US20220407846A1 - Devices and method for mtc group key management - Google Patents
Devices and method for mtc group key management Download PDFInfo
- Publication number
- US20220407846A1 US20220407846A1 US17/875,613 US202217875613A US2022407846A1 US 20220407846 A1 US20220407846 A1 US 20220407846A1 US 202217875613 A US202217875613 A US 202217875613A US 2022407846 A1 US2022407846 A1 US 2022407846A1
- Authority
- US
- United States
- Prior art keywords
- group
- key
- mtc
- iwf
- group key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims description 19
- 230000004044 response Effects 0.000 claims description 9
- 238000004891 communication Methods 0.000 abstract description 35
- 238000009795 derivation Methods 0.000 description 23
- 238000010586 diagram Methods 0.000 description 11
- NRNCYVBFPDDJNE-UHFFFAOYSA-N pemoline Chemical compound O1C(N)=NC(=O)C1C1=CC=CC=C1 NRNCYVBFPDDJNE-UHFFFAOYSA-N 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/061—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
- H04W4/08—User group management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/16—Gateway arrangements
Definitions
- the present invention relates to a security solution for group based MTC (Machine-Type-Communication).
- the present invention relates to techniques to distribute a group key within a core network and to MTC devices, to derive the group key and/or to manage the group key.
- the 3GPP (3rd Generation Partnership Project) architecture of MTC has been studied in NPL 1. Study of group based MTC has also been initiated in NPL 2.
- PTL 1 discloses that a GW (Gateway) which serves as a gateway to a core network for a group of MTC devices, and uses a group key to securely conduct communication with the group members.
- MTC device is a UE (User Equipment) equipped for MTC, which will be sometimes referred to as “MTC UE” or “UE” in the following explanation.
- MTC UE User Equipment
- NPL 1 3GPP TS 23.682, “Architecture enhancements to facilitate communications with packet data networks and applications (Release 11)”, V11.2.0, 2012-09
- NPL 2 3GPP TR 23.887, “Machine-Type and other Mobile Data Applications Communications Enhancements (Release 12)”, V0.5.0, 2012-11, Clause 8, pp. 78-94
- NPL 3 3GPP TR 33.868, “Security aspects of Machine-Type and other Mobile Data Applications Communications Enhancements; (Release 12)”, V0.13.0, 2013-04, Clause A.6.4.2, pp. 87-88
- NPL 3 discloses that an MME (Mobility Management Entity) protects the group key by using NAS (Non Access Stratum) security context.
- MME Mobility Management Entity
- NAS Non Access Stratum
- an exemplary object of the present invention is to improve security upon distributing a group key.
- a communication system includes a group of MTC devices that communicate with a core network, and a gateway to the core network for the group.
- the gateway distributes, to each of the MTC devices, a first key for securely conducting group communication.
- the gateway Upon distributing the first key, the gateway protects confidentiality and integrity of the first key by using: a second key that is preliminarily shared between the gateway and each of the MTC devices, and that is used for the gateway to authenticate each of the MTC devices as a member of the group; or a third key that is shared between an MTC-IWF (MTC Inter-Working Function) and each of the MTC devices, and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF and each of the MTC devices.
- the MTC-IWF serves as an entering point to the core network for an SCS (Service Capability Server) that communicates with the group through the core network.
- SCS Service Capability Server
- a gateway serves as a gateway to a core network for a group of MTC devices communicating with the core network.
- the gateway includes: protection means for protecting confidentiality and integrity of a first key for securely conducting group communication; and distribution means for distributing the protected first key to each of the MTC devices.
- the protection means is configured to perform the protection by using: a second key that is preliminarily shared between the gateway and each of the MTC devices, and that is used for the gateway to authenticate each of the MTC devices as a member of the group; or a third key that is shared between an MTC-IWF and each of the MTC devices, and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF and each of the MTC devices.
- the MTC-IWF serves as an entering point to the core network for an SCS that communicates with the group through the core network.
- an MTC device is grouped to communicate with a core network.
- the MTC device includes: reception means for receiving, from a gateway to the core network for a group of MTC devices, a first key for securely conducting group communication. Confidentiality and integrity of the first key are protected with a second key or a third key.
- the second key is preliminarily shared between the gateway and each of the MTC devices, and used for the gateway to authenticate each of the MTC devices as a member of the group.
- the third key is shared between an MTC-IWF and each of the MTC devices, and used to derive temporary keys for securely conducting individual communication between the MTC-IWF and each of the MTC devices.
- the MTC-IWF serves as an entering point to the core network for an SCS that communicates with the group through the core network.
- a method provides a method of controlling operations in a gateway to a core network for a group of MTC devices that communicates with the core network.
- This method includes: protecting confidentiality and integrity of a first key for securely conducting group communication; and distributing the protected first key to each of the MTC devices.
- the protection is performed by using: a second key that is preliminarily shared between the gateway and each of the MTC devices, and that is used for the gateway to authenticate each of the MTC devices as a member of the group; or a third key that is shared between an MTC-IWF and each of the MTC devices, and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF and each of the MTC devices.
- the MTC-IWF serves as an entering point to the core network for an SCS that communicates with the group through the core network.
- a method provides a method of controlling operations in an MTC device that is grouped to communicate with a core network.
- This method includes: receiving, from a gateway to the core network for a group of MTC devices, a first key for securely conducting group communication. Confidentiality and integrity of the first key are protected with a second key or a third key.
- the second key is preliminarily shared between the gateway and each of the MTC devices, and used for the gateway to authenticate each of the MTC devices as a member of the group.
- the third key is shared between an MTC-IWF and each of the MTC devices, and used to derive temporary keys for securely conducting individual communication between the MTC-IWF and each of the MTC devices.
- the MTC-IWF serves as an entering point to the core network for an SCS that communicates with the group through the core network.
- FIG. 1 is a block diagram showing a configuration example of a communication system according to an exemplary embodiment of the present invention.
- FIG. 2 is a sequence diagram showing a first operation example of the communication system according to the exemplary embodiment.
- FIG. 3 is a sequence diagram showing a second operation example of the communication system according to the exemplary embodiment.
- FIG. 4 is a sequence diagram showing a third operation example of the communication system according to the exemplary embodiment.
- FIG. 5 is a sequence diagram showing a fourth operation example of the communication system according to the exemplary embodiment.
- FIG. 6 is a sequence diagram showing a fifth operation example of the communication system according to the exemplary embodiment.
- FIG. 7 is a sequence diagram showing a sixth operation example of the communication system according to the exemplary embodiment.
- FIG. 8 is a block diagram showing a configuration example of a MTC UE according to the exemplary embodiment.
- FIG. 9 is a block diagram showing a configuration example of a group GW according to the exemplary embodiment.
- FIG. 10 is a block diagram showing a configuration example of an HSS according to the exemplary embodiment.
- FIG. 11 is a block diagram showing a configuration example of an MTC-IWF according to the exemplary embodiment.
- Key derivation parameters can be either sent from an HSS (Home Subscriber Server) to an MTC-IWF, or from the MTC-IWF to the HSS.
- HSS Home Subscriber Server
- MTC-IWF MTC-IWF
- the derivation algorithms are available in the network node.
- a communication system includes a core network (3GPP network), and one or more MTC UEs 10 which are UEs equipped for MTC and connect to the core network through a RAN (Radio Access Network).
- the MTC UEs 10 are grouped to communicate with the core network.
- the RAN is formed by a plurality of base stations (e.g., eNBs (evolved Node Bs)).
- the MTC UE 10 attaches to the core network.
- the MTC UE 10 can host one or multiple MTC Applications.
- the corresponding MTC Applications in the external network are hosted on an SCS 60 .
- the SCS 60 connects to the core network to communicate with the MTC UE 10 .
- the core network includes an MME 30 , an HSS 40 and an MTC-IWF 50 as a part of its network nodes.
- the MME 30 relays traffic between the RAN and the MTC-IWF 50 .
- the HSS 40 manages subscription information on the MTC UEs 10 , and the like.
- the MTC-IWF 50 serves as an entering point to the core network for the SCS 60 , and if necessary, acquires the subscription information and the like from the HSS 40 .
- the core network also includes, as other network nodes, an SGSN (Serving GPRS (General Packet Radio Service) Support Node), an MSC (Mobile Switching Centre) and the like.
- the SGSN and the MSC function as with the MME 30 .
- the core network includes a gateway to the core network for the group of MTC UEs 10 .
- this gateway is referred to as “group GW” and denoted by the symbol 20 .
- the group GW 20 distributes to each of the MTC UEs 10 a group key for securely conducting group communication between the group GW 20 and the group of MTC UEs 10 .
- the group GW 20 can be either deployed in a network node or be an independent node.
- Group communication requires the group GW 20 and group member of MTC UEs 10 share the same group key.
- the group GW 20 can obtain the group keys.
- One of options is a case where the group GW 20 itself derives the group key. There will be described later how to derive the group key.
- Another one of options is a case where the group GW 20 receives the group key from another network node. This exemplary embodiment further considers that whether the group GW 20 is configured at the MTC-IWF 50 or not.
- the HSS 40 derives the group key and sends it to the MTC-IWF 50 together with group ID in a Subscriber Information Response message (Steps Sla to Slc).
- the MTC-IWF 50 derives the group key, when it has received the group ID and optionally key derivation parameters from the HSS 40 in the Subscriber Information Response message (Steps S 2 a to S 2 c ).
- the derived group key is sent, to the group GW 20 through the MME 30 , together with the group ID and a KSI (Key Set Identifier) of the group key (Step S 3 ).
- KSI Key Set Identifier
- the group GW 20 distributes the group key to MTC UEs 10 _ 1 to 10 _ n (n ⁇ 2) which are members of MTC group (Steps S 4 _ 1 to S 4 _ n ).
- One of ways is to use a pre-configured authentication used group key Kgr.
- the key Kgr is preliminarily shared between the group GW 20 and each of the MTC UEs 10 _ 1 to 10 _ n , and used for the group GW 20 to authenticate each of the MTC UEs 10 _ 1 to 10 _ n as a member of the MTC group.
- each of the MTC UEs 10 _ 1 to 10 _ n receives an Authentication Request message from the group GW 20 , and then computes e.g., a RES (authentication response) with the key Kgr.
- Each of the MTC UEs 10 _ 1 to 10 _ n sends to the group GW 20 an Authentication Response message containing the computed RES.
- the group GW 20 checks the received RES with the key Kgr, thereby authenticating each of the MTC UEs 10 _ 1 to 10 _ n.
- the group GW 20 Upon the distribution, the group GW 20 encrypts the group key with the key Kgr to protect the confidentiality of group key, and also ensures the integrity of group key with the key Kgr.
- Each of the MTC UEs 10 _ 1 to 10 _ n decrypts the received group key with the key Kgr, and also checks the integrity of the received group key with the key Kgr.
- the root key K_iwf is shared between the MTC-IWF 50 and each of the MTC UEs 10 _ 1 to 10 _ n , and used to derive temporary keys for securely conducting individual communication between the MTC-IWF 50 and each of the MTC UEs 10 _ 1 to 10 _ n.
- One of temporary keys is a confidentiality key for encrypting and decrypting messages transferred between the MTC-IWF and the MTC UE.
- Another one of temporary keys is an integrity key for checking the integrity of message transferred between the MTC-IWF and the MTC UE.
- the group GW 20 encrypts the group key with the key K_iwf to protect the confidentiality of group key, and also ensures the integrity of group key with the key K_iwf.
- Each of the MTC UEs 10 _ 1 to 10 _ n decrypts the received group key with the key K_iwf, and also checks the integrity of the received group key with the key K_iwf.
- both of the confidentiality and integrity of group key is ensured upon the distribution to the group member, so that it is possible to greatly improve security compared with the above-mentioned PTL 1 and NPL 3.
- the HSS 40 or an MTC-IWF 50 A (which also serves as the group GW) derives the group key in a similar manner to FIG. 2 (Steps S 11 a to S 12 c ).
- the MTC-IWF 50 A distributes the group key to the MTC UEs 10 _ 1 to 10 _ n in a similar manner to FIG. 2 (Steps S 14 _ 1 to S 14 _ n ).
- the HSS 40 derives the group key and sends it to the MME 30 during UE authentication procedure in e.g., an Authentication Data Response message (Steps S 21 and S 22 ).
- an Authentication Data Response message (Steps S 21 and S 22 )
- the group key in the Authentication Data Response message, it is possible to reduce the impact to communication protocols. This is because the Authentication Data Response message is the existing message transferred between typical MME and HSS.
- the MME 30 can send the group key to the group GW 20 in a new message or include it in the forwarded trigger (Step S 23 ).
- the group key can be only activated after each of the MTC UEs 10 _ 1 to 10 _ n is authenticated to the core network as the group member and individually. Thereafter, the MME 30 can also send the group key to the group GW 20 after it confirmed that each of the MTC UEs 10 _ 1 to 10 _ n is authenticated as the group member and individually.
- the group GW 20 distributes the group key to the MTC UEs 10 _ 1 to 10 _ n in a similar manner to FIG. 2 (Steps S 24 _ 1 to S 24 _ n ).
- the KDF Key Derivation Function defined in 3GPP TS 33.401 can be re-used.
- Other parameters can be: internal group ID, group gateway ID, key derivation algorithm identifier, counter.
- a lifetime value can be also generated when the new group keys are derived.
- Key derivation parameters can be sent from the HSS 40 to the MTC-IWF 50 (or 50 A), or from the MTC-IWF 50 (or 50 A) to the HSS 40 .
- the derivation algorithms are configured in the network node which derives the group key.
- the group key can be updated when:
- the derivation parameter (e.g., the root key K_iwf) has been updated
- FIGS. 5 to 7 Examples of key update procedure are shown in FIGS. 5 to 7 .
- the HSS 40 updates the group key and sends it to the MTC-IWF 50 together with group ID in a Subscriber Information Update message (Steps S 31 a and S 31 b ).
- the MTC-IWF 50 updates the group key, and optionally retrieves key derivation parameters from the HSS 40 (Steps S 32 a and S 32 b ).
- the updated group key is sent, to the group GW 20 through the MME 30 , together with the group ID and a KSI of the updated group key (Step S 33 ).
- the group GW 20 re-distributes the updated group key to MTC UEs 10 _ 1 to 10 _ n (Steps S 34 _ 1 to S 34 _ n ).
- the updated group key is protected by using the key Kgr or K_iwf.
- the HSS 40 or the MTC-IWF 50 A updates the group key in a similar manner to FIG. 5 (Steps S 41 a to S 42 b ).
- the MTC-IWF 50 A re-distributes the updated group key to the MTC UEs 10 _ 1 to 10 _ n in a similar manner to FIG. 5 (Steps S 44 _ 1 to S 44 _ n ).
- the HSS 40 updates the group key and sends it to the MME 30 in e.g., an Insert Subscriber Data message (Steps S 51 and S 52 ).
- an Insert Subscriber Data message (Steps S 51 and S 52 ).
- the Insert Subscriber Data is the existing message transferred between typical MME and HSS.
- the MME 30 can send the updated group key to the group GW 20 in a new message (Step S 53 ).
- the group GW 20 re-distributes the updated group key to the MTC UEs 10 _ 1 to 10 _ n in a similar manner to FIG. 5 (Steps S 54 _ 1 to S 54 _ n ).
- the MTC UE 10 includes a reception unit 11 that receives the protected group key from the group GW 20 .
- the reception unit 11 can be configured by, for example, a transceiver which wirelessly conducts communication with the core network through the RAN, and a controller such as a CPU (Central Processing Unit) which controls this transceiver.
- a transceiver which wirelessly conducts communication with the core network through the RAN
- a controller such as a CPU (Central Processing Unit) which controls this transceiver.
- CPU Central Processing Unit
- the group GW 20 includes at least a protection unit 21 and a distribution unit 22 .
- the protection unit 21 protects the group key by using the key Kgr or K_iwf.
- the distribution unit 22 distributes the protected group key to the MTC UE 10 .
- the group GW 20 further includes a reception unit 23 that receives the group key from the HSS 40 or the MTC-IWF 50 .
- the reception unit 23 also receives the updated group key.
- the group GW 20 may include a derivation unit 24 that derives the group key by using, as the key derivation parameters, the key Kgr, the key K_iwf, the Kasme or the random number.
- the derivation unit 24 also updates the group key.
- the protection unit 21 protects the updated group key by using the key Kgr or K_iwf, and the distribution unit 22 re-distributes the protected and updated group key.
- these units 21 to 24 are mutually connected with each other through a bus or the like.
- These units 21 to 24 can be configured by, for example, transceivers which conduct communication with other nodes within the core network, and a controller such as a CPU which controls these transceivers.
- the HSS 40 can include a derivation unit 41 and a send unit 42 in addition to elements of a typical HSS.
- the derivation unit 41 derives the group key by using, as the key derivation parameters, the key Kgr, the key K_iwf, the Kasme or the random number.
- the send unit 42 sends the group key to the group GW 20 and/or the MTC-IWF 50 .
- the derivation unit 41 may update the group key, and the send unit 42 may send the updated group key to the group GW 20 and/or the MTC-IWF 50 .
- these units 41 and 42 are mutually connected with each other through a bus or the like.
- These units 41 and 42 can be configured by, for example, transceivers which conduct communication with other nodes within the core network, and a controller such as a CPU which controls these transceivers.
- the MTC-IWF 50 can include a derivation unit 51 and a send unit 52 in addition to elements of a typical MTC-IWF.
- the derivation unit 51 derives the group key by using, as the key derivation parameters, the key Kgr, the key K_iwf, the Kasme or the random number.
- the send unit 52 sends the group key to the group GW 20 or the MTC UE 10 .
- the derivation unit 51 may update the group key, and the send unit 52 may send the updated group key to the group GW 20 or the MTC UE 10 .
- these units 51 and 52 are mutually connected with each other through a bus or the like.
- These units 51 and 52 can be configured by, for example, transceivers which conduct communication with other nodes within the core network, and a controller such as a CPU which controls these transceivers.
Abstract
In order to improve security upon distributing a group key, there is provided a gateway (20) to a core network for a group of MTC devices (10_1-10_n) communicating with the core network. The gateway (20) protects confidentiality and integrity of a group key, and distributes the protected group key to each of the MTC devices (10_1-10_n). The protection is performed by using: a key (Kgr) that is preliminarily shared between the gateway (20) and each of the MTC devices (10_1-10_n), and that is used for the gateway (20) to authenticate each of the MTC devices (10_1-10_n) as a member of the group; or a key (K_iwf) that is shared between an MTC-IWF (50) and each of the MTC devices (10_1-10_n), and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF (50) and each of the MTC devices (10_1-10_n).
Description
- The present application is a continuation application of U.S. patent application Ser. No. 14/908,240 filed on Jan. 28, 2016, which is a National Stage Entry of international application PCT/JP2014/003579 filed on Jul. 7, 2014, which claims the benefit of priority from Japanese Patent Application No. 2013-158881 filed on Jul. 31, 2013, the disclosures of all of which are incorporated in their entirety by reference herein.
- The present invention relates to a security solution for group based MTC (Machine-Type-Communication). In particular, the present invention relates to techniques to distribute a group key within a core network and to MTC devices, to derive the group key and/or to manage the group key.
- The 3GPP (3rd Generation Partnership Project) architecture of MTC has been studied in
NPL 1. Study of group based MTC has also been initiated in NPL 2. - Further,
PTL 1 discloses that a GW (Gateway) which serves as a gateway to a core network for a group of MTC devices, and uses a group key to securely conduct communication with the group members. - Note that the MTC device is a UE (User Equipment) equipped for MTC, which will be sometimes referred to as “MTC UE” or “UE” in the following explanation.
- NPL 1: 3GPP TS 23.682, “Architecture enhancements to facilitate communications with packet data networks and applications (Release 11)”, V11.2.0, 2012-09
- NPL 2: 3GPP TR 23.887, “Machine-Type and other Mobile Data Applications Communications Enhancements (Release 12)”, V0.5.0, 2012-11, Clause 8, pp. 78-94
- NPL 3: 3GPP TR 33.868, “Security aspects of Machine-Type and other Mobile Data Applications Communications Enhancements; (Release 12)”, V0.13.0, 2013-04, Clause A.6.4.2, pp. 87-88
- PTL 1: International Patent Publication No. WO 2012/018130
- However, the inventors of this application have found that there is a problem in
PTL 1 that the group key is distributed to the group members without any protection. - Note that NPL 3 discloses that an MME (Mobility Management Entity) protects the group key by using NAS (Non Access Stratum) security context. However, there is a problem in NPL 3 that the NAS security context merely ensures the confidentiality of group key.
- Accordingly, an exemplary object of the present invention is to improve security upon distributing a group key.
- In order to achieve the above-mentioned object, a communication system according to first exemplary aspect of the present invention includes a group of MTC devices that communicate with a core network, and a gateway to the core network for the group. The gateway distributes, to each of the MTC devices, a first key for securely conducting group communication. Upon distributing the first key, the gateway protects confidentiality and integrity of the first key by using: a second key that is preliminarily shared between the gateway and each of the MTC devices, and that is used for the gateway to authenticate each of the MTC devices as a member of the group; or a third key that is shared between an MTC-IWF (MTC Inter-Working Function) and each of the MTC devices, and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF and each of the MTC devices. The MTC-IWF serves as an entering point to the core network for an SCS (Service Capability Server) that communicates with the group through the core network.
- Further, a gateway according to second exemplary aspect of the present invention serves as a gateway to a core network for a group of MTC devices communicating with the core network. The gateway includes: protection means for protecting confidentiality and integrity of a first key for securely conducting group communication; and distribution means for distributing the protected first key to each of the MTC devices. The protection means is configured to perform the protection by using: a second key that is preliminarily shared between the gateway and each of the MTC devices, and that is used for the gateway to authenticate each of the MTC devices as a member of the group; or a third key that is shared between an MTC-IWF and each of the MTC devices, and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF and each of the MTC devices. The MTC-IWF serves as an entering point to the core network for an SCS that communicates with the group through the core network.
- Further, an MTC device according to third exemplary aspect of the present invention is grouped to communicate with a core network. The MTC device includes: reception means for receiving, from a gateway to the core network for a group of MTC devices, a first key for securely conducting group communication. Confidentiality and integrity of the first key are protected with a second key or a third key. The second key is preliminarily shared between the gateway and each of the MTC devices, and used for the gateway to authenticate each of the MTC devices as a member of the group. The third key is shared between an MTC-IWF and each of the MTC devices, and used to derive temporary keys for securely conducting individual communication between the MTC-IWF and each of the MTC devices. The MTC-IWF serves as an entering point to the core network for an SCS that communicates with the group through the core network.
- Further, a method according to fourth exemplary aspect of the present invention provides a method of controlling operations in a gateway to a core network for a group of MTC devices that communicates with the core network. This method includes: protecting confidentiality and integrity of a first key for securely conducting group communication; and distributing the protected first key to each of the MTC devices. The protection is performed by using: a second key that is preliminarily shared between the gateway and each of the MTC devices, and that is used for the gateway to authenticate each of the MTC devices as a member of the group; or a third key that is shared between an MTC-IWF and each of the MTC devices, and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF and each of the MTC devices. The MTC-IWF serves as an entering point to the core network for an SCS that communicates with the group through the core network.
- Furthermore, a method according to fifth exemplary aspect of the present invention provides a method of controlling operations in an MTC device that is grouped to communicate with a core network. This method includes: receiving, from a gateway to the core network for a group of MTC devices, a first key for securely conducting group communication. Confidentiality and integrity of the first key are protected with a second key or a third key. The second key is preliminarily shared between the gateway and each of the MTC devices, and used for the gateway to authenticate each of the MTC devices as a member of the group. The third key is shared between an MTC-IWF and each of the MTC devices, and used to derive temporary keys for securely conducting individual communication between the MTC-IWF and each of the MTC devices. The MTC-IWF serves as an entering point to the core network for an SCS that communicates with the group through the core network.
- According to the present invention, it is possible to solve the above-mentioned problems, and thus to improve security upon distributing a group key.
-
FIG. 1 is a block diagram showing a configuration example of a communication system according to an exemplary embodiment of the present invention. -
FIG. 2 is a sequence diagram showing a first operation example of the communication system according to the exemplary embodiment. -
FIG. 3 is a sequence diagram showing a second operation example of the communication system according to the exemplary embodiment. -
FIG. 4 is a sequence diagram showing a third operation example of the communication system according to the exemplary embodiment. -
FIG. 5 is a sequence diagram showing a fourth operation example of the communication system according to the exemplary embodiment. -
FIG. 6 is a sequence diagram showing a fifth operation example of the communication system according to the exemplary embodiment. -
FIG. 7 is a sequence diagram showing a sixth operation example of the communication system according to the exemplary embodiment. -
FIG. 8 is a block diagram showing a configuration example of a MTC UE according to the exemplary embodiment. -
FIG. 9 is a block diagram showing a configuration example of a group GW according to the exemplary embodiment. -
FIG. 10 is a block diagram showing a configuration example of an HSS according to the exemplary embodiment. -
FIG. 11 is a block diagram showing a configuration example of an MTC-IWF according to the exemplary embodiment. - Hereinafter, an exemplary embodiment of the present invention will be described with the accompany drawings.
- In this exemplary embodiment, there will be proposed details for group keys derivation at a core network, key distribution to proper network nodes and UEs, key management and how the group keys are used for securing communication. Key derivation parameters can be either sent from an HSS (Home Subscriber Server) to an MTC-IWF, or from the MTC-IWF to the HSS. The derivation algorithms are available in the network node.
- As shown in
FIG. 1 , a communication system according to this exemplary embodiment includes a core network (3GPP network), and one ormore MTC UEs 10 which are UEs equipped for MTC and connect to the core network through a RAN (Radio Access Network). In this exemplary embodiment, theMTC UEs 10 are grouped to communicate with the core network. Note that while the illustration is omitted, the RAN is formed by a plurality of base stations (e.g., eNBs (evolved Node Bs)). - The
MTC UE 10 attaches to the core network. TheMTC UE 10 can host one or multiple MTC Applications. The corresponding MTC Applications in the external network are hosted on anSCS 60. TheSCS 60 connects to the core network to communicate with theMTC UE 10. - Further, the core network includes an
MME 30, anHSS 40 and an MTC-IWF 50 as a part of its network nodes. TheMME 30 relays traffic between the RAN and the MTC-IWF 50. TheHSS 40 manages subscription information on theMTC UEs 10, and the like. The MTC-IWF 50 serves as an entering point to the core network for theSCS 60, and if necessary, acquires the subscription information and the like from theHSS 40. The core network also includes, as other network nodes, an SGSN (Serving GPRS (General Packet Radio Service) Support Node), an MSC (Mobile Switching Centre) and the like. The SGSN and the MSC function as with theMME 30. - While the illustration is omitted in
FIG. 1 , the core network includes a gateway to the core network for the group ofMTC UEs 10. Hereinafter, this gateway is referred to as “group GW” and denoted by thesymbol 20. Typically, thegroup GW 20 distributes to each of the MTC UEs 10 a group key for securely conducting group communication between thegroup GW 20 and the group ofMTC UEs 10. Thegroup GW 20 can be either deployed in a network node or be an independent node. - Next, operation examples of this exemplary embodiment will be described in detail with reference to
FIGS. 2 to 7 . Note that configuration examples of theMTC UE 10, thegroup GW 20, theHSS 40 and the MTC-IWF 50 will be described later with reference toFIGS. 8 to 11 . - 1. Key distribution
- Group communication requires the
group GW 20 and group member ofMTC UEs 10 share the same group key. - There are two options that the
group GW 20 can obtain the group keys. One of options is a case where thegroup GW 20 itself derives the group key. There will be described later how to derive the group key. Another one of options is a case where thegroup GW 20 receives the group key from another network node. This exemplary embodiment further considers that whether thegroup GW 20 is configured at the MTC-IWF 50 or not. - (1) Case where the MTC-
IWF 50 is notgroup GW 20 but shares the group key - In this case, as shown in
FIG. 2 , theHSS 40 derives the group key and sends it to the MTC-IWF 50 together with group ID in a Subscriber Information Response message (Steps Sla to Slc). - Alternatively, the MTC-
IWF 50 derives the group key, when it has received the group ID and optionally key derivation parameters from theHSS 40 in the Subscriber Information Response message (Steps S2 a to S2 c). - The derived group key is sent, to the
group GW 20 through theMME 30, together with the group ID and a KSI (Key Set Identifier) of the group key (Step S3). - Then, the
group GW 20 distributes the group key to MTC UEs 10_1 to 10_n (n≥2) which are members of MTC group (Steps S4_1 to S4_n). - There are two ways to protect the group key upon the distribution to the MTC UEs 10_1 to 10_n.
- One of ways is to use a pre-configured authentication used group key Kgr. The key Kgr is preliminarily shared between the
group GW 20 and each of the MTC UEs 10_1 to 10_n, and used for thegroup GW 20 to authenticate each of the MTC UEs 10_1 to 10_n as a member of the MTC group. - Upon the authentication, each of the MTC UEs 10_1 to 10_n receives an Authentication Request message from the
group GW 20, and then computes e.g., a RES (authentication response) with the key Kgr. Each of the MTC UEs 10_1 to 10_n sends to thegroup GW 20 an Authentication Response message containing the computed RES. Thegroup GW 20 checks the received RES with the key Kgr, thereby authenticating each of the MTC UEs 10_1 to 10_n. - Upon the distribution, the
group GW 20 encrypts the group key with the key Kgr to protect the confidentiality of group key, and also ensures the integrity of group key with the key Kgr. Each of the MTC UEs 10_1 to 10_n decrypts the received group key with the key Kgr, and also checks the integrity of the received group key with the key Kgr. - Another one of ways is to use a root key K_iwf. The root key K_iwf is shared between the MTC-
IWF 50 and each of the MTC UEs 10_1 to 10_n, and used to derive temporary keys for securely conducting individual communication between the MTC-IWF 50 and each of the MTC UEs 10_1 to 10_n. - One of temporary keys is a confidentiality key for encrypting and decrypting messages transferred between the MTC-IWF and the MTC UE. Another one of temporary keys is an integrity key for checking the integrity of message transferred between the MTC-IWF and the MTC UE.
- Upon the distribution, the
group GW 20 encrypts the group key with the key K_iwf to protect the confidentiality of group key, and also ensures the integrity of group key with the key K_iwf. Each of the MTC UEs 10_1 to 10_n decrypts the received group key with the key K_iwf, and also checks the integrity of the received group key with the key K_iwf. - According to this exemplary embodiment, both of the confidentiality and integrity of group key is ensured upon the distribution to the group member, so that it is possible to greatly improve security compared with the above-mentioned
PTL 1 andNPL 3. - (2) Case where the MTC-
IWF 50 is thegroup GW 20 - In this case, as shown in
FIG. 3 , theHSS 40 or an MTC-IWF 50A (which also serves as the group GW) derives the group key in a similar manner toFIG. 2 (Steps S11 a to S12 c). - Then, the MTC-
IWF 50A distributes the group key to the MTC UEs 10_1 to 10_n in a similar manner toFIG. 2 (Steps S14_1 to S14_n). - (3) Case where the MTC-
IWF 50 is notgroup GW 20 and does not need to share the group key - In this case, as shown in
FIG. 4 , theHSS 40 derives the group key and sends it to theMME 30 during UE authentication procedure in e.g., an Authentication Data Response message (Steps S21 and S22). In the case of including the group key in the Authentication Data Response message, it is possible to reduce the impact to communication protocols. This is because the Authentication Data Response message is the existing message transferred between typical MME and HSS. - The
MME 30 can send the group key to thegroup GW 20 in a new message or include it in the forwarded trigger (Step S23). - The group key can be only activated after each of the MTC UEs 10_1 to 10_n is authenticated to the core network as the group member and individually. Thereafter, the
MME 30 can also send the group key to thegroup GW 20 after it confirmed that each of the MTC UEs 10_1 to 10_n is authenticated as the group member and individually. - Then, the
group GW 20 distributes the group key to the MTC UEs 10_1 to 10_n in a similar manner toFIG. 2 (Steps S24_1 to S24_n). - For deriving the group key, the KDF (Key Derivation Function) defined in 3GPP TS 33.401 can be re-used.
- There are four options of input parameter:
- (1) the pre-configured key Kgr (in MTC UE and group GW);
- (2) the key K_iwf that shared between MTC-IWF and MTC UE;
- (3) Kasme defined in 3GPP TS 33.401; and
- (4) random number.
- Other parameters can be: internal group ID, group gateway ID, key derivation algorithm identifier, counter.
- A lifetime value can be also generated when the new group keys are derived.
- Key derivation parameters can be sent from the
HSS 40 to the MTC-IWF 50 (or 50A), or from the MTC-IWF 50 (or 50A) to theHSS 40. The derivation algorithms are configured in the network node which derives the group key. - The group key can be updated when:
- the lifetime of the group key is expired;
- a group member is deleted from the group;
- the derivation parameter (e.g., the root key K_iwf) has been updated; or
- derive and store new group keys before transit to inactive state.
- Examples of key update procedure are shown in
FIGS. 5 to 7 . - (1) Case where the MTC-
IWF 50 is notgroup GW 20 but shares the group key - In this case, as shown in
FIG. 5 , theHSS 40 updates the group key and sends it to the MTC-IWF 50 together with group ID in a Subscriber Information Update message (Steps S31 a and S31 b). - Alternatively, the MTC-
IWF 50 updates the group key, and optionally retrieves key derivation parameters from the HSS 40 (Steps S32 a and S32 b). - The updated group key is sent, to the
group GW 20 through theMME 30, together with the group ID and a KSI of the updated group key (Step S33). - Then, the
group GW 20 re-distributes the updated group key to MTC UEs 10_1 to 10_n (Steps S34_1 to S34_n). At this time, the updated group key is protected by using the key Kgr or K_iwf. - (2) Case where the MTC-
IWF 50 is thegroup GW 20 - In this case, as shown in
FIG. 6 , theHSS 40 or the MTC-IWF 50A updates the group key in a similar manner toFIG. 5 (Steps S41 a to S42 b). - Then, the MTC-
IWF 50A re-distributes the updated group key to the MTC UEs 10_1 to 10_n in a similar manner toFIG. 5 (Steps S44_1 to S44_n). - (3) Case where the MTC-
IWF 50 is notgroup GW 20 and does not need to share the group key - In this case, as shown in
FIG. 7 , theHSS 40 updates the group key and sends it to theMME 30 in e.g., an Insert Subscriber Data message (Steps S51 and S52). In the case of including the updated group key in the Insert Subscriber Data message, it is possible to reduce the impact to communication protocols. This is because the Insert Subscriber Data is the existing message transferred between typical MME and HSS. - The
MME 30 can send the updated group key to thegroup GW 20 in a new message (Step S53). - Then, the
group GW 20 re-distributes the updated group key to the MTC UEs 10_1 to 10_n in a similar manner toFIG. 5 (Steps S54_1 to S54_n). - Next, configuration examples of the
MTC UE 10, thegroup GW 20, theHSS 40 and the MTC-IWF 50 (50A) according to this exemplary embodiment will be described with reference toFIGS. 8 to 11 . - As shown in
FIG. 8 , theMTC UE 10 includes areception unit 11 that receives the protected group key from thegroup GW 20. Thereception unit 11 can be configured by, for example, a transceiver which wirelessly conducts communication with the core network through the RAN, and a controller such as a CPU (Central Processing Unit) which controls this transceiver. - As show in
FIG. 9 , thegroup GW 20 includes at least aprotection unit 21 and adistribution unit 22. Theprotection unit 21 protects the group key by using the key Kgr or K_iwf. Thedistribution unit 22 distributes the protected group key to theMTC UE 10. In the case where theHSS 40 or the MTC-IWF 50 (not the Group GW 20) derives the group key, thegroup GW 20 further includes a reception unit 23 that receives the group key from theHSS 40 or the MTC-IWF 50. The reception unit 23 also receives the updated group key. As a substitute for the reception unit 23, thegroup GW 20 may include aderivation unit 24 that derives the group key by using, as the key derivation parameters, the key Kgr, the key K_iwf, the Kasme or the random number. Thederivation unit 24 also updates the group key. In either case, theprotection unit 21 protects the updated group key by using the key Kgr or K_iwf, and thedistribution unit 22 re-distributes the protected and updated group key. Note that theseunits 21 to 24 are mutually connected with each other through a bus or the like. Theseunits 21 to 24 can be configured by, for example, transceivers which conduct communication with other nodes within the core network, and a controller such as a CPU which controls these transceivers. - As show in
FIG. 10 , theHSS 40 can include a derivation unit 41 and asend unit 42 in addition to elements of a typical HSS. The derivation unit 41 derives the group key by using, as the key derivation parameters, the key Kgr, the key K_iwf, the Kasme or the random number. Thesend unit 42 sends the group key to thegroup GW 20 and/or the MTC-IWF 50. The derivation unit 41 may update the group key, and thesend unit 42 may send the updated group key to thegroup GW 20 and/or the MTC-IWF 50. Note that theseunits 41 and 42 are mutually connected with each other through a bus or the like. Theseunits 41 and 42 can be configured by, for example, transceivers which conduct communication with other nodes within the core network, and a controller such as a CPU which controls these transceivers. - As show in
FIG. 11 , the MTC-IWF 50 (50A) can include aderivation unit 51 and asend unit 52 in addition to elements of a typical MTC-IWF. Thederivation unit 51 derives the group key by using, as the key derivation parameters, the key Kgr, the key K_iwf, the Kasme or the random number. Thesend unit 52 sends the group key to thegroup GW 20 or theMTC UE 10. Thederivation unit 51 may update the group key, and thesend unit 52 may send the updated group key to thegroup GW 20 or theMTC UE 10. Note that theseunits units - Note that the present invention is not limited to the above-mentioned exemplary embodiment, and it is obvious that various modifications can be made by those of ordinary skill in the art based on the recitation of the claims.
- This application is based upon and claims the benefit of priority from Japanese patent application No. 2013-158881, filed on Jul. 31, 2013, the disclosure of which is incorporated herein in its entirety by reference.
-
- 10, 101-10 n MTC UE
- 11, 23 RECEPTION UNIT
- 20 Group GW
- 21 PROTECTION UNIT
- 22 DISTRIBUTION UNIT
- 24, 41, 51 DERIVATION UNIT
- 30 MME
- 40 HSS
- 42, 52 SEND UNIT
- 50, 50A MTC-IWF
- 60 SCS
Claims (8)
1. A network node comprising:
a memory storing instructions; and
a processor configured to process the instructions to:
receive key information from a server in response to a request to the server, generate, based on the key information, a group key shared by a group of User Equipment (UE)s, and
send a group identification (ID), the group key, and an identifier of the group key toward the group of UEs, wherein the group key is encrypted.
2. The network node as claimed in claim 1 , wherein the processor is configured to process the instructions to further: update the group key if a group member is removed from the group of UEs.
3. A method of a network node, the method comprising:
receiving key information from a server in response to a request to the server;
generating, based on the key information, a group key shared by a group of User Equipment (UE)s; and
sending a group identification (ID), the group key, and an identifier of the group key toward the group of the UEs, wherein the group key is encrypted.
4. The method as claimed in claim 3 , further comprising: updating the group key if a group member is removed from the group of UEs.
5. A User Equipment (UE) comprising:
a memory storing instructions; and
a processor configured to process the instructions to:
form a group with other UEs,
receive, from a network node, a group identification (ID), a group key, and an identifier of the group key, wherein the group key is encrypted, and share the group key with the other UEs.
6. The UE as claimed in claim 5 , wherein the group key is updated if a group member is removed from the group.,
7. A method of a User Equipment (UE), the method comprising:
forming a group with other UEs;
receiving, from a network node, a group identification (ID), a group key, and an identifier of the group key, wherein the group key is encrypted; and
sharing the group key with the other UEs.
8. The method as claimed in claim 7 , wherein the group key is updated if a group member is removed from the group.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/875,613 US20220407846A1 (en) | 2013-07-31 | 2022-07-28 | Devices and method for mtc group key management |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013158881 | 2013-07-31 | ||
JP2013-158881 | 2013-07-31 | ||
PCT/JP2014/003579 WO2015015714A1 (en) | 2013-07-31 | 2014-07-07 | Devices and method for mtc group key management |
US201614908240A | 2016-01-28 | 2016-01-28 | |
US17/875,613 US20220407846A1 (en) | 2013-07-31 | 2022-07-28 | Devices and method for mtc group key management |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/003579 Continuation WO2015015714A1 (en) | 2013-07-31 | 2014-07-07 | Devices and method for mtc group key management |
US14/908,240 Continuation US11570161B2 (en) | 2013-07-31 | 2014-07-07 | Devices and method for MTC group key management |
Publications (1)
Publication Number | Publication Date |
---|---|
US20220407846A1 true US20220407846A1 (en) | 2022-12-22 |
Family
ID=51298915
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/908,240 Active 2035-02-22 US11570161B2 (en) | 2013-07-31 | 2014-07-07 | Devices and method for MTC group key management |
US17/875,613 Pending US20220407846A1 (en) | 2013-07-31 | 2022-07-28 | Devices and method for mtc group key management |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/908,240 Active 2035-02-22 US11570161B2 (en) | 2013-07-31 | 2014-07-07 | Devices and method for MTC group key management |
Country Status (6)
Country | Link |
---|---|
US (2) | US11570161B2 (en) |
EP (2) | EP3331216A1 (en) |
JP (4) | JP2016527736A (en) |
KR (2) | KR20190047143A (en) |
CN (1) | CN105432058A (en) |
WO (1) | WO2015015714A1 (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015015714A1 (en) * | 2013-07-31 | 2015-02-05 | Nec Corporation | Devices and method for mtc group key management |
US10455414B2 (en) * | 2014-10-29 | 2019-10-22 | Qualcomm Incorporated | User-plane security for next generation cellular networks |
US10298549B2 (en) | 2015-12-23 | 2019-05-21 | Qualcomm Incorporated | Stateless access stratum security for cellular internet of things |
US10887295B2 (en) * | 2016-10-26 | 2021-01-05 | Futurewei Technologies, Inc. | System and method for massive IoT group authentication |
CN110234112B (en) * | 2018-03-05 | 2020-12-04 | 华为技术有限公司 | Message processing method, system and user plane function device |
CN112702734B (en) * | 2019-10-23 | 2023-04-28 | 中移物联网有限公司 | Key distribution system and method |
WO2022032525A1 (en) * | 2020-08-12 | 2022-02-17 | 华为技术有限公司 | Group key distribution method and apparatus |
Citations (56)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4531020A (en) * | 1982-07-23 | 1985-07-23 | Oak Industries Inc. | Multi-layer encryption system for the broadcast of encrypted information |
US6049878A (en) * | 1998-01-20 | 2000-04-11 | Sun Microsystems, Inc. | Efficient, secure multicasting with global knowledge |
US20020055989A1 (en) * | 2000-11-08 | 2002-05-09 | Stringer-Calvert David W.J. | Methods and apparatus for scalable, distributed management of virtual private networks |
US20030044020A1 (en) * | 2001-09-06 | 2003-03-06 | Microsoft Corporation | Establishing secure peer networking in trust webs on open networks using shared secret device key |
US6584566B1 (en) * | 1998-08-27 | 2003-06-24 | Nortel Networks Limited | Distributed group key management for multicast security |
US20040215735A1 (en) * | 2002-12-20 | 2004-10-28 | Tohru Nakahara | Information management system |
US20060090067A1 (en) * | 2004-10-06 | 2006-04-27 | Edmonds Philip G | Method and apparatus for performing a secure transaction in a trusted network |
US20070016663A1 (en) * | 2005-07-14 | 2007-01-18 | Brian Weis | Approach for managing state information by a group of servers that services a group of clients |
US20070037555A1 (en) * | 2005-08-12 | 2007-02-15 | Samsung Electronics Co., Ltd. | Method, system and terminal apparatus for enabling content to be reproduced in multiple terminals |
US20070143600A1 (en) * | 2003-12-23 | 2007-06-21 | Motorola, Inc. | Rekeying in secure mobile multicast communications |
US20090245517A1 (en) * | 2008-03-25 | 2009-10-01 | Qualcomm Incorporated | Systems and methods for group key distribution and management for wireless communications systems |
US20090290522A1 (en) * | 2006-05-23 | 2009-11-26 | Nokia Siemens Networks Gmbh & Co. Kg | Method and Device for the Dynamic Setting up and Control of Temporarily Formed Communications Groups with Secure Transmission |
US20100325732A1 (en) * | 2009-06-19 | 2010-12-23 | Hemant Mittal | Managing Keys for Encrypted Shared Documents |
US20110072488A1 (en) * | 2009-09-21 | 2011-03-24 | Bi Xiaoyu | Method and apparatus for authentication |
US20110142239A1 (en) * | 2008-08-15 | 2011-06-16 | Suh Kyung Joo | Security protected non-access stratum protocol operation supporting method in a mobile telecommunication system |
US20110201365A1 (en) * | 2010-02-15 | 2011-08-18 | Telefonaktiebolaget L M Ericsson (Publ) | M2m group based addressing using cell broadcast service |
US20110249817A1 (en) * | 2008-12-10 | 2011-10-13 | Electronics And Telcommunications Research Institute | Method of managing group key for secure multicast communication |
US20110307694A1 (en) * | 2010-06-10 | 2011-12-15 | Ioannis Broustis | Secure Registration of Group of Clients Using Single Registration Procedure |
US20120004003A1 (en) * | 2009-12-22 | 2012-01-05 | Shaheen Kamel M | Group-based machine to machine communication |
WO2012018130A1 (en) * | 2010-08-05 | 2012-02-09 | Nec Corporation | Group security in machine-type communication |
US20120033613A1 (en) * | 2010-08-04 | 2012-02-09 | National Taiwan University | Enhanced rach design for machine-type communications |
US20120039213A1 (en) * | 2009-04-03 | 2012-02-16 | Panasonic Corporation | Mobile communication method, mobile communication system, and corresponding apparatus |
WO2012023337A1 (en) * | 2010-08-17 | 2012-02-23 | Nec Corporation | Method for group change issues in mtc |
US20120252481A1 (en) * | 2011-04-01 | 2012-10-04 | Cisco Technology, Inc. | Machine to machine communication in a communication network |
US20120257571A1 (en) * | 2011-04-07 | 2012-10-11 | Liao Ching-Yu | Method of Handling Signaling and Data Transmission for Machine-Type Communication |
US20120257756A1 (en) * | 2011-04-08 | 2012-10-11 | Arizona Board Of Regents For And On Behalf Of Arizona State University | Methods, Systems, and Apparatuses for Optimal Group Key Management for Secure Multicast Communication |
US20120263303A1 (en) * | 2009-12-24 | 2012-10-18 | Shaohua Tang | Group key management approach based on linear geometry |
US20120297193A1 (en) * | 2010-01-29 | 2012-11-22 | Huawei Technologies Co., Ltd. | Mtc device authentication method, mtc gateway, and related device |
US20120296968A1 (en) * | 2011-02-03 | 2012-11-22 | Telcordia Technologies, Inc. | System and Method for Group Communications in 3GPP Machine-to-Machine Networks |
WO2012159272A1 (en) * | 2011-05-26 | 2012-11-29 | Nokia Corporation | Performing a group authentication and key agreement procedure |
US20130003972A1 (en) * | 2011-07-01 | 2013-01-03 | Samsung Electronics Co., Ltd. | Apparatus, method and system for creating and maintaining multicast data encryption key in machine to machine communication system |
US20130015953A1 (en) * | 2011-07-11 | 2013-01-17 | National Taiwan University | Enhanced Paging Mechanism for Machine Type Communication |
US20130035067A1 (en) * | 2010-04-12 | 2013-02-07 | Huawei Technolgoies Co., Ltd. | Method and apparatus for authenticating communication device |
US20130042011A1 (en) * | 2010-04-14 | 2013-02-14 | Panasonic Corporation | Communication nodes and network nodes |
US20130053087A1 (en) * | 2010-04-30 | 2013-02-28 | Huawei Device Co., Ltd. | Method for triggering communication between group of mtc devices and mtc server, and mtc device |
US20130051228A1 (en) * | 2010-04-28 | 2013-02-28 | Lg Electronics Inc. | Method of controlling congestion of mtc data in a mobile communication system |
US20130080782A1 (en) * | 2010-06-01 | 2013-03-28 | Samsung Electronics Co. Ltd. | Method and system of securing group communication in a machine-to-machine communication environment |
US20130122901A1 (en) * | 2011-11-10 | 2013-05-16 | Renesas Mobile Corporation | Wireless Communication Systems and Methods |
US20130128777A1 (en) * | 2010-07-27 | 2013-05-23 | Telefonaktiebolaget L M Ericsson (Publ) | Machine-type communication subscription control |
US20130189955A1 (en) * | 2010-09-17 | 2013-07-25 | Nokia Siemens Networks Oy | Method for context establishment in telecommunication networks |
US20130290696A1 (en) * | 2012-04-30 | 2013-10-31 | Alcatel-Lucent Usa Inc. | Secure communications for computing devices utilizing proximity services |
US20130291071A1 (en) * | 2011-01-17 | 2013-10-31 | Telefonaktiebolaget L M Ericsson (Publ) | Method and Apparatus for Authenticating a Communication Device |
US20140185522A1 (en) * | 2011-08-24 | 2014-07-03 | Zte Corporation | Method and system for sending mtc device trigger information, and target user equipment |
US20140237559A1 (en) * | 2011-11-01 | 2014-08-21 | Huawei Technologies Co., Ltd. | Method and related device for generating group key |
US20140281508A1 (en) * | 2013-03-12 | 2014-09-18 | Cisco Technology, Inc. | Changing group member reachability information |
US20150012744A1 (en) * | 2012-02-02 | 2015-01-08 | Nokia Solutions And Networks Oy | Group based bootstrapping in machine type communication |
US20150149767A1 (en) * | 2012-04-26 | 2015-05-28 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | Method and system for authenticating the nodes of a network |
US20150249542A1 (en) * | 2012-09-29 | 2015-09-03 | Zte Corporation | Small data sending method and system, and user equipment |
US20160007138A1 (en) * | 2014-07-07 | 2016-01-07 | Convida Wireless, Llc | Coordinated grouping for machine type communications group based services |
US20160119762A1 (en) * | 2013-05-15 | 2016-04-28 | Xipeng Zhu | Group bearer and bearer selection for multicast/broadcast data transmissions |
US20160301673A1 (en) * | 2013-10-25 | 2016-10-13 | Zte Corporation | Method for Realizing Secure Communications among Machine Type Communication Devices and Network Entity |
US20170078828A1 (en) * | 2014-05-07 | 2017-03-16 | Interdigital Patent Holdings, Inc. | Systems, methods and instrumentalities for enabling machine type communication group communication |
US9882714B1 (en) * | 2013-03-15 | 2018-01-30 | Certes Networks, Inc. | Method and apparatus for enhanced distribution of security keys |
US10021533B2 (en) * | 2012-09-24 | 2018-07-10 | Nokia Solutions And Networks Oy | Group messaging in a communication network |
US11070955B2 (en) * | 2012-06-29 | 2021-07-20 | Nec Corporation | Update of security for group based feature in M2M |
US11570161B2 (en) * | 2013-07-31 | 2023-01-31 | Nec Corporation | Devices and method for MTC group key management |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3620138B2 (en) | 1996-02-05 | 2005-02-16 | 松下電器産業株式会社 | Key sharing system |
JP2004023237A (en) | 2002-06-13 | 2004-01-22 | Mitsubishi Electric Corp | Encryption communication system, encryption communication method, and program for executing that method on computer |
CN101057445B (en) | 2004-11-16 | 2013-03-13 | 艾利森电话股份有限公司 | Improved key distribution in systems for selective access to information |
US20080253562A1 (en) | 2007-04-12 | 2008-10-16 | Nokia Corporation | Handshake procedure |
CN101511082B (en) | 2008-02-15 | 2011-01-05 | 中国移动通信集团公司 | Method, equipment and system for updating group cipher key |
JP2010124238A (en) | 2008-11-19 | 2010-06-03 | Ricoh Co Ltd | Image forming apparatus, transmission destination determination method, and program |
CN102457844B (en) | 2010-10-28 | 2016-03-30 | 中兴通讯股份有限公司 | Group key management method and system in the certification of a kind of M2M group |
CN102594555B (en) | 2011-01-17 | 2015-04-29 | 华为技术有限公司 | Security protection method for data, entity on network side and communication terminal |
TWI538463B (en) | 2011-03-23 | 2016-06-11 | 內數位專利控股公司 | Systems and methods for securing network communications |
JP2012205088A (en) | 2011-03-25 | 2012-10-22 | Toshiba Corp | Node and group key updating method |
CN103621124A (en) | 2011-07-11 | 2014-03-05 | Lg电子株式会社 | Traffic encryption key management for machine to machine multicast group |
JP5750728B2 (en) | 2011-10-19 | 2015-07-22 | 国立研究開発法人産業技術総合研究所 | Key sharing system, key generation device, and program |
CN103096309B (en) * | 2011-11-01 | 2016-08-10 | 华为技术有限公司 | Generate method and the relevant device of group key |
CN104349311A (en) | 2013-08-02 | 2015-02-11 | 中兴通讯股份有限公司 | Key establishment method and system used for small-data transmission of machine-type communication |
CN104661171B (en) | 2013-11-25 | 2020-02-28 | 中兴通讯股份有限公司 | Small data secure transmission method and system for MTC (machine type communication) equipment group |
-
2014
- 2014-07-07 WO PCT/JP2014/003579 patent/WO2015015714A1/en active Application Filing
- 2014-07-07 KR KR1020197012302A patent/KR20190047143A/en not_active Application Discontinuation
- 2014-07-07 KR KR1020167002010A patent/KR20160037907A/en not_active Application Discontinuation
- 2014-07-07 CN CN201480043251.6A patent/CN105432058A/en active Pending
- 2014-07-07 EP EP18153168.2A patent/EP3331216A1/en not_active Ceased
- 2014-07-07 EP EP14748300.2A patent/EP3028431A1/en not_active Withdrawn
- 2014-07-07 JP JP2016503868A patent/JP2016527736A/en active Pending
- 2014-07-07 US US14/908,240 patent/US11570161B2/en active Active
-
2018
- 2018-09-21 JP JP2018177793A patent/JP6614304B2/en active Active
-
2019
- 2019-10-21 JP JP2019191999A patent/JP6922963B2/en active Active
-
2021
- 2021-07-28 JP JP2021122917A patent/JP7248059B2/en active Active
-
2022
- 2022-07-28 US US17/875,613 patent/US20220407846A1/en active Pending
Patent Citations (57)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4531020A (en) * | 1982-07-23 | 1985-07-23 | Oak Industries Inc. | Multi-layer encryption system for the broadcast of encrypted information |
US6049878A (en) * | 1998-01-20 | 2000-04-11 | Sun Microsystems, Inc. | Efficient, secure multicasting with global knowledge |
US6584566B1 (en) * | 1998-08-27 | 2003-06-24 | Nortel Networks Limited | Distributed group key management for multicast security |
US20020055989A1 (en) * | 2000-11-08 | 2002-05-09 | Stringer-Calvert David W.J. | Methods and apparatus for scalable, distributed management of virtual private networks |
US20030044020A1 (en) * | 2001-09-06 | 2003-03-06 | Microsoft Corporation | Establishing secure peer networking in trust webs on open networks using shared secret device key |
US20040215735A1 (en) * | 2002-12-20 | 2004-10-28 | Tohru Nakahara | Information management system |
US20070143600A1 (en) * | 2003-12-23 | 2007-06-21 | Motorola, Inc. | Rekeying in secure mobile multicast communications |
US20060090067A1 (en) * | 2004-10-06 | 2006-04-27 | Edmonds Philip G | Method and apparatus for performing a secure transaction in a trusted network |
US20100318605A1 (en) * | 2005-07-14 | 2010-12-16 | Brian Weis | Approach for managing state information by a group of servers that services a group of clients |
US20070016663A1 (en) * | 2005-07-14 | 2007-01-18 | Brian Weis | Approach for managing state information by a group of servers that services a group of clients |
US20070037555A1 (en) * | 2005-08-12 | 2007-02-15 | Samsung Electronics Co., Ltd. | Method, system and terminal apparatus for enabling content to be reproduced in multiple terminals |
US20090290522A1 (en) * | 2006-05-23 | 2009-11-26 | Nokia Siemens Networks Gmbh & Co. Kg | Method and Device for the Dynamic Setting up and Control of Temporarily Formed Communications Groups with Secure Transmission |
US20090245517A1 (en) * | 2008-03-25 | 2009-10-01 | Qualcomm Incorporated | Systems and methods for group key distribution and management for wireless communications systems |
US20110142239A1 (en) * | 2008-08-15 | 2011-06-16 | Suh Kyung Joo | Security protected non-access stratum protocol operation supporting method in a mobile telecommunication system |
US20110249817A1 (en) * | 2008-12-10 | 2011-10-13 | Electronics And Telcommunications Research Institute | Method of managing group key for secure multicast communication |
US20120039213A1 (en) * | 2009-04-03 | 2012-02-16 | Panasonic Corporation | Mobile communication method, mobile communication system, and corresponding apparatus |
US20100325732A1 (en) * | 2009-06-19 | 2010-12-23 | Hemant Mittal | Managing Keys for Encrypted Shared Documents |
US20110072488A1 (en) * | 2009-09-21 | 2011-03-24 | Bi Xiaoyu | Method and apparatus for authentication |
US20120004003A1 (en) * | 2009-12-22 | 2012-01-05 | Shaheen Kamel M | Group-based machine to machine communication |
US20120263303A1 (en) * | 2009-12-24 | 2012-10-18 | Shaohua Tang | Group key management approach based on linear geometry |
US20120297193A1 (en) * | 2010-01-29 | 2012-11-22 | Huawei Technologies Co., Ltd. | Mtc device authentication method, mtc gateway, and related device |
US20110201365A1 (en) * | 2010-02-15 | 2011-08-18 | Telefonaktiebolaget L M Ericsson (Publ) | M2m group based addressing using cell broadcast service |
US20130035067A1 (en) * | 2010-04-12 | 2013-02-07 | Huawei Technolgoies Co., Ltd. | Method and apparatus for authenticating communication device |
US20130042011A1 (en) * | 2010-04-14 | 2013-02-14 | Panasonic Corporation | Communication nodes and network nodes |
US20130051228A1 (en) * | 2010-04-28 | 2013-02-28 | Lg Electronics Inc. | Method of controlling congestion of mtc data in a mobile communication system |
US20130053087A1 (en) * | 2010-04-30 | 2013-02-28 | Huawei Device Co., Ltd. | Method for triggering communication between group of mtc devices and mtc server, and mtc device |
US20130080782A1 (en) * | 2010-06-01 | 2013-03-28 | Samsung Electronics Co. Ltd. | Method and system of securing group communication in a machine-to-machine communication environment |
US20110307694A1 (en) * | 2010-06-10 | 2011-12-15 | Ioannis Broustis | Secure Registration of Group of Clients Using Single Registration Procedure |
US20130128777A1 (en) * | 2010-07-27 | 2013-05-23 | Telefonaktiebolaget L M Ericsson (Publ) | Machine-type communication subscription control |
US20120033613A1 (en) * | 2010-08-04 | 2012-02-09 | National Taiwan University | Enhanced rach design for machine-type communications |
WO2012018130A1 (en) * | 2010-08-05 | 2012-02-09 | Nec Corporation | Group security in machine-type communication |
WO2012023337A1 (en) * | 2010-08-17 | 2012-02-23 | Nec Corporation | Method for group change issues in mtc |
US20130189955A1 (en) * | 2010-09-17 | 2013-07-25 | Nokia Siemens Networks Oy | Method for context establishment in telecommunication networks |
US20130291071A1 (en) * | 2011-01-17 | 2013-10-31 | Telefonaktiebolaget L M Ericsson (Publ) | Method and Apparatus for Authenticating a Communication Device |
US20120296968A1 (en) * | 2011-02-03 | 2012-11-22 | Telcordia Technologies, Inc. | System and Method for Group Communications in 3GPP Machine-to-Machine Networks |
US20120252481A1 (en) * | 2011-04-01 | 2012-10-04 | Cisco Technology, Inc. | Machine to machine communication in a communication network |
US20120257571A1 (en) * | 2011-04-07 | 2012-10-11 | Liao Ching-Yu | Method of Handling Signaling and Data Transmission for Machine-Type Communication |
US20120257756A1 (en) * | 2011-04-08 | 2012-10-11 | Arizona Board Of Regents For And On Behalf Of Arizona State University | Methods, Systems, and Apparatuses for Optimal Group Key Management for Secure Multicast Communication |
WO2012159272A1 (en) * | 2011-05-26 | 2012-11-29 | Nokia Corporation | Performing a group authentication and key agreement procedure |
US20130003972A1 (en) * | 2011-07-01 | 2013-01-03 | Samsung Electronics Co., Ltd. | Apparatus, method and system for creating and maintaining multicast data encryption key in machine to machine communication system |
US20130015953A1 (en) * | 2011-07-11 | 2013-01-17 | National Taiwan University | Enhanced Paging Mechanism for Machine Type Communication |
US20140185522A1 (en) * | 2011-08-24 | 2014-07-03 | Zte Corporation | Method and system for sending mtc device trigger information, and target user equipment |
US20140237559A1 (en) * | 2011-11-01 | 2014-08-21 | Huawei Technologies Co., Ltd. | Method and related device for generating group key |
US20130122901A1 (en) * | 2011-11-10 | 2013-05-16 | Renesas Mobile Corporation | Wireless Communication Systems and Methods |
US20150012744A1 (en) * | 2012-02-02 | 2015-01-08 | Nokia Solutions And Networks Oy | Group based bootstrapping in machine type communication |
US20150149767A1 (en) * | 2012-04-26 | 2015-05-28 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | Method and system for authenticating the nodes of a network |
US20130290696A1 (en) * | 2012-04-30 | 2013-10-31 | Alcatel-Lucent Usa Inc. | Secure communications for computing devices utilizing proximity services |
US11070955B2 (en) * | 2012-06-29 | 2021-07-20 | Nec Corporation | Update of security for group based feature in M2M |
US10021533B2 (en) * | 2012-09-24 | 2018-07-10 | Nokia Solutions And Networks Oy | Group messaging in a communication network |
US20150249542A1 (en) * | 2012-09-29 | 2015-09-03 | Zte Corporation | Small data sending method and system, and user equipment |
US20140281508A1 (en) * | 2013-03-12 | 2014-09-18 | Cisco Technology, Inc. | Changing group member reachability information |
US9882714B1 (en) * | 2013-03-15 | 2018-01-30 | Certes Networks, Inc. | Method and apparatus for enhanced distribution of security keys |
US20160119762A1 (en) * | 2013-05-15 | 2016-04-28 | Xipeng Zhu | Group bearer and bearer selection for multicast/broadcast data transmissions |
US11570161B2 (en) * | 2013-07-31 | 2023-01-31 | Nec Corporation | Devices and method for MTC group key management |
US20160301673A1 (en) * | 2013-10-25 | 2016-10-13 | Zte Corporation | Method for Realizing Secure Communications among Machine Type Communication Devices and Network Entity |
US20170078828A1 (en) * | 2014-05-07 | 2017-03-16 | Interdigital Patent Holdings, Inc. | Systems, methods and instrumentalities for enabling machine type communication group communication |
US20160007138A1 (en) * | 2014-07-07 | 2016-01-07 | Convida Wireless, Llc | Coordinated grouping for machine type communications group based services |
Non-Patent Citations (3)
Title |
---|
I. Broustis, G. S. Sundaram and H. Viswanathan, "Group authentication: A new paradigm for emerging applications," in Bell Labs Technical Journal, vol. 17, no. 3, pp. 157-173, Dec. 2012, doi: 10.1002/bltj.21566. (Year: 2012) * |
Jin Cao, Maode Ma and Hui Li, "A group-based authentication and key agreement for MTC in LTE networks," 2012 IEEE Global Communications Conference (GLOBECOM), Anaheim, CA, 2012, pp. 1017-1022. (Year: 2012) * |
Y. Zhang, J. Chen, H. Li, W. Zhang, J. Cao and C. Lai, "Dynamic Group Based Authentication Protocol for Machine Type Communications," 2012 Fourth International Conference on Intelligent Networking and Collaborative Systems, Bucharest, Romania, 2012, pp. 334-341. (Year: 2012) * |
Also Published As
Publication number | Publication date |
---|---|
EP3331216A1 (en) | 2018-06-06 |
WO2015015714A1 (en) | 2015-02-05 |
JP2019013043A (en) | 2019-01-24 |
KR20160037907A (en) | 2016-04-06 |
EP3028431A1 (en) | 2016-06-08 |
JP6922963B2 (en) | 2021-08-18 |
CN105432058A (en) | 2016-03-23 |
JP2016527736A (en) | 2016-09-08 |
KR20190047143A (en) | 2019-05-07 |
JP2020025311A (en) | 2020-02-13 |
JP7248059B2 (en) | 2023-03-29 |
JP2021182753A (en) | 2021-11-25 |
US11570161B2 (en) | 2023-01-31 |
US20160182477A1 (en) | 2016-06-23 |
JP6614304B2 (en) | 2019-12-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220407846A1 (en) | Devices and method for mtc group key management | |
US11122405B2 (en) | MTC key management for key derivation at both UE and network | |
US11799650B2 (en) | Operator-assisted key establishment | |
EP2421292B1 (en) | Method and device for establishing security mechanism of air interface link | |
US10530573B2 (en) | System and method for wireless network access protection and security architecture | |
US11388568B2 (en) | MTC key management for sending key from network to UE | |
US20150229620A1 (en) | Key management in machine type communication system | |
EP2929711A1 (en) | Group authentication and key management for mtc | |
KR20130080804A (en) | Method and system of securing group communication in a machine-to-machine communication environment | |
JP2016527736A5 (en) | ||
CN116918300A (en) | Method for operating a cellular network | |
KR20150135715A (en) | Apparatus and method for protecting privacy of user in mobile communication network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |