KR20190115515A - AUTHENTICATION METHOD AND SYSTEM OF IoT(Internet of Things) DEVICE BASED ON PUBLIC KEY INFRASTRUCTURE - Google Patents

Abstract

The present invention relates to a method and a system for authenticating a public key infrastructure (PKI)-based Internet of things (IoT) device, which can fundamentally solve problems of IoT devices, such as communication security and hacking, but can also provide an authentication scheme specialized in IoT devices, thereby ensuring reliability of a maintenance system for IoT devices. According to the present invention, provided is the method for authenticating an IoT device, which comprises: an initial authentication information assignment step of initially assigning authentication information composed of an authentication argument group including a public key infrastructure (PKI) to an IoT device; an authentication argument for initial registration storage and registration step of extracting an authentication argument for initial registration from authentication arguments included in the authentication argument group to store and register the same in a storage server via a communication server; a certificate updating step of extracting an authentication argument for creating a certificate from the authentication arguments included in the authentication argument group to create and update a certificate based on the authentication argument for creating a certificate; a certificate registration request step of requesting registration of an authentication argument with regard to the IoT device among the authentication arguments included in the authentication argument group, and a certificate generated in the certificate updating step to a communication server; and an authentication information authentication step of checking the requested certificate with regard to the authentication argument for initial registration stored in the storage server to store a new authentication argument for the corresponding IoT device in a storage server.

Description

PKI based IoT device authentication method and authentication system {AUTHENTICATION METHOD AND SYSTEM OF IoT (Internet of Things) DEVICE BASED ON PUBLIC KEY INFRASTRUCTURE}

The present invention relates to a PKI-based IoT device authentication method and authentication system, and more particularly, to effectively solve communication security and hacking problems through an effective encryption and forgery prevention system, and to provide an authentication system specialized for IoT devices. The present invention relates to a PKI-based IoT device authentication method and authentication system that can provide reliability for the maintenance system of the IoT device.

As the application of the Internet of Things (IoT) has been expanded, it is required to strengthen the level of information protection of communication between things or devices, and these security issues are becoming an important task.

In communication between devices in the IoT field, mutual authentication for recognizing each other between devices is mainly performed by a radio frequency encryption sink / control method and a Bluetooth method. The following problems exist in that both use a specific radio frequency band.

When not only mutual authentication between IoT fields and devices, but also need to recognize and recognize mutual equipment, devices, or users and users in a specific object, communication, etc. field, the communication means is required to maintain security status in a communication situation. Wired and wireless communication, or wired and wireless network methods should be used, but generally, phenomena and problems such as hacking and deprivation cannot be fundamentally solved.

In addition, in the case of using a specific frequency band, communication between devices is performed in this frequency band either temporarily or assigned to the device itself, and the control data itself may be encrypted and decoded according to the characteristics between devices. As a result, due to this process, a fine time lag (time loss) may occur in the control speed, which may cause a malfunction. As the transmission / reception distance increases, such an error may occur easily.

In addition, because the frequency band is used, hacking through the frequency is possible. In other words, if a malicious user is caught by interfering with another device through a specific frequency band, the control right cannot be passed to the user. In addition, even if there is no malice, it is not possible to completely rule out malfunction errors caused by frequency interference.

Meanwhile, in the wireless method using Bluetooth, first, IoT mutual authentication of the Bluetooth pairing method has a similar problem as that of the wireless channel method. In particular, the Bluetooth signal has a relatively shorter transmission / reception distance compared to the wireless method, and has a strong straightness, so that it is impossible to recognize each other in a large space or more than 10 meters away. If more than one of them exist in the same space, signal interference occurs easily. Second, Bluetooth is known to have less interference and higher security performance than the existing radio frequency band, but actually has a problem similar to that of using a radio frequency band. In particular, it is very easy to hack a pattern that intercepts authority when Bluetooth short-circuit occurs, and it is not too difficult to obtain authority by remotely operating the pairing code itself. Thus, in some respects it is much more vulnerable than using the radio frequency band. Third, Bluetooth-based device mutual authentication has the advantage of being able to transmit a large amount of data more quickly than using a radio frequency band, and thus has been mainly used as a mutual authentication and recognition method among small audio devices or digital devices. However, in the case of the existing electronic authentication and electronic security, it maintains a centralized security system based on a maximum of 256 bytes, which makes it vulnerable to hacking and consumes huge costs for system operation and management.

In addition, low power wide area networks (LPWANs), which are involved in IoT-based communication between things, use ISM (Industrial, Scientific, Medical), a license-free frequency band, mainly to reduce communication costs. . In this case, too, communication security is vulnerable in that it is very limited to widen the application field.

In addition, since the conventional communication management system between things is basically operated by the central server, the server management cost increases, which puts a heavy burden on the consumer, and since the central server becomes a sure target point for hacking, the risk of hacking is always inherent. In addition, the burden and cost for defending hacking is also inevitably high, and in this part, there is a problem that is a big burden for the consumer or service provider.

On the other hand, as an example of a smart IoT device, with the recent introduction of a smart grid system (smart grid system), a smart meter device that is an IoT device for recording the power consumption of the user and transmit the corresponding data to the meter reading server The spread and application of) is increasing. However, if there is no authentication method that can trust these smart meters, users will not only be distrusted by the power provider's billing, but they will also pose a serious threat to the security of the smart grid system itself, ensuring trust in the system itself. There is a problem.

Due to the problems of the existing security authentication system mentioned above, a new method of electronic authentication and security implementation alternatives is emerging rapidly, and in particular, research on the authentication and security system suitable for IoT devices is needed.

In other words, if there is no trusted authentication scheme for various IoT devices participating in the network, if an unauthorized device connects to the network and steals important information or transmits false information, threats in the overall IT service may occur. There is a need for an authentication method that can identify IoT devices and determine their authenticity.

In addition, in the existing PKI system, the certificate registration process and renewal are cumbersome, but as a very important part, installing and renewing the private key and certificate in the IoT terminal using the existing method has practical difficulties and inefficiencies in actual operation. Therefore, there is a need for an effective authentication method specialized for IoT terminals.

(Document 1) Republic of Korea Patent Publication 10-1372719 (Mar. 19, 2014) (Document 2) Republic of Korea Patent Publication 10-1478902 (2015.01.05. Notification) (Document 3) Republic of Korea Patent Publication 10-1678795 (announced on 22 November 2016) (Document 4) Republic of Korea Patent Publication No. 10-0431210 (announced May 12, 2004)

Accordingly, the present invention for solving the above-described problems, not only fundamentally solve the communication security and hacking problem through an efficient encryption and forgery prevention system, but also can provide a specialized authentication system for IoT devices Its purpose is to provide a PKI-based IoT device authentication method and authentication system that can ensure the reliability of the system's maintenance system.

In addition, the present invention can provide a smart meter that secures an authentication scheme and a security scheme, and accordingly, another object of the present invention is to provide an authentication method and an authentication system capable of securing reliable security for a smart grid system.

The problems of the present invention are not limited to those mentioned above, and other problems not mentioned will be clearly understood by those skilled in the art from the following description.

According to an aspect of the present invention for achieving the objects and other features of the present invention, granting the first authentication information for initially giving the IoT device authentication information consisting of a group of authentication agents including a public key infrastructure (PKI) step; A first step of storing and registering the first and second registrations of the authentication mediators included in the group of authentication mediators and storing and registering the authentication mediator for initial registration in a storage server through a communication server; A certificate updating step of extracting an authentication medium for generating a certificate from among the authentication mediums included in the authentication medium group, and generating and updating a certificate based on the authentication medium for generating the certificate; A certificate registration request step of requesting a communication server to register a certificate seller associated with an IoT device among the certificate brokers included in the group of certificate brokers and a certificate generated in the certificate renewal step; And an authentication information authentication step of storing the new authentication agent for the corresponding IoT device in the storage server by checking and checking the requested certificate for the initial registration authentication agent stored in the storage server. An IoT device authentication method is provided.

In one aspect of the invention, the initial group of authentication individual includes a unique ID (ID), a private key, and a public key having a unique number of the IoT device, the initial authentication information The granting step may be performed by mounting the unique ID, private key, and public key in the secure storage area of the corresponding IoT device.

In one aspect of the present invention, the initial registration authentication agent is a unique ID (ID) and a public key of the initial authentication agent group, the initial registration authentication subscriber storage registration step is the unique registration through the communication server ID and public key or ID and certificate can be stored and registered in the blockchain (blockchain) network that is the storage server.

In one aspect of the present invention, the certificate generation authentication agent is made of the authentication agent for certificate generation consists of the private key of the first group of authentication agents and the public key of the newly generated private key and public key in the IoT device The certificate renewal step may be performed by updating the certificate by signing the newly generated public key with the private key of the first group of certificate buyers.

In one aspect of the present invention, the authentication agent for generating a certificate consists of an N-th (N is a natural number) private key and an N + 1 th public key newly automatically generated in an IoT device. The N + 1th public key may be signed by the Nth private key according to the set rule to periodically generate and update a certificate automatically.

In one aspect of the invention, the predetermined rule may be a predetermined period or may be made of the number of certificate requests in the certificate registration request step.

In one aspect of the present invention, the authentication agent associated with the IoT device in the certificate request step is a unique ID (ID) of the IoT device, the certificate request step is the registration of the unique ID and the certificate through a communication server It is made to make a request, the first authentication authentication agent for registration that is inquired and confirmed with respect to the certificate requested in the authentication information authentication step is the first public key assigned to the IoT device, the new authentication agent is a newly generated public key, The storing of the renewal authentication information is performed by storing the newly generated public key for the IoT device in a block of the blockchain network, which is the storage server, when it is checked that the initial public key matches with the certificate. Can be.

According to another aspect of the present invention, the ID, private key, and public key of each IoT device is initially mounted in the IoT device from the manufacturer manufacturing the IoT device, and the ID and public key of the IoT device are loaded. An IoT device registration step of initially transmitting to a communication server and registering the IoT device for the first time by transmitting and storing an ID and a public key of the IoT device in a blockchain network; After a new private key and a public key are generated from the IoT device equipped with the first private key and the public key, the second public key is signed with the first private key, a certificate is created, transmitted to the communication server, and a new public key registration is requested. Based on the set period or number of authentication requests, the public key among the N + 1st private key and the public key automatically generated by the IoT device is signed with the Nth private key, a certificate is generated, and transmitted to the communication server. Updating an IoT device certificate requesting registration of a first public key; And after the device registration of the IoT device, when the IoT device requests access for authentication, the communication server inquires the public key of the corresponding IoT device stored in the blockchain network and verifies the signature of the IoT device to authenticate the IoT device. There is provided an IoT device authentication method comprising a.

In another aspect of the present invention, the IoT device may be a smart meter that records the power consumption and transmits to the meter reading server.

According to still another aspect of the present invention, an IoT device to which a unique ID, a private key, and a public key are first given during a production process; A communication server for receiving an original unique ID assigned to the IoT device, a private key, and a public key; And a blockchain network configured to receive and store an initial unique ID, a private key, and a public key from the communication server, and to register the IoT device with an initial private key and a public key. The IoT device generates an N + 1 th (N is a natural number) private key and a public key, signs an N + 1 th public key with an N th private key, creates a certificate, and sends the N + 1 to the communication server. Request registration of the first public key, and the communication server inquires the Nth public key of the corresponding IoT device stored in the blockchain when the IOT device requests the registration of the N + 1th public key, and the certificate of the corresponding IoT device There is provided an IoT apparatus authentication system characterized in that the authentication.

According to the PKI-based IoT device authentication method and authentication system according to the present invention provides the following effects.

First, the present invention not only fundamentally solves communication security and hacking problems by using an effective encryption and forgery prevention system, but also can provide an authentication system specialized for IoT devices, thereby securing reliability of the IoT system maintenance system. It can work.

Second, the present invention does not require the role of a complex registration authority (RA) and a certification authority (CA) for issuance of an initial certificate, and it is possible to renew a certificate according to a predetermined protocol, thereby creating a complex certificate. There is no need for procedures, which can simplify the certification process.

Third, in the present invention, the public key is recorded in the blockchain network, which can reliably prevent the forgery, only authorized users can access the information, and through the simple authentication procedure for the public key of the IoT device identified from the blockchain network There is an effect that can be used with confidence.

Fourth, when the present invention is applied to a smart meter, consumers can check the billing data transparently and easily, thereby preventing disputes about electricity bills, the operating company can improve customer reliability It works.

The effects of the present invention are not limited to those mentioned above, and other problems not mentioned will be clearly understood by those skilled in the art from the following description.

1 is a flowchart illustrating a PKI-based IoT device authentication process according to the present invention.
FIG. 2 is a schematic diagram of an advanced metering infrastructure (AMI) of the present KEPCO to describe an embodiment according to the PKI-based IoT device authentication method according to the present invention.
3 is a diagram illustrating a case where an embodiment of a PKI-based IoT device authentication process according to the present invention is applied to an AMI.
4 is a diagram illustrating an update process executed in an IoT device (smart meter) in the PKI-based IoT device authentication process according to the present invention.
5 is a diagram illustrating an authentication process executed in a blockchain in a PKI-based IoT device authentication process according to the present invention.
FIG. 6 is a diagram illustrating a sequence diagram exemplarily illustrating a communication process performed in a PKI-based IoT device authentication process according to the present invention.

Further objects, features and advantages of the present invention can be more clearly understood from the following detailed description and the accompanying drawings.

Prior to the detailed description of the present invention, the present invention may be variously modified and may have various embodiments, and the examples described below and illustrated in the drawings are intended to limit the present invention to specific embodiments. It is to be understood that the present invention includes all modifications, equivalents, and substitutes included in the spirit and technical scope of the present invention.

When a component is referred to as being "connected" or "connected" to another component, it may be directly connected to or connected to that other component, but it may be understood that other components may be present in between. Should be. On the other hand, when a component is said to be "directly connected" or "directly connected" to another component, it should be understood that there is no other component in between.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. As used herein, the terms "comprise" or "have" are intended to indicate that there is a feature, number, step, action, component, part, or combination thereof described on the specification, and one or more other features. It is to be understood that the present invention does not exclude the possibility of the presence or the addition of numbers, steps, operations, components, components, or a combination thereof.

In addition, the terms "... unit", "... unit", "... module", and the like described in the specification mean a unit for processing at least one function or operation, which means hardware or software or hardware and It can be implemented in a combination of software.

In addition, in the description with reference to the accompanying drawings, the same components regardless of reference numerals will be given the same reference numerals and duplicate description thereof will be omitted. In the following description of the present invention, if it is determined that the detailed description of the related known technology may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted.

Hereinafter, a PKI-based IoT device authentication method and authentication system according to an exemplary embodiment of the present invention will be described in detail with reference to the accompanying drawings. In the following description and example of a PKI-based IoT device authentication method and authentication system according to the present invention, a smart meter for recording a power consumption of a user as an IoT device (IoT) and transmitting it to a meter reading server will be described. It will be clear that such IoT devices are not limited thereto.

First, a PKI-based IoT device authentication method according to the present invention will be described in detail with reference to FIGS. 1 to 6. 1 is a flowchart illustrating a PKI-based IoT device authentication process according to the present invention, and FIG. 2 is an advanced AMI (Advanced AMI) for explaining an embodiment according to the PKI-based IoT device authentication method according to the present invention. This is a schematic diagram of metering infrastructure. 3 is a diagram illustrating a case where an embodiment of a PKI-based IoT device authentication process according to the present invention is applied to an AMI, and FIG. 4 is an IoT device (PKI-based IoT device authentication process) according to the present invention. Smart meter) is a view showing an update process executed in a smart meter, Figure 4 is a view showing an authentication process executed in the blockchain in the PKI-based IoT device authentication process according to the present invention, Figure 6 is a PKI based on the present invention FIG. 1 is a diagram illustrating a sequence diagram illustrating an example of a communication process performed in the IoT device authentication process of the IoT.

PKI-based IoT device authentication method according to the present invention, which can be applied to a smart meter as an IoT device (IoT), an overview of AMI (Advanced Metering Infrastructure) employing a smart meter as shown in FIG. Looking at the smart meter (meter in Figure 1) is installed in the user's residential area and transmits the power usage in real time to the data concentrator via a wireless modem (modem in Figure 1), the data concentrator is the meter reading data of the operator The power consumption is sent to the collection server.

PKI-based IoT device authentication method according to the present invention, which can be employed in the above-described AMI, described as an example of applying a smart meter as an IoT device, including the PKI in IoT devices such as smart meters Initial authentication information granting step (S100) of granting authentication information comprising an authentication individual group; Initial authentication certificate for registering the initial registration authentication medium among the authentication medium included in the group of the authentication medium of the first authentication information to pass through the communication server to register the authentication medium for the initial registration stored in the storage server Factor storage registration step (S200); A certificate renewal step (S300) of extracting an authentication medium for generating a certificate from among the authentication medium included in the group of authentication mediums of the first authentication information and generating a certificate based on the authentication medium for generating the certificate; Certificate registration request step (S400) for requesting the communication server to register the authentication agent associated with the IoT device and the certificate generated in the certificate renewal step (S300) of the authentication mediator included in the group of authentication mediator of the initial authentication information (S400) ; And verifying the certificate requested in the certificate registration request step (S400) with the authentication agent for initial registration stored in the storage server and storing a new authentication agent for the corresponding IoT device in the storage server (S500). );

The initial authentication agent group granted in the initial authentication agent group granting step includes a unique ID (ID), a private key, and a public key based on the unique number of the IoT device. The granting of the group of authentication individuals may be performed by being mounted in the secure storage area of the IoT device in the process of manufacturing the IoT device by the manufacturer manufacturing the IoT device (smart meter). As will be described later, the IoT device is equipped with an initial private key and a public key (for example, N (N is a natural number) private key and public key), followed by a general key and a public key (N + 1st private key). And public key) are automatically generated regardless of the previous public key and public key.

In the first registration storage for the authentication subscriber registration step (S200), the first registration authentication subscriber includes a unique ID (ID) and the public key, the first registration authentication subscriber as the storage server through a communication server It will be stored and registered in the blockchain network that ensures high security.

Next, in the certificate renewal step (S300), the authentication agent for generating a certificate may include a private key included in the initial authentication information (first mounted authentication information), and a newly generated private key and public key (in radix expression, the second individual). Key and public key), and thus, the certificate renewal step S300 may be performed by updating a certificate by signing a second public key as the first private key.

Thereafter, the certificate updating step (S300) may be performed to update periodically by creating a certificate by signing the N + 1 th public key with the N th private key according to a preset rule.

In the preset rule for certificate renewal, the period of certificate renewal may be the number of used certificates or a predetermined period (for example, 3 months, 1 year). In this regard, the certificate renewal is usually performed on a PKI basis in a unit of one year or more in consideration of the renewal procedure, which means that renewing a certificate in an existing manner in an IoT device requires administrators to connect to each IoT device for renewal. It is a very complicated and difficult process to do.

In the present invention, the IoT device can automatically generate the N + 1th certificate by automatically signing with the Nth private key, thereby simplifying the existing problem and shortening the period of certificate renewal, thereby significantly reducing the risk of hacking. . In addition, the authentication agent consisting of a unique ID (ID) and a public key of the IoT device (smart meter) as a highly secure storage server as shown in Figure 5 is stored in the form of a transaction in the block of the blockchain network to reduce the risk of forgery and alteration. It can be prevented.

Subsequently, in the certificate request step (S400), the authentication agent associated with the IoT device is made of a unique ID (ID) of the IoT device, and the certificate request step (S400) is a registration of the unique ID of the IoT device and the certificate. Request may be made via a communication server.

Next, the authentication agent for the first registration that is inquired and confirmed about the certificate requested in the authentication information authentication step (S500) is the first public key granted to the corresponding IoT device, and the new authentication agent is the second public key accordingly. Accordingly, when the renewal authentication information storage step (S500) is inquired and confirmed that the first public key given to the IoT device with respect to the certificate is matched, the second public key of the IoT device is stored in the block of the blockchain network as a storage server. In this case, the authentication process for the IoT device is executed.

Referring to FIG. 6, which illustrates an example of a communication procedure between a blockchain network as an IoT device, a smart meter, a communication server, and a storage server for authentication processing of an IoT device, the IoT device (smart meter) The connection request is made, the communication server makes an authentication request (random data to be signed), an IoT device (smart meter) signs the data with a private key, and transmits the data, and the communication server transmits a unique ID (ID) to the blockchain network. ), Request a public key, look up the public key, and verify the signature with the corresponding public key in the communication server to execute the authentication of the IoT device.

In the present invention, unlike the existing database has a disadvantage that takes a long time to query the data for a specific key value in the blockchain environment, when using the smart contract of the Ethereum platform, the communication server is The speed of retrieving the latest status value (public key) of a specific ID is faster, so that authentication through the above process can be easily applied to commercial services.

In summary, the PKI-based IoT device authentication method according to the present invention includes a device registration process of an IoT device, a certificate renewal process of an IoT device, and an authentication process of an IoT device.

In the device registration process of the IoT device, an ID, a private key, and a public key of each IoT device are initially loaded in the IoT device from the manufacturer manufacturing the IoT device, and the ID and public key of the IoT device are installed. It transmits to the communication server for the first time, and transmits and stores the ID and public key of the IoT device in the block chain network in the communication server to register the IoT device for the first time.

Next, the certificate renewal process of the IoT device, while the first private key and public key is mounted on the IoT device, automatically generates a second private key and public key, and by signing the second public key with the first private key Create a certificate and send it to the communication server to request registration of the second public key, and then, based on a preset period or number of authentication requests (e.g., a certain number of times an authentication request is generated for an IoT device, or three months, Preset rules such as a certain period of time, such as one year), the IoT device signs the N + 1th public key among the newly generated N + 1th private and public keys with the Nth private key to create a new certificate. This certificate is transmitted to the communication server, and a request for registration of the N + 1 th public key is included. In short, the N + th private key is used to sign the N + 1th public key, creating a certificate.

In the authentication process of the IoT device, when the IoT device requests access for authentication after device registration of the IoT device, the communication server inquires the public key of the corresponding IoT device stored in the blockchain network and confirms the signature of the IoT device. This is done by completing the authentication.

On the other hand, as a system for executing the PKI-based IoT device authentication process according to the present invention, described collectively from the perspective of a block chain (blockchain network) as an IoT device, a communication server and a storage server, according to the present invention The PKI-based IoT device authentication system includes: an IoT device to which a unique ID, a private key, and a public key are first given during a production process; A communication server for receiving an original unique ID assigned to the IoT device, a private key, and a public key; And a blockchain network configured to receive and store an initial unique ID, a private key, and a public key from the communication server, and to register the IoT device with an initial private key and a public key. The IoT device generates an N + 1 th (N is a natural number) private key and a public key, signs an N + 1 th public key with an N th private key, creates a certificate, and sends it to the communication server. When the IOT device requests registration for the N + 1 th public key, the communication server requests the registration for the N + 1 th public key, and the N th public of the IoT device stored in the blockchain network. The key may be queried and the certificate of the corresponding IoT device may be checked and authenticated.

According to the PKI-based IoT device authentication method and authentication system according to the present invention as described above, not only fundamentally solve communication security and hacking problems through an effective encryption and forgery prevention system, but also a specialized authentication system for IoT devices. It can secure the reliability of the maintenance system of IoT devices, and does not require the role of complicated registration authority (RA) and certification authority (CA) to issue certificates for the first time, The certificate can be renewed according to a predetermined rule, which does not require the complicated procedure of certificate renewal, thereby simplifying the authentication process.

In addition, the present invention has the advantage that the public key is recorded in the blockchain network can be reliably prevented, and the public key of the IoT device confirmed from the blockchain network can be used with confidence through a simple authentication procedure.

The embodiments and the accompanying drawings described herein are merely illustrative of some of the technical ideas included in the present invention. Therefore, since the embodiments disclosed herein are not intended to limit the technical spirit of the present invention, but to explain, it is obvious that the scope of the technical spirit of the present invention is not limited by these embodiments. Modifications and specific embodiments that can be easily inferred by those skilled in the art within the scope of the technical idea included in the specification and drawings of the present invention should be construed as being included in the scope of the present invention.

S100: initial authentication information grant step
S200: registration step for storing the first registration of the authentication
S300: certificate renewal step
S400: Certificate Enrollment Request Step
S500: authentication information authentication step

Claims (10)

An initial authentication information granting step of initially granting the IoT device authentication information consisting of a group of authentication subscribers including a public key infrastructure (PKI);
A first step of storing and registering the first and second registrations of the authentication mediators included in the group of authentication mediators and storing and registering the authentication mediator for initial registration in a storage server through a communication server;
A certificate updating step of extracting an authentication medium for generating a certificate from among the authentication mediums included in the authentication medium group, and generating and renewing a certificate based on the authentication medium for generating the certificate;
A certificate registration request step of requesting a communication server to register a certificate seller associated with an IoT device among the certificate brokers included in the group of certificate brokers and a certificate generated in the certificate renewal step; And
And an authentication information authentication step of storing the new authentication agent for the corresponding IoT device in a storage server by checking and verifying the requested certificate with respect to the initial registration authentication agent stored in the storage server.
IoT device authentication method.
The method of claim 1,
The first group of authentication subscribers includes a unique ID (ID) having a unique number of the IoT device, a private key, and a public key.
The initial authentication information granting step is performed so that the unique ID, private key, and public key are mounted in the secure storage area of the corresponding IoT device during manufacture of the IoT device.
IoT device authentication method.
The method of claim 2,
The initial registration authentication agent is a unique ID (ID) and public key of the initial authentication agent group,
The first step of storing the registration of the authentication individual for registration is characterized in that the unique ID (ID) and the public key is stored and registered in the blockchain (blockchain) network which is the storage server through a communication server
IoT device authentication method.
The method according to claim 2 or 3,
The authentication agent for generating a certificate consists of a public key among a private key of the first group of authentication agents and a second private key and a public key newly automatically generated by an IoT device.
The certificate renewing step is performed by renewing the certificate by signing the newly generated public key with the private key of the first group of certificate purchasers.
IoT device authentication method.
The method according to claim 2 or 3,
The authentication agent for generating a certificate is composed of an N-th (N is a natural number) private key and an N + 1 th public key, which is newly automatically generated by an IoT device.
The certificate renewing step may be performed to automatically generate and renew a certificate periodically by signing the N + 1 th public key with the N th private key according to a preset rule.
IoT device authentication method.
The method of claim 5,
The predetermined rule is characterized in that the predetermined number of times or the certificate request number of the certificate registration request step made of
IoT device authentication method. The method of claim 2,
In the certificate requesting step, the authentication agent associated with the IoT device is a unique ID of the IoT device.
The certificate request step is made to request registration of the unique ID and the certificate through a communication server,
The authentication agent for initial registration, which is inquired and checked about the certificate requested in the authentication information authentication step, is the first public key granted to the corresponding IoT device, and the new authentication agent is a newly generated public key,
The storing of the renewal authentication information is performed by storing the newly generated public key in the corresponding IoT device in the blockchain network which is the storage server when it is checked that the initial public key matches the certificate.
IoT device authentication method.
In the manufacturing process of the IoT device from the manufacturer of the IoT device, the ID, private key, and public key of each IoT device are first mounted on the IoT device, and the ID and public key of the IoT device are first transmitted to a communication server. Registering an IoT device for the first time by transmitting and storing an ID and a public key of the IoT device in a blockchain network in a communication server;
After the new private key and the public key are generated in the IoT device equipped with the first private key and the public key, the second public key is signed with the first private key, a certificate is created, transmitted to the communication server, and a new public key registration is requested. Based on the set period or the number of authentication requests, the N + 1th private key and the public key automatically generated by the IoT device are signed with the Nth private key to generate a certificate and deliver the certificate to the communication server. Updating an IoT device certificate requesting registration of a first public key; And
After the device registration of the IoT device, if the IoT device requests access for authentication, the communication server inquires the public key of the corresponding IoT device stored in the blockchain network and verifies and authenticates the signature of the IoT device; Containing
IoT device authentication method.
The method according to claim 1 or 9,
The IoT device is a smart meter that records the power consumption and transmits to the meter reading server
IoT device authentication method.
IoT devices to which each unique ID, private key and public key are initially given in the manufacturing process;
A communication server for receiving an original unique ID assigned to the IoT device, a private key, and a public key; And
And a blockchain network configured to receive and store an initial unique ID, a private key, and a public key from the communication server.
After the first private key and the public key are assigned and registered for the IoT device, the IoT device generates an N + 1 th (N is a natural number) private key and a public key, and then an N + 1 th as an N th private key. Sign the public key to create a certificate and send it to the communication server to request registration of the N + 1th public key,
When the IOT device requests registration of the N + 1th public key, the communication server inquires the Nth public key of the corresponding IoT device stored in the blockchain, and checks and authenticates the certificate of the corresponding IoT device.
IoT device authentication system.