[go: up one dir, main page]

CN104349311A - Key establishment method and system used for small-data transmission of machine-type communication - Google Patents

Key establishment method and system used for small-data transmission of machine-type communication Download PDF

Info

Publication number
CN104349311A
CN104349311A CN201310334433.6A CN201310334433A CN104349311A CN 104349311 A CN104349311 A CN 104349311A CN 201310334433 A CN201310334433 A CN 201310334433A CN 104349311 A CN104349311 A CN 104349311A
Authority
CN
China
Prior art keywords
mtc
iwf
mtc device
key
shared key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310334433.6A
Other languages
Chinese (zh)
Inventor
余万涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201310334433.6A priority Critical patent/CN104349311A/en
Priority to PCT/CN2013/086244 priority patent/WO2014161300A1/en
Publication of CN104349311A publication Critical patent/CN104349311A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种用于机器类通信MTC小数据传输的密钥建立方法和系统,其中,所述方法包括:收到认证数据请求信息的归属用户服务器HSS,为发出附着请求信息的MTC设备指定一个进行小数据传输的MTC互通功能实体MTC-IWF;所述HSS生成MTC设备与MTC-IWF之间的共享密钥Kiwf;所述HSS将MTC-IWF信息经由移动管理实体MME或通用分组无线业务服务支持节点SGSN发给MTC设备;所述HSS将MTC设备信息和生成的共享密钥Kiwf发送给指定的MTC-IWF;所述MTC-IWF存储收到的MTC设备信息和共享密钥Kiwf;所述MTC设备生成共享密钥Kiwf。本发明针对MTC系统中部署多个MTC-IWF的情况,能够在MTC设备与MTC-IWF之间建立共享密钥。

The invention discloses a key establishment method and system for MTC small data transmission of machine type communication, wherein the method includes: a home subscriber server HSS receiving authentication data request information, and an MTC device sending attachment request information Designate an MTC interworking functional entity MTC-IWF for small data transmission; the HSS generates a shared key K iwf between the MTC device and the MTC-IWF; the HSS transfers the MTC-IWF information via the mobile management entity MME or general packet The wireless service service support node SGSN sends it to the MTC device; the HSS sends the MTC device information and the generated shared key K iwf to the designated MTC-IWF; the MTC-IWF stores the received MTC device information and shared key K iwf ; the MTC device generates a shared key K iwf . Aiming at the situation of deploying multiple MTC-IWFs in the MTC system, the present invention can establish a shared key between MTC equipment and MTC-IWFs.

Description

一种用于机器类通信小数据传输的密钥建立方法和系统A key establishment method and system for machine type communication small data transmission

技术领域technical field

本发明涉及通信领域,尤其涉及一种用于机器类通信(Machine TypeCommunication,MTC)小数据传输的密钥建立方法及系统。The present invention relates to the field of communications, in particular to a key establishment method and system for machine type communication (Machine Type Communication, MTC) small data transmission.

背景技术Background technique

MTC是指应用无线通信技术,实现机器与机器、机器与人之间的数据通信和交流的一系列技术及其组合的总称。MTC包括两层含义:第一层是机器本身,在嵌入式领域称为智能设备;第二层意思是机器和机器之间的连接,通过网络把机器连接在一起。MTC的应用范围非常广泛,例如智能测量、远程监控、跟踪、医疗等,使人类生活更加智能化。与传统的人与人之间的通信相比,MTC设备(MTC Device)数量巨大,应用领域广泛。MTC refers to the general term for a series of technologies and their combinations that apply wireless communication technology to realize data communication and exchange between machines and machines and between machines and people. MTC includes two layers of meaning: the first layer is the machine itself, which is called a smart device in the embedded field; the second layer means the connection between machines, connecting machines together through the network. MTC has a wide range of applications, such as intelligent measurement, remote monitoring, tracking, medical treatment, etc., making human life more intelligent. Compared with the traditional communication between people, the number of MTC devices (MTC Device) is huge and the application fields are wide.

在现有MTC系统中,MTC设备通过第三代合作伙伴计划(3rd GenerationPartnership Project,3GPP)网络和MTC互通功能实体(MTC InterWorkingFunction,MTC-IWF),与业务能力服务器(Services Capability Server,SCS),如MTC服务器进行通信。In the existing MTC system, the MTC device communicates with the Service Capability Server (SCS) through the 3rd Generation Partnership Project (3rd Generation Partnership Project, 3GPP) network and the MTC interworking function entity (MTC InterWorking Function, MTC-IWF), For example, the MTC server communicates.

在移动通信系统中,引入MTC设备后,由于MTC设备数量众多,并且这些MTC设备可能经常接收和发送小数据,从而导致移动通信系统资源使用效率降低。为了高效使用网络资源,通常通过信令在MTC设备与MTC-IWF之间传输小数据。In a mobile communication system, after the introduction of MTC devices, since there are a large number of MTC devices, and these MTC devices may often receive and send small data, the resource usage efficiency of the mobile communication system is reduced. In order to efficiently use network resources, small data is usually transmitted between the MTC device and the MTC-IWF through signaling.

目前,在MTC设备和MTC-IWF部署小数据传输(Small Data Transmission,SDT)协议,MTC设备和SCS之间的任何数据交换都需要经过MTC-IWF。每一个SDT协议数据单元都指明发送和接受方标识。MTC设备与移动管理实体(Mobile Management Entity,MME)或通用分组无线业务(General Packet RadioService,GPRS)服务支持节点(Serving GPRS Support Node,SGSN)之间小数据服务数据单元封装在一个通用的网络接入服务(Network Access Service,NAS)协议数据单元中传输,在NAS协议数据单元中,协议类型需要设置成SDT。MME/SGSN与MTC-IWF之间传输数据时,小数据封装在小数据传输转移协议数据单元(Small Data Transmission-Transfer-Protocol Data Unit,SDT-Transfer-PDU)中传输。Currently, the Small Data Transmission (SDT) protocol is deployed between the MTC device and the MTC-IWF, and any data exchange between the MTC device and the SCS needs to go through the MTC-IWF. Each SDT protocol data unit indicates the identity of the sending and receiving parties. The small data service data unit between the MTC device and the mobile management entity (Mobile Management Entity, MME) or general packet radio service (General Packet Radio Service, GPRS) serving support node (Serving GPRS Support Node, SGSN) is encapsulated in a common network interface Incoming service (Network Access Service, NAS) protocol data unit, in the NAS protocol data unit, the protocol type needs to be set to SDT. When transmitting data between MME/SGSN and MTC-IWF, the small data is encapsulated in the Small Data Transmission-Transfer-Protocol Data Unit (SDT-Transfer-PDU) for transmission.

在上述方法中,要保证MTC设备和MTC-IWF之间的安全性,需要在MTC设备与MTC-IWF之间建立共享密钥。但是,目前在MTC设备与MTC-IWF之间建立共享密钥的技术方案仅适用于MTC系统中仅部署一个MTC-IWF的情况。对MTC系统中部署多个MTC-IWF的情况,还无法在MTC设备与MTC-IWF之间建立共享密钥。In the above method, to ensure the security between the MTC device and the MTC-IWF, a shared key needs to be established between the MTC device and the MTC-IWF. However, the current technical solution for establishing a shared key between the MTC device and the MTC-IWF is only applicable to the case where only one MTC-IWF is deployed in the MTC system. For the case of deploying multiple MTC-IWFs in the MTC system, it is still impossible to establish a shared key between the MTC device and the MTC-IWF.

发明内容Contents of the invention

有鉴于此,本发明的主要目的在于提供一种用于MTC小数据传输的密钥建立方法和系统,对MTC系统中部署多个MTC-IWF的情况,能够在MTC设备与MTC-IWF之间建立共享密钥。In view of this, the main purpose of the present invention is to provide a key establishment method and system for MTC small data transmission. For the situation where multiple MTC-IWFs are deployed in the MTC system, the MTC device and the MTC-IWF can Create a shared secret.

为达到上述目的,本发明的技术方案是这样实现的:In order to achieve the above object, technical solution of the present invention is achieved in that way:

本发明提供了一种用于机器类通信MTC小数据传输的密钥建立方法,所述方法包括:The present invention provides a method for establishing a key for machine type communication (MTC) small data transmission, the method comprising:

收到认证数据请求信息的归属用户服务器HSS,为发出附着请求信息的MTC设备指定一个进行小数据传输的MTC互通功能实体MTC-IWF;The home subscriber server HSS that receives the authentication data request information designates an MTC interworking functional entity MTC-IWF for small data transmission for the MTC device sending the attach request information;

所述HSS生成MTC设备与MTC-IWF之间的共享密钥KiwfThe HSS generates a shared key K iwf between the MTC device and the MTC-IWF;

所述HSS将MTC-IWF信息经由移动管理实体MME或通用分组无线业务服务支持节点SGSN发给MTC设备;The HSS sends the MTC-IWF information to the MTC device via a mobility management entity MME or a general packet radio service support node SGSN;

所述HSS将MTC设备信息和生成的共享密钥Kiwf发送给指定的MTC-IWF;The HSS sends the MTC device information and the generated shared key Kiwf to the designated MTC-IWF;

所述MTC-IWF存储收到的MTC设备信息和共享密钥KiwfThe MTC-IWF stores the received MTC device information and shared key Kiwf ;

所述MTC设备生成共享密钥KiwfThe MTC device generates a shared key K iwf .

较佳地,在所述HSS生成MTC设备与MTC-IWF之间的共享密钥Kiwf之后,所述方法还包括:Preferably, after the HSS generates the shared key Kiwf between the MTC device and the MTC-IWF, the method further includes:

所述HSS通过共享密钥Kiwf生成下一级密钥;The HSS generates a next-level key through the shared key Kiwf ;

相应的,在MTC设备生成共享密钥Kiwf之后,所述方法还包括:Correspondingly, after the MTC device generates the shared key Kiwf , the method further includes:

MTC设备通过共享密钥Kiwf生成下一级密钥。The MTC device generates the next-level key through the shared key Kiwf .

较佳地,在MTC设备生成共享密钥Kiwf之后,所述方法还包括:Preferably, after the MTC device generates the shared key Kiwf , the method further includes:

MTC设备经由MME或SGSN向MTC-IWF发送安全关联请求信息;The MTC device sends a security association request message to the MTC-IWF via MME or SGSN;

MTC-IWF收到安全关联请求信息后,根据存储的共享密钥Kiwf对MTC设备进行认证,并通过所述共享密钥Kiwf生成下一级密钥;After receiving the security association request information, the MTC-IWF authenticates the MTC device according to the stored shared key Kiwf , and generates a next-level key through the shared key Kiwf ;

MTC-IWF向MTC设备发送安全关联响应信息;The MTC-IWF sends a security association response message to the MTC device;

MTC设备根据存储的共享密钥Kiwf对MTC-IWF进行认证,并通过所述共享密钥Kiwf生成下一级密钥。The MTC device authenticates the MTC-IWF according to the stored shared key Kiwf , and generates a next-level key through the shared key Kiwf .

较佳地,所述下一级密钥包括加密密钥和完整性保护密钥。Preferably, the next-level key includes an encryption key and an integrity protection key.

较佳地,所述认证数据请求信息包括MTC设备的身份信息和MTC设备MTC能力信息和发送/接收小数据能力信息;Preferably, the authentication data request information includes the identity information of the MTC device, the MTC capability information of the MTC device and the capability information of sending/receiving small data;

相应的,所述为发出附着请求信息的MTC设备指定一个进行小数据传输的MTC-IWF为:Correspondingly, specifying an MTC-IWF for small data transmission for the MTC device sending the attach request information is:

HSS根据所述MTC设备MTC能力信息、发送/接收小数据能力信息以及自身存储的各MTC-IWF的信息,为发出附着请求信息的MTC设备指定一个进行小数据传输的MTC-IWF。According to the MTC capability information of the MTC device, the capability information of sending/receiving small data and the information of each MTC-IWF stored in itself, the HSS designates an MTC-IWF for small data transmission for the MTC device sending the attach request information.

本发明提供了一种用于机器类通信MTC小数据传输的密钥建立系统,所述系统包括:归属用户服务器HSS、MTC设备和多个MTC互通功能实体MTC-IWF,其中,The present invention provides a key establishment system for machine type communication (MTC) small data transmission, the system includes: home subscriber server HSS, MTC equipment and multiple MTC interworking functional entities MTC-IWF, wherein,

所述HSS,用于在收到认证数据请求信息后,为发出附着请求信息的MTC设备指定一个进行小数据传输的MTC-IWF;生成MTC设备与MTC-IWF之间的共享密钥Kiwf;将MTC-IWF信息经由移动管理实体MME或通用分组无线业务服务支持节点SGSN发给MTC设备;将MTC设备信息和生成的共享密钥Kiwf发送给指定的MTC-IWF;The HSS is used to specify an MTC-IWF for small data transmission for the MTC device sending the attach request message after receiving the authentication data request information; generate a shared key K iwf between the MTC device and the MTC-IWF; Send the MTC-IWF information to the MTC device via the mobile management entity MME or the general packet radio service support node SGSN; send the MTC device information and the generated shared key Kiwf to the designated MTC-IWF;

所述MTC-IWF,用于存储收到的MTC设备信息和共享密钥KiwfThe MTC-IWF is used to store the received MTC device information and shared key Kiwf ;

所述MTC设备,用于生成共享密钥KiwfThe MTC device is configured to generate a shared key K iwf .

较佳地,所述HSS,还用于通过共享密钥Kiwf生成下一级密钥;Preferably, the HSS is also used to generate a next-level key through the shared key Kiwf ;

所述MTC设备,还用于通过共享密钥Kiwf生成下一级密钥。The MTC device is further configured to generate a next-level key through the shared key Kiwf .

较佳地,所述MTC设备,还用于经由MME或SGSN向MTC-IWF发送安全关联请求信息;在收到MTC-IWF发来的安全关联响应信息后,根据存储的共享密钥Kiwf对MTC-IWF进行认证,并通过所述共享密钥Kiwf生成下一级密钥;Preferably, the MTC device is further configured to send security association request information to the MTC-IWF via MME or SGSN; after receiving the security association response information sent by the MTC-IWF, according to the stored shared key Kiwf pair MTC-IWF performs authentication and generates a next-level key through the shared key Kiwf ;

所述MTC-IWF,还用于在收到安全关联请求信息后,根据存储的共享密钥Kiwf对MTC设备进行认证,并通过所述共享密钥Kiwf生成下一级密钥;向MTC设备发送安全关联响应信息。The MTC-IWF is also used to authenticate the MTC device according to the stored shared key Kiwf after receiving the security association request information, and generate a next-level key through the shared key Kiwf ; The device sends security association response information.

较佳地,所述下一级密钥包括加密密钥和完整性保护密钥。Preferably, the next-level key includes an encryption key and an integrity protection key.

较佳地,所述认证数据请求信息包括MTC设备的身份信息和MTC设备MTC能力信息和发送/接收小数据能力信息;Preferably, the authentication data request information includes the identity information of the MTC device, the MTC capability information of the MTC device and the capability information of sending/receiving small data;

相应的,所述HSS,用于根据所述MTC设备MTC能力信息、发送/接收小数据能力信息以及自身存储的各MTC-IWF的信息,为发出附着请求信息的MTC设备指定一个进行小数据传输的MTC-IWF。Correspondingly, the HSS is configured to, according to the MTC capability information of the MTC device, the sending/receiving small data capability information, and the information of each MTC-IWF stored by itself, designate an MTC device that sends the attach request information to perform small data transmission The MTC-IWF.

由上可知,本发明的技术方案包括:收到认证数据请求信息的归属用户服务器HSS,为发出附着请求信息的MTC设备指定一个进行小数据传输的MTC互通功能实体MTC-IWF;所述HSS生成MTC设备与MTC-IWF之间的共享密钥Kiwf;所述HSS将MTC-IWF信息经由移动管理实体MME或通用分组无线业务服务支持节点SGSN发给MTC设备;所述HSS将MTC设备信息和生成的共享密钥Kiwf发送给指定的MTC-IWF;所述MTC-IWF存储收到的MTC设备信息和共享密钥Kiwf;所述MTC设备生成共享密钥Kiwf。由此,针对MTC系统中部署多个MTC-IWF的情况,本发明能够在MTC设备与MTC-IWF之间建立共享密钥。As can be seen from the above, the technical solution of the present invention includes: the home subscriber server HSS receiving the authentication data request information designates an MTC interworking functional entity MTC-IWF for small data transmission for the MTC device sending the attachment request information; the HSS generates The shared key K iwf between the MTC device and the MTC-IWF; the HSS sends the MTC-IWF information to the MTC device via the mobile management entity MME or the general packet radio service service support node SGSN; the HSS sends the MTC device information and The generated shared key K iwf is sent to the designated MTC-IWF; the MTC-IWF stores the received MTC device information and the shared key K iwf ; the MTC device generates the shared key K iwf . Thus, for the situation where multiple MTC-IWFs are deployed in the MTC system, the present invention can establish a shared key between the MTC device and the MTC-IWF.

附图说明Description of drawings

图1是本发明提供的一种用于MTC小数据传输的密钥建立方法的实施例的流程示意图;Fig. 1 is a schematic flow diagram of an embodiment of a key establishment method for MTC small data transmission provided by the present invention;

图2是本发明提供的一种用于MTC小数据传输的密钥建立方法的实施例一的流程示意图;Fig. 2 is a schematic flow chart of Embodiment 1 of a method for establishing a key for MTC small data transmission provided by the present invention;

图3是本发明提供的一种用于MTC小数据传输的密钥建立方法的实施例二的流程示意图;Fig. 3 is a schematic flow chart of Embodiment 2 of a method for establishing a key for MTC small data transmission provided by the present invention;

图4是本发明提供的一种用于MTC小数据传输的密钥建立方法的实施例三的流程示意图;Fig. 4 is a schematic flow chart of Embodiment 3 of a key establishment method for MTC small data transmission provided by the present invention;

图5是本发明提供的一种用于MTC小数据传输的密钥建立系统的实施例的结构示意图;Fig. 5 is a schematic structural diagram of an embodiment of a key establishment system for MTC small data transmission provided by the present invention;

图6是本发明提供的一种用于MTC小数据传输的密钥建立系统的另一实施例的结构示意图;Fig. 6 is a schematic structural diagram of another embodiment of a key establishment system for MTC small data transmission provided by the present invention;

图7是本发明提供的一种用于MTC小数据传输的密钥建立系统的设备结构示意图。FIG. 7 is a schematic diagram of a device structure of a key establishment system for MTC small data transmission provided by the present invention.

具体实施方式Detailed ways

下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。Hereinafter, the present invention will be described in detail with reference to the drawings and examples. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other.

本发明提供的一种用于MTC小数据传输的密钥建立方法的实施例,如图1所示,所述方法包括:An embodiment of a key establishment method for MTC small data transmission provided by the present invention, as shown in Figure 1, the method includes:

步骤101、收到认证数据请求信息的归属用户服务器(Home SubscriberServer,HSS),为发出附着请求信息的MTC设备指定一个进行小数据传输的MTC-IWF;Step 101. The Home Subscriber Server (HSS) that receives the authentication data request information designates an MTC-IWF for small data transmission for the MTC device that sends the attachment request information;

步骤102、所述HSS生成MTC设备与MTC-IWF之间的共享密钥KiwfStep 102, the HSS generates a shared key K iwf between the MTC device and the MTC-IWF;

步骤103、所述HSS将MTC-IWF信息经由移动管理实体MME或通用分组无线业务服务支持节点SGSN发给MTC设备;Step 103, the HSS sends the MTC-IWF information to the MTC device via the mobility management entity MME or the serving general packet radio service support node SGSN;

步骤104、所述HSS将MTC设备信息和生成的共享密钥Kiwf发送给指定的MTC-IWF;Step 104, the HSS sends the MTC device information and the generated shared key Kiwf to the designated MTC-IWF;

步骤105、所述MTC-IWF存储收到的MTC设备信息和共享密钥KiwfStep 105, the MTC-IWF stores the received MTC device information and shared key Kiwf ;

步骤106、所述MTC设备生成共享密钥KiwfStep 106, the MTC device generates a shared key K iwf .

较佳地,在所述HSS生成MTC设备与MTC-IWF之间的共享密钥Kiwf之后,所述方法还包括:Preferably, after the HSS generates the shared key Kiwf between the MTC device and the MTC-IWF, the method further includes:

所述HSS通过共享密钥Kiwf生成下一级密钥;The HSS generates a next-level key through the shared key Kiwf ;

相应的,在MTC设备生成共享密钥Kiwf之后,所述方法还包括:Correspondingly, after the MTC device generates the shared key Kiwf , the method further includes:

MTC设备通过共享密钥Kiwf生成下一级密钥。The MTC device generates the next-level key through the shared key Kiwf .

较佳地,在MTC设备生成共享密钥Kiwf之后,所述方法还包括:Preferably, after the MTC device generates the shared key Kiwf , the method further includes:

MTC设备经由MME或SGSN向MTC-IWF发送安全关联请求信息;The MTC device sends a security association request message to the MTC-IWF via MME or SGSN;

MTC-IWF收到安全关联请求信息后,根据存储的共享密钥Kiwf对MTC设备进行认证,并通过所述共享密钥Kiwf生成下一级密钥;After receiving the security association request information, the MTC-IWF authenticates the MTC device according to the stored shared key Kiwf , and generates a next-level key through the shared key Kiwf ;

MTC-IWF向MTC设备发送安全关联响应信息;The MTC-IWF sends a security association response message to the MTC device;

MTC设备根据存储的共享密钥Kiwf对MTC-IWF进行认证,并通过所述共享密钥Kiwf生成下一级密钥。The MTC device authenticates the MTC-IWF according to the stored shared key Kiwf , and generates a next-level key through the shared key Kiwf .

较佳地,所述下一级密钥包括加密密钥和完整性保护密钥。Preferably, the next-level key includes an encryption key and an integrity protection key.

较佳地,所述认证数据请求信息包括MTC设备的身份信息和MTC设备MTC能力信息和发送/接收小数据能力信息;Preferably, the authentication data request information includes the identity information of the MTC device, the MTC capability information of the MTC device and the capability information of sending/receiving small data;

相应的,所述为发出附着请求信息的MTC设备指定一个进行小数据传输的MTC-IWF为:Correspondingly, specifying an MTC-IWF for small data transmission for the MTC device sending the attach request information is:

HSS根据所述MTC设备MTC能力信息、发送/接收小数据能力信息以及自身存储的各MTC-IWF的信息,为发出附着请求信息的MTC设备指定一个进行小数据传输的MTC-IWF。According to the MTC capability information of the MTC device, the capability information of sending/receiving small data and the information of each MTC-IWF stored in itself, the HSS designates an MTC-IWF for small data transmission for the MTC device sending the attach request information.

实施例一Embodiment one

该实施例一中,MTC设备附着时与MTC-IWF生成共享密钥Kiwf,具体地,如图2所示,包括以下步骤:In the first embodiment, when the MTC device is attached, it generates a shared key K iwf with the MTC-IWF. Specifically, as shown in FIG. 2 , it includes the following steps:

步骤201,MTC设备向MME发送附着请求信息;Step 201, the MTC device sends an attach request message to the MME;

这里,所述附着请求信息中包含MTC设备的身份信息,如国际移动用户识别码(International Mobile Subscriber Identification Number,IMSI)、国际移动设备身份码(International Mobile Equipment Identity,IMEI)、或者其他可以用以标识MTC设备的身份信息,还包含MTC设备MTC能力信息和发送/接收小数据能力信息。Here, the attachment request information includes the identity information of the MTC device, such as the International Mobile Subscriber Identification Number (IMSI), the International Mobile Equipment Identity (IMEI), or other information that can be used to The identity information identifying the MTC device also includes the MTC capability information and the sending/receiving small data capability information of the MTC device.

步骤202,MME向HSS发送认证数据请求信息;Step 202, MME sends authentication data request information to HSS;

这里,所述认证数据请求信息包括MTC设备的身份信息,如IMSI、IMEI、或者其他可以用以标识MTC设备的身份信息,还包含MTC设备MTC能力信息和发送/接收小数据能力信息。Here, the authentication data request information includes the identity information of the MTC device, such as IMSI, IMEI, or other identity information that can be used to identify the MTC device, and also includes MTC capability information and sending/receiving small data capability information of the MTC device.

步骤203,HSS根据MTC设备的签约信息生成认证响应数据,同时为MTC设备指定一个进行小数据传输的MTC-IWF,并生成MTC设备与MTC-IWF之间的共享密钥KiwfStep 203, the HSS generates authentication response data according to the contract information of the MTC device, and at the same time specifies an MTC-IWF for small data transmission for the MTC device, and generates a shared key K iwf between the MTC device and the MTC-IWF;

这里,所述共享密钥Kiwf可以根据密钥生成算法生成,具体的,可以由接入安全管理实体(Access Security Management Entity,ASME)根据密钥生成算法生成;Here, the shared key K iwf may be generated according to a key generation algorithm, specifically, may be generated by an Access Security Management Entity (ASME) according to a key generation algorithm;

这里,HSS可以根据附着的MTC设备MTC能力信息、发送/接收小数据能力信息以及自身存储的各MTC-IWF的信息,为附着的MTC设备确定进行小数据传输的MTC-IWF。Here, the HSS can determine the MTC-IWF for small data transmission for the attached MTC device according to the MTC capability information of the attached MTC device, the sending/receiving small data capability information and the information of each MTC-IWF stored in itself.

步骤204,HSS将MTC-IWF信息与认证响应数据一起发送给MME;Step 204, the HSS sends the MTC-IWF information together with the authentication response data to the MME;

这里,所述MTC-IWF信息可以是任何用以标识MTC-IWF身份的信息。Here, the MTC-IWF information may be any information used to identify the identity of the MTC-IWF.

步骤205,HSS将MTC设备信息和生成的共享密钥Kiwf发送给指定的MTC-IWF;Step 205, the HSS sends the MTC device information and the generated shared key Kiwf to the designated MTC-IWF;

这里,所述MTC设备信息可以是MTC设备的身份信息,如IMSI、IMEI或其他可以用以标识MTC设备的身份信息。Here, the MTC device information may be identity information of the MTC device, such as IMSI, IMEI or other identity information that can be used to identify the MTC device.

步骤206,MTC-IWF接收、保存共享密钥Kiwf和MTC设备信息,并对保存的共享密钥Kiwf和MTC设备信息进行维护和管理。In step 206, the MTC-IWF receives and saves the shared key Kiwf and MTC device information, and maintains and manages the saved shared key Kiwf and MTC device information.

步骤207,MME与MTC设备间进一步完成互认证。In step 207, the MME and the MTC device further complete mutual authentication.

步骤208、MME将MTC-IWF信息发给MTC设备。Step 208, the MME sends the MTC-IWF information to the MTC device.

步骤209、MTC设备存储所述MTC-IWF信息,并对存储的MTC-IWF信息进行维护和管理。Step 209, the MTC device stores the MTC-IWF information, and maintains and manages the stored MTC-IWF information.

步骤210、MTC设备根据密钥生成算法生成共享密钥Kiwf并保存。Step 210, the MTC device generates and saves a shared key K iwf according to a key generation algorithm.

当MTC设备进行小数据传输时,MTC设备需要根据其上存储的MTC设备与MTC-IWF之间的关联信息,指明小数据需要发送到指定的MTC-IWF以实现小数据的传输。当MTC-IWF从小数据源,如MTC服务器、网络服务器、其他网络实体或其他MTC设备,收到小数据时,MTC-IWF需要根据其上存储的MTC设备与MTC-IWF之间的关联信息,判断是否可以向MTC设备转发小数据,如果可以向MTC设备转发小数据,则将小数据转发到指定的MTC设备,以实现小数据的传输;否则,该MTC-IWF不进行小数据的转发,并可以进一步根据系统需要,向小数据源反馈小数据转发失败的信息。When the MTC device transmits small data, the MTC device needs to indicate that the small data needs to be sent to the designated MTC-IWF to realize the small data transmission according to the association information between the MTC device and the MTC-IWF stored on it. When MTC-IWF receives small data from small data sources, such as MTC servers, network servers, other network entities or other MTC devices, MTC-IWF needs to store the associated information between MTC devices and MTC-IWF, Determine whether the small data can be forwarded to the MTC device, if the small data can be forwarded to the MTC device, then forward the small data to the designated MTC device to realize the transmission of the small data; otherwise, the MTC-IWF does not forward the small data, And further, according to the needs of the system, the small data forwarding failure information can be fed back to the small data source.

实施例二Embodiment two

该实施例二中,根据系统需要或根据小数据传输安全保护需要,MTC设备与MTC-IWF在共享密钥Kiwf基础上进一步生成小数据加密密钥和小数据完整性保护密钥,该过程可以在附着过程中完成,与实施例一相比,该实施例二的不同之处在于,共享密钥生成步骤中进一步包括了用于小数据传输安全保护的下一级密钥的生成方式,具体地,如图3所示,包括如下步骤:In the second embodiment, according to the needs of the system or according to the security protection needs of small data transmission, the MTC device and the MTC-IWF further generate a small data encryption key and a small data integrity protection key on the basis of the shared key Kiwf . It can be completed during the attachment process. Compared with Embodiment 1, the difference of Embodiment 2 is that the step of generating the shared key further includes the generation method of the next-level key for the security protection of small data transmission, Specifically, as shown in Figure 3, the following steps are included:

步骤301,MTC设备向MME发送附着请求信息;Step 301, the MTC device sends an attach request message to the MME;

这里,所述附着请求信息中包含MTC设备的身份信息,如IMSI,还包含MTC设备MTC能力信息和发送/接收小数据能力信息。Here, the attach request information includes the identity information of the MTC device, such as IMSI, and also includes MTC capability information and sending/receiving small data capability information of the MTC device.

步骤302,MME向HSS发送认证数据请求信息。In step 302, the MME sends authentication data request information to the HSS.

步骤303:HSS根据MTC设备的签约信息生成认证响应数据,同时为MTC设备指定一个进行小数据传输的MTC-IWF,并生成MTC设备与MTC-IWF之间的共享密钥Kiwf,并通过共享密钥Kiwf生成用于保护小数据安全传输的下一级密钥,如加密密钥和完整性保护密钥;Step 303: The HSS generates authentication response data according to the subscription information of the MTC device, and at the same time designates an MTC-IWF for small data transmission for the MTC device, and generates a shared key K iwf between the MTC device and the MTC-IWF, and passes the shared The key K iwf generates the next-level key used to protect the safe transmission of small data, such as encryption key and integrity protection key;

这里,所述共享密钥Kiwf可以根据密钥生成算法生成,具体的,可以由Kasme根据密钥生成算法生成。Here, the shared key K iwf may be generated according to a key generation algorithm, specifically, it may be generated by Kasme according to a key generation algorithm.

步骤304,HSS将MTC-IWF信息与认证响应数据一起发送给MME;Step 304, the HSS sends the MTC-IWF information together with the authentication response data to the MME;

这里,所述MTC-IWF信息可以是任何用以标识MTC-IWF身份的信息。Here, the MTC-IWF information may be any information used to identify the identity of the MTC-IWF.

步骤305,HSS将MTC设备信息和生成的共享密钥Kiwf、加密密钥和完整性保护密钥发送给指定的MTC-IWF。Step 305, the HSS sends the MTC device information and the generated shared key K iwf , encryption key and integrity protection key to the designated MTC-IWF.

步骤306,MTC-IWF接收、保存MTC设备信息和生成的共享密钥Kiwf、加密密钥和完整性保护密钥,并对保存的MTC设备信息和生成的共享密钥Kiwf、加密密钥和完整性保护密钥进行维护和管理。Step 306, MTC-IWF receives and saves MTC device information and generated shared key K iwf , encryption key and integrity protection key, and stores MTC device information and generated shared key K iwf , encrypted key and integrity protection keys for maintenance and management.

步骤307,MME与MTC设备间进一步完成互认证。In step 307, the MME and the MTC device further complete mutual authentication.

步骤308、MME将MTC-IWF信息发给MTC设备。Step 308, the MME sends the MTC-IWF information to the MTC device.

步骤309、MTC设备存储所述MTC-IWF信息,并对存储的MTC-IWF信息进行维护和管理。Step 309, the MTC device stores the MTC-IWF information, and maintains and manages the stored MTC-IWF information.

步骤310、MTC设备根据密钥生成算法生成共享密钥Kiwf,并通过共享密钥Kiwf生成用于保护小数据安全传输的下一级密钥,如加密密钥和完整性保护密钥,并保存所述共享密钥Kiwf、加密密钥和完整性保护密钥。Step 310, the MTC device generates a shared key K iwf according to the key generation algorithm, and generates a next-level key used to protect the secure transmission of small data through the shared key K iwf , such as an encryption key and an integrity protection key, And save the shared key K iwf , encryption key and integrity protection key.

实施例三Embodiment three

该实施例中,MTC设备附着时,MTC设备与MTC-IWF生成共享密钥Kiwf,根据系统需要或根据小数据传输安全保护需要,在附着并生成共享密钥Kiwf后,MTC设备发起生成与MTC-IWF之间的用于小数据传输安全保护的下一级密钥的生成过程,如图4所示,该方法可以包括以下几个步骤:In this embodiment, when the MTC device attaches, the MTC device and the MTC-IWF generate a shared key K iwf , and according to system requirements or according to the security protection requirements for small data transmission, after attaching and generating the shared key K iwf , the MTC device initiates the generation of the shared key K iwf The generation process of the next-level key used for the security protection of small data transmission between MTC-IWF, as shown in Figure 4, the method may include the following steps:

步骤401,在生成共享密钥Kiwf之后,MTC设备经由MME向MTC-IWF发送安全关联请求信息;Step 401, after generating the shared key Kiwf , the MTC device sends security association request information to the MTC-IWF via the MME;

这里,所述安全关联请求信息中可以包括安全算法信息、MTC设备信息、及其他用于认证和密钥生成的信息;Here, the security association request information may include security algorithm information, MTC device information, and other information used for authentication and key generation;

具体的,所述安全关联请求信息可以通过NAS信令进行发送。Specifically, the security association request information may be sent through NAS signaling.

步骤402,MTC-IWF收到安全关联请求信息后,根据存储的共享密钥Kiwf对MTC设备进行认证,并通过共享密钥Kiwf生成用于保护小数据安全传输的下一级密钥,如加密密钥和完整性保护密钥。Step 402, after the MTC-IWF receives the security association request information, it authenticates the MTC device according to the stored shared key Kiwf , and generates a next-level key for protecting the secure transmission of small data through the shared key Kiwf , Such as encryption keys and integrity protection keys.

步骤403,MTC-IWF向MTC设备发送安全关联响应信息;Step 403, the MTC-IWF sends security association response information to the MTC device;

这里,所述安全关联响应信息可以包括安全算法信息、MTC-IWF信息、及其他用于认证和密钥生成的信息。Here, the security association response information may include security algorithm information, MTC-IWF information, and other information used for authentication and key generation.

步骤404,MTC设备根据存储的共享密钥Kiwf对MTC-IWF进行认证,并通过共享密钥Kiwf生成用于保护小数据安全传输的下一级密钥,如加密密钥和完整性保护密钥。Step 404, the MTC device authenticates the MTC-IWF according to the stored shared key Kiwf , and generates the next-level key used to protect the safe transmission of small data through the shared key Kiwf , such as encryption key and integrity protection key.

步骤405,MTC设备与MTC-IWF之间通过生成的加密密钥和完整性保护密钥进行小数据安全传输。In step 405, small data is safely transmitted between the MTC device and the MTC-IWF through the generated encryption key and integrity protection key.

在上述实施例一、二、三中,也可以使用SGSN代替MME。In the foregoing embodiments 1, 2, and 3, the SGSN may also be used instead of the MME.

对应于上述用于MTC小数据传输的密钥建立方法,本发明提供的一种用于MTC小数据传输的密钥建立系统的实施例,如图5所示,所述系统包括:HSS、MTC设备和多个MTC-IWF,其中,Corresponding to the above key establishment method for MTC small data transmission, an embodiment of a key establishment system for MTC small data transmission provided by the present invention, as shown in Figure 5, the system includes: HSS, MTC device and multiple MTC-IWFs, where,

所述HSS,用于在收到认证数据请求信息后,为发出附着请求信息的MTC设备指定一个进行小数据传输的MTC-IWF,建立并存储MTC设备与MTC-IWF之间的关联关系;生成MTC设备与MTC-IWF之间的共享密钥Kiwf;将MTC-IWF信息经由移动管理实体MME或通用分组无线业务服务支持节点SGSN发给MTC设备;将MTC设备信息和生成的共享密钥Kiwf发送给指定的MTC-IWF;The HSS is configured to, after receiving the authentication data request information, designate an MTC-IWF for small data transmission for the MTC device sending the attachment request information, establish and store an association relationship between the MTC device and the MTC-IWF; generate The shared key K iwf between the MTC device and the MTC-IWF; the MTC-IWF information is sent to the MTC device via the mobile management entity MME or the general packet radio service service support node SGSN; the MTC device information and the generated shared key K iwf sends to the specified MTC-IWF;

所述MTC-IWF,用于存储收到的MTC设备信息和共享密钥KiwfThe MTC-IWF is used to store the received MTC device information and shared key Kiwf ;

所述MTC设备,用于存储收到的MTC-IWF信息和生成共享密钥KiwfThe MTC device is configured to store received MTC-IWF information and generate a shared key K iwf .

较佳地,所述HSS,还用于通过共享密钥Kiwf生成下一级密钥;Preferably, the HSS is also used to generate a next-level key through the shared key Kiwf ;

所述MTC设备,还用于通过共享密钥Kiwf生成下一级密钥。The MTC device is further configured to generate a next-level key through the shared key Kiwf .

较佳地,所述MTC设备,还用于经由MME或SGSN向MTC-IWF发送安全关联请求信息;在收到MTC-IWF发来的安全关联响应信息后,根据存储的共享密钥Kiwf对MTC-IWF进行认证,并通过所述共享密钥Kiwf生成下一级密钥;Preferably, the MTC device is further configured to send security association request information to the MTC-IWF via MME or SGSN; after receiving the security association response information sent by the MTC-IWF, according to the stored shared key Kiwf pair MTC-IWF performs authentication and generates a next-level key through the shared key Kiwf ;

所述MTC-IWF,还用于在收到安全关联请求信息后,根据存储的共享密钥Kiwf对MTC设备进行认证,并通过所述共享密钥Kiwf生成下一级密钥;向MTC设备发送安全关联响应信息。The MTC-IWF is also used to authenticate the MTC device according to the stored shared key Kiwf after receiving the security association request information, and generate a next-level key through the shared key Kiwf ; The device sends security association response information.

较佳地,所述下一级密钥包括加密密钥和完整性保护密钥。Preferably, the next-level key includes an encryption key and an integrity protection key.

较佳地,所述认证数据请求信息包括MTC设备的身份信息和MTC设备MTC能力信息和发送/接收小数据能力信息;Preferably, the authentication data request information includes the identity information of the MTC device, the MTC capability information of the MTC device and the capability information of sending/receiving small data;

相应的,所述HSS,用于根据所述MTC设备MTC能力信息、发送/接收小数据能力信息以及自身存储的各MTC-IWF的信息,为发出附着请求信息的MTC设备指定一个进行小数据传输的MTC-IWF,建立、存储并维护MTC设备与MTC-IWF之间的关联关系。Correspondingly, the HSS is configured to, according to the MTC capability information of the MTC device, the sending/receiving small data capability information, and the information of each MTC-IWF stored by itself, designate an MTC device that sends the attach request information to perform small data transmission The MTC-IWF establishes, stores and maintains the association relationship between the MTC device and the MTC-IWF.

在实际应用中,本发明提供的用于MTC小数据传输的密钥建立系统的实施例,图如6所示,包括:MTC设备,用于存储MTC-IWF信息和小数据传输共享密钥信息;MME,用于NAS信令过程;HSS,用于管理维护MTC-IWF信息,也可以用于管理和维护MTC设备信息,也可以用于建立、存储并维护MTC设备与MTC-IWF之间的关联关系,为MTC设备指定一个进行小数据传输的MTC-IWF,生成MTC设备与MTC-IWF之间的共享密钥;各MTC-IWF,本例中为MTC-IWF1和MTC-IWF2,用于存储MTC设备信息和小数据传输共享密钥信息。In practical application, the embodiment of the key establishment system for MTC small data transmission provided by the present invention, as shown in Figure 6, includes: MTC equipment for storing MTC-IWF information and small data transmission shared key information ; MME, used for NAS signaling process; HSS, used to manage and maintain MTC-IWF information, can also be used to manage and maintain MTC equipment information, can also be used to establish, store and maintain the communication between MTC equipment and MTC-IWF Association relationship, designate an MTC-IWF for small data transmission for the MTC device, and generate a shared key between the MTC device and the MTC-IWF; each MTC-IWF, MTC-IWF1 and MTC-IWF2 in this example, is used to Store MTC device information and small data transmission shared key information.

图7是本发明用于MTC小数据传输的密钥建立系统的设备结构示意图,如图7所示,该系统的设备可以包括:MTC设备、MME、MTC-IWF和HSS。Fig. 7 is a schematic diagram of the equipment structure of the key establishment system for MTC small data transmission according to the present invention. As shown in Fig. 7, the equipment of the system may include: MTC equipment, MME, MTC-IWF and HSS.

具体地,如图7所示,所述系统的设备具体包括:Specifically, as shown in Figure 7, the equipment of the system specifically includes:

第一存储管理单元,用于存储管理MTC设备信息和密钥信息;The first storage management unit is used to store and manage MTC device information and key information;

第二存储管理单元,用于存储管理MTC-IWF信息和密钥信息;The second storage management unit is used to store and manage MTC-IWF information and key information;

第三存储管理单元,用于存储管理MTC-IWF信息和MTC设备信息,存储管理MTC-IWF与MTC设备的关联信息;The third storage management unit is used to store and manage MTC-IWF information and MTC equipment information, and store and manage associated information between MTC-IWF and MTC equipment;

分配单元,用于根据MTC设备附着信息分配指定关联的MTC-IWF;An allocating unit, configured to allocate a specified associated MTC-IWF according to the MTC device attachment information;

第一、第二、第三发送/接收单元,用于信令信息、密钥信息、设备信息和小数据的发送和接收;The first, second and third sending/receiving units are used for sending and receiving signaling information, key information, device information and small data;

判断单元,用于判断所述MTC-IWF是否可以转发小数据信息;a judging unit, configured to judge whether the MTC-IWF can forward small data information;

第一、第二密钥协商单元,用于协商共享密钥,如加密密钥和完整性密钥。The first and second key negotiation units are used to negotiate a shared key, such as an encryption key and an integrity key.

在上述实施例中,也可以使用SGSN代替MME。In the above embodiments, the SGSN may also be used instead of the MME.

显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that each module or each step of the above-mentioned present invention can be realized by a general-purpose computing device, and they can be concentrated on a single computing device, or distributed in a network formed by multiple computing devices Alternatively, they may be implemented in program code executable by a computing device so that they may be stored in a storage device to be executed by a computing device, and in some cases, in an order different from that shown here The steps shown or described are carried out, or they are separately fabricated into individual integrated circuit modules, or multiple modules or steps among them are fabricated into a single integrated circuit module for implementation. As such, the present invention is not limited to any specific combination of hardware and software.

以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. For those skilled in the art, the present invention may have various modifications and changes. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (10)

1. for a key establishing method for machine type communication MTC small data transmission, it is characterized in that, described method comprises:
Receive the home subscriber server HSS of authentication data request information, for the MTC device sending attachment solicited message specifies a MTC interworking function entity MTC-IWF carrying out small data transmission;
Described HSS generates the shared key K between MTC device and MTC-IWF iwf;
MTC-IWF information is issued MTC device via mobile management entity MME or GPRS serving GPRS support node SGSN by described HSS;
Described HSS is by the shared key K of MTC device information and generation iwfsend to the MTC-IWF specified;
The MTC device information that described MTC-IWF storage receives and shared key K iwf;
Described MTC device generates shared key K iwf.
2. method according to claim 1, is characterized in that, generates the shared key K between MTC device and MTC-IWF at described HSS iwfafterwards, described method also comprises:
Described HSS is by shared key K iwfgenerate next stage key;
Accordingly, shared key K is generated in MTC device iwfafterwards, described method also comprises:
MTC device is by shared key K iwfgenerate next stage key.
3. method according to claim 1, is characterized in that, generates shared key K in MTC device iwfafterwards, described method also comprises:
MTC device sends security association request information via MME or SGSN to MTC-IWF;
After MTC-IWF receives security association request information, according to the shared key K stored iwfcertification is carried out to MTC device, and by described shared key K iwfgenerate next stage key;
MTC-IWF sends security association response message to MTC device;
MTC device is according to the shared key K stored iwfcertification is carried out to MTC-IWF, and by described shared key K iwfgenerate next stage key.
4. according to the method in claim 2 or 3, it is characterized in that, described next stage key comprises encryption key and tegrity protection key.
5. method according to claim 1, is characterized in that, described authentication data request information comprises identity information and the MTC device MTC ability information of MTC device and send/receive small data ability information;
Accordingly, the described MTC device for sending attachment solicited message specifies a MTC-IWF carrying out small data transmission to be:
HSS, according to described MTC device MTC ability information, the information that send/receive each MTC-IWF of small data ability information and self storage, specifies a MTC-IWF carrying out small data transmission for sending the MTC device of adhering to solicited message.
6. for a Key Establishing system for machine type communication MTC small data transmission, it is characterized in that, described system comprises: home subscriber server HSS, MTC device and multiple MTC interworking function entity MTC-IWF, wherein,
Described HSS, for after receiving authentication data request information, for the MTC device sending attachment solicited message specifies a MTC-IWF carrying out small data transmission; Generate the shared key K between MTC device and MTC-IWF iwf; MTC-IWF information is issued MTC device via mobile management entity MME or GPRS serving GPRS support node SGSN; By the shared key K of MTC device information and generation iwfsend to the MTC-IWF specified;
Described MTC-IWF, for storing the MTC device information and shared key K that receive iwf;
Described MTC device, for generating shared key K iwf.
7. system according to claim 6, is characterized in that,
Described HSS, also for passing through shared key K iwfgenerate next stage key;
Described MTC device, also for passing through shared key K iwfgenerate next stage key.
8. system according to claim 6, is characterized in that, described MTC device, also for sending security association request information via MME or SGSN to MTC-IWF; After receiving the security association response message that MTC-IWF sends, according to the shared key K stored iwfcertification is carried out to MTC-IWF, and by described shared key K iwfgenerate next stage key;
Described MTC-IWF, also for after receiving security association request information, according to the shared key K stored iwfcertification is carried out to MTC device, and by described shared key K iwfgenerate next stage key; Security association response message is sent to MTC device.
9. the system according to claim 7 or 8, is characterized in that, described next stage key comprises encryption key and tegrity protection key.
10. system according to claim 6, is characterized in that, described authentication data request information comprises identity information and the MTC device MTC ability information of MTC device and send/receive small data ability information;
Accordingly, described HSS, for according to described MTC device MTC ability information, the information that send/receive each MTC-IWF of small data ability information and self storage, for the MTC device sending attachment solicited message specifies a MTC-IWF carrying out small data transmission.
CN201310334433.6A 2013-08-02 2013-08-02 Key establishment method and system used for small-data transmission of machine-type communication Pending CN104349311A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201310334433.6A CN104349311A (en) 2013-08-02 2013-08-02 Key establishment method and system used for small-data transmission of machine-type communication
PCT/CN2013/086244 WO2014161300A1 (en) 2013-08-02 2013-10-30 Method and system for establishing key for transmitting machine type communication small data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310334433.6A CN104349311A (en) 2013-08-02 2013-08-02 Key establishment method and system used for small-data transmission of machine-type communication

Publications (1)

Publication Number Publication Date
CN104349311A true CN104349311A (en) 2015-02-11

Family

ID=51657490

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310334433.6A Pending CN104349311A (en) 2013-08-02 2013-08-02 Key establishment method and system used for small-data transmission of machine-type communication

Country Status (2)

Country Link
CN (1) CN104349311A (en)
WO (1) WO2014161300A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105432058A (en) * 2013-07-31 2016-03-23 日本电气株式会社 Devices and method for MTC group key management
WO2016165443A1 (en) * 2015-09-02 2016-10-20 中兴通讯股份有限公司 Method for protecting machine type communication device, network entity, and mtc device
CN108616354A (en) * 2018-04-27 2018-10-02 北京信息科技大学 Method and device for key agreement in mobile communication

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3063971A1 (en) * 2013-10-31 2016-09-07 Nec Corporation Apparatus, system and method for mtc
US9992670B2 (en) * 2014-08-12 2018-06-05 Vodafone Ip Licensing Limited Machine-to-machine cellular communication security

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102355743A (en) * 2011-09-23 2012-02-15 电信科学技术研究院 Management method and management device for UE (User Equipment) context information
CN102523315A (en) * 2011-12-22 2012-06-27 电信科学技术研究院 Method and apparatus for determining MTC-IWF entity
WO2013006219A1 (en) * 2011-07-01 2013-01-10 Intel Corporation Small data communications in a wireless communication network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013006219A1 (en) * 2011-07-01 2013-01-10 Intel Corporation Small data communications in a wireless communication network
CN102355743A (en) * 2011-09-23 2012-02-15 电信科学技术研究院 Management method and management device for UE (User Equipment) context information
CN102523315A (en) * 2011-12-22 2012-06-27 电信科学技术研究院 Method and apparatus for determining MTC-IWF entity

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
3GPP ORGANIZATIONAL PARTNERS (ARIB, ATIS, CCSA, ETSI, TTA, TTC): ""3rd Generation Partnership Project;Technical Specification Group Services and System Aspects;Security aspects of Machine-Type and other Mobile Data Applications Communications Enhancements(Release 12)"", 《3GPP TR 33.868 V0.13.0》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105432058A (en) * 2013-07-31 2016-03-23 日本电气株式会社 Devices and method for MTC group key management
US11570161B2 (en) 2013-07-31 2023-01-31 Nec Corporation Devices and method for MTC group key management
WO2016165443A1 (en) * 2015-09-02 2016-10-20 中兴通讯股份有限公司 Method for protecting machine type communication device, network entity, and mtc device
CN108616354A (en) * 2018-04-27 2018-10-02 北京信息科技大学 Method and device for key agreement in mobile communication

Also Published As

Publication number Publication date
WO2014161300A1 (en) 2014-10-09

Similar Documents

Publication Publication Date Title
US11627515B2 (en) Method for supporting lawful interception of remote ProSe UE in network
US10601594B2 (en) End-to-end service layer authentication
KR101877733B1 (en) Method and system of securing group communication in a machine-to-machine communication environment
CN108293223B (en) Data transmission method, user equipment and network side equipment
CN104871579B (en) The method and apparatus of group communication safety management in mobile communication system
US20200228977A1 (en) Parameter Protection Method And Device, And System
US20160085561A1 (en) Machine-to-machine bootstrapping
US10271208B2 (en) Security support method and system for discovering service and group communication in mobile communication system
CN104661171B (en) Small data secure transmission method and system for MTC (machine type communication) equipment group
WO2012075814A1 (en) Method and system for application key management for mtc group devices
CN104349311A (en) Key establishment method and system used for small-data transmission of machine-type communication
CN104936306B (en) MTC device group small data secure transmission connection establishment method, HSS and system
US11330428B2 (en) Privacy key in a wireless communication system
EP3059989B1 (en) Method for realizing secure communications among machine type communication devices and network entity
CN110830421B (en) Data transmission method and device
US20240214902A1 (en) Method and apparatus for reassignment of access and mobility management function in communication system
CN111212424A (en) Method and system for authenticating UE during interoperation from EPS to 5GS
US20220094528A1 (en) Method and apparatus for initiating a communication session using mission critical services

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20150211