KR20170032688A - Device of things, and method, computer program and recording medium applied to the same - Google Patents

Device of things, and method, computer program and recording medium applied to the same Download PDF

Info

Publication number
KR20170032688A
KR20170032688A KR1020150130338A KR20150130338A KR20170032688A KR 20170032688 A KR20170032688 A KR 20170032688A KR 1020150130338 A KR1020150130338 A KR 1020150130338A KR 20150130338 A KR20150130338 A KR 20150130338A KR 20170032688 A KR20170032688 A KR 20170032688A
Authority
KR
South Korea
Prior art keywords
information
authentication
connection
object device
changed
Prior art date
Application number
KR1020150130338A
Other languages
Korean (ko)
Inventor
이태완
Original Assignee
주식회사 마스터비디
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 마스터비디 filed Critical 주식회사 마스터비디
Priority to KR1020150130338A priority Critical patent/KR20170032688A/en
Priority to PCT/KR2016/008296 priority patent/WO2017018829A1/en
Priority to US15/747,768 priority patent/US20180212957A1/en
Priority to CN201680055857.0A priority patent/CN108604269A/en
Priority to JP2018525330A priority patent/JP2018530084A/en
Publication of KR20170032688A publication Critical patent/KR20170032688A/en
Priority to US17/033,976 priority patent/US20210073368A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Abstract

Disclosed are an authentication device and method, and a computer program and a recording medium applied thereto. An authentication device according to the present invention includes: a registration request unit for, when screen information displayed on a specific screen of a user device is changed by a user input or changed by a factor other than the user input, encrypting the changed screen information and requesting registration of the encrypted changed screen information as authentication information; an authentication confirmation unit for receiving an authentication confirmation request from a communication network connected with the user device; and an authentication performing unit for extracting the screen information displayed on the specific screen according to a determination on whether to grant authentication for the authentication confirmation request, encrypting the extracted screen information, and then transmitting the encrypted authentication screen information to the communication network as a response to the authentication confirmation request.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an object device and an authentication method, a computer program, and a recording medium applied to the object device,

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an object device, and an authentication method, a computer program and a recording medium applied to the object device, and more particularly to an object device for enhancing security of each object device connected to the object Internet, Program, and recording medium.

The Internet has been used as a space where humans can share information with producers / consumers of information. In the future, it is expected that the Internet of Things (IoT) will be able to share environmental information about objects, information about objects, and even things around us, such as home appliances and sensors.

In other words, it is expected that the object internet device supporting the IoT (hereinafter referred to as "object device") will increase rapidly in the future.

When IOT enables communication, interaction, and information sharing between people and people, people and objects, objects and objects, intelligent services that enable self-determined intelligence services become possible. Companies can support green IT for cost reduction and further green growth. It can be an infrastructure that can be.

With the coming of the IoT era, communication between objects and objects is expected to be diverse, and smart phones, which are one of the object devices supporting IoT, will be able to connect to object devices supporting IoT such as sensors and home appliances . It has already been realized by commoditizing and controlling object devices in smart windows and boilers in the home network part.

However, there are still security obstacles such as hacking in connection and control of object devices. In case of security leakage in IoT era, severe damage such as invasion of privacy and malfunction of object device will be mass-produced. As a result, It is necessary to solve the security problem.

Korean Patent Registration No. 1392868 (Apr.

SUMMARY OF THE INVENTION Accordingly, the present invention has been made to solve the above problems occurring in the prior art, and it is an object of the present invention to provide an object device for automatically changing authentication information for object device authentication without setting a user, And an authentication method, a computer program and a recording medium applied thereto.

The objects of the present invention are not limited to the above-mentioned problems, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.

In order to accomplish the above object, according to a first aspect of the present invention, there is provided a object device, when usage information of an object device is changed by an input of a user or changed to a factor other than the input of the user, A registration request unit for encrypting the request use information and requesting registration of the encrypted registration request use information as authentication information, a connection request unit for directly or indirectly receiving the connection request from the other device, An authentication confirmation unit for requesting input of connection information or connection authentication, and a connection approval unit for approving the connection of the other device according to the authentication of the input connection information or the result of the connection authentication.

Wherein the registration request use information is the same as the entire portion of the registered authentication information or is the same as a part of the registered authentication information, and when proceeding to the authentication of the input access information, The specific usage information extracted from each object device that is the same as the entire part of the information or is the same as a part of the registered authentication information and is proceeded to the connection authentication, And may be the same as a part of each registered authentication information.

When one part is the same between the registration request use information and the registered authentication information, the same part is periodically or non-periodically changed, and when one part is identical between the inputted connection information and the registered authentication information, Periodically or non-periodically, and if a part of the specific usage information and each registered authentication information are identical, the same part can be changed periodically or non-periodically.

At least one of the registration request unit, the authentication confirmation unit, and the connection approval unit may encrypt the public key using a decryption key having a predetermined number of digits.

And may further include a connection request and control unit for requesting connection to any other object to be controlled and for controlling the other object devices after the connection is approved.

According to a second aspect of the present invention, there is provided an authentication method comprising: when a usage information of an object device is changed by an input of a user or a factor other than an input of the user, Encrypting the use information and requesting the encrypted registration request use information to be registered as the authentication information, receiving the access request directly or indirectly from the other device, and transmitting the access information corresponding to the authentication information registered in response to the received access request Requesting input or connection authentication, and approving connection of the other device according to the authentication of the input connection information or the result of the connection authentication.

According to a third aspect of the present invention, a computer program according to the third aspect of the present invention is combined with an object device, and when the use information of the object device is changed by a user's input, Encrypting registration request use information including usage information, requesting registration of the encrypted registration request use information as authentication information, receiving a connection request directly or indirectly from a third party device, receiving authentication information registered in response to the received connection request, And a step of accepting connection of the other device according to a result of the authentication of the connection information or the input of the connection information.

The computer-readable recording medium according to the fourth aspect of the present invention for achieving the above object is a computer-readable recording medium according to the fourth aspect of the present invention that when executed by a matter device, use information of a matter device is changed by a user's input, Encrypting registration request usage information including the changed usage information, requesting registration of the encrypted registration request usage information as authentication information, receiving a connection request directly or indirectly from the other device, A step of requesting input of connection information or connection authentication corresponding to the registered authentication information and accepting connection of the other device according to the result of the authentication of the input connection information or the result of the connection authentication .

According to a fifth aspect of the present invention, there is provided an authentication method, comprising: when usage information of one of a plurality of object devices is changed by a user input or is changed to a factor other than the user input, Comprising: receiving encrypted registration request use information including changed usage information from a object device from a communication network; registering authentication information of the object device through the encrypted registration request use information; The method comprising: receiving a connection authentication request for a second object device directly or indirectly from a first object device; receiving an authentication result executed based on each authentication information registered in advance for the first object device and the second object device; The connection relationship between the first object device and the second object device Registered comprises the step and outputting the connection authentication result to generate a connection authentication result by using the connection permission information.

Therefore, in the present invention, when the usage information of the object device is changed, authentication information for authentication of the object device is automatically changed without setting the user, thereby enhancing the security of the object device on the object Internet.

The effects of the present invention are not limited to the effects mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the description of the claims.

1 is a block diagram illustrating an object device according to an embodiment of the present invention.
FIG. 2 is a block diagram showing the usage history stored in the object device of FIG. 1. FIG.
FIG. 3 is an exemplary diagram showing an example of use of FIG. 2; FIG.
FIG. 4 is an exemplary view showing the usage history example of FIG. 3 in more detail.
Fig. 5 is an exemplary diagram showing another example of the usage history of Fig. 2. Fig.
FIG. 6 is an exemplary diagram showing the usage history example of FIG. 5 more specifically.
FIG. 7 is a diagram illustrating an example of a menu screen for user selection among the usage histories of FIG. 2. FIG.
FIG. 8 is an exemplary diagram showing another example of the use history of FIG. 2. FIG.
9 is a block diagram illustrating an object device according to another embodiment of the present invention.
10 is a configuration diagram showing an example of a communication configuration between object devices according to the present invention.
FIG. 11 is a configuration diagram showing an example of a configuration at the time of hacking to the first object device of FIG. 10; FIG.
FIG. 12 is a configuration diagram showing an example of changing the authentication information for the first object device of FIG. 10; FIG.
13 is a configuration diagram showing another example of the communication configuration between object devices of the present invention.
FIG. 14 is a configuration diagram showing an example of a configuration at the time of hacking for the first object device of FIG. 13; FIG.
FIG. 15 is a configuration diagram showing an example of authentication information change for each object device in FIG. 13; FIG.
16 is a block diagram showing another example of the communication configuration between object devices of the present invention.
17 is a configuration diagram showing an authentication system according to an embodiment of the present invention.
18 is a configuration diagram showing an authentication system according to another embodiment of the present invention.
19 is a configuration diagram showing an authentication system according to another embodiment of the present invention.
20 is a configuration diagram showing an authentication system according to another embodiment of the present invention.
FIG. 21 is a flowchart showing an example of a process of authenticating an object device of the present invention.
22 is a flowchart showing an example of the authentication process performed by the authentication server of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention and the manner of achieving them will become apparent with reference to the embodiments described in detail below with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. To fully disclose the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout the specification.

Further, the embodiments described herein will be described with reference to cross-sectional views and / or schematic drawings that are ideal illustrations of the present invention. Thus, the shape of the illustrations may be modified by manufacturing techniques and / or tolerances. In addition, in the drawings of the present invention, each component may be somewhat enlarged or reduced in view of convenience of explanation.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram illustrating an object device according to an embodiment of the present invention.

Referring to FIG. 1, the object device 10 includes an arrangement for improving the security level in the object-based Internet connection through occasional modification of the authentication information. More specifically, each time the usage information of the object device 10 is changed, the authentication information of the object device is automatically changed without setting the user so that the connection information of the object device 10 The security level can be improved.

The object device 10 encrypts the registration request use information including the changed usage information when the use information of the object device 10 is changed by a user's input or changed to a factor other than the input of the user, A registration requesting unit 11 for requesting registration information of use information as authentication information, a request receiving unit for directly or indirectly receiving a connection request from a third party device, inputting connection information corresponding to the registered authentication information in response to the received connection request, And a connection acknowledgment unit 13 for approving connection of other devices according to the result of authentication or connection authentication of the input connection information.

Here, the object device 10 is a general term for a device that can be connected to the object Internet, such as a smart phone, a washing machine, a boiler, a smart window, a home hub router, a TV,

Further, the usage information of the object device 10 refers to the details used by the user, the details used by the user other than the details used by the user, or information that can be combined based thereon.

The registration request unit 11 encrypts the registration request use information including the changed usage information when the usage information of the object device 10 is changed by a user's input or changed to a factor other than a user's input, And requests the use information to be registered as the authentication information in the authentication server. At this time, the registration request includes not only requesting the initial registration but also requesting to update the already registered authentication information.

Specifically, it is possible to utilize only the changed usage information as the registration request usage information, but it is also possible to use the changed usage information and the existing usage information as the registration request usage information.

Also, the registration request use information may be the same as the entire portion of the registered authentication information, or may be the same as a part of the registered authentication information.

Here, the same parts of the registration request use information and the registered authentication information mean that the registration request use information is directly used as authentication information. For example, when the registration request use information is 'ABCDE', the registered authentication information also becomes 'ABCDE'. In this case, each alphabet of 'ABCDE' means usage information of the object device 10.

In addition, the fact that the registration request use information is the same as a part of the registered authentication information means that only some information is consistent between the registration request use information and the authentication information. This is to prepare for security exposure due to hacking during information transmission. When only registration information 'ABC' is transmitted rather than all information for registering as authentication information, ABCDE 'as the final authentication information by combining the received registration request use information' ABC 'and the existing registration details' CD' according to the determined authentication information registration algorithm.

That is, if only 'A' is the changed usage information and 'BC' is the existing usage information among the registration request usage information 'ABC', the authentication server extracts the third and fourth existing usage information 'CD' Accordingly, 'ABCDE' can be finally registered as final authentication information as described above.

When receiving the connection request directly or indirectly from the other device, the authentication confirmation unit 12 requests the input of the connection information corresponding to the registered authentication information through the above-described process, Authentication is required.

When the authentication confirmation unit 12 requests input of the connection information, the other device acts as the authentication server. That is, the object device 10 and the other object device are P2P connected to register the authentication information of the object device 10 in the other object device, and then the other object device connects to the object device 10, (For example, all of the authentication information or a part of the authentication information) corresponding to the authentication information of the object device 10 registered beforehand in order to control the object device 10, The device can be authenticated as a device having proper access authority. At this time, the input of the connection information by the other device means that it is automatically inputted according to the authentication logic configured in advance.

For example, the object device 10 may be a home hub router, a smart window, or the like, and the other device may be a smart phone. Of course, a smartphone may also be a device corresponding to the object device 10.

When the object device 10 and the other device perform authentication between the two devices through the input of the connection information, the connection information input by the automatic input of the other device is the same as the entire portion of the already registered authentication information, Lt; RTI ID = 0.0 > authentication < / RTI >

The fact that the authentication information automatically input from the other device is the same in all the pieces of authentication information already registered means that the authentication information registered and stored in the other device is input as the access information as it is. For example, when the registered authentication information is 'ABCDE', the access information is also 'ABCDE'.

On the other hand, the fact that the access information automatically input from the other device is the same as a part of the already registered authentication information is intended to further prevent exposure to the risk of hacking during information transmission, In the case where only the 'CDE', which is a part of the authentication information, is transmitted, the object device which has received the 'CDE' as the connection information does not transmit the existing registration details' ABCDE ', which is the comparison information of the comparison target, to be compared with the registered authentication information by combining' ABE 'and' CDE 'which is the access information received this time.

Also, the connection information provided by the object device 10 from the other device in the authentication execution process may be different from the registration request use information in the registration process. Of course, it is also possible to set the connection information transmitted in the authentication execution process and the registration request use information of the registration process to be the same.

On the other hand, when the authentication confirmation unit 12 requests connection authentication, there is a case where an authentication server exists separately in addition to the object device 10 and the other device. That is, the object device 10 and the other device perform registration of the authentication information through the registration request use information including the changed usage information each time the use information of each device is changed, When the connection request is received from the authentication server, the authentication server can request the other device to receive connection authentication for connection availability between the object device 10 and the other device. In response to this request, It is possible to authenticate that the device other than the object device 10 has a proper access right to the object device 10 only when the result of the authentication is received and normally processed.

When the authentication confirmation unit 12 of the object device 10 requests connection authentication from the authentication server when determining whether or not to approve connection to another object device, both the object device 10 and the other devices are connected to the authentication server It is possible to perform a pre-authentication to receive the authentication that the device has a proper access right. In this pre-authentication process, the authentication confirmation unit (12) of the object device (10) extracts specific usage information of a predetermined criterion from among the entire usage information being stored in advance, encrypts the extracted specific use information, And transmits the information to the authentication server as information for pre-authentication. Accordingly, the authentication server decrypts the encrypted authentication use information provided from the object device 10, compares the decrypted authentication use information with the registered authentication information, and judges whether the object device 10 has a proper access right Is authenticated.

In addition, in the pre-authentication process, the other device also extracts specific use information of a predetermined reference from the entire usage information that is being stored in advance, encrypts the extracted specific use information, To the authentication server. The authentication server decrypts the encrypted authentication use information provided from the other device, compares the decrypted authentication use information with the registered authentication information, and determines whether the other device has a legitimate access right Authentication.

In such a pre-authentication process, the specific usage information extracted from each object device may be the same as the entire portion of each authentication information registered in advance, or may be the same as a part of each registered authentication information. Here, the extracted specific use information and all of the registered authentication information are the same, which means that the specific usage information is extracted in the same manner as the registered authentication information. For example, if the registered authentication information is 'ABCDE', the specific usage information extracted also becomes 'ABCDE'.

In addition, the fact that the extracted specific use information is the same as a part of the registered authentication information means that only some information coincides between the extracted specific use information and the authentication information. Also, in order to better prepare for exposure to the risk of hacking during information transmission, when the specific use information transmits only CDE, which is not part of all information to be compared with the authentication information, the registered authentication information It is possible to complete 'ABCDE' which is the final specific usage information of the comparison object to be compared with the registered authentication information by combining the specific usage information 'CDE' transmitted in accordance with the predetermined authentication execution algorithm and the existing registration details 'AB' have.

The specific usage information extracted in the authentication execution process and the registration request usage information of the registration process may be different from each other as described above. Of course, it is also possible to set the specific use information extracted in the authentication execution process and the registration request use information of the registration process to be the same.

The registration request unit 11 includes a configuration for detecting whether usage information of the object device 10 is changed by a user's input or is changed to a factor other than the user's input. And requests the registration of the authentication information based on the changed usage information when there is a change.

In addition, it is preferable that the authentication information registration request of the registration request unit 11 is automatically executed in consideration that the authentication information registration request is executed every time the usage information of the object device 10 is changed.

The registration request unit 11 may periodically or non-periodically change the same part of the mutual information when the registration request use information and the registered authentication information are identical.

For example, the periodic change of the registration request unit 11 may be performed by combining at least one of the date, the parking, and the time according to the pre-programmed logic to identify a part of the same mutually between the registration request use information and the registered authentication information It is possible. As a more specific example, if the same part of the registration information of the registration request used in 2015.09.14 and the registered authentication information corresponds to the 3rd parking in September 2015 based on the parking of the corresponding month, The same part of the authentication information can be specified as the same part from the first to the third digit of the registered authentication information.

An example of the non-periodic change of the registration request unit 11 is that the registration request unit 11 changes the same part between the registration request use information and the registered authentication information based on the update information received from the authentication server .

If one part of the access information input from the other device is the same as the registered authentication information, the same part of the mutual information can be changed periodically or non-periodically.

Periodically changing the same part of the connection information and the authentication information may be performed by combining at least one of date, parking and time according to the logic pre-programmed to the object device and the other device, And it is possible to change a part already specified. The method of combining at least one of the above-described date, parking, and time is merely an example, and various methods for specifying the same intersection portion between other information can be applied.

Non-periodically changing the same part of the connection information and the authentication information is performed when a non-periodic input of a non-periodic input of a non-periodic input of a non-periodic input to a non-periodic input device 10 can interwork with each other to specify the same part of the connection information and the authentication information at once or to change a part already specified.

When the access authentication to the object device 10 of the other object device is processed through the authentication server, when the mutual authentication part is identical between the specific use information extracted from each object device and the registered authentication information, Periodically or non-periodically.

The periodic change to the same part of the specific use information and the recognition information is performed by combining at least one of the date, the parking, and the time according to the pre-programmed logic, It is possible to do. As a more specific example, when the same part extracted between the specific usage information extracted from the 2015.09.14 and the registered authentication information is divided into the even-numbered day and the odd numbered day, and the 14th day corresponds to the even-numbered day, The same part can be specified from the first digit to the second digit of the authentication information in which the same part is registered.

An example of an aperiodic change to the same part of the use information and the authorization information is that the authentication confirmation unit 12 of the object device 10 registers the specific usage information with the registered usage information based on the update information received from the authentication server The same part of the authentication information can be changed. It can be executed in the same manner as a counterpart device.

The registration request unit 11 can encrypt the changed use information and the authentication confirmation unit 12 can encrypt the extracted specific use information. In addition, the connection information input from the other device may also be encrypted from the other device and transmitted to the object device 10. Here, at least one of various encryption schemes with a high security level can be applied to the encryption scheme .

For example, at least one of the registration request unit 11 and the authentication confirmation unit 12 may encrypt the public key cryptosystem using prime numbers greater than a predetermined number of digits.

The public key cryptosystem can easily obtain the product m (= pq) of two prime numbers (p and q) given two prime numbers (a natural number that can not be separated by a natural number other than 1 and its number itself) It is a method that draws from the fact that it is difficult to know which m is a product of two prime numbers when a m is given. In other words, the public key system is provided with a device such as a so-called trapdoor in which anyone can easily enter in one direction but can not come back except for a specific user.

When you expose the m product of two prime numbers, you can use a prime number with two prime numbers p and q, respectively, of 100 or more digits. For example, m may be:

m = 114381625757888867669235779976146612010218296721242362562561842 935706935245733897830597123563958705058989075147599290026879543541

The two prime factors p and q of the top m obtained by the factorization algorithm are as follows.

p = 3490529510847650949147849619903898133417764638493387843990820577

q = 32769132993266709549961988190834461413177642967992942539798288533

Even if two prime factors p and q of the top m are obtained by using the factorization algorithm, it takes time to derive the resultant value. This requires absolute computation processing time even if the factorization algorithm is continuously improved.

Thus, the public key cryptosystem is preferably encrypted with prime numbers greater than the two prime factors p, q mentioned above. That is, the public key cryptosystem is a method that requires a minimum time (for example, several days) to decrypt even if it is exposed to a hacking program.

The object device 10 of the present invention changes the authentication information every time the usage information of the object device 10 is changed. For example, when the object device 10 is a mobile phone, But it can be changed every few seconds or changed every few hours.

That is, when the use information of the object device 10, which is frequently changed, is encrypted using the public key cryptosystem described above, even if it is exposed to the hacking and decrypted, when the decryption is completed, The new authentication information is changed to the new authentication information. With this principle, the object device 10 of the present invention can establish strong security without user intervention.

FIG. 2 is a block diagram showing the usage history stored in the object device of FIG. 1. FIG.

As shown in FIG. 2, the object device 10 stores a plurality of usage information. For example, the first usage information, the second usage information, the third usage information, and the Nth use information may be included in the object device 10 by dividing each usage information.

FIG. 3 is an exemplary view showing the use details of FIG. 2 by way of example, and FIG. 4 is an exemplary view showing an example of usage details of FIG. 3 in more detail.

As shown in FIG. 3, the first usage information, the second usage information, the third usage information, and the Nth usage information may be arranged in a time series order. When the registration request unit 11 requests registration to the authentication server including the three pieces of usage information as the registration request use information, the first use information to the third use information may be used as the registration request use information in a time series sequence .

The usage information shown in FIG. 3 is a time-series arrangement in which the recent usage details are arranged below and the past usage details are arranged above, unlike in FIG. When the object device 10 is a smart phone, the registration request unit 11 transmits the latest three pieces of usage information '2015.07.28 8:36 am B's message to' ① Usage information, ② Usage information for 'Receiving from B' at 8:37 am on May 27, 2008 at 8:37 am, and ③ Usage information for 'Receiving application al information from C' at 9:01 am on May 28, 2018 Information can be used to request registration as authentication information.

When the usage information of the object device 10 is added and changed, for example, the registration request unit 11 transmits the usage history of the object device 10, for example, from '9:02 am on May 27, Use information can be added to 'D' Securities News Reading by 16 minutes'. At this time, the registration request department receives ① the 'usage information' of the registration request use information at 8:37 am at 8:37 am, receives the B company message from 'a', ② the 'usage information' at 2015.07.28 at 09:01 am , And ③ "Usage information" from 9:02 am to 2015.07.28 am to 9:16 am on May 20, 2015, and to request the registration as authentication information .

FIG. 5 is an exemplary diagram showing another example of the use history of FIG. 2, and FIG. 6 is an exemplary diagram showing a more detailed example of the use history of FIG.

5, when the object device 10 is a smart phone, the registration request unit 11 divides the use information of the object device 10 into categories and registers the use request information You can extract usage information to include.

For example, when the registration request use information is set to three pieces of usage information, the first usage information of the first group is used as the usage information of the registration request use information, the first use information of the second group is used as the usage information of the registration request use information 2) Usage information and first use information of the third group can be extracted as usage information of the registration request use information.

As shown in FIG. 6, the first group may be a 'call history', and the wife may be called for 2 minutes at 2:31 pm on June 5, 2018, the latest call history of the 'call history' Quot; use " information as " usage information " of the registration request use information.

The second group may be a 'message history', and the use information of 'receiving the e-mail message from' 8: 3 am or ' ② It can be extracted as usage information of usage information.

The third group mentioned above may be 'other execution details', and the most recent message history of 'other execution details' from 9:02 am to 2015.07.28 am to 9:16 am News viewing 'usage information as the usage information of the registration request use information.

FIG. 7 is a diagram illustrating an example of a menu screen for user selection among the usage histories of FIG. 2. FIG.

As shown in FIG. 7, when the object device 10 has a control environment in which a user can set a user selection, such as a smart phone, a selection menu P such as' user selection, application or function selection, You can select the usage information according to your convenience.

That is, in the selection menu P, the user selects 'wife' from the 'user selection' menu, selects 'phone call, B message and E message' from the 'application or function menu' You can select 'Outgoing or incoming' from the 'Select Time' menu.

In this case, whenever the usage information of the object device 10 is changed every time the "phone call, the B message, and the E message" are transmitted or received from the wife to the object device 10 The authentication information registration based on the changed usage information can be executed. Therefore, in this case, the 'wife' of the user may be regarded as a helper for changing the authentication information of the object device 10 from time to time.

FIG. 8 is an exemplary diagram showing another example of the use history of FIG. 2. FIG.

The usage information shown in Figs. 4 to 7 is an example of a case where the object device 10 is a smartphone, and the use information shown in Fig. 8 exemplifies a case where the object device 10 is a smart window.

The smart window device (10), which is the registration request use information, includes information on (1) usage information of the latest three pieces of usage information '2015.08.29.120:26 pm on the second window automatic closing according to the first user command'; 29. 17:11 pm ② Use information on 'switching to air cleaning mode according to the second user command', and ③ Information on 'less than 70% detection of indoor air pollution rate at 17:13 pm on 2015.08.29 And can request registration as authentication information.

When the use information of the object device 10 is added and changed, the registration request unit 11 of the object device 10 which is a smart window, for example, Usage information for the first window and the second window automatic opening at 14 minutes may be added. At this time, the registration request unit 11 transmits ① use information of the registration request use information to the air cleaning mode according to the second user command at 17:11 pm on August 5, 2015, 17:13 pm Indoor air pollution rate is less than 70% detection ', and ③' Usage information is changed to '1st window and 2nd window automatic opening' at 17:14 pm on August 5, 2015 to request registration as authentication information .

9 is a block diagram illustrating an object device according to another embodiment of the present invention.

9, the object device 20 requests a connection to any other object device to be controlled, in addition to the registration request unit 21, the authentication confirmation unit 22, and the connection acknowledgment unit 23, And a connection request and control unit (24) for controlling another object device after the connection is approved.

That is, the object device 20 including the connection request and control unit 24 may be referred to as the other device described above.

Further, the object device 10 performs a specific drive by being connected to the other object device and being controlled from the other object device. For example, when the object device 10 is a smart window, it can perform window opening or window closing operation under the control of a third party device (e.g., a smart phone).

10 is a configuration diagram showing an example of a communication configuration between object devices according to the present invention.

10, in the case of the P2P connection of the first object device 30 and the second object device 40, the second object device 40 is connected to the first object device 30 and the second object device 30 40) to be registered. For example, the first object device 30 may be a smart phone, and the second object device 40 may be a washing machine.

The second object device (e.g., washing machine) 40 encrypts the registration request use information including the changed usage information when the usage information of the second object device 40 is changed, and transmits the encrypted registration request use information to the authentication information And requests registration to the first object device (e.g., smartphone 30) (①).

The first object device (e.g., the smartphone) 30 responds to the authentication information registration request of the second object device (e.g., washing machine 40) based on the details of the subscribed contents and transmits the registration result as the response result to the second object device For example, a washing machine, 40), thereby completing the registration of the authentication information (2).

Thereafter, when the first object device (e.g. smart phone 30) makes a connection request for controlling the second object device (e.g., washing machine 40) to the second object device (e.g., washing machine 40) And requests input of a connection number to the object device (e.g., washing machine, 40) (3).

On the other hand, the first object device (e.g., the smartphone 30) extracts the authentication information as the connection information corresponding to the registered authentication information and stores it in the second object device For example, a washing machine, 40) (④).

The second object device (e.g., washing machine) 40 extracts the specific use information corresponding to the registered authentication information generated in the registration step, compares the extracted specific use information with the access information inputted in step (4) (E.g., smart phone 30) through the first device (e.g.

The second object device (e.g., the washing machine) 40 transmits the approval result generated in step 5 to the first object device (e.g., the smartphone 30) (For example, washing machine) 40 (step S6).

FIG. 11 is a configuration diagram showing an example of a configuration at the time of hacking to the first object device of FIG. 10; FIG.

11, when a hacking device tries to connect to a first object device (e.g., smartphone 30) (1), the first object device (e.g., smartphone 30) And requests input of a connection number to the hacking device 50 as in the object device (for example, the washing machine 40) (2).

When a valid access number is not input from the hacking device 50 or exceeds the input time, the first object device (e.g., the smartphone 30) rejects the access of the hacking device 50 or accesses the hacking device 50 (3).

FIG. 12 is a configuration diagram showing an example of changing the authentication information for the first object device of FIG. 10; FIG.

As described above, the second object device (e.g., washing machine) 40 registers the usage information of the second object device (e.g., washing machine 40) in the first object device (e.g., smartphone 30). On the other hand, the first object device (e.g., the smartphone 30) registers the usage information of the first object device (e.g., the smartphone 30) to the authentication server 60 every time the usage information is changed.

That is, a first object device (e.g., a smartphone) 30 and a second object device (e.g., a washing machine) 40 are connected by P2P, and the authentication of the first object device ). ≪ / RTI > Thus, the authentication server 60 uses the use of a plurality of first object devices (e.g., the first object device 31, the first object device 32, and the first object device 33) You can change the information every time you use the information.

At this time, the first object device (e.g., the smartphone 30) not only registers the authentication information every time the use information of the first object device (e.g. smart phone 30) is changed, (E.g., smart phone 30), change of the usage information of the first object device (e.g., smart phone 30), or information that can be combined on the basis of these, It is also possible to change from time to time.

Here, the screen information includes arrangement information, notification detail information, background image, or information that can be combined based on at least one application of a specific screen.

The specific screen of the first object device (e.g., smart phone 30) may be a screen that is mainly used by the user at the time of using the first object device (e.g., smartphone 30) And a background screen which is a main operation screen where various applications are located.

13 is a configuration diagram showing another example of the communication configuration between object devices of the present invention.

13, the first object device (e.g., a smart phone) 70 and the second object device (e.g., the washing machine, 80) all use the changed usage information to the authentication server 90 The registration request use information including the registration request information may be registered as the authentication information.

Then, when the first object device (e.g. smart phone) 70 makes a connection request to control the second object device (e.g., washing machine 80) to the second object device (e.g., washing machine 80) , And requests input of a connection number to the second object device (e.g., washing machine 80) (2).

The first object device (e.g., a smartphone) 70 connects to the authentication server 90 and registers the registered authentication information of the first object device (e.g., smart phone 70) and the first object device After completing the pre-authentication of the first object device (e.g. smart phone) 70 via the comparison between the specific usage information extracted from the mobile phone (70), the authentication server (90) .

On the other hand, the authentication server 90 is connected to a second object device (e.g., a washing machine) 80 that is an opposite terminal to the second connection authentication and based on the registered authentication information of the second object device (e.g., washing machine 80) After completing one pre-authentication, the result of connection authentication of ② is provided to two object devices (eg washing machine, 80) (④).

Then, the second object device (e.g., washing machine) 80 approves the connection request of the first object device (e.g., smartphone) 70 through the result input in step (4) (step 5).

The second object device (e.g., washing machine) 80 transmits the approval result generated in step 5) to the first object device (e.g., the smartphone 70) (For example, washing machine) 80 (step S6).

FIG. 14 is a configuration diagram showing an example of a configuration at the time of hacking for the first object device of FIG. 13; FIG.

14, when the hacking device 90-1 attempts to access the first object device (e.g., smart phone 70) (①), the first object device (e.g., smartphone 70) (2) as in the case of the second object device (for example, the washing machine 80) described above, to input the connection number to the hacking device 90-1.

If a valid access number is not input from the hacking device 90-1 or the input time is exceeded, the first object device (e.g., smartphone 70) rejects the connection of the hacking device 90-1 or the hacking device 90-1 90-1) ((3)).

FIG. 15 is a configuration diagram showing an example of authentication information change for each object device in FIG. 13; FIG.

The first 1-1 object device 71 to the 1-3 first object device 73 and the second 1-1 object device 81 through the second object device 83 are connected to the authentication server 90, Each usage information can be registered at each usage information change.

16 is a block diagram showing another example of the communication configuration between object devices of the present invention.

As shown in FIG. 16, the first object device (e.g., smartphone 100) and the second object device (e.g., washing machine 120) all use the changed usage information to the authentication server 130 The registration request use information including the registration request information may be registered as the authentication information.

Then, the first object device (e.g., smartphone 100) accesses the service server 110 and logs in (1). 1, a first object device (e.g., a smartphone, 100) receives authentication information registered in advance using usage information of a first object device (e.g., smartphone 100) And 100 from the authentication server 130 through the intermediation of the service server 110. [ Then, the first object device (e.g., smartphone 100) that has passed the pre-authentication requests the service server 110 to make a connection request to the second object device (e.g., washing machine 120).

The service server 110 receives a connection request to a second object device (e.g., washing machine) 120 of a first object device (e.g., smart phone) 100, (For example, washing machine) 120, the pre-authentication result obtained by comparing the pre-registered authentication information and the specific usage information extracted from the second object device (for example, washing machine 120) using the usage information of the authentication server 130), a request for access to a second object device (e.g., washing machine, 120) of a first object device (e.g., smart phone 100) is transmitted to a second object device (e.g., 120).

Thereafter, the service server 110 receives a connection authentication request from the second object device (e.g., washing machine) 120 to determine whether the connection request of the first object device (e.g., smartphone 100) is valid (3).

Then, the service server 110 requests the authentication server 130 to approve the connection authentication request (④), and receives the result of the connection authentication (3) from the authentication server 130 (⑤).

The service server 110 provides the result of the (3) connection authentication provided in (5) to the second object device (e.g., washing machine 120) (6).

Then, the second object device (e.g., washing machine) 120 approves the connection request of the first object device (e.g., smartphone 100) through the result input in (6) (step (7)).

The second object device (e.g., washing machine) 120 transmits the approval result generated in step (7) to the first object device (e.g., the smartphone 100) via the service server 110 so that the first object device For example, a smartphone, 100) can be connected to a second object device (e.g., washing machine, 120) (8).

17 is a configuration diagram showing an authentication system according to an embodiment of the present invention.

In the authentication system shown in Fig. 17, when a first object device (e.g., smartphone, 200) requests a connection to a second object device (e.g., washing machine 210), the authentication concept shown in Figs. Or it is possible to apply the authentication concept shown in Figs. 13 to 15.

18 is a configuration diagram showing an authentication system according to another embodiment of the present invention.

In the authentication system shown in Fig. 18, when a first object device (e.g., smartphone 300) requests a connection to a second object device (e.g., home hub router 310) It is possible to apply the concept, or the authentication concept shown in Figs. 13 to 15.

19 is a configuration diagram showing an authentication system according to another embodiment of the present invention.

In the authentication system shown in Fig. 19, when a first object device (e.g., a smartphone, 400) requests access to a second object device (e.g., washing machine) 420 as an intermediary of the service server 410, It is possible to apply the authentication concept shown in Fig. 12, or the authentication concept shown in Figs. 13 to 15, or the authentication concept shown in Fig.

20 is a configuration diagram showing an authentication system according to another embodiment of the present invention.

In the authentication system shown in Fig. 20, when a first object device (e.g., a smartphone 500) requests access to a second object device (e.g., home hub router 520) as an intermediary of the service server 510, 10 to 12, or the authentication concept shown in Figs. 13 to 15, or the authentication concept shown in Fig.

FIG. 21 is a flowchart showing an example of a process of authenticating an object device according to the present invention.

As shown in Fig. 21, when the use information of the object device 10 is changed by a user's input or changed by a factor other than a user's input, the object device 10 uses a registration request including changed usage information And requests registration of the encrypted registration request use information as authentication information to the authentication server (S100).

Thereafter, when the object device 10 receives the connection request from the other device 20 (S102), the object device 10 requests input of the connection number or connection authentication corresponding to the registered authentication information in response to the received connection request ( S104).

The object device 10 determines whether the above-described access to the other-matter device 20 has been approved according to the result of the authentication of the access number or the access authentication inputted in the step S104 (S106).

If the connection approval is made in step S106 (S108), the object device 10 performs an operation according to the control of the other device 20 after the connection of the other device 20 is completed (S110).

If the connection is not possible in step S106 (S106-1), the object device 10 is not connected to the other device 20.

Thereafter, when the authentication process of the object device 10 is terminated, the execution of the above steps is also ended (S112).

Each step of this authentication process may be implemented as a computer program stored on a recording medium in combination with the object device 10, or a computer readable medium including instructions for executing each of the above steps when executed by the object device 10 As shown in FIG.

22 is a flowchart showing an example of the authentication process performed by the authentication server of the present invention.

As shown in FIG. 22, the authentication server 60 or 90 receives the registration request use information including the changed usage information from the object device at the time of changing the usage information of any object device (S200). At this time, the registration of the authentication information based on the changed usage information in the authentication server 60 or 90 may be performed after the registration procedure for using the authentication service of the present invention has been performed in advance. The subscription procedure may be performed in accordance with a normal service subscription procedure.

Thereafter, in accordance with the registration request received in step S200, authentication information is registered (S202). Here, registration is a concept that includes registration of the first authentication information or updating of already registered authentication information.

Then, the authentication server 60 or 90 receives a connection authentication request for the second object device (e.g., washing machine 10) of the first object device (e.g., smartphone 20) (S204).

Thereafter, the authentication server 60 or 90 generates a result of the connection authentication request received in step S204, and outputs the generated connection authentication result as a response to the connection authentication request received in step S204 (S208).

Thereafter, when the authentication service is terminated, the execution of the steps is also terminated (S210).

While the present invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, It will be understood. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive.

Also, the present invention provides an object device for automatically changing authentication information for authenticating an object device without setting a user when the use information of the object device is changed, and an authentication method, a computer program and a recording medium applied thereto It is not only a possibility of commercialization or sales, but also an invention that is industrially applicable since it is practically possible to carry out clearly.

10, 20: object device 11, 21: registration request unit
12, 22: authentication confirmation unit 13, 23: connection approval unit
24: connection request and control unit 30, 70, 100, 200, 300, 400, 500:
40, 80, 120, 210, 310, 420, 520:
50, 90-1: Hacking device 60, 90, 130: Authentication server
110, 410, 510: service server

Claims (9)

When the use information of the object device is changed by a user's input or changed to a factor other than the input of the user, the use request information including the changed usage information is encrypted and the encrypted registration request use information is registered as the authentication information Registration request section;
An authentication confirmation unit for receiving a connection request directly or indirectly from a counterpart device and requesting input of connection information or connection authentication corresponding to the registered authentication information in response to the received connection request; And
And a connection admission unit for accepting connection of the other device according to the authentication of the input connection information or the result of the connection authentication. The method according to claim 1,
Wherein the registration request use information is the same as the entire portion of the registered authentication information or is the same as a part of the registered authentication information, and when proceeding to the authentication of the input access information, The specific usage information extracted from each object device that is the same as the entire part of the information or is the same as a part of the registered authentication information and is proceeded to the connection authentication, And a part of each registered authentication information. 3. The method of claim 2,
If one part is identical between the registration request use information and the registered authentication information, the same part is changed periodically or non-periodically,
If one part is identical between the input connection information and the registered authentication information, the same part is changed periodically or non-periodically,
Wherein if one part of the specific use information is identical to the registered authentication information, the same part is periodically or non-periodically changed. The method according to claim 1,
Wherein at least one of the registration request unit, the authentication confirmation unit, and the connection approval unit encrypts the public key using a public key cryptosystem using prime numbers greater than a predetermined number of digits. The method according to claim 1,
Further comprising a connection request and control section for requesting connection to any other object device to be controlled and for controlling the other object device after connection approval. When the use information of the object device is changed by a user's input or changed to a factor other than the input of the user, the use request information including the changed usage information is encrypted and the encrypted registration request use information is registered as the authentication information ;
Receiving a connection request directly or indirectly from a counterpart device and requesting input of connection information or connection authentication corresponding to the registered authentication information in response to the received connection request; And
And accepting connection of the other device according to the authentication of the input connection information or the result of the connection authentication. When the use information of the object device is changed by a user's input or changed to a factor other than the input of the user, the registration request use information including the changed usage information is encrypted and the encrypted registration request use information Requesting registration as authentication information;
Receiving a connection request directly or indirectly from a counterpart device and requesting input of connection information or connection authentication corresponding to the registered authentication information in response to the received connection request; And
And accepting connection of the other device according to the authentication of the input connection information or the result of the connection authentication. When executed by the object device, encrypts the registration request usage information including the changed usage information when the usage information of the object device is changed by a user's input or changed to a factor other than the input of the user, Requesting registration of information as authentication information;
Receiving a connection request directly or indirectly from a counterpart device and requesting input of connection information or connection authentication corresponding to the registered authentication information in response to the received connection request; And
And accepting connection of the other device according to the authentication of the input connection information or the result of the connection authentication. When the usage information of one of the plurality of object devices is changed by a user input or is changed to a factor other than the user input, encrypted usage request information including changed usage information from the object device is transmitted to the communication network ;
Registering the authentication information of the object device through the encrypted registration request use information;
Receiving a connection authentication request for a second object device directly or indirectly from a first object device among the plurality of object devices;
And an authentication result that is executed based on each of the authentication information registered in advance for the first object device and the second object device and connection authorization information that is registered in advance for the connection relationship between the first object device and the second object device Generating a connection authentication result using the authentication result; And
And outputting the connection authentication result.
KR1020150130338A 2015-07-28 2015-09-15 Device of things, and method, computer program and recording medium applied to the same KR20170032688A (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
KR1020150130338A KR20170032688A (en) 2015-09-15 2015-09-15 Device of things, and method, computer program and recording medium applied to the same
PCT/KR2016/008296 WO2017018829A1 (en) 2015-07-28 2016-07-28 Authentication device and method, and computer program and recording medium applied thereto
US15/747,768 US20180212957A1 (en) 2015-07-28 2016-07-28 Apparatus and method for authentication, and computer program and recording medium applied to the same
CN201680055857.0A CN108604269A (en) 2015-07-28 2016-07-28 For the device and method of certification, and it is applied to identical computer program and recording medium
JP2018525330A JP2018530084A (en) 2015-07-28 2016-07-28 Authentication device, authentication method, and computer program and recording medium applied thereto
US17/033,976 US20210073368A1 (en) 2015-07-28 2020-09-28 Apparatus and method for authentication, and computer program and recording medium applied to the same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150130338A KR20170032688A (en) 2015-09-15 2015-09-15 Device of things, and method, computer program and recording medium applied to the same

Related Child Applications (2)

Application Number Title Priority Date Filing Date
KR1020170130261A Division KR20170117356A (en) 2017-10-11 2017-10-11 Device of things, and method, computer program and recording medium applied to the same
KR1020190124917A Division KR20190117460A (en) 2019-10-08 2019-10-08 Device of things, and method, computer program and recording medium applied to the same

Publications (1)

Publication Number Publication Date
KR20170032688A true KR20170032688A (en) 2017-03-23

Family

ID=58496280

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150130338A KR20170032688A (en) 2015-07-28 2015-09-15 Device of things, and method, computer program and recording medium applied to the same

Country Status (1)

Country Link
KR (1) KR20170032688A (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101392868B1 (en) 2012-07-11 2014-05-09 전자부품연구원 Method for Providing Internet of Things Service

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101392868B1 (en) 2012-07-11 2014-05-09 전자부품연구원 Method for Providing Internet of Things Service

Similar Documents

Publication Publication Date Title
US10666642B2 (en) System and method for service assisted mobile pairing of password-less computer login
US20210073368A1 (en) Apparatus and method for authentication, and computer program and recording medium applied to the same
EP3090520B1 (en) System and method for securing machine-to-machine communications
US9338164B1 (en) Two-way authentication using two-dimensional codes
CN104063650B (en) A kind of key storage device and using method thereof
US11848926B2 (en) Network authentication
US11652640B2 (en) Systems and methods for out-of-band authenticity verification of mobile applications
KR20210134212A (en) systems and methods for data access control using a short-range transceiver
US20140013116A1 (en) Apparatus and method for performing over-the-air identity provisioning
CN109150899B (en) Mobile communication method and system for Internet of things
CN105763517A (en) Router security access and control method and system
KR100651717B1 (en) Method and home network system for authentication between remote terminal and home network using smart card
KR101317342B1 (en) Mobile Terminal Interlocking Resource, Method for Interlocking Resource in Mobile Terminal, and between Web Server and Terminal
JP3994657B2 (en) Service provision system
KR102219018B1 (en) Blockchain based data transmission method in internet of things
KR102363981B1 (en) Device of things, and method, computer program and recording medium applied to the same
US20190379655A1 (en) Data communication system
KR20170117356A (en) Device of things, and method, computer program and recording medium applied to the same
CN102264069A (en) Authentication control method, device and system based on universal guide architecture
KR20170032688A (en) Device of things, and method, computer program and recording medium applied to the same
KR20200068640A (en) Device of things, and method, computer program and recording medium applied to the same
US10798572B2 (en) System and method for secure appliance operation
KR20190117460A (en) Device of things, and method, computer program and recording medium applied to the same
CN110166452B (en) Access control method and system based on JavaCard shared interface
KR101725939B1 (en) User authentication method and system performing the same

Legal Events

Date Code Title Description
N231 Notification of change of applicant
E902 Notification of reason for refusal
E601 Decision to refuse application
A107 Divisional application of patent