CN102263793A - Method, system and device for verifying and controlling permission of MTC (machine type communication) server - Google Patents
Method, system and device for verifying and controlling permission of MTC (machine type communication) server Download PDFInfo
- Publication number
- CN102263793A CN102263793A CN201110231136XA CN201110231136A CN102263793A CN 102263793 A CN102263793 A CN 102263793A CN 201110231136X A CN201110231136X A CN 201110231136XA CN 201110231136 A CN201110231136 A CN 201110231136A CN 102263793 A CN102263793 A CN 102263793A
- Authority
- CN
- China
- Prior art keywords
- mtc
- server
- sign
- subscription
- camel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method, system and device for verifying and controlling the permission of an MTC (machine type communication) server, relating to a communication technology. In the embodiment of the invention, after a 3GPP (3rd generation partnership project) network receives an operation request from the MTC server, the permission of the MTC server is verified in accordance with the identification of the MTC server, the identification of an MTC terminal and an operation type, and then the operation of the MTC server request is executed after the verification is successful, thus realizing verification of the permission of the MTC server.
Description
Technical field
The present invention relates to the communication technology, relate in particular to a kind of MTC server Authority Verification control method, system and device.
Background technology
At 3GPP (3rd Generation Partnership Project, third generation collaborative project) network M2M (Machine to Machine, machine and machine) in the communication process, MTC Server (Machine Type Communication Server, the machine class communication server) can to the 3GPP network send instruction to the M2M terminal trigger, control, manage, operation such as maintenance, thereby realize specific MTC service application function.
In order to support M2M communication, the 3GPP tissue has proposed MTC communication system framework as shown in Figure 1 at present.From the functional hierarchy aspect, it is mainly by MTC Server, and 3GPP mobile communications network and MTC Device (MTC terminal) three parts are formed.
The 3GPP mobile communications network connects for the MTC terminal provides network, is connected to MTC Server.MTC Server provides unified service management controlling platform for the MTC terminal downwards, upwards supports various MTC to use.
MTC-IWF (MTC-Inter working function, MTC interworking function) entity is the 3GPP network edge node, to external shield the details of 3GPP network topology.This entity is controlled Signalling exchange by the MTCsp interface and the MTC Server of redetermination, calls the specific function that the 3GPP network provides by the signaling protocol on relaying or the conversion MTCsp interface, for MTC Server provides transparent operation control service.
By MTCsp control signaling interface, MTC Server can send control signaling to the 3GPP network, request to terminal trigger, control, manage, operation such as maintenance, thereby realize the MTC traffic performance.For example, for MTC device triggering (triggering of MTC terminal) characteristic, MTC Server can send trigger request to the MTC-IWF entity by the MTCsp interface, and the request network initiates to trigger to target terminal, it is set up with MTC Server communicate by letter; For the MTC terminal with certain executive capability, as switch control, MTC Server can send control request to MTC-IWF, and the request network is controlled target terminal and required it to carry out switching manipulation, or the like.
But, the present inventor finds, in MTC device triggering characteristic, for the trigger request of MTC Server transmission, the 3GPP network at first needs the identity of MTC Server is authenticated, and judges whether it is a legal service providing device.But on this basis, network is not further judged the operating right whether MTC Server has trigger request to target terminal.If the trigger action of MTC Server exceeds the extent of competence of being authorized,, then may bring safety issue if continue to allow it to carry out trigger action.Specifically, for example MTC Server 1 has MTC terminal A, and B, C trigger the authority of control operation.Yet under certain abnormal conditions (malice or non-malice), MTC Server 1 request 3GPP network triggers the MTC terminal D.This is a kind of unauthorized operation behavior.In the case, network then may cause safety issue if do not refuse the operation requests of its initiation according to the authority setting of MTC Server.
Summary of the invention
The embodiment of the invention provides a kind of MTC server Authority Verification control method, system and device, to realize MTC server Authority Verification.
A kind of MTC server Authority Verification control method comprises:
Receive the operation requests that machine class communication MTC server sends;
Determine the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests;
According to the sign of described MTC server, the sign and the action type of MTC terminal the MTC server is carried out Authority Verification;
Carry out the operation of described MTC server requests by the back in checking.
A kind of MTC server Authority Verification control method comprises:
Receive the sign, the sign of MTC terminal and the checking request message of action type that carry described machine class communication MTC server that machine class communication interaction work functions entity MTC-IWF sends;
After the MTC server carried out Authority Verification, return the Authority Verification result to described MTC-IWF.
A kind of MTC server Authority Verification control device comprises:
Receiving element is used to receive the operation requests that machine class communication MTC server sends;
Determining unit is used for determining the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests;
Authentication unit is used for the sign according to described MTC server, the sign and the action type of MTC terminal carried out Authority Verification to the MTC server;
Performance element is used for carrying out by the back in checking the operation of described MTC server requests.
A kind of MTC server Authority Verification control device comprises:
Checking request receiving element is used to receive the sign, the sign of MTC terminal and the checking request message of action type that carry described machine class communication MTC server that machine class communication interaction work functions entity MTC-IWF sends;
The Authority Verification unit is used for the MTC server is carried out Authority Verification;
Feedback unit is used for returning the Authority Verification result to described MTC-IWF as a result.
A kind of MTC server Authority Verification control system comprises:
Machine class communication interaction work functions entity MTC-IWF is used to receive the operation requests that machine class communication MTC server sends; Determine the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests; The CAMEL-Subscription-Information request of described MTC terminal iidentification is carried in transmission, and receives the CAMEL-Subscription-Information of the described MTC terminal of returning; Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request; Carry out the operation of described MTC server requests by the back in checking;
Home location register/home subscriber server HLR/HSS is used to receive the CAMEL-Subscription-Information request that described MTC-IWF sends, and returns the CAMEL-Subscription-Information of described MTC terminal to described MTC-IWF according to described MTC terminal iidentification.
A kind of MTC server Authority Verification control system comprises:
Machine class communication interaction work functions entity MTC-IWF is used to receive the operation requests that machine class communication MTC server sends; Determine the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests; The sign of described MTC server, the sign of MTC terminal and the checking request message of action type are carried in transmission, and receive the Authority Verification result; Carry out the operation of described MTC server requests by the back in checking;
The authentication aaa server is used to receive the sign of carrying described MTC server, the sign of MTC terminal and the checking request message of action type that MTC-IWF sends; The MTC server is carried out Authority Verification; Return the Authority Verification result to described MTC-IWF.
The embodiment of the invention provides a kind of MTC server Authority Verification control method, system and device, make the 3GPP network after the operation requests that receives MTC Server, sign and action type according to MTC Server sign, MTC terminal are carried out Authority Verification to MTC Server, and pass through the back in checking and carry out this MTC Server requested operation, thereby realize MTC server Authority Verification.
Description of drawings
Fig. 1 is a MTC schematic network structure in the prior art;
One of MTC server Authority Verification control method flow chart that Fig. 2 provides for the embodiment of the invention;
Fig. 3 is corresponding to the MTC server Authority Verification control method flow chart of embodiment one in the embodiment of the invention;
Fig. 4 is corresponding to the MTC server Authority Verification control method flow chart of embodiment two in the embodiment of the invention;
Fig. 5 is corresponding to the MTC server Authority Verification control method flow chart of embodiment three in the embodiment of the invention;
Two of the MTC server Authority Verification control method flow chart that Fig. 6 provides for the embodiment of the invention;
One of MTC server Authority Verification control device structural representation that Fig. 7 provides for the embodiment of the invention;
Two of the MTC server Authority Verification control device structural representation that Fig. 8 provides for the embodiment of the invention;
One of MTC server Authority Verification control system structural representation that Fig. 9 provides for the embodiment of the invention;
Two of the MTC server Authority Verification control system structural representation that Figure 10 provides for the embodiment of the invention.
Embodiment
The embodiment of the invention provides a kind of MTC server Authority Verification control method, system and device, make the 3GPP network after the operation requests that receives MTC Server, sign and action type according to MTC Server sign, MTC terminal are carried out Authority Verification to MTC Server, and pass through the back in checking and carry out this MTC Server requested operation, thereby realize MTC server Authority Verification.
In the process that MTC Server operates the M2M terminal, for the safety that guarantees to communicate by letter, the 3GPP network entity need be verified the legitimacy of MTC instruction that Server sends, judge whether this MTC Server has the right particular terminal is initiated operation control, only accepts to authorize the request of MTC Server.
As shown in Figure 2, the MTC server Authority Verification control method that provides of the embodiment of the invention comprises:
The operation requests that step S201, reception MTC server send;
Step S202, determine the sign of MTC server, the sign and the action type of MTC terminal according to operation requests;
Step S203, the MTC server is carried out Authority Verification according to the sign of MTC server, the sign and the action type of MTC terminal;
Step S204, carry out the operation of MTC server requests by the back in checking.
Because the MTC-IWF in the 3GPP network is after receiving operation requests, according to the sign of MTC server, the sign and the action type of MTC terminal the MTC server has been carried out Authority Verification, and only checking by the time carry out the operation of this MTC server requests, and then having guaranteed the fail safe of communicating by letter, the MTC server of having avoided not having operating right sends operation requests to the MTC terminal.
When checking is not passed through, MTC-IWF can also further return refuse information and Reason For Denial to the MTC server, when returning refuse information and Reason For Denial, can only return cause value according to a preconcerted arrangement, after the MTC server receives cause value, can determine to verify and not pass through, and determine Reason For Denial according to cause value.
MTC-IWF is before carrying out Authority Verification according to the sign of the sign of MTC server, MTC terminal and action type to the MTC server, if find the MTC terminal of carrying in the operation requests be designated the sign that the 3GPP network can not discern the time, the sign of MTC terminal can be converted to the sign that the 3GPP network can be discerned, so that further discern the sign of this MTC terminal.Generally, FQDN (Fully Qualified Domain Name, the universe name), URN (Uniform Resource Name, the unified resource name), SIP URI (Session Initiation Protocol Uniform Resource Identity, session initiation protocol unified resource sign) etc. sign is that the 3GPP network can not be discerned, IMSI (International Mobile Subscriber Identity, IMSI International Mobile Subscriber Identity), MSISDN (Mobile Subscriber ISDN, mobile subscriber ISDN), GUTI sign 3GPP networks such as (Globally Unique Temporary Identity, global unique temporary identity) can be discerned.
Action type among the step S202 can be represented in explicit mode by special-purpose IE (Information Element, information unit) in operation requests, also can represent with the method for implicit expression by the type of operation requests.For example: when MTC Server initiate to trigger MTC device at needs, what send to MTC-IWF was triggering request, and wherein carried terminal sign and MTC Server identify, and at this moment, the type of operation requests is implicit representation.When if MTC Server initiate to trigger MTC device at needs, what send to MTC-IWF is operation requests, wherein when carried terminal sign and MTC Server sign and action type, is explicit identification, and in this example, action type is triggering.
In step S203, according to the sign of the sign of MTC server, MTC terminal and action type the MTC server being carried out Authority Verification can be carried out by MTC-IWF, also can ask other server to be carried out, describe below by several specific embodiments by MTC-IWF.
Embodiment one,
MTC-IWF directly carries out Authority Verification according to the sign of MTC server, the sign and the action type of MTC terminal to the MTC server by the CAMEL-Subscription-Information of self storage.
At this moment, among the step S203, the MTC server is carried out Authority Verification, specifically comprise: the CAMEL-Subscription-Information that obtains the MTC terminal according to the MTC terminal iidentification according to the sign of MTC server, the sign and the action type of MTC terminal; Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
Concrete, as shown in Figure 3, MTC server Authority Verification control method comprises:
Step S301, MTC-IWF receive the operation requests that the MTC server sends;
Step S302, after receiving operation requests, MTC-IWF handles this operation requests.Determine the sign of MTC server, the sign and the action type of MTC terminal according to operation requests, when MTCServer use the 3GPP network the sign that can not discern during as the MTC terminal iidentification, MTC-IWF is mapped as the sign that the 3GPP network internal can be used with it;
Step S303, the MTC server is carried out Authority Verification according to the sign of MTC server, the sign and the action type of MTC terminal, at this moment, the MTC Server sign, the sign of MTC terminal, the action type that provide in CAMEL-Subscription-Information, MTC server authorizes information and the triggering request of MTC-IWF according to the MTC terminal of local maintenance can be verified MTC Server operating right;
Step S304, if the checking pass through, then carry out the operation of MTC server;
Step S305, if checking is not passed through, then refuse the operation requests of MTC server, send cause value to the MTC server.
Embodiment two,
Between MTC-IWF and HLR/HSS (Home Location Register/Home Subscriber Server, home location register/home subscriber server), set up interface, be used for transmission checking solicited message.HLR/HSS title/sign/address that MTC Server authorized in record in the MTC device CAMEL-Subscription-Information of preserving, and authorize the operation that allows this MTC Server that terminal is carried out.
When receiving the request instruction message of MTC Server transmission, MTC-IWF initiates terminal unit contractual information access process, the CAMEL-Subscription-Information of acquisition request terminal according to the MTC terminal iidentification that carries in the message to HLR/HSS.Afterwards, utilize CAMEL-Subscription-Information, MTC-IWF judges according to title/sign/address information of the MTCServer that carries in the request instruction message whether the MTC Server of the request of initiation passes through legal authorization, and judges according to the solicit operation type of carrying in the request instruction message whether this MTC Server has the right target MTC device is initiated institute's requested operation.If request instruction message is by Authority Verification, MTC-IWF then continues subsequent treatment, initiates operation according to the request of MTC Server in the 3GPP network internal; Otherwise, return the refusal instruction message, the request of refusal MTC Server, and return cause value.
At this moment, among the step S203, the MTC server is carried out Authority Verification, specifically comprise: the CAMEL-Subscription-Information that obtains the MTC terminal according to the MTC terminal iidentification according to the sign of MTC server, the sign and the action type of MTC terminal; Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.Wherein, obtain the CAMEL-Subscription-Information of MTC terminal, specifically comprise: send the CAMEL-Subscription-Information request of carrying the MTC terminal iidentification to HLR/HSS, and receive the CAMEL-Subscription-Information of the MTC terminal that HLR/HSS returns according to the MTC terminal iidentification.
Concrete, as shown in Figure 4, MTC server Authority Verification control method comprises:
Step S401, MTC-IWF receive the operation requests that the MTC server sends;
Step S402, after receiving operation requests, MTC-IWF handles this operation requests.Determine the sign of MTC server, the sign and the action type of MTC terminal according to operation requests, when MTCServer use the 3GPP network the sign that can not discern during as the MTC terminal iidentification, MTC-IWF is mapped as the sign that the 3GPP network internal can be used with it;
Step S403, MTC-IWF send the CAMEL-Subscription-Information request to HLR/HSS, and the CAMEL-Subscription-Information of acquisition request target terminal carries the MTC terminal iidentification that the 3GPP network internal can be used in the CAMEL-Subscription-Information request;
Step S404, HLR/HSS carry out CAMEL-Subscription-Information and reply, and the CAMEL-Subscription-Information of MTC terminal is returned to MTC-IWF;
Step S405, MTC-IWF verify MTC Server operating right according to the MTC Server sign, the action type that provide in CAMEL-Subscription-Information and the operation requests;
Step S406, if the checking pass through, then carry out the operation of MTC server;
Step S407, if checking is not passed through, then refuse the operation requests of MTC server, send cause value to the MTC server.
Embodiment three,
Between MTC-IWF and AAA Server (Authentication, Authorization and Accounting Server, AAA server), increase interface, be used for transmission checking solicited message.HLR/HSS title/sign/address that MTC Server authorized in record in the MTC device CAMEL-Subscription-Information of preserving, and authorize the operation that allows this MTC Server that terminal is carried out.
AAA Server is the server that is used to carry out purview certification that is connected with HLR/HSS in the 3GPP network, in this embodiment, is carried out the Authority Verification of MTC Server by AAA Server.
In this embodiment, MTC-IWF is when receiving the operation requests of MTC Server transmission, MTC-IWF is according to the MTC terminal iidentification that carries in the message, MTC Server title/sign/address, information such as action type generate the checking request message, and sending to AAA Server, request AAA Server verifies the legitimacy of MTC Server authority.
AAA Server at first initiates terminal unit contractual information access process, the CAMEL-Subscription-Information of acquisition request terminal to HLR/HSS according to the MTC terminal iidentification that provides in the checking request message.Afterwards, title/sign/address information of the MTC Server that carries in CAMEL-Subscription-Information that obtains according to response and the checking request message, AAA Server judges whether the MTC Server of the request of initiation passes through legal authorization, and judges according to the action type of carrying in the checking request message whether this MTC Server has the right target MTC device is initiated institute's requested operation.At last, AAA Server will verify that by the checking response message result returns to MTC-IWF.
According to the checking result who returns, MTC-IWF determines subsequent operation.If the checking result is for passing through Authority Verification, MTC-IWF then continues subsequent treatment, initiates operation according to the request of MTC Server in the 3GPP network internal; Otherwise, return the refusal instruction message, the request of refusal MTC Server, and return cause value.
Concrete, as shown in Figure 5, MTC server Authority Verification control method comprises:
Step S501, MTC-IWF receive the operation requests that the MTC server sends;
Step S502, after receiving operation requests, MTC-IWF handles this operation requests.Determine the sign of MTC server, the sign and the action type of MTC terminal according to operation requests, when MTCServer use the 3GPP network the sign that can not discern during as the MTC terminal iidentification, MTC-IWF is mapped as the sign that the 3GPP network internal can be used with it;
Step S503, MTC-IWF generate the checking request message, and send to AAA Server, comprise MTC terminal iidentification, MTC Server sign and solicit operation type that the 3GPP network internal can be used in this checking request message;
Step S504, AAA Server use the MTC terminal iidentification that provides in the checking request message to send CAMEL-Subscription-Information request, the CAMEL-Subscription-Information of acquisition request target terminal to HLR/HSS;
Step S505, HLR/HSS carry out CAMEL-Subscription-Information and reply, and the CAMEL-Subscription-Information of MTC terminal is returned to AAA Server;
Step S506, AAA Server are according to the MTC Server sign that provides in CAMEL-Subscription-Information and the checking request message, and action type is verified MTC Server operating right;
Step S507, AAA Server will verify that by the checking response message result returns to MTC-IWF;
Step S508, if the checking pass through, then carry out the operation of MTC server;
Step S509, if checking is not passed through, then refuse the operation requests of MTC server, send cause value to the MTC server.
At aaa server, as shown in Figure 6, the MTC server Authority Verification control method that the embodiment of the invention provides comprises:
The sign of carrying the MTC server, the sign of MTC terminal and the checking request message of action type that step S601, reception MTC-IWF send;
Step S602, the MTC server carried out Authority Verification after, return the Authority Verification result to MTC-IWF.
Wherein, aaa server carries out Authority Verification to the MTC server, specifically comprises:
Obtain the CAMEL-Subscription-Information of MTC terminal according to the MTC terminal iidentification;
Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
Same, the CAMEL-Subscription-Information according to MTC terminal iidentification acquisition MTC terminal specifically comprises:
Send the CAMEL-Subscription-Information request carry the MTC terminal iidentification to HLR/HSS, and receive the CAMEL-Subscription-Information of the MTC terminal that HLR/HSS returns.
The embodiment of the invention is also corresponding to provide a kind of MTC server Authority Verification control device, and this device can be specially MTC-IWF, and as shown in Figure 7, this device comprises:
Receiving element 701 is used to receive the operation requests that machine class communication MTC server sends;
Determining unit 702 is used for determining the sign of MTC server, the sign and the action type of MTC terminal according to operation requests;
When checking was not passed through, MTC-IWF can also further return refuse information and Reason For Denial to the MTC server, at this moment, also comprises in this device:
The refusal unit is used for returning refuse information and Reason For Denial to the MTC server when checking is not passed through.
Wherein, corresponding to embodiment one and embodiment two, authentication unit 703 specifically is used for:
Obtain the CAMEL-Subscription-Information of MTC terminal according to the MTC terminal iidentification;
Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
Corresponding to embodiment three, authentication unit 703 specifically is used for:
Send the sign of MTC server, the sign of MTC terminal and the checking request of action type of carrying to aaa server, and receive aaa server and the MTC server is carried out the Authority Verification result that returns behind the Authority Verification.
Corresponding to embodiment two, authentication unit 703 specifically is used for:
Send the CAMEL-Subscription-Information request carry the MTC terminal iidentification to HLR/HSS, and receive the CAMEL-Subscription-Information of the MTC terminal that HLR/HSS returns;
Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
MTC-IWF is before carrying out Authority Verification according to the sign of the sign of MTC server, MTC terminal and action type to the MTC server, if find the MTC terminal of carrying in the operation requests be designated the sign that the 3GPP network can not discern the time, the sign of MTC terminal can be converted to the sign that the 3GPP network can be discerned, so that further discern the sign of this MTC terminal.At this moment, authentication unit 703 also is used for:
When the MTC terminal of carrying in the operation requests be designated the sign that the 3GPP network can not discern the time, before the MTC server being carried out Authority Verification, the sign of MTC terminal is converted to the sign that the 3GPP network can be discerned according to the sign of the sign of MTC server, MTC terminal and action type.
The embodiment of the invention is also corresponding to provide a kind of MTC server Authority Verification control device, and this device can be specially aaa server, as shown in Figure 8, comprises in this device:
Checking request receiving element 801 is used to receive the sign of carrying the MTC server, the sign of MTC terminal and the checking request message of action type that MTC-IWF sends;
Wherein, Authority Verification unit 802 specifically is used for:
Obtain the CAMEL-Subscription-Information of MTC terminal according to the MTC terminal iidentification;
Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
Same, when need be when HLR/HSS obtains the CAMEL-Subscription-Information of MTC terminal, Authority Verification unit 802 specifically be used for:
Send the CAMEL-Subscription-Information request carry the MTC terminal iidentification to HLR/HSS, and receive the CAMEL-Subscription-Information of the MTC terminal that HLR/HSS returns;
Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
Corresponding to embodiment two, the embodiment of the invention also provides a kind of MTC server Authority Verification control system, as shown in Figure 9, comprising:
MTC-IWF901 is used to receive the operation requests that machine class communication MTC server sends; Determine the sign of MTC server, the sign and the action type of MTC terminal according to operation requests; The CAMEL-Subscription-Information request of MTC terminal iidentification is carried in transmission, and receives the CAMEL-Subscription-Information of the MTC terminal of returning; Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request; Carry out the operation of MTC server requests by the back in checking;
HLR/HSS902 is used to receive the CAMEL-Subscription-Information request that MTC-IWF901 sends, and returns the CAMEL-Subscription-Information of MTC terminal to MTC-IWF901 according to the MTC terminal iidentification.
When checking was not passed through, MTC-IWF901 can also further return refuse information and Reason For Denial to the MTC server, and at this moment, MTC-IWF901 also is used for:
When checking is not passed through, return refuse information and Reason For Denial to the MTC server.
MTC-IWF is before carrying out Authority Verification according to the sign of the sign of MTC server, MTC terminal and action type to the MTC server, if find the MTC terminal of carrying in the operation requests be designated the sign that the 3GPP network can not discern the time, the sign of MTC terminal can be converted to the sign that the 3GPP network can be discerned, so that further discern the sign of this MTC terminal.At this moment, MTC-IWF901 also is used for:
When the MTC terminal of carrying in the operation requests be designated the sign that the 3GPP network can not discern the time, before the CAMEL-Subscription-Information request of MTC terminal iidentification is carried in transmission, the sign of MTC terminal is converted to the sign that the 3GPP network can be discerned.
Corresponding to embodiment three, the embodiment of the invention also provides a kind of MTC server Authority Verification control system, as shown in figure 10, comprising:
MTC-IWF1001 is used to receive the operation requests that machine class communication MTC server sends; Determine the sign of MTC server, the sign and the action type of MTC terminal according to operation requests; The sign of MTC server, the sign of MTC terminal and the checking request message of action type are carried in transmission, and receive the Authority Verification result; Carry out the operation requests of described MTC server requests by the back in checking;
1002 pairs of MTC servers of aaa server carry out Authority Verification, specifically comprise:
Obtain the CAMEL-Subscription-Information of MTC terminal according to the MTC terminal iidentification;
Sign, action type according to the MTC server in the CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of transmit operation request.
Further, aaa server 1002 can obtain the CAMEL-Subscription-Information of MTC terminal from HLR/HSS, at this moment, also comprise in the system:
HLR/HSS is used to receive the CAMEL-Subscription-Information request that aaa server 1002 sends, and returns the CAMEL-Subscription-Information of MTC terminal to aaa server 1002 according to the MTC terminal iidentification;
Send the CAMEL-Subscription-Information request carry the MTC terminal iidentification to HLR/HSS, and receive the CAMEL-Subscription-Information of the MTC terminal that HLR/HSS returns.
The embodiment of the invention provides a kind of MTC server Authority Verification control method, system and device, make the 3GPP network after the operation requests that receives MTC Server, sign and action type according to MTC Server sign, MTC terminal are carried out Authority Verification to MTC Server, and pass through the back in checking and carry out this MTC Server requested operation, thereby realize MTC server Authority Verification.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (25)
1. a MTC server Authority Verification control method is characterized in that, comprising:
Receive the operation requests that machine class communication MTC server sends;
Determine the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests;
According to the sign of described MTC server, the sign and the action type of MTC terminal the MTC server is carried out Authority Verification;
Carry out the operation of described MTC server requests by the back in checking.
2. the method for claim 1 is characterized in that, also comprises:
When checking is not passed through, return refuse information and Reason For Denial to described MTC server.
3. the method for claim 1 is characterized in that, the sign and the action type of described sign according to described MTC server, MTC terminal are carried out Authority Verification to the MTC server, specifically comprise:
Obtain the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
4. the method for claim 1 is characterized in that, the sign and the action type of described sign according to described MTC server, MTC terminal are carried out Authority Verification to the MTC server, specifically comprise:
Send to the authentication aaa server and to carry the sign of described MTC server, the sign of MTC terminal and the checking request message of action type, and receive described aaa server and the MTC server is carried out the Authority Verification result that returns behind the Authority Verification.
5. method as claimed in claim 4 is characterized in that, described aaa server carries out Authority Verification to the MTC server, specifically comprises:
Aaa server obtains the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification;
Aaa server carries out Authority Verification according to sign, the action type of the MTC server in the described CAMEL-Subscription-Information to the MTC server of described transmit operation request.
6. as claim 3 or 5 described methods, it is characterized in that, describedly obtain the CAMEL-Subscription-Information of described MTC terminal, specifically comprise according to described MTC terminal iidentification:
Send to home location register/home subscriber server HLR/HSS and to carry the CAMEL-Subscription-Information request of described MTC terminal iidentification, and receive the CAMEL-Subscription-Information of the described MTC terminal that described HLR/HSS returns.
7. the method for claim 1 is characterized in that, before the sign of described sign according to described MTC server, MTC terminal and action type are carried out Authority Verification to the MTC server, also comprises:
When the MTC terminal of carrying in the described operation requests be designated the sign that third generation collaborative project 3GPP network can not discern the time, the sign of described MTC terminal is converted to the sign that the 3GPP network can be discerned.
8. a MTC server Authority Verification control method is characterized in that, comprising:
Receive the sign, the sign of MTC terminal and the checking request message of action type that carry described machine class communication MTC server that machine class communication interaction work functions entity MTC-IWF sends;
After the MTC server carried out Authority Verification, return the Authority Verification result to described MTC-IWF.
9. method as claimed in claim 8 is characterized in that, described the MTC server is carried out Authority Verification, specifically comprises:
Obtain the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
10. method as claimed in claim 9 is characterized in that, describedly obtains the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification, specifically comprises:
Send to home location register/home subscriber server HLR/HSS and to carry the CAMEL-Subscription-Information request of described MTC terminal iidentification, and receive the CAMEL-Subscription-Information of the described MTC terminal that described HLR/HSS returns.
11. a MTC server Authority Verification control device is characterized in that, comprising:
Receiving element is used to receive the operation requests that machine class communication MTC server sends;
Determining unit is used for determining the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests;
Authentication unit is used for the sign according to described MTC server, the sign and the action type of MTC terminal carried out Authority Verification to the MTC server;
Performance element is used for carrying out by the back in checking the operation of described MTC server requests.
12. device as claimed in claim 11 is characterized in that, also comprises:
The refusal unit is used for returning refuse information and Reason For Denial to described MTC server when checking is not passed through.
13. device as claimed in claim 11 is characterized in that, described authentication unit specifically is used for:
Obtain the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
14. device as claimed in claim 11 is characterized in that, described authentication unit specifically is used for:
Send to the authentication aaa server and to carry the sign of described MTC server, the sign of MTC terminal and the checking request message of action type, and receive described aaa server and the MTC server is carried out the Authority Verification result that returns behind the Authority Verification.
15. device as claimed in claim 13 is characterized in that, described authentication unit specifically is used for:
Send to home location register/home subscriber server HLR/HSS and to carry the CAMEL-Subscription-Information request of described MTC terminal iidentification, and receive the CAMEL-Subscription-Information of the described MTC terminal that described HLR/HSS returns;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
16. device as claimed in claim 11 is characterized in that, described authentication unit also is used for:
When the MTC terminal of carrying in the described operation requests be designated the sign that third generation collaborative project 3GPP network can not discern the time, before the sign of described sign according to described MTC server, MTC terminal and action type are carried out Authority Verification to the MTC server, the sign of described MTC terminal is converted to the sign that the 3GPP network can be discerned.
17. a MTC server Authority Verification control device is characterized in that, comprising:
Checking request receiving element is used to receive the sign, the sign of MTC terminal and the checking request message of action type that carry described machine class communication MTC server that machine class communication interaction work functions entity MTC-IWF sends;
The Authority Verification unit is used for the MTC server is carried out Authority Verification;
Feedback unit is used for returning the Authority Verification result to described MTC-IWF as a result.
18. device as claimed in claim 17 is characterized in that, described Authority Verification unit specifically is used for:
Obtain the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
19. device as claimed in claim 18 is characterized in that, described Authority Verification unit specifically is used for:
Send to home location register/home subscriber server HLR/HSS and to carry the CAMEL-Subscription-Information request of described MTC terminal iidentification, and receive the CAMEL-Subscription-Information of the described MTC terminal that described HLR/HSS returns;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
20. a MTC server Authority Verification control system is characterized in that, comprising:
Machine class communication interaction work functions entity MTC-IWF is used to receive the operation requests that machine class communication MTC server sends; Determine the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests; The CAMEL-Subscription-Information request of described MTC terminal iidentification is carried in transmission, and receives the CAMEL-Subscription-Information of the described MTC terminal of returning; Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request; Carry out the operation of described MTC server requests by the back in checking;
Home location register/home subscriber server HLR/HSS is used to receive the CAMEL-Subscription-Information request that described MTC-IWF sends, and returns the CAMEL-Subscription-Information of described MTC terminal to described MTC-IWF according to described MTC terminal iidentification.
21. system as claimed in claim 20 is characterized in that, described MTC-IWF also is used for:
When checking is not passed through, return refuse information and Reason For Denial to described MTC server.
22. system as claimed in claim 20 is characterized in that, described MTC-IWF also is used for:
When the MTC terminal of carrying in the described operation requests be designated the sign that third generation collaborative project 3GPP network can not discern the time, before the CAMEL-Subscription-Information request of described MTC terminal iidentification is carried in transmission, the sign of described MTC terminal is converted to the sign that the 3GPP network can be discerned.
23. a MTC server Authority Verification control system is characterized in that, comprising:
Machine class communication interaction work functions entity MTC-IWF is used to receive the operation requests that machine class communication MTC server sends; Determine the sign of described MTC server, the sign and the action type of MTC terminal according to described operation requests; The sign of described MTC server, the sign of MTC terminal and the checking request message of action type are carried in transmission, and receive the Authority Verification result; Carry out the operation of described MTC server requests by the back in checking;
The authentication aaa server is used to receive the sign of carrying described MTC server, the sign of MTC terminal and the checking request message of action type that MTC-IWF sends; The MTC server is carried out Authority Verification; Return the Authority Verification result to described MTC-IWF.
24. system as claimed in claim 23 is characterized in that, described aaa server carries out Authority Verification to the MTC server, specifically comprises:
Obtain the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification;
Sign, action type according to the MTC server in the described CAMEL-Subscription-Information are carried out Authority Verification to the MTC server of described transmit operation request.
25. system as claimed in claim 24 is characterized in that, also comprises:
Home location register/home subscriber server HLR/HSS is used to receive the CAMEL-Subscription-Information request that described aaa server sends, and returns the CAMEL-Subscription-Information of described MTC terminal to described aaa server according to described MTC terminal iidentification;
Described aaa server obtains the CAMEL-Subscription-Information of described MTC terminal according to described MTC terminal iidentification, specifically comprises:
Send to described HLR/HSS and to carry the CAMEL-Subscription-Information request of described MTC terminal iidentification, and receive the CAMEL-Subscription-Information of the described MTC terminal that described HLR/HSS returns.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110231136XA CN102263793A (en) | 2011-08-12 | 2011-08-12 | Method, system and device for verifying and controlling permission of MTC (machine type communication) server |
PCT/CN2012/080044 WO2013023566A1 (en) | 2011-08-12 | 2012-08-13 | Method, system, and device for controlling mtc server permission validation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110231136XA CN102263793A (en) | 2011-08-12 | 2011-08-12 | Method, system and device for verifying and controlling permission of MTC (machine type communication) server |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102263793A true CN102263793A (en) | 2011-11-30 |
Family
ID=45010247
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110231136XA Pending CN102263793A (en) | 2011-08-12 | 2011-08-12 | Method, system and device for verifying and controlling permission of MTC (machine type communication) server |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN102263793A (en) |
WO (1) | WO2013023566A1 (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013023566A1 (en) * | 2011-08-12 | 2013-02-21 | 电信科学技术研究院 | Method, system, and device for controlling mtc server permission validation |
CN103152729A (en) * | 2011-12-07 | 2013-06-12 | 中兴通讯股份有限公司 | Connection controlling method and system of machine type communication (MTC) equipment |
CN103188616A (en) * | 2011-12-31 | 2013-07-03 | 中兴通讯股份有限公司 | Management method and system of terminal group |
CN103220642A (en) * | 2012-01-19 | 2013-07-24 | 华为技术有限公司 | Method and device of safe processing of short message |
CN103227991A (en) * | 2012-01-29 | 2013-07-31 | 中兴通讯股份有限公司 | Trigger method, device and system for MTC (Machine Type Communication) equipment |
CN103581895A (en) * | 2012-08-03 | 2014-02-12 | 中兴通讯股份有限公司 | Triggering method and system based on MTC device group |
CN103975643A (en) * | 2012-11-30 | 2014-08-06 | 华为技术有限公司 | Authentication method and apparatus |
CN108111993A (en) * | 2012-04-20 | 2018-06-01 | 华为技术有限公司 | MTC device communication means and equipment, system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101902756A (en) * | 2009-05-27 | 2010-12-01 | 中兴通讯股份有限公司 | M2M (Machine To Machine) business platform and working method thereof |
CN102045690A (en) * | 2009-10-09 | 2011-05-04 | 中兴通讯股份有限公司 | Method for obtaining signing information of internet of things equipment and server in internet of things |
CN102137105A (en) * | 2011-03-11 | 2011-07-27 | 华为技术有限公司 | Machine-to-machine communication privacy protection method and system, machine-to-machine communication (M2M) service management entity and related equipment |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102263793A (en) * | 2011-08-12 | 2011-11-30 | 电信科学技术研究院 | Method, system and device for verifying and controlling permission of MTC (machine type communication) server |
-
2011
- 2011-08-12 CN CN201110231136XA patent/CN102263793A/en active Pending
-
2012
- 2012-08-13 WO PCT/CN2012/080044 patent/WO2013023566A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101902756A (en) * | 2009-05-27 | 2010-12-01 | 中兴通讯股份有限公司 | M2M (Machine To Machine) business platform and working method thereof |
CN102045690A (en) * | 2009-10-09 | 2011-05-04 | 中兴通讯股份有限公司 | Method for obtaining signing information of internet of things equipment and server in internet of things |
CN102137105A (en) * | 2011-03-11 | 2011-07-27 | 华为技术有限公司 | Machine-to-machine communication privacy protection method and system, machine-to-machine communication (M2M) service management entity and related equipment |
Non-Patent Citations (1)
Title |
---|
PANASONIC: "Selection of trigger delivery mechanism", 《SA WG2 MEETING #86》 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013023566A1 (en) * | 2011-08-12 | 2013-02-21 | 电信科学技术研究院 | Method, system, and device for controlling mtc server permission validation |
CN103152729A (en) * | 2011-12-07 | 2013-06-12 | 中兴通讯股份有限公司 | Connection controlling method and system of machine type communication (MTC) equipment |
WO2013082919A1 (en) * | 2011-12-07 | 2013-06-13 | 中兴通讯股份有限公司 | Connection control method and system for machine type communication device |
CN103152729B (en) * | 2011-12-07 | 2018-05-22 | 中兴通讯股份有限公司 | The connection control method and system of a kind of MTC device |
CN103188616A (en) * | 2011-12-31 | 2013-07-03 | 中兴通讯股份有限公司 | Management method and system of terminal group |
CN103188616B (en) * | 2011-12-31 | 2017-10-27 | 中兴通讯股份有限公司 | The management method and system of a kind of set of terminal |
CN103220642B (en) * | 2012-01-19 | 2016-03-09 | 华为技术有限公司 | A kind of security processing of short message and device |
CN105072595A (en) * | 2012-01-19 | 2015-11-18 | 华为技术有限公司 | Safe processing method and device of short messages |
CN103220642A (en) * | 2012-01-19 | 2013-07-24 | 华为技术有限公司 | Method and device of safe processing of short message |
CN103227991A (en) * | 2012-01-29 | 2013-07-31 | 中兴通讯股份有限公司 | Trigger method, device and system for MTC (Machine Type Communication) equipment |
CN108111993A (en) * | 2012-04-20 | 2018-06-01 | 华为技术有限公司 | MTC device communication means and equipment, system |
CN103581895A (en) * | 2012-08-03 | 2014-02-12 | 中兴通讯股份有限公司 | Triggering method and system based on MTC device group |
CN103581895B (en) * | 2012-08-03 | 2019-09-24 | 中兴通讯股份有限公司 | Triggering method and system based on MTC device group |
CN103975643A (en) * | 2012-11-30 | 2014-08-06 | 华为技术有限公司 | Authentication method and apparatus |
Also Published As
Publication number | Publication date |
---|---|
WO2013023566A1 (en) | 2013-02-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102263793A (en) | Method, system and device for verifying and controlling permission of MTC (machine type communication) server | |
JP5392879B2 (en) | Method and apparatus for authenticating a communication device | |
JP7047921B2 (en) | Communication device, first network device, method of communication device, and method of first network device | |
CN101227494B (en) | Method for establishing Internet safety protocol safe alliance when accessing multi grouping data network | |
EP2721854B1 (en) | Authentication server and communication device | |
EP2822305B1 (en) | Method and system for triggering mtc device | |
US10721616B2 (en) | Subscription information download method, related device, and system | |
US9900269B2 (en) | Short message server, terminal trigger method of server thereof, trigger request delivery server, trigger request deliver method of server thereof | |
CN100591013C (en) | Implementing authentication method and system | |
EP3107258A1 (en) | Security key management in ims-based multimedia broadcast and multicast services (mbms) | |
CN102843233A (en) | Method and system of group certification in machine-to-machine communication | |
CN102695236B (en) | A kind of data routing method and system | |
WO2012034598A1 (en) | Method for context establishment in telecommunication networks | |
US20160241600A1 (en) | Lawful interception in a wi-fi / packet core network access | |
CN101707773A (en) | Method and system for fusing WLAN access gateway, mobile network and wireless broadband network | |
Zhang et al. | Group-based authentication and key agreement for machine-type communication | |
Kunz et al. | Machine type communications in 3GPP: From release 10 to release 12 | |
CN102882994B (en) | IP address assignment method and device and IP address acquisition method and device | |
WO2017022643A1 (en) | Communications system, communications device, communications method, and program | |
CN102595391A (en) | Method, system and device capable of achieving safe triggering | |
KR20130016613A (en) | A method and apparatus of controlling mtc device access in ims network | |
CN103249030B (en) | Service profile processing method and processing device | |
CN108702619A (en) | Obtain, send the method and apparatus of customer equipment identification | |
CN105635098A (en) | IMS network registration method and system | |
CN104144410A (en) | Mobile data network point-to-point data communication method, terminal, server and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20111130 |