EP1749413A1 - Verfahren zur optimierung von rekonfigurationsprozessen in einem mobilfunknetzwerk mit rekonfigurierbaren endgeräten - Google Patents
Verfahren zur optimierung von rekonfigurationsprozessen in einem mobilfunknetzwerk mit rekonfigurierbaren endgerätenInfo
- Publication number
- EP1749413A1 EP1749413A1 EP05749111A EP05749111A EP1749413A1 EP 1749413 A1 EP1749413 A1 EP 1749413A1 EP 05749111 A EP05749111 A EP 05749111A EP 05749111 A EP05749111 A EP 05749111A EP 1749413 A1 EP1749413 A1 EP 1749413A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- access
- network
- protected memory
- data
- memory area
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/02—Arrangements for optimising operational condition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/16—Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
- H04W28/18—Negotiating wireless communication parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
- H04W8/245—Transfer of terminal data from a network towards a terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
Definitions
- the invention relates to a method for optimizing reconfiguration processes in mobile radio networks with reconfigurable end devices, within the scope of which technical devices of the mobile radio operator collect measurement data relating to the behavior of the mobile radio device, summarize them and make them available in a suitable manner to third parties for evaluation, whereby reconfigurable end devices denote those mobile radio devices in which, in particular, the use of a new radio technology not previously supported by the device is carried out by exchanging software which configures the transceiver of the terminal.
- SDR software defined radio
- Properties such as the energy consumption of certain radio modes, the time required for the reconfiguration or the size of the software required for a new mode, which may have to be loaded from a server onto the terminal before it can be reconfigured, are intended, however not be available to all partners involved in the operation of the mobile network and the application services offered. In particular, it is intended to prevent competing manufacturers from gaining insight into such information. However, certain participants should be given controlled access to selected states and properties of the terminal.
- the object on which the invention is based is now to specify a method for optimizing reconfiguration processes in mobile radio networks with reconfigurable end devices and a corresponding arrangement in which data relating to reconfigurable end devices is provided by the network operator, for example, to the respective device manufacturer in a manner be made available to relieve the load on the radio interface and with regard to the signal relief of the network infrastructure can be achieved.
- the invention relates essentially to access-protected memory areas on network elements located in the network of an operator and supporting the reconfiguration of SDR terminals in combination with methods for protected data transmission, which preferably mechanisms for authentication and authorization of the communication partners as well as for the protected communication, in particular the Protection of integrity and confidentiality.
- Such access-protected data either originate from the terminal and are transmitted to the radio access network (RAN) in the course of negotiations and temporarily stored there, or they are generated directly in the RAN as part of processes relating to the terminal.
- RAN radio access network
- Another important aspect of the invention lies in the generation and management of access-protected memory areas in the network. This advantageously reduces the load on the radio interface and also relieves the network infrastructure in terms of signaling.
- Figure 2 is an illustration for explaining a second embodiment of the invention.
- FIG. 1 is an illustration for explaining a first exemplary embodiment of the invention with respective access-protected memory areas XA, ⁇ A and ZA in a radio network controller (Engl. Radio Network Controller) RNCA, with respective access-protected memory areas XB, YB and ZB in a radio network controller RNCB and shown with respective access-protected memory areas XC, YC and ZC in a radio network controller RNCC, in the example the network element RNCA with two terminals T1 and T2A, the network element RNCB with three terminals T1B, T2B and T3B and the network element RNCB with two terminals T1C and T2C are.
- RNCA Radio Network Controller
- the network elements RNCA, RNCB and RNCC are connected or connectable to a further network element in the form of a so-called reconfiguration service gateway RGS, this further network element having an access control device AC and with terminal manufacturers X, Y and / or service providers -Provider) Z is connected or connectable.
- the access-protected memory areas for the authorized users X, Y and Z are therefore set up on the RNCs in the Radio Access Network (RAN).
- Each RNC stores data related to terminals registered with it locally.
- the AC access control is responsible for the registration of authorized users and the receipt of access requests and carries out the necessary authentication procedures and, if successful, forwards access requests to the RNCs, which are responsible for encryption and transmission. fertilize the data to the authorized user.
- This first embodiment of the invention is particularly scalable, since access-protected memory areas are created in a distributed manner and, when the mobile radio network is expanded, the number of units which can accommodate access-protected memory areas also increases accordingly.
- FIG. 2 shows an illustration for explaining a second exemplary embodiment of the invention, this exemplary embodiment essentially differing from the first exemplary embodiment in that the access-protected memory areas XZ, YZ and ZZ for the access-authorized X, Y and Z are here centrally on the RSG or AC (not shown) are set up in the so-called core network of the mobile radio network.
- the network elements RNCA, RNCB and RNCC each contain a data collector DCA, DCB and DCC and transmit data generated by them or originating from the terminal to the access control device AC.
- this is not only responsible for the registration of authorized users and the receipt of access requests, but also for encryption and sending of the data to a server of the authorized users.
- This embodiment of the invention relies on centralized data storage, which places all access-protected storage areas on the AC. When the mobile radio network is expanded, the access control AC must therefore be scaled accordingly in order to be able to handle the larger amounts of data that arise.
- RAN radio access Network
- terminal data generated on the terminal may be required in the RAN anyway.
- Reading access by the terminal manufacturer Data generated in the context of monitoring the behavior of the terminal during reconfiguration processes should be made available to the manufacturer of the terminal for analysis and optimization. Data supplied by the terminal should only be readable with restrictions by the network operator.
- Terminal profiles that describe the current configuration and reconfiguration options of terminals should be updated for one or more identical terminals, for example after a firmware update.
- the network operator should have access to certain parts of the terminal profile for handover decisions.
- the software should be certified in order to be able to detect manipulations by third parties that are dangerous for the functioning of the terminal.
- the terminal rejects software that has not been certified correctly. This certification can optionally be implemented technically by a digital signature or by a cryptographically secured checksum.
- the software can optionally be encrypted to prevent third parties from knowing it.
- Read access by the service provider Data generated in the context of monitoring the behavior of application services should be made available to the service provider for analysis and optimization. Data supplied by the application running on the terminal should only be readable to a limited extent by the network operator.
- Service profiles that describe the current configuration and reconfiguration options of services should be updated for a service.
- the network operator should have access to certain parts of the service profile for handover decisions.
- New application software is to be loaded onto the terminal in order to replace faulty software or to enable new features, such as support for new multimedia standards.
- the software is said to be certified for the functioning of the Application to detect dangerous manipulations by third parties. Software that is not correctly certified will be rejected. This certification can optionally be implemented technically by a digital signature or by a cryptographically secured checksum. Furthermore, the software can optionally be encrypted to prevent third parties from knowing it.
- the essential part of the invention consists in the use of access-protected memory areas in the network of the
- Operator localized network elements supporting the reconfiguration of SDR terminals in combination with methods for protected data transmission preferably include methods for authentication and authorization check or authorization of the communication partners as well as for protected communication, in particular the protection of integrity and confidentiality.
- Access-protected data of this type either originate from the terminal and are transferred to the RAN in the course of negotiations and temporarily stored there, or they are generated directly in the RAN as part of processes relating to the terminal.
- These storage areas can be physically different, i.e. the assigned address areas are different or logically different.
- a logical storage area in this case represents a special view of one or more physical storage areas.
- Another aspect of the invention is the generation and management of access-protected memory areas by the Network operators.
- the network operator generates such an access-protected memory area for each authorized user. Access rights are assigned to each storage area.
- An access-authorized person is assigned security parameters (credentials) that are required for the procedures used for protected data transmission. Security parameters are particularly required for the authentication of authorized users and for securing data communication. Since data that the authorized user wants to access always comes from certain data sources, e.g. from terminals or application services, or is at least related to them, an authentication feature is also required that enables the respective source to be assigned to the access-protected memory area.
- This feature is agreed between the network operator and the authorized user and is specified by each data source as part of the registration in the RAN together with an identity feature specific to the source.
- this method enables data sources to be assigned to a specific authorized user and thus to their access-protected memory area, and on the other hand it allows the data to be stored separately for each data source.
- the access authorized contacts a server of the network operator with which the required authentication, eg. B. is carried out using the authentication features described above.
- the authorized user sends a request specifying the type of access desired, ie which data should be transmitted, the frequency with which transfers and whether a one-time or periodic transfer should take place.
- the network operator then sends the encrypted data to the server of the authorized user in accordance with the request.
- the authorized user can optionally write data into the access-protected memory area that is used by the network operator for the reconfiguration or, if necessary, transferred to the terminal, for example software downloads.
- the primary advantage of the described invention compared to solutions in which the data is transmitted from the terminal to a server via the radio interface is to relieve the radio interface. This is especially true for data generated by measurements in the RAN.
- Terminal is relieved of this task.
- Data from which conclusions can be drawn about the internal properties of the end device are particularly sensitive and therefore must not be transmitted unencrypted in the network to prevent unauthorized access.
- This group of data includes, for example, measurement data, but also terminal profiles that describe the properties of the terminal hardware.
- Access-protected memory areas can allow read access as well as write access. This makes it possible to load data from a server into the radio access network. This can involve updates of profiles or software that should be loaded onto the terminal at a suitable (possibly later) time.
- the storage in access-protected memory areas in the RAN enables the decoupling of data transport in the network from transport via the radio interface. The mechanism and timing of the latter can be selected appropriately by the network operator depending on the load on the RAN or the terminal. In addition, the network operator can also access the stored information himself and use it to optimize reconfiguration processes.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102004025734A DE102004025734B4 (de) | 2004-05-26 | 2004-05-26 | Verfahren zur Optimierung von Rekonfigurationsprozessen in Mobilfunknetzwerken mit rekonfigurierbaren Endgeräten durch Sammlung und Bereitstellung geeigneter Messdaten sowie eine entsprechende Anordnung |
PCT/EP2005/052344 WO2005117480A1 (de) | 2004-05-26 | 2005-05-23 | Verfahren zur optimierung von rekonfigurationsprozessen in einem mobilfunknetzwerk mit rekonfigurierbaren endgeräten |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1749413A1 true EP1749413A1 (de) | 2007-02-07 |
Family
ID=34969560
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP05749111A Withdrawn EP1749413A1 (de) | 2004-05-26 | 2005-05-23 | Verfahren zur optimierung von rekonfigurationsprozessen in einem mobilfunknetzwerk mit rekonfigurierbaren endgeräten |
Country Status (5)
Country | Link |
---|---|
US (1) | US20080307531A1 (zh) |
EP (1) | EP1749413A1 (zh) |
CN (1) | CN1961598A (zh) |
DE (1) | DE102004025734B4 (zh) |
WO (1) | WO2005117480A1 (zh) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6937764B2 (ja) | 2015-11-04 | 2021-09-22 | ラチ,インコーポレイテッド | 物理空間へのアクセスを制御するためのシステムおよび方法 |
CA3062181A1 (en) | 2017-05-17 | 2018-11-22 | Latchable, Inc. | Scalable systems and methods for monitoring and concierge service |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5887254A (en) * | 1996-04-26 | 1999-03-23 | Nokia Mobile Phones Limited | Methods and apparatus for updating the software of a mobile terminal using the air interface |
FI990461A0 (fi) * | 1999-03-03 | 1999-03-03 | Nokia Mobile Phones Ltd | Menetelmä ohjelmiston lataamiseksi palvelimelta päätelaitteeseen |
GB2359908B (en) * | 2000-03-04 | 2004-09-15 | Motorola Inc | Communication system architecture and method of controlling data download to subscriber equipment |
US6832373B2 (en) * | 2000-11-17 | 2004-12-14 | Bitfone Corporation | System and method for updating and distributing information |
GB0028463D0 (en) * | 2000-11-22 | 2001-01-10 | Univ Surrey | Reconfiguration management architectures |
ES2341314T3 (es) * | 2001-11-05 | 2010-06-18 | Nokia Corporation | Envio de resultados de analisis de auto-rendimiento y operacional de una estacion movil a una red en respuesta a un mensaje de solicitud cifrado. |
GB2392590B (en) * | 2002-08-30 | 2005-02-23 | Toshiba Res Europ Ltd | Methods and apparatus for secure data communication links |
US20040098715A1 (en) * | 2002-08-30 | 2004-05-20 | Parixit Aghera | Over the air mobile device software management |
US8677378B2 (en) * | 2003-11-17 | 2014-03-18 | Objective Interface Systems, Inc. | Lightweight, high performance, remote reconfigurable communications terminal architecture |
US20060253894A1 (en) * | 2004-04-30 | 2006-11-09 | Peter Bookman | Mobility device platform |
US7925715B2 (en) * | 2005-03-14 | 2011-04-12 | Qualcomm Incorporated | Apparatus and methods for service programming of a wireless device on a wireless communications network |
US7706778B2 (en) * | 2005-04-05 | 2010-04-27 | Assa Abloy Ab | System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone |
-
2004
- 2004-05-26 DE DE102004025734A patent/DE102004025734B4/de not_active Expired - Fee Related
-
2005
- 2005-05-23 WO PCT/EP2005/052344 patent/WO2005117480A1/de active Application Filing
- 2005-05-23 US US11/597,584 patent/US20080307531A1/en not_active Abandoned
- 2005-05-23 EP EP05749111A patent/EP1749413A1/de not_active Withdrawn
- 2005-05-23 CN CNA2005800171057A patent/CN1961598A/zh active Pending
Non-Patent Citations (1)
Title |
---|
See references of WO2005117480A1 * |
Also Published As
Publication number | Publication date |
---|---|
DE102004025734A1 (de) | 2005-12-22 |
CN1961598A (zh) | 2007-05-09 |
WO2005117480A1 (de) | 2005-12-08 |
DE102004025734B4 (de) | 2006-07-27 |
US20080307531A1 (en) | 2008-12-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE60124393T2 (de) | Verbindungen von zugangspunkten in drahtlosen telekommunikationssystemen | |
EP1566069B1 (de) | Testsystem zur prüfung von übertragungsvorgängen innerhalb eines mobilfunknetzes sowie verfahren zur authentisierung eines mobiltelefons unter verwendung eines derartigen testsystems | |
EP1935198B1 (de) | Freischaltung von hardware in einem managementsystem | |
DE102005021849A1 (de) | Embedded-Kommunikationsendgerät | |
EP2548358B1 (de) | Verfahren zur dynamischen autorisierung eines mobilen kommunikationsgerätes | |
WO2017001295A1 (de) | System und verfahren zum datenaustausch mit einem laser oder einer werkzeugmaschine | |
EP3772795A1 (de) | Registrieren eines geräts bei einer recheneinrichtung | |
WO2019243054A1 (de) | Einrichtung einer zugangsberechtigung zu einem teilnetzwerk eines mobilfunknetzes | |
EP1554903B1 (de) | Nachrichtenübertragungssystem und verfahren zur nutzung von sim-karten über fernzugriff für kostengünstige verbindungen zwischen fest- und mobilfunknetzen | |
EP1749413A1 (de) | Verfahren zur optimierung von rekonfigurationsprozessen in einem mobilfunknetzwerk mit rekonfigurierbaren endgeräten | |
WO2005104055A2 (de) | Verfahren und system zur fernüberwachung, fernsteuerung und/oder ferndiagnose eines gerätes | |
EP1496664A2 (de) | Vorrichtung und Verfahren sowie Sicherheitsmodul zur Sicherung eines Datenzugriffs eines Kommunikationsteilnehmers auf mindestens eine Automatisierungskomponente eines Automatisierungssystems | |
EP1302052A2 (de) | Verfahren zur bereitstellung eines programmoduls in einem kommunikationssystem | |
EP1730981B1 (de) | Verfahren zur fehlererkennung und zur unterstützung von rekonfigurationsentscheidungen in mobilfunknetzwerken mit rekonfigurierbaren endgeräten sowie entsprechende netzwerkelemente und komponenten | |
DE102010032798A1 (de) | Verfahren zur Einrichtung einer speicherprogrammierbaren Steuerung | |
EP3609211B1 (de) | Computerimplementiertes verfahren und netzwerkzugangsserver zum verbinden einer netzwerkkomponente mit einem netzwerk, insbesondere einem mobilfunknetz, mit einem erweiterten netzwerkzugangskennzeichen | |
EP1761085A1 (de) | Verfahren zum Rekonfigurieren einer Kommunikationseinrichtung eines Kommunikationssystems | |
EP3873052B1 (de) | Onboarding eines geräts in einem mandantenfähigen virtuellen netz eines industrienetzwerks | |
EP2165459B1 (de) | Vorrichtung und verfahren zur verarbeitung von datenströmen | |
WO2021115629A1 (de) | Personalisierung eines sicheren identifikationselements | |
WO2000072544A2 (de) | Verfahren zur gesicherten übermittlung von geschützten daten | |
WO2015124317A1 (de) | Verfahren zum entfernten verwalten eines auf einem sicherheitselement gespeicherten datenelements | |
WO2006040222A2 (de) | Verfahren und vorrichtung für eingebettete systeme, insbesondere rekonfigurierbare mobilfunkendgeräte, mit ladbaren softwaremodulen | |
DE102018008721A1 (de) | Anbindung eines Endgeräts an einen Datendienst | |
DE20218416U1 (de) | Testsystem zur Prüfung von Übertragungsvorgängen innerhalb eines Mobilfunknetzes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20061027 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU MC NL PL PT RO SE SI SK TR |
|
DAX | Request for extension of the european patent (deleted) | ||
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: NOKIA SIEMENS NETWORKS GMBH & CO. KG |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: NOKIA SIEMENS NETWORKS S.P.A. |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: NOKIA SIEMENS NETWORKS GMBH & CO. KG |
|
17Q | First examination report despatched |
Effective date: 20100429 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20100910 |