KR20170076905A - Apparatus and method for managing secret key in IoT environment - Google Patents
Apparatus and method for managing secret key in IoT environment Download PDFInfo
- Publication number
- KR20170076905A KR20170076905A KR1020150186443A KR20150186443A KR20170076905A KR 20170076905 A KR20170076905 A KR 20170076905A KR 1020150186443 A KR1020150186443 A KR 1020150186443A KR 20150186443 A KR20150186443 A KR 20150186443A KR 20170076905 A KR20170076905 A KR 20170076905A
- Authority
- KR
- South Korea
- Prior art keywords
- secret key
- iot device
- receiving
- message
- generated secret
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
A secret key management method and apparatus in an Internet environment for objects are disclosed. The secret key management method includes the steps of acquiring information on the number of authorized objects, generating a secret key corresponding to the number of receiving IoT (Internet of Things) devices to which a message is to be sent, And transmitting the generated secret key to the receiving IoT device when the number of access authorized objects is equal to or less than the number of access authorized objects, and deleting the generated secret key if the number of generated secret keys is not equal to the number of responses from the receiving IoT device .
Description
BACKGROUND OF THE INVENTION 1. Field of the Invention [0002] The present invention relates to encryption of a message transmitted in an object internet environment, and more particularly, to a method and apparatus for managing a secret key in an object internet environment.
Existing message encryption is typically a symmetric key / asymmetric key encryption technique, and the key to this technology is the generation and sharing of keys. Generally, a technique such as One Time Password (OTP) is used for key generation, and a key is generated based on software or a battery-based hardware device such as a real time clock (RTC) is used. OTPs used in mobile terminals are granted one license per individual and may be vulnerable to external factors such as operating system and software code flaws, although they are convenient to use. In addition, the RTC-based hardware OTP module basically uses a battery, which has a limited life span and has physical security weaknesses such as theft and loss.
On the other hand, the Internet of Things (IoT) environment means an environment where all objects can be connected to the Internet and freely transmit and receive information. Active research and development on the Internet has led to the launch of new services and products. As a result, various sensitive data including personal information and environmental information are transmitted and received via heterogeneous networks between the object and the Internet. Although security functions are provided in the Link Layer and Application Layer according to network characteristics, it is necessary to encrypt the transmitted and received messages themselves in order to securely protect sensitive information.
Therefore, although the software and hardware - based encryption methods have their advantages and disadvantages, the encryption method suitable for the Internet environment is more efficient and efficient in the newly changing object internet environment.
The present invention provides a secret key management method and apparatus in an object-oriented Internet environment for generating and distributing a limited and volatile secret key for encrypting a message transmitted and received in an object internet environment.
According to an aspect of the present invention, a secret key management method performed by a secret key management apparatus in a matter-of-art Internet environment configured by a heterogeneous network is disclosed.
A secret key management method according to an embodiment of the present invention includes acquiring information on the number of authorized objects to connect, generating secret keys as many as the number of receiving IoT (Internet of Things) , Transmitting the generated secret key to the receiving IoT device when the number of generated secret keys is equal to or less than the number of authorized access objects, and transmitting the generated secret key to the receiving IoT device And deleting the generated secret key if it is not.
If the number of responses from the receiving IoT device is equal to the number of generated secret keys, encrypting the message using the generated secret key and transmitting the encrypted message to the receiving IoT device.
And deleting the generated secret key if the number of responses from the receiving IoT device that received the message is not equal to the number of generated secret keys.
The secret key management apparatus is a transmission IoT device for transmitting a gateway or a message in the object Internet environment.
According to another aspect of the present invention, an apparatus for managing secret keys in an object internet environment configured by heterogeneous networks is disclosed.
A secret key management apparatus according to an exemplary embodiment of the present invention includes a communication unit for transmitting and receiving data to and from other devices through the heterogeneous network, a memory for storing a command, and a processor for executing the command, Acquiring the number of objects, generating secret keys as many as the number of receiving IoT (Internet of Things) devices to which a message is to be sent, Transmitting the generated secret key to the receiving IoT device, and deleting the generated secret key if the number of responses from the always-receiving IoT device is not equal to the number of generated secret keys The secret key management method.
The secret key management method and apparatus in the Internet environment of objects according to the present invention can improve the reliability of message delivery in the object internet environment by generating and distributing a limited and volatile secret key.
In addition, since the present invention does not use a battery-based RTC module or a key generation module, cost and physical security can be enhanced.
In addition, the present invention can guarantee high security when used in conjunction with security technologies of Link Layer and Application Layer.
Also, since random keys are generated in the object Internet device itself to be transmitted without using the random number generation algorithm or the key generation library promised in advance between the nodes, the present invention can enhance the internal security because the encryption key prediction is difficult have.
BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a diagram illustrating an Internet environment of objects configured with heterogeneous networks.
FIG. 2 is a flowchart illustrating a secret key management method according to an embodiment of the present invention; FIG.
3 is a flow diagram illustrating a secret key generation and distribution method in accordance with an embodiment of the present invention.
4 is a diagram schematically illustrating a configuration of a secret key management apparatus in an object Internet environment according to an embodiment of the present invention.
As used herein, the singular forms "a", "an" and "the" include plural referents unless the context clearly dictates otherwise. In this specification, the terms "comprising ", or" comprising "and the like should not be construed as necessarily including the various elements or steps described in the specification, Or may be further comprised of additional components or steps. Also, the terms "part," " module, "and the like described in the specification mean units for processing at least one function or operation, which may be implemented in hardware or software or a combination of hardware and software .
Hereinafter, various embodiments of the present invention will be described in detail with reference to the accompanying drawings.
1 is a diagram illustrating an Internet environment of objects configured with heterogeneous networks.
1, the object Internet may be configured using a wireless network such as a ZigBee network, a Bluetooth network, a wired network, a WiFi, or the like, There is a gateway for communication between networks.
The ZigBee network and the Bluetooth network have PAN ID (Personal Area Network Identification) information, and the wired and wireless network has IP address information in the same local network. That is, each communication terminal can know the number of objects internally allowed to access. The secret key management method in the object Internet environment according to the embodiment of the present invention can generate and distribute a limited and volatile secret key using the information on the number of objects permitted to be connected. This will be described below with reference to FIG. 2 and FIG.
2 is a flowchart illustrating a secret key management method according to an embodiment of the present invention. The subject performing the secret key management method of FIG. 2 may be a gateway or an object to which a message is to be transmitted. Hereinafter, a subject performing the secret key management method is referred to as a secret key management device .
In step S210, the secret-key management device obtains information on the number of permitted objects (N permission ). For example, the secret key management apparatus broadcasts an object information request message through a network and receives a response message including object information from each object (i.e., IoT devices) connected to the network, (N permission ) information.
In step S220, the secret key management device generates secret keys as many as the number of the receiving IoT devices.
In step S230, the secret-key management device determines whether the number of generated secret keys (N scretkey ) is equal to or less than the number of permitted objects (N permission ).
That is, the secret key management apparatus according to the embodiment of the present invention generates a limited secret key only as many as the number of the receiving IoT devices to transmit a message, and has a constraint that N scretkey ≤ N permission .
If the constraint that N scretkey < N permission is not satisfied, step S210 is entered.
In step S240, when the number of generated secret keys (N scretkey ) is equal to or less than the number of permitted objects (N permission ), the secret key management device transmits a secret key generated in the receiving IoT device to receive the message. At this time, the secret key management apparatus encrypts the secret key using a common key shared by all the objects, and transmits the encrypted secret key to the receiving IoT device.
In step S250, the secret key management device determines whether the number of responses (N ack ) from the receiving IoT device that received the secret key is equal to the number of generated secret keys (N scretkey ).
In step S260, if the number of responses (N ack ) from the receiving IoT device is not equal to the number of generated secret keys (N scretkey ), the secret key management device deletes the generated secret key, and enters S210 do.
That is, if the secret key management apparatus according to the embodiment of the present invention does not satisfy the condition of N ack = N scretkey , the generated secret key may have volatility by deleting the generated secret key.
In step S270, if the number of responses (N ack ) from the receiving IoT device is equal to the number of generated secret keys (N scretkey ), the secret key management device transmits a message to be transmitted to the receiving IoT device. At this time, the secret key management apparatus can encrypt (encrypt) a message to be transmitted using a common key and a secret key.
In step S280, the secret key management device determines whether the number of responses (N ack ) from the receiving IoT device that received the message is equal to the number of generated secret keys (N scretkey ). If the number of responses (N ack ) from the receiving IoT device is not equal to the number of generated secret keys (N scretkey ), step S260 is entered. (N ack ) from the receiving IoT device and the number of generated secret keys (N scretkey ) are the same.
That is, the secret key management apparatus according to the embodiment of the present invention determines whether to delete the generated secret key by checking the condition of N ack = N scretkey every time a message is transmitted or a response is received from the receiving IoT device.
3 is a flowchart illustrating a secret key generation and distribution method according to an embodiment of the present invention. That is, FIG. 3 shows a secret key generation and distribution method for transmitting and receiving messages between IoT devices in a heterogeneous network in the Internet environment of FIG. For example, the transmitting
In step S311, the
In step S312, the
In step S313, the first receiving
In step S314, the
In step S315, the transmitting
In step S316, the
In step S317, the
In step S318, the
In step S319, the first receiving
In step S320, the
In step S321, the
In step S322, the
In step S323, the first receiving
In step S324, the
FIG. 4 is a diagram schematically illustrating a configuration of a secret key management apparatus in an object Internet environment according to an embodiment of the present invention.
4, a secret key management apparatus according to an embodiment of the present invention includes a
The
The
For example, the
The
The
On the other hand, the components of the above-described embodiment can be easily grasped from a process viewpoint. That is, each component can be identified as a respective process. Further, the process of the above-described embodiment can be easily grasped from the viewpoint of the components of the apparatus.
In addition, the above-described technical features may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the embodiments or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.
It will be apparent to those skilled in the art that various modifications, additions and substitutions are possible, without departing from the spirit and scope of the invention as defined by the appended claims. Should be regarded as belonging to the following claims.
410: Processor
420: memory
430:
440:
Claims (5)
Obtaining information on the number of authorized objects to connect;
Generating secret keys as many as the number of receiving IoT (Internet of Things) devices to which a message is to be transmitted;
Transmitting the generated secret key to the receiving IoT device when the number of the generated secret keys is equal to or less than the number of allowed access objects; And
And deleting the generated secret key if the number of responses from the receiving IoT device is not equal to the number of generated secret keys.
If the number of responses from the receiving IoT device is equal to the number of generated secret keys, encrypting the message using the generated secret key and transmitting the encrypted message to the receiving IoT device.
And deleting the generated secret key if the number of responses from the receiving IoT device that received the message is not equal to the number of generated secret keys.
Wherein the secret key management device is a transmission IoT device for transmitting a gateway or a message in the object Internet environment.
A communication unit for transmitting and receiving data to and from other devices through the heterogeneous network;
A memory for storing instructions; And
And a processor for executing the instruction,
Wherein the command comprises:
Obtaining information on the number of authorized objects to connect;
Generating secret keys as many as the number of receiving IoT (Internet of Things) devices to which a message is to be transmitted;
Transmitting the generated secret key to the receiving IoT device when the number of the generated secret keys is equal to or less than the number of allowed access objects; And
And deleting the generated secret key if the number of responses from the always-receiving IoT device is not equal to the number of generated secret keys.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150186443A KR101757563B1 (en) | 2015-12-24 | 2015-12-24 | Apparatus and method for managing secret key in IoT environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150186443A KR101757563B1 (en) | 2015-12-24 | 2015-12-24 | Apparatus and method for managing secret key in IoT environment |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170076905A true KR20170076905A (en) | 2017-07-05 |
KR101757563B1 KR101757563B1 (en) | 2017-07-13 |
Family
ID=59352372
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150186443A KR101757563B1 (en) | 2015-12-24 | 2015-12-24 | Apparatus and method for managing secret key in IoT environment |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101757563B1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190019441A (en) * | 2017-08-17 | 2019-02-27 | 덕성여자대학교 산학협력단 | Method for setting secure key between devices using different out-of-band channel in internet of things environment |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100628566B1 (en) * | 2005-04-25 | 2006-09-26 | 삼성전자주식회사 | Method for security information configuration wlan |
KR101525885B1 (en) * | 2014-12-16 | 2015-06-03 | 주식회사 비즈니스서비스그룹 | License management method and system using broadcast method for restricting software license |
-
2015
- 2015-12-24 KR KR1020150186443A patent/KR101757563B1/en active IP Right Grant
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190019441A (en) * | 2017-08-17 | 2019-02-27 | 덕성여자대학교 산학협력단 | Method for setting secure key between devices using different out-of-band channel in internet of things environment |
Also Published As
Publication number | Publication date |
---|---|
KR101757563B1 (en) | 2017-07-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10194320B1 (en) | Method and apparatus for assignment of subscription electronic SIM credentials via local service brokers | |
KR102460096B1 (en) | Method and apparatus for managing encryption keys for cloud service | |
CN107689869B (en) | User password management method and server | |
US10484177B2 (en) | Method and apparatus for generation of a time-based one-time password for session encryption of sensor data gathered in low-performance and IOT environments | |
US8938074B2 (en) | Systems and methods for secure communication using a communication encryption bios based upon a message specific identifier | |
US9503433B2 (en) | Method and apparatus for cloud-assisted cryptography | |
US9602506B2 (en) | Method and apparatus for supporting login through user terminal | |
CN106953729B (en) | Satellite communication encryption system and method based on quantum key | |
CN112019647A (en) | Method and device for obtaining equipment identifier | |
US20170373850A1 (en) | Data encryption method, decryption method, apparatus, and system | |
US10887085B2 (en) | System and method for controlling usage of cryptographic keys | |
RU2018145757A (en) | MULTILEVEL MESSAGE ENCRYPTION | |
KR20180119201A (en) | Electronic device for authentication system | |
CN114239046A (en) | Data sharing method | |
CN111355684A (en) | Internet of things data transmission method, device and system, electronic equipment and medium | |
KR101718775B1 (en) | Communication security processing method, and apparatus | |
CN107872315B (en) | Data processing method and intelligent terminal | |
KR101757563B1 (en) | Apparatus and method for managing secret key in IoT environment | |
CN116226940B (en) | PCIE-based data security processing method and data security processing system | |
KR102474855B1 (en) | Method, system and non-transitory computer-readable recording medium for providing messenger service | |
US9928370B2 (en) | Communication device, communication method, computer program product, and communication system | |
US9135449B2 (en) | Apparatus and method for managing USIM data using mobile trusted module | |
KR101812311B1 (en) | User terminal and data sharing method of user terminal based on attributed re-encryption | |
CN114465825A (en) | Online monitoring system, method and device for power transmission line and master station | |
KR20170100403A (en) | Apparatus for authentication using self-certifying identifier on internet of things and method using the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |