WO2015020360A1 - 무선 통신 시스템에서 기기 등록 및 인증을 수행하는 방법 및 장치 - Google Patents
무선 통신 시스템에서 기기 등록 및 인증을 수행하는 방법 및 장치 Download PDFInfo
- Publication number
- WO2015020360A1 WO2015020360A1 PCT/KR2014/007100 KR2014007100W WO2015020360A1 WO 2015020360 A1 WO2015020360 A1 WO 2015020360A1 KR 2014007100 W KR2014007100 W KR 2014007100W WO 2015020360 A1 WO2015020360 A1 WO 2015020360A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- registration
- server
- authentication information
- authentication
- information
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Definitions
- the present invention relates to a method and apparatus for performing device registration and authentication in a wireless communication system.
- GWs gateways
- Conventional gateways are not subjects of authentication or registration indoors, such as homes or offices, but are connected to external servers / systems and indoor control devices or service devices and agents for supporting the same. It acts as an agent.
- Wi-Fi devices that communicate with indoor GWs have various security problems during the access point (AP) registration / authentication process. This is because in general, problems such as use of inferred service set identifiers (SSIDs), exposure of passwords, and key management occur during registration / authentication of the Wi-Fi device. Therefore, the Wi-Fi device generally uses a separate payload encryption method when transmitting and receiving privacy data through Wi-Fi communication.
- AP access point
- SSIDs inferred service set identifiers
- the Wi-Fi device generally uses a separate payload encryption method when transmitting and receiving privacy data through Wi-Fi communication.
- symmetric key generation is mainly used.
- the symmetric key generation method generates a symmetric key based on a unique personal identification number (PIN) / key or password and uses the symmetric key as an encryption key through mutual sharing. That's the way it is.
- PIN personal identification number
- Wi-Fi devices on a home network where a home service is provided are always assigned an account from a server and use a corresponding security PIN and password.
- this method has a difficulty in connecting to the server at the time of server maintenance cost and device registration.
- a registration method through a one-way web server account is used as a method for authentication at the time of registering a service of a Wi-Fi device, which has a weak security problem.
- a PIN / key can be inferred, and if the symmetric key itself is also exposed to each other, a problem occurs on the secure channel.
- An embodiment of the present invention proposes a method and apparatus for performing device registration and authentication in a wireless communication system.
- an embodiment of the present invention provides a certificate issuing function for a Wi-Fi device to a GW and allows the GW to act on the server of the Wi-Fi device for more secure authentication and higher security.
- a method and apparatus for enabling communication with the present invention are proposed.
- an embodiment of the present invention proposes a method and apparatus for reinforcing authentication information security by using a certificate using asymmetric key method in the device authentication process.
- an embodiment of the present invention proposes a method and apparatus for applying additional security techniques and techniques during registration and authentication to minimize the possibility of security threats and to perform a more secure and convenient registration and authentication process.
- the first method proposed in an embodiment of the present invention A method of performing a device registration and authentication by a gateway (GW) in a wireless communication system, the method comprising: generating self-signed certificate information and assigning it to at least one device; When the authentication channel with the at least one device is generated based on the step of transmitting a registration request message for requesting registration of the at least one device to a server, and authentication information for the at least one device from the server If is received, the step of transmitting the received authentication information to the at least one device.
- GW gateway
- the second method proposed in an embodiment of the present invention In a method of registering and authenticating a device in a wireless communication system, a process of receiving self-signed certificate information generated by a gateway (GW) and based on the self-signed certificate information When the authentication channel with the GW is generated, receiving the authentication information generated by the server from the GW through the authentication channel, and receiving a service from the server based on the received authentication information.
- a gateway gateway
- the third method proposed in an embodiment of the present invention A method of performing device registration and authentication by a server providing a service in a wireless communication system, the method comprising: receiving a message requesting registration of at least one device from a gateway (GW); Generating authentication information for the GW, and transmitting the generated authentication information to the GW, wherein the at least one device allocates self-signed certificate information generated by the GW. Characterized in that the at least one device received.
- GW gateway
- the first device proposed in an embodiment of the present invention;
- a gateway in a wireless communication system, a control unit for generating and assigning self-signed certificate information to at least one device, and receiving authentication information for the at least one device from a server.
- a registration request message requesting registration of the at least one device is transmitted to the server, and the received authentication information is received. It includes a transmitter for transmitting to the at least one device.
- the second device proposed in an embodiment of the present invention.
- a receiving unit and self-signed certificate information generated by a gateway (GW) are assigned, and an authentication channel with the GW is generated based on the self-signed certificate information.
- a control unit for controlling the receiving unit to receive authentication information generated by a server from the GW through the authentication channel and to receive a service from the server based on the received authentication information.
- the third device proposed in an embodiment of the present invention.
- a server providing a service in a wireless communication system comprising: a receiving unit for receiving a message requesting registration of at least one device from a gateway (GW), a control unit generating authentication information for the at least one device; And a transmitter for transmitting the generated authentication information to the GW, wherein the at least one device is at least one device assigned with self-signed certificate information generated by the GW. .
- the present invention can register the Wi-Fi device even in a server offline environment because the GW acts as a registration agent for the Wi-Fi device as a server in a wireless communication system such as a home network. Accordingly, in the present invention, the setting and registration time for the Wi-Fi device is reduced.
- the GW when there are a plurality of Wi-Fi devices that want to register with the server to subscribe to the service, the GW can register the plurality of Wi-Fi devices in the server, maintenance and repair The cost is reduced.
- the present invention since the registration process is performed based on a specific interface, security at the time of registration can be improved.
- the present invention has an advantage of enhancing security on a corresponding channel by performing mutual authentication through a certificate after registering a device, and easily extending a service based on a certificate.
- FIG. 1 is a view showing the configuration of a wireless communication system according to an embodiment of the present invention.
- FIG. 2 is a signal flow diagram illustrating a process in which a GW is registered in a server in a wireless communication system according to an embodiment of the present invention
- FIG. 3 is a signal flow diagram illustrating a process in which a headless Wi-Fi device is registered in a GW in a wireless communication system according to an embodiment of the present invention
- FIG. 4 is a signal flowchart illustrating a process in which a display Wi-Fi device is registered in a GW in a wireless communication system according to an embodiment of the present invention
- FIG. 5 is a signal flowchart illustrating a process in which a GW registers a Wi-Fi device with a server in a wireless communication system according to an embodiment of the present invention
- FIG. 6 is a flowchart illustrating an operation in which a GW is registered in a server in a wireless communication system according to an embodiment of the present invention
- FIG. 7 is a flowchart illustrating an operation of registering a GW by a server in a wireless communication system according to an embodiment of the present invention
- FIG. 8 is a flowchart illustrating an operation in which a headless Wi-Fi device is registered in a GW in a wireless communication system according to an embodiment of the present invention
- FIG. 9 is a flowchart illustrating an operation in which a GW registers a headless Wi-Fi device in a wireless communication system according to an embodiment of the present invention
- FIG. 10 is a flowchart illustrating an operation in which a display Wi-Fi device is registered in a GW in a wireless communication system according to an embodiment of the present invention
- FIG. 11 is a flowchart illustrating an operation in which a GW registers a display Wi-Fi device in a wireless communication system according to an embodiment of the present disclosure.
- FIG. 12 is a flowchart illustrating an operation in which a GW registers a Wi-Fi device to a server in a wireless communication system according to an embodiment of the present invention
- FIG. 13 is a flowchart illustrating an operation in which a server registers a Wi-Fi device through a GW in a wireless communication system according to an embodiment of the present invention
- FIG. 14 is a block diagram of a Wi-Fi device according to an embodiment of the present invention.
- FIG. 15 is a block diagram of a GW according to an embodiment of the present invention.
- 16 is a block diagram of a server according to an embodiment of the present invention.
- a “component surface” includes one or more component representations.
- first and second may be used to describe various components, but the components are not limited by the terms. The terms are used only for the purpose of distinguishing one component from another.
- first component may be referred to as the second component, and similarly, the second component may also be referred to as the first component.
- the electronic device may include a communication function.
- the electronic device may be a smart phone, a tablet personal computer (PC), a mobile phone, a video phone, an e-book reader, a desktop ( desktop PCs, laptop PCs, netbook PCs, personal digital assistants (PDAs), portable multimedia players (PMPs), MP3 players Mobile medical devices, cameras, wearable devices (e.g., head-mounted devices (HMD), electronic clothing, electronic bracelets, electronic necklaces, electronic accessories) appcessory, electronic tattoo, or smart watch.
- HMD head-mounted devices
- the electronic device may be a smart home appliance having a communication function.
- the smart home appliance includes a television, a digital video disk (DVD) player, an audio, a refrigerator, an air conditioner, a vacuum cleaner, an oven, Microwave oven, washer, dryer, air purifier, set-top box, TV box (e.g. Samsung HomeSyncTM, Apple TVTM, or Google TVTM), gaming console ), An electronic dictionary, a camcorder, an electronic photo frame, and the like.
- DVD digital video disk
- an electronic device may include a medical device (eg, magnetic resonance angiography (MRA) device, magnetic resonance imaging (MRI), and computed tomography).
- MRA magnetic resonance angiography
- MRI magnetic resonance imaging
- computed tomography tomography
- CT tomography
- imaging devices or ultrasound devices
- GPS global positioning system
- EDR event data recorders
- FDR flight records Flight data recorder
- automotive infotainment device navigational electronic device (e.g. navigation navigation device, gyroscope or compass), avionics device, security device and , Industrial or consumer robots.
- an electronic device may include furniture, parts of a building / structure, an electronic board, an electronic signature receiving device, a projector, and various measurement devices (eg, And electrical, gas, or electromagnetic wave measuring devices).
- various measurement devices eg, And electrical, gas, or electromagnetic wave measuring devices.
- the electronic device may be a combination of devices as described above.
- the electronic device according to the preferred embodiments of the present invention is not limited to the device as described above.
- the terminal may be an electronic device as an example.
- the present invention provides a device registration and authentication method and apparatus in a wireless communication system.
- the device proposed in the embodiment of the present invention may be a home appliance such as a washing machine, a refrigerator, a television, or a mobile phone or a tablet PC capable of wireless communication.
- the device is not limited to the above devices and can be variously changed.
- the device is a device that performs Wi-Fi communication, and a method and apparatus for performing a registration and authentication process based on Wi-Fi communication will be described.
- the method and apparatus proposed by the present invention may be applied and used to be suitable for a wireless communication system in which other communication is used besides the Wi-Fi communication.
- the terms of certificate and authentication information may be used interchangeably below.
- FIG. 1 is a diagram illustrating a configuration of a wireless communication system according to an exemplary embodiment of the present invention.
- the wireless communication system may be configured as, for example, a home network, and includes a Wi-Fi device 100, a gateway (GW) 120, and a server 140.
- a Wi-Fi device 100 a Wi-Fi device 100
- GW gateway
- server 140 a server
- the Wi-Fi device 100 represents a device that is included in the home network and can receive and use a home network service from the server 140 based on Wi-Fi communication.
- the Wi-Fi device 100 is a Wi-Fi device (hereinafter referred to as a display Wi-Fi device) including a display unit such as a mobile terminal and a TV, and a Wi-Fi device that does not include a display unit such as a refrigerator and a washing machine.
- Fi device hereinafter referred to as a 'headless Wi-Fi device').
- the Wi-Fi device 100 needs to be registered with the server 140 connected to an external network and an access point (AP) in order to receive a service.
- AP access point
- a registration process for the GW 120 of the Wi-Fi device 100 must be performed first. This is because when the Wi-Fi device 100 is registered with the GW 120, the GW 120 performs a registration process with the server 140 with respect to the Wi-Fi device 100. That is, registration of the Wi-Fi device 100 to the server 140 is performed through the GW 120.
- the GW 120 transmits information about the Wi-Fi device 100 to the server 140. Then, the server 140 transmits the authentication information to the Wi-Fi device 100 by allocating unique authentication information to the Wi-Fi device 100 and transmitting the authentication information to the GW 120. To be possible.
- the above process may be performed in a background mode, and authentication information between the Wi-Fi device 100 and the GW 120 and authentication information between the GW 120 and the server 140 may be used. It can be done via a secure channel on which it is based.
- the GW 120 has a function of issuing a self-signed certificate and allocates authentication information 115 to the Wi-Fi device 100 to be registered.
- the authentication information 115 of the Wi-Fi device 100 may be a certificate authority (CA) that issued the corresponding authentication information of the GW 120 or a public certificate of a sub CA (sub). 115), which may be provided through an SDK or the like.
- CA certificate authority
- a one-way authentication channel may be formed to be authenticated by the GW 120 to register with the GW 120.
- the server 140 and the GW 120 have authentication information 135 and 145 issued from the same root / sub CA, thereby forming a channel for two-way authentication upon interconnection. can do.
- the Wi-Fi device 100 and the GW 120 may include interfaces 110 and 130 for generating a registration event for performing a registration process.
- the interface 110 or 130 may be a physical button or a specific menu capable of selecting (input or clicking) from a user configured in a web page or an application.
- the Wi-Fi device 100 and the GW 120 may respectively perform a registration process for a preset time, and during the other time (for example, after the preset time), the registration process may be performed. Do not perform. To this end, the Wi-Fi device 100 and the GW 120 may each drive a timer having a preset time when a registration event occurs.
- Steps (2-1) and (2-2) of the following four processes may be alternatively performed according to the characteristics of the Wi-Fi device (with or without display).)
- FIG. 2 is a signal flow diagram illustrating a process in which a GW is registered in a server in a wireless communication system according to an exemplary embodiment of the present invention.
- the user 150 when the user 150 wants to register the GW 120 as the new GW in the server 140, the user 150 newly registers a username and password associated with the GW 120. Generated as GW information.
- the user 150 transmits the new GW information to the server 140 to register the new GW information.
- the server 140 receives and registers the new GW information, and provides the user 150 with registration status information indicating whether the new GW information is registered in step 202.
- Operation between the user 150 and the server 140 may be performed through a server management web page (or application).
- the user 150 selects a menu for logging in to the server management web page to register a new GW.
- the user 150 transmits the new GW information to the server 140 through the selected menu, and the server 140 displays the registration result of the new GW information on a corresponding web page.
- 150 may provide the registration status information.
- the user 150 determines that the new GW information has been registered with the server 140 based on the registration status information, the user 150 generates a registration event in step 206.
- the registration event may be generated by the user 150 through a separate interface.
- the registration event is generated by pushing (or touching) the "register button" as an example.
- the GW 120 enters a registration mode when the registration event occurs, and drives the timer in step 208.
- the timer may be set to a duration time (eg, 3 minutes) during which the registration process may continue, and the duration of the timer may be adjusted according to the implementation.
- the user 150 accesses the web page of the GW 120 in step 210 and inputs the user name and password which are the new GW information registered in the server 140. Enter it.
- the GW 120 transmits a registration request message including the user name, a password, and the MAC address of the GW 120 to the server 140.
- the registration request message may be transmitted to the server 140 in the form of HTTP Send Post (HTTPS) using the HTTP Post method.
- the server 140 determines whether the user name and password included in the registration request message match the previously registered user name and password. If the server 140 determines that the user name and password included in the registration request message match the previously registered user name and password, the server 140 identifies the ID and password as authentication information to the GW 120. Allocate
- the server 140 transmits the assigned ID and password to the GW 120 through an HTTP POST message.
- the ID assigned to the GW 120 may be a unique ID or a Jabber ID
- the assigned password may be a GW management password used by the server 140 to manage the GW 120. Can be.
- the GW 120 stores the ID and password allocated from the server 140 as authentication information for mutual authentication with the server 140 in step 216.
- the server 140 also stores the ID and password of the GW 120 in step 218 and registers the GW 120 as a new GW.
- the GW 120 releases the registration mode and ends all registration process.
- the GW 120 When the GW 120 is registered in the server 140 through the above process, and the ID and password are stored as authentication information for the GW 120 in the GW 120 and the server 140, respectively.
- the GW 120 and the server 140 may form a channel capable of mutual authentication based on the authentication information to perform communication.
- FIG. 3 is a signal flow diagram illustrating a process in which a headless Wi-Fi device is registered in a GW in a wireless communication system according to an exemplary embodiment of the present invention.
- the Wi-Fi device 100 is a headless Wi-Fi device.
- the Wi-Fi device 100 in order for the Wi-Fi device 100 to be registered in the GW 120, first, network pairing should be performed. To this end, the Wi-Fi device 100 performs an operation for network pairing with the AP 160 in the home network, as shown in steps 300 to 308.
- the Wi-Fi device 100 and the AP 160 are pressed by the user 150 in step 300 and step 302 (for example, a WPS (Wi-Fi protected setup) button). Accordingly, when a registration event occurs, each timer is driven and the registration mode is entered.
- WPS Wi-Fi protected setup
- the Wi-Fi device 100 obtains a Wi-Fi network internet protocol (IP) from the GW 120 and in step 304, the AP 160 is based on the obtained Wi-Fi network IP. Connect to When the Wi-Fi device 100 is connected, the AP 160 assigns an IP address to the Wi-Fi device 100 in step 306. In operation 308, the Wi-Fi device 100 performs network pairing based on the assigned IP address.
- IP Wi-Fi network internet protocol
- the user 150 may generate a registration event by pressing a registration button between the Wi-Fi device 100 and the GW 120.
- the registration event occurs in steps 310 and 312, the Wi-Fi device 100 and the GW 120 respectively drive a timer for performing the registration process.
- the user 150 may access the GW management web page (or application) and request the GW 120 to provide information about a Wi-Fi device that can be currently registered in a product registration page menu. Accordingly, the GW 120 performs a discovery operation for detecting the corresponding Wi-Fi device.
- the discovery operation may be performed based on a simple service discovery protocol (SSDP) / multicast domain name system (mDNS) or another discovery protocol.
- SSDP simple service discovery protocol
- mDNS multicast domain name system
- the GW 120 broadcasts a discovery advertisement message in step 314. Then, the Wi-Fi device 100 receives the discovery advertisement message and transmits the discovery response message to the GW 120 in step 316.
- the discovery response message may include information (eg, Wi-Fi MAC address, IP address, etc.) of the Wi-Fi device 100.
- the GW 120 may provide the user 150 with information about the detected Wi-Fi device as shown in Table 1 below.
- Table 1 Device information MAC address Unique ID Node ID Status information OK button Ref ... etc IEEE address - IP address Ready [Select] ... ... ... ... ... ... ...
- the device information indicates the identification number, device type information, etc. of the Wi-Fi device 100
- the MAC address indicates the MAC address of the Wi-Fi device 100
- the Unique ID represents an ID assigned from the server 140 (before the Wi-Fi device 100 is registered with the GW 120 and thus no corresponding information is included in Table 1)
- the Node ID is The Wi-Fi device 100 represents an IP address
- the state information indicates information indicating whether the Wi-Fi device 100 can be registered with the GW 120 (or in a registration mode).
- the confirmation button indicates an interface for the user 150 to select the Wi-Fi device 100 as a device to register with the GW 120.
- the GW 120 determines the Wi-Fi device 100 in step 318.
- Send a registration request message may include a password for checking message integrity.
- the password may be randomly generated by the GW 120.
- the Wi-Fi device 100 When the registration request message is received, the Wi-Fi device 100 includes a password included in the registration request message, a device type of the Wi-Fi device 100 and a Wi-Fi MAC address.
- the registered response message to the GW 120.
- the registration response message may be transmitted in the form of an HTTP Post message.
- a unidirectional transport layer security (TLS) session may be formed between the Wi-Fi device 100 and the GW 120.
- TLS transport layer security
- the GW 120 performs an integrity check on the registration response message based on whether the password included in the registration response message is identical to the password included in the registration request message transmitted in step 318. The GW 120 determines that the registration response message has integrity when the two passwords are the same. In step 322, the GW 120 generates a certificate and a private key (PKCS # 12 or PEM) as authentication information for the Wi-Fi device 100, and in step 324, the generated certificate and The secret key is transmitted to the Wi-Fi device 100.
- PKCS # 12 or PEM private key
- the Wi-Fi device 100 stores the certificate and the secret key in step 326, and after completion of the registration process, in step 328, the channel capable of mutual authentication with the GW 120 based on the certificate and the secret key. (Two-way TLS session) can be established to perform communication.
- FIG. 4 is a signal flowchart illustrating a process in which a display Wi-Fi device is registered in a GW in a wireless communication system according to an exemplary embodiment of the present invention.
- the Wi-Fi device 100 is a display Wi-Fi device.
- the Wi-Fi device 100 in order for the Wi-Fi device 100 to be registered in the GW 120, network pairing should be performed first. To this end, the Wi-Fi device 100 performs an operation for network pairing with the AP 160 in the home network, as shown in steps 400 to 404.
- the Wi-Fi device 100 obtains a Wi-Fi network IP from the GW 120 and accesses the AP 160 based on the obtained Wi-Fi network IP in step 400.
- the AP 160 assigns an IP address to the Wi-Fi device 100 in step 402.
- the Wi-Fi device 100 performs network pairing based on the assigned IP address.
- the user 150 may generate a registration event by pressing the registration button of the GW 120.
- the GW 120 drives a timer to perform the registration process.
- the user 150 may access the GW management web page (or application) and request the GW 120 for a Wi-Fi device that can be currently registered from the product registration page menu. Accordingly, the GW 120 performs a discovery operation for detecting a Wi-Fi device.
- the discovery operation may be performed based on SSDP / mDNS or another discovery protocol.
- the GW 120 broadcasts a discovery advertisement message in step 408. Then, the Wi-Fi device 100 receives the discovery advertisement message and transmits the discovery response message to the GW 120 in step 410.
- the discovery response message may include information about the Wi-Fi device 100 (Wi-Fi MAC address, IP address, etc.).
- the GW 120 may provide the user 150 with information about the detected Wi-Fi device.
- Information about the detected Wi-Fi may be provided to the user 150 in the form as shown in Table 1 described above.
- the GW 120 proceeds to step 411. Generate a personal identification number (PIN).
- PIN personal identification number
- the GW 120 includes the PIN in a registration request message and transmits the PIN to the Wi-Fi device 100.
- the PIN may be used to check the integrity of the registration request message, and may consist of numbers or letters randomly generated by the GW 120.
- the Wi-Fi device 100 displays an input window for receiving a PIN identical to the PIN included in the registration request message from the user 150.
- the Wi-Fi device 100 inputs the PIN and the device type of the Wi-Fi device 100 and Wi-Fi in step 416.
- a registration response message including a Fi MAC address and the like is transmitted to the GW 120.
- the registration response message may be transmitted in the form of an HTTP Post message, and a one-way TLS session may be formed as the registration response message is transmitted.
- the GW 120 performs an integrity check on the registration response message based on whether the PIN included in the registration response message is identical to the PIN included in the registration request message transmitted in step 412. When the two PINs are the same, the GW 120 determines that the registration response message has integrity. In operation 418, the GW 120 generates a certificate and a secret key (PKCS # 12 or PEM) for the Wi-Fi device 100, and in step 420, the GW 120 generates the certificate and a secret key. Transmit to device 100.
- PKCS # 12 or PEM secret key
- the Wi-Fi device 100 stores the certificate and the secret key in step 422, and after completion of the registration process, in step 424, the channel capable of mutual authentication with the GW 120 based on the certificate and the secret key. (Two-way TLS session) can be established to perform communication.
- the GW 120 is registered with the server 140 and the Wi-Fi device 100 is connected with the GW 120. ), The GW 120 performs an operation as a registration agent for registering the Wi-Fi device 100 with the server 140. This will be described with reference to FIG. 5.
- FIG. 5 is a signal flow diagram illustrating a process in which a GW registers a Wi-Fi device with a server in a wireless communication system according to an exemplary embodiment of the present invention.
- the GW 120 may enter (2-1) or (2- 2) a registration request message for requesting registration of the registered Wi-Fi device 100 is transmitted to the server 140.
- the registration request message includes information of the Wi-Fi device 100 such as a device type, a Wi-Fi MAC address, and the like, of the GW 120 allocated from the server 120 in step (1). ID and password (hereinafter referred to as 'GW authentication information') may be included.
- the server 140 determines the integrity of the registration request message by determining whether the GW authentication information included in the registration request message matches the GW authentication information registered in the server 140. Check it. If the server 140 determines that the GW authentication information included in the registration request message matches the GW authentication information registered in the server 140, the server 140 determines that the registration request message has integrity.
- the server 140 In operation 504, the server 140 generates authentication information (ID and password) for the Wi-Fi device 100 according to the registration request message and registers the Wi-Fi device 100. In step 506, the server 140 transmits the generated authentication information to the GW 120, and the GW 120 receives the authentication information and transmits the authentication information to the Wi-Fi device 100 in step 508. do. In step 510, the Wi-Fi device 100 stores the received authentication information and then communicates with the server 140 using the stored authentication information.
- FIG. 6 is a flowchart illustrating an operation in which a GW is registered in a server in a wireless communication system according to an exemplary embodiment of the present invention.
- the GW 120 when a registration event occurs in step 600, the GW 120 enters a registration mode in step 602 and drives a timer.
- the GW 120 may include a user name of the GW 120 registered by the user 150 as new GW information in the server 140 through a web page or a separate application of the GW 120 in step 604. Obtain a password.
- the GW 120 transmits a registration request message including the obtained user name and password and the MAC address of the GW 120 to the server 140 to register with the server 140.
- the GW 120 determines whether authentication information (ID, password) used for mutual authentication between the GW 120 and the server 140 is received from the server 140. If it is received in step 610 to store the received authentication information. Then, the GW 120 may perform communication by forming a channel capable of mutual authentication with the server 140 based on the stored authentication information.
- FIG. 7 is a flowchart illustrating an operation of registering a GW by a server in a wireless communication system according to an exemplary embodiment of the present invention.
- the server 140 when the server 140 receives new GW information including a user name and a password from a user through a server management web page (or an application) in step 700, the server 140 stores the received new GW information.
- the server 140 When the server 140 receives a registration request message from a specific GW (eg, the GW 120) in step 702, the server 140 includes a user name, a password, and the stored user name included in the registration request message in step 704. , Compares whether passwords are the same.
- a specific GW eg, the GW 120
- step 706 the server 140 proceeds to step 708 to generate authentication information (ID, password) for a specific GW.
- the generated authentication information is transmitted to a specific GW.
- the generated authentication information may then be used to form a channel capable of mutual authentication with the GW 120 to perform communication.
- FIG. 8 is a flowchart illustrating an operation in which a headless Wi-Fi device is registered in a GW in a wireless communication system according to an exemplary embodiment of the present invention.
- the headless Wi-Fi device performs a network pairing operation through communication with the AP 160 in operation 800, and determines whether a registration event occurs in operation 802. When the registration event occurs, the headless Wi-Fi device enters the registration mode and drives a timer in step 804.
- the headless Wi-Fi device transmits a discovery response message to the GW 120.
- the discovery response message may include information about the headless Wi-Fi device (Wi-Fi MAC address, IP address, etc.).
- the headless Wi-Fi device determines whether a registration request message is received from the GW 120.
- the headless Wi-Fi device detects a password for the message integrity check included in the registration request message.
- the headless Wi-Fi device transmits a registration response message including the detected password, the device type of the headless Wi-Fi device, a Wi-Fi MAC address, etc. to the GW 120.
- the headless Wi-Fi device receives and stores a certificate and a private key from the GW 120 in step 812. Then, after the registration process is completed, the headless Wi-Fi device may perform communication by forming a channel capable of mutual authentication with the GW 120 based on the stored certificate and secret key.
- FIG. 9 is a flowchart illustrating an operation in which a GW registers a headless Wi-Fi device in a wireless communication system according to an exemplary embodiment of the present invention.
- the GW 120 enters a registration mode in step 902 and drives a timer.
- the GW 120 broadcasts a discovery advertisement message in step 904 when a request for information on a registerable Wi-Fi device is received from the user 150.
- the user 150 may access the GW management web page (or application) and perform the above request through a product registration page menu.
- the GW 120 determines whether a discovery response message is received in step 906. When the discovery response message is received, the GW 120 provides the user with information about the Wi-Fi device that transmitted the discovery response message in step 908. When the headless Wi-Fi device is selected by the user 150 in step 910, the GW 120 registers a request including a password for checking message integrity with the selected headless Wi-Fi device in step 912. Send the message.
- the GW 120 receives a registration response message including a device type, a Wi-Fi MAC address, and a password from the headless Wi-Fi device in step 914, the password included in the registration response message is requested to be registered.
- the integrity of the registration response message is checked based on whether it is the same as the password included in the message.
- the GW 120 generates a certificate and a secret key for the headless Wi-Fi device to generate the headless Wi-Fi device 100. To send).
- the generated certificate and secret key may be used to form a channel capable of mutual authentication between the GW 120 and the headless Wi-Fi device.
- FIG. 10 is a flowchart illustrating an operation in which a display Wi-Fi device is registered in a GW in a wireless communication system according to an exemplary embodiment of the present invention.
- the display Wi-Fi device performs a network pairing operation through communication with the AP 160 in step 1000.
- the display Wi-Fi device transmits a discovery response message to the GW 120.
- the discovery response message may include information about the display Wi-Fi device (Wi-Fi MAC address, IP address, etc.).
- the display Wi-Fi device determines whether a registration request message is received from the GW 120 in step 1004.
- the display Wi-Fi device detects a PIN for checking the message integrity included in the registration request message.
- the display Wi-Fi device displays an input window on which the same PIN as the detected PIN can be input from the user 150 on the display unit.
- the display Wi-Fi device receives a PIN from the user 150 through the input window in step 1006, and the input PIN, the device type of the display Wi-Fi device and the Wi-Fi MAC address in step 1008.
- the registration response message including the message is transmitted to the GW 120.
- the display Wi-Fi device receives and stores a certificate and a private key from the GW 120 in step 1010. Then, after the registration process is completed, the display Wi-Fi device may perform communication by forming a channel capable of mutual authentication with the GW 120 based on the stored certificate and secret key.
- FIG. 11 is a flowchart illustrating an operation in which a GW registers a display Wi-Fi device in a wireless communication system according to an exemplary embodiment of the present invention.
- the GW 120 when a registration event occurs in step 1100, the GW 120 enters a registration mode in step 1102 and drives a timer.
- the GW 120 broadcasts a discovery advertisement message in step 1104 when there is a request for information on a Wi-Fi device that can be registered from the user 150. Meanwhile, the user 150 may access the GW management web page (or application) and perform the above request through a product registration page menu.
- the GW 120 determines whether a discovery response message is received in step 1108.
- the GW 120 provides the user with information about the Wi-Fi device that transmitted the discovery response message in step 1110.
- the GW 120 sends a registration request message including a PIN for message integrity check to the selected display Wi-Fi device in step 1114. Send.
- the GW 120 receives a registration response message including a device type, a Wi-Fi MAC address, and a PIN from the display Wi-Fi device in step 1116
- the PIN included in the registration response message is the registration request message.
- the integrity of the registration response message is checked based on whether it is the same as the PIN included in the.
- the GW 120 In operation 1118, if the registration response message is determined to have integrity, the GW 120 generates a certificate and a secret key for the display Wi-Fi device and transmits the certificate to the display Wi-Fi device.
- the generated certificate and secret key may be used to form a channel capable of mutual authentication between the GW 120 and the display Wi-Fi device.
- FIG. 12 is a flowchart illustrating an operation in which a GW registers a Wi-Fi device to a server in a wireless communication system according to an exemplary embodiment of the present invention.
- the GW 120 registers the Wi-Fi device 100.
- a request message (device type, Wi-Fi MAC address, GW authentication information) is transmitted to the server 140.
- the GW authentication information is transmitted to the server 140 as information for message integrity for the registration request message.
- the GW 120 When the GW 120 receives the authentication information (ID and password) for the Wi-Fi device 100 from the server 140 in step 1202, the GW 120 receives the received authentication information (ID and password) in step 1204. Transmit to the Wi-Fi device 100.
- FIG. 13 is a flowchart illustrating an operation in which a server registers a Wi-Fi device through a GW in a wireless communication system according to an exemplary embodiment of the present invention.
- the server 140 sets up a mutual authentication channel with the GW 120 in step 1300, and a registration request message for the Wi-Fi device 100 from the GW 120 in step 1302. (Device Type, Wi-Fi MAC Address, GW Authentication Information).
- the server 140 checks the integrity of the registration request message based on the GW authentication information. When the server 140 determines that the registration request message has integrity based on the check result, the server 140 checks the integrity of the registration request message. Generate authentication information (ID, password) for the Wi-Fi device 100 and register the Wi-Fi device 100. In step 1308, the server 140 transmits authentication information (ID, password) for the Wi-Fi device 100 to the GW 120.
- FIG. 14 is a block diagram of a Wi-Fi device according to an embodiment of the present invention.
- the Wi-Fi device 100 includes a wireless unit 1400, a display unit 1402, a key input unit 1404, a memory 1406, and a controller 1408.
- the wireless unit 1400 is a component for performing wireless communication of the Wi-Fi device 100 and may include an interface for Wi-Fi communication.
- the display 1402 displays various information generated according to the operation of the Wi-Fi device 100, and the key input unit 1404 is a component for receiving an input from a user.
- the display 1402 and the key input unit 1404 may exist as one physical component when the Wi-Fi device 100 is a touch screen type device.
- the display 1402 may not be included in the Wi-Fi device 100 when the Wi-Fi device 100 is a headless Wi-Fi device.
- the memory 1406 stores authentication information (such as ID and password) acquired during the registration and authentication process of the Wi-Fi device 100 and various information generated according to the operation of the Wi-Fi device 100. .
- authentication information such as ID and password
- the control unit 1408 controls the overall operation of the Wi-Fi device 100 by controlling the wireless unit 1400, the display unit 1402, the key input unit 1404, and the memory 1406. In particular, the controller 1408 controls the components to perform the operation of the Wi-Fi device according to the processes (2-1), (2-2), and (3) described above.
- FIG. 15 is a block diagram of a GW according to an embodiment of the present invention.
- the GW 120 includes a wireless unit 1500, a key input unit 1504, a memory 1506, and a controller 1508.
- the wireless unit 1500 may be a component for performing wireless communication of the GW 120 and may include an interface for communicating with the Wi-Fi device 100 and the server 140.
- the key input unit 1504 is a component for receiving an input from a user, and may include, for example, a key for generating a registration event to enter a registration mode.
- the memory 1506 stores authentication information (such as ID and password) obtained during the registration and authentication process of the GW 120 and various information generated according to the operation of the GW 120.
- authentication information such as ID and password
- the controller 1508 controls the overall operation of the GW 120 by controlling the wireless unit 1500, the key input unit 1504, and the memory 1506.
- the controller 1508 controls the components such that the operation of the GW according to the processes (1), (2-1), (2-2), and (3) described above is performed.
- 16 is a block diagram of a server according to an embodiment of the present invention.
- the server 140 includes a wireless unit 1600, a memory 1606, and a controller 1608.
- the wireless unit 1600 may be a component for performing wireless communication of the server 140 and may include an interface for communicating with the GW 120.
- the memory 1606 may be variously generated according to the authentication information (ID and password, etc.) obtained during the registration and authentication process of the GW 120 and the Wi-Fi device 100 and the operation of the server 140. Save the information.
- the controller 1608 controls the overall operation of the server 140 by controlling the wireless unit 1600 and the memory 1606. In particular, the controller 1608 controls the components to perform the operation of the server according to the above-described processes (1) and (3).
- any such software may be, for example, volatile or nonvolatile storage, such as storage devices such as read-only memory (ROM), or random access, for example, whether or not erasable or rewritable.
- RAM random access memory
- memory such as a memory chip, device or integrated circuit, or a machine (eg, optically or magnetically recordable) such as, for example, CD, DVD, magnetic disk or magnetic tape Computer).
- the method according to an embodiment of the present invention may be implemented by a computer or a portable terminal including a control unit and a memory, wherein the memory is suitable for storing a program or programs including instructions for implementing embodiments of the present invention. It will be appreciated that this is an example of a machine-readable storage medium.
- the present invention includes a program comprising code for implementing the apparatus or method described in any claim herein and a storage medium readable by a machine (such as a computer) storing such a program.
- a program may be transferred electronically through any medium, such as a communication signal transmitted via a wired or wireless connection, and the present invention includes equivalents thereof as appropriate.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
기기 정보 | MAC 주소 | Unique ID | Node ID | 상태 정보 | 확인 버튼 |
Ref...etc | IEEE 주소 | - | IP 주소 | 준비(Ready) | [선택] |
... | ... | ... | ... | ... | ... |
Claims (24)
- 무선 통신 시스템에서 게이트웨이(gateway: GW)가 기기 등록 및 인증을 수행하는 방법에 있어서,자체 서명 인증(self-signed certificate) 정보를 생성하여 적어도 하나의 기기에 할당하는 과정과,상기 자체 서명 인증 정보를 기반으로 상기 적어도 하나의 기기와의 인증 채널이 생성되면, 상기 적어도 하나의 기기에 대한 등록을 요청하는 등록 요청 메시지를 서버로 송신하는 과정과,상기 서버로부터 상기 적어도 하나의 기기에 대한 인증 정보가 수신되면, 상기 수신된 인증 정보를 상기 적어도 하나의 기기로 송신하는 과정을 포함하는 기기 등록 및 인증 수행 방법.
- 제1항에 있어서,상기 자체 서명 인증 정보를 상기 적어도 하나의 기기에 할당하는 과정은,상기 적어도 하나의 기기가 디스플레이가 가능한 기기가 아닌 경우, 랜덤으로 생성된 제1비밀번호를 포함하는 등록 요청 메시지를 상기 적어도 하나의 기기로 송신하는 과정과,상기 적어도 하나의 기기에 대한 정보와 제2비밀번호가 포함된 등록 응답 메시지를 상기 적어도 하나의 기기로부터 수신하는 과정과,상기 제1비밀번호 및 상기 제2비밀번호가 동일한지 여부를 기반으로, 상기 자체 서명 인증 정보를 상기 적어도 하나의 기기에 할당하는 과정을 포함하는 기기 등록 및 인증 수행 방법.
- 제1항에 있어서,상기 자체 서명 인증 정보를 상기 적어도 하나의 기기에 할당하는 과정은,상기 적어도 하나의 기기가 디스플레이가 가능한 기기인 경우, 제1개인 식별 번호(personal identification number: PIN)가 포함된 등록 요청 메시지를 상기 적어도 하나의 기기로 송신하는 과정과,상기 적어도 하나의 기기에 대한 정보와 사용자에 의해 입력된 제2PIN이 포함된 등록 응답 메시지를 상기 적어도 하나의 기기로부터 수신하는 과정과,상기 제1PIN 및 상기 제2PIN이 동일한지 여부를 기반으로, 상기 자체 서명 인증 정보를 상기 적어도 하나의 기기에 할당하는 과정을 포함하는 기기 등록 및 인증 수행 방법.
- 제1항에 있어서,상기 자체 서명 인증 정보를 상기 적어도 하나의 기기에 할당하는 과정은,상기 적어도 하나의 기기와 상기 GW가 등록 모드에 존재하는 경우 수행되며, 상기 등록 모드는 상기 적어도 하나의 기기가 상기 GW에 등록하기 위한 동작을 수행하기 위한 모드를 나타내며, 상기 등록 모드로 진입하기 위한 인터페이스가 선택된 경우 미리 설정된 시간 동안 수행됨을 특징으로 하는 기기 등록 및 인증 수행 방법.
- 제1항에 있어서,상기 등록 요청 메시지는 상기 적어도 하나의 기기에 대한 정보 및 상기 서버로부터 할당된 상기 GW와 상기 서버 간의 인증을 위한 인증 정보를 포함함을 특징으로 하는 기기 등록 및 인증 수행 방법.
- 무선 통신 시스템에서 기기가 등록 및 인증을 수행하는 방법에 있어서,게이트웨이(gateway: GW)에 의해 생성된 자체 서명 인증(self-signed certificate) 정보를 할당받는 과정과,상기 자체 서명 인증 정보를 기반으로 상기 GW와의 인증 채널이 생성되면, 서버에 의해 생성된 인증 정보를 상기 인증 채널을 통해 상기 GW로부터 수신하는 과정과,상기 수신된 인증 정보를 기반으로 상기 서버로부터 서비스를 제공받는 과정을 포함하는 기기 등록 및 인증 수행 방법.
- 제6항에 있어서,상기 자체 서명 인증 정보를 할당받는 과정은,상기 기기가 디스플레이가 가능한 기기가 아닌 경우, 제1비밀번호가 포함된 등록 요청 메시지를 상기 GW로부터 수신하는 과정과,상기 제1비밀번호를 기반으로 제2비밀번호를 생성하는 과정과,상기 기기에 대한 정보와 상기 제2비밀번호가 포함된 등록 응답 메시지를 상기 GW로 송신하는 과정과,상기 제1비밀번호 및 상기 제2비밀번호가 동일한지 여부를 기반으로, 상기 GW로부터 상기 자체 서명 인증 정보를 할당받는 과정을 포함하는 기기 등록 및 인증 수행 방법.
- 제6항에 있어서,상기 자체 서명 인증 정보를 할당받는 과정은,상기 기기가 디스플레이가 가능한 기기인 경우, 제1 개인 식별 번호(personal identification number: PIN)이 포함된 등록 요청 메시지를 상기 GW로부터 수신하는 과정과,상기 제1 PIN과 동일한 PIN을 입력할 것을 나타내는 메시지를 디스플레이하고 사용자로부터 제2 PIN을 입력받는 과정과,상기 기기에 대한 정보 및 상기 제2 PIN이 포함된 등록 응답 메시지를 상기 GW로 송신하는 과정과,상기 제1 PIN 및 상기 제2 PIN이 동일한지 여부를 기반으로, 상기 GW로부터 상기 자체 서명 인증 정보를 할당받는 과정을 포함하는 기기 등록 및 인증 수행 방법.
- 제6항에 있어서,상기 자체 서명 인증 정보를 할당받는 과정은,상기 기기와 상기 GW가 등록 모드에 존재하는 경우 수행되며, 상기 등록 모드는 상기 기기가 상기 GW에 등록되기 위한 동작을 수행하기 위한 모드를 나타내며, 상기 등록 모드로 진입하기 위한 인터페이스가 선택된 경우 미리 설정된 시간 동안 수행됨을 특징으로 하는 기기 등록 및 인증 수행 방법.
- 무선 통신 시스템에서 서버가 기기 등록 및 인증을 수행하는 방법에 있어서,게이트웨이(gateway: GW)로부터 적어도 하나의 기기에 대한 등록을 요청하는 메시지를 수신하는 과정과,상기 적어도 하나의 기기에 대한 인증 정보를 생성하는 과정과,상기 생성된 인증 정보를 상기 GW로 송신하는 과정을 포함하며,상기 적어도 하나의 기기는 상기 GW에 의해 생성된 자체 서명 인증(self-signed certificate) 정보를 할당받은, 적어도 하나의 기기임을 특징으로 하는 기기 등록 및 인증 수행 방법.
- 제10항에 있어서,상기 등록 요청 메시지는 상기 적어도 하나의 기기에 대한 정보 및 상기 서버로부터 할당된 상기 GW와 상기 서버 간의 인증을 위한 인증 정보를 포함함을 특징으로 하는 기기 등록 및 인증 수행 방법.
- 제11항에 있어서,상기 GW와 상기 서버 간의 인증을 위한 인증 정보는 상기 GW가 등록 모드에 존재하는 경우 획득되며, 상기 등록 모드는 상기 GW가 상기 서버에 등록되기 위한 동작을 수행하기 위한 모드를 나타내며, 상기 등록 모드로 진입하기 위한 인터페이스가 선택된 경우 미리 설정된 시간 동안 수행됨을 특징으로 하는 기기 등록 및 인증 수행 방법.
- 무선 통신 시스템에서 게이트웨이(gateway: GW)에 있어서,자체 서명 인증(self-signed certificate) 정보를 생성하여 적어도 하나의 기기에 할당하는 제어부와,서버로부터 상기 적어도 하나의 기기에 대한 인증 정보를 수신하는 수신부와,상기 자체 서명 인증 정보를 기반으로 상기 적어도 하나의 기기와의 인증 채널이 생성되면, 상기 적어도 하나의 기기에 대한 등록을 요청하는 등록 요청 메시지를 상기 서버로 송신하고, 상기 수신된 인증 정보를 상기 적어도 하나의 기기로 송신하는 송신부를 포함하는 GW.
- 제13항에 있어서,상기 제어부는 상기 적어도 하나의 기기가 디스플레이가 가능한 기기가 아닌 경우, 랜덤으로 생성된 제1비밀번호를 포함하는 등록 요청 메시지를 상기 적어도 하나의 기기로 송신하도록 상기 송신부를 제어하며, 상기 수신부를 통해 상기 적어도 하나의 기기에 대한 정보와 제2비밀번호가 포함된 등록 응답 메시지를 상기 적어도 하나의 기기로부터 수신하면, 상기 제1비밀번호 및 상기 제2비밀번호가 동일한지 여부를 기반으로 상기 자체 서명 인증 정보를 상기 적어도 하나의 기기에 할당함을 특징으로 하는 GW.
- 제13항에 있어서,상기 제어부는 상기 적어도 하나의 기기가 디스플레이가 가능한 기기인 경우, 제1 개인 식별 번호(personal identification number: PIN)가 포함된 등록 요청 메시지를 상기 적어도 하나의 기기로 송신하도록 상기 송신부를 제어하며, 상기 수신부를 통해 상기 적어도 하나의 기기에 대한 정보와 사용자에 의해 입력된 제2 PIN이 포함된 등록 응답 메시지를 상기 적어도 하나의 기기로부터 수신하면, 상기 제1 PIN 및 상기 제 2PIN이 동일한지 여부를 기반으로 상기 자체 서명 인증 정보를 상기 적어도 하나의 기기에 할당함을 특징으로 하는 GW.
- 제13항에 있어서,상기 제어부는 상기 적어도 하나의 기기와 상기 GW가 등록 모드에 존재하는 경우 상기 적어도 하나의 기기에 상기 자체 서명 인증 정보를 할당하며, 상기 등록 모드는 상기 적어도 하나의 기기가 상기 GW에 등록하기 위한 동작을 수행하기 위한 모드를 나타내며, 상기 등록 모드로 진입하기 위한 인터페이스가 선택된 경우 미리 설정된 시간 동안 수행됨을 특징으로 하는 GW.
- 제13항에 있어서,상기 등록 요청 메시지는 상기 적어도 하나의 기기에 대한 정보 및 상기 서버로부터 할당된 상기 GW와 상기 서버 간의 인증을 위한 인증 정보를 포함함을 특징으로 하는 GW.
- 무선 통신 시스템에서 기기에 있어서,수신부와,게이트웨이(gateway: GW)에 의해 생성된 자체 서명 인증(self-signed certificate) 정보를 할당받고, 상기 자체 서명 인증 정보를 기반으로 상기 GW와의 인증 채널이 생성되면, 서버에 의해 생성된 인증 정보를 상기 인증 채널을 통해 상기 GW로부터 수신하고 상기 수신된 인증 정보를 기반으로 상기 서버로부터 서비스를 제공받도록 상기 수신부를 제어하는 제어부를 포함하는 기기.
- 제18항에 있어서,송신부를 더 포함하며,상기 제어부는 상기 기기가 디스플레이가 가능한 기기가 아닌 경우, 상기 수신부를 통해 제1비밀번호가 포함된 등록 요청 메시지를 상기 GW로부터 수신하고, 상기 제1비밀번호를 기반으로 제2비밀번호를 생성하고, 상기 기기에 대한 정보와 상기 제2비밀번호가 포함된 등록 응답 메시지를 상기 GW로 송신하도록 상기 송신부를 제어하며, 상기 제1비밀번호 및 상기 제2비밀번호가 동일한지 여부를 기반으로 상기 GW로부터 상기 자체 서명 인증 정보를 할당받음을 특징으로 하는 기기.
- 제18항에 있어서,송신부, 디스플레이부 및 입력부를 더 포함하며,상기 기기가 디스플레이가 가능한 기기인 경우, 상기 수신부를 통해 제 1개인 식별 번호(personal identification number: PIN)이 포함된 등록 요청 메시지를 상기 GW로부터 수신하고, 상기 제1 PIN과 동일한 PIN을 입력할 것을 나타내는 메시지를 디스플레이하고 사용자로부터 제2 PIN을 입력받도록 상기 디스플레이부 및 입력부를 제어하며, 상기 기기에 대한 정보 및 상기 제2PIN이 포함된 등록 응답 메시지를 상기 GW로 송신하도록 상기 송신부를 제어하고, 상기 제1 PIN 및 상기 제2 PIN이 동일한지 여부를 기반으로 상기 GW로부터 상기 자체 서명 인증 정보를 할당받음을 특징으로 하는 기기.
- 제18항에 있어서,상기 제어부는 상기 기기와 상기 GW가 등록 모드에 존재하는 경우 상기 자체 서명 인증 정보를 할당받고, 상기 등록 모드는 상기 기기가 상기 GW에 등록되기 위한 동작을 수행하기 위한 모드를 나타내며, 상기 등록 모드로 진입하기 위한 인터페이스가 선택된 경우 미리 설정된 시간 동안 수행됨을 특징으로 하는 기기.
- 무선 통신 시스템에서 서버에 있어서,게이트웨이(gateway: GW)로부터 적어도 하나의 기기에 대한 등록을 요청하는 메시지를 수신하는 수신부와,상기 적어도 하나의 기기에 대한 인증 정보를 생성하는 제어부와,상기 생성된 인증 정보를 상기 GW로 송신하는 송신부를 포함하며,상기 적어도 하나의 기기는 상기 GW에 의해 생성된 자체 서명 인증(self-signed certificate) 정보를 할당받은 적어도 하나의 기기임을 특징으로 하는 서버.
- 제22항에 있어서,상기 등록 요청 메시지는 상기 적어도 하나의 기기에 대한 정보 및 상기 서버로부터 할당된 상기 GW와 상기 서버 간의 인증을 위한 인증 정보를 포함함을 특징으로 하는 서버.
- 제22항에 있어서,상기 GW와 상기 서버 간의 인증을 위한 인증 정보는 상기 GW가 등록 모드에 존재하는 경우 획득되며, 상기 등록 모드는 상기 GW가 상기 서버에 등록되기 위한 동작을 수행하기 위한 모드를 나타내며, 상기 등록 모드로 진입하기 위한 인터페이스가 선택된 경우 미리 설정된 시간 동안 수행됨을 특징으로 하는 서버.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201480043749.2A CN105453621B (zh) | 2013-08-08 | 2014-08-01 | 用于在无线通信系统中注册和验证设备的方法和设备 |
US14/909,385 US10178550B2 (en) | 2013-08-08 | 2014-08-01 | Method and device for registering and certifying device in wireless communication system |
US16/126,825 US10911436B2 (en) | 2013-08-08 | 2018-09-10 | Method and device for registering and certifying device in wireless communication system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2013-0094069 | 2013-08-08 | ||
KR1020130094069A KR102005408B1 (ko) | 2013-08-08 | 2013-08-08 | 무선 통신 시스템에서 기기 등록 및 인증을 수행하는 방법 및 장치 |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/909,385 A-371-Of-International US10178550B2 (en) | 2013-08-08 | 2014-08-01 | Method and device for registering and certifying device in wireless communication system |
US16/126,825 Continuation US10911436B2 (en) | 2013-08-08 | 2018-09-10 | Method and device for registering and certifying device in wireless communication system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015020360A1 true WO2015020360A1 (ko) | 2015-02-12 |
Family
ID=52461631
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2014/007100 WO2015020360A1 (ko) | 2013-08-08 | 2014-08-01 | 무선 통신 시스템에서 기기 등록 및 인증을 수행하는 방법 및 장치 |
Country Status (4)
Country | Link |
---|---|
US (2) | US10178550B2 (ko) |
KR (1) | KR102005408B1 (ko) |
CN (1) | CN105453621B (ko) |
WO (1) | WO2015020360A1 (ko) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016197956A1 (zh) * | 2015-12-01 | 2016-12-15 | 中兴通讯股份有限公司 | 无线接入设备注册方法及装置 |
US10250590B2 (en) | 2015-08-31 | 2019-04-02 | Samsung Electronics Co., Ltd. | Multi-factor device registration for establishing secure communication |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017059295A1 (en) * | 2015-09-30 | 2017-04-06 | Sonifi Solutions, Inc. | Methods and systems for enabling communications between devices |
US10327035B2 (en) | 2016-03-15 | 2019-06-18 | Sonifi Solutions, Inc. | Systems and methods for associating communication devices with output devices |
US10165448B2 (en) * | 2016-03-18 | 2018-12-25 | Arris Enterprises Llc | Authentication between wireless client and access point utilizing smart client detection |
EP3306896A1 (en) | 2016-10-07 | 2018-04-11 | Nokia Technologies OY | Access to services provided by a distributed data storage system |
US10602212B2 (en) | 2016-12-22 | 2020-03-24 | Sonifi Solutions, Inc. | Methods and systems for implementing legacy remote and keystroke redirection |
CN109547969A (zh) * | 2017-07-24 | 2019-03-29 | 宝沃汽车(中国)有限公司 | 车辆定位信息的共享方法、装置和汽车 |
MY191618A (en) * | 2017-12-29 | 2022-07-04 | Mimos Berhad | Physical access control through challenge response interaction |
KR102534209B1 (ko) * | 2018-01-25 | 2023-05-17 | 엘지전자 주식회사 | 차량용 업데이트 시스템 및 제어 방법 |
KR101980039B1 (ko) * | 2018-03-26 | 2019-05-17 | 엘지전자 주식회사 | 가전기기 자동 등록 시스템 및 방법 |
US10993110B2 (en) * | 2018-07-13 | 2021-04-27 | Nvidia Corp. | Connectionless fast method for configuring Wi-Fi on displayless Wi-Fi IoT device |
CN111262819B (zh) * | 2018-11-30 | 2022-04-01 | 中移(杭州)信息技术有限公司 | 一种voip sdk接入控制方法及装置 |
US12070679B2 (en) * | 2019-03-18 | 2024-08-27 | Google Llc | Cloud-based discovery service for end-user devices |
US11095460B2 (en) | 2019-07-05 | 2021-08-17 | Advanced New Technologies Co., Ltd. | Certificate application operations |
CN110445614B (zh) * | 2019-07-05 | 2021-05-25 | 创新先进技术有限公司 | 证书申请方法、装置、终端设备、网关设备和服务器 |
CN111711979B (zh) * | 2020-06-15 | 2021-03-30 | 北京自如信息科技有限公司 | 一种wifi模组配网方法、装置、系统及存储介质 |
US11979403B2 (en) | 2021-05-27 | 2024-05-07 | Cisco Technology, Inc. | Token-based device tracking |
CN115604709A (zh) * | 2021-07-07 | 2023-01-13 | 艾锐势企业有限责任公司(Us) | 接入点、用于接入点的方法、介质及计算机程序产品 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20090058362A (ko) * | 2007-12-04 | 2009-06-09 | 주식회사 조은시큐리티 | 홈네트워크에서 이동성을 보장하기 위한 시스템 및 방법 |
KR20120033820A (ko) * | 2010-09-30 | 2012-04-09 | 삼성전자주식회사 | 서버 및 그 서비스 제공 방법 |
KR20120097105A (ko) * | 2011-02-24 | 2012-09-03 | 삼성전자주식회사 | 전기기기, 전력 관리 시스템 및 그 제어 방법 |
KR20130034754A (ko) * | 2011-09-29 | 2013-04-08 | 삼성전자주식회사 | 통신 연결 서비스 제공 방법 및 장치 |
Family Cites Families (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6826685B1 (en) * | 1998-06-10 | 2004-11-30 | International Business Machines Corporation | Method and system for the digital certificate generation and distribution |
US7444507B2 (en) | 2002-06-30 | 2008-10-28 | Intel Corporation | Method and apparatus for distribution of digital certificates |
US7484089B1 (en) * | 2002-09-06 | 2009-01-27 | Citicorp Developmemt Center, Inc. | Method and system for certificate delivery and management |
BR0314673A (pt) | 2002-09-23 | 2005-08-02 | Koninkl Philips Electronics Nv | Método e sistema para distribuição segura de conteúdo entre dispositivos em uma rede, e, dispositivo central para administrar uma rede |
AU2003297433A1 (en) * | 2002-12-24 | 2004-07-22 | Samrat Vasisht | Method, system and device for automatically configuring a communications network |
US7398550B2 (en) * | 2003-06-18 | 2008-07-08 | Microsoft Corporation | Enhanced shared secret provisioning protocol |
CN100450109C (zh) * | 2003-07-14 | 2009-01-07 | 华为技术有限公司 | 一种基于媒体网关控制协议的安全认证方法 |
US20050076198A1 (en) * | 2003-10-02 | 2005-04-07 | Apacheta Corporation | Authentication system |
KR100527632B1 (ko) | 2003-12-26 | 2005-11-09 | 한국전자통신연구원 | Ad-hoc 네트워크의 게이트웨이에서 사용자 인증시스템 및 그 방법 |
US7707405B1 (en) * | 2004-09-21 | 2010-04-27 | Avaya Inc. | Secure installation activation |
US20060294381A1 (en) * | 2005-06-22 | 2006-12-28 | Mitchell Douglas P | Method and apparatus for establishing a secure connection |
US7966654B2 (en) | 2005-11-22 | 2011-06-21 | Fortinet, Inc. | Computerized system and method for policy-based content filtering |
US7809376B2 (en) * | 2005-11-29 | 2010-10-05 | Roberto S. Catalan | Enhanced analogue of interactive voice response structures and functions for mobile phones and similar handheld communications devices |
WO2007099608A1 (ja) * | 2006-02-28 | 2007-09-07 | Matsushita Electric Industrial Co., Ltd. | 認証システム、ce機器、携帯端末、鍵証明発行局および鍵証明取得方法 |
US8225380B2 (en) * | 2006-05-25 | 2012-07-17 | Celltrust Corporation | Methods to authenticate access and alarm as to proximity to location |
WO2008040238A1 (fr) * | 2006-09-19 | 2008-04-10 | Huawei Technologies Co., Ltd. | Procédé d'ajout à un terminal d'un service de diffusion sélective dans un réseau sans fil et système de mise en oeuvre associé |
KR101341720B1 (ko) * | 2007-05-21 | 2013-12-16 | 삼성전자주식회사 | 이동통신 시스템에서 프록시 이동 인터넷 프로토콜을 이용한 단말의 이동성 관리 방법 및 시스템과 이를 위한 단말의 홈 주소 할당 방법 |
DE202007019129U1 (de) | 2007-10-31 | 2010-09-30 | Concept04 Gmbh | Mobilfunkendgerät mit Filtereinrichtung und Netzwerkelement zur Konfiguration der Filtereinrichtung |
JP2009111835A (ja) | 2007-10-31 | 2009-05-21 | Oki Electric Ind Co Ltd | 端末収容装置、通信プログラム、通信方法及び通信システム |
US8521155B2 (en) * | 2007-12-21 | 2013-08-27 | Research In Motion Limited | Presence-based call switching |
KR101487823B1 (ko) | 2008-11-28 | 2015-01-29 | 엘지전자 주식회사 | 자동 게이트웨이 및 그 방법 |
US8590022B2 (en) * | 2009-02-26 | 2013-11-19 | Blackberry Limited | Authentication using a wireless mobile communication device |
US8391452B2 (en) * | 2009-04-30 | 2013-03-05 | Microsoft Corporation | User-based authentication for realtime communications |
KR101104597B1 (ko) | 2009-09-02 | 2012-01-12 | 중앙대학교 산학협력단 | 게이트 웨이를 통한 근거리 네트워크와 광역 네트워크의 소프트 스위칭 시그널링 방법 및 그 장치 |
US20110128943A1 (en) * | 2009-12-02 | 2011-06-02 | Chang Hong Shan | WiFi and WiMAX Internetworking |
US8650405B1 (en) * | 2011-06-30 | 2014-02-11 | Emc Corporation | Authentication using dynamic, client information based PIN |
KR101276861B1 (ko) * | 2011-07-27 | 2013-06-18 | 엘지전자 주식회사 | 가전제품 및 이를 포함하여 이루어지는 온라인 시스템 |
JP5826090B2 (ja) * | 2011-10-13 | 2015-12-02 | Kddi株式会社 | ゲートウェイ、およびプログラム |
CN102638797B (zh) * | 2012-04-24 | 2016-08-03 | 华为技术有限公司 | 接入无线网络的方法、终端、接入网节点和鉴权服务器 |
US20130298215A1 (en) * | 2012-05-04 | 2013-11-07 | Rawllin International Inc. | Single sign-on user registration for online or client account services |
US20120266209A1 (en) * | 2012-06-11 | 2012-10-18 | David Jeffrey Gooding | Method of Secure Electric Power Grid Operations Using Common Cyber Security Services |
US9317704B2 (en) * | 2013-06-12 | 2016-04-19 | Sequent Software, Inc. | System and method for initially establishing and periodically confirming trust in a software application |
US20150046993A1 (en) * | 2013-08-07 | 2015-02-12 | Leo ARCEO | Password authentication method and system |
-
2013
- 2013-08-08 KR KR1020130094069A patent/KR102005408B1/ko active IP Right Grant
-
2014
- 2014-08-01 CN CN201480043749.2A patent/CN105453621B/zh not_active Expired - Fee Related
- 2014-08-01 US US14/909,385 patent/US10178550B2/en active Active
- 2014-08-01 WO PCT/KR2014/007100 patent/WO2015020360A1/ko active Application Filing
-
2018
- 2018-09-10 US US16/126,825 patent/US10911436B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20090058362A (ko) * | 2007-12-04 | 2009-06-09 | 주식회사 조은시큐리티 | 홈네트워크에서 이동성을 보장하기 위한 시스템 및 방법 |
KR20120033820A (ko) * | 2010-09-30 | 2012-04-09 | 삼성전자주식회사 | 서버 및 그 서비스 제공 방법 |
KR20120097105A (ko) * | 2011-02-24 | 2012-09-03 | 삼성전자주식회사 | 전기기기, 전력 관리 시스템 및 그 제어 방법 |
KR20130034754A (ko) * | 2011-09-29 | 2013-04-08 | 삼성전자주식회사 | 통신 연결 서비스 제공 방법 및 장치 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10250590B2 (en) | 2015-08-31 | 2019-04-02 | Samsung Electronics Co., Ltd. | Multi-factor device registration for establishing secure communication |
WO2016197956A1 (zh) * | 2015-12-01 | 2016-12-15 | 中兴通讯股份有限公司 | 无线接入设备注册方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
US20190028893A1 (en) | 2019-01-24 |
CN105453621B (zh) | 2019-03-12 |
CN105453621A (zh) | 2016-03-30 |
US10911436B2 (en) | 2021-02-02 |
KR102005408B1 (ko) | 2019-07-30 |
US10178550B2 (en) | 2019-01-08 |
US20160192191A1 (en) | 2016-06-30 |
KR20150017891A (ko) | 2015-02-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2015020360A1 (ko) | 무선 통신 시스템에서 기기 등록 및 인증을 수행하는 방법 및 장치 | |
WO2014175602A1 (en) | Electronic device and method of registering personal cloud apparatus in user portal server thereof | |
WO2015126124A1 (ko) | 무선 통신 시스템에서 인증 정보 송수신 방법 및 장치 | |
WO2015041490A1 (ko) | 홈 네트워크 시스템에서 사용자 디바이스가 홈 디바이스 관련 정보를 전달하는 장치 및 방법 | |
WO2013025085A2 (en) | Apparatus and method for supporting family cloud in cloud computing system | |
WO2016060370A1 (en) | Terminal for internet of things and operation method of the same | |
WO2020155360A1 (zh) | 家电设备的配网方法、家电设备、移动终端及存储介质 | |
WO2014200240A1 (en) | Method and apparatus for registering wireless device in wireless communication system | |
WO2016137307A1 (en) | Attestation by proxy | |
WO2015119394A1 (ko) | 가전 기기, 가전 기기의 네트워크 연결 시스템 및 가전 기기의 네트워크 연결 방법 | |
WO2016036115A1 (ko) | 재등록을 관리하는 전자 장치 및 방법 | |
WO2015108330A1 (en) | Electronic device for controlling an external device using a number and method thereof | |
WO2018233352A1 (zh) | 数据传输方法、装置、终端以及计算机可读存储介质 | |
EP2740237A2 (en) | Method and apparatus for providing service based on component using personal network | |
WO2015074424A1 (zh) | 智能设备相互访问的控制系统及方法 | |
WO2012044072A2 (ko) | 융합형 네트워크에서 사용자 키를 할당하기 위한 방법 | |
WO2016088970A1 (en) | Electronic apparatus and control method thereof | |
EP3235170A1 (en) | Apparatus and method for controling display in electronic device having processors | |
WO2013137581A1 (en) | Apparatus and method for ensuring privacy in contents sharing system | |
WO2013085144A1 (en) | Method of providing sns-group inviting service and sns server therefor | |
WO2012099402A2 (en) | Method and apparatus for phone communication using home network | |
EP3097743A1 (en) | Electronic device for controlling an external device using a number and method thereof | |
WO2019164264A1 (en) | Electronic apparatus and operating method thereof | |
WO2014137063A1 (ko) | 어플리케이션을 이용한 인증 방법, 이를 위한 시스템 및 장치 | |
WO2020111488A1 (ko) | 아이오티 장치를 등록하는 전자 장치, 서버 및 그 작동 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201480043749.2 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14834255 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14909385 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14834255 Country of ref document: EP Kind code of ref document: A1 |