KR102259156B1 - Authentication system and method for network environment - Google Patents

Abstract

The present invention relates to a device security system in which a mobile device, a device, and an AP device communicate with each other through a network, including: the mobile device carried by a user, configured to store and register a media access control (MAC) address received from the device, transmit the registered MAC address of the device to the AP device, and transmit use pattern information of the user to the AP device; the device configured to transmit the MAC address to the mobile device, and transmit user the use pattern information to the AP device; and the AP device configured to receive and store an MAC address of the mobile device and the MAC address of the device registered in the mobile device from the mobile device, collect the use pattern information from the mobile device and the device, and detect an abnormal use pattern state by analyzing the collected use pattern information. According to the present invention, a use pattern of a user for each device is learned in a network environment, and authentication is performed based on the device, so that security is enhanced.

Description

Device authentication system and method in a network environment {Authentication system and method for network environment}

The present invention relates to authentication of a device connected to a network such as IoT or IoE.

As we enter the era of the 4th industrial revolution, developments such as artificial intelligence, big data, and 5G are changing the daily life of modern people. With the development of the Internet of Things (IoT) or Internet of Everything (IoE) among various technologies, a hyper-connected society where everything is connected has arrived. A hyper-connected society is a society in which people, processes, data, and things are connected to each other based on IT to build an intelligent network, and through this, new values and innovations can be created. For this, it is important to be connected so that mutual communication is possible based on the Internet. In the past, wired/wireless networks focused on connecting computers and smartphones were used, but recently, the use for connecting various IoT devices is increasing.

As an environment where a lot of information comes and goes, the importance of security is emerging. This is because when a specific device is exposed to hacking, all devices connected to the network are exposed to risk. About 21 billion objects connected to the Internet are collecting data and performing various tasks even at this moment. It has become a major target for hackers, and the Mirai botnet attack in 2016 has become one of the most powerful security threats on the web. Therefore, it is necessary to pay attention to the security of the network when using IoT, but most router users are exposed to threats because they use IDs and passwords as they are when producing products, and follow-up measures for security are not taken. .

To this end, in recent years, various authentication technologies for increasing security in using devices in a network environment are being developed.

However, the existing authentication technologies require an additional authentication procedure to improve security, thereby reducing the user's service provision speed or convenience.

In addition, as various smart devices such as smartphones, smart pads, smart sensors, smart TVs, or smart cars are able to connect to the Internet, the number of smart devices connected to the network and used per person is greatly increasing. Even though it was the person, there was a hassle of having to perform repeated authentication.

Republic of Korea Patent Publication 10-2020-0084387 Republic of Korea Patent Publication 10-2017-0002560 Republic of Korea Patent Publication 10-2019-0069234 Republic of Korea Patent 10-0599131 Republic of Korea Patent Registration 10-0876628

An object of the present invention is to provide a device authentication system and method in a network environment that can improve both security and convenience.

Objects of the present invention are not limited to the objects mentioned above, and other objects not mentioned will be clearly understood by those skilled in the art from the following description.

The present invention for achieving the above object is a mobile device possessed by a user in a device authentication system in an environment in which a mobile device, a device, and an AP device communicate through a network, and a MAC (Media Access Control) address received from the device A mobile device that stores and registers, transmits the MAC address of the registered device to the AP device, and transmits the user's usage pattern information to the AP device, and transmits the MAC address to the mobile device and recalls the user's usage pattern information Receive and store the MAC address of the mobile device and the MAC address of the device registered in the mobile device from the device and the mobile device transmitting to the AP device, and collect usage pattern information from the mobile device and the device It includes an AP device that analyzes the usage pattern information to detect whether there is an abnormal usage pattern.

When the AP device detects an abnormal usage pattern in the mobile device, the AP device may request re-authentication using an authentication method other than the usage pattern authentication method to the mobile device.

When the AP device fails to re-authenticate in the mobile device or detects a predetermined special abnormal usage pattern in the mobile device, the AP device may cancel all communication connections between the mobile device and the registered device.

When the AP device detects an abnormal usage pattern in the device, it may transmit a notification message warning the mobile device.

The usage pattern information in the mobile device may include an app usage time, an app usage pattern, a display activation pattern, a security authentication success rate, and a pressure-sensitive touch screen sensor value.

The usage pattern information in the device may include operation time period information of the corresponding device.

In addition, the AP device may determine whether to authenticate by changing the security level according to the device. Specifically, the AP device may determine whether to authenticate by varying the security level in consideration of the risk of the device and the frequency of device use.

Here, the level of risk of the device is directly designated by the user, and the frequency of use of the device is determined by the number of times the device is actually used. More specifically, the security level includes an ultra-high-risk security level with a high risk of the device and a large number of uses, a high-risk security level with a high risk of the device and a low frequency of use, and a low-risk security level with a low risk of the device and a large number of uses, and , the device is classified into an ultra-low-risk security level with low risk and a small number of uses to determine whether to authenticate.

On the other hand, the device security method in an environment in which a mobile device, a device, and an AP device communicate through a network of the present invention includes the steps of storing and registering a MAC (Media Access Control) address received from the device in the mobile device, the mobile device transmitting the MAC address of the registered device and the MAC address of the mobile device to the AP device; storing the MAC address of the device and the MAC address of the mobile device received from the mobile device in the AP device; Transmitting the user's usage pattern information from the mobile device and device to the AP device, collecting usage pattern information from the mobile device and device at the AP device, and the AP device analyzing the collected usage pattern information to find abnormal and detecting whether there is a usage pattern.

The method may further include, when the AP device detects an abnormal usage pattern in the mobile device, requesting the mobile device to re-authenticate using an authentication method other than the usage pattern authentication method.

The method may further include, when the AP device fails to re-authenticate in the mobile device or detects a predetermined special abnormal usage pattern in the mobile device, disconnecting all communication connections between the mobile device and the registered device. .

The method may further include, when the AP device detects an abnormal usage pattern in the device, transmitting a notification message to warn the mobile device of this.

The usage pattern information in the mobile device may include an app usage time, an app usage pattern, a display activation pattern, a security authentication success rate, and a pressure-sensitive touch screen sensor value.

The usage pattern information in the device may include operation time period information of the corresponding device.

According to the present invention, by linking the user authentication method for each device in the network environment with the mobile device that the user always has, there is an effect that both the security and convenience of the device can be improved compared to the prior art. Specifically, in addition to device authentication, two-step authentication is employed to perform authentication even with a terminal in which the MAC address of the device is registered. However, the security performance is improved by using a mobile device that the user always carries as a terminal for two-step authentication. Convenience is greatly improved.

Furthermore, since the user's mobile and a plurality of devices connected to the network in one space are connected and authenticated, it is possible to solve the problem of repeatedly performing authentication despite the user's identity.

In addition, by managing multiple mobiles by user group, there is an effect that security follow-up measures such as giving a notification to a terminal user after blocking a service when an abnormality is detected in one device are possible.

In addition, according to the present invention, authentication is performed by varying the security level according to the degree of risk and frequency of use in consideration of the characteristics of each device in the network environment, so that the user's convenience is greatly improved.

1 is a conceptual diagram illustrating the configuration of an IoT network security system according to an embodiment of the present invention.
2 illustrates an IoT network security system according to an embodiment of the present invention.
3 is a flowchart illustrating an IoT network security method according to an embodiment of the present invention.
4 is a coordinate plane for classifying security levels of IoT devices according to an embodiment of the present invention.
5 is an exemplary diagram in which the security level of the IoT device is divided into two stages according to an embodiment of the present invention.
6 is an exemplary diagram in which the security level of the IoT device is divided into three stages according to an embodiment of the present invention.
7 is an exemplary diagram in which the security level of the IoT device is divided into 4 steps according to an embodiment of the present invention.
8 is a diagram illustrating a re-authentication process according to an embodiment of the present invention.

Advantages and features of the embodiments disclosed herein, and methods of achieving them will become apparent with reference to the embodiments described below in conjunction with the accompanying drawings. However, the embodiments to be proposed in the present disclosure are not limited to the embodiments disclosed below, but may be implemented in a variety of different forms, and only the present embodiments are provided to those of ordinary skill in the art. They are only provided to fully indicate their categories.

Terms used in this specification will be briefly described, and the disclosed embodiments will be described in detail.

The terms used in the present specification have been selected as currently widely used general terms as possible while considering the functions of the disclosed embodiments, but may vary depending on the intention or precedent of a person skilled in the art, the emergence of new technology, and the like. In addition, in a specific case, there is a term arbitrarily selected by the applicant, and in this case, the meaning will be described in detail in the detailed description part of the corresponding specification. Therefore, the terms used in the present disclosure should be defined based on the meaning of the term and the content throughout the present specification, rather than the simple name of the term.

References in the singular herein include plural expressions unless the context clearly dictates that the singular is singular.

When a part of the specification is said to "include" a certain component, it means that other components may be further included rather than excluding other components unless specifically stated to the contrary. In addition, the term "unit" used in the specification refers to a hardware component such as software, FPGA, or ASIC, and "unit" performs certain roles. However, "unit" is not meant to be limited to software or hardware. The “unit” may be configured to be in an addressable storage medium or may be configured to reproduce one or more processors. Thus, as an example, "unit" refers to components such as software components, object-oriented software components, class components, and task components, processes, functions, properties, procedures, Includes subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, database, data structures, tables, arrays and variables. The functions provided within the components and "units" may be combined into a smaller number of components and "units" or may be further separated into additional components and "units".

In addition, in the description with reference to the accompanying drawings, the same reference numerals are assigned to the same components regardless of the reference numerals, and redundant descriptions thereof will be omitted. In describing the present invention, when it is determined that a detailed description of a related known technology may unnecessarily obscure the subject matter of the present invention, a detailed description thereof will be omitted.

The present invention is to enhance both the security and convenience of the device compared to the prior art by linking the device user authentication method in the network environment with the mobile device always carried by the user. Specifically, the security is further strengthened by performing two-step authentication, which also performs authentication with a terminal in which the MAC address of the device is registered along with device authentication. In particular, as a terminal for two-step authentication, it is a mobile device that the user always carries. Security and convenience can be greatly improved by using Furthermore, security and accuracy can be further improved by applying user usage patterns to mobile devices and device authentication methods.

Hereinafter, a detailed description according to an embodiment of the present invention will be described with reference to the drawings. Here, the device in the network environment will be described as an example of a device (hereinafter, referred to as an 'IoT device') connected to each other in the IoT environment.

1 schematically illustrates the configuration of an IoT network security system according to an embodiment of the present invention, and FIG. 2 illustrates an IoT network security system according to an embodiment of the present invention.

1 and 2, the present invention relates to an IoT network security system in which a mobile device 100, an IoT device 200, and an access point (AP) device 300 communicate through an IoT network.

In the present invention, the IoT network may be implemented in various ways, including a short-range wireless communication network such as Wi-Fi and Zigbee.

The IoT network security system of the present invention includes a mobile device 100 , an IoT device 200 , and an AP device 300 .

The mobile device 100 is a mobile device possessed by a user, and stores and registers a MAC (Media Access Control) address received from the IoT device 200 , and sets the MAC address of the registered IoT device 200 to the AP device 300 . ), collects the user's usage pattern information and transmits it to the AP device 300 . Here, the 'mobile device' may be a mobile device that a user always carries, and for example, the mobile device 100 may be implemented as a smart mobile terminal including a smart phone, a tablet PC, a smart watch, and the like.

The IoT device 200 transmits a MAC address to the mobile device 100 , collects user usage pattern information, and transmits it to the AP device 300 .

The AP device 300 receives and stores the MAC address of the mobile device 100 itself and the MAC address of the IoT device registered in the mobile device 100 from the mobile device 100 , and stores the mobile device 100 and the IoT device ( 200) to collect usage pattern information and analyze the collected usage pattern information to detect abnormal usage patterns.

When the AP device 300 detects an abnormal usage pattern in the mobile device 100 , the AP device 100 requests re-authentication using an authentication method other than the usage pattern authentication method.

When the AP device 300 fails to re-authenticate in the mobile device 100 or detects a predetermined special abnormal usage pattern in the mobile device 100, both communication connections with the mobile device 100 and the registered IoT device are terminated. can be released

When the AP device 300 detects an abnormal usage pattern in the IoT device 200 , the AP device 300 may transmit a notification message warning this to the mobile device 100 .

In an embodiment of the present invention, the usage pattern information in the mobile device 100 may include an app usage time, an app usage pattern, a display activation pattern, a security authentication success rate, a pressure-sensitive touch screen sensor value, and the like.

In an embodiment of the present invention, the usage pattern information in the IoT device 200 may include operation time period information of the corresponding IoT device.

An example of initial user registration in the IoT network in the present invention is as follows. For example, when user A's smartphone authenticates successfully, user data is transmitted to the AP device. Then, when correct authentication is confirmed, the AP device registers the MAC address of user A's smartphone. Then, it starts learning the usage pattern for user A's IoT device.

Thereafter, the AP device requests the user A's usage pattern from the smart phone and the IoT device in the IoT home, and requests whether the user A's smart phone is normal user authentication. Then, the authentication based on the usage pattern is transmitted to the AP device through the user A's smart phone. The IoT device transmits the user A's usual usage pattern to the AP device, and transmits the user A's current usage pattern to the AP device.

The IoT device 200 illustrated in FIG. 2 is a detector 201 , an AI speaker 202 , a printer 203 , a door lock 204 , a street lamp and a CCTV 205 . In addition to this, there may be various IoT devices such as refrigerators, lights, and stoves.

In the present invention, when registering a new IoT device in the IoT network, it is a device that can be controlled by the user through the mobile device 100 by authenticating the device as a normal user using a commonly used authentication method such as biometric authentication.

The embodiment of FIG. 2 exemplifies a smart home, and it can be seen as a configuration diagram of a user authentication system based on a usage pattern in the smart home.

An authorized user inside or outside the home may directly control the IoT devices 200 , or may control the IoT devices 200 using the authorized mobile device 100 . At this time, the IoT devices 200 are not limited to the devices shown in the drawings.

Due to the nature of the smart home environment, a number of users, such as family members or people living together, can control the IoT environment. In this case, when learning the pattern for each device, the pattern may be learned based on 'user information'.

The user information is information of a mobile device that controls the IoT device 200 , and a user may be determined. In the case of direct control, user information may be determined based on the information of the mobile device 100 located at the nearest distance.

For example, when a user uses a smartphone to open a door lock, turn on a light, adjust the brightness of a light, give a command to a copier, control a function of a smart refrigerator, turn off the power of the smart refrigerator There may be situations such as

Taking a house where four people living together live as an example, in the case of a smart door lock in the house, it learns a pattern for user 1's usage time and control method, learns a pattern for user 2's usage time and control method, and In this way, patterns for user 3 and user 4 are learned, respectively.

In the case of a smart door lock, if an outsider tries to control it, it is a device that can cause fatal damage to all residents, so it immediately blocks access to the control attempt by outsiders, and informs the mobile devices of all authorized users that an abnormal pattern has been detected, You can send a notification message that the connection to the device has been blocked.

In the case of smart lights, usage patterns such as usage time, brightness, and frequency of use are learned.

If the smart light is not used by an authorized user, it is a device that does not cause fatal damage to the authorized user, but can be a risk. Therefore, it can be used in a pattern different from the usual usage pattern, or an outsider who is not an authorized user can use the device. When an abnormal pattern is detected, the mobile device of all authorized users can be notified that an abnormal pattern has been detected, and if an abnormal pattern is continuously detected, the connection of the device is blocked and all users are informed that the continuous abnormal pattern has been detected. can give you a notification.

3 is a flowchart illustrating an IoT network security method according to an embodiment of the present invention.

Referring to FIG. 3 , the IoT network security method in the IoT network security system in which the mobile device 100 , the IoT device 200 , and the AP device 300 communicate through the IoT network is as follows.

First, the mobile device 100 stores and registers a MAC (Media Access Control) address received from the IoT device 200 ( S301 , S303 ).

Then, the MAC address of the IoT device registered in the mobile device 100 and the MAC address of the mobile device 100 itself are transmitted to the AP device 300 ( S305 ).

Then, the AP device 300 stores the MAC address of the IoT device 200 and the MAC address of the mobile device 100 received from the mobile device 100 ( S307 ).

Then, the mobile device 100 and the IoT device 200 transmit the user's usage pattern information to the AP device 300 (S309 and S311).

Then, the AP device 300 collects usage pattern information from the mobile device 100 and the IoT device 200, and analyzes the collected usage pattern information to detect an abnormal usage pattern (S313).

When the AP device 300 detects an abnormal usage pattern in the mobile device 100 (S315), the AP device 100 requests re-authentication using another authentication method other than the usage pattern authentication method (S317).

At this time, when the AP device 300 fails to re-authenticate in the mobile device 100 or detects a predetermined special abnormal usage pattern in the mobile device 100 , the AP device 300 communicates with the mobile device 100 and the registered IoT device 200 . All communication connections can be disconnected.

When the AP device 300 detects an abnormal usage pattern in the IoT device 200 (S319), the AP device 300 transmits a notification message warning the mobile device 100 (S321).

In an embodiment of the present invention, the usage pattern information in the mobile device 100 may include an app usage time, an app usage pattern, a display activation pattern, a security authentication success rate, and a pressure-sensitive touch screen sensor value.

In an embodiment of the present invention, the usage pattern information in the IoT device 200 may include operation time period information of the corresponding IoT device.

Steps S301 and S303 will be described in detail. First, the MAC address of the IoT device 200 applied to the mobile device 100 is stored. In the present invention, in order to solve the inconvenience that the mobile device 100 and the IoT device 200 have to go through the wireless network authentication repeatedly while belonging to the same user, information on the normal IoT devices 200 owned by the mobile device user By registering in the mobile device 100 of the authorized person, the AP device 300 recognizes the corresponding mobile device 100 and the registered IoT devices 200 as the same user.

Steps S309 , S311 , and S313 will be described in detail, and the AP device 300 starts to collect usage patterns of the mobile device 100 and the IoT device 200 . That is, usage patterns of the mobile device 100 and each IoT device 200 registered in the AP device 300 are collected. Here, in the case of the usage pattern of the mobile device 100, it may be an app usage time and usage pattern, a display activation pattern, a security authentication success rate, a pressure-sensitive touch screen sensor value, and the like. In the case of the IoT device 200, there may be differences for each device. For example, in the case of home IoT devices such as a smart door lock, a smart washing machine, and a smart LED, the operating time period may be a main collection factor of a usage pattern. At this time, the pattern collection is continuously in progress in the background, and it is possible to continuously learn by reflecting repetitive minute changes.

Steps S315 and S317 will be described in detail. When the AP device 300 detects an abnormal pattern of the mobile device 100 , the pattern collection is significantly different from the usual usage pattern in the mobile device 100 at a point in time when the pattern collection is made for a certain period of time or more. When an abnormal pattern is detected, the AP device 300 detects it and blocks the connection between the mobile device 100 and the IoT device 200. At this time, the IoT devices registered in the mobile device 100 are also disconnected. The device 100 should be used only by the corresponding user.

Steps S319 and S321 will be described in detail. When an abnormal pattern different from usual is detected in a specific IoT device, the AP device 300 transmits a warning notification message to the mobile device 100 or if it is an IoT device with a high risk Block the connection. For example, in the case of a smart door lock, if it is operated at dawn in a state that is learned in a pattern that is rarely activated at dawn, it detects a risk as an intruder and sends a risk notification message to the user's smartphone. . In addition, since it may be an IoT device with a high risk according to the user's preference, if it operates in an abnormal pattern at dawn, the connection with the corresponding door lock may be blocked altogether.

As described above, the present invention expands the scope of pattern comparison by recognizing the mobile device as the same user as the mobile device and the registered device if the usage pattern of the mobile device is normal and the MAC address of the device is stored using the AP device as a relay. did. That is, not only the user's mobile device usage pattern, but also the device usage pattern is collected and analyzed to continuously authenticate the user, and when there is a difference in the pattern, the user is guided through the mobile device, thereby eliminating the trouble of going through the authentication procedure for each device. It is minimized, and the user can more easily recognize an abnormal symptom of the device, so that the user's management convenience can be increased when the number of devices is increased.

In an embodiment of the present invention, the IoT device 200 connected to the AP device 300 may directly customize the security level and corresponding countermeasures. The security level can be set differently depending on the user, and high usability can be provided by setting the user's preference. In addition, when an operation different from the collected usage pattern is detected, the AP device 300 notifies the user or performs additional authentication according to the security level, thereby solving the trade-off relationship between security and convenience. can

4 is a coordinate plane for classifying security levels of IoT devices according to an embodiment of the present invention.

Referring to FIG. 4 , the x-axis is the frequency of use and the y-axis is the risk of the security level of the IoT device, and accordingly, each quadrant is high risk-high frequency, high risk-low frequency, low risk-high frequency, and low risk. -Can be classified as low frequency.

In the case of the frequency of use, the user may set the maximum frequency directly, or the frequency of use may be automatically set by analyzing the frequency of use for each device through information collection through use.

In the case of risk, it is set based on the risk of abnormal users using it.

The security level can be classified into ultra-high-risk, high-risk, low-risk, and ultra-low-risk.

The ultra-high-risk and high-risk group is a case that can cause serious problems when used by a user other than the registered user. An example of a typical IoT device may be a door lock. In this case, immediately disconnect the device and perform additional authentication. Actions that require

In the case of ultra-low-risk and low-risk groups, for example, even if a user other than a registered user uses it, such as a fluorescent lamp, there is no big problem, but as an abnormal pattern is detected, a notification is made, so it is a step that requires recognition of the part. can do.

5 is an exemplary diagram in which the security level of the IoT device is divided into two stages according to an embodiment of the present invention.

The embodiment of FIG. 5 is a case in which IoT devices are divided into two stages according to the degree of risk, and the IoT devices can be classified into two security levels: high risk and low risk.

In the second level security level of FIG. 5 , if an example of a countermeasure when an abnormal pattern is detected, in the case of an IoT device corresponding to a low risk, the user can recognize the degree of detection of an abnormal pattern through an alarm of the application installed in the mobile device 100 . do. And, in the case of high-risk IoT devices, biometric authentication (fingerprint, face, vein, etc.) is required when reconnection is requested along with disconnection.

In the embodiment of FIG. 5, if a case corresponding to a high risk level is exemplified, there is a case that there is a possibility that a large damage occurs and there may be a physical injury when a person other than the user uses it, and the corresponding IoT device includes a door lock, There may be a fire pit, a safe, and the like.

In addition, if the case corresponding to the low risk level is exemplified, the risk is relatively low compared to the high risk group, and the corresponding IoT device may include a light, a TV, and the like.

6 is an exemplary diagram in which the security level of the IoT device is divided into three stages according to an embodiment of the present invention.

Referring to FIG. 6 , the security level is divided into three levels in a manner that classifies the frequency of use only for the high-risk group and unifies the low-risk group into one level regardless of the frequency of use. Of course, the opposite case is also possible, and the security level may be divided into three levels in various ways according to embodiments.

In the case of the embodiment of FIG. 6 , when exemplifying a countermeasure, in the case of low risk, an abnormal pattern detection notification is generated through the mobile device as it is an IoT device with a low risk, and in the case of high risk and ultra high risk, when reconnecting with connection blocking Require biometric authentication. For example, fingerprint recognition is required for high risk, and vein authentication is required for very high risk.

In the embodiment of FIG. 6 , in the case of the low risk level, the occurrence risk is relatively low compared to the high risk group, and examples of the corresponding IoT device may include a stand, an electric motor, a refrigerator, and the like.

In the case of high-risk - low-frequency, high-risk level, there is a possibility that a large amount of damage and bodily injury may occur when an unrelated person uses it, and a safe may be applicable.

In the case of high-risk-high-frequency ultra-high-risk levels, IoT devices directly related to access control, large-scale disasters, and IoT devices that have the potential to cause accidents can be exemplified, such as door locks, company access control systems, and kitchen cooking facilities. , in-plant heating equipment, high-voltage current control, etc.

7 is an exemplary diagram in which the security level of the IoT device is divided into 4 steps according to an embodiment of the present invention.

In the embodiment of FIG. 7 , the security level is divided into a total of four levels of ultra-low risk, low risk, high risk, and ultra-high risk based on the degree of risk and the frequency of use.

Referring to FIG. 7 , a countermeasure according to each security level is exemplified. In the case of ultra-low risk, since the frequency of use is low and the degree of risk is low, an alarm is generated in the mobile device.

And, in the case of low risk, by requesting pattern authentication after the alarm of the mobile device as the frequency of use is high, the effect of a high recognition rate for abnormal patterns can be obtained.

In addition, the high-risk group (high-risk, ultra-high-risk) has a high risk regardless of the frequency of use, so the connection between the mobile device and the IoT device is immediately blocked, and biometric authentication that cannot be authenticated by anyone other than the user is required. At this time, since the levels are classified differently according to the frequency of use, fingerprint authentication may be required in the case of a high risk level, and vein authentication may be requested in the case of a very high risk level.

As such, in the present invention, when an abnormal pattern is detected in the mobile device 100 , the AP device 300 requests the mobile device 100 to re-authenticate.

Re-authentication methods in the present invention are various. For example, a notification message requesting a pattern, PIN number, biometric information, etc. may be transmitted to the registered user's mobile device 100 . In this case, it is desirable to use the authentication method being used by the mobile device for the sake of simplification of technology without adding a separate re-authentication method. That is, since there is a difference in the authentication method for each mobile device (eg, a terminal capable of biometric authentication or a terminal in which biometric authentication is not possible), re-authentication is required according to the authentication method of the corresponding mobile device.

As in the case of an attempt to unlock the smartphone in an embodiment of the present invention, when the registered authentication information is input differently from the registered authentication information N or more times, the connection between IoT devices stored in the mobile device is cut to prevent a risk in advance.

For example, when using a smartphone with only fingerprint authentication registered, a notification message is sent when an abnormal mobile usage pattern is detected and a re-authentication procedure is requested to perform fingerprint authentication. At this time, if an error is input in fingerprint authentication more than N times, the IoT devices connected to the mobile device are disconnected.

Alternatively, when using a mobile device capable of only PIN number authentication, when an abnormal usage pattern is detected in the mobile device, a notification message is sent to the mobile device to request PIN number authentication. At this time, too, if an error is entered for PIN number authentication more than N times, the IoT devices connected to the corresponding mobile device are disconnected.

8 is a diagram illustrating a re-authentication process according to an embodiment of the present invention.

Referring to FIG. 8 , as an example of a screen of a mobile device, 'An abnormal pattern has been detected. Are you?' is an example of receiving the message, followed by a screen requesting the re-authentication process of the fingerprint authentication method.

As described above, the present invention is an authentication system and method using a device usage pattern in a user's network environment, and continuously performs user authentication in a network environment by collecting device usage information of the user and analyzing the usage pattern for user authentication. do. This has the effect of supplementing the shortcomings of the existing authentication methods, such as ID, password or biometric authentication, and simplifying the authentication process to provide easier and more convenient user authentication. In addition, unlike existing technologies, it is possible to flexibly respond to pattern changes because it continuously analyzes the user's device usage pattern rather than comparing it with the first registered pattern.

In addition, in the present invention, security and availability can be improved. That is, in the authentication procedure of devices in the network environment of the present invention, if the use pattern of the mobile device is normal with the AP device as a relay and the device MAC address is stored, the corresponding mobile device and the registered device are recognized as the same user and authenticated. By implementing this, it is possible to provide improved security authentication at a high speed.

And it is efficient because it collects and compares pattern information from the router (AP device) without the need to build a separate additional system. Furthermore, since the security level is different according to the importance of the device, there is an advantage that a follow-up action can be taken according to the situation for each device.

Although the present invention has been described above using several preferred embodiments, these examples are illustrative and not restrictive. Those of ordinary skill in the art to which the present invention pertains will understand that various changes and modifications can be made without departing from the spirit of the present invention and the scope of the appended claims.

100 mobile devices 200 IoT devices
300 AP devices

Claims (14)

In a device authentication system in an environment in which a mobile device, a device, and an AP device communicate through a network,
A mobile device possessed by a user, which stores and registers a Media Access Control (MAC) address received from the device, transmits the MAC address of the registered device to the AP device, and transmits user usage pattern information to the AP device transmitting mobile device;
a device for transmitting a MAC address to the mobile device and transmitting user usage pattern information to the AP device; and
Receive and store the MAC address of the mobile device and the MAC address of the device registered in the mobile device from the mobile device, collect usage pattern information from the mobile device and the device, and analyze the collected usage pattern information to determine abnormal It includes an AP device that detects whether there is a usage pattern,
When the AP device detects an abnormal usage pattern in the device, it transmits a notification message to warn the mobile device,
The AP device determines whether authentication is performed by different security levels in consideration of the risk of the device and the frequency of use of the device,
The level of risk of the device is specified by the user, and the frequency of use of the device is determined by the number of times the device is actually used,
The AP device includes an ultra-high-risk security level with a high risk of the device and a large number of uses, a high-risk security level with a high risk of the device and a low number of uses, and a low-risk security level with a low risk of the device and a large number of uses; It is classified into ultra-low-risk security level with a low risk of
The AP device,
In the case of the ultra-low risk security level, when an abnormal usage pattern is detected, an alarm is generated in the mobile device,
In the case of the low-risk security level, when an abnormal usage pattern is detected, an alarm is generated in the mobile device, and then the usage pattern authentication is requested,
In the case of the high-risk security level, when an abnormal usage pattern is detected, the connection between the mobile device and the device is blocked, and biometric authentication is requested from the mobile device upon reconnection,
In the case of the ultra-high-risk security level, when an abnormal usage pattern is detected, the connection between the mobile device and the device is blocked, and biometric authentication is requested from the mobile device when reconnecting.
The method according to claim 1,
When the AP device detects an abnormal usage pattern in the mobile device, the AP device requests re-authentication using an authentication method other than the usage pattern authentication method to the mobile device.

The method according to claim 2,
When the AP device fails to re-authenticate in the mobile device or detects a predetermined special abnormal usage pattern in the mobile device, the AP device cancels all communication connections between the mobile device and the registered device. Device authentication system.
delete delete delete delete In a device authentication method in an environment in which a mobile device, a device, and an AP device communicate through a network,
storing and registering a MAC (Media Access Control) address received from the device in the mobile device;
transmitting the MAC address of the device registered by the mobile device and the MAC address of the mobile device to the AP device;
storing the MAC address of the device received from the mobile device and the MAC address of the mobile device in the AP device;
transmitting user usage pattern information to the AP device by the mobile device and the device;
collecting usage pattern information from the mobile device and the device in the AP device;
detecting, by the AP device, whether there is an abnormal usage pattern by analyzing the collected usage pattern information;
when the AP device detects an abnormal usage pattern in the device, transmitting a notification message to warn the mobile device of this; and
The AP device receiving information on the degree of risk of the device and the number of times of use of the device from the device, and determining a different security level according to the degree of risk of the device and the number of times of use of the device,
The level of risk of the device is specified by the user, and the frequency of use of the device is determined by the number of times the device is actually used,
The security level includes an ultra-high-risk security level with a high risk of the device and a large number of uses, a high-risk security level with a high risk of the device and a low number of uses, a low-risk security level with a low risk of the device and a large number of uses, and a device It is classified into ultra-low-risk security level with a low risk of
The AP device,
In the case of the ultra-low risk security level, when an abnormal usage pattern is detected, an alarm is generated in the mobile device,
In the case of the low-risk security level, when an abnormal usage pattern is detected, an alarm is generated in the mobile device, and then the usage pattern authentication is requested,
In the case of the high-risk security level, when an abnormal usage pattern is detected, the connection between the mobile device and the device is blocked, and biometric authentication is requested from the mobile device upon reconnection,
In the case of the ultra-high-risk security level, when an abnormal usage pattern is detected, the connection between the mobile device and the device is blocked, and biometric authentication is requested from the mobile device upon reconnection.
The method of claim 8,
and, when the AP device detects an abnormal usage pattern in the mobile device, requesting the mobile device to re-authenticate using an authentication method other than the usage pattern authentication method.
The method of claim 9,
The method may further include, by the AP device, disconnecting all communication connections between the mobile device and the registered device when re-authentication fails in the mobile device or when the mobile device detects a predetermined special abnormal usage pattern. Device authentication method in a network environment with
delete delete delete delete

Images