[go: up one dir, main page]

WO2017155162A1 - Procédé d'annonce de ressource de politique de contrôle d'accès et appareil associé dans un système de communication sans fil - Google Patents

Procédé d'annonce de ressource de politique de contrôle d'accès et appareil associé dans un système de communication sans fil Download PDF

Info

Publication number
WO2017155162A1
WO2017155162A1 PCT/KR2016/007166 KR2016007166W WO2017155162A1 WO 2017155162 A1 WO2017155162 A1 WO 2017155162A1 KR 2016007166 W KR2016007166 W KR 2016007166W WO 2017155162 A1 WO2017155162 A1 WO 2017155162A1
Authority
WO
WIPO (PCT)
Prior art keywords
resource
announced
access control
control policy
cse
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2016/007166
Other languages
English (en)
Korean (ko)
Inventor
김성윤
정승명
김동주
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
LG Electronics Inc
Original Assignee
LG Electronics Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by LG Electronics Inc filed Critical LG Electronics Inc
Publication of WO2017155162A1 publication Critical patent/WO2017155162A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor

Definitions

  • the present invention relates to a method and apparatus for same for announcing an access control policy resource in a wireless communication system.
  • RESTful representational state transfer
  • IoT Internet of things
  • oneM2M has the ability to make some or all copies (announced resources) of the original resource so that other entities (AE or CSE) can get information through the copy resource.
  • AE or CSE entities
  • access control is performed by obtaining information of an access control policy resource. If the access control policy resource is located in an entity (CSE) that requires a network connection, access is not possible. Specifies a technique for enabling access control at all times when control cannot be performed properly.
  • CSE entity
  • a link to an access control policy resource corresponding to the copy resource can also be copied.
  • a technique of not copying is proposed.
  • the present invention proposes a method for announcing an access control policy resource to another device or entity.
  • a method for announcing an access control policy resource for an announced resource in a wireless communication system the method being performed by a receiving device, and from the originating device to the receiving device.
  • Receiving a request to create or update an announced resource of an original resource stored by the user Determining if access control policy link (s) for the announced resource need to be announced; If the access control policy link (s) need to be announced, confirming that a condition for announcement of the access control policy resource is satisfied; If the condition is satisfied, the announcement of the access control policy resource (s) stored by the receiving device among the access control policy resource (s) corresponding to all the access control policy link (s) of the announced resource.
  • the request sent to may include the address (es) of the announced resource of the access control policy resource (s) as an access control policy link value.
  • determining if the access control policy link (s) of the announced resource needs to be announced by determining that the announced resource is a parent resource of an original resource stored at the receiving device. Determining whether it corresponds to an announced resource and a child-parent relationship and / or has the same access control policy link (s) value as the announced resource of the parent resource of the original resource. .
  • whether the announced resource corresponds to the announced resource of the parent resource of the original resource stored in the receiving device and a child-parent relationship is determined by the parent resource of the original resource being analyzed. Determined by whether the resource is already announced to a device to create or update a resource, and whether specific attribute values of a parent resource of the original resource include a specific attribute value included in the received request, wherein the specific attribute is It may be an announceTo attribute.
  • condition may include when the receiving device is not always accessible or when the announcement of the access control policy resource (s) is preset.
  • the method may create or update an announced resource, including attributes to be announced among the attributes of the original resource, unless the access control policy link (s) need to be announced.
  • the method may further include transmitting a request to the target device.
  • a request for generating an announced resource of an access control policy resource (s) already advertised to another device among the access control policy resource (s) stored by the receiving device may not be transmitted. have.
  • the address or identifier of the third device may be preset to the receiving device or stored at a specific address within the receiving device.
  • the third device and the target device may be identical.
  • a receiving apparatus configured to announce an access control policy resource for an announced resource in a wireless communication system
  • the receiving apparatus comprising: a transmitter; receiving set; And a processor configured to control the transmitter and the receiver, the processor receiving a request from an originating device to create or update an announced resource of an original resource stored by the receiving device, and Determine if the access control policy link (s) for the authorized resource need to be announced, and if the access control policy link (s) need to be announced, announce the announcement of the access control policy resource. Check whether the condition is satisfied, and if the condition is satisfied, an access control policy stored by the receiving device among access control policy resource (s) corresponding to all access control policy link (s) of the announced resource.
  • the address (es) can be included as an access control policy link value.
  • the processor may determine that the announced resource is stored in the receiving device to determine if the access control policy link (s) of the announced resource need to be announced. Can be configured to determine whether it corresponds to an announced resource and child-parent relationship of a parent resource and / or has the same access control policy link (s) value as the announced resource of the parent resource of the original resource. have.
  • whether the announced resource corresponds to the announced resource of the parent resource of the original resource stored in the receiving device and a child-parent relationship is determined by the parent resource of the original resource being analyzed. Determined by whether the resource is already announced to a device to create or update a resource, and whether specific attribute values of a parent resource of the original resource include a specific attribute value included in the received request, wherein the specific attribute is It may be an announceTo attribute.
  • condition may include when the receiving device is not always accessible or when the announcement of the access control policy resource (s) is preset.
  • the processor may create or update an announced resource, including attributes to be announced among the attributes of the original resource, unless the access control policy link (s) need to be announced. And send a request to the target device.
  • a request for generating an announced resource of an access control policy resource (s) already advertised to another device among the access control policy resource (s) stored by the receiving device may not be transmitted. have.
  • the address or identifier of the third device may be preset to the receiving device or stored at a specific address within the receiving device.
  • the third device and the target device may be identical.
  • access control policy resources are always accessible, and in particular, when an access control policy resource is announced to an announced resource owning CSE, an access control on the announced resource is performed. This can reduce the network load.
  • FIG. 1 illustrates a functional structure in an M2M communication system.
  • FIG 2 illustrates a configuration supported by the M2M communication system based on the M2M function structure.
  • FIG. 3 illustrates a common service function provided in an M2M communication system.
  • FIG. 4 illustrates a resource structure present in an M2M application service node and an M2M infrastructure node.
  • M2M application service nodes eg, M2M devices
  • M2M infrastructure nodes e.g. M2M devices
  • FIG. 6 illustrates a procedure of exchanging request and response messages used in an M2M communication system.
  • FIG 11 illustrates an operation according to an embodiment of the present invention.
  • FIG 13 illustrates an operation according to an embodiment of the present invention.
  • FIG. 17 shows a block diagram of an apparatus configured to perform embodiment (s) of the present invention.
  • a device for device-to-device communication that is, an M2M device or device may be fixed or mobile, and various devices for transmitting and receiving user data and / or various control information by communicating with a server for device-to-device communication, that is, an M2M server. Belong to this.
  • the M2M device or device may include a terminal equipment, a mobile station (MS), a mobile terminal (MT), a user terminal (UT), a subscriber station (SS), a wireless device, a personal digital assistant (PDA), It may be called a wireless modem, a handheld device, or the like.
  • an M2M server generally refers to a fixed station that communicates with M2M devices or devices, and / or other M2M servers, and communicates with M2M devices or devices and / or other M2M servers. Exchange various data and control information.
  • M2M applications can be installed or mounted on M2M devices / devices, M2M gateways, or M2M servers.
  • oneM2M defines a common M2M service framework (or service platform, common service entity (CSE), etc.) for various M2M applications (or application entities (AEs)).
  • M2M applications are software that implements service logic such as e-Health, City Automation, Connected Consumer, Automotive, etc.
  • the oneM2M service framework includes the functions that are common to implement these various M2M applications. have.
  • M2M applications can be easily implemented without having to configure each framework required for various M2M applications. It can integrate the M2M market, which is currently divided into multiple M2M verticals such as Smart Building, Smart Grid, e-Health, Transportation, Security, etc. around a common oneM2M service framework, which will greatly facilitate the M2M market. It is expected to be.
  • FIG. 1 illustrates a functional structure in an M2M communication system. Describe each entity.
  • Application entity (AE, 101): The application entity provides the application logic for the end-to-end M2M solution.
  • AEs include cargo tracking, remote blood sugar monitoring, remote power measurement and control applications.
  • Application Entity provides Application logic for the end-to-end M2M solutions.
  • Examples of the Application Entities can be fleet tracking application, remote blood sugar monitoring application, or remote power metering and controlling application.
  • It may be referred to as an M2M application.
  • CSE Common Service Entity
  • the CSE consists of the service functions defined in oneM2M that are common to the M2M environment. These service functions can be used by registered AEs and other CSEs exposed through reference points Mca and Mcc.
  • the reference point Mcn is used to access the services of the underlying network.
  • a Common Services Entity comprises the set of "service functions" that are common to the M2M environments and specified by one M2M. Such service functions are exposed to other entities through Reference Points Mca and Mcc.Reference point Mcn is used for accessing Underlying Network Service Entities.
  • CSF Common Services Functions
  • Some CSFs in a CSE must be present and some may optionally be present.
  • some of the functions in the CSF must exist and some of the functions can optionally be present. (Eg, within the “device management” CSF, some of the application software installation, firmware updates, logging, and monitoring are mandatory and some are optional.)
  • Underlying Network Service Entity (NSE) 103 The NSE provides services to the CSE, such as device management, location services, device triggering, and the like. N Underlying Network Services Entity provides services to the CSEs.Examples of such services include device management, location services and device triggering.No particular organization of the NSEs is assumed.Note: Underlying Networks provide data transport services between entities in the one M2M system.Such data transport services are not included in the NSE.)
  • the Mca reference point is the reference point between the AE and the CSE.
  • the Mca reference point allows the AE to communicate with the CSE so that the AE can use the services provided by the CSE. (This is the reference point between an Application Entity and a CSE.
  • the Mca reference point shall allow an Application Entity to use the services provided by the CSE, and for the CSE to communicate with the Application Entity.)
  • the Mcc reference point is the reference point between two CSEs.
  • the Mcc reference point allows the CSE to use the services of other CSEs.
  • the services provided through the Mcc reference point depend on the functions provided by the CSE. (This is the reference point between two CSEs.
  • the Mcc reference point shall allow a CSE to use the services of another CSE in order to fulfill needed functionality.
  • the Mcc reference point between two CSEs shall be supported over different M2M physical entities. The services offered via the Mcc reference point are dependent on the functionality supported by the CSEs)
  • Mcn reference point is the reference point between the CSE and the NSE.
  • the Mcn reference point allows the CSE to use the services provided by the NSE. (This is the reference point between a CSE and the Underlying Network Services Entity.
  • the Mcn reference point shall allow a CSE to use the services (other than transport and connectivity services) provided by the Underlying Network Services Entity in order to fulfill the needed functionality
  • Services provided by the NSE mean more than simple services such as transport and connectivity services, and services such as device triggering, small data transmission, and positioning. Is an example.
  • the Mcc 'reference point is used for communication between CSEs belonging to different M2M service providers.
  • the Mcc 'reference point may be similar in that it links the Mcc reference point and the CSE, but if the existing Mcc reference point was confined to communication within a single M2M service provider, the Mcc' reference point would extend the Mcc to different M2M service providers. Can be seen as a concept.
  • the M2M communication system is not limited to the illustrated configuration and can support more diverse configurations.
  • the concept of a node which is important for understanding the illustrated configuration, will be described.
  • ADN Application Dedicated Node
  • An Application Dedicated Node is a Node that contains at least one Application Entity and does not contain a Common Services Entity.
  • the Mca reference point can be connected to one middle node or one infrastructure node.
  • ADN may exist in an M2M device.
  • An Application Service Node is a Node that contains one Common Services Entity and contains at least one Application Entity.
  • the Mcc reference point can be connected to one middle node or one infrastructure node.
  • the ASN can exist in the M2M device.
  • Middle Node A Middle Node is a Node that contains one Common Services Entity and may contain Application Entities.
  • a Middle Node communicates over a Mcc references point with at least two other Nodes among either (not exclusively):
  • ASNs One or more application service nodes (ASNs);
  • MNs Middle nodes
  • One infrastructure node (IN).
  • the MN may be connected through the ADN and the Mca reference point. MN may be present in the M2M gateway.
  • An Infrastructure Node is a Node that contains one Common Services Entity and may contain Application Entities. IN may be present in the M2M server.
  • the infrastructure node may communicate with the following nodes through the MN or ASN and the Mcc reference point.
  • An Infrastructure Node communicates over a Y reference point with either:
  • One or more middle node (s);
  • Infrastructure nodes can communicate via ADN and Mca reference points. (An Infrastructure Node may communicate with one or more Application Dedicated Nodes over one or more respective Mca reference points.)
  • FIG. 3 illustrates a common service function provided in an M2M communication system.
  • M2M service functions ie, common service functions
  • M2M communication system include 'Communication Management and Delivery Handling', 'Data Management and Repository', 'Device Management', 'Discovery' and 'Group as shown in FIG. Management "," Addressing and Identification ",” Location “,” Network Service Exposure, Service Execution and Triggering ",” Registration “,” Security “,” Service Charging and Accounting “,” Session Management ",” Subscription and Notification " have.
  • CMDH Communication Management and Delivery Handling
  • DMR Data Management and Repository
  • DMG Device Management: Plays a role for managing M2M devices / gateways. Detailed features include application installation and settings, configuration settings, firmware updates, logging, monitoring, diagnostics, and topology management.
  • DIS Discovery
  • GCG Group Management
  • a group can be created by grouping resources, M2M devices, or gateways. It manages requests related to groups.
  • AID Addressing and Identification
  • LOC Location
  • NSE Network Service Exposure, Service Execution and Triggering
  • Registration An M2M application or other CSE is responsible for handling registration with a particular CSE. Registration is performed to use the M2M service function of a specific CSE.
  • SEC Handles sensitive data such as security keys, establishes security associations, authenticates, authorizes, and protects identity.
  • SCA Service Charging and Accounting
  • Session Management Manages M2M sessions for end-to-end communication.
  • Subscription and Notification When a subscription is made to a specific resource, it plays a role in notifying that the resource is changed.
  • M2M common service functions are provided through the CSE, and the AE (or M2M applications) can use the common service functions through the Mca reference point or another CSE through the Mcc reference point.
  • the M2M common service function may operate in conjunction with an Underlying Network (or Underlying Network Service Entity (NSE), for example, 3GPP, 3GPP2, WiFi, Bluetooth).
  • NSE Underlying Network Service Entity
  • a resource is used for organizing and representing information in an M2M communication system and means anything that can be identified by a URI.
  • the resources may be classified into general resources, virtual resources, and announced resources.
  • the definition of each resource is as follows.
  • Virtual Resources are used to trigger specific processing and / or retrieve results, but are not permanently present in the CSE.
  • Announced Resource An announced resource is a resource in a remote CSE that is connected to the original (or notified) source resource. Announced resources retain some of the characteristics of the original resource. Resource announcements facilitate resource searching or discovery. The announced resource in the remote CSE is used to create child resources in the remote CSE that do not exist as children of the original resource or are not known children of the original resource.
  • FIG. 4 illustrates a resource structure present in an M2M application service node and an M2M infrastructure node.
  • the M2M communication system defines various resources (or resources) that can be manipulated to perform M2M services, such as registering applications and reading sensor values.
  • the resource is configured in a tree structure, and logically connected to the CSE or stored in the CSE and stored in an M2M device, an M2M gateway, a network domain, and the like.
  • the CSE may be referred to as an entity that manages resources.
  • the resource has ⁇ cseBase> as a tree root, and a representative resource is as follows.
  • ⁇ cseBase> resource The root resource of the tree-organized M2M resource, including all other resources.
  • ⁇ remoteCSE> Resource: A resource existing under ⁇ cseBase> that contains information of other CSEs registered (connected) to the CSE.
  • ⁇ AE> Resource Resource that exists under ⁇ cseBase> or ⁇ remoteCSE> resource. If it exists under ⁇ cseBase>, information of applications registered (connected) to the relevant CSE is stored.If present under ⁇ remoteCSE> The information of applications registered in another CSE (with a CSE name) is stored.
  • ⁇ accessControlPolicy> resource A resource that stores information related to access rights for a specific resource. Authorization is performed using the access authority information included in this resource.
  • Resource Resource that stores data by CSE or AE.
  • ⁇ group> resource A resource that provides the ability to group multiple resources together and process them together.
  • ⁇ subscription> resource A resource that performs a function of notifying that the status of a resource, etc. is changed through notification.
  • M2M application service nodes eg, M2M devices
  • M2M infrastructure nodes e.g. M2M devices
  • an AE application2 registered in an M2M infrastructure node reads a sensor value of an M2M device
  • the sensor usually refers to a physical device
  • the AE (application1) existing on the M2M device reads the value from the sensor and stores the value read in the form of container resource in the registered CSE (CSE1).
  • CSE1 container resource in the registered CSE
  • the AE existing on the M2M device must be registered in the CSE existing in the M2M device first.
  • M2M application related information registered in the form of cseBaseCSE1 / application1 resource is stored as shown in FIG. 5.
  • the AE registered in the infrastructure node may access the value.
  • the AE registered in the infrastructure node In order to be accessible, the AE registered in the infrastructure node must also be registered in the CSE (CSE2) of the infrastructure node, which is similar to the method in which the application1 registers in the CSE1 for the application2 in the cseBaseCSE2 / application2 resource. By storing the information.
  • application1 communicates with CSE1 and CSE2 in the middle instead of directly with application2. To do this, CSE1 must be registered in CSE2.
  • CSE1 related information (eg, Link) is stored in the ⁇ remoteCSE> resource type under the cseBaseCSE2 resource. That is, ⁇ remoteCSE> provides the CSE type, access address (IP address, etc.), CSE ID, and reachability information for the registered CSE.
  • resource discovery refers to a process of searching for a resource in a remote CSE.
  • Resource search is done through a RETRIEVE request.
  • a request for retrieval includes:
  • filterCriteria This information describes information related to the resource to be retrieved.
  • the receiver searches only those resources that satisfy the filterCriteria among the resources indicated by and its child child resource (s) (up to the leaf of the resource tree) and sends them to the requester of this request.
  • a resource may be represented as a tree structure, and the type of a root resource is represented as ⁇ CSEBase>. Therefore, the ⁇ CSEBase> resource type must be present if there is a common service entity (CSE).
  • CSE common service entity
  • M2M system shows a general communication flow on Mca and Mcc reference points.
  • the operation of the M2M system is performed based on the data exchange. For example, in order for the first device to transmit or perform a command for stopping a specific operation of the second device, the first device must transmit the command to the second device in data form.
  • data can be exchanged in request and response messages on the connection between the application (or CSE) and the CSE.
  • the request message includes the following information.
  • Type of operation to be executed (either Create / Retrieve / Update / Delete / Notify)
  • the ID of the entity to receive the request (ie the ID of the receiver)
  • Request Identifier The ID of the request message (ID used to identify the request message).
  • Group Request Identifier parameter identifier to prevent duplicate group fan-out request messages
  • Content The content of the resource being passed
  • the response message includes the following information. First, if the request message has been successfully processed, the response message
  • Request Identifier The ID of the request message (ID used to identify the request message).
  • Result status code the result of processing the request (for example, Okay, Okay and Done, Okay and in progress)
  • Content The content of the resource being delivered (only results can be delivered)
  • Request Identifier The ID of the request message (ID used to identify the request message).
  • Result status code The result of processing the request and the reason / code for failure (eg Not Okay).
  • Resource Type Short Description Child Resource Types Parent Resource Types AE Stores information about the AE. Registrar Created as a result of successful registration of CSEs and AEs) Stores information about the AE. It is created as a result of successful registration of an AE with the registrar CSE).
  • subscription, container, group, accessControlPolicy, mgmtObj, commCapabilities, pollingChannel remoteCSE, CSEBase cmdhNwAccessRule Defines a rule for the usage of underlying networks. schedulesubscription cmdhNetworkAccessRules CSEBase It is a structural root for all resources on the CSE. The structural root for all the resources that are residing on a CSE.It shall store information about the CSE itself.
  • remoteCSE node, application, container, group, accessControlPolicy, subscription, mgmtObj, mgmtCmd, locationPolicy, statsConfig None group Stores information about resources of the same type that need to be processed into groups. Operations information about resources of the same type that need to be addressed as a Group.Operations addressed to a Group resource shall be executed in a bulk mode for all members belonging to the Group).
  • fanOutPointsubscription Application, remoteCSE, CSEBase locationPolicy Includes information for obtaining and managing geographic locations. Includes information to obtain and manage geographical location.It is only referred from container, the contentInstances of the container provides location information.
  • subscription CSEBase remoteCSE Represents a remote CSE for which there has been a registration procedure with the registrar CSE identified by the CSEBase resource.
  • application, container, group, accessControlPolicy, subscription, mgmtObj, pollingChannel, node CSEBase subscription Represents subscription information related to a resource.
  • Subscription resource represents the subscription information related to a resource. Such a resource shall be a child resource for the subscribe-to resource.
  • Each resource type may be located under a parent resource type of the corresponding resource type and may have a child resource type.
  • Each resource type also has attributes, in which the actual values are stored.
  • Table 2 below defines the attributes of the ⁇ container> resource type.
  • the attribute where the actual values are stored must be set ('1') or optionally set ('0..1') through Multiplicity.
  • the attributes are set as RO (Read Only), RW (Read and Write), and WO (Write Only) according to characteristics at the time of creation.
  • the ⁇ container> resource may have ⁇ container>, ⁇ contentInstance>, and ⁇ subscription> as child resources.
  • resourceType One RO Resource type. It is written once (which cannot be changed after a certain time) and identifies the type of resource. (Resource Type.This Write Once (at creation time then cannot be changed) resourceType attribute identifies the type of resources.Each resource shall have a resourceType attribute.) resourceID One RO This attribute is an identifier for the resource used for the "non-hierarchical URI method" or "ID-based method” case. This attribute is provided by the hosting CSE if the hosting CSE accepts the resource creation procedure.
  • the hosting CSE assigns a unique resource ID (This attribute is an identifier for resource that is used for 'non-hierarchical URI method' or 'IDs based method' cases.This attribute shall be provided by the Hosting CSE when it accepts a resource creation procedure.The Hosting CSE shall assign a resourceID which is unique in the CSE).
  • parentID One RO The system assigns a value to this attribute according to the parameters given in the CREATE request.
  • the parent-child relationship is established by the identifier of the parent of this child resource. This identifier uses a non-hierarchical URI representation.
  • the resource “...” The value of parent ID of AE resource with identifier “myAE1” created under //example.com/oneM2M/myCSE ”is“... ”.
  • // parentID ” the system shall assign the value to this attribute according to the parameters given in the CREATE Request.It establishes the parent-child relationship by identification of the parent of this child resource.
  • Such identifier shall use the non -hierarchical URI representation.
  • an AE resource with the identifier "myAE1" which has been created under the resource "... // example.com / oneM2M / myCSE” the value of the parentID attribute will contain "... // parentID ".) expirationTime One RW Time / date the resource will be cleared by the hosting CSE.
  • This attribute may be provided by the originator, in which case it is considered a hint to the host CSE about the lifetime of the resource.
  • the hosting CSE may however determine the actual expiration time. If the hosting CSE decides to change the expiration time attribute value, it is known to the sender.
  • the lifetime of the resource can be extended by providing a new value for this attribute in an UPDATE operation.
  • the system assigns an appropriate value according to local policy and / or M2M service subscription agreement (Time / date after which the resource will be deleted by the hosting CSE.
  • This attribute can be provided by the Originator, and in such a case it will be regarded as a hint to the hosting CSE on the lifetime of the resource.
  • the hosting CSE can however decide on the real expirationTime.If the hosting CSE decides to change the expirationTime attribute value, this is communicated back to the Originator.
  • the lifetime of the resource can be extended by providing a new value for this attribute in an UPDATE operation.Or by deleting the attribute value, eg by not providing the attribute when doing a full UPDATE, in which case the hosting CSE can decide on a new value.
  • This attribute shall be mandatory. If the Originator does not provide a value in the CREATE operation the system shall assign an appropriat e value depending on its local policies and / or M2M service subscription agreements).
  • accessControlPolicyIDs 0..1 (L) RW This attribute contains a list of identifiers (either IDs or URIs depending on whether a local resource exists) of the ⁇ accessControlPolicy> resource.
  • the permissions defined in the referenced ⁇ accessControlPolicy> resource determine who is allowed to access the resource containing this attribute for a specific purpose (eg, Retrieve, Update, Delete, etc.).
  • the privileges defined in the ⁇ accessControlPolicy> resource that are referenced determine who is allowed to access the resource containing this attribute for a specific purpose (eg Retrieve, Update, Delete, etc.)).
  • This attribute is an optional attribute and, if not present, means that the resource cannot be found through a discovery procedure that uses this attribute as a key parameter of the discovery (Tokens used as keys for discovering resources.This attribute is optional and if not present it means that the resource cannot be found by means of discovery procedure which uses labels as key parameter of the discovery).
  • CreationTime One RO Creation time / date of the resource This attribute is a mandatory attribute for all resources and the value is assigned by the system when the resource is created locally. (Time / date of creation of the resource.This attribute is mandatory for all resources and the value is assigned by the system at the time when the resource is locally created.
  • the stateTag attribute of the parent resource should be incremented first and copied into this stateTag attribute when a new instance is added to the parent resource).
  • announceTo 0..1 RW This attribute may be included in the create or update request if the create or update request includes a list of URIs / CSE-IDs to which the generated / updated resource is announced. This attribute is present only for the original resource if the original resource is successfully announced to other CSEs. This attribute maintains a list of URIs to successfully announced resources.
  • Updates to this attribute will trigger a new resource announcement or release of an announcement (which attribute may be included in a CREATE or UPDATE Request in which case it contains a list of URIs / CSE-IDs which the resource being created / updated shall be announced to.
  • This attribute shall only be present on the original resource if it has been successfully announced to other CSEs.
  • This attribute maintains the list of URIs to the successfully announced resources.Updates on this attribute will trigger new resource announcement or de-announcement).
  • announcedAttribute 0..1 RW This attribute is present only for the original resource if some optional announced type attributes are announced to other CSEs. This attribute maintains a list of optional attributes (OA type attributes) advertised in the original resource.
  • maxInstanceAge 0..1 RW Maximum age of an instance of ⁇ containerInstance> resources in a ⁇ container>. Maximum age of the instances of ⁇ contentInstance> resources within the ⁇ container> .The value is expressed in seconds.
  • currentNrOfInstances One RO ⁇ container> Number of instances currently in the resource. (Current number of instances in a ⁇ container> resource.It is limited by the maxNrOfInstances).
  • An access control policy is defined as a "white list” or privileges, and each privilege defines “allowed” entities for specific access modes.
  • Sets of privileges are handled such that the privileges for a privilege group are sums of individual privileges, ie the action is allowed if allowed by some / any of the privileges in the set.
  • the selfPrivilege attribute lists the entities that have the right to read / update / delete for the resource ⁇ accessControlPolicy> itself.
  • all privileges defined in the access control policy also relate to location, time window and IP address.
  • the permissions for accessing that resource are defined by the permissions defined in the ⁇ accessControlPolicy> resource.
  • FIG. 7 shows the structure of a ⁇ accessControlPolicy> resource.
  • the following table shows the attributes of the ⁇ accessControlPolicy> resource.
  • URI link
  • This attribute shall be present only on the announced resource.This attribute shall provide the link (URI) to the original resource.This is only for ⁇ accessControlPolicyAnnc>.) announceTo One RW See Table 2 announcedAttribute One RW This attribute is present on the original resource when some OA type attributes are announced to other CSEs. This attribute maintains a list of OA type attributes that are known from the original resource. An update to this attribute will trigger a new attribute announcement if a new attribute is added, de-announced or an existing attribute is removed.
  • Privileges may be generalized to actions (which may be to grant access, but more specifically, to grant access to a subset, ie, to filter a portion of data). Privileges may be generalized to conditions, which may include the identifier of the requestor (sender, requestor), all but the specified identifier, but may also include time-based conditions.
  • An access authorization mechanism based on an access control policy works by matching the sender's and sender's privileges stored in the ⁇ accessControlPolicy> resource. If a positive match is found, the requested action (eg, RETRIEVE) is checked using the set of allowed actions associated with the matching rights holder; If this check fails, the request is rejected. This set is referred to as a permission flag.
  • RETRIEVE RETRIEVE
  • Self-privileges and privileges are a list of sender privileges associated with the permission flags that apply to the ⁇ accessControlPolicy> resource itself and all other resource types addressing the ⁇ accessControlPolicy> resource and the accessControlPolicyIDs common attribute, respectively.
  • All privileges defined in the access control policy are also associated with the location, time window and IP address before granting access.
  • Self-rights and each right in the rights may also consist of one role.
  • This role is identified by the role name and the URL addressing the M2M service subscription resource in which the role is defined. If the sender represents itself with a particular role, the access control policy operates by matching the requesting sender with lists belonging to the specific role specified in the M2M service subscription resource.
  • Each right in the rights and self rights lists consists of the following elements.
  • the originatorPrivileges includes information as shown in the following table.
  • Name Description Context Defines the context in which every privileges of the present access control policy resource applies, eg time windows, location, IP address.
  • the operationFlags of Table 4 include the same information as the following table.
  • access control policy resources are stored separately from resources to which the access control policy is applied.
  • the resource to which the access control policy is applied has only the accessControlPolicyIDs (URIs of the access control policy resource) of the access control policy resource. Therefore, M2M entities should refer to accessControlPolicyIDs to determine the access control policies for a particular resource.
  • M2M entities are ready to use the system / service by performing a registration process with entities around them, whether in the field domain or the infrastructure domain. Such registration is performed at the request of the Registree, and as a result, the information of the Registrant is generally stored in the Registrar.
  • the oneM2M entity may use the M2M service using the common functions provided by the CSE as shown in FIG. 3.
  • the oneM2M entity has an AE and a CSE. Accordingly, the registration process can be divided into an AE registration and a CSE registration.
  • both the AE and the CSE mean a registration target and the registrar is a CSE.
  • the information on the registrant CSE is also stored in the target CSE.
  • FIG. 8 shows an AE registration process and a CSE registration process.
  • FIG. 8A illustrates an AE registration process, in which AE1 to register requests ⁇ AE> generation to CSE1, who is in charge of registration (S81-1), whereby CSE1 uses ⁇ AE> by using the information of AE1.
  • a resource may be generated (S82-2). Then, the CSE1 may transmit a response including the result of the registration process to the AE1 (S83-2).
  • FIG. 8 (b) shows the CSE registration process.
  • FIG. 8 (b) shows that if the subject to be registered is CSE1 and the registrar is CSE2 and CSE2 transmits the result of the registration request of CSE1 (S83-2), CSE1 uses the information of CSE2 to ⁇ remoteCSE> resource. It is the same as (a) of FIG. 8 except for generating (S84-2).
  • Resources that exist in a particular CSE may be annotated to other CSEs to inform other CSEs of their existence and all or part of their contents.
  • a resource announcement can be thought of as an act of making a copy of the original resource, where some attributes of the original resource are copied as mandatory, and some attributes are selectively copied depending on the configuration for the resource announcement. do.
  • a resource created / modified through a resource announcement is called an announced resource, and the resource type of the announced resource varies depending on which resource is announced.
  • the AE resource type is an AE announced resource type
  • the container resource type is a container announced resource type.
  • Announced resources include attributes copied from the original resource, but also include attributes that have their own values.
  • Resource discovery can make resource discovery easier. For example, if a specific AE (Application Entity) executes a resource search on CSE1, and some resources of CSE2 are resource announcements on CSE1, AE can also search for resource information on CSE2 through resource search on CSE1. do.
  • AE Application
  • a resource may be announced to one or several CSEs to inform the remote CSE of the existence of the original resource.
  • the announced resource may have some attributes and child resources of the original resource on a limited basis.
  • the announced resource has a link to the original resource on the CSE that holds the original resource (that is, the original resource owning CSE).
  • Synchronization of the attribute values of the original resource with the known resource is the responsibility of the CSE holding the original resource. If the original resource is deleted, the announced resource is also deleted.
  • the links to the access control policy resource ('accessControlPolicyIDs') attribute, which points to the information used to access control of the announced resource, are synchronized with the links attribute of the access control policy resource of the original resource. If the source resource does not have a value of the 'accessControlPolicyIDs' attribute, the original resource owning CSE selects 'accessControlPolicyIDs' corresponding to the access control information (s) applied to the original resource.
  • the original resource must have a value in the minimum 'annouceTo' attribute, if there is an announced resource for the original resource.
  • the attributes of an announced resource include mandatory announced attributes and optional annouced attributes that are essentially copied from the original resource. If you want to copy it, the 'announcedAttribute' attribute must have a value.
  • the AE or other CSE may request that the original resource owning CSE announce the original resource to the CSE or address specified in the 'announceTo' attribute. Modifying the 'announceTo' attribute causes the new resource to announce or de-announce the deleted resource. After a successful announcement procedure, the 'announceTo' attribute has only the addresses of the announced resource.
  • the name of the attribute you want to announce must be present in the 'announcedAttribute' attribute of the original resource. If the attribute name that you want to announce is specified in the 'announcedAttribute' attribute, the attribute is announced to the announced resource. Upon successful announcement, the attributes specified in the 'announcedAttribute' attribute are created in the announced resource, otherwise the attributes specified in the 'announcedAttribute' attribute do not exist in the announced resource. Changing the 'announcedAttribute' attribute causes the announcement of the new attribute or the announcement of the announced attribute. Synchronization of attributes specified in 'announcedAttribute' is performed by the original resource owning CSE.
  • the announced resource can have child resources, which are the same as the child resource type that the original resource can have or are the known type of the child resource type. Also, the announcement of the child resources of the original resource can be made independently.
  • the 'accessControlPolicyIDs' attribute of the original resource is copied to the announced resource.
  • the announced resource-owning CSE is responsible for making access control decisions. You want to obtain an access control policy resource that corresponds to links stored in the 'accessControlPolicyIDs' attribute of an announced resource, and the resource pointed to by each link may not exist in the hosted resource CSE. .
  • the announced resource owning CSE may send a RETRIEVE request for an access control policy resource corresponding to each link to the CSE owning the access control policy resource.
  • the number of RETRIEVE requests is generated by the number of links stored in the 'accessControlPolicyIDs' attribute of the announced resource that are not present in the announced resource owning CSE, thereby increasing the network load.
  • the response time for the allocated resource may be slow. Therefore, when announcing a specific resource, an approach of announcing an access control policy resource itself is also proposed.
  • announce has the same meaning as making a request to create or update an announced resource to an announced resource owning CSE.
  • announced resource owning CSE and “announced access control policy resource resource owning CSE” mean that the CSE already owns the announced resource / access control policy resource, depending on the context. Rather, it may mean a CSE that will own a resource to be created or updated by the announce resource generation or update request described in the embodiments of the present specification.
  • FIG. 10 illustrates a procedure for announcing a resource control policy resource of an original resource according to an embodiment of the present invention.
  • Access control policy information is announced to the owned resource-owning CSE (ie this results in an announced access control policy resource), and the access control policy link (s) (eg, accessControlPolicyIDs) value is It can point to a known access control policy resource.
  • the access control policy link (s) eg, accessControlPolicyIDs
  • the reason why the access control operation is possible even if the link value for the announced resource is not performed without the link value for the original resource is due to the characteristics of the announced access control policy resource. This is because the information (eg privileges, selfPrivi privileges) must be necessarily reported to all the announced resources.
  • the sender 1010 may transmit a request to create or update a resource to the original resource owning CSE 1020 (S1010).
  • the original resource owning CSE may determine whether an announcement is needed for the resource to be created or updated (S1020). For example, whether or not the announcement is necessary may include where the announcement of the resource to be created or updated should be made (ie, where the resource to be announced is to be generated or updated) included in the request for generation or update. Whether an attribute value exists in an attribute that indicates whether it should be updated (e.g., the 'announceTo' attribute) and / or an attribute value that specifies an attribute that requires an announcement (e.g., the 'announcedAttribute' attribute) is generated or It can be determined according to whether or not to be updated. S1020 assumes that the execution approval is completed for the request for generation or update (for example, a state determined to be accessible in access control).
  • the original resource owning CSE If it is determined in S1020 that the announcement is not necessary, the original resource owning CSE generates or updates a resource according to the request for creation or update, and sends a response to the request for generation or update. It may be transmitted to (S1021).
  • the original resource owning CSE is a resource storing an access control policy link (s) (access control policy to be used when performing access control of the original resource to be created or updated) when performing an announcement procedure of the original resource. It is possible to determine whether to announce up to an address value indicating, for example, an 'accessControlPolicyIDs' attribute (S1030).
  • the access control policy link (s) value is always announced, or only if it is set, or if the access control policy link (s) is set for the resource to be created or updated, Or it may only be announced in the specific case described below (the embodiment shown in FIG. 15). If it is already announced, it is not necessary to announce it.
  • the original resource owning CSE may indicate an attribute (eg, an 'announceTo' attribute) indicating where the announcement of the resource to be created or updated should be performed.
  • an attribute eg, an 'announceTo' attribute
  • a request for creating or updating an original resource including attributes to be announced at a location indicated by may be transmitted to the announced resource owning CSE 1030.
  • some attributes of the original resource must always be announced, and some attributes must only be announced when they are specified (eg when specified in the 'announcedAttribute' attribute).
  • the location where the announcement is to be performed may indicate the announced resource owning CSE or may be an address of a resource stored by the announced resource owning CSE.
  • the original resource owning CSE may check whether a condition of a filter to be described later is satisfied (S1040).
  • the condition of the filter is used to determine whether the access control policy resource (s) indicated by the access control policy link (s) value should be announced.
  • the condition of the filter may include at least one of the following.
  • the need for the announcement of the access control policy resource may be determined depending on whether the original resource owning CSE is always accessible or the environment in which it is always accessible is unchanged. For example, it is possible to specify when access can be made through a ⁇ schedule> resource which is a child resource of a ⁇ CSEBase> resource of the original resource owning CSE. If the ⁇ schedule> resource is created, it may not always be accessible. . Whether the original resource owning CSE belongs to the property (battery, mobility, etc.) of the device can always be determined. Thus, if the original resource owning CSE is always accessible or such environment does not change, then the announcement of the access control policy resource is unnecessary; Otherwise an announcement of the access control policy resource is needed.
  • information about whether to announce the access control policy resource may be explicitly provided.
  • Information about whether to announce the access control policy resource may be preset in a resource (or an attribute of a resource) of the original resource owning CSE, or may be stored in a specific location.
  • the original resource owning CSE may determine whether to announce an access control policy resource by acquiring the information.
  • the original resource owning CSE may obtain and store the information and then cache it and continue to use it later.
  • information on whether or not the access control policy resource should be announced may be stored in a specific resource (or resource attribute) of the owned access control policy resource CSE. If the information on whether or not to announce the access control policy resource is immutable, the original resource owning CSE may obtain and store the information and then cache it and continue to use it later.
  • the original resource owning CSE may perform the same operation as that of S1031 (S1041).
  • the original resource owning CSE may check whether the processing of announcements for all access control policy link (s) of the original resource is completed (S1050). If processing of all access control policy link (s) is completed, proceed to S1090; Otherwise, the process proceeds to S1060 to perform processing for unprocessed access control policy link (s).
  • the original resource owning CSE may check whether the corresponding access control policy link points to a resource stored in the original resource owning CSE (S1060). If the access control policy link does not point to a resource stored in the original resource owning CSE, the flow returns to S1050.
  • the access control policy link points to a resource stored in the original resource owning CSE
  • the resource indicated by the access control policy link i.e., the corresponding access control policy resource
  • the announcement may be checked whether or not the announcement is performed (S1070). There are various ways to confirm this, for example, may be performed through resource discovery for the access control policy resource owning CSE 1040 announced by the access control policy link value. Alternatively, it may be determined whether there is a value indicating a corresponding CSE of the owned access control policy resource among values of the 'announceTo' attribute which is a lower attribute of the resource indicated by the access control policy link.
  • the access control policy resource owning CSE and the address of the resource to which the access control policy resource is announced are preset in the original resource owning CSE or stored at a specific address. Assume that the original resource owning CSE can be verified.
  • the announced access control policy resource owning CSE and the announced resource owning CSE may be the same CSE or may be different CSEs.
  • the access control policy resource owning CSE may be a CSE (eg, IN-CSE) that is always accessible.
  • the original resource owning CSE sends the access control policy resource owning CSE 1040 to the access control policy.
  • a request for generating an announced access control policy resource indicated by the link may be transmitted. If the creation request is successfully performed, the original resource owning CSE may receive information of the announced access control policy resource from the announced access control policy resource owning CSE as a response (S1072).
  • the resource indicated by the access control policy link i.e., the corresponding access control policy resource
  • the original resource owning CSE is notified.
  • the value of the corresponding access control policy link among the access control policy link (s) of the announced resource to be included in the request for generating or updating the original resource to be transmitted to the resource owning CSE ie, the request to be transmitted in S1090).
  • the access control policy link value obtained through the resource search or received as the response may be updated (S1080).
  • the original resource owning CSE is performed where the announcement of the resource to be created or updated is performed. Owning a request for the creation or update of an announced resource of the original resource, including attributes that must be announced at a location indicated by an attribute indicating (eg, the 'announceTo' attribute of the request)
  • the CSE 1030 may be transmitted (S1090).
  • the original resource owning CSE may receive a response to the request for generation or update of the announced resource of the original resource from the announced resource owning CSE (S1091).
  • the original resource owning CSE may update attribute values (eg, 'announceTo', 'announcedAttribute') of the original resource based on the response received in S1091, and transmit the result to the sender (S1092).
  • S1050 to S1091 are attributes indicating where the announcement of the original resource should be performed (i.e., where the announced resource should be created or updated) or whether an attribute has already been performed (e.g., the request's It can be repeated as many as ID / URI specified in 'announcedTo' property).
  • the announced access control policy resource owning CSE and the announced resource owning CSE may be the same CSE or different CSEs.
  • the 'accessControlPolicyIDs' attribute of the original resource is copied to the announced resource.
  • the announced resource-owning CSE is responsible for making access control decisions.
  • An access control policy resource corresponding to links stored in the 'accessControlPolicyIDs' attribute of an announced resource is obtained, and a resource pointed to by each link may not exist in the announced resource owning CSE.
  • the announced resource owning CSE may send a RETRIEVE request for an access control policy resource corresponding to each link to the CSE owning the access control policy resource.
  • the CSE that owns the access control policy resource may not always be accessible, which causes the RETRIEVE request to not be obtained so that access control policy information cannot be obtained and the announced resource owning CSE may make an access control decision. No situation can arise. Therefore, when creating an access control policy resource, an approach is proposed to make the access control policy resource always accessible by announcing the access control policy resource to an entity that is always accessible.
  • FIG. 11 illustrates a procedure for announce an access control policy resource according to another embodiment of the present invention.
  • the access control policy resource when creating an access control policy resource, it should announce to the always accessible CSE and, if necessary, direct the access control policy link (s) value to indicate the announced access control policy resource owning CSE. Can be.
  • the reason why the access control operation is possible even if the link value for the announced resource is not performed without the link value for the original resource is due to the characteristics of the announced access control policy resource. This is because the information (eg privileges, selfPrivileges) must be necessarily reported to all the announced resources.
  • the access control policy resource generator 1110 may be an AE or a CSE as a subject for generating an access control policy resource.
  • the access control policy resource owning CSE 1120 is a CSE having an access control policy resource
  • the announced access control policy resource owning CSE 1130 is a CSE having an announced access control policy resource.
  • the access control policy resource generator 1110 may transmit a request for generating an access control policy to the access control policy resource possessing CSE 1120 (S1101).
  • the access control policy resource owning CSE may be used only to determine access control for resources stored in the access control policy resource owning CSE (ie, local use), or other than the owning CSE of the access control policy resource. It may be determined whether it can also be used to determine access control for resources stored in other CSEs (ie, wide area use) (S1102).
  • This determination may be set as an attribute of the created or generated access control policy resource, and a default value may be used if it is not set or there is no such attribute.
  • the access control policy resource owning CSE may perform the generation request and transmit the result to the access control policy resource producer (S1102-1).
  • the access control policy resource to be created corresponds to wide area use
  • the access control policy resource needs to be announced to another entity that is always accessible. Therefore, the CSE owning the access control policy resource may check whether the condition of the filter described above is satisfied (S1103).
  • the access control policy resource owning CSE may perform the generation request and transmit the result to the access control policy resource generator (S1103-1).
  • the access control policy resource owning CSE sends a request to announce (or announce) the access control policy resource possessing CSE 1130 to announce the access control policy resource. Can be transmitted (S1104).
  • an announce occurs when an 'announceTo' attribute is specified in S1101 that specifies where to announce.
  • an announce may be performed as long as the condition of the filter is satisfied.
  • the announced access control policy resource owning CSE and the address of the resource that should announce the access control policy resource are preset in the access control policy resource owning CSE or stored at a specific address to store the access control policy resource owning CSE. Can be obtained.
  • the access control policy resource owning CSE may receive a response to the announce request from the announced access control policy resource owning CSE (S1105).
  • the access control policy resource owning CSE may transmit a response to the creation request to the access control policy resource producer (S1106).
  • FIG. 12-14 illustrate a procedure by which a particular entity (AE or CSE) accesses a resource comprising as an access control policy link (s) an identifier (or address) of an access control policy resource created according to FIG. That is, a procedure for accessing the resource will be described when the access control policy link (s) of the resource includes the identifier (or address) of the generated access control policy resource.
  • AE or CSE access control policy link
  • FIG 12 illustrates an access procedure when the resource is present in the access control policy resource owning CSE according to an embodiment of the present invention.
  • the specific entity (ie, originator) 1220 may transmit an access request to the resource to the access control policy resource owning CSE 1210 (S1207).
  • the access control policy resource owning CSE may perform an access control decision using the generated access control policy resource (S1208).
  • the access control policy resource owned CSE may transmit a response to the access request to the sender (S1209).
  • FIG 13 illustrates an access procedure when the resource is present in the announced access control policy resource owning CSE according to an embodiment of the present invention.
  • the specific entity (ie, originator) 1320 may transmit a request for access to the resource to the announced access control policy resource owning CSE 1310 (S1307).
  • the announced access control policy resource owning CSE finds the announced access control policy resource from the CSE internal resource using an identifier / address included in accessControlPolicyIDs, and accesses using the announced access control policy resource. Control may be performed (S1308).
  • the announced access control policy resource owning CSE can find the announced access control policy resource through the name and value of a specific attribute of the resource. In the case of the announced resource, the specific attribute (eg, a link)
  • the specific attribute contains the identifier of the original resource.
  • the announced access control policy resource owning CSE can use the specific attribute to find the announced access control policy resource corresponding to the identifiers / addresses included in accessControlPolicyIDs.
  • the announced access control policy resource owning CSE may transmit a response to the access request to the sender (S1309).
  • FIG. 14 illustrates an access procedure when the resource is present in a third CSE according to an embodiment of the present invention.
  • the specific entity ie, originator 1430
  • the third CSE checks an identifier / address included in the accessControlPolicyIDs of the resource to make an access control decision, when the access control policy resource of the resource exists in an entity other than the third CSE.
  • the discovery request for discovering the known access control policy resource corresponding to the identifier / address may be transmitted to the accessed access policy resource possessing CSE 1410 (S1408).
  • the third CSE may find the announced access control policy resource by using the name and value of a specific attribute of the resource.
  • the third CSE has a specific attribute (eg, a link) and the specific attribute. Contains the identifier of the original resource. Accordingly, the third CSE may perform a search request using the specific attribute.
  • the third CSE may receive a response to the discover request from the announced access control policy resource owning CSE (S1409).
  • the third CSE may send a RETRIEVE request for the announced access control policy resource including the resource identifier or address included in the response to the discovery request to the announced access control policy resource owning CSE. (S1410).
  • the third CSE may receive a response to the RETRIEVE request from the announced access control policy resource owning CSE (S1411).
  • the third CSE may perform access control on the access request through the information of the announced access control policy resource included in the response to the received RETRIVE request (S1412).
  • the third CSE may transmit a response to the access request to the sender (S1413).
  • the third CSE knows an identifier / address for the announced access control policy resource, or a filter is applied to the RETRIEVE request of S1410 to search for the resource together with the search.
  • the searching processes S1408 and S1409 may be omitted.
  • the access control policy resource when an access control policy resource is announced when generating an access control policy resource, the access control policy resource (whether the original resource or the announced resource) is always accessible. Control can be performed.
  • the 'accessControlPolicyIDs' attribute of the original resource is not specified, it is announced by setting the appropriate 'accessControlPolicyIDs' to the value of the 'accessControlPolicyIDs' of the announced resource.
  • the announced resource may be generated by being announced differently from the structure of the original resource. Due to this freedom, the announced resource is always included including 'accessControlPolicyIDs'. However, for this reason, overhead occurs, that is, when 'accessControlPolicyIDs' is changed, this may affect the child children resources.
  • 'accessControlPolicyIDs' may be set as shown in FIG. 9 (b). .
  • the announced resource structure is the announced resource 4 and its child resources as shown in FIG. 9 (d).
  • Changed resource 5 also affects changes to 'accessControlPolicyIDs'. That is, the 'accessControlPolicyIDs' of the announced resource 5 must also be updated.
  • 15 illustrates a method of announcement of an access control policy link for a resource to be announced according to another embodiment of the present invention.
  • the resource to be announced when establishing an access control policy link (s) of a resource announced when performing a resource announcement, the resource to be announced is the same structure as the resource tree of the original resource owning CSE. If the parent resource and the access control policy link (s) have the same value, do not announce (or copy, create) the access control policy link (s) value of the corresponding resource to be announced. That is, the embodiment according to FIG. 15 may be performed as one of several embodiments of S1030 of FIG. 10 described above.
  • the procedure shown in FIG. 15 is performed for each of the values of the attribute indicating where the resource announcement should be performed (announceTo, ie where the announced resource should be created or updated).
  • the CSE owns a resource whose original parent resource (that is, the original direct parent resource) of the original resource has already been announced when a request for creation or update of the original resource requires an announcement of the original resource. It may be checked whether the announcement is made to the CSE (S1510). This means that the CSE information corresponding to the 'annonunceTo' value included in the creation or update request or the preset announce CSE (ie, the announced resource owning CSE) in the 'announceTo' attribute values of the original immediate parent resource. This can be done by checking whether information is included.
  • the original resource owning CSE may determine that it is necessary to announce the access control policy link (s) value of the original resource (S1550).
  • the original resource owning CSE corresponds to the 'annonunceTo' value included in the creation or update request among the values included in the 'announceTo' attribute of the original direct parent resource.
  • the parent-child relationship has one level difference based on "/", and the parts other than the difference are the same.
  • / CSE2 / cb-1 / cnt-1 and / CSE2 / cb-1 / cnt-1 / cin-1 have parent-child relationships as parents and children.
  • the original resource owning CSE announces the access control policy link (s) value of the announced resource. It may be determined that it is necessary to do (S1550).
  • the original resource owning CSE may check whether the access control policy link (s) applied to the two resources are the same. There is (S1530).
  • the original resource owning CSE may determine that it needs to announce the access control policy link (s) value of the resource to be announced. It may be (S1550).
  • the original resource owning CSE may determine that there is no need to announce the access control policy link (s) (S1540).
  • 16 illustrates a method for deleting an access control policy link for an announce resource according to another embodiment of the present invention.
  • the announced resource owning CSE may receive a resource generation or update request to be announced from the original resource owning CSE (S1610).
  • the announced resource owning CSE may check whether a parent resource (that is, an announced parent resource) of the resource to be announced or created is an announced resource type (S1620).
  • the announced resource owning CSE may generate or update the announced resource (S1660).
  • the announced resource owning CSE includes a link value indicating a source resource of the announced parent resource and included in the create or update request. It is possible to check whether the link values of the resource to be announced are in a parent-child relationship with each other (S1630).
  • the link value indicating the original resource of the announced parent resource is the parent, and the link value of the announced resource to be created or updated must be a child.
  • the parent-child relationship has one level difference based on "/", and the parts other than the difference are the same.
  • / CSE2 / cb-1 / cnt-1 and / CSE2 / cb-1 / cnt-1 / cin-1 have parent-child relationships as parents and children.
  • the announced resource owning CSE may generate or update the announced resource (S1660).
  • the announced resource owning CSE determines whether the announced parent resource and the resource to be announced have the same access control policy link (s) value. It can be confirmed (S1640).
  • the announced resource owning CSE may create or update the announced resource. (S1660).
  • the announced resource owning CSE accesses the resource to be announced in the create or update request.
  • the control policy link (s) may be deleted (S1650). Then, the announced resource owning CSE may generate or update the announced resource (S1660). That is, the announced resource can be created or updated without the access control policy link (s).
  • FIG. 17 shows a block diagram of an apparatus configured to perform embodiment (s) of the present invention.
  • the transmitter 10 and the receiver 20 are associated with transmitters / receivers 13 and 23 capable of transmitting or receiving radio signals carrying information and / or data, signals, messages, etc.
  • Memory 12, 22 for storing a variety of information, the transmitter / receiver 13, 23 and the memory 12, 22 and the like is operatively connected to the components, and control the components to the device described above
  • the memories 12 and 22 may store a program for processing and controlling the processors 11 and 21, and may temporarily store input / output information.
  • the memories 12 and 22 may be utilized as buffers.
  • the processors 11 and 21 typically control the overall operation of the various modules in the transmitter or receiver. In particular, the processors 11 and 21 may perform various control functions for carrying out the present invention.
  • the processors 11 and 21 may also be called controllers, microcontrollers, microprocessors, microcomputers, or the like.
  • the processors 11 and 21 may be implemented by hardware or firmware, software, or a combination thereof.
  • application specific integrated circuits ASICs
  • DSPs digital signal processors
  • DSPDs digital signal processing devices
  • PLDs programmable logic devices
  • FPGAs field programmable gate arrays
  • the firmware or software when implementing the present invention using firmware or software, may be configured to include a module, a procedure, or a function for performing the functions or operations of the present invention, and configured to perform the present invention.
  • the firmware or software may be provided in the processors 11 and 21 or stored in the memory 12 and 22 to be driven by the processors 11 and 21.
  • each AE, CSE, sender, subscriber or entity may operate as the devices on which they are installed or mounted, that is, the transmitting device 10 or the receiving device 20. .
  • each AE, CSE, sender, subscriber or entity such as a receiver or a transmitter
  • the specific configuration of each AE, CSE, sender, subscriber or entity may be independently applied or two or more implementations described in various embodiments of the present invention described above with reference to the accompanying drawings.
  • the example can be implemented to be applied at the same time.
  • the present invention can be used in a terminal, base station, server or other equipment of a wireless mobile communication system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé d'annonce d'une ressource de politique de contrôle d'accès pour une ressource annoncée dans un système de communication sans fil. Le procédé selon un mode de réalisation de la présente invention est exécuté par un appareil de réception, et comprend les étapes consistant à : recevoir, d'un appareil émetteur, une demande de génération ou de renouvellement d'une ressource annoncée d'une ressource originale que l'appareil de réception a en mémoire ; déterminer si une ressource de politique de contrôle d'accès pour la ressource annoncée doit être annoncée ; si la ressource de politique de contrôle d'accès doit être annoncée, vérifier alors si une condition d'annonce de la ressource de politique de contrôle d'accès est satisfaite ; si la condition est satisfaite, transmettre alors, à un troisième appareil, une demande de génération de ressources annoncées de ressource(s) de politique de contrôle d'accès que l'appareil de réception a en mémoire, parmi l'ensemble des valeurs de liaison de ressources de politique de contrôle d'accès des ressources annoncées ; et si les ressources annoncées de ressource(s) de politique de contrôle d'accès sont générées avec succès, transmettre alors, à un appareil cible, une demande de génération ou de renouvellement des ressources annoncées, la demande transmise à l'appareil cible pouvant contenir des adresses des ressources annoncées des ressources de politique de contrôle d'accès en tant que valeurs de liaison de politique de contrôle d'accès.
PCT/KR2016/007166 2016-03-07 2016-07-04 Procédé d'annonce de ressource de politique de contrôle d'accès et appareil associé dans un système de communication sans fil Ceased WO2017155162A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201662304891P 2016-03-07 2016-03-07
US62/304,891 2016-03-07

Publications (1)

Publication Number Publication Date
WO2017155162A1 true WO2017155162A1 (fr) 2017-09-14

Family

ID=59790454

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2016/007166 Ceased WO2017155162A1 (fr) 2016-03-07 2016-07-04 Procédé d'annonce de ressource de politique de contrôle d'accès et appareil associé dans un système de communication sans fil

Country Status (1)

Country Link
WO (1) WO2017155162A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110858833A (zh) * 2018-08-22 2020-03-03 京东方科技集团股份有限公司 访问控制策略配置方法、装置和系统以及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130336222A1 (en) * 2010-11-19 2013-12-19 Interdigital Patent Holdings, Inc. Machine-To-Machine (M2M) Interface Procedures For Announce and De-Announce of Resources
KR20140099663A (ko) * 2013-02-04 2014-08-13 주식회사 케이티 M2m 네트워크의 리소스 관리 방법 및 리소스 관리 장치
WO2014185754A1 (fr) * 2013-05-16 2014-11-20 엘지전자 주식회사 Procédé d'abonnement et de notification dans un système de communications m2m et appareil associé
WO2015046960A1 (fr) * 2013-09-27 2015-04-02 엘지전자 주식회사 Procédé de délivrance d'un message de notification dans un système m2m et dispositifs associés
WO2015143086A1 (fr) * 2014-03-18 2015-09-24 Zte Corporation Gestion de ressources et d'attributs dans des réseaux machine-machine

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130336222A1 (en) * 2010-11-19 2013-12-19 Interdigital Patent Holdings, Inc. Machine-To-Machine (M2M) Interface Procedures For Announce and De-Announce of Resources
KR20140099663A (ko) * 2013-02-04 2014-08-13 주식회사 케이티 M2m 네트워크의 리소스 관리 방법 및 리소스 관리 장치
WO2014185754A1 (fr) * 2013-05-16 2014-11-20 엘지전자 주식회사 Procédé d'abonnement et de notification dans un système de communications m2m et appareil associé
WO2015046960A1 (fr) * 2013-09-27 2015-04-02 엘지전자 주식회사 Procédé de délivrance d'un message de notification dans un système m2m et dispositifs associés
WO2015143086A1 (fr) * 2014-03-18 2015-09-24 Zte Corporation Gestion de ressources et d'attributs dans des réseaux machine-machine

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110858833A (zh) * 2018-08-22 2020-03-03 京东方科技集团股份有限公司 访问控制策略配置方法、装置和系统以及存储介质
US11902279B2 (en) 2018-08-22 2024-02-13 Boe Technology Group Co., Ltd. Method, apparatus, system and storage medium for access control policy configuration

Similar Documents

Publication Publication Date Title
WO2016195199A1 (fr) Procédé de traitement de requête par un canal d'interrogation dans un système de communication sans fil et appareil associé
WO2016126021A1 (fr) Procédé et appareil de traitement de requête pour l'arrêt de réception de notification dans un système de communication sans fil
WO2019199028A1 (fr) Procédé et dispositif utilisant un découpage de réseau dans un système de communication mobile
WO2016064235A2 (fr) Procédé de gestion d'une ressource enfant d'un membre d'un groupe dans un système de communication sans fil, et dispositif associé
WO2022146014A1 (fr) Procédé et système autorisant un service akma dans un scénario d'itinérance
WO2014185754A1 (fr) Procédé d'abonnement et de notification dans un système de communications m2m et appareil associé
WO2016068548A1 (fr) Procédé de traitement d'un message de notification dans un système de communication sans fil et appareil associé
WO2020091310A1 (fr) Procédé et appareil de gestion de faisceaux de plateforme sécurisée intelligente
WO2020231120A1 (fr) Procédé et dispositif de gestion d'identifiant d'équipement utilisateur dans un service informatique périphérique
WO2021091232A1 (fr) Dispositif et procédé de fourniture d'informations de serveur d'application dans un système de communication mobile
WO2016024695A1 (fr) Procédé et appareil de téléchargement de profil de dispositifs de groupe
WO2015069038A1 (fr) Procédé d'abonnement et de notification dans un système de communication m2m et dispositif associé
WO2021167277A1 (fr) Dispositif et procédé pour fournir un service selon un type de réseau de communication sans fil dans un système informatique périphérique
WO2014200292A1 (fr) Procédé permettant de mesurer une position dans un système m2m et appareil associé
WO2015046960A1 (fr) Procédé de délivrance d'un message de notification dans un système m2m et dispositifs associés
WO2016013846A1 (fr) Procédé de traitement de message de demande dans un système de communications sans fil, et appareil associé
WO2017073876A1 (fr) Procédé pour traiter une requête de service dans un système de communication sans fil et appareil associé
WO2014030893A1 (fr) Procédé de gestion de profil par module d'authentification d'abonné intégré dans un dispositif terminal, et dispositif d'authentification d'abonné l'utilisant
WO2020111759A1 (fr) Procédé et appareil de gestion de ressources et d'exécution d'un délestage de ressources dans un système m2m
WO2014077544A1 (fr) Procédé de configuration d'un profil de module d'authentification de souscripteur intégré et installé dans un dispositif de terminal, et appareil l'utilisant
WO2017082506A1 (fr) Procédé de traitement d'une demande d'arrêt de réception de notification dans un système de communication sans fil, et dispositif associé
WO2020111761A1 (fr) Procédé et dispositif de transmission répétée de message dans un système m2m
WO2017155162A1 (fr) Procédé d'annonce de ressource de politique de contrôle d'accès et appareil associé dans un système de communication sans fil
WO2022045869A1 (fr) Appareil et procédé de gestion d'événements dans un système de communication
WO2017014381A1 (fr) Procédé de maintien de synchronisation de ressources dans un système de communication sans fil, et appareil associé

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16893677

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 16893677

Country of ref document: EP

Kind code of ref document: A1