KR20120121817A - Apparatus and method of secure data communication by multiplexing wifi and wireless communication - Google Patents

Apparatus and method of secure data communication by multiplexing wifi and wireless communication Download PDF

Info

Publication number
KR20120121817A
KR20120121817A KR1020110078477A KR20110078477A KR20120121817A KR 20120121817 A KR20120121817 A KR 20120121817A KR 1020110078477 A KR1020110078477 A KR 1020110078477A KR 20110078477 A KR20110078477 A KR 20110078477A KR 20120121817 A KR20120121817 A KR 20120121817A
Authority
KR
South Korea
Prior art keywords
mobile communication
network
communication network
ssl
public key
Prior art date
Application number
KR1020110078477A
Other languages
Korean (ko)
Inventor
서의성
Original Assignee
국립대학법인 울산과학기술대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 국립대학법인 울산과학기술대학교 산학협력단 filed Critical 국립대학법인 울산과학기술대학교 산학협력단
Priority to KR1020110078477A priority Critical patent/KR20120121817A/en
Publication of KR20120121817A publication Critical patent/KR20120121817A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

PURPOSE: An apparatus and method for secure data communication by using a WIFI network mixed with a mobile communication network are provided to protect sensitive data by providing a security data communication channel using Wi-Fi mixed with a reliable mobile communication network. CONSTITUTION: A transceiver unit(206) is connected to a mobile communication network and a Wi-Fi network in a dual network. An input unit(204) receives a user command for connection to the Wi-Fi network. A control unit(202) receives a public key for encoding connection in a response by transmitting an encoding public key request message to a mobile communication server through the mobile communication network based on the user command. The control unit encodes data using the public key for encoding connection. The control unit transmits the encoded data to the mobile network server through the Wi-Fi network. [Reference numerals] (202) Control unit; (204) Input unit; (206) Dual network transceiver unit; (208) Memory unit; (210) Display unit

Description

Secure data communication device and method using a combination of Wi-Fi and mobile communication network {APPARATUS AND METHOD OF SECURE DATA COMMUNICATION BY MULTIPLEXING WIFI AND WIRELESS COMMUNICATION}

The present invention relates to a technology for providing a mobile communication service, in particular a mobile communication network that can be provided exclusively by a reliable and network provider such as 3G and Wi-Fi (WiFi) or 4G and Wi-Fi, such as smartphones, tablets, laptops, Easy to deploy, cheap and fast Wi-Fi networks can be secured by performing initial authentication over 3G or 4G networks for encrypted communications such as SSL or IPSec. The present invention relates to a secure data communication device and method using a combination of a Wi-Fi and a mobile communication network suitable for performing.

As is well known, companies providing mobile telecommunications services have been able to mitigate the growing load on 3G networks, which have increased dramatically due to the increase in the share of smartphones, mobile terminals, and to provide users with high-speed data networks faster than 3G. Wi-Fi network is provided free of charge. The Wi-Fi network provides fast speeds of up to 300 Mbps to a small number of users in the local area, and unlike 3G data network services, many users use Wi-Fi networks where Wi-Fi networks are provided.

In addition, Wi-Fi networks provided by mobile carriers for security of Wi-Fi networks, such as (Non-Patent Documents 1 and 2), mostly use encryption techniques such as WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) or WPA2. Data transmission between the wireless access point (AP) and the terminal is encrypted, and conventional methods such as MAC authentication or ID and password input are used to identify the subscriber.

In particular, WPA2 is known as the most secure encryption technique in the Wi-Fi standard, and most domestic mobile communication companies adopt WPA2.

Most of these security technologies aim to prevent sniffing attacks and spoofing attacks when users access the AP networks normally provided by mobile carriers. This is done through three identifiers (SSID). If a malicious user installs an AP in a public place using the same SSID as the carrier's Wi-Fi service, the user will not be able to distinguish the malicious AP from a legitimate AP.

As a result of installing malicious AP in theaters through simple experiments as shown in (Non-Patent Document 3), many users of smartphones used the Internet through malicious AP without any doubt, and analyzed it to obtain personal information as well as malware It turns out that you can make zombie smartphones by sending.

Information disclosure and manipulation attacks through malicious APs can be prevented by using Secure Socket Layer (SSL) technology (see Non-Patent Document 4), which is used by most websites that need information protection. In the initial SSL connection, the client and the web server divide the secret key through the public certificate or the public key, and then the data communication is encrypted through the divided key to maintain security. SSL is widely used because it provides high security, but SSL is also used to intercept or alter information through man-in-the-middle attacks (see Non-Patent Literature 5), which intercept and replace keys in the middle of cases where the relay between the client and the web server is malicious. Can be.

FIG. 1 is a diagram illustrating a method in which a malicious Wi-Fi AP performs a personal information takeover through a man-in-the-middle attack method according to the related art.

Referring to FIG. 1, when a client terminal accesses a Wi-Fi network through an AP in a nearby area and requests a public key from a specific website server of an SSL method, when the client terminal is connected to a malicious AP, an attacker It intercepts this, performs an SSL connection with a specific website server on behalf of the client terminal connected to the Wi-Fi network, and establishes an SSL connection with the client terminal.

In other words, by performing a new public key request from a malicious AP to a specific website server, the specific website server sends the SSL public key to the attacker of the malicious AP, and the attacker who confirms the newly created SSL public key to the client terminal Will be sent. The attacker then steals the personal information by interpreting the packet sent from the client terminal.

If a malicious Wi-Fi AP uses man-in-the-middle attacks like this, there are no effective ways to defend against current standard technologies. In particular, given that most users have high trust in SSL-encrypted sites, and considering that they can easily provide sensitive information such as passwords and social security numbers, public Wi-Fi APs use man-in-the-middle attacks. It is possible to obtain a large amount of sensitive information.

[Non-Patent Document 1] Lehembre, G. "Wi-Fi security--WEP, WPA and WPA2". Proceedings of the 7th Annual International Conference on Mobile Computing and Networking. 2005 [Non-Patent Document 2] [IEEE. "IEEE Standard for Information technology.Telecommunications and information exchange between systems.Local and metropolitan area networks.Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications". Wired equivalent privacy (WEP). 2007.pp. 158-160 Non-Patent Document 3: http://www.etnews.com/news/detail.html?id=201012080206. etnews. Jang Yoon Jung. "180 Smartphone Users Connected to Illegal AP in 45 Seconds". 2010. [Non-Patent Document 4] Alan O. Freier, Philip Karlton, Paul C. Kocher. "The SSL Protocol Version 3.0". SSL protocol INTERNET-DRAFT. 1996--10 p. 31 [Non-Patent Document 5] Hwang, H., Jung, G., Sohn, K., Park, S .. "A study on MITM (man in the middle) vulnerability in wireless network using 802.1 x and eap". iciss. 2008.164-170

As described above, in the Wi-Fi security technology according to the prior art, most smartphone users are intended to prevent data leakage and manipulation when the user accesses the AP network normally provided by the mobile communication company. In the case of using the man-in-the-middle attack method, there is a problem that the current standard technologies do not have an effective defense to protect it.

Accordingly, an embodiment of the present invention, when accessing the Wi-Fi network as a client terminal, performs initial authentication through the encryption technology used in the mobile communication network, the actual encrypted data communication can be executed via the Wi-Fi network and the mobile communication network It is possible to provide a secure data communication apparatus and method that are mixed.

In addition, the embodiment of the present invention, when the client terminal is connected to the Wi-Fi network to receive data services, first performs an initial authentication through an encryption technology such as SSL or IPSec (Internet Protocol Security) used in the mobile communication network, Provided are a secure data communication device and method using a combination of a Wi-Fi and a mobile communication network that can perform encrypted data communication through a Wi-Fi network.

According to an embodiment of the present invention, a secure data communication device using a Wi-Fi and a mobile communication network may include a transceiver for connecting a mobile communication network and a Wi-Fi network to a dual network, and an input unit for receiving a user command for connection to the Wi-Fi network. And, upon receiving an encrypted public key request message through the mobile communication network to a mobile communication network server based on the user command and receiving a public access key for encryption access in response thereto, encrypts the data and stores the encrypted data based on the encrypted data. It may include a control unit for transmitting to the mobile communication network server through a Wi-Fi network.

The controller may access the SSL library of the mobile communication network server by using the mobile communication network network and the Wi-Fi network simultaneously through two addresses using the SSL extension structure of the operating program, and then perform an authentication procedure.

When the mobile communication network server confirms whether two addresses are used in one client terminal through an authentication procedure, and transmits the public key for SSL connection to the client terminal through the mobile communication network, Encrypted data can be transmitted and received through the address of the connected Wi-Fi network.

The encryption public key may be an asymmetric key exchange method as an encryption method using SSL or IPSec.

The mobile communication network server may be an HTTS type web server.

According to an embodiment of the present invention, there is provided a secure data communication method using a Wi-Fi network and a mobile communication network, the method comprising: connecting a dual-network with a mobile communication network and a Wi-Fi network from a client terminal receiving a user command for connection to a Wi-Fi network; Transmitting an encrypted public key request message to the mobile communication network server through the mobile communication network based on the user command, receiving a public key for encryption access in response to the request, encrypting data based on the public key for encryption access, The method may include transmitting encrypted data to the mobile communication network server through the Wi-Fi network.

The receiving of the public key for the encryption access may include accessing an SSL library of the mobile communication network server by simultaneously using the mobile communication network and a Wi-Fi network through two addresses using an SSL extension structure. This may include performing an authentication procedure through the accessed SSL library.

The receiving of the encryption access public key may include checking whether the two addresses are used in one client terminal through an authentication procedure in the mobile communication network server, and if so, the mobile communication network through the mobile communication network. And transmitting the public key for encryption access to a client terminal.

The encryption public key may be an asymmetric key exchange method as an encryption method using SSL or IPSec.

The mobile communication network server may be an HTTS type web server.

According to the security data communication apparatus and method using a Wi-Fi and a mobile communication network according to an embodiment of the present invention as described above has one or more of the following effects.

According to an embodiment of the present invention, a secure data communication device and method using a combination of a Wi-Fi and a mobile communication network, the sensitive information even in the presence of a malicious AP through a method of securing a reliable mobile communication network and a secure data communication channel using Wi-Fi Can protect them. In particular, since only a small amount of key data is exchanged through a mobile network, users can use secure Wi-Fi with little cost, and the mobile service provider can secure security with almost no increase in the load of the mobile network. There are advantages to it.

By securing the security of the Wi-Fi network, it is possible to reduce the infrastructure cost due to the increase in the load of the mobile communication network network, which can be caused by avoiding the use of the Wi-Fi network for social protection and information protection to prevent malicious AP. By doing so, the cost savings can be enjoyed from the perspective of mobile service providers.

In addition, users can trust and use Wi-Fi networks that are much faster and consume less power than 3G networks in public places, thereby extending the usage time of smartphones and enjoying high-quality information services.

In the long run, by removing security threats that can limit the use of smartphones, information services using smartphones can be introduced in the fields of military, industrial secrecy, and medical services that require high security. It has the effect of providing a foundation.

1 is a diagram illustrating a method of performing a personal information takeover through a man-in-the-middle attack method of a malicious Wi-Fi AP according to the prior art;
2 is a block diagram showing the structure of a client terminal according to an embodiment of the present invention;
3 is a flowchart illustrating an operation procedure of a client terminal according to an embodiment of the present invention;
4 is a flowchart illustrating a secure data communication procedure using a Wi-Fi and a mobile communication network according to an embodiment of the present invention.

Advantages and features of the present invention, and methods of achieving the same will become apparent with reference to the embodiments described below in detail in conjunction with the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. To fully disclose the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The following terms are defined in consideration of the functions in the embodiments of the present invention, which may vary depending on the intention of the user, the intention or the custom of the operator. Therefore, the definition should be based on the contents throughout this specification.

Each block of the accompanying block diagrams and combinations of steps of the flowchart may be performed by computer program instructions. These computer program instructions may be loaded into a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus so that the instructions, which may be executed by a processor of a computer or other programmable data processing apparatus, And means for performing the functions described in each step are created. These computer program instructions may be stored in a computer usable or computer readable memory that can be directed to a computer or other programmable data processing equipment to implement functionality in a particular manner, and thus the computer usable or computer readable memory. It is also possible for the instructions stored in to produce an article of manufacture containing instruction means for performing the functions described in each block or flowchart of each step of the block diagram. Computer program instructions may also be mounted on a computer or other programmable data processing equipment, such that a series of operating steps may be performed on the computer or other programmable data processing equipment to create a computer-implemented process to create a computer or other programmable data. Instructions that perform processing equipment may also provide steps for performing the functions described in each block of the block diagram and in each step of the flowchart.

In addition, each block or step may represent a portion of a module, segment or code that includes one or more executable instructions for executing a specified logical function (s). It should also be noted that in some alternative embodiments, the functions noted in the blocks or steps may occur out of order. For example, the two blocks or steps shown in succession may in fact be executed substantially concurrently or the blocks or steps may sometimes be performed in the reverse order, depending on the functionality involved.

An embodiment of the present invention, when performing a mobile communication service using a client terminal, such as a smartphone, tablet, laptop, 3G, 4G network network of a mobile communication network that is a reliable and network that can be provided exclusively by the network provider, easy to build When using Wi-Fi network, which is a cheap and fast network that can be used at the same time, initial authentication is performed through 3G or 4G network of mobile communication network using encryption communication such as SSL (Secure Socket Layer) or IPSec (Internet Protocol Security). In order to secure reliability, the actual encrypted data communication is implemented through the Wi-Fi network to obtain cost and speed advantages.

Wi-Fi provides faster Internet access for many users at a lower cost than mobile network networks. With these advantages, mobile service providers rely heavily on Wi-Fi networks to reduce the load on mobile network networks and provide users with satisfactory performance of Internet services. something to do.

The services that smartphone users access through smartphones are likely to be high-value information such as personal information such as mail, calendar or contacts, and internet payments and banking. Therefore, if reliability is not guaranteed, it is obvious that smartphone users will turn away from the Wi-Fi network even if there is an advantage in terms of cost and speed.

That is, Wi-Fi may be exposed to various types of attack methods unless the existing standard is newly revised. In particular, since the authenticity of the SSID cannot be verified, it is not recognized when the key is intercepted by the man-in-the-middle attack in the initial key exchange stage and replaced by the attacker's key, which is widely used to exchange important information such as banking and payment. It can enable man-in-the-middle (MITM) attacks that neutralize. On the other hand, networks provided by mobile carriers such as 3G and 4G are resistant to MITM attacks because it is difficult for external relays to add nodes randomly and the security structure using subscriber identification module (SIM) is strong.

Thus, man-in-the-middle attacks using mobile APs can be the most lethal threats to current Wi-Fi use that cannot be solved with current technologies.

Modern encryption algorithms exchange asymmetric keys for initial authentication and symmetric key exchange to achieve both security and performance. Once the two-way keys are exchanged with each other, even a malicious node intrudes in the middle, the possibility of viewing or manipulating encrypted documents can be extremely low.

In addition, mobile network networks are energy-consuming, slow in performance, high in cost but secure enough data for initial key exchange because they provide enough bandwidth at no cost to carry small amounts of data and can only be provided through a mobile carrier. Can be used as a communication channel.

Accordingly, in the embodiment of the present invention, the process up to the initial two-way key exchange is performed through a mobile communication network network such as 3G or 4G, and the subsequent data communication is performed using Wi-Fi, thereby achieving high reliability and performance improvement. Can be.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

2 is a block diagram showing the structure of a client terminal according to an embodiment of the present invention.

2, the client terminal 200 may include a control unit 202, an input unit 204, a dual network transceiver 206, a memory unit 208, and a display unit 210.

In more detail, the client terminal 200 may be connected to a 3G, 4G or more next generation mobile communication network, and may be a multimedia device group that may simultaneously access a mobile communication network and a Wi-Fi network through a dual network interface. For example, the terminal may include various types of terminal devices such as a smart phone, a notepad, a notebook computer, a tablet computer, and the like.

In addition, the client terminal 200 may provide a broadband communication service to a subscriber by interfacing to a broadband connection through a base station of a mobile communication network, and supports a third generation or more generations based on wideband code division multiple access (WCDMA). To provide a broadband communication service including a communication environment, for example, a fourth generation communication environment such as Long Term Evolution (LTE) or mobile world interoperability for microwave access (WIMAX), and an Internet Protocol (IP) based communication environment such as the Internet. Can be.

The input unit 204 of the client terminal 200 transmits the information input from the user to the control unit 200 as a control command signal, it may be implemented in a keypad or a touch screen method. Accordingly, the user may receive a user command such as a connection to a mobile communication network, a connection to a Wi-Fi network, a connection through a dual network interface of a mobile communication network and a Wi-Fi network, and transmit the same to a controller 202.

The dual network transceiver 206 performs data transmission and reception through a network network such as 3G, 4G or more next generation mobile communication, and a Wi-Fi network, which is a short-range communication method, and performs initial authentication, a bidirectional key, and a connected network. You can send and receive various data through.

The dual network transceiver 206 may be configured with a mobile communication network web server (eg, an open SSL server) and an SSL extension structure of dualizing key exchange and data exchange on an operation program of the client terminal 200. have.

That is, since the data transmission through the mobile communication network is blocked in the operation program of the general client terminal 200, the interface may be configured to use two network channels through the SSL extension structure.

The memory unit 208 may store an operation program necessary for the operation of the client terminal 200, and store the public key and encryption data for SSL connection transmitted from the dual network transceiver 206. In addition, the controller 202 may transmit the operation program and data to be encrypted at the request of the controller 202.

The display unit 210 may display a network connection screen and a data communication screen signal transmitted from the controller 202.

The controller 200 may control each function block of the client terminal 200, and when a user command is received through the input unit 204, the controller 200 may request and receive operating program data from the memory unit 208 based on the user command. The client terminal 200 may be operated based on this. In addition, the dual network transceiver 206 may be controlled according to the dual network connection request transmitted through the input unit 204 to control the connection of the dual network.

That is, the control unit 202 is a browser that provides the Internet service in the operating program through the SSL extension structure established in connection with the dual network transceiver 206 using the Hypertext Transfer Protocol over Secure sockets layer (HTTP over SSL) In case of starting SSL communication, key exchange can be attempted through mobile communication network even when connected to Wi-Fi network.In the key exchange process, a symmetric key is used for data communication in encrypted form through a shared key algorithm. I can receive it.

Here, HTTPS is a protocol for encrypting and decrypting user page requests in the SSL sublayer below the Hypertext Transfer Protocol (HTTP) layer. In TCP / IP, port 443 is used instead of HTTP port 80. SSL is the RC4 stream cipher algorithm. For this purpose, you can use a key size of 40 bits.

That is, the client terminal 200 may access the SSL library of the mobile communication network web server by using the mobile communication network and the Wi-Fi network simultaneously through two addresses, and perform authentication, thereby performing bidirectional key exchange. After the two-way key exchange, the browser can use the same service as the existing HTTPS protocol through the Wi-Fi network connected to the dual network, and all the information is encrypted, so even if there is a hacked wireless router in the middle of the network, Attack behavior such as manipulation can be blocked at source.

The operating program of the controller 202 may be built on the basis of an API that can use a mobile communication network even when connected to a Wi-Fi network so that an application including a browser can be used for key exchange for HTTPS. For example, it may be programmed and implemented in a Java language and provide a Java interface. However, the external interface is implemented in Java, but since the selection of the actual network is managed by the operating program, the kernel modification of the operating program is required. For this, the kernel structure that the application can selectively use the required network from among the multiple networks is implemented. Can be.

3 is a flowchart illustrating an operation procedure of a client terminal according to an embodiment of the present invention.

Referring to FIG. 3, when the client terminal 200 receives a Wi-Fi detection command based on a real time detection or a user command during movement in step 300, the client terminal 200 detects a Wi-Fi signal around a corresponding location.

When it is determined that the wireless router can be connected to the Wi-Fi network detected in step 302, the dual channel networking is performed through the SSL extension structure for secure access in step 304. That is, the mobile communication network and the Wi-Fi network can be simultaneously connected for initial authentication and bidirectional key exchange.

In step 306, the client terminal 200 transmits an SSL public key request message requesting an SSL public key to a mobile communication network web server (HTTPS server).

 At this time, in the mobile communication network web server, the same client terminal 200 uses two independent addresses for key exchange and data transmission and reception. Therefore, the SSL library of the mobile communication network web server is aware of this in the key exchange process.

Through this, the mobile communication network web server receives the SSL public key request message from the client terminal 200, and the client terminal 200 accesses the SSL library of the mobile communication network web server using the mobile communication network and the Wi-Fi network simultaneously. .

Accordingly, the mobile communication network web server checks whether two addresses are used in one client terminal 200 through an initial authentication procedure, and then transmits a public key for SSL connection to the client terminal 200 through the mobile communication network.

If the client terminal 200 receives the public key for the SSL connection from the mobile communication network web server in step 308 and receives the public key, the client terminal 200 transmits and receives encrypted data through the address of the connected Wi-Fi network in step 310. .

4 is a flowchart illustrating a secure data communication procedure using a Wi-Fi and a mobile communication network according to an embodiment of the present invention.

Referring to FIG. 4, when the client terminal 200 is able to access the mobile communication network web server 400 through a mobile communication network and a Wi-Fi network including 3G or 4G, the client terminal 200 may access the Wi-Fi network to perform data communication. First, the SSL public key request message is transmitted to the mobile communication network web server 400 of the HTTPS method in step 404 through the mobile communication network.

In this case, the mobile communication network web server 400 checks the address accessed by the mobile communication network and the Wi-Fi network through initial authentication in step 404, and if the address is used by the same client terminal 200, the client terminal 200. After generating the public key for the SSL connection corresponding to the SSL public key request of the, it is transmitted to the client terminal 200.

Thereafter, the client terminal 200 transmits data encrypted with the public key for SSL connection to the mobile communication network web server 400 through the Wi-Fi network of the wireless router 450 to perform data communication in step 406, even when using the Wi-Fi network. It is possible to perform reliable data communication.

Meanwhile, embodiments of the present invention have described data communication methods using encryption technologies such as SSL and IPSec. However, the present invention is not limited thereto, and various encryption technologies using initial authentication and two-way key exchange methods in addition to SSL and IPSec may be applied. Of course it is possible.

As described above, the secure data communication apparatus and method using a combination of the Wi-Fi and the mobile communication network according to an embodiment of the present invention, when the client terminal is connected to the Wi-Fi network to receive a data service, SSL is first used in the mobile communication network Initial authentication is performed through encryption technology such as or IPSec, and then encrypted data communication is performed through a Wi-Fi network.

While the present invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not limited to the disclosed embodiments, but is capable of various modifications within the scope of the invention. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined by the scope of the appended claims, and equivalents thereof.

200: client terminal 400: mobile communication network server
450: wireless router

Claims (10)

Transmitting and receiving unit for connecting to a mobile network and Wi-Fi network, dual network,
An input unit for receiving a user command for accessing the Wi-Fi network;
On the basis of the user command, if an encrypted public key request message is transmitted to the mobile communication network server through the mobile communication network and a public access key for encryption connection is received in response thereto, the data is encrypted based on the user command and the encrypted data is transmitted to the Wi-Fi network. Control unit for transmitting to the mobile communication network server through
Secure data communication device using a WiFi and a mobile communication network including a.
The method of claim 1,
The control unit,
Wi-Fi and mobile communication networks characterized by performing an authentication procedure after accessing an SSL library of the mobile communication network server by using a mobile communication network network and a Wi-Fi network at the same time using an SSL extension structure of an operating program. Secure data communication device.
The method of claim 2,
The control unit,
After checking whether the two addresses are used in one client terminal through an authentication procedure in the mobile communication network server, and transmitting the public key for SSL connection to the client terminal through the mobile communication network, Secure data communication device using a Wi-Fi and a mobile communication network, characterized in that for transmitting and receiving encrypted data through the address.
The method of claim 1,
The encryption public key,
A secure data communication device using Wi-Fi and a mobile communication network, characterized in that the asymmetric key exchange method as an encryption method using SSL or IPSec.
The method of claim 1,
The mobile communication network server,
Secure data communication device using a Wi-Fi and a mobile communication network, characterized in that the web server of the HTTS system.
Connecting to a dual network with a mobile communication network and a Wi-Fi network from a client terminal receiving a user command for access to a Wi-Fi network;
Transmitting an encrypted public key request message to a mobile communication network server through the mobile communication network based on the user command, and receiving a public access key for encryption access in response thereto;
Encrypting data based on the public key for encryption access, and transmitting the encrypted data to the mobile communication network server through the Wi-Fi network;
Secure data communication method using a WiFi and a mobile communication network comprising a.
The method according to claim 6,
Receiving the public key for the encrypted connection,
Accessing the SSL library of the mobile communication network server using the mobile communication network and the Wi-Fi network simultaneously through two addresses using an SSL extension structure;
Process of performing authentication through the accessed SSL library
Secure data communication device using a mobile communication network and Wi-Fi, comprising a.
8. The method of claim 7,
Receiving the public key for the encrypted connection,
Checking whether two addresses are used in one client terminal through an authentication procedure in the mobile communication network server;
If it is confirmed, transmitting the public key for the encrypted connection to the client terminal through the mobile communication network to receive it
Secure data communication device using a mobile communication network and Wi-Fi, comprising a.
The method according to claim 6,
The encryption public key,
An encryption method using SSL or IPSec, which is an asymmetric key exchange method.
The method according to claim 6,
The mobile communication network server,
Secure data communication method using a Wi-Fi and a mobile communication network, characterized in that the web server of the HTTS method.
KR1020110078477A 2011-04-27 2011-08-08 Apparatus and method of secure data communication by multiplexing wifi and wireless communication KR20120121817A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110078477A KR20120121817A (en) 2011-04-27 2011-08-08 Apparatus and method of secure data communication by multiplexing wifi and wireless communication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020110039769 2011-04-27
KR1020110078477A KR20120121817A (en) 2011-04-27 2011-08-08 Apparatus and method of secure data communication by multiplexing wifi and wireless communication

Publications (1)

Publication Number Publication Date
KR20120121817A true KR20120121817A (en) 2012-11-06

Family

ID=47508212

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110078477A KR20120121817A (en) 2011-04-27 2011-08-08 Apparatus and method of secure data communication by multiplexing wifi and wireless communication

Country Status (1)

Country Link
KR (1) KR20120121817A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020138780A1 (en) * 2018-12-28 2020-07-02 Samsung Electronics Co., Ltd. Electronic device and controlling method of electronic device
CN115174388A (en) * 2022-07-01 2022-10-11 杭州涂鸦信息技术有限公司 Network updating method, device, equipment and storage medium for networked intelligent equipment

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020138780A1 (en) * 2018-12-28 2020-07-02 Samsung Electronics Co., Ltd. Electronic device and controlling method of electronic device
US11425568B2 (en) 2018-12-28 2022-08-23 Samsung Electronics Co., Ltd. Electronic device and controlling method of electronic device
CN115174388A (en) * 2022-07-01 2022-10-11 杭州涂鸦信息技术有限公司 Network updating method, device, equipment and storage medium for networked intelligent equipment
CN115174388B (en) * 2022-07-01 2024-03-26 杭州涂鸦信息技术有限公司 Network updating method, device, equipment and storage medium for networking intelligent equipment

Similar Documents

Publication Publication Date Title
Chahid et al. Internet of things protocols comparison, architecture, vulnerabilities and security: State of the art
CN102843687B (en) The method and system of the portable focus secure accessing of smart mobile phone
US9628459B2 (en) Secure data transmission using multi-channel communication
Liu et al. Security analysis of mobile device-to-device network applications
CN102761870A (en) Terminal authentication and service authentication method, system and terminal
Shokoor et al. Overview of 5G & beyond security
Dorobantu et al. Security threats in IoT
Fu et al. A secure SDN based multi-RANs architecture for future 5G networks
CN104168565A (en) Method for controlling safe communication of intelligent terminal under undependable wireless network environment
Bapat et al. Smart-lock security re-engineered using cryptography and steganography
Guo Survey on WiFi infrastructure attacks
KR102381038B1 (en) Techniques for secure authentication of the controlled devices
Sharma et al. A review on wireless network security
Saedy et al. Ad Hoc M2M Communications and security based on 4G cellular system
KR20120121817A (en) Apparatus and method of secure data communication by multiplexing wifi and wireless communication
Hadi Types of Attacks in Wireless Communication Networks
Pandey et al. A system and method for authentication in wireless local area networks (wlans)
Kumar et al. Security issues in m-government
Lee et al. Man-in-the-middle Attacks Detection Scheme on Smartphone using 3G network
Ouaissa et al. Group access authentication of machine to machine communications in LTE networks
Bodhe et al. Wireless LAN security attacks and CCM protocol with some best practices in deployment of services
Dwiputriane et al. Authentication for 5G Mobile Wireless Networks: Manuscript Received: 5 January 2022, Accepted: 8 February 2022, Published: 15 March 2022
US20240195639A1 (en) Digital-asset authentication with anonymity
Manu et al. An Overview of 5G Technology Evolution with Cases on Drone, Smart Healthcare and Smart City
Mishra Bluetooth security threats

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
AMND Amendment
E601 Decision to refuse application
AMND Amendment
E90F Notification of reason for final refusal
AMND Amendment