CN102595391A - Method, system and device capable of achieving safe triggering - Google Patents
Method, system and device capable of achieving safe triggering Download PDFInfo
- Publication number
- CN102595391A CN102595391A CN2011100205262A CN201110020526A CN102595391A CN 102595391 A CN102595391 A CN 102595391A CN 2011100205262 A CN2011100205262 A CN 2011100205262A CN 201110020526 A CN201110020526 A CN 201110020526A CN 102595391 A CN102595391 A CN 102595391A
- Authority
- CN
- China
- Prior art keywords
- mtc
- equipment
- cookie
- secure data
- mtc equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method, a system and a device capable of achieving safe triggering. Machine type communication (MTC) equipment determines legality of internet information in accordance with the shared safe data between the MTC equipment and MTC servers. The method, the system, and the device capable of achieving safe triggering guarantee that the MTC equipment can determine whether a triggering instruction is from legal networks and avoid that the MTC equipment is activated maliciously by attackers.
Description
Technical field
The present invention relates to the communications field, be specifically related to the safe trigger method of a kind of realization, system and device.
Background technology
For a lot of M2M used, the Internet of Things user hoped that (Machine Type Communication, MTC) communication of equipment is controlled the communication of machine class, and does not hope that MTC equipment inserts MTC server (Server) at random.Even, also can have the demand that needs the MTC server to obtain data to MTC equipment for those application of initiating communication usually by MTC equipment.Therefore, using poll pattern between MTC equipment and the MTC clothes device possibly be than suitable manner.
Like this, for not being always attached in the network or be not to have the MTC equipment that PDP/PDN connects always, need indicating through the triggering of sending and trigger MTC equipment and carry out network attachment and/or set up PDP/PDN connecting based on the MTC server.Particularly, public land mobile network (PLMN) activates MTC equipment then based on the triggering indication of receiving from the MTC server.
Fig. 1 is existing MTC trigger equipment service system structure figure, mainly comprises following network element:
Radio access node (Radio Access Node, RAN) 102, be responsible for wireless access and RRM.Among the present invention, RAN is the general designation of wireless access network element.
Access security management equipment (Access Security Management Entity; ASME) 103; Main access-in management and the safety management of being responsible for equipment; Can correspond to mobile switching centre in the 3GPP network (Mobile Switch Center, MSC), mobile management entity (Mobility Management Entity, MME), Serving GPRS Support Node (Serving GPRS Supporting Node; SGSN) and the CBC in the cell broadcaste service (Cell Broadcast Center, CBC).
Home subscriber server/home location register (Home Subscriber Server/Home Location Register, HSS/HLR) 103, mainly be responsible for the subscription data management and the storage of equipment.
MTC Server104 is for M2M uses newly-increased network element, main information gathering and the storage/work of being responsible for MTC equipment such as processing, and can carry out necessary management to MTC equipment.
Fig. 2 is a MTC device fires flow chart in the prior art.When the MTC server was hoped that MTC equipment adheres to and connected with the MTC server, the MTC server sent to MTC equipment through the network under the MTC equipment and triggers indication.Receive when triggering indication when MTC equipment, initiatively be attached to network and connect, specifically comprise the steps: with the MTC server
Step 201, the MTC server HSS/HLR under MTC equipment sends the trigger equipment request message, carries MTC device identification (Device ID) in the message, triggers sign (Trigger Indicator);
Step 202, HSS/HLR inquire the corresponding ASME of MTC equipment address, transmit the trigger equipment request message of receiving to the ASME at MTC equipment place;
The RAN paging MTC equipment at step 203, ASME notice MTC equipment place sends beep-page message to RAN, carries MTC Device ID, Trigger Indicator in the message;
Step 204, RAN initiate paging through broadcast channel or PCH to the regional cycle at MTC equipment place;
Step 205, when listening to said beep-page message, it is a trigger messages that MTC equipment obtains this beep-page message according to the TriggerIndicator that carries in the message, and then initiates service request to access network; Access network ASME possibly trigger the authentication ciphering flow process according to the operation strategy;
Step 206, MTC equipment are set up safety with the MTC server and are connected.
For MTC equipment, there are two kinds of situation, the one, MTC equipment receives when attachment state not and triggers indication, the 2nd, MTC equipment is received when attachment state and is triggered indication.
Trigger indication if MTC equipment is received when attachment state not, MTC equipment at first initiates to adhere to network, carries out a series of processes such as authentication.As shown in Figure 1, the MTC server possibly be positioned at outside carrier network or the carrier network.The MTC server sends to network and triggers indication, and the ASME in the network sends to trigger to the MTC equipment that does not adhere to and indicates activated equipment.After receiving the triggering indication, MTC equipment and network carry out corresponding flow processs such as authentication, and MTC equipment is set up with the MTC server and communicated by letter afterwards.In this case, equipment can run into attacks the malicious attack that the people palms off into network, and promptly the assailant disguises oneself as network to MTC equipment transmission triggering indication.Different with the domestic consumer terminal is, a lot of MTC equipment are unattended, and a lot of MTC equipment can only rely on battery to move for a long time can not be recharged or change battery.In this case, the continuous malice activated equipment of assailant causes the equipment consumption of electric, can influence service life of equipment like this, even causes the large-scale equipment paralysis within a certain period of time, thereby reaches the purpose of attack.
Activate MTC equipment except the assailant pretends network malice, also exist the assailant to pretend MTC server by utilizing network activation MTC equipment; Especially be the third party at the MTC server, in the time of not in carrier network.
Therefore, need avoid MTC equipment victim malice to activate, MTC equipment needs to judge that triggering indicates whether from legitimate network, but does not have relevant technical support at present.
Summary of the invention
In view of this, main purpose of the present invention is to provide the safe trigger method of a kind of realization, system and device, and assurance MTC equipment can be judged to trigger and indicate whether from legitimate network, avoid MTC equipment victim malice to activate.
For achieving the above object, technical scheme of the present invention is achieved in that
The safe trigger method of a kind of realization, this method comprises:
Machine class communication MTC equipment is judged the legitimacy of internet message according to the secure data Cookie that is shared between self and the MTC server.
Said secure data is that said MTC equipment is when signatory, by the initial safe data I nitial Cookie value of network settings;
Perhaps, said secure data be said MTC equipment and said MTC server in the service interaction process, the cookie value that generates by said MTC equipment or said MTC device server.
The method of the legitimacy of said judgement internet message is:
The cookie/initial cookie that said MTC equipment is preserved according to the secure data parameter in the said internet message and itself compares, if identical then think that said message is legal; Otherwise, then be illegal.
Said internet message is network broadcast message or ICQ message.
The transmittance process of Cookie/Initial Cookie parameter comprises in the said internet message:
Said MTC server passes to the access security management equipment ASME that said MTC equipment belongs to through the user-subscribed database under the said MTC equipment with said Cookie/Initial Cookie, and said ASME finally passes to said MTC equipment through said internet message with said Cookie/Initial Cookie;
Perhaps, said MTC server directly transmits Cookie to the ASME at said MTC equipment place, and said ASME passes to said MTC equipment through said internet message with Cookie.
Said secure data is the secure data to individual equipment, or is directed against the group secure data of a plurality of equipment.
After said MTC equipment judges that said internet message is legal, further set up with said MTC server between safety is connected, said MTC equipment is the shared Cookie value of said MTC server update perhaps.
A kind of system that realizes that safety triggers, this system comprises secure data maintenance unit, data legitimacy decision package; Wherein,
Said secure data maintenance unit is used to generate and preserve the secure data of sharing between MTC equipment and the MTC server, and offers data legitimacy decision package;
Said data legitimacy decision package is used for the secure data shared according between MTC equipment and the MTC server, judges the legitimacy of internet message.
Said secure data is that said MTC equipment is when signatory, by the Initial Cookie value of network settings;
Perhaps, said secure data be said MTC equipment and said MTC server in the service interaction process, the cookie value that generates by said MTC equipment or said MTC device server.
When said data legitimacy decision package is judged the legitimacy of internet message, be used for:
The cookie/initial cookie that preserves according to the secure data parameter in the said internet message and itself compares, if identical then think that said message is legal; Otherwise, then be illegal.
Said internet message is network broadcast message or ICQ message.
When transmitting in the said internet message Cookie/Initial Cookie parameter, said MTC server is used for:
, trigger said ASME and finally said Cookie/Initial Cookie is passed to said MTC equipment the ASME that said Cookie/Initial Cookie passes to said MTC equipment place through the user-subscribed database under the said MTC equipment through said internet message;
Perhaps, directly the ASME to said MTC equipment place transmits Cookie, triggers said ASME and through said internet message Cookie is passed to said MTC equipment.
Said secure data is the secure data to individual equipment, or is directed against the group secure data of a plurality of equipment.
After judging that said internet message is legal, said data legitimacy decision package is further used for: set up with said MTC server between safety is connected, trigger the perhaps shared Cookie value of said MTC server update of said MTC equipment.
A kind of equipment of realizing that safety triggers, this equipment is MTC equipment, be used for according to self with the MTC server between the secure data shared, the legitimacy of judgement internet message.
This equipment links to each other with the secure data maintenance unit, and said secure data maintenance unit is used to generate and preserve the secure data of sharing between MTC equipment and the MTC server, and offers MTC equipment.
Said secure data is that said MTC equipment is when signatory, by the Initial Cookie value of network settings;
Perhaps, said secure data be said MTC equipment and said MTC server in the service interaction process, the cookie value that generates by said MTC equipment or said MTC device server.
When this equipment is judged the legitimacy of internet message, be used for:
The cookie/initial cookie that preserves according to the secure data parameter in the said internet message and itself compares, if identical then think that said message is legal; Otherwise, then be illegal.
Said internet message is network broadcast message or ICQ message.
After judging that said internet message is legal, said equipment is further used for: set up with said MTC server between safety is connected, self carry out and perhaps trigger the shared Cookie value of said MTC server update.
A kind of equipment of realizing that safety triggers, this equipment is the MTC server, is used for according to MTC equipment and the secure data shared between self, the legitimacy of judgement internet message.
Said secure data is that said MTC equipment is when signatory, by the Initial Cookie value of network settings;
Perhaps, said secure data be said MTC equipment and said MTC server in the service interaction process, the cookie value that generates by said MTC equipment or said MTC device server.
Said internet message is network broadcast message or ICQ message.
When Cookie/Initial Cookie parameter was transmitted in the said internet message, said equipment was used for:
, trigger said ASME and finally said Cookie/Initial Cookie is passed to said MTC equipment the ASME that said Cookie/Initial Cookie passes to said MTC equipment place through the user-subscribed database under the said MTC equipment through said internet message;
Perhaps, directly the ASME to said MTC equipment place transmits Cookie, triggers said ASME and through said internet message Cookie is passed to said MTC equipment.
After judging that said internet message is legal, said equipment is further used for: set up with said MTC equipment between safety is connected the Cookie value that renewal is shared.
The present invention realizes safe trigger method, system and device, and assurance MTC equipment can be judged to trigger and indicate whether from legitimate network, avoid MTC equipment victim malice to activate.
Description of drawings
Fig. 1 is a MTC device fires system architecture sketch map;
Fig. 2 is a MTC device fires flow chart in the prior art;
Fig. 3 is the general flow chart that the realization safety of the embodiment of the invention triggers;
Fig. 4 is secure data (Cookie) the conveying flow figure of one embodiment of the invention;
Fig. 5 is the Cookie conveying flow figure of another embodiment of the present invention;
Fig. 6 is the Cookie conveying flow figure of yet another embodiment of the invention;
Fig. 7 is that triggering to group of the embodiment of the invention carried out the flow chart that triggers;
Fig. 8 is provided with timer carries out keep-alive to Cookie flow chart for the embodiment of the invention by the MTC server;
Fig. 9 is provided with timer carries out keep-alive to Cookie flow chart for the embodiment of the invention by MTC equipment;
Figure 10 is the system diagram that the realization safety of the embodiment of the invention triggers.
Embodiment
In practical application, can consider to propose MTC device security trigger mechanism, promptly send in the triggering Indication message of MTC equipment at network, the Cookie that increase MTC equipment and MTC server are owned together is to guarantee triggering indication from legal network.
Particularly; In initial condition; Be MTC equipment with before safety that the MTC server was not also set up application layer being connected, MTC equipment and MTC server have when contracting cipher key shared/secure data in advance, and with these data as initial safe data (Initial Cookie).After MTC equipment and MTC server are set up safety and are connected, can generate new cookie value by MTC equipment or MTC server, and in MTC equipment and middle shared this cookie value of MTC server.The safety of said cookie value can guarantee through the application layer security in the current mechanism; The figure place of said cookie value can decide according to concrete demand for security and network overhead cost.
Can use dual mode and obtain said secure data cookie.First kind of mode: the MTC server is when the network initiation is indicated the triggering of MTC equipment; The cookie value of the MTC equipment that needs are triggered is carried on to trigger in the Indication message and is handed down to network; Network carries said Cookie value in this message when sending the triggering indication to MTC equipment.The benefit of this mode is, the correctness of ability simultaneous verification network and MTCServer.Even MTC Server is the third party, during with the security relationship of operator and imprecision, this scheme also can guarantee its fail safe, but needs the MTC server to have the function of preserving and safeguarding cookie.The second way: the MTC server sends to user-subscribed database (HSS or HLR) with the initial safe data, and with MTC renewal of the equipment cookie after the cookie value of upgrading is sent to user-subscribed database.The MTC server is initiated the triggering indication to MTC equipment to network, and network carries said Cookie value when sending the triggering indication to MTC equipment.This scheme does not rely on the ability of MTC server and the legitimacy that can guarantee to send the network that triggers indication, but needs network the cookie value is preserved and to safeguard.
MTC equipment receives when triggering indication, the cookie value of the cookie value that wherein comprises and self preservation compared, if unanimity then begin flow; Otherwise, abandon said message and no longer carry out flow.Compare with existing security means, promptly carry out the integrity protection verification or the Confidentiality protection verification is compared; The embodiment of the invention only compares cookie, thereby calculation cost has been reduced a lot, more can save power and consumption when reducing.
Below in conjunction with accompanying drawing and specific embodiment technical scheme of the present invention is further set forth in detail.
In general, send in the triggering Indication message of MTC equipment, increase the Cookie that MTC equipment and MTC server are owned together, to guarantee triggering indication from legal network at network.Referring to Fig. 3, at initial period, if MTC equipment is set up safe the connection first with the MTC server, MTC equipment and MTC server can use secret key/secure data of sharing in advance when contracting as Initial Cookie.The obtain manner of this Initial Cookie can have two kinds, and a kind of mode is that MTC equipment and MTC server are shared in advance, and Initial Cookie is kept at respectively in MTC equipment and the MTC server; A kind of in addition mode be MTC equipment when opening an account, obtain Initial Cookie from HSS/HLR; When the MTC server is carried out the triggering business to MTC equipment, find not preserve the Cookie of MTC equipment, then the HSS/HLR of MTC server under said MTC equipment obtains the InitialCookie of this MTC equipment corresponding to this MTC server;
MTC equipment is received beep-page message; Trigger Indicator that carries in the detect-message and Cookie/Initial Cookie; And whether the Cookie/Initial Cookie value that comprises in the inspection message is consistent with the Cookie value of self preserving; And when unanimity according to current mechanism to network initiate to adhere to, respective process such as authentication, set up with the MTC server between safe the connection; After connecting foundation, MTC equipment and MTC server can select to consult again new Cookie;
Idiographic flow comprises the steps:
Step 301, MTC equipment and MTC server are shared identical Initial Cookie, and sharing mode can comprise:
A, MTC equipment and MTC server are shared in advance, and Initial Cookie is kept at respectively in MTC equipment and the MTC server;
B, MTC equipment obtain Initial Cookie from HSS/HLR when opening an account; Find self not preserve the Cookie of this MTC equipment when the MTC server is carried out the triggering business to MTC equipment, then the HSS/HLR of MTC server under said MTC equipment obtains the Initial Cookie of this MTC equipment corresponding to this MTC server;
Step 302, MTC server pass to MTC equipment through triggering (Trigger) flow process with Cookie/Initial Cookie, and concrete grammar is with reference to the Cookie conveying flow of following Fig. 4, Fig. 5 and Fig. 6;
After step 303, MTC equipment are received the Cookie in the beep-page message, judge whether the Cookie/InitialCookie value of receiving is consistent with the Cookie value of self preserving, if consistent, then execution in step 104; Otherwise, abandon said message, do not handle;
Step 304, MTC equipment are set up safety with the MTC service and are connected;
Step 305, MTC equipment and MTC server can upgrade Cookie.This step is optional.
Fig. 4 to Fig. 7 is the transmission Cookie method flow diagram that the present invention relates to.
Wherein the scene mainly described of Fig. 4 possibly exist roaming or other reason for MTC equipment; The ASME network element at MTC server and MTC equipment place does not have direct interface; The MTC server passes to the ASME that MTC equipment belongs to through the HSS/HLR under the MTC equipment with Cookie, and ASME finally passes to MTC equipment through beep-page message with Cookie.Comprise the steps:
Step 401, the MTC server HSS/HLR under MTC equipment sends the trigger equipment request message, carries MTC Device ID, Trigger Indicator and Cookie in the message.Wherein Trigger Indicator and Cookie can close and establish;
Step 402, HSS/HLR inquire the corresponding ASME of MTC equipment address, transmit the trigger equipment request message of receiving to the ASME at MTC equipment place;
The RAN paging MTC equipment at step 403, ASME notice MTC equipment place sends beep-page message to RAN, carries MTC Device ID, Trigger Indicator, Cookie in the message.
Step 404, RAN initiate paging through broadcast channel or PCH to the regional cycle at MTC equipment place;
Step 405, when MTC equipment listens to beep-page message, MTC equipment knows that according to the Trigger Indicator that carries in the message this beep-page message is a trigger messages, whether the Cookie value of carrying in the MTC equipment comparison message consistent with the Cookie value of self preserving.If consistent, then execution in step 406; Otherwise MTC equipment abandons this message, does not process;
Step 406, with step 304, MTC equipment and MTC service is set up safety and is connected.
The scene that Fig. 5 mainly describes is between the ASME network element at MTC server and MTC equipment place direct interface to be arranged, and the MTC server directly transmits Cookie to the ASME at MTC equipment place, and ASME passes to MTC equipment through beep-page message with Cookie.Comprise the steps:
Step 501, MTC server send the trigger equipment request message according to configuration to the ASME at MTC equipment place, carry MTC Device ID, Trigger Indicator and Cookie in the message.Wherein TriggerIndicator and Cookie can close and establish;
Step 502 to step 505, with step 403 to step 406.
The scene that Fig. 6 describes is that the MTC server does not possess the stored cookie ability, the MTC server will with the Cookie of MTC terminals share as user data, and be saved in the HSS/HLR under the MTC equipment.HSS/HLR can be updated to Cookie the ASME and the preservation at MTC equipment place simultaneously.Receive the trigger equipment indication request message of MTC server as ASME after, carry out paging, the said Cookie that obtains before carrying in the beep-page message to MTC equipment.Concrete steps are following:
The Cookie that step 601, MTC equipment and MTC server update are shared, detail refer step 505;
Step 602, the MTC server HSS/HLR under MTC equipment sends and upgrades the Cookie request message, carries MTC Device ID and new Cookie value in the message;
Step 603, HSS/HLR preserve new Cookie value, this belongs to as user data update the Cookie value to MTC equipment ASME.
Need to prove that this step of ASME that Cookie is updated to MTC equipment place is optional; If do not carry out this step, then step 604a and step 604b must carry out.
When step 604a, follow-up MTC server need trigger MTC equipment access Data transmission, the HSS/HLR under MTC equipment sent trigger equipment indication request message, compares step 401, does not carry the Cookie value in the message;
Step 604b, HSS/HLR transmit the trigger equipment indication request message of receiving, in message, add corresponding C ookie value;
Step 604c, corresponding step 604a and step 604b, this step is directly sent trigger equipment indication request message to ASME by the MTC server, if carry out this step, then the optional step in the step 603 must be carried out.Compare step 501, do not carry the Cookie value in the message;
The RAN paging MTC equipment at step 605, ASME notice MTC equipment place sends beep-page message to RAN, carries MTC Device ID, Trigger Indicator, Cookie in the message.
Step 606 to step 608, with step 503 to step 505.
Fig. 7 triggers embodiment to group, and the MTC server possibly carried out the MTC equipment in the class range through group equipment sign (G-Device ID) and group secure data (G-Cookie) and trigger flow process, and the idiographic flow step is following:
Step 701, MTC server send trigger equipment indication request message according to configuration to specific ASME, carry G-Device ID, Trigger Indicator and G-Cookie in the message.Wherein Trigger Indicator and G-Cookie can close and establish;
All RAN paging group MTC equipment in step 702, the ASME notice MTC equipment group sends beep-page message to RAN, carries G-Device ID, Trigger Indicator, G-Cookie in the message;
Step 703, RAN are through broadcast channel or PCH, and all MTC equipment periodic are initiated paging in group;
Step 704, when listening to the group beep-page message of this group; MTC equipment knows that according to the Trigger Indicator that carries in the message this group beep-page message is a trigger messages in the group; Whether the G-Cookie value of carrying in the MTC equipment comparison message is consistent with the G-Cookie value of self preserving; If consistent, then execution in step 705; Otherwise MTC equipment abandons said message, does not process;
Step 705, MTC equipment are set up safety with the MTC service and are connected;
Step 706, MTC equipment and MTC server update G-Cookie, the existing application layer security mechanism of the exchange of this G-Cookie and safe handling is protected.
Fig. 8 and Fig. 9 are the flow charts of describing Cookie term of validity keep-alive between MTC equipment and the MTC server.
Wherein, Fig. 8 is provided with timer by the MTC server Cookie is carried out keep-alive, and when timer expiry, MTC server judgement MTC equipment is current to be online or off-line, if online, directly upgrades Cookie between MTC server and the MTC equipment; If off-line, the MTC server is through triggering flow process, and notice MTC equipment is attached to network and sets up with the safety of MTC server and is connected, and upgrades Cookie then.Idiographic flow comprises the steps:
Step 801, with step 601;
Step 802, MTC server are provided with Cookie keep-alive timer T1, and timer duration can be by operator or professional discussing according to the strategy setting.Whenever step 801 is performed, the T1 timer will be reset, and activate again;
If MTC equipment was online when step 803a T1 was overtime, then directly upgrade Cookie.The flow process of upgrading Cookie sees step 305 for details;
MTC equipment off-line when if step 803b T1 is overtime, then through triggering flow process notice MTC equipment access network, concrete steps can be with reference to figure 4 to Fig. 6.After the escape way between MTC server and the MTC equipment was set up completion, MTC equipment and MTC server carried out the renewal of Cookie.
Fig. 9 is provided with timer by MTC equipment Cookie is carried out keep-alive, when timer expiry, if MTC equipment is online, and then direct and server update Cookie; If off-line, MTC equipment be attached to network earlier and set up with the MTC server between safe the connection, upgrade Cookie then.Idiographic flow comprises the steps:
Step 901, with step 601;
Step 902, MTC equipment are provided with Cookie keep-alive timer T1, and timer duration can be by operator or professional discussing according to the strategy setting.Whenever step 901 is performed, the T1 timer will be reset, and activate again;
If MTC equipment was online when step 903 T1 was overtime, then direct and server update Cookie; If off-line, MTC equipment be attached to network earlier and set up with the MTC server between safe the connection, upgrade Cookie then.
Can know that in conjunction with above each embodiment the present invention realizes that the operation thinking that safety triggers is: at MTC equipment and the shared secure data of MTC server; Based on the triggering flow process that relates to MTC server side secure data and MTC equipment side secure data, judge the legitimacy of secure data, and carry out the corresponding subsequent communication process according to judged result.
In order to guarantee that aforesaid operations thinking and each embodiment can realize smoothly, can carry out setting shown in figure 10.Referring to Figure 10, Figure 10 is the system diagram that the realization safety of the embodiment of the invention triggers, and this system comprises continuous secure data maintenance unit, data legitimacy decision package; Wherein, the secure data maintenance unit comprises safe data storage unit, the secure data existence unit that can link to each other.Said units all can be arranged in the MTC equipment.Certainly, the secure data maintenance unit can independently be provided with, as long as can guarantee to share between MTC equipment and the MTC server secure data.
When practical application, safe data storage unit can be preserved the secure data of sharing between MTC equipment and the MTC server, and offers data legitimacy decision package; The secure data generation unit can generate secure data; Data legitimacy decision package can be judged the legitimacy of internet message according to the secure data of being shared between MTC equipment and the MTC server.
Visible in sum, no matter be method, system or device, the present invention realizes the technology that safety triggers, assurance MTC equipment can be judged to trigger and indicate whether from legitimate network, avoid MTC equipment victim malice to activate.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention, all any modifications of within spirit of the present invention and principle, being done, is equal to replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (25)
1. realize safe trigger method for one kind, it is characterized in that this method comprises:
Machine class communication MTC equipment is judged the legitimacy of internet message according to the secure data Cookie that is shared between self and the MTC server.
2. method according to claim 1 is characterized in that,
Said secure data is that said MTC equipment is when signatory, by the initial safe data I nitialCookie value of network settings;
Perhaps, said secure data be said MTC equipment and said MTC server in the service interaction process, the cookie value that generates by said MTC equipment or said MTC device server.
3. method according to claim 1 is characterized in that, the method for the legitimacy of said judgement internet message is:
The cookie/initial cookie that said MTC equipment is preserved according to the secure data parameter in the said internet message and itself compares, if identical then think that said message is legal; Otherwise, then be illegal.
4. method according to claim 3 is characterized in that, said internet message is network broadcast message or ICQ message.
5. method according to claim 3 is characterized in that, the transmittance process of Cookie/InitialCookie parameter comprises in the said internet message:
Said MTC server passes to the access security management equipment ASME that said MTC equipment belongs to through the user-subscribed database under the said MTC equipment with said Cookie/Initial Cookie, and said ASME finally passes to said MTC equipment through said internet message with said Cookie/Initial Cookie;
Perhaps, said MTC server directly transmits Cookie to the ASME at said MTC equipment place, and said ASME passes to said MTC equipment through said internet message with Cookie.
6. according to each described method of claim 1 to 5, it is characterized in that said secure data is the secure data to individual equipment, or be directed against the group secure data of a plurality of equipment.
7. according to each described method of claim 1 to 5; It is characterized in that; After said MTC equipment judges that said internet message is legal, further set up with said MTC server between safety is connected, said MTC equipment is the shared Cookie value of said MTC server update perhaps.
8. a system that realizes that safety triggers is characterized in that this system comprises secure data maintenance unit, data legitimacy decision package; Wherein,
Said secure data maintenance unit is used to generate and preserve the secure data of sharing between MTC equipment and the MTC server, and offers data legitimacy decision package;
Said data legitimacy decision package is used for the secure data shared according between MTC equipment and the MTC server, judges the legitimacy of internet message.
9. system according to claim 8 is characterized in that,
Said secure data is that said MTC equipment is when signatory, by the Initial Cookie value of network settings;
Perhaps, said secure data be said MTC equipment and said MTC server in the service interaction process, the cookie value that generates by said MTC equipment or said MTC device server.
10. system according to claim 8 is characterized in that, when said data legitimacy decision package is judged the legitimacy of internet message, is used for:
The cookie/initial cookie that preserves according to the secure data parameter in the said internet message and itself compares, if identical then think that said message is legal; Otherwise, then be illegal.
11. system according to claim 10 is characterized in that, said internet message is network broadcast message or ICQ message.
12. system according to claim 10 is characterized in that, when transmitting in the said internet message Cookie/Initial Cookie parameter, said MTC server is used for:
, trigger said ASME and finally said Cookie/Initial Cookie is passed to said MTC equipment the ASME that said Cookie/Initial Cookie passes to said MTC equipment place through the user-subscribed database under the said MTC equipment through said internet message;
Perhaps, directly the ASME to said MTC equipment place transmits Cookie, triggers said ASME and through said internet message Cookie is passed to said MTC equipment.
13. to 12 each described systems, it is characterized in that according to Claim 8 said secure data is the secure data to individual equipment, or be directed against the group secure data of a plurality of equipment.
14. according to Claim 8 to 12 each described systems; It is characterized in that; After judging that said internet message is legal; Said data legitimacy decision package is further used for: set up with said MTC server between safety is connected, trigger the perhaps shared Cookie value of said MTC server update of said MTC equipment.
15. an equipment of realizing that safety triggers is characterized in that this equipment is MTC equipment, be used for according to self with the MTC server between the secure data shared, the legitimacy of judgement internet message.
16. equipment according to claim 15 is characterized in that, this equipment links to each other with the secure data maintenance unit, and said secure data maintenance unit is used to generate and preserve the secure data of sharing between MTC equipment and the MTC server, and offers MTC equipment.
17. equipment according to claim 15 is characterized in that,
Said secure data is that said MTC equipment is when signatory, by the Initial Cookie value of network settings;
Perhaps, said secure data be said MTC equipment and said MTC server in the service interaction process, the cookie value that generates by said MTC equipment or said MTC device server.
18. according to each described equipment of claim 15 to 17, it is characterized in that, when this equipment is judged the legitimacy of internet message, be used for:
The cookie/initial cookie that preserves according to the secure data parameter in the said internet message and itself compares, if identical then think that said message is legal; Otherwise, then be illegal.
19. equipment according to claim 18 is characterized in that, said internet message is network broadcast message or ICQ message.
20. according to each described equipment of claim 15 to 17; It is characterized in that; After judging that said internet message is legal, said equipment is further used for: set up with said MTC server between safety is connected, self carry out and perhaps trigger the shared Cookie value of said MTC server update.
21. an equipment of realizing that safety triggers is characterized in that this equipment is the MTC server, is used for according to MTC equipment and the secure data shared between self, the legitimacy of judgement internet message.
22. equipment according to claim 21 is characterized in that,
Said secure data is that said MTC equipment is when signatory, by the Initial Cookie value of network settings;
Perhaps, said secure data be said MTC equipment and said MTC server in the service interaction process, the cookie value that generates by said MTC equipment or said MTC device server.
23. equipment according to claim 21 is characterized in that, said internet message is network broadcast message or ICQ message.
24. equipment according to claim 22 is characterized in that, when Cookie/Initial Cookie parameter was transmitted in the said internet message, said equipment was used for:
, trigger said ASME and finally said Cookie/Initial Cookie is passed to said MTC equipment the ASME that said Cookie/Initial Cookie passes to said MTC equipment place through the user-subscribed database under the said MTC equipment through said internet message;
Perhaps, directly the ASME to said MTC equipment place transmits Cookie, triggers said ASME and through said internet message Cookie is passed to said MTC equipment.
25. according to each described equipment of claim 21 to 24, it is characterized in that, judge that said internet message is legal after, said equipment is further used for: set up with said MTC equipment between safety is connected the Cookie value that renewal is shared.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100205262A CN102595391A (en) | 2011-01-18 | 2011-01-18 | Method, system and device capable of achieving safe triggering |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100205262A CN102595391A (en) | 2011-01-18 | 2011-01-18 | Method, system and device capable of achieving safe triggering |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102595391A true CN102595391A (en) | 2012-07-18 |
Family
ID=46483503
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100205262A Pending CN102595391A (en) | 2011-01-18 | 2011-01-18 | Method, system and device capable of achieving safe triggering |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102595391A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105210076A (en) * | 2013-04-03 | 2015-12-30 | 赛门铁克公司 | Resilient and restorable dynamic device identification |
| WO2016198010A1 (en) * | 2015-11-12 | 2016-12-15 | 中兴通讯股份有限公司 | Method and apparatus for triggering mtc device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222333A (en) * | 2007-12-24 | 2008-07-16 | 北京握奇数据系统有限公司 | Data transaction processing method and apparatus |
| CN101674573A (en) * | 2009-09-30 | 2010-03-17 | 西安电子科技大学 | Security awakening device and method for wireless body area network sensing node |
-
2011
- 2011-01-18 CN CN2011100205262A patent/CN102595391A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222333A (en) * | 2007-12-24 | 2008-07-16 | 北京握奇数据系统有限公司 | Data transaction processing method and apparatus |
| CN101674573A (en) * | 2009-09-30 | 2010-03-17 | 西安电子科技大学 | Security awakening device and method for wireless body area network sensing node |
Non-Patent Citations (2)
| Title |
|---|
| KPN: "《3GPP TSG-SA3 (Security) S3-101234》", 19 November 2010 * |
| SA3: "《S3GPP TSG-SA3 (Security) S3-100906》", 2 July 2010 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105210076A (en) * | 2013-04-03 | 2015-12-30 | 赛门铁克公司 | Resilient and restorable dynamic device identification |
| CN105210076B (en) * | 2013-04-03 | 2018-12-18 | 赛门铁克公司 | Elastic, recoverable dynamic device identification |
| WO2016198010A1 (en) * | 2015-11-12 | 2016-12-15 | 中兴通讯股份有限公司 | Method and apparatus for triggering mtc device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103209402B (en) | Set of terminal accessibility determines method and system | |
| EP2903322B1 (en) | Security management method and apparatus for group communication in mobile communication system | |
| CN101227494B (en) | Method for establishing Internet safety protocol safe alliance when accessing multi grouping data network | |
| CN105307108A (en) | Internet of things information interactive communication method and system | |
| CN102215474A (en) | Method and device for carrying out authentication on communication equipment | |
| CN105828413A (en) | Safety method of D2D mode B discovery, terminal and system | |
| CN102843233A (en) | Method and system of group certification in machine-to-machine communication | |
| CN103841547A (en) | Downlink data transmission method, device and system | |
| CN102480727A (en) | Group authentication method and system in machine-to-machine (M2M) communication | |
| CN102595576A (en) | Stateful paging guard devices and methods for controlling a stateful paging guard device | |
| CN106899562A (en) | The secure algorithm negotiation method of Internet of Things, network element and internet-of-things terminal | |
| CN103313239A (en) | Method and system for accessing user equipment to integrated core network | |
| Zhang et al. | Dynamic group based authentication protocol for machine type communications | |
| CN102457844A (en) | Method and system for managing group key in M2M (machine-to-machine) group authentication | |
| JP2016501488A (en) | Group authentication in broadcast for MTC group of UE | |
| CN103139769B (en) | A kind of wireless communications method and network subsystem | |
| EP2756703B1 (en) | Method for preventing fraud or misuse when using a specific service of a public land mobile network by a user equipment, subscriber identity module and application program | |
| CN102742337B (en) | The transmission method of data and device, mobile terminal | |
| CN104969578A (en) | Data transmission method, device and system | |
| CN102263793A (en) | Method, system and device for verifying and controlling permission of MTC (machine type communication) server | |
| CN101867931B (en) | Device and method for realizing non access stratum in wireless communication system | |
| CN103108377B (en) | A kind of communication means of MTC terminal, system and center control nodes | |
| CN105792095A (en) | Secret key negotiation method and system for MTC (Machine Type Communication) packet communication and network entity | |
| CN104349311A (en) | Key establishment method and system used for small-data transmission of machine-type communication | |
| CN103813308B (en) | A kind of uplink data transmission method, apparatus and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120718 |