KR20070020480A - Method for optimizing reconfiguration processes in a mobile radio network comprising reconfigurable terminals - Google Patents

Abstract

The present invention is essentially directed to access-protected memory regions in network elements localized in an operator's network, wherein the operator's network supports methods of reconfiguration and protected data transmission of SDR terminals, the protected data. The transmission methods preferably include methods for authenticating and authorizing communication partners and for communicating in a protected manner, in particular in a manner that protects integrity and confidentiality. Such access-protected data is provided by the terminal and transmitted to the Radio Access Network (RAN) within the framework of negotiations and temporarily stored in the Radio Access Network or generated within the RAN directly within the framework of processes related to the terminal. do. Another important embodiment of the present invention relates to the creation and management of access-protected memory regions by a network operator, which results in significantly reducing the load required on the air interface and also significantly reducing the network infrastructure with respect to signaling. do.

Description

METHOD FOR OPTIMIZING RECONFIGURATION PROCESSES IN A MOBILE RADIO NETWORK COMPRISING RECONFIGURABLE TERMINALS

The present invention relates to a method for optimizing reconfiguration processes in mobile wireless networks having terminals that can be reconfigured, wherein the technical equipment of the mobile wireless operator within the framework of the mobile wireless networks provides measurement data relating to the behavior of the mobile terminal. Obtaining and summarizing the acquired measurement data and making it available to third parties for evaluation, the reconfigurable terminals refer to the mobile wireless devices, in particular new wireless technologies not previously supported by the device. It is utilized by exchanging software constituting the transceiver of the terminal.

Next-generation mobile wireless networks will integrate multiple wireless technologies and, in each case, provide users with the option to select the most appropriate technology to use a particular application context. This requires a larger expenditure on mobile wireless terminal convenience, also referred to below as terminal, when compared to the prior art for a number of embedded wireless transceivers or performance. It is desirable to use a universally-reconfigurable transceiver to maintain power consumption, weight, size and manufacturing costs of terminals within reasonable limits, for which different radio technologies are implemented in software. Can be. The technology underlying this concept is called Software Defined Radio (SDR).

The features of an SDR terminal will not be fully standardized because manufacturers do not want to disclose specific know-how, and for an SDR terminal to work correctly, it is only necessary to adhere to the wireless standard as well as the communication protocol and not to know the internal characteristics. . However, for example, the energy consumption of certain wireless modes, the amount of time or software required for the reconfiguration required for the new mode to be loaded by the server into the terminal before the new mode can be reconfigured under certain circumstances. These types of characteristics, such as, may not be accessible to all partners that accompany the operation of the mobile wireless network as well as the application services provided. In particular, the investigation of this information by competing with manufacturers should be prevented. However, the particular parties involved are given a controlled access to the selected states and characteristics of the terminal.

Although data encryption can be used to ensure more secure communication between a person and a terminal associated with authorized access, this communication connection is made over the air interface and thus the bandwidth available for applications is reduced.

It is an object of the present invention to specify a method for optimizing reconfiguration processes in mobile wireless networks with terminals that can be reconfigured, to reduce the load on the air interface and also to reduce the load on the network infrastructure with respect to signaling. In a way, it is to specify a corresponding device which allows data concerning terminals which can be reconfigured to be available by the network operator or by the relevant device manufacturer.

The object is achieved by the features of claim 1 with respect to the method, by the features of claim 6 with respect to the apparatus and by the features of claim 9 with respect to the network element. Dependent claims relate to preferred embodiments.

The present invention specifically addresses access-protected memory areas on local network elements in the operator's network that support the reconfiguration of SDR terminals, as well as protected communications, as well as the protection of authentication and authorization of communication partners, especially integrity and confidentiality. It relates to methods for protected data transmission, which are preferably related to mechanisms for the same. This type of access-protected data may be generated from the terminal and sent to the Radio Access Network (RAN) as part of the negotiations and buffered in the RAN, or may be generated directly within the context of processes related to the terminal in the RAN. have. Another important aspect of the present invention is the creation and management of access-protected memory regions of the network. This advantageously induces a load reduction on the air interface and also a load reduction on the network infrastructure with respect to signaling.

The invention will be described in more detail below with reference to exemplary embodiments shown in the drawings. The drawings are as follows.

1 is a diagram of a first exemplary embodiment of the present invention, and

2 is a diagram of a second exemplary embodiment of the present invention.

1 is a diagram for explaining a first exemplary embodiment of the present invention, in which access-protected memory areas XA, YA, and ZA are located in a radio network controller RNCA, each access-protected memory area. (XB, YB, ZB) are located in the radio network controller (RNCB), and each access-protected memory areas (XC, YC, ZC) are located in the radio network controller (RNCC). The RNCA is connected to two terminals T1A and T2A, the network element RNCB is connected to three terminals T1B, T2B, and T3B, and the network element RNCC is connected to two terminals T1C and T2C. do. The network elements RNCA, RNCB, RNCC can be connected or connected to an additional network element in a shape known as a reconfiguration service gateway (RSG), the additional network element characterized by an access control device (AC) and a terminal Or may be connected to manufacturers (X, Y) and / or service providers (Z).

Access-protected memory regions for the authorized access parts (X, Y, Z) are also set up in each case in the RNCs in the Radio Access Network (RAN). Each RNC locally stores data about terminals registered to it. Access control (AC) is responsible for the registration of the sides with authorized access and also for the receipt of access requests and for executing the required authentication methods, and if the authentication methods are successful, the data encryption and access to the sides with authorized access. Forward access requests to the RNCs responsible for the data transmission.

The first embodiment of the present invention provides particularly excellent scalability since the access-protected memory areas are set up in a distributed manner, and the number of units that can accumulate access-protected memory areas when the mobile wireless network is expanded is increased. It grows along the expansion.

FIG. 2 is a diagram for describing a second exemplary embodiment of the present invention, in which the exemplary embodiment illustrates access-protected memory areas XZ, YZ, for the authorized access sides X, Y, Z. ZZ) is essentially distinguished from the first exemplary embodiment by being centrally set on the RSG or AC (not shown) of the known core network of the mobile wireless network. Each of the network elements RNCA, RNCB, RNCC includes a data collector DCA, DCB, DCC and transmits data generated by the data collectors or data from the terminal to the access control device AC. Compared with the first exemplary embodiment, the access control device (AC) is not only responsible for registration of authorized access sides and reception of access requests, but also for encryption and data transmission of authorized access sides to a server. . This embodiment of the present invention is based on the centralized storage of data that places all authorized access side storage areas on the AC. When a mobile wireless network is expanded, the access control (AC) must therefore be enlarged to handle larger volumes of increasing data.

Much of the data of interest is generated within a Radio Access Network (RAN) rather than stored in a terminal, an example of which is the quality of a radio bearer or of vertical handovers between two radio technologies. Measurement data obtained by measuring the quality of a temporal sequence. In addition, the data of the terminal generated in the terminal may be needed in some cases maybe in the RAN.

Implementing the controlled access required for data descriptive boundaries on the network unit, in particular, grants direct access to the data stored in the network unit to authorized access sides but denies access to unlicensed sides, in particular. Required.

Scenarios that usefully depict protected access to data stored within an operator's network include:

A) Read access by the terminal manufacturer : The data generated within the framework for monitoring the operation of the terminal during the reconfiguration processes is made available to the terminal's manufacturer for analysis and optimizations. The data that was provided by the terminal can only be read by the network operator with constraints.

B) Record access by the terminal manufacturer : The terminal profiles describing the current configuration and also the reconfiguration options of the terminals are updated to the latest version, for example after a firmware update, for one or more identically designed terminals. The network operator is given access to certain portions of the terminal profile for handover decisions.

C) Write access by terminal manufacturer : New firmware or reconfiguration software is loaded on the terminal to replace defective software or to enable new features, for example to support new radio access technologies. The software is authenticated so that operations by third parties that jeopardize the functionality of the terminal can be detected. The terminal rejects software that is not correctly authenticated. The authentication can be technically implemented by digital signature or by cryptographically-protected checksum. In addition, the software may optionally be encrypted to prevent third parties from being aware of the encryption.

D) Read access by the service provider : The data generated within the framework for monitoring the operation of the application services is made available to the service provider for analysis and optimizations. Data provided by an application running on the terminal can only be read by a network operator with constraints.

E) Record access by the service provider : Service profiles describing the reconfiguration options as well as the current configuration are updated for the service. The network operator is given access to certain portions of the service profile for handover decisions.

F) Write access by service provider : New application software is loaded into the terminal to replace defective software or to enable new features, for example to support new multimedia standards. The software is authenticated so that operations by third parties that jeopardize the functionality of the application can be detected. Software not properly certified is rejected. The authentication can be technically implemented by digital signature or by cryptographically-protected checksum. In addition, the software may optionally be encrypted to prevent third parties from being aware of the encryption.

An important point of the present invention is in the use of access-protected memory regions on localized network elements within the operator's network supporting reconfiguration of SDR terminals and methods for protected data transmission. The methods include methods for authentication and authorization check or for authorization of communication partners and for protection of protected communication, in particular integrity and confidentiality. This type of access-protected data may be generated from the terminal and sent to the Radio Access Network (RAN) as part of the negotiations and buffered in the RAN, or may be generated directly within the context of processes related to the terminal in the RAN. have.

The memory regions are physically different, ie the assigned address ranges are different or logically different. In particular, it is possible for multiple logical memory regions or portions thereof to be mapped to the same physical memory region. That is, in this case the logical memory region represents a particular view of one or more physical memory regions.

Another aspect of the invention is the creation and management of access-protected memory regions by a network operator. The network operator creates one of the access-protected memory regions for each authorized access side. Authorized access sides are allocated to each memory area. Any authorized access side is assigned to the required security parameters for the protected data transfer method in use. Certificates are particularly required for the protection of data communications as well as for authorization of the authorized access side. The data that the generated and authorized access side wishes to retrieve is always generated from specific data sources, for example services of terminals or applications, or at least related to services of the terminals or applications, and access-protected memory. Additional authentication features are required to allow the allocation of relevant sources for the realm. The feature is agreed upon between the network operator and the authorized access side and specified by each data source within the registration context within the RAN with an identification characteristic specific to the source. On the one hand the method enables the allocation of data sources for a particular authorized access side and thus the allocation of an access-protected memory area of the authorized access side, and on the other hand the storage of data separately for each data source. Allow.

Access to protected memory areas is done in the following manner:

The authorized access side contacts the server of the network operator, for example, to cause the required authentication to be performed using the authentication features described above. After authentication is completed, the authorized access side transmits a request signal specifying the type of access required, i.e. which data is to be transmitted, the number of data transmissions, one time or periodic transmission. Then, in response to the request signal, the network operator sends the encrypted data to the server of the authorized access side. In a similar manner, the authorized access side can optionally also write data to the access-protected memory which is included by the network operator for reconfiguration or delivered to the terminal if necessary, for example software is downloaded.

Compared with methods for allowing data to be transmitted from the terminal to the server over the air interface, the main advantage of the described invention is to reduce the load on the air interface. This is particularly relevant to data generated by measurements in the RAN. The data, which is also generated in large volumes within the framework of the conventional method, must initially be delivered to the terminal via the air interface in order to be subsequently transmitted to the server via the air interface. This redundancy of the load on the air interface is not caused by the method described within the framework of the present invention.

Another advantage is that the data to be transmitted is encrypted within the network and the terminal is thus out of the task. Data that allows conclusions about internal characteristics of the terminal to be drawn is particularly sensitive and therefore will not be transmitted unencrypted in the network to prevent unauthorized access to the data. The group of data includes measurement data, for example, but does not include terminal profiles that describe the characteristics of the terminal hardware.

Access-protected memory regions may allow write access as well as read access. This makes it possible to load data from the server into the radio access network. In this case, updates may be accompanied by profiles or software so that the data can be loaded into the terminal at the appropriate (under some circumstances later). Storage in access-protected memory regions in the RAN allows decoupling of data transmissions in the network from transmissions over the air interface. The latter mechanism and time may be appropriately selected by the network operator depending on the efficiency of the RAN or terminal. In addition, the network operator can also access the stored information itself and use the information to optimize the reconstruction processors.

By combining data generated from many different data sources within one memory area assigned to authorized access sides, and also transmitting the selected cross section within the context of one or more of the data or the request from the server side. It is possible to request. On the one hand, a method based on conventional mechanisms can be used. Many separate conversations between the server and different terminals are required. Thus, the described invention also results in a significant reduction in the network infrastructure load for signaling as well.

Claims (9)

A method for optimizing reconfiguration processes in mobile wireless networks having terminals that can be reconfigured, One or more protected memory areas XA, YA, ZA, ... XZ, YZ, ZZ are provided in one or more network elements (RNCA, RNCB, RNCC, RSG) of the mobile wireless network, Terminal-related data is stored in the one or more protected memory areas XA, YA, ZA, ... XZ, YZ, ZZ, and The one or more protected memory areas (XA, YA, ZA, ... XZ, YZ, ZZ) are accessed to be written and / or read only by authorized terminal manufacturers and / or service providers (X, Y, Z). Can be, Optimization method. The method of claim 1, In each case data from the terminals is delivered in a protected state to the network within the negotiation framework or is generated in the network directly in each case as part of the processes associated with the terminals, Optimization method. The method according to claim 1 or 2, Access to the protected memory area allows the authorized terminal manufacturer and / or service provider to contact the network elements (RNCA, RNCB, RNCC, RSG) to perform authentication (X, Y, Z) respectively. , After the authentication is completed, the authorized terminal manufacturer and / or service provider (X, Y, Z) transmits a request signal specifying the type of access desired, and The network elements (RNCA, RNCB, RNCC, RSG) sending the data according to the request signal to the authorized terminal manufacturer and / or service provider (X, Y, Z), Optimization method. The method of claim 3, wherein The request signal specifies information about the data to be transmitted, data transmission frequency, whether one or periodic transmissions are performed, Optimization method. The method according to any one of claims 1 to 4, The at least one access-protected memory area (XA, YA) is used by the authorized terminal manufacturer and / or service provider (X, Y, Z) respectively for the reconfiguration of the terminal or to be transmitted to the terminal. , Recorded in ZA, ... XZ, YZ, ZZ), Optimization method. An apparatus for optimizing reconfiguration processes in a mobile wireless network having terminals that can be reconfigured, One or more network elements (RNCA, RNCB, RNCC, RSG) characterized by one or more protected memory areas (XA, YA, ZA, ... XZ, YZ, ZZ) for storing terminal-related data, and Recording and / or recording of said one or more protected memory areas XA, YA, ZA, ... XZ, YZ, ZZ for each of the authorized terminal manufacturers and / or service providers (X, Y, Z) Or an access control (AC) device for controlling read access, Optimization device. The method of claim 6, The access control (AC) device is further equipped for the encryption and transmission of the data for each of the authorized terminal manufacturer and / or service provider (X, Y, Z), Optimization device. The method according to claim 6 or 7, The one or more protected memory areas XA, YA, ZA, ... XZ, YZ, ZZ and the access control (AC) device are on the same network element or different elements (RNCA, RNCB, RNCC, RSG). Implemented, Optimization device. A network element (RSG) of a mobile wireless network having terminals that can be reconfigured, One or more protected memory areas (XA, YA, ZA, ... XZ, YZ, ZZ) for storing terminal-related data, and Recording and / or recording of said one or more protected memory areas (XA, YA, ZA, ... XZ, YZ, ZZ) for each of authorized terminal manufacturers and / or service providers (X, Y, Z) Or an access control (AC) device for controlling read access, Network element.

Images