[go: up one dir, main page]

CN104349311A - Key establishment method and system used for small-data transmission of machine-type communication - Google Patents

Key establishment method and system used for small-data transmission of machine-type communication Download PDF

Info

Publication number
CN104349311A
CN104349311A CN201310334433.6A CN201310334433A CN104349311A CN 104349311 A CN104349311 A CN 104349311A CN 201310334433 A CN201310334433 A CN 201310334433A CN 104349311 A CN104349311 A CN 104349311A
Authority
CN
China
Prior art keywords
mtc
iwf
mtc device
key
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310334433.6A
Other languages
Chinese (zh)
Inventor
余万涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201310334433.6A priority Critical patent/CN104349311A/en
Priority to PCT/CN2013/086244 priority patent/WO2014161300A1/en
Publication of CN104349311A publication Critical patent/CN104349311A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a key establishment method and system used for small-data transmission of machine-type communication (MTC), wherein the method includes the following steps: receiving a home subscriber server (HSS) of authentication data request information and assigning an MTC interworking function (MTC-IWF) for carrying out small-data transmission for an MTC device which sends out attach request information; the HSS generating a sharing key K<iwf> between the MTC device and the MTC-IWF; the HSS sending MTC-IWF information to the MTC device via a mobile management entity (MME) or a general packet radio service serving GPRS support node (SGSN); the HSS sending the MTC device information and the generated K<iwf> to the assigned MTC-IWF; the MTC-IWF storing the received MTC device information and the sharing key K<iwf>; and the MTC device generating the sharing key K<iwf>. The method and system aim at a condition that a plurality of MTC-IWFs are deployed in an MTC system and are capable of establishing sharing keys between the MTC device and the MTC-IWFs.

Description

A kind of key establishing method for machine type communication small data transmission and system
Technical field
The present invention relates to the communications field, particularly relate to a kind of key establishing method for machine type communication (Machine Type Communication, MTC) small data transmission and system.
Background technology
MTC refers to the employing wireless communication technology, realizes the general name of machine and machine, data communication between machine with people and a series of technology exchanged and combination thereof.MTC comprises two layers of meaning: ground floor is machine itself, is called smart machine in built-in field; The second layer is meant to the connection between machine and machine, by network, machine is linked together.Widely, such as intelligent measure, remote monitoring, tracking, medical treatment etc., make human lives more intelligent to the range of application of MTC.Compared with traditional interpersonal communication, MTC device (MTC Device) enormous amount, application is extensive.
In existing MTC system, MTC device is by third generation partner program (3rd Generation Partnership Project, 3GPP) network and MTC interworking function entity (MTC InterWorking Function, MTC-IWF), with service capability server (Services Capability Server, SCS), as MTC server communicates.
In mobile communication system, after introducing MTC device, due to MTC device One's name is legion, and these MTC device may often receive and send small data, thus cause mobile communication system resource utilization to reduce.In order to efficient use of network resources, usually between MTC device and MTC-IWF, transmit small data by signaling.
At present, dispose small data transmission (Small Data Transmission, SDT) agreement in MTC device and MTC-IWF, any exchanges data between MTC device and SCS all needs through MTC-IWF.Each SDT protocol Data Unit indicates transmission and reciever mark.MTC device and mobile management entity (Mobile Management Entity, or GPRS (General Packet Radio Service MME), GPRS) serving GPRS support node (Serving GPRS Support Node, SGSN) between, small data service data unit is encapsulated in a general network insertion service (Network Access Service, NAS) transmit in protocol Data Unit, in NAS protocol Data Unit, protocol type needs to be arranged to SDT.When transmitting data between MME/SGSN and MTC-IWF, small data is encapsulated in transmission in small data transmission transfer protocol data cell (Small Data Transmission-Transfer-Protocol Data Unit, SDT-Transfer-PDU).
In the above-mentioned methods, the fail safe between MTC device and MTC-IWF be ensured, need to set up shared key between MTC device and MTC-IWF.But the technical scheme setting up shared key at present between MTC device and MTC-IWF is only applicable to the situation of only disposing a MTC-IWF in MTC system.To the situation of disposing multiple MTC-IWF in MTC system, also shared key cannot be set up between MTC device and MTC-IWF.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of key establishing method for MTC small data transmission and system, to the situation of disposing multiple MTC-IWF in MTC system, can set up shared key between MTC device and MTC-IWF.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention provides a kind of key establishing method for machine type communication MTC small data transmission, described method comprises:
Receive the home subscriber server HSS of authentication data request information, for the MTC device sending attachment solicited message specifies a MTC interworking function entity MTC-IWF carrying out small data transmission;
Described HSS generates the shared key K between MTC device and MTC-IWF iwf;
MTC-IWF information is issued MTC device via mobile management entity MME or GPRS serving GPRS support node SGSN by described HSS;
Described HSS is by the shared key K of MTC device information and generation iwfsend to the MTC-IWF specified;
The MTC device information that described MTC-IWF storage receives and shared key K iwf;
Described MTC device generates shared key K iwf.
Preferably, the shared key K between MTC device and MTC-IWF is generated at described HSS iwfafterwards, described method also comprises:
Described HSS is by shared key K iwfgenerate next stage key;
Accordingly, shared key K is generated in MTC device iwfafterwards, described method also comprises:
MTC device is by shared key K iwfgenerate next stage key.
Preferably, shared key K is generated in MTC device iwfafterwards, described method also comprises:
MTC device sends security association request information via MME or SGSN to MTC-IWF;
After MTC-IWF receives security association request information, according to the shared key K stored iwfcertification is carried out to MTC device, and by described shared key K iwfgenerate next stage key;
MTC-IWF sends security association response message to MTC device;
MTC device is according to the shared key K stored iwfcertification is carried out to MTC-IWF, and by described shared key K iwfgenerate next stage key.
Preferably, described next stage key comprises encryption key and tegrity protection key.
Preferably, described authentication data request information comprises identity information and the MTC device MTC ability information of MTC device and send/receive small data ability information;
Accordingly, the described MTC device for sending attachment solicited message specifies a MTC-IWF carrying out small data transmission to be:
HSS, according to described MTC device MTC ability information, the information that send/receive each MTC-IWF of small data ability information and self storage, specifies a MTC-IWF carrying out small data transmission for sending the MTC device of adhering to solicited message.
The invention provides a kind of Key Establishing system for machine type communication MTC small data transmission, described system comprises: home subscriber server HSS, MTC device and multiple MTC interworking function entity MTC-IWF, wherein,
Described HSS, for after receiving authentication data request information, for the MTC device sending attachment solicited message specifies a MTC-IWF carrying out small data transmission; Generate the shared key K between MTC device and MTC-IWF iwf; MTC-IWF information is issued MTC device via mobile management entity MME or GPRS serving GPRS support node SGSN; By the shared key K of MTC device information and generation iwfsend to the MTC-IWF specified;
Described MTC-IWF, for storing the MTC device information and shared key K that receive iwf;
Described MTC device, for generating shared key K iwf.
Preferably, described HSS, also for passing through shared key K iwfgenerate next stage key;
Described MTC device, also for passing through shared key K iwfgenerate next stage key.
Preferably, described MTC device, also for sending security association request information via MME or SGSN to MTC-IWF; After receiving the security association response message that MTC-IWF sends, according to the shared key K stored iwfcertification is carried out to MTC-IWF, and by described shared key K iwfgenerate next stage key;
Described MTC-IWF, also for after receiving security association request information, according to the shared key K stored iwfcertification is carried out to MTC device, and by described shared key K iwfgenerate next stage key; Security association response message is sent to MTC device.
Preferably, described next stage key comprises encryption key and tegrity protection key.
Preferably, described authentication data request information comprises identity information and the MTC device MTC ability information of MTC device and send/receive small data ability information;
Accordingly, described HSS, for according to described MTC device MTC ability information, the information that send/receive each MTC-IWF of small data ability information and self storage, for the MTC device sending attachment solicited message specifies a MTC-IWF carrying out small data transmission.
As from the foregoing, technical scheme of the present invention comprises: the home subscriber server HSS receiving authentication data request information, for the MTC device sending attachment solicited message specifies a MTC interworking function entity MTC-IWF carrying out small data transmission; Described HSS generates the shared key K between MTC device and MTC-IWF iwf; MTC-IWF information is issued MTC device via mobile management entity MME or GPRS serving GPRS support node SGSN by described HSS; Described HSS is by the shared key K of MTC device information and generation iwfsend to the MTC-IWF specified; The MTC device information that described MTC-IWF storage receives and shared key K iwf; Described MTC device generates shared key K iwf.Thus, for the situation of disposing multiple MTC-IWF in MTC system, the present invention can set up shared key between MTC device and MTC-IWF.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of the embodiment of a kind of key establishing method for MTC small data transmission provided by the invention;
Fig. 2 is the schematic flow sheet of the embodiment one of a kind of key establishing method for MTC small data transmission provided by the invention;
Fig. 3 is the schematic flow sheet of the embodiment two of a kind of key establishing method for MTC small data transmission provided by the invention;
Fig. 4 is the schematic flow sheet of the embodiment three of a kind of key establishing method for MTC small data transmission provided by the invention;
Fig. 5 is the structural representation of the embodiment of a kind of Key Establishing system for MTC small data transmission provided by the invention;
Fig. 6 is the structural representation of another embodiment of a kind of Key Establishing system for MTC small data transmission provided by the invention;
Fig. 7 is the device structure schematic diagram of a kind of Key Establishing system for MTC small data transmission provided by the invention.
Embodiment
Hereinafter also describe the present invention in detail with reference to accompanying drawing in conjunction with the embodiments.It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combine mutually.
The embodiment of a kind of key establishing method for MTC small data transmission provided by the invention, as shown in Figure 1, described method comprises:
Step 101, receive the home subscriber server (Home Subscriber Server, HSS) of authentication data request information, for the MTC device sending attachment solicited message specifies a MTC-IWF carrying out small data transmission;
Step 102, described HSS generate the shared key K between MTC device and MTC-IWF iwf;
MTC-IWF information is issued MTC device via mobile management entity MME or GPRS serving GPRS support node SGSN by step 103, described HSS;
Step 104, described HSS are by the shared key K of MTC device information and generation iwfsend to the MTC-IWF specified;
The MTC device information that step 105, described MTC-IWF storage receive and shared key K iwf;
Step 106, described MTC device generate shared key K iwf.
Preferably, the shared key K between MTC device and MTC-IWF is generated at described HSS iwfafterwards, described method also comprises:
Described HSS is by shared key K iwfgenerate next stage key;
Accordingly, shared key K is generated in MTC device iwfafterwards, described method also comprises:
MTC device is by shared key K iwfgenerate next stage key.
Preferably, shared key K is generated in MTC device iwfafterwards, described method also comprises:
MTC device sends security association request information via MME or SGSN to MTC-IWF;
After MTC-IWF receives security association request information, according to the shared key K stored iwfcertification is carried out to MTC device, and by described shared key K iwfgenerate next stage key;
MTC-IWF sends security association response message to MTC device;
MTC device is according to the shared key K stored iwfcertification is carried out to MTC-IWF, and by described shared key K iwfgenerate next stage key.
Preferably, described next stage key comprises encryption key and tegrity protection key.
Preferably, described authentication data request information comprises identity information and the MTC device MTC ability information of MTC device and send/receive small data ability information;
Accordingly, the described MTC device for sending attachment solicited message specifies a MTC-IWF carrying out small data transmission to be:
HSS, according to described MTC device MTC ability information, the information that send/receive each MTC-IWF of small data ability information and self storage, specifies a MTC-IWF carrying out small data transmission for sending the MTC device of adhering to solicited message.
Embodiment one
In this embodiment one, MTC device attachment time and MTC-IWF generate shared key K iwf, particularly, as shown in Figure 2, comprise the following steps:
Step 201, MTC device sends attachment solicited message to MME;
Here, the identity information of MTC device is comprised in described attachment solicited message, as international mobile subscriber identity (International Mobile Subscriber Identification Number, IMSI), International Mobile Equipment Identity code (International Mobile Equipment Identity, IMEI) or other can in order to identify the identity information of MTC device, also comprise MTC device MTC ability information and sending/receiving small data ability information.
Step 202, MME sends authentication data request information to HSS;
Here, described authentication data request information comprises the identity information of MTC device, as IMSI, IMEI or other can in order to identify the identity information of MTC device, also comprise MTC device MTC ability information and sending/receiving small data ability information.
Step 203, HSS generates authentication response data according to the CAMEL-Subscription-Information of MTC device, simultaneously for MTC device specifies a MTC-IWF carrying out small data transmission, and generates the shared key K between MTC device and MTC-IWF iwf;
Here, described shared key K iwfcan generate according to key schedule, concrete, can be generated according to key schedule by connection security management entity (Access Security Management Entity, ASME);
Here, HSS can according to the MTC device MTC ability information of attachment, sending/receiving small data ability information and the information of each MTC-IWF self stored, for the MTC device of attachment determines the MTC-IWF carrying out small data transmission.
Step 204, MTC-IWF information is sent to MME by HSS together with authentication response data;
Here, described MTC-IWF information can be any information in order to identify MTC-IWF identity.
Step 205, HSS is by the shared key K of MTC device information and generation iwfsend to the MTC-IWF specified;
Here, described MTC device information can be the identity information of MTC device, as IMSI, IMEI or other can in order to identify the identity information of MTC device.
Step 206, MTC-IWF receives, preserve shared key K iwfwith MTC device information, and to the shared key K preserved iwfmaintenance and management is carried out with MTC device information.
Step 207, completes further between MME and MTC device and recognizes each other card.
MTC-IWF information is issued MTC device by step 208, MME.
Step 209, MTC device store described MTC-IWF information, and carry out maintenance and management to the MTC-IWF information stored.
Step 210, MTC device generate shared key K according to key schedule iwfand preserve.
When MTC device carries out small data transmission, MTC device needs according to the related information between the MTC device that it stores and MTC-IWF, indicates small data needs and is sent to the MTC-IWF that specifies to realize the transmission of small data.When MTC-IWF is from small data source, as MTC server, the webserver, other network entities or other MTC device, when receiving small data, MTC-IWF needs according to the related information between the MTC device that it stores and MTC-IWF, judge whether to forward small data to MTC device, if small data can be forwarded to MTC device, then small data is forwarded to the MTC device of specifying, to realize the transmission of small data; Otherwise this MTC-IWF does not carry out the forwarding of small data, and further according to system needs, the information of small data retransmission failure can be fed back to small data source.
Embodiment two
In this embodiment two, according to system need or according to small data transmission safeguard protection needs, MTC device and MTC-IWF are at shared key K iwfbasis generates small data encryption key and small data tegrity protection key further; this process can complete in attaching process; compared with embodiment one; the difference of this embodiment two is; the generating mode of the next stage key for small data transmission safeguard protection is further comprised in shared key generation step; particularly, as shown in Figure 3, comprise the steps:
Step 301, MTC device sends attachment solicited message to MME;
Here, comprise the identity information of MTC device in described attachment solicited message, as IMSI, also comprise MTC device MTC ability information and sending/receiving small data ability information.
Step 302, MME sends authentication data request information to HSS.
Step 303:HSS generates authentication response data according to the CAMEL-Subscription-Information of MTC device, simultaneously for MTC device specifies a MTC-IWF carrying out small data transmission, and generates the shared key K between MTC device and MTC-IWF iwf, and by shared key K iwfgenerate the next stage key for the protection of small data safe transmission, as encryption key and tegrity protection key;
Here, described shared key K iwfcan generate according to key schedule, concrete, can by K asmegenerate according to key schedule.
Step 304, MTC-IWF information is sent to MME by HSS together with authentication response data;
Here, described MTC-IWF information can be any information in order to identify MTC-IWF identity.
Step 305, HSS is by the shared key K of MTC device information and generation iwf, encryption key and tegrity protection key send to the MTC-IWF specified.
Step 306, MTC-IWF receives, preserve the shared key K of MTC device information and generation iwf, encryption key and tegrity protection key, and the shared key K to the MTC device information of preserving and generation iwf, encryption key and tegrity protection key carry out maintenance and management.
Step 307, completes further between MME and MTC device and recognizes each other card.
MTC-IWF information is issued MTC device by step 308, MME.
Step 309, MTC device store described MTC-IWF information, and carry out maintenance and management to the MTC-IWF information stored.
Step 310, MTC device generate shared key K according to key schedule iwf, and by shared key K iwfgenerate the next stage key for the protection of small data safe transmission, as encryption key and tegrity protection key, and preserve described shared key K iwf, encryption key and tegrity protection key.
Embodiment three
In this embodiment, during MTC device attachment, MTC device and MTC-IWF generate shared key K iwf, need according to system or according to small data transmission safeguard protection needs, adhering to and generating shared key K iwfafter, MTC device initiates the generative process of the next stage key for small data transmission safeguard protection generated between MTC-IWF, and as shown in Figure 4, the method can comprise following step:
Step 401, at generation shared key K iwfafterwards, MTC device sends security association request information via MME to MTC-IWF;
Here, security algorithm information, MTC device information and other information for certification and secret generating can be comprised in described security association request information;
Concrete, described security association request information can be sent by NAS signaling.
Step 402, after MTC-IWF receives security association request information, according to the shared key K stored iwfcertification is carried out to MTC device, and by shared key K iwfgenerate the next stage key for the protection of small data safe transmission, as encryption key and tegrity protection key.
Step 403, MTC-IWF sends security association response message to MTC device;
Here, described security association response message can comprise security algorithm information, MTC-IWF information and other information for certification and secret generating.
Step 404, MTC device is according to the shared key K stored iwfcertification is carried out to MTC-IWF, and by shared key K iwfgenerate the next stage key for the protection of small data safe transmission, as encryption key and tegrity protection key.
Step 405, carries out small data safe transmission by the encryption key of generation and tegrity protection key between MTC device and MTC-IWF.
In above-described embodiment one, two, three, SGSN also can be used to replace MME.
Corresponding to the above-mentioned key establishing method for MTC small data transmission, the embodiment of a kind of Key Establishing system for MTC small data transmission provided by the invention, as shown in Figure 5, described system comprises: HSS, MTC device and multiple MTC-IWF, wherein,
Described HSS, for after receiving authentication data request information, for the MTC device sending attachment solicited message specifies a MTC-IWF carrying out small data transmission, sets up the incidence relation also between store M TC equipment and MTC-IWF; Generate the shared key K between MTC device and MTC-IWF iwf; MTC-IWF information is issued MTC device via mobile management entity MME or GPRS serving GPRS support node SGSN; By the shared key K of MTC device information and generation iwfsend to the MTC-IWF specified;
Described MTC-IWF, for storing the MTC device information and shared key K that receive iwf;
Described MTC device, for storing the MTC-IWF information and generation shared key K that receive iwf.
Preferably, described HSS, also for passing through shared key K iwfgenerate next stage key;
Described MTC device, also for passing through shared key K iwfgenerate next stage key.
Preferably, described MTC device, also for sending security association request information via MME or SGSN to MTC-IWF; After receiving the security association response message that MTC-IWF sends, according to the shared key K stored iwfcertification is carried out to MTC-IWF, and by described shared key K iwfgenerate next stage key;
Described MTC-IWF, also for after receiving security association request information, according to the shared key K stored iwfcertification is carried out to MTC device, and by described shared key K iwfgenerate next stage key; Security association response message is sent to MTC device.
Preferably, described next stage key comprises encryption key and tegrity protection key.
Preferably, described authentication data request information comprises identity information and the MTC device MTC ability information of MTC device and send/receive small data ability information;
Accordingly, described HSS, for according to described MTC device MTC ability information, sending/receiving small data ability information and the information of each MTC-IWF that self stores, for the MTC device sending attachment solicited message specifies a MTC-IWF carrying out small data transmission, set up, store and safeguard the incidence relation between MTC device and MTC-IWF.
In actual applications, the embodiment of the Key Establishing system for MTC small data transmission provided by the invention, figure as indicated with 6, comprising: MTC device, for store M TC-IWF information and small data transmission shared key information; MME, for NAS signaling procedure; HSS, for management maintenance MTC-IWF information, also may be used for administering and maintaining MTC device information, also may be used for setting up, storing and safeguard the incidence relation between MTC device and MTC-IWF, for MTC device specifies a MTC-IWF carrying out small data transmission, generate the shared key between MTC device and MTC-IWF; Each MTC-IWF is MTC-IWF1 and MTC-IWF2 in this example, for store M TC facility information and small data transmission shared key information.
Fig. 7 is the device structure schematic diagram of the present invention for the Key Establishing system of MTC small data transmission, and as shown in Figure 7, the equipment of this system can comprise: MTC device, MME, MTC-IWF and HSS.
Particularly, as shown in Figure 7, the equipment of described system specifically comprises:
First memory management unit, for storage administration MTC device information and key information;
Second memory management unit, for storage administration MTC-IWF information and key information;
3rd memory management unit, for storage administration MTC-IWF information and MTC device information, the related information of storage administration MTC-IWF and MTC device;
Allocation units, for the MTC-IWF according to MTC device attachment information distribution specified associations;
First, second, third transmission/reception unit, for transmission and the reception of signaling information, key information, facility information and small data;
Judging unit, for judging whether described MTC-IWF can forward small data information;
First, second key agreement unit, for negotiating about cipher key shared, as encryption key and Integrity Key.
In the above-described embodiments, SGSN also can be used to replace MME.
Obviously, those skilled in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, they can be stored and be performed by calculation element in the storage device, and in some cases, step shown or described by can performing with the order be different from herein, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (10)

1. for a key establishing method for machine type communication MTC small data transmission, it is characterized in that, described method comprises:
Receive the home subscriber server HSS of authentication data request information, for the MTC device sending attachment solicited message specifies a MTC interworking function entity MTC-IWF carrying out small data transmission;
Described HSS generates the shared key K between MTC device and MTC-IWF iwf;
MTC-IWF information is issued MTC device via mobile management entity MME or GPRS serving GPRS support node SGSN by described HSS;
Described HSS is by the shared key K of MTC device information and generation iwfsend to the MTC-IWF specified;
The MTC device information that described MTC-IWF storage receives and shared key K iwf;
Described MTC device generates shared key K iwf.
2. method according to claim 1, is characterized in that, generates the shared key K between MTC device and MTC-IWF at described HSS iwfafterwards, described method also comprises:
Described HSS is by shared key K iwfgenerate next stage key;
Accordingly, shared key K is generated in MTC device iwfafterwards, described method also comprises:
MTC device is by shared key K iwfgenerate next stage key.
3. method according to claim 1, is characterized in that, generates shared key K in MTC device iwfafterwards, described method also comprises:
MTC device sends security association request information via MME or SGSN to MTC-IWF;
After MTC-IWF receives security association request information, according to the shared key K stored iwfcertification is carried out to MTC device, and by described shared key K iwfgenerate next stage key;
MTC-IWF sends security association response message to MTC device;
MTC device is according to the shared key K stored iwfcertification is carried out to MTC-IWF, and by described shared key K iwfgenerate next stage key.
4. according to the method in claim 2 or 3, it is characterized in that, described next stage key comprises encryption key and tegrity protection key.
5. method according to claim 1, is characterized in that, described authentication data request information comprises identity information and the MTC device MTC ability information of MTC device and send/receive small data ability information;
Accordingly, the described MTC device for sending attachment solicited message specifies a MTC-IWF carrying out small data transmission to be:
HSS, according to described MTC device MTC ability information, the information that send/receive each MTC-IWF of small data ability information and self storage, specifies a MTC-IWF carrying out small data transmission for sending the MTC device of adhering to solicited message.
6. for a Key Establishing system for machine type communication MTC small data transmission, it is characterized in that, described system comprises: home subscriber server HSS, MTC device and multiple MTC interworking function entity MTC-IWF, wherein,
Described HSS, for after receiving authentication data request information, for the MTC device sending attachment solicited message specifies a MTC-IWF carrying out small data transmission; Generate the shared key K between MTC device and MTC-IWF iwf; MTC-IWF information is issued MTC device via mobile management entity MME or GPRS serving GPRS support node SGSN; By the shared key K of MTC device information and generation iwfsend to the MTC-IWF specified;
Described MTC-IWF, for storing the MTC device information and shared key K that receive iwf;
Described MTC device, for generating shared key K iwf.
7. system according to claim 6, is characterized in that,
Described HSS, also for passing through shared key K iwfgenerate next stage key;
Described MTC device, also for passing through shared key K iwfgenerate next stage key.
8. system according to claim 6, is characterized in that, described MTC device, also for sending security association request information via MME or SGSN to MTC-IWF; After receiving the security association response message that MTC-IWF sends, according to the shared key K stored iwfcertification is carried out to MTC-IWF, and by described shared key K iwfgenerate next stage key;
Described MTC-IWF, also for after receiving security association request information, according to the shared key K stored iwfcertification is carried out to MTC device, and by described shared key K iwfgenerate next stage key; Security association response message is sent to MTC device.
9. the system according to claim 7 or 8, is characterized in that, described next stage key comprises encryption key and tegrity protection key.
10. system according to claim 6, is characterized in that, described authentication data request information comprises identity information and the MTC device MTC ability information of MTC device and send/receive small data ability information;
Accordingly, described HSS, for according to described MTC device MTC ability information, the information that send/receive each MTC-IWF of small data ability information and self storage, for the MTC device sending attachment solicited message specifies a MTC-IWF carrying out small data transmission.
CN201310334433.6A 2013-08-02 2013-08-02 Key establishment method and system used for small-data transmission of machine-type communication Pending CN104349311A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201310334433.6A CN104349311A (en) 2013-08-02 2013-08-02 Key establishment method and system used for small-data transmission of machine-type communication
PCT/CN2013/086244 WO2014161300A1 (en) 2013-08-02 2013-10-30 Method and system for establishing key for transmitting machine type communication small data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310334433.6A CN104349311A (en) 2013-08-02 2013-08-02 Key establishment method and system used for small-data transmission of machine-type communication

Publications (1)

Publication Number Publication Date
CN104349311A true CN104349311A (en) 2015-02-11

Family

ID=51657490

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310334433.6A Pending CN104349311A (en) 2013-08-02 2013-08-02 Key establishment method and system used for small-data transmission of machine-type communication

Country Status (2)

Country Link
CN (1) CN104349311A (en)
WO (1) WO2014161300A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105432058A (en) * 2013-07-31 2016-03-23 日本电气株式会社 Devices and method for MTC group key management
WO2016165443A1 (en) * 2015-09-02 2016-10-20 中兴通讯股份有限公司 Method for protecting machine type communication device, network entity, and mtc device
CN108616354A (en) * 2018-04-27 2018-10-02 北京信息科技大学 Cryptographic key negotiation method and equipment in a kind of mobile communication

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105684469A (en) 2013-10-31 2016-06-15 日本电气株式会社 Apparatus, system and method for mtc
US9992670B2 (en) * 2014-08-12 2018-06-05 Vodafone Ip Licensing Limited Machine-to-machine cellular communication security

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102355743A (en) * 2011-09-23 2012-02-15 电信科学技术研究院 Management method and management device for UE (User Equipment) context information
CN102523315A (en) * 2011-12-22 2012-06-27 电信科学技术研究院 Method and apparatus for determining MTC-IWF entity
WO2013006219A1 (en) * 2011-07-01 2013-01-10 Intel Corporation Small data communications in a wireless communication network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013006219A1 (en) * 2011-07-01 2013-01-10 Intel Corporation Small data communications in a wireless communication network
CN102355743A (en) * 2011-09-23 2012-02-15 电信科学技术研究院 Management method and management device for UE (User Equipment) context information
CN102523315A (en) * 2011-12-22 2012-06-27 电信科学技术研究院 Method and apparatus for determining MTC-IWF entity

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
3GPP ORGANIZATIONAL PARTNERS (ARIB, ATIS, CCSA, ETSI, TTA, TTC): ""3rd Generation Partnership Project;Technical Specification Group Services and System Aspects;Security aspects of Machine-Type and other Mobile Data Applications Communications Enhancements(Release 12)"", 《3GPP TR 33.868 V0.13.0》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105432058A (en) * 2013-07-31 2016-03-23 日本电气株式会社 Devices and method for MTC group key management
US11570161B2 (en) 2013-07-31 2023-01-31 Nec Corporation Devices and method for MTC group key management
WO2016165443A1 (en) * 2015-09-02 2016-10-20 中兴通讯股份有限公司 Method for protecting machine type communication device, network entity, and mtc device
CN108616354A (en) * 2018-04-27 2018-10-02 北京信息科技大学 Cryptographic key negotiation method and equipment in a kind of mobile communication

Also Published As

Publication number Publication date
WO2014161300A1 (en) 2014-10-09

Similar Documents

Publication Publication Date Title
EP4425823A1 (en) Key obtaining method and apparatus
EP2903322B1 (en) Security management method and apparatus for group communication in mobile communication system
RU2490808C1 (en) Method and system for managing body area network using coordinator device
JP5508548B2 (en) MTC device authentication method, MTC gateway and related device
CN104661171B (en) Small data secure transmission method and system for MTC (machine type communication) equipment group
CN102595389B (en) A kind of method and system of MTC server shared key
US11910184B2 (en) Method for establishing a secure connection between a UE and a network, a user equipment and a communication system
US11368841B2 (en) Network access authentication method and device
CN102469458B (en) Group authentication method in a kind of M2M communication and system
CN104737572A (en) Method and apparatus of providing integrity protection for proximity-based service discovery with extended discovery range
EP3058693A1 (en) Selection and use of a security agent for device-to-device (d2d) wireless communications
CN102572818B (en) A kind of application key management method of MTC group device and system
CN109716834A (en) Temporary identifier in wireless communication system
US20150229620A1 (en) Key management in machine type communication system
CN101242630A (en) Method, device and network system for secure algorithm negotiation
CN104349311A (en) Key establishment method and system used for small-data transmission of machine-type communication
CN103841547A (en) Downlink data transmission method, device and system
CN105144766A (en) Group authentication in broadcasting for mtc group of ues
JP6097757B2 (en) Method and apparatus for transmitting and receiving multicast data in a wireless communication system
CN102685730A (en) Method for transmitting context information of user equipment (UE) and mobility management entity (MME)
CN104936306B (en) MTC device group small data secure transmission connection establishment method, HSS and system
EP3059989B1 (en) Method for realizing secure communications among machine type communication devices and network entity
CN106162515B (en) Method, device and system for machine type communication safety communication
EP4231751A1 (en) Wireless communication method, device, and system
GB2493722A (en) Machine-to-machine transmission using a bearer connection with a security context

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20150211