KR102030049B1 - Integrated emergency broadcasting system and method supporting lightweight security - Google Patents

Abstract

The present invention relates to integrated disaster emergency broadcasting system and method supporting a lightweight security method. More specifically, the present invention relates to integrated disaster emergency broadcasting system and method supporting a lightweight security method, wherein a security for the communication with a terminal is ensured, and at the same time, a security complexity is reduced to provide the lightweight security method by using an error coefficient used for time synchronization with the terminal and a hash of a blockchain for generating an encryption key. A security for the encryption key can also be ensured through the blockchain, and additionally, emergency broadcasting due to an occurrence of a disaster can be provided on the basis of the encrypted communication through the encryption key between terminals configured at the end.

Description

Integrated emergency broadcasting system and method supporting lightweight security}

The present invention relates to an integrated emergency emergency broadcasting system and method for supporting a lightweight security method, and more particularly, to generate an encryption key using an error coefficient and a hash of a block chain used for time synchronization with a terminal. The security complexity of the communication is improved and the security complexity is improved to provide a lightweight security method. The security of the encryption key can also be guaranteed through the blockchain, and the encryption key between the terminals configured at the end is secured. An integrated disaster emergency broadcast system and method for supporting a lightweight security scheme configured to perform emergency broadcast based on a disaster occurrence based on encrypted communication.

Currently, various security methods for the security of data transmitted / received between devices constituting various systems such as a video surveillance system, an IoT system, an emergency broadcasting system, etc. have emerged. .

However, the existing encryption method is so complicated that the server that manages the system can have a hardware configuration that supports the encryption method, but it is difficult to support such a security protocol when the end device communicating with the server in the system is a low-performance device. There is.

Even if a hardware configuration supporting a security protocol is possible for such an end device, the load on the end device is significant when communicating with the server, which may cause communication failures and communication delays caused by such a load, thereby deteriorating system stability and reliability. There is a problem.

Korea Patent Registration No. 10-0577875

The present invention can be easily applied to the terminal even when the terminal constituting the system is configured as a low-performance device, and provides a lightweight security method using a symmetric encryption key to secure the security of the communication session with the terminal securely. Rather, the purpose is to ensure the stability and reliability of the system by lowering the processing load of the security related terminal.

In addition, the present invention has an object to ensure the security of the entire system by easily detecting the forgery of the symmetric encryption key used in communication with the terminal to ensure the security of the encryption key.

An integrated disaster emergency broadcast system supporting a lightweight security scheme according to an embodiment of the present invention communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol. In the pre-stored shared ledger used in the blockchain to generate the encryption key of the identification block, the new block associated with the encryption key of the specific terminal is identified with the previous block to be connected, and information related to another encryption key of another terminal is included in the previous block. The other encryption key related information including the hash value used to generate another encryption key related to another terminal, identification information of the other terminal, and another encryption key related to the other terminal in a hash algorithm preset in a stored existing key block, and the existing information. Extract the existing keyblock hash value obtained by applying the generation time of the keyblock. And generating an encryption key for the specific terminal by applying an error coefficient according to a time error with the specific terminal measured through the time synchronization and the existing keyblock hash value to a preset hash algorithm, and generating the same key in the specific terminal. A security server for transmitting the existing keyblock hash value to generate an encryption key and the specific terminal, and presetting an error coefficient according to time synchronization with the security server and the existing keyblock hash value received from the security server. The encryption key is generated by applying a hash algorithm, connected to a cloud server, a management server, or a media server for integrated disaster emergency broadcasting, or configured as a module inside the cloud server, a management server, or a media server. Sends generated by the server or media server It may send the encrypted data, the encryption key, or include a proxy device for decoding the encryption key to encrypt the received data encrypted with a key that is received in the cloud server or a management server or a media server.

As an example related to the present invention, the cloud server controls various devices for integrated disaster emergency broadcasting based on disaster related data received from the outside, and the management server establishes a communication network when a disaster occurs based on the data. A disaster broadcast image is generated based on an image received from one or more IP cameras, or a disaster broadcast image corresponding to the disaster situation is generated among one or more previously stored emergency broadcast images, and the media server receives a disaster received from the management server. The emergency broadcast-related broadcast information may be generated based on the broadcast video and transmitted to the end device.

An integrated disaster emergency broadcast system supporting a lightweight security scheme according to another embodiment of the present invention communicates with a plurality of different terminals through a communication network, and performs time synchronization with a specific terminal according to a preset synchronization protocol. In the pre-stored shared ledger used in the blockchain for generating the encryption key of the terminal, identifies a new block associated with the encryption key of the specific terminal and a previous block to be connected, and is included in the previous block and related to other encryption keys of other terminals. The other encryption key related information including a hash value used to generate another encryption key related to another terminal, identification information of the other terminal, and another encryption key related to the other terminal, in a hash algorithm preset in a stored existing keyblock. Apply the existing keyblock hash value obtained by applying the generation time of the existing keyblock. And generating an encryption key for the specific terminal by applying an error coefficient according to a time error with the specific terminal measured through the time synchronization and the existing key block hash value to a preset hash algorithm. Applying the encryption key generation process for the specific terminal for transmitting the existing key block hash value to generate the same encryption key for each of the plurality of terminals to generate different encryption keys in the plurality of terminals, A security server configured to generate and store an encryption key identical to an encryption key generated by each of a plurality of terminals, and a first encryption configured according to the encryption key generation process through communication with the security server, configured as any one of the plurality of terminals. Generate keys, cloud server, management server and MIDI for integrated disaster emergency broadcasts The first proxy device configured as a module connected to any one of the servers or inside any one of the cloud server, the management server, and the media server, and configured as another one of the plurality of terminals and communicating with the security server. A second encryption key is generated according to an encryption key generation process, and the first proxy device of the cloud server, the management server, and the media server is connected or connected to another one different from any one configured therein or configured as a module therein. And a second proxy device, wherein the security server receives the first encryption key upon receiving a communication request from one of the first and second proxy devices with a communication target to which the other one of the first and second proxy devices is connected. Is transmitted to the second proxy device and the second encryption key is transmitted to the first proxy device. Data transmitted and received between the cloud server, the management server, and the media server corresponding to the communication request by either one of the first and second proxy devices to any one of the first and second encryption keys. And may be encrypted.

As an example related to the present invention, the security server may generate a transaction for a transmission / reception process of the first and second encryption keys, generate a block including the transaction, and store the transaction in the shared ledger. have.

As an example related to the present invention, the security server encrypts and transmits the second encryption key with the first encryption key when transmitting the second encryption key to the first proxy device, and transmits the first encryption key to the second proxy device. When the encryption key is transmitted, the first encryption key is encrypted and transmitted using the second encryption key, and the first proxy device decrypts the encrypted second encryption key with the first encryption key, and the second proxy device encrypts the encrypted key. The first encryption key may be decrypted with the second encryption key.

An integrated disaster emergency broadcast system supporting a lightweight security scheme according to another embodiment of the present invention communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol. In the pre-stored shared ledger used in the blockchain for generating an encryption key of a specific terminal, identify a new block associated with the encryption key of the specific terminal and a previous block to be connected, and are included in the previous block and related to another encryption key of another terminal. The other encryption key related information including a hash value used to generate another encryption key related to another terminal, identification information of the other terminal, and another encryption key related to the other terminal, to a hash algorithm preset in an existing key block storing information; The existing keyblock hash value obtained by applying the generation time of the existing keyblock is obtained. Extracts and generates an encryption key for the specific terminal by applying an error coefficient according to a time error with the specific terminal measured through the time synchronization and the existing keyblock hash value to a preset hash algorithm, and generating the specific terminal. Applying the encryption key generation process for the specific terminal for transmitting the existing key block hash value to generate the same encryption key for each of the plurality of terminals to generate different encryption keys in the plurality of terminals, A security server configured to generate and store an encryption key identical to an encryption key generated by each of a plurality of terminals, and a first encryption configured according to the encryption key generation process through communication with the security server, configured as any one of the plurality of terminals. Generate keys, cloud servers and management servers for integrated disaster emergency broadcasts A first proxy device which is connected to any one of the dear servers or is configured as a module inside any one of the cloud server, the management server and the media server, and is configured as another one of the plurality of terminals and communicates with the security server. A second encryption key generated according to the encryption key generation process, connected to an end device configured as a user terminal or signage in a state in which an IP camera or a dedicated application is executed, or configured as a module inside the end device; A proxy device and another one of the plurality of terminals are configured to generate a third encryption key according to the encryption key generation process through communication with the security server, and is connected to a video recording server or a module inside the video recording server. And a third proxy device configured as, wherein said security server comprises said first to first The first to third encryptions when a third proxy device, which is one of the first to third proxy devices other than the specific proxy device, is connected to or receives a communication request with a communication target configured therein. Transmit a specific encryption key corresponding to the specific proxy device among the keys to the other proxy device, transmit another encryption key corresponding to the other proxy device among the first to third encryption keys to the specific proxy device, and Data transmitted and received between any one of a cloud server, a management server, and a media server, the video recording server, and the end device is transmitted to any one of the first to third encryption keys by any one of the first to third proxy devices. And may be encrypted.

As an example related to the present invention, the video recording server may be configured as a VMS or an NVR.

An integrated disaster emergency broadcast system supporting a lightweight security scheme according to a further embodiment of the present invention communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol. In the pre-stored shared ledger used in the blockchain for generating the encryption key of the terminal, identifies a new block associated with the encryption key of the specific terminal and a previous block to be connected, and is included in the previous block and related to other encryption keys of other terminals. The other encryption key related information including a hash value used to generate another encryption key related to another terminal, identification information of the other terminal, and another encryption key related to the other terminal, in a hash algorithm preset in a stored existing keyblock. Apply the existing keyblock hash value obtained by applying the generation time of the existing keyblock. And generating an encryption key for the specific terminal by applying an error coefficient according to a time error with the specific terminal measured through the time synchronization and the existing key block hash value to a preset hash algorithm. Applying the encryption key generation process for the specific terminal for transmitting the existing key block hash value to generate the same encryption key for each of the plurality of terminals to generate different encryption keys in the plurality of terminals, A security server for generating and storing an encryption key identical to an encryption key generated at each of a plurality of terminals, and a first proxy device configured as any one of the plurality of terminals; Generate the first encryption key according to the generation process, and cloud for integrated disaster emergency broadcast A server device including at least one of a server, a management server, and a media server, and a second proxy device configured as another one of the plurality of terminals, wherein the encryption key is generated through communication with the security server. A third device configured to generate a second encryption key according to the terminal, the terminal device including at least one of a user terminal and a signage in a state in which an IP camera and a dedicated application are executed, and a third proxy device configured as another one of the plurality of terminals And a third encryption key generated according to the encryption key generation process through communication with the security server, including a video recording server configured with a VMS or an NVR, wherein the security server includes the first to third proxy. A word other than the specific proxy device among the first to third proxy devices from the specific proxy device among the devices. When another proxy device is connected or receives a communication request with a communication target configured therein, a specific encryption key corresponding to the specific proxy device among the first to third encryption keys is transmitted to the other proxy device, The other encryption key corresponding to the other proxy device among the first to third encryption keys is transmitted to the specific proxy device so that data transmitted and received between the server device, the video recording server, and the end device is transmitted to the first to third devices. Any one of the first to the third encryption key may be encrypted by any one of the proxy device.

In an integrated disaster emergency broadcast method of an integrated disaster emergency broadcast system including a security server and a proxy device according to an embodiment of the present invention, the security server performs time synchronization with a specific terminal according to a preset synchronization protocol; Identifying, by the server, a previous block that is to be connected with a new block associated with the encryption key of the specific terminal in a pre-stored shared ledger used in the blockchain for generating the encryption key of the specific terminal, and the security server is connected to the previous block. A hash value used to generate the other encryption key related to the other terminal, the identification information of the other terminal, and the other encryption key related to the other terminal to a hash algorithm preset in the existing key block in which the other encryption key related information of the other terminal is stored. Generating other encryption key related information and the existing key block generation time; Extracts an existing keyblock hash value obtained by applying and generates the encryption key by applying an error coefficient according to a time error with the specific terminal and the existing keyblock hash value measured through the time synchronization to a preset hash algorithm. And transmitting the existing keyblock hash value so that the security server generates the encryption key in the specific terminal, and the cloud terminal or management server or media server configured as the specific terminal. A proxy device configured as a module inside a cloud server, a management server, or a media server for the integrated disaster emergency broadcasting or connected to the security server and the error coefficient according to time synchronization with the security server and the existing key block hash received from the security server. Apply the value to a preset hash algorithm to Generate an encryption key, encrypt the transmission data generated by the cloud server or management server or media server for integrated disaster emergency broadcast with the encryption key, or transmit the cloud server or management server or media server for the integrated emergency emergency broadcast. And performing integrated disaster emergency broadcast by decrypting the received data encrypted with the encryption key received with the encryption key.

The present invention combines a time error generated during a time synchronization process with a terminal and a hash generated based on encryption key related information of another terminal stored in a blockchain to secure a communication session between the service providing device and the terminal. By generating the encryption key of the terminal as a hash through the hash algorithm, by creating a symmetric encryption key that is not inductive and highly secure, and based on this, the data transmitted and received through the communication session is encrypted, so it is composed of a hash By providing a lightweight security method using a high symmetric encryption key, it not only secures the security of the communication session with the terminal, but also reduces the processing load of the terminal in connection with security, so that the terminal is easily configured even when the terminal is configured as a low performance device. High security and trust with respect to sending and receiving data while being applicable It has the effect of guaranteed.

In addition, the present invention uses a block chain to check the forgery of the encryption key, in addition to the block generated based on the transaction generated in the encryption key generation process corresponding to the information and the encryption key used in the generation of the encryption key By using the identification information of the terminal and the encryption key to generate a separate key block for forgery of the encryption key distinguished from the block and stored in the shared ledger so that they are connected like a chain between different key blocks, encryption as well as encryption key When the forgery of the key-related information is generated to be easily detected, there is an effect of increasing the security of the encryption key used for encryption of the communication session.

In addition, the present invention configures a proxy device for generating an encryption key through communication with the security server for each of a plurality of devices related to integrated disaster emergency broadcasting, and the security server communicates with the proxy device, respectively. It is possible to generate different unique encryption keys for the device, and when the communication between the devices to support the mutual exchange of the encryption key between the proxy device integrated disaster emergency broadcast related data transmitted and received between the devices through the proxy device By supporting the encryption using the encryption key to ensure end-to-end encryption through a high-security encryption key, and to store the exchange process of the encryption key based on the blockchain security and encryption key management Not only can you increase convenience, but you can also trust It has the effect of supporting emergency emergency broadcasts.

1 is a block diagram of an integrated disaster emergency broadcast system configured with a security service providing apparatus supporting a lightweight security scheme according to an embodiment of the present invention.
2 is a view illustrating an operation of a security service providing method of a security service providing apparatus supporting a lightweight security scheme according to an embodiment of the present invention.
3 is a flowchart illustrating a security service providing method supporting a lightweight security scheme according to an embodiment of the present invention.
4 is an exemplary diagram of blockchain management of a security service providing apparatus supporting a lightweight security scheme according to an embodiment of the present invention.
5 is a detailed configuration diagram of a security service providing apparatus supporting a lightweight security scheme according to an embodiment of the present invention.
6 to 9 are diagrams illustrating an algorithm related to a security service providing method that supports a lightweight security scheme according to an embodiment of the present invention.
10 is a block diagram of an integrated disaster emergency broadcast system supporting a lightweight security scheme according to an embodiment of the present invention.
11 is an exemplary operation diagram of an integrated disaster emergency broadcast system supporting a lightweight security scheme according to an embodiment of the present invention.

Hereinafter, exemplary embodiments of the present invention will be described with reference to the accompanying drawings.

1 is a block diagram of an integrated emergency emergency broadcast system configured with a security service providing apparatus 100 supporting a lightweight security scheme according to an embodiment of the present invention, Figures 2 and 3 are the security service providing apparatus (hereinafter, , Service providing apparatus) is an operation example and a flow chart for a security service providing method that supports a lightweight security scheme.

A detailed operation configuration of the present invention will be described with reference to FIGS. 1 to 3.

As shown, the service providing apparatus 100 may be interconnected with one or more terminals 10 through a communication network, and the service providing apparatus 100 may store a blockchain-based shared ledger in advance. .

At this time, the communication network may be applied to a variety of well-known wired and wireless communication methods, and examples of such wireless communication networks include a wireless LAN (WLAN), a DLNA (Digital Living Network Alliance), a Wi-Fi (Wibro), and a WiMAX (World). Interoperability for Microwave Access: Wimax, Global System for Mobile Communication (GSM), Code Division Multi Access (CDMA), Code Division Multi Access 2000 (CDMA2000), Enhanced Voice-Data Optimized or Enhanced Voice-Data Only (EV-DO) Wideband CDMA (WCDMA), High Speed Downlink Packet Access (HSDPA), High Speed Uplink Packet Access (HSUPA), IEEE 802.16, Long Term Evolution (LTE), Long Term Evolution-Advanced (LTE-A), Wireless Mobile Broadband Service (WMBS), 5G Mobile Service, Bluetooth, LoRa (Long Range), RFID (Radio Frequency Identification), Infrared Data Association (IrDA), UWB (Ultra) Wideband, ZigBee, Inn Near Field Communication (NFC), Ultra Sound Communication (USC), Visible Light Communication (VLC), Wi-Fi, Wi-Fi Direct, etc. Can be. In addition, wired communication networks include wired LAN (Local Area Network), wired WAN (Wide Area Network), Power Line Communication (PLC), USB communication, Ethernet, serial communication, optical / coaxial Cable and the like.

In addition, the service providing apparatus 100 may be configured as a server, the terminal is a camera, a sensor, a video management system (VMS), a digital video recorder (DVR), a network video recorder (NVR), the Internet of Things A variety of terminals, such as a terminal).

In this case, the camera may be configured as an IP (Internet Protocol) camera.

In addition, the terminal 10 may be configured as an end device.

On the other hand, the service providing apparatus 100 when the terminal 10 is configured as a low-performance device by supporting a lightweight security method while ensuring the security of the communication session (session) during communication with the terminal 10 In addition, it is possible to easily form a secure communication session with the terminal, and also to ensure the security of the encryption key used in the communication session with the terminal 10 to ensure the reliability of the security when communicating with the terminal 10 This can be done in detail.

First, the service providing apparatus 100 may perform time synchronization for each of the one or more terminals 10 according to a preset synchronization protocol.

In this case, the synchronization protocol may be a network time protocol (NTP).

Accordingly, the service providing apparatus 100 may perform time synchronization for each of the one or more terminals 10 according to the synchronization protocol, thereby measuring and storing a time error for each of the terminals 10 (S1). ).

In this case, the specific terminal 10 that performs time synchronization with the service providing device 100 according to the synchronization protocol is equal to the time error measured by the service providing device 100 with respect to the specific terminal 10. Can be calculated and stored.

In this way, the service providing apparatus 100 and the specific terminal 10 may share the same time error.

Meanwhile, the service providing apparatus 100 may be connected to a new block associated with the encryption key of the specific terminal 10 in a pre-stored shared ledger used in the block chain to generate an encryption key for the specific terminal 10. The previous block may be identified (S2).

In this case, the new block may be a block that includes one or more transactions for the encryption key generation process of the specific terminal 10 or is generated based on a transaction related to the encryption key generation process of the specific terminal 10. have.

In addition, the previous block includes one or more transactions for the process of generating an encryption key (other encryption key) of another terminal different from the specific terminal 10 or performs a transaction related to the process of generating an encryption key (other encryption key) of the other terminal. It may be a block generated based on.

That is, the blocks stored in the shared ledger may include a transaction or information related to the transaction for the encryption key generation process of the terminal communicating with the service providing apparatus 100.

In addition, the service providing apparatus 100 is included in the previous block stored in the shared ledger, the other encryption key related to the other terminal in a hash algorithm preset in the existing key block in which the other encryption key related information of the other terminal is stored. An existing keyblock hash value obtained by applying the other encryption key related information including the hash value used for generation, the identification information of the other terminal and the other encryption key related to the other terminal, and the generation time of the existing keyblock may be extracted. It may be (S3).

In this case, the other encryption key related information may include a hash value used to generate another encryption key related to the other terminal, identification information of the other terminal, and another encryption key related to the other terminal, and the generation time of the existing key block. It may also be included in the other encryption key related information. In addition, the existing keyblock may store (include) the existing keyblock hash value.

The other encryption key is a symmetric encryption key shared by the service providing apparatus 100 with the other terminal for data security with the other terminal, and in the same manner as the encryption key generation process of the specific terminal 10. It may be an encryption key generated for the other terminal.

The hash value used to generate the other encryption key may be a keyblock hash value of a previous keyblock connected to the existing keyblock in a shared ledger, and the previous keyblock may correspond to the specific terminal-related encryption key and the other terminal-related other keys. The key block generated in the process of generating an encryption key other than the encryption key and stored in the shared ledger may be a key block including the other encryption key related information. In addition, the previous keyblock may be a keyblock for the other encryption key generated immediately before generation of the other encryption key.

In addition, the service providing apparatus 100 calculates a random number by applying an error coefficient according to a time error with the specific terminal 10 and the existing keyblock hash value measured through the time synchronization to a preset hash algorithm. Then, the random number value can be generated as an encryption key for the specific terminal 10 (S4).

In this case, the hash algorithm described in the present invention may be Secure Hash Algorithm-1 (SHA-1).

In addition, when the previous block is not identified, the service providing apparatus 100 may generate an encryption key for the specific terminal 10 by applying the error coefficient to a preset hash algorithm.

For example, the service providing apparatus 100 may share the previous block that is most recently generated and stored in the shared ledger before generation of a new block scheduled to be generated in association with generating an encryption key of the specific terminal 10. It can be identified in the ledger.

In addition, the apparatus 100 for providing a service applies the information included in the existing keyblock to a hash algorithm in an existing keyblock included in the previous block and includes information related to another encryption key generated for another terminal. The existing keyblock hash value set in the existing keyblock is extracted from the shared ledger to determine whether the information contained in the existing keyblock is forged, and the time error-related error coefficients previously stored for the specific terminal 10 and the The random key value, which is a hash value generated by applying an existing keyblock hash value to a preset hash algorithm, may be generated as an encryption key for the specific terminal 10.

In this case, when the encryption key is generated during the generation period of the specific block constituting the block chain, the service providing apparatus 100 may generate a separate key block for the corresponding encryption key and include it in the specific block. The key block is associated with a generation time of the key block, a key block hash value of another key block which is used to generate a terminal-related encryption key, and a target to be connected to the key block, identification information of the terminal and the terminal-related encryption key. Can be included as information.

Here, the key block hash value used for generating the terminal-related encryption key is a value obtained by hashing information (included) stored in the other key block through a hash algorithm and may be stored (included) or set in the other key block. Can be.

In addition, the generation time of the key block included in the key block may be replaced with a time error related error coefficient for the terminal according to time synchronization between the terminal and the service providing apparatus 100.

For example, the existing key block includes (stores) a time error related error coefficient calculated according to time synchronization between another terminal corresponding to the existing key block and the service providing apparatus 100 instead of the generation time of the existing key block. In order to calculate an existing keyblock hash value of the existing keyblock, the other terminal-related error coefficient may be applied to a hash algorithm instead of the generation time of the existing keyblock to calculate the existing keyblock hash value.

In addition, in the new key block described below, a time error related error coefficient calculated according to time synchronization between the specific terminal 10 corresponding to the new key block and the service providing apparatus 100 instead of the generation time of the new key block. In order to calculate a new keyblock hash value of the new keyblock, an error coefficient related to the specific terminal 10 may be applied to a hash algorithm instead of a generation time of the new keyblock to calculate the new keyblock hash value. Can be.

In addition, the device for providing a service 100 applies a key block which is a block hash value for a key block by applying the encryption key related information included in the key block to a hash algorithm, similarly to interconnecting different blocks using a block hash value. A hash value may be calculated and included in the key block, and the other key block and the key block generated for the other terminal are connected like a chain in a shared ledger by using the key block hash value for generating an encryption key of another terminal. You can do that.

That is, the service providing apparatus 100 may connect different key blocks to each other like a chain through the key block hash value separately from the chain connection of the blocks.

When the information included in the keyblock is forged, the keyblock hash value in the keyblock is changed, so that the service providing apparatus 100 easily modulates the information in the keyblock by changing the keyblock hash value. Forgery can be tracked through the key block separately for the encryption key separately from information stored in blocks other than the key block.

Meanwhile, the service providing apparatus 100 transmits the existing keyblock hash value extracted from the existing keyblock included in the previous block to the specific terminal 10 so that the service providing apparatus 100 at the specific terminal 10. The same encryption key as may be generated (S5).

In this case, the service providing apparatus 100 may generate the encryption key for each of the one or more terminals through the above-described configuration, and may generate different encryption keys between the one or more terminals.

In addition, the specific terminal 10 that has received the existing keyblock hash value from the service providing device 100 relates to a time error measured in the process of performing synchronization between the existing keyblock hash value and the service providing device 100. The encryption coefficient may be generated by applying an error coefficient to the hash algorithm set in the service providing apparatus 100 and applying the preset hash algorithm.

That is, the specific terminal 10 may generate the same encryption key as the encryption key generated corresponding to the specific terminal 10 in the service providing apparatus 100, and the service providing apparatus 100 and the specific terminal (10) Each generated encryption key may be composed of a symmetric encryption key.

In the above-described configuration, when the service providing apparatus 100 is operated in plurality in correspondence with a plurality of different sites (eg, company A service providing apparatus and company B service providing apparatus), the plurality of sites are divided and the encryption is performed. As a weighting factor for weighting a key change, the service providing apparatus 100 may be preset with a unique setting value (or magic number) different from the other service providing apparatus 100.

In addition, the service providing apparatus 100 may share the unique set value with terminals communicating with the service providing apparatus 100.

In addition, the service providing apparatus 100 generates a first random number value by applying the error coefficient related to the specific terminal 10 and the existing keyblock hash value to a hash algorithm, and then the first random number value and the unique set value. The second random number value can be calculated by applying to the hash algorithm again, and the second random number value can be generated as an encryption key of the specific terminal 10.

In addition, the specific terminal 10 also stores in advance the unique setting value of the service providing apparatus 100, and based on the existing key block hash value received from the service providing apparatus 100 and the first random number based on the error coefficient After the value is generated, the second random number value calculated by applying the first random number value and the unique setting value to the hash algorithm again may be generated as an encryption key.

Accordingly, the same second random number value used as an encryption key between the service providing apparatus 100 and the specific terminal 10 may be calculated.

Meanwhile, the service providing apparatus 100 may transmit an encryption key generated in correspondence with the specific terminal 10 to the specific terminal 10 and transmit the encrypted key. The specific terminal 10 may transmit the service providing apparatus 100. After decrypting the encryption key received from the comparison between the encryption key generated in the specific terminal 10 and the encryption key received by the service providing apparatus 100 and the encryption key generated in the specific terminal 10 It can be determined whether or not the same.

In addition, the specific terminal 10 verifies the encryption key generated by the specific terminal 10 according to whether the same or not, and upon completion of verification with the service providing apparatus 100 with the encryption key generated by the specific terminal 10. It can be used as an encryption key for data encryption and decryption during data transmission and reception.

For example, the service providing apparatus 100 may encrypt an encryption key generated corresponding to the specific terminal 10 with the corresponding encryption key and transmit the encrypted key to the specific terminal 10, and the specific terminal 10 transmits the service. After decrypting the encrypted encryption key received from the providing device 100 with the encryption key generated by the specific terminal 10 and compares with the encryption key generated by the specific terminal 10 to determine if the verification is complete. Can be.

In addition, the specific terminal 10 may transmit verification completion-related completion information to the service providing apparatus 100 when the verification is completed, and the service providing apparatus 100 may receive the completion information when the specific terminal 10 is received. The encryption key generated corresponding to may be used as an encryption key for section encryption of the communication session.

Accordingly, the service providing apparatus 100 may encrypt and transmit the transmission data transmitted to the specific terminal 10 as an encryption key generated corresponding to the specific terminal 10, and the specific terminal 10 may be The transmission data encrypted by the encryption key from the service providing apparatus 100 may be decrypted by the encryption key generated by the specific terminal 10 (S6).

In addition, the specific terminal 10 may also encrypt and transmit data to be transmitted to the service providing apparatus 100 with the same encryption key generated by the service providing apparatus 100 corresponding to the specific terminal 10. The service providing apparatus 100 may decrypt the received data encrypted with the encryption key received from the specific terminal 10 with an encryption key generated corresponding to the specific terminal 10.

In this case, the service providing apparatus 100 and the specific terminal 10 may encrypt or decrypt data with the encryption key using a Lightweight Encryption Algorithm (LEA) algorithm, and the LEA algorithm may be based on 128 bits.

In addition, the service providing apparatus and the specific terminal may encrypt and decrypt data with the encryption key by selectively using various symmetric encryption algorithms such as AES (Advanced Encryption Standard) -256, ARIA, as well as the LEA algorithm.

In addition, the identification information (or terminal identification information) of the terminal described in the present invention may include an IP, MAC address, serial number, and the like.

As described above, the present invention is generated based on the time error generated during the time synchronization process with the terminal for the security of the communication session between the service providing device and the terminal and the encryption key related information of the other terminal stored in the block chain. By combining the hashes generated by the hash algorithm to generate the encryption key of the terminal as a hash by generating a symmetric encryption key that is not inductive and highly secure, and based on this to support the encryption of data transmitted and received through the communication session, It is designed to provide a lightweight security method using a highly secured symmetric encryption key to secure the security of the communication session with the terminal, as well as to reduce the processing load of the terminal in connection with security, so that the terminal is a low performance device. Easily applicable even if configured, while at the same time It can guarantee the security and reliability.

Meanwhile, the apparatus 100 for providing a service may prevent forgery of the encryption key through a blockchain, and is generated immediately before a new block generated in association with the encryption key when the encryption key is generated, and is connected with the new block. By using the key block hash (key block hash value) of the existing key block included in the previous block to be connected to the encryption key generation, the security can be improved, which will be described in detail with reference to FIG. 4.

First, the blockchain described in the present invention is an algorithm that configures a plurality of transaction information into blocks and manages security information by connecting several blocks as a chain using a hash.

In addition, a transaction described in the present invention may mean transaction information, and the transaction information may include one or more arithmetic functions and data necessary to perform a unit operation or a unit transaction.

According to the above configuration, the service providing apparatus 100 may generate one or more transactions in association with the encryption key of the specific terminal 10.

For example, the apparatus 100 for providing a service may include a time error related error coefficient generated when time synchronization of the specific terminal 10 is performed and data and commands transmitted and received with the specific terminal 10 to perform the time synchronization. It may create a first transaction comprising.

In addition, the service providing device 100 is pre-stored in the shared ledger for the block chain, the service providing device 100 is a connection target to a new block associated with the generation of the encryption key corresponding to the specific terminal (10). The existing keyblock hash value, the error coefficient and the random number value, and the random number value for setting an existing keyblock hash value included in the previous block and the random coefficient obtained by applying the error coefficient to a preset hash algorithm as an encryption key are encrypted keys. The second transaction may include a command for setting and the like.

As such, the service providing apparatus 100 may generate first and second transactions related to encryption key generation of the specific terminal 10.

In addition, the service providing apparatus 100 may transmit and receive data (eg, image data) to and from another terminal other than the specific terminal 10 during a generation period of a new block generated in association with an encryption key of the specific terminal 10. A transaction can be generated in association with the C), and a transaction generated according to data transmission / reception with the other terminal can be included in the new block.

In addition, the service providing apparatus 100 applies a plurality of transactions including the first and second transactions generated during the generation period of the new block to the preset hash algorithm, respectively, to correspond to a plurality of transactions. Generate a hash value of the root block and apply a plurality of hash values to the hash algorithm according to a predetermined binary tree (or merkle tree) structure according to a generation order for each transaction, and then apply a root hash value corresponding to the new block. Can be generated.

That is, the service providing apparatus 100 is associated with at least one transaction generated in association with an encryption key of the specific terminal 10 and data transmitted and received according to communication with at least one other terminal during the generation period of the new block. A root hash value for determining whether the new block is forged may be generated based on a hash value for each of the generated one or more transactions.

In addition, the service providing apparatus 100 generates a block hash value for connecting the new block to the previous block based on the block hash value of the previous block and the root hash value, and includes the block hash value in the new block. A block may be registered and stored in the shared ledger to be connected to the previous block.

Through this, one root hash value must exist in one block, and if one of the information included in the block is forged, the hash value and all upper hash values are changed so that the root hash value is changed. Therefore, if you compare only the root hash value of a block, you can immediately check whether the data has been forged even if you do not compare the hashes below.

In addition, the service providing apparatus 100 combines a date and time of creation of a new block, a version, bits, a root hash value, a block hash value of a previous block, a temporary value called a nonce, and the like as a hash. A block hash value of the new block may be generated by converting, and after generating a new block including the block hash value of the new block, the new block is connected to the previous block just before the generation of the new block like a chain. Can be stored in the shared ledger.

In the above-described configuration, the service providing apparatus 100 may apply only the hash value obtained by applying each of the plurality of transactions corresponding to the new block to a preset hash algorithm to include in the new block. Transaction information may be stored in the DB included in the service providing apparatus 100.

For example, the service providing apparatus 100 may store corresponding image data in a DB when receiving image data from a terminal configured as a camera, and apply the hash value obtained by applying a transaction generated in relation to the image data to a hash algorithm. Can be included in a new block.

On the other hand, through the above-described block chain configuration, the service providing apparatus 100 can determine whether the forgery for the transaction, but even if the forgery for the encryption key occurs, it is tied to one operation called a transaction corresponding to the transaction Since the hash value is changed, it is difficult to determine whether a forgery occurs in the encryption key itself or whether a forgery occurs in the encryption key generation process.

To solve this problem, the service providing apparatus 100 may generate a separate key block and include it in the new block.

In detail, the service providing apparatus 100 may generate a new block connected to the previous block based on one or more transactions generated in association with the encryption key of the specific terminal 10.

In addition, the service providing apparatus 100 is another terminal included in the previous block that is connected to the new block in the shared ledger during the generation period of the new block generated in association with generating the encryption key of the specific terminal 10. An existing key block hash value, which is a hash value related to an existing key block for use in generating an encryption key of the specific terminal 10, may be extracted from an existing key block corresponding to an encryption key of the other terminal.

In this case, the existing key block corresponding to the other terminal is a hash value (key block hash value) included in another key block used for generating another encryption key of the other terminal, terminal identification information of the other terminal, and the existing It may include a generation time (or generation date and time) of the key block, another encryption key corresponding to the other terminal, and an existing key block hash value related to the existing key block.

The existing key block hash value may include a hash value included in another key block used for generating another encryption key of another terminal, terminal identification information of the other terminal, and another encryption key corresponding to the other terminal. The other encryption key related information and the generation time of the existing key block can be obtained by applying the hash algorithm.

In this case, the generation time of the existing key block may be information included in the other encryption key related information without being configured separately from the other encryption key related information.

In addition, the generation time of the existing key block included in the existing key block may be replaced by a time error related error coefficient measured according to the synchronization protocol between the other terminal and the service providing apparatus 100.

Accordingly, the service providing apparatus 100 extracts an existing keyblock hash value related to the existing keyblock from the existing keyblock and then synchronizes the existing keyblock hash value related to the existing keyblock and the synchronization with the specific terminal 10. A random number value, which is a hash value calculated by applying the error coefficient obtained through the time synchronization process according to the preset hash algorithm, may be generated as an encryption key for the specific terminal 10.

In addition, the service providing apparatus 100 corresponds to the specific terminal 10 and the existing key block hash value and the specific terminal 10 used for generating an encryption key for the specific terminal 10 when generating an encryption key. The new key including the generation time (or creation date and time) of the new key block including (stored) the encryption key-related information including the identification information and the encryption key associated with the specific terminal 10, and the encryption key-related information. The specific terminal 10 may be generated by applying a generation time (or generation date and time) and the encryption key related information of the new key block stored in the new key block (included) to the preset hash algorithm. A new keyblock hash value related to a new keyblock corresponding to may be generated.

In addition, the service providing apparatus 100 may include the new keyblock hash value in the new keyblock or set the keyblock hash value of the new keyblock.

Accordingly, the service providing apparatus 100 generates an encryption key corresponding to the specific terminal 10, the existing key block hash value, terminal identification information of the specific terminal 10, and generation of the new key block. A new key block including a time (or creation date and time) and the new key block hash value may be generated corresponding to the new block, and after the new key block is included in the new block, the new block is added to the shared ledger. When stored, the new keyblock can be stored in the shared ledger together with the new block.

In this case, the service providing apparatus 100, when generating (calculating) the new key block hash value, substitutes a time error related error coefficient obtained through time synchronization with the specific terminal 10 to the hash algorithm instead of the generation time of the new key block. In addition, the new keyblock hash value may be generated, or a new keyblock including a time error related error coefficient of the specific terminal 10 may be generated instead of the generation time of the new keyblock.

In addition, the generation time of the new key block may be information included in the encryption key related information without being configured separately from the encryption key related information.

Through the above-described configuration, the service providing apparatus 100 may generate a new key block in association with an encryption key of the specific terminal 10 during the generation period of the new block, and encrypt the specific terminal 10. Generate a keyblock hash value for determining whether a forgery of the new keyblock associated with the specific terminal 10 is forged based on the information related to the key, and include the hash in the new keyblock as a separate block in the new block. May be included in the new block and stored in the shared ledger.

In this case, the service providing apparatus 100 includes the existing keyblock hash value of the existing keyblock used for generating the encryption key of the specific terminal 10 in the new keyblock to check whether the new keyblock is forged or not. By using to generate a new key block hash value for the new key block generated in association with the new key block generated in association with the encryption key of the specific terminal 10 stored in the shared ledger new key block included in the new block And existing key blocks included in the previous block may be connected like a chain through the existing key block hash value and the new key block hash value.

That is, the service providing apparatus 100 may generate a separate key block for each encryption key generated for each terminal in addition to connecting blocks related to a transaction like a chain in a shared ledger, and then connect the key blocks with each other in a shared ledger like a mutual chain. have.

Accordingly, when the service providing apparatus 100 forgeries encryption key related information including an encryption key included in a specific key block, the specific key block as well as a key block hash value for determining whether the specific key block is forged or not. Since the keyblock hash value is changed for each keyblock to be linked, one or more keyblocks whose hash value is changed can be easily detected to detect forgery and alteration of the specific keyblock.

That is, the present invention uses a block chain to check forgery and alteration of the encryption key, in addition to the block generated based on the transaction generated in the encryption key generation process, the information corresponding to the encryption key and the information used in the encryption key generation process By using the identification information of the terminal and the encryption key to generate a separate key block for forgery verification of the encryption key-related information distinguished from the block, and stored in the shared ledger so that they are connected like a chain between different key blocks as well as the encryption key Rather, it is possible to easily detect the forgery of the encryption key related information, thereby increasing the security of the encryption key used for encryption of the communication session.

Meanwhile, in the above-described configuration, the service providing apparatus 100 may generate and store an encryption key for the specific terminal 10 and then delete and discard the previously stored encryption key when the encryption key needs to be changed. .

In addition, the service providing apparatus 100 may transmit update request information for changing (or updating) the encryption key to the specific terminal 10, and the specific terminal 10 may receive the update request information when receiving the update request information. The generated and stored encryption key can be deleted and discarded.

In addition, the apparatus 100 for providing a service may add encryption key related revocation information to be discarded from a specific key block generated at the time of revocation of the encryption key to the specific key block, and add the specific key block including the revocation information to the specific key block. It can be registered and saved in the shared ledger.

In this case, the service providing apparatus 100, when calculating the key block hash value of the specific key block in which the discard information is stored (included), the key block before the specific key block included in the specific key block. The hash algorithm together with a keyblock hash value for the at least one terminal-specific identification information corresponding to the specific keyblock, at least one new encryption key corresponding to the specific keyblock, and a generation time of the specific keyblock. A keyblock hash value of the specific keyblock may be calculated to be applied to, and the keyblock hash value reflecting the discard information may be included or set in the specific keyblock.

In addition, the apparatus 100 for providing a service uses a key block hash value of a specific key block reflecting the discarding information when generating an encryption key corresponding to a next key block generated after the specific key block, and the next key block. By using the keyblock hash value of the specific keyblock when calculating the keyblock hash value of the forgery, the forgery of the discard information stored in the shared ledger can also be detected, thereby preventing security from using the discarded encryption key. .

In addition, the service providing apparatus 100 measures a time error through the time synchronization with respect to the specific terminal 10 in which the encryption key is discarded, and then uses the above-described encryption key generation process to the specific terminal 10. A new encryption key may be generated and stored, and a key block corresponding to the new encryption key may be generated and stored in the shared ledger.

5 is a detailed block diagram of the service providing apparatus 100 according to the above-described configuration.

The apparatus 100 for providing a service may include a synchronization unit 110, an encryption key generator 120, an encryption / decryption unit 130, and a blockchain manager 140.

The synchronization unit 110 may perform time synchronization with a specific terminal 10 according to a preset synchronization protocol.

In addition, the encryption key generation unit 120 is a previous block that is connected to the new block associated with the encryption key of the specific terminal 10 in a pre-stored shared ledger used in the block chain for generating the encryption key of the specific terminal 10. And a hash value used to generate the other encryption key related to the other terminal and the identification information of the other terminal in a hash algorithm preset in the existing key block in which the other encryption key related information of the other terminal is stored in the previous block. Extracting an existing keyblock hash value obtained by applying the other encryption key related information including the other encryption key related to the other terminal and the generation time of the existing keyblock, and measuring the specific terminal 10 measured through the time synchronization An error coefficient according to a time error of and the existing keyblock hash value to the specific terminal 10 by applying a preset hash algorithm. It can generate an encryption key.

In addition, the encryption key generation unit 120 may transmit the hash value to the specific terminal 10 so that the specific terminal 10 generates the encryption key.

Meanwhile, the encryption / decryption unit 130 encrypts and transmits the transmission data with the encryption key to the specific terminal 10 that has generated the encryption key, or the received data encrypted with the encryption key received from the specific terminal 10. Can be decrypted with the encryption key.

In addition, the blockchain management unit 140 manages the above-described blockchain and a shared ledger is set in advance, in association with the encryption key generation unit 120 in association with the encryption key of the specific terminal 10 the new block. And generate a keyblock and store it in the shared ledger.

For example, the blockchain manager 140 may generate a new block connected to the previous block based on one or more transactions generated in association with the encryption key of the specific terminal 10, and when the new block is generated or the When generating an encryption key of a specific terminal 10, the existing key block hash value used to generate an encryption key for the specific terminal 10, identification information of the specific terminal 10 and the encryption key associated with the specific terminal 10 Generating a new key block including a generation time of a new key block including (stored) the encryption key related information including a new key block hash value obtained by applying the encryption key related information to the hash algorithm; After the new block is included in the new block so that the existing key block corresponding to the existing key block hash value included in the previous block and the new key block are interconnected. A rule block may be registered in the shared ledger.

At this time, the synchronization unit 110, encryption key generation unit 120, encryption and decryption unit 130 and block chain management unit 140 may be included in one control unit, the control unit is a service providing apparatus 100 It can be configured to perform the overall control function of.

The controller may include a RAM, a ROM, a CPU, a GPU, and a bus, and the RAM, a ROM, a CPU, a GPU, and the like may be connected to each other through a bus. The CPU may access the storage unit to perform booting using a pre-stored operating system (O / S), and the service providing apparatus 100 described in the present invention using various prestored programs, contents, and data. Various operations can be performed.

6 to 9 are exemplary diagrams of an algorithm related to a security service providing method for supporting a lightweight security scheme set in the service providing apparatus 100 and a specific terminal 10 according to an exemplary embodiment of the present invention.

First, as shown in FIG. 6, the service providing apparatus 100 may calculate a time-defference _new when compared to a reference time when attempting time synchronization in correspondence with a specific terminal 10.

In addition, the apparatus 100 for providing a service is included in a previous block which is to be connected with a new block for generating an encryption key of the specific terminal 10 in a pre-stored shared ledger and is a key block of an existing key block associated with an encryption key of another terminal. The hash value can be extracted, the existing keyblock hash value and time-defference _new are combined, hashed using a preset hash algorithm, and a first random-value hash value (40 bytes) can be calculated. .

Next, the service providing apparatus 100 combines the first random number hash with a predetermined magic-number and applies the hash algorithm to the hash algorithm to hash the second random number hash value (symmetric-key _new , 40 bytes). One symmetric encryption key can be generated.

In addition, the service providing apparatus 100 generates a new block corresponding to the encryption key, generates a new key block related to the encryption key generated corresponding to the specific terminal 10 and includes the new block in the new block. Can be stored in the shared ledger.

In this way, the apparatus 100 for providing a service generates the block hash value of the new block based on the block hash value of the previous block, stores the new block and the previous block as a chain, and stores the new key block. The key block hash value of the key block may be generated using the key block hash value of the existing key block included in the previous block, and then the new key block and the existing key block may be connected and stored as a chain to ensure security of the encryption key. have.

In addition, as shown in FIG. 7, since the encryption key generated corresponding to the specific terminal 10 is formed of a symmetric key, the same key must be used between the service providing apparatus 100 and the specific terminal 10. ,

Therefore, it is necessary to verify once again whether the key newly generated by the service providing device 100 and shared by the service providing device 100 is a key generated by the same terminal 10.

In this case, since only the service providing apparatus 100 may know the existing key block hash value among the elements necessary for calculating the first random random hash value (primary random number value), the specific terminal 10 may include a service providing apparatus ( BC server 100 requests and receives the existing key block hash value, and the time-difference _stored that the specific terminal 10 already knows and the existing key block received from the service providing apparatus 100. The same encryption key generation process as the service providing apparatus 100 is performed by combining a hash value (keymap-hash ₋₁ ), and finally two hashed encryption key values (symmetric-key _{new and} symmetric-key _calc ) You can verify by comparing the same.

If the service providing device 100 and the specific terminal 10 are not included in the same system, they have different setting values, and thus the two encryption key values do not always match.

In addition, as shown in FIG. 8, data to be transmitted / received may be encrypted using a shared encryption key generated through the above-described process.

Since various low-performance devices are connected to the service providing device 100, a LEA 128bit block encryption algorithm showing strong performance and security among the lightweight encryption algorithms can be used to facilitate encryption / decryption even with low computing power. do.

The sender of the service providing apparatus 100 and the specific terminal 10 may encrypt the plain-data data to be transmitted for encryption using the shared algorithm using the LEA algorithm.

In addition, as shown in FIG. 9, the receiving side of the service providing apparatus 100 and the specific terminal 10 receives cipher-data data and checks whether there is no problem with the data, and the shared encryption key matched with the transmitting side. It can be decrypted using the LEA algorithm.

Based on the above-described configuration, the integrated disaster emergency broadcast system supporting the lightweight security scheme according to the embodiment of the present invention is a proxy device connected to each of a plurality of different equipment related to the integrated emergency emergency broadcast or configured as a module therein. It may be configured to include a security service providing apparatus and the proxy apparatus for communicating with a plurality of configured terminals, the service providing apparatus 100 when the communication between the plurality of different terminals for communication between the plurality of equipment Supports encryption key exchange between a plurality of different terminals to support encryption and decryption of data transmitted and received between the plurality of different devices based on encryption keys generated for each of a plurality of different terminals, thereby reducing weight. Security schemes to ensure secure communication sessions between devices. In addition, the processing load of the equipment can be lowered in relation to security, so that the apparatus can be easily applied even when the equipment is configured as a low-performance device, and at the same time, it can ensure high security and reliability with respect to transmission / reception data. It will be described in detail with reference to.

In this case, the service providing apparatus 100 may be configured as a security server 100, which will be referred to as a security server 100 in the following description.

First, as shown in FIG. 10, the security server 100 may communicate with a proxy device configured for each of a server device and an edge device (edge device) included in a plurality of equipments related to integrated disaster emergency broadcasting through a communication network. have.

That is, the security server 100 may communicate with a proxy device corresponding to the terminal described with reference to FIGS. 1 through 9 through a communication network, and may communicate with the plurality of devices through the plurality of proxy devices.

In more detail, the server device may be connected with a first proxy adapter for communication with the security server 100, and the first proxy device is configured as the specific terminal to connect with the security server 100. The encryption key generation process described above may be performed.

Accordingly, the security server 100 may generate a first encryption key for the first proxy device, and the first encryption key is included in a specific block of a shared ledger stored in the security server 100. It can be stored in a block.

In this case, the first proxy device may generate and store the first encryption key according to the above-described encryption key generation process.

In addition, the end device may be connected to a second proxy device for communication with the security server 100, the second proxy device is also configured as the specific terminal in place of the first proxy device is the security server 100 ) And the above-described encryption key generation process.

In this way, the security server 100 may generate a second encryption key for the second proxy device, and another block different from the specific block of the shared ledger stored in the security server 100. It can be stored in the key block included in the.

In this case, the second proxy device may generate and store the second encryption key according to the encryption key generation process described above.

That is, the security server 100 applies different encryption key generation procedures for the specific terminal to each of the first proxy device and the second proxy device, and thus different from each other for the first and second proxy devices. An encryption key can be generated and stored.

The first proxy device may generate and store a first encryption key that is the same as the first encryption key generated by the security server 100 for the first proxy device, and the second proxy device may store the security server. In operation 100, a second encryption key identical to the second encryption key generated for the second proxy device may be generated and stored.

In the above configuration, the first proxy device and the second proxy device may each be configured as separate devices independent of the server device and the end device.

In this case, the first proxy device may be directly connected to the server device through an Ethernet, and the server device may be connected to the server device, and the second proxy device may be directly connected to the end device through an Ethernet.

Alternatively, the first proxy apparatus may be configured as a module configured inside the server apparatus, and the second proxy apparatus may be configured as a module configured inside the termination apparatus.

In addition, the first proxy device and the second proxy device when configured as the module may be configured in the form of software that is executed in the server device or the end device rather than an independent device.

That is, the first proxy device and the second proxy device may be configured to include the first proxy device and the terminal device without changing the server device and the terminal device when the server device and the terminal device are already installed in an integrated disaster emergency broadcasting system. Each of the second proxy devices may be connected to a server device and an end device to configure an integrated disaster emergency broadcast system. When the server device and the end device are newly added to the integrated disaster emergency broadcast system, the server device and the end device may be configured. The first proxy device and the second proxy device can be configured as an internal module of.

According to the above configuration, the first proxy apparatus may receive transmission data generated by the server apparatus and transmitted to the outside from the server apparatus, and the transmission data of the server apparatus may be encrypted with the security server 100. The first encryption key generated through the generation process may be encrypted and transmitted through a communication network.

In addition, the first proxy device may decrypt the received data encrypted with the first encryption key and receive the first encryption key to the server device through a communication network, and transmit the decrypted data to the server device.

At this time, even when the first proxy apparatus is configured as the module inside the server apparatus, the first proxy apparatus encrypts the transmission data generated inside the server apparatus with the first encryption key and then configures the server apparatus. And transmit through a first communication unit communicating through the communication network, and decrypt the encrypted received data received through the first communication unit with the first encryption key and provide the same to the server device.

In addition, the second proxy device may receive transmission data generated by the terminal device and transmitted to the outside from the terminal device, and through the process of generating an encryption key with the security server 100. The second encryption key may be encrypted to transmit the generated encryption key.

In addition, the second proxy device may decrypt the received data encrypted with the second encryption key and receive the second encryption key to the terminal device through the communication network, and transmit the decrypted data to the terminal device.

In this case, even when the second proxy device is configured as the module inside the terminal device, the second proxy device encrypts the transmission data generated inside the terminal device with the second encryption key and then configures the terminal device. It can be transmitted through the second communication unit to communicate through the communication network, it is possible to decrypt the encrypted received data received through the second communication unit with the second encryption key to provide to the end device.

In addition, the integrated disaster emergency broadcast system may be configured to include a plurality of different server devices, each of the plurality of different server devices may be configured with a proxy device.

Accordingly, the proxy device for each server device may generate and store a unique encryption key through the above-described encryption key generation process through communication with the security server 100, and through this, different encryption between proxy devices configured for each server device may be performed. The key can be generated and stored.

In addition, the security server 100 may generate and store the same encryption key as the encryption key stored for each proxy device.

The first proxy apparatus may be configured in any one of the plurality of different server apparatuses, and the second proxy apparatus may be configured in another one of the plurality of different server apparatuses.

In this way, the first proxy apparatus configured in the first server apparatus among the plurality of different server apparatuses transmits data generated by the first server apparatus among the plurality of different server apparatuses and transmitted to the outside from the first server apparatus. It may be received, and the transmission data of the first server device may be encrypted with the first encryption key generated through the encryption key generation process with the security server 100 and transmitted through a communication network.

In addition, the first proxy apparatus may decrypt the received data encrypted with the first encryption key and received the first encryption key to the first server apparatus through a communication network, and transmit the decrypted data to the first server apparatus.

In this case, even when the first proxy apparatus is configured as the module inside the first server apparatus, the first proxy apparatus encrypts the transmission data generated inside the first server apparatus with the first encryption key, and then the The first server device may be configured to transmit through a communication unit communicating through the communication network.

The second proxy apparatus configured in the second server apparatus among the plurality of different server apparatuses may receive, from the second server apparatus, transmission data generated by the second server apparatus among the plurality of different server apparatuses and transmitted to the outside. The transmission data of the second server apparatus may be encrypted with a second encryption key generated through an encryption key generation process with the security server 100 and transmitted through a communication network.

In addition, the second proxy apparatus may decrypt the received data encrypted with the second encryption key and received the second encryption key to the second server apparatus through a communication network, and transmit the decrypted data to the second server apparatus.

In this case, the received data received by the second proxy apparatus configured in the second server apparatus may be data received from the first server apparatus configured with the first proxy apparatus, and may have the same function as the first and second proxy apparatuses. It may also be data received from a third server device configured as a module therein, or a third server device to which the third proxy device is connected, or a terminal device configured as a module inside the third proxy device or connected to the third proxy device. have.

According to the above configuration, the integrated disaster emergency broadcast system supporting the lightweight security scheme according to an embodiment of the present invention is the proxy configured for each device between the server device for the integrated disaster emergency broadcast or between the server device and the end device By supporting the transmission and reception of encrypted data based on the encryption key through the device, it is possible to perform functions related to integrated disaster emergency broadcasting, and communication between devices together with high security of the encryption key generated based on a hash algorithm. The security of the session can be increased, which will be described in detail with reference to FIG. 11.

As shown, the integrated disaster emergency broadcast system supporting the lightweight security scheme according to an embodiment of the present invention includes a plurality of server devices including an integrated disaster emergency broadcast, a video recording server, and one or more end devices. It can be configured to include the equipment and security server 100.

In this case, the server device for integrated disaster emergency broadcast may be configured of any one of a cloud server, a management server and a media server, or may include at least one of a cloud server, a management server and a media server.

In addition, the integrated disaster emergency broadcast system may include a plurality of server devices different from each other.

At this time, the cloud server may collect the disaster-related data received from the outside and control and integrated monitoring of various devices for integrated disaster emergency broadcast based on this.

The management server may control one or more end devices such as an IP camera (Internet Protocol) through a communication network when a disaster occurs based on the disaster related data, and manage an image received from the end device, based on the corresponding video. A broadcast image may be generated or a disaster broadcast image corresponding to the disaster situation may be selected from one or more emergency broadcast images stored in advance, and subtitles to be displayed on the disaster broadcast image may be selected and inserted into the disaster broadcast image. Disaster broadcasting may be performed by transmitting the broadcast image to an end device such as a user terminal in which a signage or a dedicated application is installed and executed through communication with the media server.

In addition, the management server may be transmitted to the video recording server and the video recording from the IP camera and the disaster broadcast video to communicate through the communication network and stored through the video analysis of the video of the IP camera from the video recording server Upon receiving event information on the generated disaster related event, a disaster broadcast image related thereto may be generated or the event related subtitle may be inserted into the disaster broadcast image.

In addition, the media server generates emergency broadcast-related broadcast information including the disaster broadcast video when receiving the disaster broadcast video through communication with the management server, such as a user terminal in which a signage or a dedicated application is installed and executed. The disaster broadcast video may be transmitted to the terminal device in a streaming-based multicast manner, and thus the disaster broadcast video may be displayed on the terminal device.

In the above-described configuration, the management server generates a general broadcast image based on the image received from the IP camera when broadcast transmission is required in a general situation, not a disaster situation, or selects a specific image which is a transmission target from among the pre-stored general broadcast images. The general broadcast image or the specific image may be transmitted to the media server to transmit the general broadcast image or the specific image to each of the terminal devices through the media server, thereby allowing the general broadcast to be transmitted through the terminal device. It may be.

In addition, the cloud server may control the media server through the management server or directly connected to the media server to control the media server. In addition, at least one of the management server and the media server may be included in the cloud server.

The terminal device may be configured as a user terminal or signage in which an IP camera or a dedicated application is installed and executed, or at least one of the user terminal and signage in a state where the IP camera and the dedicated application are installed and executed. It may be configured to include.

In addition, the integrated disaster emergency broadcast system according to an embodiment of the present invention may include a plurality of different end devices.

In this case, the IP camera may generate an image of a surveillance target region and transmit the image to a cloud server or a management server, and the user terminal or signage in which a dedicated application is executed receives and displays broadcast information from a media server or displays broadcast information. You can ask the media server.

The video recording server may receive and store an image from a management server that receives the image of the IP camera under the control of the cloud server, and provide event information to the cloud server when an event is detected through image analysis. have.

Accordingly, the cloud server may control various devices based on preset scenario information based on the corresponding event information.

In this case, the video recording server may be configured with a video management system (VMS), a network video recorder (NVR), or the like.

In addition, encryption generated through the encryption key generation process corresponding to each of a plurality of devices including at least one server device, an image recording server and at least one end device constituting an integrated disaster emergency broadcast system according to an embodiment of the present invention A proxy device that supports encryption using an encryption key for a communication session between devices through a key exchange may be configured inside the device or connected to the device. The proxy devices communicate with each other by communicating with each other through a communication network. Can support

First, any one of the cloud server, the management server, and the media server designates another one of the cloud server, the management server, and the media server, or the terminal device or the video recording server as a communication target, and communicates with the security server 100. The security server 100 may request communication with a subject.

In this case, the terminal device may designate at least one of the cloud server, the management server, and the media server or the video recording server as a communication target to the security server 100 to request communication with the corresponding communication target.

In addition, the video recording server may designate the server device or the terminal device as a communication target and request the security server 100 to communicate with the corresponding communication target.

Accordingly, the security server 100 corresponds to the request information among the cloud server, the management server, the media server, the video recording server, and the terminal device based on the request information when the request information for the request is received. At least two or more devices may be identified, and each of the identified devices may identify a proxy device configured as a module or connected to the device.

In addition, the security server 100 may be mediated to exchange the encryption key between the proxy devices identified in response to the request information, through which the encryption communication between the device for each proxy device corresponding to the request information In addition to this, it can perform functions related to integrated disaster emergency broadcasting.

As an example of an integrated disaster emergency broadcast-related operation through an encryption communication using the encryption key, the security server 100 corresponds to the request information and is connected to any one of the cloud server, the management server, and the media server. A proxy device and a second proxy device connected to another one of the cloud server, the management server, and the media server or the end device may be identified.

In addition, the security server 100 transmits a first encryption key stored in advance corresponding to the first proxy device identified according to the request to the second proxy device, and a second stored in advance corresponding to the second proxy device. The encryption key may be transmitted to the first proxy device so that a key exchange is performed between the first proxy device and the second proxy device.

In this case, the security server 100 may extract the first and second encryption keys from the shared ledger and transmit them to the first proxy device and the second proxy device.

The security server 100 may encrypt and transmit the second encryption key with the first encryption key of the first proxy device when transmitting the second encryption key of the second proxy device to the first proxy device. The first proxy device may decrypt and store the second encryption key encrypted with the first encryption key with the first encryption key stored in advance according to the above-described encryption key generation process with the security server 100.

The security server 100 may encrypt and transmit the first encryption key with the second encryption key of the second proxy device when transmitting the first encryption key of the first proxy device to the second proxy device. The second proxy apparatus may decrypt and store the first encryption key encrypted with the second encryption key with a second encryption key stored in advance according to the above-described encryption key generation process with the security server 100.

Accordingly, the first proxy device stores the second encryption key of the second proxy device received from the security server 100, and the second proxy device receives the first encryption key received from the security server 100. The first encryption key of the proxy device may be stored.

In addition, the first proxy device connected to any one of the cloud server, the management server, and the media server, or configured as a module inside the specific server device, is generated in the specific server device to generate the cloud server and the management server. And receiving data transmitted to another terminal device or another end device of the media server from the specific server device, encrypting the data with one of the first and second encryption keys, and then transmitting the data to another server device or terminal through a communication network. Can be sent to the device.

Accordingly, the second proxy device configured or connected to the other server device or the end device transmits the transmission data transmitted from the specific server device to the other server device or the end device configured or connected to the first server device. And receiving the encrypted transmission data through communication with a proxy device, wherein the second proxy device decrypts the encrypted transmission data with any one of the first and second encryption keys, and then corresponds to a destination of the transmission data. The other server device or the end device.

In this way, the other server device or the end device may receive the decoded transmission data of the specific server device, perform a specific function or change an operation, or transmit an image to the specific server device based on the transmission data.

For example, when the specific server device is a cloud server and the other server device that receives the transmission data transmitted from the specific server device is a management server, the cloud server is integrated with the management server upon receiving disaster related notification information from an external server. The transmission information related to the control information for emergency broadcast is encrypted with the first encryption key through the first proxy device and transmitted to the management server, and the management server receives the encrypted transmission data received from the first proxy device through the second proxy device. Can receive the transmission data decrypted by the first encryption key.

In this case, the first proxy apparatus may encrypt the transmission data with a second encryption key and transmit the encrypted data to a management server, and the second proxy apparatus connected to or configured with the management server decrypts the encrypted transmission data with the second encryption key. It may be provided to the management server.

Accordingly, the management server further includes the disaster broadcast image for generating a disaster broadcast image based on the control information according to the transmission data and controlling the media server to transmit the disaster broadcast image to one or more end devices. The control information may be generated and transmitted to the media server, whereby the control according to the control information of the cloud server for transmitting the emergency broadcast according to the disaster broadcast image through the terminal device based on the additional control information may be performed. Can be made to work.

In this case, a fourth proxy device may be connected to the media server, or the fourth proxy device may be configured as a module inside the media server, and the second proxy device of the management server and the second server may be configured through the security server 100. The second proxy device corresponding to the management server in the state where the key exchange between the fourth proxy devices is related to each other is performed using a fourth encryption key or a second encryption key which is an encryption key of the fourth proxy device corresponding to the media server. Additional control information may be encrypted and transmitted to the fourth proxy device.

In this way, the media server may receive additional control information by decrypting the additional control information encrypted with the fourth encryption key or the second encryption key with a corresponding encryption key through the fourth proxy device, and the additional control information. After generating the broadcast information including the disaster emergency broadcast-related disaster broadcast video based on the transmission to a plurality of end devices including a user terminal in the state that the signage and dedicated application is executed to perform the integrated disaster emergency broadcast Function can be performed.

In this case, the fourth proxy device connected to the media server or configured inside the media server may be configured to exchange an encryption key related key with the proxy device configured or connected to the end device that is the target of receiving broadcast information through the security server 100. In this state, the broadcast information may be transmitted by being encrypted with an encryption key or a fourth encryption key corresponding to the proxy device configured or connected to the terminal device, and the proxy device connected to or configured with the terminal device receiving the broadcast information may be transmitted to the fourth device. The broadcast information may be displayed by decrypting the encrypted broadcast information received from the proxy device with one of a pre-stored encryption key and the fourth encryption key.

On the other hand, as another example of the integrated disaster emergency broadcast-related operation through the encrypted communication using the encryption key, the first proxy device is configured as any one of the plurality of terminals and the encryption through the communication with the security server 100 The first encryption key is generated and stored according to a key generation process, and is connected to one of a cloud server, a management server, and a media server for integrated disaster emergency broadcasting, or inside the one of the cloud server, the management server, and a media server. It can be configured as a module.

In addition, the second proxy device generates and stores a second encryption key according to the encryption key generation process through communication with the security server 100, and to a user terminal or signage in which an IP camera or a dedicated application is executed. It may be connected to an end device configured or may be configured as a module inside the end device.

In addition, the third proxy device generates and stores a third encryption key according to the encryption key generation process through communication with the security server 100, is connected to the video recording server or configured as a module inside the video recording server. Can be.

In addition, the security server 100 is connected to or configured in the other proxy device which is any one other than the specific proxy device of the first to third proxy device from the specific proxy device of the first to third proxy device is connected or configured therein. When receiving a communication request with a target, a specific encryption key corresponding to the specific proxy device among the first to third encryption keys may be transmitted to the other proxy device.

Further, the security server 100 may transmit another encryption key corresponding to the other proxy device among the first to third encryption keys to the specific proxy device.

In this way, data transmitted and received between any one of the cloud server, the management server, and the media server, the video recording server, and the end device is encrypted by the one of the first to third proxy devices. One of the keys can be encrypted and transmitted and received, and the related disaster emergency broadcast associated by performing the encrypted communication based on the encryption key between any one of the server device of the cloud server, the management server and the media server and the video recording server and the end device Can perform operations and functions.

On the other hand, the security server 100 is an encryption key (for example, the second proxy device) of the other proxy device (for example, the second proxy device) to a specific proxy device (for example, the first proxy device) according to the communication request according to the request information At least one transaction for the encryption key exchange process when an encryption key exchange process is performed to transmit an encryption key (eg, a first encryption key) of the specific proxy device to the other proxy device. It may be generated, and the block containing the transaction can be generated and stored in the shared ledger.

Alternatively, the security server 100 may add encryption key exchange information related to a plurality of encryption keys to be exchanged to a specific key block generated at the time of exchange of the encryption key, and the specific key block including the encryption key exchange information may be added. It can be registered and stored in the shared ledger.

In this case, the security server 100 transfers the encryption key exchange information to the specific key block when calculating the key block hash value of the specific key block in which the encryption key exchange information is stored (included). A key block hash value for a key block of < RTI ID = 0.0 >, < / RTI > identification information for each terminal (proxy device) corresponding to the specific key block, a plurality of different encryption targets corresponding to the specific key block, and generation of the specific key block. The keyblock hash value of the specific keyblock may be calculated by applying the hash algorithm with time, and the keyblock hash value reflecting the encryption key exchange information may be included or set in the specific keyblock.

In addition, the security server 100 uses a key block hash value of a specific key block in which encryption key exchange information is reflected when generating an encryption key corresponding to a next key block generated after the specific key block, and the next key block. By using the key block hash value of the specific key block when calculating the key block hash value of the forgery, the forgery of the encryption key exchange information stored in the shared ledger can also be detected. Security can be increased by helping to detect illegal takeovers.

As described above, the present invention configures a proxy device for generating an encryption key through communication with the security server 100 for each of a plurality of devices related to integrated disaster emergency broadcasting, and the security server 100 is configured to generate the proxy device. It is possible to generate a different unique encryption key for each of the devices through communication with the device, and to support the mutual exchange of the encryption key between the proxy devices when communicating between the devices through the proxy device between the devices By supporting encryption using the encryption key for the integrated disaster emergency broadcasting data transmitted and received, it ensures end-to-end encryption through a highly secure encryption key and stores the exchange process of the encryption key on a blockchain basis. In addition to improving security and convenience for encryption key management, It can support the high security integrated disaster emergency broadcasting.

Various devices and components described herein may be implemented by hardware circuitry (eg, CMOS based logic circuitry), firmware, software, or a combination thereof. For example, it may be implemented using transistors, logic gates, and electronic circuits in the form of various electrical structures.

The above description may be modified and modified by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are not intended to limit the technical idea of the present invention but to describe the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The protection scope of the present invention should be interpreted by the following claims, and all technical ideas within the equivalent scope should be interpreted as being included in the scope of the present invention.

10: terminal 100: security service providing apparatus, security server
110: synchronization unit 120: encryption key generation unit
130: encryption and decryption unit 140: blockchain management unit

Claims (8)

It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through Group existing key block by applying the hash value to a predetermined hash algorithm to generate an encryption key for the particular terminal and the security server to send the conventional block key hash value to generate the same encryption key in the specific terminal; And
The encryption terminal is configured as the specific terminal and generates the encryption key by applying an error coefficient according to time synchronization with the security server and the existing keyblock hash value received from the security server to a preset hash algorithm, and performing an integrated disaster emergency broadcast. Connected to a cloud server or a management server or a media server or configured as a module inside the cloud server, the management server or a media server, and transmits the transmission data generated by the cloud server, the management server or the media server by encrypting the encryption key. And a proxy device for decrypting the received data encrypted with the encryption key received by the cloud server, the management server or the media server with the encryption key.
Integrated disaster emergency broadcast system that supports a lightweight security method including a.
The method according to claim 1,
The cloud server controls various devices for integrated emergency emergency broadcasting based on disaster related data received from the outside, and the management server is received from one or more IP cameras through a communication network when a disaster occurs based on the data. Generates a disaster broadcast image based on the image or generates a disaster broadcast image corresponding to the disaster situation among one or more emergency broadcast images stored in advance, and the media server is related to the emergency broadcast based on the disaster broadcast image received from the management server. Integrated disaster emergency broadcasting system supporting a lightweight security method characterized in that the broadcast information is generated and transmitted to the end device.
It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through An encryption key for the specific terminal is generated by applying an existing key block hash value to a preset hash algorithm, and transmitting the existing key block hash value to generate the same encryption key in the specific terminal. A security server for applying a key generation process to each of the plurality of terminals to generate different encryption keys from the plurality of terminals, and generating and storing the same encryption key generated in each of the plurality of terminals;
Is configured as any one of the plurality of terminals and generates a first encryption key according to the encryption key generation process through communication with the security server, any one of a cloud server, management server and media server for integrated disaster emergency broadcasting A first proxy device connected to or configured as a module inside any one of the cloud server, the management server and the media server; And
Is configured as another one of the plurality of terminals and generates a second encryption key according to the encryption key generation process through communication with the security server, the first proxy device of the cloud server, the management server and the media server is connected A second proxy device connected to another one different from the one configured therein or configured as a module therein
Including,
The security server transmits the first encryption key to the second proxy device when a communication request is received from one of the first and second proxy devices with a communication target to which the other of the first and second proxy devices is connected. And transmitting the second encryption key to the first proxy device so that data transmitted / received between the cloud server, the management server, and the media server corresponding to the communication request is one of the first and second proxy devices. Integrated disaster emergency broadcast system supporting a lightweight security method characterized in that the encrypted by any one of the first and second encryption key.
It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through An encryption key for the specific terminal is generated by applying an existing key block hash value to a preset hash algorithm, and transmitting the existing key block hash value to generate the same encryption key in the specific terminal. A security server for applying a key generation process to each of the plurality of terminals to generate different encryption keys from the plurality of terminals, and generating and storing the same encryption key generated in each of the plurality of terminals;
Is configured as any one of the plurality of terminals and generates a first encryption key according to the encryption key generation process through communication with the security server, any one of a cloud server, management server and media server for integrated disaster emergency broadcasting A first proxy device connected to or configured as a module inside any one of the cloud server, the management server and the media server; And
Is configured as another one of the plurality of terminals and generates a second encryption key according to the encryption key generation process through communication with the security server, the first proxy device of the cloud server, the management server and the media server is connected A second proxy device connected to another one different from the one configured therein or configured as a module therein
Including,
The security server transmits the first encryption key to the second proxy device when a communication request is received from one of the first and second proxy devices with a communication target to which the other of the first and second proxy devices is connected. And transmitting the second encryption key to the first proxy device so that data transmitted / received between the cloud server, the management server, and the media server corresponding to the communication request is one of the first and second proxy devices. By encrypting with one of the first and second encryption key,
The security server generates a transaction for the transmission and reception process of the first and second encryption keys, generates a block including the transaction and stores in the shared ledger integrated disasters that support the lightweight security scheme Emergency broadcast system.
It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through An encryption key for the specific terminal is generated by applying an existing key block hash value to a preset hash algorithm, and transmitting the existing key block hash value to generate the same encryption key in the specific terminal. A security server for applying a key generation process to each of the plurality of terminals to generate different encryption keys from the plurality of terminals, and generating and storing the same encryption key generated in each of the plurality of terminals;
Is configured as any one of the plurality of terminals and generates a first encryption key according to the encryption key generation process through communication with the security server, any one of a cloud server, management server and media server for integrated disaster emergency broadcasting A first proxy device connected to or configured as a module inside any one of the cloud server, the management server and the media server; And
Is configured as another one of the plurality of terminals and generates a second encryption key according to the encryption key generation process through communication with the security server, the first proxy device of the cloud server, the management server and the media server is connected A second proxy device connected to another one different from the one configured therein or configured as a module therein
Including,
The security server transmits the first encryption key to the second proxy device when a communication request is received from one of the first and second proxy devices with a communication target to which the other of the first and second proxy devices is connected. And transmitting the second encryption key to the first proxy device so that data transmitted / received between the cloud server, the management server, and the media server corresponding to the communication request is one of the first and second proxy devices. By encrypting with one of the first and second encryption key,
The security server encrypts and transmits the second encryption key with the first encryption key when transmitting the second encryption key to the first proxy device, and transmits the second encryption key with the second encryption key when transmitting the first encryption key to the second proxy device. Encrypting and transmitting the first encryption key,
The first proxy device decrypts the encrypted second encryption key with the first encryption key, and the second proxy device decrypts the encrypted first encryption key with the second encryption key. Integrated disaster emergency broadcast system with support.
It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through An encryption key for the specific terminal is generated by applying an existing key block hash value to a preset hash algorithm, and transmitting the existing key block hash value to generate the same encryption key in the specific terminal. A security server for applying a key generation process to each of the plurality of terminals to generate different encryption keys from the plurality of terminals, and generating and storing the same encryption key generated in each of the plurality of terminals;
Is configured as any one of the plurality of terminals and generates a first encryption key according to the encryption key generation process through communication with the security server, any one of a cloud server, management server and media server for integrated disaster emergency broadcasting A first proxy device connected to or configured as a module inside any one of the cloud server, the management server and the media server;
It is configured as another one of the plurality of terminals and generates a second encryption key according to the encryption key generation process through communication with the security server, and configured as a user terminal or signage in which an IP camera or a dedicated application is executed. A second proxy device connected to the terminating device being configured or configured as a module inside the terminating device; And
One of the plurality of terminals, and generates a third encryption key according to the encryption key generation process through communication with the security server, connected to a video recording server consisting of a VMS or NVR or inside the video recording server A third proxy device configured as a module to the
Including,
The security server requests a communication from a specific proxy device of the first to third proxy devices to another communication device, which is any one except the specific proxy device of the first to third proxy devices, or to a communication target configured therein. Upon reception, transmits a specific encryption key corresponding to the specific proxy device among the first to third encryption keys to the other proxy device, and receives another encryption key corresponding to the other proxy device among the first to third encryption keys. The data transmitted to and from the one of the cloud server, the management server, and the media server, and between the video recording server and the end device is transmitted to the specific proxy device by any one of the first to third proxy devices. Light weight, characterized in that to be encrypted with any one of the first to third encryption key Disaster Emergency Broadcasting System with advanced security measures.
It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through An encryption key for the specific terminal is generated by applying an existing key block hash value to a preset hash algorithm, and transmitting the existing key block hash value to generate the same encryption key in the specific terminal. A security server for applying a key generation process to each of the plurality of terminals to generate different encryption keys from the plurality of terminals, and generating and storing the same encryption key generated in each of the plurality of terminals;
Including a first proxy device configured as any one of the plurality of terminals through the communication with the security server to generate a first encryption key according to the encryption key generation process, the cloud server for integrated disaster emergency broadcast and management A server device including at least one of a server and a media server;
Including a second proxy device configured as another one of the plurality of terminals through the communication with the security server to generate a second encryption key according to the encryption key generation process, the IP camera and the dedicated application is running An end device including at least one of a user terminal and a signage; And
A third recording device configured to generate a third encryption key according to the encryption key generation process through communication with the security server, including a third proxy device configured as another one of the plurality of terminals, and configured as a VMS or an NVR.
Including,
The security server requests a communication from a specific proxy device of the first to third proxy devices to another communication device, which is any one except the specific proxy device of the first to third proxy devices, or to a communication target configured therein. Upon reception, transmits a specific encryption key corresponding to the specific proxy device among the first to third encryption keys to the other proxy device, and receives another encryption key corresponding to the other proxy device among the first to third encryption keys. Data transmitted to the specific proxy device and transmitted / received between the server device, the video recording server, and the end device is transmitted to any one of the first to third encryption keys by any one of the first to third proxy devices. Integrated disaster emergency broadcasts supporting lightweight security schemes characterized by encryption system.
In the integrated disaster emergency broadcast method of the integrated emergency emergency broadcast system including a security server and a proxy device,
The security server performing time synchronization with a specific terminal according to a preset synchronization protocol;
Identifying, by the security server, a new block associated with an encryption key of the specific terminal and a previous block to be connected in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal;
The hash is used to generate the other encryption key related to the other terminal and the identification information of the other terminal in a hash algorithm preset in the existing key block in which the security server is included in the previous block and the other encryption key related information of the other terminal is stored; Extracting an existing keyblock hash value obtained by applying the other encryption key related information including the other encryption key related to the other terminal and the generation time of the existing keyblock, and the time with the specific terminal measured through the time synchronization Generating the encryption key by applying an error coefficient according to an error and the existing keyblock hash value to a preset hash algorithm;
Transmitting, by the security server, the existing keyblock hash value to generate the encryption key at the specific terminal; And
The security device is configured as the specific terminal and connected to a cloud server or a management server or a media server for an integrated emergency emergency broadcast or configured as a module inside the cloud server or a management server or a media server for an integrated emergency emergency broadcast. The encryption key is generated by applying an error coefficient according to time synchronization with a server and the existing key block hash value received from the security server to a preset hash algorithm, and generates a cloud server or a management server for the integrated disaster emergency broadcast. The transmission data generated by the media server is encrypted and transmitted with the encryption key, or the integrated disaster emergency by decrypting the received data encrypted with the encryption key received by the cloud server, the management server or the media server for the integrated disaster emergency broadcast. room Steps to Perform a Song
Integrated disaster emergency broadcast method that supports a lightweight security method including a.

Images