WO2018147673A1 - Symmetric key-based user authentication method for ensuring anonymity in wireless sensor network environment - Google Patents

Symmetric key-based user authentication method for ensuring anonymity in wireless sensor network environment Download PDF

Info

Publication number
WO2018147673A1
WO2018147673A1 PCT/KR2018/001745 KR2018001745W WO2018147673A1 WO 2018147673 A1 WO2018147673 A1 WO 2018147673A1 KR 2018001745 W KR2018001745 W KR 2018001745W WO 2018147673 A1 WO2018147673 A1 WO 2018147673A1
Authority
WO
WIPO (PCT)
Prior art keywords
dynamic
key
sensor
random number
verification value
Prior art date
Application number
PCT/KR2018/001745
Other languages
French (fr)
Korean (ko)
Inventor
정재욱
박정환
전재율
Original Assignee
에스지에이솔루션즈 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 에스지에이솔루션즈 주식회사 filed Critical 에스지에이솔루션즈 주식회사
Publication of WO2018147673A1 publication Critical patent/WO2018147673A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Definitions

  • the present invention provides a user authentication method suitable for a wireless sensor network environment that is secure against various attack methods, but uses only a hash function and a symmetric key based encryption system with a very small amount of computation. It relates to a user authentication method based on.
  • Wireless sensor network is a network environment composed of many sensor nodes and gateway nodes that manage them.
  • wireless sensor networks are widely used in combination with various technologies in various fields such as military facility management, health care service, and smart grid environment.
  • the user authentication protocol is a security technology that aims for successful authentication between users by securely accessing the corresponding gateway node and sensor node using their smart card, ID, and password information.
  • user authentication protocols must be designed considering not only safety but also efficiency.
  • An object of the present invention is to solve the problems described above, to provide a user authentication method suitable for a wireless sensor network environment that is safe for various attack methods, using only a hash function and a symmetric key-based encryption system with a very small amount of calculation, It is to provide a symmetric key based user authentication method that guarantees anonymity in a wireless sensor network environment.
  • an object of the present invention is to configure an encryption / decryption using only symmetric key cryptography and XOR operation in consideration of the limited hardware resources of the sensor. To provide a way.
  • the present invention relates to a symmetric key-based user authentication method performed by a smart card, a user terminal capable of reading and writing the smart card, a plurality of sensors, and a gateway communicating with the sensor.
  • the gateway receives the user's ID and dynamic password from the user terminal, generates a secret key encrypted with the ID and the dynamic password, and a login verification value composed of the dynamic password and the secret key to the smart card.
  • Extracting and verifying a second verification value with (g) generating, by each sensor, a third verification value using a shared key, an extracted session key, a received dynamic ID, and a sensor ID, and transmitting the third verification value to the gateway; (h) The gateway extracts a third verification value using the shared key, the generated session key, the received dynamic ID, and the sensor ID, and verifies it against the transmitted third verification value, and checks the dynamic ID, the sensor ID, and the session key. And transmitting a second message obtained by encrypting a first random number with the symmetric key; And (i) the user terminal decrypting the second message with a symmetric key to verify the dynamic ID and the first random number.
  • the dynamic password or dynamic ID is generated by concatenating a random number to the password or ID and hashing the same.
  • the present invention is a symmetric key-based user authentication method, in the step (a), characterized in that the secret key is used as a hash value of the secret value previously generated by the gateway.
  • the present invention is a symmetric key-based user authentication method, wherein in the step (e), the shared key is used as a hash value by concatenating the sensor ID to a secret value previously shared between the gateway and the sensor. It is characterized by.
  • the present invention in the symmetric key-based user authentication method, in the step (d), (f), (h), (i), the time stamp is received, predetermined by the time stamp After the grace time has elapsed, it is characterized in that the subsequent steps are not performed.
  • the present invention is a symmetric key-based user authentication method, in step (c), generating a first random number, including the first random number in the first message, and in step (h), The first random number of the first message is included in the second message and transmitted. In step (i), the first random number of the second message is verified.
  • the present invention also relates to a computer-readable recording medium having recorded thereon a program for performing a user authentication method based on a symmetric key.
  • the symmetric key-based user authentication method for guaranteeing anonymity in a wireless sensor network environment by using only a hash function having a very small amount of computation and a symmetric key-based encryption system, An effect with very high advantages is obtained.
  • FIG. 1 is a block diagram of an overall system for practicing the present invention.
  • FIG. 2 is a table showing a notation for explaining a symmetric key-based user authentication method of the present invention.
  • FIG. 3 is a flowchart illustrating a user registration step of a symmetric key based user authentication method according to an embodiment of the present invention.
  • FIG. 4 is a flowchart illustrating the login and verification steps of a symmetric key based user authentication method according to an embodiment of the present invention.
  • FIG. 5 is a flowchart illustrating a password change step of a symmetric key based user authentication method according to an embodiment of the present invention.
  • the entire system for implementing the present invention includes a smart card 11, a user terminal 10 capable of reading or recording the smart card 11, a gateway 20, and a plurality of sensors. Or a sensor node 30.
  • the user terminal 10 is a computing terminal used by a user, such as a smartphone, a tablet PC, a PC, a laptop, and the like.
  • the user terminal 10 may access the smart card 11 to read, record or change the contents recorded in the card.
  • the smart card 11 is a storage medium having a security function, and is a conventional IC chip, a smart card, or the like.
  • the gateway 20 is a gateway device that collects data or controls the sensor 30 through a plurality of sensors 30 and wirelessly.
  • the sensor or sensor node 30 is a sensor for measuring temperature, image, sound, humidity, and the like, and is a device that communicates using a short range communication protocol such as Zigbee, Wi-Fi, or Bluetooth.
  • the user authentication information is stored in the smart card.
  • the user terminal 10 may access the sensor through the gateway.
  • the security requirements to be considered in the wireless sensor network environment are as follows, and the user authentication method according to the present invention should also satisfy the following security requirements.
  • Session key distribution Finally, the session key distribution process is performed through mutual authentication. The user can then use the distributed session key to securely communicate with the gateway and sensor nodes.
  • the user authentication method generally includes a step of safely changing a user's password. At this time, the user should change the user's password in the smart card itself rather than changing the password through the server.
  • Offline password attack is an attack method that infers these user's passwords by total investigation method.
  • an authentication method is constructed using only a symmetric key-based encryption technique and a hash function operation in consideration of limited hardware resources of a sensor node.
  • the user authentication method according to the present invention comprises a registration step, a login and verification step (or an authentication step), a password change step, and the like.
  • the user authentication method according to the present invention satisfies all the security requirements described above.
  • the registration step is a step in which the user or the user terminal 10 registers the user (or his smart card information) with the gateway or the gateway node 20 using the user's information.
  • 3 shows a registration step, and a detailed execution procedure according to this is as follows.
  • x a is the secret generated by the gateway node.
  • the gateway node 20 generates a smart card for use by the user and stores the smart card authentication information (N i , M i , h ( ⁇ )) in the smart card and issues it to the user. That is, the issued smart card (N i , M i , h ( ⁇ )) is transmitted to the user terminal 10 (S4).
  • the user terminal 10 having received the smart card inserts a random number b generated by the user into the smart card 11 (S5).
  • the user gets a smart card that stores (N i , M i , h ( ⁇ ), b).
  • FIG. 4 As shown in Figure 4, it consists of a login process and a verification process.
  • the login process is a step performed when the user terminal approaches the wireless sensor network environment.
  • the user inserts his smart card into the terminal and enters ID i and PW i (S11).
  • the smart card transmits a login request message ⁇ DID i , A i , T 1 > to the gateway node (S14).
  • the verification process begins when the gateway receives a login request message from the user. In this step, mutual authentication procedure is performed through verification of messages sent and received, and when all authentication procedures are completed, session key SK is finally shared between sensor node and user. In addition, by using the shared session key SK, the user can securely communicate with the corresponding sensor node in the future.
  • the gateway node uses the timestamp T 1 value to transmit the first message received
  • the validity is checked through ⁇ T (S21).
  • DID i and T 1 values obtained from the decryption operation with the values in the received login request message. If the two values are equal to each other, the following procedure is continued, and if the two values are different, the step ends.
  • L i is a second random number encrypted with h (x s ⁇ SID n ).
  • the gateway node 20 transmits ⁇ L i , DID i , B i , and T 2 > to the sensor node 30 (S24).
  • the sensor node 30 first checks
  • Time stamp verification is performed through ⁇ T (S31).
  • the gateway node 20 transmits
  • Time stamp verification is performed by ⁇ T (S41).
  • C i * h (h (x s ⁇ SID n ) ⁇ SK ⁇ DID i ⁇ SID n ⁇ T 3 ), compare C i * and C i with each other and receive the message ⁇ C i , T 3 > is verified (S42). If the verification is successful, the gateway node ensures that the sensor node that sent the message is a legitimate sensor node.
  • the decryption operation D k (D i ) ⁇ DID i , SID n , SK, R 1 , T 4 ⁇ on the encrypted D i value is performed (S52).
  • the DID i , R 1 , T 4 values obtained through the decoding operation are compared with the DID i , R 1 , T 4 values previously held. .
  • the password change step is for changing a user's password. If the user password is changed, the values in the smart card that are affected by the password should also be changed. In the password change step according to the present invention, since the smart card itself is designed to change the password without a separate communication with the server, it can be said that it is very excellent in terms of efficiency. A detailed description of the password change step follows.
  • the user inserts his smart card into the terminal and enters ID i , the existing password PW i old , and the new password PW i new (S71).
  • the smart card replaces the newly calculated ⁇ N i new , M i new ⁇ values with the ⁇ N i , M i ⁇ values stored in the existing smart card (S74).
  • the smart card contains the values (N i new , M i new , h ( ⁇ ), b).

Abstract

The present invention relates to a symmetric key-based user authentication method performed by a smart card, a user terminal capable of reading and writing the smart card, a plurality of sensors, and a gateway communicating with the sensor. The present invention provides a configuration comprising the steps of: (a) receiving, by the gateway, a user ID and a dynamic password from the user terminal, generating a secret key encrypted with the ID and the dynamic password, and a login verification value composed of the dynamic password and the secret key, and storing the same in the smart card; (b) extracting, by the user terminal, the dynamic password from the input ID and password, decrypting the secret key by using the extracted dynamic password, restoring the login verification value, and verifying the restored login verification value with the login verification value of the smart card; (c) generating, by the user terminal, a dynamic ID, generating a symmetric key with a dynamic ID and a secret key, encrypting the dynamic ID with a symmetric key to generate a first message, and transmitting the dynamic ID and the first message to the gateway; (d) restoring, by the gateway, the symmetric key with the received dynamic ID and the stored secret key, decoding the first message with the restored symmetric key, and verifying the dynamic ID; (e) generating, by the gateway, a second random number, encrypting the second random number with a shared key, generating a session key with the received dynamic ID, the shared key, and the second random number, generating a second verification value with a dynamic ID, a session key, a shared key, and a sensor ID, and transmitting the encrypted second random number, the dynamic ID, and the second verification value to each sensor; (f) decrypting, by each sensor, the second random number with the shared key, extracting and sharing the session key with the received dynamic ID, the shared key, and the decrypted second random number, and extracting and verifying the second verification value with the dynamic ID, the extracted session key, the shared key, and the sensor ID; (g) generating, by each sensor, a third verification value with the shared key, the extracted session key, the received dynamic ID, and the sensor ID, and transmitting the generated third verification value to the gateway; (h) extracting, by the gateway, the third verification value with the shared key, the generated session key, the received dynamic ID, and the sensor ID to compare and verify the extracted third verification value with the transmitted third verification value, and transmitting a second message in which the dynamic ID, the sensor ID, the session key, and a first random number are encrypted with the symmetric key; and (i) decrypting, by the user terminal, the second message with the symmetric key, and verifying the dynamic ID and the first random number. By using only the hash function with a very small amount of computation and the symmetric key-based cryptosystem according to the user authentication method as described above, it is possible to have a very high efficiency in terms of efficiency.

Description

무선 센서 네트워크 환경에서의 익명성을 보장하는 대칭키 기반의 사용자 인증 방법Symmetric Key-based User Authentication Method for Anonymity in Wireless Sensor Networks
본 발명은 다양한 공격법에 안전한 무선센서네트워크 환경에 적합한 사용자 인증 방법을 제공하되, 연산량이 매우 작은 해시함수와 대칭키 기반의 암호 시스템만을 사용하는, 무선 센서 네트워크 환경에서의 익명성을 보장하는 대칭키 기반의 사용자 인증 방법에 관한 것이다.The present invention provides a user authentication method suitable for a wireless sensor network environment that is secure against various attack methods, but uses only a hash function and a symmetric key based encryption system with a very small amount of computation. It relates to a user authentication method based on.
무선센서네트워크는 많은 센서 노드들과 이를 관리하는 게이트웨이 노드로 구성된 네트워크 환경이며, 현재 군사 시설 관리 및 헬스 케어 서비스, 스마트 그리드 환경 등 여러 분야의 다양한 기술들과 융합되어 널리 사용되고 있다.Wireless sensor network is a network environment composed of many sensor nodes and gateway nodes that manage them. Currently, wireless sensor networks are widely used in combination with various technologies in various fields such as military facility management, health care service, and smart grid environment.
무선센서네트워크 환경의 중요성이 높아짐에 따라 센서들이 지니고 있는 중요한 정보들에 대한 기밀성 및 무결성을 보장하기 위한 다양한 연구가 수행 중이다. 특히, 무선센서네트워크 환경의 안전성을 보장하기 위한 대표적인 방법으로 사용자 인증 프로트콜 설계 관련 연구가 각광을 받고 있다. 사용자 인증 프로토콜은 사용자가 본인의 스마트카드, ID, 패스워드 정보를 사용하여 해당 게이트웨이 노드 및 센서 노드에 안전하게 접근하여 상호간의 성공적인 인증을 목표로 하는 보안기술이다. 하지만, 에너지 사용측면에서 매우 제한적인 센서노드의 특징을 반드시 염두해야 하기 때문에 안전성 측면뿐만 아니라 효율성 측면도 반드시 고려를 하여 사용자 인증 프로토콜을 설계해야 한다. As the importance of wireless sensor network environment increases, various researches are underway to ensure the confidentiality and integrity of important information of sensors. In particular, research on the design of user authentication protocols has been in the spotlight as a representative method for ensuring the safety of the wireless sensor network environment. The user authentication protocol is a security technology that aims for successful authentication between users by securely accessing the corresponding gateway node and sensor node using their smart card, ID, and password information. However, since the characteristics of sensor nodes that are very limited in terms of energy use must be taken into consideration, user authentication protocols must be designed considering not only safety but also efficiency.
본 발명의 목적은 상술한 바와 같은 문제점을 해결하기 위한 것으로, 다양한 공격법에 안전한 무선센서네트워크 환경에 적합한 사용자 인증 방법을 제공하되, 연산량이 매우 작은 해시함수와 대칭키 기반의 암호 시스템만을 사용하는, 무선 센서 네트워크 환경에서의 익명성을 보장하는 대칭키 기반의 사용자 인증 방법을 제공하는 것이다.An object of the present invention is to solve the problems described above, to provide a user authentication method suitable for a wireless sensor network environment that is safe for various attack methods, using only a hash function and a symmetric key-based encryption system with a very small amount of calculation, It is to provide a symmetric key based user authentication method that guarantees anonymity in a wireless sensor network environment.
특히, 본 발명의 목적은 센서의 제한된 하드웨어 자원을 고려하여 대칭키 암호 기술을 이용한 암·복호화와 XOR 연산만을 사용하도록 구성하는, 무선 센서 네트워크 환경에서의 익명성을 보장하는 대칭키 기반의 사용자 인증 방법을 제공하는 것이다.In particular, an object of the present invention is to configure an encryption / decryption using only symmetric key cryptography and XOR operation in consideration of the limited hardware resources of the sensor. To provide a way.
상기 목적을 달성하기 위해 본 발명은 스마트카드, 상기 스마트카드를 읽고 쓸수 있는 사용자 단말, 다수의 센서, 및, 상기 센서와 통신하는 게이트웨이에 의해 수행되는, 대칭키 기반의 사용자 인증 방법에 관한 것으로서, (a) 상기 게이트웨이는 상기 사용자 단말로부터 사용자의 아이디 및 동적 패스워드를 수신하여, 상기 아이디와 동적 패스워드로 암호화된 비밀키와, 상기 동적 패스워드와 상기 비밀키로 구성된 로그인 검증값을 생성하여 상기 스마트카드에 저장하는 단계; (b) 상기 사용자 단말은 입력된 아이디와 패스워드로부터 동적 패스워드를 추출하고, 추출된 동적 패스워드를 이용하여 비밀키를 복호화하고 로그인 검증값을 복원하여, 상기 스마트카드의 로그인 검증값으로 검증하는 단계; (c) 상기 사용자 단말은 동적 아이디를 생성하고, 동적 아이디와 비밀키로 대칭키를 생성하고, 동적 아이디를 대칭키로 암호화하여 제1 메시지를 생성하고, 상기 동적 아이디 및 제1 메시지를 상기 게이트웨이로 전송하는 단계; (d) 상기 게이트웨이는 수신한 동적 아이디와 저장된 비밀키로 대칭키를 복원하고, 복원된 대칭키로 상기 제1 메시지를 복호화하여 동적 아이디를 검증하는 단계; (e) 상기 게이트웨이는 제2 난수를 생성하고, 공유키로 제2 난수를 암호화하고, 수신한 동적 아이디와, 공유키와, 제2 난수로 세션키를 생성하고, 동적아이디, 세션키, 공유키, 센서 아이디로 제2 검증값을 생성하여, 암호화된 제2 난수, 동적 아이디, 및 상기 제2 검증값을 상기 각 센서로 전송하는 단계; (f) 각 센서는 공유키로 제2 난수를 복호화하고, 수신한 동적 아이디, 공유키, 복호화된 제2 난수로 세션키를 추출하여 공유하고, 동적아이디, 추출된 세션키, 공유키, 센서 아이디로 제2 검증값을 추출하여 검증하는 단계; (g) 각 센서는 공유키, 추출된 세션키, 수신한 동적 아이디, 센서 아이디로 제3 검증값을 생성하여, 상기 게이트웨이로 전송하는 단계; (h) 상기 게이트웨이는 공유키, 생성된 세션키, 수신한 동적 아이디, 센서 아이디로 제3 검증값을 추출하여, 전송된 제3 검증값과 대비하여 검증하고, 동적 아이디, 센서 아이디, 세션키, 및, 제1 난수를 상기 대칭키로 암호화한 제2 메시지를 전송하는 단계; 및, (i) 상기 사용자 단말은 대칭키로 제2 메시지를 복호화하여, 동적 아이디와 제1 난수를 검증하는 단계를 포함하는 것을 특징으로 한다.To achieve the above object, the present invention relates to a symmetric key-based user authentication method performed by a smart card, a user terminal capable of reading and writing the smart card, a plurality of sensors, and a gateway communicating with the sensor. The gateway receives the user's ID and dynamic password from the user terminal, generates a secret key encrypted with the ID and the dynamic password, and a login verification value composed of the dynamic password and the secret key to the smart card. Storing; (b) extracting, by the user terminal, a dynamic password from the input ID and password, decrypting the secret key using the extracted dynamic password, restoring the login verification value, and verifying the login verification value of the smart card; (c) the user terminal generates a dynamic ID, generates a symmetric key with the dynamic ID and a secret key, generates a first message by encrypting the dynamic ID with a symmetric key, and transmits the dynamic ID and the first message to the gateway. Doing; (d) restoring, by the gateway, the symmetric key with the received dynamic ID and the stored secret key, and verifying the dynamic ID by decrypting the first message with the restored symmetric key; (e) the gateway generates a second random number, encrypts the second random number with a shared key, generates a received dynamic ID, a shared key, and a session key with the second random number, and generates a dynamic ID, a session key, and a shared key. Generating a second verification value using a sensor ID and transmitting an encrypted second random number, a dynamic ID, and the second verification value to each sensor; (f) Each sensor decrypts the second random number with the shared key, extracts the shared session key with the received dynamic ID, shared key, and decrypted second random number, and shares the dynamic ID, extracted session key, shared key, and sensor ID. Extracting and verifying a second verification value with; (g) generating, by each sensor, a third verification value using a shared key, an extracted session key, a received dynamic ID, and a sensor ID, and transmitting the third verification value to the gateway; (h) The gateway extracts a third verification value using the shared key, the generated session key, the received dynamic ID, and the sensor ID, and verifies it against the transmitted third verification value, and checks the dynamic ID, the sensor ID, and the session key. And transmitting a second message obtained by encrypting a first random number with the symmetric key; And (i) the user terminal decrypting the second message with a symmetric key to verify the dynamic ID and the first random number.
또, 본 발명은 대칭키 기반의 사용자 인증 방법에 있어서, 동적 패스워드 또는 동적 아이디는 패스워드 또는 아이디에 난수를 연접(concatenation)을 하고 해쉬하여 생성되는 것을 특징으로 한다.In addition, in the symmetric key-based user authentication method, the dynamic password or dynamic ID is generated by concatenating a random number to the password or ID and hashing the same.
또, 본 발명은 대칭키 기반의 사용자 인증 방법에 있어서, 상기 (a)단계에서, 상기 비밀키는 상기 게이트웨이가 사전에 생성한 비밀값을 해쉬한 값으로 사용되는 것을 특징으로 한다.In addition, the present invention is a symmetric key-based user authentication method, in the step (a), characterized in that the secret key is used as a hash value of the secret value previously generated by the gateway.
또, 본 발명은 대칭키 기반의 사용자 인증 방법에 있어서, 상기 (e)단계에서, 상기 공유키는 상기 게이트웨이와 상기 센서가 사전에 서로 공유하는 비밀값에 센서 아이디를 연접하여 해쉬한 값으로 사용되는 것을 특징으로 한다.In addition, the present invention is a symmetric key-based user authentication method, wherein in the step (e), the shared key is used as a hash value by concatenating the sensor ID to a secret value previously shared between the gateway and the sensor. It is characterized by.
또, 본 발명은 대칭키 기반의 사용자 인증 방법에 있어서, 상기 (d)단계, (f)단계, (h)단계, (i)단계에서, 타임스탬프를 수신하고, 타임스탬프에 의하여 사전에 정해진 유예시간이 경과되면 이후 단계를 수행하지 않는 것을 특징으로 한다.In addition, the present invention, in the symmetric key-based user authentication method, in the step (d), (f), (h), (i), the time stamp is received, predetermined by the time stamp After the grace time has elapsed, it is characterized in that the subsequent steps are not performed.
또, 본 발명은 대칭키 기반의 사용자 인증 방법에 있어서, 상기 (c)단계에서, 제1 난수를 생성하여, 상기 제1 메시지에 제1 난수를 포함하여 전송하고, 상기 (h)단계에서, 상기 제1 메시지의 제1 난수를 상기 제2 메시지에 포함시켜 전송하고, 상기 (i)단계에서, 상기 제2 메시지의 제1 난수를 검증하는 것을 특징으로 한다.In addition, the present invention is a symmetric key-based user authentication method, in step (c), generating a first random number, including the first random number in the first message, and in step (h), The first random number of the first message is included in the second message and transmitted. In step (i), the first random number of the second message is verified.
또한, 본 발명은 대칭키 기반의 사용자 인증 방법을 수행하는 프로그램을 기록한 컴퓨터로 읽을 수 있는 기록매체에 관한 것이다.The present invention also relates to a computer-readable recording medium having recorded thereon a program for performing a user authentication method based on a symmetric key.
상술한 바와 같이, 본 발명에 따른 무선 센서 네트워크 환경에서의 익명성을 보장하는 대칭키 기반의 사용자 인증 방법에 의하면, 연산량이 매우 작은 해시함수와 대칭키 기반의 암호시스템만을 사용함으로써, 효율성 측면에서 매우 높은 이점을 가지는 효과가 얻어진다.As described above, according to the symmetric key-based user authentication method for guaranteeing anonymity in a wireless sensor network environment according to the present invention, by using only a hash function having a very small amount of computation and a symmetric key-based encryption system, An effect with very high advantages is obtained.
도 1은 본 발명을 실시하기 위한 전체 시스템에 대한 구성도.1 is a block diagram of an overall system for practicing the present invention.
도 2는 본 발명의 대칭키 기반의 사용자 인증 방법을 설명하기 위한 표기법을 나타낸 표.2 is a table showing a notation for explaining a symmetric key-based user authentication method of the present invention.
도 3은 본 발명의 일실시예에 따른 대칭키 기반의 사용자 인증 방법의 사용자 등록단계를 설명하는 흐름도.3 is a flowchart illustrating a user registration step of a symmetric key based user authentication method according to an embodiment of the present invention.
도 4는 본 발명의 일실시예에 따른 대칭키 기반의 사용자 인증 방법의 로그인 및 검증 단계를 설명하는 흐름도.4 is a flowchart illustrating the login and verification steps of a symmetric key based user authentication method according to an embodiment of the present invention.
도 5는 본 발명의 일실시예에 따른 대칭키 기반의 사용자 인증 방법의 패스워드 변경단계를 설명하는 흐름도.5 is a flowchart illustrating a password change step of a symmetric key based user authentication method according to an embodiment of the present invention.
이하, 본 발명의 실시를 위한 구체적인 내용을 도면에 따라서 설명한다.DETAILED DESCRIPTION Hereinafter, specific contents for carrying out the present invention will be described with reference to the drawings.
또한, 본 발명을 설명하는데 있어서 동일 부분은 동일 부호를 붙이고, 그 반복 설명은 생략한다.In addition, in describing this invention, the same code | symbol is attached | subjected and the repeated description is abbreviate | omitted.
먼저, 본 발명을 실시하기 위한 전체 시스템의 구성의 예들에 대하여 도 1을 참조하여 설명한다.First, examples of the configuration of the entire system for implementing the present invention will be described with reference to FIG.
도 1에서 보는 바와 같이, 본 발명을 실시하기 위한 전체 시스템은 스마트카드(11), 스마트카드(11)를 읽거나 기록할 수 있는 사용자 단말(10), 게이트웨이(20), 및, 다수의 센서 또는 센서노드(30)로 구성된다.As shown in FIG. 1, the entire system for implementing the present invention includes a smart card 11, a user terminal 10 capable of reading or recording the smart card 11, a gateway 20, and a plurality of sensors. Or a sensor node 30.
사용자 단말(10)은 사용자가 사용하는 컴퓨팅 단말로서, 스마트폰, 태플릿PC, PC, 노트북 등이다. 또한, 사용자 단말(10)은 스마트카드(11)에 접근하여, 카드 내에 기록된 내용을 읽거나 기록 또는 변경할 수 있다.The user terminal 10 is a computing terminal used by a user, such as a smartphone, a tablet PC, a PC, a laptop, and the like. In addition, the user terminal 10 may access the smart card 11 to read, record or change the contents recorded in the card.
스마트카드(11)는 보안기능을 구비한 저장매체로서, 통상의 IC칩, 스마트카드 등이다.The smart card 11 is a storage medium having a security function, and is a conventional IC chip, a smart card, or the like.
게이트웨이(20)는 다수의 센서(30)와 무선을 통하여 데이터를 수집하거나 센서(30)를 제어하는 게이트웨이 장치이다.The gateway 20 is a gateway device that collects data or controls the sensor 30 through a plurality of sensors 30 and wirelessly.
센서 또는 센서노드(30)는 온도, 영상, 소리, 습도 등을 측정하는 센서로서, 지그비, 와이파이, 블루투스 등 근거리 통신 프로토콜을 이용하여 통신하는 장치이다.The sensor or sensor node 30 is a sensor for measuring temperature, image, sound, humidity, and the like, and is a device that communicates using a short range communication protocol such as Zigbee, Wi-Fi, or Bluetooth.
즉, 스마트폰 등 사용자 단말(10)이 센서(30)에 접근하기 위하여, 사용자 인증정보를 스마트카드에 저장한다. 그리고 사용자 단말(10)은 스마트카드에 의해 게이트웨이의 인증을 통과하면, 게이트웨이를 통해 센서에 접근할 수 있다.That is, in order for the user terminal 10 such as a smartphone to access the sensor 30, the user authentication information is stored in the smart card. When the user terminal 10 passes the authentication of the gateway by the smart card, the user terminal 10 may access the sensor through the gateway.
이하에서 명확한 설명을 위하여 사용한 표기들을 도 2의 표와 같이 정리하였다.The notation used for clarity below is summarized as shown in the table of FIG. 2.
다음으로, 본 발명에 따른 사용자 인증 방법에서 충족시킬 수 있는 다양한 보안 요구사항들에 대하여 설명한다. 즉, 무선 센서네트워크 환경에서 고려해야 될 보안 요구사항으로는 아래와 같으며, 본 발명에 따른 사용자 인증 방법 또한 아래와 같은 보안 요구사항을 충족해야 한다.Next, various security requirements that can be satisfied in the user authentication method according to the present invention will be described. That is, the security requirements to be considered in the wireless sensor network environment are as follows, and the user authentication method according to the present invention should also satisfy the following security requirements.
(1) 사용자 익명성: 사용자의 ID는 프로토콜상의 전송되는 메시지가 도청공격을 통해 노출되었다 하더라도 안전해야 하며, 사용자 스마트카드 공격에도 안전하게 보존되어야 한다.(1) User Anonymity: The user's identity must be secure even if the messages sent over the protocol are exposed through eavesdropping attacks, and must be secured against user smart card attacks.
(2) 상호인증: 무선센서네트워크 환경에 참여한 사용자, 센서 노드, 게이트웨이 노드 간에 주고받은 모든 메시지에 관하여 검증과정을 수행하여 상호인증을 만족하도록 한다.(2) Mutual authentication: Verifies the mutual authentication by performing verification process on all messages exchanged between users, sensor nodes, and gateway nodes participating in the wireless sensor network environment.
(3) 세션키 분배: 상호인증을 통하여 최종적으로 세션키 분배과정을 수행한다. 후에 사용자는 분배된 세션키를 사용하여 게이트웨이 및 센서 노드와 안전한 암호통신을 할 수 있다.(3) Session key distribution: Finally, the session key distribution process is performed through mutual authentication. The user can then use the distributed session key to securely communicate with the gateway and sensor nodes.
(4) 잘못 입력된 패스워드에 대한 빠른 탐지: 사용자는 무선센서네트워크에 로그인할 때 본인의 ID와 패스워드를 입력해야 한다. 하지만 로그인 단계에서 사용자가 입력한 패스워드에 대한 정당성 체크 과정이 수행되지 않으면 로그인 단계 후에 수행되는 검증 단계까지 진행이 된 후에나 패스워드의 정확성 여부를 판단하게 된다. 이는 매우 비효율적이기 때문에, 로그인 단계에서 반드시 사용자가 입력한 패스워드에 대한 정당성 여부가 확인되어야 한다.(4) Quick detection of incorrectly entered password: The user must enter his ID and password when logging into the wireless sensor network. However, if the legitimacy check process for the password input by the user is not performed at the login stage, it is determined whether or not the correctness of the password is performed after proceeding to the verification stage performed after the login stage. Since this is very inefficient, the login phase must confirm the validity of the password entered by the user.
(5) 효율적인 패스워드 변경: 사용자 인증 방법에는 일반적으로 사용자의 패스워드를 안전하게 변경할 수 있는 단계가 있다. 이때, 사용자는 서버를 통해 패스워드를 변경하는 것이 아닌 스마트카드 안에서 자체적으로 사용자 패스워드를 변경하게 방법이 수행되어야 한다.(5) Efficient password change: The user authentication method generally includes a step of safely changing a user's password. At this time, the user should change the user's password in the smart card itself rather than changing the password through the server.
(6) 위장 공격에 안전: 공격자는 해당 인증 방법에 침투할 수 있는 능력을 지니고 있다. 위장공격이란 마치 공격자 본인이 정당한 사용자인 것처럼 행동하여 상대방을 속이는 행위를 일컫는다. (6) Safe against spoofing attacks: An attacker has the ability to penetrate the authentication method. A fake attack is an act of deceiving an opponent by acting as if the attacker is a legitimate user.
(7) 오프라인 패스워드 공격에 안전: 사용자의 패스워드는 노출되어서는 안될 중요한 정보이다. 오프라인 패스워드 공격은 이러한 사용자의 패스워드를 전수 조사 방법으로 유추하는 공격 방법이다.(7) Safe against offline password attacks: Your password is important information that should not be exposed. Offline password attack is an attack method that infers these user's passwords by total investigation method.
(8) 내부자 공격에 안전: 사용자 등록 단계에서 게이트웨이 노드를 관리하는 관리자는 악의적인 마음을 품고 사용자가 등록을 위해 전송한 패킷을 이용하여 사용자의 개인정보를 파악할 수 있다. 일반적으로 패스워드정보가 많이 노출이 되며, 사용자 인증 방법에서 이를 반드시 고려해야 한다.(8) Safe to insider attack: The administrator who manages the gateway node in the user registration stage can use malicious packets sent by the user to grasp the user's personal information. In general, a lot of password information is exposed, and this must be considered in the user authentication method.
한편, 본 발명에서는 센서 노드의 제한된 하드웨어 자원을 고려하여 대칭키 기반의 암호기술과 해시함수 연산만을 사용하여 인증 방법을 구성하였다.Meanwhile, in the present invention, an authentication method is constructed using only a symmetric key-based encryption technique and a hash function operation in consideration of limited hardware resources of a sensor node.
다음으로, 본 발명의 일실시예에 따른 대칭키 기반의 사용자 인증 방법을 도 3 내지 도 5를 참조하여 보다 구체적으로 설명한다.Next, a symmetric key based user authentication method according to an embodiment of the present invention will be described in more detail with reference to FIGS. 3 to 5.
본 발명에 따른 사용자 인증방법은 등록 단계, 로그인 및 검증 단계(또는 인증단계), 패스워드 변경 단계 등으로 구성된다. 또한, 본 발명에 따른 사용자 인증방법은 앞서 설명한 보안 요구사항을 모두 충족시킨다.The user authentication method according to the present invention comprises a registration step, a login and verification step (or an authentication step), a password change step, and the like. In addition, the user authentication method according to the present invention satisfies all the security requirements described above.
먼저, 등록 단계에 대하여 도 3을 참조하여 설명한다.First, the registration step will be described with reference to FIG. 3.
등록단계는 사용자 또는 사용자 단말(10)이 사용자의 정보를 이용하여 게이트웨이 또는 게이트웨이 노드(20)에 본인(또는 본인의 스마트카드 정보)을 등록하는 단계이다. 도 3은 등록단계를 나타내고 있으며, 이에 따른 자세한 수행 절차는 아래와 같다.The registration step is a step in which the user or the user terminal 10 registers the user (or his smart card information) with the gateway or the gateway node 20 using the user's information. 3 shows a registration step, and a detailed execution procedure according to this is as follows.
먼저, 사용자 단말(10)은 사용자의 아이디 IDi와 패스워드 PWi를 선택하고, 난수(random number) b를 생성한다(S1). 그리고 동적 패스워드
Figure PCTKR2018001745-appb-I000001
= h(PWi∥b)를 계산한다. 여기서 i는 사용자를 식별하는 첨자이다.First, the user terminal 10 selects the ID ID i and the password PW i of the user, and generates a random number b (S1). And dynamic passwords
Figure PCTKR2018001745-appb-I000001
Calculate = h (PW i ∥b). Where i is the subscript identifying the user.
그리고 게이트웨이 노드(20)에게 <IDi,
Figure PCTKR2018001745-appb-I000002
>를 전송한다(S2).And to the gateway node 20 <ID i ,
Figure PCTKR2018001745-appb-I000002
Send> (S2).
다음으로, 게이트웨이 노드(20)는 비밀키 v = h(xa)를 계산하고, v를 데이터 베이스에 저장한다(S3). 그리고 v를 암호화하여 암호화된 비밀키 Ni = h(IDi
Figure PCTKR2018001745-appb-I000003
)
Figure PCTKR2018001745-appb-I000004
v, 및, 로그인 검증값 Mi =h(
Figure PCTKR2018001745-appb-I000005
∥v)를 계산하고 v를 데이터 베이스에 저장한다. 여기서, xa 는 게이트웨이 노드가 생성한 비밀값이다.Next, the gateway node 20 calculates the secret key v = h (x a ), and stores v in the database (S3). And the secret key encrypted by encrypting vN i = h (ID i ∥)
Figure PCTKR2018001745-appb-I000003
)
Figure PCTKR2018001745-appb-I000004
v, and the login verification value M i = h (
Figure PCTKR2018001745-appb-I000005
∥v) and store v in the database. Where x a is the secret generated by the gateway node.
게이트웨이 노드(20)는 사용자가 사용할 스마트 카드를 생성하고 스마트카드인증정보(Ni, Mi, h(·))를 스마트 카드에 저장하여 사용자에게 발급한다. 즉, 발급된 스마트 카드 (Ni, Mi, h(·))를 사용자 단말(10)에 전송한다(S4).The gateway node 20 generates a smart card for use by the user and stores the smart card authentication information (N i , M i , h (·)) in the smart card and issues it to the user. That is, the issued smart card (N i , M i , h (·)) is transmitted to the user terminal 10 (S4).
다음으로, 스마트카드를 발급받은 사용자 단말(10)은 본인이 생성했던 난수(random number b) b를 스마트카드(11)에 삽입한다(S5). 최종적으로 등록 단계가 끝나면 사용자는 (Ni, Mi, h(·), b)를 저장하고 있는 스마트카드를 얻게 된다.Next, the user terminal 10 having received the smart card inserts a random number b generated by the user into the smart card 11 (S5). Finally, after the registration phase, the user gets a smart card that stores (N i , M i , h (·), b).
다음으로, 로그인 및 검증 단계(또는 인증 단계)에 대하여 도 4를 참조하여 설명한다. 도 4와 같이, 로그인 과정 및 검증 과정으로 구성된다.Next, a login and verification step (or authentication step) will be described with reference to FIG. 4. As shown in Figure 4, it consists of a login process and a verification process.
먼저, 로그인 과정을 설명한다. 로그인 과정은 사용자 단말이 무선센서네트워크 환경으로 접근할 때 수행되는 단계이다.First, the login process is explained. The login process is a step performed when the user terminal approaches the wireless sensor network environment.
사용자는 본인의 스마트카드를 단말기에 넣고 IDi와 PWi를 입력한다(S11). 스마트카드는
Figure PCTKR2018001745-appb-I000006
*= h(PWi∥b), v* = Ni
Figure PCTKR2018001745-appb-I000007
h(IDi
Figure PCTKR2018001745-appb-I000008
*), Mi * = h(
Figure PCTKR2018001745-appb-I000009
*∥v*)를 계산한 후 Mi *값과 스마트카드 안에 저장되어 있던 Mi값을 서로 비교한다(S12). 만약 두 값이 같으면, 사용자는 올바른 패스워드를 입력했음이 증명되고, 만약 두 값이 다르면 로그인 단계가 종료된다.The user inserts his smart card into the terminal and enters ID i and PW i (S11). Smart card
Figure PCTKR2018001745-appb-I000006
* = h (PW i ∥b), v * = N i
Figure PCTKR2018001745-appb-I000007
h (ID i
Figure PCTKR2018001745-appb-I000008
* ), M i * = h (
Figure PCTKR2018001745-appb-I000009
After calculating * ∥ v * ), M i * values and M i values stored in the smart card are compared with each other (S12). If the two values are the same, the user is proved to have entered the correct password, and if the two values are different, the login phase ends.
다음으로, 스마트카드는 난수(random number) 제1 난수 R1을 생성하고, 동적 아이디 DIDi = h(IDi∥R1), 대칭키 k = h(DIDi∥v*∥T1), 제1 메시지 Ai = Ek(DIDi∥R1∥T1)을 계산한다(S13).Next, the smart card generates a random number first random number R 1 , the dynamic ID DID i = h (ID i ∥ R 1 ), the symmetric key k = h (DID i ∥v * ∥T 1 ), Compute the first message A i = E k (DID i ∥R 1 ∥T 1 ) (S13).
최종적으로 스마트카드는 게이트웨이 노드에게 로그인요청 메시지인 <DIDi, Ai, T1>를 전송한다(S14).Finally, the smart card transmits a login request message <DID i , A i , T 1 > to the gateway node (S14).
다음으로, 검증과정을 설명한다. 검증 과정은 게이트웨이가 사용자로부터 로그인 요청 메시지를 전송 받으면서 시작된다. 본 단계에서는 주고 받는 메시지의 검증을 통한 상호 인증절차가 수행되며, 모든 인증절차가 완료되면 최종적으로 센서 노드와 사용자 간에 세션키 SK를 공유하게 된다. 또한, 공유한 세션키 SK를 이용하여 향후 사용자는 해당 센서 노드와 안전한 비밀 통신을 할 수 있게 된다.Next, the verification process will be described. The verification process begins when the gateway receives a login request message from the user. In this step, mutual authentication procedure is performed through verification of messages sent and received, and when all authentication procedures are completed, session key SK is finally shared between sensor node and user. In addition, by using the shared session key SK, the user can securely communicate with the corresponding sensor node in the future.
다음으로, 사용자로부터 로그인 요청 메시지인 <DIDi, Ai, T1>를 전송 받은 후 게이트웨이 노드는 타임스탬프 T1값을 이용하여 전송 받은 제1 메시지에 대하여 |T1'- T1| < ΔT를 통해 유효성 여부를 검사한다(S21).Next, after receiving the login request message <DID i , A i , T 1 > from the user, the gateway node uses the timestamp T 1 value to transmit the first message received | T 1 '-T 1 | The validity is checked through <ΔT (S21).
또한, 게이트웨이 노드는 대칭키 k = h(DIDi∥h(xa)∥T1)를 계산하여 암호화 되어있는 Ai값에 대한 복호화 Dk(Ai) = {DIDi, R1, T1}를 수행한다(S22). 로그인 요청 메시지의 유효성을 검증하기 위하여, 복호화 연산을 통해 얻은 DIDi 와 T1값과 전달 받은 로그인 요청 메시지 안에 있는 값을 비교한다. 만약, 두 값이 서로 동일한 값이면 다음 절차가 이어서 수행되며, 두 값이 다르면 단계가 종료된다.In addition, the gateway node calculates the symmetric key k = h (DID i ∥h (x a ) ∥T 1 ) and decrypts the encrypted A i value D k (A i ) = (DID i , R 1 , T 1 } (S22). To validate the login request message, compare the DID i and T 1 values obtained from the decryption operation with the values in the received login request message. If the two values are equal to each other, the following procedure is continued, and if the two values are different, the step ends.
다음으로, 게이트웨이 노드(20)는 제2 난수 R2값을 생성하고 Li = R2
Figure PCTKR2018001745-appb-I000010
h(xs∥SIDn), 세션키 SK = h(DIDi∥h(xs∥SIDn)∥R2∥T2), 제2 검증값 Bi = h(DIDi∥SK∥h(xs∥SIDn)∥SIDn∥T2)를 계산한다(S23). Li 는 h(xs∥SIDn)로 암호화된 제2 난수이다.Next, the gateway node 20 generates a second random number R 2 value and L i = R 2
Figure PCTKR2018001745-appb-I000010
h (x s ∥SID n ), session key SK = h (DID i ∥h (x s ∥SID n ) ∥R 2 ∥T 2 ), 2nd verification value B i = h (DID i ∥SK∥h ( x s ∥ SID n ) ∥ SID n ∥ T 2 ) (S23). L i is a second random number encrypted with h (x s ∥ SID n ).
그리고 게이트웨이 노드(20)는 센서 노드(30)에게 <Li, DIDi, Bi, T2>를 전송한다(S24).The gateway node 20 transmits <L i , DID i , B i , and T 2 > to the sensor node 30 (S24).
다음으로, 센서 노드(30)는 먼저 전송받은 <Li, DIDi, Bi, T2>에 대하여 |T2'- T2| < ΔT를 통해 타임스탬프 검증을 수행한다(S31).Next, the sensor node 30 first checks | T 2 '-T 2 | for the received <L i , DID i , B i , T 2 >. Time stamp verification is performed through <ΔT (S31).
검증이 올바르게 끝나면, 센서 노드(30)는 R2 = Li
Figure PCTKR2018001745-appb-I000011
h(xs∥SIDn), SK = h(DIDi∥h(xs∥SIDn)∥R2∥T2), Bi * = h(DIDi∥SK∥h(xs∥SIDn)∥SIDn∥T2)을 계산하고, Bi * 과 Bi을 서로 비교하여 전송 받은 메시지 <Li, DIDi, Bi, T2>에 대한 검증을 수행한다(S32). 만약 검증이 정상적으로 끝나면, 센서 노드는 메시지를 전송한 게이트웨이 노드가 정당한 게이트웨이 노드임을 확신한다.If the verification is done correctly, the sensor node 30 will return R 2 = L i
Figure PCTKR2018001745-appb-I000011
h (x s ∥SID n ), SK = h (DID i ∥h (x s ∥SID n ) ∥R 2 ∥T 2 ), B i * = h (DID i ∥SK ∥h (x s ∥SID n ) SID n ∥T 2 ) is calculated and B i * and B i are compared with each other to verify the received message <L i , DID i , B i , T 2 > (S32). If the verification is successful, the sensor node ensures that the gateway node that sent the message is a legitimate gateway node.
다음으로, 센서 노드(30)는 제3 검증값 Ci = h(h(xs∥SIDn)∥SK∥DIDi∥SIDn∥T3)를 계산하고 게이트웨이 노드에게 <Ci, T3>값을 전송한다(S33).Next, the sensor node 30 calculates a third verification value C i = h (h (x s ∥SID n ) ∥SK ∥DID i ∥SID n ∥T 3 ) and gives the gateway node <C i , T 3. The value is transmitted (S33).
다음으로, 게이트웨이 노드(20)는 전송 받은 <Ci, T3>에 대하여 |T3'- T3| < ΔT를 통해 타임스탬프 검증을 수행한다(S41).Next, the gateway node 20 transmits | T 3 '-T 3 | to the received <C i , T 3 >. Time stamp verification is performed by <ΔT (S41).
검증이 올바르게 끝나면, Ci * = h(h(xs∥SIDn)∥SK∥DIDi∥SIDn∥T3)를 계산하고, Ci * 과 Ci을 서로 비교하여 전송 받은 메시지 <Ci, T3>에 대한 검증을 수행한다(S42). 만약 검증이 정상적으로 끝나면, 게이트웨이 노드는 메시지를 전송한 센서 노드가 정당한 센서 노드임을 확신한다.If the verification is done correctly, calculate C i * = h (h (x s ∥ SID n ) ∥ SK ∥ DID i ∥ SID n ∥ T 3 ), compare C i * and C i with each other and receive the message <C i , T 3 > is verified (S42). If the verification is successful, the gateway node ensures that the sensor node that sent the message is a legitimate sensor node.
다음으로, 게이트웨이 노드(20)는 제2 메시지 Di = Ek(DIDi∥SIDn∥SK∥R1∥T4)를 계산하고 사용자에게 <Di, T4>를 전송한다(S43,S44).Next, the gateway node 20 calculates a second message D i = E k (DID i ∥SID n ∥SK ∥R 1 ∥T 4 ) and transmits <D i , T 4 > to the user (S43, S44).
다음으로, 사용자 단말(10)은 전송받은 <Di, T4>에 대하여 |T4'- T4| < ΔT를 통해 타임스탬프 검증을 수행한다(S51).Next, the user terminal 10 with respect to the received <D i , T 4 > | T 4 '-T 4 | The time stamp verification is performed through <ΔT (S51).
검증이 올바르게 끝나면, 암호화된 Di값에 대한 복호화 연산 Dk(Di) = {DIDi, SIDn, SK, R1, T4}을 수행한다(S52). 또한, 전송 받은 메시지 <Di, T4>에 대한 유효성을 검증하기 위하여 복호화 연산을 통해 얻은 DIDi, R1, T4 값들과 사전에 갖고 있던 DIDi, R1, T4 값들을 비교한다.After the verification is correctly performed, the decryption operation D k (D i ) = {DID i , SID n , SK, R 1 , T 4 } on the encrypted D i value is performed (S52). In addition, to verify the validity of the received message <D i , T 4 >, the DID i , R 1 , T 4 values obtained through the decoding operation are compared with the DID i , R 1 , T 4 values previously held. .
만약, 비교한 값들이 모두 일치하면, 사용자는 메시지 <Di, T4>를 전송한 게이트웨이 노드가 정당한 게이트웨이 노드임을 확신하게 되고 성공적으로 검증 단계가 마무리 된다.If all of the comparison values match, the user is convinced that the gateway node sending the message <D i , T 4 > is a valid gateway node and the verification step is successfully completed.
다음으로, 패스워드 변경 단계에 대하여 도 5를 참조하여 설명한다.Next, the password change step will be described with reference to FIG.
패스워드 변경 단계는 사용자의 패스워드를 변경하기 위한 단계이다. 사용자 패스워드가 변경되면 스마트카드 안에 있는 값들 중 패스워드에 영향을 받는 값들도 변경이 되어야 한다. 본 발명에 따른 패스워드 변경 단계에서는 서버와의 별도의 통신 없이 스마트카드 자체적으로 패스워드를 변경할 수 있게 설계를 하였기 때문에, 효율성 측면에서 매우 뛰어나다고 할 수 있다. 패스워드 변경 단계의 자세한 설명을 아래와 같다.The password change step is for changing a user's password. If the user password is changed, the values in the smart card that are affected by the password should also be changed. In the password change step according to the present invention, since the smart card itself is designed to change the password without a separate communication with the server, it can be said that it is very excellent in terms of efficiency. A detailed description of the password change step follows.
먼저, 사용자는 본인의 스마트카드를 단말기에 넣고 IDi 와 기존의 패스워드 PWi old, 그리고 새로운 패스워드 PWi new를 입력한다(S71).First, the user inserts his smart card into the terminal and enters ID i , the existing password PW i old , and the new password PW i new (S71).
*다음으로, 스마트카드는
Figure PCTKR2018001745-appb-I000012
= h(PWi old∥b), vold = Ni
Figure PCTKR2018001745-appb-I000013
h(IDi
Figure PCTKR2018001745-appb-I000014
), Mi old = h(
Figure PCTKR2018001745-appb-I000015
∥vold)를 계산한 후 Mi old값과 스마트카드 안에 저장되어 있던 Mi값을 서로 비교한다(S72). 만약 두 값이 다르면 패스워드 변경 단계가 종료되고, 같으면 다음 절차가 수행된다. * Next, smart card
Figure PCTKR2018001745-appb-I000012
= h (PW i old ∥ b), v old = N i
Figure PCTKR2018001745-appb-I000013
h (ID i
Figure PCTKR2018001745-appb-I000014
), M i old = h (
Figure PCTKR2018001745-appb-I000015
∥v old ) is calculated, and then M i old and M i stored in the smart card are compared with each other (S72). If the two values are different, the password change step is terminated, and if they are the same, the following procedure is performed.
다음으로, 스마트카드는 새로운 패스워드로 구성된
Figure PCTKR2018001745-appb-I000016
= h(PWi new∥b), Ni new = h(IDi
Figure PCTKR2018001745-appb-I000017
)
Figure PCTKR2018001745-appb-I000018
v, Mi new = h(
Figure PCTKR2018001745-appb-I000019
∥v)를 계산한다(S73).Next, the smart card is configured with a new password
Figure PCTKR2018001745-appb-I000016
= h (PW i new ∥ b), N i new = h (ID i
Figure PCTKR2018001745-appb-I000017
)
Figure PCTKR2018001745-appb-I000018
v, M i new = h (
Figure PCTKR2018001745-appb-I000019
∥ calculate v) (S73).
그리고 최종적으로 스마트카드는 새롭게 계산한 {Ni new, Mi new}값들과 기존의 스마트카드 안에 저장되어있던 {Ni, Mi}값들을 교체한다(S74). 패스워드 변경 단계가 끝난 후 스마트카드 안에는 (Ni new, Mi new, h(·), b)값들을 지니고 있게 된다.Finally, the smart card replaces the newly calculated {N i new , M i new } values with the {N i , M i } values stored in the existing smart card (S74). After the password change phase, the smart card contains the values (N i new , M i new , h (·), b).
이상, 본 발명자에 의해서 이루어진 발명을 상기 실시 예에 따라 구체적으로 설명하였지만, 본 발명은 상기 실시 예에 한정되는 것은 아니고, 그 요지를 이탈하지 않는 범위에서 여러 가지로 변경 가능한 것은 물론이다.As mentioned above, although the invention made by this inventor was demonstrated concretely according to the said Example, this invention is not limited to the said Example and can be variously changed in the range which does not deviate from the summary.

Claims (7)

  1. 스마트카드, 상기 스마트카드를 읽고 쓸수 있는 사용자 단말, 다수의 센서, 및, 상기 센서와 통신하는 게이트웨이에 의해 수행되는, 대칭키 기반의 사용자 인증 방법에 있어서,A smart card, a user terminal capable of reading and writing the smart card, a plurality of sensors, and a symmetric key based user authentication method performed by a gateway communicating with the sensor,
    (a) 상기 게이트웨이는 상기 사용자 단말로부터 사용자의 아이디 및 동적 패스워드를 수신하여, 상기 아이디와 동적 패스워드로 암호화된 비밀키와, 상기 동적 패스워드와 상기 비밀키로 구성된 로그인 검증값을 생성하여 상기 스마트카드에 저장하는 단계;The gateway receives the user's ID and dynamic password from the user terminal, generates a secret key encrypted with the ID and the dynamic password, and a login verification value composed of the dynamic password and the secret key to the smart card. Storing;
    (b) 상기 사용자 단말은 입력된 아이디와 패스워드로부터 동적 패스워드를 추출하고, 추출된 동적 패스워드를 이용하여 비밀키를 복호화하고 로그인 검증값을 복원하여, 상기 스마트카드의 로그인 검증값으로 검증하는 단계;(b) extracting, by the user terminal, a dynamic password from the input ID and password, decrypting the secret key using the extracted dynamic password, restoring the login verification value, and verifying the login verification value of the smart card;
    (c) 상기 사용자 단말은 동적 아이디를 생성하고, 동적 아이디와 비밀키로 대칭키를 생성하고, 동적 아이디를 대칭키로 암호화하여 제1 메시지를 생성하고, 상기 동적 아이디 및 제1 메시지를 상기 게이트웨이로 전송하는 단계;(c) the user terminal generates a dynamic ID, generates a symmetric key with the dynamic ID and a secret key, generates a first message by encrypting the dynamic ID with a symmetric key, and transmits the dynamic ID and the first message to the gateway. Doing;
    (d) 상기 게이트웨이는 수신한 동적 아이디와 저장된 비밀키로 대칭키를 복원하고, 복원된 대칭키로 상기 제1 메시지를 복호화하여 동적 아이디를 검증하는 단계;(d) restoring, by the gateway, the symmetric key with the received dynamic ID and the stored secret key, and verifying the dynamic ID by decrypting the first message with the restored symmetric key;
    (e) 상기 게이트웨이는 제2 난수를 생성하고, 공유키로 제2 난수를 암호화하고, 수신한 동적 아이디와, 공유키와, 제2 난수로 세션키를 생성하고, 동적아이디, 세션키, 공유키, 센서 아이디로 제2 검증값을 생성하여, 암호화된 제2 난수, 동적 아이디, 및 상기 제2 검증값을 상기 각 센서로 전송하는 단계;(e) the gateway generates a second random number, encrypts the second random number with a shared key, generates a received dynamic ID, a shared key, and a session key with the second random number, and generates a dynamic ID, a session key, and a shared key. Generating a second verification value using a sensor ID and transmitting an encrypted second random number, a dynamic ID, and the second verification value to each sensor;
    (f) 각 센서는 공유키로 제2 난수를 복호화하고, 수신한 동적 아이디, 공유키, 복호화된 제2 난수로 세션키를 추출하여 공유하고, 동적아이디, 추출된 세션키, 공유키, 센서 아이디로 제2 검증값을 추출하여 검증하는 단계;(f) Each sensor decrypts the second random number with the shared key, extracts and shares the session key with the received dynamic ID, the shared key, and the decrypted second random number, and the dynamic ID, the extracted session key, the shared key, and the sensor ID. Extracting and verifying a second verification value with;
    (g) 각 센서는 공유키, 추출된 세션키, 수신한 동적 아이디, 센서 아이디로 제3 검증값을 생성하여, 상기 게이트웨이로 전송하는 단계;(g) generating, by each sensor, a third verification value using a shared key, an extracted session key, a received dynamic ID, and a sensor ID, and transmitting the third verification value to the gateway;
    (h) 상기 게이트웨이는 공유키, 생성된 세션키, 수신한 동적 아이디, 센서 아이디로 제3 검증값을 추출하여, 전송된 제3 검증값과 대비하여 검증하고, 동적 아이디, 센서 아이디, 세션키, 및, 제1 난수를 상기 대칭키로 암호화한 제2 메시지를 전송하는 단계; 및,(h) The gateway extracts a third verification value using the shared key, the generated session key, the received dynamic ID, and the sensor ID, and verifies it against the transmitted third verification value, and checks the dynamic ID, the sensor ID, and the session key. And transmitting a second message obtained by encrypting a first random number with the symmetric key; And,
    (i) 상기 사용자 단말은 대칭키로 제2 메시지를 복호화하여, 동적 아이디와 제1 난수를 검증하는 단계를 포함하는 것을 특징으로 하는 대칭키 기반의 사용자 인증 방법.(i) the user terminal decrypts the second message with a symmetric key to verify the dynamic ID and the first random number.
  2. 제1항에 있어서,The method of claim 1,
    동적 패스워드 또는 동적 아이디는 패스워드 또는 아이디에 난수를 연접(concatenation)을 하고 해쉬하여 생성되는 것을 특징으로 하는 대칭키 기반의 사용자 인증 방법.Dynamic password or dynamic ID is a symmetric key-based user authentication method characterized in that generated by concatenating (hash) concatenation (random number) to the password or ID.
  3. 제1항에 있어서,The method of claim 1,
    상기 (a)단계에서, 상기 비밀키는 상기 게이트웨이가 사전에 생성한 비밀값을 해쉬한 값으로 사용되는 것을 특징으로 하는 대칭키 기반의 사용자 인증 방법.In the step (a), the secret key is a symmetric key-based user authentication method, characterized in that the gateway is used as a hash value of the previously generated secret value.
  4. 제1항에 있어서,The method of claim 1,
    상기 (e)단계에서, 상기 공유키는 상기 게이트웨이와 상기 센서가 사전에 서로 공유하는 비밀값에 센서 아이디를 연접하여 해쉬한 값으로 사용되는 것을 특징으로 하는 대칭키 기반의 사용자 인증 방법.In the step (e), the shared key is a symmetric key-based user authentication method, characterized in that used as a hash value by concatenating a sensor ID to a secret value previously shared between the gateway and the sensor.
  5. 제1항에 있어서,The method of claim 1,
    상기 (d)단계, (f)단계, (h)단계, (i)단계에서, 타임스탬프를 수신하고, 타임스탬프에 의하여 사전에 정해진 유예시간이 경과되면 이후 단계를 수행하지 않는 것을 특징으로 하는 대칭키 기반의 사용자 인증 방법.In steps (d), (f), (h), and (i), a timestamp is received, and after a predetermined grace time has elapsed by the timestamp, subsequent steps are not performed. Symmetric key based user authentication.
  6. 제1항에 있어서,The method of claim 1,
    상기 (c)단계에서, 제1 난수를 생성하여, 상기 제1 메시지에 제1 난수를 포함하여 전송하고,In step (c), a first random number is generated and transmitted by including the first random number in the first message,
    상기 (h)단계에서, 상기 제1 메시지의 제1 난수를 상기 제2 메시지에 포함시켜 전송하고,In step (h), the first random number of the first message is included in the second message and transmitted.
    상기 (i)단계에서, 상기 제2 메시지의 제1 난수를 검증하는 것을 특징으로 하는 대칭키 기반의 사용자 인증 방법.In step (i), the user authentication method based on the symmetric key, characterized in that to verify the first random number of the second message.
  7. 제1항 내지 제6항 중 어느 한 항의 대칭키 기반의 사용자 인증 방법을 수행하는 프로그램을 기록한 컴퓨터로 읽을 수 있는 기록매체.A computer-readable recording medium recording a program for performing the user authentication method based on any one of claims 1 to 6.
PCT/KR2018/001745 2017-02-09 2018-02-09 Symmetric key-based user authentication method for ensuring anonymity in wireless sensor network environment WO2018147673A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020170018233A KR101721511B1 (en) 2017-02-09 2017-02-09 A user authentication method using symmetric key, to guarantee anonymity in the wireless sensor network environment
KR10-2017-0018233 2017-02-09

Publications (1)

Publication Number Publication Date
WO2018147673A1 true WO2018147673A1 (en) 2018-08-16

Family

ID=58503318

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2018/001745 WO2018147673A1 (en) 2017-02-09 2018-02-09 Symmetric key-based user authentication method for ensuring anonymity in wireless sensor network environment

Country Status (2)

Country Link
KR (1) KR101721511B1 (en)
WO (1) WO2018147673A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109522689A (en) * 2018-10-29 2019-03-26 北京九州云腾科技有限公司 Multiple-factor strong identity authentication method under mobile office environment
CN110855435A (en) * 2019-11-14 2020-02-28 北京京航计算通讯研究所 Access control method based on attribute cryptosystem in wireless sensor network
WO2021076057A1 (en) * 2019-10-18 2021-04-22 Illinois At Singapore Pte Ltd A security device and method of provenance verification
CN113872945A (en) * 2021-09-07 2021-12-31 杭州师范大学 Security authentication method based on wireless sensor network
CN114205131A (en) * 2021-12-06 2022-03-18 广西电网有限责任公司梧州供电局 Safety certification protocol for transformer substation measurement and control and PMU (power management unit) equipment
CN114339653A (en) * 2022-03-04 2022-04-12 杭州格物智安科技有限公司 Block chain system based on wireless sensor network and data recording method
CN114401514A (en) * 2022-03-25 2022-04-26 北京邮电大学 Multi-factor identity authentication method facing wireless body area network and related equipment
RU2780961C1 (en) * 2021-12-21 2022-10-04 АО "Актив-софт" Method for restoring the state of smart card systems

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3769486B1 (en) * 2018-03-20 2022-07-27 Telefonaktiebolaget LM Ericsson (publ) Methods and apparatus for operating and managing a constrained device within a network
CN110267270B (en) * 2019-05-07 2022-07-12 国网浙江省电力有限公司电力科学研究院 Identity authentication method for sensor terminal access edge gateway in transformer substation
CN114338071A (en) * 2021-10-28 2022-04-12 中能电力科技开发有限公司 Network security identity authentication method based on wind power plant communication
CN115085945B (en) * 2022-08-22 2022-11-29 北京科技大学 Authentication method and device for intelligent lamp pole equipment
CN117097489B (en) * 2023-10-20 2024-01-30 华东交通大学 Lightweight double-factor agriculture Internet of things equipment continuous authentication method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090059292A (en) * 2007-12-06 2009-06-11 한국전자통신연구원 Method and system for distributing seceret key in micro low power sensor nodes
KR20130042266A (en) * 2011-10-18 2013-04-26 동서대학교산학협력단 Authentification method based cipher and smartcard for wsn
KR101531662B1 (en) * 2013-12-31 2015-06-25 고려대학교 산학협력단 Method and system for mutual authentication between client and server

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100501754C (en) * 1995-02-13 2009-06-17 英特特拉斯特技术公司 Systems and methods for secure transaction management and electronic rights protection

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090059292A (en) * 2007-12-06 2009-06-11 한국전자통신연구원 Method and system for distributing seceret key in micro low power sensor nodes
KR20130042266A (en) * 2011-10-18 2013-04-26 동서대학교산학협력단 Authentification method based cipher and smartcard for wsn
KR101531662B1 (en) * 2013-12-31 2015-06-25 고려대학교 산학협력단 Method and system for mutual authentication between client and server

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JAEWOOK JUNG: "An Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks", SENSORS, vol. 16, no. 8, 16 August 2016 (2016-08-16), XP055533590 *
JUNGHYUN NAM: "Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation", PLOS ONE, 7 April 2015 (2015-04-07), pages e0116709, XP055533595 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109522689A (en) * 2018-10-29 2019-03-26 北京九州云腾科技有限公司 Multiple-factor strong identity authentication method under mobile office environment
CN109522689B (en) * 2018-10-29 2023-05-30 北京九州云腾科技有限公司 Multi-factor body-building authentication method in mobile office environment
WO2021076057A1 (en) * 2019-10-18 2021-04-22 Illinois At Singapore Pte Ltd A security device and method of provenance verification
CN110855435B (en) * 2019-11-14 2022-04-19 北京京航计算通讯研究所 Access control method based on attribute cryptosystem in wireless sensor network
CN110855435A (en) * 2019-11-14 2020-02-28 北京京航计算通讯研究所 Access control method based on attribute cryptosystem in wireless sensor network
CN113872945A (en) * 2021-09-07 2021-12-31 杭州师范大学 Security authentication method based on wireless sensor network
CN113872945B (en) * 2021-09-07 2023-10-03 杭州师范大学 Security authentication method based on wireless sensor network
CN114205131A (en) * 2021-12-06 2022-03-18 广西电网有限责任公司梧州供电局 Safety certification protocol for transformer substation measurement and control and PMU (power management unit) equipment
CN114205131B (en) * 2021-12-06 2024-03-22 广西电网有限责任公司梧州供电局 Safety authentication method for transformer substation measurement and control and PMU equipment
RU2780961C1 (en) * 2021-12-21 2022-10-04 АО "Актив-софт" Method for restoring the state of smart card systems
CN114339653A (en) * 2022-03-04 2022-04-12 杭州格物智安科技有限公司 Block chain system based on wireless sensor network and data recording method
CN114339653B (en) * 2022-03-04 2022-05-24 杭州格物智安科技有限公司 Block chain system based on wireless sensor network and data recording method
CN114401514A (en) * 2022-03-25 2022-04-26 北京邮电大学 Multi-factor identity authentication method facing wireless body area network and related equipment
CN114401514B (en) * 2022-03-25 2022-07-08 北京邮电大学 Multi-factor identity authentication method facing wireless body area network and related equipment

Also Published As

Publication number Publication date
KR101721511B1 (en) 2017-03-30

Similar Documents

Publication Publication Date Title
WO2018147673A1 (en) Symmetric key-based user authentication method for ensuring anonymity in wireless sensor network environment
US10003582B2 (en) Technologies for synchronizing and restoring reference templates
Lai et al. Applying semigroup property of enhanced Chebyshev polynomials to anonymous authentication protocol
CN103532713B (en) Sensor authentication and shared key production method and system and sensor
WO2019083082A1 (en) Ksi-based authentication and communication method for safe smart home environment, and system therefor
CN106357649A (en) User identity authentication system and method
Liu et al. A physically secure, lightweight three-factor and anonymous user authentication protocol for IoT
CN106452739A (en) Quantum network service station and quantum communication network
CN107454079A (en) Lightweight device authentication and shared key machinery of consultation based on platform of internet of things
Srinivas et al. Provably secure biometric based authentication and key agreement protocol for wireless sensor networks
CN108737323A (en) A kind of digital signature method, apparatus and system
WO2018147488A1 (en) Secure attribute-based authentication method for cloud computing
US20230032099A1 (en) Physical unclonable function based mutual authentication and key exchange
CN108964897A (en) Identity authorization system and method based on group communication
CN109962777A (en) The key in block catenary system is permitted to generate, obtain the method and apparatus of key
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
CN108964896A (en) A kind of Kerberos identity authorization system and method based on group key pond
CN110493162A (en) Identity identifying method and system based on wearable device
CN113727296A (en) Anonymous privacy protection authentication protocol method based on wireless sensor system in intelligent medical treatment
Chen et al. Enhanced authentication protocol for the Internet of Things environment
WO2015178597A1 (en) System and method for updating secret key using puf
WO2022177204A1 (en) Did-based decentralized system for storing and sharing user data
CN206042014U (en) Quantum network service station and quantum communication network
Kumar et al. Blockchain-enabled secure communication for unmanned aerial vehicle (UAV) networks
Goel et al. LEOBAT: Lightweight encryption and OTP based authentication technique for securing IoT networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18750993

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18750993

Country of ref document: EP

Kind code of ref document: A1