KR102145561B1 - A Secured Wireless Service System and Wireless Connecting Device thereof - Google Patents

Abstract

The present invention relates to a wireless service system and a wireless connection device included therein. More particularly, the present invention relates to a secured wireless service system and a wireless connection device included therein, which inserts location information and time information into an access number generated in a certain time unit, and allows installation, change of settings, and access to the system only when the time, location, and access number all match, so as to strengthen the security against unauthorized use of wireless connection devices, and to block the continued use of wireless connection devices even if the access number is stolen, thereby enabling enhanced security by utilizing an access history without fear of theft.

Description

A secured wireless service system and a wireless connecting device included therein

The present invention relates to a wireless service system and a wireless connection device included therein, and more particularly, to insert location information and time information into an access number generated in a predetermined time unit, and all time, location, and access numbers are identical. By allowing the installation of the wireless connection device, change of settings, and access to the system only in case of a case, the security against unauthorized use of the wireless connection device can be reinforced, and even if the access number is stolen, The present invention relates to a secured wireless service system and a wireless connection device included in the secured wireless service system that enables the use to be blocked and enhanced security using access history without fear of theft.

Recently, technology development for a Machine-to-Machine (M2M) service that provides various control solutions through sharing information measured and collected by various devices using a wired/wireless communication method has been actively made.

This M2M service system connects devices that collect various information with a server using a separate communication device, and the server uses information received from various devices to control traffic, traffic signal controllers, unmanned enforcement systems, bus information systems, and buses. The control/monitoring solution of various functions will be provided by government offices and government agencies such as information systems.

Recently, for the easy installation and smooth operation of the M2M service system (IoT service system), a method using a wireless communication method as shown in the following patent documents is mainly used, and a wireless modem, a wireless router, etc. are connected with various devices that collect information. Thus, data can be transmitted to the server wirelessly.

However, in this case, if you only need a wireless modem/router, USIM, etc. that can be connected to the server, you can access the server from anywhere, and you can easily hack the server service system to obtain data and set the system and wireless modem at will. You can change it.

Accordingly, there is an increasing need to impose certain restrictions on access to an M2M service system (IoT service system) (hereinafter referred to as a'wireless service system') using a wireless modem/router.

(Patent Document)

Registered Patent Publication No. 10-1517503 (registered on April 28, 2015) "Multi-sensor equipment control system based on broadband modem for intelligent communication and IoT"

The present invention was devised to solve the above problems,

In the present invention, the location information and time information are inserted into the access number generated in a certain time unit, and installation of the wireless connection device, change of settings, and access to the system are possible only when the time, location and access number all match. It is an object of the present invention to provide a secured wireless service system that can enhance security against unauthorized use of a wireless connection device by allowing it to be allowed.

An object of the present invention is to provide a secured wireless service system capable of blocking the continued use of a wireless connection device even when an access number is stolen.

The present invention makes it possible to use the wireless connection device only within the set working time and effective area, and the effective area is updated in a fixed time unit to prevent the continued unauthorized use of the wireless connection device even when the effective area information is stolen, However, the purpose of this is to provide a secured wireless service system that allows sufficient working hours to be secured in the same working place by extending the renewal period of the effective area when working hours are continuing.

An object of the present invention is to provide a secured wireless service system that enables a wireless connection device to be connected to a system at a location in which a communication environment is optimal.

An object of the present invention is to provide a secured wireless service system that enables enhanced security using a connection history that is free from theft.

The present invention is implemented by an embodiment having the following configuration in order to achieve the above object.

According to an embodiment of the present invention, the secured wireless service system according to the present invention includes a device unit for collecting information through a plurality of devices and wirelessly transmitting the collected information to a server unit through a wireless connection device, and the device unit The server unit includes a server unit that collects information transmitted from and provides a separate control solution, and the server unit includes a security management server that manages access to the wireless connection device, and the security management server is a connection that is updated in a predetermined time unit. Includes a connection number generation module that generates a number and transmits it to a wireless connection device and a user terminal, and the connection number generation module includes a location information insertion module that inserts location information for which the connection number is valid, and time information for which the connection number is valid. It includes a time information insertion module to be inserted, and the wireless connection device permits installation, change of settings, and access to the system only when both time information and location information inserted in the access number match. It features.

According to another embodiment of the present invention, in the secured wireless service system according to the present invention, the wireless connection device uses a connection number update information receiving module for receiving information on an updated connection number, and a wireless connection device. A usage blocking module that blocks user access when the access number is renewed, a re-authentication request module that requests re-authentication to the user terminal, and resume of use that allows users to resume use when the updated access number is entered. It characterized in that it comprises a module.

According to another embodiment of the present invention, in the secured wireless service system according to the present invention, the security management server includes a device identification information registration module for registering identification information on a wireless connection device connected to the system, and An effective area setting module that sets the range of locations where the use of wireless connection devices is allowed, a workable time setting module that sets information on the work hours allowed to use each wireless connection device, and the effective area in a fixed time unit. It includes an effective area update module to change, wherein the wireless connection device enables the use of the wireless connection device only when the location of the wireless connection device and the working time information match, and the wireless connection device An effective area change information receiving module that receives information, a work time check module that determines whether it is within the currently set work time, and if it is within the work time, a work time security request module that requests postponement of the effective area change by the remaining work time; When the delayed working time elapses, a zone change instruction module that requests movement to a new effective zone, a use blocking module that blocks the use of wireless connection devices with the zone change instruction, and the location of the wireless connection device are moved at regular intervals. It characterized in that it comprises a position movement check module for checking the position, and a connection resumption module for resuming the use of the wireless connection device when the position movement is confirmed.

According to another embodiment of the present invention, in the secured wireless service system according to the present invention, the security management server includes an optimal point setting module for designating and setting a location with the least amount of traffic to which a wireless connection device can be connected. , An optimum point transmission module for transmitting the optimum position set by the optimum point setting module to the wireless connection device, and an optimum point notification module for notifying the operator of the set optimum position, wherein the optimum point setting module is a predetermined point within the effective area. A reference point setting module that sets a reference position with a reference point, a connection point collection module that collects previously accessed positions based on an operator or a wireless connection device within a certain range of the reference position, and directs movement to the past connection positions. A location movement instruction module to be moved, a traffic information calculation module for each point that calculates communication traffic information for each location at a plurality of locations to be moved, and an optimum point determination module for determining an optimum location to a location with the least traffic, the The wireless connection device is characterized in that it recognizes whether the wireless connection device moves to the received optimal position, and allows access only when the wireless connection device has moved.

According to another embodiment of the present invention, in the secured wireless service system according to the present invention, the security management server distributes information on the access history of the wireless connection device to terminals using the system using a block chain. , A history management unit that stores and manages the use of the wireless connection device by using the history management unit, and the history management unit stores the history of the connection of the wireless connection device using a block chain. Block chain module that is distributed and stored in the device, history information update module that updates history information at regular time intervals, and blocks for history information by requesting block information about the history stored in the terminal whenever a wireless connection device requests access. It characterized in that it comprises a history information check module that enables access using a wireless connection device only when there is.

The present invention can obtain the following effects by the configuration, combination, and use relationship that will be described below with the present embodiment.

In the present invention, the location information and time information are inserted into the access number generated in a certain time unit, and installation of the wireless connection device, change of settings, and access to the system are possible only when the time, location and access number all match. By allowing it to be allowed, there is an effect of enhancing the security against unauthorized use of the wireless connection device.

The present invention allows the user to continue using the wireless connection device only when the connection number is re-entered when the connection number is updated over a certain period of time even after the user starts using the wireless connection device with a valid connection number. Even if it is, there is an effect of preventing the continued use of the wireless connection device.

The present invention makes it possible to use the wireless connection device only within the set working time and effective area, and the effective area is updated in a fixed time unit to prevent the continued unauthorized use of the wireless connection device even when the effective area information is stolen, However, if the working hours are continuing, there is an effect of ensuring sufficient working hours at the same working place by extending the renewal period of the effective area.

The present invention has the effect of allowing the wireless connection device to be connected to the system at a location where the communication environment is optimal.

The present invention allows the access history of the system by the wireless connection device to be distributed and stored in a plurality of terminals registered in the system using block chain technology, and only when a block related to the history distributed by the user's terminal is confirmed. By allowing access by the device, there is an effect of enabling reinforced security using a connection history that is not subject to theft.

1 is a configuration diagram of a secured wireless service system according to an embodiment of the present invention
Figure 2 is a block diagram showing the configuration of the security management server of Figure 1
3 is a block diagram showing the configuration of the device registration unit of FIG. 2
4 is a block diagram showing the configuration of the connection number generation module of FIG. 3
5 is a block diagram showing the configuration of the work classification setting module of FIG. 3
6 is a block diagram showing the configuration of the optimal position setting module of FIG. 3
7 is a block diagram showing the configuration of a registration information transmission unit of FIG. 2
Figure 8 is a block diagram showing the configuration of the workability information transmission unit of Figure 2
9 is a block diagram showing the configuration of the security setting unit of FIG. 2
10 is a block diagram showing the configuration of the history management bar of FIG. 2
11 is a block diagram showing the configuration of the authentication server of FIG. 1
12 is a block diagram showing the configuration of the wireless connection device of FIG. 1
13 is a block diagram showing the configuration of a device information transmission unit of FIG. 12
14 is a block diagram showing the configuration of a location information generating unit of FIG. 12
15 is a block diagram showing the configuration of the permission determination unit of FIG. 12
16 is a block diagram showing the configuration of a time-based blocking unit of FIG. 12
17 is a block diagram showing the configuration of a location-based blocking unit of FIG. 12
18 is a configuration diagram of an enclosure part and a door part of FIG. 1
19 is a block diagram showing the configuration of the sealing means of FIG. 18
20 is a block diagram showing the configuration of the opening/closing control unit of FIG. 1

Hereinafter, preferred embodiments of a secured wireless service system and a wireless connection device included therein according to the present invention will be described in detail with reference to the accompanying drawings. In the following description of the present invention, when it is determined that a detailed description of a known function or configuration may unnecessarily obscure the subject matter of the present invention, a detailed description thereof will be omitted. Throughout the specification, when a part "includes" a certain component, it means that other components may be further included, and other components are not excluded unless specifically stated to the contrary. Terms such as "... unit" and "... module" mean a unit that processes at least one function or operation, which may be implemented by hardware or software or a combination of hardware and software.

Referring to FIGS. 1 to 20 of a secured wireless service system according to an embodiment of the present invention, the wireless service system collects information through a plurality of devices 33 to provide a wireless connection device 31. It includes a device unit 3 for wirelessly transmitting to the server unit 1 through the device unit 3, and a server unit 1 for collecting information transmitted from the device unit 3 and providing a separate control solution.

The present invention relates to a wireless M2M (Machine to Machine) service system (hereinafter referred to as'wireless service system') using a mobile communication method such as 2G, 3G, 4G, 5G, etc., and necessary information through various devices 33 Is collected and shared, and the server unit 1 utilizes the collected information to provide it to the user or provide a variety of separate control solutions such as traffic control and security.

As previously discussed in the background art, such a wireless system enables information to be transmitted and received by installing a wireless connection device 31 such as a wireless modem or a router between the device 33 and the server unit 1. It has the advantage that it does not require the construction of the railroad and is easy to control and operate. However, if there is only a wireless connection device 31 such as a wireless modem or a router and a USIM, access to the system is possible, and the wireless connection device 31 can be installed or the settings can be changed at will, so that data can be stolen or set without permission. There is a very high risk of disturbing the system by making changes.

Therefore, in the present invention, in the case of installing or changing the settings of the wireless connection device 31 such as a wireless modem or a router, or when accessing the system using the wireless connection device 31, regional restrictions and time restrictions By making it possible to set, etc., unauthorized use and installation of the wireless connection device 31 can be prevented.

In addition, in the present invention, in order to further strengthen the security of the system, an access number that is updated at regular time intervals is generated, and location information is inserted along with time information in the access number, and the access number and location information are updated at regular time intervals. , Only when the time information is satisfied, the use is allowed.

In addition, the present invention allows the use of the wireless connection device only within the set work position within the set work time by setting the effective area information and work time information, and the set effective area information can also be updated at regular time intervals. To be. However, in the event that the valid area information is updated, in order to ensure sufficient working time, an extension of the working time is requested, and when the extended period is over, the valid area information is changed so that authentication in the new effective area is not possible. Make it happen.

In addition, the present invention distributes and stores information on the connection history of the wireless connection device in the form of a block chain in the terminal registered in the system, thereby preventing the risk of manipulation of the connection history. It is possible to check the stored block information on the connection history through the terminal registered in the system so that only users with the terminal registered in the system can use the wireless connection device, thereby providing enhanced and reliable security.

The server unit 1 is a configuration that collects information from a plurality of devices 33 to provide various control solutions, and includes configurations such as an application server and a DB, as shown in FIG. 1. The server unit 1 may separately include a security management server 11 and an authentication server 13.

The security management server 11 is configured to enhance security by restricting the use of the wireless connection device 31 connected to the system, and registers information of each wireless connection device 31, and registers the information of each wireless connection device 31. 31), the available location information, user information, work available time information, etc. can be registered, and the connection number generated by updating at regular time intervals can be delivered, while the connection number includes time information and location information. Can be included. In more detail, when the wireless connection device 31 is connected and the operation is started, the security management server 11 includes available location information, user information, work time information, etc. set for each wireless connection device 31. Is transmitted to the wireless connection device 31 so that use can be restricted through the wireless connection device 31, and location information, work time information, and access number information are notified to a separately registered worker and The connection device 31 can be used, and the access number and location information are updated at regular time intervals to minimize damage that may be caused by leakage of the access number. In addition, the security management server 11 allows the history of access to the system by the wireless connection device 31 to be distributed and stored in terminals registered in the system using blockchain technology. Therefore, the connection history by the wireless connection device 31 cannot be tampered with without permission, and a user, an operator, etc. who wish to use the wireless connection device 31 must register the terminal in the system and store block information on the history. The security for the wireless connection device 31 can be further strengthened. To this end, the security management server 11 includes a device registration unit 111, a registration information transmission unit 112, a workability information transmission unit 113, a security setting unit 114, a history management unit, as shown in FIG. (115) and the like.

The device registration unit 111 is a configuration for setting and registering identification information and security information of each wireless connection device 31, and registers identification information on each wireless connection device 31. The security setting is possible, and information on security is transmitted to each wireless connection device 31 so that use restrictions according to the security setting can be made. In addition, the device registration unit 111 may register information on a terminal using the system. The device registration unit 111 allows you to set available location information, user information, time information, job classification information, access number, etc. of the wireless connection device 31 as a matter of security, and the location information and access number are constant. It can be updated on an hourly basis so that changes can be made. In addition, the device registration unit 111 may be set to move the wireless connection device 31 to a location with low traffic in order to facilitate access by the wireless connection device 31 and further strengthen location-based security. To this end, the device registration unit 111 is a device identification information registration module 111a, an effective area setting module 111b, an error range setting module 111c, a user information registration module 111d, as shown in FIG. It may include an available work time setting module 111e, a connection number generation module 111f, a work classification setting module 111g, an optimum point setting module 111h, and an effective area update module 111i.

The device identification information registration module 111a is configured to register information for identifying each wireless connection device 31, and allows information such as a MAC address and a device ID to be registered as identification information. Accordingly, in the present invention, security settings for each wireless connection device 31 can be set differently, and information on security can be transmitted to each wireless connection device 31 so that restrictions on use can be made, and each wireless connection device Information on security is transmitted to a user registered with the device 31 so that the wireless connection device 31 can be used.

The effective area setting module 111b is a configuration that sets and registers the available location information of the wireless connection device 31, and can be set to a location within a certain range, and can be set to a specific coordinate, distance from a specific facility, etc. Can be set. The location information set by the effective area setting module 111b is transmitted to the wireless connection device 31, and is compared with the location information generated by the wireless connection device 31 to determine whether or not the wireless connection device 31 can be used. Lets you decide. In addition, the valid area information set by the valid area setting module 111b is updated at regular time intervals by the effective area update module 111i.

The error range setting module 111c sets a range that can be recognized as an error in the location information within a certain range set by the effective area setting module 111b. The error range setting module 111c sets an additional criterion that can be set as a usable regional range according to the degree of security of the system to be set, the communication environment of the location set as the effective area, and the surrounding environment. Therefore, even when the communication environment around the wireless connection device 31, the environment for transmitting and receiving location information, etc. are poor, security based on the location information can operate smoothly, and a different degree of security can be set for each wireless connection device 31. can do.

The user information registration module 111d is a configuration that registers user information that can use each wireless connection device 31, and can be registered in a separate ID format. The terminal information that can receive the information is also input. When the wireless connection device 31 is newly installed in the system or the setting is changed, the user information registration module 111d is configured to use the wireless connection device 31 to use the data of the system. The information of the worker who can use the wireless connection device 31 is registered. User information registered by the user information registration module 111d is not only used as authentication information when a worker uses the wireless connection device 31, but also the wireless connection device 31 can be used for a user registered as a worker. It is used to deliver location information, workable time information, and access number information.

The workable time setting module 111e is a configuration for setting a time during which the operator can use the wireless connection device 31, and the set time information is transferred to each wireless connection device 31, so that the operator can use it only at that time. Make it possible. In addition, the available working time setting module 111e may set different working hours for each worker for the same wireless connection device 31.

The access number generation module 111f is configured to generate an irregularly generated access number, and when receiving information on which operation is initiated from the wireless connection device 31, it generates a connection number to generate the wireless connection device 31 and the operator. To be delivered to. In addition, the access number generation module 111f may allow the generated access number to form a single piece of information by inserting the location information together with valid time information, through which the operator satisfies the time information and the location information at the same time as the access number. Only then can the wireless connection device 31 be used. In addition, the access number is updated at regular time intervals, and even if the user successfully authenticates once, a new access number is input when a predetermined time elapses, thereby minimizing the risk of exposure of the access number. Therefore, not only can the risk of exposure of the access number be reduced, but even if the access number is exposed once by mistake, unauthorized use can be restricted to minimize damage. To this end, the connection number generation module 111f may include a time information insertion module 111f-1, a location information insertion module 111f-2, and a connection number update module 111f-3. Time information and location information are inserted together to form one piece of information, and the access number is updated at regular time intervals to minimize the risk of exposure and damage caused by exposure.

The work classification setting module 111g is configured to set a classification in which work is possible through the wireless connection device 31, and allows only the work of the set classification to be allowed. The job classification setting module 111g includes a communication job setting module 111g-1, a power job setting module 111g-2, a control control setting module 111g-3, and a data transmission/reception setting module 111g-4. can do.

The communication operation setting module 111g-1 is configured to enable a communication operation of the wireless connection device 31, and for example, the communication setting or device of the wireless connection device 31 can be changed. have. Therefore, the communication setting can be changed or the device for communication can be changed only when the communication operation is set to allow the communication operation by the communication operation setting module 111g-1. It can also be configured so that only is achieved. In addition, configurations related to communication of the wireless connection device 31 are provided in a separate space, and the configurations related to communication can be accessed only when a communication operation is permitted by the communication operation setting module 111g-1. May be.

The power operation setting module (111g-2) is a configuration that enables the operation on the power of the wireless connection device 31, for example to allow the setting of the power of the wireless connection device 31, change of the device, etc. do. In addition, configurations related to power of the wireless connection device 31 may also be provided in a separate space so that access is made only when work is permitted by the power work setting module 111g-2.

The control control setting module 111g-3 is configured to control the operation of the wireless connection device 31 itself or the operation of the device 33 connected to the wireless connection device 31. You can allow to change the control settings. Accordingly, the control adjustment setting module 111g-3 allows changes to be made only for the permitted control operation, thereby preventing the operator from changing other operations other than the permitted control setting.

The data transmission/reception setting module 111g-4 is a configuration that allows transmission and reception of data through the wireless connection device 31, and it is necessary to acquire data manually due to a failure or error of the device, or When backup, etc. is necessary, only specific data transmission/reception is allowed to prevent unauthorized data from being stolen.

The optimum point setting module 111h is configured to induce movement of the wireless connection device 31 to a location where communication traffic is low in addition to setting an effective area, and facilitates communication by the wireless connection device 31 It fundamentally blocks access from outside the set range, and makes it possible to increase the convenience of workers by making the optimal location setting based on the past access location. To this end, the optimum point setting module 111h is a reference point setting module 111h-1, a connection point collection module 111h-2, a position movement instruction module 111h-3, as shown in FIG. It may include a separate traffic information calculation module (111h-4), the optimal point determination module (111h-5).

The reference point setting module 111h-1 is configured to set a reference point in order to determine an optimal position, and sets a certain point of the effective area set by the effective area setting module 111b as a reference position. .

The access point collection module 111h-2 collects information about a point at which a connection was made by the corresponding wireless connection device 31 or an operator in the past within a certain range around a reference position. Therefore, the access point collection module 111h-2 allows the optimal position to be determined based on the point at which the connection was made based on the wireless connection device 31 attempting to access or the operator, so that access at a completely wrong position is not possible. It blocks attempts and makes it possible to increase user convenience.

The position movement instruction module 111h-3 is configured to instruct movement to a collected position, and directs movement to a plurality of collected points based on past access positions through an operator terminal.

The point-specific traffic information calculation module 111h-4 is a configuration that calculates traffic information of wireless communication for each moved location indicated by the location movement instruction module 111h-3. The response time can be measured by transmitting a radio signal, and traffic information can be calculated accordingly to determine an optimal location.

The optimum point determination module 111h-5 determines a point with the least calculated traffic information as an optimum location, and transmits information on the optimum location to the operator and the wireless connection device 31 to the operator by a wireless connection device ( 31) can be moved to the optimum position, and the wireless connection device 31 allows connection and operation only when moved to the optimum position.

The effective area update module 111i is configured to update information on the effective area set by the effective area setting module 111b at regular time intervals, and a location-based blocking unit 315 to be described later according to the updated effective area information. ) To limit the use.

The registration information transmission unit 112 is configured to transmit security-related information set for the wireless connection device 31 to a registered user of the wireless connection device 31, and is registered by the user information registration module 111d. The transmission is made using the terminal information of the user. The registration information transmission unit 112 transmits available location information, work available time information, access number information, job classification information, optimal location information, etc. according to the type of security set for each wireless connection device 31. do. To this end, the registration information transmission unit 112 is an effective area notification module 112a for transmitting location information, a working time information notification module 112b for transmitting available work time information, as shown in FIG. It may include an access number notification module 112c for transmitting access number information, a job classification information notification module 112d for transmitting job classification information, and an optimum point notification module 112e for transmitting optimal location information.

The workability information transmission unit 113 is configured to transmit information on security set for the wireless connection device 31 to each wireless connection device 31, and operation start information is received from each wireless connection device 31. If it is, it will be delivered. The workability information transmission unit 113 receives the identification information for each wireless connection device 31 together with operation start information from the wireless connection device 31, and accordingly, the set for the wireless connection device 31 The security information is transmitted to the wireless connection device 31 so that the user can be authenticated. In addition, the workability information transmission unit 113 transmits information that can work through the wireless connection device 31 so that only the corresponding work is performed, and transmits the optimal position so that the wireless connection device 31 moves to the optimal position. Connections can be made only when they are moved. To this end, the workable information transmission unit 113 includes a device information receiving module 113a for receiving identification information about a device from the wireless connection device 31, and an effective area information transmitting module 113b for transmitting usable location information. ), the available work time information transmitting module 113c that delivers the available work time information, the access number information transmitting module 113d that delivers the access number information, the work classification information transmitting module 113e that delivers the work classification information, optimal It may include an optimal point transmission module (113f) for transmitting the location information.

The security setting unit 114 is configured to set the type of security to be set for each wireless connection device 31, and sets the type of security to be applied according to the type and environment of the system, wireless connection device, and the like. To this end, the security setting unit 114 includes a device selection module 114a for selecting a wireless connection device 31 for setting security, as shown in FIG. 9, and a location for setting location-based security for the selected device. Base security setting module 114b, time-based security setting module 114c for setting time-based security, access number-based security setting module 114d for setting access number-based security, and job classification-based security setting module (114e) can be included. Therefore, when location-based security is set by the location-based security setting module 114b, the installation of the wireless connection device 31, change of settings, and the system can be performed only when the wireless connection device 31 is within the set When the connection is enabled and the time-based security setting module 114c is set, the registered user can use the wireless connection device 31 only within the set working time, and the access number-based security setting module 114d When this is set, the input of the connection number that is updated at regular time intervals is requested, and time information and location information are inserted together in the connection number, so that it can be used only when both the connection number and the location and time information match. It makes it possible to further strengthen security. In addition, when a job classification-based security setting module 114e sets a classification in which a job is possible, only the jobs permitted through the wireless connection device 31 can be performed.

The history management unit 115 is a configuration in which the wireless connection device 31 distributes and stores history information connected to the system using blockchain technology, and can be distributed and stored in terminals registered in the system. Therefore, the history management unit 115 can prevent the history information from being manipulated, and enhance security by enabling authentication for the use of the wireless connection device 31 through history information with a low risk of manipulation. . In addition, the history management unit 115 allows the history information to be updated at regular time intervals to respond to a new connection of the wireless connection device 31 and a new registration of the terminal. In addition, the history management unit 115 can use the history information distributed in the form of blocks in the terminal when authenticating the use of the wireless connection device 31, and only a user who has a terminal having the corresponding information can use the wireless connection device 31 ) Can be used to prevent unauthorized use of the wireless connection device 31 through an unregistered terminal. In addition, since the history management unit 115 distributes and stores history information with a low risk of manipulation, it is possible to compare the history information from time to time so that the comparison with actual work information can be made, through which the use by terminal manipulation is also detected later. It can be done to maintain the stability of the system. To this end, the history management unit 115 is a block chain module 115a, a history information update module 115b, a history information check module 115c, a history comparison module 115d, as shown in FIG. (115e) may be included.

The blockchain module 115a stores the history information of the wireless connection device 31 for the system in a block using blockchain technology, connects it in a chain, and distributes and stores it in terminals registered in the system. Information about the location, time, and user to which (31) is connected can be saved. In addition, the block-type history information stored by the block chain module 115a is updated at regular time intervals by the history information update module 115b, through which a new wireless connection device 31 is created and the terminal is registered. To be able to respond.

The history information update module 115b is configured to update distributed storage of the history information of the wireless connection device 31 at regular time intervals, and a new terminal is registered in the system or the use history of the new wireless connection device 31 is When created, this should be reflected. Therefore, the history information update module 115b allows the history information in block form to be distributed and stored in a new terminal when a new terminal is registered, and when a new history is created, the new history is also distributed in block form. Allow storage to take place.

The history information verification module 115c is a configuration that enables verification of history information through a terminal when the wireless connection device 31 starts to operate, and can request history information in a block form from a user terminal, and Access using the wireless connection device 31 is allowed only when there is history information. Therefore, since the history information checking module 115c can use the wireless connection device 31 only by a person who has a terminal registered in the system, it is possible to thoroughly and accurately manage the security of the worker.

The history comparison module 115d is a configuration that compares the actual work information with the actual work information using the history information stored by the block chain module 115a, and the work information and past work performed by authentication through the history information checking module 115c By comparing the histories, it is possible to check information such as work time, work place, and wireless connection device 31 and to determine whether it is appropriate. Therefore, if permission is made for a location that can be permitted to the user, work hours, or anything other than the wireless connection device 31, the system of the history management unit 115 may be abnormal or information by the blockchain may have been hacked, By checking this, the terminal can be blocked and the system can be checked.

When an abnormality is detected by the history comparison module 115d, the terminal blocking module 115e blocks the connection of the corresponding terminal and informs the system of an abnormality so that it can be checked.

The authentication server 13 is a server separately formed for port-based control of the wireless connection device 31, and may be configured as a RADIUS server, for example. The authentication server 13 performs port-based authentication using an EAP authentication protocol capable of accommodating various authentication mechanisms together with the IEEE 802.1x standard. The authentication server 13 may use various authentication methods, but for example, it transmits an authentication challenge value temporarily generated in response to a request for access to the wireless connection device 31, and for this, an authentication challenge and an account, Receives a hash value of the password, confirms whether it is an authenticated user, and enables access to the system through the wireless connection device 31. To this end, the authentication server 13 may include a user authentication request receiving module 131, a challenge value transmission module 132, and a connection permission determination module 133, as shown in FIG. 11.

The user authentication request receiving module 131 is configured to receive information about the connection request to the wireless connection device 31, and if there is a request for access to the wireless connection device 31, the authentication challenge is performed through the challenge value transmission module 132. Allows the transfer of values.

The challenge value transmission module 132 transmits a temporarily generated challenge value to the user when there is a user's connection request. Accordingly, the authentication server 13 allows the user to authenticate by the temporarily generated challenge value, thereby increasing the security strength.

When the user who has received the authentication challenge value transmits the received authentication challenge value, the registered account, and the hash value for the password, the access permission determination module 133 checks whether or not the connection is permitted to be determined. do. Therefore, the access permission determination module 133 generates and transmits an encryption key to the user when both the temporarily generated challenge value and the registered account and password match, and the user communicates using this encryption key. It allows access to the system by enabling it to run.

The apparatus unit 3 is configured to collect various pieces of information from the plurality of devices 33 and transmit them to the server unit 1 wirelessly, so that various information can be transmitted and received between the server unit 1 and the server unit 1. The device unit 3 can be wirelessly connected to the server unit 1 through various mobile communication methods such as 2G, 3G, 4G, and 5G, and wireless connection such as a wireless modem or router that can be connected to such a mobile communication method. To be able to be connected via the device 31. In addition, the device unit 3 includes an enclosure unit 35 accommodating each component of the wireless connection device 31, and the enclosure unit 35 is opened and closed by the door unit 37 so that only authenticated users Each component in the wireless connection device 31 can be manipulated, and an opening/closing control unit 39 is included to control the opening and closing of the door unit 37.

The wireless connection device 31 is a device such as a wireless modem or router that can be connected to various mobile communication methods, and wirelessly connects the device 33 and the server unit 1 to transmit and receive data. . In particular, the wireless connection device 31 can be connected to the system anywhere due to the characteristics of wireless communication, and anyone can access the system to obtain data or change the settings of the wireless connection device 31 to disturb the system. It can be said that the concern is very high. Therefore, the wireless connection device 31 allows only limited users to acquire data by newly adding to the system or changing settings or accessing the system according to the security information set by the security management server 11, The security vulnerability of the wireless connection device 31 can be supplemented. In addition, the wireless connection device 31 may further enhance security by updating access number information and location-based authentication information over time. To this end, the wireless connection device 31 includes a device information transmission unit 311, a location information generation unit 312, a use permission determination unit 313, a time-based blocking unit 314, as shown in FIG. It may include a location-based blocking unit 315.

The device information transmission unit 311 is configured to transmit information on the wireless connection device 31 to the security management server 11 when the operation of the wireless connection device 31 starts, and according to the transmitted device information, the security management server Make sure to receive information about security from (11). As shown in FIG. 13, the device information transmission unit 311 identifies an operation start detection module 311a that detects the start of operation of the wireless connection device 31, and when the operation starts, the wireless connection device 31 is identified. And a device information transmission module 311b for transmitting information to the security management server 11.

The operation start detection module 311a is configured to detect the start of operation of the wireless connection device 31, and can detect that the power is turned on, or detect that the wireless connection device 31 is connected to the system. You may. The operation start detection module 311a transmits the identification information of the wireless connection device 31 to the security management server 11 through the device information transmission module 311b when the operation or connection of the wireless connection device 31 is detected. Send it.

The device information transmission module 311b is configured to transmit identification information of the device to the security management server 11 when the operation or connection of the wireless connection device 31 is detected by the operation start detection module 311a. Security information according to the identification information can be transmitted from the security management server (11).

The location information generation unit 312 is configured to generate information on the current location of the wireless connection device 31, and by forming a GPS module 312a on the wireless connection device 31, the location information is generated by itself. Alternatively, the location information may be received by the location information receiving module 312c including a terminal connection module 312b capable of connecting a separate terminal capable of generating location information. At this time, the terminal connection module 312b allows the wireless connection device 31 to be connected only by using short-range communication within a predetermined distance, thereby generating accurate location information of the wireless connection device 31.

The GPS module 312a is configured to generate location information, and a general GPS device that generates location information using satellite information or the like may be used.

The terminal connection module 312b is configured to connect a separate terminal to generate location information. Even when the GPS module 312a is not included, a separate terminal capable of generating location information such as a smartphone is provided. By using the location information of the wireless connection device 31 can be generated. Accordingly, the terminal connection module 312b may restrict usage based on location information even when the wireless connection device 31 does not include the GPS module 312a. However, since the terminal connection module 312b can normally apply security based on the location only by generating the correct location of the wireless connection device 31, a configuration capable of connecting the terminal in a short distance such as USB or Bluetooth is applied. It is desirable.

The location information receiving module 312c is configured to receive location information generated from a separate terminal when a separate terminal for generating location information is connected by the terminal connection module 312b, and receives the received location information. It is to be generated as the location information of the wireless connection device 31. Accordingly, it is possible to enable the use of the wireless connection device 31 only when the wireless connection device 31 is compared with the location information received from the security management server 11 and exists within a set range.

The use permission determination unit 313 is configured to determine whether to allow the use of the wireless connection device 31, and the security information transmitted from the workability information transmission unit 113 of the security management server 11 It is compared with the information so that permission can be determined. The permission determination unit 313 determines whether to permit the use of the wireless connection device 31 such as new installation, change of settings, data acquisition, etc. for the wireless connection device 31 connected to the system. If it is determined, it is possible to add the wireless connection device 31, change the settings, or obtain data, and if the permission is denied, the use of the wireless connection device 31 is prevented by the use blocking unit 314. Be limited. The use permission determination unit 313 compares the corresponding information according to the type of security set for each wireless connection device 31, and the security management server 11 according to the type of security set in the security management server 11 When the security information is received from ), the comparison is made based on the received information. In addition, the use permission determination unit 313 may limit to allow only jobs set by the job classification setting module 111g. As shown in FIG. 13, the permission determination unit 313 includes a location range determination module 313a, a user information comparison module 313b, a time information determination module 313c, a connection number comparison module 313d, and a number verification. It may include a module 313e, a job permission module 313f by classification, a position movement recognition module 313g, and a history information verification module 313h.

The location range determination module 313a determines whether the wireless connection device 31 is within the location range set by the security management server 11. The location range determination module 313a receives the information set by the effective area setting module 111b and the error range setting module 111c of the security management server 11, and is generated by the location information generation unit 312 Compare it with the location information. Accordingly, the location range determination module 313a permits the use of the wireless connection device 31 only when the wireless connection device 31 is in an available effective area or a partial error range. In addition, when the effective area is changed by the effective area update module 111i, comparison with the changed effective area is made.

The user information comparison module 313b is configured to determine whether a worker who intends to use the wireless connection device 31 is an authenticated user, and is registered by the user information registration module 111d of the security management server 11. User information and user information input to the wireless connection device 31 are compared. User information to use the wireless connection device 31 may be input through a separate terminal connected to the wireless connection device 31 or may be configured to be input through the wireless connection device 31 itself. Therefore, the user information comparison module 313b enables the use of the wireless connection device 31 only when the user information matches, and in addition to this, the user information comparison module 313b allows the use of the wireless connection device 31 when the available working hours and/or access numbers match. Configurable.

The time information determination module (313c) is configured to enable the use of the wireless connection device 31 only within the available work time, the work set by the work available time setting module (111e) of the security management server (11) is possible. The time information is compared with the time information at the time when the wireless connection device 31 is to be operated, and the use of the wireless connection device 31 is permitted only when it is within the available working time. In addition, since the available work time setting module 111e can set a different work available time for each user for the same wireless connection device 31, it is combined with user information to determine whether it is within the available work time of the user. can do.

The access number comparison module 313d compares the access number generated by the access number generation module 111f of the security management server 11 with the access number input by the operator and matches the wireless connection device 31 only when they match. ) To be permitted.

The number verification module 313e is a configuration for verifying the validity of the access number, and checks whether the time information inserted in the access number and the location information match, and whether the connection number matches and within the time inserted in the access number, Make sure that it is within the location.

The classification-specific work permission module 313f is configured by the work classification setting module 111g to execute only tasks permitted based on the contents transmitted by the work classification information transmission module 113e. It allows only the work set for power, control, data transmission and reception, etc. to be allowed. To this end, the classification-specific operation permission module 313f includes a communication operation permission module 313f-1, a power operation permission module 313f-2, a control regulation permission module 313f-3, and a data transmission/reception permission module 313f-4. ), etc.

When the communication operation permission module (313f-1) is set to allow a specific communication operation by the communication operation setting module (111g-1), it is configured to enable the corresponding communication operation through the wireless connection device (31). , It is possible to change the settings of a specific communication or configure a new communication device, and as described above, configurations related to communication may be accommodated in a certain area, and access may be allowed only when a communication operation is permitted.

The power operation permission module (313f-2) is a configuration that enables work on the power of the wireless connection device 31 when it is set to allow power operation, and allows the power setting to be changed or to connect a new power supply device. You can make it possible. In addition, the power operation allowance module (313f-2) may be configured to accommodate the configuration related to power in a specific area, and to allow access only when the power operation is permitted.

The control control permission module 313f-3 is configured to allow control of the wireless connection device 31 or the device 33, and according to the contents set by the control control setting module 111g-3 Only allow control of specific actions, etc. Accordingly, the control adjustment permission module 313f-3 may prevent the contents of the control adjustment for an operation that is not allowed from being stored or to block access to the control adjustment.

The data transmission/reception permission module 313f-4 is configured to allow transmission and reception of specific data, and transmits/receives only allowed data according to the contents set by the data transmission/reception setting module 111g-4.

When the optimal position is set by the optimal position setting module 111h and transmitted to the wireless connection device 31, the position movement recognition module 313g recognizes that the wireless connection device 31 moves to the optimal position. Access and work should be allowed only when moved to the optimum position. Therefore, the position movement recognition module (313g) allows the operator to access the server unit 1 from a completely irrelevant position to block unauthorized system disturbances and hijacking of data, etc., and access from a location with good communication status. By inducing this to be made, the connection using the wireless connection device 31 can be made smoothly.

The time-based blocking unit 314 is configured to block the use of the wireless connection device 31 based on the passage of time, and uses a connection number that is updated at regular time intervals. In other words, although the access number is updated at regular time intervals, the wireless connection device 31 can be used continuously if it is exposed once and entered, so if the access number is updated even if the use is permitted through the input of the access number, By requiring the entry of an irregular access number once, it is possible to minimize the damage caused by temporary exposure. To this end, the time-based blocking unit 314, as shown in Fig. 16, the access number update information receiving module 314a, the use blocking module 314b, the re-authentication request module 314c, the use resume module 314d. It may include.

The access number update information receiving module 314a is configured to receive the access number update information when the access number is updated once the access number is input and permitted to use, and the use of the wireless connection device 31 is blocked and re-authentication. Let this happen.

The use blocking module 314b is configured to block the use of the wireless connection device 31 when the access number is updated, so that the setting change of the wireless connection device 31, data acquisition, etc. can be blocked.

The re-authentication request module 314c is configured to request re-authentication from the user when the use is blocked due to the update of the access number, and requests the input of a newly generated access number.

The use resume module 314d enables the previous operation through the wireless connection device 31 to be continued when a new access number is input by the user. At this time, information such as previously permitted work classification is maintained.

The location-based blocking unit 315 is configured to block the use of the wireless connection device 31 based on the location, and the block is made based on the effective area information updated by the effective area update module 111i. . The location-based blocking unit 315 receives information about the effective area after the user meets the location-based authentication and the use of the wireless connection device 31 is started, and the use of the wireless connection device 31 is disabled. To be blocked. However, if there is information on the already set working hours, the existing working hours can be maintained even when the effective area is changed to minimize user inconvenience, and if the existing working hours have ended, it will be restarted according to the changed effective area. By allowing authentication to take place, it is possible to maintain the purpose of reinforcing security by renewing the effective area. To this end, the location-based blocking unit 315 includes an effective area change information receiving module 315a, a work time check module 315b, a work time security request module 315c, an area change instruction module 315d, and a use blocking module. (315e), a position movement check module 315f, may include a connection resume module (315g).

The effective area change information receiving module 315a is configured to receive the effective area information updated by the effective area update module 111i, and receives the effective area information updated even after location-based authentication is performed once. .

The work time check module 315b is a configuration that checks information on work time when the updated effective area information is received by the effective area change information receiving module 315a, and checks whether the set work time remains. Do it.

The work time securing request module 315c is a configuration that enables the work time to be secured when work time remains, and a request to the security management server 11 to suspend the change of the effective area until the work time is completed. To transmit.

The zone change instruction module (315d) is configured to request a change of the working position according to the changed effective zone when there is no remaining working time or the postponed working time is over, and only when the working position is changed within the effective zone. It allows the use of the connection device 31 to be continued.

The use blocking module 315e is configured to block the use of the wireless connection device 31 with an instruction to change the area, so that the change of the settings of the wireless connection device 31 and the acquisition of data are blocked.

The position movement confirmation module 315f is a configuration that checks when an instruction to change the area is made by the area change instruction module 315d, and enables the location of the wireless connection device 31 to be checked at regular time intervals.

The connection resumption module (315g) is configured to allow continued use of the wireless connection device (31) when it is confirmed that the location of the wireless connection device (31) has moved to the effective area changed by the location movement confirmation module (315f) As a result, the work of the same classification as the existing work can be continued.

The device 33 is configured to collect various information necessary for providing a control solution by the server unit 1, and collects information such as a sensor device that measures various information, a media device that collects video, audio, etc. Various devices capable of transmitting and controlling may be applied, and are connected to the wireless connection device 31 so that information can be transmitted and received wirelessly with the server unit 1.

The enclosure unit 35 is a configuration for accommodating each configuration of the wireless connection device 31 therein, and the device information transmission unit 311, the location information generation unit 312, and the use permission determination unit 313 therein , A time-based blocking unit 314, a location-based blocking unit 315, and an opening/closing control unit 39 may be included, and the front and rear surfaces thereof are opened and closed by the door unit 37. In particular, the enclosure portion 35 includes a configuration of a user authentication means 351, a locking means 352, a rear opening/closing switch 353, etc. in order to allow the door portion 37 to be opened and closed, and the door portion In order to check the opening and closing state of 37 and to store the opening and closing history, the door opening detection sensor 354 may be included.

The user authentication means 351 is a configuration in which the door part 37 can be opened only by the authenticated user by authenticating the user, and only when the stored user information and the recognized user information are matched. 37) can be made open. To this end, the user authentication means 351 may include a card recognition module 351a capable of wirelessly reading information such as a smart card and an RFID card, but is not limited thereto and various It can be formed into a shape.

The locking means 352 is configured to lock or open the door part 37, and may include an electric locking means 352a operating electrically, and a manual locking means 352b operated manually by a key or the like. ) To prepare for failure of the electric locking means (352a) by additionally including. In particular, the manual locking means (352b) is so that exposure to the outside is blocked in the enclosed space to prevent forcible opening, and is exposed to the outside only when a failure of the electric locking means (352a) occurs. The door part 37 can be opened using a key or the like. To this end, the locking means 352 may further include a sealing means 352c for sealing the manual locking means 352b.

The electric locking means (352a) is electrically operated according to the command of the opening/closing control unit 39, and can be automatically opened when user authentication is performed by the user authentication means 351, or the enclosure unit 35 It can also be opened through the operation of a button formed inside.

The manual locking means (352b) is configured to open and close the door part 37 manually by a key, etc., and is accommodated in a closed space and exposed to the outside only when a failure occurs in the electric locking means (352a). Make it possible to open up. Therefore, the manual locking means (352b) can be prevented from being opened by unauthorized operation. In addition, the manual locking means (352b) can be exposed to the outside only when the user authentication is completed by the user authentication means (351) but the electric locking means (352a) is not operated, so that a failure in the electric locking means (352a) By allowing it to be opened only when it occurs and user authentication is completed, the user's inconvenience is minimized even when the electric locking means (352a) fails, while the security can be maintained continuously, and the external exposure of the manual locking means (352b) is minimized. Thus, by reducing the risk of failure, it can be a reliable alternative to the failure of the electric locking means (352a).

The electric locking means (352a) and the manual locking means (352b) are formed on the front and rear sides, respectively, and the electric front locking means (352a-1), the electric rear locking means (352a-2), and the manual front locking means (352b-1) ) And a manual rear locking means (352b-2), each having the same configuration.

The sealing means (352c) is configured to accommodate the manual locking means (352b) in a closed space, and only when user authentication is completed but the electric locking means (352a) does not operate, the manual locking means (352b) to the outside. Let it be exposed. In addition, the sealing means (352c) is supplied with power only when the electric locking means (352a) does not operate so that the locking means (352c-14) can be opened, thereby causing a failure in the electric locking means (352a). If not, the opening should be fundamentally blocked. To this end, the sealing means 352c may include a sealing portion 352c-1 and an operation start portion 352c-2.

The sealing portion (352c-1) is configured to accommodate the manual locking means (352b) in a closed space, so that when a failure occurs in the electric locking means (352a) can be opened only by an authorized user. The sealing portion (352c-1) may separately include a user authentication module (352c-11), which controls the locking of the opening and closing door (352c-15) and the opening door (352c-15) to open and close the sealed space. An open module (352c) which may include a locking means (352c-14), and unlocks the locking means (352c-14) when a failure occurs in the electric locking means (352a) and power is supplied and user authentication is completed. -12) and the opening and closing door (352c-15) may include an automatic closing module (352c-13) that automatically locks the locking means (352c-14) when closed.

The user authentication module (352c-11) is configured to check whether the user is an authenticated user, and when the user is authenticated, the locking means (352c-14) is unlocked by the open module (352c-12), and the A failure of the electric locking means 352a is confirmed by the operation initiation unit 352c-2, and the operation is performed only when power is supplied.

The opening module (352c-12) is configured to open the opening door (352c-15) by unlocking the locking means (352c-14) when the user is authenticated. It can only be opened when completed.

The automatic closing module (352c-13) is configured to automatically unlock the locking means (352c-14) when the opening and closing door (352c-15) is opened by the opening module (352c-12) and then closed again, It is automatically closed after the worker's work is completed so that exposure to the outside can be blocked.

The operation start unit (352c-2) is configured to supply power to the sealing unit (352c-1) to perform authentication of the user and the operation of the open module (352c-12), the electric locking means (352a) Make sure that power is supplied only when a failure occurs. To this end, the operation start unit 352c-2 may include a user authentication confirmation module 352c-21, a lock status confirmation module 352c-22, and a power supply start module 352c-23.

The user authentication verification module 352c-21 is configured to check whether user authentication has been completed by the user authentication means 351, and when the user authentication is completed, the user authentication module 352c-22 operates to operate the door It is possible to check whether the part 37 is open.

The locking status checking module 352c-22 is configured to check whether the door part 37 is opened when user authentication is completed, and the door opening detection sensor 354 may check whether the door is opened.

When the power supply start module 352c-23 determines that the door part 37 is not opened by the lock check module 352c-22, it is determined as a failure of the electric locking means 352a and the sealing part 352c- Supply power to 1).

Each of the front door 371 and the rear door 372 is provided with a user authentication means 351 so that the electric front locking means 352a-1 and the electric rear locking means 352a-2 operate according to user authentication. However, preferably, the user authentication means 351 is formed only on the front door 371 so that only the electric front locking means 352a-1 is opened according to user authentication, and the electric rear locking means 352a-2 is an enclosure The rear door 372 may be opened by being operated by a separate rear opening/closing switch 353 formed inside the part 35. Therefore, the user does not need to perform user authentication when opening the front door 371 and the rear door 372, respectively, and performs user authentication only for the front door 371, and the rear open/close switch 353 for the rear door 372. ), the user's convenience can be increased.

The door open detection sensor 354 is configured to detect the opening and closing of the door part 37, and may be formed inside the enclosure part 35, to store information on the opening and closing and transmit the information to the user. can do. In addition, the door open detection sensor 354 enables it to be confirmed whether the door part 37 is open by the lock confirmation module 352c-22.

The door part 37 is configured to open and close the inside of the enclosure part 35, and the front door 371 and the rear door 372 may be formed at the front and rear sides, respectively. As described above, the front door 371 and the rear door 372 may have an electric locking means 352a and a manual locking means 352b formed at the same time, and the electric front locking means 352a of the front door 371 -1) is opened according to user authentication by the user authentication means 351, and the electric rear locking means 352a-2 of the rear door 372 can be configured to be opened according to the operation of the rear opening/closing switch 353. have.

The opening/closing control unit 39 is configured to control the opening and closing of the door unit 37, and allows the door unit 37 to be opened by authenticating user information, and provides information on the opening and closing of the door unit 37. Stored to communicate the open/close status and check the open/close history. To this end, the open/close control unit 39 may include a user information storage module 391, a user authentication module 392, and an open/close information storage module 393, as shown in FIG. 18.

The user information storage module 391 is configured to store user information capable of opening the door unit 37, so that information on the user can be received and stored through the server unit 1 or a separate terminal. do. Accordingly, user information capable of opening the door part 37 can be changed and managed at any time, and physical security for the wireless connection device 31 can be efficiently achieved through this.

The user authentication module 392 compares the user information stored by the user information storage module 391 with the user information recognized by the user authentication means 351 and matches the electric front locking means 352a- 1) is operated so that the front door 371 is opened.

The opening/closing information storage module 393 is configured to receive information sensed by the door opening detection sensor 354 and store information on opening/closing of the door part 37, and information such as whether or not opening/closing and opening/closing time is stored. It is to be stored, and user information recognized by the user authentication means 351 at all times can be stored together. The opening/closing information storage module 393 may transmit the stored information to the server unit 1 or a separate terminal to enable management of the open state and open history of the door unit 37.

In the above, the applicant has described various embodiments of the present invention, but such embodiments are only one embodiment that implements the technical idea of the present invention, and any changes or modifications may be made as long as the technical idea of the present invention is implemented. It should be construed as falling within the scope of

1: server
11: security management server 111: device registration unit 112: registration information transmission unit
113: work available information delivery unit 114: security setting unit 115: history management unit
13: Authentication server
3: device
31: wireless connection device 311: device information transmission unit 312: location information generation unit
313: permission decision unit 314: time-based blocking unit 315: location-based blocking unit
33: device 35: enclosure 351: user authentication means
351a: card recognition module 352: locking means 352a: electric locking means
352a-1: electric front locking means 352a-2: electric rear locking means
352b: manual locking means 352b-1: manual front locking means
352b-2: manual rear locking means
352c: sealing means 352c-1: sealing part 352c-11: user authentication module
352c-12: open module 352c-13: automatic closing module 352c-14: locking means
352c-15: opening and closing door 352c-2: operation start portion 352c-21: user authentication verification module
352c-22: locking module 352c-23: power supply start module
353: rear open/close switch
354: door open detection sensor 37: door part 371: front door
372: rear door 39: opening/closing control unit 391: user information storage module
392: user authentication module 393: open/close information storage module

Claims (5)

A device unit that collects information through a plurality of devices and wirelessly transmits the collected information to the server unit through a wireless connection device, and a server unit that collects information transmitted from the device unit and provides a separate control solution,
The server unit includes a security management server for managing access to the wireless connection device,
The security management server,
Including a connection number generation module that generates a connection number that is updated in a certain time unit, and transmits it to the wireless connection device and the user terminal,
The connection number generation module,
It includes a location information insertion module for inserting location information for which the connection number is valid, and a time information insertion module for inserting time information for which the connection number is valid,
The wireless connection device,
Installation of wireless connection devices, change of settings, and access to the system are allowed only when both the time information and the location information inserted in the access number match,
The security management server,
A device identification information registration module that registers identification information about wireless connection devices connected to the system, an effective area setting module that sets the range of locations where each wireless connection device is allowed, and each wireless connection device is allowed to be used. It includes a workable time setting module that sets information on the work time, and an effective area update module that changes the effective area by a fixed time unit,
The wireless connection device,
The wireless connection device can be used only when the location of the wireless connection device and the working time information match,
The wireless connection device,
An effective area change information receiving module that receives information about the updated effective area, a work time check module that determines whether it is within the currently set working time, and a task that requests postponement of the effective area change by the remaining working time if it is within the working time. A time security request module, an area change instruction module that requests movement to a new effective area when the delayed working time elapses, a use blocking module that blocks the use of wireless connection devices with the area change instruction, and at regular intervals A secured wireless service system comprising: a location movement confirmation module for checking the location movement of the wireless connection device; and a connection resumption module for resuming use of the wireless connection device when the location movement is confirmed. The method of claim 1, wherein the wireless connection device
An access number update information receiving module that receives information about the updated access number, a usage blocking module that blocks the user's access when the access number is updated even while the wireless connection device is in use, and a re-authentication request to the user terminal. A secured wireless service system comprising: an authentication request module; and a use resume module configured to resume use when an updated access number is input. delete The method of claim 1, wherein the security management server
An optimal point setting module that designates and sets a location with the least amount of traffic to which a wireless connection device can be connected, an optimum point transmission module that transmits the optimal position set by the optimum point setting module to the wireless connection device, and an operator who sets the optimal location. It includes an optimal point notification module for notifying to,
The optimum point setting module,
A reference point setting module that sets a reference position to a certain point within the effective area, an access point collection module that collects past access locations based on an operator or wireless connection device within a certain range of the reference position, and past access locations A position movement instruction module instructing to move to, a point-specific traffic information calculation module that calculates communication traffic information for each location at a plurality of locations to be moved, and an optimal point determination module that determines an optimal position to a location with the least traffic. Including,
And the wireless connection device recognizes whether the wireless connection device moves to the received optimal position, and allows access only when the wireless connection device has moved. The method of claim 1, wherein the security management server
It includes a history management unit that distributes and stores information on the access history of the wireless connection device to terminals using the system using a block chain, and manages the use of the wireless connection device by using this,
The history management unit,
A block chain module that distributes and stores the history of connection of a wireless connection device to a plurality of terminals registered in the system using a block chain, a history information update module that updates history information at regular time intervals, and a wireless connection device. Security, characterized in that it includes a history information check module that requests block information about the history stored in the terminal whenever a connection is requested, and allows access using a wireless connection device only when a block for the history information exists. Wireless service system.

Images