KR20170032688A - Device of things, and method, computer program and recording medium applied to the same - Google Patents
Device of things, and method, computer program and recording medium applied to the same Download PDFInfo
- Publication number
- KR20170032688A KR20170032688A KR1020150130338A KR20150130338A KR20170032688A KR 20170032688 A KR20170032688 A KR 20170032688A KR 1020150130338 A KR1020150130338 A KR 1020150130338A KR 20150130338 A KR20150130338 A KR 20150130338A KR 20170032688 A KR20170032688 A KR 20170032688A
- Authority
- KR
- South Korea
- Prior art keywords
- information
- authentication
- connection
- object device
- changed
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Abstract
Description
BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an object device, and an authentication method, a computer program and a recording medium applied to the object device, and more particularly to an object device for enhancing security of each object device connected to the object Internet, Program, and recording medium.
The Internet has been used as a space where humans can share information with producers / consumers of information. In the future, it is expected that the Internet of Things (IoT) will be able to share environmental information about objects, information about objects, and even things around us, such as home appliances and sensors.
In other words, it is expected that the object internet device supporting the IoT (hereinafter referred to as "object device") will increase rapidly in the future.
When IOT enables communication, interaction, and information sharing between people and people, people and objects, objects and objects, intelligent services that enable self-determined intelligence services become possible. Companies can support green IT for cost reduction and further green growth. It can be an infrastructure that can be.
With the coming of the IoT era, communication between objects and objects is expected to be diverse, and smart phones, which are one of the object devices supporting IoT, will be able to connect to object devices supporting IoT such as sensors and home appliances . It has already been realized by commoditizing and controlling object devices in smart windows and boilers in the home network part.
However, there are still security obstacles such as hacking in connection and control of object devices. In case of security leakage in IoT era, severe damage such as invasion of privacy and malfunction of object device will be mass-produced. As a result, It is necessary to solve the security problem.
SUMMARY OF THE INVENTION Accordingly, the present invention has been made to solve the above problems occurring in the prior art, and it is an object of the present invention to provide an object device for automatically changing authentication information for object device authentication without setting a user, And an authentication method, a computer program and a recording medium applied thereto.
The objects of the present invention are not limited to the above-mentioned problems, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.
In order to accomplish the above object, according to a first aspect of the present invention, there is provided a object device, when usage information of an object device is changed by an input of a user or changed to a factor other than the input of the user, A registration request unit for encrypting the request use information and requesting registration of the encrypted registration request use information as authentication information, a connection request unit for directly or indirectly receiving the connection request from the other device, An authentication confirmation unit for requesting input of connection information or connection authentication, and a connection approval unit for approving the connection of the other device according to the authentication of the input connection information or the result of the connection authentication.
Wherein the registration request use information is the same as the entire portion of the registered authentication information or is the same as a part of the registered authentication information, and when proceeding to the authentication of the input access information, The specific usage information extracted from each object device that is the same as the entire part of the information or is the same as a part of the registered authentication information and is proceeded to the connection authentication, And may be the same as a part of each registered authentication information.
When one part is the same between the registration request use information and the registered authentication information, the same part is periodically or non-periodically changed, and when one part is identical between the inputted connection information and the registered authentication information, Periodically or non-periodically, and if a part of the specific usage information and each registered authentication information are identical, the same part can be changed periodically or non-periodically.
At least one of the registration request unit, the authentication confirmation unit, and the connection approval unit may encrypt the public key using a decryption key having a predetermined number of digits.
And may further include a connection request and control unit for requesting connection to any other object to be controlled and for controlling the other object devices after the connection is approved.
According to a second aspect of the present invention, there is provided an authentication method comprising: when a usage information of an object device is changed by an input of a user or a factor other than an input of the user, Encrypting the use information and requesting the encrypted registration request use information to be registered as the authentication information, receiving the access request directly or indirectly from the other device, and transmitting the access information corresponding to the authentication information registered in response to the received access request Requesting input or connection authentication, and approving connection of the other device according to the authentication of the input connection information or the result of the connection authentication.
According to a third aspect of the present invention, a computer program according to the third aspect of the present invention is combined with an object device, and when the use information of the object device is changed by a user's input, Encrypting registration request use information including usage information, requesting registration of the encrypted registration request use information as authentication information, receiving a connection request directly or indirectly from a third party device, receiving authentication information registered in response to the received connection request, And a step of accepting connection of the other device according to a result of the authentication of the connection information or the input of the connection information.
The computer-readable recording medium according to the fourth aspect of the present invention for achieving the above object is a computer-readable recording medium according to the fourth aspect of the present invention that when executed by a matter device, use information of a matter device is changed by a user's input, Encrypting registration request usage information including the changed usage information, requesting registration of the encrypted registration request usage information as authentication information, receiving a connection request directly or indirectly from the other device, A step of requesting input of connection information or connection authentication corresponding to the registered authentication information and accepting connection of the other device according to the result of the authentication of the input connection information or the result of the connection authentication .
According to a fifth aspect of the present invention, there is provided an authentication method, comprising: when usage information of one of a plurality of object devices is changed by a user input or is changed to a factor other than the user input, Comprising: receiving encrypted registration request use information including changed usage information from a object device from a communication network; registering authentication information of the object device through the encrypted registration request use information; The method comprising: receiving a connection authentication request for a second object device directly or indirectly from a first object device; receiving an authentication result executed based on each authentication information registered in advance for the first object device and the second object device; The connection relationship between the first object device and the second object device Registered comprises the step and outputting the connection authentication result to generate a connection authentication result by using the connection permission information.
Therefore, in the present invention, when the usage information of the object device is changed, authentication information for authentication of the object device is automatically changed without setting the user, thereby enhancing the security of the object device on the object Internet.
The effects of the present invention are not limited to the effects mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the description of the claims.
1 is a block diagram illustrating an object device according to an embodiment of the present invention.
FIG. 2 is a block diagram showing the usage history stored in the object device of FIG. 1. FIG.
FIG. 3 is an exemplary diagram showing an example of use of FIG. 2; FIG.
FIG. 4 is an exemplary view showing the usage history example of FIG. 3 in more detail.
Fig. 5 is an exemplary diagram showing another example of the usage history of Fig. 2. Fig.
FIG. 6 is an exemplary diagram showing the usage history example of FIG. 5 more specifically.
FIG. 7 is a diagram illustrating an example of a menu screen for user selection among the usage histories of FIG. 2. FIG.
FIG. 8 is an exemplary diagram showing another example of the use history of FIG. 2. FIG.
9 is a block diagram illustrating an object device according to another embodiment of the present invention.
10 is a configuration diagram showing an example of a communication configuration between object devices according to the present invention.
FIG. 11 is a configuration diagram showing an example of a configuration at the time of hacking to the first object device of FIG. 10; FIG.
FIG. 12 is a configuration diagram showing an example of changing the authentication information for the first object device of FIG. 10; FIG.
13 is a configuration diagram showing another example of the communication configuration between object devices of the present invention.
FIG. 14 is a configuration diagram showing an example of a configuration at the time of hacking for the first object device of FIG. 13; FIG.
FIG. 15 is a configuration diagram showing an example of authentication information change for each object device in FIG. 13; FIG.
16 is a block diagram showing another example of the communication configuration between object devices of the present invention.
17 is a configuration diagram showing an authentication system according to an embodiment of the present invention.
18 is a configuration diagram showing an authentication system according to another embodiment of the present invention.
19 is a configuration diagram showing an authentication system according to another embodiment of the present invention.
20 is a configuration diagram showing an authentication system according to another embodiment of the present invention.
FIG. 21 is a flowchart showing an example of a process of authenticating an object device of the present invention.
22 is a flowchart showing an example of the authentication process performed by the authentication server of the present invention.
BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention and the manner of achieving them will become apparent with reference to the embodiments described in detail below with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. To fully disclose the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout the specification.
Further, the embodiments described herein will be described with reference to cross-sectional views and / or schematic drawings that are ideal illustrations of the present invention. Thus, the shape of the illustrations may be modified by manufacturing techniques and / or tolerances. In addition, in the drawings of the present invention, each component may be somewhat enlarged or reduced in view of convenience of explanation.
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.
1 is a block diagram illustrating an object device according to an embodiment of the present invention.
Referring to FIG. 1, the
The
Here, the
Further, the usage information of the
The
Specifically, it is possible to utilize only the changed usage information as the registration request usage information, but it is also possible to use the changed usage information and the existing usage information as the registration request usage information.
Also, the registration request use information may be the same as the entire portion of the registered authentication information, or may be the same as a part of the registered authentication information.
Here, the same parts of the registration request use information and the registered authentication information mean that the registration request use information is directly used as authentication information. For example, when the registration request use information is 'ABCDE', the registered authentication information also becomes 'ABCDE'. In this case, each alphabet of 'ABCDE' means usage information of the
In addition, the fact that the registration request use information is the same as a part of the registered authentication information means that only some information is consistent between the registration request use information and the authentication information. This is to prepare for security exposure due to hacking during information transmission. When only registration information 'ABC' is transmitted rather than all information for registering as authentication information, ABCDE 'as the final authentication information by combining the received registration request use information' ABC 'and the existing registration details' CD' according to the determined authentication information registration algorithm.
That is, if only 'A' is the changed usage information and 'BC' is the existing usage information among the registration request usage information 'ABC', the authentication server extracts the third and fourth existing usage information 'CD' Accordingly, 'ABCDE' can be finally registered as final authentication information as described above.
When receiving the connection request directly or indirectly from the other device, the
When the
For example, the
When the
The fact that the authentication information automatically input from the other device is the same in all the pieces of authentication information already registered means that the authentication information registered and stored in the other device is input as the access information as it is. For example, when the registered authentication information is 'ABCDE', the access information is also 'ABCDE'.
On the other hand, the fact that the access information automatically input from the other device is the same as a part of the already registered authentication information is intended to further prevent exposure to the risk of hacking during information transmission, In the case where only the 'CDE', which is a part of the authentication information, is transmitted, the object device which has received the 'CDE' as the connection information does not transmit the existing registration details' ABCDE ', which is the comparison information of the comparison target, to be compared with the registered authentication information by combining' ABE 'and' CDE 'which is the access information received this time.
Also, the connection information provided by the
On the other hand, when the
When the
In addition, in the pre-authentication process, the other device also extracts specific use information of a predetermined reference from the entire usage information that is being stored in advance, encrypts the extracted specific use information, To the authentication server. The authentication server decrypts the encrypted authentication use information provided from the other device, compares the decrypted authentication use information with the registered authentication information, and determines whether the other device has a legitimate access right Authentication.
In such a pre-authentication process, the specific usage information extracted from each object device may be the same as the entire portion of each authentication information registered in advance, or may be the same as a part of each registered authentication information. Here, the extracted specific use information and all of the registered authentication information are the same, which means that the specific usage information is extracted in the same manner as the registered authentication information. For example, if the registered authentication information is 'ABCDE', the specific usage information extracted also becomes 'ABCDE'.
In addition, the fact that the extracted specific use information is the same as a part of the registered authentication information means that only some information coincides between the extracted specific use information and the authentication information. Also, in order to better prepare for exposure to the risk of hacking during information transmission, when the specific use information transmits only CDE, which is not part of all information to be compared with the authentication information, the registered authentication information It is possible to complete 'ABCDE' which is the final specific usage information of the comparison object to be compared with the registered authentication information by combining the specific usage information 'CDE' transmitted in accordance with the predetermined authentication execution algorithm and the existing registration details 'AB' have.
The specific usage information extracted in the authentication execution process and the registration request usage information of the registration process may be different from each other as described above. Of course, it is also possible to set the specific use information extracted in the authentication execution process and the registration request use information of the registration process to be the same.
The
In addition, it is preferable that the authentication information registration request of the
The
For example, the periodic change of the
An example of the non-periodic change of the
If one part of the access information input from the other device is the same as the registered authentication information, the same part of the mutual information can be changed periodically or non-periodically.
Periodically changing the same part of the connection information and the authentication information may be performed by combining at least one of date, parking and time according to the logic pre-programmed to the object device and the other device, And it is possible to change a part already specified. The method of combining at least one of the above-described date, parking, and time is merely an example, and various methods for specifying the same intersection portion between other information can be applied.
Non-periodically changing the same part of the connection information and the authentication information is performed when a non-periodic input of a non-periodic input of a non-periodic input of a non-periodic input to a
When the access authentication to the
The periodic change to the same part of the specific use information and the recognition information is performed by combining at least one of the date, the parking, and the time according to the pre-programmed logic, It is possible to do. As a more specific example, when the same part extracted between the specific usage information extracted from the 2015.09.14 and the registered authentication information is divided into the even-numbered day and the odd numbered day, and the 14th day corresponds to the even-numbered day, The same part can be specified from the first digit to the second digit of the authentication information in which the same part is registered.
An example of an aperiodic change to the same part of the use information and the authorization information is that the
The
For example, at least one of the
The public key cryptosystem can easily obtain the product m (= pq) of two prime numbers (p and q) given two prime numbers (a natural number that can not be separated by a natural number other than 1 and its number itself) It is a method that draws from the fact that it is difficult to know which m is a product of two prime numbers when a m is given. In other words, the public key system is provided with a device such as a so-called trapdoor in which anyone can easily enter in one direction but can not come back except for a specific user.
When you expose the m product of two prime numbers, you can use a prime number with two prime numbers p and q, respectively, of 100 or more digits. For example, m may be:
m = 114381625757888867669235779976146612010218296721242362562561842 935706935245733897830597123563958705058989075147599290026879543541
The two prime factors p and q of the top m obtained by the factorization algorithm are as follows.
p = 3490529510847650949147849619903898133417764638493387843990820577
q = 32769132993266709549961988190834461413177642967992942539798288533
Even if two prime factors p and q of the top m are obtained by using the factorization algorithm, it takes time to derive the resultant value. This requires absolute computation processing time even if the factorization algorithm is continuously improved.
Thus, the public key cryptosystem is preferably encrypted with prime numbers greater than the two prime factors p, q mentioned above. That is, the public key cryptosystem is a method that requires a minimum time (for example, several days) to decrypt even if it is exposed to a hacking program.
The
That is, when the use information of the
FIG. 2 is a block diagram showing the usage history stored in the object device of FIG. 1. FIG.
As shown in FIG. 2, the
FIG. 3 is an exemplary view showing the use details of FIG. 2 by way of example, and FIG. 4 is an exemplary view showing an example of usage details of FIG. 3 in more detail.
As shown in FIG. 3, the first usage information, the second usage information, the third usage information, and the Nth usage information may be arranged in a time series order. When the
The usage information shown in FIG. 3 is a time-series arrangement in which the recent usage details are arranged below and the past usage details are arranged above, unlike in FIG. When the
When the usage information of the
FIG. 5 is an exemplary diagram showing another example of the use history of FIG. 2, and FIG. 6 is an exemplary diagram showing a more detailed example of the use history of FIG.
5, when the
For example, when the registration request use information is set to three pieces of usage information, the first usage information of the first group is used as the usage information of the registration request use information, the first use information of the second group is used as the usage information of the registration request use information 2) Usage information and first use information of the third group can be extracted as usage information of the registration request use information.
As shown in FIG. 6, the first group may be a 'call history', and the wife may be called for 2 minutes at 2:31 pm on June 5, 2018, the latest call history of the 'call history' Quot; use " information as " usage information " of the registration request use information.
The second group may be a 'message history', and the use information of 'receiving the e-mail message from' 8: 3 am or ' ② It can be extracted as usage information of usage information.
The third group mentioned above may be 'other execution details', and the most recent message history of 'other execution details' from 9:02 am to 2015.07.28 am to 9:16 am News viewing 'usage information as the usage information of the registration request use information.
FIG. 7 is a diagram illustrating an example of a menu screen for user selection among the usage histories of FIG. 2. FIG.
As shown in FIG. 7, when the
That is, in the selection menu P, the user selects 'wife' from the 'user selection' menu, selects 'phone call, B message and E message' from the 'application or function menu' You can select 'Outgoing or incoming' from the 'Select Time' menu.
In this case, whenever the usage information of the
FIG. 8 is an exemplary diagram showing another example of the use history of FIG. 2. FIG.
The usage information shown in Figs. 4 to 7 is an example of a case where the
The smart window device (10), which is the registration request use information, includes information on (1) usage information of the latest three pieces of usage information '2015.08.29.120:26 pm on the second window automatic closing according to the first user command'; 29. 17:11 pm ② Use information on 'switching to air cleaning mode according to the second user command', and ③ Information on 'less than 70% detection of indoor air pollution rate at 17:13 pm on 2015.08.29 And can request registration as authentication information.
When the use information of the
9 is a block diagram illustrating an object device according to another embodiment of the present invention.
9, the
That is, the
Further, the
10 is a configuration diagram showing an example of a communication configuration between object devices according to the present invention.
10, in the case of the P2P connection of the
The second object device (e.g., washing machine) 40 encrypts the registration request use information including the changed usage information when the usage information of the
The first object device (e.g., the smartphone) 30 responds to the authentication information registration request of the second object device (e.g., washing machine 40) based on the details of the subscribed contents and transmits the registration result as the response result to the second object device For example, a washing machine, 40), thereby completing the registration of the authentication information (2).
Thereafter, when the first object device (e.g. smart phone 30) makes a connection request for controlling the second object device (e.g., washing machine 40) to the second object device (e.g., washing machine 40) And requests input of a connection number to the object device (e.g., washing machine, 40) (3).
On the other hand, the first object device (e.g., the smartphone 30) extracts the authentication information as the connection information corresponding to the registered authentication information and stores it in the second object device For example, a washing machine, 40) (④).
The second object device (e.g., washing machine) 40 extracts the specific use information corresponding to the registered authentication information generated in the registration step, compares the extracted specific use information with the access information inputted in step (4) (E.g., smart phone 30) through the first device (e.g.
The second object device (e.g., the washing machine) 40 transmits the approval result generated in step 5 to the first object device (e.g., the smartphone 30) (For example, washing machine) 40 (step S6).
FIG. 11 is a configuration diagram showing an example of a configuration at the time of hacking to the first object device of FIG. 10; FIG.
11, when a hacking device tries to connect to a first object device (e.g., smartphone 30) (1), the first object device (e.g., smartphone 30) And requests input of a connection number to the hacking device 50 as in the object device (for example, the washing machine 40) (2).
When a valid access number is not input from the hacking device 50 or exceeds the input time, the first object device (e.g., the smartphone 30) rejects the access of the hacking device 50 or accesses the hacking device 50 (3).
FIG. 12 is a configuration diagram showing an example of changing the authentication information for the first object device of FIG. 10; FIG.
As described above, the second object device (e.g., washing machine) 40 registers the usage information of the second object device (e.g., washing machine 40) in the first object device (e.g., smartphone 30). On the other hand, the first object device (e.g., the smartphone 30) registers the usage information of the first object device (e.g., the smartphone 30) to the
That is, a first object device (e.g., a smartphone) 30 and a second object device (e.g., a washing machine) 40 are connected by P2P, and the authentication of the first object device ). ≪ / RTI > Thus, the
At this time, the first object device (e.g., the smartphone 30) not only registers the authentication information every time the use information of the first object device (e.g. smart phone 30) is changed, (E.g., smart phone 30), change of the usage information of the first object device (e.g., smart phone 30), or information that can be combined on the basis of these, It is also possible to change from time to time.
Here, the screen information includes arrangement information, notification detail information, background image, or information that can be combined based on at least one application of a specific screen.
The specific screen of the first object device (e.g., smart phone 30) may be a screen that is mainly used by the user at the time of using the first object device (e.g., smartphone 30) And a background screen which is a main operation screen where various applications are located.
13 is a configuration diagram showing another example of the communication configuration between object devices of the present invention.
13, the first object device (e.g., a smart phone) 70 and the second object device (e.g., the washing machine, 80) all use the changed usage information to the
Then, when the first object device (e.g. smart phone) 70 makes a connection request to control the second object device (e.g., washing machine 80) to the second object device (e.g., washing machine 80) , And requests input of a connection number to the second object device (e.g., washing machine 80) (2).
The first object device (e.g., a smartphone) 70 connects to the
On the other hand, the
Then, the second object device (e.g., washing machine) 80 approves the connection request of the first object device (e.g., smartphone) 70 through the result input in step (4) (step 5).
The second object device (e.g., washing machine) 80 transmits the approval result generated in step 5) to the first object device (e.g., the smartphone 70) (For example, washing machine) 80 (step S6).
FIG. 14 is a configuration diagram showing an example of a configuration at the time of hacking for the first object device of FIG. 13; FIG.
14, when the hacking device 90-1 attempts to access the first object device (e.g., smart phone 70) (①), the first object device (e.g., smartphone 70) (2) as in the case of the second object device (for example, the washing machine 80) described above, to input the connection number to the hacking device 90-1.
If a valid access number is not input from the hacking device 90-1 or the input time is exceeded, the first object device (e.g., smartphone 70) rejects the connection of the hacking device 90-1 or the hacking device 90-1 90-1) ((3)).
FIG. 15 is a configuration diagram showing an example of authentication information change for each object device in FIG. 13; FIG.
The first 1-1
16 is a block diagram showing another example of the communication configuration between object devices of the present invention.
As shown in FIG. 16, the first object device (e.g., smartphone 100) and the second object device (e.g., washing machine 120) all use the changed usage information to the
Then, the first object device (e.g., smartphone 100) accesses the
The
Thereafter, the
Then, the
The
Then, the second object device (e.g., washing machine) 120 approves the connection request of the first object device (e.g., smartphone 100) through the result input in (6) (step (7)).
The second object device (e.g., washing machine) 120 transmits the approval result generated in step (7) to the first object device (e.g., the smartphone 100) via the
17 is a configuration diagram showing an authentication system according to an embodiment of the present invention.
In the authentication system shown in Fig. 17, when a first object device (e.g., smartphone, 200) requests a connection to a second object device (e.g., washing machine 210), the authentication concept shown in Figs. Or it is possible to apply the authentication concept shown in Figs. 13 to 15.
18 is a configuration diagram showing an authentication system according to another embodiment of the present invention.
In the authentication system shown in Fig. 18, when a first object device (e.g., smartphone 300) requests a connection to a second object device (e.g., home hub router 310) It is possible to apply the concept, or the authentication concept shown in Figs. 13 to 15.
19 is a configuration diagram showing an authentication system according to another embodiment of the present invention.
In the authentication system shown in Fig. 19, when a first object device (e.g., a smartphone, 400) requests access to a second object device (e.g., washing machine) 420 as an intermediary of the service server 410, It is possible to apply the authentication concept shown in Fig. 12, or the authentication concept shown in Figs. 13 to 15, or the authentication concept shown in Fig.
20 is a configuration diagram showing an authentication system according to another embodiment of the present invention.
In the authentication system shown in Fig. 20, when a first object device (e.g., a smartphone 500) requests access to a second object device (e.g., home hub router 520) as an intermediary of the
FIG. 21 is a flowchart showing an example of a process of authenticating an object device according to the present invention.
As shown in Fig. 21, when the use information of the
Thereafter, when the
The
If the connection approval is made in step S106 (S108), the
If the connection is not possible in step S106 (S106-1), the
Thereafter, when the authentication process of the
Each step of this authentication process may be implemented as a computer program stored on a recording medium in combination with the
22 is a flowchart showing an example of the authentication process performed by the authentication server of the present invention.
As shown in FIG. 22, the
Thereafter, in accordance with the registration request received in step S200, authentication information is registered (S202). Here, registration is a concept that includes registration of the first authentication information or updating of already registered authentication information.
Then, the
Thereafter, the
Thereafter, when the authentication service is terminated, the execution of the steps is also terminated (S210).
While the present invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, It will be understood. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive.
Also, the present invention provides an object device for automatically changing authentication information for authenticating an object device without setting a user when the use information of the object device is changed, and an authentication method, a computer program and a recording medium applied thereto It is not only a possibility of commercialization or sales, but also an invention that is industrially applicable since it is practically possible to carry out clearly.
10, 20:
12, 22:
24: connection request and
40, 80, 120, 210, 310, 420, 520:
50, 90-1: Hacking
110, 410, 510: service server
Claims (9)
An authentication confirmation unit for receiving a connection request directly or indirectly from a counterpart device and requesting input of connection information or connection authentication corresponding to the registered authentication information in response to the received connection request; And
And a connection admission unit for accepting connection of the other device according to the authentication of the input connection information or the result of the connection authentication.
Wherein the registration request use information is the same as the entire portion of the registered authentication information or is the same as a part of the registered authentication information, and when proceeding to the authentication of the input access information, The specific usage information extracted from each object device that is the same as the entire part of the information or is the same as a part of the registered authentication information and is proceeded to the connection authentication, And a part of each registered authentication information.
If one part is identical between the registration request use information and the registered authentication information, the same part is changed periodically or non-periodically,
If one part is identical between the input connection information and the registered authentication information, the same part is changed periodically or non-periodically,
Wherein if one part of the specific use information is identical to the registered authentication information, the same part is periodically or non-periodically changed.
Wherein at least one of the registration request unit, the authentication confirmation unit, and the connection approval unit encrypts the public key using a public key cryptosystem using prime numbers greater than a predetermined number of digits.
Further comprising a connection request and control section for requesting connection to any other object device to be controlled and for controlling the other object device after connection approval.
Receiving a connection request directly or indirectly from a counterpart device and requesting input of connection information or connection authentication corresponding to the registered authentication information in response to the received connection request; And
And accepting connection of the other device according to the authentication of the input connection information or the result of the connection authentication.
Receiving a connection request directly or indirectly from a counterpart device and requesting input of connection information or connection authentication corresponding to the registered authentication information in response to the received connection request; And
And accepting connection of the other device according to the authentication of the input connection information or the result of the connection authentication.
Receiving a connection request directly or indirectly from a counterpart device and requesting input of connection information or connection authentication corresponding to the registered authentication information in response to the received connection request; And
And accepting connection of the other device according to the authentication of the input connection information or the result of the connection authentication.
Registering the authentication information of the object device through the encrypted registration request use information;
Receiving a connection authentication request for a second object device directly or indirectly from a first object device among the plurality of object devices;
And an authentication result that is executed based on each of the authentication information registered in advance for the first object device and the second object device and connection authorization information that is registered in advance for the connection relationship between the first object device and the second object device Generating a connection authentication result using the authentication result; And
And outputting the connection authentication result.
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150130338A KR20170032688A (en) | 2015-09-15 | 2015-09-15 | Device of things, and method, computer program and recording medium applied to the same |
PCT/KR2016/008296 WO2017018829A1 (en) | 2015-07-28 | 2016-07-28 | Authentication device and method, and computer program and recording medium applied thereto |
US15/747,768 US20180212957A1 (en) | 2015-07-28 | 2016-07-28 | Apparatus and method for authentication, and computer program and recording medium applied to the same |
CN201680055857.0A CN108604269A (en) | 2015-07-28 | 2016-07-28 | For the device and method of certification, and it is applied to identical computer program and recording medium |
JP2018525330A JP2018530084A (en) | 2015-07-28 | 2016-07-28 | Authentication device, authentication method, and computer program and recording medium applied thereto |
US17/033,976 US20210073368A1 (en) | 2015-07-28 | 2020-09-28 | Apparatus and method for authentication, and computer program and recording medium applied to the same |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150130338A KR20170032688A (en) | 2015-09-15 | 2015-09-15 | Device of things, and method, computer program and recording medium applied to the same |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020170130261A Division KR20170117356A (en) | 2017-10-11 | 2017-10-11 | Device of things, and method, computer program and recording medium applied to the same |
KR1020190124917A Division KR20190117460A (en) | 2019-10-08 | 2019-10-08 | Device of things, and method, computer program and recording medium applied to the same |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20170032688A true KR20170032688A (en) | 2017-03-23 |
Family
ID=58496280
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150130338A KR20170032688A (en) | 2015-07-28 | 2015-09-15 | Device of things, and method, computer program and recording medium applied to the same |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20170032688A (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101392868B1 (en) | 2012-07-11 | 2014-05-09 | 전자부품연구원 | Method for Providing Internet of Things Service |
-
2015
- 2015-09-15 KR KR1020150130338A patent/KR20170032688A/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101392868B1 (en) | 2012-07-11 | 2014-05-09 | 전자부품연구원 | Method for Providing Internet of Things Service |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10666642B2 (en) | System and method for service assisted mobile pairing of password-less computer login | |
US20210073368A1 (en) | Apparatus and method for authentication, and computer program and recording medium applied to the same | |
EP3090520B1 (en) | System and method for securing machine-to-machine communications | |
US9338164B1 (en) | Two-way authentication using two-dimensional codes | |
CN104063650B (en) | A kind of key storage device and using method thereof | |
US11848926B2 (en) | Network authentication | |
US11652640B2 (en) | Systems and methods for out-of-band authenticity verification of mobile applications | |
KR20210134212A (en) | systems and methods for data access control using a short-range transceiver | |
US20140013116A1 (en) | Apparatus and method for performing over-the-air identity provisioning | |
CN109150899B (en) | Mobile communication method and system for Internet of things | |
CN105763517A (en) | Router security access and control method and system | |
KR100651717B1 (en) | Method and home network system for authentication between remote terminal and home network using smart card | |
KR101317342B1 (en) | Mobile Terminal Interlocking Resource, Method for Interlocking Resource in Mobile Terminal, and between Web Server and Terminal | |
JP3994657B2 (en) | Service provision system | |
KR102219018B1 (en) | Blockchain based data transmission method in internet of things | |
KR102363981B1 (en) | Device of things, and method, computer program and recording medium applied to the same | |
US20190379655A1 (en) | Data communication system | |
KR20170117356A (en) | Device of things, and method, computer program and recording medium applied to the same | |
CN102264069A (en) | Authentication control method, device and system based on universal guide architecture | |
KR20170032688A (en) | Device of things, and method, computer program and recording medium applied to the same | |
KR20200068640A (en) | Device of things, and method, computer program and recording medium applied to the same | |
US10798572B2 (en) | System and method for secure appliance operation | |
KR20190117460A (en) | Device of things, and method, computer program and recording medium applied to the same | |
CN110166452B (en) | Access control method and system based on JavaCard shared interface | |
KR101725939B1 (en) | User authentication method and system performing the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
N231 | Notification of change of applicant | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application | ||
A107 | Divisional application of patent |