WO2009078607A2 - System and method for preventing illegal use of device - Google Patents

System and method for preventing illegal use of device Download PDF

Info

Publication number
WO2009078607A2
WO2009078607A2 PCT/KR2008/007194 KR2008007194W WO2009078607A2 WO 2009078607 A2 WO2009078607 A2 WO 2009078607A2 KR 2008007194 W KR2008007194 W KR 2008007194W WO 2009078607 A2 WO2009078607 A2 WO 2009078607A2
Authority
WO
WIPO (PCT)
Prior art keywords
verification
illegal
management server
network service
certification authority
Prior art date
Application number
PCT/KR2008/007194
Other languages
French (fr)
Other versions
WO2009078607A3 (en
Inventor
Do Woo Kim
Yun Kyung Lee
Geon Woo Kim
Hyung Kyu Lee
Jong Wook Han
Kyo Il Chung
Original Assignee
Electronics And Telecommunications Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electronics And Telecommunications Research Institute filed Critical Electronics And Telecommunications Research Institute
Publication of WO2009078607A2 publication Critical patent/WO2009078607A2/en
Publication of WO2009078607A3 publication Critical patent/WO2009078607A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to a system and method for preventing illegal use of a stolen or lost device using the verification of a device certificate.
  • the certificate of a new device is issued from a certification authority through a server in charge of device management installed within various service domains, such as home and cyber offices, and the permission of the use of various services is obtained by using the issued device certificate.
  • a system for preventing illegal use of a device comprising: a device capable of using a network service through a connected network; a certification authority for performing verification of the device according to an authentication information verification request; and a management server which, if there is a request for the use of the network service from the device, requests the certification authority for the authentication information verification of the device, and if the device is judged to be an illegal device according to a result of verification received from the certification authority, restricts the use of the network service.
  • a method for preventing illegal use of a device comprising the steps of: a device's requesting to use a network service through a management server; the management server's requesting a certification authority for the authentication of the device and receiving a result of verification; and if the device is judged to be an illegal device according to the result of verification, restricting the use of the network service.
  • FIG. 1 is a view illustrating the configuration of a system for preventing illegal use of a device according to one embodiment of the present invention
  • FIG. 2 is a sequential diagram illustrating a loss or theft reporting method in the system for preventing illegal use of a device according to one embodiment of the present invention.
  • FIG. 3 is a sequential diagram illustrating a method for preventing illegal use of a device according to one embodiment of the present invention.
  • FIG. 1 is a view illustrating the configuration of a system for preventing illegal use of a device according to one embodiment of the present invention.
  • a management server 110 is connected to the device 100, a certification authority 125 is connected through a wired and wireless network 120, and a delegation verification server 130 is connected to the certification authority 125.
  • the device 100 is a user terminal capable of using various network services by connecting to the wired and wireless network 120. To use a network service, one has to have device authentication information issued and do user registration.
  • the management server 110 requests for the verification of the device upon receipt of a request for the use of a network service from the device 100, and if the device 100 is judged to be an illegal device that has lost or stolen, restricts the use of the network service and transmits position information of the illegal device to the registered owner.
  • the certification authority 125 receives a request to issue authentication information through the management server 110 from the device 100, and issues a certificate by determining whether the device 100 is registered or not. Upon the issue of a certificate, information of the management server 110 having received a request to issue authentication information, as well as information of the device 100, is included in the authentication information.
  • the management server 110 transmits position information of an illegal device to the registered owner
  • the position information included in the information of the management server to which the illegal device has sent a request for the use of a network service is judged to be the position information of the illegal device and transmitted to the management server that has received the request to issue authentication information.
  • the certification authority 125 having received an authentication request of the device 100 through the wired and wireless network 120 from the management server 110, which has received a request for the use of the network service from the device 100, performs verification of the authentication information of the device 100, and determines illegal use of the device 100.
  • the delegation verification server 130 performs verification upon receipt of a request for the verification of the authentication information of the device from the certification authority 125, and transmits a result of verification to the certification authority 125.
  • a service server 135 transmits the network service to the device 100.
  • FIG. 2 is a sequential diagram illustrating a loss or theft reporting method in the system for preventing illegal use of a device according to one embodiment of the present invention.
  • the management server 100 transmits a report of the loss or theft of the device 100 to the certification authority 125 (S305).
  • the certification authority 125 stores the certificate information containing registration information of the reported device 100 and registers the device 100 as an illegal device (S310), and requests the management server 110 to restrict the use of a network service by the illegal device (S315).
  • FIG. 3 is a sequential diagram illustrating a method for preventing illegal use of a device according to one embodiment of the present invention.
  • the certification authority 125 determines whether the device 100 is a registered device or not by receiving information of the device through the management server 110 (S404).
  • the device 100 requests the management server 110 to issue authentication information (S406), and the management server 110 delivers information of the device 100 having requested to issue authentication and information of the management server 110 to the certification authority 125 to request to issue authentication information (S408).
  • the certification authority 125 issues authentication information of the device 100 based on the delivered information and transmits it to the management server 110 (S410), the management server 110 transmits the transmitted authentication information to the device 100 (S412), and the device 100 having received the authentication information uses various networks services through the provided authentication information (S424).
  • the management server 110 sends a network service provision request and an authentication information verification request to the certification authority 125 (S414), and the certification authority 125 sends a delegation verification of the authentication information to the delegation verification server 130 upon receipt of the network service provision request and the authentication information verification request (S416).
  • the delegation verification server 130 performs delegation verification of the authentication information, and then delivers the result to the certification authority 125 (S418), and the certification authority 125 delivers the result of delegation verification to the management server 110 (S420).
  • the system and method for preventing illegal use of a device can prevent illegal access to the use of various services using a stolen or lost device, and transmit position information of the device to the registered owner of the device by using authentication information stored in the certificate.

Abstract

A system and method for preventing illegal use of a device are disclosed. The system for preventing illegal use of a device comprises: a device capable of using a network service through a connected network; a certification authority for performing verification of the device according to an authentication information verification request; and a management server which, if there is a request for the use of the network service from the device, requests the certification authority for the authentication information verification of the device, and if the device is judged to be an illegal device according to a result of verification received from the certification authority, restricts the use of the network service. Accordingly, when a device attempts to access for the use of a service, it is possible to prevent the use of a device judged to be illegal through an authentication information verification procedure.

Description

Description
SYSTEM AND METHOD FOR PREVENTING ILLEGAL USE OF
DEVICE
Technical Field
[I] The present invention relates to a system and method for preventing illegal use of a stolen or lost device using the verification of a device certificate.
[2] The present invention was partly supported by the IT R&D program of Ministry of
Information and Communication(MIC) and Institute for Information Technology Ad- vancement(IITA) [Project Management No. 2006-S-067-02, Project Title: Development of Ubiquitous Home Network Security Technology Based On Device Authentication].
[3]
Background Art
[4] With the development of networks, services provided by service providers become various. Especially, with the speeding-up of networks, there is an increase in service providers who provide high-quality moving pictures as well as simple text information or image information.
[5] In addition, the age of networks has come that controls a plurality of devices in one control center by configuring a plurality of devices in one network.
[6] In order to get services using devices, the certificate of a new device is issued from a certification authority through a server in charge of device management installed within various service domains, such as home and cyber offices, and the permission of the use of various services is obtained by using the issued device certificate.
[7] Upon the theft or loss of a device, this is reported to the certification authority through a management server installed within the service domain, and a password is set up or encryption is used as a method for preventing illegal use of a stolen or lost device, excluding physical methods.
[8] However, a password can be easily exposed, and encryption is used to safely protect data by preventing data stored in a device from infringement.
[9] Accordingly, the aforementioned methods only prevent exposure of data stored within a device, but cannot restrict the use of various services using a device.
[10]
Disclosure of Invention Technical Problem
[I I] It is an object of the present invention to provide a system and method for preventing illegal use of a device, which checks illegality through a certificate verification procedure when a device attempts to access for the use of a service, and, if the device is judged to be illegal, prevents use of the device and transmits position information of the illegal device to the owner of the device. [12]
Technical Solution
[13] To achieve the above-described object, there is provided a system for preventing illegal use of a device according to the present invention, comprising: a device capable of using a network service through a connected network; a certification authority for performing verification of the device according to an authentication information verification request; and a management server which, if there is a request for the use of the network service from the device, requests the certification authority for the authentication information verification of the device, and if the device is judged to be an illegal device according to a result of verification received from the certification authority, restricts the use of the network service.
[14] Additionally, there is provided a method for preventing illegal use of a device according to the present invention, comprising the steps of: a device's requesting to use a network service through a management server; the management server's requesting a certification authority for the authentication of the device and receiving a result of verification; and if the device is judged to be an illegal device according to the result of verification, restricting the use of the network service.
[15]
Advantageous Effects
[16] According to the present invention, when a device attempts to access for the use of a service, it is possible to prevent the use of a device judged to be illegal through a certificate verification procedure and transmit position information of the illegal device to the registered owner.
[17]
Brief Description of the Drawings
[18] FIG. 1 is a view illustrating the configuration of a system for preventing illegal use of a device according to one embodiment of the present invention;
[19] FIG. 2 is a sequential diagram illustrating a loss or theft reporting method in the system for preventing illegal use of a device according to one embodiment of the present invention; and
[20] FIG. 3 is a sequential diagram illustrating a method for preventing illegal use of a device according to one embodiment of the present invention.
[21]
Best Mode for Carrying Out the Invention [22] FIG. 1 is a view illustrating the configuration of a system for preventing illegal use of a device according to one embodiment of the present invention.
[23] Referring to FIG. 1, in the system for preventing illegal use of a device, a management server 110 is connected to the device 100, a certification authority 125 is connected through a wired and wireless network 120, and a delegation verification server 130 is connected to the certification authority 125.
[24] The device 100 is a user terminal capable of using various network services by connecting to the wired and wireless network 120. To use a network service, one has to have device authentication information issued and do user registration.
[25] The management server 110 requests for the verification of the device upon receipt of a request for the use of a network service from the device 100, and if the device 100 is judged to be an illegal device that has lost or stolen, restricts the use of the network service and transmits position information of the illegal device to the registered owner.
[26] If the user of the device 100 has his or her device 100 stolen or lost, he or she reports the loss or theft of authentication information to the management server 110.
[27] The certification authority 125 receives a request to issue authentication information through the management server 110 from the device 100, and issues a certificate by determining whether the device 100 is registered or not. Upon the issue of a certificate, information of the management server 110 having received a request to issue authentication information, as well as information of the device 100, is included in the authentication information.
[28] Therefore, in the case that the management server 110 transmits position information of an illegal device to the registered owner, the position information included in the information of the management server to which the illegal device has sent a request for the use of a network service is judged to be the position information of the illegal device and transmitted to the management server that has received the request to issue authentication information.
[29] If there is a report of the loss or theft of the device 100 through the management server 110, authentication information of the lost or stolen device is stored.
[30] The certification authority 125 having received an authentication request of the device 100 through the wired and wireless network 120 from the management server 110, which has received a request for the use of the network service from the device 100, performs verification of the authentication information of the device 100, and determines illegal use of the device 100.
[31] The delegation verification server 130 performs verification upon receipt of a request for the verification of the authentication information of the device from the certification authority 125, and transmits a result of verification to the certification authority 125. [32] As a result of verification of the certificate of the certification authority 125, if the device 100 is determined to be a registered device, a service server 135 transmits the network service to the device 100.
[33] FIG. 2 is a sequential diagram illustrating a loss or theft reporting method in the system for preventing illegal use of a device according to one embodiment of the present invention.
[34] Referring to FIG. 2, when a device registrant who has its device 100 lost or stolen accesses the management server 100 to give its report (S300), the management server 100 transmits a report of the loss or theft of the device 100 to the certification authority 125 (S305).
[35] The certification authority 125 stores the certificate information containing registration information of the reported device 100 and registers the device 100 as an illegal device (S310), and requests the management server 110 to restrict the use of a network service by the illegal device (S315).
[36] FIG. 3 is a sequential diagram illustrating a method for preventing illegal use of a device according to one embodiment of the present invention.
[37] Referring to FIG. 3, when the device 100 registrant requests the certification authority 125 for the use of a network service through the management server 110 (S400), the certification authority 125 determines whether the device 100 is a registered device or not by receiving information of the device through the management server 110 (S404).
[38] If the device is judged to be a new device, the device 100 requests the management server 110 to issue authentication information (S406), and the management server 110 delivers information of the device 100 having requested to issue authentication and information of the management server 110 to the certification authority 125 to request to issue authentication information (S408).
[39] The certification authority 125 issues authentication information of the device 100 based on the delivered information and transmits it to the management server 110 (S410), the management server 110 transmits the transmitted authentication information to the device 100 (S412), and the device 100 having received the authentication information uses various networks services through the provided authentication information (S424).
[40] If the device 100 is judged to be a registered device, the management server 110 sends a network service provision request and an authentication information verification request to the certification authority 125 (S414), and the certification authority 125 sends a delegation verification of the authentication information to the delegation verification server 130 upon receipt of the network service provision request and the authentication information verification request (S416). [41] The delegation verification server 130 performs delegation verification of the authentication information, and then delivers the result to the certification authority 125 (S418), and the certification authority 125 delivers the result of delegation verification to the management server 110 (S420).
[42] As the result of delegation verification, if the device 100 is judged to be an illegal device, position information of the illegal device and of the management server accessed for a service request by the illegal device are is delivered to the device user through the service server 135, and a request for restriction of use of a network service is sent to the management server 110 (S422).
[43] As the result of delegation verification, if the device 100 is a registered device, a network service is used through the service server 135 (S424).
[44] Accordingly, the system and method for preventing illegal use of a device according to the present invention can prevent illegal access to the use of various services using a stolen or lost device, and transmit position information of the device to the registered owner of the device by using authentication information stored in the certificate.
[45] As aforementioned, the exemplary embodiments of the present invention are shown and described, but the present invention is not limited to the exemplary embodiments described above, and can be implemented in various modifications by those skilled in the art to which the present invention pertains without departing from the scope of the present invention recited in the appended claims, and such modifications should not be understood to depart from the technical spirit or prospect of the present invention.
[46]
Industrial Applicability
[47] According to the present invention, when a device attempts to access for the use of a service, it is possible to prevent the use of a device judged to be illegal through a certificate verification procedure and transmit position information of the illegal device to the registered owner.
[48]

Claims

Claims
[1] A system for preventing illegal use of a device, comprising: a device capable of using a network service through a connected network; a certification authority for performing verification of the device according to an authentication information verification request; and a management server which, if there is a request for the use of the network service from the device, requests the certification authority for the authentication information verification of the device, and if the device is judged to be an illegal device according to a result of verification received from the certification authority, restricts the use of the network service.
[2] The system of claim 1, further comprising: a delegation verification server for performing verification of the device under delegation from the certification authority.
[3] The system of claim 1, further comprising: a service server for providing the use of a network service to the device if the device is judged to be a registered device.
[4] The system of claim 1, wherein the authentication information includes information of the device and information of the management server that has requested for the authentication of the device.
[5] The system of claim 1, wherein, if the device is judged to be an illegal device, the management server transmits position information of the illegal device to the registered owner of the device.
[6] The system of claim 5, wherein the position information is the position of the management server to which the illegal device has sent a request for the use of a network service.
[7] A method for preventing illegal use of a device, comprising: requesting to use a network service through a management server; requesting a certification authority for the authentication of the device and receiving a result of verification; and restricting the use of the network service when a device is judged to be an illegal device according to the result of verification, restricting the use of the network service.
[8] The method of claim 7, further comprising: requesting to issue device authentication information through the management server; requesting the certification authority to issue the authentication information of the device; and transmitting the result of issuing the authentication information to the device.
[9] The method of claim 8, wherein, on a request to issue the authentication information, information of the device and of a management server is included.
[10] The method of claim 7, further comprising: notifying the registered owner of the result of judging including position information of the illegal device when the device is judged to be an illegal device
[11] The method of claim 10, wherein the result of judging is notified to a management server to which the device has sent a request to issue authentication information.
[12] The method of claim 11, wherein the position information is the position of the management server to which the illegal device has sent a request for the use of a network service.
[13] The method of claim 7, wherein, the device's requesting to use a network service through a management server, it is judged whether the device is a registered device or not.
[14] The method of claim 7, wherein, receiving the result of verification, the certification authority requests a delegation verification server for delegation verification.
PCT/KR2008/007194 2007-12-17 2008-12-05 System and method for preventing illegal use of device WO2009078607A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020070132816A KR100960122B1 (en) 2007-12-17 2007-12-17 System and method for preventing illegal use of device
KR10-2007-0132816 2007-12-17

Publications (2)

Publication Number Publication Date
WO2009078607A2 true WO2009078607A2 (en) 2009-06-25
WO2009078607A3 WO2009078607A3 (en) 2009-09-17

Family

ID=40795990

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2008/007194 WO2009078607A2 (en) 2007-12-17 2008-12-05 System and method for preventing illegal use of device

Country Status (2)

Country Link
KR (1) KR100960122B1 (en)
WO (1) WO2009078607A2 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005158022A (en) * 2003-10-31 2005-06-16 Multinet Kk File security management system, authentication server, client device, program and storage medium
KR20060024204A (en) * 2004-09-13 2006-03-16 주식회사 케이티 System and method for controlling internet service providing
KR20060109001A (en) * 2005-04-14 2006-10-19 (주) 모두스원 Network security apparatus and method thereof
JP2006293708A (en) * 2005-04-11 2006-10-26 Nec Access Technica Ltd System, method, and program for contents access control

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004027588A2 (en) * 2002-09-23 2004-04-01 Koninklijke Philips Electronics N.V. Certificate based authorized domains
KR100567822B1 (en) 2003-10-01 2006-04-05 삼성전자주식회사 Method for creating domain based on public key cryptography
KR100667333B1 (en) * 2004-12-16 2007-01-12 삼성전자주식회사 System and method for authentication of a device and a user in the home network
KR100643325B1 (en) 2005-02-18 2006-11-10 삼성전자주식회사 Network and creating method of domain thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005158022A (en) * 2003-10-31 2005-06-16 Multinet Kk File security management system, authentication server, client device, program and storage medium
KR20060024204A (en) * 2004-09-13 2006-03-16 주식회사 케이티 System and method for controlling internet service providing
JP2006293708A (en) * 2005-04-11 2006-10-26 Nec Access Technica Ltd System, method, and program for contents access control
KR20060109001A (en) * 2005-04-14 2006-10-19 (주) 모두스원 Network security apparatus and method thereof

Also Published As

Publication number Publication date
WO2009078607A3 (en) 2009-09-17
KR100960122B1 (en) 2010-05-27
KR20090065323A (en) 2009-06-22

Similar Documents

Publication Publication Date Title
KR101143092B1 (en) System and method for enforcing location privacy using rights management
US8006085B2 (en) License management system and method
CA2672775C (en) Simplified management of authentication credentials for unattended applications
KR101419984B1 (en) System and method for sharing content suing nfc in cloud circumstance
US8321673B2 (en) Method and terminal for authenticating between DRM agents for moving RO
CN100479386C (en) Domain management system, method for building local domain and method for acquisition of local domain licence
NZ551220A (en) Method and apparatus for transmitting rights object information between device and portable storage
KR101314751B1 (en) Apparatus for managing installation of DRM and method thereof
WO2018227693A1 (en) Method and system for acquiring usage permissions of internet of things-based equipment
JP5452192B2 (en) Access control system, access control method and program
EP1843274B1 (en) Digital rights management system
KR20080021423A (en) Method for generating rights object by authority recommitment
KR101461945B1 (en) Domain upgrade method in digital right management
JP5548952B2 (en) Wireless device and communication method
KR100765794B1 (en) Method and apparatus for sharing content using sharing license
KR100960122B1 (en) System and method for preventing illegal use of device
KR20150005789A (en) Method for Authenticating by using Certificate
KR100620588B1 (en) Digital rights management method for appling multi-user of encryption contents
KR20180046777A (en) The method and apparatus for providing service based on capability token in internet of things environment
KR100853183B1 (en) Method and system for providing secure home service in the UPnP AV network
KR101072019B1 (en) Method for assigning rights of issuing rights object and system thereof
KR20080026022A (en) Method for providing information, method for authenticating client and drm interoperable system
WO2008149319A2 (en) Vouching for source authorization
KR20100026114A (en) Method for authenticating device with encrypted authentication ticket
KR20070115574A (en) Method for communicating data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08862126

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08862126

Country of ref document: EP

Kind code of ref document: A2