M2M communication is a wireless communication technology, a general term of a series of technologies and their combinations for implementing data communication and exchange between machine and machine and between machine and human. The M2M has two levels in the meaning: one is the machine itself, referred to smart equipment in the embedded design field; the second is the connection between machine and machine, and the machines are connected together through the network. The machine communication has a wide range of applications, such as smart metering, remote monitoring, tracking, medical, and so on, to make human life more intelligent. Compared with the traditional communication among peoples, the number of the M2MEs (Machine to Machine Equipments) is huge, and it has widespread applications, with huge market potential.
In M2M communication, the main long-distance connectivity technologies comprise GSM/GPRS/UMTS, and the short-distance connectivity technologies mainly are 802.1lb/g, Bluetooth, Zigbee, RFID and so on. The M2M is a service focusing on equipments, since the M2M integrates the wireless communications and information technology, it can be used for two-way communication, such as remotely collecting information, setting parameters and sending commands, so as to achieve different applications, such as security monitoring, automatic vending and cargo tracking Almost all equipments involved in daily life are likely to become potential objects. The M2M provides a simple method for establishing a wireless connection for the equipment real-time data between systems, remote equipments, or the individuals.
One challenge of M2M communication is to deploy the remote security management of the M2M equipment. Therefore, we need to address how to remotely provide the M2ME with the subscription data, namely the MCIM (Machine Communication Identity Module), and to prevent the MCIM in the provision process from being accessed and used by an attacker. The MCIM application is a set of M2M security data and functions for accessing to the 3GPP network (which might be the IMS network). The MCIM might be located in the UICC (Universal Integrated Circuit Card), or might be located in a TRE (The Trusted environment) functional entity. When the MCIM is located in the UICC, the MCIM means the USIM (Universal Subscriber Identity Module) or the ISIM (IP Multimedia Services Identity Module). The TRE functional entity is a trusted environment functional entity provided by the M2ME, and one TRE functional entity might be authenticated by an external authorized agent at any time. The MCIM might be installed in the TRE functional entity, and the M2ME provides software and hardware protection and isolation to the MCIM via the TRE functional entity.
Currently, There are two methods for the M2ME to provide the M2M service: based on the UICC or based on the TRE functional entity.
When the M2ME provides the M2M service based on the UICC, there are the following two solutions about how to remotely change the subscription data, that is, change the selected home operator of the M2M equipment:
1. the solution in which the subscription data cannot be remotely changed,
although this solution might be able to conveniently provide the M2M service to the M2ME, the UICC must be replaced when the M2M service subscriber wants to change the operator of the M2M service, which makes the M2ME maintenance very difficult, even if possible, the cost is very high, thus this solution cannot achieve the remote management of the MCIM of the M2ME;
2. the solution in which the subscription data can be remotely changed,
in this solution, when the selected home operator is determined once the UICC is released, there is no problem of the initial MCIM provision, however, if the selected home operator is determined after the UICC is released, how to initially provide the MCIM to the UICC is a problem to be addressed; in addition, this solution changes the operator by changing the IMSI (International Mobile Subscriber Identity), although the M2ME can be easily managed with this solution, it involves transferring the IMSI between different mobile operator networks, thereby increasing the security risk of the M2ME subscription data; meanwhile, in the process of changing the IMSI, the UICC might interrupt the connection with any operator;
When the M2ME provides the M2M service based on the TRE functional entity, with the initial connection provided by the TRE functional entity, it installs the remotely provided MCIM in the TRE functional entity, with the disadvantage is that the MCIM protection depends on the security of the TRE function entity, since the TRE functional entity is achieved in the M2ME, the security of the TRE functional entity is lower than that of the UICC, thus the security of the MCIM in the TRE functional entity is not high; the solution of changing the selected home operator of the M2M equipment based on the TRE functional entity still has the problem that the security of the MCIM is relatively difficult to be guaranteed after the MCIM is provided to the TRE functional entity.