etsi ts 102 690 v.1.1.2 (2011-12)
TRANSCRIPT
C.Y.Lee
2012-02-09/16
Overview of ETSI TS 102 690 v.1.1.2 (2011-12)
2
• Introduction
• High-level architecture for M2M
• M2M Service Capabilities
• Reference points
• M2M Identifiers
• Application Reachability
• Functional architecture elements for automated bootstrapping
• M2M Resource Management and Procedures
• Tree structure modelling relationship of different resource types
• Accessing resources in SCLs
• Logical sequence of procedures
Table of Contents
3
• The overall end to end M2M functional architecture.
• Including the identification of the functional entities and the related reference points.
• The M2M functional architecture is designed to make use of an IP capable underlying network– including the IP network service provided by 3GPP,
TISPAN and 3GPP2 compliant systems.
ETSI TS 102 690
4
High-level architecture for M2M
5
• The High level architecture for M2M includes a Device and Gateway Domain and a Network domain.
• The Device and Gateway Domain is composed of– M2M Device: A device that runs M2M Application(s) using
M2M Service Capabilities. M2M Devices connect to Network Domain.• Direct Connectivity:
M2M Devices connect to the Network Domain via the Access network.• Gateway as a Network Proxy:
The M2M Device connects to the Network Domain via an M2M Gateway. M2M Devices connect to the M2M Gateway using the M2M Area Network.
– M2M Area Network: provides connectivity between M2M Devices and M2M Gateways.• includeing Personal Area Network technologies such as
IEEE 802.15.1, Zigbee, Bluetooth, …
High-level architecture for M2M
6
• The Device and Gateway Domain is composed of– M2M Gateway: A gateway that runs M2M Application(s)
using M2M Service Capabilities.
• The Network Domain is composed of the following elements:– Access Network: allows the M2M Device and Gateway
Domain to communicate with the Core Network.• Including xDSL, HFC, satellite, GERAN, UTRAN, eUTRAN, W-LAN,
WiMAX, …
– Core Network• Including 3GPP CNs, ETSI TISPAN CN and 3GPP2 CN, …
– M2M applications: Applications that run the service logic and use M2M Service Capabilities accessible via an open interface.
High-level architecture for M2M
7
• The Network Domain is composed of the following elements:– M2M Service Capabilities (M2M SCs)
• Provide M2M functions that are to be shared by different Applications.
• Expose functions through a set of open interfaces.• Use Core Network functionalities.
– Network Management Functions: consists of all the functions required to manage the Access and Core networks.
High-level architecture for M2M
8
• The Network Domain is composed of the following elements:– M2M Management Functions:
• Consists of all the functions required to manage M2M Service Capabilities in the Network Domain.
• The management of the M2M Devices and Gateways uses a specific M2M Service Capability.
• The set of M2M Management Functions include a function for M2M Service Bootstrap. This function is called MSBF (M2M Service Bootstrap Function).
• Permanent security credentials that are bootstrapped using MSBF (such as the M2M Root Key, location, which is called M2M Authentication Server
• (MAS). Such a server can be a AAA server.
High-level architecture for M2M
9
M2M Service Capabilities functional architecture framework
10
• M2M Applications– Device Application (DA), Gateway Application (GA) and
Network Application (NA).
• mIa Reference Point:– NA M2M Service Capabilities in the Network
Domain.
• dIa Reference Point– DA M2M Service Capabilities in the same M2M
Device or in an M2M Gateway.
• mId Reference Point– M2M Service Capabilities residing in an M2M Device
M2M Gateway to communicate with the M2M Service Capabilities in the Network Domain.
Functions and reference points
11
High level flow of events
Root key
Connection key
12
• Network Application Enablement (NAE) capability.• Network Generic Communication (NGC) capability
• Network Reachability, Addressing and Repository (NRAR) Capability
• Network Communication Selection (NCS) Capability
• Network Remote Entity Management (NREM) Capability
• Network Security Capability (NSEC)
• Network History and Data Retention (NHDR) capability (optional)
• Network Transaction Management (NTM) capability (optional)
• Network Interworking Proxy (NIP) capability
• Network Compensation Brokerage (NCB) capability (optional)
• Network Telco Operator Exposure (NTOE) Capability (optional)
M2M Service Capabilities in the Network Domain
13
• Gateway Application Enablement (GAE) capability
• Gateway Generic Communication (GGC) capability
• Gateway Reachability, Addressing and Repository (GRAR) capability
• Gateway Communication Selection (GCS) capability
• Gateway Remote Entity Management (GREM) capability
• Gateway SECurity (GSEC) capability
• Gateway History and Data Retention (GHDR) capability (optional)
• Gateway Transaction Management (GTM) capability (optional)
• Gateway Interworking Proxy (GIP) capability (optional)
• Gateway Compensation Brokerage (GCB) capability (optional)
Service Capabilities in the M2M Gateway
14
• Device Application Enablement (DAE) capability
• Device Generic Communication (DGC) capability
• Device Reachability, Addressing and Repository (DRAR) capability
• Device Communication Selection (DCS) capability
• Device Remote Entity Management (DREM) capability
• Device SECurity (DSEC) capability
• Device History and Data Retention (DHDR) capability (optional)
• Device Transaction Management (DTM) capability (optional)
• Device Interworking Proxy (DIP) capability (optional)
• Device Compensation Brokerage (DCB) capability (optional)
Service Capabilities in the M2M Device
15
Reference points
16
• Additionally there is a non-ETSI M2M compliant device (‘d’) that connects to SCL using the xIP (Interworking Proxy) Capability (NIP, GIP, DIP).
Reference points
17
• Application identifier, App-ID
• SCL identifier, SCL-ID
• M2M node identifier, M2M-Node-ID
• M2M Service Connection identifier, M2M-Connection-ID
• M2M Service Provider identifier, M2M-SP-ID
• MSBF (M2M Service Bootstrap Function) identifier, MSBF-ID
• MAS (M2M authentication Server) identifier, MAS-ID
M2M Identifiers
18
M2M identifiers provisioning overview
19
M2M identifiers provisioning overview when M2M bootstrap is performed through leveraging access network credentials
20
• M2M Communication Point of Contact (M2M PoC)– The M2M PoC is used by the M2M system to
communicate with a GSCL or DSCL.– Any application registered in the SCL can be reached.
• Locating a DA/GA/D'A M2M application.
Application Reachability
21
• M2M PoC for an M2M registered SCL shall have a URI conforming to RFC– URI = scheme:/fullyqualifieddomainname/path/– URI=scheme://ip-address/path/– If the IP address is private, then the address is usually
built based on the address of the related PPP protocol which is a public IP address.
– M2M SP has connections to multiple access networks, there is a need to establish a binding between the registered SCL and the access network.
– M2M PoC to M2M SCLs associated with multiple access networks.
Application Reachability
22
Functional architecture elements for automated bootstrapping
23
• Kmr - M2M Root Key.– used for mutual authentication and key agreement
between the D/G M2M Node and the M2M Service Provider.
– used for deriving an M2M Connection Key (Kmc).– Kmr is coupled with a unique D/G M2M Node and M2M– Service Provider through an M2M-Node-ID identifier.
• Kmc - M2M Connection Key– Kmc is generated for every new M2M Service Connection
procedure of the D/G M2M Node.
• Kma - M2M Application Key– Kma keys are derived from Kmc.– used for authentication and authorization of M2M
Applications at the M2M Device/Gateway and for protection of application data traffic.
M2M keys
24
Key hierarchy for the ETSI M2M service layer
25
• SIM and AKA-based credentials can be utilized by both GBA (Generic Bootstrapping Architecture) and EAP (Extensible Authentication Protocol)-based procedures.
• GBA based M2M Service Bootstrap procedure
• EAP-based Bootstrap Procedure using SIM/AKA-based Credentials
• Bootstrap Procedure Utilizing EAP-based Network Access Authentication– is applicable only to the networks using EAP-based
mutual authentication and key agreement for network access (e.g. WiFi, Ethernet, WiMAX, Zigbee, etc.).
Access Network Assisted M2M Service Bootstrap procedures
26
M2M Service Bootstrap based on GBA
Network Application
Function (NAF)
Bootstrapping Server Function
(BSF)
Home Subscriber
Server (HSS)
27
• Usage of resources in a RESTful architecture.– governs how M2M Applications (DA, GA, NA) and/or
M2M SCL are exchanging information with each other.– transfer of representations of uniquely addressable
resources.– ETSI M2M standardized the resource structure that
resides on a SCL.
M2M Resource Management and Procedures
28
Use of SCL resources to exchange data
29
• Four basic methods:– CREATE: Create child resources.– RETRIEVE: Read the content of the resource.– UPDATE: Write the content of the resource.– DELETE: Delete the resource.
• The additional:– NOTIFY:
• Reporting a notification about a change of a resource as a consequence of a subscription.
• Map to a response of a RETRIEVE method in case that the long polling mechanism is used
• To an UPDATE method in case that the asynchronous mechanism is used.
– EXECUTE: • Executing a management command/task which is
represented by a resource.• Corresponds to an UPDATE method without any payload
data.
M2M Resource Management and Procedures
30
• Resource: – transferred and manipulated with the verbs.– addressed using a Universal Resource Identifier (URI).
• Sub-Resource:– called child resource.– has a containment relationship with the addressed
(parent) resource. – The lifetime is linked to the parent's resource lifetime.
• Attribute: is meta-data that provides properties.
• Attribute-Type– RW: read/write by client– RO: Read-Only by client, set by the server– WO: Write-once, can be provided at creation, but cannot
be changed anymore
Definitions of resource procedures
31
• Issuer: – the actor performing a request (Application or SCL).
• Receiver:– the actor that receives a request from an issuer (SCL or
Application).
• Local SCL: – The SCL where an Application or a SCL shall register
to.
• Hosting SCL: – The SCL where the addressed (Master/original
Resource) resource resides.
Definitions of resource procedures
32
• SclBase Resource– the root of all other resources it contains. – represented by an absolute URI.– Ex: sclBase resource identifying an Network SCL
http://m2m.myoperator.org/some/arbtrary/base/.– Ex: a container resource hosted by this network SCL
http://m2m.myoperator.org/some/arbtrary/base/containers/myExampleContainer
• SCL Resource– represent an associated (remote) SCL that is authorized
to interact with the hosting SCL
• Application Resource– store information about the Application
Types of resources to be used in a SCL
33
• AccessRight Resource– store a representation of permissions
• Container Resource– to exchange data between applications and/or SCLs by
using the container as a mediator that takes care of buffering the data on line or offine.
• LocationContainer Resource– represent a container for the location information of a
M2M entity
• Group Resource– define and access groups of other resources
Types of resources to be used in a SCL
34
• Subscription Resource– used to keep track of status of active subscription to its
parent resource.
• M2MPoC Resource– represent information maintained in the NSCL on how
to reach a DSCL or GSCL via a specific access network.
• MgmtObj Resource– holds the management data which represents a certain
type of M2M remote entity management function.
• MgmtCmd Resource– used to model non-RESTful management commands,
i.e. BBF TR-069 Remote Procedure Call (RPC) methods.
Types of resources to be used in a SCL
35
• AttachedDevices Resource– be used to collect the management information of all M2M
D' devices that are attached to a M2M Gateway.
• Announced Resource– consists of only a limited set of attributes, the
searchStrings, the link to the original resource and the access right.
– to facilitate a discovery of the original resource when querying the announced-to SCL.
• Discovery Resource– to retrieve the list of URI of resources matching a discovery
filter criteria.
• Collection Resource– when resources contain a collection of similar sub-
resources, this is modelled as a collection resource
Types of resources to be used in a SCL
36
• accessRightID– URI of an access rights resource.– defined in the accessRight resource– Formats:
• <sclBase>/scls/<scl>/applications/<applicationAnnc>• <sclBase>/scls/<scl>• <sclBase>/applications/<application>
• announceTo
• creationTime/expirationTime/lastModifiedTime
• filterCriteria
• Link: URI of the related remote resource
• searchStrings: used as keys for discovering resources
Common attributes
37
Tree structure modelling relationship of different resource types
38
Tree structure modelling relationship of different resource types
39
Tree structure modelling relationship of different resource types
40
Tree structure modelling relationship of different resource types
41
Tree structure modelling relationship of different resource types
42
Tree structure modelling relationship of different resource types
43
Tree structure modelling relationship of different resource types
44
• Issuer accesses a resource in the Local SCL; no hop
Accessing resources in SCLs
45
• Application accesses resource in the hosting SCL; one hop
Accessing resources in SCLs
46
• Issuer accesses a resource in the hosting SCL; 2-hop
Accessing resources in SCLs
47
• Discovery of SCLs
• SCL management
• Application management
• Access rights management
• Container management
• Group management
• Resource discovery
• Collection management
• Subscription management
• Announce/De-announce
• Object Resource Management
Logical sequence of procedures
Thanks For Your Listening !
Fortune favors the bold
~by Sheryl Sandberg