KR20120125091A - Device, Gateway, Data Transferring Method of Device and Gateway, and Network Application Server - Google Patents

Abstract

PURPOSE: A data transferring method between a device/gateway and a network application server is provided to transmit data to an application server or an M2M(Machine to Machine communication) platform using a device service capability module. CONSTITUTION: An NA(Network Application)(110) transmits a data request signal to an NGC(Network Generic Communication Capability)(122) in an NSC(M2M Service Capabilities)(S401). The NGC transfers the data request signal through a core network and an access network to a GGC(Gateway Generic Communication Capability)(162) of GSC (Gateway Service Capabilities) or a DGC(Device Generic Communication Capability)(192) of another DGC(S402). The GGC or the DGC requests application data to a GA(Gateway Application)(165) or a DA(Device Application)(195)(S403). Application data corresponding to the GA or the DA is transmitted to the GGC or the DGC(S404). The data is directly transmitted from the GGC or the DGC to the NA(S406). A notice informing direct transmission is transmitted from the GGC or the DGC to the NGC(S407). The NA transmits a response to the GA, the DA, GSCL or DSCL(S409). [Reference numerals] (S401,S402,S403) Data request; (S404,S406) Data; (S405) Data attribute check; (S407,S408) Data transmission acknowledgement; (S409) Receiving acknowledgement response

Description

Device, gateway, data transfer method of device and gateway, and network application server

The present invention relates to a method of transmitting data in M2M communication.

Object communication is variously called M2M (Machine to Machine communication), MTC (Machine Type Communication), IoT (Internet of Things), Smart Device Communication (SDC), or Machine Oriented Communication . Object communication refers to various communication in which communication is performed without a person intervening in the communication process. Object communication can be used in various fields including Smart Meter, e-Health, Connected Consumer, City Automation, and Automotive Application. Data transmitted in such a thing communication may include data related to the privacy of the individual.

An object of the present invention is to provide a method for managing data related to privacy in a thing communication and an apparatus to which the method is applied.

In order to achieve the above object, an embodiment of the present invention, the device application module; And a device service capability module providing a function shared by an application of the device application module, wherein the device service capability module transmits the data to an application server when an attribute of the data of the application relates to privacy. And transmitting the data to the M2M platform if it is not related to privacy.

Another embodiment of the present invention, a device application module; And a device service capability module that provides a function shared by an application of the device application module, wherein the device service capability module is configured to store data that encrypts the data when an attribute of the data of the application relates to privacy. And transmitting the data to the M2M platform if it is not related to privacy.

Another embodiment of the present invention, a gateway application module; And a gateway service capability module that provides a function shared by an application of the gateway application module, and which can communicate with an M2M device, wherein the gateway service capability module includes an attribute related to privacy of an application data. When the data is transmitted to the application server, and if not related to privacy, the data gateway to the M2M platform.

Another embodiment of the present invention, a gateway application module; And a gateway service capability module that provides a function shared by an application of the gateway application module, and which can communicate with an M2M device, wherein the gateway service capability module includes an attribute related to privacy of an application data. If the data is encrypted, the data is transmitted to the M2M platform, and if not related to privacy, the gateway is characterized by transmitting the data to the M2M platform.

Another embodiment of the invention, the step of identifying the attributes of the data of the application; Transmitting the data to an application server if the attribute of the data relates to privacy; And transmitting the data to the M2M platform when the attribute of the data is not related to privacy.

Another embodiment of the invention, the step of identifying the attributes of the data of the application; Transmitting data encrypted with the data to an M2M platform if the attribute of the data is related to privacy; And transmitting the data to the M2M platform when the attribute of the data is not related to privacy.

Another embodiment of the present invention is an M2M platform that communicates with a device or gateway and an application server and provides a function shared by an application of the application server, wherein the attribute of data transmitted and stored from the device or gateway is stored in privacy. In the related case, M2M platform is provided, wherein the data is deleted after the data is transmitted to the application server.

In addition, another embodiment of the present invention, storing the data transmitted from the device or gateway; Transmitting the data to an application server; Confirming an attribute of the data; And deleting the data when the attribute of the data is related to privacy.

According to the present invention described above, the data related to privacy in the thing communication can pass through the M2M platform or after encrypted. Thus, the service provider can satisfy the user's needs with respect to privacy.

1 is a diagram illustrating an example of a structure of an M2M system to which embodiments of the present invention can be applied;
2 is a flowchart illustrating a process of acquiring application data in the system of FIG. 1;
3 is a diagram illustrating an example of a structure of a resource to which embodiments of the present invention can be applied;
4 is a flowchart illustrating a process of acquiring application data in the first embodiment of the present invention;
5 is a flowchart illustrating a process of acquiring application data in a second embodiment of the present invention;
6 is a flowchart illustrating a process of acquiring application data in the third embodiment of the present invention;
7 is a flowchart illustrating a method in which a GGC or a DGC transmits data in a fourth embodiment of the present invention, and
8 is a flowchart illustrating a method in which GGC or DGC transmits data in a fifth embodiment of the present invention.

Hereinafter, some embodiments of the present invention will be described in detail with reference to exemplary drawings. In adding reference numerals to the components of each drawing, it should be noted that the same reference numerals are assigned to the same components as much as possible even though they are shown in different drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

Embodiments of the present invention will be described with reference to object communication. Object communication is variously called M2M (Machine to Machine communication), MTC (Machine Type Communication), IoT (Internet of Things), Smart Device Communication (SDC), or Machine Oriented Communication . Object communication refers to various communication in which communication is performed without a person intervening in the communication process. Object communication can be used in various fields including Smart Meter, e-Health, Connected Consumer, City Automation, and Automotive Application.

1 illustrates a structure of an M2M system to which embodiments of the present invention can be applied.

Referring to FIG. 1, the entire M2M system 100 includes a network application (hereinafter referred to as "NA") 110, M2M service capabilities (hereinafter referred to as "NSC") 120 ( Or M2M platform), Core Network (130), Access Network (140), M2M Gateway (M2M Gateway) 160, Local Network (170) and M2M Device (M2M Device) 180, 190 may be included.

NA 110 is an application server. The NA 110 may provide a user interface.

The NSC 120, or M2M platform, is a server that provides M2M functionality shared by various applications. NSC 120 may be operated by NA 110 and other operators.

The NSC 120 is referred to as a Network Service Capability Layer (NSCL) including a Service Capability (hereinafter referred to as "SC") that provides a function shared by various applications. 121). The NSCL 121 may have various SCs 122 to 127 that may provide different functions.

Of these, the Network Generic Communication Capability (NGC) 122 transmits messages between the M2M gateway 160, the M2M device 190, and other SCs (SC1 123 to SC 127) in the NSCL 121. Can be used for NGC 122 may establish a secure tunnel session to exchange data with all SCs. The NGC 122 may perform a function of analyzing the traffic transmitted as needed.

The NGC 122 may transmit and receive data related to the application. In addition, NGC 122 may receive data related to Performance Management (PM), Configuration Management (CM), and Fault Management (FM) from GGC 162 or DGC 192. Can be.

The NSC 120 may be connected to the core network 130 through the NGC 122. The core network 130 may provide a connection means including a minimum Internet Protocol (IP) connection.

Meanwhile, in FIG. 1, the NA 110 may be directly connected to the core network 130 without passing through the NSC 120.

The access network 140 is a network that allows the M2M gateway 170 and the M2M device 190 to communicate with the core network 130. The access network 140 may be, for example, a digital subscriber line (xDSL), a hybrid fiber coaxial (HFC), a power line communication (PLC), a satellite, a GSM EDGE Radio Access Network (GERAN), or a UMTS Terrestrial Radio Access Network (UTRAN). , evolved UMTS Terrestrial Radio Access Network (eUTRAN), Wireless Local Area Network (W-LAN), Worldwide Interoperability for Microwave Access (WiMAX), and the like.

The M2M device may be connected to the direct access network 140 or through the M2M gateway.

The M2M device 180 may be connected to the access network 140 through the M2M gateway 160. The M2M device 180 may be connected to the M2M gateway 160 using an M2M area network 170.

The M2M gateway 160 may act as a proxy of the M2M network on behalf of the connected M2M device 180. The M2M gateway 160 may perform a process such as authentication, approval, registration, management, and provision in terms of the connected M2M device 180.

The M2M gateway 160 may include a gateway service capability module (hereinafter referred to as "GSC") 161 and a gateway application module (hereinafter referred to as "GA") 165. . GSC 161 provides functionality shared by applications running on GA 165.

The GSC 161 may include an SC that provides functionality shared by the gateway application. The SC may include a Gateway Generic Communication Capability (GGC) 162 that forwards the message from the NGC 122 to other SC 163 in the GSC 161 and vice versa. GGC 162 may establish a secure tunnel session to exchange data with other gateway service capability layers.

The GGC 162 may transmit and receive data related to an application. GGC 162 may also send data related to performance management, configuration management, and failure management to NGC 122.

The local network 170 connecting the M2M gateway 160 and the M2M device 180 is, for example, the Institute of Institutes (IEEE). Electrical and Electronics Engineers ) Personal Area Networks (PANs) such as 802.15.x, Zigbee, Internet Engineering Task Force (IETF) Routing Over Low Power and Lossy networks (ROLL), International Society of Automation (ISA) 100.11a, or PLC ( It may be a local area network (LAN) such as Power Line Communication, M-BUS (Meter-BUS), Wireless M-BUS, KNX, or the like.

The M2M device 190 may be directly connected to the access network 140. The M2M device 190 may perform a process such as authentication, approval, registration, management, and provision. The M2M device 190 may include a device service capability module (hereinafter referred to as "DSC") 191 and a device application module (hereinafter referred to as "DA") 195. . The DSC 191 provides functionality shared by applications running on the DA 195.

The DSC 191 may include an SC that provides functionality shared by the device application. The SC may include a Device Generic Communication Capability (DGC) 192 that forwards the message from the NGC 122 to another SC 193 in the DSC 191 or vice versa. The DGC 192 may establish a secure tunnel session to exchange data with other device service capability layers.

The DGC 192 may transmit and receive data related to an application. In addition, the DGC 192 may transmit data related to performance management, configuration management, and fault management to the NGC 122.

The above-mentioned NA 110, GA 165, DA 195, and M2M Service Capability Layer (hereinafter referred to as “SCL”) in the NSC 120, GSC 161, and DSC 191. RESTful format can be applied as a principle for exchanging information between RESTful form means following the principles of Representational State Transfer (REST).

An important concept of REST is the existence of resources, each represented by an identifier. To handle these resources, the components of the network (eg, NA 110, GA 165, DA 195, and NSC 120, GSC 161 in the system 100 of FIG. 1). The SCL in DSC 191 may communicate over a standardized interface and exchange representations of these resources. Such a resource may have a tree structure.

When dealing with resources in a RESTful structure, the following four basic methods can be applied to resources.

Create (C): Creates a child resource.

Retrieve (R): Read the contents of a resource.

Update (U): Write the contents of a resource.

Delete (D): Delete a resource.

This method may be called a CRUD method. In addition to this CRUD method, a request (S) for resource exchange, a notification (N) for resource exchange, and an execution (E) of a management command / task represented by the resource may be defined.

2 is a flowchart illustrating a process of obtaining application data in the illustrated system of FIG.

The NA 110 may attempt to obtain application data of the GA 165 or the DA 195 at a time by a predetermined rule. Alternatively, the NA 110 may attempt to acquire application data of the GA 165 or the DA 195 by a command of a user accessed through the user interface of the NA 110.

The NA 110 may transmit a data request signal to the NSC 120, and the data request signal may be transmitted to the NGC 122 in the NSC 120 (S201). The NGC 122 transmits a data request signal, which may be transmitted to the GGC 162 of the GSC 161 or the DGC 192 of the DGC 191 through the core network 130 and the access network 140 ( Step S202).

In addition, the GGC 162 or the DGC 192 may request data of an application from the GA 165 or the DA 195 (step S203). In operation S203, the data request may be executed through a service capability layer (eg, Gateway Remote Entity Management (GREM) Capability or Device Remote Entity Management (DERM) Capability) of the GSC 161 or the DSC 191.

The GA 165 or the DA 195 receiving the data request may transmit the data of the corresponding application to the GGC 162 or the DGC 192 (step S204). In operation S204, data transmission may be performed through the service capability layer of the GSC 161 or the DSC 191.

Meanwhile, the application data to be acquired may be stored and managed by the GSC 161 or the DSC 191 in advance. In this case, steps S203 and S204 may be omitted, and the GGC 161 or the DGC 191 may acquire data from the service capability layer of the GSC 161 or the DSC 191.

The GGC 162 or the DGC 192 may transfer data to the NGC 122 through the access network 140 and the core network 130 (step S205). At this time, the data required for the NSC 120 to manage the gateway 160, the device 190, and the like, data related to performance management, configuration management, and failure management may also be used from the GGC 162 or the DGC 192 to the NGC 122. Can be delivered.

The application data received through the NGC 122 is exchanged with the corresponding NSCL 121 (step S206), and the corresponding NSCL 121 may store the application data (step S207). The NSCL 121, which stores the data, identifies the resource and, for example, identifies the "accessRights" attribute, which may indicate the right to access the application data, and identifies the NA 110 accessible to that application data. Can be identified.

The NSCL 121 may notify the corresponding NA 110 that data is stored (step S208). Upon receiving the notification, the NA 110 may read data stored in the NSCL 121 (step S209). The NA 110 having successfully obtained data may transmit a reception success response. The reception success response may be transmitted to the GA 165 or the DA 195 through the NGC 122, the GGC 162, the DGC 192, or the like (step S210).

In the above example, different application data requested by the plurality of NAs 110 are stored in the NSC 120, and the accessibility to each application data stored in the NSC 120 is determined by attributes in the resource.

Application data stored in the NSC 120 may be data relating to privacy. For example, in the system of FIG. 1, the M2M devices 180 and 190 may be data related to personal health information and location information. In this case, the NA 110 or a user accessing the NA 110 and using the service may have application data related to privacy accessible by a plurality of NAs 110 and may be operated by an operating entity different from the NAs 110. May not trust what is stored in the NSC 120.

3 shows an example of a structure of a resource that can be applied in an embodiment of the present invention.

Referring to FIG. 3, the <application> resource 300 has a tree structure. <application> 300 stores information about an application.

Below the <application> resource 300 may be a lower resource including an "attribute" 301, Containers 302, Groups 303, accessRights 304, Subscriptions 305, NotificationChannels 306. .

"attribute" 301 may indicate an attribute of <application> 300.

Containers 302 may be a parent resource of a <container> which is a general resource used for exchanging data between an application and / or M2M SCL.

Groups 303 may be a parent resource of a group resource used to define and access groups of other resources.

accessRights 304 may indicate an access permission.

Subscription 305 may be used to track active usage for higher resources.

NotificationChannel 306 may indicate a set of notification channels for use by registered applications.

Child of Containers 302 includes child "attribute" 311, <container> 312, <containerAnnc> 313, <location> 314, <locationAnnc> 315, Subscription 316 There may be resources.

"attribute" 311 may indicate an attribute of the <Containers> 302.

<container> 312 is a general resource used for exchanging data between applications and / or M2M SCLs.

<containerAnnc> 313 may indicate the activity of the container in another SCL. <containerAnnc> 313 may maintain a link to the original resource.

<location> 314 may indicate location information of an M2M entity (M2M gateway / device).

<locationAnnc> 315 may indicate activity content of a location in another SCL. <locationAnnc> 315 may maintain a link to the original resource.

Subscription 316 may be used to track active usage for higher resources.

Below the <container> 312 may be a lower resource including an "attribute" 321, contentInstances 322, Subscriptions (323).

"attribute" 321 may indicate an attribute of a <container> 312.

<contentInsances> 322 may represent an instance of content in container 312.

Embodiments of the present invention will be described below.

1st Example

In the "attribute" 301, the indicator (AttributeName) may include 'privacyData' for identifying whether there is data requiring privacy among data of the corresponding application. 'privacyData' may be one bit or one byte that may have values of "Yes" and "No" that indicate whether there is data requiring privacy.

4 is a flowchart illustrating a process of acquiring application data in this embodiment.

The NA 110 may attempt to obtain application data of the GA 165 or the DA 195 at a time by a predetermined rule. Alternatively, the NA 110 may attempt to acquire application data of the GA 165 or the DA 195 by a command of a user accessed through the user interface of the NA 110.

The NA 110 may transmit a data request signal to the NSC 120, and the data request signal may be transmitted to the NGC 122 in the NSC 120 (S401). The NGC 122 transmits a data request signal, which may be transmitted to the GGC 162 of the GSC 161 or the DGC 192 of the DGC 191 through the core network 130 and the access network 140 ( Step S402).

In addition, the GGC 162 or the DGC 192 may request data of an application from the GA 165 or the DA 195 (step S403). In step S403, the data request may be executed through the service capability layer of the GSC 161 or the DSC 191.

The GA 165 or the DA 195 receiving the data request may transmit the data of the corresponding application to the GGC 162 or the DGC 192 (step S404). In operation S404, data transmission may be performed through the service capability layer of the GSC 161 or the DSC 191.

Meanwhile, the application data to be acquired may be stored and managed by the GSC 161 or the DSC 191 in advance. In this case, steps S403 and S404 may be omitted, and the GGC 161 or the DGC 191 may acquire data from the service capability layer of the GSC 161 or the DSC 191.

The GGC 162 or the DGC 192 checks the attribute of 'privacyData' in the "attribute" 301 resource (step S405). If the attribute of 'privacyData' is set to that the data does not require privacy, then the data will be transmitted as shown in FIG.

If the attribute of 'privacyData' is set to require data to be privacy, the data is transmitted directly from the GGC 162 or the DGC 192 to the NA 110 without passing through the NSC 120 (step S406).

And, a report indicating that data was sent directly from the GGC 162 or DGC 192 to the NA 110 is sent from the GGC 162 or DGC 192 to the NGC 122 (step S407), which is an NSCL. It is delivered to 121 (step S408). Thus, NSC 120 can recognize that data has been sent to NA 110 without passing through it.

Or, if the NSC 120 knows that the application data is data requiring privacy and that the data will be sent directly from the GGC 162 or the DGC 192 to the NA 110, steps S407 and S408 are omitted, NSC 120 may not wait for a response from GGC 162 or DGC 192.

Upon receiving the data, the NA 110 may transmit a response indicating that the reception is successful to the GA 165, the DA 195, the GSCL, or the DSCL (step S409).

In this embodiment, data related to privacy is not transmitted or stored to the NSC 120. Therefore, no entity other than NA 110 can access the data related to privacy.

In the present embodiment, data related to the terminal management function is transferred to the NSC 120 and stored. Thus, the NSC 120 may continue to manage the terminal.

Second Example

In the "attribute" 301, the indicator (AttributeName) may include 'privacyData' for identifying whether there is data requiring privacy among data of the corresponding application. 'privacyData' may be one bit or one byte that may have values of "Yes" and "No" indicating whether there is data requiring privacy.

5 is a flowchart illustrating a process of obtaining application data in this embodiment.

The NA 110 may attempt to obtain application data of the GA 165 or the DA 195 at a time by a predetermined rule. Alternatively, the NA 110 may attempt to acquire application data of the GA 165 or the DA 195 by a command of a user accessed through the user interface of the NA 110.

The NA 110 may transmit a data request signal to the NSC 120, and the data request signal may be transmitted to the NGC 122 in the NSC 120 (S501). The NGC 122 transmits a data request signal, which may be transmitted to the GGC 162 of the GSC 161 or the DGC 192 of the DGC 191 through the core network 130 and the access network 140 ( Step S502).

In addition, the GGC 162 or the DGC 192 may request data of an application from the GA 165 or the DA 195 (step S503). In step S503, the data request may be executed through the service capability layer of the GSC 161 or the DSC 191.

The GA 165 or the DA 195 receiving the data request may transmit data of the corresponding application to the GGC 162 or the DGC 192 (step S504). In operation S504, data transmission may be performed through the service capability layer of the GSC 161 or the DSC 191.

Meanwhile, the application data to be acquired may be stored and managed by the GSC 161 or the DSC 191 in advance. In this case, steps S503 and S504 may be omitted, and the GGC 161 or the DGC 191 may acquire data from the service capability layer of the GSC 161 or the DSC 191.

The GGC 162 or the DGC 192 checks the attribute of 'privacyData' in the "attribute" 301 resource (step S505). If the attribute of 'privacyData' is set to that the data does not require privacy, then the data will be transmitted as shown in FIG.

If the attribute of 'privacyData' is set to require data to be privacy, the data is encrypted (step S506).

The encrypted data is transferred from the GGC 162 or the DGC 192 to the NGC 122 (step S507), which is passed to the NSCL 121 (step S508). The NSCL 121 stores the encrypted data (step S509).

The NSCL 121 may notify that the encrypted data is stored in the corresponding NA 110 (step S510). Upon receiving the notification, the NA 110 may read the encrypted data stored in the NSCL 121 (step S511). The NA 110 having successfully obtained data may transmit a reception success response. The reception success response may be transmitted to the GA 165, the DA 195, the GSCL, or the DSCL through the NGC 122, the GGC 162, the DGC 192, and the like (step S512).

In this embodiment, the data relating to privacy is encrypted, passed to the NSC 120 and stored. Therefore, no entity other than NA 110 can access the data related to privacy.

Third Example

In the "attribute" 301, the indicator (AttributeName) may include 'privacyData' for identifying whether there is data requiring privacy among data of the corresponding application. 'privacyData' may be one bit or one byte that may have values of "Yes" and "No" indicating whether there is data requiring privacy.

6 is a flowchart illustrating a process of acquiring application data in this embodiment.

The NA 110 may attempt to obtain application data of the GA 165 or the DA 195 at a time by a predetermined rule. Alternatively, the NA 110 may attempt to acquire application data of the GA 165 or the DA 195 by a command of a user accessed through the user interface of the NA 110.

The NA 110 may transmit a data request signal to the NSC 120, and the data request signal may be transmitted to the NGC 122 in the NSC 120 (S601). The NGC 122 transmits a data request signal, which may be transmitted to the GGC 162 of the GSC 161 or the DGC 192 of the DGC 191 through the core network 130 and the access network 140 ( Step S602).

In addition, the GGC 162 or the DGC 192 may request data of an application from the GA 165 or the DA 195 (step S603). In step S503, the data request may be executed through the service capability layer of the GSC 161 or the DSC 191.

The GA 165 or the DA 195 receiving the data request may transmit the data of the corresponding application to the GGC 162 or the DGC 192 (step S604). In operation S504, data transmission may be performed through the service capability layer of the GSC 161 or the DSC 191.

Meanwhile, the application data to be acquired may be stored and managed by the GSC 161 or the DSC 191 in advance. In this case, steps S603 and S604 may be omitted, and the GGC 161 or the DGC 191 may acquire data from the service capability layer of the GSC 161 or the DSC 191.

The GGC 162 or the DGC 192 may transfer data to the NGC 122 through the access network 140 and the core network 130 (step S605). In this case, the data may be plain text data or cipher text data in which the plain text data is encrypted.

The application data received through the NGC 122 is exchanged with the corresponding NSCL 121 (step S606), and the corresponding NSCL 121 may store the application data (step S607).

The NSCL 121 may notify the corresponding NA 110 that the data is stored (step S608). Upon receiving the notification, the NA 110 may read data stored in the NSCL 121 (step S609).

At this time, the NSCL 121 checks the attribute of 'privacyData' in the "attribute" 301 resource (S610). If the attribute of 'privacyData' is set to that the data does not require privacy, the data stored in NSCL 121 may be maintained.

If the attribute of 'privacyData' is set to require the data to be privacy, the NSCL 121 deletes the stored data (step S611). In this case, information confirming that data is deleted may be transmitted to the NA 110.

The NA 110 having successfully obtained data may transmit a reception success response. The reception success response may be transmitted to the GA 165, the DA 195, the GSCL, or the DSCL through the NGC 122, the GGC 162, the DGC 192, and the like (step S612).

In this embodiment, the data related to privacy is transferred to and stored in the NSC 120, but since the data stored in the NSC 120 is deleted after the data related to privacy is transferred to the NA 110, not the NA 110. No other entity can access the data related to privacy.

Fourth Example

In the "attribute" 301, the indicator (AttributeName) may include 'privacyData' for identifying whether there is data requiring privacy among data of the corresponding application. 'privacyData' may be one bit or one byte that may have values of "Yes" and "No" indicating whether there is data requiring privacy.

In addition, in "attribute" 321, the indicator (AttributeName) may include a 'privacyDataType' that defines the privacy type or transmission type of the data of the corresponding <container> 312 resource.

7 is a flowchart illustrating a method of transmitting data by the GGC 162 or the DGC 192 when 'privacyData' has a value of 'Yes' or 'No'.

Referring to FIG. 7, the GGC 162 or the DGC 192 checks the value of 'privacyData' in the 'attribute' 301 (step S701).

When 'privacyData' is 'No', the data does not require privacy, and the GGC 162 or the DGC 192 transmits the data to the NGC 122 and the NSCL 121 as shown in FIG. 2. It may be delivered to the NA (110) (step S702).

If 'privacyData' is 'Yes', the data requires privacy.

In this case, some of the application data may require privacy and some may not require privacy. For example, the M2M device is a terminal for measuring data from the body for e-Health, medical data of the individual measured by the terminal is treated as relating to privacy, and data indicating the state of the terminal (for example, the terminal Battery level, etc.) may be treated as not being related to privacy.

Alternatively, the data transmission scheme required by each part of the application data requiring privacy may be different. For example, some data may be sent directly to NA 110, and some data may be encrypted and sent to NGC 122.

If 'privacyData' is 'Yes', the GGC 162 or the DGC 192 may check the 'privacyDataType' in the 'attribute' 321 of the resource <container> 312 (step S703).

For example, 'privacyDataType' may be 1 byte that may have values of 'NONE_PRIVACY', 'SEND_DIRECT_TO_NA', 'SEND_ENCRYPTED_TO_NSCL', and 'SEND_TO_NSCL_READ_AND_DELETE'.

When 'privacyDataType' is 'NONE_PRIVACY', the corresponding data is data that does not require privacy. As shown in FIG. 2, the GGC 162 or the DGC 192 stores the corresponding data as NGC 122. ), And may be delivered to the NA 110 through the NSCL 121.

When 'privacyDataType' is 'SEND_DIRECT_TO_NA', the corresponding data is data requiring privacy, and the GGC 162 or the DGC 192, as described in the first embodiment with reference to FIG. The data may be directly transmitted to the NA 110 without passing through the NGC 122 and the NSCL 121.

When 'privacyDataType' is 'SEND_ENCRYPTED_TO_NSCL', the corresponding data is data requiring privacy, and the GGC 162 or the DGC 192 is applicable as described in the second embodiment with reference to FIG. 5. The data may be encrypted and transmitted to the NA 110 through the NGC 122 and the NSCL 121.

When 'privacyDataType' is 'SEND_TO_NSCL_READ_AND_DELETE', the corresponding data is data requiring privacy, and the GGC 162 or the DGC 192 is applicable as described in the third embodiment with reference to FIG. 6. To the NA 110 through the NGC 122 and NSCL 121, and the NSCL 121 confirms that 'privacyData' is 'Yes' and 'privacyDataType' is 'SEND_TO_NSCL_READ_AND_DELETE'. The stored data may be deleted after being transmitted to 110.

As described above, the GGC 162 or the DGC 192 may transmit a portion of the corresponding data in a manner defined by 'privacyDataType' (step S704).

The above-mentioned values of 'privacyData' and 'privacyDataType' are only examples, and values according to various methods for providing privacy may be applied. For example, if the data is encrypted and transmitted directly to the NA 110, the data is encrypted and transmitted to the NSCL 121, and the encrypted data stored in the NSCL 121 after the encrypted data is transferred to the NA 110. A value specifying the case of deleting a may be defined.

In this embodiment, when 'privacyData' is 'Yes', the value of 'privacyDataType' is independently set for each part of the application data, and each part of the application data is transmitted in a method based on the value of 'privacyDataType'. .

5th Example

In the "attribute" 301, the indicator (AttributeName) may include 'privacyData' that distinguishes whether there is data requesting privacy among data of the corresponding application and whether all or part of data requesting privacy is all or part. For example, 'privacyData' may include values of 'ALL', 'NONE', and 'PARTIALL'.

8 is a flowchart illustrating a method of transmitting data by the GGC 162 or the DGC 192 when 'privacyData' has one of 'ALL', 'NONE' and 'PARTIALL' values.

Referring to FIG. 6, the GGC 162 or the DGC 192 checks the value of 'privacyData' (step S801).

When 'privacyData' is 'ALL', all data is data requiring privacy, and all data may be transmitted according to a preset method (step S802). For example, the GGC 162 or DGC 192, as described in the first embodiment with reference to FIG. 4, sends data directly to the NA 110 without passing through the NGC 122, NSCL 121. Forward, or as described in the second embodiment with reference to FIG. 5, encrypt the data and forward it to the NA 110 via the NGC 122, NSCL 121, or the third with reference to FIG. 6. As described in the embodiment, the corresponding data is transmitted to the NA 110 through the NGC 122 and the NSCL 121, and the NSCL 121 confirms that the 'privacyData' is 'ALL' so that the data is NA ( The stored data may be deleted after being transmitted to 110.

When 'privacyData' is 'NONE', all data is data that does not require privacy, and the GGC 162 or DGC 192 transfers the data to the NGC 122 and NSCL as shown in FIG. 2. It may be delivered to the NA 110 through 121 (step S803).

When 'privacyData' is 'PARTIALL', a part of data is data that requires privacy and a part is data that does not require privacy.

If 'privacyData' is 'PARTIALL', the GGC 162 or the DGC 192 may check the 'privacyDataType' in the 'attribute' 321 of the <container> 312 resource (step S804).

For example, the 'privacyDataType' may be 1 byte that may have values of 'NONE_PRIVACY', 'SEND_DIRECT_TO_NA', 'SEND_ENCRYPTED_TO_NSCL', and 'SEND_TO_NSCL_READ_AND_DELETE'.

When 'privacyDataType' is 'NONE_PRIVACY', the corresponding data is data that does not require privacy. As shown in FIG. 2, the GGC 162 or the DGC 192 stores the corresponding data as NGC 122. ), And may be delivered to the NA 110 through the NSCL 121.

When 'privacyDataType' is 'SEND_DIRECT_TO_NA', the corresponding data is data requiring privacy, and the GGC 162 or the DGC 192, as described in the first embodiment with reference to FIG. The data may be directly transmitted to the NA 110 without passing through the NGC 122 and the NSCL 121.

When 'privacyDataType' is 'SEND_ENCRYPTED_TO_NSCL', the corresponding data is data requiring privacy, and the GGC 162 or the DGC 192 is applicable as described in the second embodiment with reference to FIG. 5. The data may be encrypted and transmitted to the NA 110 through the NGC 122 and the NSCL 121.

When 'privacyDataType' is 'SEND_TO_NSCL_READ_AND_DELETE', the corresponding data is data requiring privacy, and the GGC 162 or the DGC 192 is applicable as described in the third embodiment with reference to FIG. 6. To the NA 110 through the NGC 122 and NSCL 121, and the NSCL 121 confirms that 'privacyData' is 'Yes' and 'privacyDataType' is 'SEND_TO_NSCL_READ_AND_DELETE'. The stored data may be deleted after being transmitted to 110.

As described above, the GGC 162 or the DGC 192 may transmit a portion of the corresponding data in a manner defined by 'privacyDataType' (step S805).

In this embodiment, when 'privacyData' is 'ALL', all of the application data is transmitted in a preset method, and when 'privacyData' is 'PARTIAL', the value of 'privacyDataType' is different for each part of the application data. It is set independently and each piece of application data is transmitted in a way based on the value of 'privacyDataType'.

In the case of the fourth embodiment described above, when the application data is related to privacy, 'privacyDataType' is checked in the "attribute" 312 for all parts of the data, but in the present embodiment, when all of the application data is related to privacy Does not check the 'privacyDataType' in the "attribute" 312, and thus may omit unnecessary 'privacyDataType' attribute checking procedure.

The above-mentioned values of 'privacyData' and 'privacyDataType' are only examples, and values according to various methods for providing privacy may be applied. For example, if the data is encrypted and transmitted directly to the NA 110, the data is encrypted and transmitted to the NSCL 121, and the encrypted data stored in the NSCL 121 after the encrypted data is transferred to the NA 110. A value specifying the case of deleting a may be defined.

In the above embodiments, the values of the 'privacyData' and / or 'privacyDataType' indicators may be preset values. Alternatively, the values of the 'privacyData' and / or 'privacyDataType' indicators may be dynamically set when the NA 110 requests data of the application.

The above description is merely illustrative of the technical idea of the present invention, and those skilled in the art to which the present invention pertains may make various modifications and changes without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas falling within the scope of the same shall be construed as falling within the scope of the present invention.

Claims (20)

A device application module; And
A device service capability module providing a function shared by an application of the device application module;
And the device service capability module transmits the data to an application server when an attribute of data of an application is related to privacy and transmits the data to an M2M platform when not related to privacy. The method of claim 1,
And the device service capability module transmits a portion of the data related to privacy to the application server if an attribute of the portion of the data of the application relates to privacy. A device application module; And
A device service capability module providing a function shared by an application of the device application module;
The device service capability module transmits the encrypted data to the M2M platform when the attribute of the data of the application is related to privacy, and transmits the data to the M2M platform when not related to the privacy. . The method of claim 3, wherein
And the device service capability module transmits, to the M2M platform, data that encrypts a portion of the data related to privacy when an attribute of a portion of the data of the application relates to privacy. Checking an attribute of data of an application;
Transmitting the data to an application server if the attribute of the data relates to privacy; And
Transmitting the data to the M2M platform if the attribute of the data is not related to privacy. Checking an attribute of data of an application;
Sending the data to an M2M platform if the attributes of the data are not all related to privacy;
Identifying attributes for portions of the data if all or some of the attributes of the data relate to privacy;
If the attribute of the portion of data is related to privacy, transmitting the portion of data corresponding to the application server; And
Transmitting a portion of the data to the M2M platform if the attribute for the portion of data is not related to privacy. Checking an attribute of data of an application;
Transmitting data encrypted with the data to an M2M platform if the attribute of the data is related to privacy; And
Transmitting the data to the M2M platform if the attribute of the data is not related to privacy. Checking an attribute of data of an application;
Sending the data to an M2M platform if the attributes of the data are not all related to privacy;
Identifying attributes for portions of the data if all or some of the attributes of the data relate to privacy;
If the attribute of the portion of data is related to privacy, transmitting the encrypted data portion of the data to the M2M platform; And
Transmitting a portion of the data to the M2M platform if the attribute for the portion of data is not related to privacy. A gateway application module; And
Providing a function shared by an application of the gateway application module, and including a gateway service capability module capable of communicating with an M2M device,
The gateway service capability module transmits the data to the application server when the attribute of the data of the application is related to privacy, and transmits the data to the M2M platform when not related to the privacy. The method of claim 9,
The gateway service capability module transmits a portion of the data related to privacy to the application server when an attribute of a portion of the data of the application relates to privacy. A gateway application module; And
Providing a function shared by an application of the gateway application module, and including a gateway service capability module capable of communicating with an M2M device,
The gateway service capability module transmits the encrypted data to the M2M platform when the attribute of the data of the application is related to privacy, and transmits the data to the M2M platform when not related to the privacy. . The method of claim 11,
The gateway service capability module is configured to transmit data encrypted with a portion of the data related to privacy to the M2M platform when an attribute of a portion of the data of the application relates to privacy. Checking an attribute of data of an application;
Sending the data to an M2M platform if the attributes of the data are not all related to privacy;
Transmitting the data to an application server if the attribute of the data relates to privacy; And
And transmitting the data to the M2M platform when the attribute of the data is not related to privacy. Checking an attribute of data of an application;
Sending the data to an M2M platform if the attributes of the data are not all related to privacy;
Identifying attributes for portions of the data if all or some of the attributes of the data relate to privacy;
If the attribute of the portion of data is related to privacy, transmitting the portion of data corresponding to the application server; And
If the attribute of the portion of data is not related to privacy, transmitting the portion of data corresponding to the M2M platform. Checking an attribute of data of an application;
Transmitting data encrypted with the data to an M2M platform if the attribute of the data is related to privacy; And
And transmitting the data to the M2M platform when the attribute of the data is not related to privacy. Checking an attribute of data of an application;
Sending the data to an M2M platform if the attributes of the data are not all related to privacy;
Identifying attributes for portions of the data if all or some of the attributes of the data relate to privacy;
If the attribute of the portion of data is related to privacy, transmitting the encrypted data portion of the data to the M2M platform; And
If the attribute of the portion of data is not related to privacy, transmitting the portion of data corresponding to the M2M platform. An M2M platform that communicates with a device or gateway and an application server and provides a function shared by an application of the application server.
M2M platform, characterized in that for deleting the data after transmitting the data to the application server, if the attribute of the data transmitted and stored from the device or gateway related to privacy. The method of claim 17,
And when a property of a part of the data transmitted and stored from the device or the gateway is related to privacy, deleting the part of the data related to the privacy of the data transmitted to the application server. Storing the data sent from the device or gateway;
Transmitting the data to an application server;
Confirming an attribute of the data; And
And deleting the data if the attribute of the data relates to privacy. Storing the data sent from the device or gateway;
Transmitting the data to an application server;
Confirming an attribute of the data;
Identifying attributes for portions of the data if all or some of the attributes of the data relate to privacy; And
And deleting a portion of the data if the attribute of the portion of the data is related to privacy.

Images