Machine-to-machine (M2M) communication refers to the exchange of information between devices substantially without the need for human intervention. Such communication may be facilitated by the data services offered by existing mobile communication networks. By way of an example, a domestic electricity meter may be coupled to a mobile device (with SIM card installed) in order to periodically send electricity meter readings to a central server of an electricity supply company, via a mobile communication network to which the mobile device has access.
The Third Generation Partnership Project (3GPP) is working towards defining an architecture for such machine-to-machine communications; under 3GPP machine-to-machine communication is referred to as Machine Type Communication (MTC). The 3GPP security Working Group WG SA3 is working specifically on security aspects of MTC.
The endpoints of security and corresponding security mechanisms are illustrated in FIG. 1 of the accompanying drawings. A UE 10 is in communication with an MTC Server 20 and MTC Application 30 via a 3GPP network 40. A UE in this context is typically an MTC device which is used for MTC purposes; in FIG. 1 the UE 10 is shown as running an MTC Application 12. The UE 10 is not necessarily a typical mobile phone held by a human user, but the user is typically communicating with the UE/MTC device 10 via the MTC Application 12 and therefore over the 3GPP network. The term UE is used herein for simplicity, and would include, for example and without limitation, mobile telecommunication devices, portable or handheld computing devices and desktop or installed computers.
In FIG. 1, arrows A1, A2 and A3 show possible endpoints of access security between the UE 10 and the 3GPP network 40. In the MTC architecture, these will likely re-use (as far as possible) the currently specified access security mechanisms for 3GPP and non-3GPP accesses.
Arrows B1 and B2 in FIG. 1 show possible endpoints of security between the MTC Server/Application 20/30 and the 3GPP network 40. In 3GPP this is referred to as “External interface security”. It is likely that currently-specified NDS/IP (Network Domain Security/Internet Protocol) mechanisms, like IPsec, can be re-used here.
Arrows C1 and C2 in FIG. 1 show possible endpoints of security directly between the UE 10 and the MTC Server/Application 20/30.
Arrows C1 and C2 represent so-called “Secure Connections”, with application layer security between the UE 10 and MTC Server/Application 20/30. It is currently specified that the 3GPP operator may assist with key management for the Secure Connection, e.g. with the help of GBA (Generic Bootstrapping Architecture), but otherwise the Secure Connection is assumed to be transparent to the 3GPP network and out of scope for 3GPP to specify. Therefore in principle any security mechanisms can be used for the Secure Connection, including for example mechanisms being developed in ETSI TC M2M.
As described above, the UE 10 and MTC Server/Application 20/30 communicate over the 3GPP network and there can be several layers of security in between. The application layer security provided by the Secure Connection (arrows C1 and C2) is assumed to be independent of the access security (arrows A1/A2/A3) and External interface security (arrows B1/B2).
The present applicant has identified that network- and device-related inefficiencies result from having different types of security in different parts of the system and at different levels as depicted in FIG. 1, and has further appreciated the desirability of providing an architecture which avoids or at least reduces these inefficiencies.