CN102469448B - A kind of method, system and device of machine type communication Access Control - Google Patents
A kind of method, system and device of machine type communication Access Control Download PDFInfo
- Publication number
- CN102469448B CN102469448B CN201010536046.7A CN201010536046A CN102469448B CN 102469448 B CN102469448 B CN 102469448B CN 201010536046 A CN201010536046 A CN 201010536046A CN 102469448 B CN102469448 B CN 102469448B
- Authority
- CN
- China
- Prior art keywords
- mtc
- mtc device
- identification module
- association
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/02—Access restriction performed under specific conditions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses the method, system and device of a kind of machine type communication Access Control.In the present invention program, after mobile communications network receives the access request that MTC device sends, it is judged that MTC device is associated with the identification module of MTC user the most, if it is, accept the access of MTC device, otherwise, the access of refusal MTC device.The scheme provided according to the present invention, mobile communications network is made only to accept MTC user and the access of MTC device of association, for refusal being accessed without the MTC user of association and MTC device, realize control and the management that MTC user and MTC device are accessed, effectively prevent MTC user's abuse to MTC device.
Description
Technical field
The present invention relates to machine type communication (Machine Type Communication, MTC) technology, particularly relate to one
The method, system and device of machine type communication Access Control.
Background technology
MTC refers to employing wireless communication technology, it is achieved data communication between machine with machine, machine and people and exchanging
The general name of a series of technology and combinations thereof.MTC has two layers of meaning: ground floor is meant that machine itself, is referred to as in built-in field
Smart machine;The second layer is meant that the connection between machine and machine, is linked together by machine by network.The application of MTC
Scope widely, such as intelligent measure, remotely monitoring, follow the tracks of, medical treatment etc., make human lives more intelligent.With traditional
Interpersonal communication is compared, MTC device (MTC Device) enormous amount, and application is extensive, has huge market
Prospect.
In MTC, main remotely connected technology includes global system for mobile communications (Global System for
Mobile communications, GSM)/general packet radio service (General Packet Radio Service,
GPRS)/UMTS (Universal Mobile Telecommunications System, UMTS) etc., closely
Distance interconnection technique mainly has 802.11b/g, bluetooth, purple honeybee (Zigbee), RF identification (Radio Frequency
Identification, RFID) etc..Owing to MTC incorporates radio communication and information technology, can be used for two-way communication, such as long distance
From gather information, parameter it is set and sends instruction, therefore can realize different application schemes, such as safety monitoring, automatic vending, goods
Thing tracking etc..The equipment related in nearly all daily life is likely to become potential service object.MTC provides and sets
Standby real time data between the systems or transmit between remote equipment or and individual between set up the simple means of wireless connections.
The framework signal of MTC system is as it is shown in figure 1, MTC device is by 3GPP network and MTC server (MTC Server)
Communicating, MTC server provides Machine To Machine (Machine to Machine, M2M) business for MTC user.
For MTC system, due to multiformity and the complexity of MTC application so that MTC application is difficult to have common spy
Levy.Owing to there is diversified MTC application, every kind of MTC applies the device requirement for MTC device to be different, therefore exists
In MTC system, different MTC device is likely to be of different functions of the equipments and capacity of equipment.
For MTC server, information to be received is not only required to be from legal MTC user, is also required to simultaneously
It is from legal MTC device, accordingly, it would be desirable to the access of MTC user and MTC device can be controlled by 3GPP network.
At present, the Access Control mode of 3GPP network support includes: to the access of MTC user mode through safety certification
Controlled;To MTC device, then by the way of setting up black and white lists, carry out Access Control.Though this Access Control mode
So being easy to MTC user uses different MTC device to access 3GPP network in case of need, but this Access Control mode is only
It is that MTC user or MTC device are separately carried out Access Control, it is impossible to effectively prevent MTC user from abusing MTC device.
Summary of the invention
In view of this, present invention is primarily targeted at provide a kind of method of machine type communication Access Control, system and
Device, effectively prevents MTC user from abusing MTC device.
For solving above-mentioned technical problem, the technical scheme is that and be achieved in that:
A kind of method of machine type communication MTC Access Control, MTC device includes the identification module of MTC user, moves
Dynamic communication network support MTC device associates with MTC user identification module, and the method includes: mobile communications network receives
After the access request that MTC device sends, it is judged that MTC device is associated with described identification module the most, if it is, connect
Accessed by MTC device, otherwise, the access of refusal MTC device.
Described judge that MTC device is associated with identification module the most before, farther include: MTC user is entered
Row access authentication, or MTC user is carried out access authentication and MTC device is authenticated, authentication is by rear, it is judged that MTC device
The most it is associated with described identification module.
Described judge that MTC device is associated with identification module the most, particularly as follows: judge access request is carried
Whether MTC subscriber identity information and MTC device identity information meet the MTC device and MTC user identification module set up
Incidence relation, if met, then accept the access of MTC device, otherwise, the access of refusal MTC device.
Whether the described MTC subscriber identity information judging to carry in access request and MTC device identity information meet built
Vertical MTC device and the incidence relation of MTC user identification module, particularly as follows: incidence relation list based on storage judges
MTC device identity information is associated with corresponding MTC subscriber identity information the most, sets if there is MTC in incidence relation list
Standby identity information and the incidence relation of corresponding MTC subscriber identity information, then accept the access of MTC device, and otherwise, refusal MTC sets
Standby access.
Described judge that MTC device is associated with identification module the most before, also include: MTC device is to mobile logical
Communication network sends association request, after mobile communications network receives the association request that MTC device sends, it is judged that need the MTC of association
Equipment is associated with the identification module of other MTC users the most, if it is, refuse this association request, otherwise, sets up
Need the MTC device of association and the incidence relation of described identification module.
Described association request comprises MTC device identity information and MTC subscriber identity information, and described judgement needs association
MTC device is associated with the identification module of other MTC users the most, particularly as follows: incidence relation list based on storage
Judge that MTC device identity information is associated with other MTC subscriber identity informations the most, if incidence relation list exists
MTC device identity information and the incidence relation of MTC subscriber identity information, then refuse this association request, if incidence relation list
In there is not the incidence relation of MTC device identity information and MTC subscriber identity information, then set up the MTC device needing association with
The incidence relation of described identification module, and update incidence relation list.
The method also includes: after mobile communications network receives the cancellation association request that MTC device sends, it is judged that need to nullify
The MTC device of association is associated with identification module the most, if it is, nullify MTC device and described identification mould
The incidence relation of block, otherwise, refuses this cancellation association request.
Described cancellation association request comprises MTC subscriber identity information and MTC device identity information, and described judgement needs to nullify
The MTC device of association is associated with identification module the most, particularly as follows: incidence relation list based on storage judges MTC
Equipment identity information is associated with MTC subscriber identity information the most, if there is MTC device identity letter in incidence relation list
Breath and the incidence relation of MTC subscriber identity information, then cancellation MTC device and the incidence relation of described identification module, and more
, if there is not associating of MTC device identity information and MTC subscriber identity information in incidence relation list in new incidence relation list
Relation, then refuse this cancellation association request.
A kind of system of machine type communication Access Control, including: comprise the MTC device of MTC user identification module, use
In sending access request to mobile communications network;For the functional entity of MTC Access Control, it is positioned at described mobile communications network,
For judging that described MTC device is associated with described identification module the most, if it is, access MTC device;Otherwise,
The access of refusal MTC device.
Described MTC device is additionally operable to: send association request to described mobile communications network;Described for MTC Access Control
Functional entity be additionally operable to: receive described MTC device send association request, it is judged that need association MTC device the most with
The identification module of other MTC users is associated, if it is, refuse this association request, sets if it is not, then set up MTC
The standby incidence relation with described identification module.
Described MTC device is additionally operable to: sends to described mobile communications network and nullifies association request;Described for MTC access
The functional entity controlled is additionally operable to: receive the cancellation association request that MTC device sends, it is judged that need to nullify the MTC device of association
The most it is associated with identification module, if it is, nullify the incidence relation of MTC device and described identification module,
If it is not, then refuse this cancellation association request.
The described functional entity for MTC Access Control is additionally operable to: MTC user is carried out access authentication, or to MTC user
Carry out access authentication and MTC device authenticated, authentication by rear, it is judged that MTC device the most with described identification mould
Block is associated.
A kind of device of machine type communication Access Control, including: receive unit, for receiving the access that MTC device sends
Request Concurrency gives access judging unit, carries MTC subscriber identity information and MTC device identity information in this access request;
Access judging unit, for judging that MTC device is associated with the identification module of MTC user the most, if it is, accept
The access of MTC device, otherwise, the access of refusal MTC device.
Described device farther includes: unit is set up in association, and described reception unit is additionally operable to: receive what MTC device sent
Association request is also sent to association and sets up unit;Unit is set up in described association, for having judged the MTC device of needs association the most
It is associated with the identification module of other MTC users, if it is, refuse this association request, if it is not, then set up MTC
Equipment and the incidence relation of identification module.
Described device farther includes: unit is nullified in association, and described reception unit is additionally operable to: receive what MTC device sent
Nullify association request and be sent to association cancellation unit;Unit is nullified in described association, for judging that the MTC needing to nullify association sets
For being the most associated with the identification module of MTC user, if it is, nullify MTC device and described identification module
Incidence relation, if it is not, then refuse this cancellation association request.
Described access judging unit is additionally operable to: MTC user carries out access authentication, or MTC user is carried out access authentication
Authenticating with to MTC device, authentication is by rear, it is judged that MTC device is associated with MTC user the most.
The scheme provided according to the present invention, after mobile communications network receives the access request that MTC device sends, it is judged that MTC
Equipment is associated with the identification module of MTC user the most, if it is, accept the access of MTC device, otherwise, and refusal
The access of MTC device so that mobile communications network only accepts MTC user and the access of MTC device of association, for without association
MTC user and MTC device refusal is accessed, it is achieved the control that MTC user and MTC device are accessed and management, effectively prevent
The MTC user abuse to MTC device.
It addition, the incidence relation of MTC device with legal MTC user can also be safeguarded by mobile communications network, convenient
Control that MTC user and MTC device are accessed by mobile communications network and management.
Accompanying drawing explanation
Fig. 1 is the configuration diagram of MTC system;
Fig. 2 is MTC Access Control schematic flow sheet in the present invention;
Fig. 3 is the structural representation of MTC access control system in the present invention;
Fig. 4 is that in the present invention, MTC device is set up MTC device and associated with the identification module of MTC user when being initially accessed
The schematic flow sheet of relation;
Fig. 5 is the schematic flow sheet nullifying MTC device and the identification module incidence relation of MTC user in the present invention;
Fig. 6 is the structural representation of MTC access control apparatus in the present invention.
Detailed description of the invention
For MTC server, information to be received is not only required to be from legal MTC user, is also required to simultaneously
It it is the legal MTC device from legal MTC user.Therefore, in MTC system, considering MTC device and the legitimacy of MTC user
In the case of, in addition it is also necessary to consider the relation between legal MTC device and legal MTC user further, effectively to prevent MTC user
Abuse MTC device.
Fig. 2 is Access Control schematic flow sheet in MTC in the present invention, as in figure 2 it is shown, concrete process includes:
Step 201: mobile communications network receives the access request that MTC device sends, and this MTC device includes MTC user
Identification module.
When MTC device needs accessing mobile communication network, send access request to mobile communications network, in this access request
Carry MTC subscriber identity information and MTC device identity information;Mobile communications network receives this access request, this mobile communication
Network support MTC device associates with MTC user identification module.
Described MTC device is MTC user's equipment for machine type communication, and the identification module of MTC user is arranged on
In MTC device.Described mobile communications network can be specifically 3GPP network or 3GPP2 network.The identification module of MTC user
It is specifically as follows user identification module (Subscriber Identity Module, SIM), universal subscriber identity identification mould
Block (Universal Subscriber Identity Module, USIM), IP multimedia service identification module (IP
Multimedia Service Identity Module, ISIM), may be located on a smart card, as general integrated in being positioned at
In circuit card (Universal Integrated Circuit Card, UICC).MTC subscriber identity information can be that identity is known
International mobile subscriber identity (the International Mobile Subscriber Identification of other module
Number, IMSI) or for the MTC identification information of MTC User Identity.MTC device identity information can be equipment
International mobile equipment identification number (International Mobile Equipment Identity number, IMEI) or use
MTC identification information in MTC device identity.
After mobile communications network receives the access request that MTC sends, MTC user is carried out access authentication, or to MTC user
Carrying out access authentication and authenticate MTC device, authentication by rear, then shows that MTC user or MTC user and MTC device are
Legal, then proceed to perform step 202.
Step 202: mobile communications network judges that MTC device is associated with MTC user the most, i.e. MTC device is the most
It is associated with the identification module of MTC user, if it is, mobile communications network accepts the access of MTC device, MTC device
Accessing mobile communication network;Otherwise, the access of mobile communications network refusal MTC device, can return to MTC device further and refuse
Access absolutely message.
Mobile communications network judges whether are the MTC subscriber identity information that carries in access request and MTC device identity information
Meeting the incidence relation of MTC device and the MTC user identification module set up, i.e. based on storage incidence relation list is sentenced
Disconnected MTC device identity information is associated with corresponding MTC subscriber identity information the most, if it is, i.e. deposit in incidence relation list
At the incidence relation of MTC device identity information Yu corresponding MTC subscriber identity information, then show that MTC device is legal MTC user
Legal MTC device, mobile communications network accepts the access of MTC device, MTC device accessing mobile communication network;If it is not, i.e.
Incidence relation list does not exist the incidence relation of MTC device identity information and corresponding MTC subscriber identity information, then shows MTC
Equipment is not the legal MTC device of legal MTC user, the access of mobile communications network refusal MTC device.Described MTC device connects
Enter mobile communications network to refer to: after MTC device is by the certification of mobile communications network, is allowed access to mobile communications network and makes
Use relevant communication services.
Description according to above flow process is visible, and mobile communications network only accepts the MTC user of association and connecing of MTC device
Enter, for refusal being accessed without the MTC user of association and MTC device.
Mobile communications network receives after the association request of MTC device, will need pass according to carry in association request
Connection MTC subscriber identity information and MTC device identity information, it is judged that need association MTC device the most with other MTC users
Identification module be associated, i.e. based on storage incidence relation list judge MTC device identity information the most with other
MTC subscriber identity information is associated, if it is, i.e. there is MTC device identity information and MTC user identity in incidence relation list
The incidence relation of information, then refuse this association request, if it is not, i.e. there is not MTC device identity letter in incidence relation list
Breath and the incidence relation of MTC subscriber identity information, then accept this association request, set up the MTC device needing association and MTC user
The incidence relation of identification module, updates the incidence relation list of storage.Described MTC device can be to need the MTC of association
The MTC device that equipment, i.e. MTC user are associated by needs sends association request;Can also for MTC subscriber identity information institute
The MTC device that the MTC user of mark is associated, i.e. MTC user sends association request by MTC device the most associated there,
To be associated with other MTC device.As can be seen here, in the present invention, a MTC device can only be known with the identity of a MTC user
Other module is associated;The identification module of one MTC user can associate multiple MTC device.
The most visible, for providing the mobile communications network of communication service to remove between MTC device and MTC server
Outside existing network function, also need to comprise the functional entity for MTC Access Control, specifically include: MTC subscription authentication function,
Or MTC subscription authentication function and MTC device authentication functions, and MTC user and MTC device associate management function, such as Fig. 3 institute
Show.In MTC access control system shown in Fig. 3, the MTC device comprising MTC user identification module and be positioned at mobile communication
The functional entity for MTC Access Control of network, wherein, MTC device is for sending access request to mobile communications network;With
In the functional entity of MTC Access Control, for judging that MTC device is associated with the identification module of MTC user the most, as
Fruit is then to access MTC device;Otherwise, the access of MTC device is refused.For the function of MTC Access Control in mobile communications network
The concrete structure of entity will be described in detail in the Fig. 6 below.
For the functional entity of MTC Access Control, it is additionally operable to MTC user is carried out access authentication, or MTC user is carried out
Access authentication and MTC device is authenticated, authentication is by rear, it is judged that MTC device the most with the identification mould of MTC user
Block is associated.
MTC device is additionally operable to send association request to mobile communications network or nullify association request;For MTC Access Control
Functional entity be additionally operable to set up or nullify the incidence relation of MTC device and MTC user identification module, the association to storage
Relation list is managed and safeguards.Specifically, the functional entity for MTC Access Control is used for receiving what MTC device sent
Association request, it is judged that need the MTC device of association to be the most associated with the identification module of other MTC users, if it is,
Then refuse this association request, if it is not, then set up the incidence relation of MTC device and MTC user identification module, further
For updating the incidence relation list of storage.Functional entity for MTC Access Control is used for receiving the cancellation that MTC device sends
Association request, it is judged that need the MTC device nullifying association to be the most associated with the identification module of MTC user, if it is,
Then nullify the incidence relation of MTC device and MTC user identification module, be further used for updating the incidence relation row of storage
Table, if it is not, then refuse this cancellation association request.
Fig. 4 is that in the present invention, MTC device is set up MTC device and associated with the identification module of MTC user when being initially accessed
The schematic flow sheet of relation, as shown in Figure 4, concrete process includes:
Step 400: when comprising the first accessing mobile communication network of MTC device of MTC user identification module, first exist
MTC user's access authentication that communication network is supported is moved between mobile communications network and MTC device.MTC user accesses mirror
Weighing identical with the mobile phone user authentication process of existing mobile communications network, such as, MTC device sends to mobile communications network
MTC subscriber identity information, mobile communications network data base's such as home subscriber server (Home Subscriber Server,
HSS) searching relevant information in, generate one group of Ciphering Key, be sent to mobile management entity (MME), MME selects one of them to reflect
Weight vector carries out bi-directional authentification to MTC user, and authentication is by rear, then it is assumed that MTC user is legal.
Step 401:MTC user is by after access authentication, and MTC device is authenticated by mobile communications network.MTC device is reflected
Power can use existing various device authentication mode, as used digital certificate authentication mode etc..
After step 402:MTC equipment is by authentication, MTC device sends MTC device and MTC user's phase to mobile communications network
The association request of association, carries MTC device identity information and the MTC subscriber identity information needing association in this association request.
MTC subscriber identity information can be IMSI or the MTC identification information for MTC User Identity.MTC device identity is believed
Breath can be IMEI or the MTC identification information for MTC device identity.
Step 403: after mobile communications network receives the association request that MTC device sends, according to MTC device identity information and
MTC subscriber identity information inspection storage incidence relation list, it is judged that MTC device identity information the most with other MTC users
Identity information is associated, if it is, i.e. there is MTC device identity information and MTC subscriber identity information in incidence relation list
Incidence relation, then show that MTC device is associated with the identification module of other MTC users, refuse this association request, if
Not, incidence relation list does not i.e. exist the incidence relation of MTC device identity information and MTC subscriber identity information, then shows
MTC device is not associated with the identification module of other MTC users, and no matter the identification module of MTC user closes the most
Join other MTC device, all accepted this association request, set up the incidence relation of MTC device and MTC user identification module,
And update the incidence relation list of storage, will add to incidence relation list by this incidence relation.
Step 404: mobile communications network, to MTC device feeding back confirmation message, notifies MTC device association results.
It addition, except when MTC device shown in Fig. 4 is initially accessed by mobile communications network by its identification with MTC user
Outside the flow process that module is associated;Can also be that MTC user is sent to mobile communications network by MTC device the most associated there
Association request, other MTC device are associated by request mobile communications network with this MTC user, i.e. MTC device access mobile communication
After network, MTC user sends association request by this MTC device, carries the MTC device body needing association in this association request
Part information and MTC subscriber identity information;Mobile communications network judge need association MTC device the most with other MTC users
Identification module be associated, to determine whether to set up the incidence relation of MTC device and MTC user identification module.Institute
State the concrete processing procedure of MTC device accessing mobile communication network as shown in Figure 2.
In the flow process that the above MTC device is associated with the identification module of MTC user, set without the MTC of association
For being associated with the identification module of any MTC user.
Mobile communications network can also nullify the incidence relation of MTC device and MTC user identification module, such as Fig. 5 institute
Showing, the concrete process nullifying the MTC device identification module incidence relation with MTC user includes:
Step 500:MTC equipment accessing mobile communication network, concrete processing procedure is as shown in Figure 2.
Step 501:MTC user sends cancellation association request by MTC device to mobile communications network, and this cancellation association please
The MTC device identity information and MTC subscriber identity information needing to nullify association is carried in asking.MTC subscriber identity information is permissible
It is IMSI or the MTC identification information for MTC User Identity.MTC device identity information can be IMEI or for
The MTC identification information of MTC device identity.The MTC device sending cancellation association request can be to need to nullify and MTC
The MTC device that the identification module of user is associated, it is also possible to be other MTC device, MTC user is noted by this MTC device
Sell other MTC device of its association.
Step 502: after mobile communications network receives the cancellation association request that MTC device sends, believes according to MTC device identity
The MTC device of breath and MTC subscriber identity information inspection storage and the linked list of MTC user identification module, it is judged that association
Whether relation list exists the incidence relation of MTC device identity information and corresponding MTC subscriber identity information, if it does, note
Pin MTC device and the incidence relation of MTC user identification module, and update the incidence relation list of storage, will this association
Relation is deleted from incidence relation list;If it does not exist, then do not process.
Step 503: mobile communications network nullifies association results to MTC device feeding back confirmation message, notice MTC device.
Fig. 6 is the structural representation of MTC access control apparatus in the present invention, and as shown in Figure 6, this device includes: receive single
Unit and access judging unit, wherein, receive access request that unit sends for receiving MTC device and be sent to access judge single
Unit, carries MTC subscriber identity information and MTC device identity information in this access request;Access judging unit to be used for judging MTC
Equipment is associated with the identification module of MTC user the most, if it is, accept the access of MTC device, otherwise, and refusal
The access of MTC device.
Access judging unit is additionally operable to: MTC user carries out access authentication, or MTC user carries out access authentication and right
MTC device authenticates, and authentication is by rear, it is judged that MTC device is associated with the identification module of MTC user the most.Connect
Enter judging unit and realize the MTC subscription authentication function shown in Fig. 3 or MTC subscription authentication function and MTC device authentication functions.
MTC access control apparatus also includes: unit is set up in association, receives unit and is additionally operable to receive the pass that MTC device sends
Connection request Concurrency is given association and is set up unit;Association set up unit for judge need association MTC device the most with other
The identification module of MTC user is associated, if it is, refuse this association request, if it is not, then set up MTC device with
The incidence relation of MTC user identification module, is further used for updating the incidence relation list of storage.
MTC access control apparatus also includes: unit is nullified in association, receives unit and is additionally operable to receive the note that MTC device sends
Pin association request is also sent to association cancellation unit;For the MTC device that judges to need to nullify association whether association nullifies unit
It is associated with the identification module of MTC user, if it is, nullify the pass of MTC device and MTC user identification module
Connection relation, is further used for updating the incidence relation list of storage, if it is not, then refuse this cancellation association request.
Association is set up unit and associate and nullifies unit and realize the MTC user shown in Fig. 3 and MTC device associate management merit
Energy.
The above, only presently preferred embodiments of the present invention, be not intended to limit protection scope of the present invention, all
Any amendment, equivalent and the improvement etc. made within the spirit and principles in the present invention, should be included in the protection of the present invention
Within the scope of.
Claims (13)
1. a method for machine type communication MTC Access Control, MTC device includes the identification module of MTC user, and it is special
Levying and be, mobile communications network support MTC device associates with MTC user identification module, and the method includes:
Mobile communications network receive MTC device send access request after, it is judged that MTC device the most with described identification mould
Block is associated, if it is, accept the access of MTC device, otherwise, and the access of refusal MTC device;
Wherein, described judge that MTC device is associated with identification module the most before, also include: MTC device is to mobile logical
Communication network sends association request, after mobile communications network receives the association request that MTC device sends, it is judged that need the MTC of association
Equipment is associated with the identification module of other MTC users the most, if it is, refuse this association request, otherwise, sets up
Need the MTC device of association and the incidence relation of described identification module.
Method the most according to claim 1, it is characterised in that described judge MTC device the most with identification module
Before being associated, farther include:
MTC user carrying out access authentication, or MTC user carries out access authentication and authenticates MTC device, authentication is passed through
After, it is judged that MTC device is associated with described identification module the most.
Method the most according to claim 1, it is characterised in that described judge MTC device the most with identification module
It is associated, particularly as follows:
Judge whether the MTC subscriber identity information carried in access request and MTC device identity information meet the MTC set up and set
The standby incidence relation with MTC user identification module, if met, then accepts the access of MTC device, and otherwise, refusal MTC sets
Standby access.
Method the most according to claim 3, it is characterised in that the MTC user identity carried in described judgement access request
Whether information and MTC device identity information meet the incidence relation of MTC device and the MTC user identification module set up,
Particularly as follows:
Incidence relation list based on storage judges that MTC device identity information is the most relevant to corresponding MTC subscriber identity information
Connection, if there is the incidence relation of MTC device identity information and corresponding MTC subscriber identity information in incidence relation list, then connects
Accessed by MTC device, otherwise, the access of refusal MTC device.
Method the most according to claim 1, it is characterised in that described association request comprises MTC device identity information and MTC
Subscriber identity information, the described MTC device judging to need to associate is the most relevant to the identification module of other MTC users
Connection, particularly as follows:
Incidence relation list based on storage judges that MTC device identity information is the most relevant to other MTC subscriber identity informations
Connection, if there is the incidence relation of MTC device identity information and MTC subscriber identity information in incidence relation list, then refusal should
Association request, if incidence relation list does not exist the incidence relation of MTC device identity information and MTC subscriber identity information,
Then set up the incidence relation of MTC device and the described identification module needing association, and update incidence relation list.
6. according to the arbitrary described method of claim 1 to 5, it is characterised in that the method also includes:
After mobile communications network receives the cancellation association request that MTC device sends, it is judged that whether the MTC device of needs cancellation association
It is associated with identification module, if it is, nullify the incidence relation of MTC device and described identification module, otherwise,
Refuse this cancellation association request.
Method the most according to claim 6, it is characterised in that described cancellation association request comprises MTC subscriber identity information
With MTC device identity information, the described MTC device judging to need cancellation association is associated with identification module the most, tool
Body is:
Incidence relation list based on storage judges that MTC device identity information is associated with MTC subscriber identity information the most, as
Incidence relation list really exists the incidence relation of MTC device identity information and MTC subscriber identity information, then nullifies MTC device
With the incidence relation of described identification module, and update incidence relation list, set if incidence relation list does not exist MTC
Standby identity information and the incidence relation of MTC subscriber identity information, then refuse this cancellation association request.
8. the system of a machine type communication Access Control, it is characterised in that including:
Comprise the MTC device of MTC user identification module, for sending access request to mobile communications network;
For the functional entity of MTC Access Control, it is positioned at described mobile communications network, is used for having judged described MTC device the most
It is associated with described identification module, if it is, access MTC device;Otherwise, the access of MTC device is refused;
Wherein, described MTC device is additionally operable to: send association request to described mobile communications network;Described for MTC Access Control
Functional entity be additionally operable to: receive described MTC device send association request, it is judged that need association MTC device the most with
The identification module of other MTC users is associated, if it is, refuse this association request, sets if it is not, then set up MTC
The standby incidence relation with described identification module.
System the most according to claim 8, it is characterised in that
Described MTC device is additionally operable to: sends to described mobile communications network and nullifies association request;
The described functional entity for MTC Access Control is additionally operable to: receive the cancellation association request that MTC device sends, it is judged that need
The MTC device of association to be nullified is associated with identification module the most, if it is, nullify MTC device and described identity
The incidence relation of identification module, if it is not, then refuse this cancellation association request.
The most according to Claim 8 to 9 arbitrary described systems, it is characterised in that
The described functional entity for MTC Access Control is additionally operable to: MTC user carries out access authentication, or carries out MTC user
Access authentication and MTC device is authenticated, authentication is by rear, it is judged that MTC device the most with described identification module phase
Association.
The device of 11. 1 kinds of machine type communication Access Controls, it is characterised in that including:
Receive unit, for receiving the access request of MTC device transmission and being sent to access judging unit, this access request is taken
With MTC subscriber identity information and MTC device identity information;
Access judging unit, for judging that MTC device is associated with the identification module of MTC user the most, if it is,
Accept the access of MTC device, otherwise, the access of refusal MTC device;
Described device farther includes: unit is set up in association;Described reception unit is additionally operable to: receive the association that MTC device sends
Request Concurrency is given association and is set up unit;Unit is set up in described association, for judge need association MTC device the most with its
The identification module of he MTC user is associated, if it is, refuse this association request, if it is not, then set up MTC device
Incidence relation with identification module.
12. devices according to claim 11, it is characterised in that described device farther includes: unit is nullified in association,
Described reception unit is additionally operable to: receives the cancellation association request of MTC device transmission and is sent to association cancellation unit;
Unit is nullified in described association, for the MTC device that judges to need to nullify association the most with the identification mould of MTC user
Block is associated, if it is, nullify the incidence relation of MTC device and described identification module, if it is not, then refuse this note
Pin association request.
13. according to the arbitrary described device of claim 11 to 12, it is characterised in that described access judging unit is additionally operable to:
MTC user carrying out access authentication, or MTC user carries out access authentication and authenticates MTC device, authentication is passed through
After, it is judged that MTC device is associated with MTC user the most.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010536046.7A CN102469448B (en) | 2010-11-08 | 2010-11-08 | A kind of method, system and device of machine type communication Access Control |
PCT/CN2011/076104 WO2012062115A1 (en) | 2010-11-08 | 2011-06-22 | Method, system and apparatus for access control of machine type communication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010536046.7A CN102469448B (en) | 2010-11-08 | 2010-11-08 | A kind of method, system and device of machine type communication Access Control |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102469448A CN102469448A (en) | 2012-05-23 |
CN102469448B true CN102469448B (en) | 2016-12-28 |
Family
ID=46050368
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201010536046.7A Expired - Fee Related CN102469448B (en) | 2010-11-08 | 2010-11-08 | A kind of method, system and device of machine type communication Access Control |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN102469448B (en) |
WO (1) | WO2012062115A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104661220B (en) * | 2015-03-13 | 2019-02-26 | 中国联合网络通信集团有限公司 | A kind of method and device for realizing authentication process |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1829386A (en) * | 2006-02-14 | 2006-09-06 | 邵毅 | Wireless mobile apparatus and user identity binding system |
CN101022672A (en) * | 2007-02-16 | 2007-08-22 | 华为技术有限公司 | Method and system for testing mobile user legality |
CN101198121A (en) * | 2007-12-28 | 2008-06-11 | 中国移动通信集团四川有限公司 | Authentication method for limiting mobile phone without using by others |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100379315C (en) * | 2005-06-21 | 2008-04-02 | 华为技术有限公司 | Method for carrying out authentication on user terminal |
US20090217038A1 (en) * | 2008-02-22 | 2009-08-27 | Vesa Petteri Lehtovirta | Methods and Apparatus for Locating a Device Registration Server in a Wireless Network |
US9628474B2 (en) * | 2008-11-17 | 2017-04-18 | Sierra Wireless, Inc. | Method and apparatus for associating identity modules and terminal equipment |
-
2010
- 2010-11-08 CN CN201010536046.7A patent/CN102469448B/en not_active Expired - Fee Related
-
2011
- 2011-06-22 WO PCT/CN2011/076104 patent/WO2012062115A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1829386A (en) * | 2006-02-14 | 2006-09-06 | 邵毅 | Wireless mobile apparatus and user identity binding system |
CN101022672A (en) * | 2007-02-16 | 2007-08-22 | 华为技术有限公司 | Method and system for testing mobile user legality |
CN101198121A (en) * | 2007-12-28 | 2008-06-11 | 中国移动通信集团四川有限公司 | Authentication method for limiting mobile phone without using by others |
Non-Patent Citations (4)
Title |
---|
(Release 10).《3GPP TR 23.888 V1.0.0》.2010, * |
3GPP.3rdGeneration Partnership Project * |
System Improvements for Machine-Type Communications * |
Technical Specification Group Services and System Aspects * |
Also Published As
Publication number | Publication date |
---|---|
WO2012062115A1 (en) | 2012-05-18 |
CN102469448A (en) | 2012-05-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102550062B (en) | Method and system for user authentication by means of a cellular mobile radio network | |
US8265599B2 (en) | Enabling and charging devices for broadband services through nearby SIM devices | |
CN102036222B (en) | Method and system for changing M2M equipment selected home operator | |
CN102111766B (en) | Network accessing method, device and system | |
CN103380613B (en) | The control method of wireless terminal device, messaging device, communication system and wireless terminal device | |
CN103109259A (en) | Location-aware mobile connectivity and information exchange system | |
CN105282868B (en) | System and method for WiFi network to be temporarily added | |
CN103339974A (en) | Provisioning of subscriber identity module | |
CN104871511A (en) | Device authentication by tagging | |
CN104468565B (en) | The login method and system of Wi-Fi hotspot | |
CN106559783A (en) | A kind of authentication method to WIFI network, device and system | |
EP3675541A1 (en) | Authentication method and device | |
CN102026149A (en) | Method and system for changing selected home operators of M2M equipment | |
CN109618392A (en) | Method, apparatus, equipment and the computer readable storage medium of network share | |
CN102076124A (en) | System, method and equipment for changing signature data | |
CN105554845B (en) | A kind of method of access, router and terminal | |
WO2002021835A1 (en) | Information delivery system and method therefor | |
CN1717638A (en) | Method for authenticating and charging a subscriber of a radio network | |
CN105530714B (en) | MIFI communications service system and its MIFI and communication means | |
CN102026193A (en) | System and method for providing machine communication identity module for machine to machine equipment (M2ME) | |
CN102469448B (en) | A kind of method, system and device of machine type communication Access Control | |
US20050102519A1 (en) | Method for authentication of a user for a service offered via a communication system | |
CN102026150B (en) | The method and system that a kind of M2M equipment home network operator changes | |
CN103731425B (en) | Network wireless terminal connection control method and system | |
CN106330899A (en) | Private cloud device account management method and system, electronic device and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20161228 Termination date: 20211108 |
|
CF01 | Termination of patent right due to non-payment of annual fee |