WO2012062115A1 - Method, system and apparatus for access control of machine type communication - Google Patents

Method, system and apparatus for access control of machine type communication Download PDF

Info

Publication number
WO2012062115A1
WO2012062115A1 PCT/CN2011/076104 CN2011076104W WO2012062115A1 WO 2012062115 A1 WO2012062115 A1 WO 2012062115A1 CN 2011076104 W CN2011076104 W CN 2011076104W WO 2012062115 A1 WO2012062115 A1 WO 2012062115A1
Authority
WO
WIPO (PCT)
Prior art keywords
mtc
mtc device
association
access
identity information
Prior art date
Application number
PCT/CN2011/076104
Other languages
French (fr)
Chinese (zh)
Inventor
余万涛
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012062115A1 publication Critical patent/WO2012062115A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions

Definitions

  • the invention relates to a machine type communication (MTC) technology, in particular to a method, system and device for machine type communication access control.
  • MTC machine type communication
  • MTC refers to a series of technologies and combinations of technologies that use wireless communication technology to realize data communication and communication between machines and machines, machines and people.
  • MTC has two meanings: The first meaning is the machine itself, called the smart device in the embedded field; the second meaning is the connection between the machine and the machine, connecting the machines together through the network.
  • MTC is used in a wide range of applications, such as smart measurement, remote monitoring, tracking, medical, etc., to make human life more intelligent. Compared with traditional human-to-human communication, MTC devices have a large number of applications and a wide range of applications, which has great market prospects.
  • the main long-distance connection technologies include Global System for Mobile communications (GSM)/General Packet Radio Service (GPRS)/Universal Mobile Telecommunications System (Universal Mobile Telecommunications System).
  • UMTS Universal Mobile Telecommunications System
  • the short-distance connection technology mainly includes 802.11b/g, Bluetooth, Zigbee, Radio Frequency Identification (RFID) and the like.
  • RFID Radio Frequency Identification
  • MTC integrates wireless communication and information technology, it can be used for two-way communication, such as collecting information over long distances, setting parameters and sending commands, thus enabling different applications such as security monitoring, vending, and goods tracking. Almost all the equipment involved in everyday life is likely to become a potential customer.
  • MTC provides a simple means of real-time data transfer between devices or between remote devices, or to establish a wireless connection with an individual.
  • the architecture of the MTC system is shown in Figure 1.
  • the MTC device passes the 3GPP network and MTC.
  • the server (MTC Server) communicates, and the MTC server provides Machine to Machine (M2M) services for MTC users.
  • M2M Machine to Machine
  • MTC applications For MTC systems, due to the diversity and complexity of MTC applications, MTC applications have a common feature. Due to the wide variety of MTC applications, each MTC application has different equipment requirements for MTC devices, so different MTC devices may have different device functions and device capabilities in an MTC system.
  • the information to be received not only needs to be from a legitimate MTC user, but also needs to be from a legitimate MTC device. Therefore, the 3GPP network is required to control the access of the MTC user and the MTC device.
  • the access control modes supported by the 3GPP network include: access control for the access of the MTC user through the security authentication mode; and access control for the MTC device by establishing a black and white list.
  • This type of access control although it is convenient for MTC users to access different 3GPP networks using different MTC devices, can only perform separate access control for MTC users or MTC devices, and cannot effectively prevent MTC users from abusing MTC. device. Summary of the invention
  • the main object of the present invention is to provide a method, system and device for machine type communication access control, which effectively prevents MTC users from abusing MTC equipment.
  • the MTC device includes an identity recognition module of an MTC user
  • the mobile communication network supports association between the MTC device and the MTC user identity module
  • the method includes: the mobile communication network receives the MTC device to send After the access request, it is determined whether the MTC device is associated with the identity recognition module, and if so, accepts access by the MTC device; otherwise, the access of the MTC device is denied.
  • the method further includes: performing access authentication on the MTC user, or performing access authentication on the MTC user and on the MTC device After authentication is performed, after the authentication is passed, it is determined whether the MTC device is associated with the identity recognition module. Determining whether the MTC device is associated with the identity recognition module, specifically: determining whether the MTC user identity information and the MTC device identity information carried in the access request meet the association relationship between the established MTC device and the MTC user identity module, If it is met, it accepts the access of the MTC device, otherwise it rejects the access of the MTC device.
  • Determining whether the MTC user identity information and the MTC device identity information carried in the access request meet the association relationship between the established MTC device and the MTC user identity module specifically: determining whether the MTC device identity information is based on the stored association relationship list It has been associated with the corresponding MTC user identity information. If there is an association between the MTC device identity information and the corresponding MTC user identity information in the association list, the access of the MTC device is accepted, otherwise, the access of the MTC device is denied.
  • the method further includes: the MTC device sending an association request to the mobile communication network, and after receiving the association request sent by the MTC device, the mobile communication network determines whether the associated MTC device has been associated with The identity recognition module of the other MTC user is associated, and if so, the association request is rejected, otherwise, the association relationship between the associated MTC device and the identity recognition module is established.
  • the association request includes the MTC device identity information and the MTC user identity information, and the determining whether the associated MTC device is associated with the identity identification module of the other MTC user, specifically: determining the MTC device identity information based on the stored association relationship list If the relationship between the MTC device identity information and the MTC user identity information exists in the association relationship list, the association request is rejected, if the MTC device identity information and the MTC user do not exist in the association relationship list.
  • the association relationship between the identity information establishes an association relationship between the MTC device that needs to be associated with the identity recognition module, and updates the association relationship list.
  • the method further includes: receiving, by the mobile communication network, a logout association request sent by the MTC device After that, it is determined whether the associated MTC device needs to be logged out to be associated with the identity recognition module, and if so, the association relationship between the MTC device and the identity recognition module is cancelled, otherwise, the logout association request is rejected.
  • the de-registration association request includes the MTC user identity information and the MTC device identity information
  • the determining whether the associated MTC device needs to be associated with the identity recognition module is specifically: determining, according to the stored association relationship list, whether the MTC device identity information has been Associated with the MTC user identity information, if the association relationship between the MTC device identity information and the MTC user identity information exists in the association relationship list, the association relationship between the MTC device and the identity recognition module is cancelled, and the association relationship list is updated, if the association relationship If there is no association between the MTC device identity information and the MTC user identity information in the list, the logout association request is rejected.
  • a system for machine type communication access control comprising:
  • An MTC device including an MTC user identity module, configured to send an access request to a mobile communication network; the MTC user identity module is located on a universal integrated circuit card UICC; a functional entity for MTC access control, located in the mobile And a communication network, configured to determine whether the MTC device is associated with the identity recognition module, and if yes, access the MTC device; otherwise, reject the access of the MTC device.
  • the MTC device is further configured to: send an association request to the mobile communication network;
  • the function entity for the MTC access control is further configured to: receive an association request sent by the MTC device, determine whether the associated MTC device needs to be Already associated with the identity module of the other MTC user, if yes, the association request is rejected, and if not, the association relationship between the MTC device and the identity module is established.
  • the MTC device is further configured to: send a logout association request to the mobile communication network;
  • the function entity for the MTC access control is further configured to: receive a logout association request sent by the MTC device, and determine that the associated MTC device needs to be logged out Whether it has been associated with the identity module, and if so, the relationship between the MTC device and the identity module is logged out, and if not, the note is rejected Pin association request.
  • the function entity for the MTC access control is further configured to: perform access authentication on the MTC user, or perform access authentication on the MTC user and perform authentication on the MTC device. After the authentication is passed, determine whether the MTC device is Has been associated with the identity module.
  • a device for communication access control of a machine type comprising:
  • a receiving unit configured to receive an access request sent by the MTC device, and send the access request to the access determining unit, where the access request carries the MTC user identity information and the MTC device identity information;
  • the access judging unit is configured to determine whether the MTC device is associated with the identity module of the MTC user, and if yes, accept the access of the MTC device; otherwise, the access of the MTC device is rejected.
  • the device further includes: an association establishing unit,
  • the receiving unit is further configured to: receive an association request sent by the MTC device, and send the association request to the associated establishing unit;
  • the association establishing unit is configured to determine whether an MTC device that needs to be associated is associated with an identity recognition module of another MTC user, and if yes, reject the association request, and if not, establish an association relationship between the MTC device and the identity recognition module. .
  • the device further includes: an associated logout unit,
  • the receiving unit is further configured to: receive a logout association request sent by the MTC device, and send the request to the associated logout unit;
  • the associated deregistration unit is configured to determine whether the MTC device that needs to be logged off is associated with the identity recognition module of the MTC user, and if yes, revoke the association relationship between the MTC device and the identity recognition module, and if not, reject the association Log out of the association request.
  • the access judging unit is further configured to: perform an access authentication on the MTC user, or perform an access authentication on the MTC user and perform an authentication on the MTC device, and after the authentication is passed, determine whether the MTC device has been associated with the MTC user.
  • the identity module is associated.
  • the mobile communication network determines whether the MTC device is associated with the identity recognition module of the MTC user, and if yes, accepts the access of the MTC device, otherwise, rejects
  • the access of the MTC device enables the mobile communication network to accept only the access of the associated MTC user and the MTC device, and the unassociated MTC user and the MTC device will be denied access, thereby realizing the control of accessing the MTC user and the MTC device. Management, effectively preventing the abuse of MTC devices by MTC users.
  • the mobile communication network can also maintain the association relationship between the MTC device and the legal MTC user, and facilitate the control and management of the MTC user and the MTC device access by the mobile communication network.
  • Figure 1 is a schematic diagram of the architecture of the MTC system
  • FIG. 2 is a schematic diagram of an MTC access control process in the present invention
  • FIG. 3 is a schematic structural diagram of an MTC access control system according to the present invention.
  • FIG. 4 is a schematic flowchart of establishing an association relationship between an MTC device and an identity module of an MTC user when the MTC device is initially accessed according to the present invention
  • FIG. 5 is a schematic flowchart of the relationship between the MTC device and the identity recognition module of the MTC user in the present invention
  • FIG. 6 is a schematic diagram of a process of associating an MTC device with an identity module of an MTC user in the present invention
  • FIG. 7 is a schematic diagram showing the process of association between an MTC device and an identity recognition module of an MTC user in the present invention
  • FIG. 8 is a schematic structural diagram of an MTC access control apparatus according to the present invention. detailed description
  • the information to be received not only needs to be from a legitimate MTC user, but also needs to be a legitimate MTC device from a legitimate MTC user.
  • the relationship between the legal MTC device and the legal MTC user needs to be further considered to effectively prevent the MTC user from abusing the MTC device.
  • FIG. 2 is a schematic diagram of an access control process in an MTC according to the present invention. As shown in FIG. 2, the specific processing includes:
  • Step 201 The mobile communication network receives an access request sent by the MTC device, where the MTC device includes an identity recognition module of the MTC user.
  • the MTC device When the MTC device needs to access the mobile communication network, it sends an access request to the mobile communication network, where the access request carries the MTC user identity information and the MTC device identity information; the mobile communication network receives the access request, and the mobile communication network supports The association of the MTC device with the MTC user identity module.
  • the MTC device is a device used by the MTC user for machine type communication, and the identity module of the MTC user is installed in the MTC device.
  • the mobile communication network may specifically be a 3GPP network or a 3GPP2 network.
  • the identity module of the MTC user may specifically be a user identity module.
  • the MTC user identity information may be an International Mobile Subscriber Identification Number (IMSI) of the identity module or MTC identity information for the MTC user identity.
  • IMSI International Mobile Subscriber Identification Number
  • the MTC device identity information can be the device's international mobile device identifier.
  • IMEI International Mobile Equipment Identity number
  • MTC identity information for MTC device identity.
  • the mobile communication network After receiving the access request sent by the MTC device, the mobile communication network performs access authentication on the MTC user, or performs access authentication on the MTC user and authenticates the MTC device, and the authentication is passed. After that, it indicates that the MTC user, or the MTC user and the MTC device are legal, and then proceeds to step 202.
  • Step 202 The mobile communication network determines whether the MTC device is associated with the MTC user, that is, whether the MTC device is associated with the identity recognition module of the MTC user. If yes, the mobile communication network accepts the access of the MTC device, and the MTC device accesses. The mobile communication network; otherwise, the mobile communication network rejects the access of the MTC device and may further return a denial of access message to the MTC device.
  • the mobile communication network determines whether the MTC user identity information and the MTC device identity information carried in the access request meet the association relationship between the established MTC device and the MTC user identity module, that is, whether the MTC device identity information has been determined based on the stored association relationship list.
  • the MTC device accesses the mobile communication network; if not, the association relationship between the MTC device identity information and the corresponding MTC user identity information does not exist in the association list, indicating that the MTC device is not a legal MTC device of the legal MTC user, The mobile communication network rejects the access of the MTC device.
  • the access of the MTC device to the mobile communication network means: After the MTC device is authenticated by the mobile communication network, it is allowed to access the mobile communication network to use the related communication service.
  • the mobile communication network only accepts the access of the associated MTC user and the MTC device, and the access is denied for the unassociated MTC user and the MTC device.
  • the mobile communication network After receiving the association request from the MTC device, the mobile communication network determines whether the associated MTC device has been associated with the identity recognition module of other MTC users according to the MTC user identity information and the MTC device identity information that are required to be associated in the association request. Linking, that is, determining whether the MTC device identity information is associated with other MTC user identity information based on the stored association list, and if so, the MTC device identity information and the MTC user are present in the association relationship list. The association relationship of the identity information is rejected, and if not, the association relationship between the MTC device identity information and the MTC user identity information does not exist in the association relationship list, and the association request is accepted, and the MTC device and the MTC user to be associated are established.
  • the association of the identity module updates the stored association list.
  • the MTC device may be an MTC device that needs to be associated, that is, the MTC user sends an association request through the MTC device that needs to be associated; or may be an MTC device that has been associated with the MTC user identified by the MTC user identity information, that is, the MTC user passes The associated MTC device issues an association request to associate with other MTC devices.
  • one MTC device can only be associated with an identity module of one MTC user; an identity module of an MTC user can associate multiple MTC devices.
  • the mobile communication network can also establish an association relationship between the MTC device to be associated with the MTC user identity module through the network management system, obtain a list of association relationships, and store the association relationship.
  • the mobile communication network that provides the communication service between the MTC device and the MTC server needs to include the functional functions for the MTC access control in addition to the existing network functions, including: MTC user authentication function. , or the MTC user authentication function and the MTC device authentication function, and the MTC user and the MTC device association management function, as shown in FIG.
  • MTC access control system shown in FIG.
  • an MTC device including an MTC user identity module and a functional entity for MTC access control in a mobile communication network, where the MTC device is configured to send an access to the mobile communication network
  • the function entity for the MTC access control is used to determine whether the MTC device is associated with the identity module of the MTC user, and if so, access the MTC device; otherwise, the access of the MTC device is denied.
  • the identity module of the MTC user can be USIM, ISIM, etc., usually located on the UICC.
  • the function entity for the MTC access control is also used for performing access authentication on the MTC user, or performing access authentication on the MTC user and authenticating the MTC device. After the authentication is passed, determining whether the MTC device has been associated with The MTC user's identity module is associated.
  • the MTC device is further configured to send an association request or a logout association request to the mobile communication network;
  • the function entity for the MTC access control is further configured to establish or cancel an association relationship between the MTC device and the MTC user identity module, and the stored association relationship list Manage and maintain.
  • the function entity for the MTC access control is configured to receive an association request sent by the MTC device, determine whether the associated MTC device has been associated with an identity module of another MTC user, and if yes, reject the association request, If not, the association relationship between the MTC device and the MTC user identity module is established, and is further used to update the stored association relationship list.
  • the function entity for the MTC access control is configured to receive the logout association request sent by the MTC device, determine whether the associated MTC device needs to be associated with the MTC user identity module, and if so, log off the MTC device and the MTC user identity.
  • the association relationship of the identification module is further used to update the stored association relationship list, and if not, the logout association request is rejected.
  • the MTC device may establish an association relationship with the MTC user identity module through the association establishment process in the initial access process, and may include the MTC device authentication or the MTC device authentication in the association establishment process, which is implemented by the system.
  • Step 400 includes: Step 400: Include an MTC user When the MTC device of the identity module first accesses the mobile communication network, the MTC user access authentication supported by the mobile communication network is first performed between the mobile communication network and the MTC device.
  • the MTC user access authentication is the same as the mobile user authentication process of the existing mobile communication network.
  • the MTC device sends the MTC user identity information to the mobile communication network, and the mobile communication network is in a database such as a Home Subscriber Server (HSS).
  • HSS Home Subscriber Server
  • the relevant information is searched for, and a set of authentication vectors is generated and sent to the mobility management entity (MME).
  • MME mobility management entity
  • the MME selects one of the authentication vectors to perform bidirectional authentication on the MTC user. After the authentication is passed, the MTC user is considered to be legal.
  • Step 401 After the MTC user passes the access authentication, the mobile communication network performs the MTC device.
  • MTC device authentication can use various existing device authentication methods, such as using digital certificate authentication methods.
  • Step 402 After the MTC device is authenticated, the MTC device sends an association request of the MTC device and the MTC user to the mobile communication network, where the association request carries the MTC device identity information and the MTC user identity information that need to be associated.
  • the MTC user identity information may be IMSI or MTC identity information for the MTC user identity.
  • the MTC device identity information may be IMEI or MTC identity information for the MTC device identity.
  • Step 403 After receiving the association request sent by the MTC device, the mobile communication network checks the stored association relationship list according to the MTC device identity information and the MTC user identity information, and determines whether the MTC device identity information is associated with other MTC user identity information, if Yes, that is, the association relationship between the MTC device identity information and the MTC user identity information exists in the association relationship list, indicating that the MTC device is associated with the identity recognition module of another MTC user, rejecting the association request, if not, that is, in the association relationship list If there is no association between the MTC device identity information and the MTC user identity information, it indicates that the MTC device is not associated with the identity module of the other MTC user, and the association is accepted regardless of whether the MTC user identity module has been associated with another MTC device.
  • the request establishes an association relationship between the MTC device and the MTC user identity module, and updates the stored association relationship list, that is, adds the association relationship to the association relationship list.
  • Step 404 The mobile communication network feeds back an acknowledgement message to the MTC device, and notifies the MTC device of the association result.
  • the MTC device shown in FIG. 4 is initially accessed by the mobile communication network to associate it with the identification module of the MTC user; or the MTC user may send the MTC device to the mobile communication network through the MTC device already associated with it.
  • Correlation request requesting the mobile communication network to associate another MTC device with the MTC user, that is, after the MTC device accesses the mobile communication network, the MTC user sends an association request through the MTC device, where the association request carries the need to be associated MTC device identity information and MTC user identity information; mobile communication network needs to determine Whether the associated MTC device has been associated with the identity module of the other MTC user to determine whether to establish an association relationship between the MTC device and the MTC user identity module.
  • the specific processing procedure of the MTC device accessing the mobile communication network is as shown in FIG. 2 .
  • the unassociated MTC device can be associated with the identity module of any MTC user.
  • the mobile communication network can also cancel the association relationship between the MTC device and the MTC user identity module.
  • the specific processing of the relationship between the MTC device and the MTC user identity module is as follows:
  • Step 500 The MTC device accesses the mobile communication network, and the specific processing process is as shown in FIG. 2 .
  • the MTC user identity information may be IMSI or MTC identity information for the MTC user identity.
  • the MTC device identity information may be IMEI or MTC identity information for the MTC device identity.
  • the MTC device that sends the logout association request may be an MTC device that needs to be logged out associated with the MTC user's identity module, or may be another MTC device through which the MTC user logs out of its associated MTC device.
  • Step 502 After receiving the logout association request sent by the MTC device, the mobile communication network checks the association list of the stored MTC device and the MTC user identity module according to the MTC device identity information and the MTC user identity information, and determines whether the MTC exists in the association list. The association between the device identity information and the corresponding MTC user identity information, if yes, the relationship between the MTC device and the MTC user identity module is deleted, and the stored association relationship list is updated, that is, the association relationship is deleted from the association relationship list; If it exists, it will not be processed.
  • Step 503 The mobile communication network feeds back an acknowledgement message to the MTC device, and notifies the MTC device to cancel the association result.
  • the mobile communication network can also deregister the association between the MTC device and the MTC user identity module. Relationship, after the association relationship between the MTC device and an MTC user identity module is cancelled, the MTC device can establish an association relationship with the new MTC user identity module through the association establishment process. In the process of establishing an association relationship, the MTC device may be authenticated, or the MTC device may not be authenticated, which is determined by the specific implementation of the system.
  • the association establishment process including the authentication of the MTC device is as shown in FIG. 6.
  • the specific process includes: Step 600: Perform MTC user access authentication supported by the mobile communication network between the mobile communication network and the MTC device.
  • the MTC user access authentication is the same as the mobile user authentication process of the existing mobile communication network.
  • the MTC device sends the MTC user identity information to the mobile communication network, and the mobile communication network searches for related information in a database such as the HSS to generate a group.
  • the authentication vector is sent to the MME, and the MME selects one of the authentication vectors to perform bidirectional authentication on the MTC user. After the authentication is passed, the MTC user is considered to be legal.
  • Step 601 After the MTC user accesses the authentication, the mobile communication network authenticates the MTC device.
  • MTC device authentication can use various existing device authentication methods, such as using digital certificate authentication methods.
  • Step 602 After the MTC device is authenticated, the MTC device sends an association request of the MTC device and the MTC user to the mobile communication network, where the association request carries the MTC device identity information and the MTC user identity information that need to be associated.
  • the MTC user identity information may be IMSI or MTC identity information for the MTC user identity.
  • the MTC device identity information may be IMEI or MTC identity information for the MTC device identity.
  • Step 603 After receiving the association request sent by the MTC device, the mobile communication network checks the stored association relationship list according to the MTC device identity information and the MTC user identity information, and determines whether the MTC device identity information is associated with other MTC user identity information, if Yes, that is, the association relationship between the MTC device identity information and the MTC user identity information exists in the association relationship list, indicating that the MTC device is associated with the identity recognition module of another MTC user, rejecting the association request, if not, that is, in the association relationship list
  • There is no MTC device identity information and MTC user identity The association relationship of the information indicates that the MTC device is not associated with the identity module of the other MTC user, and the association request is accepted regardless of whether the MTC device has been associated with another MTC device, and the MTC device and the MTC user identity are established.
  • the association relationship of the module, and updating the stored association list that is, adding the association to the association list.
  • Step 604 The mobile communication network feeds back an acknowledgement message to the MTC device, and notifies the MTC device of the association result.
  • the association establishment process that does not include the authentication of the MTC device is as shown in FIG. 7.
  • the specific process includes: Step 700: Perform MTC user access authentication supported by the mobile communication network between the mobile communication network and the MTC device.
  • the MTC user access authentication is the same as the mobile user authentication process of the existing mobile communication network.
  • the MTC device sends the MTC user identity information to the mobile communication network, and the mobile communication network searches for related information in a database such as the HSS to generate a group.
  • the authentication vector is sent to the MME, and the MME selects one of the authentication vectors to perform bidirectional authentication on the MTC user. After the authentication is passed, the MTC user is considered to be legal.
  • Step 701 After the MTC user access authentication is passed, the MTC device sends an association request of the MTC device and the MTC user to the mobile communication network, where the association request carries the MTC device identity information and the MTC user identity information that need to be associated.
  • the MTC user identity information may be IMSI or MTC identity information for the MTC user identity.
  • the MTC device identity information may be IMEI or MTC identity information for the MTC device identity.
  • Step 702 After receiving the association request sent by the MTC device, the mobile communication network checks the stored association relationship list according to the MTC device identity information and the MTC user identity information, and determines whether the MTC device identity information is associated with other MTC user identity information, if Yes, that is, the association relationship between the MTC device identity information and the MTC user identity information exists in the association relationship list, indicating that the MTC device is associated with the identity recognition module of another MTC user, rejecting the association request, if not, that is, in the association relationship list If there is no association between the MTC device identity information and the MTC user identity information, it indicates that the MTC device is not associated with the identity module of other MTC users.
  • Association whether the MTC device's identity module is associated with another MTC device, accepts the association request, establishes an association relationship between the MTC device and the MTC user identity module, and updates the stored association relationship list, that is, adds the association relationship to In the list of associations.
  • Step 703 The mobile communication network feeds back an acknowledgement message to the MTC device, and notifies the MTC device of the association result.
  • FIG. 8 is a schematic structural diagram of an MTC access control apparatus according to the present invention.
  • the apparatus includes: a receiving unit and an access determining unit, where the receiving unit is configured to receive an access request sent by the MTC device and send the request An access judging unit, where the access request carries the MTC user identity information and the MTC device identity information; the access judging unit is configured to determine whether the MTC device is associated with the MTC user identity recognition module, and if yes, accept the MTC device Access, otherwise, denying access to the MTC device.
  • the access judging unit is further configured to: perform access authentication on the MTC user, or perform access authentication on the MTC user and perform authentication on the MTC device, and after the authentication is passed, determine whether the MTC device has been identified with the MTC user.
  • the module is associated.
  • the access judging unit implements the MTC user authentication function, or the MTC user authentication function and the MTC device authentication function shown in FIG.
  • the MTC access control device further includes: an association establishing unit, the receiving unit is further configured to receive an association request sent by the MTC device and send the association request to the association establishing unit; the association establishing unit is configured to determine whether the MTC device that needs to be associated has the identity with another MTC user The identification module is associated with, if yes, the association request is rejected, and if not, the association relationship between the MTC device and the MTC user identity module is established, and is further used to update the stored association relationship list.
  • the MTC access control device further includes: an association cancellation unit, the receiving unit is further configured to receive the cancellation association request sent by the MTC device and send the cancellation association request to the associated cancellation unit; and the associated cancellation unit is configured to determine whether the associated MTC device needs to be logged out and the MTC user
  • the identity recognition module is associated with, if yes, the association relationship between the MTC device and the MTC user identity module is cancelled, and is further used to update the stored association relationship list, and if not, the logout association request is rejected.
  • the association establishing unit and the associated deregistration unit implement the MTC user and MTC device association management functions shown in FIG.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention discloses a method, system and apparatus for access control of Machine Type Communication (MTC). In the solutions of the present invention, a mobile communication network, after receiving an access request sent by an MTC device, determines whether the MTC device is associated with an identification module of an MTC user; if yes, the mobile communication network accepts the access of the MTC device, or otherwise, rejects the access of the MTC device. According to the solutions provided by the present invention, it enables the mobile communication network to accept the access only of associated MTC users and MTC devices and to reject the access of MTC users and MTC devices that are not associated, realizing the control and management of access of MTC users and MTC devices and effectively preventing MTC users from abusing MTC devices.

Description

一种机器类通信接入控制的方法、 系统及装置 技术领域  Method, system and device for machine type communication access control
本发明涉及机器类通信 ( Machine Type Communication, MTC )技术, 特别是指一种机器类通信接入控制的方法、 系统及装置。 背景技术  The invention relates to a machine type communication (MTC) technology, in particular to a method, system and device for machine type communication access control. Background technique
MTC是指应用无线通信技术, 实现机器与机器、 机器与人之间的数据 通信和交流的一系列技术及其组合的总称。 MTC有两层含义: 第一层含义 是机器本身, 在嵌入式领域称为智能设备; 第二层含义是机器与机器之间 的连接, 通过网络将机器连接在一起。 MTC的应用范围非常广泛, 例如智 能测量、 远程监控、 跟踪、 医疗等, 使人类生活更加智能化。 与传统的人 与人之间的通信相比, MTC设备 ( MTC Device )数量巨大,应用领域广泛, 具有巨大的市场前景。  MTC refers to a series of technologies and combinations of technologies that use wireless communication technology to realize data communication and communication between machines and machines, machines and people. MTC has two meanings: The first meaning is the machine itself, called the smart device in the embedded field; the second meaning is the connection between the machine and the machine, connecting the machines together through the network. MTC is used in a wide range of applications, such as smart measurement, remote monitoring, tracking, medical, etc., to make human life more intelligent. Compared with traditional human-to-human communication, MTC devices have a large number of applications and a wide range of applications, which has great market prospects.
在 MTC 中, 主要的远距离连接技术包括全球移动通信系统(Global System for Mobile communications , GSM )/通用分组无线月良务( General Packet Radio Service , GPRS ) /通用 移动通信系 统 ( Universal Mobile Telecommunications System, UMTS )等,近距离连接技术主要有 802.11b/g、 蓝牙、 紫蜂(Zigbee )、 射频识别 ( Radio Frequency Identification, RFID ) 等。 由于 MTC整合了无线通信和信息技术, 可用于双向通信, 如远距离收 集信息、 设置参数和发送指令, 因此可实现不同的应用方案, 如安全监测、 自动售货、 货物跟踪等。 几乎所有曰常生活中涉及到的设备都有可能成为 潜在的服务对象。 MTC提供了设备实时数据在系统之间或远程设备之间传 送、 或与个人之间建立无线连接的简单手段。  In MTC, the main long-distance connection technologies include Global System for Mobile communications (GSM)/General Packet Radio Service (GPRS)/Universal Mobile Telecommunications System (Universal Mobile Telecommunications System). UMTS), etc., the short-distance connection technology mainly includes 802.11b/g, Bluetooth, Zigbee, Radio Frequency Identification (RFID) and the like. Because MTC integrates wireless communication and information technology, it can be used for two-way communication, such as collecting information over long distances, setting parameters and sending commands, thus enabling different applications such as security monitoring, vending, and goods tracking. Almost all the equipment involved in everyday life is likely to become a potential customer. MTC provides a simple means of real-time data transfer between devices or between remote devices, or to establish a wireless connection with an individual.
MTC系统的架构示意如图 1所示, MTC设备通过 3GPP网络与 MTC 服务器(MTC Server )进行通信, MTC服务器为 MTC用户提供机器对机 器 ( Machine to Machine, M2M )业务。 The architecture of the MTC system is shown in Figure 1. The MTC device passes the 3GPP network and MTC. The server (MTC Server) communicates, and the MTC server provides Machine to Machine (M2M) services for MTC users.
对于 MTC 系统来说, 由于 MTC应用的多样性和复杂性, 使得 MTC 应用 4艮难具有共同特征。 由于存在多种多样的 MTC应用, 每种 MTC应用 对于 MTC设备的设备需求是不同的, 因此在 MTC 系统中, 不同的 MTC 设备可能具有不同的设备功能和设备能力。  For MTC systems, due to the diversity and complexity of MTC applications, MTC applications have a common feature. Due to the wide variety of MTC applications, each MTC application has different equipment requirements for MTC devices, so different MTC devices may have different device functions and device capabilities in an MTC system.
对于 MTC服务器而言, 要接收的信息不仅需要是来自合法的 MTC用 户, 同时也需要是来自合法的 MTC设备, 因此, 需要 3GPP 网络能够对 MTC用户和 MTC设备的接入进行控制。  For the MTC server, the information to be received not only needs to be from a legitimate MTC user, but also needs to be from a legitimate MTC device. Therefore, the 3GPP network is required to control the access of the MTC user and the MTC device.
目前, 3GPP网络支持的接入控制方式包括: 对 MTC用户的接入通过 安全认证的方式进行接入控制; 对 MTC设备, 则通过建立黑白名单的方式 进行接入控制。 这种接入控制方式, 虽然便于 MTC用户在需要的情况下使 用不同的 MTC设备接入 3GPP网络,但只能对 MTC用户或 MTC设备分别 单独地进行接入控制, 无法有效防止 MTC用户滥用 MTC设备。 发明内容  At present, the access control modes supported by the 3GPP network include: access control for the access of the MTC user through the security authentication mode; and access control for the MTC device by establishing a black and white list. This type of access control, although it is convenient for MTC users to access different 3GPP networks using different MTC devices, can only perform separate access control for MTC users or MTC devices, and cannot effectively prevent MTC users from abusing MTC. device. Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种机器类通信接入控制的方 法、 系统及装置, 有效防止 MTC用户滥用 MTC设备。  In view of this, the main object of the present invention is to provide a method, system and device for machine type communication access control, which effectively prevents MTC users from abusing MTC equipment.
为解决上述技术问题, 本发明的技术方案是这样实现的:  In order to solve the above technical problem, the technical solution of the present invention is implemented as follows:
一种机器类通信 MTC接入控制的方法, MTC设备包含有 MTC用户的 身份识别模块, 移动通信网络支持 MTC设备与 MTC用户身份识别模块的 关联, 该方法包括: 移动通信网络收到 MTC设备发送的接入请求后, 判断 MTC设备是否已与所述身份识别模块相关联, 如果是, 则接受 MTC设备 的接入, 否则, 拒绝 MTC设备的接入。  A method for machine type communication MTC access control, the MTC device includes an identity recognition module of an MTC user, and the mobile communication network supports association between the MTC device and the MTC user identity module, and the method includes: the mobile communication network receives the MTC device to send After the access request, it is determined whether the MTC device is associated with the identity recognition module, and if so, accepts access by the MTC device; otherwise, the access of the MTC device is denied.
所述判断 MTC设备是否已与身份识别模块相关联之前, 进一步包括: 对 MTC用户进行接入鉴权, 或对 MTC用户进行接入鉴权和对 MTC设备 进行鉴权,鉴权通过后,判断 MTC设备是否已与所述身份识别模块相关联。 所述判断 MTC设备是否已与身份识别模块相关联, 具体为: 判断接入 请求中携带的 MTC用户身份信息和 MTC设备身份信息是否符合已建立的 MTC设备与 MTC用户身份识别模块的关联关系, 如果符合, 则接受 MTC 设备的接入, 否则, 拒绝 MTC设备的接入。 Before determining whether the MTC device is associated with the identity recognition module, the method further includes: performing access authentication on the MTC user, or performing access authentication on the MTC user and on the MTC device After authentication is performed, after the authentication is passed, it is determined whether the MTC device is associated with the identity recognition module. Determining whether the MTC device is associated with the identity recognition module, specifically: determining whether the MTC user identity information and the MTC device identity information carried in the access request meet the association relationship between the established MTC device and the MTC user identity module, If it is met, it accepts the access of the MTC device, otherwise it rejects the access of the MTC device.
所述判断接入请求中携带的 MTC用户身份信息和 MTC设备身份信息 是否符合已建立的 MTC设备与 MTC用户身份识别模块的关联关系, 具体 为: 基于存储的关联关系列表判断 MTC设备身份信息是否已与相应 MTC 用户身份信息相关联,如果关联关系列表中存在 MTC设备身份信息与相应 MTC用户身份信息的关联关系,则接受 MTC设备的接入,否则,拒绝 MTC 设备的接入。  Determining whether the MTC user identity information and the MTC device identity information carried in the access request meet the association relationship between the established MTC device and the MTC user identity module, specifically: determining whether the MTC device identity information is based on the stored association relationship list It has been associated with the corresponding MTC user identity information. If there is an association between the MTC device identity information and the corresponding MTC user identity information in the association list, the access of the MTC device is accepted, otherwise, the access of the MTC device is denied.
所述判断 MTC设备是否已与身份识别模块相关联之前,还包括: MTC 设备向移动通信网络发送关联请求,移动通信网络收到 MTC设备发送的关 联请求后, 判断需要关联的 MTC设备是否已与其他 MTC用户的身份识别 模块相关联, 如果是, 则拒绝该关联请求, 否则, 建立需要关联的 MTC设 备与所述身份识别模块的关联关系。  Before determining whether the MTC device is associated with the identity recognition module, the method further includes: the MTC device sending an association request to the mobile communication network, and after receiving the association request sent by the MTC device, the mobile communication network determines whether the associated MTC device has been associated with The identity recognition module of the other MTC user is associated, and if so, the association request is rejected, otherwise, the association relationship between the associated MTC device and the identity recognition module is established.
所述关联请求包含 MTC设备身份信息和 MTC用户身份信息, 所述判 断需要关联的 MTC设备是否已与其他 MTC用户的身份识别模块相关联, 具体为: 基于存储的关联关系列表判断 MTC设备身份信息是否已与其他 MTC用户身份信息相关联, 如果关联关系列表中存在 MTC设备身份信息 与 MTC用户身份信息的关联关系, 则拒绝该关联请求, 如果关联关系列表 中不存在 MTC设备身份信息与 MTC用户身份信息的关联关系, 则建立需 要关联的 MTC设备与所述身份识别模块的关联关系, 并更新关联关系列 表。  The association request includes the MTC device identity information and the MTC user identity information, and the determining whether the associated MTC device is associated with the identity identification module of the other MTC user, specifically: determining the MTC device identity information based on the stored association relationship list If the relationship between the MTC device identity information and the MTC user identity information exists in the association relationship list, the association request is rejected, if the MTC device identity information and the MTC user do not exist in the association relationship list. The association relationship between the identity information establishes an association relationship between the MTC device that needs to be associated with the identity recognition module, and updates the association relationship list.
所述方法还包括: 移动通信网络收到 MTC设备发送的注销关联请求 后, 判断需要注销关联的 MTC设备是否已与所述身份识别模块相关联, 如 果是, 则注销 MTC设备与所述身份识别模块的关联关系, 否则, 拒绝该注 销关联请求。 The method further includes: receiving, by the mobile communication network, a logout association request sent by the MTC device After that, it is determined whether the associated MTC device needs to be logged out to be associated with the identity recognition module, and if so, the association relationship between the MTC device and the identity recognition module is cancelled, otherwise, the logout association request is rejected.
所述注销关联请求包含 MTC用户身份信息和 MTC设备身份信息, 所 述判断需要注销关联的 MTC设备是否已与身份识别模块相关联, 具体为: 基于存储的关联关系列表判断 MTC设备身份信息是否已与 MTC用户身份 信息相关联, 如果关联关系列表中存在 MTC设备身份信息与 MTC用户身 份信息的关联关系, 则注销 MTC设备与所述身份识别模块的关联关系, 并 更新关联关系列表,如果关联关系列表中不存在 MTC设备身份信息与 MTC 用户身份信息的关联关系, 则拒绝该注销关联请求。  The de-registration association request includes the MTC user identity information and the MTC device identity information, and the determining whether the associated MTC device needs to be associated with the identity recognition module is specifically: determining, according to the stored association relationship list, whether the MTC device identity information has been Associated with the MTC user identity information, if the association relationship between the MTC device identity information and the MTC user identity information exists in the association relationship list, the association relationship between the MTC device and the identity recognition module is cancelled, and the association relationship list is updated, if the association relationship If there is no association between the MTC device identity information and the MTC user identity information in the list, the logout association request is rejected.
一种机器类通信接入控制的系统, 包括:  A system for machine type communication access control, comprising:
包含 MTC用户身份识别模块的 MTC设备, 用于向移动通信网络发送 接入请求; 所述 MTC用户身份识别模块位于通用集成电路卡 UICC上; 用于 MTC接入控制的功能实体, 位于所述移动通信网络, 用于判断所 述 MTC设备是否已与所述身份识别模块相关联, 如果是, 则接入 MTC设 备; 否则, 拒绝 MTC设备的接入。  An MTC device including an MTC user identity module, configured to send an access request to a mobile communication network; the MTC user identity module is located on a universal integrated circuit card UICC; a functional entity for MTC access control, located in the mobile And a communication network, configured to determine whether the MTC device is associated with the identity recognition module, and if yes, access the MTC device; otherwise, reject the access of the MTC device.
所述 MTC设备还用于: 向所述移动通信网络发送关联请求; 所述用于 MTC接入控制的功能实体还用于: 接收所述 MTC设备发送的关联请求, 判断需要关联的 MTC设备是否已与其他 MTC用户的身份识别模块相关联, 如果是, 则拒绝该关联请求, 如果不是, 则建立 MTC设备与所述身份识别 模块的关联关系。  The MTC device is further configured to: send an association request to the mobile communication network; the function entity for the MTC access control is further configured to: receive an association request sent by the MTC device, determine whether the associated MTC device needs to be Already associated with the identity module of the other MTC user, if yes, the association request is rejected, and if not, the association relationship between the MTC device and the identity module is established.
所述 MTC设备还用于: 向所述移动通信网络发送注销关联请求; 所述 用于 MTC接入控制的功能实体还用于: 接收 MTC设备发送的注销关联请 求,判断需要注销关联的 MTC设备是否已与身份识别模块相关联,如果是, 则注销 MTC设备与所述身份识别模块的关联关系, 如果不是, 则拒绝该注 销关联请求。 The MTC device is further configured to: send a logout association request to the mobile communication network; the function entity for the MTC access control is further configured to: receive a logout association request sent by the MTC device, and determine that the associated MTC device needs to be logged out Whether it has been associated with the identity module, and if so, the relationship between the MTC device and the identity module is logged out, and if not, the note is rejected Pin association request.
所述用于 MTC接入控制的功能实体还用于: 对 MTC用户进行接入鉴 权, 或对 MTC用户进行接入鉴权和对 MTC设备进行鉴权, 鉴权通过后, 判断 MTC设备是否已与所述身份识别模块相关联。  The function entity for the MTC access control is further configured to: perform access authentication on the MTC user, or perform access authentication on the MTC user and perform authentication on the MTC device. After the authentication is passed, determine whether the MTC device is Has been associated with the identity module.
一种机器类通信接入控制的装置, 包括:  A device for communication access control of a machine type, comprising:
接收单元, 用于接收 MTC设备发送的接入请求并发送给接入判断单 元, 该接入请求中携带有 MTC用户身份信息和 MTC设备身份信息;  a receiving unit, configured to receive an access request sent by the MTC device, and send the access request to the access determining unit, where the access request carries the MTC user identity information and the MTC device identity information;
接入判断单元, 用于判断 MTC设备是否已与 MTC用户的身份识别模 块相关联, 如果是, 则接受 MTC设备的接入, 否则, 拒绝 MTC设备的接 入。  The access judging unit is configured to determine whether the MTC device is associated with the identity module of the MTC user, and if yes, accept the access of the MTC device; otherwise, the access of the MTC device is rejected.
所述装置进一步包括: 关联建立单元,  The device further includes: an association establishing unit,
所述接收单元还用于:接收 MTC设备发送的关联请求并发送给关联建 立单元;  The receiving unit is further configured to: receive an association request sent by the MTC device, and send the association request to the associated establishing unit;
所述关联建立单元,用于判断需要关联的 MTC设备是否已与其他 MTC 用户的身份识别模块相关联, 如果是, 则拒绝该关联请求, 如果不是, 则 建立 MTC设备与身份识别模块的关联关系。  The association establishing unit is configured to determine whether an MTC device that needs to be associated is associated with an identity recognition module of another MTC user, and if yes, reject the association request, and if not, establish an association relationship between the MTC device and the identity recognition module. .
所述装置进一步包括: 关联注销单元,  The device further includes: an associated logout unit,
所述接收单元还用于:接收 MTC设备发送的注销关联请求并发送给关 联注销单元;  The receiving unit is further configured to: receive a logout association request sent by the MTC device, and send the request to the associated logout unit;
所述关联注销单元,用于判断需要注销关联的 MTC设备是否已与 MTC 用户的身份识别模块相关联, 如果是, 则注销 MTC设备与所述身份识别模 块的关联关系, 如果不是, 则拒绝该注销关联请求。  The associated deregistration unit is configured to determine whether the MTC device that needs to be logged off is associated with the identity recognition module of the MTC user, and if yes, revoke the association relationship between the MTC device and the identity recognition module, and if not, reject the association Log out of the association request.
所述接入判断单元还用于: 对 MTC用户进行接入鉴权, 或对 MTC用 户进行接入鉴权和对 MTC设备进行鉴权, 鉴权通过后, 判断 MTC设备是 否已与 MTC用户的身份识别模块相关联。 根据本发明提供的方案,移动通信网络收到 MTC设备发送的接入请求 后, 判断 MTC设备是否已与 MTC用户的身份识别模块相关联, 如果是, 则接受 MTC设备的接入, 否则, 拒绝 MTC设备的接入, 使得移动通信网 络只接受关联的 MTC用户和 MTC设备的接入, 对于未经关联的 MTC用 户和 MTC设备将拒绝接入, 实现对 MTC用户和 MTC设备接入的控制和 管理, 有效防止了 MTC用户对 MTC设备的滥用。 The access judging unit is further configured to: perform an access authentication on the MTC user, or perform an access authentication on the MTC user and perform an authentication on the MTC device, and after the authentication is passed, determine whether the MTC device has been associated with the MTC user. The identity module is associated. According to the solution provided by the present invention, after receiving the access request sent by the MTC device, the mobile communication network determines whether the MTC device is associated with the identity recognition module of the MTC user, and if yes, accepts the access of the MTC device, otherwise, rejects The access of the MTC device enables the mobile communication network to accept only the access of the associated MTC user and the MTC device, and the unassociated MTC user and the MTC device will be denied access, thereby realizing the control of accessing the MTC user and the MTC device. Management, effectively preventing the abuse of MTC devices by MTC users.
另外, 移动通信网络还可以对 MTC设备与合法 MTC用户的关联关系 进行维护,方便移动通信网络对 MTC用户和 MTC设备接入的控制和管理。 附图说明  In addition, the mobile communication network can also maintain the association relationship between the MTC device and the legal MTC user, and facilitate the control and management of the MTC user and the MTC device access by the mobile communication network. DRAWINGS
图 1为 MTC系统的架构示意图;  Figure 1 is a schematic diagram of the architecture of the MTC system;
图 2为本发明中 MTC接入控制流程示意图;  2 is a schematic diagram of an MTC access control process in the present invention;
图 3为本发明中 MTC接入控制系统的结构示意图;  3 is a schematic structural diagram of an MTC access control system according to the present invention;
图 4为本发明中 MTC设备初始接入时建立 MTC设备与 MTC用户的 身份识别模块关联关系的流程示意图;  4 is a schematic flowchart of establishing an association relationship between an MTC device and an identity module of an MTC user when the MTC device is initially accessed according to the present invention;
图 5为本发明中注销 MTC设备与 MTC用户的身份识别模块关联关系 的流程示意图;  FIG. 5 is a schematic flowchart of the relationship between the MTC device and the identity recognition module of the MTC user in the present invention;
图 6 为本发明中 MTC设备与 MTC用户的身份识别模块关联过程示意 图一;  6 is a schematic diagram of a process of associating an MTC device with an identity module of an MTC user in the present invention;
图 7为本发明中 MTC设备与 MTC用户的身份识别模块关联过程示意 图二;  7 is a schematic diagram showing the process of association between an MTC device and an identity recognition module of an MTC user in the present invention;
图 8为本发明中 MTC接入控制装置的结构示意图。 具体实施方式  FIG. 8 is a schematic structural diagram of an MTC access control apparatus according to the present invention. detailed description
实际应用中, 对于 MTC服务器而言, 要接收的信息不仅需要是来自合 法的 MTC用户, 同时也需要是来自合法 MTC用户的合法 MTC设备。 因 此, MTC系统中, 在考虑 MTC设备和 MTC用户的合法性的情况下 , 还需 要进一步考虑合法 MTC设备与合法 MTC 用户之间的关系, 以有效防止 MTC用户滥用 MTC设备。 In practical applications, for the MTC server, the information to be received not only needs to be from a legitimate MTC user, but also needs to be a legitimate MTC device from a legitimate MTC user. Cause Therefore, in the MTC system, in consideration of the legitimacy of the MTC device and the MTC user, the relationship between the legal MTC device and the legal MTC user needs to be further considered to effectively prevent the MTC user from abusing the MTC device.
图 2为本发明中 MTC中接入控制流程示意图, 如图 2所示, 具体处理 包括:  2 is a schematic diagram of an access control process in an MTC according to the present invention. As shown in FIG. 2, the specific processing includes:
步骤 201: 移动通信网络接收 MTC设备发送的接入请求, 该 MTC设 备包含有 MTC用户的身份识别模块。  Step 201: The mobile communication network receives an access request sent by the MTC device, where the MTC device includes an identity recognition module of the MTC user.
MTC设备需要接入移动通信网络时, 向移动通信网络发送接入请求, 该接入请求中携带有 MTC用户身份信息和 MTC设备身份信息; 移动通信 网络接收该接入请求, 该移动通信网络支持 MTC设备与 MTC用户身份识 别模块的关联。  When the MTC device needs to access the mobile communication network, it sends an access request to the mobile communication network, where the access request carries the MTC user identity information and the MTC device identity information; the mobile communication network receives the access request, and the mobile communication network supports The association of the MTC device with the MTC user identity module.
所述 MTC设备是 MTC用户用于机器类通信的设备, MTC用户的身份 识别模块安装在 MTC设备中。 所述移动通信网络具体可以是 3GPP网络或 3GPP2 网络。 MTC 用户的身份识别模块具体可以为用户身份识别模块 The MTC device is a device used by the MTC user for machine type communication, and the identity module of the MTC user is installed in the MTC device. The mobile communication network may specifically be a 3GPP network or a 3GPP2 network. The identity module of the MTC user may specifically be a user identity module.
( Subscriber Identity Module , SIM )、 全球用户身份识别模块( Universal Subscriber Identity Module, USIM )、 IP多媒体业务识别模块( IP Multimedia Service Identity Module , ISIM ), 具体可以位于一个智能卡上, 如位于通用 集成电路卡( Universal Integrated Circuit Card, UICC )上。 MTC用户身份 信息可以是身份识别模块的国际移动用户识别码 ( International Mobile Subscriber Identification number, IMSI )或用于 MTC用户身份标识的 MTC 身份标识信息。 MTC 设备身份信息可以是设备的国际移动设备识别码(Subscriber Identity Module, SIM), Universal Subscriber Identity Module (USIM), IP Multimedia Service Identity Module (IPI), which can be located on a smart card, such as a universal integrated circuit card. (Universal Integrated Circuit Card, UICC). The MTC user identity information may be an International Mobile Subscriber Identification Number (IMSI) of the identity module or MTC identity information for the MTC user identity. The MTC device identity information can be the device's international mobile device identifier.
( International Mobile Equipment Identity number, IMEI )或用于 MTC设备 身份标识的 MTC身份标识信息。 (International Mobile Equipment Identity number, IMEI) or MTC identity information for MTC device identity.
移动通信网络收到 MTC设备发送的接入请求后, 对 MTC用户进行接 入鉴权, 或对 MTC用户进行接入鉴权和对 MTC设备进行鉴权, 鉴权通过 后, 则表明 MTC用户、 或 MTC用户和 MTC设备是合法的, 然后继续执 行步骤 202。 After receiving the access request sent by the MTC device, the mobile communication network performs access authentication on the MTC user, or performs access authentication on the MTC user and authenticates the MTC device, and the authentication is passed. After that, it indicates that the MTC user, or the MTC user and the MTC device are legal, and then proceeds to step 202.
步骤 202: 移动通信网络判断 MTC设备是否已与 MTC用户相关联, 即 MTC设备是否已与 MTC用户的身份识别模块相关联, 如果是, 则移动 通信网络接受 MTC设备的接入, MTC设备接入移动通信网络; 否则, 移 动通信网络拒绝 MTC设备的接入, 并可以进一步向 MTC设备返回拒绝接 入消息。  Step 202: The mobile communication network determines whether the MTC device is associated with the MTC user, that is, whether the MTC device is associated with the identity recognition module of the MTC user. If yes, the mobile communication network accepts the access of the MTC device, and the MTC device accesses. The mobile communication network; otherwise, the mobile communication network rejects the access of the MTC device and may further return a denial of access message to the MTC device.
移动通信网络判断接入请求中携带的 MTC用户身份信息和 MTC设备 身份信息是否符合已建立的 MTC设备与 MTC用户身份识别模块的关联关 系,即基于存储的关联关系列表判断 MTC设备身份信息是否已与相应 MTC 用户身份信息相关联, 如果是, 即关联关系列表中存在 MTC设备身份信息 与相应 MTC用户身份信息的关联关系, 则表明 MTC设备是合法 MTC用 户的合法 MTC设备, 移动通信网络接受 MTC设备的接入, MTC设备接入 移动通信网络; 如果不是, 即关联关系列表中不存在 MTC设备身份信息与 相应 MTC用户身份信息的关联关系, 则表明 MTC设备不是合法 MTC用 户的合法 MTC设备, 移动通信网络拒绝 MTC设备的接入。 所述 MTC设 备接入移动通信网络是指: MTC设备通过移动通信网络的认证后, 被允许 接入到移动通信网络使用相关通信服务。  The mobile communication network determines whether the MTC user identity information and the MTC device identity information carried in the access request meet the association relationship between the established MTC device and the MTC user identity module, that is, whether the MTC device identity information has been determined based on the stored association relationship list. Associated with the corresponding MTC user identity information, if yes, that is, the association relationship between the MTC device identity information and the corresponding MTC user identity information exists in the association relationship list, indicating that the MTC device is a legal MTC device of the legal MTC user, and the mobile communication network accepts the MTC The access of the device, the MTC device accesses the mobile communication network; if not, the association relationship between the MTC device identity information and the corresponding MTC user identity information does not exist in the association list, indicating that the MTC device is not a legal MTC device of the legal MTC user, The mobile communication network rejects the access of the MTC device. The access of the MTC device to the mobile communication network means: After the MTC device is authenticated by the mobile communication network, it is allowed to access the mobile communication network to use the related communication service.
根据以上流程的描述可见, 移动通信网络只接受关联的 MTC 用户和 MTC设备的接入, 对于未经关联的 MTC用户和 MTC设备将拒绝接入。  According to the description of the above process, the mobile communication network only accepts the access of the associated MTC user and the MTC device, and the access is denied for the unassociated MTC user and the MTC device.
移动通信网络收到来自 MTC设备的关联请求后,将根据关联请求中携 带的需要关联的 MTC用户身份信息和 MTC设备身份信息, 判断需要关联 的 MTC设备是否已与其他 MTC用户的身份识别模块相关联, 即基于存储 的关联关系列表判断 MTC设备身份信息是否已与其他 MTC用户身份信息 相关联, 如果是, 即关联关系列表中存在 MTC设备身份信息与 MTC用户 身份信息的关联关系, 则拒绝该关联请求, 如果不是, 即关联关系列表中 不存在 MTC设备身份信息与 MTC用户身份信息的关联关系, 则接受该关 联请求,建立需要关联的 MTC设备与 MTC用户身份识别模块的关联关系, 更新存储的关联关系列表。 所述 MTC设备可以为需要关联的 MTC设备, 即 MTC用户通过需要关联的 MTC设备发出关联请求;也可以为已与 MTC 用户身份信息所标识的 MTC用户相关联的 MTC设备, 即 MTC用户通过 已与其相关联的 MTC设备发出关联请求 , 以与其他 MTC设备相关联。 由 此可见, 本发明中, 一个 MTC设备只能与一个 MTC用户的身份识别模块 相关联; 一个 MTC用户的身份识别模块可以关联多个 MTC设备。 After receiving the association request from the MTC device, the mobile communication network determines whether the associated MTC device has been associated with the identity recognition module of other MTC users according to the MTC user identity information and the MTC device identity information that are required to be associated in the association request. Linking, that is, determining whether the MTC device identity information is associated with other MTC user identity information based on the stored association list, and if so, the MTC device identity information and the MTC user are present in the association relationship list. The association relationship of the identity information is rejected, and if not, the association relationship between the MTC device identity information and the MTC user identity information does not exist in the association relationship list, and the association request is accepted, and the MTC device and the MTC user to be associated are established. The association of the identity module updates the stored association list. The MTC device may be an MTC device that needs to be associated, that is, the MTC user sends an association request through the MTC device that needs to be associated; or may be an MTC device that has been associated with the MTC user identified by the MTC user identity information, that is, the MTC user passes The associated MTC device issues an association request to associate with other MTC devices. Thus, in the present invention, one MTC device can only be associated with an identity module of one MTC user; an identity module of an MTC user can associate multiple MTC devices.
另夕卜,移动通信网络还可以通过网管系统建立需要关联的 MTC设备与 MTC用户身份识别模块的关联关系, 得到关联关系列表并存储。  In addition, the mobile communication network can also establish an association relationship between the MTC device to be associated with the MTC user identity module through the network management system, obtain a list of association relationships, and store the association relationship.
根据以上描述可见, 为 MTC设备与 MTC服务器之间提供通信服务的 移动通信网络除具有已有的网络功能外,还需包含用于 MTC接入控制的功 能实体, 具体包括: MTC用户鉴权功能、 或 MTC用户鉴权功能和 MTC设 备鉴权功能, 以及 MTC用户与 MTC设备关联管理功能, 如图 3所示。 图 3所示的 MTC接入控制系统中,包含 MTC用户身份识别模块的 MTC设备 和位于移动通信网络的用于 MTC接入控制的功能实体, 其中, MTC设备 用于向移动通信网络发送接入请求; 用于 MTC接入控制的功能实体, 用于 判断 MTC设备是否已与 MTC用户的身份识别模块相关联, 如果是, 则接 入 MTC设备; 否则, 拒绝 MTC设备的接入。 MTC用户的身份识别模块可 以是 USIM、 ISIM等, 通常位于 UICC上。 移动通信网络中用于 MTC接入 控制的功能实体的具体结构将在后面的图 8中作进一步详细描述。  According to the above description, the mobile communication network that provides the communication service between the MTC device and the MTC server needs to include the functional functions for the MTC access control in addition to the existing network functions, including: MTC user authentication function. , or the MTC user authentication function and the MTC device authentication function, and the MTC user and the MTC device association management function, as shown in FIG. In the MTC access control system shown in FIG. 3, an MTC device including an MTC user identity module and a functional entity for MTC access control in a mobile communication network, where the MTC device is configured to send an access to the mobile communication network The function entity for the MTC access control is used to determine whether the MTC device is associated with the identity module of the MTC user, and if so, access the MTC device; otherwise, the access of the MTC device is denied. The identity module of the MTC user can be USIM, ISIM, etc., usually located on the UICC. The specific structure of the functional entity for MTC access control in the mobile communication network will be described in further detail later in FIG.
用于 MTC接入控制的功能实体, 还用于对 MTC用户进行接入鉴权, 或对 MTC用户进行接入鉴权和对 MTC设备进行鉴权, 鉴权通过后, 判断 MTC设备是否已与 MTC用户的身份识别模块相关联。 MTC设备还用于向移动通信网络发送关联请求或注销关联请求; 用于 MTC接入控制的功能实体还用于建立或注销 MTC设备与 MTC用户身份识 别模块的关联关系, 对存储的关联关系列表进行管理和维护。 具体地, 用 于 MTC接入控制的功能实体用于接收 MTC设备发送的关联请求, 判断需 要关联的 MTC设备是否已与其他 MTC用户的身份识别模块相关联, 如果 是, 则拒绝该关联请求, 如果不是, 则建立 MTC设备与 MTC用户身份识 别模块的关联关系, 进一步用于更新存储的关联关系列表。 用于 MTC接入 控制的功能实体用于接收 MTC设备发送的注销关联请求,判断需要注销关 联的 MTC设备是否已与 MTC用户的身份识别模块相关联, 如果是, 则注 销 MTC设备与 MTC用户身份识别模块的关联关系, 进一步用于更新存储 的关联关系列表, 如果不是, 则拒绝该注销关联请求。 The function entity for the MTC access control is also used for performing access authentication on the MTC user, or performing access authentication on the MTC user and authenticating the MTC device. After the authentication is passed, determining whether the MTC device has been associated with The MTC user's identity module is associated. The MTC device is further configured to send an association request or a logout association request to the mobile communication network; the function entity for the MTC access control is further configured to establish or cancel an association relationship between the MTC device and the MTC user identity module, and the stored association relationship list Manage and maintain. Specifically, the function entity for the MTC access control is configured to receive an association request sent by the MTC device, determine whether the associated MTC device has been associated with an identity module of another MTC user, and if yes, reject the association request, If not, the association relationship between the MTC device and the MTC user identity module is established, and is further used to update the stored association relationship list. The function entity for the MTC access control is configured to receive the logout association request sent by the MTC device, determine whether the associated MTC device needs to be associated with the MTC user identity module, and if so, log off the MTC device and the MTC user identity. The association relationship of the identification module is further used to update the stored association relationship list, and if not, the logout association request is rejected.
MTC设备可以在初始接入过程中通过关联建立过程建立与 MTC用户 身份识别模块的关联关系, 在关联建立过程中, 可以包含 MTC设备认证, 也可以不包含 MTC设备认证, 这由系统的具体实现来决定。 图 4为本发明 中 MTC设备初始接入时建立 MTC设备与 MTC用户的身份识别模块关联 关系的流程示意图 (包含 MTC设备认证), 如图 4所示, 具体处理包括: 步骤 400: 包含 MTC用户身份识别模块的 MTC设备初次接入移动通 信网络时,首先在移动通信网络与 MTC设备之间进行移动通信网络支持的 MTC用户接入鉴权。 MTC用户接入鉴权与现有的移动通信网络的移动用户 鉴权过程相同, 例如, MTC设备向移动通信网络发送 MTC用户身份信息, 移动通信网络在数据库如归属用户服务器( Home Subscriber Server, HSS ) 中查找相关信息,生成一组鉴权向量,发送给移动管理实体(MME ), MME 选择其中一个鉴权向量对 MTC 用户进行双向鉴权, 鉴权通过后, 则认为 MTC用户合法。  The MTC device may establish an association relationship with the MTC user identity module through the association establishment process in the initial access process, and may include the MTC device authentication or the MTC device authentication in the association establishment process, which is implemented by the system. To decide. 4 is a schematic flowchart (including MTC device authentication) for establishing an association relationship between an MTC device and an MTC user identity identification module during initial access of the MTC device according to the present invention. As shown in FIG. 4, the specific processing includes: Step 400: Include an MTC user When the MTC device of the identity module first accesses the mobile communication network, the MTC user access authentication supported by the mobile communication network is first performed between the mobile communication network and the MTC device. The MTC user access authentication is the same as the mobile user authentication process of the existing mobile communication network. For example, the MTC device sends the MTC user identity information to the mobile communication network, and the mobile communication network is in a database such as a Home Subscriber Server (HSS). The relevant information is searched for, and a set of authentication vectors is generated and sent to the mobility management entity (MME). The MME selects one of the authentication vectors to perform bidirectional authentication on the MTC user. After the authentication is passed, the MTC user is considered to be legal.
步骤 401: MTC用户通过接入鉴权后,移动通信网络对 MTC设备进行 鉴权。 MTC设备鉴权可釆用现有的各种设备鉴权方式, 如使用数字证书鉴 权方式等。 Step 401: After the MTC user passes the access authentication, the mobile communication network performs the MTC device. Authentication. MTC device authentication can use various existing device authentication methods, such as using digital certificate authentication methods.
步骤 402: MTC设备通过鉴权后, MTC设备向移动通信网络发送 MTC 设备与 MTC用户相关联的关联请求,该关联请求中携带有需要关联的 MTC 设备身份信息和 MTC用户身份信息。 MTC用户身份信息可以是 IMSI或用 于 MTC用户身份标识的 MTC身份标识信息。 MTC设备身份信息可以是 IMEI或用于 MTC设备身份标识的 MTC身份标识信息。  Step 402: After the MTC device is authenticated, the MTC device sends an association request of the MTC device and the MTC user to the mobile communication network, where the association request carries the MTC device identity information and the MTC user identity information that need to be associated. The MTC user identity information may be IMSI or MTC identity information for the MTC user identity. The MTC device identity information may be IMEI or MTC identity information for the MTC device identity.
步骤 403: 移动通信网络收到 MTC设备发送的关联请求后,根据 MTC 设备身份信息和 MTC用户身份信息检查存储的关联关系列表, 判断 MTC 设备身份信息是否已与其他 MTC用户身份信息相关联, 如果是, 即关联关 系列表中存在 MTC设备身份信息与 MTC用户身份信息的关联关系, 则表 明 MTC设备已与其他 MTC用户的身份识别模块相关联,拒绝该关联请求, 如果不是, 即关联关系列表中不存在 MTC设备身份信息与 MTC用户身份 信息的关联关系, 则表明 MTC设备未与其他 MTC用户的身份识别模块相 关联, 无论 MTC用户的身份识别模块是否已关联了其他 MTC设备, 都接 受该关联请求, 建立 MTC设备与 MTC用户身份识别模块的关联关系, 并 更新存储的关联关系列表, 即将该关联关系添加至关联关系列表中。  Step 403: After receiving the association request sent by the MTC device, the mobile communication network checks the stored association relationship list according to the MTC device identity information and the MTC user identity information, and determines whether the MTC device identity information is associated with other MTC user identity information, if Yes, that is, the association relationship between the MTC device identity information and the MTC user identity information exists in the association relationship list, indicating that the MTC device is associated with the identity recognition module of another MTC user, rejecting the association request, if not, that is, in the association relationship list If there is no association between the MTC device identity information and the MTC user identity information, it indicates that the MTC device is not associated with the identity module of the other MTC user, and the association is accepted regardless of whether the MTC user identity module has been associated with another MTC device. The request establishes an association relationship between the MTC device and the MTC user identity module, and updates the stored association relationship list, that is, adds the association relationship to the association relationship list.
步骤 404: 移动通信网络向 MTC设备反馈确认消息, 通知 MTC设备 关联结果。  Step 404: The mobile communication network feeds back an acknowledgement message to the MTC device, and notifies the MTC device of the association result.
另外, 除图 4所示 MTC设备初始接入时由移动通信网络将其与 MTC 用户的身份识别模块相关联的流程外;也可以是 MTC用户通过已与其相关 联的 MTC 设备向移动通信网络发送关联请求, 请求移动通信网络将其他 MTC设备与该 MTC用户相关联, 也就是说, MTC设备接入移动通信网络 后, MTC用户通过该 MTC设备发送关联请求, 该关联请求中携带有需要 关联的 MTC设备身份信息和 MTC用户身份信息; 移动通信网络判断需要 关联的 MTC设备是否已与其他 MTC用户的身份识别模块相关联, 以确定 是否建立 MTC设备与 MTC用户身份识别模块的关联关系。 所述 MTC设 备接入移动通信网络的具体处理过程如图 2所示。 In addition, except that the MTC device shown in FIG. 4 is initially accessed by the mobile communication network to associate it with the identification module of the MTC user; or the MTC user may send the MTC device to the mobile communication network through the MTC device already associated with it. Correlation request, requesting the mobile communication network to associate another MTC device with the MTC user, that is, after the MTC device accesses the mobile communication network, the MTC user sends an association request through the MTC device, where the association request carries the need to be associated MTC device identity information and MTC user identity information; mobile communication network needs to determine Whether the associated MTC device has been associated with the identity module of the other MTC user to determine whether to establish an association relationship between the MTC device and the MTC user identity module. The specific processing procedure of the MTC device accessing the mobile communication network is as shown in FIG. 2 .
以上所述 MTC设备与 MTC用户的身份识别模块相关联的流程中, 未 经关联的 MTC设备可以与任何 MTC用户的身份识别模块相关联。  In the above-described process in which the MTC device is associated with the identity module of the MTC user, the unassociated MTC device can be associated with the identity module of any MTC user.
移动通信网络也可以注销 MTC设备与 MTC用户身份识别模块的关联 关系, 如图 5所示, 注销 MTC设备与 MTC用户的身份识别模块关联关系 的具体处理包括:  The mobile communication network can also cancel the association relationship between the MTC device and the MTC user identity module. As shown in FIG. 5, the specific processing of the relationship between the MTC device and the MTC user identity module is as follows:
步骤 500: MTC设备接入移动通信网络, 具体处理过程如图 2所示。 步骤 501: MTC用户通过 MTC设备向移动通信网络发送注销关联请求, 该注销关联请求中携带有需要注销关联的 MTC设备身份信息和 MTC用户 身份信息。 MTC用户身份信息可以是 IMSI或用于 MTC用户身份标识的 MTC身份标识信息。 MTC设备身份信息可以是 IMEI或用于 MTC设备身 份标识的 MTC身份标识信息。 发送注销关联请求的 MTC设备可以是需要 注销与 MTC用户的身份识别模块相关联的 MTC设备,也可以是其他 MTC 设备, MTC用户通过该接入的 MTC设备注销其关联的其他 MTC设备。  Step 500: The MTC device accesses the mobile communication network, and the specific processing process is as shown in FIG. 2 . Step 501: The MTC user sends a logout association request to the mobile communication network by using the MTC device, where the logout association request carries the MTC device identity information and the MTC user identity information that need to be logged off. The MTC user identity information may be IMSI or MTC identity information for the MTC user identity. The MTC device identity information may be IMEI or MTC identity information for the MTC device identity. The MTC device that sends the logout association request may be an MTC device that needs to be logged out associated with the MTC user's identity module, or may be another MTC device through which the MTC user logs out of its associated MTC device.
步骤 502: 移动通信网络收到 MTC设备发送的注销关联请求后, 根据 MTC设备身份信息和 MTC用户身份信息检查存储的 MTC设备与 MTC用 户身份识别模块的关联列表,判断关联关系列表中是否存在 MTC设备身份 信息与相应 MTC用户身份信息的关联关系, 如果存在, 注销 MTC设备与 MTC用户身份识别模块的关联关系, 并更新存储的关联关系列表, 即将该 关联关系从关联关系列表中删除; 如果不存在, 则不做处理。  Step 502: After receiving the logout association request sent by the MTC device, the mobile communication network checks the association list of the stored MTC device and the MTC user identity module according to the MTC device identity information and the MTC user identity information, and determines whether the MTC exists in the association list. The association between the device identity information and the corresponding MTC user identity information, if yes, the relationship between the MTC device and the MTC user identity module is deleted, and the stored association relationship list is updated, that is, the association relationship is deleted from the association relationship list; If it exists, it will not be processed.
步骤 503 : 移动通信网络向 MTC设备反馈确认消息, 通知 MTC设备 注销关联结果。  Step 503: The mobile communication network feeds back an acknowledgement message to the MTC device, and notifies the MTC device to cancel the association result.
移动通信网络也可以注销 MTC设备与 MTC用户身份识别模块的关联 关系, 当 MTC设备与一个 MTC用户身份识别模块的关联关系注销后, 该 MTC设备可以通过关联建立过程与新的 MTC用户身份识别模块建立关联 关系。 在建立关联关系过程中, 可以对 MTC设备进行鉴权, 也可以不对 MTC设备进行鉴权, 这由系统的具体实现决定。 The mobile communication network can also deregister the association between the MTC device and the MTC user identity module. Relationship, after the association relationship between the MTC device and an MTC user identity module is cancelled, the MTC device can establish an association relationship with the new MTC user identity module through the association establishment process. In the process of establishing an association relationship, the MTC device may be authenticated, or the MTC device may not be authenticated, which is determined by the specific implementation of the system.
包含 MTC设备鉴权的关联建立过程如图 6所示, 具体过程包括: 步骤 600: 移动通信网络与 MTC设备之间进行移动通信网络支持的 MTC用户接入鉴权。 MTC用户接入鉴权与现有的移动通信网络的移动用户 鉴权过程相同, 例如, MTC设备向移动通信网络发送 MTC用户身份信息, 移动通信网络在数据库如 HSS中查找相关信息, 生成一组鉴权向量, 发送 给 MME, MME选择其中一个鉴权向量对 MTC用户进行双向鉴权, 鉴权 通过后, 则认为 MTC用户合法。  The association establishment process including the authentication of the MTC device is as shown in FIG. 6. The specific process includes: Step 600: Perform MTC user access authentication supported by the mobile communication network between the mobile communication network and the MTC device. The MTC user access authentication is the same as the mobile user authentication process of the existing mobile communication network. For example, the MTC device sends the MTC user identity information to the mobile communication network, and the mobile communication network searches for related information in a database such as the HSS to generate a group. The authentication vector is sent to the MME, and the MME selects one of the authentication vectors to perform bidirectional authentication on the MTC user. After the authentication is passed, the MTC user is considered to be legal.
步骤 601: MTC用户通过接入鉴权后,移动通信网络对 MTC设备进行 鉴权。 MTC设备鉴权可釆用现有的各种设备鉴权方式, 如使用数字证书鉴 权方式等。  Step 601: After the MTC user accesses the authentication, the mobile communication network authenticates the MTC device. MTC device authentication can use various existing device authentication methods, such as using digital certificate authentication methods.
步骤 602: MTC设备通过鉴权后, MTC设备向移动通信网络发送 MTC 设备与 MTC用户相关联的关联请求,该关联请求中携带有需要关联的 MTC 设备身份信息和 MTC用户身份信息。 MTC用户身份信息可以是 IMSI或用 于 MTC用户身份标识的 MTC身份标识信息。 MTC设备身份信息可以是 IMEI或用于 MTC设备身份标识的 MTC身份标识信息。  Step 602: After the MTC device is authenticated, the MTC device sends an association request of the MTC device and the MTC user to the mobile communication network, where the association request carries the MTC device identity information and the MTC user identity information that need to be associated. The MTC user identity information may be IMSI or MTC identity information for the MTC user identity. The MTC device identity information may be IMEI or MTC identity information for the MTC device identity.
步骤 603: 移动通信网络收到 MTC设备发送的关联请求后,根据 MTC 设备身份信息和 MTC用户身份信息检查存储的关联关系列表, 判断 MTC 设备身份信息是否已与其他 MTC用户身份信息相关联, 如果是, 即关联关 系列表中存在 MTC设备身份信息与 MTC用户身份信息的关联关系, 则表 明 MTC设备已与其他 MTC用户的身份识别模块相关联,拒绝该关联请求, 如果不是, 即关联关系列表中不存在 MTC设备身份信息与 MTC用户身份 信息的关联关系, 则表明 MTC设备未与其他 MTC用户的身份识别模块相 关联, 无论 MTC用户的身份识别模块是否已关联了其他 MTC设备, 都接 受该关联请求, 建立 MTC设备与 MTC用户身份识别模块的关联关系, 并 更新存储的关联关系列表, 即将该关联关系添加至关联关系列表中。 Step 603: After receiving the association request sent by the MTC device, the mobile communication network checks the stored association relationship list according to the MTC device identity information and the MTC user identity information, and determines whether the MTC device identity information is associated with other MTC user identity information, if Yes, that is, the association relationship between the MTC device identity information and the MTC user identity information exists in the association relationship list, indicating that the MTC device is associated with the identity recognition module of another MTC user, rejecting the association request, if not, that is, in the association relationship list There is no MTC device identity information and MTC user identity The association relationship of the information indicates that the MTC device is not associated with the identity module of the other MTC user, and the association request is accepted regardless of whether the MTC device has been associated with another MTC device, and the MTC device and the MTC user identity are established. The association relationship of the module, and updating the stored association list, that is, adding the association to the association list.
步骤 604: 移动通信网络向 MTC设备反馈确认消息, 通知 MTC设备 关联结果。  Step 604: The mobile communication network feeds back an acknowledgement message to the MTC device, and notifies the MTC device of the association result.
不包含 MTC设备鉴权的关联建立过程如图 7所示, 具体过程包括: 步骤 700: 移动通信网络与 MTC设备之间进行移动通信网络支持的 MTC用户接入鉴权。 MTC用户接入鉴权与现有的移动通信网络的移动用户 鉴权过程相同, 例如, MTC设备向移动通信网络发送 MTC用户身份信息, 移动通信网络在数据库如 HSS中查找相关信息, 生成一组鉴权向量, 发送 给 MME, MME选择其中一个鉴权向量对 MTC用户进行双向鉴权, 鉴权 通过后, 则认为 MTC用户合法。  The association establishment process that does not include the authentication of the MTC device is as shown in FIG. 7. The specific process includes: Step 700: Perform MTC user access authentication supported by the mobile communication network between the mobile communication network and the MTC device. The MTC user access authentication is the same as the mobile user authentication process of the existing mobile communication network. For example, the MTC device sends the MTC user identity information to the mobile communication network, and the mobile communication network searches for related information in a database such as the HSS to generate a group. The authentication vector is sent to the MME, and the MME selects one of the authentication vectors to perform bidirectional authentication on the MTC user. After the authentication is passed, the MTC user is considered to be legal.
步骤 701 : MTC用户接入鉴权通过后, MTC设备向移动通信网络发送 MTC设备与 MTC用户相关联的关联请求, 该关联请求中携带有需要关联 的 MTC设备身份信息和 MTC用户身份信息。 MTC用户身份信息可以是 IMSI或用于 MTC用户身份标识的 MTC身份标识信息。 MTC设备身份信 息可以是 IMEI或用于 MTC设备身份标识的 MTC身份标识信息。  Step 701: After the MTC user access authentication is passed, the MTC device sends an association request of the MTC device and the MTC user to the mobile communication network, where the association request carries the MTC device identity information and the MTC user identity information that need to be associated. The MTC user identity information may be IMSI or MTC identity information for the MTC user identity. The MTC device identity information may be IMEI or MTC identity information for the MTC device identity.
步骤 702: 移动通信网络收到 MTC设备发送的关联请求后,根据 MTC 设备身份信息和 MTC用户身份信息检查存储的关联关系列表, 判断 MTC 设备身份信息是否已与其他 MTC用户身份信息相关联, 如果是, 即关联关 系列表中存在 MTC设备身份信息与 MTC用户身份信息的关联关系, 则表 明 MTC设备已与其他 MTC用户的身份识别模块相关联,拒绝该关联请求, 如果不是, 即关联关系列表中不存在 MTC设备身份信息与 MTC用户身份 信息的关联关系, 则表明 MTC设备未与其他 MTC用户的身份识别模块相 关联, 无论 MTC用户的身份识别模块是否已关联了其他 MTC设备, 都接 受该关联请求, 建立 MTC设备与 MTC用户身份识别模块的关联关系, 并 更新存储的关联关系列表, 即将该关联关系添加至关联关系列表中。 Step 702: After receiving the association request sent by the MTC device, the mobile communication network checks the stored association relationship list according to the MTC device identity information and the MTC user identity information, and determines whether the MTC device identity information is associated with other MTC user identity information, if Yes, that is, the association relationship between the MTC device identity information and the MTC user identity information exists in the association relationship list, indicating that the MTC device is associated with the identity recognition module of another MTC user, rejecting the association request, if not, that is, in the association relationship list If there is no association between the MTC device identity information and the MTC user identity information, it indicates that the MTC device is not associated with the identity module of other MTC users. Association, whether the MTC device's identity module is associated with another MTC device, accepts the association request, establishes an association relationship between the MTC device and the MTC user identity module, and updates the stored association relationship list, that is, adds the association relationship to In the list of associations.
步骤 703 : 移动通信网络向 MTC设备反馈确认消息, 通知 MTC设备 关联结果。  Step 703: The mobile communication network feeds back an acknowledgement message to the MTC device, and notifies the MTC device of the association result.
图 8为本发明中 MTC接入控制装置的结构示意图, 如图 8所示, 该装 置包括: 接收单元和接入判断单元, 其中, 接收单元用于接收 MTC设备发 送的接入请求并发送给接入判断单元,该接入请求中携带有 MTC用户身份 信息和 MTC设备身份信息; 接入判断单元用于判断 MTC设备是否已与 MTC用户的身份识别模块相关联, 如果是, 则接受 MTC设备的接入, 否 则, 拒绝 MTC设备的接入。  FIG. 8 is a schematic structural diagram of an MTC access control apparatus according to the present invention. As shown in FIG. 8, the apparatus includes: a receiving unit and an access determining unit, where the receiving unit is configured to receive an access request sent by the MTC device and send the request An access judging unit, where the access request carries the MTC user identity information and the MTC device identity information; the access judging unit is configured to determine whether the MTC device is associated with the MTC user identity recognition module, and if yes, accept the MTC device Access, otherwise, denying access to the MTC device.
接入判断单元还用于: 对 MTC用户进行接入鉴权, 或对 MTC用户进 行接入鉴权和对 MTC设备进行鉴权, 鉴权通过后, 判断 MTC设备是否已 与 MTC用户的身份识别模块相关联。接入判断单元实现图 3中所示的 MTC 用户鉴权功能、 或 MTC用户鉴权功能和 MTC设备鉴权功能。  The access judging unit is further configured to: perform access authentication on the MTC user, or perform access authentication on the MTC user and perform authentication on the MTC device, and after the authentication is passed, determine whether the MTC device has been identified with the MTC user. The module is associated. The access judging unit implements the MTC user authentication function, or the MTC user authentication function and the MTC device authentication function shown in FIG.
MTC接入控制装置进一步包括: 关联建立单元, 接收单元还用于接收 MTC设备发送的关联请求并发送给关联建立单元; 关联建立单元用于判断 需要关联的 MTC设备是否已与其他 MTC用户的身份识别模块相关联, 如 果是, 则拒绝该关联请求, 如果不是, 则建立 MTC设备与 MTC用户身份 识别模块的关联关系, 进一步用于更新存储的关联关系列表。  The MTC access control device further includes: an association establishing unit, the receiving unit is further configured to receive an association request sent by the MTC device and send the association request to the association establishing unit; the association establishing unit is configured to determine whether the MTC device that needs to be associated has the identity with another MTC user The identification module is associated with, if yes, the association request is rejected, and if not, the association relationship between the MTC device and the MTC user identity module is established, and is further used to update the stored association relationship list.
MTC接入控制装置进一步包括: 关联注销单元, 接收单元还用于接收 MTC设备发送的注销关联请求并发送给关联注销单元; 关联注销单元用于 判断需要注销关联的 MTC设备是否已与 MTC用户的身份识别模块相关联, 如果是, 则注销 MTC设备与 MTC用户身份识别模块的关联关系, 进一步 用于更新存储的关联关系列表, 如果不是, 则拒绝该注销关联请求。 关联建立单元和关联注销单元实现图 3中所示的 MTC用户与 MTC设 备关联管理功能。 The MTC access control device further includes: an association cancellation unit, the receiving unit is further configured to receive the cancellation association request sent by the MTC device and send the cancellation association request to the associated cancellation unit; and the associated cancellation unit is configured to determine whether the associated MTC device needs to be logged out and the MTC user The identity recognition module is associated with, if yes, the association relationship between the MTC device and the MTC user identity module is cancelled, and is further used to update the stored association relationship list, and if not, the logout association request is rejected. The association establishing unit and the associated deregistration unit implement the MTC user and MTC device association management functions shown in FIG.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围, 凡在本发明的精神和原则之内所作的任何修改、 等同替换和改进 等, 均应包含在本发明的保护范围之内。  The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included. Within the scope of protection of the present invention.

Claims

权利要求书 Claim
1、 一种机器类通信 MTC接入控制的方法, MTC设备包含有 MTC用 户的身份识别模块, 其特征在于, 移动通信网络支持 MTC设备与 MTC用 户身份识别模块的关联, 该方法包括:  A machine type communication MTC access control method, the MTC device includes an MTC user identity recognition module, wherein the mobile communication network supports association between the MTC device and the MTC user identity module, and the method includes:
移动通信网络收到 MTC设备发送的接入请求后, 判断 MTC设备是否 已与所述身份识别模块相关联, 如果是, 则接受 MTC设备的接入, 否则, 拒绝 MTC设备的接入。  After receiving the access request sent by the MTC device, the mobile communication network determines whether the MTC device is associated with the identity recognition module, and if so, accepts the access of the MTC device; otherwise, the access of the MTC device is rejected.
2、 根据权利要求 1所述的方法, 其特征在于, 所述判断 MTC设备是 否已与身份识别模块相关联之前, 进一步包括:  The method according to claim 1, wherein before the determining whether the MTC device has been associated with the identity recognition module, the method further includes:
对 MTC用户进行接入鉴权, 或对 MTC用户进行接入鉴权和对 MTC 设备进行鉴权, 鉴权通过后, 判断 MTC设备是否已与所述身份识别模块相 关联。  The MTC user is authenticated, or the MTC user is authenticated and the MTC device is authenticated. After the authentication is passed, it is determined whether the MTC device is associated with the identity module.
3、 根据权利要求 1所述的方法, 其特征在于, 所述判断 MTC设备是 否已与身份识别模块相关联, 具体为:  The method according to claim 1, wherein the determining whether the MTC device is associated with the identity recognition module is specifically:
判断接入请求中携带的 MTC用户身份信息和 MTC设备身份信息是否 符合已建立的 MTC设备与 MTC用户身份识别模块的关联关系,如果符合, 则接受 MTC设备的接入, 否则, 拒绝 MTC设备的接入。  Determining whether the MTC user identity information and the MTC device identity information carried in the access request meet the association relationship between the established MTC device and the MTC user identity module, and if yes, accept the access of the MTC device; otherwise, reject the MTC device. Access.
4、 根据权利要求 3所述的方法, 其特征在于, 所述判断接入请求中携 带的 MTC用户身份信息和 MTC设备身份信息是否符合已建立的 MTC设 备与 MTC用户身份识别模块的关联关系, 具体为:  The method according to claim 3, wherein the determining whether the MTC user identity information and the MTC device identity information carried in the access request meet the association relationship between the established MTC device and the MTC user identity module, Specifically:
基于存储的关联关系列表判断 MTC设备身份信息是否已与相应 MTC 用户身份信息相关联,如果关联关系列表中存在 MTC设备身份信息与相应 MTC用户身份信息的关联关系,则接受 MTC设备的接入,否则,拒绝 MTC 设备的接入。  Determining, according to the stored association list, whether the MTC device identity information is associated with the corresponding MTC user identity information, and if the relationship between the MTC device identity information and the corresponding MTC user identity information exists in the association relationship list, accepting the access of the MTC device, Otherwise, access to the MTC device is denied.
5、 根据权利要求 1所述的方法, 其特征在于, 所述判断 MTC设备是 否已与身份识别模块相关联之前, 还包括: 5. The method according to claim 1, wherein the determining the MTC device is Before being associated with the identity module, it also includes:
MTC设备向移动通信网络发送关联请求, 移动通信网络收到 MTC设 备发送的关联请求后, 判断需要关联的 MTC设备是否已与其他 MTC用户 的身份识别模块相关联, 如果是, 则拒绝该关联请求, 否则, 建立需要关 联的 MTC设备与所述身份识别模块的关联关系。  The MTC device sends an association request to the mobile communication network, and after receiving the association request sent by the MTC device, the mobile communication network determines whether the associated MTC device has been associated with the identity recognition module of the other MTC user, and if yes, rejects the association request. Otherwise, the association relationship between the MTC device that needs to be associated and the identity module is established.
6、根据权利要求 5所述的方法, 其特征在于, 所述关联请求包含 MTC 设备身份信息和 MTC用户身份信息, 所述判断需要关联的 MTC设备是否 已与其他 MTC用户的身份识别模块相关联, 具体为:  The method according to claim 5, wherein the association request includes MTC device identity information and MTC user identity information, and the determining whether the associated MTC device has been associated with an identity module of another MTC user , Specifically:
基于存储的关联关系列表判断 MTC设备身份信息是否已与其他 MTC 用户身份信息相关联,如果关联关系列表中存在 MTC设备身份信息与 MTC 用户身份信息的关联关系, 则拒绝该关联请求, 如果关联关系列表中不存 在 MTC设备身份信息与 MTC用户身份信息的关联关系, 则建立需要关联 的 MTC设备与所述身份识别模块的关联关系, 并更新关联关系列表。  Determining whether the MTC device identity information is associated with other MTC user identity information based on the stored association list, and if the association relationship between the MTC device identity information and the MTC user identity information exists in the association relationship list, rejecting the association request, if the association relationship The association between the MTC device identity information and the MTC user identity information does not exist in the list, and the association relationship between the MTC device that needs to be associated and the identity recognition module is established, and the association relationship list is updated.
7、根据权利要求 1至 6任一所述的方法,其特征在于,该方法还包括: 移动通信网络收到 MTC设备发送的注销关联请求后,判断需要注销关 联的 MTC设备是否已与所述身份识别模块相关联, 如果是, 则注销 MTC 设备与所述身份识别模块的关联关系, 否则, 拒绝该注销关联请求。  The method according to any one of claims 1 to 6, further comprising: after receiving the logout association request sent by the MTC device, the mobile communication network determines whether the associated MTC device needs to be logged off The identity module is associated, and if so, the association relationship between the MTC device and the identity module is logged off, otherwise, the logout association request is rejected.
8、 根据权利要求 7所述的方法, 其特征在于, 所述注销关联请求包含 MTC用户身份信息和 MTC设备身份信息, 所述判断需要注销关联的 MTC 设备是否已与身份识别模块相关联, 具体为:  The method according to claim 7, wherein the de-registration association request includes MTC user identity information and MTC device identity information, and the determining whether the associated MTC device needs to be logged off is associated with the identity recognition module, specifically For:
基于存储的关联关系列表判断 MTC设备身份信息是否已与 MTC用户 身份信息相关联, 如果关联关系列表中存在 MTC设备身份信息与 MTC用 户身份信息的关联关系, 则注销 MTC设备与所述身份识别模块的关联关 系, 并更新关联关系列表, 如果关联关系列表中不存在 MTC设备身份信息 与 MTC用户身份信息的关联关系, 则拒绝该注销关联请求。 Determining whether the MTC device identity information is associated with the MTC user identity information based on the stored association list, and if the association relationship between the MTC device identity information and the MTC user identity information exists in the association relationship list, the MTC device and the identity recognition module are logged off. The association relationship is updated, and the association relationship list is updated. If the association relationship between the MTC device identity information and the MTC user identity information does not exist in the association relationship list, the logout association request is rejected.
9、 一种机器类通信接入控制的系统, 其特征在于, 包括: 包含 MTC用户身份识别模块的 MTC设备, 用于向移动通信网络发送 接入请求; 所述 MTC用户身份识别模块位于 UICC上; A machine type communication access control system, comprising: an MTC device including an MTC user identity module, configured to send an access request to a mobile communication network; the MTC user identity recognition module is located on the UICC ;
用于 MTC接入控制的功能实体, 位于所述移动通信网络, 用于判断所 述 MTC设备是否已与所述身份识别模块相关联, 如果是, 则接入 MTC设 备; 否则, 拒绝 MTC设备的接入。  a functional entity for MTC access control, located in the mobile communication network, configured to determine whether the MTC device is associated with the identity recognition module, and if yes, accessing the MTC device; otherwise, rejecting the MTC device Access.
10、 根据权利要求 9所述的系统, 其特征在于,  10. The system of claim 9 wherein:
所述 MTC设备还用于: 向所述移动通信网络发送关联请求;  The MTC device is further configured to: send an association request to the mobile communication network;
所述用于 MTC接入控制的功能实体还用于: 接收所述 MTC设备发送 的关联请求, 判断需要关联的 MTC设备是否已与其他 MTC用户的身份识 别模块相关联, 如果是, 则拒绝该关联请求, 如果不是, 则建立 MTC设备 与所述身份识别模块的关联关系。  The function entity for the MTC access control is further configured to: receive an association request sent by the MTC device, determine whether an associated MTC device is associated with an identity recognition module of another MTC user, and if yes, reject the The association request, if not, establishes an association relationship between the MTC device and the identity recognition module.
11、 根据权利要求 9所述的系统, 其特征在于,  11. The system of claim 9 wherein:
所述 MTC设备还用于: 向所述移动通信网络发送注销关联请求; 所述用于 MTC接入控制的功能实体还用于: 接收 MTC设备发送的注 销关联请求, 判断需要注销关联的 MTC设备是否已与身份识别模块相关 联,如果是,则注销 MTC设备与所述身份识别模块的关联关系,如果不是, 则拒绝该注销关联请求。  The MTC device is further configured to: send a logout association request to the mobile communication network; the function entity for the MTC access control is further configured to: receive a logout association request sent by the MTC device, and determine that the associated MTC device needs to be logged out Whether the association module has been associated with the identity module, and if so, the association relationship of the MTC device with the identity module is logged out, and if not, the logout association request is rejected.
12、 根据权利要求 9至 11任一所述的系统, 其特征在于,  12. A system according to any one of claims 9 to 11 wherein:
所述用于 MTC接入控制的功能实体还用于: 对 MTC用户进行接入鉴 权, 或对 MTC用户进行接入鉴权和对 MTC设备进行鉴权, 鉴权通过后, 判断 MTC设备是否已与所述身份识别模块相关联。  The function entity for the MTC access control is further configured to: perform access authentication on the MTC user, or perform access authentication on the MTC user and perform authentication on the MTC device. After the authentication is passed, determine whether the MTC device is Has been associated with the identity module.
13、 一种机器类通信接入控制的装置, 其特征在于, 包括:  13. A device for communication access control of a machine type, comprising:
接收单元, 用于接收 MTC设备发送的接入请求并发送给接入判断单 元, 该接入请求中携带有 MTC用户身份信息和 MTC设备身份信息; 接入判断单元, 用于判断 MTC设备是否已与 MTC用户的身份识别模 块相关联, 如果是, 则接受 MTC设备的接入, 否则, 拒绝 MTC设备的接 入。 a receiving unit, configured to receive an access request sent by the MTC device, and send the access request to the access determining unit, where the access request carries the MTC user identity information and the MTC device identity information; The access judging unit is configured to determine whether the MTC device is associated with the identity module of the MTC user, and if yes, accept the access of the MTC device, otherwise, reject the access of the MTC device.
14、根据权利要求 13所述的装置,其特征在于, 所述装置进一步包括: 关联建立单元,  The device according to claim 13, wherein the device further comprises: an association establishing unit,
所述接收单元还用于:接收 MTC设备发送的关联请求并发送给关联建 立单元;  The receiving unit is further configured to: receive an association request sent by the MTC device, and send the association request to the associated establishing unit;
所述关联建立单元,用于判断需要关联的 MTC设备是否已与其他 MTC 用户的身份识别模块相关联, 如果是, 则拒绝该关联请求, 如果不是, 则 建立 MTC设备与身份识别模块的关联关系。  The association establishing unit is configured to determine whether an MTC device that needs to be associated is associated with an identity recognition module of another MTC user, and if yes, reject the association request, and if not, establish an association relationship between the MTC device and the identity recognition module. .
15、根据权利要求 13所述的装置,其特征在于, 所述装置进一步包括: 关联注销单元,  The device according to claim 13, wherein the device further comprises: an associated logout unit,
所述接收单元还用于:接收 MTC设备发送的注销关联请求并发送给关 联注销单元;  The receiving unit is further configured to: receive a logout association request sent by the MTC device, and send the request to the associated logout unit;
所述关联注销单元,用于判断需要注销关联的 MTC设备是否已与 MTC 用户的身份识别模块相关联, 如果是, 则注销 MTC设备与所述身份识别模 块的关联关系, 如果不是, 则拒绝该注销关联请求。  The associated deregistration unit is configured to determine whether the MTC device that needs to be logged off is associated with the identity recognition module of the MTC user, and if yes, revoke the association relationship between the MTC device and the identity recognition module, and if not, reject the association Log out of the association request.
16、 根据权利要求 13至 15任一所述的装置, 其特征在于, 所述接入 判断单元还用于:  The device according to any one of claims 13 to 15, wherein the access judging unit is further configured to:
对 MTC用户进行接入鉴权, 或对 MTC用户进行接入鉴权和对 MTC 设备进行鉴权, 鉴权通过后, 判断 MTC设备是否已与 MTC用户的身份识 别模块相关联。  The MTC user is authenticated by access, or the MTC user is authenticated and the MTC device is authenticated. After the authentication is passed, it is determined whether the MTC device is associated with the MTC user identity recognition module.
PCT/CN2011/076104 2010-11-08 2011-06-22 Method, system and apparatus for access control of machine type communication WO2012062115A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010536046.7A CN102469448B (en) 2010-11-08 2010-11-08 A kind of method, system and device of machine type communication Access Control
CN201010536046.7 2010-11-08

Publications (1)

Publication Number Publication Date
WO2012062115A1 true WO2012062115A1 (en) 2012-05-18

Family

ID=46050368

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/076104 WO2012062115A1 (en) 2010-11-08 2011-06-22 Method, system and apparatus for access control of machine type communication

Country Status (2)

Country Link
CN (1) CN102469448B (en)
WO (1) WO2012062115A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104661220A (en) * 2015-03-13 2015-05-27 中国联合网络通信集团有限公司 Method and device for achieving authentication treatment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1802016A (en) * 2005-06-21 2006-07-12 华为技术有限公司 Method for carrying out authentication on user terminal
US20090217038A1 (en) * 2008-02-22 2009-08-27 Vesa Petteri Lehtovirta Methods and Apparatus for Locating a Device Registration Server in a Wireless Network
WO2010054472A1 (en) * 2008-11-17 2010-05-20 Sierra Wireless, Inc. Method and apparatus for associating identity modules and terminal equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1829386A (en) * 2006-02-14 2006-09-06 邵毅 Wireless mobile apparatus and user identity binding system
CN101022672B (en) * 2007-02-16 2010-05-26 华为技术有限公司 Method and system for testing mobile user legality
CN101198121B (en) * 2007-12-28 2011-07-20 中国移动通信集团四川有限公司 Authentication method for limiting mobile phone without using by others

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1802016A (en) * 2005-06-21 2006-07-12 华为技术有限公司 Method for carrying out authentication on user terminal
US20090217038A1 (en) * 2008-02-22 2009-08-27 Vesa Petteri Lehtovirta Methods and Apparatus for Locating a Device Registration Server in a Wireless Network
WO2010054472A1 (en) * 2008-11-17 2010-05-20 Sierra Wireless, Inc. Method and apparatus for associating identity modules and terminal equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"System Improvements for Machine-Type Communications; (Release 10)", 3GPP TR 23.888 V1.0.0 (2010-07), July 2010 (2010-07-01), pages 18 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104661220A (en) * 2015-03-13 2015-05-27 中国联合网络通信集团有限公司 Method and device for achieving authentication treatment

Also Published As

Publication number Publication date
CN102469448B (en) 2016-12-28
CN102469448A (en) 2012-05-23

Similar Documents

Publication Publication Date Title
US20200153830A1 (en) Network authentication method, related device, and system
US11829774B2 (en) Machine-to-machine bootstrapping
US11743728B2 (en) Cross access login controller
EP2750424B1 (en) Method, device and system for binding mtc device and uicc
JP4687788B2 (en) Wireless access system and wireless access method
WO2019017837A1 (en) Network security management method and apparatus
US8611859B2 (en) System and method for providing secure network access in fixed mobile converged telecommunications networks
JP2016506152A (en) Device authentication by tagging
WO2011000315A1 (en) Method, network device and network system for group management
DK2924944T3 (en) Presence authentication
EP2744250B1 (en) Method and apparatus for binding universal integrated circuit card and machine type communication device
WO2012094879A1 (en) Key sharing method and system for machine type communication (mtc) server
US20120178418A1 (en) Method and System for Changing a Selected Home Operator of a Machine to Machine Equipment
US8958792B2 (en) Method and system for selecting mobility management entity of terminal group
CN113498060B (en) Method, device, equipment and storage medium for controlling network slice authentication
WO2013110224A1 (en) Method, device, and system for triggering mtc device
WO2012151846A1 (en) Method and system for triggering terminal in specific location, and terminal thereof
WO2012062115A1 (en) Method, system and apparatus for access control of machine type communication
WO2012000285A1 (en) Method and system for restricting area mobility in evdo system
CN116567780A (en) Terminal management method and core network equipment
KR20210138322A (en) Authentication server for 5g non public network connection control, method of the network connection control and connection method of terminal
JP5670926B2 (en) Wireless LAN access point terminal access control system and authorization server device
KR20210030167A (en) Method and apparatus for supporting multiple users on one device
EP4203392A1 (en) Authentication support for an electronic device to connect to a telecommunications network
WO2023126296A1 (en) Authentication support for an electronic device to connect to a telecommunications network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11840609

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11840609

Country of ref document: EP

Kind code of ref document: A1