WO2012151819A1 - 一种mtc设备触发的方法和系统 - Google Patents

一种mtc设备触发的方法和系统 Download PDF

Info

Publication number
WO2012151819A1
WO2012151819A1 PCT/CN2011/079638 CN2011079638W WO2012151819A1 WO 2012151819 A1 WO2012151819 A1 WO 2012151819A1 CN 2011079638 W CN2011079638 W CN 2011079638W WO 2012151819 A1 WO2012151819 A1 WO 2012151819A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
mtc
gpi
mtc device
triggering
Prior art date
Application number
PCT/CN2011/079638
Other languages
English (en)
French (fr)
Inventor
余万涛
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to EP11865120.7A priority Critical patent/EP2713642B1/en
Priority to US14/127,223 priority patent/US10085229B2/en
Publication of WO2012151819A1 publication Critical patent/WO2012151819A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • H04W60/04Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration using triggered events
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]

Definitions

  • the present invention relates to mobile communication technologies and machine type communication (MTC) technologies, and in particular, to a method and system for triggering MTC devices.
  • MTC machine type communication
  • MTC refers to a series of technologies and combinations of technologies that use wireless communication technology to realize data communication and communication between machines and machines, machines and people.
  • Machine to Machine has two meanings: The first layer is the machine itself, which is called smart device in the embedded field; the second layer means the connection between the machine and the machine, connecting the machine through the network. together.
  • MTCs are used in a wide range of applications, such as smart measurement, remote monitoring, tracking, medical, etc. MTC applications make human life more intelligent. Compared with the traditional communication between people, the number of MTC devices (M2M Device) is huge, and the application fields are wide, which has great market prospects.
  • MTC communication the main long-distance connection technologies include: Global System for Mobile Communications (GSM), General Packet Radio Service (GPRS), Universal Mobile Telecommunications System (UMTS, Universal Mobile Telecommunications System and so on.
  • GSM Global System for Mobile Communications
  • GPRS General Packet Radio Service
  • UMTS Universal Mobile Telecommunications System
  • Nearly the giant connection technology mainly includes 802.11b/g, Bluetooth, Zigbee, Radio Frequency Identification (RFID) and so on.
  • RFID Radio Frequency Identification
  • MTC integrates wireless communication and information technology, it can be used for two-way communication, such as collecting information, setting parameters and sending commands over long distances, thus enabling different application scenarios such as security monitoring, vending, and goods tracking. Almost all the equipment involved in daily life has the potential to become a potential customer.
  • MTC provides a simple means of establishing real-time data between devices, between remote devices, or with individuals.
  • GBA Generic Bootstrapping Architecture
  • GBA body The architecture defines a common key agreement mechanism between the terminal and the server.
  • Figure 1 depicts the network model of the GBA architecture, which mainly includes the following network elements:
  • UE User Equipment
  • a terminal such as a mobile phone
  • USIM global subscriber identity card
  • SIM subscriber identity card
  • SIM Subscriber Identity Module
  • the terminal can be a mobile terminal of the card. (such as mobile phones, etc.), can also be fixed terminals of the card (such as set-top boxes, etc.);
  • NAF Network Application Function: The application server, which implements the service logic function of the application, and provides service services for the terminal after completing the authentication of the terminal;
  • BSF Boot Server Function: The boot server function entity, the BSF is the core network element of the GBA, and the BSF and the UE implement authentication through the Authentication and Key Agreement (AKA) protocol, and negotiate the subsequent use for the UE and The application key for communication between NAFs, and the BSF can set the lifetime of the key according to the local policy;
  • AKA Authentication and Key Agreement
  • HSS Home Subscriber System: the user's home server, the authentication data in the USIM/SIM card of the storage terminal, such as Ki in the SIM card;
  • SLF Subscribescription Locator Function
  • the BSF obtains the HSS name for storing related user data by querying the SLF.
  • SLF is not required in a single HSS environment. In addition, SLF is not required when the BSF is configured to use a pre-specified HSS.
  • GBA-PUSH (Pushing) is a guiding mechanism based on the GBA architecture.
  • the architecture of GBA-PUSH is shown in Figure 2.
  • GBA-PUSH enables the UE to connect to the BSF without using the BSF. Establish a secure connection through the boot process.
  • the MTC server is equivalent to the GBA architecture and the NAF in the GBA-PUSH architecture.
  • the MTC device is equivalent to the UE in the GBA architecture and the GBA-PUSH architecture.
  • a secure connection between the MTC device and the MTC server can be established through the GBA and GBA-PUSH architecture.
  • the MTC device is not allowed to access the MTC server at will.
  • the triggering instruction triggers the MTC device to establish a Packet Data Protocol (PDP)/Packet Data Network (PDN) connection.
  • PDP Packet Data Protocol
  • PDN Packet Data Network
  • the MTC device is not connected to the MTC server, the attacker may pretend to be a mobile communication network or the MTC server sends a trigger command to the MTC device to trigger the MTC device to establish a connection with the MTC server. Therefore, security measures need to be taken to ensure that the MTC device responds to trigger commands from a legitimate mobile communication network or a legitimate MTC server.
  • how to securely trigger the MTC device and further establish a secure connection between the MTC device and the MTC server is an urgent problem to be solved. Summary of the invention
  • the main object of the present invention is to provide a method and system for triggering an MTC device to implement a secure triggering of an MTC device without the MTC device being connected to the MTC server.
  • the invention provides a method for triggering a machine type communication (MTC) device, the method comprising:
  • the MTC server sends a request message to the boot server function entity (BSF), where the request message includes general bootstrapping structure push (GPI) request information and trigger request information;
  • BSF boot server function entity
  • the BSF generates GPI information through a GPI request processing process, and adds trigger instruction parameter information to the GPI information according to the trigger request information, and sends GPI information including the trigger instruction parameter information to the MTC server;
  • the MTC server sends the GPI information including the triggering instruction parameter information to the MTC device to be triggered;
  • the MTC device implements the trigger according to the trigger instruction parameter information in the received GPI information.
  • the method also includes:
  • the MTC server saves the GPI information other than the trigger instruction parameter information and the user related information of the MTC device to be triggered into the security association (SA).
  • the method further includes:
  • the MTC device saves the GPI information and its own user related information to the SA.
  • the method further includes:
  • the MTC device returns a trigger response to the MTC server and establishes a secure connection with the MTC server.
  • the method further includes:
  • the MTC device is registered with an MTC server, and the MTC server saves the MTC device related information.
  • the trigger instruction parameter information includes: a trigger instruction parameter name.
  • the triggering instruction parameter information further includes: a time range in which the MTC device sends the information after being triggered.
  • the present invention also provides a system for triggering an MTC device, the system comprising: an MTC server, a BSF, and an MTC device, where
  • the MTC server is configured to send a request message to the BSF, where the request message includes GPI request information and trigger request information;
  • the BSF is configured to generate GPI information by using a GPI request processing process, and add trigger instruction parameter information to the GPI information according to the trigger request information, and send GPI information including the trigger instruction parameter information to the MTC.
  • the MTC server is further configured to: send GPI information that includes the triggering instruction parameter information to the MTC device to be triggered;
  • the MTC device is configured to implement triggering according to trigger instruction parameter information in the received GPI information.
  • the MTC server is further configured to: after receiving the GPI information, save the GPI information except the triggering command parameter information and the user related information of the MTC device to be triggered into the SA.
  • the MTC device is further configured to: after receiving the GPI information, save the GPI information and the user related information of the user to the SA.
  • the MTC device is further configured to: after the trigger is implemented, return a trigger response to the MTC server, and establish a secure connection with the MTC server.
  • the MTC server is further configured to: before sending the request message to the BSF, receive the registration of the MTC device, and save the MTC device related information.
  • the trigger instruction parameter information includes: a trigger instruction parameter name.
  • the triggering instruction parameter information further includes: a time range in which the MTC device sends the information after being triggered.
  • the MTC server sends a request message to the BSF, where the request message includes GPI request information and trigger request information; the BSF generates GPI information through the GPI request processing process, and according to the trigger request information Adding trigger instruction parameter information to the GPI information, and transmitting the GPI information including the trigger instruction parameter information to the MTC server; the MTC server sends the GPI information including the trigger instruction parameter information to the MTC device to be triggered; the MTC device according to the received GPI The trigger instruction parameter information in the message is triggered.
  • the security protection of the triggering process of the MTC device is realized, and at the same time, a secure connection can be established between the MTC device and the MTC server.
  • FIG. 1 is a schematic diagram of a network model of a GBA architecture in the prior art
  • FIG. 1 is a schematic diagram of a network model of a GBA-PUSH architecture in the prior art
  • FIG. 3 is a schematic structural diagram of a system triggered by an MTC device according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a method for triggering an MTC device according to an embodiment of the present invention. detailed description
  • the MTC device refers to a device for machine-to-machine communication in a mobile communication network
  • the mobile communication network includes: a Global System for Mobile Communications (GSM) network, a third-generation partnership program ( 3GPP, The 3rd Generation Partnership Project) Network, 3GPP2 network, etc.
  • GSM Global System for Mobile Communications
  • 3GPP Third-generation partnership program
  • 3GPP2 The 3rd Generation Partnership Project2 network
  • the system for completing the security trigger of the MTC device is as shown in FIG. 3, and includes: an MTC device, a BSF, an HSS, and an MTC server.
  • the MTC device is a device for machine type communication, and a user identification card, such as a Universal Integrated Circuit Card (UICC), is installed in the MTC device.
  • the BSF is used to generate GPI (GBA-PUSH Information) information for triggering the establishment of a secure connection according to the GBA-PUSH request during the GBA-PUSH process, and the BSF can set the lifetime of the key according to the local policy.
  • GPI GAA-PUSH Information
  • the HSS is used to store authentication data in the device user identification card, such as SIM card, Ki in the UICC card, and the like.
  • the MTC server is equivalent to the NAF in the GBA and GBA-PUSH architectures.
  • the MTC server can initiate trigger requests and provide M2M services to MTC users.
  • the MTC server may be located within the mobile communication network or external to the mobile communication network.
  • the MTC device when the MTC device is not connected to the MTC server, when the MTC server needs to communicate with the MTC device, the MTC device may be activated to establish a secure connection with the MTC server by triggering a request or an instruction. .
  • the MTC server can trigger the MTC device through the GBA-PUSH mode to establish a secure connection between the MTC device and the MTC server.
  • the MTC device triggered by the GBA-PUSH mode needs to be registered in the MTC server in advance, and the MTC server stores related information of the registered MTC device; or, the MTC server can also be obtained by other means.
  • Information about MTC devices including identity information.
  • the MTC server is configured to send a request message to the BSF, where the request message includes GPI request information and trigger request information;
  • the BSF is configured to generate GPI information through the GPI request processing process, and add trigger instruction parameter information to the GPI information according to the trigger request information, and send the GPI information including the trigger instruction parameter information to the MTC server;
  • the GPI request processing process needs the BSF and the HSS Interaction, the HSS provides the BSF with user authentication related information of the MTC device;
  • the MTC server is further configured to send GPI information including the trigger instruction parameter information to the MTC device to be triggered;
  • the MTC device is configured to implement triggering based on trigger instruction parameter information in the received GPI information.
  • the MTC server saves the GPI information except the trigger instruction parameter information and the user related information of the MTC device to be triggered into a Security Association (SA).
  • SA Security Association
  • the MTC device saves the GPI information and its own user related information to the SA.
  • the MTC device After the MTC device implements the trigger, it returns a trigger response to the MTC server and establishes a secure connection with the MTC server.
  • the method flow triggered by the MTC device implemented by the system shown in FIG. 3 is as shown in FIG. 4, and mainly includes:
  • Step 401 The MTC server sends a request message to the BSF, where the request message includes GPI request information and trigger request information.
  • Step 402 After receiving the request message, the BSF generates GPI information through the GPI request processing process, and adds trigger instruction parameter information to the GPI information according to the trigger request information.
  • Trigger instruction The parameter information may include a Trigger Indication, and may further include a time range (Trigger Time) for transmitting the information after the MTC device triggers.
  • Step 403 The BSF sends the GPI information including the trigger instruction parameter information to the MTC server by using the request response.
  • Step 404 The MTC server saves the received GIP information and other user related information into a security association (SA, Security Association).
  • SA Security Association
  • the trigger command parameter information does not need to be saved on the MTC server.
  • the security association specifically includes the parameter information shown in Table 2 below: UE Id m 0
  • the user identity is shown in Table 2 below:
  • Ks ext NAF is generated in GBA— U based GBA— Push Ks int NAF 0 0 UICC internal Ks int NAF is generated in
  • Step 405 The MTC server sends the GPI information including the trigger instruction parameter information to the MTC device.
  • Step 406 After receiving the GPI information including the trigger instruction parameter information, the MTC device processes all the GPI information except the trigger instruction parameter information in the GPI information according to the processing defined by the GBA-PUSH, and saves the corresponding SA.
  • Step 407 The MTC device triggers the MTC device according to the trigger instruction parameter information in the GPI information, responds to the trigger command of the MTC server, and establishes a secure connection with the MTC server according to the SA.
  • the MTC device sends information to the MTC server in a corresponding time range according to the Trigger Time in the trigger instruction parameter information.
  • the present invention uses the GBA-PUSH process for the triggering of the MTC device, that is, the triggering command parameter information is added to the GPI information of the GBA-PUSH process, and is sent to the MTC device, because the GBA-PUSH process has high security. Therefore, this ensures the security of the triggering of the MTC device, realizes the security protection of the triggering process of the MTC device, and ensures that a secure connection can be established between the MTC device and the MTC server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种机器类通信(MTC)设备触发的方法和系统,方法包括:MTC服务器向引导服务器功能实体(BSF)发送请求消息,请求消息中包含通用引导架构推送(GPI)请求信息和触发请求信息;BSF通过GPI请求处理过程生成GPI信息,并根据触发请求信息在GPI信息中添加触发指令参数信息,将包含触发指令参数信息的GPI信息发送给MTC服务器;MTC服务器将包含触发指令参数信息的GPI信息发送给待触发的MTC设备;MTC设备根据所接收的GPI信息中的触发指令参数信息实现触发。通过本发明,实现了对MTC设备触发过程的安全保护,同时保证了MTC设备与MTC服务器之间能够建立安全连接。

Description

一种 MTC设备触发的方法和系统 技术领域
本发明涉及移动通信技术和机器类通信 ( MTC , Machine Type Communication )技术, 尤其涉及一种 MTC设备触发的方法和系统。 背景技术
MTC是指应用无线通信技术实现机器与机器、 机器与人之间的数据通 信和交流的一系列技术及其组合的总称。 机器对机器 (M2M, Machine to Machine )有两层含义: 第一层是机器本身, 在嵌入式领域称为智能设备; 第二层意思是机器和机器之间的连接, 通过网络将机器连接在一起。 MTC 的应用范围非常广泛, 如智能测量、 远程监控、 跟踪、 医疗等, MTC的应 用使人类生活更加智能化。 与传统的人与人之间的通信相比, MTC设备 ( M2M Device ) 的数量巨大, 应用领域广泛, 具有巨大的市场前景。
在 MTC 通信中, 主要的远距离连接技术包括: 全球移动通讯系统 ( GSM, Global System for Mobile Communications ), 通用分组无线月良务技 术(GPRS, General Packet Radio Service ), 通用移动通信系统(UMTS, Universal Mobile Telecommunications System )等等 , 近巨离连接技术主要有 802.11b/g、 蓝牙、 Zigbee、 射频识别(RFID, Radio Frequency Identification ) 等等。 由于 MTC整合了无线通信和信息技术, 可用于双向通信, 如远距离 收集信息、 设置参数和发送指令, 因此可实现不同的应用方案, 如安全监 测、 自动售货、 货物跟踪等。 几乎所有日常生活中涉及到的设备都有可能 成为潜在的服务对象。 MTC提供了设备实时数据在系统之间、 远程设备之 间、 或与个人之间建立无线连接的简单手段。
GBA ( Generic Bootstrapping Architecture )是指通用引导架构, GBA体 系架构定义了一种在终端和服务器之间的通用的密钥协商机制。 图 1 描述 了 GBA体系架构的网络模型, 主要包括如下网元:
UE ( User Equipment ): 是终端 (如手机)和全球用户识别卡(USIM, Universal Subscriber Identity Module ) /用户识别卡 ( SIM, Subscriber Identity Module )的总称, 此处的终端可以是插卡的移动终端(如手机等), 也可以 是插卡的固定终端 (如机顶盒等);
NAF ( Network Application Function ): 即应用服务器, 实现应用的业务 逻辑功能, 在完成对终端的认证后为终端提供业务服务;
BSF ( Bootstrapping Server Function ): 即引导服务器功能实体, BSF是 GBA的核心网元, BSF和 UE通过认证和密钥协商( AKA, Authentication and Key Agreement )协议实现认证, 并且协商出随后用于 UE和 NAF间通信的 应用密钥, BSF能够根据本地策略设定密钥的生命期;
HSS ( Home Subscriber System ) : 即用户归属服务器, 存储终端 USIM/SIM卡中的鉴权数据, 如 SIM卡中的 Ki等;
SLF ( Subscription Locator Function ): 即签约位置功能实体, BSF通过 查询 SLF获得存储相关用户数据的 HSS名称。在单一 HSS环境中并不需要 SLF。 另外, 当 BSF配置成使用预先指定的 HSS时, 也不要求使用 SLF。
GBA-PUSH (推送) 是建立在 GBA 架构基础上的一种引导机制, GBA-PUSH的架构如图 2所示, GBA-PUSH使得 UE在不需要与 BSF连接 的情况下, 在 NAF和 UE之间通过引导过程建立安全连接。
在 MTC系统中, MTC服务器就相当于 GBA架构和 GBA-PUSH架构 中的 NAF, MTC设备就相当于 GBA架构和 GBA-PUSH架构中的 UE。 通 过 GBA和 GBA-PUSH架构可以建立 MTC设备与 MTC服务器之间的安全 连接。
对于许多 M2M应用, 由于 MTC用户需要控制与 MTC设备的通信, 因此不允许 MTC设备随意接入 MTC服务器。 当 MTC服务器需要与 MTC 设备通信时, 通过触发指令触发 MTC设备建立一个分组数据协议( PDP, Packet Date Protocol ) /分组数据网络( PDN, Packet Date Network )连接。 当 MTC设备未连接到 MTC服务器时, 攻击者可能会冒充移动通信网络或 MTC服务器向 MTC设备发送触发指令, 以触发 MTC设备与 MTC服务器 建立连接。 因此, 需要采取安全措施, 保证 MTC设备响应来自合法移动通 信网络或合法 MTC服务器的触发指令。 在 MTC设备未连接到 MTC服务 器的情况下, 如何安全触发 MTC设备, 并进一步建立 MTC设备与 MTC 服务器之间的安全连接, 是目前亟待解决的问题。 发明内容
有鉴于此,本发明的主要目的在于提供一种 MTC设备触发的方法和系 统, 以实现在 MTC设备未连接到 MTC服务器的情况下, 对 MTC设备的 安全触发。
为达到上述目的, 本发明的技术方案是这样实现的:
本发明提供了一种机器类通信( MTC )设备触发的方法, 该方法包括:
MTC服务器向引导服务器功能实体(BSF )发送请求消息, 所述请求 消息中包含通用引导架构推送(GPI )请求信息和触发请求信息;
所述 BSF通过 GPI请求处理过程生成 GPI信息, 并根据所述触发请求 信息在所述 GPI信息中添加触发指令参数信息, 将包含所述触发指令参数 信息的 GPI信息发送给 MTC服务器;
所述 MTC服务器将包含所述触发指令参数信息的 GPI信息发送给待触 发的 MTC设备;
所述 MTC设备根据所接收的 GPI信息中的触发指令参数信息实现触 发。
在 BSF将包含触发指令参数信息的 GPI信息发送给 MTC服务器后, 该方法还包括:
所述 MTC服务器将除触发指令参数信息之外的 GPI信息、以及待触发 MTC设备的用户相关信息保存到安全关联( SA ) 中。
在 MTC服务器将包含触发指令参数信息的 GPI信息发送给待触发的 MTC设备后, 该方法还包括:
所述 MTC设备将所述 GPI信息、 以及自身的用户相关信息保存到 SA 中。
在 MTC设备实现触发后, 该方法还包括:
所述 MTC设备向 MTC服务器返回触发响应, 并建立与所述 MTC服 务器之间的安全连接。
在 MTC服务器向 BSF发送请求消息之前, 该方法还包括:
所述 MTC设备在 MTC服务器注册, 所述 MTC服务器保存所述 MTC 设备相关信息。
所述触发指令参数信息包括: 触发指令参数名称。
所述触发指令参数信息进一步包括: MTC设备触发后发送信息的时间 范围。
本发明还提供了一种 MTC设备触发的系统, 该系统包括: MTC服务 器、 BSF和 MTC设备, 其中,
所述 MTC服务器, 用于向所述 BSF发送请求消息, 所述请求消息中 包含 GPI请求信息和触发请求信息;
所述 BSF, 用于通过 GPI请求处理过程生成 GPI信息, 并根据所述触 发请求信息在所述 GPI信息中添加触发指令参数信息, 将包含所述触发指 令参数信息的 GPI信息发送给所述 MTC服务器;
所述 MTC服务器还用于,将包含所述触发指令参数信息的 GPI信息发 送给待触发的 MTC设备; 所述 MTC设备,用于根据所接收的 GPI信息中的触发指令参数信息实 现触发。
所述 MTC服务器进一步用于,在接收到所述 GPI信息后,将除触发指 令参数信息之外的 GPI信息、以及待触发 MTC设备的用户相关信息保存到 SA中。
所述 MTC设备进一步用于, 在接收到所述 GPI信息后, 将所述 GPI 信息、 以及自身的用户相关信息保存到 SA中。
所述 MTC设备进一步用于, 在实现触发后, 向 MTC服务器返回触发 响应, 并建立与所述 MTC服务器之间的安全连接。
所述 MTC服务器进一步用于, 在向 BSF发送请求消息之前, 接收所 述 MTC设备的注册, 并保存所述 MTC设备相关信息。
所述触发指令参数信息包括: 触发指令参数名称。
所述触发指令参数信息进一步包括: MTC设备触发后发送信息的时间 范围。
本发明所提供的一种 MTC设备触发的方法和系统, MTC服务器向 BSF 发送请求消息, 请求消息中包含 GPI请求信息和触发请求信息; BSF通过 GPI请求处理过程生成 GPI信息, 并根据触发请求信息在 GPI信息中添加 触发指令参数信息,将包含触发指令参数信息的 GPI信息发送给 MTC服务 器; MTC服务器将包含触发指令参数信息的 GPI信息发送给待触发的 MTC 设备; MTC设备根据所接收的 GPI信息中的触发指令参数信息实现触发。 通过本发明, 实现了对 MTC设备触发过程的安全保护, 同时保证了 MTC 设备与 MTC服务器之间能够建立安全连接。 附图说明
图 1为现有技术中 GBA体系架构的网络模型示意图;
图 1为现有技术中 GBA-PUSH架构的网络模型示意图; 图 3为本发明实施例中 MTC设备触发的系统结构示意图; 图 4为本发明实施例中 MTC设备触发的方法流程图。 具体实施方式
下面结合附图和具体实施例对本发明的技术方案进一步详细阐述。 本发明实施例中, MTC设备是指移动通信网络中用于机器到机器通信 的设备, 移动通信网络包括: 全球移动通信系统(GSM, Global System For Mobile Communications ) 网络、 第三代合作伙伴计划 (3GPP , The 3rd Generation Partnership Project ) 网络、 3GPP2网络等等。
本发明实施例中,为完成 MTC设备安全触发的系统如图 3所示,包括: MTC设备、 BSF、 HSS和 MTC服务器。 其中, MTC设备是用于机器类通 信的设备, 用户识别卡、 如通用集成电路卡(UICC, Universal Integrated Circuit Card )安装在 MTC设备中。 BSF用于在 GBA-PUSH过程中, 根据 GBA-PUSH 请求生成用于触发建立安全连接的 GPI ( GBA-PUSH Information )信息, BSF能够根据本地策略设定密钥的生命期。 HSS用于存 储设备用户识别卡中的鉴权数据, 如 SIM卡、 UICC卡中的 Ki等。 MTC月良 务器相当于 GBA和 GBA-PUSH架构中的 NAF, MTC服务器可以发起触发 请求, 并为 MTC用户提供 M2M业务。 在本发明的实施例中, MTC服务器 可以位于移动通信网内, 也可以位于移动通信网外。
本发明的实施例中, 在 MTC设备未连接到 MTC服务器的情况下, 当 MTC服务器需要与该 MTC设备进行通信时, 可以通过触发请求或指令, 激活 MTC设备建立与 MTC服务器之间的安全连接。 当 MTC服务器需要 从 MTC设备接收信息时, MTC服务器可以通过 GBA-PUSH方式触发 MTC 设备,建立 MTC设备与 MTC服务器之间的安全连接。采用 GBA-PUSH方 式触发的 MTC设备需要预先在 MTC服务器进行注册, MTC服务器存储注 册的 MTC设备的相关信息; 或者, MTC服务器也可以通过其他方式获得 MTC设备的相关信息, 包括身份信息等。
在完成 MTC设备触发的过程中:
MTC服务器用于向 BSF发送请求消息,该请求消息中包含 GPI请求信 息和触发请求信息;
BSF用于通过 GPI请求处理过程生成 GPI信息, 并根据触发请求信息 在 GPI信息中添加触发指令参数信息, 将包含触发指令参数信息的 GPI信 息发送给 MTC服务器; GPI请求处理过程需要 BSF与 HSS的交互, HSS 为 BSF提供 MTC设备的用户认证相关信息;
MTC服务器还用于将包含触发指令参数信息的 GPI信息发送给待触发 的 MTC设备;
MTC设备用于根据所接收的 GPI信息中的触发指令参数信息实现触 发。
进一步的, MTC服务器在接收到所述 GPI信息后, 将除触发指令参数 信息之外的 GPI信息、以及待触发 MTC设备的用户相关信息保存到安全关 联 ( SA, Security Association ) 中。
进一步的, MTC设备在接收到 GPI信息后, 将 GPI信息、 以及自身的 用户相关信息保存到 SA中。
MTC设备在实现触发后,向 MTC服务器返回触发响应,并建立与 MTC 服务器之间的安全连接。
由图 3所示系统实现的 MTC设备触发的方法流程如图 4所示,主要包 括:
步驟 401 , MTC服务器向 BSF发送请求消息, 该请求消息中包含 GPI 请求信息和触发请求信息。
步驟 402, BSF收到请求消息后, 通过 GPI请求处理过程生成 GPI信 息, 并根据触发请求信息在 GPI信息中添加触发指令参数信息。 触发指令 参数信息可以包括触发指令参数名称(Trigger Indication ), 较佳的, 还可以 进一步包括 MTC设备触发后发送信息的时间范围 (Trigger Time )等。
添加了触发指令参数信息后的 GPI信息格式, 如下表 1所示:
Figure imgf000010_0001
Figure imgf000011_0001
表 1
步驟 403 , BSF将包含触发指令参数信息的 GPI信息通过请求响应发送 给 MTC服务器。
步驟 404, MTC服务器保存收到的 GIP信息和其他用户相关信息到一 个安全关联(SA, Security Association ) 中。 其中, 触发指令参数信息无需 在 MTC服务器上保存。
安全关联具体包括如下表 2中所示的参数信息:
Figure imgf000011_0002
UE Id m 0 The user identity
used in NAF request.
UE Priv Id 0 Private user identity
(IMSI/IMPI) for
used UE Id
UE Trp m Transport address to The transport address used by which GPI should be the NAF when pushing GPI to delivered the UE
RAND m m RAND in UMTS From GPI
AKA
AUTN(*) m m AUTN orAUTN* From GPI
App Lbl m m UICC application From GPI or other implicit identifier agreement or information.
NAF— Id m m Concatenation of
NAF FQDN and Ua
security protocol Id
Enc GPI m Encrypted part of
GPI plus MAC
Mac— GPI m BSF generated MAC
over GPI
UL SA Id m m Uplink NAF SA
identity
DL SA Id m m Downlink NAF SA
identity
Ks NAF 1 m m External NAF-key Ks NAF is generated in s ext NAF GBA— ME based GBA-Push
Ks ext NAF is generated in GBA— U based GBA— Push Ks int NAF 0 0 UICC internal Ks int NAF is generated in
NAF-key GBA U based GBA Push
Key LT m m Received NAF-Key
life time
表 2
步驟 405 , MTC服务器将包含触发指令参数信息的 GPI信息发送给 MTC设备。
步驟 406, MTC设备接收到包含触发指令参数信息的 GPI信息后, 根 据 GBA-PUSH定义的处理过程处理该 GPI信息中除触发指令参数信息之外 的所有 GPI信息, 并保存相应的 SA。
步驟 407, MTC设备根据 GPI信息中的触发指令参数信息触发 MTC 设备, 响应 MTC服务器的触发指令, 并根据 SA建立与 MTC服务器的安 全连接。 MTC设备根据所述触发指令参数信息中的 Trigger Time, 在对应 的时间范围内向 MTC服务器发送信息。
综上所述, 本发明将 GBA-PUSH过程用于 MTC设备的触发, 即将触 发指令参数信息添加到 GBA-PUSH过程的 GPI信息中,发送给 MTC设备, 由于 GBA-PUSH过程具有较高的安全性, 因此这保证了 MTC设备触发的 安全性, 实现了对 MTC设备触发过程的安全保护, 同时保证了 MTC设备 与 MTC服务器之间能够建立安全连接。
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。

Claims

权利要求书
1、 一种 MTC设备触发的方法, 其特征在于, 该方法包括:
机器类通信 (MTC )服务器向引导服务器功能实体(BSF )发送请求 消息, 所述请求消息中包含通用引导架构推送(GPI )请求信息和触发请求 信息;
所述 BSF通过 GPI请求处理过程生成 GPI信息, 并根据所述触发请求 信息在所述 GPI信息中添加触发指令参数信息, 将包含所述触发指令参数 信息的 GPI信息发送给 MTC服务器;
所述 MTC服务器将包含所述触发指令参数信息的 GPI信息发送给待触 发的 MTC设备;
所述 MTC设备根据所接收的 GPI信息中的触发指令参数信息实现触 发。
2、 根据权利要求 1所述 MTC设备触发的方法, 其特征在于, 在 BSF 将包含触发指令参数信息的 GPI信息发送给 MTC服务器后,该方法还包括: 所述 MTC服务器将除触发指令参数信息之外的 GPI信息、以及待触发 MTC设备的用户相关信息保存到安全关联( SA ) 中。
3、 根据权利要求 1所述 MTC设备触发的方法, 其特征在于, 在 MTC 服务器将包含触发指令参数信息的 GPI信息发送给待触发的 MTC设备后, 该方法还包括:
所述 MTC设备将所述 GPI信息、 以及自身的用户相关信息保存到 SA 中。
4、 根据权利要求 1、 2或 3所述 MTC设备触发的方法, 其特征在于, 在 MTC设备实现触发后, 该方法还包括:
所述 MTC设备向 MTC服务器返回触发响应, 并建立与所述 MTC服 务器之间的安全连接。
5、 根据权利要求 1、 2或 3所述 MTC设备触发的方法, 其特征在于, 在 MTC服务器向 BSF发送请求消息之前, 该方法还包括:
所述 MTC设备在 MTC服务器注册, 所述 MTC服务器保存所述 MTC 设备相关信息。
6、 根据权利要求 1、 2或 3所述 MTC设备触发的方法, 其特征在于, 所述触发指令参数信息包括: 触发指令参数名称。
7、 根据权利要求 6所述 MTC设备触发的方法, 其特征在于, 所述触 发指令参数信息进一步包括: MTC设备触发后发送信息的时间范围。
8、 一种 MTC设备触发的系统, 其特征在于, 该系统包括: MTC服务 器、 BSF和 MTC设备, 其中,
所述 MTC服务器, 用于向所述 BSF发送请求消息, 所述请求消息中 包含 GPI请求信息和触发请求信息;
所述 BSF, 用于通过 GPI请求处理过程生成 GPI信息, 并根据所述触 发请求信息在所述 GPI信息中添加触发指令参数信息, 将包含所述触发指 令参数信息的 GPI信息发送给所述 MTC服务器;
所述 MTC服务器还用于,将包含所述触发指令参数信息的 GPI信息发 送给待触发的 MTC设备;
所述 MTC设备,用于根据所接收的 GPI信息中的触发指令参数信息实 现触发。
9、根据权利要求 8所述 MTC设备触发的系统,其特征在于,所述 MTC 服务器进一步用于, 在接收到所述 GPI信息后, 将除触发指令参数信息之 外的 GPI信息、 以及待触发 MTC设备的用户相关信息保存到 SA中。
10、 根据权利要求 8所述 MTC设备触发的系统, 其特征在于, 所述 MTC设备进一步用于, 在接收到所述 GPI信息后, 将所述 GPI信息、 以及 自身的用户相关信息保存到 SA中。
11、根据权利要求 8、 9或 10所述 MTC设备触发的系统,其特征在于, 所述 MTC设备进一步用于,在实现触发后, 向 MTC服务器返回触发响应, 并建立与所述 MTC服务器之间的安全连接。
12、根据权利要求 8、 9或 10所述 MTC设备触发的系统,其特征在于, 所述 MTC服务器进一步用于,在向 BSF发送请求消息之前,接收所述 MTC 设备的注册, 并保存所述 MTC设备相关信息。
13、根据权利要求 8、 9或 10所述 MTC设备触发的系统,其特征在于, 所述触发指令参数信息包括: 触发指令参数名称。
14、 根据权利要求 13所述 MTC设备触发的系统, 其特征在于, 所述 触发指令参数信息进一步包括: MTC设备触发后发送信息的时间范围。
PCT/CN2011/079638 2011-07-04 2011-09-14 一种mtc设备触发的方法和系统 WO2012151819A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP11865120.7A EP2713642B1 (en) 2011-07-04 2011-09-14 Method and system for triggering an mtc device
US14/127,223 US10085229B2 (en) 2011-07-04 2011-09-14 Method and system for triggering MTC device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110185533.8A CN102869015B (zh) 2011-07-04 2011-07-04 一种mtc设备触发的方法和系统
CN201110185533.8 2011-07-04

Publications (1)

Publication Number Publication Date
WO2012151819A1 true WO2012151819A1 (zh) 2012-11-15

Family

ID=47138669

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/079638 WO2012151819A1 (zh) 2011-07-04 2011-09-14 一种mtc设备触发的方法和系统

Country Status (4)

Country Link
US (1) US10085229B2 (zh)
EP (1) EP2713642B1 (zh)
CN (1) CN102869015B (zh)
WO (1) WO2012151819A1 (zh)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2518522A (en) * 2013-09-13 2015-03-25 Vodafone Ip Licensing Ltd Communicating with a machine to machine device
US20180302769A1 (en) * 2015-10-20 2018-10-18 Sony Corporation Device and method

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201122206D0 (en) 2011-12-22 2012-02-01 Vodafone Ip Licensing Ltd Sampling and identifying user contact
JP5773074B2 (ja) * 2012-01-27 2015-09-02 日本電気株式会社 M2mにおけるプライバシー問題

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007042345A1 (en) * 2005-10-13 2007-04-19 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for establishing a security association
WO2010090569A1 (en) * 2009-02-05 2010-08-12 Telefonaktiebolaget Lm Ericsson (Publ) Apparatuses and a method for protecting a bootstrap message in a network
CN102047629A (zh) * 2008-01-18 2011-05-04 交互数字专利控股公司 用于启用机器对机器通信的方法和设备

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070086590A1 (en) 2005-10-13 2007-04-19 Rolf Blom Method and apparatus for establishing a security association
CN102014103A (zh) * 2009-09-07 2011-04-13 华为技术有限公司 机器类型通讯方法及终端
CN102045810B (zh) * 2009-10-09 2014-01-08 华为技术有限公司 机器类型通讯终端设备接入网络的方法、装置和系统
CN102299797A (zh) * 2010-06-23 2011-12-28 财团法人工业技术研究院 认证方法、密钥分配方法及认证与密钥分配方法
US20120252518A1 (en) * 2011-04-01 2012-10-04 Interdigital Patent Holdings, Inc. Network initiated triggering of an offline device
JP5784214B2 (ja) * 2011-04-06 2015-09-24 クアルコム,インコーポレイテッド デタッチされたマシン型通信デバイスをトリガするための方法および装置

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007042345A1 (en) * 2005-10-13 2007-04-19 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for establishing a security association
CN102047629A (zh) * 2008-01-18 2011-05-04 交互数字专利控股公司 用于启用机器对机器通信的方法和设备
WO2010090569A1 (en) * 2009-02-05 2010-08-12 Telefonaktiebolaget Lm Ericsson (Publ) Apparatuses and a method for protecting a bootstrap message in a network

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Reply LS on Machine Type Communications Feature Secure Connection", 3GPP TSG-SA3, SA3#58. S1-100213, 5 February 2010 (2010-02-05), XP050431521 *
See also references of EP2713642A4 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2518522A (en) * 2013-09-13 2015-03-25 Vodafone Ip Licensing Ltd Communicating with a machine to machine device
US10313307B2 (en) 2013-09-13 2019-06-04 Vodafone Ip Licensing Limited Communicating with a machine to machine device
US10412052B2 (en) 2013-09-13 2019-09-10 Vodafone Ip Licensing Limited Managing machine to machine devices
US10439991B2 (en) 2013-09-13 2019-10-08 Vodafone Ip Licensing Limited Communicating with a machine to machine device
US10630646B2 (en) 2013-09-13 2020-04-21 Vodafone Ip Licensing Limited Methods and systems for communicating with an M2M device
US10673820B2 (en) 2013-09-13 2020-06-02 Vodafone Ip Licensing Limited Communicating with a machine to machine device
GB2518522B (en) * 2013-09-13 2020-07-22 Vodafone Ip Licensing Ltd Communicating with a machine to machine device
US11063912B2 (en) 2013-09-13 2021-07-13 Vodafone Ip Licensing Limited Methods and systems for communicating with an M2M device
US20180302769A1 (en) * 2015-10-20 2018-10-18 Sony Corporation Device and method
US10448225B2 (en) * 2015-10-20 2019-10-15 Sony Corporation Device and method

Also Published As

Publication number Publication date
US20140134995A1 (en) 2014-05-15
US10085229B2 (en) 2018-09-25
EP2713642B1 (en) 2016-11-02
CN102869015B (zh) 2017-12-15
CN102869015A (zh) 2013-01-09
EP2713642A4 (en) 2015-04-01
EP2713642A1 (en) 2014-04-02

Similar Documents

Publication Publication Date Title
EP2750424B1 (en) Method, device and system for binding mtc device and uicc
US10243954B2 (en) Access network assisted bootstrapping
EP3562184B1 (en) Technique for managing profile in communication system
CN102595389B (zh) 一种mtc服务器共享密钥的方法及系统
EP2744250B1 (en) Method and apparatus for binding universal integrated circuit card and machine type communication device
US20090217038A1 (en) Methods and Apparatus for Locating a Device Registration Server in a Wireless Network
CN102469455B (zh) 基于通用引导架构的机器类通信设备分组管理方法及系统
EP3076695B1 (en) Method and system for secure transmission of small data of mtc device group
WO2012075814A1 (zh) 一种mtc组设备的应用密钥管理方法及系统
WO2011116713A2 (zh) Mtc终端通过网关与网络通信的方法、设备及系统
WO2012151819A1 (zh) 一种mtc设备触发的方法和系统
WO2013110224A1 (zh) Mtc设备的触发方法、装置及系统
WO2014166257A1 (zh) 触发消息处理方法、装置及通信系统
EP4203392B1 (en) Authentication support for an electronic device to connect to a telecommunications network
WO2023185513A1 (zh) 通信方法、装置以及系统
CN102958036B (zh) 一种终端触发的方法及系统
CN103391523A (zh) 机器类通信设备及其短信处理方法、机器类通信系统
EP4457975A1 (en) Authentication support for an electronic device to connect to a telecommunications network
WO2013166645A1 (zh) 数据传输的方法、装置及系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11865120

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 14127223

Country of ref document: US

REEP Request for entry into the european phase

Ref document number: 2011865120

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2011865120

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE