KR20200063034A - IoT CERTIFICATION SYSTEM BASED ON BLOCK CHAIN - Google Patents

Abstract

Disclosed is an Internet of things (IoT) certification system based on a blockchain which comprises a user terminal and at least one IoT terminal, wherein the user terminal and the at least one IoT terminal form an IoT network, the user terminal and the at least one IoT terminal each store a blockchain, and the blockchain includes a block corresponding to the user terminal and a block corresponding to each of the at least one IoT terminal.

Description

Blockchain based IoT authentication system {IoT CERTIFICATION SYSTEM BASED ON BLOCK CHAIN}

The present invention relates to a blockchain-based IoT authentication system.

The existing IoT environment is vulnerable to DDoS and APT attacks on the central server because IoT device authentication and communication are performed through the central server. These attacks can cause server overload and central server paralysis, which can lead to widespread damages such as inability to service and leakage of personal information from a customer's point of view.

In addition, in order to link IoT devices of other companies, there is a legal problem in terms of providing information to third parties and adding affiliate and server operation costs. Due to these problems, it is difficult to see cases of supporting IoT devices of other companies in the current situation.

Blockchain, also called a public transaction ledger, is a technology that prevents hacking that can occur when trading in virtual currency. In the case of existing financial companies, the transaction records are kept on a centralized server, while the blockchain sends a transaction history to all users participating in the transaction and decentralizes it by using a method to prevent data forgery by contrasting each transaction. Have

For example, blockchain is applied to Bitcoin, a representative online virtual currency. Bitcoin transparently records transaction history in a book that anyone can read, and several computers using Bitcoin verify this record every 10 minutes to prevent hacking. Recently, various coins have been developed and provided to solve the shortcomings of Bitcoin, and various tokens are functioning as cryptocurrencies with the emergence of coins with platform functions.

In addition, various distributed applications (DAPPs) using the cryptocurrency platform are being developed and used, and the utilization of the blockchain is gradually increasing.

The Internet of Things (IoT) means that tangible or intangible objects are connected to each other in various ways to provide new services that were not available. In addition to traditional communication equipment such as computers and mobile phones, various objects such as household appliances and household goods are provided with communication functions and processing functions, so that they can perform various functions.

However, in recent years, security threats such as hacking on IoT systems are increasing, and since IoT systems are closely related to the lives of users, the development of technologies for the safety and privacy of users is required.

The problem to be solved by the present invention is to provide a blockchain-based IoT authentication system.

The problems to be solved by the present invention are not limited to the problems mentioned above, and other problems not mentioned will be clearly understood by those skilled in the art from the following description.

The blockchain-based IoT authentication system according to an aspect of the present invention for solving the above-described problem includes a user terminal and one or more IoT terminals, and the user terminal and the one or more IoT terminals form an IoT network, and the The user terminal and the one or more IoT terminals each store a blockchain, and the blockchain includes a block corresponding to the user terminal and a block corresponding to each of the one or more IoT terminals.

In addition, blocks included in the blockchain may be characterized by being signed by the user terminal.

In addition, a first private key is stored in a first IoT terminal that is one of the one or more IoT terminals, and a first public key corresponding to the first private key is stored in a first block corresponding to the first IoT terminal. It can be characterized by.

In one embodiment, the private key may be protected by storing it in TrustZone of each IoT terminal.

In addition, the system further includes a new IoT terminal to participate in the IoT network, the user terminal authenticates the new IoT terminal, generates a block corresponding to the authenticated new IoT terminal, and the generated Sign the block, connect the generated block to the blockchain, broadcast the generated block to the IoT network, and each of the one or more IoT terminals is generated using the public key of the user terminal If the block is verified and the verification is successful, the generated block can be connected to a blockchain stored in each of the one or more IoT terminals.

In addition, the system further includes an existing IoT terminal that wishes to participate in the IoT network, and each of the one or more IoT terminals stores blocks corresponding to the existing IoT terminals in a blockchain stored in each of the one or more IoT terminals. It is possible to check and verify whether or not, and if the verification of the existing IoT terminal is successful, communication with the existing IoT terminal may be performed.

In addition, the one or more IoT terminals perform synchronization for the stored blockchain, but may perform synchronization based on the longest blockchain signed by the user terminal.

In addition, the system further includes at least one access point used to perform communication between terminals included in the IoT network, and the user terminal performs communication with the access point, and accesses the access point. Through this, it is possible to perform communication with one or more IoT terminals included in the IoT network.

In addition, the system, an AP (Access Point) connected to the one or more IoT terminals; Further comprising, the AP may perform IP exchange with a terminal of the external network through a stun server, and communicate with a terminal of the external network using the exchanged IP.

In addition, when the synchronization attempt by another blockchain longer than the blockchain stored in the one or more IoT terminals is recognized, the one or more IoT terminals determine whether blocks included in the other blockchain are signed by the user terminal. If it is checked and the other blockchain includes at least one block that is not signed by the user terminal, synchronization by the other blockchain may be rejected.

In addition, the system further includes an existing IoT terminal that wishes to participate in the IoT network, and each of the one or more IoT terminals stores blocks corresponding to the existing IoT terminals in a blockchain stored in each of the one or more IoT terminals. If it is checked and verified whether there is a plurality of agreements among the one or more IoT terminals, the existing IoT terminal can participate in the IoT network.

In addition, when the information for the consensus is received from one or more other IoT terminals, the one or more IoT terminals check whether the one or more other IoT terminals are signed by the user terminal, and sign by the user terminal It may be characterized in that the information received from the IoT terminal is not reflected in the agreement.

Other specific matters of the present invention are included in the detailed description and drawings.

The IoT system according to the disclosed embodiment has an effect of increasing the availability of a service while preventing the leakage of personal information inside the IoT system.

In particular, according to the disclosed embodiment, there is an advantage in that an IoT system capable of maintaining security through agreement between devices without a central server is provided. The central server has been the target of DDoS attacks, and there have been inconveniences such as IoT manipulation being impossible due to DDoS attacks.

In addition, by using the user authentication method, there is an advantage of protecting the IoT system from the attack method against the conventional blockchain.

The effects of the present invention are not limited to the effects mentioned above, and other effects not mentioned will be clearly understood by those skilled in the art from the following description.

1 is a block diagram of a blockchain system according to an embodiment.
2 is a flowchart illustrating the operation of a blockchain system according to an embodiment.
3 is a diagram briefly showing a blockchain-based IoT authentication system according to an embodiment.
4 is a diagram illustrating an example of an IoT network and a blockchain used in the IoT network according to an embodiment.
5 is a diagram illustrating a method for a blockchain to defend against external attacks according to the disclosed embodiment.
6 is a diagram illustrating a method of participating a new IoT terminal in an IoT network according to an embodiment.
7 is a diagram illustrating a reconnection method of an IoT terminal according to an embodiment.

Advantages and features of the present invention, and methods for achieving them will be clarified with reference to embodiments described below in detail together with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but may be implemented in various different forms, and only the present embodiments allow the disclosure of the present invention to be complete, and are common in the technical field to which the present invention pertains. It is provided to fully inform the skilled person of the scope of the present invention, and the present invention is only defined by the scope of the claims.

The terminology used herein is for describing the embodiments and is not intended to limit the present invention. In the present specification, the singular form also includes the plural form unless otherwise specified in the phrase. As used herein, “comprises” and/or “comprising” does not exclude the presence or addition of one or more other components other than the components mentioned. Throughout the specification, the same reference numerals refer to the same components, and “and/or” includes each and every combination of one or more of the components mentioned. Although "first", "second", etc. are used to describe various components, it goes without saying that these components are not limited by these terms. These terms are only used to distinguish one component from another component. Therefore, it goes without saying that the first component mentioned below may be the second component within the technical spirit of the present invention.

Unless otherwise defined, all terms (including technical and scientific terms) used in the present specification may be used as meanings commonly understood by those skilled in the art to which the present invention pertains. In addition, terms defined in the commonly used dictionary are not ideally or excessively interpreted unless explicitly defined.

The term "part" or "module" as used in the specification refers to a hardware component such as software, FPGA, or ASIC, and "part" or "module" performs certain roles. However, "part" or "module" is not meant to be limited to software or hardware. The "unit" or "module" may be configured to be in an addressable storage medium or may be configured to reproduce one or more processors. Thus, as an example, "part" or "module" means components, processes, functions, attributes, such as software components, object-oriented software components, class components and task components. Includes procedures, subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, database, data structures, tables, arrays and variables. The functionality provided within components and "parts" or "modules" can be combined into a smaller number of components and "parts" or "modules" or into additional components and "parts" or "modules" Can be further separated.

In the present specification, the computer means all kinds of hardware devices including at least one processor, and may be understood as a meaning encompassing software configurations operating in the corresponding hardware device according to embodiments. For example, a computer may be understood as meaning including, but not limited to, a smart phone, a tablet PC, a desktop, a laptop, and a user client and application running on each device.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram of a blockchain system according to an embodiment.

Referring to FIG. 1, block chain holding servers 10, a management server 20, and user terminals 30 are shown.

In the disclosed embodiment, each of the user terminals 30 records a transaction history based on a preset rule, and the recorded transaction history is recorded in each block and propagated to the blockchain holding servers 10, respectively It is stored and managed on the server.

In the disclosed embodiment, the blockchain holding servers 10 refer to servers equipped with a blockchain that authenticates and records transaction information. In one embodiment, transaction information may mean transaction information based on a virtual currency, but may also mean information on various events performed based on a blockchain, and such transaction information may be transmitted to a blockchain. Is saved.

The virtual currency according to the disclosed embodiment is understood as a concept that collectively refers to all kinds of non-real money whose transaction history is managed through a blockchain such as electronic money and cryptocurrency.

The virtual currency according to the disclosed embodiment may be a separate mainnet and a coin-type virtual currency managed accordingly, or a token-type virtual currency that utilizes other coin infrastructure such as an Ethereum network. It is not limited.

In one embodiment, the virtual currency paid to each of the user terminals 30 is already generated or issued and managed by the management server 20, and can be paid according to the transaction history of each of the user terminals 30 have.

For example, the management server 20 may perform an operation for generating a block storing a transaction history generated between the user terminals 30, and may generate a block through Proof Of Work. According to an embodiment, the management server 20 may receive a predetermined virtual currency generated in exchange for this, and distribute it to the user terminals 30 according to the transaction history of the user terminals 30.

In one embodiment, as the transaction history is recorded by each of the user terminals 30, a virtual currency can be generated and paid to the user terminals 30 according to a preset rule, and mining (mining) of the virtual currency ).

In general, mining of cryptocurrency is performed by one of Proof Of Work (POW), Proof Of Stake (POS) and Proof Of Importance (POI). The above methods are one of the distributed consensus algorithms used to ensure the reliability of the distributed system.

In the disclosed embodiment, the transaction between the user terminals 30 and the payment method according to the virtual currency are performed by a smart contract.

2 is a flowchart illustrating the operation of a blockchain system according to an embodiment.

Referring to FIG. 2, operations of the blockchain holding servers 10 and the management server 20 and the user terminal 31 shown in FIG. 1 are illustrated.

The management server 20 shown in FIG. 2 is a local server connected to a server or a user terminal 31 of a communication company through which the user terminal 31 passes to communicate with the blockchain holding servers 10, or a user terminal 31 ) May mean a server that manages a blockchain-based service, but the management server 20 may be omitted, and the user terminal 31 directly communicates with the blockchain-owning servers 10 to completely decentralize. You can also build a system.

Shown in Figure 2 is for an example of a configuration used in a general blockchain-based service, the form of the system utilizing the blockchain technology is not limited thereto.

In one embodiment, the user terminal 31 provides information to the management server 20, and the management server 20 provides information to the blockchain holding servers 10 when the corresponding information is information to be stored in the blockchain. You can provide that information. Blockchain holding servers 10 can store the information in the blockchain, and in this process, verification of the information based on the blockchain can be made. In this case, only information that has been successfully verified can be recorded on the blockchain.

In addition, the user terminal 31 may provide information to the management server 20 when there is information that requires verification. In this case, the management server 20 can verify this based on the information stored in the blockchain. In this process, the management server 20 obtains information for verifying the information from the blockchain holding servers 10 And, accordingly, verification can be performed. The management server 20 may provide a verification result to the user terminal 31 or provide a service to the user terminal 31 based on the verification result.

Unlike the existing centralized server-based system, such a blockchain system provides a higher security by providing a decentralized distributed processing system, and has the advantage of providing reliability that cannot be manipulated by a specific subject.

In addition, since it functions as a platform that can provide various blockchain-based applications in recent years, its utilization is expected to be even higher.

As an example, a method of applying the concept of a blockchain system to an IoT environment is proposed through this specification. The Internet of Things (IoT) is also called the Internet of Things, and relates to a system that facilitates information exchange and control by providing communication and processing functions to various existing objects.

The existing IoT environment is vulnerable to DDoS and APT attacks on the central server because IoT device authentication and communication are performed through the central server. These attacks can cause server overload and central server paralysis, which can lead to widespread damages such as inability to service and leakage of personal information from a customer's point of view.

In addition, in order to link IoT devices of other companies, there is a legal problem in terms of providing information to third parties and adding affiliate and server operation costs. Due to these problems, it is difficult to see cases of supporting IoT devices of other companies in the current situation.

Accordingly, the development and dissemination of IoT devices is rapidly increasing, but the construction of the IoT environment as a system is slow, and thus the utilization of IoT devices is deteriorating, and the IoT market is also difficult to grow rapidly.

Accordingly, the present invention seeks to solve the problem of cost, stability, and scalability among other companies through a consensus authentication process between distributed and lightweight IoT devices, rather than centralized server authentication. That is, the concept of the blockchain system as described above is applied to the IoT system.

3 is a diagram briefly showing a blockchain-based IoT authentication system according to an embodiment.

Referring to FIG. 3, a user terminal 110 and one or more IoT terminals 120 and 130 are illustrated.

In one embodiment, the one or more IoT terminals 120 and 130 may mean IoT terminals installed in a specific space, but are not limited thereto.

In one embodiment, the user terminal 110 may be a type of the above-described computer, but is not limited thereto. For example, the user terminal 110 may be a user's smartphone, but is not limited thereto.

In one embodiment, the user terminal 110 may obtain information from one or more IoT terminals 120 and 130 and control one or more IoT terminals 120 and 130.

In one embodiment, the user terminal 110 and the above-mentioned IoT terminals 120 and 130 form the IoT network 100, and the user terminal 110 and the above-mentioned IoT terminals 120 and 130 respectively block a blockchain. To save.

In one embodiment, the IoT network 100 is a set of terminals capable of performing intercommunication and functions according to the disclosed embodiment, including a user terminal 110 and IoT terminals belonging to the IoT network 100, and It can be understood as a meaning encompassing a communication network through which the terminals can communicate.

Accordingly, the IoT network 100 manages information on terminals belonging to the IoT network 100, and when a terminal not belonging to the IoT network 100 is newly added, the IoT network 100 is authenticated. ).

In addition, when a terminal not belonging to the IoT network 100 transmits information to the IoT network 100 or requests information from the IoT network 100, it may be rejected, and according to an embodiment, a predetermined authentication procedure Through it may be determined whether the information exchange for the terminal.

According to the present invention, such an authentication process may be performed based on a blockchain mainly having terminals included in the IoT network 100.

In an embodiment, the blockchain stored in the user terminal 110 and the one or more IoT terminals 120 and 130 corresponds to a block corresponding to the user terminal 110 and one or more IoT terminals 120 and 130, respectively. Contains blocks.

Blockchains stored in the user terminal 110 and the one or more IoT terminals 120 and 130 may be different from each other depending on the situation, but in this case, authentication may be performed through agreement between the terminals, and in addition, the user terminal ( Based on the verification by 110), synchronization between terminals can be performed, and external attacks can be prevented.

The details of the configuration of the blockchain used in the IoT network 100 and its usage will be described later.

In one embodiment, the IoT network 100 may communicate with each other through a local network, and may in principle not communicate with a terminal or a server outside the IoT network 100, but according to an embodiment, the user terminal 110 at a remote location ), or may communicate with the external server 200 to obtain necessary information from the external server 200.

For example, the user terminal 110 may obtain information necessary for the IoT network 100 by performing communication with the external server 200. The entity performing the communication is not limited to the user terminal 110.

In one embodiment, the user terminal 110 communicates with the external server 200, but may perform mutual authentication with the external server 200. The authentication method is not limited, but may be performed based on, for example, a certification authority (CA).

In the case of the corresponding embodiment, the user terminal 110 may generate a symmetric key of the user terminal 110 and encrypt the symmetric key with an asymmetric key of the external server 200. The user terminal 110 shares the encrypted symmetric key with the external server 200 and communicates with the external server 200 using the shared symmetric key, thereby securing security during communication with the external server 200. Can be maintained.

4 is a diagram illustrating an example of an IoT network and a blockchain used in the IoT network according to an embodiment.

Referring to FIG. 4, an IoT network 100 according to an embodiment is illustrated. According to the embodiment shown in FIG. 4, the IoT network 100 includes IoT A 110, IoT B 120, IoT C 130, and IoT D 140. In addition, the IoT network 100 may include an AP (Access Point, 102) used to perform communication between IoT A 110, IoT B 120, IoT C 130, and IoT D 140. have. The type of AP is not limited, and all types of wired and wireless communication intermediaries that can be intermediary to perform communication between IoT A (110), IoT B (120), IoT C (130), and IoT D (140) It may include a device.

In one embodiment, the AP may communicate with a terminal of an external network through a stun server. For example, the AP may perform IP exchange with a terminal of an external network through a stun server, and communicate with a terminal of the external network using the exchanged IP.

For example, each IoT terminal may need to receive information from an external server or terminal in order to provide an IoT service, and also, when the user terminal 110 is using an external network (for example, the user goes out. Or the like) may communicate with the user terminal 110 and may need to exchange information.

At this time, instead of continuously exchanging information through the server, the AP transmits the public IP of the AP to the terminal of the external network using the stun server, and receives the information directly from the terminal of the external network using the IP. It is possible.

In one embodiment, IoT A 110 may correspond to the user terminal 110 shown in FIG. 1. In addition, IoT B 120, IoT C 130, and IoT D 140 may correspond to one or more IoT terminals shown in FIG.

In one embodiment, the blockchain 300 is stored in each of IoT A 110, IoT B 120, IoT C 130, and IoT D 140.

Referring to FIG. 4, the blockchain 300 may include a plurality of blocks 310 to 340, and each block is IoT A 110, IoT B 120, IoT C 130, and IoT Each of the D 140 may correspond.

For example, block 310 corresponds to IoT A 110, block 320 corresponds to IoT B 120, block 330 corresponds to IoT C 130, and block 340 May correspond to IoT D 140.

In one embodiment, IoT A (110), IoT B (120), IoT C (130) and IoT D (140), each private key is stored, IoT A (110), IoT B (120), IoT C Blocks 310, 320, 330, and 340 corresponding to each of 130 and IoT D 140 disclose the IoT A 110, IoT B 120, IoT C 130, and IoT D 140, respectively. The key can be stored.

For example, a first private key may be stored in the IoT B 120, and a first public key corresponding to the first private key may be stored in the block 320 corresponding to the IoT B 120.

That is, the block 310 stores the certificate of the IoT A 110, the block 320 stores the certificate of the IoT B 120, and the block 330 stores the certificate of the IoT C 130, Block 340 may store the certificate of IoT D (140).

In addition, each of the blocks 310 to 340 may be signed based on the IoT A 110, that is, the certificate of the user terminal.

In one embodiment, the block chain 300 and the blocks 310 to 340 included in the block chain 300 may be configured according to general blockchain rules and connection relationships, and the specific configuration is not limited. For example, the block 320 may include information about the block 310, but the information may be information encrypted with a hash or the like. Similarly, the block 330 may include information about the block 310 and the block 320, but the information may be information encrypted with a hash or the like. Further, the block 340 may include information on the block 310, the block 320, and the block 330, but the information may be information encrypted with a hash or the like. This is a brief description of a specific configuration as an example, and the configuration and connection relationship of the blockchain 300 is not limited thereto.

Referring to FIG. 4, all blocks included and added to the blockchain 300 must be signed by a user terminal (ie, IoT A, 110), which means that a new block is added to the blockchain 300 is a user terminal It may mean that you must have permission from (110). On the other hand, agreement between the terminals included in the blockchain 300 can be performed without the user terminal 110, for example, the user terminal 110 is treated as one of the terminals included in the blockchain 300 However, in the consensus process, only the influence as one terminal may be exerted.

This enables the consensus of the blockchain 300 even in the absence of the user terminal 110, and similarly has the advantage of enabling quick consensus even in the absence of some terminals. On the other hand, blocks that are not signed by the user terminal 110 cannot be added to the blockchain 300, and thus, forgery of the blockchain 300 can be prevented from various attacks based on this.

In one embodiment, the user terminal 110 may transfer or lend some or all of its rights to another terminal. The transferred or loaned authority may remain in the user terminal 110, or the authority may be set so as not to remain in the user terminal 110 until the transferred or loaned authority is returned to the user terminal 110.

Through this, the user terminal 110 may grant another user the right to use or manage the IoT network 100 according to the disclosed embodiment.

In addition, the user terminal 110 may grant management authority to one or more other terminals, so that management of the IoT network 100 may be performed through agreement between a plurality of terminals. For example, when a new block is created in the blockchain 300, it is possible to perform signatures of all of a plurality of terminals having management authority on the corresponding block, or through agreement between a plurality of terminals (for example, , Majority vote, etc.) It is possible to decide whether to sign the generated block, which is not limited.

5 is a diagram illustrating a method for a blockchain to defend against external attacks according to the disclosed embodiment.

Referring to FIG. 5, an example of a block chain 300 and an attack means therefor is illustrated.

For example, the similar IoT network 400 is an example of a system used to attempt IoT hijacking through 51% attack, which is one of the attack methods on the blockchain.

51% attack uses the characteristics of a blockchain that draws conclusions (or performs authentication) through multiple consensus, and attacks that draw more than half of the consensus by injecting more members than those who make decisions on the current blockchain It is a kind of way.

For example, as shown in FIG. 5, by participating in an agreement of the blockchain 300, a similar IoT network 400 including IoT H to IoT K, or more IoT terminals, the determination of IoT A to IoT D Regardless of the result, a new IoT terminal may participate in the IoT network 100, extract information, control operations, or change information recorded on the blockchain.

However, when the IoT network 100 according to the disclosed embodiment receives information for consensus from one or more other IoT terminals, it checks whether the one or more other IoT terminals are signed by the user terminal 110.

Further, the IoT network 100 may not reflect information received from the IoT terminal that is not signed by the user terminal 110 in the agreement.

Accordingly, an IoT terminal that is not authenticated by the user terminal 110 may be fundamentally blocked from participating in the agreement, and thus, IoT hijacking based on a 51% attack is impossible.

In addition, IoT E (500) shows an example of an IoT terminal for performing a longest attack.

As described above, the blockchains 300 stored in the different terminals 310 to 340 should be all the same in principle, but some terminals may be temporarily separated, or a little difference may occur due to a communication problem.

In this case, synchronization may be performed between different terminals 310 to 340 when communication is restored or at a predetermined period, and the criterion for performing synchronization may be the longest blockchain. It is self-evident that the longest blockchain has the most information, so a terminal with some information missing can receive the longest blockchain information and perform synchronization.

However, a longest attack may be performed by exploiting this, which includes an IoT terminal in which the blockchain stored longer than the existing blockchain 300 is stored in the IoT network 100, or is already included in the IoT network 100 By storing a blockchain that is longer than the existing blockchain 300 in one of the IoT terminals, the blockchain 300 of the entire IoT network 100 is replaced with the corresponding blockchain.

In order to prevent this, according to the disclosed embodiment, one or more IoT terminals included in the IoT network 100 perform synchronization with respect to the stored blockchain, based on the longest blockchain signed by the user terminal 110 Synchronization can be performed. That is, if all the blocks are not signed by the user terminal 110, the longest attack can be prevented by not performing synchronization.

Specifically, when one or more IoT terminals included in the IoT network 100 recognizes an attempt to synchronize by another blockchain that is longer than the blockchain 300 stored in the one or more IoT terminals, blocks included in the other blockchains Check whether they are signed by the user terminal 110, and if at least one block that is not signed by the user terminal 110 is included in the other blockchain, synchronization by the other blockchain is performed. You can refuse.

In order to add a new block to the blockchain 300, verification and signature process by the user terminal 110 is required. Therefore, when a block is added for a longest attack, the added block must have the signature of the user terminal 110. Can't.

Accordingly, a block chain including at least one block that is not signed by the user terminal 110 is excluded from synchronization, thereby preventing an attempt to replace the block chain.

6 is a diagram illustrating a method of joining a new IoT terminal to an IoT network according to an embodiment.

Referring to FIG. 6, an example of joining a new IoT terminal 630 to an IoT network 600 including a user terminal 610 and one or more IoT terminals 620 and 630 is illustrated.

Blockchains 612, 622 and 632 are stored in each of the user terminal 610 and the one or more IoT terminals 620 and 630.

When the new IoT terminal 630 wants to participate in the IoT network 600, the user terminal 610 may first authenticate the new IoT terminal. The authentication method is not limited, but for example, an authentication method such as Numeric comparison may be used.

When the new IoT terminal 630 is authenticated, the new IoT terminal 630 participates in the IoT network 600, and the user terminal 610 generates a block corresponding to the new IoT terminal 630, and is generated. The block can be signed and the signed block can be connected to the blockchain 612.

In one embodiment, the user terminal 610 may sign the block generated using the private key and broadcast the signed block to the IoT network 600.

Each of the one or more IoT terminals 620 and 630 verifies the signed block using the public key of the user terminal 610, and when verification is successful, the blockchain 622 stored in each of the one or more IoT terminals 620 and 630 And 632).

Subsequently, the new IoT terminal 630 will formally participate in the IoT network 600, and then when the new IoT terminal 630 wants to participate in the IoT network 600, verification based on the blockchain stored in other terminals. It becomes possible to participate in the IoT network 600.

As described above, the system according to the disclosed embodiment does not require a server-based authentication process and is protected from external attacks, and since it does not require a specialized authentication process for each manufacturer of each terminal, it is possible to authenticate between IoT terminals of different manufacturers to easily establish an IoT network. You can build.

On the other hand, by making the verification based on the user terminal as a prerequisite for participating in the IoT network for the first time, the user can prevent the IoT terminal from directly authenticating and signing the IoT network that is not signed, thus attacking the traditional IoT system as well Attack methods that can be applied to general blockchain systems can be defended.

That is, according to the disclosed embodiment, the IoT terminals themselves are used as nodes of the blockchain network, and perform the role of maintaining the network as well as consensus within the network. Each IoT terminal currently has a distributed ledger of other devices that are certified in the IoT network, and it is possible to easily manage even new IoT devices and updates of existing IoT devices by constructing such information into a blockchain.

Accordingly, the information of the IoT terminals is composed of blocks, and each device uses these block information when verifying whether the device is derived from the same network. These blocks are characterized by allowing a verified user to sign the block, so that the user directly maintains the integrity of the block.

In addition, the blockchain-based IoT authentication system according to the disclosed embodiment operates without problems by agreement between terminals even in a closed internal network, unlike the existing blockchain or IoT system, so it can be used by companies or military units using intranets. There is an advantage.

In addition, even if there is a network disconnection in some IoT terminals, it is possible to continuously maintain the distributed ledger of the latest network by performing synchronization with the longest blockchain signed by the verified user.

In addition, when a departure from the IoT network occurs due to a communication disconnection in some IoT terminals, the IoT terminal can be immediately returned to the IoT network without the user terminal 110 through an agreement based on a blockchain.

7 is a diagram illustrating a reconnection method of an IoT terminal according to an embodiment.

Referring to FIG. 7, an IoT network 700 and a user terminal 710 included in the IoT network 700 and one or more IoT terminals 720 to 740 are illustrated.

In one embodiment, the IoT terminal 730 may temporarily leave the IoT network 700 due to an abnormal device or communication failure of the IoT terminal 730.

In this case, when the state of the IoT terminal 730 is restored and the user wants to return to the IoT network 700, the IoT terminal 730 is verified to terminals 710, 720, and 740 connected to the IoT network 700. You can request.

The terminals 710, 720, and 740 connected to the IoT network 700 check whether there is block information corresponding to the IoT terminal 730 in each blockchain 712, 722, and 742, and verify It can be done.

In one embodiment, each of the terminals 710, 720, and 740 connected to the IoT network 700 stores the block information corresponding to the IoT terminal 730 in the stored blockchain, the IoT terminal 730 It can communicate with and interact with each other.

Accordingly, even when a plurality of devices belonging to the entire IoT network 700 are in an OFF state due to the characteristics of the IoT system, communication with the existing IoT terminal 730 may be performed through verification of each of the remaining devices. That is, in this case, it can be understood that each of the IoT devices derives an agreement, and thus, there is an advantage that a quick agreement can be obtained.

In addition, since each device must be signed by the user terminal 110, there is an advantage that the blockchain of the existing network is maintained even if an attack of 51% or more of the existing network members enters.

In one embodiment, when a plurality of agreements among terminals 710, 720, and 740 connected to the IoT network 700 are derived, the IoT terminal 730 may directly participate in the IoT network 700. That is, when there is block information of the IoT terminal 730 in a plurality of blockchains among terminals 710, 720, and 740 connected to the IoT network 700, the IoT terminal 730 is connected to the IoT network 700. You can participate immediately.

In other words, if the IoT terminal that previously participated in the IoT network wants to re-join after leaving the IoT network, the IoT terminal is immediately IoT based on the consensus of a number of IoT terminals based on the blockchain even without verification by the user terminal. You can join the network.

Therefore, the IoT system according to the disclosed embodiment has an effect of increasing the availability of a service and preventing the leakage of personal information inside the IoT system.

The steps of a method or algorithm described in connection with an embodiment of the present invention may be implemented directly in hardware, a software module executed by hardware, or a combination thereof. The software modules may include Random Access Memory (RAM), Read Only Memory (ROM), Erasable Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), Flash Memory, Hard Disk, Removable Disk, CD-ROM, or It may reside on any type of computer readable recording medium well known in the art.

The components of the present invention may be implemented as a program (or application) to be executed in combination with a hardware computer, and stored in a medium. The components of the present invention can be implemented in software programming or software components, and similarly, embodiments include C, C++, including various algorithms implemented in a combination of data structures, processes, routines or other programming components. , Can be implemented in programming or scripting languages such as Java, assembler, etc. Functional aspects can be implemented with algorithms running on one or more processors.

The embodiments of the present invention have been described with reference to the accompanying drawings, but a person skilled in the art to which the present invention pertains may implement the present invention in other specific forms without changing its technical spirit or essential features. You will understand. Therefore, it should be understood that the above-described embodiments are illustrative in all respects and not restrictive.

100: IoT network
110: user terminal
120: IoT terminal
130: IoT terminal

Claims (11)

User terminal; And
One or more IoT terminals; Including,
The user terminal and the one or more IoT terminals form an IoT network,
The user terminal and the one or more IoT terminals each store a blockchain,
The blockchain,
A block corresponding to the user terminal and a block corresponding to each of the one or more IoT terminals,
Blockchain-based IoT authentication system. According to claim 1,
Blocks included in the blockchain,
Characterized in that signed by the user terminal,
Blockchain based IoT authentication system. According to claim 2,
A first private key is stored in a first IoT terminal that is one of the one or more IoT terminals, and a first public key corresponding to the first private key is stored in a first block corresponding to the first IoT terminal. Made with,
Blockchain based IoT authentication system. According to claim 1,
The system further includes a new IoT terminal to participate in the IoT network,
The user terminal,
Authenticate the new IoT terminal, create a block corresponding to the authenticated new IoT terminal, sign the generated block, connect the generated block to the blockchain, and connect the generated block to the IoT network Broadcast on,
Each of the one or more IoT terminals,
Verifying the generated block using the public key of the user terminal, and when the verification is successful, connecting the generated block to a blockchain stored in each of the one or more IoT terminals,
Blockchain based IoT authentication system. According to claim 1,
The system further includes an existing IoT terminal to participate in the IoT network,
Each of the one or more IoT terminals,
Check and verify whether a block corresponding to the existing IoT terminal is stored in a blockchain stored in each of the one or more IoT terminals, and perform communication with the existing IoT terminal when the verification of the existing IoT terminal is successful. doing,
Blockchain based IoT authentication system. According to claim 1,
The one or more IoT terminals perform synchronization for the stored blockchain, but perform synchronization based on the longest blockchain signed by the user terminal,
Blockchain based IoT authentication system. According to claim 1,
The system,
Further comprising at least one access point used to perform communication between the terminals included in the IoT network,
The user terminal,
Performing communication with the access point, and communicating with one or more IoT terminals included in the IoT network through the access point,
Blockchain based IoT authentication system. According to claim 1,
The system,
An access point (AP) connected to the one or more IoT terminals; Further comprising,
The AP,
IP exchange is performed with a terminal of an external network through a Stun server,
Performing communication with the terminal of the external network using the exchanged IP,
Blockchain based IoT authentication system. The method of claim 6,
The one or more IoT terminals,
When an attempt to synchronize by another blockchain longer than the blockchain stored in the one or more IoT terminals is recognized, it is checked whether blocks included in the other blockchain are signed by the user terminal, and the If at least one block that is not signed by the user terminal is included, rejecting synchronization by the other blockchain,
Blockchain based IoT authentication system. According to claim 1,
The system further includes an existing IoT terminal to participate in the IoT network,
Each of the one or more IoT terminals,
Check and verify whether a block corresponding to the existing IoT terminal is stored in a blockchain stored in each of the one or more IoT terminals, and when a plurality of agreements among the one or more IoT terminals are obtained, the existing IoT terminal is connected to the IoT. To join the network,
Blockchain based IoT authentication system. The method of claim 10,
The one or more IoT terminals,
When information for the consensus is received from one or more other IoT terminals, it is determined whether the one or more other IoT terminals are signed by the user terminal, and information received from the IoT terminal not signed by the user terminal is Characterized in that it is not reflected in the agreement,
Blockchain based IoT authentication system.

Images