JP-2026075269-A - Information processing device, service usage method, and program

Abstract

[Problem] Improve the security of communication between edge devices. [Solution] In a communication system comprising a first information processing device and a second information processing device, the information processing device functions as the first information processing device and includes a token issuing unit that transmits a token containing authentication information read from a SIM inserted in the information processing device to the second information processing device, and a data processing unit that accesses the services of the second information processing device via a tunnel between the information processing device and the second information processing device established based on authentication using the authentication information. [Selection Diagram] Figure 1

Inventors

• 米倉 倫之介
• 沈 文裕
• 新谷 翔
• 上出 葵
• 和田 雄一郎

Assignees

• ＮＴＴドコモビジネス株式会社

Dates

Publication Date

20260508

Application Date

20241022

Claims (9)

1. In a communication system comprising a first information processing device and a second information processing device, an information processing device that functions as the first information processing device, A token issuing unit transmits a token containing authentication information read from a SIM inserted into the information processing device to the second information processing device. An information processing device comprising: a data processing device that accesses the services of the second information processing device via a tunnel between the information processing device and the second information processing device established based on authentication using the aforementioned authentication information.
2. The SIM stores, in addition to the authentication information, hardware information of the information processing device. The information processing apparatus according to claim 1, wherein the token issuing unit transmits a token including the authentication information and the hardware information to the second information processing apparatus.
3. The system further includes a receiving unit that receives instructions from the monitoring server to establish communication with the third information processing device. The information processing apparatus according to claim 1, wherein the token issuing unit transmits the token to the third information processing apparatus based on the instruction.
4. The information processing apparatus according to claim 1, wherein the data processing unit receives a processing order and determines that the information processing apparatus cannot process the order, the token issuing unit transmits the token to the second information processing apparatus.
5. The information processing apparatus according to claim 1, further comprising a calculation unit that selects another information processing apparatus to be used as a migration destination based on a value corresponding to the distance between the aforementioned information processing apparatus and each of a plurality of other information processing apparatuses.
6. An information processing device that functions as the second information processing device in a communication system comprising a first information processing device and a second information processing device, An authentication unit receives a token containing authentication information read from a SIM inserted into the first information processing device from the first information processing device, uses the authentication information to authenticate the first information processing device, and if authentication is successful, establishes a tunnel between the first information processing device and the information processing device. An information processing device comprising a service used from the first information processing device via the aforementioned tunnel.
7. The information processing apparatus according to claim 6, further comprising a whitelist including hardware information of the first information processing apparatus, wherein the token includes the authentication information and the hardware information, and the authentication unit performs a comparison between the hardware information and the whitelist.
8. A communication system comprising a first information processing device and a second information processing device, wherein a service utilization method is performed by an information processing device that functions as the first information processing device, The steps include transmitting a token containing authentication information read from a SIM inserted into the information processing device to the second information processing device, A service utilization method comprising the step of accessing the services of the second information processing device via a tunnel between the information processing device and the second information processing device established based on authentication using the aforementioned authentication information.
9. A program for causing a computer to function as a component of the information processing device described in any one of claims 1 to 7.

Description

This invention relates to edge computing technology. Edge computing, a technology that processes and analyzes data using servers distributed near the data-generating terminals, is becoming increasingly popular. Recent edge computing technologies are being deployed not only on on-premises servers but also on IoT devices and other infrastructure. This suggests an increase in network traffic in various locations, making improved communication security, load balancing, and the establishment of more efficient communication systems more crucial than ever. In edge computing, a conventional technology exists for L7 communication between edge devices (Non-Patent Document 1). However, this conventional technology does not ensure the reliability of both connected devices. Skupper, https://skupper.io/, searched October 16, 2020 This figure shows an example of the configuration of a communication system in the first embodiment.This is a flowchart of the first embodiment.This figure shows an example of the configuration of the communication system in the second embodiment.This is a flowchart of the second embodiment.This figure shows an example of using an external database.This is a diagram showing an example of the configuration of a communication system in the third embodiment.This is a flowchart of the third embodiment.This figure shows an example of the configuration of the communication system in the fourth embodiment.This is a flowchart of the fourth embodiment.This figure shows an example of the configuration of the communication system in the fifth embodiment.This is a flowchart of the fifth embodiment.This figure shows an example of the device's hardware configuration. The embodiments of the present invention (this embodiment) will be described below with reference to the drawings. The embodiments described below are merely examples, and the embodiments to which the present invention applies are not limited to these embodiments. (Summary of the embodiment) In this embodiment, L7 communication between edge devices is established using authentication via a SIM (Subscriber Identity Module). This ensures reliability by verifying that each device is the correct recipient. Furthermore, this embodiment incorporates a configuration that enables continuous monitoring of edge devices using an external server and the transfer of processing from one edge device to another via a decision program within the application. This allows processing to continue even if an edge device malfunctions or if greater processing power is required. The configuration and operation of a communication system using the technology according to the present invention will be described in detail below using the first to fifth embodiments. The first to fifth embodiments can be implemented in any combination. (First Embodiment) First, the first embodiment will be described. The first embodiment is an embodiment of a basic configuration for establishing communication using a SIM. Figure 1 shows an example of the configuration of the communication system in the first embodiment. As shown in Figure 1, this communication system comprises edge device 100A and edge device 100B. Figure 1 also shows the SIM 110A used in edge device 100A. Communication is possible between edge device 100A and edge device 100B via a network. Each edge device may be, for example, an IoT device, a server, or other type of device. The edge device 100A includes a token issuing unit 120A and a cluster 140A. The "cluster" refers to, for example, a Kubernetes® cluster, but is not limited to this. Within the cluster, containerized applications are executed, for example. While this embodiment uses a cluster, it is also possible to omit its use. Cluster 140A includes DNS 141A, L7 Router 142A, and data processing unit 143A. Figure 1 also shows the virtual Service 144A as seen by user 1. Furthermore, "Service" corresponds to an application that performs the processing requested by the user. A Service that actually performs processing on a particular device is called the device's actual Service, while a Service used by a particular device, but whose actual processing is performed on another device, is called a virtual Service. The edge device 100B includes an authentication unit 130B and a cluster 140B. The cluster 140B includes a DNS 141B, an L7 Router 142B, a data processing unit 143B, and an actual Service 145B. The operation example of the communication system in the first embodiment will be explained following the steps in the flowchart of Figure 2. The step numbers (S1, etc.) in Figure 2 are also shown in Figure 1. <S1 (Step 1)> In S1, the SIM 110A containing authentication information is inserted into the edge device 110A. The SIM 110A is a SIM used for mobile communication such as 5G or LTE. The authentication information stored in the SIM 110A is a SIM-specific number (e.g., IMSI), but is not limited to this. The SIM 110A may be pre-installed in the edge device 110A. <S2> In S2, i