CN102469448B - A kind of method, system and device of machine type communication Access Control - Google Patents

A kind of method, system and device of machine type communication Access Control Download PDF

Info

Publication number
CN102469448B
CN102469448B CN201010536046.7A CN201010536046A CN102469448B CN 102469448 B CN102469448 B CN 102469448B CN 201010536046 A CN201010536046 A CN 201010536046A CN 102469448 B CN102469448 B CN 102469448B
Authority
CN
China
Prior art keywords
mtc
mtc device
identification module
association
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201010536046.7A
Other languages
Chinese (zh)
Other versions
CN102469448A (en
Inventor
余万涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201010536046.7A priority Critical patent/CN102469448B/en
Priority to PCT/CN2011/076104 priority patent/WO2012062115A1/en
Publication of CN102469448A publication Critical patent/CN102469448A/en
Application granted granted Critical
Publication of CN102469448B publication Critical patent/CN102469448B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses the method, system and device of a kind of machine type communication Access Control.In the present invention program, after mobile communications network receives the access request that MTC device sends, it is judged that MTC device is associated with the identification module of MTC user the most, if it is, accept the access of MTC device, otherwise, the access of refusal MTC device.The scheme provided according to the present invention, mobile communications network is made only to accept MTC user and the access of MTC device of association, for refusal being accessed without the MTC user of association and MTC device, realize control and the management that MTC user and MTC device are accessed, effectively prevent MTC user's abuse to MTC device.

Description

A kind of method, system and device of machine type communication Access Control
Technical field
The present invention relates to machine type communication (Machine Type Communication, MTC) technology, particularly relate to one The method, system and device of machine type communication Access Control.
Background technology
MTC refers to employing wireless communication technology, it is achieved data communication between machine with machine, machine and people and exchanging The general name of a series of technology and combinations thereof.MTC has two layers of meaning: ground floor is meant that machine itself, is referred to as in built-in field Smart machine;The second layer is meant that the connection between machine and machine, is linked together by machine by network.The application of MTC Scope widely, such as intelligent measure, remotely monitoring, follow the tracks of, medical treatment etc., make human lives more intelligent.With traditional Interpersonal communication is compared, MTC device (MTC Device) enormous amount, and application is extensive, has huge market Prospect.
In MTC, main remotely connected technology includes global system for mobile communications (Global System for Mobile communications, GSM)/general packet radio service (General Packet Radio Service, GPRS)/UMTS (Universal Mobile Telecommunications System, UMTS) etc., closely Distance interconnection technique mainly has 802.11b/g, bluetooth, purple honeybee (Zigbee), RF identification (Radio Frequency Identification, RFID) etc..Owing to MTC incorporates radio communication and information technology, can be used for two-way communication, such as long distance From gather information, parameter it is set and sends instruction, therefore can realize different application schemes, such as safety monitoring, automatic vending, goods Thing tracking etc..The equipment related in nearly all daily life is likely to become potential service object.MTC provides and sets Standby real time data between the systems or transmit between remote equipment or and individual between set up the simple means of wireless connections.
The framework signal of MTC system is as it is shown in figure 1, MTC device is by 3GPP network and MTC server (MTC Server) Communicating, MTC server provides Machine To Machine (Machine to Machine, M2M) business for MTC user.
For MTC system, due to multiformity and the complexity of MTC application so that MTC application is difficult to have common spy Levy.Owing to there is diversified MTC application, every kind of MTC applies the device requirement for MTC device to be different, therefore exists In MTC system, different MTC device is likely to be of different functions of the equipments and capacity of equipment.
For MTC server, information to be received is not only required to be from legal MTC user, is also required to simultaneously It is from legal MTC device, accordingly, it would be desirable to the access of MTC user and MTC device can be controlled by 3GPP network.
At present, the Access Control mode of 3GPP network support includes: to the access of MTC user mode through safety certification Controlled;To MTC device, then by the way of setting up black and white lists, carry out Access Control.Though this Access Control mode So being easy to MTC user uses different MTC device to access 3GPP network in case of need, but this Access Control mode is only It is that MTC user or MTC device are separately carried out Access Control, it is impossible to effectively prevent MTC user from abusing MTC device.
Summary of the invention
In view of this, present invention is primarily targeted at provide a kind of method of machine type communication Access Control, system and Device, effectively prevents MTC user from abusing MTC device.
For solving above-mentioned technical problem, the technical scheme is that and be achieved in that:
A kind of method of machine type communication MTC Access Control, MTC device includes the identification module of MTC user, moves Dynamic communication network support MTC device associates with MTC user identification module, and the method includes: mobile communications network receives After the access request that MTC device sends, it is judged that MTC device is associated with described identification module the most, if it is, connect Accessed by MTC device, otherwise, the access of refusal MTC device.
Described judge that MTC device is associated with identification module the most before, farther include: MTC user is entered Row access authentication, or MTC user is carried out access authentication and MTC device is authenticated, authentication is by rear, it is judged that MTC device The most it is associated with described identification module.
Described judge that MTC device is associated with identification module the most, particularly as follows: judge access request is carried Whether MTC subscriber identity information and MTC device identity information meet the MTC device and MTC user identification module set up Incidence relation, if met, then accept the access of MTC device, otherwise, the access of refusal MTC device.
Whether the described MTC subscriber identity information judging to carry in access request and MTC device identity information meet built Vertical MTC device and the incidence relation of MTC user identification module, particularly as follows: incidence relation list based on storage judges MTC device identity information is associated with corresponding MTC subscriber identity information the most, sets if there is MTC in incidence relation list Standby identity information and the incidence relation of corresponding MTC subscriber identity information, then accept the access of MTC device, and otherwise, refusal MTC sets Standby access.
Described judge that MTC device is associated with identification module the most before, also include: MTC device is to mobile logical Communication network sends association request, after mobile communications network receives the association request that MTC device sends, it is judged that need the MTC of association Equipment is associated with the identification module of other MTC users the most, if it is, refuse this association request, otherwise, sets up Need the MTC device of association and the incidence relation of described identification module.
Described association request comprises MTC device identity information and MTC subscriber identity information, and described judgement needs association MTC device is associated with the identification module of other MTC users the most, particularly as follows: incidence relation list based on storage Judge that MTC device identity information is associated with other MTC subscriber identity informations the most, if incidence relation list exists MTC device identity information and the incidence relation of MTC subscriber identity information, then refuse this association request, if incidence relation list In there is not the incidence relation of MTC device identity information and MTC subscriber identity information, then set up the MTC device needing association with The incidence relation of described identification module, and update incidence relation list.
The method also includes: after mobile communications network receives the cancellation association request that MTC device sends, it is judged that need to nullify The MTC device of association is associated with identification module the most, if it is, nullify MTC device and described identification mould The incidence relation of block, otherwise, refuses this cancellation association request.
Described cancellation association request comprises MTC subscriber identity information and MTC device identity information, and described judgement needs to nullify The MTC device of association is associated with identification module the most, particularly as follows: incidence relation list based on storage judges MTC Equipment identity information is associated with MTC subscriber identity information the most, if there is MTC device identity letter in incidence relation list Breath and the incidence relation of MTC subscriber identity information, then cancellation MTC device and the incidence relation of described identification module, and more , if there is not associating of MTC device identity information and MTC subscriber identity information in incidence relation list in new incidence relation list Relation, then refuse this cancellation association request.
A kind of system of machine type communication Access Control, including: comprise the MTC device of MTC user identification module, use In sending access request to mobile communications network;For the functional entity of MTC Access Control, it is positioned at described mobile communications network, For judging that described MTC device is associated with described identification module the most, if it is, access MTC device;Otherwise, The access of refusal MTC device.
Described MTC device is additionally operable to: send association request to described mobile communications network;Described for MTC Access Control Functional entity be additionally operable to: receive described MTC device send association request, it is judged that need association MTC device the most with The identification module of other MTC users is associated, if it is, refuse this association request, sets if it is not, then set up MTC The standby incidence relation with described identification module.
Described MTC device is additionally operable to: sends to described mobile communications network and nullifies association request;Described for MTC access The functional entity controlled is additionally operable to: receive the cancellation association request that MTC device sends, it is judged that need to nullify the MTC device of association The most it is associated with identification module, if it is, nullify the incidence relation of MTC device and described identification module, If it is not, then refuse this cancellation association request.
The described functional entity for MTC Access Control is additionally operable to: MTC user is carried out access authentication, or to MTC user Carry out access authentication and MTC device authenticated, authentication by rear, it is judged that MTC device the most with described identification mould Block is associated.
A kind of device of machine type communication Access Control, including: receive unit, for receiving the access that MTC device sends Request Concurrency gives access judging unit, carries MTC subscriber identity information and MTC device identity information in this access request; Access judging unit, for judging that MTC device is associated with the identification module of MTC user the most, if it is, accept The access of MTC device, otherwise, the access of refusal MTC device.
Described device farther includes: unit is set up in association, and described reception unit is additionally operable to: receive what MTC device sent Association request is also sent to association and sets up unit;Unit is set up in described association, for having judged the MTC device of needs association the most It is associated with the identification module of other MTC users, if it is, refuse this association request, if it is not, then set up MTC Equipment and the incidence relation of identification module.
Described device farther includes: unit is nullified in association, and described reception unit is additionally operable to: receive what MTC device sent Nullify association request and be sent to association cancellation unit;Unit is nullified in described association, for judging that the MTC needing to nullify association sets For being the most associated with the identification module of MTC user, if it is, nullify MTC device and described identification module Incidence relation, if it is not, then refuse this cancellation association request.
Described access judging unit is additionally operable to: MTC user carries out access authentication, or MTC user is carried out access authentication Authenticating with to MTC device, authentication is by rear, it is judged that MTC device is associated with MTC user the most.
The scheme provided according to the present invention, after mobile communications network receives the access request that MTC device sends, it is judged that MTC Equipment is associated with the identification module of MTC user the most, if it is, accept the access of MTC device, otherwise, and refusal The access of MTC device so that mobile communications network only accepts MTC user and the access of MTC device of association, for without association MTC user and MTC device refusal is accessed, it is achieved the control that MTC user and MTC device are accessed and management, effectively prevent The MTC user abuse to MTC device.
It addition, the incidence relation of MTC device with legal MTC user can also be safeguarded by mobile communications network, convenient Control that MTC user and MTC device are accessed by mobile communications network and management.
Accompanying drawing explanation
Fig. 1 is the configuration diagram of MTC system;
Fig. 2 is MTC Access Control schematic flow sheet in the present invention;
Fig. 3 is the structural representation of MTC access control system in the present invention;
Fig. 4 is that in the present invention, MTC device is set up MTC device and associated with the identification module of MTC user when being initially accessed The schematic flow sheet of relation;
Fig. 5 is the schematic flow sheet nullifying MTC device and the identification module incidence relation of MTC user in the present invention;
Fig. 6 is the structural representation of MTC access control apparatus in the present invention.
Detailed description of the invention
For MTC server, information to be received is not only required to be from legal MTC user, is also required to simultaneously It it is the legal MTC device from legal MTC user.Therefore, in MTC system, considering MTC device and the legitimacy of MTC user In the case of, in addition it is also necessary to consider the relation between legal MTC device and legal MTC user further, effectively to prevent MTC user Abuse MTC device.
Fig. 2 is Access Control schematic flow sheet in MTC in the present invention, as in figure 2 it is shown, concrete process includes:
Step 201: mobile communications network receives the access request that MTC device sends, and this MTC device includes MTC user Identification module.
When MTC device needs accessing mobile communication network, send access request to mobile communications network, in this access request Carry MTC subscriber identity information and MTC device identity information;Mobile communications network receives this access request, this mobile communication Network support MTC device associates with MTC user identification module.
Described MTC device is MTC user's equipment for machine type communication, and the identification module of MTC user is arranged on In MTC device.Described mobile communications network can be specifically 3GPP network or 3GPP2 network.The identification module of MTC user It is specifically as follows user identification module (Subscriber Identity Module, SIM), universal subscriber identity identification mould Block (Universal Subscriber Identity Module, USIM), IP multimedia service identification module (IP Multimedia Service Identity Module, ISIM), may be located on a smart card, as general integrated in being positioned at In circuit card (Universal Integrated Circuit Card, UICC).MTC subscriber identity information can be that identity is known International mobile subscriber identity (the International Mobile Subscriber Identification of other module Number, IMSI) or for the MTC identification information of MTC User Identity.MTC device identity information can be equipment International mobile equipment identification number (International Mobile Equipment Identity number, IMEI) or use MTC identification information in MTC device identity.
After mobile communications network receives the access request that MTC sends, MTC user is carried out access authentication, or to MTC user Carrying out access authentication and authenticate MTC device, authentication by rear, then shows that MTC user or MTC user and MTC device are Legal, then proceed to perform step 202.
Step 202: mobile communications network judges that MTC device is associated with MTC user the most, i.e. MTC device is the most It is associated with the identification module of MTC user, if it is, mobile communications network accepts the access of MTC device, MTC device Accessing mobile communication network;Otherwise, the access of mobile communications network refusal MTC device, can return to MTC device further and refuse Access absolutely message.
Mobile communications network judges whether are the MTC subscriber identity information that carries in access request and MTC device identity information Meeting the incidence relation of MTC device and the MTC user identification module set up, i.e. based on storage incidence relation list is sentenced Disconnected MTC device identity information is associated with corresponding MTC subscriber identity information the most, if it is, i.e. deposit in incidence relation list At the incidence relation of MTC device identity information Yu corresponding MTC subscriber identity information, then show that MTC device is legal MTC user Legal MTC device, mobile communications network accepts the access of MTC device, MTC device accessing mobile communication network;If it is not, i.e. Incidence relation list does not exist the incidence relation of MTC device identity information and corresponding MTC subscriber identity information, then shows MTC Equipment is not the legal MTC device of legal MTC user, the access of mobile communications network refusal MTC device.Described MTC device connects Enter mobile communications network to refer to: after MTC device is by the certification of mobile communications network, is allowed access to mobile communications network and makes Use relevant communication services.
Description according to above flow process is visible, and mobile communications network only accepts the MTC user of association and connecing of MTC device Enter, for refusal being accessed without the MTC user of association and MTC device.
Mobile communications network receives after the association request of MTC device, will need pass according to carry in association request Connection MTC subscriber identity information and MTC device identity information, it is judged that need association MTC device the most with other MTC users Identification module be associated, i.e. based on storage incidence relation list judge MTC device identity information the most with other MTC subscriber identity information is associated, if it is, i.e. there is MTC device identity information and MTC user identity in incidence relation list The incidence relation of information, then refuse this association request, if it is not, i.e. there is not MTC device identity letter in incidence relation list Breath and the incidence relation of MTC subscriber identity information, then accept this association request, set up the MTC device needing association and MTC user The incidence relation of identification module, updates the incidence relation list of storage.Described MTC device can be to need the MTC of association The MTC device that equipment, i.e. MTC user are associated by needs sends association request;Can also for MTC subscriber identity information institute The MTC device that the MTC user of mark is associated, i.e. MTC user sends association request by MTC device the most associated there, To be associated with other MTC device.As can be seen here, in the present invention, a MTC device can only be known with the identity of a MTC user Other module is associated;The identification module of one MTC user can associate multiple MTC device.
The most visible, for providing the mobile communications network of communication service to remove between MTC device and MTC server Outside existing network function, also need to comprise the functional entity for MTC Access Control, specifically include: MTC subscription authentication function, Or MTC subscription authentication function and MTC device authentication functions, and MTC user and MTC device associate management function, such as Fig. 3 institute Show.In MTC access control system shown in Fig. 3, the MTC device comprising MTC user identification module and be positioned at mobile communication The functional entity for MTC Access Control of network, wherein, MTC device is for sending access request to mobile communications network;With In the functional entity of MTC Access Control, for judging that MTC device is associated with the identification module of MTC user the most, as Fruit is then to access MTC device;Otherwise, the access of MTC device is refused.For the function of MTC Access Control in mobile communications network The concrete structure of entity will be described in detail in the Fig. 6 below.
For the functional entity of MTC Access Control, it is additionally operable to MTC user is carried out access authentication, or MTC user is carried out Access authentication and MTC device is authenticated, authentication is by rear, it is judged that MTC device the most with the identification mould of MTC user Block is associated.
MTC device is additionally operable to send association request to mobile communications network or nullify association request;For MTC Access Control Functional entity be additionally operable to set up or nullify the incidence relation of MTC device and MTC user identification module, the association to storage Relation list is managed and safeguards.Specifically, the functional entity for MTC Access Control is used for receiving what MTC device sent Association request, it is judged that need the MTC device of association to be the most associated with the identification module of other MTC users, if it is, Then refuse this association request, if it is not, then set up the incidence relation of MTC device and MTC user identification module, further For updating the incidence relation list of storage.Functional entity for MTC Access Control is used for receiving the cancellation that MTC device sends Association request, it is judged that need the MTC device nullifying association to be the most associated with the identification module of MTC user, if it is, Then nullify the incidence relation of MTC device and MTC user identification module, be further used for updating the incidence relation row of storage Table, if it is not, then refuse this cancellation association request.
Fig. 4 is that in the present invention, MTC device is set up MTC device and associated with the identification module of MTC user when being initially accessed The schematic flow sheet of relation, as shown in Figure 4, concrete process includes:
Step 400: when comprising the first accessing mobile communication network of MTC device of MTC user identification module, first exist MTC user's access authentication that communication network is supported is moved between mobile communications network and MTC device.MTC user accesses mirror Weighing identical with the mobile phone user authentication process of existing mobile communications network, such as, MTC device sends to mobile communications network MTC subscriber identity information, mobile communications network data base's such as home subscriber server (Home Subscriber Server, HSS) searching relevant information in, generate one group of Ciphering Key, be sent to mobile management entity (MME), MME selects one of them to reflect Weight vector carries out bi-directional authentification to MTC user, and authentication is by rear, then it is assumed that MTC user is legal.
Step 401:MTC user is by after access authentication, and MTC device is authenticated by mobile communications network.MTC device is reflected Power can use existing various device authentication mode, as used digital certificate authentication mode etc..
After step 402:MTC equipment is by authentication, MTC device sends MTC device and MTC user's phase to mobile communications network The association request of association, carries MTC device identity information and the MTC subscriber identity information needing association in this association request. MTC subscriber identity information can be IMSI or the MTC identification information for MTC User Identity.MTC device identity is believed Breath can be IMEI or the MTC identification information for MTC device identity.
Step 403: after mobile communications network receives the association request that MTC device sends, according to MTC device identity information and MTC subscriber identity information inspection storage incidence relation list, it is judged that MTC device identity information the most with other MTC users Identity information is associated, if it is, i.e. there is MTC device identity information and MTC subscriber identity information in incidence relation list Incidence relation, then show that MTC device is associated with the identification module of other MTC users, refuse this association request, if Not, incidence relation list does not i.e. exist the incidence relation of MTC device identity information and MTC subscriber identity information, then shows MTC device is not associated with the identification module of other MTC users, and no matter the identification module of MTC user closes the most Join other MTC device, all accepted this association request, set up the incidence relation of MTC device and MTC user identification module, And update the incidence relation list of storage, will add to incidence relation list by this incidence relation.
Step 404: mobile communications network, to MTC device feeding back confirmation message, notifies MTC device association results.
It addition, except when MTC device shown in Fig. 4 is initially accessed by mobile communications network by its identification with MTC user Outside the flow process that module is associated;Can also be that MTC user is sent to mobile communications network by MTC device the most associated there Association request, other MTC device are associated by request mobile communications network with this MTC user, i.e. MTC device access mobile communication After network, MTC user sends association request by this MTC device, carries the MTC device body needing association in this association request Part information and MTC subscriber identity information;Mobile communications network judge need association MTC device the most with other MTC users Identification module be associated, to determine whether to set up the incidence relation of MTC device and MTC user identification module.Institute State the concrete processing procedure of MTC device accessing mobile communication network as shown in Figure 2.
In the flow process that the above MTC device is associated with the identification module of MTC user, set without the MTC of association For being associated with the identification module of any MTC user.
Mobile communications network can also nullify the incidence relation of MTC device and MTC user identification module, such as Fig. 5 institute Showing, the concrete process nullifying the MTC device identification module incidence relation with MTC user includes:
Step 500:MTC equipment accessing mobile communication network, concrete processing procedure is as shown in Figure 2.
Step 501:MTC user sends cancellation association request by MTC device to mobile communications network, and this cancellation association please The MTC device identity information and MTC subscriber identity information needing to nullify association is carried in asking.MTC subscriber identity information is permissible It is IMSI or the MTC identification information for MTC User Identity.MTC device identity information can be IMEI or for The MTC identification information of MTC device identity.The MTC device sending cancellation association request can be to need to nullify and MTC The MTC device that the identification module of user is associated, it is also possible to be other MTC device, MTC user is noted by this MTC device Sell other MTC device of its association.
Step 502: after mobile communications network receives the cancellation association request that MTC device sends, believes according to MTC device identity The MTC device of breath and MTC subscriber identity information inspection storage and the linked list of MTC user identification module, it is judged that association Whether relation list exists the incidence relation of MTC device identity information and corresponding MTC subscriber identity information, if it does, note Pin MTC device and the incidence relation of MTC user identification module, and update the incidence relation list of storage, will this association Relation is deleted from incidence relation list;If it does not exist, then do not process.
Step 503: mobile communications network nullifies association results to MTC device feeding back confirmation message, notice MTC device.
Fig. 6 is the structural representation of MTC access control apparatus in the present invention, and as shown in Figure 6, this device includes: receive single Unit and access judging unit, wherein, receive access request that unit sends for receiving MTC device and be sent to access judge single Unit, carries MTC subscriber identity information and MTC device identity information in this access request;Access judging unit to be used for judging MTC Equipment is associated with the identification module of MTC user the most, if it is, accept the access of MTC device, otherwise, and refusal The access of MTC device.
Access judging unit is additionally operable to: MTC user carries out access authentication, or MTC user carries out access authentication and right MTC device authenticates, and authentication is by rear, it is judged that MTC device is associated with the identification module of MTC user the most.Connect Enter judging unit and realize the MTC subscription authentication function shown in Fig. 3 or MTC subscription authentication function and MTC device authentication functions.
MTC access control apparatus also includes: unit is set up in association, receives unit and is additionally operable to receive the pass that MTC device sends Connection request Concurrency is given association and is set up unit;Association set up unit for judge need association MTC device the most with other The identification module of MTC user is associated, if it is, refuse this association request, if it is not, then set up MTC device with The incidence relation of MTC user identification module, is further used for updating the incidence relation list of storage.
MTC access control apparatus also includes: unit is nullified in association, receives unit and is additionally operable to receive the note that MTC device sends Pin association request is also sent to association cancellation unit;For the MTC device that judges to need to nullify association whether association nullifies unit It is associated with the identification module of MTC user, if it is, nullify the pass of MTC device and MTC user identification module Connection relation, is further used for updating the incidence relation list of storage, if it is not, then refuse this cancellation association request.
Association is set up unit and associate and nullifies unit and realize the MTC user shown in Fig. 3 and MTC device associate management merit Energy.
The above, only presently preferred embodiments of the present invention, be not intended to limit protection scope of the present invention, all Any amendment, equivalent and the improvement etc. made within the spirit and principles in the present invention, should be included in the protection of the present invention Within the scope of.

Claims (13)

1. a method for machine type communication MTC Access Control, MTC device includes the identification module of MTC user, and it is special Levying and be, mobile communications network support MTC device associates with MTC user identification module, and the method includes:
Mobile communications network receive MTC device send access request after, it is judged that MTC device the most with described identification mould Block is associated, if it is, accept the access of MTC device, otherwise, and the access of refusal MTC device;
Wherein, described judge that MTC device is associated with identification module the most before, also include: MTC device is to mobile logical Communication network sends association request, after mobile communications network receives the association request that MTC device sends, it is judged that need the MTC of association Equipment is associated with the identification module of other MTC users the most, if it is, refuse this association request, otherwise, sets up Need the MTC device of association and the incidence relation of described identification module.
Method the most according to claim 1, it is characterised in that described judge MTC device the most with identification module Before being associated, farther include:
MTC user carrying out access authentication, or MTC user carries out access authentication and authenticates MTC device, authentication is passed through After, it is judged that MTC device is associated with described identification module the most.
Method the most according to claim 1, it is characterised in that described judge MTC device the most with identification module It is associated, particularly as follows:
Judge whether the MTC subscriber identity information carried in access request and MTC device identity information meet the MTC set up and set The standby incidence relation with MTC user identification module, if met, then accepts the access of MTC device, and otherwise, refusal MTC sets Standby access.
Method the most according to claim 3, it is characterised in that the MTC user identity carried in described judgement access request Whether information and MTC device identity information meet the incidence relation of MTC device and the MTC user identification module set up, Particularly as follows:
Incidence relation list based on storage judges that MTC device identity information is the most relevant to corresponding MTC subscriber identity information Connection, if there is the incidence relation of MTC device identity information and corresponding MTC subscriber identity information in incidence relation list, then connects Accessed by MTC device, otherwise, the access of refusal MTC device.
Method the most according to claim 1, it is characterised in that described association request comprises MTC device identity information and MTC Subscriber identity information, the described MTC device judging to need to associate is the most relevant to the identification module of other MTC users Connection, particularly as follows:
Incidence relation list based on storage judges that MTC device identity information is the most relevant to other MTC subscriber identity informations Connection, if there is the incidence relation of MTC device identity information and MTC subscriber identity information in incidence relation list, then refusal should Association request, if incidence relation list does not exist the incidence relation of MTC device identity information and MTC subscriber identity information, Then set up the incidence relation of MTC device and the described identification module needing association, and update incidence relation list.
6. according to the arbitrary described method of claim 1 to 5, it is characterised in that the method also includes:
After mobile communications network receives the cancellation association request that MTC device sends, it is judged that whether the MTC device of needs cancellation association It is associated with identification module, if it is, nullify the incidence relation of MTC device and described identification module, otherwise, Refuse this cancellation association request.
Method the most according to claim 6, it is characterised in that described cancellation association request comprises MTC subscriber identity information With MTC device identity information, the described MTC device judging to need cancellation association is associated with identification module the most, tool Body is:
Incidence relation list based on storage judges that MTC device identity information is associated with MTC subscriber identity information the most, as Incidence relation list really exists the incidence relation of MTC device identity information and MTC subscriber identity information, then nullifies MTC device With the incidence relation of described identification module, and update incidence relation list, set if incidence relation list does not exist MTC Standby identity information and the incidence relation of MTC subscriber identity information, then refuse this cancellation association request.
8. the system of a machine type communication Access Control, it is characterised in that including:
Comprise the MTC device of MTC user identification module, for sending access request to mobile communications network;
For the functional entity of MTC Access Control, it is positioned at described mobile communications network, is used for having judged described MTC device the most It is associated with described identification module, if it is, access MTC device;Otherwise, the access of MTC device is refused;
Wherein, described MTC device is additionally operable to: send association request to described mobile communications network;Described for MTC Access Control Functional entity be additionally operable to: receive described MTC device send association request, it is judged that need association MTC device the most with The identification module of other MTC users is associated, if it is, refuse this association request, sets if it is not, then set up MTC The standby incidence relation with described identification module.
System the most according to claim 8, it is characterised in that
Described MTC device is additionally operable to: sends to described mobile communications network and nullifies association request;
The described functional entity for MTC Access Control is additionally operable to: receive the cancellation association request that MTC device sends, it is judged that need The MTC device of association to be nullified is associated with identification module the most, if it is, nullify MTC device and described identity The incidence relation of identification module, if it is not, then refuse this cancellation association request.
The most according to Claim 8 to 9 arbitrary described systems, it is characterised in that
The described functional entity for MTC Access Control is additionally operable to: MTC user carries out access authentication, or carries out MTC user Access authentication and MTC device is authenticated, authentication is by rear, it is judged that MTC device the most with described identification module phase Association.
The device of 11. 1 kinds of machine type communication Access Controls, it is characterised in that including:
Receive unit, for receiving the access request of MTC device transmission and being sent to access judging unit, this access request is taken With MTC subscriber identity information and MTC device identity information;
Access judging unit, for judging that MTC device is associated with the identification module of MTC user the most, if it is, Accept the access of MTC device, otherwise, the access of refusal MTC device;
Described device farther includes: unit is set up in association;Described reception unit is additionally operable to: receive the association that MTC device sends Request Concurrency is given association and is set up unit;Unit is set up in described association, for judge need association MTC device the most with its The identification module of he MTC user is associated, if it is, refuse this association request, if it is not, then set up MTC device Incidence relation with identification module.
12. devices according to claim 11, it is characterised in that described device farther includes: unit is nullified in association,
Described reception unit is additionally operable to: receives the cancellation association request of MTC device transmission and is sent to association cancellation unit;
Unit is nullified in described association, for the MTC device that judges to need to nullify association the most with the identification mould of MTC user Block is associated, if it is, nullify the incidence relation of MTC device and described identification module, if it is not, then refuse this note Pin association request.
13. according to the arbitrary described device of claim 11 to 12, it is characterised in that described access judging unit is additionally operable to:
MTC user carrying out access authentication, or MTC user carries out access authentication and authenticates MTC device, authentication is passed through After, it is judged that MTC device is associated with MTC user the most.
CN201010536046.7A 2010-11-08 2010-11-08 A kind of method, system and device of machine type communication Access Control Expired - Fee Related CN102469448B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201010536046.7A CN102469448B (en) 2010-11-08 2010-11-08 A kind of method, system and device of machine type communication Access Control
PCT/CN2011/076104 WO2012062115A1 (en) 2010-11-08 2011-06-22 Method, system and apparatus for access control of machine type communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010536046.7A CN102469448B (en) 2010-11-08 2010-11-08 A kind of method, system and device of machine type communication Access Control

Publications (2)

Publication Number Publication Date
CN102469448A CN102469448A (en) 2012-05-23
CN102469448B true CN102469448B (en) 2016-12-28

Family

ID=46050368

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010536046.7A Expired - Fee Related CN102469448B (en) 2010-11-08 2010-11-08 A kind of method, system and device of machine type communication Access Control

Country Status (2)

Country Link
CN (1) CN102469448B (en)
WO (1) WO2012062115A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104661220B (en) * 2015-03-13 2019-02-26 中国联合网络通信集团有限公司 A kind of method and device for realizing authentication process

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1829386A (en) * 2006-02-14 2006-09-06 邵毅 Wireless mobile apparatus and user identity binding system
CN101022672A (en) * 2007-02-16 2007-08-22 华为技术有限公司 Method and system for testing mobile user legality
CN101198121A (en) * 2007-12-28 2008-06-11 中国移动通信集团四川有限公司 Authentication method for limiting mobile phone without using by others

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100379315C (en) * 2005-06-21 2008-04-02 华为技术有限公司 Method for carrying out authentication on user terminal
US20090217038A1 (en) * 2008-02-22 2009-08-27 Vesa Petteri Lehtovirta Methods and Apparatus for Locating a Device Registration Server in a Wireless Network
US9628474B2 (en) * 2008-11-17 2017-04-18 Sierra Wireless, Inc. Method and apparatus for associating identity modules and terminal equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1829386A (en) * 2006-02-14 2006-09-06 邵毅 Wireless mobile apparatus and user identity binding system
CN101022672A (en) * 2007-02-16 2007-08-22 华为技术有限公司 Method and system for testing mobile user legality
CN101198121A (en) * 2007-12-28 2008-06-11 中国移动通信集团四川有限公司 Authentication method for limiting mobile phone without using by others

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
(Release 10).《3GPP TR 23.888 V1.0.0》.2010, *
3GPP.3rdGeneration Partnership Project *
System Improvements for Machine-Type Communications *
Technical Specification Group Services and System Aspects *

Also Published As

Publication number Publication date
WO2012062115A1 (en) 2012-05-18
CN102469448A (en) 2012-05-23

Similar Documents

Publication Publication Date Title
CN102550062B (en) Method and system for user authentication by means of a cellular mobile radio network
US8265599B2 (en) Enabling and charging devices for broadband services through nearby SIM devices
CN102036222B (en) Method and system for changing M2M equipment selected home operator
CN102111766B (en) Network accessing method, device and system
CN103380613B (en) The control method of wireless terminal device, messaging device, communication system and wireless terminal device
CN103109259A (en) Location-aware mobile connectivity and information exchange system
CN105282868B (en) System and method for WiFi network to be temporarily added
CN103339974A (en) Provisioning of subscriber identity module
CN104871511A (en) Device authentication by tagging
CN104468565B (en) The login method and system of Wi-Fi hotspot
CN106559783A (en) A kind of authentication method to WIFI network, device and system
EP3675541A1 (en) Authentication method and device
CN102026149A (en) Method and system for changing selected home operators of M2M equipment
CN109618392A (en) Method, apparatus, equipment and the computer readable storage medium of network share
CN102076124A (en) System, method and equipment for changing signature data
CN105554845B (en) A kind of method of access, router and terminal
WO2002021835A1 (en) Information delivery system and method therefor
CN1717638A (en) Method for authenticating and charging a subscriber of a radio network
CN105530714B (en) MIFI communications service system and its MIFI and communication means
CN102026193A (en) System and method for providing machine communication identity module for machine to machine equipment (M2ME)
CN102469448B (en) A kind of method, system and device of machine type communication Access Control
US20050102519A1 (en) Method for authentication of a user for a service offered via a communication system
CN102026150B (en) The method and system that a kind of M2M equipment home network operator changes
CN103731425B (en) Network wireless terminal connection control method and system
CN106330899A (en) Private cloud device account management method and system, electronic device and server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20161228

Termination date: 20211108

CF01 Termination of patent right due to non-payment of annual fee