WO2017069413A1 - Dispositif de gestion de clé de sécurité et procédé associé - Google Patents

Dispositif de gestion de clé de sécurité et procédé associé Download PDF

Info

Publication number
WO2017069413A1
WO2017069413A1 PCT/KR2016/010631 KR2016010631W WO2017069413A1 WO 2017069413 A1 WO2017069413 A1 WO 2017069413A1 KR 2016010631 W KR2016010631 W KR 2016010631W WO 2017069413 A1 WO2017069413 A1 WO 2017069413A1
Authority
WO
WIPO (PCT)
Prior art keywords
security key
service set
key management
set identifier
terminal
Prior art date
Application number
PCT/KR2016/010631
Other languages
English (en)
Korean (ko)
Inventor
조민혁
성윤경
Original Assignee
㈜와이스퀘어
조민혁
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020150167120A external-priority patent/KR101744858B1/ko
Application filed by ㈜와이스퀘어, 조민혁 filed Critical ㈜와이스퀘어
Publication of WO2017069413A1 publication Critical patent/WO2017069413A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices

Definitions

  • This embodiment relates to a security key management apparatus and method thereof.
  • the wireless Internet providing service may act as an advantage in terms of attracting customers, there is a problem that some customers may act even more disadvantages when the service is abused.
  • a cafe as an example, some customers may have occupied the store for a long time after purchasing a drink for free wireless Internet service, in which case other customers who have visited the store have no space.
  • a situation may arise when moving to.
  • the actual customers may feel uncomfortable using the wireless Internet service. If this situation continues to occur, dissatisfaction among customers who use the store may increase, which may cause additional problems such as a decrease in customers.
  • the security key management device generates a service set identifier and a network security key of the AP device based on the random information and distributes the generated service set identifier and the network security key to the terminal.
  • the purpose is to provide a wireless Internet service.
  • the security key management apparatus more efficiently wirelessly by matching and storing the service set identifier and network security key of the AP device in a memory and distributing the stored service set identifier and network security key to the terminal. Its purpose is to allow Internet services to be provided.
  • the security key management device interoperates with the license plate issuing management server to generate sequence information on service use, and further distributes the generated sequence information to the terminal together with the service set identifier and the network security key of the AP device. Therefore, when the security key management device is applied to a space such as a hospital or a bank, not only can the wireless Internet service be more efficiently provided, but also the service for the user's work can be handled conveniently and quickly. There is a purpose.
  • the present embodiment includes a random number generator for generating arbitrary random number information; A controller configured to generate a service set identifier (SSID) and a network security key of an AP device based on the random number information, and to distribute the service set identifier and the network security key to a terminal; And a memory for matching and storing the service set identifier and the network security key.
  • SSID service set identifier
  • a memory for matching and storing the service set identifier and the network security key.
  • a memory for matching and storing the service set identifier and the network security key of the AP device; And distributing the service set identifier and the network security key stored in the memory to a terminal, and changing the preset network access information or generating new network access information based on the service set identifier and the network security key. It provides a security key management device comprising a control unit for generating a control signal to transmit to the AP device.
  • the security key management method of the security key management device generating random random information, and generating a service set identifier and network security key of the AP device based on the random number information ; And distributing the service set identifier and the network security key to a terminal.
  • the security key management apparatus generates the service set identifier and the network security key of the AP device based on the random number information and distributes the generated service set identifier and the network security key to the terminal more efficiently. There is an effect that the wireless Internet service can be provided.
  • the security key management device matches and stores the service set identifier and network security key of the AP device in a memory, and distributes the stored service set identifier and network security key of the AP device to the terminal more efficiently. There is an effect that the wireless Internet service can be provided.
  • the security key management device interoperates with the license plate issuing management server to generate sequence information on service use, and further distributes the generated sequence information to the terminal together with the service set identifier and the network security key of the AP device. Therefore, when the security key management device is applied to a space such as a hospital or a bank, the wireless Internet service can be provided more efficiently, and the service for the user's work can be processed conveniently and quickly. have.
  • FIG. 1 is a block diagram schematically showing a security key management system according to the present embodiment.
  • FIG. 2 is a block diagram schematically showing a security key management apparatus according to the present embodiment.
  • FIG. 3 is a flowchart illustrating a method for distributing a service set identifier and a network security key of an AP device by a security key management device according to the present embodiment.
  • FIG. 4 is a flowchart illustrating a security key management method of the security key management apparatus according to the present embodiment.
  • FIG. 5 is an exemplary diagram illustrating a storage type of a service set identifier and a network security key generated by the security key management apparatus according to the present embodiment.
  • FIG. 1 is a block diagram schematically showing a security key management system according to the present embodiment.
  • the security key management system 100 includes a security key management device 110, an AP device 120, a terminal 130, a server device 140, and a number tag issue management server ( 150).
  • the components included in the security key management system 100 are not necessarily limited thereto.
  • the security key management system 100 is preferably implemented in a place where customers are crowded, such as a financial institution such as a bank, a public institution such as a government office, or a hospital, and the customers who visit the place more efficiently. It provides turnover service and wireless internet service to handle related tasks.
  • Security key management device 110 is provided in the above place means a device that substantially provides a wireless Internet service and a turn call service to users.
  • the security key management apparatus 110 generates network access information of the AP device 120, for example, a service set identifier (SSID) and a network security key, and generates the network access information from the AP device and the terminal 130.
  • SSID service set identifier
  • the security key management apparatus 110 generates network access information of the AP device 120, for example, a service set identifier (SSID) and a network security key, and generates the network access information from the AP device and the terminal 130.
  • SSID service set identifier
  • the security key management apparatus 110 generates random random information and generates a service set identifier and a network security key of the AP device 120 based on the generated random number information. According to the present embodiment, the security key management apparatus 110 may generate one service set identifier and one network security key corresponding thereto, and generate a plurality of service set identifiers and a plurality of service sets according to the embodiment. A plurality of network security keys may be generated for each identifier.
  • the security key management apparatus 110 When generating a plurality of service set identifier-network security key pair combination groups, the security key management apparatus 110 sets different usage conditions for each combination group, and then, based on the set usage conditions, an appropriate service set identifier-network. The security key combination group is distributed to the terminal 130.
  • the security key management apparatus 110 stores network access information of the AP device 120, for example, a service set identifier and a network security key, in the memory, and stores the stored network access information in the AP device and the terminal 130. Can also be provided to.
  • the network access information of the AP device 120 previously stored in the security key management device 110 may be network access information input by an administrator when the security key management device 110 is manufactured, or the security key management device 110. ) May be additionally input network connection information by the administrator after the service is performed.
  • the method in which the network connection information of the AP device 120 is provided in advance in the memory of the security key management device 110 is not limited to a specific method.
  • one service set identifier and one network security key corresponding thereto may be matched and stored in a memory of the security key management apparatus 110.
  • a plurality of service set identifiers and a plurality of service set identifiers may be stored.
  • Each of the plurality of network security keys may be matched and stored.
  • the security key management apparatus 110 sets a different usage condition for each combination group when a plurality of service set identifiers-network security key pair combination groups are stored, and then, based on the set usage conditions, an appropriate service set identifier- The network security key combination group may be distributed to the terminal 130.
  • the security key management apparatus 110 may distribute a service set identifier and a network security key of the AP device 120 only to a specific terminal.
  • the specific terminal may be a terminal that has received the service set identifier and network security key of the AP device 120 from the security key management device 110 through a pre-payment process with the server device 140.
  • the security key management device 110 is a service set identifier and a network security key of the AP device 120 for all the terminals with which the communication is performed using the security key management device 110 and the communication module 112. Can also be distributed.
  • the security key management apparatus 110 generates serial number information on service usage in association with the number tag issue management server 150 and additionally provides the generated serial number information to the terminal 130.
  • the security key management apparatus 110 receives the request information for the number tag issuance from the terminal 130 when communication with the terminal 130 is performed using the communication module 112. At this time, the request information for the number plate issued by the security key management device 110 from the terminal 130 includes the name or resident registration number of the customer that the terminal 130 has previously input from the user of the terminal 130, Work related information such as types may be included.
  • the security key management apparatus 110 transmits the request information received from the terminal 130 to the number tag issuing management server 150 and transmits the order number issuing information including a waiting sequence for service use from the number tag issuing management server 150. Granted.
  • the order issue information may further include various information such as a charge window number as well as a wait sequence number of the user for service use.
  • the security key management apparatus 110 generates sequence information on service use of the user of the terminal 130 based on the sequence issue information received from the number table issue management server 150. At this time, the security key management device 110 may use the sequence number issuance information received from the number plate issue management server 150 as sequence information, and based on the sequence number issue information received from the number table issue management server 150, the terminal ( 130 may generate and provide an electronic number table printed with a waiting number for a user's use of a service.
  • the security key management apparatus 110 transmits the sequence information to the terminal 130 together with the service set identifier and the network security key of the AP device 120 generated before.
  • the security key management device 110 is implemented to further distribute the service set identifier and the network security key of the AP device 120 to the terminal 130 in addition to the service set identifier.
  • services for business processing can also be provided conveniently and quickly.
  • the security key management device 110 may be integrated and operated in one device with the AP device 120.
  • the communication module 112 may be a communication module supporting Bluetooth, NFC, magnetic field communication, infrared communication, visible light communication, and the like, and a plurality of communication modules 112 may be provided according to a communication method to be supported. Meanwhile, in FIG. 1, the communication module 112 is illustrated as being implemented as a separate device from the security key management device 110, but is not necessarily limited thereto, and is included as a component of the security key management device 110 according to an embodiment.
  • the security key management device 110 may be implemented as one device.
  • the AP device 120 basically generates a wireless network signal, and refers to a device for relaying the generated wireless network signal.
  • a plurality of terminals 130 may be connected to the AP device 120 at the same time, local area communication (LAN) that can share information between the plurality of terminals 130 in a network environment connected to the same AP device 120 It can also be done.
  • the AP device 120 includes not only a telecommunication company AP device installed by a telecommunication service provider but also a private AP device installed by an individual user or a personal service provider.
  • the AP device 120 changes the preset network access information or changes new network access information based on the service set identifier and the network security key of the AP device 120 received from the security key management device 110.
  • Create The AP device 120 may set a plurality of network access information when there are a plurality of service set identifiers and network security keys of the AP device 120 received from the security key management device 110.
  • the AP device 120 may provide the same communication channel for each network access information or may provide different communication channels.
  • the AP device 120 is similarly based on the service set identifier and network security key of the AP device 120 received from the security key management device 110, and the same service set identifier and network security key from the security key management device 110. Form a wireless network with a terminal that has been distributed.
  • the terminal 130 refers to a terminal capable of transmitting and receiving various data using a communication intermediary device including the AP device 120 according to a user's key manipulation, and may be a tablet PC, a laptop, a personal computer.
  • PC Personal Computer
  • PDA Personal Digital Assistant
  • Mobile Communication Terminal Payment Terminal
  • Mobile Device Ex: Robot, Car, etc.
  • IoT terminal a home appliance such as a refrigerator or an air conditioner.
  • the terminal 130 is a terminal for performing voice or data communication using the AP device 120 and a communication network, and includes a memory for storing a program or protocol for communicating with an external device via the AP device 120 and the communication network, Means a terminal equipped with a microprocessor for executing and controlling the program.
  • the terminal 130 receives some or all of sequence information on service use, a service set identifier of the AP device 120, and a network security key from the security key management device 110.
  • the terminal 130 accesses the AP device 120 based on the service set identifier and the network security key provided from the security key management device 110.
  • the terminal 130 performs a preset payment procedure with the server device 140 and when the payment is completed, the authority for using the security key management device 110 from the server device 140, for example, the service of the AP device 120. Distribution authority for the set identifier and the network security key may be granted.
  • the terminal 130 is a security key management device 110 by listening to and watching advertisements for a certain time or by providing a user with useful data such as a survey and user information sharing to the operator of the security key management device 110. You may be provided with permission to use).
  • the method for receiving the authority for the use of the security key management apparatus 110 by the terminal 130 is not limited to a specific method.
  • the terminal 130 may additionally be provided with sequence information on service use by transmitting request information for the number tag issuance to the security key management device 110.
  • the terminal 130 has a separate communication module supporting the same communication method as that supported by the communication module 112 mounted on the security key management device 110 for communication with the security key management device 110. Can be mounted.
  • the terminal 130 When the terminal 130 receives the sequence number for service use, the service set identifier of the AP device 120, and the network security key from the security key management device 110, the terminal 130 receives the received time and the received security key in the order in which it is received.
  • Management device information and the like can be stored through the application of the terminal 130, and the like. Thereafter, the terminal 130 may utilize the stored information as an attendance check, an online coupon, and a stamp.
  • the terminal 130 utilizes the stored information to make payment and receipt information, bank account deposit and withdrawal history, location and movement information, music and video information, news, online credit card and various certificate issuance, product and service sales information, transaction history information, etc. May be provided for each time or by a place where the security key management device 110 providing the information is provided.
  • the information provided from the terminal 130 satisfies the set conditions of use, such as each time it contacts the communication module 112 connected to the security key management device 110 or the total available time or the allowable range and the number of receiving terminals. It may also be provided or updated through wireless communication of the AP device 120 within a range.
  • the server device 140 performs a payment procedure with the terminal 130 and grants the right to obtain the service set identifier and the network security key of the AP device 120 from the security key management device 110 only for the terminal on which payment is completed. do.
  • the server device 140 manages security keys for authenticating authentication that the terminal having completed payment has authority to obtain a service set identifier and a network security key of the AP device 120 from the security key management device 110.
  • the device 110 and the payment terminal can be transmitted.
  • the authentication information may include information such as identification information and payment information about the terminal for which payment is completed.
  • the server device 140 stores, as customer data, information about the security key management device 110 associated with the corresponding server device 140 and terminals to which use rights are granted for each security key management device 110.
  • the number tag issuance management server 150 refers to a device that collectively manages the sequence number distribution for a specific service use.
  • the number tag issuing management server 150 receives the number tag issuing request information for the user of the terminal 130 from the security key management device 110, it generates sequence number issuing information corresponding to the request information.
  • the number table issuing management server 150 transmits the generated sequence number issuing information to the security key management device 110, and through this, the security key management device 110 generates sequence information on the service usage of the user of the terminal 130. And to distribute to the terminal 130.
  • the number tag issuing management server 150 temporarily stores the generated serial number issuing information when generating the serial number issuing information, and then stores the sequence number issuing information when newly receiving the license number issuing request information from the security key management device 110. Generate new order issue information based on this.
  • the number tag issuance management server 150 is interlocked with the window terminal provided in the window where the service is actually provided, collects the progress history for the service currently being processed at the window, and integrates the security key management device ( 110 may be provided additionally.
  • FIG. 2 is a block diagram schematically illustrating a security key management apparatus according to the present embodiment.
  • the security key management apparatus 110 includes a random number generator 200, a sequence generator 202, a display unit 204, a controller 210, a memory 220, and the like.
  • the communication unit 230 is included.
  • the components included in the security key management device 110 is not necessarily limited thereto.
  • the security key management device 110 may be implemented in a form that does not include the random number generation unit 200 and the sequence number generation unit 202 as a component.
  • the random number generator 200 generates random number information as hardware or a program designed to generate random numbers having a specific size.
  • the random number information generated by using the random number generator 200 may include a random sequence.
  • the sequence number generation unit 202 generates sequence number information on service use in association with the number table issue management server 150.
  • the sequence number generation unit 202 receives sequence number issue information issued and transmitted from the number plate issue management server 150 in response to the number list issue request information of the terminal 130, and based on the sequence number issue information received, the terminal 130. Generates sequence information about the service usage of the user.
  • the sequence number generation unit 202 may use the sequence number issue information received from the number table issue management server 150 as sequence information, and based on the sequence number issue information received from the number table issue management server 150, the terminal 130 user. It is also possible to generate and provide a printed electronic number table of the waiting numbers for the use of the service.
  • the display unit 204 displays the progress of the service currently being processed for each window to the user.
  • the progress history for the service currently being processed for each window may be provided to the security key management device 110 together with the order information issuing information from the number table issuance management server 150.
  • the progress history of the service currently being processed by each window may include the turn information corresponding to the user currently processing the window at the corresponding window and the scheduled time of work processing, such as in the present embodiment It is not limited to specific information.
  • the display unit 204 applies the progress history of the service currently being processed for each window received from the number tag issuing management server 150 to the user by displaying the progress history on the preset UI.
  • the controller 210 generates a service set identifier and a network security key of the AP device 120 based on the random number information generated from the random number generator 200, and generates a service set identifier and network security of the generated AP device 120.
  • the key is distributed to the terminal 130.
  • the controller 210 may distribute the service set identifier and the network security key of the AP device 120 to the terminal 130 according to at least one of a communication method of Bluetooth, NFC, magnetic field communication, infrared communication, and visible light communication.
  • the controller 210 generates a service set identifier and a network security key of the AP device 120 at predetermined intervals. Meanwhile, the controller 210 continuously updates the service set identifier and the network security key of the AP device 120 stored in the memory 220 based on the newly generated service set identifier and the network security key of the AP device 120. Let's do it.
  • the controller 210 may set the service set identifier and the network security key generation period of the AP device 120 differently according to the communication method between the security key management device 110 and the terminal 130. For example, when the communication method between the security key management device 110 and the terminal 130 is NFC, the controller 210 considers the inconvenience that the user needs to continuously contact the terminal 130 with the NFC communication module. The service set identifier and the network security key generation period of the AP device 120 may be set longer than the scheme. On the contrary, when the communication method between the security key management device 110 and the terminal 130 is visible light communication, the controller 210 considers that a separate communication module contact process is unnecessary, so that the AP device 120 is compared with other communication methods. You can shorten the service set identifier and network security key generation cycle of.
  • the controller 210 randomly generates the service set identifier and the network security key of the AP device 120 at predetermined intervals when the service set identifier and the network security key of the AP device 120 are disclosed to the outside. Solve problems that can be used.
  • the controller 210 generates and generates a control signal for causing the AP device 120 to change preset network access information or generate new network access information based on the service set identifier and the network security key of the AP device 120.
  • the control signal is transmitted to the AP device 120.
  • the control unit 210 has the authority to access the management program for changing the network access information of the AP device 120, and stores the access information for this in advance.
  • the control unit 210 is an optional AP only for a terminal that has obtained the service set identifier and the network security key of the AP device 120 from the security key management device 110 through a pre-payment process with the server device 140.
  • the service set identifier and network security key of the device 120 may be distributed.
  • the controller 210 controls the service set identifier and the network security key of the AP device 120 from the security key management device 110 to the corresponding terminal 130 from the terminal 130 in a communication process with the terminal 130.
  • Authentication information for authenticating that there is an authority to acquire may be received, and an authentication procedure for the terminal 130 may be performed based on the received authentication information.
  • control unit 210 of the AP device 120 with respect to all the terminals to communicate with the security key management device 110 using the communication module 112 mounted on the security key management device 110. It is also possible to distribute service set identifiers and network security keys.
  • the control unit 210 uses the terminal to set the service set identifier and the network security key of the AP device 120 according to at least one communication method of Bluetooth, NFC, magnetic field communication, infrared communication, and visible light communication. 130 can be dispensed.
  • the bank manager temporarily contacts a terminal provided by the customer with the communication module 112 (ex: communication module Security key only for customers who use the bank by encouraging the user to communicate with the communication module 112 in the bank (ex: when the communication module supports visible light communication) or inducing the customer to communicate with the communication module 112 in the bank. It may be possible to receive a wireless Internet service using the management device 110.
  • the control unit 210 may generate one service set identifier and one network security key corresponding thereto based on the random number information generated from the random number generation unit 200.
  • a plurality of service set identifier-network security key pair combination groups may be generated by generating a service set identifier and generating a plurality of network security keys for each of the plurality of service set identifiers.
  • the controller 210 may set different usage conditions for each combination group.
  • the use condition may be at least one or more pieces of information among a total available time, an allowable distance range, and a total number of terminals that can be accommodated.
  • the usage conditions set for each combination group may be set in various conditions such as prior payment for the use of the security key management apparatus 110 and the use of a specific carrier.
  • the controller 210 basically matches the service set identifier and the network security key of the AP device 120 and stores them in the memory 220. When a plurality of service set identifier-network security key pair combination groups are generated, each combination is generated. The conditions of use and the current allocation status are further matched and stored for each group. To this end, the controller 210 continuously grasps the allocation details of the service set identifier and the network security key of the AP device 120 distributed to the terminal 130.
  • the controller 210 is optimal among the plurality of combination groups based on at least one of information about each combination group stored in the memory 220 and related information about the terminal 130 additionally collected in the communication with the terminal 130. Compute a combination group, and distributes the service set identifier and the network security key corresponding to the calculated combination group to the terminal 130.
  • the security key management device 110 when the security key management device 110 according to the present embodiment is implemented in a form that does not include the random number generating unit 200 as a component, the controller 210 of the AP device 120 previously stored in the memory 220 The service set identifier and the network security key are distributed to the terminal 130.
  • the memory 220 may store a plurality of service set identifier-network security key pair combination groups, and in this case, the controller 210 may set different usage conditions for each combination group.
  • control unit 210 is to distribute the order information generated from the sequence generator 202 in the process of distributing the service set identifier and the network security key of the AP device 120 to the terminal 130 AP device ( Along with the service set identifier and the network security key of 120 is further distributed to the terminal 130.
  • the control unit 210 transmits the request information for the number tag issuance management server 150 to the number tag issuance management server 150. send.
  • the controller 210 generates the sequence information on the service use of the user of the terminal 130 from the sequence generator 202 based on the sequence issue information received from the number tag issue management server 150.
  • the service set identifier and the network security key of the AP device 120 are further distributed to the terminal 130.
  • the memory 220 matches and stores the service set identifier and the network security key of the AP device 120 generated by using the controller 210.
  • the memory 220 further matches and stores the use conditions and the current allocation status for each combination group.
  • the memory 220 continuously receives the distribution status of each combination group from the control unit 210, and continuously updates and provides information on each combination group previously stored based on this.
  • the memory 220 may collect, match and store the service set identifier and the network security key of the AP device 120 in advance.
  • the communication unit 230 communicates with the terminal 130, and through this, the service set identifier and the network security key of the AP device 120 generated or calculated from the control unit 210 and the sequence number generation unit 202.
  • the sequence information is transmitted to the terminal 130.
  • the communication unit 230 may receive authentication information from the terminal 130 according to an embodiment.
  • the authentication information refers to information that proves that the terminal 130 has authority to obtain a service set identifier and a network security key of the AP device 120 from the security key management device 110.
  • the communication unit 230 sets the service set identifier and the network security key of the AP device 120 to the terminal 130.
  • the communication unit 230 communicates with the server device 140 in advance to the terminal having the authority to obtain the service set identifier and network security key of the AP device 120 from the security key management device 110.
  • the communication unit 230 may perform communication with the terminal 130 by using the communication module 112 provided in the security key management apparatus 110.
  • the communication unit 112 may be configured to communicate with the communication unit 230. It may be included as a component to directly communicate with the terminal 130.
  • FIG. 3 is a flowchart illustrating a method for distributing a service set identifier and a network security key of an AP device by a security key management device according to the present embodiment. Meanwhile, in FIG. 3, a method of providing a wireless Internet service among the turn calling service and the wireless Internet service provided from the security key management apparatus 100 according to the present embodiment will be described.
  • the method for distributing the service set identifier and the network security key of the AP device by the security key management apparatus includes the processes of A to D.
  • Process A is a process until the terminal 130 is authorized to obtain a service set identifier and a network security key of the AP device 120 from the security management device 110 by performing a payment procedure with the server device 140. .
  • process A may be selectively performed when the service set identifier and network security key distribution service of the AP device 120 provided by the security management device 110 is paid.
  • it may be selectively performed when the specific service set identifier and the specific network security key for the terminal for which payment is completed from the security management apparatus 110 are provided.
  • the terminal 130 transmits a payment request signal to the server device 140 to be authorized to obtain a service set identifier and a network security key of the AP device 120 from the security key management device 110.
  • the server device 140 performs a preset payment procedure based on the payment request signal received from the terminal 130.
  • the server device 140 receives authentication information for authenticating that the authority to obtain the service set identifier and the network security key of the AP device 120 from the security key management device 110 with respect to the terminal 130 for which payment is completed. send. In another embodiment, the server device 140 may directly transmit the authentication information to the security key management device 110.
  • Process B is a process in which the security key management device 110 generates a service set identifier and a network security key of the AP device 120.
  • the security key management device 110 generates arbitrary random number information for generating the service set identifier and the network security key of the AP device 120.
  • the security key management device 110 generates a service set identifier and a network security key of the AP device 120 based on the random number information generated in step 1.
  • the security key management apparatus 110 generates a plurality of service set identifiers based on the random number information generated in step 1 and generates a plurality of network security keys for each of the plurality of service set identifiers, thereby providing a plurality of service set identifiers-network security. It is also possible to create a key pair combination group.
  • the security key management device 110 changes the preset network access information or generates new network access information based on the service set identifier and the network security key of the AP device 120 generated in step 2. Generates a control signal to transmit, and transmits the generated control signal to the AP device 120.
  • the AP device 120 changes the preset network access information or generates new network access information based on the service set identifier and the network security key of the AP device 120 received using step 3.
  • process B is a service that the security key management device 110 is stored in the memory 220 It may be replaced by a process of calculating a service set identifier and a network security key of the AP device 120 based on the set identifier and the network security key.
  • the security key management apparatus 110 changes the preset network access information or sets new network access information based on the service set identifier and the network security key of the AP device 120 calculated from the memory 220. Generates a control signal to generate, and transmits the generated control signal to the AP device 120.
  • Process C is a process of distributing the service set identifier and the network security key of the AP device 120 generated by the security key management device 110 to the terminal 130. In this process, some processes may be omitted depending on whether process A is performed.
  • the security key management device 110 authenticates that the terminal 130 obtains the service set identifier of the AP device 120 and the network security key from the security key management device 110 from the terminal 130. Receive authentication information.
  • the authentication information may be provided from the terminal 130 but may be provided from the server device 140 to the security key management device 110 when the payment for the corresponding terminal 130 is completed in step A.
  • the security key management device 110 checks whether there is an acquisition authority for the service set identifier and the network security key of the AP device 120 with respect to the terminal 130 based on the authentication information received in step 1.
  • the security key management device 110 determines that there is an acquisition authority for the service set identifier and the network security key of the AP device 120 with respect to the terminal 130 according to the check result of step 2, it is generated in process B.
  • the service set identifier and the network security key of the AP device 120 is transmitted to the terminal 130.
  • the security key management device 110 transmits the service set identifier and the network security key of the AP device 120 generated in the process B to the terminal 130 without a separate authentication procedure.
  • the process C is the AP device 120 calculated from the memory 220 in the process B when the security key management device 110 according to the present embodiment is implemented in a form that does not include the random number generator 200 as a component It may be replaced by the process of transmitting the service set identifier and the network security key of the terminal 130.
  • Process D is a process until the terminal 130 forms a wireless network with the AP device 120 based on the service set identifier and network security key of the AP device 120 distributed using process C.
  • the terminal 130 transmits the access request signal including the service set identifier and the network security key of the AP device 120 distributed using the process C to the AP device 120.
  • the AP device 120 compares the service set identifier and network security key of the AP device 120 received from the terminal 130 with the network access information currently set in the AP device 120 using step 1, The wireless network is formed with the terminal 130 according to the comparison result.
  • FIG. 4 is a flowchart illustrating a security key management method of the security key management apparatus according to the present embodiment.
  • the security key management apparatus 110 generates a service set identifier and a network security key of the AP device 120.
  • the process starts with generating random random information (S410).
  • the security key management apparatus 110 generates a service set identifier and a network security key of the AP device 120 based on the random number information generated in step S410 (S420). In operation S420, the security key management apparatus 110 generates a plurality of service set identifiers based on the random number information generated in step S410, and generates a plurality of network security keys for each of the plurality of service set identifiers, thereby providing a plurality of service set identifiers-network. Security key pair combination group can be created.
  • the security key management apparatus 110 may set different usage conditions for each combination group, and store and match the usage conditions and current allocation status set for each combination group.
  • the security key management device 110 controls the AP device 120 to change preset network access information or generate new network access information based on the service set identifier and the network security key of the generated AP device 120. To generate and transmits the generated control signal to the AP device 120 (S430).
  • the security key management apparatus 110 generates serial number information on service use in association with the number table issuing management server (S440). In operation S440, the security key management apparatus 110 receives the order issuing information from the license number issuing management server 150 and generates order information on the service usage of the user of the terminal 130 based on the received order issuing information.
  • the security key management apparatus 110 distributes the service set identifier, the network security key, and the sequence information of the AP device 120 generated in steps S420 and S440 to the terminal 130 (S450).
  • the security key management apparatus 110 adds information about each combination group stored in operation S420 and the terminal 130 when there are a plurality of service set identifiers and network security keys of the AP device 120 generated in operation S420.
  • An optimal service set identifier and a network security key are calculated based on at least one of the related information about the terminal 130 collected as.
  • the security key management device 110 receives a service set identifier of the AP device 120 and an access right for the network security key from the security key management device 110 through a pre-payment process with the server device 140. Only the service set identifier and network security key of the AP device 120 may be distributed.
  • steps S410 through S450 are sequentially executed, but the present disclosure is not limited thereto. That is, since the steps described in FIG. 4 may be applied by changing or executing one or more steps in parallel, FIG. 4 is not limited to the time series order.
  • steps S410 and S420 may include the memory 220 of the security key management apparatus 110. It may be replaced by a process of calculating the service set identifier and the network security key of the AP device 120 based on the stored service set identifier and the network security key.
  • FIG. 5 is an exemplary diagram illustrating a storage type of a service set identifier and a network security key generated by the security key management apparatus according to the present embodiment.
  • the security key management apparatus 110 basically matches and stores a service set identifier and a network security key of the AP device 120 generated based on random random information. Meanwhile, when a plurality of service set identifier-network security key pair combination groups are generated, the security key management apparatus 110 further matches and stores conditions of use and current allocation status for each combination group.
  • the service set identifier generated by the security key management apparatus 110 and the storage type of the network security key are not limited in a specific manner.
  • the security key management device 110 when the security key management device 110 according to the present embodiment is implemented in a form that does not include the random number generation unit 200 as a component storage form of the service set identifier and network security key stored in the memory 220 also It may have a similar form as shown in FIG.
  • security key management system 110 security key management device
  • communication module 120 AP device
  • terminal 140 server device
  • sequence number generation unit 204 display unit
  • control unit 220 memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne, dans l'un de ses modes de réalisation, un dispositif de gestion de clé de sécurité et un procédé associé, lequel dispositif génère un identifiant d'un ensemble services et une clé de sécurité de réseau d'un dispositif AP sur la base de certaines informations de numéro aléatoire, génère des informations de séquence sur une utilisation de service en étant relié à un serveur de gestion d'émission de tickets à numéro, et distribue à un terminal les informations de séquence générées et l'identifiant de l'ensemble services et la clé de sécurité réseau d'un dispositif AP, fournissant ainsi de manière plus efficace un service Internet sans fil et traitant commodément et rapidement un service destiné au traitement d'un travail d'utilisateur.
PCT/KR2016/010631 2015-10-19 2016-09-23 Dispositif de gestion de clé de sécurité et procédé associé WO2017069413A1 (fr)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
KR10-2015-0145440 2015-10-19
KR20150145440 2015-10-19
KR10-2015-0167120 2015-11-27
KR1020150167120A KR101744858B1 (ko) 2015-10-19 2015-11-27 보안키 관리장치 및 그 방법
KR10-2015-0167134 2015-11-27
KR1020150167134A KR101744868B1 (ko) 2015-10-19 2015-11-27 보안키 관리장치 및 그 방법

Publications (1)

Publication Number Publication Date
WO2017069413A1 true WO2017069413A1 (fr) 2017-04-27

Family

ID=58557549

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2016/010631 WO2017069413A1 (fr) 2015-10-19 2016-09-23 Dispositif de gestion de clé de sécurité et procédé associé

Country Status (1)

Country Link
WO (1) WO2017069413A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060024653A (ko) * 2004-09-14 2006-03-17 삼성전자주식회사 무선 네트워크에서 보안 정보를 설정하는 장치, 시스템 및그 방법
KR20080054420A (ko) * 2005-09-28 2008-06-17 콸콤 인코포레이티드 무선 네트워크 액세스 파라미터를 분배하기 위한 시스템 및방법
KR20110001475A (ko) * 2009-06-30 2011-01-06 주식회사 퍼스트포켓 네트워크 상의 서비스 권한 관리 방법 및 시스템과 그를 위한 휴대용 저장 장치
KR20140066886A (ko) * 2012-11-23 2014-06-03 중소기업은행 휴대 단말을 이용한 번호표 발급 장치 및 그 방법
US20140295760A1 (en) * 2013-03-29 2014-10-02 Pantech Co., Ltd. Terminal and method for establishing a wireless communication connection

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060024653A (ko) * 2004-09-14 2006-03-17 삼성전자주식회사 무선 네트워크에서 보안 정보를 설정하는 장치, 시스템 및그 방법
KR20080054420A (ko) * 2005-09-28 2008-06-17 콸콤 인코포레이티드 무선 네트워크 액세스 파라미터를 분배하기 위한 시스템 및방법
KR20110001475A (ko) * 2009-06-30 2011-01-06 주식회사 퍼스트포켓 네트워크 상의 서비스 권한 관리 방법 및 시스템과 그를 위한 휴대용 저장 장치
KR20140066886A (ko) * 2012-11-23 2014-06-03 중소기업은행 휴대 단말을 이용한 번호표 발급 장치 및 그 방법
US20140295760A1 (en) * 2013-03-29 2014-10-02 Pantech Co., Ltd. Terminal and method for establishing a wireless communication connection

Similar Documents

Publication Publication Date Title
WO2017222169A1 (fr) Procédé d'approbation de paiement effectué à l'aide d'une carte à puce, serveur de société à carte l'exécutant et carte à puce
WO2016159486A1 (fr) Procédé de gestion de parc de stationnement, terminal portatif et système de gestion de parc de stationnement
WO2013025085A2 (fr) Appareil et procédé permettant de prendre en charge un nuage de famille dans un système informatique en nuage
WO2013055113A1 (fr) Dispositif, système et procédé de paiement mobile utilisant les achats à domicile
EP3262585A1 (fr) Sécurité de bout en bout sur la base de zone de confiance
WO2019132272A1 (fr) Identifiant en tant que service basé sur une chaîne de blocs
WO2015065138A1 (fr) Système réparti pour la prestation d'un service de casiers, et son procédé de commande
WO2015102404A1 (fr) Système de point de vente mobile pour règlement inverse, et procédé associé
WO2014129804A1 (fr) Procédé de service de gestion de patients, procédé de fourniture de services de traitement, nœud de serveur et serveur qui leur est appliqué
WO2012169865A2 (fr) Procédé et système de gestion de carte de visite sur internet
WO2016060345A1 (fr) Procédé de génération de carte multiple, procédé d'utilisation de carte multiple et système de carte multiple
WO2012093900A2 (fr) Procédé et dispositif pour authentifier une entité de réseau personnel
WO2016085062A1 (fr) Procédé d'authentification par carte d'authentification nfc
WO2016064127A1 (fr) Système et procédé d'authentification croisée pour mobile
WO2024117667A1 (fr) Serveur de gestion de données nft et son procédé de fonctionnement
WO2016085079A1 (fr) Appareil et procédé d'assistance au paiement facile pour terminal mobile
KR101744868B1 (ko) 보안키 관리장치 및 그 방법
WO2017069413A1 (fr) Dispositif de gestion de clé de sécurité et procédé associé
WO2020091247A2 (fr) Système et procédé de fourniture de service de parc de stationnement basé sur ars
WO2013118956A1 (fr) Système et procédé de fourniture de service d'adhésion intégré
WO2015016437A1 (fr) Procédé de paiement par carte factice et serveur de paiement
WO2018021864A1 (fr) Procédé pour fournir un service en nuage
WO2012157893A2 (fr) Procédé de fourniture de services de transaction financière, dispositif de fourniture d'un service de transaction financière permettant la mise en œuvre dudit procédé et terminal de communication mobile
WO2018008818A1 (fr) Kiosque de fourniture d'un service de facturation prépayée et procédé de fourniture de service associé
WO2021132914A2 (fr) Système d'authentification de l'utilisateur d'une installation et procédé de commande associé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16857671

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16857671

Country of ref document: EP

Kind code of ref document: A1