WO2013111913A2 - Privacy issues in m2m - Google Patents

Privacy issues in m2m Download PDF

Info

Publication number
WO2013111913A2
WO2013111913A2 PCT/JP2013/052285 JP2013052285W WO2013111913A2 WO 2013111913 A2 WO2013111913 A2 WO 2013111913A2 JP 2013052285 W JP2013052285 W JP 2013052285W WO 2013111913 A2 WO2013111913 A2 WO 2013111913A2
Authority
WO
WIPO (PCT)
Prior art keywords
mtc
mtc device
message
network
sensitive information
Prior art date
Application number
PCT/JP2013/052285
Other languages
French (fr)
Other versions
WO2013111913A3 (en
Inventor
Xiaowei Zhang
Anand Raghawa Prasad
Original Assignee
Nec Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nec Corporation filed Critical Nec Corporation
Priority to IN5685DEN2014 priority Critical patent/IN2014DN05685A/en
Priority to JP2014517293A priority patent/JP5773074B2/en
Priority to US14/372,885 priority patent/US20140351949A1/en
Priority to EP13709569.1A priority patent/EP2807846A2/en
Publication of WO2013111913A2 publication Critical patent/WO2013111913A2/en
Publication of WO2013111913A3 publication Critical patent/WO2013111913A3/en
Priority to US15/373,402 priority patent/US20170156055A1/en
Priority to US16/663,201 priority patent/US20200059779A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/20Services signaling; Auxiliary data signalling, i.e. transmitting data via a non-traffic channel
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/90Services for handling of emergency or hazardous situations, e.g. earthquake and tsunami warning systems [ETWS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/50Connection management for emergency connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/20Manipulation of established connections
    • H04W76/25Maintenance of established connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data

Definitions

  • the present invention relates to security and privacy issue in machine-to-machine communication (M2M).
  • M2M machine-to-machine communication
  • NPL 3 discloses "Privacy breach due to (unnecessary) collection of location information of an MTC (Machine-Type-Communication) Device that can be linked to an individual" (see Clause 5.7.2).
  • NPL 3 The requirement described in NPL 3 is "It should be possible to prevent tracking of location information for some types of MTC Device” (see Clause 5.73).
  • NPL 1 and 2 service requirements and system improvements for MTC are disclosed by NPL 1 and 2, respectively.
  • NPL 1 3GPP TR 22.368, "Service requirements for Machine-Type Communications (MTC); (Release 11)", VI 1.3.0, 2011-09, clause 7.2.11, pp. 16-17
  • NPL 2 3GPP TR 23.888, "System Improvements for Machine-Type Communications; (Release 11)", Vl .5.0, 2011-10, clause 4, pp. 7-17
  • NPL 3 3GPP TR 33.868, "Security aspects of Machine-Type Communications (Release 11)", VO.6.0, 2011-11, clauses 5.7 and 7.6, pp. 17-18 and 29 Summary of Invention
  • MTC device can provide location information according to network and/or MTC server request.
  • NPL 3 has not provided any solution for the above mentioned issues. To achieve them, interfaces T5a/T5b and MTCsp should be enhanced.
  • privacy data is considered with focus on location information as described in NPL 3.
  • the invention is applicable for other privacy data as well.
  • MTC Devices may be detached from the network when not communicating to prevent unnecessary collection of location information by the network.
  • MTC device may need keep connected and cannot be detached only for location information purpose.
  • the MTC Device may need to provide an ability to transmit location tracking information in emergency case. To which a solution is provided in this invention.
  • Location information is only provided to authorized MTC server from a MTC device with the feature, when it is necessary according to network and/or MTC server requirement.
  • Location information is protected while being sent to network and MTC server to prevent attack.
  • Location information provision function can be switched-off so that unnecessary location information will not be provided; MTC device can still connect to network; reduce traffic load.
  • Location information can be securely provided in emergency case.
  • Fig. 1 is a block diagram showing a configuration example of a system according to an exemplary embodiment of the present invention.
  • Fig. 2 is a sequence diagram showing an operation example of a system according to an exemplary embodiment of the present invention.
  • Fig. 3 is a block diagram showing a configuration example of an MTC device according to an exemplary embodiment of the present invention.
  • Fig. 4 is a block diagram showing a configuration example of a node according to an exemplary embodiment of the present invention.
  • a system includes a UE (User Equipment) serving as an MTC device 10, a network, and an MTC server 20.
  • the MTC device 10 is connected to the network via a RAN (Radio Access Network).
  • the network includes an MME (Mobility Management Entity) 30, an HSS (Home Subscriber Server), an MTC-IWF (Interworking Function) 40, S-GW (Serving Gateway), P-GW (PDN (Packet Data Network) Gateway), and the like.
  • the MME 30 is connected to the MTC server 20 via the MTC IWF 40 or S-GW/P-GW
  • MTC device which is sending privacy sensitive information
  • MTC server which requests and is receiving the privacy information
  • the MTC device When the MTC device needs to connect with network, it should be able to switch-off the functionality of provisioning location information, such that it still can communicate with the network.
  • a field should be added in a given message to indicate whether the message contains privacy sensitive information, such that the network can verify.
  • - MTC device should be able to securely provide location information and other privacy sensitive information in emergency case.
  • MTC device which is sending privacy sensitive information in emergency message.
  • a field can be added in a given emergency message to indicate whether it is an emergency-use MTC device.
  • Network verifies whether the MTC device can be used/activated in emergency case.
  • Security protection can be provided by NAS security context if they are valid, or an optional solution is to deploy an emergency-use USIM in MTC device.
  • Network and MTC server 20 has mutual authentication
  • MTC device 10 and network has mutual authentication
  • MTC device 10 and MTC server 20 has mutual authentication.
  • Network should be aware of location information is being sent to MTC server, and it should perform authorization to verify if the information can be sent to a specific MTC server.
  • the location information should be protected by secure communication between MTC device 10 and MTC server 20.
  • Step SI 5 Network performs authorization for MTC device 10 (Step SI 5), by verifying:
  • Step SI 5 Network performs authorization for MTC server 20 (Step SI 5), by verifying:
  • MTC device can provide location information according to network and/or MTC server request.
  • MTC device 10 In Attach procedure, MTC device 10 is given location information related parameter such as allowed MTC server, functionality switch on/off (Steps SI and S2). And it should send location information every time soon after it is attached to the network (Steps S3 to SI 4). It is the same for TAU (Tracking Area Update),
  • the MTC device 10 can be triggered to send location information with:
  • Timer for location report (which can be periodic, or fixed time for next time only)
  • Steps S8 to S 10 Trigger message from authorized MTC server 20 with a request (Steps S8 to S 10); (b3) Emergency case (Steps SI 3 and SI 4); or
  • MTC device 10 should be able to switch off the functionality to provide location information, to be tracked or monitored, while MTC device 10 needs to be connected to the network for other communication (Step SI 7).
  • the switch off timing can be indicated by the MTC server 20 when it is necessary or dependent on a configured condition, e.g. event trigger of every time after the location information is provided.
  • Step SI 8 On emergency (Step SI 8), the MTC Device 10 starts communication via MME 30 thus sending control message to MTC server 20 (Step S21).
  • MME 30 can identify that the MTC device 10 is an emergency device due to special field in IMEI (International Mobile Equipment Identity) (Step S22). MME 30 can be informed by HSS that the MTC device/UE is an emergency device. There could be other ways to identify a device as a MTC device, e.g. a new field in the packet sent from the MTC device 10.
  • IMEI International Mobile Equipment Identity
  • MME 30 signals b) to MTC Server 20 via the MTC IWF 40 or S-GW/P-GW.
  • Step S20 Security of the privacy data (location information) transmission can be transmitted (Step S20), in one of the following ways:
  • the emergency-use USIM can provide security context to protect privacy data (location information) (Step SI 9);
  • NAS Non- Access Stratum
  • Emergency content of the message could be the novel part: MTC device identifier indicating it is an emergency device,— message path: MTC device 10 ⁇ MME 30 ⁇ MTC IWF 40 ⁇ MTC Server 20.
  • the MTC device 10 includes an including unit 11, a sending unit 12, and a switch-off unit 13.
  • the including unit 11 includes, in the message, the field mentioned in the operations regarding the issue [1].
  • the sending unit 12 sends the message to the MTC server 20 through the MME 30, and the MTC-IWF 40 or the S-GW/P-GW.
  • the sending unit 12 may send out the privacy sensitive information by using, as a trigger, expiry of the timer, a trigger message received from the MTC server 20, or change in location of the MTC device.
  • the switch-off unit 13 switches off the functionality to provide the privacy sensitive information, while maintaining the connection with the MME 30, and the MTC-IWF 40 or the S-GW/P-GW.
  • the including unit 11 includes, in the message or the
  • the sending unit 12 may protect the privacy sensitive information with the security context stored in the above-mentioned emergency-use USIM (not shown).
  • the units 11 to 13 are mutually connected with each other thorough a bus or the like. These units 11 to 13 can be configured by, for example, a transceiver which conducts communication with the MME 30 and the like through the RAN, and a controller which controls this transceiver to execute the processes shown in Fig. 2 or processes equivalent thereto.
  • the MME 30, which is one of node forming the network, includes a receiving unit 31, a verifying unit 32, an authorizing unit 33, a protecting unit 34, and an identifying unit 35.
  • the receiving unit 31 receives, from the MTC device 10, the message including the field mentioned in the operations regarding the issue [1].
  • the verifying unit 32 verifies, based on this field, whether the message contains the privacy sensitive information.
  • the authorizing unit 33 authorizes the MTC device 10 by verifying whether the MTC device 10 is allowed to send the privacy sensitive information to the MTC server 20. Also, the
  • the authorizing unit 33 authorizes the MTC server 20 by verifying whether the MTC server 20 is allowed to request or receive the privacy sensitive information from the MTC device 10.
  • the protecting unit 34 securely protects the privacy sensitive information upon transferring the message from the MTC device 10 to the MTC server 20.
  • the receiving unit 31 receives, from the MTC device 10, the message including the field mentioned in the operations regarding the issue [4].
  • the identifying unit 35 identifies, based on this field, the MTC device 10 as the emergency device. Note that the units 31 to 35 are mutually connected with each other thorough a bus or the like. These units 31 to 35 can be configured by, for example, a transceiver which conducts communication with the MTC device 10 through the RAN, a transceiver which conducts communication with the MTC server 20 through the
  • MTC-IWF 40 or the P-GW and a controller which controls these transceivers to execute the processes shown in Fig. 2 or processes equivalent thereto.
  • Special field to indicate the message includes privacy data (i.e., location information).
  • Access control for MTC device which intends to provide privacy data to a given MTC server.
  • Access control for MTC server which intends to request privacy data to a given MTC device.
  • Trigger to request MTC device providing location information or other privacy sensitive information according to network and/or MTC server requirement can be timer, trigger message, location change.
  • Privacy data including location information can be securely provided in emergency case.
  • MTC device can switch-off the functionality which sends location information, e.g., location report, monitoring, tracking while the MTC device can still be connected to network.
  • location information e.g., location report, monitoring, tracking while the MTC device can still be connected to network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Emergency Management (AREA)
  • Environmental & Geological Engineering (AREA)
  • Public Health (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Alarm Systems (AREA)

Abstract

Upon transmitting privacy information to an MTC server (20) via a network (30, 40), an MTC device (10) includes in a message a field to indicate whether the message contains the privacy information, such that the network (30, 40) can perform authorization for the MTC device (10) and server (20). When the MTC device (10) needs to keep connection with the network (30, 40), the MTC device (10) switches off the functionality of provisioning the privacy information, such that the MTC device (10) still can communicate with the network (30, 40). Upon the transmission of privacy information in an emergency case, the MTC device (10) further includes in the message a content to indicate that the MTC device (10) is an emergency device, such that the network (30, 40) verifies whether the MTC device (10) can be used or activated in the emergency case. Optionally, a USIM for emergency-use is deployed in the MTC device (10).

Description

DESCRIPTION
Title of Invention
PRIVACY ISSUES IN M2M Technical Field
[0001]
The present invention relates to security and privacy issue in machine-to-machine communication (M2M). Background Art
[0002]
Privacy issue has been considered in 3GPP (Third Generation Partnership Project). NPL 3 discloses "Privacy breach due to (unnecessary) collection of location information of an MTC (Machine-Type-Communication) Device that can be linked to an individual" (see Clause 5.7.2).
[0003]
The requirement described in NPL 3 is "It should be possible to prevent tracking of location information for some types of MTC Device" (see Clause 5.73).
[0004]
Therefore a mechanism of securely providing location information from MTC device to network and MTC server is necessary in M2M system.
[0005]
Note that service requirements and system improvements for MTC are disclosed by NPL 1 and 2, respectively.
Citation List
Non Patent Literature
[0006]
NPL 1: 3GPP TR 22.368, "Service requirements for Machine-Type Communications (MTC); (Release 11)", VI 1.3.0, 2011-09, clause 7.2.11, pp. 16-17
NPL 2: 3GPP TR 23.888, "System Improvements for Machine-Type Communications; (Release 11)", Vl .5.0, 2011-10, clause 4, pp. 7-17
NPL 3: 3GPP TR 33.868, "Security aspects of Machine-Type Communications (Release 11)", VO.6.0, 2011-11, clauses 5.7 and 7.6, pp. 17-18 and 29 Summary of Invention
[0007]
As location information is important and related to privacy, it should only be provided securely to authenticated and authorized MTC server when it is necessary.
[0008]
The issue can be broken down as below:
[1]. Location information should not be exposed to unauthorized MTC server to prevent attack.
[2]. MTC device can provide location information according to network and/or MTC server request.
[3]. Unnecessary location information should not be sent especially continuously to create more traffic load.
[4]. Location information should be available and secured in emergency case.
[0009]
NPL 3 has not provided any solution for the above mentioned issues. To achieve them, interfaces T5a/T5b and MTCsp should be enhanced.
[0010]
In this invention, privacy data is considered with focus on location information as described in NPL 3. The invention is applicable for other privacy data as well.
[0011]
It is described in NPL 3 that MTC Devices may be detached from the network when not communicating to prevent unnecessary collection of location information by the network.
However, MTC device may need keep connected and cannot be detached only for location information purpose.
[0012]
It is also proposed in NPL 3 that "The MTC Device may need to provide an ability to transmit location tracking information in emergency case". To which a solution is provided in this invention.
Advantageous Effects of Invention
[0013]
According to the present invention, it is possible to achieve at least one of the following effects 1 to 4. [0014]
1. Location information is only provided to authorized MTC server from a MTC device with the feature, when it is necessary according to network and/or MTC server requirement.
2. Location information is protected while being sent to network and MTC server to prevent attack.
3. Location information provision function can be switched-off so that unnecessary location information will not be provided; MTC device can still connect to network; reduce traffic load.
4. Location information can be securely provided in emergency case.
Brief Description of Drawings
[0015]
[Fig. 1]
Fig. 1 is a block diagram showing a configuration example of a system according to an exemplary embodiment of the present invention.
[Fig. 2]
Fig. 2 is a sequence diagram showing an operation example of a system according to an exemplary embodiment of the present invention.
[Fig. 3]
Fig. 3 is a block diagram showing a configuration example of an MTC device according to an exemplary embodiment of the present invention.
[Fig. 4]
Fig. 4 is a block diagram showing a configuration example of a node according to an exemplary embodiment of the present invention.
Description of Embodiments
[0016]
Hereinafter, an exemplary embodiment of the present invention will be described with reference to Figs. 1 to 4.
[0017]
As shown in Fig. 1, a system according to this exemplary embodiment includes a UE (User Equipment) serving as an MTC device 10, a network, and an MTC server 20. The MTC device 10 is connected to the network via a RAN (Radio Access Network). The network includes an MME (Mobility Management Entity) 30, an HSS (Home Subscriber Server), an MTC-IWF (Interworking Function) 40, S-GW (Serving Gateway), P-GW (PDN (Packet Data Network) Gateway), and the like. The MME 30 is connected to the MTC server 20 via the MTC IWF 40 or S-GW/P-GW
[0018]
The inventors of this application have found that in such a system, there are the following threats regarding privacy issue.
[0019]
<Threats>
Privacy breach due to (unnecessary) collection of location information of an MTC Device that can be linked to an individual.
[0020]
Privacy sensitive information sent by a MTC device which is not allowed to do so, or towards a MTC server which is not allowed to receive it. Note that in the context of MTC, identity information and location information can be considered as privacy sensitive information.
[0021]
In order to address these threats, the following security requirements apply.
[0022]
<Security requirements>
- Network should be able to verify whether a message contains any privacy sensitive information.
- Network should be able to perform access control for MTC device which is sending privacy sensitive information and MTC server which requests and is receiving the privacy information.
- Privacy sensitive information transmitted to MTC server via network should be protected.
[0023]
There are described solutions which meet these security requirements.
[0024]
<Solutions>
When the MTC device needs to connect with network, it should be able to switch-off the functionality of provisioning location information, such that it still can communicate with the network.
[0025]
A field should be added in a given message to indicate whether the message contains privacy sensitive information, such that the network can verify.
[0026]
Further, in order to achieve privacy issues in emergency case, the following security requirements may apply.
[0027]
<Security requirements regarding privacy issues in emergency case>
- MTC device should be able to securely provide location information and other privacy sensitive information in emergency case.
- Network should be able to perform access control of MTC device which is sending privacy sensitive information in emergency message.
[0028]
There are described solutions which meet these security requirements.
[0029]
<Solutions for emergency case>
A field can be added in a given emergency message to indicate whether it is an emergency-use MTC device. Network verifies whether the MTC device can be used/activated in emergency case.
[0030]
Security protection can be provided by NAS security context if they are valid, or an optional solution is to deploy an emergency-use USIM in MTC device.
[0031]
Next, there will be described details of the above-mentioned solutions with reference to
Fig. 2.
[0032]
A few assumptions are made as below:
i. Network and MTC server 20 has mutual authentication;
ii. MTC device 10 and network has mutual authentication;
iii. MTC device 10 and MTC server 20 has mutual authentication.
[0033]
Network should be aware of location information is being sent to MTC server, and it should perform authorization to verify if the information can be sent to a specific MTC server.
[0034]
Operations to achieve the above-mentioned issue [1] (Location information should not be exposed to unauthorized MTC server to prevent attack) are as follows. a) Special field to indicate that the message includes location information is used in b) to d) below.
b) The location information should be protected by secure communication between MTC device 10 and MTC server 20.
c) Network performs authorization for MTC device 10 (Step SI 5), by verifying:
(cl) whether the MTC device 10 has the feature of providing location information; (c2) whether the MTC device 10 is allowed to send the location information to the given MTC server 20.
d) Network performs authorization for MTC server 20 (Step SI 5), by verifying:
(dl) whether MTC server 20 is allowed to request location information from the given
MTC device 10.
[0035]
Operations to achieve the above-mentioned issue [2] (MTC device can provide location information according to network and/or MTC server request) are as follows.
a) In Attach procedure, MTC device 10 is given location information related parameter such as allowed MTC server, functionality switch on/off (Steps SI and S2). And it should send location information every time soon after it is attached to the network (Steps S3 to SI 4). It is the same for TAU (Tracking Area Update),
b) The MTC device 10 can be triggered to send location information with:
(bl) Timer for location report (which can be periodic, or fixed time for next time only)
(Steps S5 to S7);
(b2) Trigger message from authorized MTC server 20 with a request (Steps S8 to S 10); (b3) Emergency case (Steps SI 3 and SI 4); or
(b4) Location change, depend on the agreement with network/MTC server 20. This can be in TAU procedure (Steps SI 1 and S 12).
[0036]
Operations to achieve the above-mentioned issue [3] (Unnecessary location information should not be sent especially continuously to prevent network load) are as follows.
a) MTC device 10 should be able to switch off the functionality to provide location information, to be tracked or monitored, while MTC device 10 needs to be connected to the network for other communication (Step SI 7).
b) The switch off timing can be indicated by the MTC server 20 when it is necessary or dependent on a configured condition, e.g. event trigger of every time after the location information is provided. [0037]
Operations to achieve the above-mentioned issue [4] (Location information should be available and secured in emergency case) are as follows.
a) On emergency (Step SI 8), the MTC Device 10 starts communication via MME 30 thus sending control message to MTC server 20 (Step S21).
b) MME 30 can identify that the MTC device 10 is an emergency device due to special field in IMEI (International Mobile Equipment Identity) (Step S22). MME 30 can be informed by HSS that the MTC device/UE is an emergency device. There could be other ways to identify a device as a MTC device, e.g. a new field in the packet sent from the MTC device 10.
c) MME 30 signals b) to MTC Server 20 via the MTC IWF 40 or S-GW/P-GW.
d) Deploy unique emergency USIMs (Universal Subscriber Identity Modules). This can be done by registering USIMs sold to e.g. car companies as emergency MTC USIMs or simple having special USIMs with special IMSI (International Mobile Subscriber Identity) that relate to emergency MTC devices.
e) Security of the privacy data (location information) transmission can be transmitted (Step S20), in one of the following ways:
(el) The emergency-use USIM can provide security context to protect privacy data (location information) (Step SI 9);
(e2) NAS (Non- Access Stratum) security between MTC device 10 and MME 30 followed by security between MTC IWF 40 and MTC server 20; or
(e3) End-to-end security between MTC device 10 and MTC server 20.
f) Emergency content of the message could be the novel part: MTC device identifier indicating it is an emergency device,— message path: MTC device 10→ MME 30→ MTC IWF 40→ MTC Server 20.
[0038]
Next, configuration examples of the MTC device 10 and the MME 30 according to above-mentioned exemplary embodiments will be subsequently described with reference to Figs. 3 and 4.
[0039]
As shown in Fig. 3, the MTC device 10 includes an including unit 11, a sending unit 12, and a switch-off unit 13. The including unit 11 includes, in the message, the field mentioned in the operations regarding the issue [1]. The sending unit 12 sends the message to the MTC server 20 through the MME 30, and the MTC-IWF 40 or the S-GW/P-GW. As mentioned in the operations regarding the issue [2], the sending unit 12 may send out the privacy sensitive information by using, as a trigger, expiry of the timer, a trigger message received from the MTC server 20, or change in location of the MTC device. As mentioned in the operations regarding the issue [3], the switch-off unit 13 switches off the functionality to provide the privacy sensitive information, while maintaining the connection with the MME 30, and the MTC-IWF 40 or the S-GW/P-GW. In the emergency case, the including unit 11 includes, in the message or the
IMEI in the message, the field mentioned in the operations regarding the issue [4]. At this time, the sending unit 12 may protect the privacy sensitive information with the security context stored in the above-mentioned emergency-use USIM (not shown). Note that the units 11 to 13 are mutually connected with each other thorough a bus or the like. These units 11 to 13 can be configured by, for example, a transceiver which conducts communication with the MME 30 and the like through the RAN, and a controller which controls this transceiver to execute the processes shown in Fig. 2 or processes equivalent thereto.
[0040]
Further, as shown in Fig. 4, the MME 30, which is one of node forming the network, includes a receiving unit 31, a verifying unit 32, an authorizing unit 33, a protecting unit 34, and an identifying unit 35. The receiving unit 31 receives, from the MTC device 10, the message including the field mentioned in the operations regarding the issue [1]. The verifying unit 32 verifies, based on this field, whether the message contains the privacy sensitive information. The authorizing unit 33 authorizes the MTC device 10 by verifying whether the MTC device 10 is allowed to send the privacy sensitive information to the MTC server 20. Also, the
authorizing unit 33 authorizes the MTC server 20 by verifying whether the MTC server 20 is allowed to request or receive the privacy sensitive information from the MTC device 10. The protecting unit 34 securely protects the privacy sensitive information upon transferring the message from the MTC device 10 to the MTC server 20. In the emergency case, the receiving unit 31 receives, from the MTC device 10, the message including the field mentioned in the operations regarding the issue [4]. The identifying unit 35 identifies, based on this field, the MTC device 10 as the emergency device. Note that the units 31 to 35 are mutually connected with each other thorough a bus or the like. These units 31 to 35 can be configured by, for example, a transceiver which conducts communication with the MTC device 10 through the RAN, a transceiver which conducts communication with the MTC server 20 through the
MTC-IWF 40 or the P-GW, and a controller which controls these transceivers to execute the processes shown in Fig. 2 or processes equivalent thereto.
[0041]
Note that the present invention is not limited to the above-mentioned exemplary embodiment, and it is obvious that various modifications can be made by those of ordinary skill in the art based on the recitation of the claims.
[0042]
This application is based upon and claims the benefit of priority from Japanese patent application No. 2012-015576, filed on January 27, 2012, the disclosure of which is incorporated herein in its entirety by reference.
[0043]
The whole or part of the exemplary embodiments disclosed above can be described as, but not limited to, the following supplementary notes.
[0044]
(Supplementary note 1)
Special field to indicate the message includes privacy data (i.e., location information).
[0045]
(Supplementary note 2)
Special field to indicate the MTC device can active in emergency.
[0046]
(Supplementary note 3)
Access control for MTC device which intends to provide privacy data to a given MTC server.
[0047]
(Supplementary note 4)
Access control for MTC server which intends to request privacy data to a given MTC device.
[0048]
(Supplementary note 5)
Trigger to request MTC device providing location information or other privacy sensitive information according to network and/or MTC server requirement, can be timer, trigger message, location change.
[0049]
(Supplementary note 6)
Privacy data including location information can be securely provided in emergency case.
[0050]
(Supplementary note 7) Secure communication between MTC device and MTC server is provided, options are unique USIM for emergency use; NAS security followed by security between MTC IWF and MTC server; end-to-end security between MTC device and MTC server.
[0051]
(Supplementary note 8)
MTC device can switch-off the functionality which sends location information, e.g., location report, monitoring, tracking while the MTC device can still be connected to network.
[0052]
(Supplementary note 9)
Emergency content in the message indicates it is an emergency use MTC device.
Reference Signs List
[0053]
10 MTC DEVICE
11 INCLUDING UNIT
12 SENDING UNIT
13 SWITCH-OFF UNIT
20 MTC SERVER
30 MME
31 RECEIVING UNIT
32 VERIFYING UNIT
33 AUTHORIZING UNIT
34 PROTECTING UNIT
35 IDENTIFYING UNIT
40 MTC-IWF

Claims

[Claim 1]
A system comprising:
an MTC (Machine-Type-Communication) device;
an MTC server; and
a network that relays traffic between the MTC device and the MTC server,
wherein the MTC device includes, in a message to be transmitted to the MTC server, a field to indicate whether the message contains privacy sensitive information, and
wherein the network is configured to verify, based on the field, whether the message contains the privacy sensitive information.
[Claim 2]
The system according to Claim 1 , wherein the network is further configured to authorize the MTC device by verifying whether the MTC device is allowed to send the privacy sensitive information to the MTC server.
[Claim 3]
The system according to Claim 1 or 2, wherein the network is further configured to authorize the MTC server by verifying whether the MTC server is allowed to request or receive the privacy sensitive information from the MTC device.
[Claim 4]
The system according to any one of Claims 1 to 3, wherein the network is further configured to securely protect the privacy sensitive information upon transferring the messag from the MTC device to the MTC server.
[Claim 5]
The system according to any one of Claims 1 to 4, wherein the privacy sensitive information includes location information of the MTC device.
[Claim 6]
An MTC device that communicates with an MTC server through a network, the MTC device comprising: an including means for including, in a message to be transmitted to the MTC server, a field to indicate whether the message contains privacy sensitive information; and
a sending means for sending the message to the MTC server through the network.
[Claim 7]
A node forming a network that relays traffic between an MTC device and an MTC server, the node comprising:
a receiving means for receiving from the MTC device a message to be transmitted to the MTC server, the message including a field to indicate whether the message contains privacy sensitive information; and
a verifying means for verifying, based on the field, whether the message contains the privacy sensitive information.
[Claim 8]
The node according to Claim 7, further comprising:
an authorizing means for authorizing the MTC device by verifying whether the MTC device is allowed to send the privacy sensitive information to the MTC server.
[Claim 9]
The node according to Claim 8, wherein the authorizing means is configured to further authorize the MTC server by verifying whether the MTC server is allowed to request or receive the privacy sensitive information from the MTC device.
[Claim 10]
The node according to any one of Claims 7 to 9, further comprising:
a protecting means for securely protecting the privacy sensitive information upon transferring the message from the MTC device to the MTC server.
[Claim 11]
A method of controlling operations in an MTC device that communicates with an MTC server through a network, the method comprising:
including, in a message to be transmitted to the MTC server, a field to indicate whether the message contains privacy sensitive information; and
sending the message to the MTC server through the network.
[Claim 12]
A method of controlling operations in a node forming a network that relays traffic between an MTC device and an MTC server, the method comprising:
receiving from the MTC device a message to be transmitted to the MTC server, the message including a field to indicate whether the message contains privacy sensitive information; and
verifying, based on the field, whether the message contains the privacy sensitive information.
[Claim 13]
A system comprising:
an MTC device;
an MTC server; and
a network that relays traffic between the MTC device and the MTC server,
wherein the MTC device sends out privacy sensitive information by using, as a trigger, expiry of a timer, a trigger message received from the MTC server, or change in location of the
MTC device.
[Claim 14]
The system according to Claim 13, wherein the MTC device sends out, as the privacy sensitive information, location information of the MTC device.
[Claim 15]
An MTC device that communicates with an MTC server through a network, the MTC device comprising:
a sending means for sending out privacy sensitive information by using, as a trigger, expiry of a timer, a trigger message received from the MTC server, or change in location of the MTC device.
[Claim 16]
A method of controlling operations in an MTC device that communicates with an MTC server through a network, the method comprising:
sending out privacy sensitive information by using, as a trigger, expiry of a timer, a trigger message received from the MTC server, or change in location of the MTC device.
[Claim 17]
A system comprising:
an MTC device;
an MTC server; and
a network that relays traffic between the MTC device and the MTC server,
wherein the MTC device switches off a function of providing privacy sensitive information, while maintaining connection with the network.
[Claim 18]
The system according to Claim 17, wherein a timing for the switch-off is indicated by the MTC server, or depends on a preconfigured condition.
[Claim 19]
The system according to Claim 17 or 18, wherein the function is configured to provide, as the privacy sensitive information, location information of the MTC device.
[Claim 20]
An MTC device that communicates with an MTC server through a network, the MTC device comprising:
a switch-off means for switching off a function of providing privacy sensitive information, while maintaining connection with the network.
[Claim 21]
A method of controlling operations in an MTC device that communicates with an MTC server through a network, the method comprising:
switching off a function of providing privacy sensitive information, while maintaining connection with the network.
[Claim 22]
A system comprising:
an MTC device;
an MTC server; and a network that relays traffic between the MTC device and the MTC server, wherein the MTC device includes, in a message to be transmitted to the MTC server or an identifier of the MTC device in the message, a field to indicate that the MTC device is a device used in an emergency case, the message containing privacy sensitive information, and wherein the network is configured to identify, based on the field, the MTC device as the device used in the emergency case.
[Claim 23]
The system according to Claim 22, wherein the identifier including the field is stored in a SIM (Subscriber Identity Module) mounted on the MTC device.
[Claim 24]
The system according to Claim 23,
wherein the SIM further stores security context, and
wherein the MTC device protects the privacy sensitive information with the security context.
[Claim 25]
The system according to Claim 22 or 23, wherein the network is further configured to securely protect the privacy sensitive information upon transferring the message from the MTC device to the MTC server.
[Claim 26]
The system according to any one of Claims 22 to 25, wherein the privacy sensitive information includes location information of the MTC device.
[Claim 27]
An MTC device that communicates with an MTC server through a network, the MTC device comprising:
an including means for including, in a message to be transmitted to the MTC server or an identifier of the MTC device in the message, a field to indicate that the MTC device is a device used in an emergency case, the message containing privacy sensitive information; and a sending means for sending the message to the MTC server through the network.
[Claim 28]
The MTC device according to Claim 27, further comprising:
a SIM that stores the identifier including the field.
[Claim 29]
The MTC device according to Claim 28,
wherein the SIM further stores security context, and
wherein the sending means is configured to protect the privacy sensitive information with the security context.
[Claim 30]
A node forming a network that relays traffic between an MTC device and an MTC server, the node comprising:
a receiving means for receiving from the MTC device a message to be transmitted to the MTC server, the message or an identifier of the MTC device in the message including a field to indicate that the MTC device is a device used in an emergency case, the message containing privacy sensitive information; and
an identifying means for identifying, based on the field, the MTC device as the device used in the emergency case.
[Claim 31]
The node according to Claim 30, further comprising:
a protecting means for securely protecting the privacy sensitive information upon transferring the message to the MTC server.
[Claim 32]
A method of controlling operations in an MTC device that communicates with an MTC server through a network, the method comprising:
including, in a message to be transmitted to the MTC server or an identifier of the MTC device in the message, a field to indicate that the MTC device is a device used in an emergency case, the message containing privacy sensitive information; and
sending the message to the MTC server through the network.
[Claim 33] A method of controlling operations in a node forming a network that relays traffic between an MTC device and an MTC server, the method comprising:
receiving from the MTC device a message to be transmitted to the MTC server, the message or an identifier of the MTC device in the message including a field to indicate that the MTC device is a device used in an emergency case, the message containing privacy sensitive information; and
identifying, based on the field, the MTC device as the device used in the emergency case.
PCT/JP2013/052285 2012-01-27 2013-01-24 Privacy issues in m2m WO2013111913A2 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
IN5685DEN2014 IN2014DN05685A (en) 2012-01-27 2013-01-24
JP2014517293A JP5773074B2 (en) 2012-01-27 2013-01-24 Privacy issues in M2M
US14/372,885 US20140351949A1 (en) 2012-01-27 2013-01-24 Privacy issues in m2m
EP13709569.1A EP2807846A2 (en) 2012-01-27 2013-01-24 Privacy issues in m2m
US15/373,402 US20170156055A1 (en) 2012-01-27 2016-12-08 Privacy issues in m2m
US16/663,201 US20200059779A1 (en) 2012-01-27 2019-10-24 Privacy issues in m2m

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2012-015576 2012-01-27
JP2012015576 2012-01-27

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US14/372,885 A-371-Of-International US20140351949A1 (en) 2012-01-27 2013-01-24 Privacy issues in m2m
US15/373,402 Continuation US20170156055A1 (en) 2012-01-27 2016-12-08 Privacy issues in m2m

Publications (2)

Publication Number Publication Date
WO2013111913A2 true WO2013111913A2 (en) 2013-08-01
WO2013111913A3 WO2013111913A3 (en) 2013-12-05

Family

ID=47884455

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2013/052285 WO2013111913A2 (en) 2012-01-27 2013-01-24 Privacy issues in m2m

Country Status (5)

Country Link
US (3) US20140351949A1 (en)
EP (1) EP2807846A2 (en)
JP (1) JP5773074B2 (en)
IN (1) IN2014DN05685A (en)
WO (1) WO2013111913A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109117665A (en) * 2013-08-14 2019-01-01 华为终端(东莞)有限公司 Realize method for secret protection and device

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104244243B (en) * 2013-06-24 2019-08-23 中兴通讯股份有限公司 Terminal peripheral hardware control method, Machine To Machine gateway and communication system
CN104581704B (en) * 2013-10-25 2019-09-24 中兴通讯股份有限公司 A kind of method and network entity for realizing secure communication between equipment for machine type communication
CN104936306B (en) * 2014-03-17 2020-01-14 中兴通讯股份有限公司 MTC device group small data secure transmission connection establishment method, HSS and system
JP6943827B2 (en) * 2018-10-09 2021-10-06 Kddi株式会社 Nodes, programs and methods to transfer data so that the request data source can be identified

Family Cites Families (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2317074B (en) * 1996-09-09 1998-10-28 I Co Global Communications Communications apparatus and method
US6134447A (en) * 1998-05-29 2000-10-17 Ericsson Inc. System and method for monitoring and barring location applications
US7751826B2 (en) * 2002-10-24 2010-07-06 Motorola, Inc. System and method for E911 location privacy protection
US7660590B2 (en) * 2003-12-23 2010-02-09 At&T Mobility Ii Llc Terminal-based server for location tracking
KR101122359B1 (en) * 2004-05-07 2012-03-23 인터디지탈 테크날러지 코포레이션 Supporting emergency calls on a wireless local area network
JP2008301137A (en) * 2007-05-30 2008-12-11 Kyocera Corp Wireless communication system, wireless terminal, and wireless communication method
CN101466083B (en) * 2007-12-18 2010-12-08 华为技术有限公司 Emergency call method and apparatus
US20090312039A1 (en) * 2008-06-13 2009-12-17 Jialin Zou Geo location polling and reporting for mobiles in idle mode
US9693184B2 (en) * 2008-08-18 2017-06-27 Qualcomm Incorporated Control plane location solution to support wireless access
KR101593664B1 (en) * 2008-09-04 2016-02-12 한국전자통신연구원 Apparatus and method for reporting location information of terminal
CN101686461A (en) * 2008-09-23 2010-03-31 华为技术有限公司 Method, system and network element of access control
US9743228B2 (en) * 2009-06-22 2017-08-22 Qualcomm Incorporated Transport of LCS-related messages for LTE access
KR101824987B1 (en) * 2010-02-11 2018-02-02 엘지전자 주식회사 Method for efficiently transmitting downlink small data of machine type communication in mobile communications system
EP2537381B1 (en) * 2010-02-16 2014-01-08 Telefonaktiebolaget L M Ericsson (PUBL) Network location management entity
US20110219423A1 (en) * 2010-03-05 2011-09-08 Nokia Corporation Method and apparatus for triggering user communications based on privacy information
US8995336B2 (en) * 2010-05-11 2015-03-31 Telefonaktiebolaget L M Ericsson (Publ) MTC service activation
CN102281513B (en) * 2010-06-13 2013-12-11 电信科学技术研究院 Mechanical communication monitoring processing method and equipment
CN103120004B (en) * 2010-09-27 2016-05-11 富士通株式会社 For the radio bearer of machine type communication
US8826446B1 (en) * 2011-01-19 2014-09-02 Google Inc. System and method for applying privacy settings to a plurality of applications
WO2012103902A1 (en) * 2011-02-04 2012-08-09 Telefonaktiebolaget L M Ericsson (Publ) Method and arrangements for mtc communication
EP2487973A1 (en) * 2011-02-11 2012-08-15 Alcatel Lucent Notifying a user equipment UE, over a mobile network, of an UE application trigger request from a network application server
KR20120094454A (en) * 2011-02-16 2012-08-24 에이치티씨 코포레이션 Service networks and methods for handling machine type communication device triggering
CN102137105B (en) * 2011-03-11 2012-11-07 华为技术有限公司 Machine-to-machine communication privacy protection method and system, machine-to-machine communication (M2M) service management entity and related equipment
JP5767394B2 (en) * 2011-04-01 2015-08-19 インターデイジタル パテント ホールディングス インコーポレイテッド Method and apparatus for triggering and synchronizing machine type communication devices
US20120252518A1 (en) * 2011-04-01 2012-10-04 Interdigital Patent Holdings, Inc. Network initiated triggering of an offline device
CN102869015B (en) * 2011-07-04 2017-12-15 中兴通讯股份有限公司 A kind of method and system of MTC device triggering
CN202160745U (en) * 2011-07-06 2012-03-14 广州一亚皮具制品有限公司 Skid-resisting and wear-resisting sole for sneakers
US8244244B1 (en) * 2011-08-31 2012-08-14 Renesas Mobile Corporation Method for triggering a user equipment
US9973877B2 (en) * 2011-09-23 2018-05-15 Htc Corporation Method of handling small data transmission
BR112014007959A2 (en) * 2011-10-03 2017-06-13 Intel Corp mechanisms for device to device communication
US9756009B2 (en) * 2011-11-07 2017-09-05 Telefonaktiebolaget Lm Ericsson (Publ) Message forwarding among disparate communication networks
CN103947271B (en) * 2011-11-22 2018-04-24 Sca艾普拉控股有限公司 Page off-line state terminal
WO2013110293A1 (en) * 2012-01-26 2013-08-01 Telefonaktiebolaget L M Ericsson (Publ) Providing an ims voice session via a packet switch network and an emergency voice session via a circuit switch network

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"Security aspects of Machine-Type Communications (Release 11", 3GPP TR 33.868, November 2011 (2011-11-01), pages 17 - 18,29
"Service requirements for Machine-Type Communications (MTC); (Release 11", 3GPP TR 22.368, September 2011 (2011-09-01), pages 16 - 17
"System Improvements for Machine-Type Communications; (Release 11", 3GPPTR23.888, October 2011 (2011-10-01), pages 7 - 17

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109117665A (en) * 2013-08-14 2019-01-01 华为终端(东莞)有限公司 Realize method for secret protection and device

Also Published As

Publication number Publication date
US20140351949A1 (en) 2014-11-27
US20170156055A1 (en) 2017-06-01
IN2014DN05685A (en) 2015-04-03
JP5773074B2 (en) 2015-09-02
EP2807846A2 (en) 2014-12-03
US20200059779A1 (en) 2020-02-20
JP2014532316A (en) 2014-12-04
WO2013111913A3 (en) 2013-12-05

Similar Documents

Publication Publication Date Title
US20200059779A1 (en) Privacy issues in m2m
US11496496B2 (en) Method and system for user plane traffic characteristics and network security
NL2010784C2 (en) Packet data network connections for multi priority wireless devices.
EP2944067B1 (en) Mtc key management for key derivation at both ue and network
EP3755026B1 (en) Update of security for group based feature in m2m
JP5850084B2 (en) Method for group change occurring in MTC
CN103298110A (en) Method and system for triggering MTC device
WO2011009496A1 (en) Terminal identifiers in a communications network
KR101725030B1 (en) Optimization of mtc device trigger delivery
EP2504971A1 (en) Method and apparatus for machine-to-machine communication registration
WO2014088120A1 (en) Group authentication and key management for mtc
EP2929710B1 (en) Mtc key management for sending key from network to ue
US20140357262A1 (en) Method and apparatus for secure processing of short message
CN102263793A (en) Method, system and device for verifying and controlling permission of MTC (machine type communication) server
JP6191768B2 (en) Data transfer from mobile radio communication equipment
CN101867931B (en) Device and method for realizing non access stratum in wireless communication system
CN101159625B (en) System and method of implementing monitor for police for WiMAX
WO2014166257A1 (en) Trigger message processing method, apparatus and communication system
WO2012151823A1 (en) Method and system for triggering machine type communication device
WO2013082919A1 (en) Connection control method and system for machine type communication device

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2014517293

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2013709569

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 14372885

Country of ref document: US

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13709569

Country of ref document: EP

Kind code of ref document: A2