WO2015080460A1 - 무선 통신 시스템에서 ae id 할당 방법 - Google Patents
무선 통신 시스템에서 ae id 할당 방법 Download PDFInfo
- Publication number
- WO2015080460A1 WO2015080460A1 PCT/KR2014/011411 KR2014011411W WO2015080460A1 WO 2015080460 A1 WO2015080460 A1 WO 2015080460A1 KR 2014011411 W KR2014011411 W KR 2014011411W WO 2015080460 A1 WO2015080460 A1 WO 2015080460A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- application identifier
- specific
- specific application
- resource
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000004891 communication Methods 0.000 title claims abstract description 41
- 230000006854 communication Effects 0.000 title claims abstract description 41
- 230000004044 response Effects 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 7
- 230000006870 function Effects 0.000 description 37
- 150000002500 ions Chemical class 0.000 description 26
- 238000007726 management method Methods 0.000 description 16
- 238000004325 capillary sieving electrophoresis Methods 0.000 description 14
- 101100384355 Mus musculus Ctnnbip1 gene Proteins 0.000 description 11
- 102100029091 Exportin-2 Human genes 0.000 description 5
- 101000770958 Homo sapiens Exportin-2 Proteins 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 101150119033 CSE2 gene Proteins 0.000 description 4
- 101100007792 Escherichia coli (strain K12) casB gene Proteins 0.000 description 4
- 230000009471 action Effects 0.000 description 4
- 210000001175 cerebrospinal fluid Anatomy 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 238000013523 data management Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000012384 transportation and delivery Methods 0.000 description 3
- 244000118350 Andrographis paniculata Species 0.000 description 2
- 101100264195 Caenorhabditis elegans app-1 gene Proteins 0.000 description 2
- 241000282326 Felis catus Species 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 239000008280 blood Substances 0.000 description 2
- 210000004369 blood Anatomy 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000001151 other effect Effects 0.000 description 1
- 241000894007 species Species 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/60—Subscription-based services using application servers or record carriers, e.g. SIM application toolkits
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
Definitions
- the present invention relates to a method for AE ID allocation in a wireless communication system and a device therefor.
- M2M Machine to Machine
- SDOs standard development organizations
- TIA Integrated Telecommunications
- ATIS Integrated SCSI
- ETSI ETSI
- M2M server part e.g., Coon on Service Entity (CSE)
- CSE Coon on Service Entity
- network-side applications For example, a subject that operates a network application may be different.
- the authentication process is performed using an ID for an existing application in an M2M environment, the application can be identified but individual users cannot be identified. If there are a plurality of users who use a user-side specific application (for example, an application entity (AE)), there is a problem that individual users cannot be identified using the ID for the AE.
- AE application entity
- the present invention proposes a method for identifying and authenticating individual users in an M2M environment.
- the present invention proposes a procedure for identifying and authenticating individual users in a wireless communication system.
- a method for allocating a user specific application identifier in a wireless communication system wherein the method is performed by an M2M device and receives user information from a user. Transmitting a request message including a user specific token and an application identifier based on the user information to an peer M2M device for allocation, and the allocation allocated based on the user specific token and the application identifier. And receiving a voice response message including a user specific application identifier from the counterpart M2M device.
- a unique user specific application identifier may be assigned for each user specific token included in the request message.
- the request message includes a user specific token that is the same as a user specific token associated with a previously assigned user specific application identifier, the same user specific application as the previously assigned user specific application identifier. Identifiers can be assigned.
- the request message includes a user specific token that is the same as a user specific token associated with a previously assigned user specific application identifier
- the user specific application is different from the previously assigned user specific application identifier.
- Application identifiers may be assigned.
- the user specific application identifier may be used for authentication or access control of the request by the M2M device.
- a method for allocating a user specific application identifier in a wireless communication system wherein the method is performed by an M2M device and is used to assign a user specific application identifier.
- a unique user specific application identifier may be assigned for each user specific token included in the request message.
- the request message includes a user specific token that is the same as a user specific token associated with a previously assigned user specific application identifier, the same identifier as the previously assigned user specific application identifier is assigned. Can be.
- the request message includes a user specific token that is the same as a user specific token associated with a previously assigned user specific application identifier, the user specific application different from the previously assigned user specific application identifier. Identifiers can be assigned.
- the user specific application identifier may be used for authentication or access control of the request from the M2M device.
- An M2M device configured to process a request message in a wireless communication system according to another embodiment of the present invention, wherein the M2M device includes a radio frequency (RF) unit and a processor configured to control the RF unit.
- the processor receives user information from a user, and sends a request message including a user specific token and an application identifier based on the user information to a peer M2M device for assigning a user specific application identifier. And a voice response message including the user specific application identifier assigned based on the user specific token and the application identifier, from the counterpart M2M device.
- RF radio frequency
- An M2M device configured to process a request message in a wireless communication system according to another embodiment of the present invention, wherein the M2M device includes a radio frequency (RF) unit and a processor configured to control the RF unit.
- the processor receives a request message from a peer M2M device for assigning a user specific application identifier, the user specific token based on the user's user information and an application identifier, and the user specific token and Assign the user specific application identifier based on the application identifier, and And send a ACK answer message including the assigned user specific application identifier to the counterpart M2M device.
- RF radio frequency
- FIG. 1 shows a functional structure in an M2M communication system.
- FIG 2 illustrates a configuration supported by the M2M communication system based on the M2M functional structure.
- FIG. 3 illustrates a common service function provided in an M2M communication system.
- FIG. 4 illustrates a resource structure existing in an M2M application service node and an M2M infrastructure node.
- FIG. 5 shows a resource structure present in an M2M application service node (eg, an M2M device) and an M2M infrastructure node.
- M2M application service node eg, an M2M device
- FIG. 6 shows a procedure of exchanging request and answer messages used in an M2M communication system.
- FIG. 8 illustrates an access control method for a specific request message according to an embodiment of the present invention.
- 9 illustrates an AE ID allocation request and answering procedure according to an embodiment of the present invention.
- FIG. 10 illustrates an AE ID allocation request and answering procedure according to an embodiment of the present invention.
- FIG. 11 illustrates an AE ID allocation for a user and an access control procedure through the same according to an embodiment of the present invention.
- FIG. 12 illustrates an access right assignment procedure through interworking with an access right assignment entity after AE ID assignment for a user according to an embodiment of the present invention.
- Figure 13 shows a block diagram of an apparatus for implementing embodiment (s) of the present invention.
- an apparatus for device-to-device communication may be an M2M device, an M2M gateway, or an M2M server, and may communicate with each other through an M2M interface.
- the M2M device may include a terminal equipment, an MS (Mobi le Stat ion), an MKMobi le Terminal (MK), a User Terminal (UT), a Subscriber Stat ion (SS), a wireless device, and a PDA (Personal Digital Assistant). , Wireless modems and handheld devices.
- the M2M server generally refers to an entity that communicates with M2M devices, M2M gateways and / or other M2M servers, and exchanges various data and control information with them.
- the technology related to the present invention will be described.
- M2M applications can be installed or mounted on M2M devices, M2M gateways, or M2M servers.
- oneM2M defines a common M2M service framework (or service platform, common service entity (CSE), etc.) for various M2M applications (or application entities (AEs)).
- M2M applications are software that implements service logic such as e-Health, City Automation, Connected Consumer, Automotive, etc.
- OneM2M service framework includes functions that are commonly needed to implement various M2M applications. have. Thus, using the oneM2M service framework, these M2M applications can be easily implemented without having to configure each framework required for various M2M applications.
- M2M Mobile Multimedia Subsystem
- M2M Verticals such as Smart Building, Smart Grid, e-Health, Transportation, Security, and so on
- M2M service framework e-Health, Transportation, Security, and so on
- M2M market is currently divided into multiple M2M Verticals such as Smart Building, Smart Grid, e-Health, Transportation, Security, and so on, based on a common oneM2M service framework, which will greatly facilitate the M2M market. It is expected to be.
- FIG. 1 shows a functional structure in an M2M communication system. Describe each entity.
- Application Entity provides application logic for an end-to-end M2M solution.
- AEs include cargo tracking, remote blood sugar monitoring, and remote power measurement and control applications.
- Application Entity provides Application logic for the end-to-end M2M solutions.
- Examples of the Appl ication Entities can be fleet tracking application, remote blood sugar monitoring appl ication, or remote power metering and controlling appl icat ion.
- AE may be referred to as an M2M application.
- Common Service Entity (CSE, 102): The CSE consists of the service functions defined in oneM2M that are common to the M2M environment. These service functions may be used by registered (connected) AEs and other CSEs exposed through reference points Mca and Mcc. A reference service Men is used to access services in an underlying network.
- a Common Services Entity comprises the set of "service funct ions" that are common to the M2M environments and speci f ied by one M2M. Such service funct ions are exposed to other ent it ies through Reference Points Mca and Mcc.Reference point Men is used for accessing Underlying Network Service Ent it ies.
- Examples of the service functions provided by the CSE include data management, device management, M2M subscription management, and location services. These features can be logically divided into CSF Common Services Funtions. Some CSFs in a CSE must be present and some may optionally be present. In addition, some of the functions in the CSF must exist and some of them may be present. (For example, some of the application software installations, firmware updates, logging, and monitoring in the "Device Management" CSF are mandatory and some are optional.)
- Underlying network service entity (NSE) 103 The NSE provides services to the CSE. Examples of such services include device management, location services, and device triggering. NSE is not limited to a specific technology, but the transport provided by the network is not considered as a service of NSE. (An Under lying Network Services Ent i ty provides services to the CSEs .Exam les of such services include device management, locat ion services and device tr iggering.No part icular emerge ion of the NSEs is assumed.Note: Underlying Networks provide data transport services between ent it ies in the one M2M system.Such data transport services are not included in the NSE.) [51] Outlet Describe each reference point shown in Figure 1.
- Mca Reference Points are a reference point between the AE and the CSE.
- the Mca reference point allows the AE to communicate with the CSE so that the AE can use the services provided by the CSE. (This is the reference point between an Application Entity and a CSE.
- the Mca reference point shall allow an Appl ication Entity to use the services provided by the CSE, and for the CSE to communicate with the Application Entity.)
- the Mcc reference point is a reference point between two CSEs.
- the Mcc reference point allows the CSE to use the services of other CSEs. Services provided through the Mcc reference point depend on the functions provided by the CSE. (This is the reference point between two CSEs.
- the Mcc reference point shall allow a CSE to use the services of another CSE in order to fulfill needed functionality.
- the Mcc reference point between two CSEs shall be supported over different M2M physical entities. The services offered via the Mcc reference point are dependent on the functionality supported by the CSEs)
- the Men reference point is a reference point between the CSE and the NSE. Men reference points allow the CSE to use the services provided by the NSE. (This is the reference point between a CSE and the Underlying Network Services Entity.The Men reference point shall allow a CSE to use the services (other than transport and connectivity services) provided by the Underlying Network Services Entity in order to fulfill the needed functionality
- the services provided by the NSE are simple services such as transport and connectivity services. Other than that, services such as device triggering, small data transmission, and positioning are examples.
- the Mcc 'reference point is used for communication between CSEs belonging to different M2M service providers.
- the Mcc 'reference point may be similar in that it links the Mcc reference point and the CSE, but if the existing Mcc reference point was confined to communication within a single M2M service provider, the Mcc' reference point would extend the Mcc to a different M2M service provider. It can be seen as a concept.
- the M2M communication system is not limited to the illustrated configuration and can support more diverse configurations. The concept of a node that is important for understanding the above-described configuration will be described first.
- the Mca reference point can be connected to one middle node or one infrastructure node.
- ADN may be referred to as an M2M device.
- Application Service Node An Application Service Node is a Node that contains one Common Services Entity and contains at least one Application Entity).
- the Mcc reference point can be connected to one middle node or one infrastructure node.
- the ASN can exist in the M2M device.
- Middle Node A Middle Node is a Node that contains one Common Services Entity and may contain Appl icat ion Entities.
- a Middle Node communicates over a Mcc references point with at least two other Nodes among either (not exclusively):
- ASN application service nodes
- MNs middle nodes
- MN may be connected through the ADN and the Mca reference point.
- MN may be referred to as M2M gateway.
- Infrastructure Node An Infrastructure Node is a Node that contains one Common Services Entity and may contain Application Entities. IN may be referred to as an M2M server.
- the infrastructure node may communicate with the following nodes through the MN or ASN and the Mcc reference point.
- An Infrastructure Node communicates over a Y reference point with either:
- the infrastructure node can communicate through ADN and Mca reference points. (An Infrastructure Node may communicate with one or more Application Dedicated Nodes over one or more respective Mca reference points.)
- FIG. 3 illustrates a common service function provided in an M2M communication system.
- M2M service function ie, common service function
- M2M communication system As the M2M service function (ie, common service function) provided by the M2M communication system, as shown in FIG. 3, 'Communication.Management and Delivery Handling'Data Management and Repository', 'Device Management', and 'Discovery'Group Management ',' Addressing and Identification ',' Location 'Network Service Exposure, Service Execution and Triggering' Registration ',' Security ',' Service Charging and Accounting 'Session Management', 'Subscript ion and Notification'.
- CMDH Communicat ion Management and Delivery Handling
- DMR Data Management and Repository
- DMG Device Management
- Discovery Plays a role to find resources and information based on conditions.
- GCG Group Management
- a group can be created by grouping resources, M2M devices, or gateways. It manages requests related to groups.
- Addressing and Identification plays a role in identifying and addressing physical or logical resources.
- NSE Network Service Exposure, Service Execution and Triggering
- Registration An M2M application or other CSE is responsible for handling registration with a particular CSE. Registration is performed to use the M2M service function of a specific CSE.
- Security Handles sensitive data such as security keys, establishes security associations, authenticates identity, authorizes and protects identity.
- SCA Service Charging and Accounting
- Session Management It manages M2M session for end-to-end communication.
- Subscription and Notification Subscribes to a change to a specific resource (Subscript ion), which notifies when the resource changes.
- M2M common service functions are provided through the CSE, and AE (or M2M applications) can use the common service functions through the Mca reference point or other CSE through the Mcc reference point.
- This M2M common service The function may operate in conjunction with an Under Lying Network (or Under Lying Network Service Entities (NSE), eg 3GPP, 3GPP2, ffiFi, Bluetooth).
- NSE Under Lying Network Service Entities
- a resource is used for organizing and representing information in an M2M communication system, and means anything that can be identified by a URI.
- the resources may be classified into general resources, virtual resources, and announced resources.
- the definition of each resource is as follows.
- Virtual Resources are used to trigger specific processing and / or retrieve results, but are not permanently present in the CSE.
- Announced Resource An announced resource is a resource in a remote CSE that is connected to the announced (or notified) original resource. Announced resources retain some of the characteristics of the original resource. Resource announcements facilitate resource discovery or discovery. The announced resource in the remote CSE is used to create child resources in the remote CSE that do not exist as children of the original resource or that are not announced children of the original resource.
- FIG. 4 illustrates a resource structure existing in an M2M application service node and an M2M infrastructure node.
- the M2M communication system defines various resources (or resources).
- the M2M communication system can perform M2M services such as registering applications and reading sensor values by manipulating these resources.
- the resource is composed of a tree structure, logically connected to the CSE or stored in the CSE and stored in an M2M device, an M2M gateway, a network domain, etc.
- the CSE is referred to as an entity managing a resource. Can be.
- the resource has a tree root of 368 & 36>, and a representative resource is as follows.
- ⁇ cseBase> Resource A tote resource of a tree-formed M2M resource, including all other resources.
- ⁇ remoteCSE> Resource A resource existing under ⁇ cseBase> that contains information of another CSE registered (connected) to the CSE.
- ⁇ AE> Resource A resource existing under ⁇ cseBase> or ⁇ remoteCSE> resource. If it exists under ⁇ cseBase>, information of applications registered (connected) to the corresponding CSE is stored. If it exists underneath> information of the applications 1 registered in another CSE (with CSE name) is stored.
- ⁇ accessControlPol icy> Resource A resource that stores information related to access rights for a specific resource. Authorization is done using the access rights information contained in this resource.
- Resource A resource that stores data for each CSE or AE.
- Resource A resource that provides a function to group several resources together and process them together.
- ⁇ Subscript ion> resource A resource that performs a function of notifying (not i f icat ion) of a change in a state such as a value of a resource.
- FIG. 5 shows a resource structure present in an M2M application service node (eg, an M2M device) and an M2M infrastructure node.
- M2M application service node eg, an M2M device
- an AE appl icat ion2
- the sensor usually refers to a physical device, and applicat ionl (AE) present on the M2M device reads the value from the sensor and stores the read value in the form of a container resource in the registered CSE (CSEl).
- CSEl registered CSE
- the AE existing on the M2M device must be registered to the CSE existing on the M2M device for this purpose.
- the ME related to the M2M application registered in the form of cseBaseCSEl / app 1 i cat i onl resource as shown in FIG. The information is stored.
- the AE registered in the infrastructure node may access the value.
- the AE registered with the infrastructure node must also be registered with the CSE CSE2) of the infrastructure node, which is the same as the method cseBaseCSE2 / app 1 i cat registers with CSE1 by appl icat ionl.
- CSE1 By storing information about appl icat ion in the i on2 resource
- applicationl communicates through CSE1 and CSE2 in the middle, not directly with the application. For this purpose, CSE1 must be registered in CSE2.
- CSE1 related information (eg, Link) is stored in the ⁇ remoteCSE> resource type under the cseBaseCSE2 resource. That is, ⁇ ⁇ provides the CSE type, access address (IP address, etc.), CSE ID, and reachability information about the registered CSE.
- the service performance related to an embodiment of the present invention may be defined as a resource type, and there are various resource types as shown in the following table.
- locat ionPol ic Includes subscription CSEBase
- remoteCSE Represents a application, CSEBase
- a resource cmdh NetworkAccessRuIes shall be a, cmdhNwAccessRule, chi Id resource cmdhPol icy, container, for the CSEBase, delivery, subscribe-to event Config,
- node nodelnfo, parameters, remoteCSE, request, schedule, statsCol lect, statsConfig
- Container Shares data container, application, instances among content Instance, container, remoteCSE, entities. Used subscript ion, CSEBase as a mediator
- Each resource type may be located under a parent resource type of the corresponding resource type and may have a child resource type.
- Each resource type also has attributes, in which the actual values are stored.
- Table 2 below defines the attributes of the ⁇ CSEBase> resource type.
- the attribute where the actual values are stored must be set () or optionally set ('0..1') through Multiplicity.
- the attributes are set as R0 (Read Only), RW (Read and Write), and W0 (Write Only) depending on the characteristics at the time of creation.
- resourceType _ attribute identifies the type of resources. Each resource shall have a resourceType attribute.
- nodeLink 0..1 R0 A reference (URI) of a
- ⁇ node> resource that stores the node specific informat ion.
- notifica t ionStoragePr ior i t y to make space for new notifications of higher no t ifica t ionStoragePr ior i t y, or delete stored notifications of older creationTime to make space for new notifications when all notifications are of the same
- resources may be represented in a tree structure, and the type of a root resource is represented by 3 £ 8336>. therefore,
- FIG. 6 shows a general communication flow on Mca and Mcc reference points.
- the operation of the M2M system is performed based on the data exchange. For example, in order for the first device to transmit or execute a command for stopping a specific operation of the second device, the first device must transmit the command to the second device in data form.
- data can be exchanged in request and answer messages on the connection between the application (or CSE) and the CSE.
- the Request message includes the following information.
- the response message includes the following information. First, if the request message has been successfully processed, the answer message is
- mmii Additional information on the request (meta informat ion)
- TS Result of processing request (eg Not Okay)
- An application entity identifier uniquely identifies an AE that makes a request to interact with an AE or M2M node that is present on the M2M node.
- the AE ID must identify the application entity for the purpose of all interactions within the M2M system. For example, it is an ID for identifying an application installed in the M2M device, and not for identifying a specific application type (for example, temperature sensing application A), but for identifying a specific application a installed in a specific M2M device.
- the M2M service provider is responsible for ensuring that the AE ID is globally unique, and the AE ID must include the application ID.
- the App-ID is identical to the application name and is not guaranteed to be globally unique. For example, it is an ID for identifying an application installed in the M2M device and an ID for identifying a specific application type (eg, temperature sensing application A).
- App-IDs may be supported via single or multiple registration authentications / entities.
- the CSE must be identified by a globally unique identifier when instantiated within an M2M node in an M2M system.
- the CSE-ID must identify the CSE for the purpose of all interactions to / from the CSE in the M2M system.
- the (host) M2M node that owns the CSE and / or application (s) must be identified by a globally unique identifier.
- the M2M system should allow the M2M service provider to set the CSE-ID and the M2M node ID to the same value.
- the M2M node ID enables the M2M service provider to bind the CSE-ID to a specific M2M node.
- An example of assigning a globally unique M2M node ID includes the use of 0I Object Ident i ty) and IMEI.
- the AE or CSE accesses a resource of a specific CSE, and uses an identifier (ID) of the AE or CSE when accessing the resource. Since AE and CSE are entities identified on the M2M system as M2M entities, access control is also possible.
- the resource repository is an entity (ent i ty) that can recognize the user's identity.
- the problem occurs when the service provider of the AE and the service provider of the resource repository (eg, resource owning CSE) are not the same or have no contract.
- the user has a contract with the AE
- the AE has a contract with the resource repository
- the user does not have a contract with the resource repository.
- there is an AE in the treadmill that stores a record based on the user's ID and shows it to the user.
- interaction with the user is only recognized by the AE, and the AE stores a value in the resource repository based on its ID.
- the resource repository does not recognize the other user and performs access control based on the AE ID because AEs are the same. For example, if the user using the AE is user 1, the user may use the AE while the user is authorized to update and retrieve the specific resource of the CSE (for example, user 1's record information). If the user is user 2, if the authority does not exist for the resource of the CSE, the CSE cannot perform access control only through the identifier of the AE, and up to the information of user 2 Access control is possible by dividing as described above. However, the user's authentication (identifier authentication, for example, ID / password based authentication) is terminated in the AE.
- identifier authentication for example, ID / password based authentication
- the user is an entity that is not recognized by the M2M system. That is, the user's information exists only in the AE, not the information existing or handled on the M2M system. Therefore, the mechanism to enable access control to the entity that can be recognized by the M2M system through newly establishing AE identification information based on user information or new identification information that extends AE identifier can be described.
- the CSE may allocate different AE IDs to different users in order to perform different access control for each user in the CSE. That is, a CSE that communicates with the AE by assigning a different ID to the user despite being the same application instance (a materialized application, or more simply, a specific application installed on or running on a particular M2M device); Other AEs can be recognized as different AEs depending on the user. Through this, access control for a specific user is possible through the AE ID.
- the AE ID may be configured to include an application identifier and an identifier for uniquely identifying an application instance on the application, in which case the application identifier is the same regardless of the user and may identify the application instance.
- the identifier may be assigned to each user differently.
- the AE ID may include an extension identifier along with an identifier for identifying an application identifier and an application instance.
- the identifier for identifying the application identifier and the application instance is the same regardless of the user, and the extension identifier may be given differently for each user.
- the extended identifier may be the same as an identifier (ie, user ID) that identifies a shared user between a user and the AE, but is not limited thereto and only needs to be uniquely assigned to that user.
- a destination address of a message transmitted by another entity to the AE ID may be different for each user.
- the application ID is information for identifying which application (eg, application name) the AE is.
- application eg, application name
- an M2M device When compared to a personal computer (PC), a word program or an internet browser program corresponds to the application, and the ID assigned to each program is substituted for the application ID.
- the AE ID is an ID for identifying an application uniquely installed in the M2M device.
- the word program installed on my PC and the word program installed on my brother's PC may be assigned the same application ID, but the AE IDs identifying the two installed programs are different. .
- the user may transmit a request message for a specific operation to a resource of a specific CSE through the AE (S81).
- the AE may transmit a request message for the operation to a resource of a specific CSE including an AE ID corresponding to the user (S82).
- the AE ID may be included in a caller ID that may be used for access control, and an operation may be transmitted.
- the specific CSE may check whether the AE ID has a corresponding operation right for a corresponding resource (S83).
- the resource may have a link related to access control, and the link may describe which entity is actually authorized for what action. Through this, the specific CSE can check which entity has what authority in the corresponding resource.
- the specific CSE does not perform the requested operation (s) (S84).
- the CSE may communicate to the AE that it did not perform the requested action (s) and did not perform the action (s) because it is not authorized.
- the specific CSE may perform the requested operation (s) (S85).
- the CSE may perform the requested operation (s) and may transmit to the corresponding AE that the operation (s) have been performed.
- the node may transmit a message for requesting the AE ID to the bootstrap function 92 (S91).
- the specific node may be a CSE or AE and the bootstrap function is an entity capable of assigning an AE ID, such as an M2M bootstrap server, an M2M provisioning server, an M2M service bootstrap function, an application server, or an infrastructure. It may be a structure node application, a smart card, or the like.
- the request may be transmitted in a message requesting overall configuration information of the node / AE such as node / AE bootstrap, node / AE configuration provisioning.
- the message may include an application ID (App-ID), a node ID, or a user indicator.
- App-ID application ID
- node ID a node ID
- user indicator a user indicator
- the bootstrap function may allocate a unique ID for each user to the corresponding AE and transmit the same to the node (S92).
- the node ID may be used to assign the same AE ID as the previously allocated AE ID when the message of S91 includes the same node ID and the same app-ID as the existing AE ID. This allows the bootstrap function to assign the same AE ID even if the node or AE has lost information about the previously assigned AE ID.
- the same AE ID may be assigned to the node even if a message including the same app- ID and node ID is transmitted to the bootstrap function many times without a user indicator.
- the user indicator serves to inform that a new user has arrived, whether the corresponding AE supports multiple users, or an identifier for identifying the user. That is, if the user indicator is not present or is set to a specific value (eg, false), if the node requests for the same app-ID, the same AE ID value previously assigned to the corresponding AE exists (ie, bootstrap). If the function has), the bootstram function can transmit the same AE ID to the node. If the user indicator is present or set to a specific value (eg true), The bootstrap function may allocate an AE ID different from the AE ID previously assigned to the app-ID and the node and transmit the same even if the node requests for the same app-ID.
- a specific value eg, false
- the bootstrap function may previously assign an AE ID to the same app-ID, the same node ID, and the same user indicator as included in the message. If there is, the AE ID may be transmitted to the node. Or, if there is an identifier for identifying a user in the user indicator, the bootstrap function has the same app-ID and AE ID previously assigned to the same user indicator as included in the message. ID may be transmitted to the node.
- the identifier for identifying the user included in the user indicator may be the same as or different from the identifier for identifying the user shared between the AE and the user.
- the infrastructure node (IN) connected to the AE or the AE or the AE server may be two. You can store mapping relationships between them.
- the bootstrap function may perform the S92 through another method.
- FIG. 10 illustrates a procedure of allocating an AE ID for each user according to another embodiment of the present invention.
- the procedure according to FIG. 10 uses an AE rounding procedure.
- the AE lOl may transmit an AE registration request message including a token capable of temporarily instructing a specific user and an ID of an application corresponding to the AE to a specific CSE (S1001).
- the token may be a value based on user information (eg, an email, an address, a phone number, a user ID of an AE), or may be received from the user by the AE.
- the CSE 102 performs an authentication procedure for the AE registration request message, and allocates an AE ID for the AE when the AE registration request message is a legitimate request (S1002). That is, the CSE may allocate an AE ID suitable for a specific user based on the token and the ID of the application.
- the CSE may transmit an AE Registration Answer Message including the assigned AE ID to the AE (S1003).
- the CSE may allocate a unique AE ID for each token. That is, even if the application IDs included in at least two AE registration request messages are the same, different tokens may be allocated to the two request messages.
- the CSE may allocate the same AE ID as the previously allocated AE ID.
- the AE registration request message may of course include the same application ID as the application ID associated with the previously assigned AE ID.
- the allocation of the AE ID may be limited for each CSE, and thus, the same AE ID may be allocated only for an AE round request including the same token for the same CSE. Or, if the token is used again, the CSE may determine that the token is a duplicate and allocate a new AE ID.
- the CSE may store a mapping relationship between the token and the AE ID. Alternatively, based on the relationship between the AE ID and the token, the CSE may infer the token from the AE ID. In addition, the AE may manage the mapping relationship between the user and the AE ID or token. That is, the CSE cannot know the relationship between the token and the user while the AE can know the relationship between the token and the user, so if the AE and the CSE are operated or managed by different operating entities (ie, companies), Even if the user's personal information and the like is not known to the CSE side can obtain the effect of security or privacy protection.
- FIG. 11 illustrates an authentication or access control procedure for an operation on a specific resource using an AE ID according to an embodiment of the present invention.
- the user 111 and the AE 112 perform authentication (eg, ID / PW based). Through this, the AE may acquire an ID of the user (S1101).
- the AE may check whether it has an AE ID for the user or whether an AE ID exists for the user (S1102).
- the AE may allocate an AE ID for the user ( S1103). Allocation of the AE ID may be performed according to the above-described procedure.
- the user may transmit a request for specific operation (s) to the AE to a specific resource of a specific resource repository (eg, a resource owning CSE 113) (S1104).
- a specific resource repository eg, a resource owning CSE 113
- the AE may transmit a request for the operation (s) to a specific resource of the resource storage (S1105).
- the request may be transmitted including an AE ID (eg, set as a sender related parameter) assigned to the user.
- the resource repository may determine whether the resource has authority for the operation (s) based on the AE ID included in the operation (s) (S1106).
- the resource may have an indicator indicating the information of the authorized entities for the resource, and the information indicated by the indicator may specify which entities are entitled to what action (s).
- the information indicating the entities may include any information related to the AE ID including the AE ID, based on the attribute of the AE ID, which may infer the AE ID or the AE ID.
- the resource owning CSE may perform the operation (s) (S1107).
- the resource owning CSE may transmit the result of the operation (s) (eg, execution success) to the AE as a response of the operation (s) (S1108). Or, if the execution result of the operation is a failure, the resource-owned CSE may send a result of the operation (s) (eg, execution failure or authentication failure) to the AE as a response of the operation (s) (S1109). .
- the AE may transmit a response to the request.
- S1102 and S1103 may be performed between S1104 and S1105.
- FIG. 12 illustrates an authentication or access control procedure of an operation for a specific resource using an AE ID according to another embodiment of the present invention.
- the user 121 and the AEC122 may perform authentication (eg, ID / PW or token based) (S1201).
- authentication eg, ID / PW or token based
- the AE may allocate a unique AE ID to the corresponding user (S1202). If grouping users, the AE ID may not be unique for each user. For the AE ID assignment, refer to the above-described procedure.
- the message may be sent from the AE or resource owned CSE.
- the user ID may be any information or value (for example, a token) that can recognize that the access authority assignment entity is the corresponding user.
- the access right assignment entity may allocate access rights of the AE ID to specific resources (S1204).
- the user may transmit a request for a specific operation (s) to the AE to a specific resource of a specific resource storage 123 (eg, a resource owning CSE) (S1205).
- a specific resource storage 123 eg, a resource owning CSE
- the AE may send a request for the operation (s) to a specific resource of the resource store (S1206).
- the request may include an AE ID assigned to the user (eg, set as a sender related parameter) and be transmitted.
- the resource repository may determine whether the resource has authority for the operation (s) based on the AE ID included in the request for the operation (s) (S1207).
- the resource may have an indicator indicating information of entities authorized to the resource, and the information indicated by the indicator may indicate which entities are entitled to which operation (s).
- the information indicating the entities includes the AE ID based on an attribute of the AE ID, which can infer the AE ID or the AE ID. It can contain any information related to the ID.
- the resource storage may perform the operation (s) (S1208).
- the resource storage may transmit a result (eg, execution success) of the operation (s) to the AE as a response to the request of the operation (s) (S1209).
- a result of performing the operation (s) (for example, failed execution or authentication failure) may be transmitted to the AE as a response of the operation (s).
- S1205 to S1209 may occur continuously, and S1203 or S1204 may be delivered in an offline message.
- nodes eg, ADN, ASN, MN, or IN
- the nodes may be referred to as M2M device, M2M gateway or M2M server as described above.
- FIG. 13 shows a block diagram of an apparatus configured to perform embodiment (s) of the present invention.
- the transmitter 10 and the receiver 20 are radio frequency (RF) units 13 and 23 capable of transmitting or receiving radio signals carrying information and / or data, signals, messages, and the like, in a wireless communication system.
- the device 12 is operatively connected to components such as the memory 12 and 22 storing the various information related to the communication, the RF units 13 and 23 and the memory 12 and 22, and controls the components.
- the memory 12 and 22 may store a program for processing and controlling the processors 11 and 21, and may temporarily store input / output information.
- the memory 12, 22 can be utilized as a buffer.
- the processor (11, 21) typically controls the overall operation of the various models in the transmitter or receiver.
- the processors 11 and 21 may perform various control functions for carrying out the present invention.
- Processors 11 and 21 may also be referred to as controllers, microcontrollers, microprocessors, microcomputers, and the like.
- the processors 11 and 21 may be implemented by hardware or firmware, software, or a combination thereof.
- the ASICs cap icat ion specific integrated circuits (DSICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), rogrammable logic devices (PLDs), and FPGAs are configured to perform the present invention.
- Field programmable gate arrays and the like may be provided in the processors 11 and 21.
- the firmware or software may be configured to include modules, procedures, or functions for performing the functions or operations of the present invention.
- Firmware or software configured to be performed may be provided in the processors 11 and 21 or stored in the memory 12 and 22 to be driven by the processors 11 and 21.
- the application (entity) or resource management entity, etc. may operate as the devices on which they are installed or mounted, that is, the transmission device 10 or the reception device 20, respectively. .
- an application entity
- a resource management entity such as a receiver or a transmitter
- Embodiments may be implemented to be applied simultaneously.
- the present invention can be used in a terminal, a base station server or other equipment of a wireless mobile communication system.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/039,349 US20170171751A1 (en) | 2013-11-26 | 2014-11-26 | Method for allocating ae id in wireless communication system |
KR1020167010283A KR20160090286A (ko) | 2013-11-26 | 2014-11-26 | 무선 통신 시스템에서 ae id 할당 방법 |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201361908755P | 2013-11-26 | 2013-11-26 | |
US61/908,755 | 2013-11-26 | ||
US201461927497P | 2014-01-15 | 2014-01-15 | |
US61/927,497 | 2014-01-15 | ||
US201462010457P | 2014-06-11 | 2014-06-11 | |
US62/010,457 | 2014-06-11 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015080460A1 true WO2015080460A1 (ko) | 2015-06-04 |
Family
ID=53199351
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2014/011411 WO2015080460A1 (ko) | 2013-11-26 | 2014-11-26 | 무선 통신 시스템에서 ae id 할당 방법 |
Country Status (3)
Country | Link |
---|---|
US (1) | US20170171751A1 (ko) |
KR (1) | KR20160090286A (ko) |
WO (1) | WO2015080460A1 (ko) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105940737B (zh) * | 2014-02-04 | 2020-12-25 | 株式会社Ntt都科摩 | 服务控制系统、用户装置以及服务控制方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006309546A (ja) * | 2005-04-28 | 2006-11-09 | Vision Arts Kk | コンテンツを提供する方法、情報提供システム及び情報提供プログラム |
US20120173610A1 (en) * | 2011-01-05 | 2012-07-05 | Darryl Neil Bleau | Message Push Notification Client Improvements For Multi-User Devices |
KR20120079457A (ko) * | 2012-06-25 | 2012-07-12 | 현택영 | 사용자 데이터 관리서버 및 운용방법, 사용자 단말기 및 이를 위한 프로그램을 기록한 컴퓨터로 판독 가능한 기록매체 |
US20120317261A1 (en) * | 2011-06-13 | 2012-12-13 | Kalle Ilmari Ahmavaara | Apparatus and methods of identity management in a multi-network system |
JP2013175034A (ja) * | 2012-02-24 | 2013-09-05 | Ntt Docomo Inc | 情報処理装置、サービス提供システム、サービス提供方法及びプログラム |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6961564B2 (en) * | 2001-05-16 | 2005-11-01 | Nokia Corporation | Method for enabling a subscriber entity to actively communicate in a communication network |
US7310307B1 (en) * | 2002-12-17 | 2007-12-18 | Cisco Technology, Inc. | System and method for authenticating an element in a network environment |
CN1324918C (zh) * | 2003-04-16 | 2007-07-04 | 日本电气株式会社 | 移动终端、其信息管理方法和用于信息管理的计算机程序 |
FR2879867A1 (fr) * | 2004-12-22 | 2006-06-23 | Gemplus Sa | Systeme d'allocation de carte a puce a un operateur de reseau |
US20090117883A1 (en) * | 2006-07-20 | 2009-05-07 | Dan Coffing | Transaction system for business and social networking |
KR101264299B1 (ko) * | 2011-01-20 | 2013-05-22 | 에스케이플래닛 주식회사 | Cpns 환경에서 사용자 인증을 위한 인증키 발급 시스템 및 방법 |
US8555363B2 (en) * | 2011-09-16 | 2013-10-08 | Google Inc. | Authenticating a user of a system using near field communication |
US20140173695A1 (en) * | 2012-12-18 | 2014-06-19 | Google Inc. | Token based account access |
-
2014
- 2014-11-26 WO PCT/KR2014/011411 patent/WO2015080460A1/ko active Application Filing
- 2014-11-26 KR KR1020167010283A patent/KR20160090286A/ko not_active Application Discontinuation
- 2014-11-26 US US15/039,349 patent/US20170171751A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006309546A (ja) * | 2005-04-28 | 2006-11-09 | Vision Arts Kk | コンテンツを提供する方法、情報提供システム及び情報提供プログラム |
US20120173610A1 (en) * | 2011-01-05 | 2012-07-05 | Darryl Neil Bleau | Message Push Notification Client Improvements For Multi-User Devices |
US20120317261A1 (en) * | 2011-06-13 | 2012-12-13 | Kalle Ilmari Ahmavaara | Apparatus and methods of identity management in a multi-network system |
JP2013175034A (ja) * | 2012-02-24 | 2013-09-05 | Ntt Docomo Inc | 情報処理装置、サービス提供システム、サービス提供方法及びプログラム |
KR20120079457A (ko) * | 2012-06-25 | 2012-07-12 | 현택영 | 사용자 데이터 관리서버 및 운용방법, 사용자 단말기 및 이를 위한 프로그램을 기록한 컴퓨터로 판독 가능한 기록매체 |
Also Published As
Publication number | Publication date |
---|---|
US20170171751A1 (en) | 2017-06-15 |
KR20160090286A (ko) | 2016-07-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11627225B2 (en) | System and method for programmatic device connectivity | |
US10965473B2 (en) | Smart object identification in the digital home | |
US9955348B2 (en) | Method and device for requesting for specific right acquisition on specific resource in wireless communication system | |
US10085244B2 (en) | Method for guaranteeing operation of control message in wireless communication system and device for same | |
US11963260B2 (en) | Methods and entities for ending a subscription | |
US10182351B2 (en) | Method for service subscription resource-based authentication in wireless communication system | |
US20230108364A1 (en) | Service enabler function | |
US10015684B2 (en) | Method and apparatus for managing specific resource in wireless communication system | |
US9867164B2 (en) | Method and device for processing a specific request message in wireless communication system | |
US10193709B2 (en) | Method for processing request messages in wireless communication system, and device for same | |
KR20200044833A (ko) | 기기간 통신 네트워크에서의 자동화된 서비스 등록 | |
WO2014180438A1 (zh) | M2m应用的远程注册方法、装置、系统及存储介质 | |
KR102152741B1 (ko) | 액세스 포인트를 스위칭하기 위한 방법 및 디바이스 | |
US20160014674A1 (en) | Method for location based access control in wireless communication system and apparatus therefor | |
CN108353263B (zh) | 处理无线通信系统中的服务请求的方法及其设备 | |
US10362577B2 (en) | Method and apparatus for re-arrangement of group resource in wireless communication system | |
KR101975291B1 (ko) | 서비스 레이어에서의 리소스 링크 관리 | |
US10271296B2 (en) | Method for changing schedule information in wireless communication system and device therefor | |
WO2015080460A1 (ko) | 무선 통신 시스템에서 ae id 할당 방법 | |
CN114363891A (zh) | 能够迁移订阅的方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14866437 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 20167010283 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15039349 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14866437 Country of ref document: EP Kind code of ref document: A1 |