KR101677249B1 - Security Apparatus and Method for Controlling Internet of Things Device Using User Token - Google Patents
Security Apparatus and Method for Controlling Internet of Things Device Using User Token Download PDFInfo
- Publication number
- KR101677249B1 KR101677249B1 KR1020150084418A KR20150084418A KR101677249B1 KR 101677249 B1 KR101677249 B1 KR 101677249B1 KR 1020150084418 A KR1020150084418 A KR 1020150084418A KR 20150084418 A KR20150084418 A KR 20150084418A KR 101677249 B1 KR101677249 B1 KR 101677249B1
- Authority
- KR
- South Korea
- Prior art keywords
- control
- request
- user
- pairing
- token
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
And more particularly, to a security processing apparatus and method using a user token having an encryption function for controlling an object Internet device.
In recent years, the Internet has been studied to connect to the Internet by incorporating sensors and communication functions into various objects. Here, objects are systematically recognizable objects and can be various embedded systems such as home appliances, mobile equipment, and wearable computers.
The object Internet device can incorporate a sensor for data acquisition from an external environment, and can receive and control information from objects by transmitting / receiving data between devices based on wireless communication. However, if all objects are connected to the open Internet, they can be targets of hacking, etc. Therefore, strong security is required along with the development of the Internet of things.
It is an object of the present invention to provide a security processing apparatus and method for encrypting a user request for controlling a thing Internet device using a user token.
According to an aspect of the present invention, a security processing apparatus for controlling an object Internet apparatus generates a control message for controlling the object Internet apparatus, requests control ciphertext generation for a control message generated in the user token, And a user token for encrypting the control telegram received from the user terminal and the control telegraph received from the user terminal to generate a control ciphertext and transmitting the generated control ciphertext to the user terminal.
According to another aspect of the present invention, a user terminal includes a request receiver for receiving a request for registering a user token for controlling a thing Internet device from a user, a public key request unit for requesting a public key in a user token when a registration request is received, And a registration requesting unit for requesting registration of the public key by transmitting the registration specialist generated in the object Internet control apparatus to the registration specialist generating unit for generating the registration special based on the received public key.
According to another aspect, the user terminal includes a master token determination unit for determining whether a master token corresponding to the object Internet apparatus exists, and, if the master token exists as a determination result, requesting generation of a registration cipher text for the registration specialization generated in the master token The registration request unit may request registration of the public key by transmitting the received registration cipher text to the object Internet control apparatus when the registration cipher text is received from the master token.
According to another aspect of the present invention, a user terminal receives a request to establish or cancel a pairing with a destination Internet device from a user, and transmits an identifier of the user token to the destination Internet control device A ciphertext receiving unit for receiving a pairing cipher text obtained by encrypting at least one of an ID of an object Internet apparatus, a pairing time, and a random number of the object Internet apparatus from a public key of a user token, And a pairing requesting unit for requesting the pairing to be concluded or released by transmitting to the token.
According to another aspect of the present invention, a user token includes a request receiving unit for receiving a pairing or releasing request from a user terminal, a decryption unit for decrypting the pairing ciphertext with a private key when a pairing or canceling request is received from the user terminal, The Internet device ID, the pairing time, and the random number of the object Internet device on the basis of the object Internet device ID and the device random number And a pairing control unit for releasing the pairing based on at least one.
According to another aspect, the pairing control unit logs the control cipher generation time each time the control cipher is generated according to the control encryption request of the user terminal, and performs a pairing with other object Internet devices based on the generated control cipher text generation time The engagement can be controlled.
According to another aspect, the user token includes a request receiver for receiving a message authentication code (MAC) generation request for the object Internet device from the user terminal, A message authentication code generation unit for generating a message authentication code using a random number, and a communication unit for transmitting the generated message authentication code to the user terminal, wherein the user terminal attaches a message authentication code to the generated control message, Lt; / RTI >
According to one aspect, a security processing method for controlling an object Internet device includes the steps of: a user terminal generating a control telegram for controlling the object Internet apparatus and requesting generation of a control ciphertext for the control telegram generated in the user token; Generating a control ciphertext by encrypting the control telegraph received from the user terminal with a private key, generating a control ciphertext, transmitting the control ciphertext generated the user token to the user terminal, and receiving the control ciphertext from the user token, To the device.
According to another aspect, a security processing method includes receiving a registration request of a user token for controlling a thing Internet device from a user, requesting a public key from a user token when the user terminal receives a registration request, A step of generating a registration telegram based on the received public key when the terminal receives the public key from the user token and a step of requesting registration of the public key by transmitting the registration telegram generated by the user terminal to the object Internet control device .
According to another aspect, a security processing method includes: receiving a request for a pairing or release of a pairing with a destination Internet apparatus from a user terminal; receiving, when a user terminal issues a pairing or releasing request, Receiving a pairing cipher text in which the user terminal encrypts at least one of the ID of the object Internet apparatus, the pairing time, and the object internet apparatus random number with the public key of the user token from the object Internet control apparatus; And transmitting the pairing cipher text received by the mobile subscriber station to the user token to request paired ringing or cancellation.
It is possible to authenticate the user's access by encrypting and transmitting the request of the user for controlling the Internet device of the object, and it is possible to prevent the tampering of the user request.
1 is a block diagram of an object Internet system according to an exemplary embodiment of the present invention.
2 is a block diagram of a user terminal according to an exemplary embodiment of the present invention.
3 is a configuration diagram of a control processing unit according to an embodiment.
4 is a configuration diagram of a registration processing unit according to an embodiment.
5 is a configuration diagram of a paging processing unit according to an embodiment.
6 is a configuration diagram of a user token according to an embodiment.
7 is a flowchart illustrating a control-dedicated transmission method according to a user request according to an exemplary embodiment.
8 is a flowchart illustrating a method of registering a user token according to an embodiment.
9 is a flow chart illustrating a piercing engagement and release method according to one embodiment.
Hereinafter, an embodiment of the present invention will be described in detail with reference to the accompanying drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. In addition, the terms described below are defined in consideration of the functions of the present invention, which may vary depending on the intention of the user, the operator, or the custom. Therefore, the definition should be based on the contents throughout this specification.
Hereinafter, embodiments of the security processing apparatus and method will be described in detail with reference to the drawings.
1 is a block diagram of an object Internet system according to an exemplary embodiment of the present invention.
Referring to FIG. 1, the object Internet system may include a
According to an aspect, the
According to one example, the Internet device for objects includes all kinds of objects such as home appliances such as a heating / heating device, a television, a security device such as a door lock, a surveillance camera, a wearable device such as a smart location, smart glasses, .
According to an example, the object
According to an aspect, the
For example, the
In this case, the
The
2 is a configuration diagram of a
2, the
According to one example, the
When the
The
The
According to one example, the identifier of the user token may be at least one of the IC chip unique number or the hash value of the public key of the user token.
When the pairing request is received from the
The
According to one embodiment, the
According to one embodiment, the
3 is a configuration diagram of the
3, the
When receiving the control request from the user, the
The cipher text
The
4 is a configuration diagram of the
4, the
The public
When the public key is received from the
The
The master
According to an example, if there is a master token corresponding to the object Internet apparatus, a separate procedure may be required to register the
When a
The ciphertext
5 is a configuration diagram of a
5, the
According to one embodiment, the
According to another example, pairing may be a pairing between one
According to another example, when the object
For example, the ID of the object Internet device may include a manufacturer ID for identifying a company manufacturing and producing the object Internet device, a product model ID for identifying the object Internet device product model number, and a object Internet device product serial number And an extended ID for identifying a product serial ID and an object Internet device that has not been given an object identifier.
In another example, when receiving a pairing request for a door lock from a user, the
At this time, the paging time may include at least one of the current time of the object
In one embodiment, the object
When the object
The
6 is a configuration diagram of a
6, the
According to an example, the
The
When the public
The
The
For example, the
For example, the
As another example, if the period information for performing the pairing at the paging time is included, the user token A can control the door lock (device ID: B) as the object Internet device to be paired for 10 minutes of the paging time. In this case, the user token A will control only the door lock B for 10 minutes when the pairing is engaged.
According to another example, when the
For example, the
According to another example, the
For example, each time the
For example, the
When the message authentication code generation request is received, the authentication code generation unit 260 may generate a message authentication code using the device random number for the object Internet device. According to an example, the
The
7 is a flowchart illustrating a control-dedicated transmission method according to a user request according to an exemplary embodiment.
Referring to FIG. 7, the
After generating the control telegram, the
When the ciphertext is generated, the
8 is a flowchart illustrating a method of registering a user token according to an embodiment.
Referring to FIG. 8, the
Thereafter, when the public key is received from the
When the registration telegram is generated, the user terminal determines whether there is a master token corresponding to the object Internet apparatus managed by the object Internet control apparatus 300 (860). For example, if there is a master token corresponding to the object Internet apparatus, a separate procedure may be required to register the
According to an example, if there is no master token, the
According to another example, if there is a master token, the
9 is a flow chart illustrating a piercing engagement and release method according to one embodiment.
Referring to FIG. 9, the
Then, the
When the
In this case, the
One aspect of the present invention may be embodied as computer readable code on a computer readable recording medium. The code and code segments implementing the above program can be easily deduced by a computer programmer in the field. A computer-readable recording medium may include any type of recording device that stores data that can be read by a computer system. Examples of the computer-readable recording medium include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical disk, and the like. In addition, the computer-readable recording medium may be distributed to networked computer systems and written and executed in computer readable code in a distributed manner.
The present invention has been described with reference to the preferred embodiments. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the scope of the present invention should not be limited to the above-described embodiments, but should be construed to include various embodiments within the scope of the claims.
10: Security processing device 100: User terminal
110: request receiver 130: control processor
150: Registration processor 170: Pairing processor
180: Storage unit 190: Transmitting /
200: user token 210: request receiver
220: cipher text generation unit 230: public key processing unit
240: Decoding unit 250: Pairing control unit
260: Authentication code generation unit 270:
280: storage unit 300: object Internet control device
Claims (10)
A user terminal for generating a control telegram for controlling the Internet device, requesting a user token to generate a control ciphertext for the generated control telegram, receiving the control ciphertext from the user token, and transmitting the control ciphertext to the Internet control device; And
A user token for receiving the control telegram from a user terminal using contact or near field communication, generating a control cipher text by encrypting the received control telegram with a private key, and transmitting the generated control cipher text to a user terminal; / RTI >
Wherein the user token is one of an electronic ID card, a credit card, and an OTP (One Time Password) device, which is a terminal device separate from the user terminal.
The user terminal
A request receiving unit for receiving a registration request of a user token for controlling a destination Internet device from a user;
A public key request unit for requesting a public key in a user token when the registration request is received;
A registration professional generating unit for generating a registration special based on the received public key when the public key is received from the user token; And
A registration request unit for requesting registration of the public key by transmitting the generated registration telegram to the object Internet control apparatus; The security processing apparatus comprising:
The user terminal
A master token determination unit for determining whether or not a master token corresponding to the object Internet apparatus exists; And
Further comprising a ciphertext generation requesting unit for requesting a master token to generate a registration ciphertext for the generated registration specialist if the master token exists as a result of the determination,
The registration request unit
And when the registration ciphertext is received from the master token, transmits the received registered ciphertext to the object Internet control apparatus to request registration of the public key.
The user terminal
A request receiving unit for receiving a request to conclude or cancel a pairing with a destination Internet apparatus;
An identifier transmitting unit for transmitting an identifier of the user token to the object Internet control apparatus when the paired affixing or canceling request is received;
A ciphertext receiving unit for receiving a pairing ciphertext obtained by encrypting at least one of an ID of an object Internet apparatus, a pairing time, and a random number of the object Internet apparatus from the object Internet control apparatus using a public key of a user token; And
A pairing request unit for transmitting the received pairing cipher text to a user token to request a pairing or canceling; The security processing apparatus comprising:
The user token
A request receiver for receiving a pairing or canceling request from a user terminal;
A decryption unit decrypting the pairing ciphertext with a private key when a pairing or release request is received from the user terminal; And
And performs a pairing with the object Internet apparatus based on at least one of the object internet apparatus ID, the pairing time, and the random number of the object Internet apparatus in response to the request for paired ringing, And a pairing controller for releasing the pairing based on at least one of the device random number.
The pairing control unit
Wherein each time a control ciphertext is generated in response to a control encryption request of a user terminal, a control ciphertext generation time is logged and a pairing control with another object Internet apparatus is controlled based on the logged control ciphertext generation time.
The user token
A request receiving unit for receiving a message authentication code (MAC) generation request for the object Internet device from the user terminal;
A message authentication code generation unit for generating a message authentication code using the device random number for the object Internet device when the message authentication code generation request is received; And
And a communication unit for transmitting the generated message authentication code to a user terminal,
The user terminal
And attaches the message authentication code to the generated control message to transmit to the object Internet control device.
The user terminal generates a control telegram for controlling the object Internet device, and requests the user token to generate a control ciphertext for the generated control telegram;
Receiving a control telegram from a user terminal using a user token using contact or near field communication;
Encrypting the received control telegram with a private key to generate a control ciphertext;
The user token sending the generated control ciphertext to the user terminal; And
The user terminal receiving the control ciphertext from the user token and transmitting the control ciphertext to the object Internet control device; Lt; / RTI >
Wherein the user token is one of an electronic ID card, a credit card, and an OTP (One Time Password) device, which is a terminal device separate from a user terminal.
The security processing method
Receiving a registration request of a user token for controlling a destination Internet device from a user terminal;
Requesting a public key in a user token when a user terminal receives a registration request;
If the user terminal receives a public key from the user token, generating a registration telegraph based on the received public key; And
The user terminal transmits the generated registration message to the object Internet control device to request registration of the public key; Further comprising:
The security processing method
The method comprising the steps of: a user terminal receiving a pairing or cancel request from a user with a destination Internet device;
Transmitting an identifier of the user token to the object Internet control apparatus when the user terminal receives the request for paired connection or release;
Receiving a pairing cipher text in which a user terminal encrypts at least one of an ID of an object Internet device, a pairing time, and a random number of the object Internet device from the object Internet control device using a public key of a user token; And
The user terminal transmits the received pairing cipher text to a user token to request a pairing or cancellation; Further comprising:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150084418A KR101677249B1 (en) | 2015-06-15 | 2015-06-15 | Security Apparatus and Method for Controlling Internet of Things Device Using User Token |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150084418A KR101677249B1 (en) | 2015-06-15 | 2015-06-15 | Security Apparatus and Method for Controlling Internet of Things Device Using User Token |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101677249B1 true KR101677249B1 (en) | 2016-11-17 |
Family
ID=57542159
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150084418A KR101677249B1 (en) | 2015-06-15 | 2015-06-15 | Security Apparatus and Method for Controlling Internet of Things Device Using User Token |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101677249B1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018143510A1 (en) * | 2017-02-02 | 2018-08-09 | 주식회사 시옷 | Internet of things security module |
KR20210090375A (en) | 2020-01-10 | 2021-07-20 | 동서대학교 산학협력단 | Blockchain-based authenticaton and revocation method for the internet of things device |
KR20210090379A (en) | 2020-01-10 | 2021-07-20 | 동서대학교 산학협력단 | Blockchain-based access control method for the internet of thing device |
KR20210090372A (en) | 2020-01-10 | 2021-07-20 | 동서대학교 산학협력단 | Blockchain-based authenticaton and revocation method for the internet of things gateway |
CN116318899A (en) * | 2023-02-17 | 2023-06-23 | 深圳市创势互联科技有限公司 | Data encryption and decryption processing method, system, equipment and medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20040012824A (en) * | 2001-05-14 | 2004-02-11 | 마츠시타 덴끼 산교 가부시키가이샤 | Electronic device control apparatus |
KR20060058789A (en) * | 2004-11-25 | 2006-06-01 | 한국전자통신연구원 | Method and apparatus for data security on home network system |
KR101491730B1 (en) * | 2013-12-09 | 2015-02-09 | 에스케이 텔레콤주식회사 | Method for Providing Machine to Machine Encryption Service and Apparatus Therefor |
KR20150035971A (en) | 2015-03-18 | 2015-04-07 | 문종섭 | A secure Data Communication protocol between IoT smart devices or sensors and a Network gateway under Internet of Thing environment |
-
2015
- 2015-06-15 KR KR1020150084418A patent/KR101677249B1/en active IP Right Grant
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20040012824A (en) * | 2001-05-14 | 2004-02-11 | 마츠시타 덴끼 산교 가부시키가이샤 | Electronic device control apparatus |
KR20060058789A (en) * | 2004-11-25 | 2006-06-01 | 한국전자통신연구원 | Method and apparatus for data security on home network system |
KR101491730B1 (en) * | 2013-12-09 | 2015-02-09 | 에스케이 텔레콤주식회사 | Method for Providing Machine to Machine Encryption Service and Apparatus Therefor |
KR20150035971A (en) | 2015-03-18 | 2015-04-07 | 문종섭 | A secure Data Communication protocol between IoT smart devices or sensors and a Network gateway under Internet of Thing environment |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018143510A1 (en) * | 2017-02-02 | 2018-08-09 | 주식회사 시옷 | Internet of things security module |
KR20210090375A (en) | 2020-01-10 | 2021-07-20 | 동서대학교 산학협력단 | Blockchain-based authenticaton and revocation method for the internet of things device |
KR20210090379A (en) | 2020-01-10 | 2021-07-20 | 동서대학교 산학협력단 | Blockchain-based access control method for the internet of thing device |
KR20210090372A (en) | 2020-01-10 | 2021-07-20 | 동서대학교 산학협력단 | Blockchain-based authenticaton and revocation method for the internet of things gateway |
CN116318899A (en) * | 2023-02-17 | 2023-06-23 | 深圳市创势互联科技有限公司 | Data encryption and decryption processing method, system, equipment and medium |
CN116318899B (en) * | 2023-02-17 | 2023-10-17 | 深圳市创势互联科技有限公司 | Data encryption and decryption processing method, system, equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20160277933A1 (en) | Secure Data Communication system between IoT smart devices and a Network gateway under Internet of Thing environment | |
JP4647903B2 (en) | Information communication apparatus, communication system, and data transmission control program | |
JP4545197B2 (en) | Wireless network system and communication method using the same | |
CN107659406B (en) | Resource operation method and device | |
KR101677249B1 (en) | Security Apparatus and Method for Controlling Internet of Things Device Using User Token | |
US20080109654A1 (en) | System and method for RFID transfer of MAC, keys | |
JP4803145B2 (en) | Key sharing method and key distribution system | |
JP2017514421A (en) | Authentication apparatus and method | |
JP2011511350A (en) | Access control management method and apparatus | |
KR20100071209A (en) | Verification of device using device tag | |
KR20120072032A (en) | The system and method for performing mutual authentication of mobile terminal | |
US11178137B2 (en) | System for IoT devices communicating with server using a tentative common key | |
US10805276B2 (en) | Device and methods for safe control of vehicle equipment secured by encrypted channel | |
KR101482938B1 (en) | Method of preventing authorization message, server performing the same and user terminal performing the same | |
KR20190038632A (en) | Method for provisioning a first communication device using a second communication device | |
US10511946B2 (en) | Dynamic secure messaging | |
KR102322605B1 (en) | Method for setting secret key and authenticating mutual device of internet of things environment | |
KR101745482B1 (en) | Communication method and apparatus in smart-home system | |
US11003744B2 (en) | Method and system for securing bank account access | |
KR20150005788A (en) | Method for authenticating by using user's key value | |
JP2017108237A (en) | System, terminal device, control method and program | |
JP7141723B2 (en) | Apparatus, system and method for controlling actuators via wireless communication system | |
WO2018172776A1 (en) | Secure transfer of data between internet of things devices | |
KR20190115489A (en) | IOT equipment certification system utilizing security technology | |
KR101790121B1 (en) | Method and System for certificating electronic machines |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20191002 Year of fee payment: 4 |