KR20160144027A - Method for sharing an encryption key between a server and terminal devices - Google Patents

Method for sharing an encryption key between a server and terminal devices Download PDF

Info

Publication number
KR20160144027A
KR20160144027A KR1020150071577A KR20150071577A KR20160144027A KR 20160144027 A KR20160144027 A KR 20160144027A KR 1020150071577 A KR1020150071577 A KR 1020150071577A KR 20150071577 A KR20150071577 A KR 20150071577A KR 20160144027 A KR20160144027 A KR 20160144027A
Authority
KR
South Korea
Prior art keywords
terminal
server
secret key
key
public
Prior art date
Application number
KR1020150071577A
Other languages
Korean (ko)
Other versions
KR101692263B1 (en
Inventor
이창석
Original Assignee
한밭대학교 산학협력단
한밭대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한밭대학교 산학협력단, 한밭대학교 산학협력단 filed Critical 한밭대학교 산학협력단
Priority to KR1020150071577A priority Critical patent/KR101692263B1/en
Publication of KR20160144027A publication Critical patent/KR20160144027A/en
Application granted granted Critical
Publication of KR101692263B1 publication Critical patent/KR101692263B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Abstract

The present invention relates to a method of sharing a security key between a terminal and a server, and more particularly, to a method of sharing a security key for communication between a terminal and a server, such as a small home appliance, And a terminal and a server for the security key sharing method.

Description

[0001] The present invention relates to a security key sharing method and a terminal and a server for the same,

The present invention relates to a method of sharing a security key between a terminal and a server, and more particularly, to a method of sharing a security key for communication between a terminal and a server, such as a small home appliance, And a terminal and a server for the security key sharing method.

One of the most recently emerging IT services is Internet of Things (IoT).

The Internet of Things can be defined as an infrastructure that provides intelligent services by combining information of people, things, objects and objects on a network formed by connected intelligent objects and knowledge based on context awareness. In recent years, the concept has been extended to Io'E'verything including 'T'hings, which means things in the IoT, including humans. The most important characteristic of things Internet is that they do not simply connect things with the Internet, but 'think' with the data exchanged with things themselves.

As a concrete example, the refrigerator is ordering foodstuffs that are lacking by itself, and the washing machine checks the user's schedule, checks the breakdown by itself, and informs the user by making an appointment with the AS article. .

If a terminal such as a home appliance communicates with a server or another terminal by being connected to the Internet to exchange data, if the data is not encrypted, the contents of the data can be easily grasped from the outside and the data may be tampered with There is a problem of. Therefore, it can be said that security of data is essential in communication process.

A conventional security method is to communicate with a secret key between a terminal and a server. However, this method creates a risk of exposing the secret key in the process of generating the first secret key and transmitting it to the other party. Another method is asymmetric encryption, in which a terminal and a server each communicate with a pair of a public key and a secret key. Encryption using a public key can be interpreted as a secret key, which improves security. However, since it requires a lot of manipulation to interpret data, it is not suitable for simple small devices.

That is, there is a need for a simple and highly secure security method applicable to data communication between a terminal and a server in the Internet environment of objects.

Korean Patent Publication No. 10-2008-0078555 ("Security Data Transmission and Reception System and Method")

It is an object of the present invention to provide a method for sharing a security key between a terminal and a server, such as a small home appliance, for safe communication in an object internet environment, and a terminal and a server for the same .

In particular, the present invention provides a security key sharing method for establishing a group of predetermined terminals and providing a shared secret key commonly to the terminal groups, thereby enabling a more efficient communication, and a terminal and a server therefor.

A method of sharing a security key between a terminal and a server, the method comprising the steps of: a) transmitting a serial number of the terminal to a server; b) the server retrieves and retrieves a unique password of the terminal from the database of the server using the serial number received from the terminal; c) encrypting the shared secret key for communication with the terminal by the server with the inherent secret key of the corresponding terminal and transmitting the encrypted secret key to the terminal; d) the terminal decrypts the encrypted shared secret key received from the server into the unique secret code stored in the terminal; And e) the server and the terminal communicate using the shared secret key.

At this time, the terminal forms a terminal group with nearby terminals, and the shared secret key may be a common secret key commonly assigned to terminals in the terminal group, or may be a public secret key separately assigned to the shared secret key.

The method further includes: after the step (e), the server changes the public secret key according to the case, encrypts the changed public private key with the unique password of each of the terminals in the terminal group, and transmits the public private key; g) receiving, when the terminal in the terminal group receives the public private key from the server, decrypting the private public key with its own private key and storing the changed public private key; h) communicating in the terminal group communication or in the communication between the terminal group and the server using the public secret key.

According to another aspect of the present invention, there is provided a terminal for sharing a security key for security when communicating with a server, the terminal including a memory permanently storing a serial number and a unique password, the server transmitting the serial number to a server, Upon receiving the shared secret key, the server decrypts the secret key using the unique secret key, and then communicates with the server using the shared secret key.

At this time, the terminal is a terminal without a separate input device, and can automatically transmit the serial number to the server when power is first supplied and the Internet is connected.

In addition, the terminal may be a terminal group with nearby terminals, and the terminal group may be provided with a public secret key commonly used by the server to perform communication between terminals in the terminal group and communication between the server and the terminal group .

According to another aspect of the present invention, there is provided a server for sharing a security key for security when communicating with a terminal, the secret having the same unique password stored in the terminal is stored. When the serial number is received from the terminal, A secret key for communication is encrypted with the unique secret number and transmitted to the terminal, and then the terminal can communicate with the terminal using the shared secret key. have.

At this time, the server transmits the same common secret key to the terminals in the specific terminal group, the public key is encrypted with the unique password of each terminal, and the terminal communicates with the terminal using the public secret key And can communicate with the individual terminal using the shared secret key of the corresponding terminal.

In addition, the server changes the public secret key periodically or non-periodically to improve security, and transmits the encrypted public private key by encrypting the changed public private key with a unique password of each terminal.

Since the conventional symmetric secret key method receives the secret key without encryption at first, there is a great risk that the secret key is exposed in this process. Asymmetric public key / secret key method is excellent in security, but encryption / So that it is not appropriate to be applied to terminals having a simple function.

The present invention solves all of these problems by permanently storing the serial number and the unique password so that the terminal can communicate with the server from the time of manufacturing the terminal. When the power is first connected, And receives the shared secret key and communicates with the server using the shared secret key. This is a very simple method, but has an advantage of excellent security. That is, although the serial number transmitted to the server by the terminal may be exposed to the outside, since the unique password is known only to the server and the terminal, the risk of exposing the shared secret key encrypted with the unique password is very low.

In addition, the server can further improve the security by changing the public secret key as needed, and the modification method also has a simple and safe effect by using the unique password.

1 is a diagram illustrating a security key sharing process according to an embodiment of the present invention.
FIG. 2 is a schematic view showing an entire system according to the security key sharing method of FIG. 1; FIG.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention, and the manner of achieving them, will be apparent from and elucidated with reference to the embodiments described hereinafter in conjunction with the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. To fully disclose the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout the specification.

Unless defined otherwise, all terms (including technical and scientific terms) used herein may be used in a sense commonly understood by one of ordinary skill in the art to which this invention belongs. Also, commonly used predefined terms are not ideally or excessively interpreted unless explicitly defined otherwise.

The terminology used herein is for the purpose of illustrating embodiments and is not intended to be limiting of the present invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. The terms " comprises "and / or" comprising "used in the specification do not exclude the presence or addition of one or more other elements in addition to the stated element.

The present invention relates to a method of sharing a security key between a terminal and a server.

First, a terminal according to the present invention is a home appliance provided to be able to communicate through a wired / wireless network. The wired / wireless network may be various types of wireless communication such as wireless fidelity, Zigbee, Bluetooth, NFC (Near Field Communication) in addition to wired communication.

The home appliances capable of communicating with each other may be any appliances such as a refrigerator, an oven, a washing machine, a vacuum cleaner, a printer, a fax machine, a multifunctional apparatus, a webcam, a television, a video player, a audio player, an intercom, an air conditioner, a heater,

In recent years, communication chips have been miniaturized due to the development of communication technologies and semiconductor technologies. In many cases, these home appliances are in an environment where power can be steadily applied. In many cases, the sizes of devices themselves are larger than those of general mobile devices Therefore, it is becoming a major concern for all electronic companies in the world to incorporate communication functions into household appliances.

In particular, as the concept of Internet of things has emerged, all home appliances are equipped with a communication function to communicate with the server or communicate with home appliances. At this time, the home appliances themselves sense the surrounding environment to transmit and receive data, And so on.

At present, there is a problem in that the security of data transmission and reception is low, so that contents of the data can be easily grasped from the outside and unauthorized modification is possible in many cases.

Furthermore, since the amount of communication data increases sharply as the technology progresses, there is a growing need for a security method that can increase security even in a relatively simple manner.

The present invention provides a simple and highly secure security method applicable to a data transmission / reception process performed in the Internet environment.

FIG. 1 is a diagram illustrating a security key sharing process according to an embodiment of the present invention. FIG. 2 is a schematic block diagram of an overall system according to a security key sharing method of FIG. Hereinafter, the technical idea of the present invention will be described more specifically with reference to the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are included to provide a further understanding of the technical concept of the present invention, are incorporated in and constitute a part of the specification, and are not intended to limit the scope of the present invention.

As shown in FIG. 1, the security key sharing method according to an embodiment of the present invention may include the following steps a to e.

In step a, the terminal 10 transmits its serial number to the server 20 (S100). At this time, the terminal 10 has its own serial number and a unique password permanently stored in the memory. Also, when the power is supplied for the first time and is connected to the server 20 via the network, the server 20 may be set to automatically transmit its serial number to the server 20.

When the server 20 receives the serial number from the terminal 10 in step b, it retrieves the unique password of the corresponding terminal 10 from the database of the server using the received serial number and searches for it (S200).

Next, in step c, the server 20 generates a shared secret key for communicating with the terminal 10, encrypts the generated shared secret key using the unique password of the corresponding terminal 10, and transmits the encrypted secret key to the terminal 10 (S300).

As described above, the unique password is a number permanently stored in the terminal 10, and the same unique password is stored in association with the serial number of the terminal 10 in the database of the server 20 as well. Accordingly, the server 20 encrypts the shared secret key with the unique password of the corresponding terminal 10 and transmits the encrypted secret key to the terminal 10.

In step d, the terminal 10 decrypts the encrypted shared secret key received from the server 20 into a unique password stored in the terminal 10 (S400).

If the shared secret key (security key) is shared between the server 20 and the terminal 10 through the above process, the terminal 10 and the server 20 communicate with each other using the shared secret key (S500). That is, when the terminal 10 receives the encrypted shared secret key from the server 20, the terminal 10 decrypts the secret key using the secret key, and then communicates with the server 20 using the shared secret key.

Since the conventional symmetric secret key method receives the secret key without encryption at first, there is a great risk that the secret key is exposed in this process. Asymmetric public key / secret key method is excellent in security, but encryption / So that it is not appropriate to be applied to terminals having a simple function. However, the present invention is a security key sharing method capable of solving all of these problems. The present invention permanently stores the serial number and the unique password so that the terminal can communicate with the server from the time of manufacturing the terminal, It automatically connects to the server, receives the shared secret key, and communicates with the server using the shared secret key. This is a very simple method, but it is a very good security method. That is, although the serial number transmitted from the terminal in step a may be exposed to the outside, since the unique password is known only to the server and the terminal, the risk of exposing the shared secret key encrypted with the unique password is very low There are advantages.

In particular, the present invention is most suitably applied to a terminal having no input device such as a keyboard or a mouse. For example, if the terminal is an outlet, the outlet periodically or at the request of the server sends its current status (busy / unused) to the server, and if the server determines that the outlet is not being used for a period of time, Power can be shut off. Also, an external user can connect to the server using a communication device, send a specific signal to the server, and request an operation command and an information request command to the terminal according to the signal.

That is, in the case of a terminal having a simple On / Off operation such as a socket or a light, it is possible to securely transmit and receive data by being connected to a server even though an input device is not provided.

1 and 2, the present invention can form a terminal group 100 with surrounding terminals. At this time, the terminal group 100 may be a group of terminals having the same / similar function, or a group of terminals capable of operating in conjunction with each other.

When the terminals belong to the terminal group 100, the shared secret key received from the terminal by the terminal may be a common secret key assigned to the terminal group 100 in common. In addition, a public secret key used for each terminal group 100 may be additionally provided separately from the shared secret key.

That is, the terminal group 100 receives a common secret key commonly used by the server, and encrypts / decrypts the information using the common secret key in communication between terminals in the terminal group and communication between the server and the terminal group.

The server transmits the common public key common to the terminals in the specific terminal group 100, wherein the public private key is encrypted with the unique password of each terminal and transmitted. The server communicates with the terminal group 100 using a common secret key and can communicate with the individual terminal using the shared secret key of the corresponding terminal.

For example, if the terminal group 100 is a collection of lights, each light (terminal) receives a public private key encrypted with a unique password from a server. Therefore, the server can simultaneously control all the lights in the group by encrypting and transmitting the command to turn on / off the light using the public secret key.

Communication between lights in the group can also be made through the public secret key. For example, each illumination knows where the other lights are located and is currently operating, and may be controlled to automatically adjust the brightness between each of the lights according to the external illumination in conjunction with other lights.

On the other hand, the server changes the public secret key periodically or non-periodically to improve security, and encrypts the changed public private key by encrypting it with a unique password of each terminal. The terminal decrypts it and applies the changed public secret key to perform communication thereafter.

That is, as shown in FIG. 1, the method according to an embodiment of the present invention may further include steps f to h for changing the public secret key after step e.

In step f6, the server changes the public private key and encrypts the changed public private key with the unique password of each of the terminals in the terminal group (S600). At this time, the public secret key change may be performed periodically, or may be performed non-periodically according to a user's request.

Next, in step g7, when the terminal in the terminal group receives the public private key from the server, the terminal decrypts the public private key using its own private key to store the changed public private key in step S700. In step h7, In communication, communication is performed using a public secret key (S800).

That is, as described above, the security can be further improved by changing the public secret key as needed, and the changing method is also simple and safe by using the unique password.

It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

10: Terminal
20: Server
100: terminal group

Claims (9)

A method for sharing a security key between a terminal and a server,
a) the terminal transmits its serial number to the server (S100);
b) The server retrieves and searches a unique password of the terminal from the database of the server using the serial number received from the terminal (S200);
c) the server encrypts the shared secret key for communication with the terminal with a unique password of the terminal and transmits the encrypted secret key to the terminal (S300);
d) the terminal decrypts the encrypted shared secret key received from the server into the unique password stored in the terminal (S400); And
e) communicating the server and the terminal using the shared secret key (S500);
And a security key sharing method.
The terminal according to claim 1,
A terminal group and a neighboring terminal group,
Wherein the shared secret key is a public secret key commonly assigned to terminals in the terminal group or a public secret key assigned separately from the shared secret key.
3. The method of claim 2, wherein after step e)
f) if the server changes the public secret key and encrypts the changed public private key with the unique password of each of the terminals in the terminal group (S600);
g) receiving, when the terminal in the terminal group receives the public private key from the server, decrypting the public private key with its own private key and storing the changed public private key (S700); And
h) communicating within the terminal group or during communication between the terminal group and the server using the public secret key (S800);
The method of claim 1, further comprising:
A terminal for sharing a security key for security when communicating with a server,
The serial number and the unique password comprise permanently stored memory,
And transmits the serial number to the server. When receiving the encrypted shared secret key from the server, the server decrypts the encrypted secret key using the unique secret, and then communicates with the server using the shared secret key.
5. The terminal of claim 4,
Wherein the terminal is not provided with an input device, and when the first power is supplied and the Internet is connected, the terminal automatically transmits the serial number to the server.
5. The terminal of claim 4,
A terminal group and a neighboring terminal group,
Wherein the terminal group is provided with a common secret key commonly used by the server to perform communication between terminals in the terminal group and communication between the server and the terminal group.
A server for sharing a security key for security when communicating with a terminal,
A password identical to a unique password stored in the terminal is stored in the database,
The terminal searches for and retrieves a unique password of the terminal in the database using the serial number, encrypts the shared secret key for communication with the unique password, and transmits the encrypted secret key to the terminal, And communicating using the shared secret key.
8. The server according to claim 7,
And transmitting the same common secret key to the terminals in the specific terminal group in common, wherein the public secret key is encrypted with a unique password of each terminal,
Wherein the server communicates with the terminal group using the public secret key and communicates with the terminal using the shared secret key of the corresponding terminal.
9. The server according to claim 8,
Wherein the server changes the public secret key periodically or non-periodically to improve security, and encrypts the changed public private key with a unique password of each terminal for transmission.
KR1020150071577A 2015-05-22 2015-05-22 Method for sharing an encryption key between a server and terminal devices KR101692263B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150071577A KR101692263B1 (en) 2015-05-22 2015-05-22 Method for sharing an encryption key between a server and terminal devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150071577A KR101692263B1 (en) 2015-05-22 2015-05-22 Method for sharing an encryption key between a server and terminal devices

Publications (2)

Publication Number Publication Date
KR20160144027A true KR20160144027A (en) 2016-12-16
KR101692263B1 KR101692263B1 (en) 2017-01-04

Family

ID=57735842

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150071577A KR101692263B1 (en) 2015-05-22 2015-05-22 Method for sharing an encryption key between a server and terminal devices

Country Status (1)

Country Link
KR (1) KR101692263B1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100382880B1 (en) * 2000-12-28 2003-05-09 한컴씨큐어 주식회사 Authentication system and method using one-time password mechanism
KR100643325B1 (en) * 2005-02-18 2006-11-10 삼성전자주식회사 Network and creating method of domain thereof
KR20080078555A (en) 2007-02-23 2008-08-27 (주)코리아센터닷컴 System and method of transmitting/receiving security data
KR20140059457A (en) * 2012-11-08 2014-05-16 현대모비스 주식회사 Telematics system and the information securing method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100382880B1 (en) * 2000-12-28 2003-05-09 한컴씨큐어 주식회사 Authentication system and method using one-time password mechanism
KR100643325B1 (en) * 2005-02-18 2006-11-10 삼성전자주식회사 Network and creating method of domain thereof
KR20080078555A (en) 2007-02-23 2008-08-27 (주)코리아센터닷컴 System and method of transmitting/receiving security data
KR20140059457A (en) * 2012-11-08 2014-05-16 현대모비스 주식회사 Telematics system and the information securing method

Also Published As

Publication number Publication date
KR101692263B1 (en) 2017-01-04

Similar Documents

Publication Publication Date Title
KR101560416B1 (en) Secure channel establishment method and apparatus in short range communication
TWI488463B (en) Gateway, smart home system and smart control method of home appliance thereof
JP2023123584A (en) mesh network commissioning
CN105766016B (en) Method and apparatus for inter-profile debugging in a network
AU2011349820B2 (en) Wireless communication system and method
CN203151535U (en) Intelligent gateway and intelligent household system
US20160143069A1 (en) System and method for multiple wi-fi devices automatically connecting to specified access point
CN105142095B (en) Smart bluetooth group matching method mutually passes control method with interconnection
TW201426675A (en) Intelligent adapter and remote system using the same
TW201409889A (en) Smart home network system and its registration controller and registration method for household electrical device
JP6742412B2 (en) Commissioning device and method for commissioning a new device into a system
EP2974353A1 (en) Wireless light pairing, dimming and control
CN105069875A (en) Electronic key, electronic devices and electronic device networking/pairing method
TWM449417U (en) Smart home network system and its registration controller
KR100978141B1 (en) Wired and wireless integration gateway and operation method thereof
EP3345461B1 (en) Installing and commissioning transceivers coupled to loads
CN108370629B (en) Lighting commissioning system and method of commissioning at least one infrastructure element
US20160337327A1 (en) Method for managing a node association in a wireless personal area communication network
KR102052483B1 (en) Seed code transmission method and system for location-based password service using evolved multimedia broadcast multicast services system in a cellular iot network
WO2016192183A1 (en) Communication method for wi-fi internet of things equipment and wi-fi internet of things system
KR101692263B1 (en) Method for sharing an encryption key between a server and terminal devices
McPherson et al. Using smartphones to enable low-cost secure consumer IoT devices
CN107294822A (en) A kind of intelligent home control system and method
KR101819422B1 (en) Method for managing iot devices in cloud services and apparatus using the same
CN114205822A (en) IoT (Internet of things) equipment and authorization method thereof

Legal Events

Date Code Title Description
AMND Amendment
E601 Decision to refuse application
AMND Amendment
X701 Decision to grant (after re-examination)
GRNT Written decision to grant