CN102263793A - Method, system and device for verifying and controlling permission of MTC (machine type communication) server - Google Patents

Method, system and device for verifying and controlling permission of MTC (machine type communication) server Download PDF

Info

Publication number
CN102263793A
CN102263793A CN201110231136XA CN201110231136A CN102263793A CN 102263793 A CN102263793 A CN 102263793A CN 201110231136X A CN201110231136X A CN 201110231136XA CN 201110231136 A CN201110231136 A CN 201110231136A CN 102263793 A CN102263793 A CN 102263793A
Authority
CN
China
Prior art keywords
mtc
server
sign
subscription
camel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201110231136XA
Other languages
Chinese (zh)
Inventor
田野
徐晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Telecommunications Technology CATT
Original Assignee
China Academy of Telecommunications Technology CATT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Telecommunications Technology CATT filed Critical China Academy of Telecommunications Technology CATT
Priority to CN201110231136XA priority Critical patent/CN102263793A/en
Publication of CN102263793A publication Critical patent/CN102263793A/en
Priority to PCT/CN2012/080044 priority patent/WO2013023566A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method, system and device for verifying and controlling the permission of an MTC (machine type communication) server, relating to a communication technology. In the embodiment of the invention, after a 3GPP (3rd generation partnership project) network receives an operation request from the MTC server, the permission of the MTC server is verified in accordance with the identification of the MTC server, the identification of an MTC terminal and an operation type, and then the operation of the MTC server request is executed after the verification is successful, thus realizing verification of the permission of the MTC server.

Description

A kind of MTC server Authority Verification control method, system and device
Technical field
The present invention relates to the communication technology, relate in particular to a kind of MTC server Authority Verification control method, system and device.
Background technology
At 3GPP (3rd Generation Partnership Project, third generation collaborative project) network M2M (Machine to Machine, machine and machine) in the communication process, MTC Server (Machine Type Communication Server, the machine class communication server) can to the 3GPP network send instruction to the M2M terminal trigger, control, manage, operation such as maintenance, thereby realize specific MTC service application function.
In order to support M2M communication, the 3GPP tissue has proposed MTC communication system framework as shown in Figure 1 at present.From the functional hierarchy aspect, it is mainly by MTC Server, and 3GPP mobile communications network and MTC Device (MTC terminal) three parts are formed.
The 3GPP mobile communications network connects for the MTC terminal provides network, is connected to MTC Server.MTC Server provides unified service management controlling platform for the MTC terminal downwards, upwards supports various MTC to use.
MTC-IWF (MTC-Inter working function, MTC interworking function) entity is the 3GPP network edge node, to external shield the details of 3GPP network topology.This entity is controlled Signalling exchange by the MTCsp interface and the MTC Server of redetermination, calls the specific function that the 3GPP network provides by the signaling protocol on relaying or the conversion MTCsp interface, for MTC Server provides transparent operation control service.
By MTCsp control signaling interface, MTC Server can send control signaling to the 3GPP network, request to terminal trigger, control, manage, operation such as maintenance, thereby realize the MTC traffic performance.For example, for MTC device triggering (triggering of MTC terminal) characteristic, MTC Server can send trigger request to the MTC-IWF entity by the MTCsp interface, and the request network initiates to trigger to target terminal, it is set up with MTC Server communicate by letter; For the MTC terminal with certain executive capability, as switch control, MTC Server can send control request to MTC-IWF, and the request network is controlled target terminal and required it to carry out switching manipulation, or the like.
But, the present inventor finds, in MTC device triggering characteristic, for the trigger request of MTC Server transmission, the 3GPP network at first needs the identity of MTC Server is authenticated, and judges whether it is a legal service providing device.But on this basis, network is not further judged the operating right whether MTC Server has trigger request to target terminal.If the trigger action of MTC Server exceeds the extent of competence of being authorized,, then may bring safety issue if continue to allow it to carry out trigger action.Specifically, for example MTC Server 1 has MTC terminal A, and B, C trigger the authority of control operation.Yet under certain abnormal conditions (malice or non-malice), MTC Server 1 request 3GPP network triggers the MTC terminal D.This is a kind of unauthorized operation behavior.In the case, network then may cause safety issue if do not refuse the operation requests of its initiation according to the authority setting of MTC Server.
Summary of the invention
The embodiment of the invention provides a kind of MTC server Authority Verification control method, system and device, to realize MTC server Authority Verification.
A kind of MTC server Authority Verification control method comprises:
Receive the operation requests that machine class communication MTC server sends;
Determine the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests;
According to the sign of described MTC server, the sign and the action type of MTC terminal the MTC server is carried out Authority Verification;
Carry out the operation of described MTC server requests by the back in checking.
A kind of MTC server Authority Verification control method comprises:
Receive the sign, the sign of MTC terminal and the checking request message of action type that carry described machine class communication MTC server that machine class communication interaction work functions entity MTC-IWF sends;
After the MTC server carried out Authority Verification, return the Authority Verification result to described MTC-IWF.
A kind of MTC server Authority Verification control device comprises:
Receiving element is used to receive the operation requests that machine class communication MTC server sends;
Determining unit is used for determining the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests;
Authentication unit is used for the sign according to described MTC server, the sign and the action type of MTC terminal carried out Authority Verification to the MTC server;
Performance element is used for carrying out by the back in checking the operation of described MTC server requests.
A kind of MTC server Authority Verification control device comprises:
Checking request receiving element is used to receive the sign, the sign of MTC terminal and the checking request message of action type that carry described machine class communication MTC server that machine class communication interaction work functions entity MTC-IWF sends;
The Authority Verification unit is used for the MTC server is carried out Authority Verification;
Feedback unit is used for returning the Authority Verification result to described MTC-IWF as a result.
A kind of MTC server Authority Verification control system comprises:
Machine class communication interaction work functions entity MTC-IWF is used to receive the operation requests that machine class communication MTC server sends; Determine the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests; The CAMEL-Subscription-Information request of described MTC terminal iidentification is carried in transmission, and receives the CAMEL-Subscription-Information of the described MTC terminal of returning; Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request; Carry out the operation of described MTC server requests by the back in checking;
Home location register/home subscriber server HLR/HSS is used to receive the CAMEL-Subscription-Information request that described MTC-IWF sends, and returns the CAMEL-Subscription-Information of described MTC terminal to described MTC-IWF according to described MTC terminal iidentification.
A kind of MTC server Authority Verification control system comprises:
Machine class communication interaction work functions entity MTC-IWF is used to receive the operation requests that machine class communication MTC server sends; Determine the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests; The sign of described MTC server, the sign of MTC terminal and the checking request message of action type are carried in transmission, and receive the Authority Verification result; Carry out the operation of described MTC server requests by the back in checking;
The authentication aaa server is used to receive the sign of carrying described MTC server, the sign of MTC terminal and the checking request message of action type that MTC-IWF sends; The MTC server is carried out Authority Verification; Return the Authority Verification result to described MTC-IWF.
The embodiment of the invention provides a kind of MTC server Authority Verification control method, system and device, make the 3GPP network after the operation requests that receives MTC Server, sign and action type according to MTC Server sign, MTC terminal are carried out Authority Verification to MTC Server, and pass through the back in checking and carry out this MTC Server requested operation, thereby realize MTC server Authority Verification.
Description of drawings
Fig. 1 is a MTC schematic network structure in the prior art;
One of MTC server Authority Verification control method flow chart that Fig. 2 provides for the embodiment of the invention;
Fig. 3 is corresponding to the MTC server Authority Verification control method flow chart of embodiment one in the embodiment of the invention;
Fig. 4 is corresponding to the MTC server Authority Verification control method flow chart of embodiment two in the embodiment of the invention;
Fig. 5 is corresponding to the MTC server Authority Verification control method flow chart of embodiment three in the embodiment of the invention;
Two of the MTC server Authority Verification control method flow chart that Fig. 6 provides for the embodiment of the invention;
One of MTC server Authority Verification control device structural representation that Fig. 7 provides for the embodiment of the invention;
Two of the MTC server Authority Verification control device structural representation that Fig. 8 provides for the embodiment of the invention;
One of MTC server Authority Verification control system structural representation that Fig. 9 provides for the embodiment of the invention;
Two of the MTC server Authority Verification control system structural representation that Figure 10 provides for the embodiment of the invention.
Embodiment
The embodiment of the invention provides a kind of MTC server Authority Verification control method, system and device, make the 3GPP network after the operation requests that receives MTC Server, sign and action type according to MTC Server sign, MTC terminal are carried out Authority Verification to MTC Server, and pass through the back in checking and carry out this MTC Server requested operation, thereby realize MTC server Authority Verification.
In the process that MTC Server operates the M2M terminal, for the safety that guarantees to communicate by letter, the 3GPP network entity need be verified the legitimacy of MTC instruction that Server sends, judge whether this MTC Server has the right particular terminal is initiated operation control, only accepts to authorize the request of MTC Server.
As shown in Figure 2, the MTC server Authority Verification control method that provides of the embodiment of the invention comprises:
The operation requests that step S201, reception MTC server send;
Step S202, determine the sign of MTC server, the sign and the action type of MTC terminal according to operation requests;
Step S203, the MTC server is carried out Authority Verification according to the sign of MTC server, the sign and the action type of MTC terminal;
Step S204, carry out the operation of MTC server requests by the back in checking.
Because the MTC-IWF in the 3GPP network is after receiving operation requests, according to the sign of MTC server, the sign and the action type of MTC terminal the MTC server has been carried out Authority Verification, and only checking by the time carry out the operation of this MTC server requests, and then having guaranteed the fail safe of communicating by letter, the MTC server of having avoided not having operating right sends operation requests to the MTC terminal.
When checking is not passed through, MTC-IWF can also further return refuse information and Reason For Denial to the MTC server, when returning refuse information and Reason For Denial, can only return cause value according to a preconcerted arrangement, after the MTC server receives cause value, can determine to verify and not pass through, and determine Reason For Denial according to cause value.
MTC-IWF is before carrying out Authority Verification according to the sign of the sign of MTC server, MTC terminal and action type to the MTC server, if find the MTC terminal of carrying in the operation requests be designated the sign that the 3GPP network can not discern the time, the sign of MTC terminal can be converted to the sign that the 3GPP network can be discerned, so that further discern the sign of this MTC terminal.Generally, FQDN (Fully Qualified Domain Name, the universe name), URN (Uniform Resource Name, the unified resource name), SIP URI (Session Initiation Protocol Uniform Resource Identity, session initiation protocol unified resource sign) etc. sign is that the 3GPP network can not be discerned, IMSI (International Mobile Subscriber Identity, IMSI International Mobile Subscriber Identity), MSISDN (Mobile Subscriber ISDN, mobile subscriber ISDN), GUTI sign 3GPP networks such as (Globally Unique Temporary Identity, global unique temporary identity) can be discerned.
Action type among the step S202 can be represented in explicit mode by special-purpose IE (Information Element, information unit) in operation requests, also can represent with the method for implicit expression by the type of operation requests.For example: when MTC Server initiate to trigger MTC device at needs, what send to MTC-IWF was triggering request, and wherein carried terminal sign and MTC Server identify, and at this moment, the type of operation requests is implicit representation.When if MTC Server initiate to trigger MTC device at needs, what send to MTC-IWF is operation requests, wherein when carried terminal sign and MTC Server sign and action type, is explicit identification, and in this example, action type is triggering.
In step S203, according to the sign of the sign of MTC server, MTC terminal and action type the MTC server being carried out Authority Verification can be carried out by MTC-IWF, also can ask other server to be carried out, describe below by several specific embodiments by MTC-IWF.
Embodiment one,
MTC-IWF directly carries out Authority Verification according to the sign of MTC server, the sign and the action type of MTC terminal to the MTC server by the CAMEL-Subscription-Information of self storage.
At this moment, among the step S203, the MTC server is carried out Authority Verification, specifically comprise: the CAMEL-Subscription-Information that obtains the MTC terminal according to the MTC terminal iidentification according to the sign of MTC server, the sign and the action type of MTC terminal; Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
Concrete, as shown in Figure 3, MTC server Authority Verification control method comprises:
Step S301, MTC-IWF receive the operation requests that the MTC server sends;
Step S302, after receiving operation requests, MTC-IWF handles this operation requests.Determine the sign of MTC server, the sign and the action type of MTC terminal according to operation requests, when MTCServer use the 3GPP network the sign that can not discern during as the MTC terminal iidentification, MTC-IWF is mapped as the sign that the 3GPP network internal can be used with it;
Step S303, the MTC server is carried out Authority Verification according to the sign of MTC server, the sign and the action type of MTC terminal, at this moment, the MTC Server sign, the sign of MTC terminal, the action type that provide in CAMEL-Subscription-Information, MTC server authorizes information and the triggering request of MTC-IWF according to the MTC terminal of local maintenance can be verified MTC Server operating right;
Step S304, if the checking pass through, then carry out the operation of MTC server;
Step S305, if checking is not passed through, then refuse the operation requests of MTC server, send cause value to the MTC server.
Embodiment two,
Between MTC-IWF and HLR/HSS (Home Location Register/Home Subscriber Server, home location register/home subscriber server), set up interface, be used for transmission checking solicited message.HLR/HSS title/sign/address that MTC Server authorized in record in the MTC device CAMEL-Subscription-Information of preserving, and authorize the operation that allows this MTC Server that terminal is carried out.
When receiving the request instruction message of MTC Server transmission, MTC-IWF initiates terminal unit contractual information access process, the CAMEL-Subscription-Information of acquisition request terminal according to the MTC terminal iidentification that carries in the message to HLR/HSS.Afterwards, utilize CAMEL-Subscription-Information, MTC-IWF judges according to title/sign/address information of the MTCServer that carries in the request instruction message whether the MTC Server of the request of initiation passes through legal authorization, and judges according to the solicit operation type of carrying in the request instruction message whether this MTC Server has the right target MTC device is initiated institute's requested operation.If request instruction message is by Authority Verification, MTC-IWF then continues subsequent treatment, initiates operation according to the request of MTC Server in the 3GPP network internal; Otherwise, return the refusal instruction message, the request of refusal MTC Server, and return cause value.
At this moment, among the step S203, the MTC server is carried out Authority Verification, specifically comprise: the CAMEL-Subscription-Information that obtains the MTC terminal according to the MTC terminal iidentification according to the sign of MTC server, the sign and the action type of MTC terminal; Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.Wherein, obtain the CAMEL-Subscription-Information of MTC terminal, specifically comprise: send the CAMEL-Subscription-Information request of carrying the MTC terminal iidentification to HLR/HSS, and receive the CAMEL-Subscription-Information of the MTC terminal that HLR/HSS returns according to the MTC terminal iidentification.
Concrete, as shown in Figure 4, MTC server Authority Verification control method comprises:
Step S401, MTC-IWF receive the operation requests that the MTC server sends;
Step S402, after receiving operation requests, MTC-IWF handles this operation requests.Determine the sign of MTC server, the sign and the action type of MTC terminal according to operation requests, when MTCServer use the 3GPP network the sign that can not discern during as the MTC terminal iidentification, MTC-IWF is mapped as the sign that the 3GPP network internal can be used with it;
Step S403, MTC-IWF send the CAMEL-Subscription-Information request to HLR/HSS, and the CAMEL-Subscription-Information of acquisition request target terminal carries the MTC terminal iidentification that the 3GPP network internal can be used in the CAMEL-Subscription-Information request;
Step S404, HLR/HSS carry out CAMEL-Subscription-Information and reply, and the CAMEL-Subscription-Information of MTC terminal is returned to MTC-IWF;
Step S405, MTC-IWF verify MTC Server operating right according to the MTC Server sign, the action type that provide in CAMEL-Subscription-Information and the operation requests;
Step S406, if the checking pass through, then carry out the operation of MTC server;
Step S407, if checking is not passed through, then refuse the operation requests of MTC server, send cause value to the MTC server.
Embodiment three,
Between MTC-IWF and AAA Server (Authentication, Authorization and Accounting Server, AAA server), increase interface, be used for transmission checking solicited message.HLR/HSS title/sign/address that MTC Server authorized in record in the MTC device CAMEL-Subscription-Information of preserving, and authorize the operation that allows this MTC Server that terminal is carried out.
AAA Server is the server that is used to carry out purview certification that is connected with HLR/HSS in the 3GPP network, in this embodiment, is carried out the Authority Verification of MTC Server by AAA Server.
In this embodiment, MTC-IWF is when receiving the operation requests of MTC Server transmission, MTC-IWF is according to the MTC terminal iidentification that carries in the message, MTC Server title/sign/address, information such as action type generate the checking request message, and sending to AAA Server, request AAA Server verifies the legitimacy of MTC Server authority.
AAA Server at first initiates terminal unit contractual information access process, the CAMEL-Subscription-Information of acquisition request terminal to HLR/HSS according to the MTC terminal iidentification that provides in the checking request message.Afterwards, title/sign/address information of the MTC Server that carries in CAMEL-Subscription-Information that obtains according to response and the checking request message, AAA Server judges whether the MTC Server of the request of initiation passes through legal authorization, and judges according to the action type of carrying in the checking request message whether this MTC Server has the right target MTC device is initiated institute's requested operation.At last, AAA Server will verify that by the checking response message result returns to MTC-IWF.
According to the checking result who returns, MTC-IWF determines subsequent operation.If the checking result is for passing through Authority Verification, MTC-IWF then continues subsequent treatment, initiates operation according to the request of MTC Server in the 3GPP network internal; Otherwise, return the refusal instruction message, the request of refusal MTC Server, and return cause value.
Concrete, as shown in Figure 5, MTC server Authority Verification control method comprises:
Step S501, MTC-IWF receive the operation requests that the MTC server sends;
Step S502, after receiving operation requests, MTC-IWF handles this operation requests.Determine the sign of MTC server, the sign and the action type of MTC terminal according to operation requests, when MTCServer use the 3GPP network the sign that can not discern during as the MTC terminal iidentification, MTC-IWF is mapped as the sign that the 3GPP network internal can be used with it;
Step S503, MTC-IWF generate the checking request message, and send to AAA Server, comprise MTC terminal iidentification, MTC Server sign and solicit operation type that the 3GPP network internal can be used in this checking request message;
Step S504, AAA Server use the MTC terminal iidentification that provides in the checking request message to send CAMEL-Subscription-Information request, the CAMEL-Subscription-Information of acquisition request target terminal to HLR/HSS;
Step S505, HLR/HSS carry out CAMEL-Subscription-Information and reply, and the CAMEL-Subscription-Information of MTC terminal is returned to AAA Server;
Step S506, AAA Server are according to the MTC Server sign that provides in CAMEL-Subscription-Information and the checking request message, and action type is verified MTC Server operating right;
Step S507, AAA Server will verify that by the checking response message result returns to MTC-IWF;
Step S508, if the checking pass through, then carry out the operation of MTC server;
Step S509, if checking is not passed through, then refuse the operation requests of MTC server, send cause value to the MTC server.
At aaa server, as shown in Figure 6, the MTC server Authority Verification control method that the embodiment of the invention provides comprises:
The sign of carrying the MTC server, the sign of MTC terminal and the checking request message of action type that step S601, reception MTC-IWF send;
Step S602, the MTC server carried out Authority Verification after, return the Authority Verification result to MTC-IWF.
Wherein, aaa server carries out Authority Verification to the MTC server, specifically comprises:
Obtain the CAMEL-Subscription-Information of MTC terminal according to the MTC terminal iidentification;
Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
Same, the CAMEL-Subscription-Information according to MTC terminal iidentification acquisition MTC terminal specifically comprises:
Send the CAMEL-Subscription-Information request carry the MTC terminal iidentification to HLR/HSS, and receive the CAMEL-Subscription-Information of the MTC terminal that HLR/HSS returns.
The embodiment of the invention is also corresponding to provide a kind of MTC server Authority Verification control device, and this device can be specially MTC-IWF, and as shown in Figure 7, this device comprises:
Receiving element 701 is used to receive the operation requests that machine class communication MTC server sends;
Determining unit 702 is used for determining the sign of MTC server, the sign and the action type of MTC terminal according to operation requests;
Authentication unit 703 is used for the sign according to the MTC server, the sign and the action type of MTC terminal carried out Authority Verification to the MTC server;
Performance element 704 is used for carrying out by the back in checking the operation of MTC server.
When checking was not passed through, MTC-IWF can also further return refuse information and Reason For Denial to the MTC server, at this moment, also comprises in this device:
The refusal unit is used for returning refuse information and Reason For Denial to the MTC server when checking is not passed through.
Wherein, corresponding to embodiment one and embodiment two, authentication unit 703 specifically is used for:
Obtain the CAMEL-Subscription-Information of MTC terminal according to the MTC terminal iidentification;
Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
Corresponding to embodiment three, authentication unit 703 specifically is used for:
Send the sign of MTC server, the sign of MTC terminal and the checking request of action type of carrying to aaa server, and receive aaa server and the MTC server is carried out the Authority Verification result that returns behind the Authority Verification.
Corresponding to embodiment two, authentication unit 703 specifically is used for:
Send the CAMEL-Subscription-Information request carry the MTC terminal iidentification to HLR/HSS, and receive the CAMEL-Subscription-Information of the MTC terminal that HLR/HSS returns;
Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
MTC-IWF is before carrying out Authority Verification according to the sign of the sign of MTC server, MTC terminal and action type to the MTC server, if find the MTC terminal of carrying in the operation requests be designated the sign that the 3GPP network can not discern the time, the sign of MTC terminal can be converted to the sign that the 3GPP network can be discerned, so that further discern the sign of this MTC terminal.At this moment, authentication unit 703 also is used for:
When the MTC terminal of carrying in the operation requests be designated the sign that the 3GPP network can not discern the time, before the MTC server being carried out Authority Verification, the sign of MTC terminal is converted to the sign that the 3GPP network can be discerned according to the sign of the sign of MTC server, MTC terminal and action type.
The embodiment of the invention is also corresponding to provide a kind of MTC server Authority Verification control device, and this device can be specially aaa server, as shown in Figure 8, comprises in this device:
Checking request receiving element 801 is used to receive the sign of carrying the MTC server, the sign of MTC terminal and the checking request message of action type that MTC-IWF sends;
Authority Verification unit 802 is used for the MTC server is carried out Authority Verification;
Feedback unit 803 as a result, are used for returning the Authority Verification result to MTC-IWF.
Wherein, Authority Verification unit 802 specifically is used for:
Obtain the CAMEL-Subscription-Information of MTC terminal according to the MTC terminal iidentification;
Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
Same, when need be when HLR/HSS obtains the CAMEL-Subscription-Information of MTC terminal, Authority Verification unit 802 specifically be used for:
Send the CAMEL-Subscription-Information request carry the MTC terminal iidentification to HLR/HSS, and receive the CAMEL-Subscription-Information of the MTC terminal that HLR/HSS returns;
Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
Corresponding to embodiment two, the embodiment of the invention also provides a kind of MTC server Authority Verification control system, as shown in Figure 9, comprising:
MTC-IWF901 is used to receive the operation requests that machine class communication MTC server sends; Determine the sign of MTC server, the sign and the action type of MTC terminal according to operation requests; The CAMEL-Subscription-Information request of MTC terminal iidentification is carried in transmission, and receives the CAMEL-Subscription-Information of the MTC terminal of returning; Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request; Carry out the operation of MTC server requests by the back in checking;
HLR/HSS902 is used to receive the CAMEL-Subscription-Information request that MTC-IWF901 sends, and returns the CAMEL-Subscription-Information of MTC terminal to MTC-IWF901 according to the MTC terminal iidentification.
When checking was not passed through, MTC-IWF901 can also further return refuse information and Reason For Denial to the MTC server, and at this moment, MTC-IWF901 also is used for:
When checking is not passed through, return refuse information and Reason For Denial to the MTC server.
MTC-IWF is before carrying out Authority Verification according to the sign of the sign of MTC server, MTC terminal and action type to the MTC server, if find the MTC terminal of carrying in the operation requests be designated the sign that the 3GPP network can not discern the time, the sign of MTC terminal can be converted to the sign that the 3GPP network can be discerned, so that further discern the sign of this MTC terminal.At this moment, MTC-IWF901 also is used for:
When the MTC terminal of carrying in the operation requests be designated the sign that the 3GPP network can not discern the time, before the CAMEL-Subscription-Information request of MTC terminal iidentification is carried in transmission, the sign of MTC terminal is converted to the sign that the 3GPP network can be discerned.
Corresponding to embodiment three, the embodiment of the invention also provides a kind of MTC server Authority Verification control system, as shown in figure 10, comprising:
MTC-IWF1001 is used to receive the operation requests that machine class communication MTC server sends; Determine the sign of MTC server, the sign and the action type of MTC terminal according to operation requests; The sign of MTC server, the sign of MTC terminal and the checking request message of action type are carried in transmission, and receive the Authority Verification result; Carry out the operation requests of described MTC server requests by the back in checking;
Aaa server 1002 is used to receive the sign of carrying the MTC server, the sign of MTC terminal and the checking request of action type that MTC-IWF sends; The MTC server is carried out Authority Verification; Return the Authority Verification result to MTC-IWF.
1002 pairs of MTC servers of aaa server carry out Authority Verification, specifically comprise:
Obtain the CAMEL-Subscription-Information of MTC terminal according to the MTC terminal iidentification;
Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
Further, aaa server 1002 can obtain the CAMEL-Subscription-Information of MTC terminal from HLR/HSS, at this moment, also comprise in the system:
HLR/HSS is used to receive the CAMEL-Subscription-Information request that aaa server 1002 sends, and returns the CAMEL-Subscription-Information of MTC terminal to aaa server 1002 according to the MTC terminal iidentification;
Aaa server 1002 specifically comprises according to the CAMEL-Subscription-Information of MTC terminal iidentification acquisition MTC terminal:
Send the CAMEL-Subscription-Information request carry the MTC terminal iidentification to HLR/HSS, and receive the CAMEL-Subscription-Information of the MTC terminal that HLR/HSS returns.
The embodiment of the invention provides a kind of MTC server Authority Verification control method, system and device, make the 3GPP network after the operation requests that receives MTC Server, sign and action type according to MTC Server sign, MTC terminal are carried out Authority Verification to MTC Server, and pass through the back in checking and carry out this MTC Server requested operation, thereby realize MTC server Authority Verification.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (25)

1. a MTC server Authority Verification control method is characterized in that, comprising:
Receive the operation requests that machine class communication MTC server sends;
Determine the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests;
According to the sign of described MTC server, the sign and the action type of MTC terminal the MTC server is carried out Authority Verification;
Carry out the operation of described MTC server requests by the back in checking.
2. the method for claim 1 is characterized in that, also comprises:
When checking is not passed through, return refuse information and Reason For Denial to described MTC server.
3. the method for claim 1 is characterized in that, the sign and the action type of described sign according to described MTC server, MTC terminal are carried out Authority Verification to the MTC server, specifically comprise:
Obtain the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
4. the method for claim 1 is characterized in that, the sign and the action type of described sign according to described MTC server, MTC terminal are carried out Authority Verification to the MTC server, specifically comprise:
Send to the authentication aaa server and to carry the sign of described MTC server, the sign of MTC terminal and the checking request message of action type, and receive described aaa server and the MTC server is carried out the Authority Verification result that returns behind the Authority Verification.
5. method as claimed in claim 4 is characterized in that, described aaa server carries out Authority Verification to the MTC server, specifically comprises:
Aaa server obtains the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification;
Aaa server carries out Authority Verification according to sign, the action type of the MTC server in the described CAMEL-Subscription-Information to the MTC server of described transmit operation request.
6. as claim 3 or 5 described methods, it is characterized in that, describedly obtain the CAMEL-Subscription-Information of described MTC terminal, specifically comprise according to described MTC terminal iidentification:
Send to home location register/home subscriber server HLR/HSS and to carry the CAMEL-Subscription-Information request of described MTC terminal iidentification, and receive the CAMEL-Subscription-Information of the described MTC terminal that described HLR/HSS returns.
7. the method for claim 1 is characterized in that, before the sign of described sign according to described MTC server, MTC terminal and action type are carried out Authority Verification to the MTC server, also comprises:
When the MTC terminal of carrying in the described operation requests be designated the sign that third generation collaborative project 3GPP network can not discern the time, the sign of described MTC terminal is converted to the sign that the 3GPP network can be discerned.
8. a MTC server Authority Verification control method is characterized in that, comprising:
Receive the sign, the sign of MTC terminal and the checking request message of action type that carry described machine class communication MTC server that machine class communication interaction work functions entity MTC-IWF sends;
After the MTC server carried out Authority Verification, return the Authority Verification result to described MTC-IWF.
9. method as claimed in claim 8 is characterized in that, described the MTC server is carried out Authority Verification, specifically comprises:
Obtain the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
10. method as claimed in claim 9 is characterized in that, describedly obtains the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification, specifically comprises:
Send to home location register/home subscriber server HLR/HSS and to carry the CAMEL-Subscription-Information request of described MTC terminal iidentification, and receive the CAMEL-Subscription-Information of the described MTC terminal that described HLR/HSS returns.
11. a MTC server Authority Verification control device is characterized in that, comprising:
Receiving element is used to receive the operation requests that machine class communication MTC server sends;
Determining unit is used for determining the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests;
Authentication unit is used for the sign according to described MTC server, the sign and the action type of MTC terminal carried out Authority Verification to the MTC server;
Performance element is used for carrying out by the back in checking the operation of described MTC server requests.
12. device as claimed in claim 11 is characterized in that, also comprises:
The refusal unit is used for returning refuse information and Reason For Denial to described MTC server when checking is not passed through.
13. device as claimed in claim 11 is characterized in that, described authentication unit specifically is used for:
Obtain the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
14. device as claimed in claim 11 is characterized in that, described authentication unit specifically is used for:
Send to the authentication aaa server and to carry the sign of described MTC server, the sign of MTC terminal and the checking request message of action type, and receive described aaa server and the MTC server is carried out the Authority Verification result that returns behind the Authority Verification.
15. device as claimed in claim 13 is characterized in that, described authentication unit specifically is used for:
Send to home location register/home subscriber server HLR/HSS and to carry the CAMEL-Subscription-Information request of described MTC terminal iidentification, and receive the CAMEL-Subscription-Information of the described MTC terminal that described HLR/HSS returns;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
16. device as claimed in claim 11 is characterized in that, described authentication unit also is used for:
When the MTC terminal of carrying in the described operation requests be designated the sign that third generation collaborative project 3GPP network can not discern the time, before the sign of described sign according to described MTC server, MTC terminal and action type are carried out Authority Verification to the MTC server, the sign of described MTC terminal is converted to the sign that the 3GPP network can be discerned.
17. a MTC server Authority Verification control device is characterized in that, comprising:
Checking request receiving element is used to receive the sign, the sign of MTC terminal and the checking request message of action type that carry described machine class communication MTC server that machine class communication interaction work functions entity MTC-IWF sends;
The Authority Verification unit is used for the MTC server is carried out Authority Verification;
Feedback unit is used for returning the Authority Verification result to described MTC-IWF as a result.
18. device as claimed in claim 17 is characterized in that, described Authority Verification unit specifically is used for:
Obtain the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
19. device as claimed in claim 18 is characterized in that, described Authority Verification unit specifically is used for:
Send to home location register/home subscriber server HLR/HSS and to carry the CAMEL-Subscription-Information request of described MTC terminal iidentification, and receive the CAMEL-Subscription-Information of the described MTC terminal that described HLR/HSS returns;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
20. a MTC server Authority Verification control system is characterized in that, comprising:
Machine class communication interaction work functions entity MTC-IWF is used to receive the operation requests that machine class communication MTC server sends; Determine the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests; The CAMEL-Subscription-Information request of described MTC terminal iidentification is carried in transmission, and receives the CAMEL-Subscription-Information of the described MTC terminal of returning; Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request; Carry out the operation of described MTC server requests by the back in checking;
Home location register/home subscriber server HLR/HSS is used to receive the CAMEL-Subscription-Information request that described MTC-IWF sends, and returns the CAMEL-Subscription-Information of described MTC terminal to described MTC-IWF according to described MTC terminal iidentification.
21. system as claimed in claim 20 is characterized in that, described MTC-IWF also is used for:
When checking is not passed through, return refuse information and Reason For Denial to described MTC server.
22. system as claimed in claim 20 is characterized in that, described MTC-IWF also is used for:
When the MTC terminal of carrying in the described operation requests be designated the sign that third generation collaborative project 3GPP network can not discern the time, before the CAMEL-Subscription-Information request of described MTC terminal iidentification is carried in transmission, the sign of described MTC terminal is converted to the sign that the 3GPP network can be discerned.
23. a MTC server Authority Verification control system is characterized in that, comprising:
Machine class communication interaction work functions entity MTC-IWF is used to receive the operation requests that machine class communication MTC server sends; Determine the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests; The sign of described MTC server, the sign of MTC terminal and the checking request message of action type are carried in transmission, and receive the Authority Verification result; Carry out the operation of described MTC server requests by the back in checking;
The authentication aaa server is used to receive the sign of carrying described MTC server, the sign of MTC terminal and the checking request message of action type that MTC-IWF sends; The MTC server is carried out Authority Verification; Return the Authority Verification result to described MTC-IWF.
24. system as claimed in claim 23 is characterized in that, described aaa server carries out Authority Verification to the MTC server, specifically comprises:
Obtain the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
25. system as claimed in claim 24 is characterized in that, also comprises:
Home location register/home subscriber server HLR/HSS is used to receive the CAMEL-Subscription-Information request that described aaa server sends, and returns the CAMEL-Subscription-Information of described MTC terminal to described aaa server according to described MTC terminal iidentification;
Described aaa server obtains the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification, specifically comprises:
Send to described HLR/HSS and to carry the CAMEL-Subscription-Information request of described MTC terminal iidentification, and receive the CAMEL-Subscription-Information of the described MTC terminal that described HLR/HSS returns.
CN201110231136XA 2011-08-12 2011-08-12 Method, system and device for verifying and controlling permission of MTC (machine type communication) server Pending CN102263793A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201110231136XA CN102263793A (en) 2011-08-12 2011-08-12 Method, system and device for verifying and controlling permission of MTC (machine type communication) server
PCT/CN2012/080044 WO2013023566A1 (en) 2011-08-12 2012-08-13 Method, system, and device for controlling mtc server permission validation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110231136XA CN102263793A (en) 2011-08-12 2011-08-12 Method, system and device for verifying and controlling permission of MTC (machine type communication) server

Publications (1)

Publication Number Publication Date
CN102263793A true CN102263793A (en) 2011-11-30

Family

ID=45010247

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110231136XA Pending CN102263793A (en) 2011-08-12 2011-08-12 Method, system and device for verifying and controlling permission of MTC (machine type communication) server

Country Status (2)

Country Link
CN (1) CN102263793A (en)
WO (1) WO2013023566A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013023566A1 (en) * 2011-08-12 2013-02-21 电信科学技术研究院 Method, system, and device for controlling mtc server permission validation
CN103152729A (en) * 2011-12-07 2013-06-12 中兴通讯股份有限公司 Connection controlling method and system of machine type communication (MTC) equipment
CN103188616A (en) * 2011-12-31 2013-07-03 中兴通讯股份有限公司 Management method and system of terminal group
CN103220642A (en) * 2012-01-19 2013-07-24 华为技术有限公司 Method and device of safe processing of short message
CN103227991A (en) * 2012-01-29 2013-07-31 中兴通讯股份有限公司 Trigger method, device and system for MTC (Machine Type Communication) equipment
CN103581895A (en) * 2012-08-03 2014-02-12 中兴通讯股份有限公司 Triggering method and system based on MTC device group
CN103975643A (en) * 2012-11-30 2014-08-06 华为技术有限公司 Authentication method and apparatus
CN108111993A (en) * 2012-04-20 2018-06-01 华为技术有限公司 MTC device communication means and equipment, system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902756A (en) * 2009-05-27 2010-12-01 中兴通讯股份有限公司 M2M (Machine To Machine) business platform and working method thereof
CN102045690A (en) * 2009-10-09 2011-05-04 中兴通讯股份有限公司 Method for obtaining signing information of internet of things equipment and server in internet of things
CN102137105A (en) * 2011-03-11 2011-07-27 华为技术有限公司 Machine-to-machine communication privacy protection method and system, machine-to-machine communication (M2M) service management entity and related equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102263793A (en) * 2011-08-12 2011-11-30 电信科学技术研究院 Method, system and device for verifying and controlling permission of MTC (machine type communication) server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902756A (en) * 2009-05-27 2010-12-01 中兴通讯股份有限公司 M2M (Machine To Machine) business platform and working method thereof
CN102045690A (en) * 2009-10-09 2011-05-04 中兴通讯股份有限公司 Method for obtaining signing information of internet of things equipment and server in internet of things
CN102137105A (en) * 2011-03-11 2011-07-27 华为技术有限公司 Machine-to-machine communication privacy protection method and system, machine-to-machine communication (M2M) service management entity and related equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PANASONIC: "Selection of trigger delivery mechanism", 《SA WG2 MEETING #86》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013023566A1 (en) * 2011-08-12 2013-02-21 电信科学技术研究院 Method, system, and device for controlling mtc server permission validation
CN103152729A (en) * 2011-12-07 2013-06-12 中兴通讯股份有限公司 Connection controlling method and system of machine type communication (MTC) equipment
WO2013082919A1 (en) * 2011-12-07 2013-06-13 中兴通讯股份有限公司 Connection control method and system for machine type communication device
CN103152729B (en) * 2011-12-07 2018-05-22 中兴通讯股份有限公司 The connection control method and system of a kind of MTC device
CN103188616A (en) * 2011-12-31 2013-07-03 中兴通讯股份有限公司 Management method and system of terminal group
CN103188616B (en) * 2011-12-31 2017-10-27 中兴通讯股份有限公司 The management method and system of a kind of set of terminal
CN103220642B (en) * 2012-01-19 2016-03-09 华为技术有限公司 A kind of security processing of short message and device
CN105072595A (en) * 2012-01-19 2015-11-18 华为技术有限公司 Safe processing method and device of short messages
CN103220642A (en) * 2012-01-19 2013-07-24 华为技术有限公司 Method and device of safe processing of short message
CN103227991A (en) * 2012-01-29 2013-07-31 中兴通讯股份有限公司 Trigger method, device and system for MTC (Machine Type Communication) equipment
CN108111993A (en) * 2012-04-20 2018-06-01 华为技术有限公司 MTC device communication means and equipment, system
CN103581895A (en) * 2012-08-03 2014-02-12 中兴通讯股份有限公司 Triggering method and system based on MTC device group
CN103581895B (en) * 2012-08-03 2019-09-24 中兴通讯股份有限公司 Triggering method and system based on MTC device group
CN103975643A (en) * 2012-11-30 2014-08-06 华为技术有限公司 Authentication method and apparatus

Also Published As

Publication number Publication date
WO2013023566A1 (en) 2013-02-21

Similar Documents

Publication Publication Date Title
CN102263793A (en) Method, system and device for verifying and controlling permission of MTC (machine type communication) server
JP5392879B2 (en) Method and apparatus for authenticating a communication device
JP7047921B2 (en) Communication device, first network device, method of communication device, and method of first network device
CN101227494B (en) Method for establishing Internet safety protocol safe alliance when accessing multi grouping data network
EP2721854B1 (en) Authentication server and communication device
EP2822305B1 (en) Method and system for triggering mtc device
US10721616B2 (en) Subscription information download method, related device, and system
US9900269B2 (en) Short message server, terminal trigger method of server thereof, trigger request delivery server, trigger request deliver method of server thereof
CN100591013C (en) Implementing authentication method and system
EP3107258A1 (en) Security key management in ims-based multimedia broadcast and multicast services (mbms)
CN102843233A (en) Method and system of group certification in machine-to-machine communication
CN102695236B (en) A kind of data routing method and system
WO2012034598A1 (en) Method for context establishment in telecommunication networks
US20160241600A1 (en) Lawful interception in a wi-fi / packet core network access
CN101707773A (en) Method and system for fusing WLAN access gateway, mobile network and wireless broadband network
Zhang et al. Group-based authentication and key agreement for machine-type communication
Kunz et al. Machine type communications in 3GPP: From release 10 to release 12
CN102882994B (en) IP address assignment method and device and IP address acquisition method and device
WO2017022643A1 (en) Communications system, communications device, communications method, and program
CN102595391A (en) Method, system and device capable of achieving safe triggering
KR20130016613A (en) A method and apparatus of controlling mtc device access in ims network
CN103249030B (en) Service profile processing method and processing device
CN108702619A (en) Obtain, send the method and apparatus of customer equipment identification
CN105635098A (en) IMS network registration method and system
CN104144410A (en) Mobile data network point-to-point data communication method, terminal, server and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20111130