographic technology for enhancing the confidentiality of communication in web access or the like. The mobile terminal 2 (or the user of the mobile terminal 2) initially knows the domain name or URL (Uniform Resource Locator) (including the domain name) which is the address name on the network of the TLS terminal device 3, but actually connects. I do not know the IP (Internet Protocol) address of the TLS terminal device 3 required to do so. Therefore, the mobile terminal 2 transmits an inquiry request including the domain name of the TLS termination device 3 to the name resolution device 1 to inquire about the IP address of the TLS termination device 3. Along with the inquiry, the name resolution device 1 performs name resolution. The mobile terminal 2 connects to the TLS terminal device 3 by using the IP address of the TLS terminal device 3 obtained as a result of the inquiry. The name resolution device 1 also has a function as a DNS (Domain Name System) server, and an inquiry to the name resolution device 1 is also called a DNS inquiry. Further, in the present embodiment, the "domain name" may be appropriately replaced with the "URL".

Subsequently, each device and system included in the name resolution system 5 will be described. As described above, the name resolution device 1 returns the IP address of the inquiry destination to the inquiry source in response to the inquiry request including the domain name of the inquiry destination (TLS terminal device 3 etc.) from the inquiry source (mobile terminal 2 etc.). It is a computer device. The details of the function of the name resolution device 1 will be described later.

The mobile terminal 2 is an inquiry source smartphone that inquires the name resolution device 1 of the IP address of the inquiry destination corresponding to the domain name of the inquiry destination. A SIM (Subscriber Identity Module) card is attached to the mobile terminal 2, and the mobile terminal 2 uses the SIM card to perform mobile communication in the name resolution system 5. The mobile terminal 2 is not limited to a smartphone, and may be a computer device such as a mobile phone or a PC (Personal Computer).

The TLS terminal device 3 is a terminal computer device to which the mobile terminal 2 is connected when the mobile terminal 2 performs TLS communication. The TLS termination device 3 stores a server certificate unique to the TLS termination device 3 for realizing TLS communication. For example, in FIG. 1, the TLS termination device 3a stores a server certificate unique to the TLS termination device 3a, and the TLS termination device 3b has a server certificate unique to the TLS termination device 3b (the server certificate unique to the TLS termination device 3a). Is different) The server certificate is stored. The TLS termination device 3 is not limited to the termination device for performing TLS communication, and may be a computer device such as a general server.

The terminal information management system 4 is a computer system capable of acquiring terminal information (described later) related to the mobile terminal 2 based on the IP address of the mobile terminal 2. Specifically, the terminal information management system 4 is a computer system composed of a RADIUS server 40 and a subscriber information DB 41.

The RADIUS server 40 is a computer device such as a server that performs RADIUS authentication. When the mobile terminal 2 notifies the RADIUS server 40 of MSISDN (Mobile Subscriber Integrated Services Digital Network Number), which is a telephone number (identification information of the mobile terminal 2) corresponding to the SIM card mounted on the mobile terminal 2. , The IP address of the mobile terminal 2 is assigned to the 2. Then, the RADIUS server 40 associates the IP address of the issued mobile terminal 2 with the notified MSISDN, and as the first terminal information, the first terminal information storage unit 400 (first storage means) included in the RADIUS server 40 (first storage means) ( It is stored in the functional block diagram of the RADIUS server 40 shown in FIG. 2). FIG. 4 shows an example of a table of first terminal information stored in the first terminal information storage unit 400. As shown in FIG. 4, in the first terminal information, the IP address of the mobile terminal 2 and MSISDN are associated with each other. The first terminal information storage unit 400 may store the first terminal information at the timing of issuing the IP address of the mobile terminal 2, and may also store the first terminal information in advance based on an instruction from an administrator or the like. ..

Further, when the RADIUS server 40 receives the IP address of the mobile terminal 2 from the name resolution device 1, it acquires the MSISDN of the mobile terminal 2 associated with the IP address of the mobile terminal 2 received by the first terminal information storage unit 400. Then, the acquired MSISDN is returned to the name resolution device 1.

The subscriber information DB 41 is a database device that stores user information about the user of the mobile terminal 2, such as HSS (Home Subscriber Server) and HLR (Home Location Register). The subscriber information DB 41 is a second terminal information storage unit 410 (second terminal information storage unit 410) that stores second terminal information in which MSISDN of the mobile terminal 2 and terminal information related to the mobile terminal 2 are associated with each other in addition to general user information. A storage means) (see the functional block diagram of the subscriber information DB 41 shown in FIG. 2). The terminal information related to the mobile terminal 2 includes, for example, manufacturer identification information for identifying the manufacturer of the mobile terminal 2, model identification information for identifying the model of the mobile terminal 2, and manufacturer / model for identifying the manufacturer and model of the mobile terminal 2. Identification information, etc. More specifically, the terminal information regarding the mobile terminal 2 is a TAC (Type Allocation Code) which is the first eight digits of the IMEI (International Mobile Equipment Identifier) of the mobile terminal 2. FIG. 5 shows an example of a table of second terminal information stored in the second terminal information storage unit 410. As shown in FIG. 5, in the second terminal information, MSISDN and the terminal information related to the mobile terminal 2 are associated with each other. The second terminal information is stored in advance. For example, in the case of use in a 3G (3rd Generation) network or an LTE (Long Term Evolution) network, when the mobile terminal 2 registers a location, the mobile terminal 2 or the like notifies the subscriber information DB 41 of MSISDN and TAC. The second terminal information storage unit 410 may store the notified MSISDN and TAC in association with each other as the second terminal information.

As described above, the terminal information management system 4 includes a first terminal information storage unit 400 that stores the IP address of the mobile terminal 2 and the MSISDN of the mobile terminal 2 in association with each other, and the MSISDN of the mobile terminal 2 and the mobile terminal 2. It is provided with a second terminal information storage unit 410 that stores the terminal information in association with the terminal information. Note that some devices / functions or all devices / functions of the terminal information management system 4 including the RADIUS server 40 and the subscriber information DB 41 may be incorporated in the name resolution device 1.

Subsequently, the details of the function of the name resolution device 1 will be described. FIG. 2 is a functional block diagram of the name resolution device 1. As shown in FIG. 2, the name resolution device 1 includes an inquiry request acquisition unit 10 (inquiry request acquisition means), a terminal information acquisition unit 11 (terminal information acquisition means), an inquiry destination information storage unit 12 (inquiry destination information storage means), and the like. And the inquiry destination IP address reply unit 13 (reference destination IP address reply means) is included.

The functional block diagram shown in FIG. 2 shows a block for each functional unit. These functional blocks (components) are realized by any combination of hardware and / or software. Further, the means for realizing each functional block is not particularly limited. That is, each functional block may be realized by one physically and / or logically coupled device, or directly and / or indirectly by two or more physically and / or logically separated devices. (For example, wired and / or wireless) may be connected and realized by these a plurality of devices.

For example, the name resolution device 1 may function as a computer. FIG. 3 is a diagram showing an example of the hardware configuration of the name resolution device 1. The name resolution device 1 described above may be physically configured as a computer device including a processor 1001, a memory 1002, a storage 1003, a communication device 1004, an input device 1005, an output device 1006, a bus 1007, and the like.

In the following description, the word "device" can be read as a circuit, device, unit, or the like. The hardware configuration of the name resolution device 1 may be configured to include one or more of the devices shown in FIG. 3, or may be configured not to include some of the devices.

For each function in the name resolution device 1, the processor 1001 performs an operation by loading predetermined software (program) on hardware such as the processor 1001 and the memory 1002, and the communication device 1004 communicates with the memory 1002 and the storage. It is realized by controlling the reading and / or writing of the data in 1003.

Processor 1001 operates, for example, an operating system to control the entire computer. The processor 1001 may be composed of a central processing unit (CPU) including an interface with a peripheral device, a control device, an arithmetic unit, a register, and the like. For example, the above-mentioned inquiry request acquisition unit 10, terminal information acquisition unit 11, inquiry destination IP address reply unit 13, and the like may be realized by the processor 1001.

Further, the processor 1001 reads a program (program code), a software module, and data from the storage 1003 and / or the communication device 1004 into the memory 1002, and executes various processes according to these. As the program, a program that causes a computer to execute at least a part of the operations described in the present embodiment is used. For example, the above-mentioned inquiry request acquisition unit 10, terminal information acquisition unit 11, inquiry destination IP address reply unit 13, and the like may be stored in the memory 1002 and realized by a control program operating in the processor 1001, and other functional blocks. May be realized in the same manner. Although it has been described that the various processes described above are executed by one processor 1001, they may be executed simultaneously or sequentially by two or more processors 1001. Processor 1001 may be mounted on one or more chips. The program may be transmitted from the network via a telecommunication line.

The memory 1002 is a computer-readable recording medium, and is composed of at least one such as a ROM (Read Only Memory), an EPROM (Erasable Programmable ROM), an EEPROM (Electrically Erasable Programmable ROM), and a RAM (Random Access Memory). May be done. The memory 1002 may be referred to as a register, a cache, a main memory (main storage device), or the like. The memory 1002 can store a program (program code), a software module, or the like that can be executed to carry out the paging method according to the present embodiment.

The storage 1003 is a computer-readable recording medium, and is, for example, an optical disk such as a CD-ROM (Compact Disc ROM), a hard disk drive, a flexible disk, a magneto-optical disk (for example, a compact disk, a digital versatile disk, or a Blu-ray). It may consist of at least one (registered trademark) disk), smart card, flash memory (eg, card, stick, key drive), floppy (registered trademark) disk, magnetic strip, and the like. The storage 1003 may be referred to as an auxiliary storage device. The storage medium described above may be, for example, a database, server or other suitable medium containing memory 1002 and / or storage 1003. For example, the above-mentioned inquiry destination information storage unit 12 and the like may be realized by the storage 1003.

The communication device 1004 is hardware (transmission / reception device) for performing communication between computers via a wired and / or wireless network, and is also referred to as, for example, a network device, a network controller, a network card, a communication module, or the like. For example, the inquiry request acquisition unit 10 and the inquiry destination IP address reply unit 13 described above may be realized by the communication device 1004.

The input device 1005 is an input device (for example, a keyboard, a mouse, a microphone, a switch, a button, a sensor, etc.) that receives an input from the outside. The output device 1006 is an output device (for example, a display, a speaker, an LED lamp, etc.) that outputs to the outside. The input device 1005 and the output device 1006 may have an integrated configuration (for example, a touch panel).

Further, each device such as the processor 1001 and the memory 1002 is connected by a bus 1007 for communicating information. Bus 1007 may be composed of a single bus, or may be composed of different buses between devices.

Further, the name resolution device 1 includes hardware such as a microprocessor, a digital signal processor (DSP: Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), a PLD (Programmable Logic Device), and an FPGA (Field Programmable Gate Array). It may be configured by, and a part or all of each functional block may be realized by the hardware. For example, processor 1001 may be implemented on at least one of these hardware.

Hereinafter, each functional block of the name resolution device 1 shown in FIG. 2 will be described.

The inquiry request acquisition unit 10 acquires an inquiry request including the IP address of the mobile terminal 2 and the domain name of the TLS termination device 3 from the mobile terminal 2 via a network or the like. The inquiry request acquisition unit 10 outputs the acquired inquiry request (or some information including the acquired inquiry request) to the terminal information acquisition unit 11 and the inquiry destination IP address reply unit 13.

The terminal information acquisition unit 11 acquires terminal information related to the mobile terminal 2 from the terminal information management system 4 based on the IP address of the mobile terminal 2 included in the inquiry request input from the inquiry request acquisition unit 10. Specifically, the terminal information acquisition unit 11 is a mobile terminal 2 included in the inquiry request input from the inquiry request acquisition unit 10 in the first terminal information storage unit 400 of the RADIUS server 40 included in the terminal information management system 4. The MSISDN of the mobile terminal 2 associated with the IP address is acquired, and is associated with the MSISDN of the mobile terminal 2 acquired in the second terminal information storage unit 410 of the subscriber information DB 41 included in the terminal information management system 4. The terminal information about the mobile terminal 2 is acquired. Hereinafter, a more specific description will be given.

The terminal information acquisition unit 11 transmits the IP address of the mobile terminal 2 included in the inquiry request input from the inquiry request acquisition unit 10 to the RADIUS server 40. When the RADIUS server 40 receives the IP address of the mobile terminal 2, the first terminal information storage unit 400 acquires the MSISDN of the mobile terminal 2 associated with the IP address of the mobile terminal 2, and the name resolution device 1 Reply to the terminal information acquisition unit 11. When the terminal information acquisition unit 11 receives the MSISDN of the mobile terminal 2, it transmits the received MSISDN to the subscriber information DB 41. When the subscriber information DB 41 receives the MSISDN, the second terminal information storage unit 410 acquires the terminal information related to the mobile terminal 2 associated with the MSISDN, and returns the terminal information to the terminal information acquisition unit 11 of the name resolution device 1. , The terminal information acquisition unit 11 receives (acquires) terminal information related to the mobile terminal 2. The terminal information acquisition unit 11 outputs the acquired terminal information regarding the mobile terminal 2 to the inquiry destination IP address reply unit 13.

The inquiry destination information storage unit 12 stores the inquiry destination information in which the terminal information regarding the mobile terminal 2 is associated with the domain name of the TLS terminal device 3 and the IP address of the TLS terminal device 3. FIG. 6 shows an example of a table of inquiry destination information stored in the inquiry destination information storage unit 12. As shown in FIG. 6, in the reference destination information, the terminal information regarding the mobile terminal 2, the domain name (URL), and the IP address of the TLS terminal device 3 are associated with each other. Further, as shown in FIG. 6, in the inquiry information, the IP addresses of a plurality of TLS termination devices 3 may correspond to the same domain name. In that case, the IP addresses of the different TLS termination devices 3 are associated with terminal information regarding different mobile terminals 2. The reference information is stored in advance.

The inquiry destination IP address reply unit 13 has the terminal information related to the mobile terminal 2 input from the terminal information acquisition unit 11 and the inquiry input from the inquiry request acquisition unit 10 in the inquiry destination information stored by the inquiry destination information storage unit 12. The IP address of the TLS terminal device 3 associated with the domain name of the TLS terminal device 3 included in the request is acquired, and the acquired IP address of the TLS terminal device 3 is sent to the mobile terminal 2 from which the inquiry request is requested. Reply via network etc. That is, the inquiry destination IP address reply unit 13 responds to the mobile terminal 2 that has sent the inquiry request to the mobile terminal 2 among the TLS terminal devices 3 indicated by the domain name of the TLS terminal device 3 included in the inquiry request. The IP address of the TLS terminal device 3 according to the terminal information related to the mobile terminal 2 is returned to the mobile terminal 2 as an inquiry result (the IP address of the TLS terminal device 3 is determined and returned based on the terminal information related to the mobile terminal 2).

FIG. 7 is a sequence diagram showing a name resolution process (name resolution method) executed by the name resolution system 5. As a precondition, before the process of step S1 described later is started, the IP address is not assigned to the mobile terminal 2, and the mobile terminal 2 (or the user of the mobile terminal 2) is the domain name of the TLS terminal device 3 or The situation is that the URL is known but the IP address of the TLS terminal device 3 is not known. First, RADIUS authentication is performed by transmitting the MSISDN of the mobile terminal 2 from the mobile terminal 2 to the RADIUS server 40 (step S1). As a response of S1, the RADIUS server 40 assigns an IP address to the mobile terminal 2, and stores the IP address of the mobile terminal 2 assigned in the first terminal information storage unit 400 in association with the MSISDN received in S1 ( (Holds a list of associations between the IP address of the mobile terminal 2 and MSISDN), and returns the IP address of the mobile terminal 2 to the mobile terminal 2 (step S2).

Next, the mobile terminal 2 transmits to the name resolution device 1 an inquiry request including the IP address of the mobile terminal 2 received in S2 and the domain name of the TLS termination device 3 (the inquiry request is name resolution). A DNS inquiry is made by (acquired by the inquiry request acquisition unit 10 of the device 1) (step S3). Next, the terminal information acquisition unit 11 of the name resolution device 1 transmits the IP address of the mobile terminal 2 received in S3 from the name resolution device 1 to the RADIUS server 40 to make a MSISDN inquiry ( Step S4). Next, as a response of S4, the RADIUS server 40 acquires the MSISDN associated with the IP address of the mobile terminal 2 received in S4 in the first terminal information storage unit 400, and uses the acquired MSISDN as the name resolution device 1. Reply to (step S5). Next, the terminal information acquisition unit 11 of the name resolution device 1 makes a terminal information inquiry by transmitting the MSISDN received in S5 from the name resolution device 1 to the subscriber information DB 41 (step S6). Next, as a response of S6, the subscriber information DB 41 acquires terminal information related to the mobile terminal 2 associated with MSISDN received in S6 in the second terminal information storage unit 410, and the acquired terminal related to the mobile terminal 2. The information is returned to the name resolution device 1 (step S7). Next, the inquiry destination IP address reply unit 13 of the name resolution device 1 sets the domain name of the TLS termination device 3 received in S3 in the inquiry destination information storage unit 12 and the terminal information related to the mobile terminal 2 received in S7. The IP address of the associated TLS terminal device 3 is acquired, and as a response of S3, the acquired IP address of the TLS terminal device 3 is returned to the mobile terminal 2 (step S8). Next, the mobile terminal 2 makes a connection (TLS connection) to the TLS terminal device 3 indicated by the IP address by using the IP address of the TLS terminal device 3 received in S8 (step S9).

Next, the operation and effect of the name resolution system 5 including the name resolution device 1 configured as in the present embodiment will be described. First, the mechanism and problems of the prior art related to name resolution will be described.

In the prior art, generally, when a mobile terminal makes a TLS connection by web access or the like, a DNS inquiry is made to a DNS server, and the DNS server specifies a specific domain name (URL) corresponding to the mobile terminal. IP address is transmitted, and the mobile terminal connects to the IP address. Here, FIG. 8 is a diagram showing name resolution by the prior art. In FIG. 8, the DNS server 1p, the mobile terminal 2ap and the mobile terminal 2bp which are the inquiry sources for name resolution, and the TLS termination devices 3ap and the TLS termination devices 3bp which are the inquiry destinations are included. There is a model difference between the mobile terminal 2ap and the mobile terminal 2bp. More specifically, the mobile terminal 2ap and the mobile terminal 2bp have different TACs. Then, the TLS terminal device 3ap is equipped with the server certificate corresponding to the mobile terminal 2ap, and the TLS terminal device 3bp is equipped with the server certificate corresponding to the mobile terminal 2bp. Further, the TLS termination device 3ap and the TLS termination device 3bp belong to the same domain name. In FIG. 8 showing the prior art, the DNS server 1p cannot select the TLS termination device to be referred to for each mobile terminal model (TAC) as name resolution for the same domain name from a plurality of mobile terminals. It was only possible to send a unique TLS termination device IP address. For example, in FIG. 8, when the DNS server 1p returns the IP address of the TLS termination device 3ap in response to the DNS inquiry of the domain name “A” from the mobile terminal 2ap, the domain name “A” from the mobile terminal 2bp is returned. As a response to the DNS inquiry, the IP address of the TLS termination device 3bp equipped with the server certificate corresponding to the mobile terminal 2bp could not be returned, and the IP address of the TLS termination device 3ap could only be returned. In that case, the mobile terminal 2bp cannot be connected to the TLS termination device 3bp. As described above, in the prior art, there is no mechanism for referring to the terminal information regarding the mobile terminal which is the inquiry source in the DNS inquiry, so that there is the above-mentioned problem.

According to the name resolution system 5 including the name resolution device 1 configured as in the present embodiment, when the mobile terminal 2 makes a TLS connection by web access or the like, the RADIUS server 40 that performs RADIUS authentication and the name that performs DNS resolution. The resolution device 1 and the subscriber information DB 41 that holds the terminal information (TAC) related to the mobile terminal 2 are linked with the MSISDN, and the name resolution device 1 acquires the terminal information related to the mobile terminal 2 that is the DNS inquiry source (reference source). .. The name resolution device 1 holds the terminal information related to the mobile terminal 2 and the IP address of the TLS terminal device 3 notified to the mobile terminal 2 in association with each other as a list, and returns the IP address according to the terminal information related to the mobile terminal 2. As a result, even if the domain name is the same, it is possible to connect to the TLS terminal device 3 having the corresponding server certificate according to the terminal information about the mobile terminal 2. Specifically, in FIG. 1, when the TLS termination device 3a and the TLS termination device 3b belong to the same domain name, the name resolution device 1 responds to the DNS inquiry of the domain name "B" from the mobile terminal 2a. Even if the IP address of the TLS termination device 3a equipped with the server certificate corresponding to the mobile terminal 2a is returned, the server certification corresponding to the mobile terminal 2b is answered as a response to the DNS inquiry of the domain name "B" from the mobile terminal 2b. The IP address of the TLS termination device 3b on which the document is mounted can be returned. In this way, the name resolution device 1 can return the IP address of the reference destination according to the mobile terminal 2. Further, the mobile terminal 2 which is the inquiry source can be connected to the TLS terminal device 3 equipped with the corresponding server certificate according to the terminal information about the mobile terminal 2.

As described above, according to the name resolution system 5 including the name resolution device 1 configured as in the present embodiment, it is possible to select a server during TLS communication in the mobile terminal 2, and the same domain name (URL). ), It is possible to connect to the TLS terminal device 3 (server certificate, encryption algorithm, etc.) corresponding to the terminal information related to the mobile terminal 2. Further, since the contents of information sent and received between the name resolution device 1 and the mobile terminal 2 are the same as those of the existing DNS server system, the name resolution system 5 does not significantly change the mechanism with respect to the existing DNS server system. Can be realized.

Although the present embodiment has been described in detail above, it is clear to those skilled in the art that the present embodiment is not limited to the embodiment described in the present specification. This embodiment can be implemented as a modified or modified mode without departing from the spirit and scope of the present invention determined by the description of the claims. Therefore, the description of the present specification is for the purpose of illustration and does not have any limiting meaning to the present embodiment.

The notification of information is not limited to the embodiments / embodiments described herein, and may be made by other methods. For example, information notification includes physical layer signaling (for example, DCI (Downlink Control Information), UCI (Uplink Control Information)), upper layer signaling (for example, RRC (Radio Resource Control) signaling, MAC (Medium Access Control) signaling, etc. It may be carried out by notification information (MIB (Master Information Block), SIB (System Information Block)), other signals, or a combination thereof. Further, the RRC signaling may be referred to as an RRC message, and may be, for example, an RRC Connection Setup message, an RRC Connection Reconfiguration message, or the like.

Each aspect / embodiment described herein includes LTE, LTE-A (LTE-Advanced), SUPER 3G, IMT-Advanced, 4G, 5G, FRA (Future Radio Access), W-CDMA®, GSM (registered trademark), CDMA2000, UMB (Ultra Mobile Broadband), IEEE 802.11 (Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802.20, UWB (Ultra-WideBand), Bluetooth (registered trademark) , And other systems that utilize suitable systems and / or next-generation systems that are extended based on them.

The order of the processing procedures, sequences, flowcharts, and the like of each aspect / embodiment described in the present specification may be changed as long as there is no contradiction. For example, the methods described herein present elements of various steps in an exemplary order, and are not limited to the particular order presented.

In some cases, the specific operation performed by the specific device in the present specification may be performed by its upper node. For example, when a specific device is a base station, various operations performed for communication with a terminal in a network consisting of one or more network nodes having the base station may be performed. It is clear that it can be done by a base station and / or other network nodes other than the base station, such as, but not limited to, MME or S-GW. Although the case where there is one network node other than the base station is illustrated above, it may be a combination of a plurality of other network nodes (for example, MME and S-GW).

Information and the like can be output from the upper layer (or lower layer) to the lower layer (or upper layer). Input / output may be performed via a plurality of network nodes.

The input / output information and the like may be stored in a specific location (for example, a memory), or may be managed by a management table. Input / output information and the like can be overwritten, updated, or added. The output information and the like may be deleted. The input information or the like may be transmitted to another device.

The determination may be made by a value represented by 1 bit (0 or 1), by a boolean value (Boolean: true or false), or by comparing numerical values (for example, a predetermined value). It may be done by comparison with the value).

Each aspect / embodiment described in the present specification may be used alone, in combination, or may be switched and used according to the execution. Further, the notification of predetermined information (for example, the notification of "being X") is not limited to the explicit one, but is performed implicitly (for example, the notification of the predetermined information is not performed). May be good.

Software is an instruction, instruction set, code, code segment, program code, program, subprogram, software module, whether called software, firmware, middleware, microcode, hardware description language, or another name. , Applications, software applications, software packages, routines, subroutines, objects, executable files, execution threads, procedures, functions, etc. should be broadly interpreted to mean.

Further, software, instructions, and the like may be transmitted and received via a transmission medium. For example, the software uses wired technology such as coaxial cable, fiber optic cable, twist pair and digital subscriber line (DSL) and / or wireless technology such as infrared, wireless and microwave to websites, servers, or other When transmitted from a remote source, these wired and / or wireless technologies are included within the definition of transmission medium.

The information, signals, etc. described herein may be represented using any of a variety of different techniques. For example, data, instructions, commands, information, signals, bits, symbols, chips, etc. that may be referred to throughout the above description may be voltage, current, electromagnetic waves, magnetic fields or magnetic particles, light fields or photons, or any of these. It may be represented by a combination of.

The terms described in the present specification and / or the terms necessary for understanding the present specification may be replaced with terms having the same or similar meanings. For example, the channel and / or symbol may be a signal. Also, the signal may be a message. Further, the component carrier (CC) may be referred to as a carrier frequency, a cell, or the like.

The terms "system" and "network" as used herein are used interchangeably.

Further, the information, parameters, etc. described in the present specification may be represented by an absolute value, a relative value from a predetermined value, or another corresponding information. .. For example, the radio resource may be indexed.

The names used for the above parameters are not limited in any way. Further, mathematical formulas and the like using these parameters may differ from those expressly disclosed herein. Since the various channels (eg, PUCCH, PDCCH, etc.) and information elements (eg, TPC, etc.) can be identified by any suitable name, the various names assigned to these various channels and information elements are in any respect. However, it is not limited.

A base station can accommodate one or more (eg, three) cells (also called sectors). When a base station accommodates multiple cells, the entire coverage area of the base station can be divided into multiple smaller areas, each smaller area being a base station subsystem (eg, small indoor base station RRH: Remote). Communication services can also be provided by Radio Head). The term "cell" or "sector" refers to a part or all of the coverage area of a base station and / or base station subsystem that provides communication services in this coverage. In addition, the terms "base station," "eNB," "cell," and "sector" may be used interchangeably herein. Base stations are sometimes referred to by terms such as fixed station, NodeB, eNodeB (eNB), access point, femtocell, and small cell.

Mobile communication terminals may be subscriber stations, mobile units, subscriber units, wireless units, remote units, mobile devices, wireless devices, wireless communication devices, remote devices, mobile subscriber stations, access terminals, mobile terminals, etc. It may also be referred to as a wireless terminal, remote terminal, handset, user agent, mobile client, client, or some other suitable term.

As used herein, the terms "determining" and "determining" may include a wide variety of actions. "Judgment", "decision" is, for example, calculating, computing, processing, deriving, investigating, looking up (eg, table, database or another). It can include searching in the data structure), confirming (ascertaining) as "judgment" and "decision". Also, "judgment" and "decision" are receiving (for example, receiving information), transmitting (for example, transmitting information), input (input), output (output), and access. (Accessing) (for example, accessing data in memory) may be regarded as "judgment" or "decision". In addition, "judgment" and "decision" mean that "resolving", "selecting", "choosing", "establishing", "comparing", etc. are regarded as "judgment" and "decision". Can include. That is, "judgment" and "decision" may include considering some action as "judgment" and "decision".

The terms "connected", "coupled", or any variation thereof, mean any direct or indirect connection or connection between two or more elements, and each other. It can include the presence of one or more intermediate elements between two "connected" or "combined" elements. The connection or connection between the elements may be physical, logical, or a combination thereof. As used herein, the two elements are by using one or more wires, cables and / or printed electrical connections, and, as some non-limiting and non-comprehensive examples, radio frequencies. It can be considered to be "connected" or "coupled" to each other by using electromagnetic energies such as electromagnetic energies having wavelengths in the region, microwave region and light (both visible and invisible) regions.

The phrase "based on" as used herein does not mean "based on" unless otherwise stated. In other words, the statement "based on" means both "based only" and "at least based on".

When the terms "first", "second", etc. are used herein, any reference to the elements does not generally limit the quantity or order of those elements. These designations can be used herein as a convenient way to distinguish between two or more elements. Thus, references to the first and second elements do not mean that only two elements can be adopted there, or that the first element must somehow precede the second element.

The "means" in the configuration of each of the above devices may be replaced with a "part", a "circuit", a "device" and the like.

As long as "include", "including", and variations thereof are used within the scope of this specification or claims, these terms are similar to the term "comprising". Is intended to be inclusive. Furthermore, the term "or" as used herein or in the claims is intended not to be an exclusive OR. In the present specification, a plurality of devices shall be included unless the device has only one device apparently in the context or technically.

In the whole of the present disclosure, if the context clearly does not indicate the singular, it shall include more than one.

1 ... Name resolution device, 2.2a, 2b ... Mobile terminal, 3.3a, 3b ... TLS terminal device, 4 ... Terminal information management system, 5 ... Name resolution system, 10 ... Inquiry request acquisition unit, 11 ... Terminal information acquisition Units, 12 ... Inquiry information storage unit, 13 ... Inquiry IP address reply unit, 40 ... RADIUS server, 41 ... Subscriber information DB, 400 ... First terminal information storage unit, 410 ... Second terminal information storage unit.

Claims (1)

A name resolution device that returns the IP address of the inquiry destination in response to an inquiry request from the terminal.
A reference information storage means for storing reference information in which terminal information related to a terminal, a domain name of the reference, and an IP address of the reference are associated with each other.
An inquiry request acquisition means for acquiring an inquiry request including the IP address of the terminal and the domain name of the inquiry destination from the terminal, and
From the terminal information management system that can acquire the terminal information about the terminal based on the IP address of the terminal, the terminal information about the terminal based on the IP address of the terminal included in the inquiry request acquired by the inquiry request acquisition means is acquired. Terminal information acquisition means and
In the inquiry destination information stored by the inquiry destination information storage means, the terminal information about the terminal acquired by the terminal information acquisition means and the domain name of the inquiry destination included in the inquiry request acquired by the inquiry request acquisition means are used. An inquiry IP address reply means that acquires the associated IP address of the inquiry destination and returns the acquired IP address of the inquiry destination to the terminal that requested the inquiry request.
Equipped with a,
The terminal information management system has a first storage means for storing the IP address of the terminal and the identification information of the terminal in association with each other, and a second storage means for storing the identification information of the terminal and the terminal information related to the terminal in association with each other. With and
The terminal information acquisition means acquires the identification information of the terminal associated with the IP address of the terminal included in the inquiry request acquired by the inquiry request acquisition means in the first storage means, and the second storage means. Acquires terminal information related to the terminal associated with the terminal identification information acquired in
Name resolution device.

Images