KR20160144027A - Method for sharing an encryption key between a server and terminal devices - Google Patents
Method for sharing an encryption key between a server and terminal devices Download PDFInfo
- Publication number
- KR20160144027A KR20160144027A KR1020150071577A KR20150071577A KR20160144027A KR 20160144027 A KR20160144027 A KR 20160144027A KR 1020150071577 A KR1020150071577 A KR 1020150071577A KR 20150071577 A KR20150071577 A KR 20150071577A KR 20160144027 A KR20160144027 A KR 20160144027A
- Authority
- KR
- South Korea
- Prior art keywords
- terminal
- server
- secret key
- key
- public
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Abstract
The present invention relates to a method of sharing a security key between a terminal and a server, and more particularly, to a method of sharing a security key for communication between a terminal and a server, such as a small home appliance, And a terminal and a server for the security key sharing method.
Description
The present invention relates to a method of sharing a security key between a terminal and a server, and more particularly, to a method of sharing a security key for communication between a terminal and a server, such as a small home appliance, And a terminal and a server for the security key sharing method.
One of the most recently emerging IT services is Internet of Things (IoT).
The Internet of Things can be defined as an infrastructure that provides intelligent services by combining information of people, things, objects and objects on a network formed by connected intelligent objects and knowledge based on context awareness. In recent years, the concept has been extended to Io'E'verything including 'T'hings, which means things in the IoT, including humans. The most important characteristic of things Internet is that they do not simply connect things with the Internet, but 'think' with the data exchanged with things themselves.
As a concrete example, the refrigerator is ordering foodstuffs that are lacking by itself, and the washing machine checks the user's schedule, checks the breakdown by itself, and informs the user by making an appointment with the AS article. .
If a terminal such as a home appliance communicates with a server or another terminal by being connected to the Internet to exchange data, if the data is not encrypted, the contents of the data can be easily grasped from the outside and the data may be tampered with There is a problem of. Therefore, it can be said that security of data is essential in communication process.
A conventional security method is to communicate with a secret key between a terminal and a server. However, this method creates a risk of exposing the secret key in the process of generating the first secret key and transmitting it to the other party. Another method is asymmetric encryption, in which a terminal and a server each communicate with a pair of a public key and a secret key. Encryption using a public key can be interpreted as a secret key, which improves security. However, since it requires a lot of manipulation to interpret data, it is not suitable for simple small devices.
That is, there is a need for a simple and highly secure security method applicable to data communication between a terminal and a server in the Internet environment of objects.
It is an object of the present invention to provide a method for sharing a security key between a terminal and a server, such as a small home appliance, for safe communication in an object internet environment, and a terminal and a server for the same .
In particular, the present invention provides a security key sharing method for establishing a group of predetermined terminals and providing a shared secret key commonly to the terminal groups, thereby enabling a more efficient communication, and a terminal and a server therefor.
A method of sharing a security key between a terminal and a server, the method comprising the steps of: a) transmitting a serial number of the terminal to a server; b) the server retrieves and retrieves a unique password of the terminal from the database of the server using the serial number received from the terminal; c) encrypting the shared secret key for communication with the terminal by the server with the inherent secret key of the corresponding terminal and transmitting the encrypted secret key to the terminal; d) the terminal decrypts the encrypted shared secret key received from the server into the unique secret code stored in the terminal; And e) the server and the terminal communicate using the shared secret key.
At this time, the terminal forms a terminal group with nearby terminals, and the shared secret key may be a common secret key commonly assigned to terminals in the terminal group, or may be a public secret key separately assigned to the shared secret key.
The method further includes: after the step (e), the server changes the public secret key according to the case, encrypts the changed public private key with the unique password of each of the terminals in the terminal group, and transmits the public private key; g) receiving, when the terminal in the terminal group receives the public private key from the server, decrypting the private public key with its own private key and storing the changed public private key; h) communicating in the terminal group communication or in the communication between the terminal group and the server using the public secret key.
According to another aspect of the present invention, there is provided a terminal for sharing a security key for security when communicating with a server, the terminal including a memory permanently storing a serial number and a unique password, the server transmitting the serial number to a server, Upon receiving the shared secret key, the server decrypts the secret key using the unique secret key, and then communicates with the server using the shared secret key.
At this time, the terminal is a terminal without a separate input device, and can automatically transmit the serial number to the server when power is first supplied and the Internet is connected.
In addition, the terminal may be a terminal group with nearby terminals, and the terminal group may be provided with a public secret key commonly used by the server to perform communication between terminals in the terminal group and communication between the server and the terminal group .
According to another aspect of the present invention, there is provided a server for sharing a security key for security when communicating with a terminal, the secret having the same unique password stored in the terminal is stored. When the serial number is received from the terminal, A secret key for communication is encrypted with the unique secret number and transmitted to the terminal, and then the terminal can communicate with the terminal using the shared secret key. have.
At this time, the server transmits the same common secret key to the terminals in the specific terminal group, the public key is encrypted with the unique password of each terminal, and the terminal communicates with the terminal using the public secret key And can communicate with the individual terminal using the shared secret key of the corresponding terminal.
In addition, the server changes the public secret key periodically or non-periodically to improve security, and transmits the encrypted public private key by encrypting the changed public private key with a unique password of each terminal.
Since the conventional symmetric secret key method receives the secret key without encryption at first, there is a great risk that the secret key is exposed in this process. Asymmetric public key / secret key method is excellent in security, but encryption / So that it is not appropriate to be applied to terminals having a simple function.
The present invention solves all of these problems by permanently storing the serial number and the unique password so that the terminal can communicate with the server from the time of manufacturing the terminal. When the power is first connected, And receives the shared secret key and communicates with the server using the shared secret key. This is a very simple method, but has an advantage of excellent security. That is, although the serial number transmitted to the server by the terminal may be exposed to the outside, since the unique password is known only to the server and the terminal, the risk of exposing the shared secret key encrypted with the unique password is very low.
In addition, the server can further improve the security by changing the public secret key as needed, and the modification method also has a simple and safe effect by using the unique password.
1 is a diagram illustrating a security key sharing process according to an embodiment of the present invention.
FIG. 2 is a schematic view showing an entire system according to the security key sharing method of FIG. 1; FIG.
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention, and the manner of achieving them, will be apparent from and elucidated with reference to the embodiments described hereinafter in conjunction with the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. To fully disclose the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout the specification.
Unless defined otherwise, all terms (including technical and scientific terms) used herein may be used in a sense commonly understood by one of ordinary skill in the art to which this invention belongs. Also, commonly used predefined terms are not ideally or excessively interpreted unless explicitly defined otherwise.
The terminology used herein is for the purpose of illustrating embodiments and is not intended to be limiting of the present invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. The terms " comprises "and / or" comprising "used in the specification do not exclude the presence or addition of one or more other elements in addition to the stated element.
The present invention relates to a method of sharing a security key between a terminal and a server.
First, a terminal according to the present invention is a home appliance provided to be able to communicate through a wired / wireless network. The wired / wireless network may be various types of wireless communication such as wireless fidelity, Zigbee, Bluetooth, NFC (Near Field Communication) in addition to wired communication.
The home appliances capable of communicating with each other may be any appliances such as a refrigerator, an oven, a washing machine, a vacuum cleaner, a printer, a fax machine, a multifunctional apparatus, a webcam, a television, a video player, a audio player, an intercom, an air conditioner, a heater,
In recent years, communication chips have been miniaturized due to the development of communication technologies and semiconductor technologies. In many cases, these home appliances are in an environment where power can be steadily applied. In many cases, the sizes of devices themselves are larger than those of general mobile devices Therefore, it is becoming a major concern for all electronic companies in the world to incorporate communication functions into household appliances.
In particular, as the concept of Internet of things has emerged, all home appliances are equipped with a communication function to communicate with the server or communicate with home appliances. At this time, the home appliances themselves sense the surrounding environment to transmit and receive data, And so on.
At present, there is a problem in that the security of data transmission and reception is low, so that contents of the data can be easily grasped from the outside and unauthorized modification is possible in many cases.
Furthermore, since the amount of communication data increases sharply as the technology progresses, there is a growing need for a security method that can increase security even in a relatively simple manner.
The present invention provides a simple and highly secure security method applicable to a data transmission / reception process performed in the Internet environment.
FIG. 1 is a diagram illustrating a security key sharing process according to an embodiment of the present invention. FIG. 2 is a schematic block diagram of an overall system according to a security key sharing method of FIG. Hereinafter, the technical idea of the present invention will be described more specifically with reference to the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are included to provide a further understanding of the technical concept of the present invention, are incorporated in and constitute a part of the specification, and are not intended to limit the scope of the present invention.
As shown in FIG. 1, the security key sharing method according to an embodiment of the present invention may include the following steps a to e.
In step a, the terminal 10 transmits its serial number to the server 20 (S100). At this time, the terminal 10 has its own serial number and a unique password permanently stored in the memory. Also, when the power is supplied for the first time and is connected to the
When the
Next, in step c, the
As described above, the unique password is a number permanently stored in the terminal 10, and the same unique password is stored in association with the serial number of the terminal 10 in the database of the
In step d, the terminal 10 decrypts the encrypted shared secret key received from the
If the shared secret key (security key) is shared between the
Since the conventional symmetric secret key method receives the secret key without encryption at first, there is a great risk that the secret key is exposed in this process. Asymmetric public key / secret key method is excellent in security, but encryption / So that it is not appropriate to be applied to terminals having a simple function. However, the present invention is a security key sharing method capable of solving all of these problems. The present invention permanently stores the serial number and the unique password so that the terminal can communicate with the server from the time of manufacturing the terminal, It automatically connects to the server, receives the shared secret key, and communicates with the server using the shared secret key. This is a very simple method, but it is a very good security method. That is, although the serial number transmitted from the terminal in step a may be exposed to the outside, since the unique password is known only to the server and the terminal, the risk of exposing the shared secret key encrypted with the unique password is very low There are advantages.
In particular, the present invention is most suitably applied to a terminal having no input device such as a keyboard or a mouse. For example, if the terminal is an outlet, the outlet periodically or at the request of the server sends its current status (busy / unused) to the server, and if the server determines that the outlet is not being used for a period of time, Power can be shut off. Also, an external user can connect to the server using a communication device, send a specific signal to the server, and request an operation command and an information request command to the terminal according to the signal.
That is, in the case of a terminal having a simple On / Off operation such as a socket or a light, it is possible to securely transmit and receive data by being connected to a server even though an input device is not provided.
1 and 2, the present invention can form a
When the terminals belong to the
That is, the
The server transmits the common public key common to the terminals in the specific
For example, if the
Communication between lights in the group can also be made through the public secret key. For example, each illumination knows where the other lights are located and is currently operating, and may be controlled to automatically adjust the brightness between each of the lights according to the external illumination in conjunction with other lights.
On the other hand, the server changes the public secret key periodically or non-periodically to improve security, and encrypts the changed public private key by encrypting it with a unique password of each terminal. The terminal decrypts it and applies the changed public secret key to perform communication thereafter.
That is, as shown in FIG. 1, the method according to an embodiment of the present invention may further include steps f to h for changing the public secret key after step e.
In step f6, the server changes the public private key and encrypts the changed public private key with the unique password of each of the terminals in the terminal group (S600). At this time, the public secret key change may be performed periodically, or may be performed non-periodically according to a user's request.
Next, in step g7, when the terminal in the terminal group receives the public private key from the server, the terminal decrypts the public private key using its own private key to store the changed public private key in step S700. In step h7, In communication, communication is performed using a public secret key (S800).
That is, as described above, the security can be further improved by changing the public secret key as needed, and the changing method is also simple and safe by using the unique password.
It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
10: Terminal
20: Server
100: terminal group
Claims (9)
a) the terminal transmits its serial number to the server (S100);
b) The server retrieves and searches a unique password of the terminal from the database of the server using the serial number received from the terminal (S200);
c) the server encrypts the shared secret key for communication with the terminal with a unique password of the terminal and transmits the encrypted secret key to the terminal (S300);
d) the terminal decrypts the encrypted shared secret key received from the server into the unique password stored in the terminal (S400); And
e) communicating the server and the terminal using the shared secret key (S500);
And a security key sharing method.
A terminal group and a neighboring terminal group,
Wherein the shared secret key is a public secret key commonly assigned to terminals in the terminal group or a public secret key assigned separately from the shared secret key.
f) if the server changes the public secret key and encrypts the changed public private key with the unique password of each of the terminals in the terminal group (S600);
g) receiving, when the terminal in the terminal group receives the public private key from the server, decrypting the public private key with its own private key and storing the changed public private key (S700); And
h) communicating within the terminal group or during communication between the terminal group and the server using the public secret key (S800);
The method of claim 1, further comprising:
The serial number and the unique password comprise permanently stored memory,
And transmits the serial number to the server. When receiving the encrypted shared secret key from the server, the server decrypts the encrypted secret key using the unique secret, and then communicates with the server using the shared secret key.
Wherein the terminal is not provided with an input device, and when the first power is supplied and the Internet is connected, the terminal automatically transmits the serial number to the server.
A terminal group and a neighboring terminal group,
Wherein the terminal group is provided with a common secret key commonly used by the server to perform communication between terminals in the terminal group and communication between the server and the terminal group.
A password identical to a unique password stored in the terminal is stored in the database,
The terminal searches for and retrieves a unique password of the terminal in the database using the serial number, encrypts the shared secret key for communication with the unique password, and transmits the encrypted secret key to the terminal, And communicating using the shared secret key.
And transmitting the same common secret key to the terminals in the specific terminal group in common, wherein the public secret key is encrypted with a unique password of each terminal,
Wherein the server communicates with the terminal group using the public secret key and communicates with the terminal using the shared secret key of the corresponding terminal.
Wherein the server changes the public secret key periodically or non-periodically to improve security, and encrypts the changed public private key with a unique password of each terminal for transmission.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150071577A KR101692263B1 (en) | 2015-05-22 | 2015-05-22 | Method for sharing an encryption key between a server and terminal devices |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150071577A KR101692263B1 (en) | 2015-05-22 | 2015-05-22 | Method for sharing an encryption key between a server and terminal devices |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20160144027A true KR20160144027A (en) | 2016-12-16 |
KR101692263B1 KR101692263B1 (en) | 2017-01-04 |
Family
ID=57735842
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150071577A KR101692263B1 (en) | 2015-05-22 | 2015-05-22 | Method for sharing an encryption key between a server and terminal devices |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101692263B1 (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100382880B1 (en) * | 2000-12-28 | 2003-05-09 | 한컴씨큐어 주식회사 | Authentication system and method using one-time password mechanism |
KR100643325B1 (en) * | 2005-02-18 | 2006-11-10 | 삼성전자주식회사 | Network and creating method of domain thereof |
KR20080078555A (en) | 2007-02-23 | 2008-08-27 | (주)코리아센터닷컴 | System and method of transmitting/receiving security data |
KR20140059457A (en) * | 2012-11-08 | 2014-05-16 | 현대모비스 주식회사 | Telematics system and the information securing method |
-
2015
- 2015-05-22 KR KR1020150071577A patent/KR101692263B1/en active IP Right Grant
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100382880B1 (en) * | 2000-12-28 | 2003-05-09 | 한컴씨큐어 주식회사 | Authentication system and method using one-time password mechanism |
KR100643325B1 (en) * | 2005-02-18 | 2006-11-10 | 삼성전자주식회사 | Network and creating method of domain thereof |
KR20080078555A (en) | 2007-02-23 | 2008-08-27 | (주)코리아센터닷컴 | System and method of transmitting/receiving security data |
KR20140059457A (en) * | 2012-11-08 | 2014-05-16 | 현대모비스 주식회사 | Telematics system and the information securing method |
Also Published As
Publication number | Publication date |
---|---|
KR101692263B1 (en) | 2017-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101560416B1 (en) | Secure channel establishment method and apparatus in short range communication | |
TWI488463B (en) | Gateway, smart home system and smart control method of home appliance thereof | |
JP2023123584A (en) | mesh network commissioning | |
CN105766016B (en) | Method and apparatus for inter-profile debugging in a network | |
AU2011349820B2 (en) | Wireless communication system and method | |
CN203151535U (en) | Intelligent gateway and intelligent household system | |
US20160143069A1 (en) | System and method for multiple wi-fi devices automatically connecting to specified access point | |
CN105142095B (en) | Smart bluetooth group matching method mutually passes control method with interconnection | |
TW201426675A (en) | Intelligent adapter and remote system using the same | |
TW201409889A (en) | Smart home network system and its registration controller and registration method for household electrical device | |
JP6742412B2 (en) | Commissioning device and method for commissioning a new device into a system | |
EP2974353A1 (en) | Wireless light pairing, dimming and control | |
CN105069875A (en) | Electronic key, electronic devices and electronic device networking/pairing method | |
TWM449417U (en) | Smart home network system and its registration controller | |
KR100978141B1 (en) | Wired and wireless integration gateway and operation method thereof | |
EP3345461B1 (en) | Installing and commissioning transceivers coupled to loads | |
CN108370629B (en) | Lighting commissioning system and method of commissioning at least one infrastructure element | |
US20160337327A1 (en) | Method for managing a node association in a wireless personal area communication network | |
KR102052483B1 (en) | Seed code transmission method and system for location-based password service using evolved multimedia broadcast multicast services system in a cellular iot network | |
WO2016192183A1 (en) | Communication method for wi-fi internet of things equipment and wi-fi internet of things system | |
KR101692263B1 (en) | Method for sharing an encryption key between a server and terminal devices | |
McPherson et al. | Using smartphones to enable low-cost secure consumer IoT devices | |
CN107294822A (en) | A kind of intelligent home control system and method | |
KR101819422B1 (en) | Method for managing iot devices in cloud services and apparatus using the same | |
CN114205822A (en) | IoT (Internet of things) equipment and authorization method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AMND | Amendment | ||
E601 | Decision to refuse application | ||
AMND | Amendment | ||
X701 | Decision to grant (after re-examination) | ||
GRNT | Written decision to grant |