EP1749413A1 - Procede pour optimaliser des processus de reconfiguration dans un reseau de telephonie mobile comprenant des terminaux reconfigurables - Google Patents

Procede pour optimaliser des processus de reconfiguration dans un reseau de telephonie mobile comprenant des terminaux reconfigurables

Info

Publication number
EP1749413A1
EP1749413A1 EP05749111A EP05749111A EP1749413A1 EP 1749413 A1 EP1749413 A1 EP 1749413A1 EP 05749111 A EP05749111 A EP 05749111A EP 05749111 A EP05749111 A EP 05749111A EP 1749413 A1 EP1749413 A1 EP 1749413A1
Authority
EP
European Patent Office
Prior art keywords
access
network
protected memory
data
memory area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP05749111A
Other languages
German (de)
English (en)
Inventor
Rainer Falk
Eiman Bushra Mohyeldin
Christoph Niedermeier
Reiner Schmid
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Solutions and Networks GmbH and Co KG
Original Assignee
Siemens AG
Nokia Siemens Networks GmbH and Co KG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG, Nokia Siemens Networks GmbH and Co KG filed Critical Siemens AG
Publication of EP1749413A1 publication Critical patent/EP1749413A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/16Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
    • H04W28/18Negotiating wireless communication parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • H04W8/245Transfer of terminal data from a network towards a terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the invention relates to a method for optimizing reconfiguration processes in mobile radio networks with reconfigurable end devices, within the scope of which technical devices of the mobile radio operator collect measurement data relating to the behavior of the mobile radio device, summarize them and make them available in a suitable manner to third parties for evaluation, whereby reconfigurable end devices denote those mobile radio devices in which, in particular, the use of a new radio technology not previously supported by the device is carried out by exchanging software which configures the transceiver of the terminal.
  • SDR software defined radio
  • Properties such as the energy consumption of certain radio modes, the time required for the reconfiguration or the size of the software required for a new mode, which may have to be loaded from a server onto the terminal before it can be reconfigured, are intended, however not be available to all partners involved in the operation of the mobile network and the application services offered. In particular, it is intended to prevent competing manufacturers from gaining insight into such information. However, certain participants should be given controlled access to selected states and properties of the terminal.
  • the object on which the invention is based is now to specify a method for optimizing reconfiguration processes in mobile radio networks with reconfigurable end devices and a corresponding arrangement in which data relating to reconfigurable end devices is provided by the network operator, for example, to the respective device manufacturer in a manner be made available to relieve the load on the radio interface and with regard to the signal relief of the network infrastructure can be achieved.
  • the invention relates essentially to access-protected memory areas on network elements located in the network of an operator and supporting the reconfiguration of SDR terminals in combination with methods for protected data transmission, which preferably mechanisms for authentication and authorization of the communication partners as well as for the protected communication, in particular the Protection of integrity and confidentiality.
  • Such access-protected data either originate from the terminal and are transmitted to the radio access network (RAN) in the course of negotiations and temporarily stored there, or they are generated directly in the RAN as part of processes relating to the terminal.
  • RAN radio access network
  • Another important aspect of the invention lies in the generation and management of access-protected memory areas in the network. This advantageously reduces the load on the radio interface and also relieves the network infrastructure in terms of signaling.
  • Figure 2 is an illustration for explaining a second embodiment of the invention.
  • FIG. 1 is an illustration for explaining a first exemplary embodiment of the invention with respective access-protected memory areas XA, ⁇ A and ZA in a radio network controller (Engl. Radio Network Controller) RNCA, with respective access-protected memory areas XB, YB and ZB in a radio network controller RNCB and shown with respective access-protected memory areas XC, YC and ZC in a radio network controller RNCC, in the example the network element RNCA with two terminals T1 and T2A, the network element RNCB with three terminals T1B, T2B and T3B and the network element RNCB with two terminals T1C and T2C are.
  • RNCA Radio Network Controller
  • the network elements RNCA, RNCB and RNCC are connected or connectable to a further network element in the form of a so-called reconfiguration service gateway RGS, this further network element having an access control device AC and with terminal manufacturers X, Y and / or service providers -Provider) Z is connected or connectable.
  • the access-protected memory areas for the authorized users X, Y and Z are therefore set up on the RNCs in the Radio Access Network (RAN).
  • Each RNC stores data related to terminals registered with it locally.
  • the AC access control is responsible for the registration of authorized users and the receipt of access requests and carries out the necessary authentication procedures and, if successful, forwards access requests to the RNCs, which are responsible for encryption and transmission. fertilize the data to the authorized user.
  • This first embodiment of the invention is particularly scalable, since access-protected memory areas are created in a distributed manner and, when the mobile radio network is expanded, the number of units which can accommodate access-protected memory areas also increases accordingly.
  • FIG. 2 shows an illustration for explaining a second exemplary embodiment of the invention, this exemplary embodiment essentially differing from the first exemplary embodiment in that the access-protected memory areas XZ, YZ and ZZ for the access-authorized X, Y and Z are here centrally on the RSG or AC (not shown) are set up in the so-called core network of the mobile radio network.
  • the network elements RNCA, RNCB and RNCC each contain a data collector DCA, DCB and DCC and transmit data generated by them or originating from the terminal to the access control device AC.
  • this is not only responsible for the registration of authorized users and the receipt of access requests, but also for encryption and sending of the data to a server of the authorized users.
  • This embodiment of the invention relies on centralized data storage, which places all access-protected storage areas on the AC. When the mobile radio network is expanded, the access control AC must therefore be scaled accordingly in order to be able to handle the larger amounts of data that arise.
  • RAN radio access Network
  • terminal data generated on the terminal may be required in the RAN anyway.
  • Reading access by the terminal manufacturer Data generated in the context of monitoring the behavior of the terminal during reconfiguration processes should be made available to the manufacturer of the terminal for analysis and optimization. Data supplied by the terminal should only be readable with restrictions by the network operator.
  • Terminal profiles that describe the current configuration and reconfiguration options of terminals should be updated for one or more identical terminals, for example after a firmware update.
  • the network operator should have access to certain parts of the terminal profile for handover decisions.
  • the software should be certified in order to be able to detect manipulations by third parties that are dangerous for the functioning of the terminal.
  • the terminal rejects software that has not been certified correctly. This certification can optionally be implemented technically by a digital signature or by a cryptographically secured checksum.
  • the software can optionally be encrypted to prevent third parties from knowing it.
  • Read access by the service provider Data generated in the context of monitoring the behavior of application services should be made available to the service provider for analysis and optimization. Data supplied by the application running on the terminal should only be readable to a limited extent by the network operator.
  • Service profiles that describe the current configuration and reconfiguration options of services should be updated for a service.
  • the network operator should have access to certain parts of the service profile for handover decisions.
  • New application software is to be loaded onto the terminal in order to replace faulty software or to enable new features, such as support for new multimedia standards.
  • the software is said to be certified for the functioning of the Application to detect dangerous manipulations by third parties. Software that is not correctly certified will be rejected. This certification can optionally be implemented technically by a digital signature or by a cryptographically secured checksum. Furthermore, the software can optionally be encrypted to prevent third parties from knowing it.
  • the essential part of the invention consists in the use of access-protected memory areas in the network of the
  • Operator localized network elements supporting the reconfiguration of SDR terminals in combination with methods for protected data transmission preferably include methods for authentication and authorization check or authorization of the communication partners as well as for protected communication, in particular the protection of integrity and confidentiality.
  • Access-protected data of this type either originate from the terminal and are transferred to the RAN in the course of negotiations and temporarily stored there, or they are generated directly in the RAN as part of processes relating to the terminal.
  • These storage areas can be physically different, i.e. the assigned address areas are different or logically different.
  • a logical storage area in this case represents a special view of one or more physical storage areas.
  • Another aspect of the invention is the generation and management of access-protected memory areas by the Network operators.
  • the network operator generates such an access-protected memory area for each authorized user. Access rights are assigned to each storage area.
  • An access-authorized person is assigned security parameters (credentials) that are required for the procedures used for protected data transmission. Security parameters are particularly required for the authentication of authorized users and for securing data communication. Since data that the authorized user wants to access always comes from certain data sources, e.g. from terminals or application services, or is at least related to them, an authentication feature is also required that enables the respective source to be assigned to the access-protected memory area.
  • This feature is agreed between the network operator and the authorized user and is specified by each data source as part of the registration in the RAN together with an identity feature specific to the source.
  • this method enables data sources to be assigned to a specific authorized user and thus to their access-protected memory area, and on the other hand it allows the data to be stored separately for each data source.
  • the access authorized contacts a server of the network operator with which the required authentication, eg. B. is carried out using the authentication features described above.
  • the authorized user sends a request specifying the type of access desired, ie which data should be transmitted, the frequency with which transfers and whether a one-time or periodic transfer should take place.
  • the network operator then sends the encrypted data to the server of the authorized user in accordance with the request.
  • the authorized user can optionally write data into the access-protected memory area that is used by the network operator for the reconfiguration or, if necessary, transferred to the terminal, for example software downloads.
  • the primary advantage of the described invention compared to solutions in which the data is transmitted from the terminal to a server via the radio interface is to relieve the radio interface. This is especially true for data generated by measurements in the RAN.
  • Terminal is relieved of this task.
  • Data from which conclusions can be drawn about the internal properties of the end device are particularly sensitive and therefore must not be transmitted unencrypted in the network to prevent unauthorized access.
  • This group of data includes, for example, measurement data, but also terminal profiles that describe the properties of the terminal hardware.
  • Access-protected memory areas can allow read access as well as write access. This makes it possible to load data from a server into the radio access network. This can involve updates of profiles or software that should be loaded onto the terminal at a suitable (possibly later) time.
  • the storage in access-protected memory areas in the RAN enables the decoupling of data transport in the network from transport via the radio interface. The mechanism and timing of the latter can be selected appropriately by the network operator depending on the load on the RAN or the terminal. In addition, the network operator can also access the stored information himself and use it to optimize reconfiguration processes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne essentiellement des zones de mémoire à accès protégé d'éléments de réseau qui sont localisés dans le réseau d'un utilisateur et qui supportent la reconfiguration de terminaux SDR, en association avec des procédés de transmission de données protégées, à savoir de préférence des procédés pour authentifier et autoriser les partenaires de communication ainsi que pour protéger les communications, en particulier pour protéger l'intégrité et la confidentialité. Les données à accès protégé proviennent du terminal et sont transmises dans le cadre de négociations au réseau d'accès radio (RAN) où elles sont stockées temporairement, ou bien lesdites données à accès protégé sont directement générées dans le RAN dans le cadre de processus liés au terminal. Cette invention concerne en outre la génération et l'administration de zones de mémoire à accès protégé par l'utilisateur de réseau, ce qui permet de décharger massivement l'interface hertzienne, et de décharger significativement l'infrastructure de réseau en termes de signalisation.
EP05749111A 2004-05-26 2005-05-23 Procede pour optimaliser des processus de reconfiguration dans un reseau de telephonie mobile comprenant des terminaux reconfigurables Withdrawn EP1749413A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102004025734A DE102004025734B4 (de) 2004-05-26 2004-05-26 Verfahren zur Optimierung von Rekonfigurationsprozessen in Mobilfunknetzwerken mit rekonfigurierbaren Endgeräten durch Sammlung und Bereitstellung geeigneter Messdaten sowie eine entsprechende Anordnung
PCT/EP2005/052344 WO2005117480A1 (fr) 2004-05-26 2005-05-23 Procede pour optimaliser des processus de reconfiguration dans un reseau de telephonie mobile comprenant des terminaux reconfigurables

Publications (1)

Publication Number Publication Date
EP1749413A1 true EP1749413A1 (fr) 2007-02-07

Family

ID=34969560

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05749111A Withdrawn EP1749413A1 (fr) 2004-05-26 2005-05-23 Procede pour optimaliser des processus de reconfiguration dans un reseau de telephonie mobile comprenant des terminaux reconfigurables

Country Status (5)

Country Link
US (1) US20080307531A1 (fr)
EP (1) EP1749413A1 (fr)
CN (1) CN1961598A (fr)
DE (1) DE102004025734B4 (fr)
WO (1) WO2005117480A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2016348413A1 (en) 2015-11-04 2018-04-26 Latch Systems, Inc. Systems and methods for controlling access to physical space
KR20200028338A (ko) 2017-05-17 2020-03-16 래치어블, 인크. 모니터링 및 컨시어지 서비스를 위한 확장가능 시스템들 및 방법들

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5887254A (en) * 1996-04-26 1999-03-23 Nokia Mobile Phones Limited Methods and apparatus for updating the software of a mobile terminal using the air interface
FI990461A0 (fi) * 1999-03-03 1999-03-03 Nokia Mobile Phones Ltd Menetelmä ohjelmiston lataamiseksi palvelimelta päätelaitteeseen
GB2359908B (en) * 2000-03-04 2004-09-15 Motorola Inc Communication system architecture and method of controlling data download to subscriber equipment
US6832373B2 (en) * 2000-11-17 2004-12-14 Bitfone Corporation System and method for updating and distributing information
GB0028463D0 (en) * 2000-11-22 2001-01-10 Univ Surrey Reconfiguration management architectures
ES2341314T3 (es) * 2001-11-05 2010-06-18 Nokia Corporation Envio de resultados de analisis de auto-rendimiento y operacional de una estacion movil a una red en respuesta a un mensaje de solicitud cifrado.
GB2392590B (en) * 2002-08-30 2005-02-23 Toshiba Res Europ Ltd Methods and apparatus for secure data communication links
US20040098715A1 (en) * 2002-08-30 2004-05-20 Parixit Aghera Over the air mobile device software management
US8677378B2 (en) * 2003-11-17 2014-03-18 Objective Interface Systems, Inc. Lightweight, high performance, remote reconfigurable communications terminal architecture
US20060253894A1 (en) * 2004-04-30 2006-11-09 Peter Bookman Mobility device platform
US7925715B2 (en) * 2005-03-14 2011-04-12 Qualcomm Incorporated Apparatus and methods for service programming of a wireless device on a wireless communications network
US7706778B2 (en) * 2005-04-05 2010-04-27 Assa Abloy Ab System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2005117480A1 *

Also Published As

Publication number Publication date
DE102004025734A1 (de) 2005-12-22
CN1961598A (zh) 2007-05-09
US20080307531A1 (en) 2008-12-11
WO2005117480A1 (fr) 2005-12-08
DE102004025734B4 (de) 2006-07-27

Similar Documents

Publication Publication Date Title
EP1566069B1 (fr) Systeme de test servant a verifier des processus de transmission au sein d'un reseau de telephonie mobile et procede d'authentification d'un telephone mobile a l'aide d'un systeme de test de ce type
EP2910039B1 (fr) Procédé pour introduire des données d'identité d'abonné dans un module d'identités d'abonné
EP1935198B1 (fr) Activation du matériel dans un système de management
DE102005021849A1 (de) Embedded-Kommunikationsendgerät
EP2548358B1 (fr) Méthode d'autorisation dynamique d'un dispositif de communication mobile
EP3314868A1 (fr) Système et procédé d'échange de données avec un laser ou une machine-outil
WO2019243054A1 (fr) Dispositif d'autorisation d'accès à un sous-réseau d'un réseau radio mobile
EP1554903B1 (fr) Systeme de transmission de messages et procede d'utilisation de cartes sim par acces a distance pour communications economiques entre des reseaux de radiotelephonie fixe et de telephonie mobile
EP1749413A1 (fr) Procede pour optimaliser des processus de reconfiguration dans un reseau de telephonie mobile comprenant des terminaux reconfigurables
DE602004004839T2 (de) System für den öffentlichen Internetzugang und Gerät zum Anschluss an die Zugangsleitung
EP1496664A2 (fr) Système, méthode et module de sécurité pour sécuriser l'accèss d'un utilisateur à au moins un composant d'automatisation d'un système d'automatisation
EP3772795A1 (fr) Enregistrement d'un appareil sur un dispositif de calcul
EP1302052A2 (fr) Procede de mise a disposition d'un module de programme dans un systeme de communication
EP1730981B1 (fr) Procede de detecteur d'erreur et d'assistance de decisions de reconfiguration dans des reseaux de telephonie mobile avec des terminaux reconfigurables et elements reseau et composants correspondants
DE102010032798A1 (de) Verfahren zur Einrichtung einer speicherprogrammierbaren Steuerung
EP3609211B1 (fr) Procédé mis en oeuvre sur ordinateur et serveur d'accès au réseau permettant de connecter un composant réseau à un réseau, en particulier à un réseau radio mobile, à l'aide des indicateurs d'accès au réseau avancés
EP3873052B1 (fr) Intégration d'un appareil dans un réseau virtuel multitenant d'un réseau industriel
EP2165459B1 (fr) Dispositif et procédé de traitement de flux de données
WO2021115629A1 (fr) Personnalisation d'un élément d'identification sécurisé
WO2000072544A2 (fr) Procede de transmission securisee de donnees protegees
DE10136384C2 (de) Vorrichtung zum rechnergesteuerten Erzeugen einer Vielzahl von Datensätzen
WO2015124317A1 (fr) Procédé de gestion à distance d'un élément de données mémorisé sur un élément de sécurité
DE102018008721A1 (de) Anbindung eines Endgeräts an einen Datendienst
DE20218416U1 (de) Testsystem zur Prüfung von Übertragungsvorgängen innerhalb eines Mobilfunknetzes
WO2005122006A1 (fr) Procede et ensemble pour acceder a un systeme de fichiers externe

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20061027

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: NOKIA SIEMENS NETWORKS GMBH & CO. KG

RAP3 Party data changed (applicant data changed or rights of an application transferred)

Owner name: NOKIA SIEMENS NETWORKS S.P.A.

RAP3 Party data changed (applicant data changed or rights of an application transferred)

Owner name: NOKIA SIEMENS NETWORKS GMBH & CO. KG

17Q First examination report despatched

Effective date: 20100429

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20100910