KR20150136791A - Authentication and access control system to use indoor LBS - Google Patents

Authentication and access control system to use indoor LBS Download PDF

Info

Publication number
KR20150136791A
KR20150136791A KR1020140064237A KR20140064237A KR20150136791A KR 20150136791 A KR20150136791 A KR 20150136791A KR 1020140064237 A KR1020140064237 A KR 1020140064237A KR 20140064237 A KR20140064237 A KR 20140064237A KR 20150136791 A KR20150136791 A KR 20150136791A
Authority
KR
South Korea
Prior art keywords
information
access control
authentication
location
service
Prior art date
Application number
KR1020140064237A
Other languages
Korean (ko)
Inventor
가원호
Original Assignee
주식회사 위트시스템즈
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 위트시스템즈 filed Critical 주식회사 위트시스템즈
Priority to KR1020140064237A priority Critical patent/KR20150136791A/en
Publication of KR20150136791A publication Critical patent/KR20150136791A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/33Services specially adapted for particular environments, situations or purposes for indoor environments, e.g. buildings
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/04Access restriction performed under specific conditions based on user or terminal location or mobility data, e.g. moving direction, speed

Abstract

The present invention relates to an authentication and access control service system using an indoor location based service which is composed of wireless transmitting and receiving apparatuses such as Wi-Fi, zigbee, UWB, beacon, Bluetooth, etc, which are an indoor positioning technology. The system comprises: an indoor positioning terminal installed in a certain indoor location, and receiving and sending a signal; a positioning sensor installation user terminal which records location information by receiving a location signal of the indoor positioning terminal, and having a location information interlocking software (S/W) which can be operated in a terminal which transmits the recorded location information; a policy determination system portion which measures current location information in real time in the user terminal, receives the measured location information, manages an access authority checking for a location per service as well as registered current location based authority information, indoor positioning information, user authentication information, an access target service list, a policy setting, etc., and determines an authentication and access control; an interlocking module which receives and checks the access control information of the policy determination system portion; and various physical/logical access control portions which receive the access control information signal, received from the interlocking module, and control a service in accordance with a current location based access availability of a user.

Description

실내위치기반서비스를 이용한 인증 및 접근제어 서비스 시스템{Authentication and access control system to use indoor LBS}[0001] Authentication and access control system using indoor location-based service [

본 발명은 실내측위기술인 와이파이(wi-fi), 지그비(Zigbee), UWB, 비콘(Beacon), 블루투스(Bluetooth) 등의 무선송수신 장치들로 구성되는 실내위치기반서비스를 이용한 인증 및 접근제어 서비스 시스템에 관한 것이다.
The present invention relates to an authentication and access control service system using an indoor location-based service, which is composed of wireless transmitting and receiving devices such as an indoor positioning technology, wi-fi, Zigbee, UWB, beacon, .

SaaS(Software as a Service)는 외부에 존재하는 제공자의 시스템에 접속해서 사용하는 서비스의 일종이며, 따라서, 특정 회사 안의 여러 구역은 물론 회사 밖에서라도 언제 어디서나 접속이 가능하도록 한다. 따라서, 정보의 유출에 취약하여 보안의 필요성이 지속적으로 논의 되고 있다. Software as a Service (SaaS) is a kind of service that is used by connecting to an external provider's system, so that it can be accessed anywhere in the company as well as outside the company. Therefore, it is vulnerable to leakage of information, and the necessity of security is continuously discussed.

오늘날 인증시스템은 인증 및 접근권한을 소유한 사용자에 대한 원격지 접근에 대해 논리적 제어방법이 없는 실정이다. 해커에 의한 백 도어 해킹된 사용자의 인증정보를 이용하여 접근을 시도함에 따라 인증시스템이 인증자의 신원을 정확히 확인할 수 없는 문제가 있다. Today, authentication systems do not have a logical control method for remote access to users with authentication and access rights. There is a problem in that the authentication system can not accurately check the identity of the authenticator by attempting access using the authentication information of the backdoor hacked user by the hacker.

기존 물리적 보안은 하드웨어적 인증수단의 복제 및 도용으로부터 본인여부를 판단할 수 없는 단점이 있고, 물리적 공간별 네트워크를 통한 접근제어 방법의 부재로 인해 네트워크의 차단 없이 위치 기반의 접근제어가 불가한 문제가 있다.
Existing physical security has a disadvantage in that it can not be judged from the duplication or theft of the hardware authentication means and it is impossible to control the location based access without blocking the network due to the lack of the access control method through the physical space network .

1. 대한민국등록특허공보 제10-1059058호1. Korean Patent Registration No. 10-1059058

본 발명에서는 기존의 다양한 물리/논리적 접근통제시스템에 현존하는 다양한 실내측위기술을 이용하여 사용자는 모바일디바이스 및 H/W에 탑재된 위치측정 S/W를 통해 실시간으로 현위치 정보를 정책결정시스템에 제공하고, 각각의 인증서비스는 위치에 대한 접근권한 정보를 이용하여 더욱 강력한 보안인증서비스를 제공하기 위한 실내위치기반서비스를 이용한 인증 및 접근제어 서비스 시스템을 제공하는 것을 그 해결과제로 한다.
In the present invention, by using various indoor positioning technologies existing in various existing physical / logical access control systems, the user can use the location measurement software installed in the mobile device and the H / W to present the current location information to the policy decision system And an authentication and access control service system using an indoor location based service for providing a stronger security authentication service by using the information of access right to the location of each authentication service.

상기한 과제를 해결한 본 발명의 실내위치기반서비스를 이용한 인증 및 접근제어 서비스 시스템은 실내의 특정위치에 설치되어 신호를 수발신하는 실내측위단말기;와According to another aspect of the present invention, there is provided an authentication and access control service system using an indoor location-based service, the system including: an indoor positioning terminal installed at a specific location in a room for receiving and receiving signals;

상기 실내측위단말기의 위치신호를 수신하여 위치정보를 기록하고, 그 기록된 위치정보를 송신하는 단말에서 구동 가능한 형태의 위치정보연동 소프트웨어(S/W)가 내장된 위치측정 센서 탑재 사용자 단말기;와A user terminal equipped with a position measuring sensor having a built-in position information interlocking software (S / W) capable of receiving the position signal of the indoor positioning terminal and recording the position information and driving the terminal to transmit the recorded position information;

상기 사용자 단말기에서 실시간으로 현 위치 정보를 측정하고 그 측정된 위치정보를 수신하여 서비스별 위치에 대한 접근권한 조회 및 등록된 현 위치기반 권한정보, 실내측위정보, 사용자인증정보, 접근대상서비스 목록, 정책설정 등을 관리하여 인증 및 접근제어를 판단하는 정책결정시스템부;와 The user terminal measures the current location information in real time, receives the measured location information, and displays an access right inquiry about the service specific location, registered current location based authority information, indoor positioning information, user authentication information, A policy determination system unit for managing policy settings and the like to determine authentication and access control;

상기 정책결정시스템부의 접근제어정보를 수신/조회하는 연동모듈;과An interworking module for receiving / inquiring access control information of the policy decision system unit;

상기 연동모듈로부터 수신된 접근제어정보 신호를 받아 사용자의 현 위치기반 접근여부에 따른 서비스를 제어하는 다양한 물리/논리적 접근통제제어부를 포함하여 구성된다.
And a variety of physical / logical access control controllers for receiving the access control information signal received from the interworking module and controlling the service according to the user's current location based access control.

본 발명은 해킹에 의한 인증 및 접근권한의 노출에도 사용자의 현 위치정보를 이용한 2차적인 접근제어가 가능한 효과가 있다. The present invention has an effect of enabling secondary access control using the current location information of the user even in the case of exposure of authentication and access authority by hacking.

또한, 물리적 공간별 인증 및 접근권한의 제어를 통한 보안성을 강화할 수 있고, 시스템의 위치 별 네트워크의 단절 없이 물리적 사용자 접근제어 효과가 있다. In addition, security can be enhanced by controlling authentication and access authority for each physical space, and physical user access control can be achieved without disconnection of the network according to the system position.

또한, 사용자의 인증 및 접근제어, 장비의 구동, 소프트웨어의 동작이 실내 위치정보를 이용하여 특정위치에만 허용되도록 제어가 가능한 효과가 있다.
In addition, there is an effect that control can be performed such that user authentication and access control, equipment operation, and software operation are allowed only at specific locations using indoor location information.

도 1 은 본 발명의 서비스 시스템의 일 구성예를 도시한 구성도.
도 2 는 본 발명의 서비스 시스템의 일실시예를 도시한 블럭도.
도 3 내지 8 은 본 발명의 서비스 시스템의 인증 및 접근제어 상세 프로세스의 일실시예를 도시한 흐름도.BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram showing a configuration example of a service system of the present invention. FIG.
2 is a block diagram illustrating an embodiment of a service system of the present invention;
Figures 3 to 8 are flow charts illustrating an embodiment of an authentication and access control detailing process of the service system of the present invention.

이하, 본 발명을 첨부된 도면을 참조하여 보다 상세히 설명하기로 한다. BRIEF DESCRIPTION OF THE DRAWINGS The present invention will be described in more detail with reference to the accompanying drawings.

도 1 은 본 발명의 서비스 시스템의 일 구성예를 도시한 구성도이고, 도 2 는 본 발명의 서비스 시스템의 일실시예를 도시한 블럭도이며, 도 3 내지 8 은 본 발명의 서비스 시스템의 인증 및 접근제어 상세 프로세스의 일실시예를 도시한 흐름도이다. 2 is a block diagram showing an embodiment of a service system according to the present invention, and Figs. 3 to 8 are diagrams showing an example of a service system authentication And a flow diagram illustrating one embodiment of an access control detail process.

본 발명은 실내측위기술인 와이파이(wi-fi), 지그비(Zigbee), UWB, 비콘(Beacon), 블루투스(Bluetooth) 등의 무선송수신 장치들로 구성되는 실내위치기반서비스를 이용한 인증 및 접근제어 서비스 시스템에 관한 것으로, 본 발명에 따르면, 제공되는 실내위치기반서비스를 이용한 인증 및 접근제어 서비스 시스템은 The present invention relates to an authentication and access control service system using an indoor location-based service, which is composed of wireless transmitting and receiving devices such as an indoor positioning technology, wi-fi, Zigbee, UWB, beacon, According to the present invention, the authentication and access control service system using the provided indoor location-based service

실내의 특정위치에 설치되어 신호를 수발신하는 실내측위단말기;와An indoor positioning terminal installed at a specific location in a room for receiving and receiving signals;

상기 실내측위단말기의 위치신호를 수신하여 위치정보를 기록하고, 그 기록된 위치정보를 송신하는 단말에서 구동 가능한 형태의 위치정보연동 소프트웨어(S/W)가 내장된 위치측정 센서 탑재 사용자 단말기;와A user terminal equipped with a position measuring sensor having a built-in position information interlocking software (S / W) capable of receiving the position signal of the indoor positioning terminal and recording the position information and driving the terminal to transmit the recorded position information;

상기 사용자 단말기에서 실시간으로 현 위치 정보를 측정하고 그 측정된 위치정보를 수신하여 서비스별 위치에 대한 접근권한 조회 및 등록된 현 위치기반 권한정보, 실내측위정보, 사용자인증정보, 접근대상서비스 목록, 정책설정 등을 관리하여 인증 및 접근제어를 판단하는 정책결정시스템부;와 The user terminal measures the current location information in real time, receives the measured location information, and displays an access right inquiry about the service specific location, registered current location based authority information, indoor positioning information, user authentication information, A policy determination system unit for managing policy settings and the like to determine authentication and access control;

상기 정책결정시스템부의 접근제어정보를 수신/조회하는 연동모듈;과An interworking module for receiving / inquiring access control information of the policy decision system unit;

상기 연동모듈로부터 수신된 접근제어정보 신호를 받아 사용자의 현 위치기반 접근여부에 따른 서비스를 제어하는 다양한 물리/논리적 접근통제제어부를 포함하여 구성된다. And a variety of physical / logical access control controllers for receiving the access control information signal received from the interworking module and controlling the service according to the user's current location based access control.

본 발명에 따른 시스템은 사용자의 인증에 의해 접근이 허용되는 다양한 시스템(H/W, S/W, OS 등)에 실내위치 측정기술(Indoor LBS)을 이용하여 사용자 위치정보에 따른 인증 및 접근을 제어하는 것이다. The system according to the present invention is capable of authenticating and accessing user location information by using indoor LBS in various systems (H / W, S / W, OS, etc.) .

이러한 제어는 광센서기반, 지그비(ZigBee), UWB, 와이파이(Wi-Fi), Bluetooth, Beacon 등의 실내측위기술과, 위치연동 어플리케이션(모바일 어플리케이션, 임베디드 S/W)등의 위치정보확인, 수집 및 분석을 하는 위치정보확인모듈이 내장된 사용자 단말기와, 상기 사용자 단말기로부터 수신되는 실내측위정보, 사용자 인증정보, 권한정보, 접근대상서비스 목록, 정책설정 등을 관리하여 인증 및 접근제어를 판단하는 정책서버와, 상기 정책서버로부터 접근제어정보를 수신/조회하는 연동모듈과, 상기 연동모듈로부터 수신된 인증 및 접근제어정보를 이용하여 접근을 제어하는 접근제어시스템(ex) Web Application, C/S, 인증솔루션, 접근제어솔루션, OS등)의 기술구성요소에 의해 구현된다.This control can be used to identify and collect location information such as optical sensor based, ZigBee, UWB, Wi-Fi, Bluetooth, Beacon, etc. and location-linked applications (mobile applications, embedded software) And a location information confirmation module for performing analysis, and a user terminal that manages authentication and access control by managing indoor positioning information, user authentication information, authority information, access target service list, and policy settings received from the user terminal A policy server, an interworking module for receiving / inquiring access control information from the policy server, and an access control system for controlling access using the authentication and access control information received from the interworking module ex. Web Application, C / S , Authentication solution, access control solution, OS, etc.).

도 1 및 2를 참조하여 설명하면, 기존의 다양한 물리/논리적 접근통제시스템에 현존하는 다양한 실내측위기술을 이용하여, 사용자는 모바일디바이스 및 H/W에 탑재된 위치측정 S/W를 통해 실시간으로 현 위치정보를 정책결정시스템에 제공하고, 각각의 인증 서비스는 위치에 대한 접근권한정보를 이용하여 더욱 강력한 보안 인증서비스를 제공하게 된다.Referring to FIGS. 1 and 2, using various indoor positioning technologies existing in various existing physical / logical access control systems, a user can perform real-time positioning by using a location measurement S / W mounted on a mobile device and an H / W The current location information is provided to the policy decision system, and each authentication service provides a stronger security authentication service using the access right information for the location.

이때, 위치측정단말은 단말에서 구동 가능한 형태의 S/W를 통해 실내측위기술장비의 위치정보를 수신하여 현 위치를 정책결정시스템에 제공하고, 정책결정시스템은 접근제어 대상 별 접근위치에 대한 접근정책을 등록하여 관리한다. At this time, the position measuring terminal receives the position information of the indoor positioning technique equipment through the S / W that can be driven by the terminal, and provides the current position to the policy decision system. The policy decision system determines the access position The policy is registered and managed.

위치기반 인증 및 접근제어가 필요한 대상서비스는 기존의 인증모듈(ID/PW 등 1차 인증)로 사용자 인증 후 위치기반 정책모듈을 통해 최종적으로 접근허용여부를 판단하게 된다. The target service requiring location-based authentication and access control is determined by the location-based policy module after the user authentication with the existing authentication module (primary authentication such as ID / PW).

도 3 내지 8은 인증 및 접근제어 상세 프로세스를 도시한 일예로서, 도 3은 위치측정 소프트웨어의 설치여부를 인증하는 프로세스이고, 도 4 및 5는 사용자의 서비스 접근 가능 위치에서 접근 시도하는 프로세르를 예시한 것이며, 도 6 내지 8은 사용자가 서비스 접근 상태에서 접근가능 위치 이탈 시 차단프로세스를 예시한 것이다.
FIGS. 3 to 8 illustrate an authentication and access control detail process. FIG. 3 is a process for authenticating whether or not the location measurement software is installed. FIGS. 4 and 5 show a process of accessing a user And Figs. 6 to 8 illustrate a blocking process when the user is in the service access state and in the accessible position.

Claims (1)

실내의 특정위치에 설치되어 신호를 수발신하는 실내측위단말기;와
상기 실내측위단말기의 위치신호를 수신하여 위치정보를 기록하고, 그 기록된 위치정보를 송신하는 단말에서 구동 가능한 형태의 위치정보연동 소프트웨어(S/W)가 내장된 위치측정 센서 탑재 사용자 단말기;와
상기 사용자 단말기에서 실시간으로 현 위치 정보를 측정하고 그 측정된 위치정보를 수신하여 서비스별 위치에 대한 접근권한 조회 및 등록된 현 위치기반 권한정보, 실내측위정보, 사용자인증정보, 접근대상서비스 목록, 정책설정 등을 관리하여 인증 및 접근제어를 판단하는 정책결정시스템부;와
상기 정책결정시스템부의 접근제어정보를 수신/조회하는 연동모듈;과
상기 연동모듈로부터 수신된 접근제어정보 신호를 받아 사용자의 현 위치기반 접근여부에 따른 서비스를 제어하는 다양한 물리/논리적 접근통제제어부를 포함하여 구성되는 것을 특징으로 하는 실내위치기반서비스를 이용한 인증 및 접근제어 서비스 시스템.An indoor positioning terminal installed at a specific location in a room for receiving and receiving signals;
A user terminal equipped with a position measuring sensor having a built-in position information interlocking software (S / W) capable of being operated by a terminal receiving the position signal of the indoor positioning terminal and recording the position information and transmitting the recorded position information;
The user terminal measures the current location information in real time, receives the measured location information, and displays an access right inquiry about the service specific location, registered current location based authority information, indoor positioning information, user authentication information, A policy determination system unit for managing policy settings and the like to determine authentication and access control;
An interworking module for receiving / inquiring access control information of the policy decision system unit;
And a variety of physical / logical access control controllers for receiving the access control information signal received from the interworking module and controlling the service according to the user's current location based access control. Control service system.
KR1020140064237A 2014-05-28 2014-05-28 Authentication and access control system to use indoor LBS KR20150136791A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020140064237A KR20150136791A (en) 2014-05-28 2014-05-28 Authentication and access control system to use indoor LBS

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020140064237A KR20150136791A (en) 2014-05-28 2014-05-28 Authentication and access control system to use indoor LBS

Publications (1)

Publication Number Publication Date
KR20150136791A true KR20150136791A (en) 2015-12-08

Family

ID=54872756

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020140064237A KR20150136791A (en) 2014-05-28 2014-05-28 Authentication and access control system to use indoor LBS

Country Status (1)

Country Link
KR (1) KR20150136791A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105717484A (en) * 2016-02-24 2016-06-29 苏州科技学院 Indoor positioning system and positioning method
CN109819398A (en) * 2019-02-26 2019-05-28 山东科技大学 Indoor high-precision multisource wireless location system
KR20220076097A (en) 2020-11-30 2022-06-08 동명대학교산학협력단 Route Pattern Recognition Method for Indoor Location Tracking using Smart Watch

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105717484A (en) * 2016-02-24 2016-06-29 苏州科技学院 Indoor positioning system and positioning method
CN109819398A (en) * 2019-02-26 2019-05-28 山东科技大学 Indoor high-precision multisource wireless location system
KR20220076097A (en) 2020-11-30 2022-06-08 동명대학교산학협력단 Route Pattern Recognition Method for Indoor Location Tracking using Smart Watch

Similar Documents

Publication Publication Date Title
US10666365B2 (en) Ultrasonic communications for wireless beacons
US10020951B2 (en) Crowdsourcing-based detection, identification, and tracking of electronic devices
KR101608639B1 (en) Total smart system for information security
US11368845B2 (en) Secure seamless access control
KR101769895B1 (en) User terminal device, Internet of Things control method, computer program and storage medium therefor
KR101564716B1 (en) Apparatus for managing open and shut in enclosure box
US20160063778A1 (en) Proximity security system and method for industrial door openers
KR101534476B1 (en) Method and apparatus for detecting unauthorized access point
CN107079266B (en) Method and system for controlling a device
KR20170057744A (en) Antitheft System Of Smart Device
US20220408263A1 (en) Access control system and method
KR20150136791A (en) Authentication and access control system to use indoor LBS
CN107396361B (en) Method and equipment for carrying out wireless connection pre-authorization on user equipment
KR20150081387A (en) Certification System and Method For User
CN107396295B (en) Method and equipment for carrying out wireless connection pre-authorization on user equipment
WO2016135488A1 (en) Virtual barrier system and method
Oluwatimi et al. A context-aware system to secure enterprise content
JP5960035B2 (en) Location information system
GB2590357A (en) Access control system and method
KR101580816B1 (en) Sensor node detection system and method for the sensor node detection system
KR101591053B1 (en) Remote control method and system using push service
KR101427442B1 (en) Position tracking apparatus using tag
KR20160027483A (en) Security System
KR20230128315A (en) Intelligent arrangement of unlock notifications
GB2608692A (en) Access control system and method

Legal Events

Date Code Title Description
E902 Notification of reason for refusal
AMND Amendment
E601 Decision to refuse application
AMND Amendment
X601 Decision of rejection after re-examination