KR20200068640A - Device of things, and method, computer program and recording medium applied to the same - Google Patents

Abstract

According to the present invention, disclosed is an Internet of things (IoT) device, and an authentication method, computer program, and recording medium applied thereto. According to the present invention, the IoT device comprises: an enrollment request unit which encrypts registration request usage information including changed usage information when usage information of the IoT device is changed by a user′s input or by factors other than the user′s input, and requests to register the encrypted registration request usage information as authentication information; an authentication confirmation unit which receives a connection request directly or indirectly from other IoT devices, and requests input or connection authentication of connection information corresponding to the registered authentication information in response to the received connection request; and a connection approval unit which approves the connection of the other IoT devices according to the authentication of the input connection information or the result of the connection authentication.

Description

Device of things, and authentication method applied thereto, computer program and recording medium {Device of things, and method, computer program and recording medium applied to the same}

The present invention relates to an object device, and an authentication method applied thereto, a computer program, and a recording medium, and more particularly, an object device for enhancing security of each object device connected to the Internet of Things, and an authentication method applied to the same, a computer It relates to programs and recording media.

The Internet has been used as a space where humans can share information as producers/consumers of information. It is predicted that in the future, the Internet of Things (IoT) era will be coming in which even objects around us, such as home appliances and sensors, will be connected to the network, so that environmental information around things and the information of things themselves can be shared.

In other words, IoT devices supporting IoT (hereinafter referred to as'object devices') are expected to increase rapidly in the future.

When IoT enables communication, interaction, and information sharing between people and people, people and things, things and things, intelligent services to judge things themselves become possible, and companies can support green IT for cost reduction and further green growth. It can be an infrastructure.

With the advent of the IoT era, communication between objects and things is expected to occur in various ways, and it will be possible to access IoT-enabled IoT devices such as sensors and home appliances through smartphones, which are a kind of IoT-enabled IoT devices. . The connection and control of object devices are already commercialized and realized in smart windows and boilers in the home network.

However, there are still security impediments, such as hacking, in access and control of IoT devices, and in the IoT era, if security leaks occur, serious damages such as invasion of privacy and malfunction of IoT devices will be mass produced. To realize this, it is required to solve the security problem.

Republic of Korea Registered Patent Publication No. 1392868 (2014.04.30)

none

Therefore, the present invention was created to solve the above problems, and the problem of the present invention is that the device for automatically changing authentication information for authentication of the device without setting the user when the usage information of the device is changed. , And an authentication method, computer program, and recording medium applied thereto.

The object of the present invention is not limited to the above-mentioned problems, and other objects not mentioned will be clearly understood by those skilled in the art from the following description.

The object device according to the first aspect of the present invention for achieving the above object is registered when the usage information of the object device is changed by a user's input or by a factor other than the user's input, including the changed usage information The registration request unit that encrypts the request usage information and requests registration of the encrypted registration request usage information as authentication information, receives a connection request directly or indirectly from another device, and corresponds to the registered authentication information in response to the received connection request. It includes an authentication confirmation unit for requesting input of connection information or authentication, and a connection approval unit for authenticating the connection of the other device according to the authentication of the inputted connection information or the result of the connection authentication.

The registration request usage information is the same as all parts of the registered authentication information or the same as a part of the registered authentication information, and when the authentication of the inputted access information proceeds, the inputted access information is the registered authentication It is the same as all parts of the information or the same as a part of the registered authentication information, and when the connection authentication is performed, specific usage information extracted from each object device that is the object of the connection authentication is transmitted before each of the registered authentication information. It may be the same as the part or the part of each of the registered authentication information.

When a part is identical between the registration request usage information and the registered authentication information, the same part is changed periodically or aperiodically, and when a part is identical between the input access information and the registered authentication information, the same thing The part is changed periodically or aperiodically, and when a part is the same between each specific usage information and each registered authentication information, the same part can be changed periodically or aperiodically.

At least one of the registration request unit, the authentication confirmation unit, and the access approval unit may be encrypted by a public key encryption method using a prime number having a predetermined number of digits or more.

It may further include a connection request and a control unit for requesting access to any other object device to be controlled, and controlling the other object device after the connection is approved.

The authentication method according to the second aspect of the present invention for achieving the above object is a request for registration including the changed usage information when the usage information of the thing device is changed by the user's input or by other factors than the user's input. Encrypting the usage information and requesting registration of the encrypted registration request usage information as authentication information, receiving a connection request directly or indirectly from another device, and in response to the received connection request, of the connection information corresponding to the registered authentication information. And requesting input or connection authentication, and authenticating the connection of the other device according to the authentication of the input connection information or the result of the connection authentication.

The computer program according to the third aspect of the present invention for achieving the above object is combined with an object device, and when the usage information of the object device is changed by a user's input or is changed by a factor other than the user's input, the changed Encrypting the registration request usage information including usage information and requesting the registration of the encrypted registration request usage information as authentication information, receiving the connection request directly or indirectly from another device, and registering the authentication information in response to the received connection request It is stored in the recording medium in order to execute the step of requesting input or connection authentication of connection information corresponding to and step of authenticating the connection of the other device according to the authentication of the input connection information or the result of the connection authentication.

When the computer-readable recording medium according to the fourth aspect of the present invention for achieving the above object is executed by an object device, the usage information of the object device is changed by a user's input or changed to a factor other than the user's input When possible, encrypting the registration request usage information including the changed usage information and requesting registration of the encrypted registration request usage information as authentication information, directly or indirectly receiving a connection request from another device, and responding to the received connection request And a command for inputting connection information corresponding to the registered authentication information or requesting access authentication, and authenticating the input connection information or authorizing the connection of the other object device according to the result of the access authentication. .

The authentication method according to the fifth aspect of the present invention for achieving the above object is when the usage information of one of the plurality of things devices is changed by a user input or by a factor other than the user input, the Receiving encrypted registration request usage information including the changed usage information from the thing device from a communication network, registering authentication information of the thing device through the encrypted registration request usage information, and removing the one of the plurality of things devices. Receiving, directly or indirectly, a connection authentication request for the second thing device from the one thing device, an authentication result executed based on each authentication information previously registered for the first thing device and the second thing device, and And generating a connection authentication result using connection authority information registered in advance for a connection relationship between the first thing device and the second thing device, and outputting the connection authentication result.

Therefore, in the present invention, when the use information of the thing device is changed, by automatically changing the authentication information for the authentication of the thing device without the user's setting, there is an advantage to enhance the security of the thing device in the Internet of Things.

The effects of the present invention are not limited to the effects mentioned above, and other effects not mentioned will be clearly understood by those skilled in the art from the description of the claims.

1 is a block diagram illustrating an object device according to an embodiment of the present invention.
2 is a block diagram showing a usage history stored in the thing device of FIG. 1.
3 is an exemplary view showing the usage history of FIG. 2 as an example.
FIG. 4 is an exemplary view showing an example of the usage history of FIG. 3 in more detail.
FIG. 5 is an exemplary view showing the usage history of FIG. 2 as another example.
6 is an exemplary view showing an example of the usage history of FIG. 5 in more detail.
7 is an exemplary view showing a menu screen for user selection as an example among usage details of FIG. 2.
FIG. 8 is an exemplary view showing the usage history of FIG. 2 as another example.
9 is a block diagram illustrating an object device according to another embodiment of the present invention.
10 is a configuration diagram showing an example of a communication configuration between things devices of the present invention.
FIG. 11 is a configuration diagram illustrating a configuration when hacking the first thing device of FIG. 10 as an example.
12 is a configuration diagram illustrating an example of changing authentication information for the first thing device of FIG. 10.
13 is a configuration diagram showing another example of a communication configuration between things devices of the present invention.
14 is a configuration diagram showing an example of a configuration when hacking the first thing device of FIG. 13.
15 is a configuration diagram illustrating an example of changing authentication information for each device of FIG. 13.
16 is a configuration diagram illustrating another example of a communication configuration between object devices of the present invention.
17 is a configuration diagram showing an authentication system according to an embodiment of the present invention.
18 is a configuration diagram showing an authentication system according to another embodiment of the present invention.
19 is a block diagram showing an authentication system according to another embodiment of the present invention.
20 is a block diagram showing an authentication system according to another embodiment of the present invention.
21 is a flowchart illustrating, as an example, a process of authentication processing by the thing device of the present invention.
And, Figure 22 is a flow chart showing an example of the authentication process of the authentication server of the present invention.

Advantages and features of the present invention, and methods for achieving them will be clarified with reference to embodiments described below in detail together with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but may be implemented in various different forms, and only the embodiments allow the disclosure of the present invention to be complete, and common knowledge in the technical field to which the present invention pertains. It is provided to fully inform the person having the scope of the invention, and the invention is only defined by the scope of the claims. The same reference numerals refer to the same components throughout the specification.

In addition, the embodiments described herein will be described with reference to cross-sectional views and/or schematic drawings, which are ideal exemplary views of the present invention. Therefore, the shape of the exemplary diagram may be modified by manufacturing technology and/or tolerance. In addition, in each of the drawings shown in the present invention, each component may be slightly enlarged or reduced in view of convenience of description.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram illustrating an object device according to an embodiment of the present invention.

Referring to FIG. 1, the IoT device 10 includes a configuration for improving a security level in an Internet of Things-based connection through frequent change of authentication information. More specifically, whenever the usage information of the thing device 10 is changed, the authentication information of the thing device is automatically changed without a user's setting, so that the access information required when accessing the thing device 10 based on the Internet of Things Security level can be improved.

The thing device 10 encrypts the registration request usage information including the changed usage information and encrypts the registration request when the usage information of the thing device 10 is changed by a user's input or other factors than the user's input. The registration request unit 11 for requesting registration of usage information as authentication information, receives a connection request directly or indirectly from another device, and inputs or authenticates connection information corresponding to the registered authentication information in response to the received connection request. It includes an authentication confirmation unit 12 for requesting, and a connection approval unit 13 for approving the connection of another device according to the authentication of the input connection information or the result of the connection authentication.

Here, the object device 10 is a smart phone, a washing machine, a boiler, a smart window, a home hub router, a TV, a car, etc., and is a concept that collectively refers to a device that can access the Internet of Things.

In addition, the usage information of the thing device 10 refers to a history used by the user, a history used as a factor other than the history used by the user, or information that can be combined based on these.

The registration request unit 11 encrypts the registration request usage information including the changed usage information when the usage information of the thing device 10 is changed by a user's input or other factors other than the user's input, and an encrypted registration request Requests that the usage information be registered in the authentication server as authentication information. At this time, the registration request includes not only requesting the initial registration, but also requesting to update the authentication information already registered.

Specifically, it is possible to use only the changed use information as the use information for the registration request, but it is also possible to combine the changed use information with the existing use information and use it as the use information for the registration request.

In addition, the registration request use information may be the same as all parts of the registered authentication information, or may be the same as a part of the registered authentication information.

Here, the fact that all the parts of the registration request use information and the registered authentication information are the same means that the registration request use information is used as it is and registered as authentication information. For example, if the registration request usage information is'ABCDE', the registered authentication information is also'ABCDE'. At this time, each alphabet among'ABCDE' refers to the usage information of the object device 10.

In addition, the fact that the registration request usage information is the same as a part of the registered authentication information means that only some information is consistent between the registration request usage information and the authentication information. This is to prepare for security exposure due to hacking during the transmission of information. If the registration request usage information is not transmitted all the information for registering as authentication information, but only a part of'ABC' is transmitted, the registered authentication information is According to the specified authentication information registration algorithm,'ABCDE' can be registered as the final authentication information by combining'ABC', the registration request usage information received, and'CD', which is the existing registration history.

That is, if only'A' is changed from'ABC' of the registration request usage information and'BC' is existing usage information, the authentication server extracts'CD', the third and fourth existing usage information from the recently registered usage history. Accordingly,'ABCDE' may be finally registered as the final authentication information as described above.

When receiving the connection request directly or indirectly from another object device, the authentication confirmation unit 12 requests input of connection information corresponding to the registered authentication information through the above-described process, or access corresponding to the registered authentication information. Requires authentication.

When the authentication confirmation unit 12 requests the input of the connection information, it is the case that the other object device serves as the authentication server. That is, the thing device 10 and the other thing device are P2P connected to register authentication information of the thing device 10 to the other thing device, and then the other thing device connects to the thing device 10 to connect the thing device 10 When entering the control, the access information corresponding to the authentication information of the pre-registered thing device 10 (for example, all of the authentication information or a part of the authentication information) is input, so that the other thing for the thing device 10 It can be authenticated that the device is a device with legitimate access. At this time, the input of the connection information by the other device means that it is automatically input according to the pre-configured authentication logic.

For example, the object device 10 may be a home hub router, a smart window, or the like, and the other object device may be a smartphone. Of course, the smart phone may also be a device corresponding to the object device 10.

When the object device 10 and another object device perform authentication between the two devices through the input of the connection information, the connection information input by the automatic input of the other device is the same as all parts of the already registered authentication information, or is already registered It may be the same as a part of the authenticated information.

The fact that all of the authentication information that is automatically input from the other device is the same as that of the already registered authentication information means that the authentication information registered and stored in the other device is directly input as the connection information. For example, if the registered authentication information is'ABCDE', the access information is also'ABCDE'.

On the other hand, the fact that the access information automatically input from another device is the same as a part of the already registered authentication information is to prepare for further exposure to the risk of hacking during information transmission, and all corresponding information to be compared with the authentication information When not transmitting, but only transmitting'CDE', which is part of the authentication information, the thing device that received the'CDE' as the access information (10) is the existing registration history according to a predetermined authentication execution algorithm. AB' and'CDE', the access information received this time, can be combined to complete'ABCDE', the final access information for comparison to be compared with the registered authentication information.

In addition, in the process of performing authentication, the access information provided by the IoT device 10 from the other IoT device may be different from the usage information of the registration request in the registration process. Of course, it is also possible to set the connection information transmitted in the authentication execution process and the registration request use information in the registration process to be the same.

On the other hand, when the authentication confirmation unit 12 requests access authentication, it is a case where the authentication server is separately present in addition to the thing device 10 and the other thing devices. That is, the thing device 10 and the other thing device perform registration of authentication information through the use information of the registration request including the changed use information whenever the use information of each device is changed, and the thing device 10 receives the other thing device When a connection request is received from the authentication server, it may request the other device to receive connection authentication as to whether the connection between the thing device 10 and the other device is possible from the authentication server, and in response to such a request, the other device can access the authentication device. When the result of the authentication is issued and processed normally, it can be authenticated that the other device is a device that has another user's legitimate access authority.

When the authentication verification unit 12 of the thing device 10 requests access authentication from the authentication server when determining whether to approve the connection to the other thing device, both the thing device 10 and the other thing devices are respectively connected to the authentication server. It is possible to perform pre-authentication to authenticate that the device has legitimate access. In the pre-authentication process, the authentication confirmation unit 12 of the thing device 10 extracts specific usage information of a predetermined criterion from all usage information being stored in advance, encrypts the extracted specific usage information, and then uses encrypted authentication. The information is transmitted to the authentication server as information for pre-authentication. Accordingly, the authentication server decrypts the encrypted authentication usage information provided from the IoT device 10, compares the decrypted authentication usage information with the registered authentication information, and through the comparison result, the IoT device 10 has proper access authority. The device is authenticated.

In addition, in the pre-authentication process, information for pre-authenticating the encrypted authentication usage information after encrypting the extracted specific usage information after extracting specific usage information of a predetermined criterion from among all the usage information stored in advance by other devices is also stored. As the transfer to the authentication server. Accordingly, the authentication server decrypts the encrypted authentication usage information received from the other device, compares the decrypted authentication usage information with the registered authentication information, and compares the decrypted authentication usage information with the registered authentication information to determine whether the other device is a device that has legitimate access authority. To authenticate.

In this pre-authentication process, the specific usage information extracted from each thing device may be the same as all parts of the pre-registered authentication information or the same as a part of each registered authentication information. Here, the fact that all of the extracted specific usage information and the registered authentication information are the same means that specific usage information is extracted in the same manner as the registered authentication information. For example, when the registered authentication information is'ABCDE', the specific usage information extracted is also'ABCDE'.

In addition, the fact that the extracted specific use information is the same as a part of the registered authentication information means that only some information is matched between the extracted specific use information and the authentication information. This is also to prepare for further exposure to the risk of hacking during the transmission of information. If the specific usage information is not transmitted all the information to be compared with the authentication information, but only a part of'CDE' is transmitted, the registered authentication information is By combining the specific usage information'CDE' received according to a predetermined authentication execution algorithm and the existing registration history'AB', it is possible to complete'ABCDE', the final specific usage information for comparison to be compared with the registered authentication information. have.

The specific usage information extracted in the authentication execution process and the registration request use information in the registration process may be different from each other as described above. Of course, it is also possible to set the specific usage information extracted in the authentication execution process and the registration request use information in the registration process to be the same.

The registration request unit 11 includes a configuration that detects whether the usage information of the thing device 10 is changed by a user's input or is changed by a factor other than the user's input, and through this detection configuration, When there is a change, registration of authentication information is requested based on the changed usage information.

In addition, it is preferable that the authentication information registration request of the registration request unit 11 is automatically executed in that it is executed whenever the usage information of the thing device 10 is changed.

The registration request unit 11 may periodically or aperiodically change the same part of the mutual information when one part is identical between the registration request usage information and the registered authentication information.

For example, the periodic change of the registration request unit 11 specifies at least one of the date, parking, and time according to the pre-programmed logic to specify the same part of each other between the registration request usage information and the registered authentication information. It is possible. As a more specific example, the part of the same day between the 2015.09.14 registration request usage information and the registered authentication information is the 3rd week of September 2015 based on the parking of the month, so the registration request usage information and registered information It is possible to specify from the first digit to 3 digits of the authentication information in which the same part of the authentication information is registered as the same part.

In addition, in the example of aperiodic change of the registration request unit 11, the registration request unit 11 changes the same part between the registration request usage information and the registered authentication information based on the update information received from the authentication server. Can be.

When the access information input from another device is the same as the registered authentication information, the same part between mutual information may be changed periodically or aperiodically.

Periodically changing the same part between the access information and the authentication information is the same one part between the access information and the authentication information by combining at least one of the date, parking, and time according to logic pre-programmed in the thing device and the other device. It is possible to specify and change the part of the work already specified. The method of combining at least one of the aforementioned date, parking, and time is only an example, and various methods for specifying the same intersection portion between other information may be applied.

Aperiodically changing the same part between the access information and the authentication information means that when the other object device is a user-controllable mobile phone, the other object device and the thing device ( 10) It is possible to specify the same part of the connection information and the authentication information once by interworking with each other, or to change the part of the already specified one.

In addition, when processing access authentication to the thing device 10 of another device through the authentication server, when one part is identical between specific usage information and registered authentication information extracted from each thing device, the same part Can be changed periodically or aperiodically.

Periodic change of the same work part between specific use information and recognition information specifies the same work part between the extracted use information and registered authentication information by combining at least one of date, parking, and time according to the pre-programmed logic. It is possible to do. As a more specific example, when the same part of the day between 2015.09.14 extracted specific usage information and registered authentication information is divided into even and odd days, 14 days corresponds to even days, so between the extracted specific usage information and registered authentication information Up to two digits from the first digit of the authentication information in which the same one part is registered can be specified as the same one part.

An example of aperiodic change of the same part between the usage information and the recognition information is that the authentication confirmation unit 12 of the thing device 10 is registered with specific usage information based on the update information received from the authentication server. The same part of the authentication information can be changed. It can be implemented in the same way as other device.

The registration request unit 11 may encrypt the changed usage information, and the authentication confirmation unit 12 may encrypt the extracted specific usage information. In addition, connection information input from another object device may also be encrypted from another object device and transmitted to the object device 10. Here, the encryption method may apply at least one of various encryption methods having a high security level. .

For example, at least one of the registration request unit 11 and the authentication confirmation unit 12 may be encrypted by a public key encryption method using a prime number having a predetermined number of digits or more.

The public key cryptography method is given by p,q when two prime numbers (1 and its number are not divisible by natural numbers other than itself), the product of the two prime numbers m(=pq) is easily found, but some It is a way of thinking that it is difficult to know which m is the product of two primes when a product of primes m is given. That is, the public key method is provided with a device such as a so-called trapdoor that anyone can easily enter in one direction but cannot return except for a specific user.

When revealing the product m of two prime numbers, it is possible to use a prime number where two prime numbers p,q are each 100 or more. For example, m may be as follows.

m=114381625757888867669235779976146612010218296721242362562561842 　　　　935706935245733897830597123563958705058989075147599290026879543541

The two prime factors p,q of m above obtained through the factorization algorithm are as follows.

p=3490529510847650949147849619903898133417764638493387843990820577

q=32769132993266709549961988190834461413177642967992942539798288533

Even if the two prime factors of m above are obtained using the factorization algorithm, it takes time to derive the result. This requires absolute processing time even if the factorization algorithm is continuously improved.

Therefore, it is preferable that the public key cryptography is encrypted with prime numbers greater than the two prime factors p,q mentioned above. In other words, the public key encryption method is a method that requires a minimum time (e.g., several days or more) to decrypt even if exposed to a hacking program.

The thing device 10 of the present invention changes authentication information whenever the usage information of the thing device 10 is changed. For example, when the thing device 10 is a mobile phone, the change interval of authentication information is for each user. It may be different, but it can be changed every few seconds or at most every few hours.

That is, when the usage information of the device 10, which is frequently changed as described above, is encrypted using the public key encryption method described above, even if it is exposed to hacking and decrypted, authentication information that is hacked is exposed when decryption is completed. Rather, it is changed to new authentication information. With this principle, the thing device 10 of the present invention can build strong security without user intervention.

2 is a block diagram showing a usage history stored in the thing device of FIG. 1.

2, a plurality of pieces of usage information are stored in the object device 10. For example, when classified by each usage information, the first usage information, the second usage information, the third usage information, and the Nth usage information may be included in the thing device 10.

FIG. 3 is an exemplary view showing the usage history of FIG. 2 as an example, and FIG. 4 is an exemplary view more specifically showing the usage history example of FIG. 3.

As illustrated in FIG. 3, the first usage information, the second usage information, the third usage information, and the Nth usage information may determine an order between information in a time-series order. When the registration request unit 11 requests registration to the authentication server including three usage information as the usage information for the registration request, the first to third usage information may be used as the usage information for the registration request in chronological order. .

Unlike the FIG. 2, the usage information shown in FIG. 3 is a time series arrangement in which the recent usage history is placed below and the past usage history is placed above. When the thing device 10 is a smart phone, the registration request unit 11 is the registration request usage information for the recent three usage information '2015.07.28, 8:36 am B message to'A' ① Usage information, ③ for '2015.07.28 8:37 AM B message received from'A' ② Usage information and '2015.07.28 9:01 AM for C company securities application Ali history received' You can use the information to request registration as authentication information.

Subsequently, when the usage information of the thing device 10 is added and changed, the registration request unit 11 adds, for example, '2015.07.28 to 9:02 am to 2015.07.28 to 9 am in addition to the above-mentioned usage details. Usage information can be added to'View D Company's Securities News' until 16 minutes. At this time, the registration request unit receives the usage information of ① of the registration request usage information'August 28, 2015, 8:37 AM B message from'A', ②'usage information, '2015.07.28, 9:01 AM C You can request to register as authentication information by changing the usage information of'Private Securities Application Ali', and ③'to'View Securities News of D Company from 9:02 am on July 28, 2015 to 9:16 am on July 28, 2015'. .

FIG. 5 is an exemplary view showing the usage history of FIG. 2 as another example, and FIG. 6 is an exemplary diagram more specifically showing the usage history example of FIG. 5.

As shown in FIG. 5, when the thing device 10 is a smartphone, the registration request unit 11 classifies the use information of the thing device 10 into categories, and uses the registration request use information from each group. Usage information to be included can be extracted.

For example, if the usage information of the registration request is set to three usage information, the first usage information of the first group is the ① usage information of the registration request usage information, and the first usage information of the second group is the usage information of the registration request usage information. ② The usage information and the first usage information of the third group can be extracted as ③ usage information of the registration request usage information.

As shown in FIG. 6, the above-mentioned first group may be a'call history', and a call is made to the wife at 2:31 pm on July 28, 2015, which is the most recent call history among'call history', for 2 minutes. Currency' usage information can be extracted as ① usage information of the registration request usage information.

The above-mentioned second group may be a'message history', and request to register usage information of'receive E company message from'I' from July 28, 2015 at 8:3 am, which is the most recent message history among the'message history' It can be extracted as ② usage information of usage information.

The above-mentioned third group may be'other execution history', D company's securities from '2.2015.07.28, 9:02 am to 2015.07.28, 9:16 am, which is the most recent message history among'other execution details' News view' usage information can be extracted as ③ usage information of the registration request usage information.

7 is an exemplary view showing a menu screen for user selection as an example among usage details of FIG. 2.

As shown in FIG. 7, when the thing device 10 is equipped with a control environment capable of setting a user selection, such as a smart phone, a selection menu P such as'user selection, application or function selection, viewpoint selection' is provided. Through this, user information can be selected according to user convenience.

That is, in the selection menu P, the user selects'wife' from the'user selection' menu, selects'telephone call, B company message, and E company message' from the'application or function menu'. You can select'Send or Forward' from'Point of View Selection Menu'.

When selected as described above, whenever the'phone call, B company message, and E company message' is'sent or received' from the'wife' to the thing device 10, the usage information of the thing device 10 is changed. It is considered that authentication information registration based on the changed usage information may be executed. Therefore, in this case, it can be seen that the user's'wife' serves as a helper for changing the authentication information of the thing device 10 at any time.

FIG. 8 is an exemplary view showing the usage history of FIG. 2 as another example.

The usage information shown in FIGS. 4 to 7 is an example in which the device 10 is a smart phone, and the usage information illustrated in FIG. 8 is an example in which the object device 10 is a smart window.

The thing device 10, which is a smart window, is the usage information for the registration request, ① usage information for the latest three usage information,'automatic closing of the second window according to the first user command on August 29, 2015 at 11:26 pm, 2015.08. 29 Use the usage information for ② Switching to the air purification mode according to the 2nd user command at 17:11 pm, and ③ the usage information for'detection of indoor air pollution rate less than 70% at 17.13.2015.08.29. Can be requested to register as authentication information.

Thereafter, the registration request unit 11 of the smart device 10, which is a smart window, adds and changes the use information of the thing device 10, for example, in addition to the above-mentioned usage history, '2015.08.29 PM 17 At 14:14, usage information for'automatic opening of first window and second window' may be added. At this time, the registration request unit 11 changes the usage information of ① of the registration request usage information to'air purification mode according to the second user command on August 29, 2015 at 17:11 pm', ②'usage information is '2015.08.29 Detect indoor air pollution rate less than 70% at 17:13 pm', and ③'User information can be changed to'Automatic opening of first window and second window at 17:14 pm on August 29, 2015' and request registration as authentication information. .

9 is a block diagram illustrating an object device according to another embodiment of the present invention.

As illustrated in FIG. 9, the thing device 20 requests access to any other thing device to be controlled, in addition to the registration request unit 21, the authentication confirmation unit 22, and the connection approval unit 23, After the connection is approved, a connection request and a control unit 24 for controlling other things devices may be further included.

That is, the thing device 20 including the connection request and the control unit 24 may be referred to as another thing device described above.

In addition, the object device 10 is connected to the other object device and is controlled by the other object device, thereby performing a specific driving. For example, when the object device 10 is a smart window, a window opening or window closing operation may be performed according to the control of another object device (eg, a smart phone).

10 is a configuration diagram showing an example of a communication configuration between things devices of the present invention.

As illustrated in FIG. 10, in the case of P2P connection of the first thing device 30 and the second thing device 40, the second thing device 40 may include a second thing device ( 40) You can request to register the usage information. For example, the first object device 30 may be a smartphone, and the second object device 40 may be a washing machine.

When the usage information of the second IoT device 40 changes, the second IoT device (eg, the washing machine 40) encrypts the usage information of the registration request including the changed usage information, and uses the encrypted registration request usage information as authentication information. Request registration on the first thing device (eg, smartphone, 30) (①).

The first thing device (e.g., smartphone, 30) responds to the request for registering authentication information of the second thing device (e.g., washing machine, 40) based on the previously subscribed history, and the second thing device ( Example: The registration of authentication information is completed by replying to the washing machine (40) (②).

Thereafter, when the first thing device (eg, smartphone, 30) requests a connection to control the second thing device (eg, washing machine, 40) to the second thing device (eg, washing machine, 40), the second It is required to input an access number for an object device (eg, washing machine, 40) (③).

On the other hand, as the first thing device (for example, a smart phone, 30) is already storing the registered authentication information, the authentication information is extracted as the access information corresponding to the registered authentication information and the second thing device ( Example: input processing to the washing machine, 40) (④).

The second object device (eg, washing machine, 40) extracts specific usage information corresponding to the registered authentication information generated in the registration step, compares the extracted specific usage information with the access information input in ④, and compares the result. Approve the connection request of the first thing device (eg, smartphone, 30) through (⑤).

The second object device (eg, washing machine, 40) transmits the approval result generated in ⑤ to the first object device (eg, smartphone, 30), thereby receiving the first object device (eg, smartphone, 30) It is possible to connect to a second object device (eg, washing machine, 40) (⑥).

11 is a configuration diagram showing an example of a configuration when hacking the first thing device of FIG. 10.

As illustrated in FIG. 11, when the hacking device attempts to access the first thing device (eg, smartphone, 30) (①), the first thing device (eg, smartphone, 30) is also described in the second Like the thing device (eg, washing machine, 40), the hacking device 50 is requested to input the access number (②).

The first thing device (for example, a smart phone, 30) refuses to access the hacking device 50 or accesses the hacking device 50 when a valid access number is not input from the hacking device 50 or exceeds an input time. Cut off (③).

12 is a configuration diagram illustrating an example of changing authentication information for the first thing device of FIG. 10.

As described above, the second object device (eg, washing machine, 40) registers usage information of the second object device (eg, washing machine, 40) to the first object device (eg, smartphone, 30). On the other hand, the first thing device (for example, a smart phone, 30) registers the usage information of the first thing device (for example, a smart phone, 30) to the authentication server 60 whenever the use information is changed.

That is, the first thing device (e.g., smartphone, 30) and the second thing device (e.g., washing machine, 40) are P2P connected, but the authentication of the first thing device (e.g., smartphone, 30) is performed by the authentication server (60). ). Accordingly, the authentication server 60 uses a plurality of first thing devices (for example, the 1-1 thing device 31, the 1-2 thing device 32, and the 1-N thing device 33). Information can be registered whenever the usage information is changed.

In this case, the first thing device (for example, a smart phone, 30) not only registers authentication information whenever the usage information of the first thing device (for example, a smart phone, 30) changes, but also the first thing device (for example, : Change the screen information displayed on a specific screen of a smartphone, 30), change the usage information of a first thing device (e.g., a smartphone, 30), or use the combination information based on them to automatically perform authentication information without user setting. It is also possible to change from time to time.

Here, the screen information includes arrangement information for at least one application on a specific screen, notification history information, a background image, or information that can be combined based on them.

In addition, the specific screen of the first thing device (eg, smart phone, 30) may be a screen mainly used by the user when using the first thing device (eg, smart phone, 30), and various notification details And a background screen which is a main operation screen where various applications are located.

13 is a configuration diagram showing another example of a communication configuration between things devices of the present invention.

As illustrated in FIG. 13, the first thing device (eg, smart phone, 70) and the second thing device (eg, washing machine, 80) both use the changed usage information in the authentication server 90 whenever each usage information is changed. You can request to register the included registration request usage information as authentication information.

Thereafter, when a first thing device (eg, a smartphone, 70) requests a connection to control a second thing device (eg, a washing machine, 80) to the second thing device (eg, a washing machine, 80) (①) , The second object device (eg, washing machine, 80) is requested to input the access number (②).

On the other hand, the first thing device (eg, smart phone, 70) connects to the authentication server 90, and the registered authentication information of the first thing device (eg, smart phone, 70) and the first thing device (eg, smart) Phone, 70) after completing the pre-authentication of the first thing device (for example, the smartphone, 70) through comparison between specific usage information extracted from the phone, request authentication of the connection to ② to the authentication server 90 (③) .

On the other hand, the authentication server 90 accesses the second terminal device (eg, washing machine, 80), which is the opposite terminal for the connection authentication of ②, and based on the registered authentication information of the second object device (eg, washing machine, 80). After completing one pre-authentication, the result of the connection authentication in ② is provided to the 2 things device (eg, washing machine, 80) (④).

Thereafter, the second object device (eg, the washing machine, 80) approves the connection request of the first object device (eg, the smartphone), 70 through the result input in ④ (⑤).

The second thing device (eg, washing machine, 80) transmits the result of approval generated in ⑤ to the first thing device (eg, smartphone, 70), thereby receiving the first thing device (eg, smartphone, 70) It is possible to connect to a second object device (eg, washing machine, 80) (⑥).

14 is a configuration diagram illustrating an example of a configuration when hacking the first thing device of FIG. 13.

As shown in FIG. 14, when the hacking device 90-1 attempts to access the first thing device (eg, smartphone, 70) (①), the first thing device (eg, smartphone, 70) is also shown. Like the second object device (for example, the washing machine, 80) described above, the hacking device 90-1 requests the input of the access number (②).

The first thing device (for example, a smart phone, 70) refuses to connect to the hacking device 90-1 or if the valid access number is not input from the hacking device 90-1 or exceeds an input time, or the hacking device ( 90-1) is disconnected (③).

15 is a configuration diagram illustrating an example of changing authentication information for each device of FIG. 13.

As described above, the 1-1 th thing device 71 to the 1-3 th thing device 73 and the 2-1 th thing device 81 to the 2-3 th th thing device 83 are the authentication server 90. Each usage information can be registered whenever usage information is changed.

16 is a configuration diagram illustrating another example of a communication configuration between object devices of the present invention.

As shown in FIG. 16, the first thing device (eg, smart phone, 100) and the second thing device (eg, washing machine, 120) both use the changed usage information to the authentication server 130 whenever each usage information is changed. You can request to register the included registration request usage information as authentication information.

Thereafter, the first thing device (for example, a smart phone, 100) accesses the service server 110 and logs in (①). In ①, the first thing device (e.g., smart phone, 100) uses authentication information registered in advance using the usage information of the first thing device (e.g., smart phone, 100), and the first thing device (e.g., smart phone) , 100) is obtained from the authentication server 130 as an intermediary of the service server 110, the pre-authentication result of comparing the specific usage information extracted from each other. Thereafter, the first thing device (eg, smartphone, 100) that has passed the pre-authentication makes a connection request to the second thing device (eg, washing machine, 120) to the service server 110.

The service server 110 receives a connection request to the second thing device (eg, washing machine, 120) of the first thing device (eg, smartphone, 100), and then receives the second thing device (eg, washing machine, 120). The authentication information is registered through the intermediary of the service server 110 by comparing the pre-registered authentication information using the usage information of the user and the specific usage information extracted from the second thing device (for example, the washing machine, 120). 130, the second object device (for example, the washing machine, the second object device (for example, the washing machine, and the washing machine, 120)) 120).

Subsequently, the service server 110 is requested to connect to the second object device (for example, the washing machine, 120) to determine whether a connection request for the first object device (for example, the smartphone, 100) is valid (③).

Thereafter, the service server 110 requests approval of the connection authentication request to the authentication server 130 (④), and receives the result of the ③ connection authentication from the authentication server 130 (⑤).

The service server 110 provides the result of the connection authentication provided in ⑤ to the second object device (eg, washing machine, 120) (⑥).

Thereafter, the second object device (eg, washing machine, 120) approves the connection request of the first object device (eg, smartphone, 100) through the result input in ⑥ (⑦).

The second thing device (for example, the washing machine, 120) transmits the approval result generated in ⑦ to the first thing device (for example, a smartphone, 100) through the service server 110, thereby receiving the first thing device ( Example: It becomes possible for the smart phone 100 to access the second object device (for example, the washing machine, 120) (⑧).

17 is a configuration diagram showing an authentication system according to an embodiment of the present invention.

In the authentication system illustrated in FIG. 17, when a first thing device (eg, a smartphone, 200) requests access to a second thing device (eg, a washing machine, 210), the authentication concept illustrated in FIGS. 10 to 12, Alternatively, it is possible to apply the authentication concept illustrated in FIGS. 13 to 15.

18 is a configuration diagram showing an authentication system according to another embodiment of the present invention.

In the authentication system illustrated in FIG. 18, when a first thing device (eg, a smart phone, 300) requests a second thing device (eg, a home hub router, 310), authentication shown in FIGS. 10 to 12 It is possible to apply the concept and/or the authentication concept shown in FIGS. 13 to 15.

19 is a block diagram showing an authentication system according to another embodiment of the present invention.

In the authentication system illustrated in FIG. 19, when a first thing device (eg, a smartphone, 400) requests access to a second thing device (eg, a washing machine, 420) as an intermediary of the service server 410, FIGS. 10 to It is possible to apply the authentication concept shown in FIG. 12, or the authentication concept shown in FIGS. 13 to 15, or the authentication concept shown in FIG.

20 is a block diagram showing an authentication system according to another embodiment of the present invention.

In the authentication system illustrated in FIG. 20, when a first thing device (eg, a smartphone, 500) requests access to a second thing device (eg, a home hub router, 520) as an intermediary of the service server 510, FIG. It is possible to apply the authentication concept shown in 10 to 12, or the authentication concept shown in FIGS. 13 to 15, or the authentication concept shown in FIG. 16.

21 is a flowchart illustrating, as an example, a process of authentication processing by the thing device of the present invention.

As shown in FIG. 21, the thing device 10 uses a registration request including changed use information when the use information of the thing device 10 is changed by a user's input or other factors than the user's input. Encrypt the information and request the registration of the encrypted registration request usage information as authentication information (S100).

Subsequently, when the thing device 10 receives a connection request from the other thing device 20 (S102), in response to the received access request, the thing device 10 requests input of an access number or connection authentication corresponding to the registered authentication information ( S104).

The thing device 10 determines whether to approve the access of the other thing device 20 described above according to the result of the authentication of the access number or the access authentication input in step S104 (S106).

If the connection is approved in step S106 (S108), the thing device 10 operates under the control of the other object device 20 after the connection of the other device 20 is completed (S110).

If connection is not possible in step S106 (S106-1), the thing device 10 is not connected to the other thing device 20.

Thereafter, when the authentication process of the thing device 10 ends, the execution of the above steps is also finished (S112 ).

Each of the steps of the authentication process is combined with the object device 10, configured as a computer program stored in the recording medium, or when executed by the object device 10, the computer-readable recording medium including instructions for executing the above steps. It can be configured as.

And, Figure 22 is a flow chart showing an example of the authentication process of the authentication server of the present invention.

As shown in FIG. 22, when the usage information of one thing device is changed, the authentication server 60 or 90 receives the registration request use information including the changed use information from the thing device (S200). At this time, in order to execute the registration of authentication information based on the changed usage information in the authentication server 60 or 90, it may be performed after the subscription procedure for using the authentication service of the present invention is performed in advance. The subscription procedure may be performed according to a normal service subscription procedure.

Thereafter, according to the registration request received in step S200, authentication information is registered (S202). Here, the registration is the first authentication information registration, or a concept including updating authentication information that has already been registered.

Thereafter, the authentication server 60 or 90 receives a connection authentication request for the second thing device (eg, washing machine, 10) of the first thing device (eg, smartphone, 20) (S204).

Thereafter, the authentication server 60 or 90 generates a result for the connection authentication request received in step S204, and outputs the generated connection authentication result as a response to the connection authentication request received in step S204 (S208).

Then, when the authentication service is terminated, the execution of the above steps is also ended (S210).

Although the embodiments of the present invention have been described with reference to the above and the accompanying drawings, those of ordinary skill in the art to which the present invention pertains can implement the present invention in other specific forms without changing its technical spirit or essential features. You will understand that there is. Therefore, it should be understood that the embodiments described above are illustrative in all respects and not restrictive.

In addition, the present invention provides an object device that automatically changes authentication information for authentication of an object device without user setting when the usage information of the object device is changed, and an authentication method, computer program, and recording medium applied thereto. As it is intended, it is an invention with industrial applicability since it is not only sufficient for commercial or commercial possibilities, but also practically and clearly.

10, 20: Thing device 11, 21: Registration request department
12, 22: Authentication confirmation unit 13, 23: Connection approval unit
24: connection request and control unit 30, 70, 100, 200, 300, 400, 500: first object device
40, 80, 120, 210, 310, 420, 520: second object device
50, 90-1: Hacking device 60, 90, 130: Authentication server
110, 410,510: service server

Claims (4)

When the usage information of the thing device is changed by the user's input or is changed by factors other than the user's input, the registration request usage information including the changed usage information is encrypted and the encrypted registration request usage information is registered as authentication information Registration request department to do;
An authentication confirmation unit which receives a connection request directly or indirectly from another device, and requests input or connection authentication of connection information corresponding to the registered authentication information in response to the received connection request; And
An object device including a connection approval unit that approves the connection of the other device according to the authentication of the input connection information or the result of the connection authentication. An object device further comprising a connection request and a control unit that requests a connection to any other object device to be controlled, and controls the other object device after the connection is approved. When the usage information of the thing device is changed by the user's input or is changed by factors other than the user's input, the registration request usage information including the changed usage information is encrypted and the encrypted registration request usage information is registered as authentication information To do;
Receiving an access request directly or indirectly from another device, and requesting input or access authentication of access information corresponding to the registered authentication information in response to the received access request; And
And authenticating the connection of the other device according to the authentication of the input connection information or the result of the connection authentication. When executed by the thing device, when the use information of the thing device is changed by the user's input or is changed by factors other than the user's input, the registration request usage information including the changed usage information is encrypted and the encrypted registration request is used Requesting information to be registered as authentication information;
Receiving an access request directly or indirectly from another device, and requesting input or access authentication of access information corresponding to the registered authentication information in response to the received access request; And
A computer-readable recording medium comprising instructions for performing an authentication of the input connection information or a step of authorizing the connection of the other device according to the result of the connection authentication.

Images