KR101998425B1 - A Method for Providing Security for M2M message And Apparatus therefor - Google Patents

Abstract

In the method for providing validity determination and delayed attack detection for an M2M message according to the present invention, a message transmission time may be determined by referring to a minimum time period (minimalTimeBetweenNotifications) and a delay tolerance (the delayTolerance) included in a M2M resource. Generating a notification message including eligible time and an elapsed time, transmitting the generated notification message to the issuer, and determining the validity and delayed attack of the notification message received by the issuer And generating a response to the received notification message based on the determination result of the issuer and transmitting the response to the hosting service capability layer.

Description

A method for Providing Security for M2M message And Apparatus therefor}

The present invention relates to a machine to machine (M2M) technology, and more particularly, to a method and apparatus for validating and securing a message in an ETSI M2M system.

M2M (Machine to machine communication), Machine type communication (MTC), Internet of Thing (IOT), Smart Device communication, or Machine oriented communication (Machine oriented communication) Refers to all communication methods in which communication is performed without intervention.

In ETSI (European Telecommunications Standards Institute) M2M, subscription means a relationship between a subscriber and a subscribed-to resource. The subscriber becomes an application or a service capability layer (SCL), and the subscribed resource refers to a resource subscribed by the subscriber among the resources of the hosting SCL.

According to the ETSI M2M standard, when a change occurs, such as an update, for a subscribed-to resource, the hosting SCL sends a notification message to the subscriber. These notification actions are defined in terms of subscription management, along with actions such as resource subscription, subscription update, subscription retrieve, and unsubscribe. Corresponds to the action.

FIG. 1 is a view for explaining a notification operation during a subscription management operation defined in ETSI M2M.

Among the subscription management operations defined by ETSI M2M, resource subscription, subscription update, subscription retrieve, and unsubscribe operations are commonly issued issuers. Requests each corresponding action for the subscription resource to the hosting SCL, and the hosting SCL is performed in a manner that responds back to the subscriber after performing the appropriate process.

However, in the case of the notification operation, the hosting SCL predefines an event that needs to be informed to the subscriber, and when the event occurs, the hosting SCL sends a notification message to the subscriber to inform that the event has occurred. . The subscriber responds to this.

Hereinafter, a notification operation among subscription management methods proposed by the ETSI TC M2M will be described.

The Hosting SCL performs notifications based on attributes that have been previously negotiated with the subscriber, such as minimumTimeBetweenNotifications or delayTolerance, and the transmission of these messages takes place at that time. Compliance is a feature that is very critical (timing-critical).

Looking at the security-related part of such a notification action, first, only the action of the sending side of the notification message is considered, and the receiving side of the sent notification message has the validity. There is no way to judge.

According to ETSI M2M, there are security methods such as the validity determination through a predefined encryption technology regarding modifications such as manipulation of the message itself. In addition, encryption-related defense against timing-related attacks in the wireless environment, such as masquerade attack, replay attack, and message manipulation attack, may be performed.

However, it is not a modification of the notification message itself, but a malicious attack such as a modification related to the message, such as a delay attack of the message transmission in a timing-critical where the message itself is valid but time observance is very important. There is no method for judging and coping with this problem.

Therefore, when the receiving side, i.e., the subscriber, receives a notification message from the hosting SCL, for example, the sending side may mistake the delayTolerance value as an invalid message that has elapsed despite being a valid notification message transmitted normally. There should be a way to determine whether the message is valid so that security confusion such as discard) does not occur.

The present invention provides a message security method and apparatus for determining the validity of a notification message received by a subscriber M2M terminal.

According to an aspect of the present invention, the method includes: receiving a notification message including a message notification time (Notification Eligible Point) and a message transmission time (Notification Sent Point) from a hosting service capability layer (SCL); And determining the validity of the received message based on the notification eligible point and the notification sent point.

In the message validity determination step, a received time of the received message is compared with an expired point of transmission of the received message, and the expired time is determined by adding a delay tolerance to the transmittable time. Can be calculated.

In addition, if the reception time is before the expiration time, it may be determined that the received message is valid. And when the reception time is equal to or after the expiration time, comparing the notification time of the received message with the expiration point, and if the transmission time is before the expiration time, the reception. The received message may be determined to be valid but there is a delay attack, and if the transmission time is equal to or later than the expiration time, the received message may be determined to be invalid.

According to another aspect of the present invention, if a notification message including a message transmission time (Notification Eligible Point) and a message transmission time (Notification Sent Point) is received from a hosting service capability layer (SCL), An M2M terminal is provided that determines the validity of the received message based on a notification eligible point and a notification sent point.

In addition, according to another aspect of the present invention, the method comprises: creating a notification message to be transmitted to a subscriber for an M2M resource in a hosting service capability layer (SCL); And transmitting the notification message to the subscriber, wherein the hosting SCL generates and transmits the notification message with reference to a predetermined minimum transmission period (minimalTimeBetweenNotifications) and a delay tolerance value of the notification message, The notification message includes a message transmission time (Message Notification Eligible Point) and the message transmission time (Message Notification Sent Point) attributes are provided.

 According to another aspect of the present invention, in writing a notification message to be transmitted to a subscriber for an M2M resource, refer to a predefined minimum time interval (minimalTimeBetweenNotifications) and delayTolerance of the notification message, the notification (notification) M2M platform is provided to include a message (Notification Eligible Point) and the message sent time (Notification Sent Point) attributes.

According to the present invention, the subscriber M2M terminal can determine whether or not the received notification message is valid, thereby improving message security.

In addition, the present invention can effectively detect a delay attack on a notification message that cannot be solved by an encryption-based security method.

1 is a diagram for explaining an M2M message management operation.
2 is a view for explaining an example of the structure of an M2M system to which the present invention is applied.
3 to 5 are diagrams for explaining the validity determination method associated with the transmission of the notification message according to the present invention.
6 is a view illustrating a notification message transmission process according to the present invention.
7 is a view for explaining a method of determining the validity of the notification message and whether there is a delayed attack according to the present invention.
8 is a flowchart illustrating a method of determining message validity and delayed attack at a notification message receiving side according to an embodiment of the present invention.

Hereinafter, some embodiments of the present invention will be described in detail with reference to the accompanying drawings. In adding reference numerals to the components of each drawing, it should be noted that the same reference numerals are assigned to the same components as much as possible even though they are shown in different drawings. In addition, in describing the present invention, when it is determined that the detailed description of the related well-known configuration or function may obscure the gist of the present invention, the detailed description thereof will be omitted.

In addition, in describing the component of this invention, terms, such as 1st, 2nd, A, B, (a), (b), can be used. These terms are only for distinguishing the components from other components, and the nature, order or order of the components are not limited by the terms. If a component is described as being "connected", "coupled" or "connected" to another component, that component may be directly connected or connected to that other component, but between components It will be understood that may be "connected", "coupled" or "connected".

Embodiments of the present invention will be described based on communication of things. IoT can be used in various ways such as machine to machine communication (M2M), machine type communication (MTC), internet of things (IoT), smart device communications (SDC), or machine oriented communication (Machine Oriented Communication). Called, in the present specification will be described with respect to M2M. However, this description is not limited to M2M, but is applicable to all systems and structures that provide inter-device communication, that is, thing communication, and communication that occurs in these systems.

In addition, the IoT can be applied to various fields including smart meter, e-health, connected consumer, city automation, automotive application, and the like. .

The M2M object or apparatus in the present specification may be an M2M terminal (for example, may be an M2M standard terminal (D), an M2M non-standard terminal (d), or an M2M substandard terminal (D ′)), an M2M gateway ( G) or may be used as a higher concept including an M2M network server.

FIG. 2 is a view for explaining an example of the structure of an M2M system to which the present invention is applied and shows an M2M architecture described in an international standard, the European Telecommunication Standards Institute (ETSI) Technical Committee (TC) M2M.

Referring to FIG. 2, the M2M structure described in the International Telecommunication Standards Institute (ETSI) Technical Committee (TC) M2M standard is composed of a network domain 100 and a terminal / gateway domain 200.

The network domain 100 includes an access network 110, a core network 120, an M2M service capabilities 130, and an M2M application 140.

An access network 110 is a network that allows M2M gateways / terminals to access a core network, and includes xDSL, FTTH, Wi-Fi, and the like.

The core network 120 is an IP connection, supports roaming, and supports interworking with other networks, for example, 3GPP.

The M2M Service Capabilities 130 include functions commonly required for M2M services. Common features of M2M services provided by M2M Service Capabilities include xAE (Application Enablement), xGC (Generic Communication), xREM (Remote Entity Management), xRAR (Rechability, Addressing and Repository), xCS (Communication Selection), xSEC (Security) , 11 Service Capabilities (HDR), History and Data Retention (xHDR), Transaction Management (xTM), Interworking Proxy (xIP), Compensation Brokerage (xCB), and Telco Operator Exposure (xTOE), and mId (SCL) It is used via an open interface of mIa (between NSCL and NA) and dIa (between DSCL / GSCL and DA / GA).

M2M Service Capabilities (Service Capabilities) are present in the network domain 100 and the terminal / gateway domain 200 as the M2M platform, M2M service capabilities (NSCL: Network Service Capability Layer) of the network domain is implemented in the form of a server platform, The M2M service capabilities of the terminal / gateway domain 200 may be in the form of middleware such as a terminal platform 221 (DSCL: Device Service Capability Layer) or a gateway platform 211 (GSCL: Gateway Service Capability Layer). For example, it may be implemented to reside in a terminal or a gateway.

The M2M application is an application service that performs service logic and uses M2M service capabilities through an open interface, and exists in the network domain 100 and the terminal / gateway domain 200, respectively.

The M2M application of the network domain is generally known as a form of M2M application service 140 (NA: Network Application), and the M2M application of the terminal / gateway domain is generally a terminal app 222 (DA) or gateway app 212. (GA: Gateway Application) can reside in a gateway or a terminal to operate.

The M2M terminals 220 and 240 drive the M2M application 222 to use the functions of the network domain, so that M2M service capabilities (SC) of the M2M terminal 220 or the M2M gateway 210 (SC) 221 and 211. Can be interworked and interconnected in the network / application domain 100.

The service capability layer of the M2M terminal or the M2M gateway forms a specific interface with the service capability layer of the network domain to communicate with each other and operate.

In addition, the service capabilities of the network domain may interface with one or a plurality of core networks. In this case, the functions of the core network may be used through a known interface according to other existing standards.

To this end, according to the M2M standard structure, reference points of mIa, mId, and dIa are defined as mutual interfaces between the network domain 100 and the terminal and the gateway domain 200.

mIa is a reference point used in the network domain 100 and is an interface standard between an M2M service capability layer in the network (NSCL) 130, which is an M2M server platform, and a network application (NA) 140, which is a network application.

mId is an interface specification between the NSCL 130 of the network domain 100 and the terminal / gateway service capability (DSCL or GSCL) 211 and 221 of the terminal / gateway domain 200. That is, mId is an interface standard applied between the M2M server platform (NSCL) 130 and the M2M terminal / gateway platform (DSCL / GSCL) 221 and 211.

dIa is a reference point used in the M2M terminal / gateway domain 200, and is an interface between an M2M terminal platform (DSCL) 221 and a terminal application (DA), an M2M gateway platform (GSCL) 211, and a gateway. An interface of an application (GA), an interface specification of an M2M gateway platform 211 and a terminal application 240.

According to the ETSI M2M specification, data generated from M2M devices such as various sensors are stored in the form of resources with addresses that can be distinguished in a restful structure of a tree type. (resource) can be managed by methods defined according to M2M standard.

In ETSI M2M technology, CRUD (Create, Retrieve, Update, Delete) is defined as a method for resource management. In other words, the Create method is used to create a resource, and the Retrieve method is used to read the contents of the resource. In addition, the Update method is used to update the contents of the resource, and the Delete method is used to delete the resource. In addition to these four methods, methods for notify and execute are defined.

A resource, on the other hand, can have one or more attributes, which are metadata about the data stored in the resource, and these values actually represent information about the content of the resource. Among the properties of a resource, there are properties that contain time information when the resource is created or modified.

The M2M application and the M2M service capability may transfer data between the M2M application and the M2M service capability by using the above-described RESTful structure format using the representation information of only defined resources.

A method of providing validity determination and delayed attack detection for an M2M message according to the present invention, which is applied in the M2M environment as described above, will be described in more detail with reference to the accompanying drawings.

The notification procedure is initiated by sending a notification message, more specifically, when an event occurs where a hosting SCL should send a notification message, such as an update, to a resource. Such notification message transmission has a feature that timing compliance is very important as described above.

The hosting SCL checks whether an event is generated based on the attribute value defined in the subscription resource <subscription>, and generates and processes a notification message. Table 1 below shows attribute values defined in subscription resource <subscription>.

AttributeName Mandatory Of Optional Type Description expirationTime M RW See clause 9.2.2 Common attributes. minimalTimeBetweenNotifications O RW Minimal time between notifications in milliseconds.
Only one of minimalTimeBetweenNotifications and delayTolerance may be specified. delayTolerance O RW Minimal time between event and its notification.
Only one of minimalTimeBetweenNotifications and delayTolerance may be specified. creationTime M RO See clause 9.2.2 Common attributes. lastModifiedTime M RO See clause 9.2.2 Common attributes. filterCriteria O WO See clause 9.2.2 Common attributes. This attribute is write-once, which means that if the criteria change, the issuer shall create a new subscription and delete the old one. subscriptionType M RO Denotes whether it is a long polling or an asynchronous subscription. Contact M RW The URI where the subscriber wants to receive its notifications. This could be a URI of related to a notification Channel resource, e.g. if the subscriber is not server capable (in the latter case the subscriptionType will be set to synchronous). aggregateURI O RO The group hosting SCL generated URI for aggregating the notifications.

The Hosting SCL uses the subscriber's request to retrieve the attribute values defined in the <subscription> resource. Reading ( READ ), renewal( UPDATE ) Or delete ( DELETE ) do.

3 To  5 is a view for explaining an example of the operation associated with the transmission of the notification message.

3 To  5, hosting SCL Is a notification ( notification ) In the transmission of messages Attribute value  Minimum transmission cycle ( minimalTimeBetweenNotifications ) And / or delay tolerance ( delayTolerance ) Message transmission is performed based on the property.

3 shows a minimum transmission period ( minimalTimeBetweenNotifications ) Shows an example of transmitting a notification message based on the property.

Multiple continuous notifications ( Notification Messages, they must be sent at least of minimalTimeBetweenNotifications)  It should be sent at intervals.

Therefore, the first notification message ( Notif1 ) Is available for transfer ( eligible After the time (A) is the actual first notification message ( Notif1 Is the minimum transmission period (A1) minimalTimeBetweenNotifications) Elapsed  time( t1 Until the second notification message ( Notif2 (B) the minimum transmission period elapses ( t1 Only after the actual second notification message ( Notif1 Is transmitted (B1).

4 shows a minimum transmission period ( minimalTimeBetweenNotifications ) Shows another example of transmitting a notification message based on the property.

As mentioned above, a number of consecutive notifications ( Notification Messages, they must be sent at least minimalTimeBetweenNotifications Should be sent at intervals of

Therefore, the first notification message ( Notif1 ) Is available for transfer ( eligible After the time (A) is the actual first notification message ( Notif1 Is the minimum transmission period (A1) minimalTimeBetweenNotifications) Elapsed  time( t1 Second notification message between Notif2 ) And a third notification message ( notif3 When the plurality of notification messages, such as), can be transmitted at time B and time C, respectively, t1 ), Then all previous messages except the most recently made available are ignored and the most recent message ( Notif ) Is only sent ( C1 ). Therefore, a second notification message ( notif2 ) Is not sent.

5 is a delay tolerance value ( delayTolerance FIG. 4 illustrates an example of transmitting a notification message based on a property.

Notification messages can be sent ( eligible Predefined delay tolerance (A) delayTolerance ) Must be sent before.

Notification Message (notif1)  From the time point (A) that can be sent, notif1)  The time interval at which the actual transmission point (A1) is transmitted is delayed allowance ( delayTolerance Must be within

Hereinafter, the minimum transmission period (which is an attribute of the notification message as described above) minimalTimeBetweenNotifications)  Delayed tolerance ( delayTolerance ) With the receiving side ( Subscriber ) M2M  Determine the validity of the notification message received from the terminal and delay the attack ( delay attack Describes how to detect whether or not

Subscribers ( Subscriber )end M2M device ( Device ) or M2M  Gateway ( Gateway ), Hosting SCL The situation of communicating with a wireless environment is described, but the present invention is not limited thereto.

6 is a view illustrating a notification message transmission process according to the present invention.

Referring to Figure 6, hosting SCL 620 is a subscriber ( Subscriber It is determined whether an event to be reported to the 610 is generated and a notification message is generated when the event is generated ( S651 ). At this time , Hosting SCL The structure of the notification message generated by 620 ( notification  structure) is shown in Table 2 below.

The notification message structure according to the present invention includes an attribute (as shown in Table 2 below). attribute Are defined.

Attribute Mandatory Of Optional Description statusCode M The status code , that would correspond to  a retrieve  request on the Subscribed - to Resource . In case of  partial access  ( see clause  9.3.2.29) this corresponds  to the retrieve using the attribute accessor from the filter - criteria .
If the status code indicates an error , then this also  indicates that the subscription resource has been deleted . representation O The representation of the Subscribed - to Resource in  case the status code indicated  " success ".
For status codes indicating errors , the  representation may contain additional error  information that would have been present in the  corresponding retrieve response to the Subscribed - to Resource . subscription M Reference to the < subscription > resource that  generated this notification . Notification  Eligible Point M The time point or information that the notification  is created or triggered at the side of HostingSCL . Notification  Sent Point
O The time point or information that the notification  is sent at the side of HostingSCL .

Referring to Table 2, a notification message defines not only a status code, a representation, and a subscription attribute, but also a notification time point and a notification eligible point attribute.

Notification Eligible Point is a time period during which the actual notification message can be sent from the sending side of the notification message, that is, the hosting SCL side. It means the time when the condition is satisfied and ready to send the notification message. In addition, a notification time point means a time for sending a real notification message because a condition for sending a notification message is satisfied.

Referring back to Figure 5, it is possible to send a notification message ( Notif  x becomes eligible At one point in time Notification Eligible Point ), Actually hosted SCL This notification ( notification ) Sending a message ( Notif  x is sent ) Is the transmission time ( Notification Sent Point May be).

Hosting SCL 620 is a notification ( Notification ) When sending a message, Additionally  The transmission time and the transmission time (the timing information related to the notification message transmission) Notification Sent Point , Notification Eligible Point ) And send it, so that the recipient of the notification message M2M  Terminal ( Subscriber ), The notification ( notification ) Timing information related to message transmission can be shared with the sender.

Meanwhile, in the present invention, the subscriber ( Subscriber )sign M2M  Time synchronization between the device and the hosting SCL ( time synchronization ), This time synchronization is a beacon ( beaconing ) Or other time synchronization mechanisms proposed in the prior art.

Followed by hosting SCL 620 is a subscriber M2M To the terminal 610  Send the generated notification message ( S653 ).

As a result, subscribers ( Subscriber )sign M2M  The terminal 610 transmits the notification ( Notification ) Based on the information contained in the message. notification Timing information related to the delivery process, i.e., transmission time and transmission time ( Notification Sent Point , Notification Eligible Point Can be seen.

Subscriber M2M  The terminal 610 starts determining whether the received message is valid and whether there is a delayed attack by using timing information included in the received message ( S655 ).

7 shows the present invention Example  According to Notification ) A diagram for describing a method of determining whether a message is valid and whether a delayed attack exists.

Referring to Figure 7, the subscriber ( subscriber )sign M2M  Terminal 610 is hosted SCL When receiving the notification message from the (620), the transmission time ( Notification Sent Point ) And available time ( Notification Eligible Point Information using the expiration time ( Expired Point Can be seen. The expiration time is the available time (for sending the notification message) Notification  Eligible Point Delay tolerance from delayTolerance ) To  The time, that is, the time when the notification message transmission time expires.

Subscriber ( Subscriber ) Is already a lazy allowance ( delayTolerance ) Value, so the expiration time ( Expired Point ) Is the sum of the available transmission time and the delay tolerance ( Notification  Eligible Point  + delayTolerance Can be calculated as

So subscribers M2M  Accordingly, the terminal may perform a process of determining message validity and delayed attack for the received message.

When the process of determining message validity and delayed attack is completed, M2M  The terminal generates and hosts a response message for the received notification message. SCL To 620 ( S657 ). The response message may include a result of determining validity of the received notification message and a result of determining whether or not there is a delayed attack.

8 shows the present invention Example  Detailed description of the process of determining whether a message is valid and whether there is a delayed attack.

Referring to Figure 8, the subscriber M2M  The terminal receives a notification message ( S810 ).

Accordingly, subscribers M2M  The terminal may transmit a larger value of the transmittable time before the point in time when the notification message is received. Notification Eligible Point Determine whether a notification message having the value S820 ).

If a notification message with a larger transmittable time value has already been received before the notification message is received ( S820 Y), being a subscriber M2M  The terminal ignores the notification message with a smaller transmittable time even if the notification message is received more recently. drop )do( S830 ).

For example, notification Message 1 ( case  1) Notification 2 (case 2) or notification already received before Message 3 ( case  3) if you have received M2M  The terminal sends a notification message 1 ( case  1) Regardless of timing information Message 1 ( case  Ignore 1) drop)  do.

If this is not the case ( S820 N), being a subscriber M2M  The terminal receives the reception time (the timing information of the received notification message) Received time ) And expiration time ( Expired point Compare) S840 ).

According to the comparison, the reception time ( Received time ) Expires in Expired point ) Before ( S840 Y), once the received message is determined to be invalid ( S845 ).

The case in which the received notification message includes only a notification eligible point, which is a mandatory value, has been described.

Meanwhile, the present invention may consider a case in which the notification message additionally includes an optional Notification Sent Point value. This case is illustrated in step S860 of FIG. 8. If the received notification message includes a Notification Sent Point value, it may be determined whether there is a delay attack.

Subscriber M2M  When the terminal receives a message Notification Sent  Point) Determine whether it contains an attribute value ( S860 ).

As a result, the received message Notification Sent Point ) If you include ( S860 Y), being a subscriber M2M  The terminal transmits time ( Notification Sent Point ) Expires in Expired point)  Compare ( S865 ). As described above, the expiration time is the allowable transmission time and the delay allowance ( delayTolerance ) Can be calculated as a sum.

Send time Notification Sent Point ) Expires in Expired Point ) If you're a subscriber, M2M  The terminal determines that the received message is a valid message ( S870 ) ( case2 ).

In this case, however, Received time ) Only when the message is determined to be an invalid message, and is received after being delayed by a delayed attack, the message may be misrecognized as an invalid message. So subscribers M2M  The terminal determines that there was a delayed attack.

That is, if the value of the notification time (Notification Sent Point) is smaller than the expiration time, the determination in step S845 (that is, invalid notification message) is corrected to determine that the notification message is valid but there is a delayed attack. In this case, although the message is invalid based on the received point, it may be mistaken for an invalid message at the receiving side by a delayed attack.

On the other hand, the sending time ( Notification Sent Point is Expired Point ) equal to or later ( N in S865 ), the message is determined to be an invalid message and ignored ( drop ) (S880). That is, if the transmission time value is equal to or greater than the expiration time, the previous determination that the notification time message is invalid is maintained.

Accordingly, subscribers M2M  As described above, the terminal may inform the hosting SCL of the determination result of the validity of the message received through the response message or the success of receiving the message. It is also a subscriber M2M  The endpoint is hosted with a response message as to whether there was a delayed attack SCL You can let them know.

That is, as described above in operation S657 of FIG. 6, the subscriber M2M terminal may inform the hosting SCL of the determination result through a response message. Herein, the response message may be a subscription notification response (subscriptionNotifyResponseConfirm) message described in ETSI M2M.

At this time, if the notification message is valid as described above, but the delayed attack is detected or invalid notification message, the subscriber notifies the hosting SCL by specifying the status information of each content as a status code, for example, a status code (statusCode). You can send a (subscriptionNotifyResponseConfirm) message.

Table 3 shows the structure of a join notification response (subscriptionNotifyResponseConfirm) message.

SCL Primitive : subscriptionNotifyResponseConfirm Primitive attribute Mandatory Of Optional Description primitiveType M SUBSCRIPTION_NOTIFY_RESPONSE statusCode M Status code of the response

As described above, if a valid notification message is detected, but a delayed attack is detected, a status valid delayed attack (STATUS_VALID_AND_DELAYATTACK) may be used as a statusCode. By using these status codes, you can communicate that a valid notification message but a delayed attack has been detected. Therefore, when receiving a response message including STATUS_VALID_AND_DELAYATTACK as a status code, the hosting SCL may notify its application of this content without attempting to resend the notification message.

If it is determined that the notification message is not valid, STATUS_NOT_VALID_ERROR can be used as a status code. This status code can be used to convey that the received notification is an invalid notification. Therefore, when receiving a response message containing the STATUS_NOT_VALID_ERROR status code, the Hosting SCL generates and sends a new notification message after that notification message (meaning the notification message with the larger Sendable Time, Notification Sent Point, value described above). If not, you can try to resend the notification.

According to the present invention, as described above, two determination processes, that is, primary comparison of a received time and an expired time, and secondly, a notification time and an expired point ), It is possible to determine the validity of the notification message and to determine whether there is a delayed attack accordingly.

The above description is merely illustrative of the technical idea of the present invention, and those skilled in the art to which the present invention pertains may make various modifications and changes without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are not intended to limit the technical idea of the present invention but to describe the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The protection scope of the present invention should be interpreted by the following claims, and all technical ideas within the equivalent scope should be interpreted as being included in the scope of the present invention.

610: Subscriber 620: Hosted SCL

Claims (20)

In the M2M message security method,
Receiving a notification message including a notification eligible point and a notification sent point from a hosting service capability layer (SCL); And
Determining the validity of the received message based on the notification eligible point and the notification sent point.
In the message validity determination step,
Based on a result of comparing the received time of the received message with the expired point of the received message, the validity of the received message and whether or not the delayed attack is determined are determined.
If the reception time is the same as or after the transmission expiration time, further compares the notification time of the received message (Notification Sent Point) and the transmission time (Expired Point),
And if the transmission time is earlier than the transmission expiration time, the received message is valid but determines that there is the delayed attack. The method of claim 1,
The transmission expiration time is calculated by adding a delay tolerance (delayTolerance) to the transmittable time. The method of claim 2,
And if the reception time is earlier than the transmission expiration time, determining that the received message is valid. delete delete The method of claim 1,
And if the transmission time is equal to or later than the transmission expiration time, determining that the received message is not valid. In the M2M terminal,
Upon receiving a notification message including a notification eligible point and a message sending time from a hosting service capability layer (SCL), the notification eligible point and It is characterized by determining the validity of the received message on the basis of a transmission time (Notification Sent Point),
In determining the validity of the message,
Based on a result of comparing the received time of the received message with the expired point of the received message, the validity of the received message and whether or not the delayed attack is determined are determined.
If the reception time is the same as or after the transmission expiration time, further compares the notification time of the received message (Notification Sent Point) and the transmission time (Expired Point),
And if the transmission time is earlier than the transmission expiration time, the received message is valid but determines that there is the delayed attack. The method of claim 7, wherein
The transmission expiration time is calculated by adding a delay allowance (delayTolerance) to the transmittable time. The method of claim 8,
M2M terminal, it characterized in that it is determined that the received message is valid if the reception time is before the transmission expiration time. delete delete The method of claim 7, wherein
And if the transmission time is equal to or later than the transmission expiration time, determining that the received message is invalid. delete delete delete delete delete delete delete delete

Images