KR101802588B1 - Mutual authentication method between mutual authentication devices based on session key and token, mutual authentication devices - Google Patents
Mutual authentication method between mutual authentication devices based on session key and token, mutual authentication devices Download PDFInfo
- Publication number
- KR101802588B1 KR101802588B1 KR1020150111389A KR20150111389A KR101802588B1 KR 101802588 B1 KR101802588 B1 KR 101802588B1 KR 1020150111389 A KR1020150111389 A KR 1020150111389A KR 20150111389 A KR20150111389 A KR 20150111389A KR 101802588 B1 KR101802588 B1 KR 101802588B1
- Authority
- KR
- South Korea
- Prior art keywords
- authentication token
- authentication
- shared
- key
- token
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Transmitting a pre-shared authentication token to the first device by using a first session key based on a pre-shared master key, transmitting the pre-shared authentication token to the first device, and transmitting, based on the verification result of the first device to the first encrypted authentication token, And decrypting and verifying the second encrypted authentication token using the first session key.
Description
The following embodiments relate to mutual authentication methods and mutual authentication devices between mutual authentication devices based on a session key and an authentication token.
The authentication method using the master key requires that the objects to be mutually authenticated must share the same master key, so that mutual authentication can be performed, so that it is highly dependent on the master key. Therefore, in various IoT (Internet of Thing) devices which need to keep the master key by software, there is a risk that security using only the master key is weak. In addition, IoT devices that provide various services require rights management for different services for each object, so a method for rights management is also required.
According to one embodiment, mutual authentication between mutual authentication devices can increase the level of security.
According to one embodiment, authorization checking and mutual authentication are performed at one time, thereby simplifying the authority checking procedure and efficiently utilizing IoT resources.
A mutual authentication method for a second device for mutual authentication with a first device according to one side comprises: first encrypting a pre-shared authentication token using a first session key based on a pre-shared master key; Sending the first encrypted authentication token to the first device; Receiving a second encrypted authentication token sent in accordance with the verification result of the first device for the first encrypted authentication token; Decrypting the second encrypted authentication token using the first session key; And verifying the decrypted authentication token.
Wherein the first encrypting step comprises: first modulating the pre-shared authentication token based on a first modulation algorithm for the second device; And first encrypting the first modulated authentication token using the first session key.
The first modulating step may include the first modulating a portion of the pre-shared authentication token based on the first modulating algorithm.
The verifying the decrypted authentication token may include verifying the decrypted authentication token based on a second modulation algorithm for the first device.
Wherein verifying the decrypted authentication token comprises: a second modulating the pre-shared authentication token based on the second modulation algorithm; And verifying the decrypted authentication token using the second modulated authentication token.
The mutual authentication method for the second device comprises: generating random information for session key generation; And generating a first session key using the pre-shared master key and the random information.
Wherein the mutual authentication method for the second device comprises: receiving an authentication request of the first device; And in response to the authentication request, verifying the first device.
Wherein the authentication request includes identification information including MAC information of the first device and chip information of the first device, and verifying the first device verifies the first device using the identification information Step < / RTI >
The mutual authentication method for the second device may further include sharing the master key and the authentication token between the second device and the first device prior to the authentication request.
Wherein the sharing comprises: generating an authentication token (Token) for the first device in response to a registration request of the first device; Generating a temporary key using random information and an initial key; And transmitting the cryptographic information together with the random information to the first device, wherein the cryptographic information includes the master key and the authentication token, the cryptographic information being encrypted using the temporary key .
The authentication token may include at least one of the authorization information of the first device, the random information, the identification information of the second device, and the identification information of the first device.
The mutual authentication method for the second device may further include updating the authentication token when the rights information of the first device is changed.
The mutual authentication method for the second device may further comprise registering the first device upon receiving a signal from the first device indicating that the sharing of the cryptographic information is completed.
According to one aspect, a mutual authentication method for a first device for mutual authentication with a second device includes receiving a first encrypted authentication token sent from the second device in response to an authentication request; Decrypting the first encrypted authentication token using a second session key based on a pre-shared master key; Verifying the decrypted authentication token; Encrypting a pre-shared authentication token in accordance with the verification result; And transmitting the second encrypted authentication token to the second device.
Wherein verifying the decrypted authentication token may include verifying the decrypted authentication token based on a first modulation algorithm for the second device.
Wherein verifying the decrypted authentication token comprises: first modulating the pre-shared authentication token using the first modulation algorithm; And verifying the decrypted authentication token using the first modulated authentication token.
Wherein the second encrypting step comprises: a second modulating the pre-shared authentication token based on a second modulation algorithm for the first device; And second encrypting the second modulated authentication token using the second session key.
The second modulating step may include a second modulating a portion of the pre-shared authentication token based on the second modulating algorithm.
The mutual authentication method for the first device may further include sharing the master key and the authentication token between the second device and the first device prior to the authentication request.
Wherein the sharing step comprises: requesting the second device to register; Receiving, in response to the registration request, encrypted cryptographic information in the second device, the cryptographic information including a master key generated by the second device, and an authentication token; Decrypting the cryptographic information to extract the master key and the authentication token; Storing the master key and the authentication token; And transmitting to the second device a signal indicating that sharing of the cryptographic information is complete.
According to one aspect, a second device for mutual authentication with the first device first encrypts a pre-shared authentication token using a first session key based on a pre-shared master key, A processor for decrypting the authentication token by the first session key; A transceiver for transmitting the first encrypted authentication token to the first device and receiving a second encrypted authentication token transmitted according to the verification result of the first device for the first encrypted authentication token; And a memory for storing the pre-shared master key and the pre-shared authentication token.
According to one aspect, a first device for mutual authentication with a second device receives a first encrypted authentication token sent from a second device in response to an authentication request, and sends a second encrypted authentication token to the second device Receiving unit; A processor for decrypting and verifying the first encrypted authentication token using a second session key based on a pre-shared master key, and secondly encrypting a pre-shared authentication token according to the verification result; And a memory for storing the pre-shared master key and the pre-shared authentication token.
According to one aspect of the present invention, the level of security can be enhanced by performing mutual authentication using both the master key and the authentication token.
According to one aspect of the present invention, an authorization check and mutual authentication can be performed at one time to simplify the authorization procedure while reducing the load on the telecommunication procedure and the server.
According to one aspect of the present invention, the mutual authentication is performed using both the master key and the authentication token, so that the IoT device itself can verify the authority without a separate device.
1 illustrates a system environment in which a mutual authentication method according to one embodiment is performed.
2 is a flow diagram illustrating a mutual authentication method for a server according to an embodiment;
3 is a flowchart illustrating a mutual authentication method for a server according to another embodiment;
4 is a flow diagram illustrating operations of a server for sharing a master key and an authentication token in accordance with one embodiment.
5 is a flowchart illustrating a mutual authentication method for a target device according to an embodiment.
6 is a flowchart illustrating a mutual authentication method for a target device according to another embodiment;
7 is a flow diagram illustrating operations of a target device for sharing a master key and an authentication token in accordance with an embodiment;
8 is a view for explaining a device registration procedure between a target device and a server according to an exemplary embodiment;
9 is a view for explaining a mutual authentication procedure between a target device and a server according to an exemplary embodiment;
10 is a block diagram of a server according to one embodiment.
11 is a block diagram of a target device according to one embodiment.
In the following, embodiments will be described in detail with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.
Various modifications may be made to the embodiments described below. It is to be understood that the embodiments described below are not intended to limit the embodiments, but include all modifications, equivalents, and alternatives to them.
The terms used in the examples are used only to illustrate specific embodiments and are not intended to limit the embodiments. The singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, the terms "comprises" or "having" and the like refer to the presence of stated features, integers, steps, operations, elements, components, or combinations thereof, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.
Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this embodiment belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the contextual meaning of the related art and are to be interpreted as either ideal or overly formal in the sense of the present application Do not.
In the following description of the present invention with reference to the accompanying drawings, the same components are denoted by the same reference numerals regardless of the reference numerals, and redundant explanations thereof will be omitted. In the following description of the embodiments, a detailed description of related arts will be omitted if it is determined that the gist of the embodiments may be unnecessarily blurred.
1 is a diagram illustrating a system environment in which a mutual authentication method between devices according to an exemplary embodiment is performed.
1, a system environment according to an exemplary embodiment includes a
The
The
The
The
Alternatively, the
The
Hereinafter, the case where the
The
The
The
The
The
The
In one embodiment, all objects to be mutually authenticated must have the same master key and authentication token in advance, so authentication can be successfully performed. This may prevent an unauthorized user from accessing the
In addition, the
2 is a flowchart illustrating a mutual authentication method for a second device according to an embodiment.
Referring to FIG. 2, a second device according to one embodiment first encrypts (210) a pre-shared authentication token using a first session key based on a pre-shared master key. In step 210, the second device may first modulate the pre-shared authentication token based on the first modulation algorithm, and first encrypt the first modulated authentication token using the first session key. At this time, the first modulation algorithm may be a modulation algorithm used in the second apparatus, which is predetermined between the second apparatus and the first apparatus. The first modulation algorithm may be different from the second modulation algorithm used in the first device.
The second device may first modulate a portion of the pre-shared authentication token based on the first modulation algorithm. The second device may, for example, first modulate only the first 1/3 of the pre-shared authentication token, or only the value corresponding to the even-numbered position of the first half of the authentication token.
The second device may second encrypt an authentication token that is first modulated with the first session key by various encryption techniques, e.g., scrambling, masking, and the like.
The second device sends a first encrypted authentication token to the first device (220).
The second device receives a second encrypted authentication token from the first device (230). At this time, the second encrypted authentication token may be transmitted if the verification result of the first device for the first encrypted authentication token is successful. For example, if the first encrypted authentication token transmitted by the second device to the first device fails verification in the first device, the first device may authenticate the second device that transmitted the first encrypted authentication token It is determined that the second device is not an appropriate second device for transmitting the second encrypted authentication token.
The second device may decrypt the second encrypted authentication token using the first session key (240) and complete the mutual authentication by verifying the decrypted authentication token (250). In
If the second encrypted authentication token is transmitted from a legitimate counterpart for mutual authentication, the second device modulates the second authentication result by second modulating the pre-shared authentication token by a second predetermined modulation algorithm Authentication token) and the decrypted authentication token may have the same value. The second device can determine that the verification for the first device is successful if the value of the decrypted authentication token is equal to the value of the second modulated authentication token.
3 is a flowchart illustrating a mutual authentication method for a second apparatus according to another embodiment.
Referring to FIG. 3, the second device may share the master key and the authentication token with the first device (305). The operation of the second device for sharing the master key and the authentication token between the second device and the first device is described with reference to FIG.
The second device may receive the authentication request of the first device (310). At this time, the identification information of the first device may be included together in the authentication request. The identification information of the first device may include, for example, MAC (Media Access Control) information of the first device and chip information (e.g., serial number) of the first device and the like.
In response to the authentication request of
The second device may generate random information (320). Here, the random information is for generating a session key, and may be a random value generated in a random function or the like.
The second device may generate the first session key using the pre-shared master key and the random information generated in step 320 (325).
The second device first modulates (330) a pre-shared authentication token based on a first modulation algorithm, and first modulates the first modulated authentication token using the first session key generated in step 325 (335).
The second device may transmit the first encrypted authentication token to the first device at step 335 (340).
The second device may receive the second encrypted authentication token from the first device (345). At this time, the second encrypted authentication token may have been transmitted in accordance with the verification result of the first device for the first encrypted authentication token transmitted by the second device in
The second device may decrypt the second encrypted authentication token using the first session key generated in step 325 (350).
The second device may second modulate (355) the pre-shared authentication token based on the second modulation algorithm and verify the decrypted authentication token in
4 is a flow diagram illustrating operation of a second device for sharing an authentication token and a master key according to one embodiment.
Referring to FIG. 4, a second device according to one embodiment may receive a (device) registration request of a first device (410).
In response to the registration request, the second device may generate random information for temporary key generation (420).
The second device may generate an authentication token for the first device (430). The second device may generate an authentication token for the first device based on the rights information of the first device. If there are a plurality of first devices included in the system, the second device may generate different authentication tokens for each first device. The rights information of the first device may be different for each first device according to the service provided by the first device.
The authentication token may include, for example, authorization information of the first device, random information, identification information (ID) of the second device, and identification information (ID) of the first device.
The second device may generate a master key (440). The second device may generate a master key using a key seed value. The second device may generate the authentication token and the master key in a manner independent of each other so that they are not related to each other. Accordingly, even if one of the master key and the authentication token is exposed to the outside, the security for the other can be maintained.
The second device may generate a temporary key using the random information generated in
The second device may encrypt the cryptographic credentials using the temporary key generated in
5 is a flowchart illustrating a mutual authentication method for a first device according to an embodiment.
Referring to FIG. 5, a first device according to one embodiment may request authentication to a second device (510).
The first device receives (520) the first encrypted authentication token sent from the second device in response to the authentication request of
The first device decrypts the first encrypted authentication token using the second session key (530). The second session key may be based on a pre-shared master key.
The first device verifies the decrypted authentication token in step 530 (540). In
The first device second encrypts the pre-shared authentication token according to the verification result of step 540 (550). The first device may be capable of second modulating the pre-shared authentication token based on the second modulation algorithm and secondly encrypting the second modulated authentication token using the second session key. At this time, the first device may second modulate only a part of the pre-shared authentication token. The first device may, for example, second modulate only the last 1/3 of the pre-shared authentication token or only the value corresponding to the odd number of the first 1/3 portions.
The second device and the first device according to the embodiment are configured such that when the authentication token encrypted by the first device in the second encryption process of FIG. 5 is combined with the authentication token encrypted by the second device in the first encryption process of FIG. 2 , A portion of the authentication token can be modulated and encrypted within a range in which the value of the entire authentication token is not revealed.
The first device may second encrypt an authentication token that is secondly modulated with the second session key by various encryption techniques, e.g., scrambling, masking, and the like.
The first device sends a second encrypted authentication token to the second device (560).
6 is a flowchart illustrating a mutual authentication method for a first apparatus according to another embodiment.
Referring to FIG. 6, a first device according to one embodiment may share a master key and an authentication token with a second device (605). The operation of the first device for sharing the master key and authentication token is described with reference to FIG.
The first device requests authentication (610) to the second device, and receives (615) the first encrypted authentication token sent from the second device in response to the authentication request.
The first device may decrypt the first encrypted authentication token using the second session key (620).
The first device may first modulate the pre-shared authentication token using a first modulation algorithm (625) and verify the decrypted authentication token using the first modulated authentication token (630). The first device may verify the decrypted authentication token according to whether the first modulated authentication token is the same as the decrypted authentication token in
The first device may determine whether verification of the decrypted authentication token is successful (635). If it is determined in
If it is determined in
The first device may second encrypt (645) the second modulated authentication token using the second session key.
The first device may send a second encrypted authentication token to the second device (650).
7 is a flow diagram illustrating operation of a first device for sharing a master key and an authentication token in accordance with one embodiment.
Referring to FIG. 7, the first device may request registration (device) to the second device (710). In
In response to the registration request of
The first device may decrypt the cryptographic information to extract the master key and the authentication token (730), and may store the master key and the authentication token (740).
The first device may send a signal to the second device indicating that the sharing of the cryptographic information is complete (750).
8 is a view for explaining a device registration procedure between a first device and a second device according to an embodiment.
Referring to FIG. 8, a device registration procedure performed between the
The
The
The
The
When the rights information of the
The
The
The
The
The
The
The
The
The
FIG. 9 is a view for explaining a mutual authentication procedure between a first device and a second device according to an embodiment.
Referring to FIG. 9, there is shown a mutual authentication procedure performed between a
The
The
The
The
The
The
The
The
The
After verifying the authentication token received from the
The
The
The
In an exemplary embodiment, both the master key and the authentication token are known between the objects performing the mutual authentication, so that the authentication can be successfully performed. Mutual authentication can not be performed even if information of either the master key or the authentication token is exposed, so that a high level of security can be ensured. Further, in one embodiment, since the second device verifies the authentication token once each in the first device, the second device verifies the first device, and the first device verifies the second device. Can be performed.
In addition, when mutually verifying the authentication token, in one embodiment, not only the encryption method and the decryption method of the authentication token but also the modulation algorithm of the authentication token should be known. In other words, in order for an external intruder to attack the mutual authentication security according to an embodiment, an authentication token, an authentication algorithm of the authentication token in the second device (first modulation algorithm), and an authentication algorithm And a modulation algorithm of the authentication token in the first device (second modulation algorithm), all of the five pieces of information need to be known, so that a higher level of security can be secured.
IoT objects (for example, devices, gateways, second device platforms, etc.) provide various services due to the nature of the Internet (IoT) service. Therefore, the authority management method between IoT objects is a key element of Internet security of things. Since the token information according to the embodiment is generated by combining the identification information and the authority information of each first device, the token information can also be used as the authority management information. In other words, since the token information includes the rights information of each first device, the first device can execute the mutual authentication without mutual authentication without any additional authorization.
10 is a block diagram of a second apparatus according to one embodiment.
Referring to FIG. 10, a
The
The
In addition, the
The
11 is a block diagram of a first apparatus according to one embodiment.
Referring to FIG. 11, a
The
The
The
In addition, the
The
The method according to an embodiment of the present invention can be implemented in the form of a program command which can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and configured for the present invention or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.
While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. This is possible.
Therefore, the scope of the present invention should not be construed as being limited to the embodiments described, but should be determined by equivalents to the appended claims, as well as the appended claims.
1000: Second device
1010: Processor
1020:
1030: Memory
1040: bus
Claims (23)
Sharing a master key and an authentication token between the second device and the first device prior to the authentication request of the first device;
First encrypting the shared authentication token using a first session key based on the shared master key;
Sending the first encrypted authentication token to the first device;
Receiving a second encrypted authentication token transmitted from the first device when the verification of the first device for the first encrypted authentication token is successful;
Decrypting the second encrypted authentication token using the first session key; And
Verifying the decrypted authentication token
Lt; / RTI >
Wherein the shared authentication token includes rights information of the first device,
The sharing step
In response to the registration request of the first device, generating an authentication token (Token) for the first device;
Generating a temporary key using random information and an initial key; And
Transmitting the cryptographic information encrypted with the temporary key, the cryptographic information including the master key and the authentication token to the first device together with the random information,
The method comprising the steps of:
Wherein the first encrypting step
First modulating the shared authentication token based on a first modulation algorithm for the second device; And
Encrypting the first modulated authentication token using the first session key,
The method comprising the steps of:
The first modulating step
Performing a first modulating of a portion of the shared authentication token based on the first modulation algorithm
The method comprising the steps of:
The step of verifying the decrypted authentication token
Verifying the decrypted authentication token based on a second modulation algorithm for the first device
The method comprising the steps of:
The step of verifying the decrypted authentication token
Second modulating the shared authentication token based on the second modulation algorithm; And
Verifying the decrypted authentication token using the second modulated authentication token
The method comprising the steps of:
Generating the random information for session key generation; And
Generating a first session key using the shared master key and the random information
Further comprising the steps of:
Receiving an authentication request of the first device; And
In response to the authentication request, verifying the first device
Further comprising the steps of:
The authentication request
The MAC information of the first device, and the chip information of the first device,
The step of verifying the first device
Verifying the first device using the identification information
The method comprising the steps of:
The authentication token
Further comprising at least one of the random information, the identification information of the second device, and the identification information of the first device.
Updating the authentication token if the rights information of the first device has changed
Further comprising the steps of:
Registering the first device upon receiving a signal from the first device indicating that sharing of the cryptographic information is completed
Further comprising the steps of:
Sharing a master key and an authentication token between said second device and said first device;
Receiving a first encrypted authentication token sent from the second device in response to the authentication request;
Decrypting the first encrypted authentication token using a second session key based on a pre-shared master key;
Verifying the decrypted authentication token;
Encrypting a pre-shared authentication token in accordance with the verification result; And
Transmitting the second encrypted authentication token to the second device
Lt; / RTI >
Wherein the pre-shared authentication token comprises rights information of the first device,
The second device
In response to the registration request of the first device, an authentication token (Token) for the first device is generated prior to the authentication request of the first device, and an authentication token (Token) is generated using the random information and the initial key Generating a key and encrypting the cryptographic information using the temporary key, the cryptographic information including the master key and the authentication token, to the first device along with the random information, And sharing the master key and the authentication token.
The step of verifying the decrypted authentication token
Verifying the decrypted authentication token based on a first modulation algorithm for the second device
The method comprising the steps of:
The step of verifying the decrypted authentication token
First modulating the pre-shared authentication token using the first modulation algorithm; And
Verifying the decrypted authentication token using the first modulated authentication token
The method comprising the steps of:
The second encrypting step
Second modulating the pre-shared authentication token based on a second modulation algorithm for the first device; And
Encrypting the second modulated authentication token using the second session key,
The method comprising the steps of:
The second modulating step
Second modulating a portion of the pre-shared authentication token based on the second modulation algorithm
The method comprising the steps of:
The sharing step
Requesting registration to the second device;
Receiving encrypted cryptographic information in the second device in response to the registration request;
Decrypting the cryptographic information to extract the master key and the authentication token;
Storing the master key and the authentication token; And
Transmitting to the second device a signal indicating that the sharing of the cryptographic information has been completed
The method comprising the steps of:
A transceiver for transmitting the first encrypted authentication token to the first device and receiving a second encrypted authentication token transmitted when the verification of the first device for the first encrypted authentication token is successful; And
A memory for storing the pre-shared master key and the pre-
Lt; / RTI >
The pre-shared authentication token includes the rights information of the first device
The processor
The method comprising: generating an authentication token (Token) for the first device in response to a registration request of the first device, prior to the authentication request of the first device, generating an authentication token for the first device using the random information and an initial key, By transmitting the cryptographic information encrypted with the temporary key, the cryptographic information including the master key and the authentication token to the first device together with the random information, 2 device and the first device shares the master key and the authentication token between the first device and the second device.
Wherein the first authentication key is shared by the second device and the first device, and the first encrypted authentication token is decrypted and verified using the second session key based on the shared master key, A processor for second encrypting the shared authentication token; And
A memory for storing the shared master key and the shared authentication token;
Lt; / RTI >
Wherein the shared authentication token includes rights information of the first device,
The second device
In response to the registration request of the first device, generating an authentication token for the first device, generating a temporary key using the random information and the initial key, prior to responding to the authentication request of the first device , The cryptographic information encrypted using the temporary key, the cryptographic information including the master key and the authentication token, to the first device with the random information, 1. A first device for mutual authentication with a second device that shares the master key and the authentication token between devices.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150111389A KR101802588B1 (en) | 2015-08-07 | 2015-08-07 | Mutual authentication method between mutual authentication devices based on session key and token, mutual authentication devices |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150111389A KR101802588B1 (en) | 2015-08-07 | 2015-08-07 | Mutual authentication method between mutual authentication devices based on session key and token, mutual authentication devices |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170017455A KR20170017455A (en) | 2017-02-15 |
KR101802588B1 true KR101802588B1 (en) | 2017-12-28 |
Family
ID=58112235
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150111389A KR101802588B1 (en) | 2015-08-07 | 2015-08-07 | Mutual authentication method between mutual authentication devices based on session key and token, mutual authentication devices |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101802588B1 (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102125047B1 (en) * | 2018-12-26 | 2020-06-19 | 한전케이디엔 주식회사 | Key Management and Operation Method for Improving Security of Distribution Intelligence System |
KR102135727B1 (en) * | 2019-01-16 | 2020-07-20 | 목포대학교산학협력단 | Internet of things blockchain system using token and multi-phase authentication method usign the system |
KR102159188B1 (en) * | 2019-05-31 | 2020-09-23 | 백석대학교산학협력단 | A CCTV control security system using convergence security token based on Moire |
CN114040349B (en) * | 2020-07-21 | 2024-04-09 | 华为技术有限公司 | Electronic equipment and distributed system |
CN112383897B (en) * | 2020-10-19 | 2023-09-22 | 东软集团股份有限公司 | Information transmission method, device, medium and electronic equipment based on intelligent network |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000215165A (en) * | 1999-01-26 | 2000-08-04 | Nippon Telegr & Teleph Corp <Ntt> | Method and device for information access control and record medium recording information access control program |
KR100987213B1 (en) * | 2008-07-11 | 2010-10-12 | 삼성전자주식회사 | Method for processing communication based on voice over internet protocol using bio key and apparatus for the same |
-
2015
- 2015-08-07 KR KR1020150111389A patent/KR101802588B1/en active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000215165A (en) * | 1999-01-26 | 2000-08-04 | Nippon Telegr & Teleph Corp <Ntt> | Method and device for information access control and record medium recording information access control program |
KR100987213B1 (en) * | 2008-07-11 | 2010-10-12 | 삼성전자주식회사 | Method for processing communication based on voice over internet protocol using bio key and apparatus for the same |
Also Published As
Publication number | Publication date |
---|---|
KR20170017455A (en) | 2017-02-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110971415B (en) | Space-ground integrated space information network anonymous access authentication method and system | |
US9935954B2 (en) | System and method for securing machine-to-machine communications | |
US20210344482A1 (en) | Method of data transfer, a method of controlling use of data and cryptographic device | |
US8837741B2 (en) | Systems and methods for encoding exchanges with a set of shared ephemeral key data | |
US8539559B2 (en) | System for using an authorization token to separate authentication and authorization services | |
US8171527B2 (en) | Method and apparatus for securing unlock password generation and distribution | |
CN106464498B (en) | Method for authenticating a first electronic entity by a second electronic entity and electronic entity | |
US10594479B2 (en) | Method for managing smart home environment, method for joining smart home environment and method for connecting communication session with smart device | |
KR101802588B1 (en) | Mutual authentication method between mutual authentication devices based on session key and token, mutual authentication devices | |
JP6757845B2 (en) | Behavior related to user devices that use secret identifiers | |
JP2020530726A (en) | NFC tag authentication to remote servers with applications that protect supply chain asset management | |
US10291567B2 (en) | System and method for resetting passwords on electronic devices | |
CN108809633B (en) | Identity authentication method, device and system | |
CN112532393A (en) | Verification method of cross-link transaction, relay link node equipment and medium | |
KR101531662B1 (en) | Method and system for mutual authentication between client and server | |
CN107040501B (en) | Authentication method and device based on platform as a service | |
KR20200104084A (en) | APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF | |
CN111740995A (en) | Authorization authentication method and related device | |
JPWO2019142307A1 (en) | Semiconductor device, update data provision method, update data reception method and program | |
KR102415628B1 (en) | Method and apparatus for authenticating drone using dim | |
Kim et al. | UAV‐Undertaker: Securely Verifiable Remote Erasure Scheme with a Countdown‐Concept for UAV via Randomized Data Synchronization | |
US11616789B2 (en) | Communication system, communication method, and computer program product | |
KR20220107431A (en) | Method for mutual authenticating between authentication server and device using hardware security module and method using the same | |
KR20210083992A (en) | Method of authenticating entity for lightweight device and apparatuses performing the same | |
CN113037490A (en) | WEB access verification method, WEB access method, computer device, and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E90F | Notification of reason for final refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |