KR20180046777A - The method and apparatus for providing service based on capability token in internet of things environment - Google Patents

Abstract

Disclosed are a method for providing a service, which includes the steps of: receiving a capability token request for receiving a service previously registered in a network entity from UE; allocating a capability token for using the service to the UE if the provision of the service is authenticated; receiving the capability token including encrypted service information from the UE; determining whether the received capability token is valid or not; and providing the service to the UE, and the network entity. Accordingly, the present invention can improve information security.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method and apparatus for providing a service based on a qualification token in an Internet environment,

The present invention relates to a method and apparatus for providing a service based on a qualification token in the Internet environment of objects, and more particularly, to a method of providing a service with enhanced security for privacy and qualification.

The Internet (or Internet of Things (IoT)) refers to technology that is connected to a network by embedding communication functions in various objects. "Things" on the Internet are all kinds of embedded systems such as household appliances, mobile equipment, wearable computers, and small sensors.

The Internet of Things has made rapid changes in life and industry by eliminating the temporal and spatial constraints of physical devices. However, as the various objects communicate with each other, convenience is increased, and security threats are also increasing. Accordingly, measures and countermeasures are required to solve the problem that information is shared indiscriminately through communication between objects.

SUMMARY OF THE INVENTION The present invention has been made in order to solve the above-mentioned problems, and it is an object of the present invention to prevent a user from indiscreetly exposing information in an object internet environment.

It is another object of the present invention to not only protect the user's privacy but also to protect the privacy of the resource service provided to the user.

Another object of the present invention is to reduce the possibility of unnecessary information leakage and privacy violation even in the process of delegating and reigning the qualification token.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not intended to limit the invention to the particular form disclosed. ≪ / RTI >

According to another aspect of the present invention, there is provided a method for providing a service, the method comprising: receiving a request for a qualification token for receiving a service registered in a network entity from a UE; Assigning a credential token, receiving a credential token containing encrypted service information from the UE, comparing the received credential token with the assigned credential token, determining whether the received credential token is valid for the service, And providing a service to the UE.

According to an embodiment of the present invention, the encrypted service information is encrypted using the authentication key of the UE, and the network entity can decrypt the encrypted service information to identify the requested service.

According to an embodiment of the present invention, a method of providing a service may further include, when a request for a qualification token is received from a UE, requesting a service provider providing the requested service to provide a service to the UE.

According to one embodiment of the invention, the qualification token may be delegated or re-delegated to another UE, and the identity of the UE may be encrypted if the qualification token is re-delegated.

According to one embodiment of the present invention, another UE may not be able to distinguish whether the qualification token is delegated to it or re-delegated.

According to one embodiment of the present invention, the qualification token includes information about at least one of the validity period of the qualification token, the revocation date, the encryption algorithm, the qualification token ID, the mandator token number, the re-delegation status, the maximum delegation count, .

According to an aspect of the present invention, there is provided a network entity including a transceiver unit, a token management module, and a resource management module, wherein the transceiver unit receives a request for a qualification token for receiving a service registered in a network entity from a UE, The module allocates a qualification token for use of the service to the UE when the service is granted to the UE, the transceiver receives a qualification token including the encrypted service information from the UE, and the token management module receives the received qualification token With the assigned qualification token to determine if the received qualification token is valid for the service, and the resource management module provides the service to the UE.

According to the embodiments of the present invention, the following effects can be expected.

First, it can prevent information leak of the user of the qualification token in the Internet environment of the object, so that it has an effect on information security.

Second, information leakage to the service requested by the user of the qualification token is also prevented, thereby improving security against the service itself compared to the prior art.

Third, users can set their own privacy policies so that security can be maintained even when the entitlement token is re-assigned or temporarily re-established.

The effects obtainable in the embodiments of the present invention are not limited to the effects mentioned above, and other effects not mentioned can be obtained from the description of the embodiments of the present invention described below by those skilled in the art Can be clearly understood and understood. In other words, undesirable effects of implementing the present invention can also be obtained by those skilled in the art from the embodiments of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention. It is to be understood, however, that the technical features of the present invention are not limited to the specific drawings, and the features disclosed in the drawings may be combined with each other to constitute a new embodiment.
1 is a diagram showing a basic structure of a thing Internet.
Fig. 2 is a diagram showing the structure of an object Internet system using a capability token (token). Fig.
3 is a diagram showing a structure of a qualification token according to an embodiment of the present invention.
4 and 5 are diagrams showing the concrete structure of the qualification token according to the proposed embodiment.
Figure 6 is a diagram that defines a privacy structure when a qualification token is used in accordance with the proposed embodiment.
7 and 8 are diagrams illustrating user privacy in the proposed privacy structure.
9 is a flowchart showing an operation method for ensuring resource privacy in the proposed privacy structure.
FIG. 10 is a diagram specifically explaining resource privacy in the proposed privacy structure.
11 is a diagram showing a configuration of a network entity operating according to the proposed embodiment.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings, which will be readily apparent to those skilled in the art. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

The terms used in this specification will be briefly described, and the present invention will be described in detail.

While the present invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not limited to the disclosed embodiments. Also, in certain cases, there may be a term selected arbitrarily by the applicant, in which case the meaning thereof will be described in detail in the description of the corresponding invention. Therefore, the term used in the present invention should be defined based on the meaning of the term, not on the name of a simple term, but on the entire contents of the present invention.

When an element is referred to as "including" an element throughout the specification, it is to be understood that the element may include other elements as well, without departing from the spirit or scope of the present invention. Also, the terms "part," " module, "and the like described in the specification mean units for processing at least one function or operation, which may be implemented in hardware or software or a combination of hardware and software . In addition, when a part is referred to as being "connected" to another part throughout the specification, it includes not only "directly connected" but also "connected with other part in between".

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

1 is a diagram showing a basic structure of a thing Internet. As mentioned earlier, many devices connected via the Internet create various kinds of information and transmit them to other devices. In this process, the information about the user's privacy is particularly sensitive, so it needs to be protected in particular. In addition, the privacy of the user, as well as the privacy of the device providing the service, needs to be protected as well.

Fig. 2 is a diagram showing the structure of an object Internet system using a capability token (token). Fig.

Considering its characteristics, access control should be done in a way that is different from existing communication environment. First, unlike the existing communication environment, the object Internet interacts in a short time and the same request can be frequently performed. Second, even if the same request is repeated in the Internet of things, the management, analysis and authorization process of resources and services for communication are not fixed but may vary depending on the surrounding situation. Therefore, in the Internet of things, it is necessary to control access in consideration of scalability in an open and wide-scale computing environment, management problems between devices, and flexible authorization delegation.

Prior to describing a method of using the qualification token shown in FIG. 2, a qualification-based access control method will be described first. The entitlement-based access control method is a method in which an accessing entity holds access rights to an object. The subject presents his / her qualifications to the object, and the object provides the service by confirming the qualification. The access rights held by the subject can be delegated or discarded, and the delegated subject (ie, the delegatee) can access the object through the delegated authority. These qualification-based access control schemes are named as CapBAC (Capability Based Access Control). In the following, the qualification-based access control is described using SAML / XACML (Security Assertion Markup Language / extensible access control markup language).

Next, an access control method using a qualification token will be described. The structure of the object Internet system of FIG. 2 collects and processes data from the service domain area 240 and the service domain area 240, which are devices (or service providers) that generate substantial information, , 233, and 234, respectively. The gateway 210 may be referred to as a CapSG (Capability Service Gateway) in that it is a gateway in a manner using a qualification token.

Here, the concept of 'token' is further explained. A token is a unit of specific information or character string used for controlling a connection in a network, and a subject to which a token is assigned (or acquired) may be understood to have access rights.

The gateway 210 collects information on the resource data and the service from the devices in the service domain area 240 and manages the resource data in the resource data DB (220). The gateway 210 issues and manages tokens for authentication and access control to users requesting resource services, and manages tokens delegates. The users request a resource service using the allocated token (211, 212, 213), and the gateway 210 processes and provides the requested service among the resource services managed by the user.

According to an exemplary embodiment of a method for using a credential token, users access the service using a Certificate and Capability (or C & C) token containing authentication and access rights. Users who are authenticated using the qualification token can receive the desired resource service using the qualification token. Such a qualification token may be initially allocated from the gateway 210 and may be delegated to another user. If the delegated token is valid, the delegatee may also be provided with the appropriate resource service and reassigned to another user.

FIG. 3 shows the structure of the CaC token according to the embodiment of the present invention in detail. The authentication and qualification token 310 (i.e., the CaC token) shown in FIG. 3 includes an authentication token 322 that contains authentication information for the user and a qualification token 324 that contains information for controlling access to the resource service And has an XML document format.

Here, the qualification token 324 includes the token information 332 and the service token information 334, which are first described with reference to FIG. 4 for the token information 332. The portion of the token information 332 in the authentication and qualification token 310 includes a token number for a token, a signature algorithm, and a hash algorithm. Upon issuance or renewal of the authentication token, The token number and the signature algorithm are used to generate the signature. In addition, the token information 332 includes information for managing the validity period of the token including the validity condition, and managing the case where the validity period is exceeded or the token is revoked by the user. Furthermore, the token information 332 may include information on the TrlUri so that the token related data may be transmitted to the server and managed.

Next, the service token information 334 will be described with reference to FIG. The service token information (334) portion is a portion indicating an actual qualification token that can access each service. The service token information portion 334 allows the token to be distinguished through information on a service token ID, a domain name, and a condition. The service token information portion 334 also defines a service that can be accessed using a token including information on a service type, a version, a descriptor, and Uri.

The service token information 334 also includes information about the issuer token number (IssuerTokenNumber), the parent token number (ParentsTokenNumber), the delegatable, the delegation max count (DelegateMaxCnt) do. At this time, the issuer token number means the token number of the initial issuer of the token, and the parent token number means the token number of the mandator who has delegated the token to the delegator. If the delegation status is '1', it means that delegation is possible, and when it is '0', it means that delegation is impossible. The delegation maximum count value indicates the maximum number of times the user can delegate the token, and 'Dept' indicates the number of times the token can be re-delegated from the initial issuer.

The portion of the service token information 334 also includes information related to validation and also includes information for discarding the token if the validity period determined by the authorization has passed. The parts related to approval and disposal may be similarly applied to those described in Fig.

Figure 6 is a diagram that defines a privacy structure when a qualification token is used in accordance with the proposed embodiment. In Fig. 6, the privacy defined in relation to the qualification token of the structure described in Figs. 3 to 5 will be described.

First, the privacy 610 for the qualification token is divided into a user privacy 615 and a resource privacy 620. The user privacy 615 is defined not only to not expose the user's information from the user's point of view using the credential token but also to be able to grasp the flow of the credential token issued by the specific subject.

The user privacy 615 is divided into owner privacy 625, which is a token creator, and mandator privacy 630, which uses the token. The owner privacy 625 is defined 655 to protect the information by applying at least one of a hash and an encryption scheme to the data (640) in order not to expose (640) the owner (self) information contained in the qualification token. At the same time, according to the owner privacy 615, if the entitlement token is delegated to another user by the owner, the owner must be able to identify information about the delegatee and to determine and control the flow of the entitlement token.

The delegator privacy 630 is defined 645 to determine whether the delegator's information and the token are re-delegated from the perspective of the delegator who is delegated to the token and does not expose information about the delegator 645 so that at least one of the hash and cryptographic techniques (660). According to the authorizer privacy 630, the information of the authorizer can be protected similarly to the creator of the token's temporary token, and re-entrustment is also defined not to be exposed.

Next, the resource privacy 620 will be described. Resource privacy 620 refers to privacy in terms of resource services provided to a user. The resource privacy 620 is defined 635 to not expose the storage location of the resource data when the user using the qualification token exposes the location of the resource data, and may apply a hash to the resource data to protect the device providing the resource service (650, 665).

Next, in FIG. 7 and FIG. 8, the owner privacy 625 and the mandatory privacy 630 in the privacy structure described in FIG. 6 will be described in detail.

As described above, according to owner privacy (625), the owner of the qualification token must be able to hide his or her information contained in the qualification token and be able to verify the user information of the person to be delegated to the token it delegates. Also, the owner of the credential token should be able to query who his / her credential token has been delegated to, and if not, be able to discard the credential token.

Figure 7 illustrates the process of delegation and re-delegation to other users when a qualification token is first issued. In order to explain the owner privacy 625, the qualification token is simplified to include only information of 'ServiceTokenID', 'IssuerTokenNumber', 'Parents TokenNumber', 'Delegatable', 'DelegateMaxCnt' and 'Dept' Respectively.

In FIG. 7, A (715) receives a qualification token having a ServiceTokenID of 'xxxxxx' from the resource manager 710 as the owner of the qualification token. At this time, 'Delegatable' value is '1', indicating that the qualification token can be delegated, 'DelegateMaxCnt' value is '5', and 'Dept' value is 2. A 715 delegates the issued token to aA 720, aB, aC, and aD, respectively. At this time, A (715) can set the 'Delegatable' value and the 'DelegateMaxCnt' value. However, the value of 'DelegateMaxCnt' can not input a number larger than the value assigned by the resource manager 710 itself. Then aA (720), aB, aC, and aD users reign the xxxxxx tokens, respectively.

In this scenario, the owner A 715 of the credential token collects the qualification tokens with the 'ServiceTokenID' of 'xxxxxx' and the 'IssuerTokenNumber' of 'A' when confirming the flow for the qualification token 'xxxxxx'. Then, A 715 collects the qualification tokens having the same 'ParentsTokenNumber' as 'A', collects the same qualification tokens (ie, 'xxxxxx') previously collected by 'ServiceTokenID' among the collected tokens It is organized. Once the connection relationships between the issued qualification tokens are determined in this manner, the final result is passed to A 715.

When aA (720) or aB also checks the flow of the credential token that he has delegated, the first 'ParentsTokenNumber' collects his own qualification tokens.

The subject delegating the credential token controls the delegation of the credential token through the value of 'DelegateMaxCnt', which indicates the maximum number of delegations, and 'Dept', the maximum number of delegations. At this time, the 'Dept' value is set in the initial owner's credential token and can not be set afterwards, and the value is decreased by 1 each time the delegation proceeds. If any of the three values 'Delegatable', 'DelegateMaxCnt', and 'Dept' are 0, then the credential token can no longer be delegated. As described above, the owner of the qualification token can control the flow of the qualification token that it has delegated to.

Next, a process of protecting the privacy of the delegator will be described with reference to FIG. In order to protect the delegator's privacy, the delegate must know about the immediate superior who delegated his qualification token to him, but he should not know that the superior delegated from another subject and re-delegated to him. Accordingly, the privacy policy for achieving the delegator protection can be defined as follows. First, the delegate can check only his ParentTokenNumber. Second, the delegate can not distinguish whether the qualification token is delegated or re-delegated. Third, the delegate can not know whether or not the qualification token is delegated.

Figure 8 shows the entitlement token flow in accordance with this mandatory user privacy policy. The qualification token has been delegated from the initial owner A to the aaaA user through delegation and reign. At this time, aaaA can know from 'ParentsTokenNumber' that the entitlement token 'xxxxxx' is entrusted from the aaA user. However, since the 'IssuerTokenNumber' value is encrypted due to user privacy as described in FIG. 6, the aaaA user does not know that the initial owner of the qualification token is A. Also, aaAA can not verify that an aaA user has been delegated a credential token or who has been delegated. That is, aaaA can not distinguish whether the entitlement token to which it has been assigned has been first delegated or reassigned.

The aC user also does not know the information about the users of aA, aB, and aD who are entrusted with the qualification token from A along with him, nor does it know that A is the initial owner. Similarly, the adA user does not know that the first owner of the qualification token is A, nor does the adbA user know that his or her entitlement token has been re-delegated from aD. By applying such a delegator privacy policy, the delegator can access the system with minimal information.

9 is a flowchart showing an operation method for ensuring resource privacy in the proposed privacy structure. For resource privacy, the information and the data storage location of the device providing the resource service should not be exposed. To this end, in the proposed embodiment, a hash function is applied to the resource service data as described with reference to FIG.

On the other hand, 'REST (Representational State Transfer)' is applied as a rule for organizing and transmitting information between devices in the Internet environment of objects. REST refers to a combination of rules that organize and transmit information on the Internet, and is a form of software architecture for distributed hypermedia systems, not communication protocols or standards. According to REST, the type of service provided between a client and a server in a network is hierarchical, for example, "groups / groupid / member / sensor".

The advantage of REST is that it is possible to service without configuring a separate service for each device, and to configure and provide services without belonging to a specific language. However, since there is no standard specification for the design and configuration, the architecture may be different for each service, and accordingly, the service implementation method may be changed to increase the complexity of the system.

On the other hand, since there are various services in the object Internet environment, a service having a unique URI (Uniform Resource Indicator) based on REST is not an efficient configuration. In addition, a hierarchical URI can be intuitively predicted as to what function it provides, so there is a danger that it can be attacked from an unauthorized subject.

Therefore, an operation method for ensuring resource privacy according to the embodiment will be described below. FIG. 9 shows a series of processes in which an authorized user 902 is provided with a resource service by referring to the resource service registered in the service provider 908. FIG.

The service provider 908 providing the resource service generates a resource service for providing predetermined information by utilizing the collected data or the device control service. Then, the service provider 908 issues an ID to the created resource service and matches with the created resource service, and transmits the ID to the network entity managing the resource service, and registers the ID in the service list (S910). In this process, the service provider 908 may request that the resource management module 906 update the list of resource services managed by the resource management module 906 as well.

2, and the gateway may be configured to include the token management module 904 and the resource management module 906 shown in FIG. On the other hand, the network entity including the token management module 904 and the resource management module 906 receives the ID matched with the information about the resource service from the service provider 908, and stores it in the resource management module 906 do.

Then, the authorized user 902 or the user terminal requests a qualification token for accessing the resource service to be used from the resource service list registered by the service provider 908 (S915). This process may be understood as a process in which the authorized user 902 transmits a message requesting a specific resource service to the resource management module 906 of the gateway.

The resource management module 906 included in the network entity transmits information about the resource service requested by the authorized user 902 to the service provider 908 and the service provider 908 transmits the information about the resource requested by the authorized user 902 Approve or reject services. If so, the service provider 908 encrypts the resource service ID value with the private key using the encryption algorithm information of the authorized user 902, and stores the encrypted result in the resource service-URL mapping table (S925). Accordingly, the service provider 908 enables the authorized user 902 to utilize the resource service provided by the user. Then, the service provider 908 delivers a signal to the resource management module 906 of the network entity to notify that the resource service requested by the authorized user 902 has been approved.

On the other hand, if it is permitted to provide the resource service to the authorized user 902, the token management module 904 in the network entity updates the entitlement token of the resource service approved by the service provider 908, (S935). That is, the token management module 904 in the network entity issues an entitlement token for the resource service to the authorized user 902 through association with the resource management module 906.

When the qualification token is issued, the authorized user 902 requests the resource service from the token management module 904 using the qualification token (S940). In this process, the authorized user 902 may transmit the information about the encrypted resource service with the authentication token to the token management module 904 using the authentication key information and the authentication key.

The token management module 904 of the network entity checks whether the qualification token issued for the resource service is valid by analyzing the requested resource service with reference to the service token information included in the qualification token of the authorized user 902 (S945 ). Specifically, the token management module 904 updates the service token information after confirming that the qualification token is valid for the resource service by referring to the forgery or falsification of the requested public key, the validity period, the revocation list and the like. The token management module 904 then decrypts the information about the encrypted resource service using the authentication key (or private key) of the authorized user 902 so that the token management module 904 decrypts the information about the resource service requested by the authorized user 902 .

Finally, the token management module 904 transfers the resource service identified through the URI mapping table to the resource management module 906 (S950). The resource management module 906 notifies the authorized user 902 of the resource service (S955).

Tables 1 to 4 below illustrate some of the series of processes described in FIG. 9 by a program procedure. First, Table 1 shows a process (S910) of the service provider 908 registering a resource service in the resource management module 906. [

* RS: Resource service object
LOOP
RSid = RS.createid ();
IF RS, Exists (RSid) THEN
Continue;
ELSE
RS.Store_ResourceServiceList (RSid, ResourceInfo);
END IF:
END LOOP;

Table 2 below shows a process in which the service provider 908 requests the resource management module 906 to update the list of resource services managed by the resource management module 906.

* RS: Resource service object
* Cert: Certificate object
* RSList: Resource Service List Object
RSList = RS.getResource_ServiceList ();
RSi = RSList.getId (i);
KeyPare = Cert.getKeyPare ();
RS.RequestRS (RSi, KeyPare);

Table 3 below shows a series of processes (S925 and S930) in which the service provider 908 approves the resource service requested from the authorized user 902 and registers it in the mapping table.

* RS: Resource service object
RSObject [] = RS.getRequestRSList ()
LOOP
IF RSObject [i]! = EOF THEN
IF RS.Agree (RSObject [i]) THEN
_RSid = RSObject [i] .getRSid ()
_Keypare = RSObject [i] .getKeypare ()
LOOP
_EncryptRS = RS.setEncrypt (_RSid, _Keypare)
IF RS.ExistsMatrix (EncryptRS) THEN
Continue;
ELSE
RS.Store_ResourceMatrix (_RSid, _EncryptRS)
END IF
END LOOP
END IF
END IF
END LOOP
RETURN _

Table 4 below shows a process in which the authorized user 902 requests the resource service (S940).

* RS: Resource service object
* CnCToken: C & C service token object
* ServiceToken: Token access control module service token object
RS.requestRS (RSToken, CnCToken.Cert)
IF ServiceToken.classify (RSToken) THEN
IF ServiceToken.validity (RSToken) THEN
RSToken = ServiceToken.updateRSToken (RSToken)
Keypare = CnCToken.getKeypare ()
DecryptRS = RS.Decrypt (Keypare, RS.EncryptRS)
IF RS.MatrixMapping (RS.getRSMatrix (DecryptRS)) THEN
RSuri = RS.getRSuri (RSid);
RETURN RSToken.Service;
IF END
IF END
IF END

9 are only examples for implementing the process described in FIG. 9 with a program, and the process illustrated in FIG. 9 may be implemented in various forms and methods other than the program language of Tables 1 to 4.

FIG. 10 is a diagram specifically explaining resource privacy in the proposed privacy structure.

10, the authorized user 902 encrypts and transmits various pieces of information (for example, 'ServiceTokenID', 'Uri', 'IssuerTokenNumber', etc.) for service provision in the process of requesting the resource service . Accordingly, the receiving side needs an additional analysis process for decrypting the encrypted information. However, the URI is advantageous in that the URI is registered when the resource service is registered and the burden of compiling the system is reduced, as compared with the conventional REST method.

Meanwhile, according to the service provision method based on the REST method described above, there is a security vulnerability due to the disclosure of the URI information of the service. On the other hand, according to the qualification token scheme according to the proposed embodiment, both user privacy and resource privacy are protected. Even if the unauthorized user obtains the information of the resource service, the information of the source URI is encrypted (1010, 1020, 1030) Information can not be deduced. Accordingly, the security of the resource service can be enhanced through the URI-resource service mapping table managed by the resource management module 906 of the network entity (or the gateway that provides the resource service).

11 is a diagram showing a configuration of a network entity operating according to the proposed embodiment. In FIG. 11, a configuration of a network entity operating according to the above-described embodiments is described. Even if a detailed description is omitted, the embodiments described above with reference to FIGS. 1 to 10 may be applied equally or similarly.

The network entity 100 may operate in conjunction with the user terminal 150 and the service provider 160, and in one embodiment may be a gateway that provides resource services. The network entity 100 according to an embodiment is configured to include a transceiver 110, a processor 120 and a memory 130. The network entity 100 may implement the above-described functions And may further include the following configurations.

The transmitting and receiving unit 110 of the network entity 100 includes a transmitting unit 112 and a receiving unit 114 and is connected to the processor 120 to transmit and receive signals to the user terminal 150 and the service provider 160 . The transmitting and receiving unit 110 may transmit and receive a radio frequency (RF) signal to communicate wirelessly with the user terminal 150 and the service provider 160 and may communicate with the service provider 160 through a wired network .

The processor 120 is operatively connected to the transceiver 110 to control the process of transmitting and receiving signals by the transceiver 110. Specifically, the processor 120 performs various processes on a signal to be transmitted, And the receiving unit 114 performs various processes on the received signal. Further, the processor 120 may store information, data, and the like included in the transmitted and received messages in the memory 130. [

Meanwhile, the processor 120 is implemented to include a token management module 122 and a resource management module 124. [ The token management module 122 is responsible for the overall processing of the qualification token, including issuing, storing, delegating, managing, and revoking the qualification token. In one example, the token management module 122 issues and updates a qualification token for an authorized resource service to the user terminal 150, and determines the validity of the qualification token for the requested resource service from the user terminal 150 . Further, the token management module 122 delivers information of the requested resource service to the resource management module 124 when it is determined that the qualification token is valid. That is, the token management module 122 performs all the tasks related to the qualification token to provide the resource service to the user terminal 150. [

Next, the resource management module 124 takes charge of the overall processing of the resource service to be provided to the user. For example, when the service provider 160 requests registration of the resource service, the resource management module 124 registers and manages information on the requested resource service in the resource service list to be provided to the user terminal 150. When the resource management module 124 receives the request for the specific resource service from the user terminal 150, the resource management module 124 transmits to the service provider 160 whether or not to approve the requested resource service, Such as providing a resource service to be managed by the service provider.

The processor 120 according to the exemplary embodiment may be referred to as a controller, a micro controller, a microprocessor, a microcomputer, or the like. Meanwhile, the processor 120 may be implemented by hardware or firmware, software, or a combination of one or more of the foregoing. (DSP), digital signal processing devices (DSPDs), programmable logic devices (PLDs), and the like may be used to implement embodiments of the present invention using hardware, , Field programmable gate arrays (FPGAs), and the like may be provided in the processor 120.

The memory 130 is coupled to the processor 120 to store operating systems, applications, data, programs, and general files.

On the other hand, the above-described method can be implemented in a general-purpose digital computer that can be created as a program that can be executed in a computer and operates the program using a computer-readable medium. Further, the structure of the data used in the above-described method can be recorded on a computer-readable medium through various means. Program storage devices that may be used to describe a storage device including executable computer code for carrying out the various methods of the present invention should not be understood to include transient objects such as carrier waves or signals do. The computer-readable medium may comprise a storage medium such as a magnetic storage medium (e.g., ROM, floppy disk, hard disk, etc.), optical readable medium (e.g., CD ROM, DVD, etc.).

In the above, a method of using the qualification token is proposed in the process of accessing the resource service. In addition to defining the qualification token structure itself, it is also possible to define owner privacy and resource privacy to use the qualification token so that the location of the qualification token owner and the data storage location can be secured while providing the resource service. Respectively. Through this embodiment, it is possible to minimize the possibility of unnecessary information leakage and privacy violation that may occur in the access system using the qualification token.

It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.

The scope of the present invention is defined by the appended claims rather than the detailed description and all changes or modifications derived from the meaning and scope of the claims and their equivalents are to be construed as being included within the scope of the present invention do.

Claims (12)

A method for providing a service to a user equipment (UE) in a network of Internet of Things (IoT) environment,
Receiving a qualification token request from the UE for receiving a service previously registered in the network entity;
Assigning a qualification token for using the service to the UE if the UE is authorized to provide the service;
Receiving a qualification token comprising encrypted service information from the UE;
Comparing the received qualification token with the assigned qualification token to determine whether the received qualification token is valid for the service; And
And providing the service to the UE. The method according to claim 1,
Wherein the encrypted service information is encrypted using an authentication key of the UE, and the network entity decrypts the encrypted service information to identify the requested service. The method according to claim 1,
The service providing method includes:
Further comprising the step of inquiring, by the service provider providing the requested service, whether to provide the service to the UE when the request for the qualification token is received from the UE. The method according to claim 1,
Wherein the credential token can be delegated or re-delegated to another UE, and the identification information of the UE is encrypted when the qualification token is re-delegated. 5. The method of claim 4,
Wherein the other UE can not distinguish whether the qualification token is delegated to itself or re-delegated. The method according to claim 1,
Wherein the credential token comprises information about at least one of a validity period of the qualification token, a revocation date, a cryptographic algorithm, a qualification token ID, a delegator token number, a re-delegation status, a maximum delegation count and a delegation maximum level. Way. A network entity for providing a service to a user equipment (UE) in an Internet of Things (IOT) environment,
A transmission / reception unit;
Token management module; And
A resource management module,
Wherein the transceiver receives a request for a qualification token for receiving a service previously registered in the network entity from the UE,
Wherein the token management module allocates a qualification token for using the service to the UE when the token management module is authorized to provide the service to the UE,
Wherein the transceiver receives a qualification token including encrypted service information from the UE,
Wherein the token management module compares the received qualification token with the assigned qualification token to determine whether the received qualification token is valid for the service,
Wherein the resource management module provides the service to the UE. 8. The method of claim 7,
Wherein the encrypted service information is encrypted using an authentication key of the UE and the network entity decrypts the encrypted service information to identify the requested service. 8. The method of claim 7,
The resource management module includes:
Wherein when the transmitter / receiver receives the request for the qualification token from the UE, the network entity inquires of the service provider providing the requested service whether to provide the service to the UE. 8. The method of claim 7,
Wherein the credential token can be delegated or re-delegated to another UE, and the identity of the UE is encrypted when the credential token is re-delegated. 11. The method of claim 10,
Wherein the other UE is unable to distinguish whether the qualification token is delegated to it or re-delegated. 8. The method of claim 7,
Wherein the credential token comprises information about at least one of a validity period of the qualification token, a revocation date, a cryptographic algorithm, a qualification token ID, a mandator token number, a re-delegation, a maximum number of delegations and a delegation maximum level. .

Images