WO2012099330A2 - Cpns 환경에서 사용자 인증을 위한 인증키 발급 시스템 및 방법 - Google Patents
Cpns 환경에서 사용자 인증을 위한 인증키 발급 시스템 및 방법 Download PDFInfo
- Publication number
- WO2012099330A2 WO2012099330A2 PCT/KR2011/009196 KR2011009196W WO2012099330A2 WO 2012099330 A2 WO2012099330 A2 WO 2012099330A2 KR 2011009196 W KR2011009196 W KR 2011009196W WO 2012099330 A2 WO2012099330 A2 WO 2012099330A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- terminal information
- cpns
- user
- authentication key
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
Definitions
- the present invention relates to a system and method for issuing an authentication key for user authentication in a converged personal network service (CPNS) environment.
- a user terminal equipped with a short-range wireless communication function inputs an ID and password for using a CPNS service.
- the terminal information including the ID and password is encrypted using the password
- the authentication request signal including the encrypted terminal information is transmitted to the gateway to receive the authentication key generated in the CPNS device, CPNS
- the device decrypts the encrypted terminal information according to the authentication request from the gateway to perform user authentication, and when authenticated, generates an authentication key for a CPNS service and encrypts the password using the password to the user terminal through the gateway.
- Authentication key issue relates to systems and methods.
- a Converged Personal Network Service (CPNS) environment is a user terminal capable of only short-range wireless communication and cellular communication with a mobile communication network to perform short-range wireless communication with a mobile communication terminal serving as a personal network service (PN) gateway. It is to make available the data service that can be provided through cellular communication.
- CPNS Converged Personal Network Service
- the user terminal searches for a gateway to play the role of a personal network (PN) gateway device in order to use a CPNS service. Thereafter, the gateway uses the terminal information from the user terminal to check whether the CPNS service is available for the user terminal. If the CPNS service is available as a result of the check, the gateway transmits an authentication message indicating that the CPNS service is available to the user terminal.
- PN personal network
- the user terminal can use the data service.
- the conventional method as described above has a cumbersome disadvantage of having to perform a separate authentication process for each terminal when a user uses multiple terminals in a CPNS environment.
- the present invention has been made to solve the above problems, an object of the present invention is to easily authenticate when a user uses a plurality of terminals in a CPNS environment, convenient key management to secure security for each terminal
- the present invention provides a system and method for issuing an authentication key for user authentication in a CPNS environment that can provide a method.
- Another object of the present invention is a system for issuing an authentication key for authenticating a user in a CPNS environment in which a user can obtain a result such as a credential by using a password determined by the user even if the authentication key is not pre-assigned, such as a credential of the USIM, and To provide a method.
- a short-range wireless communication function requests the gateway to register the terminal information including the ID (ID) and password, and use the CPNS (Converged Personal Network Service) service
- the terminal information including the ID and password is encrypted using the password
- the authentication request signal including the encrypted terminal information is transmitted to the gateway generated in the CPNS device Equipped with a user terminal for receiving an authentication key, a mobile communication function or a short-range wireless communication function
- the terminal information is transmitted to a CPNS device through a mobile communication network according to a terminal information registration request from the user terminal, and authenticated from the user terminal.
- an authentication key issuing system for user authentication in a CPNS environment including a CPNS device for generating an authentication key, encrypting the generated authentication key using the password, and providing the user terminal through the gateway.
- the gateway stores the terminal information according to the terminal information registration request from the user terminal, and when the authentication request signal is received from the user terminal, decrypts the encrypted terminal information to perform user authentication, and if authenticated, CPNS An authentication key for a service may be generated, and the generated authentication key may be encrypted using the password and then provided to the user terminal and the CPNS device.
- a communication interface for transmitting and receiving information through a communication network an input unit for receiving a user command, when the ID and password for using the CPNS service is input through the input unit, includes the ID and password
- An encryption unit for encrypting the terminal information using the password an authentication request unit for transmitting an authentication request signal including the encrypted terminal information to the gateway through the communication interface unit, and an authentication generated by the CPNS device according to the authentication request.
- a user terminal including an authentication key management unit for receiving and storing a key from the gateway is provided.
- the user terminal may further include a terminal information registration request unit for transmitting the terminal information including the ID and password input through the input unit to the gateway through a local area network to request registration with the CPNS device.
- the terminal information registration request unit encrypts terminal information including the ID and password by using the password, and transmits the encrypted terminal information to the gateway through a local area network to request the CPNS device to register.
- the user terminal may further include a service execution unit for executing a CPNS service using the authentication key.
- the user terminal if the ID and password for using the CPNS service is input through the input unit, the authentication key generation unit for storing the ID and password and generating an authentication key at the same time, the terminal information including the ID and password And an authentication key provider for encrypting the generated authentication key using the password and transmitting the encrypted authentication key to a CPNS device.
- a communication interface for transmitting and receiving information through a communication network, terminal information including ID and password for each user terminal, a terminal information database storing an authentication key, registration of terminal information through the communication interface
- terminal information registration unit for registering the terminal information in the terminal information database, and when an authentication request signal is received through the communication interface unit, decrypts the terminal information included in the authentication request signal, and the decrypted terminal.
- the terminal information may include at least one of an ID, a password, a terminal unique number, a terminal type, and a terminal model.
- the user terminal transmits the authentication request signal containing the encrypted terminal information to the gateway via a local area network
- the gateway is encrypted in the authentication request signal Requesting authentication by storing the terminal information and transmitting the same to the CPNS device through a mobile communication network
- the CPNS device decrypting the encrypted terminal information according to an authentication request from the gateway to perform user authentication
- Step (d) When the user is authenticated, the CPNS device generates an authentication key for a CPNS service, (e) The CPNS device encrypts the generated authentication key using the password, the encryption Providing an authentication key to the user terminal through the gateway for user authentication in a CPNS environment This issue jeungki method is provided.
- a method for a user terminal issuing an authentication key for user authentication in a CPNS environment, (a) when the user ID and password for using the CPNS service is input, the ID And encrypting terminal information including a password using the password, (b) transmitting an authentication request signal including the encrypted terminal information to a gateway, and (c) generating the CPNS device according to the authentication request.
- a method for issuing an authentication key for user authentication in a CPNS environment includes receiving and storing a received authentication key from the gateway, and (d) accessing the CPNS device through the authentication key to execute a CPNS service. .
- the method for issuing an authentication key for authenticating a user in the CPNS environment may further include requesting the gateway to register terminal information including an ID and a password input by the user before the step (a).
- the CPNS device issuing an authentication key for user authentication in a CPNS environment, (a) when the authentication request signal for using the CPNS service from the gateway, the authentication request signal Decrypting the encrypted terminal information included in (b) determining whether the decrypted terminal information exists in a previously stored terminal information database, (c) the terminal information exists in the terminal information database In the case of generating an authentication key for a CPNS service, (d) encrypting the generated authentication key using a password included in the terminal information, and (e) corresponding encrypted authentication key through the gateway.
- an authentication key issuing method for user authentication in a CPNS environment comprising providing to a user terminal.
- the method for issuing an authentication key for authenticating a user in the CPNS environment may further include registering the terminal information when the terminal information including ID and password is requested from the gateway before step (a). have.
- the present invention when a user uses a plurality of terminals in a CPNS environment, it can be easily authenticated, and a convenient key management method for securing security for each terminal can be provided.
- FIG. 1 is a diagram illustrating an authentication key issuing system for user authentication in a CPNS environment according to an embodiment of the present invention.
- FIG. 2 is a block diagram schematically showing the configuration of a user terminal shown in FIG.
- FIG. 3 is a block diagram schematically showing the configuration of the CPNS device shown in FIG.
- FIG. 4 is a diagram illustrating a method for issuing an authentication key for user authentication in a CPNS environment according to an embodiment of the present invention.
- FIG. 5 is a diagram illustrating an authentication key issuing system for user authentication in a CPNS environment according to another embodiment of the present invention.
- FIG. 6 is a block diagram schematically showing the configuration of the gateway shown in FIG.
- FIG. 7 is a diagram illustrating a method for issuing an authentication key for user authentication in a CPNS environment according to another embodiment of the present invention.
- FIG. 8 is a block diagram schematically illustrating a configuration of a user terminal capable of issuing an authentication key for user authentication in a CPNS environment according to another embodiment of the present invention.
- FIG. 9 is a flowchart illustrating a method for issuing an authentication key for user authentication in a CPNS environment by a user terminal illustrated in FIG. 8.
- FIG. 1 is a diagram illustrating an authentication key issuing system for user authentication in a CPNS environment according to an embodiment of the present invention.
- an authentication key issuing system for authenticating a user in a CPNS environment includes a user terminal 100 equipped with a short range wireless communication function, a mobile communication function, and a short range wireless communication function, and the user terminal 100 and CPNS.
- the gateway 200 provides an interface with the device 300, and the CPNS device 300 issuing an authentication key to use the CPNS service of the user terminal 100.
- the user terminal 100 is equipped with a short-range wireless communication function, requesting the gateway 200 to register the terminal information including the ID and password input by the user to the terminal device to the CPNS device 300 To be registered.
- the terminal information includes an ID and password input by the user, a unique number of the terminal, a terminal model, a terminal type, and the like.
- the user terminal 100 when the user ID and password for using the CPNS service is input, encrypts the terminal information including the ID and password using the password, and includes the encrypted terminal information
- the authentication request signal is transmitted to the gateway 200 to receive the authentication key generated by the CPNS device 300.
- the authentication key received from the CPNS device 300 is an encrypted authentication key
- the user terminal 100 may store the encrypted authentication key and use a CPNS service using the received authentication key. .
- the user terminal 100 refers to a portable terminal having a short range wireless communication function such as a personal multimedia player (PMP), an MP3 player, a car navigation terminal, a mobile phone, a game machine, and the like.
- PMP personal multimedia player
- MP3 player MP3 player
- car navigation terminal a mobile phone
- mobile phone a game machine, and the like.
- the user terminal 100 may further include a mobile communication function.
- the short range wireless communication network includes all communication networks capable of short range wireless communication, including wireless LAN, Bluetooth, UltraWideBand (UWB), Wi-Fi, and the like.
- the gateway 200 is equipped with a mobile communication function or a short-range wireless communication function, and stores the terminal information according to the terminal information registration request from the user terminal 100 and simultaneously transmits the terminal information to the CPNS device 300 through a mobile communication network. do.
- the gateway 200 transmits encrypted terminal information included in the authentication request signal to the CPNS device 300 to request authentication.
- the communication network connecting the gateway 200 and the CPNS device 300 is limited to a mobile communication network, but the communication network means all communication networks including a mobile communication network, a short range wireless communication network, and a wired communication network.
- the gateway 200 is a wired terminal such as a personal computer (PC) that communicates through a wired network (for example, the Internet), or a mobile communication terminal such as a mobile phone or a PDA that can use the wireless Internet through a mobile communication network. Or it means a terminal that includes all the functions of the wired terminal and the mobile communication terminal.
- a wired terminal such as a personal computer (PC) that communicates through a wired network (for example, the Internet)
- a mobile communication terminal such as a mobile phone or a PDA that can use the wireless Internet through a mobile communication network.
- a terminal that includes all the functions of the wired terminal and the mobile communication terminal.
- the gateway 200 refers to a wired terminal, a wireless terminal, a short range wireless terminal, and the like, and both wired and wireless communication are possible.
- the CPNS device 300 receives and stores terminal information from the gateway 200, decrypts encrypted terminal information according to an authentication request from the gateway 200, and performs user authentication, and when authenticated, CPNS service. Create an authentication key for.
- the CPNS device 300 encrypts the authentication key using the password, and provides the encrypted authentication key to the user terminal 100 through the gateway 200.
- one user terminal 100 has been described a technology for requesting registration of terminal information, receiving an authentication key by receiving an ID and password for using CPNS service, but once terminal information is transmitted to CPNS device 300. After registration, the user can use the CPNS service by issuing an authentication key using a plurality of other terminals using only the ID and password.
- the authentication key issuing technology for user authentication as described above may be used in a user authentication procedure for using a cloud computing service.
- the cloud computing service users access the cloud network through a user terminal which performs only network access and basic computing functions at any place, and perform tasks requiring large storage and high performance computing resources, and provide advanced services.
- the user terminal encrypts the ID and password with the password and transmits the ID and password to the cloud network to access the cloud network for using the cloud computing service, and the cloud network provides the authentication key to the user terminal so that the user terminal is clouded.
- Make computing services available it is expressed as a cloud network for convenience of description, but it can be expressed as a CPNS device for providing a cloud server or a cloud computing service.
- the CPNS device integrates data centers distributed in various places with virtualization technology to provide services required by users.
- the service user does not install and use necessary computing resources such as application, storage, operating system (OS), and security in each user's own terminal, but is created through virtualization technology. You can use as many services as you want at the time you want.
- OS operating system
- FIG. 2 is a block diagram schematically illustrating a configuration of a user terminal illustrated in FIG. 1.
- the user terminal 100 includes a communication interface 102 for transmitting and receiving information through a local area network, an input unit 104 for receiving a user command, an output unit 106, and a storage unit 108.
- the terminal information registration request unit 110 transmits the terminal information including the ID and password input through the input unit 104 to the gateway through a short range wireless communication network to request registration to the CPNS device.
- the terminal information includes an ID and password input by the user, a unique number of the terminal, a terminal model, a terminal type, and the like.
- the terminal information registration request unit 110 encrypts the terminal information including the ID and password using the password, and transmits the encrypted terminal information to the gateway through a local area wireless communication network to the CPNS device You can also request registration.
- the encryption unit 112 encrypts the terminal information including the ID and password using the password when the ID and password for CPNS service use are input through the input unit 104.
- the encryption unit 112 may encrypt the terminal information including the ID, password, terminal unique number, etc. using the password.
- the authentication request unit 114 transmits an authentication request signal including the terminal information encrypted by the encryption unit 112 to the gateway through the communication interface unit 102.
- the authentication key manager 116 receives and stores an authentication key generated in a CPNS device from the gateway according to an authentication request of the authentication requester 114.
- the authentication key received from the gateway may be an authentication key generated and encrypted by the CPNS device.
- the service execution unit 117 executes a CPNS service using an authentication key stored in the authentication key manager 116. That is, the service execution unit 117 accesses the CPNS device through the authentication key to execute the CPNS service.
- FIG. 3 is a block diagram schematically showing the configuration of the CPNS device shown in FIG.
- the CPNS device 200 may include a communication interface 302, a terminal information database 306, a terminal information register 304, an authentication unit 308, and an authentication key for transmitting and receiving information through a mobile communication network.
- the terminal information database 306 maps terminal information including an ID and a password of a user terminal and an authentication key.
- the terminal information may include a unique number of the user terminal, terminal type, terminal model and the like.
- the terminal information registration unit 304 stores the terminal information in the terminal information database when registration of terminal information including an ID and a password is requested through the communication interface unit 302.
- the authentication unit 308 When the authentication unit 308 receives an authentication request signal from the gateway through the communication interface unit 302, the authentication unit 308 decodes the terminal information included in the authentication request signal, and the decrypted terminal information includes the terminal information database ( User authentication is performed using the presence or absence at 306. That is, the authentication unit 308 determines whether the ID and password included in the terminal information exist in the terminal information database 306. As a result of the determination, when the ID and password exist in the terminal information database 306, the authentication unit 308 determines that the authenticated user.
- the authentication key generator 310 generates an authentication key for a CPNS service when a user is authenticated as a result of the authentication of the authentication unit 308.
- the authentication key providing unit 312 encrypts the generated authentication key using the password, and provides the encrypted authentication key to the corresponding user terminal through the gateway.
- FIG. 4 is a diagram illustrating a method for issuing an authentication key for user authentication in a CPNS environment according to an embodiment of the present invention.
- the user terminal when a user inputs an ID and a password in order to register terminal information (S400), the user terminal requests a gateway for registration of terminal information including the ID and password (S402).
- the gateway stores the terminal information according to the terminal information registration request from the user terminal (S404), and transmits the terminal information to the CPNS device through the mobile communication network (S406).
- the CPNS device stores terminal information from the gateway (S408).
- the user terminal when the user terminal receives an ID and password for using the CPNS service from the user (S410), the user terminal encrypts the terminal information including the ID and password using the password (S412).
- the user terminal transmits an authentication request signal including the encrypted terminal information to a gateway through a local area wireless communication network (S414).
- the gateway requests the authentication by storing the encrypted terminal information in the authentication request signal and transmitting it to the CPNS device through the mobile communication network (S416).
- the CPNS device decrypts the encrypted terminal information according to the authentication request from the gateway to perform user authentication (S418). That is, the CPNS device performs user authentication using whether the decrypted terminal information exists in a previously stored database.
- the CPNS device When the user is authenticated as a result of the authentication (S420), the CPNS device generates an authentication key for CPNS service (S422), and encrypts the generated authentication key using the password (S424).
- the CPNS device provides the encrypted authentication key to the user terminal through the gateway (S426).
- the user terminal is connected to the CPNS device through the gateway using the authentication key to perform a CPNS service (S428).
- the CPNS device transmits a message to the user terminal through the gateway that the user is not an authenticated user (S430).
- the password only serves as a “temporary credential” until the user authentication is completed and the authentication key is delivered. In the future, the authentication key issued by the CPNS device is used. Is used.
- FIG. 5 is a diagram illustrating an authentication key issuing system for user authentication in a CPNS environment according to another embodiment of the present invention.
- the system for issuing an authentication key for authenticating a user in a CPNS environment includes a user terminal 500 equipped with a short range wireless communication function, a mobile communication function, and a short range wireless communication function so that the user terminal may use a CPNS service. It includes a gateway 600 for issuing an authentication key.
- the user terminal 500 requests the gateway 600 to register the terminal information including the ID and password input by the user, and when the ID and password for using the CPNS service are input, the user terminal 500 includes the ID and password.
- the terminal information is encrypted using the password, and an authentication request signal including the encrypted terminal information is transmitted to the gateway 600 to receive an authentication key from the gateway 600.
- the gateway 600 stores the terminal information according to a terminal information registration request from the user terminal 500.
- the gateway 600 decrypts the encrypted terminal information included in the authentication request signal to perform user authentication, and when authenticated, for CPNS service. Create an authentication key.
- the gateway 600 encrypts the generated authentication key using the password, and provides the encrypted authentication key to the user terminal 500.
- the gateway 600 may provide the encrypted authentication key to a CPNS device (not shown). Then, the user terminal 500 may be connected to the CPNS device through the authentication key to use the CPNS service.
- gateway 600 performing the above role will be given with reference to FIG. 6.
- connection interface between the user terminal 500 and the gateway 600 is a connection interface capable of various wired and wireless communication such as universal serial bus (USB), serial, and Bluetooth (Bluetooth).
- USB universal serial bus
- serial serial
- Bluetooth Bluetooth
- FIG. 6 is a block diagram schematically illustrating a configuration of the gateway illustrated in FIG. 5.
- the gateway 600 includes a communication interface 602, a terminal information database 606, a terminal information register 604, an authentication unit 608, and an authentication key generator for transmitting and receiving information through a communication network. 610, an authentication key provider 612.
- the terminal information database 606 maps terminal information including an ID and a password of a user terminal and an authentication key.
- the terminal information register 604 stores the terminal information in the terminal information database 606 when registration of terminal information including an ID and a password is requested through the communication interface 602.
- the terminal information includes the ID and password, a unique number of the terminal, a terminal model, a terminal type, and the like.
- the authentication unit 608 When the authentication unit 608 receives an authentication request signal for using CPNS service from the user terminal, the authentication unit 608 decrypts the terminal information included in the authentication request signal, and the decrypted terminal information is the terminal information database 606. User authentication is performed using the presence or absence of the.
- the authentication key generation unit 610 generates an authentication key for a CPNS service when the user is authenticated as a result of the authentication of the authentication unit 608.
- the authentication key providing unit 612 encrypts the generated authentication key using the password, and provides the encrypted authentication key to the user terminal.
- the authentication key providing unit 612 may provide the encrypted authentication key to a CPNS device (not shown).
- FIG. 7 is a diagram illustrating a method for issuing an authentication key for user authentication in a CPNS environment according to another embodiment of the present invention.
- the user terminal when a user inputs an ID and a password in order to register terminal information (S700), the user terminal requests the gateway to register terminal information including the ID and password (S702).
- the gateway stores the terminal information according to the terminal information registration request from the user terminal (S704). In this case, the gateway may transmit the terminal information to the CPNS device.
- the user terminal when the user terminal receives an ID and password for using CPNS service (S706), the user terminal encrypts the terminal information including the ID and password using the password (S708).
- the user terminal transmits an authentication request signal including the encrypted terminal information to the gateway through a communication network (S710).
- the gateway decrypts the encrypted terminal information according to the authentication request from the user terminal to perform user authentication (S712). That is, the gateway performs user authentication using whether the decrypted terminal information exists in a previously stored database.
- the gateway If the user is authenticated as a result of the authentication (S714), the gateway generates an authentication key for CPNS service (S716), and encrypts the generated authentication key using the password (S718).
- the gateway provides the encrypted authentication key to the user terminal (S720).
- the gateway transmits the encrypted authentication key to a CPNS device.
- the user terminal is connected to the CPNS device through the authentication key to perform a CPNS service (S722).
- the gateway transmits a message to the user terminal that the user is not an authenticated user (S724).
- FIG. 8 is a block diagram schematically illustrating a configuration of a user terminal capable of issuing an authentication key for user authentication in a CPNS environment according to another embodiment of the present invention.
- a user terminal 800 capable of issuing an authentication key for user authentication in a CPNS environment includes a communication interface 802 for transmitting and receiving information through a communication network, an input unit 804 for receiving a user command, and an output.
- a unit 806, a storage unit 808, an authentication key generator 810, an authentication key provider 812, and a service execution unit 814 are included.
- the authentication key generation unit 810 generates an authentication key while storing the ID and password when an ID and password for CPNS service use are input through the input unit 804.
- the authentication key providing unit 812 encrypts the terminal information including the ID and password and the generated authentication key using the password and transmits the encrypted information to the CPNS device.
- the CPNS device retrieves the terminal information from the pre-stored terminal information database, and stores the authentication key mapped to the terminal information. Then, the CPNS device allows the user terminal to be connected to receive the CPNS service through the authentication key.
- the service execution unit 814 executes a CPNS service using the authentication key generated by the authentication key generation unit 810.
- FIG. 9 is a flowchart illustrating a method for issuing an authentication key for user authentication in a CPNS environment by a user terminal illustrated in FIG. 8.
- the user terminal when the user terminal receives an ID and a password for using the CPNS service by the user (S900), the user terminal generates an authentication key while storing the ID and password (S902).
- the user terminal encrypts the terminal information including the ID and password and the generated authentication key using the password and transmits the encrypted information to the CPNS device (S904). That is, the user terminal provides terminal information, an authentication key, etc. including an ID and a password to the CPNS device, so that the user can use the CPNS service later using another terminal.
- the user terminal executes a CPNS service using the authentication key (S906).
- encryption unit 114 authentication request unit
- terminal information registration unit 306 and 606 terminal information database
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (14)
- 근거리 무선 통신 기능이 탑재되어, 아이디(ID) 및 비밀번호를 포함하는 단말정보의 등록을 게이트웨이에 요청하고, CPNS(Converged Personal Network Service) 서비스 이용을 위한 아이디 및 비밀번호가 입력된 경우, 상기 아이디 및 비밀번호를 포함하는 단말정보를 상기 비밀번호를 이용하여 암호화하고, 상기 암호화된 단말정보를 포함하는 인증 요청 신호를 상기 게이트웨이에 전송하여 CPNS 장치에서 생성된 인증키를 수신하는 사용자 단말;이동 통신 기능 또는 근거리 무선 통신 기능을 탑재하여, 상기 사용자 단말로부터의 단말정보 등록 요청에 따라 상기 단말정보를 이동통신망을 통해 CPNS 장치에 전송하고, 상기 사용자 단말로부터 인증 요청 신호가 수신된 경우 상기 암호화된 단말정보를 상기 CPNS 장치에 전송하여 인증을 요청하는 게이트웨이; 및상기 게이트웨이로부터의 단말정보를 저장하고, 상기 게이트웨이로부터의 인증 요청에 따라 상기 암호화된 단말정보를 해독하여 사용자 인증을 수행하고, 인증된 경우 CPNS 서비스를 위한 인증키를 생성하고, 상기 생성된 인증키를 상기 비밀번호를 이용하여 암호화한 후, 상기 게이트웨이를 통해 상기 사용자 단말에 제공하는 CPNS 장치;를 포함하는 CPNS 환경에서 사용자 인증을 위한 인증키 발급 시스템.
- 제1항에 있어서,상기 게이트웨이는 상기 사용자 단말로부터의 단말정보 등록 요청에 따라 단말정보를 저장한 후, 상기 사용자 단말로부터 인증 요청 신호가 수신된 경우 상기 암호화된 단말정보를 해독하여 사용자 인증을 수행하고, 인증된 경우 CPNS 서비스를 위한 인증키를 생성하고, 상기 생성된 인증키를 상기 비밀번호를 이용하여 암호화한 후 상기 사용자 단말 및 CPNS 장치에 제공하는 것을 특징으로 하는 CPNS 환경에서 사용자 인증을 위한 인증키 발급 시스템.
- 통신망을 통해 정보를 송수신하기 위한 통신 인터페이스부;사용자 명령을 입력받는 입력부;상기 입력부를 통해 CPNS 서비스 이용을 위한 아이디 및 비밀번호가 입력된 경우, 상기 아이디 및 비밀번호를 포함하는 단말정보를 상기 비밀번호를 이용하여 암호화하는 암호화부;상기 암호화된 단말정보를 포함하는 인증 요청 신호를 상기 통신 인터페이스부를 통해 게이트웨이에 전송하는 인증 요청부; 및상기 인증 요청에 따라 CPNS 장치에서 생성된 인증키를 상기 게이트웨이로부터 수신 및 저장하는 인증키 관리부;를 포함하는 사용자 단말.
- 제3항에 있어서,상기 입력부를 통해 입력된 아이디 및 비밀번호를 포함하는 단말정보를 근거리 무선 통신망을 통해 상기 게이트웨이에 전송하여 상기 CPNS 장치에 등록 요청하는 단말 정보 등록 요청부를 더 포함하는 사용자 단말.
- 제4항에 있어서,상기 단말 정보 등록 요청부는 상기 아이디 및 비밀번호를 포함하는 단말정보를 상기 비밀번호를 이용하여 암호화하고, 상기 암호화된 단말정보를 근거리 무선 통신망을 통해 상기 게이트웨이에 전송하여 상기 CPNS 장치에 등록 요청하는 것을 특징으로 하는 사용자 단말.
- 제3항에 있어서,상기 인증키를 이용하여 CPNS 서비스를 실행하는 서비스 실행부를 더 포함하는 사용자 단말.
- 제3항에 있어서,상기 입력부를 통해 CPNS 서비스 이용을 위한 아이디 및 비밀번호가 입력된 경우, 상기 아이디와 비밀번호를 저장함과 동시에 인증키를 생성하는 인증키 생성부; 및상기 아이디 및 비밀번호를 포함하는 단말정보와 상기 생성된 인증키를 상기 비밀번호를 이용하여 암호화하여 CPNS 장치로 전송하는 인증키 제공부를 더 포함하는 사용자 단말.
- 통신망을 통해 정보를 송수신하기 위한 통신 인터페이스부;사용자 단말별 아이디 및 비밀번호를 포함하는 단말정보, 인증키가 저장된 단말 정보 데이터베이스;상기 통신 인터페이스부를 통해 단말정보의 등록이 요청된 경우, 상기 단말정보를 상기 단말정보 데이터베이스에 등록하는 단말정보 등록부;상기 통신 인터페이스부를 통해 인증 요청 신호가 수신된 경우, 상기 인증 요청 신호에 포함된 단말정보를 해독하고, 상기 해독된 단말정보가 상기 단말정보 데이터베이스에 존재하는지의 여부를 이용하여 사용자 인증을 수행하는 인증부;상기 사용자가 인증된 경우, CPNS 서비스를 위한 인증키를 생성하는 인증키 생성부; 및상기 생성된 인증키를 상기 단말정보에 포함된 비밀번호를 이용하여 암호화하고, 상기 암호화된 인증키를 상기 통신 인터페이스부를 통해 해당 사용자 단말에 제공하는 인증키 제공부;를 포함하는 CPNS 장치.
- 제8항에 있어서,상기 단말정보는 아이디, 비밀번호, 단말 고유번호, 단말 종류, 단말 기종 중 적어도 하나를 포함하는 것을 특징으로 하는 CPNS 장치.
- (a) 사용자 단말이 상기 암호화된 단말정보를 포함하는 인증 요청 신호를 근거리 무선 통신망을 통해 게이트웨이에 전송하는 단계;(b) 상기 게이트웨이가 상기 인증 요청 신호내 암호화된 단말정보를 저장함과 동시에 이동통신망을 통해 CPNS 장치에 전송하여 인증을 요청하는 단계;(c) 상기 CPNS 장치가 상기 게이트웨이로부터의 인증 요청에 따라 상기 암호화된 단말정보를 해독하여 사용자 인증을 수행하는 단계;(d) 상기 사용자가 인증된 경우, 상기 CPNS 장치가 CPNS 서비스를 위한 인증키를 생성하는 단계; 및(e) 상기 CPNS 장치가 상기 생성된 인증키를 상기 비밀번호를 이용하여 암호화하고, 상기 암호화된 인증키를 상기 게이트웨이를 통해 상기 사용자 단말에 제공하는 단계;를 포함하는 CPNS 환경에서 사용자 인증을 위한 인증키 발급 방법.
- 사용자 단말이 CPNS 환경에서 사용자 인증을 위한 인증키를 발급받기 위한 방법에 있어서,(a) 사용자에 의해 CPNS 서비스 이용을 위한 아이디 및 비밀번호가 입력된 경우, 상기 아이디와 비밀번호를 포함하는 단말정보를 상기 비밀번호를 이용하여 암호화하는 단계;(b) 상기 암호화된 단말정보를 포함하는 인증 요청 신호를 게이트웨이에 전송하는 단계;(c) 상기 인증 요청에 따라 CPNS 장치에서 생성된 인증키를 상기 게이트웨이로부터 수신 및 저장하는 단계; 및(d) 상기 인증키를 통해 상기 CPNS 장치에 접속되어 CPNS 서비스를 실행하는 단계;를 포함하는 CPNS 환경에서 사용자 인증을 위한 인증키 발급 방법.
- 제11항에 있어서,상기 (a) 단계 이전에,상기 사용자에 의해 입력된 아이디 및 비밀번호를 포함하는 단말정보의 등록을 상기 게이트웨이에 요청하는 단계를 더 포함하는 CPNS 환경에서 사용자 인증을 위한 인증키 발급 방법.
- CPNS 장치가 CPNS 환경에서 사용자 인증을 위한 인증키를 발급하는 방법에 있어서,(a) CPNS 서비스 이용을 위한 인증 요청 신호가 수신된 경우, 상기 인증 요청 신호에 포함된 암호화된 단말정보를 해독하는 단계;(b) 상기 해독된 단말정보가 기 저장된 단말정보 데이터베이스에 존재하는지의 여부를 판단하는 단계;(c) 상기 단말정보가 상기 단말정보 데이터베이스에 존재하는 경우, CPNS 서비스를 위한 인증키를 생성하는 단계;(d) 상기 생성된 인증키를 상기 단말정보에 포함된 비밀번호를 이용하여 암호화하는 단계; 및(e) 상기 암호화된 인증키를 해당 사용자 단말에 제공하는 단계;를 포함하는 CPNS 환경에서 사용자 인증을 위한 인증키 발급 방법.
- 제13항에 있어서,상기 (a) 단계 이전에,상기 사용자 단말로부터 아이디 및 비밀번호를 포함하는 단말정보의 등록이 요청된 경우, 상기 단말정보를 등록하는 단계를 더 포함하는 CPNS 환경에서 사용자 인증을 위한 인증키 발급 방법.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/824,117 US8949604B2 (en) | 2011-01-20 | 2011-11-30 | System and method for issuing an authentication key for authenticating a user in a CPNS environment |
EP11856065.5A EP2667649B1 (en) | 2011-01-20 | 2011-11-30 | System and method for issuing an authentication key for authenticating a user in a cpns environment |
CN201180065574.1A CN103329589B (zh) | 2011-01-20 | 2011-11-30 | 发布用于在cpns环境中验证用户的验证密钥的系统和方法 |
JP2013550384A JP2014508446A (ja) | 2011-01-20 | 2011-11-30 | Cpns環境におけるユーザ認証のための認証キー発給システム及び方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2011-0005787 | 2011-01-20 | ||
KR1020110005787A KR101264299B1 (ko) | 2011-01-20 | 2011-01-20 | Cpns 환경에서 사용자 인증을 위한 인증키 발급 시스템 및 방법 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2012099330A2 true WO2012099330A2 (ko) | 2012-07-26 |
WO2012099330A3 WO2012099330A3 (ko) | 2012-09-13 |
Family
ID=46516188
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2011/009196 WO2012099330A2 (ko) | 2011-01-20 | 2011-11-30 | Cpns 환경에서 사용자 인증을 위한 인증키 발급 시스템 및 방법 |
Country Status (6)
Country | Link |
---|---|
US (1) | US8949604B2 (ko) |
EP (1) | EP2667649B1 (ko) |
JP (1) | JP2014508446A (ko) |
KR (1) | KR101264299B1 (ko) |
CN (1) | CN103329589B (ko) |
WO (1) | WO2012099330A2 (ko) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111619508A (zh) * | 2019-02-26 | 2020-09-04 | 现代摩比斯株式会社 | 用于车辆的遥控系统及其操作方法 |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
IT1398518B1 (it) * | 2009-09-25 | 2013-03-01 | Colombo | Safe milano |
KR101683292B1 (ko) * | 2010-06-18 | 2016-12-07 | 삼성전자주식회사 | Pn 라우팅 테이블을 이용한 개인 네트워크의 구성 장치 및 방법 |
US8850496B2 (en) * | 2011-10-31 | 2014-09-30 | Verizon Patent And Licensing Inc. | Dynamic provisioning of closed captioning to user devices |
JP6167667B2 (ja) * | 2013-05-23 | 2017-07-26 | 富士通株式会社 | 認証システム、認証方法、認証プログラムおよび認証装置 |
CN104618089B (zh) * | 2013-11-04 | 2019-05-10 | 华为技术有限公司 | 安全算法的协商处理方法、控制网元和系统 |
US20170171751A1 (en) * | 2013-11-26 | 2017-06-15 | Lg Electronics Inc. | Method for allocating ae id in wireless communication system |
CN104935426B (zh) * | 2014-03-21 | 2018-11-30 | 华为技术有限公司 | 密钥协商方法、用户设备和近距离通信控制网元 |
US9485250B2 (en) * | 2015-01-30 | 2016-11-01 | Ncr Corporation | Authority trusted secure system component |
CN115277026A (zh) * | 2022-09-26 | 2022-11-01 | 国网浙江余姚市供电有限公司 | 一种基于区块链的物联网网关控制方法及装置、介质 |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100608495B1 (ko) | 2004-08-27 | 2006-08-03 | 유넷시스템주식회사 | 내부 네트워크상의 통합인증시스템, 내부 네트워크상의 통합인증방법 및 기록매체 |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000148689A (ja) * | 1998-11-10 | 2000-05-30 | Nec Corp | ネットワークシステムのユーザ認証方法 |
JP2003092775A (ja) * | 2001-09-18 | 2003-03-28 | Ntt Docomo Inc | 移動通信サービス提供システム、サービス提供装置、移動端末及び移動通信サービス提供方法 |
US8369525B2 (en) * | 2002-10-24 | 2013-02-05 | At&T Mobility Ii Llc | Dynamic password update for wireless encryption system |
KR100547855B1 (ko) * | 2003-01-14 | 2006-01-31 | 삼성전자주식회사 | 근거리 통신 장치를 구비한 복합 이동 통신 단말의 보안통신 시스템 및 방법 |
US9282455B2 (en) * | 2004-10-01 | 2016-03-08 | Intel Corporation | System and method for user certificate initiation, distribution, and provisioning in converged WLAN-WWAN interworking networks |
KR100680177B1 (ko) * | 2004-12-30 | 2007-02-08 | 삼성전자주식회사 | 홈 네트워크 외부에서 사용자를 인증하는 방법 |
DK1997270T3 (en) * | 2006-03-09 | 2015-02-16 | Vasco Data Security Int Gmbh | METHOD AND APPROVAL OF A USER APPROVAL |
KR20090120550A (ko) * | 2008-05-20 | 2009-11-25 | (주) 엘지텔레콤 | 데이터 통신단말의 보안강화 시스템 및 그의 동작방법 |
KR101236438B1 (ko) * | 2008-11-04 | 2013-02-21 | 에스케이플래닛 주식회사 | Cpns 환경에서 종단 단말기로 서비스를 제공하기 위한 시스템 및 방법과 이를 위한 cpns 서버, 이동통신 단말기 및 종단 단말기 |
KR101268838B1 (ko) * | 2008-11-06 | 2013-05-29 | 에스케이플래닛 주식회사 | Cpns 환경에서 원거리의 종단 단말기를 제어하기 위한 시스템 및 방법과 이를 위한 cpns 서버, 이동통신 단말기 |
KR101291654B1 (ko) * | 2009-02-24 | 2013-08-01 | 에스케이플래닛 주식회사 | Cpns 환경에서 종단 단말기가 다수의 이동통신 단말기에 연결되어 서비스를 제공받기 위한 방법 및 시스템과 이를 위한 cpns 서버 및 종단 단말기 |
KR101674903B1 (ko) * | 2009-10-20 | 2016-11-11 | 삼성전자주식회사 | 개인 네트워크를 이용한 서비스 제공 방법 및 장치 |
US20110231547A1 (en) * | 2010-03-18 | 2011-09-22 | Yang Ju-Ting | Search methods applied to a personal network gateway in converged personal network service systems and related converged personal network service systems and mobile devices |
CN103141054B (zh) * | 2010-09-28 | 2016-04-27 | Lg电子株式会社 | 在融合网络中分配用户密钥的方法 |
-
2011
- 2011-01-20 KR KR1020110005787A patent/KR101264299B1/ko active IP Right Grant
- 2011-11-30 WO PCT/KR2011/009196 patent/WO2012099330A2/ko active Application Filing
- 2011-11-30 JP JP2013550384A patent/JP2014508446A/ja active Pending
- 2011-11-30 CN CN201180065574.1A patent/CN103329589B/zh active Active
- 2011-11-30 EP EP11856065.5A patent/EP2667649B1/en active Active
- 2011-11-30 US US13/824,117 patent/US8949604B2/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100608495B1 (ko) | 2004-08-27 | 2006-08-03 | 유넷시스템주식회사 | 내부 네트워크상의 통합인증시스템, 내부 네트워크상의 통합인증방법 및 기록매체 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2667649A4 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111619508A (zh) * | 2019-02-26 | 2020-09-04 | 现代摩比斯株式会社 | 用于车辆的遥控系统及其操作方法 |
CN111619508B (zh) * | 2019-02-26 | 2022-09-13 | 现代摩比斯株式会社 | 用于车辆的遥控系统及其操作方法 |
Also Published As
Publication number | Publication date |
---|---|
EP2667649A2 (en) | 2013-11-27 |
KR101264299B1 (ko) | 2013-05-22 |
US20130179688A1 (en) | 2013-07-11 |
WO2012099330A3 (ko) | 2012-09-13 |
EP2667649B1 (en) | 2018-11-28 |
CN103329589B (zh) | 2016-08-24 |
CN103329589A (zh) | 2013-09-25 |
KR20120084428A (ko) | 2012-07-30 |
EP2667649A4 (en) | 2015-06-24 |
JP2014508446A (ja) | 2014-04-03 |
US8949604B2 (en) | 2015-02-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2012099330A2 (ko) | Cpns 환경에서 사용자 인증을 위한 인증키 발급 시스템 및 방법 | |
WO2021002692A1 (en) | Method for providing virtual asset service based on decentralized identifier and virtual asset service providing server using them | |
WO2017111383A1 (ko) | 생체 정보 기반 인증 장치, 이와 연동하는 제어 서버, 그리고 이들의 생체 정보 기반 로그인 방법 | |
WO2021003975A1 (zh) | 网关接口测试方法、终端设备、存储介质及装置 | |
WO2013025085A2 (en) | Apparatus and method for supporting family cloud in cloud computing system | |
WO2015147547A1 (en) | Method and apparatus for supporting login through user terminal | |
WO2019132272A1 (ko) | 블록체인 기반의 서비스로서의 아이디 | |
WO2013183814A1 (ko) | 개선된 보안 기능 기반의 클라우드 서비스 시스템 및 이를 지원하는 방법 | |
WO2020224246A1 (zh) | 基于区块链的数据管理方法、装置、设备和存储介质 | |
WO2012093900A2 (en) | Method and device for authenticating personal network entity | |
WO2014063455A1 (zh) | 即时通信方法和系统 | |
WO2013005989A2 (ko) | 이동 기기에 대한 그룹 키 관리를 위한 방법 및 장치 | |
WO2017105072A1 (ko) | 생체 정보 기반 인증 장치 그리고 이의 동작 방법 | |
WO2014185594A1 (ko) | Vdi 환경에서의 싱글 사인온 시스템 및 방법 | |
WO2013191325A1 (ko) | 트러스티드 플랫폼 기반의 개방형 아이디 인증 방법, 이를 위한 장치 및 시스템 | |
WO2021112603A1 (en) | Method and electronic device for managing digital keys | |
WO2015101332A1 (zh) | 密码分级管理方法和系统 | |
WO2019221419A1 (ko) | 하드웨어 보안 모듈 | |
WO2019182377A1 (ko) | 블록체인 기반 암호화폐의 트랜잭션에 이용되는 주소 정보 생성 방법, 전자 장치 및 컴퓨터 판독 가능한 기록 매체 | |
WO2015046954A1 (ko) | 핫스팟 기능이 있는 전자기기에 접속하는 방법 및 장치 | |
WO2017209467A1 (ko) | IoT 환경에서 P2P 데이터 보안 서비스 제공 방법 및 장치 | |
WO2018032583A1 (zh) | 一种终端位置信息获取方法及装置 | |
WO2020032351A1 (ko) | 익명 디지털 아이덴티티 수립 방법 | |
WO2021020918A1 (ko) | 논리적 내부 네트워크를 제공하는 방법, 이를 구현하는 모바일 단말 및 어플리케이션 | |
WO2016064040A1 (ko) | 서명정보를 이용하여 응용 프로그램의 위변조 여부를 탐지하는 사용자 단말기 및 그것을 이용한 위변조 탐지 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11856065 Country of ref document: EP Kind code of ref document: A2 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13824117 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2013550384 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011856065 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |