TV Whitespace Introduction

December 11, 2011 Machine-to-machine (M2M) Functional Architecture Overview

Contents

Full Scale Technologies Author: Mimi Tam (CTO) Page 1 December 11, 2011 Machine-to-machine (M2M) Functional Architecture Overview 1. M2M REFERENCE ARCHITECTURE

Courtesy of ETSI Spec

2. M2M Architectural Components

M2M Device (D)

Any device with a M2M application and offers M2M service capabilities in that it is capable of responding to external request for data as well as autonomously transmit data to an external object as targeted.

M2M Gateway (G)

Full Scale Technologies Author: Mimi Tam (CTO) Page 2 December 11, 2011 Machine-to-machine (M2M) Functional Architecture Overview A gateway module runs a M2M application which offers M2M capabilities and act as a bridge between M2M devices and the M2M Access Network. Devices without M2M capabilities built-in can go through M2M gateway to interconnect and interwork with the M2M access network.

M2M Area Network

A wired or wireless access network provides connectivity and transport of M2M data/messages between M2M devices, M2M gateways and M2M servers. Some M2M area network technologies include: PWLAN, ZWave, Zigbee, Bluetooth, 802.15, PLC (Power Line Communication), M-Bus used for metering and others.

M2M Core Network (N)

This is the central part of the M2M communication network that provides various services to service providers connected via the access network such as GERAN, WiMAX, Satellite, DSL, UTRAN, WLAN or eUTRAN.

M2M Application / Server (A)

This is software running in the middleware layer designed to perform specific business processes over the M2M Core network.

M2M Service Capabilities Layer (SCL)

This is an abstraction layer of the M2M software where common functionalities are implemented to serve the M2M application. It exists within M2M Device (DSCL), Gateway (GSCL) and the Network (NSCL) and provides a set of APIs to expose the M2M service capabilities closest to the application using them.

Non-ETSI M2M Compliant Device (D’)

Any device with no M2M service capabilities built-in can connect to a M2M gateway to make use of the M2M service capabilities offered in the gateway via the Gateway Interworking Proxy (GIP) capability (optional). There is also the Network Interworking Proxy (NIP) and the Device Interworking Proxy (DIP).

3. ETSI Reference Points

Full Scale Technologies Author: Mimi Tam (CTO) Page 3 December 11, 2011 Machine-to-machine (M2M) Functional Architecture Overview

This reference point is the interface between the Device Application (DA) within a device to the Device Service Capabilities Layer (DSCL) or a Gateway Service Capabilities Layer (GSCL) in a M2M gateway. The Gateway Application (GA) also uses this reference point to interface with its own built-in GSCL and to DSCL of a connected M2M device. mIa

This reference point is the interface between the Network Application (NA) and its closest Network Service Capabilities Layer (NSCL).

Full Scale Technologies Author: Mimi Tam (CTO) Page 4 December 11, 2011 Machine-to-machine (M2M) Functional Architecture Overview mld

This reference point is the interface between Service Capabilities Layers from different M2M components (i.e. DSCL  DSCL GSCL NSCL interchangeably).

4. M2M High Level Functional Diagram

Courtesy of ETSI Spec

Above is the ETSI version of the high-level M2M functional diagram in which the M2M core interworks with XDMS (XML Document Management System) for different service providers.

5. M2M SERVICE CAPABILITIES

There are three categories of M2M Service Capabilities Layers. One resides in the M2M Network (NSCL), another in the M2M Gateway (GSCL) and one in the M2M Device.

DAE exposes functionalities implemented in DSCL via a single reference point: dIa

6. M2M HIGH LEVEL EVENT FLOW

1. Network Bootstrap – Provisions names, service levels, security, etc. 2. Network Registration – Can be based on 3GPP, ETSI, TISPAN, etc. 3. M2M Service Bootstrap – Provisions M2M Service Provider ID and Kmr (M2M Root Key). 4. M2M Service Connection (mId Security) – Mutual authentication of mId end points and optional establishment of secure communication over mId based on Kmc (M2M connection key, generated from Kmr) and sub-keys of Kmc. 5. SCL Registration – Establishes context of D/GSCL in NSCL and vice versa. 6. D/GSCL now interacts with NSCL in the network domain. 7. Application Registration (of D/GA on D/GSCL) – Establishes context of D/GA in D/GSCL and optional generation of Kma provisioning to application.

Full Scale Technologies Author: Mimi Tam (CTO) Page 7 December 11, 2011 Machine-to-machine (M2M) Functional Architecture Overview 8. D/GA now interacts with local D/GSCL. 9. D/GA now interacts with NSCL in the network domain via D/GSCL. 10. Application Registration (of NA on NSCL) – Establishes context of NA in NSCL. 11. NA in the network domain now interacts with local NSCL.

7. M2M MODULE IDENTIFIERS

List of Identifiers include:

Application identifier, App-ID

This is a globally unique identifier created by the M2M Service Provider to identify M2M applications running on a M2M Device, M2M Gateway, M2M Network or a non- M2M device. This App-ID identifies an application, registers with a Service Capabilities Layer (SCL) in order to interact with the application.

SCL identifier, SCL-ID

This is a globally unique identifier for an instantiation of the Service Capabilities Layer in a M2M device/gateway/network (server). M2M Service Providers can set SCL-ID to be the same value as the M2M-Node-ID.

M2M node identifier, M2M-Node-ID

Owned by the Service Provider, this identifier represents a M2M component in the M2M Device, Gateway or Network. A M2M component includes one SCL, M2M Service Bootstrap Function (MSBF) if any and a M2M Service Connection Function. This identifier is instantiated upon M2M Bootstrap procedure or pre-provisioning of the M2M Device/Gateway with an M2M Service Provider.

M2M Service Connection identifier, M2M-Connection-ID

This identifier identifies a connection between M2M Device/Gateway and the SCL of the Network component. This connection is for the physical, data link and the network layers and is instantiated upon D/G SCL being authenticated and authorized by a NSCL for the connection.

M2M Service Provider identifier, M2M-SP-ID

This is a static value representing a M2M Service Provider and shall be unique.

MSBF (M2M Service Bootstrap Function) identifier, MSBF-ID

Full Scale Technologies Author: Mimi Tam (CTO) Page 8 December 11, 2011 Machine-to-machine (M2M) Functional Architecture Overview This is a static value assigned by the M2M Service Provider for a M2M Service Bootstrap Function.

MAS (M2M Authentication Service) identifier, MAS-ID

This is a static value assigned by the M2M Service Provider for a M2M Authentication Service.

8. M2M PROTOCOL STACK

9. M2M RESOURCE MANAGEMENT

M2M Applications (DA, GA, NA) and M2M SCL are exchanging information with each other using the clients/servers RESTful architecture. Requests and responses are built around the transfer of representations of resources addressable by URIs. RESTful resources are handled by the four basic methods CRUD (Create, Retrieve, Update and Delete). ETSI M2M standardized resource structures on a SCL.

Resource is the root of all resources under the hosting SCL resource tree. Here are a few examples of standardized resource structures to illustrate the M2M RESTful resource hierarchy. Details can be found in the ETSI TS 102 series specifications.

Structure of -resources

Structure of resource

Structure of registered applications and applications resources

Structure of resource

10. M2M SERVICE BOOTSTRAPPING

The purpose of this process is to provision a M2M Root Key in the D/G M2M Node and in the MAS (M2M Authentication Server). The D/G M2M Node may also be provisioned for an M2M-Node-ID, SCL-ID and/or one or more NSCL identifiers for use as the next point of contact.

The M2M Service Bootstrap procedures can be based on the access network credentials or can be completely independent from the access network.

When the access network provider and the M2M service provider share a business relationship, the access network provides the interface for M2M Service Bootstrapping and its security credentials are used for the process. SIM and AKA(Authentication and Key Agreement)-based credentials can be used by both GBA (Generic Bootstrapping Architecture) and EAP-based (Extensible Authentication Protocol) procedures. Here are the 3 types of Access Network Assisted M2M Service Bootstrap procedures:

 GBA based M2M Service Bootstrap procedure  EAP-based Bootstrap Procedure using SIM/AKA-based credentials  Bootstrap procedure utilizing EAP-based Network Access Authentication

When there is no business relationships between access network provider and M2M service provider or between M2M device/gateway manufacturer and M2 service provider or in cases where no security operations are configured in the access network layer, Access Network Independent M2M Service Bootstrap procedures will take place. Let’s examine this type of bootstrap procedures from different angles:

 M2M Service Bootstrap required properties include:

o Each D/G M2M nodes establishes a secure service session with SCL and not with other D/G nodes. o Only minor signaling is required o No manual provisioning of keys into servers during M2M D/G deployment.

 M2M Service Bootstrap Authentication and Transport Options

Full Scale Technologies Author: Mimi Tam (CTO) Page 13 December 11, 2011 Machine-to-machine (M2M) Functional Architecture Overview Either EAP over PANA (Protocol for carrying Authentication for Network Access) or TLS (Transport Layer Security) over TCP (Transmission Control Protocol) can be used for carrying the automated bootstrapping authentication methods (i.e. EAP-IBAKE over EAP/PANA, EAP-TLS over EAP/PANA and TLS over TCP).

Full Scale Technologies Author: Mimi Tam (CTO) Page 14