etsi ts 102 690 v.1.1.2 (2011-12)

C.Y.Lee

2012-02-09/16

Overview of ETSI TS 102 690 v.1.1.2 (2011-12)

2

• Introduction

• High-level architecture for M2M

• M2M Service Capabilities

• Reference points

• M2M Identifiers

• Application Reachability

• Functional architecture elements for automated bootstrapping

• M2M Resource Management and Procedures

• Tree structure modelling relationship of different resource types

• Accessing resources in SCLs

• Logical sequence of procedures

Table of Contents

3

• The overall end to end M2M functional architecture.

• Including the identification of the functional entities and the related reference points.

• The M2M functional architecture is designed to make use of an IP capable underlying network– including the IP network service provided by 3GPP,

TISPAN and 3GPP2 compliant systems.

ETSI TS 102 690

4

High-level architecture for M2M

5

• The High level architecture for M2M includes a Device and Gateway Domain and a Network domain.

• The Device and Gateway Domain is composed of– M2M Device: A device that runs M2M Application(s) using

M2M Service Capabilities. M2M Devices connect to Network Domain.• Direct Connectivity:

M2M Devices connect to the Network Domain via the Access network.• Gateway as a Network Proxy:

The M2M Device connects to the Network Domain via an M2M Gateway. M2M Devices connect to the M2M Gateway using the M2M Area Network.

– M2M Area Network: provides connectivity between M2M Devices and M2M Gateways.• includeing Personal Area Network technologies such as

IEEE 802.15.1, Zigbee, Bluetooth, …


6

• The Device and Gateway Domain is composed of– M2M Gateway: A gateway that runs M2M Application(s)

using M2M Service Capabilities.

• The Network Domain is composed of the following elements:– Access Network: allows the M2M Device and Gateway

Domain to communicate with the Core Network.• Including xDSL, HFC, satellite, GERAN, UTRAN, eUTRAN, W-LAN,

WiMAX, …

– Core Network• Including 3GPP CNs, ETSI TISPAN CN and 3GPP2 CN, …

– M2M applications: Applications that run the service logic and use M2M Service Capabilities accessible via an open interface.


7

• The Network Domain is composed of the following elements:– M2M Service Capabilities (M2M SCs)

• Provide M2M functions that are to be shared by different Applications.

• Expose functions through a set of open interfaces.• Use Core Network functionalities.

– Network Management Functions: consists of all the functions required to manage the Access and Core networks.


8

• The Network Domain is composed of the following elements:– M2M Management Functions:

• Consists of all the functions required to manage M2M Service Capabilities in the Network Domain.

• The management of the M2M Devices and Gateways uses a specific M2M Service Capability.

• The set of M2M Management Functions include a function for M2M Service Bootstrap. This function is called MSBF (M2M Service Bootstrap Function).

• Permanent security credentials that are bootstrapped using MSBF (such as the M2M Root Key, location, which is called M2M Authentication Server

• (MAS). Such a server can be a AAA server.


9

M2M Service Capabilities functional architecture framework

10

• M2M Applications– Device Application (DA), Gateway Application (GA) and

Network Application (NA).

• mIa Reference Point:– NA M2M Service Capabilities in the Network

Domain.

• dIa Reference Point– DA M2M Service Capabilities in the same M2M

Device or in an M2M Gateway.

• mId Reference Point– M2M Service Capabilities residing in an M2M Device

M2M Gateway to communicate with the M2M Service Capabilities in the Network Domain.

Functions and reference points

11

High level flow of events

Root key

Connection key

12

• Network Application Enablement (NAE) capability.• Network Generic Communication (NGC) capability

• Network Reachability, Addressing and Repository (NRAR) Capability

• Network Communication Selection (NCS) Capability

• Network Remote Entity Management (NREM) Capability

• Network Security Capability (NSEC)

• Network History and Data Retention (NHDR) capability (optional)

• Network Transaction Management (NTM) capability (optional)

• Network Interworking Proxy (NIP) capability

• Network Compensation Brokerage (NCB) capability (optional)

• Network Telco Operator Exposure (NTOE) Capability (optional)

M2M Service Capabilities in the Network Domain

13

• Gateway Application Enablement (GAE) capability

• Gateway Generic Communication (GGC) capability

• Gateway Reachability, Addressing and Repository (GRAR) capability

• Gateway Communication Selection (GCS) capability

• Gateway Remote Entity Management (GREM) capability

• Gateway SECurity (GSEC) capability

• Gateway History and Data Retention (GHDR) capability (optional)

• Gateway Transaction Management (GTM) capability (optional)

• Gateway Interworking Proxy (GIP) capability (optional)

• Gateway Compensation Brokerage (GCB) capability (optional)

Service Capabilities in the M2M Gateway

14

• Device Application Enablement (DAE) capability

• Device Generic Communication (DGC) capability

• Device Reachability, Addressing and Repository (DRAR) capability

• Device Communication Selection (DCS) capability

• Device Remote Entity Management (DREM) capability

• Device SECurity (DSEC) capability

• Device History and Data Retention (DHDR) capability (optional)

• Device Transaction Management (DTM) capability (optional)

• Device Interworking Proxy (DIP) capability (optional)

• Device Compensation Brokerage (DCB) capability (optional)

Service Capabilities in the M2M Device

15

Reference points

16

• Additionally there is a non-ETSI M2M compliant device (‘d’) that connects to SCL using the xIP (Interworking Proxy) Capability (NIP, GIP, DIP).

Reference points

17

• Application identifier, App-ID

• SCL identifier, SCL-ID

• M2M node identifier, M2M-Node-ID

• M2M Service Connection identifier, M2M-Connection-ID

• M2M Service Provider identifier, M2M-SP-ID

• MSBF (M2M Service Bootstrap Function) identifier, MSBF-ID

• MAS (M2M authentication Server) identifier, MAS-ID

M2M Identifiers

18

M2M identifiers provisioning overview

19

M2M identifiers provisioning overview when M2M bootstrap is performed through leveraging access network credentials

20

• M2M Communication Point of Contact (M2M PoC)– The M2M PoC is used by the M2M system to

communicate with a GSCL or DSCL.– Any application registered in the SCL can be reached.

• Locating a DA/GA/D'A M2M application.

Application Reachability

21

• M2M PoC for an M2M registered SCL shall have a URI conforming to RFC– URI = scheme:/fullyqualifieddomainname/path/– URI=scheme://ip-address/path/– If the IP address is private, then the address is usually

built based on the address of the related PPP protocol which is a public IP address.

– M2M SP has connections to multiple access networks, there is a need to establish a binding between the registered SCL and the access network.

– M2M PoC to M2M SCLs associated with multiple access networks.

Application Reachability

22

Functional architecture elements for automated bootstrapping

23

• Kmr - M2M Root Key.– used for mutual authentication and key agreement

between the D/G M2M Node and the M2M Service Provider.

– used for deriving an M2M Connection Key (Kmc).– Kmr is coupled with a unique D/G M2M Node and M2M– Service Provider through an M2M-Node-ID identifier.

• Kmc - M2M Connection Key– Kmc is generated for every new M2M Service Connection

procedure of the D/G M2M Node.

• Kma - M2M Application Key– Kma keys are derived from Kmc.– used for authentication and authorization of M2M

Applications at the M2M Device/Gateway and for protection of application data traffic.

M2M keys

24

Key hierarchy for the ETSI M2M service layer

25

• SIM and AKA-based credentials can be utilized by both GBA (Generic Bootstrapping Architecture) and EAP (Extensible Authentication Protocol)-based procedures.

• GBA based M2M Service Bootstrap procedure

• EAP-based Bootstrap Procedure using SIM/AKA-based Credentials

• Bootstrap Procedure Utilizing EAP-based Network Access Authentication– is applicable only to the networks using EAP-based

mutual authentication and key agreement for network access (e.g. WiFi, Ethernet, WiMAX, Zigbee, etc.).

Access Network Assisted M2M Service Bootstrap procedures

26

M2M Service Bootstrap based on GBA

Network Application

Function (NAF)

Bootstrapping Server Function

(BSF)

Home Subscriber

Server (HSS)

27

• Usage of resources in a RESTful architecture.– governs how M2M Applications (DA, GA, NA) and/or

M2M SCL are exchanging information with each other.– transfer of representations of uniquely addressable

resources.– ETSI M2M standardized the resource structure that

resides on a SCL.

M2M Resource Management and Procedures

28

Use of SCL resources to exchange data

29

• Four basic methods:– CREATE: Create child resources.– RETRIEVE: Read the content of the resource.– UPDATE: Write the content of the resource.– DELETE: Delete the resource.

• The additional:– NOTIFY:

• Reporting a notification about a change of a resource as a consequence of a subscription.

• Map to a response of a RETRIEVE method in case that the long polling mechanism is used

• To an UPDATE method in case that the asynchronous mechanism is used.

– EXECUTE: • Executing a management command/task which is

represented by a resource.• Corresponds to an UPDATE method without any payload

data.

M2M Resource Management and Procedures

30

• Resource: – transferred and manipulated with the verbs.– addressed using a Universal Resource Identifier (URI).

• Sub-Resource:– called child resource.– has a containment relationship with the addressed

(parent) resource. – The lifetime is linked to the parent's resource lifetime.

• Attribute: is meta-data that provides properties.

• Attribute-Type– RW: read/write by client– RO: Read-Only by client, set by the server– WO: Write-once, can be provided at creation, but cannot

be changed anymore

Definitions of resource procedures

31

• Issuer: – the actor performing a request (Application or SCL).

• Receiver:– the actor that receives a request from an issuer (SCL or

Application).

• Local SCL: – The SCL where an Application or a SCL shall register

to.

• Hosting SCL: – The SCL where the addressed (Master/original

Resource) resource resides.

Definitions of resource procedures

32

• SclBase Resource– the root of all other resources it contains. – represented by an absolute URI.– Ex: sclBase resource identifying an Network SCL

http://m2m.myoperator.org/some/arbtrary/base/.– Ex: a container resource hosted by this network SCL

http://m2m.myoperator.org/some/arbtrary/base/containers/myExampleContainer

• SCL Resource– represent an associated (remote) SCL that is authorized

to interact with the hosting SCL

• Application Resource– store information about the Application

Types of resources to be used in a SCL

33

• AccessRight Resource– store a representation of permissions

• Container Resource– to exchange data between applications and/or SCLs by

using the container as a mediator that takes care of buffering the data on line or offine.

• LocationContainer Resource– represent a container for the location information of a

M2M entity

• Group Resource– define and access groups of other resources


34

• Subscription Resource– used to keep track of status of active subscription to its

parent resource.

• M2MPoC Resource– represent information maintained in the NSCL on how

to reach a DSCL or GSCL via a specific access network.

• MgmtObj Resource– holds the management data which represents a certain

type of M2M remote entity management function.

• MgmtCmd Resource– used to model non-RESTful management commands,

i.e. BBF TR-069 Remote Procedure Call (RPC) methods.


35

• AttachedDevices Resource– be used to collect the management information of all M2M

D' devices that are attached to a M2M Gateway.

• Announced Resource– consists of only a limited set of attributes, the

searchStrings, the link to the original resource and the access right.

– to facilitate a discovery of the original resource when querying the announced-to SCL.

• Discovery Resource– to retrieve the list of URI of resources matching a discovery

filter criteria.

• Collection Resource– when resources contain a collection of similar sub-

resources, this is modelled as a collection resource


36

• accessRightID– URI of an access rights resource.– defined in the accessRight resource– Formats:

• <sclBase>/scls/<scl>/applications/<applicationAnnc>• <sclBase>/scls/<scl>• <sclBase>/applications/<application>

• announceTo

• creationTime/expirationTime/lastModifiedTime

• filterCriteria

• Link: URI of the related remote resource

• searchStrings: used as keys for discovering resources

Common attributes

37

Tree structure modelling relationship of different resource types

38


39


40


41


42


43


44

• Issuer accesses a resource in the Local SCL; no hop

Accessing resources in SCLs

45

• Application accesses resource in the hosting SCL; one hop


46

• Issuer accesses a resource in the hosting SCL; 2-hop


47

• Discovery of SCLs

• SCL management

• Application management

• Access rights management

• Container management

• Group management

• Resource discovery

• Collection management

• Subscription management

• Announce/De-announce

• Object Resource Management

Logical sequence of procedures

Thanks For Your Listening !

Fortune favors the bold

~by Sheryl Sandberg

etsi ts 102 690 v.1.1.2 (2011-12)

Documents