WO2019083082A1 - Ksi-based authentication and communication method for safe smart home environment, and system therefor - Google Patents

Ksi-based authentication and communication method for safe smart home environment, and system therefor

Info

Publication number
WO2019083082A1
WO2019083082A1 PCT/KR2017/013840 KR2017013840W WO2019083082A1 WO 2019083082 A1 WO2019083082 A1 WO 2019083082A1 KR 2017013840 W KR2017013840 W KR 2017013840W WO 2019083082 A1 WO2019083082 A1 WO 2019083082A1
Authority
WO
WIPO (PCT)
Prior art keywords
ksi
iot device
server
idi
gateway
Prior art date
Application number
PCT/KR2017/013840
Other languages
French (fr)
Korean (ko)
Inventor
라경진
이임영
Original Assignee
순천향대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 순천향대학교 산학협력단 filed Critical 순천향대학교 산학협력단
Priority to CN201780088464.4A priority Critical patent/CN110419193B/en
Publication of WO2019083082A1 publication Critical patent/WO2019083082A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Definitions

  • the present invention relates to a KSI-based authentication and communication method for a secure smart home environment, and more particularly, to a KSI-based authentication and communication method for a smart home environment by performing authentication and communication based on KSI for a secure smart home environment, A KSI-based authentication and communication method for a secure smart home environment, and a system therefor.
  • IoT Internet of Things
  • a super connective society in which all objects organically communicate with the network.
  • IoT devices in a smart home environment provide various services through wired / wireless communication technology to provide convenience to users.
  • the IoT device has an attack technique using the vulnerability in the network environment according to the characteristics of IoT.
  • IoT devices connected through a central gateway there is a need for research on secure mutual authentication, data forgery, and information leakage because a single point of failure (SPOF) problem may occur.
  • SPOF single point of failure
  • Non-Patent Document 1 Nam, Ki-Ho (2015), A Method for Securing Data Integrity through Server-based Digital Signatures, Seoul National University of Science and Technology, Master's Thesis
  • the present invention has been proposed in order to solve the above-mentioned problems, and it is an object of the present invention to provide a KSI-based authentication for a secure smart home environment that provides confidentiality by using group keys in a smart home together with KSI, And a communication method and a system therefor.
  • a KSI-based smart home environment for a smart home environment in a system including an IoT device communicating with the KSI server and the user terminal through a user terminal, a KSI server and a gateway according to an aspect of the present invention
  • the authentication and communication method includes the steps of: the IoT device encrypts the I / O device with the secret group key distributed in advance for continuous communication with the gateway, the user terminal, and the KSI server to pre-register the identity information; Performing the mutual authentication using the pre-shared secret group key by the IoT device; And performing the confidential communication by the IoT device.
  • the certificate validity registered in KSI server encrypts the message M to be signed to the initial shared secret key group IV k ID DEV, Z IDi, C IDi To the gateway, a hash value pair of M, Z IDn ;
  • the step of performing the confidential communication further includes updating a group key when a new IoT device is registered or removed.
  • the IoT device is characterized in that a group key is updated by XORing a multiplexed time chain with a key hash chain.
  • the KSI server generates a user certificate based on the distributed network block chain and generates a unique global timestamp of the data, including the hash chain and the hash tree generated by the IoT device, the timestamp value at the time of generation of the public value, Generates a global hash tree by user authentication and a message, and links the global hash tree with a global agreement time to commit to a block chain, thereby generating a global time stamp.
  • a secure smart home environment for a system including an IoT device communicating directly with the KSI server and the user terminal without going through a user terminal, a KSI server and a gateway.
  • the KSI-based authentication and communication method includes: the IoT device transmitting certificate generation information to a KSI server; The KSI server returning a certificate of the IoT device including its ID s ;
  • the IoT device includes a private key which is a value before the hash of itself and information constituting the hash tree, requests signature from the KSI server and returns S t ;
  • a system including an IoT device communicating with a KSI server and a user terminal through a user terminal, a KSI server, and a gateway, the IoT device including a gateway,
  • the IoT device updates a group key when a new IoT device is registered or removed when confidential communication is performed.
  • the IoT device updates the group key by XORing the multiplexed time chain with the key hash chain.
  • the KSI server generates a user certificate based on the distributed network block chain and generates a unique global timestamp of the data, including the hash chain and the hash tree generated by the IoT device, the timestamp value at the time of generation of the public value, Generates a global hash tree by user authentication and a message, and links the global hash tree with a global agreement time to commit to a block chain, thereby generating a global time stamp.
  • the confidentiality can be provided by updating the group key.
  • FIG. 1 illustrates a schematic configuration of a smart home system for KSI-based authentication and communication according to an embodiment of the present invention
  • FIG. 2 illustrates a method of generating a global time stamp value of a KSI server according to an embodiment of the present invention
  • FIG. 3 is a diagram illustrating a step of pre-registering an IoT device through a gateway to a gateway, a user terminal, and a KSI server according to an embodiment of the present invention
  • FIG. 4 is a diagram illustrating a step in which an IoT device through a gateway according to an embodiment of the present invention includes a message generation and a global timestamp value generated through a KSI server,
  • FIG. 5 is a diagram illustrating a step of registering a new IoT device and updating a group key when leaving an existing IoT device according to an embodiment of the present invention
  • FIG. 6 is a diagram illustrating a step in which an IoT device capable of performing its own operation and communication without a gateway according to another embodiment of the present invention performs authentication and communication of a user terminal based on KSI.
  • &quot when an element is referred to as " comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise.
  • "Quot; and " part &quot refer to a unit that processes at least one function or operation, which may be implemented in hardware, software, or a combination of hardware and software.
  • the present invention relates to a smart home system for KSI-based authentication and communication, which updates a group key through XOR coupling as a multiply-distributed body and provides encryption and confidentiality through the same,
  • An IoT device registration and a KSI certificate issuing step a KSI-based global timestamp generation step as a message generation and signature of the IoT device, a registration and withdrawal of the IoT device as a group key registration step, a pre-secret key distribution step as a group key, And updating the group session key (group key).
  • UID User U's identifier
  • FIG. 1 is a diagram illustrating a schematic configuration of a smart home system for KSI-based authentication and communication according to an embodiment of the present invention.
  • the system according to the present embodiment includes a user terminal, a KSI server, and an IoT device.
  • the user terminal may be a smart phone.
  • the configuration described as a smart phone is regarded as a user terminal.
  • the above-described components according to the present embodiment connect to the Internet (network) through the wired / wireless network to transmit / receive information (data), and the group devices in the smart home create a key chain through a hash chain. At this time, secret keys are distributed in advance among the group devices in the smart home.
  • the system according to the present embodiment may further include a server and / or a cloud providing various services.
  • the system according to the present embodiment is based on a KSI server composed of distributed servers for the purpose of creating an environment for secure and efficient authentication and communication.
  • the system according to the present embodiment can be largely composed of a KSI server and a system (e.g., a user terminal, an IOT device, a gateway, etc.) in a smart home.
  • the KSI server can perform certificate registration and generation, global timestamp generation, and mutual authentication and confidential communication through a secret group key and a certificate in a smart home.
  • the KSI server can authenticate and register with a key chain composed of a hash chain and a hash tree to authenticate the user, receive a certificate, and then return a block chain by making a message to be communicated with a global time stamp.
  • encrypted communication with the IoT device is performed with the pre-allocated group key for confidentiality. Then, when the new IoT device is registered and the existing IoT device is withdrawn, the group key can be updated by XOR of the multiplexed time chain .
  • the entire process can include IoT device registration, certificate creation, message creation and signing, and group key renewal.
  • the IoT device may include an IoT device communicating with a KSI server and a user terminal via a gateway and an IoT device communicating directly with a KSI server and a user terminal without going through a gateway.
  • the IoT device can be divided into an IoT device capable of external Internet communication, a high self-calculation amount, and an IoT device in which operations are performed through a gateway and wireless BLE and / or WiFi.
  • IoT devices that operate through the gateway use the hash value generated last time after the one-way hash chain is generated through the random random number SEED in the group IoT devices in the registration and certificate generation process.
  • the IoT device registers the IoT device information and the public key in the user terminal and the gateway through the pre-allocated group key.
  • the gateway confirms the IoT device and the user terminal using the group key, and transmits the information to the KSI server to register the IoT device.
  • the IoT device transmits the message encrypted with the group key, the IoT device information, the private key, and the message hash value public key tree Authentication path value to the gateway.
  • the gateway decrypts and delivers it, and then returns the time stamp value generated by the KSI server.
  • the gateway then forwards the message and the global timestamp value to the user terminal.
  • the user terminal verifies the information transmitted from the KSI server.
  • the IoT device and the smart home group circle that want to register or withdraw are updated with the group key in the smart home. Due to the nature of KSI using disposable hash chains, all IoT devices will have one hash chain. Thus, the group key is updated by XORing the hash chain of each IoT devices from the pre-distributed initial secret group key.
  • An IoT device capable of directly communicating with a KSI server and a user terminal without requiring a gateway communicates directly with the KSI server and the user terminal without transmitting to the gateway in the above process.
  • FIG. 2 is a diagram illustrating a method of generating a global time stamp value of a KSI server according to an exemplary embodiment of the present invention.
  • distributed clients (here, smart home and gateways including IoT devices) transmit a message, a private key pair and a user ID to the KSI server after authentication of the client with the generated certificate and private key do.
  • the aggregator of the KSI server synthesizes them, creates a parent tree, and links global time to its root value.
  • These global timestamp values are used as transactions to construct a block chain.
  • the global timestamp included in the block chain prevents double transactions and is safe from counterfeiting.
  • FIG. 3 is a diagram illustrating a step of pre-registering an IoT device through a gateway according to an embodiment of the present invention to a gateway, a user terminal, and a KSI server.
  • IoT device for authentication and communication encrypts the public key pair ID r, Z ID0 and t 0, ID DEV from a hash chain generated in advance IV K transmits to the user terminal (310) .
  • the user terminal decrypts the IV with the previously shared IV K , XORs its own SM IMEI and ID DEV , encrypts it again with IV K , and transmits the encrypted IV K to the gateway (320).
  • the mutual authentication is achieved through encryption and decryption of the previously shared group key, and the IoT device is registered in the user terminal and the gateway.
  • the gateway transmits the certificate information of the IoT device to the KSI server (330).
  • the KSI server generates and returns a certificate with ID r , Z ID0 and t 0 , and ID DEV with ID S (340).
  • FIG. 4 is a diagram illustrating a step in which an IoT device through a gateway according to an embodiment of the present invention includes a global timestamp value generated through a message generation and a KSI server.
  • the IoT device registered in advance needs to send and receive a message by encrypting it with a secret group key, and request a signature including a private key that can guarantee the certificate information of the KSI server.
  • IoT device is capable of verifying the encrypted message M to sign into IV K value, the server certificate valid registered in KSI ID DEV, Z IDi , C IDi, and a hash value pair of M, Z IDn to the gateway (410).
  • FIG. 5 is a diagram illustrating a step of registering a new IoT device according to an embodiment of the present invention and updating a group key when leaving an existing IoT device.
  • Registration and / or withdrawal of IoT devices and / or user terminals may occur within the smart home. Since the same group key is used, the newly registered IoT device and the user terminal need to update the group key to prevent the group key from being stolen and hijacked.
  • the group key is distributed via secure communications prior to registration of the new IoT device. Thereafter, when the IoT device and the group circle are disconnected, the existing group key is updated by the multiple XOR calculation of the hash key chain of the used IoT devices. IoT devices and / or user terminals and gateways in a smart home sequentially use key hash chains for KSI service use. Therefore, in order to efficiently use the session key (group key) in the group while using the existing KSI system, the key is updated through the key hash chain.
  • FIG. 6 is a diagram illustrating a step in which an IoT device capable of performing its own operation and communication without a gateway according to another embodiment of the present invention performs authentication and communication of a user terminal based on KSI.
  • IoT device not passing through the gateway is directly communicated with the KSI server without going through the gateway in the system described above.
  • IoT device transmits the certificate generation information (ID DEV, r ID, Z ID0, t 0) in KSI server 610.
  • the KSI server returns an IoT device certificate including its ID S (620).
  • the IoT device requests 630 a signature including the information that constitutes the hash tree and the private key, which is its pre-hash value.
  • the group key is updated by XORing the multiplexed time chain between IoT devices (660) (670).
  • Block Chain is a well-known bit coin base technology that adds all the participants' blocks to a block, then binds them like a chain and redistributes them to the participants so that everyone can participate and take responsibility to build one service model.
  • the present invention can provide decentralization through this block chain technique to overcome the Single Point of Failure (SPOF) and allow participants to perform tasks jointly.
  • SPOF Single Point of Failure
  • KSI Keyless Signature Infrastructure
  • KSI Keyless Signature Infrastructure
  • Keyless is called Keyless because it does not have a key but uses a key in a hash chain generated by a one-way hash function and a hash tree formed by the one-way hash function.
  • a one-way hash function is characterized by its irrevocability, so that even if the hash value is disclosed, only the value before the hash can be known by the user, and the user sequentially authenticates the hash of the hash chain in order to authenticate the user.
  • the one-way hash chain is dangerous because the attacker can calculate all the hash values after the key exposure. Therefore, the root of the hash tree, which is one-way hash chain, Public key pair with the final value of the hash chain.
  • a hash tree is a method of hashing a plurality of data as leaf nodes, and then hashing them together and hashing them again until the last one data is generated. Therefore, the last one node thus generated is called a root node, and the integrity of the data is determined by using the root node. Therefore, for authentication, the user discloses the authentication path value and the sequential private key (value before hash) of the hash chain to the sibling node, which is the intermediate calculation value that can calculate the root value, as the sibling node.
  • the message to be signed by the user is bundled into a hash tree by the distributed KSI server, the universal time value is linked to the final root value, a block chain is generated by using the unique timestamp value as a transaction to prevent double transaction, Authentication and message integrity.
  • the KSI server uses a hash-based one-time key, it has immunity to quantum computing. Therefore, the KSI server uses the key as a one-time use and uses a hash-based keychain, so it can provide security for a key decryption attack using a quantum computer.
  • the smart home environment is a private privacy space
  • privacy protection is important every week.
  • the smart home environment is only a characteristic of a hash function, it can not provide confidentiality by itself. Therefore, additional registration and / or withdrawal of the IoT device and / The group key update may be performed to provide confidentiality for key protection.
  • the methods according to embodiments of the present invention may be implemented in an application or implemented in the form of program instructions that may be executed through various computer components and recorded on a computer readable recording medium.
  • the computer-readable recording medium may include program commands, data files, data structures, and the like, alone or in combination.
  • the program instructions recorded on the computer-readable recording medium may be ones that are specially designed and configured for the present invention and are known and available to those skilled in the art of computer software.
  • Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like.
  • program instructions include machine language code such as those generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like.
  • the hardware device may be configured to operate as one or more software modules for performing the processing according to the present invention, and vice versa.

Abstract

A KSI-based authentication and communication method for a safe smart home environment, and a system therefor are disclosed. The KSI-based authentication and communication method for a safe smart home environment in a system comprising a user terminal, a KSI server, and an IoT device for communicating with the KSI server and the user terminal through a gateway, according to one aspect of the present invention, comprises the steps in which the IoT device: registers, in advance, identity information by encrypting the identity information with a secret group key, distributed in advance, for continuous communication with the gateway, the user terminal, and the KSI server; performs mutual authentication by using the secret group key shared in advance; and performs confidential communication.

Description

안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법 및 이를 위한 시스템KSI-based authentication and communication method for secure smart home environment and system therefor
본 발명은 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법 및 이를 위한 시스템에 관한 것으로, 더욱 상세하게는 중앙집중형 시스템 환경을 탈피하여 안전한 스마트 홈 환경을 위해 KSI 기반으로 인증 및 통신을 수행하는 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법 및 이를 위한 시스템에 관한 것이다. The present invention relates to a KSI-based authentication and communication method for a secure smart home environment, and more particularly, to a KSI-based authentication and communication method for a smart home environment by performing authentication and communication based on KSI for a secure smart home environment, A KSI-based authentication and communication method for a secure smart home environment, and a system therefor.
본 출원은 2017년 10월 26일에 출원된 한국특허출원 제10-2017-0140309호에 기초한 우선권을 주장하며, 해당 출원의 명세서 및 도면에 개시된 모든 내용은 본 출원에 원용된다.This application claims priority based on Korean Patent Application No. 10-2017-0140309 filed on October 26, 2017, the entire contents of which are incorporated herein by reference.
최근 IoT(Internet of Things) 기술의 발전에 따라, 모든 사물이 유기적으로 네트워크와 통신하는 초연결 사회가 도래했다. 스마트 홈 환경의 IoT 디바이스는 유무선 통신 기술을 통해 다양한 서비스를 제공하여 사용자들에게 편의성을 제공한다. 하지만, 스마트홈 환경에서 IoT 디바이스는 IoT의 특성에 따라 네트워크 환경에서 취약점을 이용한 공격기법이 존재한다. 특히, 중앙 게이트웨이(Gateway)를 통해 연결되어 있는 IoT 디바이스의 경우, SPOF(Single Point of Failure) 문제가 발생할 수 있기 때문에, 안전한 상호 인증과 데이터 위변조, 정보 유출과 관련한 연구가 필요한 실정이다.With the recent advancement of IoT (Internet of Things) technology, a super connective society has come, in which all objects organically communicate with the network. IoT devices in a smart home environment provide various services through wired / wireless communication technology to provide convenience to users. However, in the smart home environment, the IoT device has an attack technique using the vulnerability in the network environment according to the characteristics of IoT. Particularly, in case of IoT devices connected through a central gateway, there is a need for research on secure mutual authentication, data forgery, and information leakage because a single point of failure (SPOF) problem may occur.
(비특허문헌 1) 남기호(2015), 서버기반 전자서명을 통한 데이터 무결성 확보 방안, 서울과학기술대학교, 석사학위논문(Non-Patent Document 1) Nam, Ki-Ho (2015), A Method for Securing Data Integrity through Server-based Digital Signatures, Seoul National University of Science and Technology, Master's Thesis
본 발명은 상기와 같은 문제점을 해결하기 위해 제안된 것으로서, KSI와 함께 스마트 홈 내 그룹키를 사용함으로써 기밀성을 제공하여 안전하고, 효율적인 인증 및 통신을 가능하게 하는 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법 및 이를 위한 시스템을 제공하는데 그 목적이 있다. SUMMARY OF THE INVENTION The present invention has been proposed in order to solve the above-mentioned problems, and it is an object of the present invention to provide a KSI-based authentication for a secure smart home environment that provides confidentiality by using group keys in a smart home together with KSI, And a communication method and a system therefor.
본 발명의 다른 목적 및 장점들은 하기의 설명에 의해서 이해될 수 있으며, 본 발명의 일 실시예에 의해 보다 분명하게 알게 될 것이다. 또한, 본 발명의 목적 및 장점들은 특허청구범위에 나타낸 수단 및 그 조합에 의해 실현될 수 있음을 쉽게 알 수 있을 것이다.Other objects and advantages of the present invention can be understood by the following description, and will be more clearly understood by one embodiment of the present invention. It will also be readily apparent that the objects and advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.
상기와 같은 목적을 달성하기 위한 본 발명의 일 측면에 따른 사용자 단말, KSI 서버 및 게이트웨이를 통해 상기 KSI 서버 및 상기 사용자 단말과 통신하는 IoT 디바이스를 포함하는 시스템에서의 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법은, 상기 IoT 디바이스가, 상기 게이트웨이, 사용자 단말 및 KSI 서버와 지속적인 통신을 위해 사전에 분배한 비밀 그룹키로 암호화하여 본인 정보를 사전 등록하는 단계; 상기 IoT 디바이스가, 사전 공유한 비밀 그룹키를 사용하여 상호 인증을 수행하는 단계; 및 상기 IoT 디바이스가, 기밀 통신을 수행하는 단계;를 포함한다. In order to achieve the above object, there is provided a KSI-based smart home environment for a smart home environment in a system including an IoT device communicating with the KSI server and the user terminal through a user terminal, a KSI server and a gateway according to an aspect of the present invention The authentication and communication method includes the steps of: the IoT device encrypts the I / O device with the secret group key distributed in advance for continuous communication with the gateway, the user terminal, and the KSI server to pre-register the identity information; Performing the mutual authentication using the pre-shared secret group key by the IoT device; And performing the confidential communication by the IoT device.
상기 상호 인증을 수행하는 단계는, 상기 IoT 디바이스가, 서명할 메시지 M을 초기 공유 비밀 그룹키 IVk로 암호화한 값, KSI 서버에 등록한 인증서 유효를 검증할 수 있는 IDDEV, ZIDi, CIDi와 함께 M, ZIDn의 해시값 페어를 게이트웨이로 전달하는 단계; 상기 게이트웨이가, 수신한 메시지 M을 복호화하여 메시지 M을 확인하고 나머지 정보 IDDEV, ZIDi, CIDi, h=(M, ZIDi)를 KSI 서버로 전송하는 단계; 상기 KSI 서버가, IDDEV의 인증서를 ZIDi, CIDi를 이용하여 공개키 검증이 완료되면 인증서가 유효하다고 판단하여, h=(M, ZIDi)로부터 글로벌 타임 스탬프를 생성하고, 블록 체인에 포함된 St를 게이트웨이로 반환하는 단계; 및 상기 게이트웨이가, 상기 IoT 디바이스가 생성한 메시지를 암호화한 값과 함께 반환받은 St, 상기 St를 검증할 수 있는 h=(M, ZIDi)를 사용자 단말로 전달하는 단계;를 포함한다. Performing the mutual authentication, by the IoT device, to verify the value, the certificate validity registered in KSI server encrypts the message M to be signed to the initial shared secret key group IV k ID DEV, Z IDi, C IDi To the gateway, a hash value pair of M, Z IDn ; The gateway decrypts the received message M to confirm the message M and transmits the remaining information ID DEV , Z IDi , C IDi , h = (M, Z IDi ) to the KSI server; The KSI server judges that the certificate is valid when the public key verification of the ID DEV is completed using the Z IDi and C IDi , generates a global time stamp from h = (M, Z IDi ) Returning the included St to the gateway; And transmitting, to the user terminal, ht (M, Z IDi ), which allows the gateway to verify the S t and the S t returned together with a value obtained by encrypting the message generated by the IoT device .
상기 기밀 통신을 수행하는 단계는, 새로운 IoT 디바이스가 등록되거나 제거되는 경우, 그룹키를 갱신하는 단계;를 더 포함한다. The step of performing the confidential communication further includes updating a group key when a new IoT device is registered or removed.
IoT 디바이스는, 키 해시체인으로 다중해시체인을 XOR하여 그룹키를 갱신하는 것을 특징으로 한다. The IoT device is characterized in that a group key is updated by XORing a multiplexed time chain with a key hash chain.
KSI 서버는, 분산 네트워크 블록체인을 기반으로 사용자 인증서 생성과 데이터의 유일한 글로벌 타임 스탬프를 생성하되, IoT 디바이스가 생선한 해시체인과 해시트리의 공개값과 공개값 생성 시점의 타임스탬프값, IoT 디바이스의 ID를 통해 인증서를 생성하며 이후, 사용자 인증과 메시지로 글로벌 해시 트리를 만들어 세계협정시간과 링킹(linking)하여 블록체인으로 커미트함으로써 글로벌 타임 스탬프를 생성하는 것을 특징으로 한다. The KSI server generates a user certificate based on the distributed network block chain and generates a unique global timestamp of the data, including the hash chain and the hash tree generated by the IoT device, the timestamp value at the time of generation of the public value, Generates a global hash tree by user authentication and a message, and links the global hash tree with a global agreement time to commit to a block chain, thereby generating a global time stamp.
상기와 같은 목적을 달성하기 위한 본 발명의 다른 측면에 따른 사용자 단말, KSI 서버 및 게이트웨이를 거치지 않고 직접 상기 KSI 서버 및 상기 사용자 단말과 통신하는 IoT 디바이스를 포함하는 시스템에서의 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법은, 상기 IoT 디바이스가, 인증서 생성 정보를 KSI 서버로 전달하는 단계; 상기 KSI 서버가, 자신의 IDs를 포함한 IoT 디바이스의 인증서를 반환하는 단계; 상기 IoT 디바이스가, 자신의 해시 이전 값인 개인키와 해시 트리를 구성하는 정보를 포함하여 KSI 서버로 서명을 요청하고 St를 반환받는 단계; 상기 IoT 디바이스가, 상기 반환받은 St, 사전 분배한 그룹키를 통해 암호화한 메시지 및 St를 검증할 수 있는 해시연산 h=(m,ZIDi)를 사용자 단말로 전달하는 단계; 및 상기 IoT 디바이스가, 기밀 통신을 수행하는 도중, 새로운 IoT 디바이스가 등록되거나 제거되는 경우, 그룹키를 갱신하는 단계;를 포함한다. According to another aspect of the present invention, there is provided a secure smart home environment for a system including an IoT device communicating directly with the KSI server and the user terminal without going through a user terminal, a KSI server and a gateway. The KSI-based authentication and communication method includes: the IoT device transmitting certificate generation information to a KSI server; The KSI server returning a certificate of the IoT device including its ID s ; The IoT device includes a private key which is a value before the hash of itself and information constituting the hash tree, requests signature from the KSI server and returns S t ; The IoT device transmitting a hash operation h = (m, Z IDi ) to the user terminal, the message being encrypted through the returned S t , the pre-distributed group key, and the S t ; And updating the group key when the new IoT device is registered or removed while the IoT device is performing the confidential communication.
상기와 같은 목적을 달성하기 위한 본 발명의 또 다른 측면에 따른 사용자 단말, KSI 서버 및 게이트웨이를 통해 상기 KSI 서버 및 상기 사용자 단말과 통신하는 IoT 디바이스를 포함하는 시스템은, 상기 IoT 디바이스는, 게이트웨이, 사용자 단말 및 KSI 서버와 지속적인 통신을 위해 사전에 분배한 비밀 그룹키로 암호화하여 본인 정보를 사전 등록하고, 사전 공유한 비밀 그룹키를 사용하여 상호 인증을 수행하며, 기밀 통신을 수행하되, 상기 IoT 디바이스는, 사전 공유한 비밀 그룹키를 사용하여 상호 인증을 수행하는 경우, 상기 IoT 디바이스가, 서명할 메시지 M을 초기 공유 비밀 그룹키 IVk로 암호화한 값, KSI 서버에 등록한 인증서 유효를 검증할 수 있는 IDDEV, ZIDi, CIDi와 함께 M, ZIDn의 해시값 페어를 게이트웨이로 전달하고, 상기 게이트웨이가, 수신한 메시지 M을 복호화하여 메시지 M을 확인하고 나머지 정보 IDDEV, ZIDi, CIDi, h=(M, ZIDi)를 KSI 서버로 전송하고, 상기 KSI 서버가, IDDEV의 인증서를 ZIDi, CIDi를 이용하여 공개키 검증이 완료되면 인증서가 유효하다고 판단하여, h=(M, ZIDi)로부터 글로벌 타임 스탬프를 생성하고, 블록 체인에 포함된 St를 게이트웨이로 반환하고, 상기 게이트웨이가, 상기 IoT 디바이스가 생성한 메시지를 암호화한 값과 함께 반환받은 St, 상기 St를 검증할 수 있는 h=(M, ZIDi)를 사용자 단말로 전달하는 것을 특징으로 한다. According to another aspect of the present invention, there is provided a system including an IoT device communicating with a KSI server and a user terminal through a user terminal, a KSI server, and a gateway, the IoT device including a gateway, The user terminal and the KSI server for preliminarily registering their own information by encrypting them with a secret group key distributed in advance for performing continuous communication, performing mutual authentication using a pre-shared secret group key, and performing confidential communication, is, in the case of using the pre-shared secret key group performing a mutual authentication, and the IoT device, to verify the value, the certificate validity registered in KSI server encrypts the message M to be signed to the initial shared secret key group IV k passes the hash value pair of M, Z IDn with DEV ID, IDi Z, C, and IDi to the gateway, wherein the gateway, which receives It decodes the message M check the message M and the other information ID DEV, Z IDi, C IDi, h = (M, Z IDi) to a certificate of transfer to KSI server, wherein the KSI server, ID DEV Z IDi, C When the public key verification is completed using IDi , it is determined that the certificate is valid, and a global time stamp is generated from h = (M, Z IDi ), and S t included in the block chain is returned to the gateway. S t returned together with a value obtained by encrypting the message generated by the IoT device, and h = (M, Z IDi ) for verifying the S t to the user terminal.
상기 IoT 디바이스는, 기밀 통신을 수행하는 경우, 새로운 IoT 디바이스가 등록되거나 제거되면 그룹키를 갱신하는 것을 특징으로 한다.The IoT device updates a group key when a new IoT device is registered or removed when confidential communication is performed.
상기 IoT 디바이스는, 키 해시체인으로 다중해시체인을 XOR하여 그룹키를 갱신하는 것을 특징으로 한다. And the IoT device updates the group key by XORing the multiplexed time chain with the key hash chain.
KSI 서버는, 분산 네트워크 블록체인을 기반으로 사용자 인증서 생성과 데이터의 유일한 글로벌 타임 스탬프를 생성하되, IoT 디바이스가 생선한 해시체인과 해시트리의 공개값과 공개값 생성 시점의 타임스탬프값, IoT 디바이스의 ID를 통해 인증서를 생성하며 이후, 사용자 인증과 메시지로 글로벌 해시 트리를 만들어 세계협정시간과 링킹(linking)하여 블록체인으로 커미트함으로써 글로벌 타임 스탬프를 생성하는 것을 특징으로 한다.The KSI server generates a user certificate based on the distributed network block chain and generates a unique global timestamp of the data, including the hash chain and the hash tree generated by the IoT device, the timestamp value at the time of generation of the public value, Generates a global hash tree by user authentication and a message, and links the global hash tree with a global agreement time to commit to a block chain, thereby generating a global time stamp.
본 발명의 일 측면에 따르면, 해시 기반의 일회용 키를 사용하는 KSI를 기반으로 하므로, 양자 컴퓨터를 이용한 키 해독 공격에 안전하다는 장점을 갖는다.According to an aspect of the present invention, since it is based on KSI using a hash-based one-time key, it is advantageous in that it is safe for a key decryption attack using a quantum computer.
또한, 장치의 새로운 추가 또는 삭제시, 그룹키의 갱신을 통해 기밀성을 제공할 수 있다.Also, when a new addition or deletion of a device is made, the confidentiality can be provided by updating the group key.
본 발명에서 얻을 수 있는 효과는 이상에서 언급한 효과로 제한되지 않으며, 언급하지 않은 또 다른 효과들은 아래의 기재로부터 본 발명이 속하는 기술 분야에서 통상의 지식을 가진 자에게 명확하게 이해될 수 있을 것이다.The effects obtained in the present invention are not limited to the effects mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the following description .
본 명세서에 첨부되는 다음의 도면들은 본 발명의 바람직한 실시예를 예시하는 것이며, 발명을 실시하기 위한 구체적인 내용들과 함께 본 발명의 기술사상을 더욱 이해시키는 역할을 하는 것이므로, 본 발명은 그러한 도면에 기재된 사항에만 한정되어 해석되어서는 아니 된다.BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate exemplary embodiments of the invention and, together with the specific details for carrying out the invention, And shall not be construed as limited to the matters described.
도 1은 본 발명의 일 실시예에 따른 KSI 기반 인증 및 통신에 관한 스마트 홈 시스템의 개략적인 구성을 도시한 도면,1 illustrates a schematic configuration of a smart home system for KSI-based authentication and communication according to an embodiment of the present invention;
도 2는 본 발명의 일 실시예에 따른 KSI 서버의 글로벌 타임 스탬프 값을 생성하는 방법을 도시한 도면,FIG. 2 illustrates a method of generating a global time stamp value of a KSI server according to an embodiment of the present invention; FIG.
도 3은 본 발명의 일 실시예에 따른 게이트웨이를 통하는 IoT 디바이스가 게이트웨이, 사용자 단말 및 KSI 서버에 사전 등록하는 단계를 도시한 도면,3 is a diagram illustrating a step of pre-registering an IoT device through a gateway to a gateway, a user terminal, and a KSI server according to an embodiment of the present invention;
도 4는 본 발명의 일 실시예에 따른 게이트웨이를 통하는 IoT 디바이스가 메시지 생성 및 KSI 서버를 통해 생성된 글로벌 타임 스탬프 값을 포함하여 서명하는 단계를 도시한 도면, 4 is a diagram illustrating a step in which an IoT device through a gateway according to an embodiment of the present invention includes a message generation and a global timestamp value generated through a KSI server,
도 5는 본 발명의 일 실시예에 따른 새로운 IoT 디바이스의 등록 및 기존 IoT 디바이스의 탈퇴시, 그룹키를 갱신하는 단계를 도시한 도면, 5 is a diagram illustrating a step of registering a new IoT device and updating a group key when leaving an existing IoT device according to an embodiment of the present invention;
도 6은 본 발명의 다른 실시예에 따른 게이트웨이없이 자체 연산과 통신이 가능한 IoT 디바이스가 KSI 기반으로 사용자단말의 인증 및 통신을 하는 단계를 도시한 도면이다. 6 is a diagram illustrating a step in which an IoT device capable of performing its own operation and communication without a gateway according to another embodiment of the present invention performs authentication and communication of a user terminal based on KSI.
상술한 목적, 특징 및 장점은 첨부된 도면과 관련한 다음의 상세한 설명을 통하여 보다 분명해질 것이며, 그에 따라 본 발명이 속하는 기술분야에서 통상의 지식을 가진 자가 본 발명의 기술적 사상을 용이하게 실시할 수 있을 것이다. 또한, 본 발명을 설명함에 있어서 본 발명과 관련된 공지기술에 대한 구체적인 설명이 본 발명의 요지를 불필요하게 흐릴 수 있다고 판단되는 경우에는 그 상세한 설명을 생략하기로 한다. 이하, 첨부된 도면을 참조하여 본 발명에 따른 바람직한 일 실시예를 상세히 설명하기로 한다.BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings, in which: There will be. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. Hereinafter, a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings.
명세서 전체에서, 어떤 부분이 어떤 구성요소를 “포함”한다고 할 때, 이는 특별히 반대되는 기재가 없는 한 다른 구성요소를 제외하는 것이 아니라 다른 구성 요소를 더 포함할 수 있는 것을 의미한다. 또한, 명세서에 기재된 “…부” 등의 용어는 적어도 하나의 기능이나 동작을 처리하는 단위를 의미하며, 이는 하드웨어나 소프트웨어 또는 하드웨어 및 소프트웨어의 결합으로 구현될 수 있다.Throughout the specification, when an element is referred to as " comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise. In addition, the term "Quot; and " part " refer to a unit that processes at least one function or operation, which may be implemented in hardware, software, or a combination of hardware and software.
도 1 내지 도 6을 통해 본 발명에 대해 설명하기에 앞서, 본 발명의 개념에 대해 간략하게 설명하기로 한다. BRIEF DESCRIPTION OF THE DRAWINGS Before describing the present invention with reference to Figs. 1 to 6, the concept of the present invention will be briefly described.
본 발명은, 다중해시체인 XOR 결합을 통해 그룹키를 갱신하고, 이를 통해 암호화 및 기밀성을 제공하는 KSI 기반 인증 및 통신에 관한 스마트 홈 시스템에 관한 것으로써, 사전준비단계로 KSI를 이용하기 위한 인증키 체인 생성 단계, 그룹키로서 사전 비밀키 분배단계, 이후 IoT 디바이스 등록 및 KSI 인증서 발급 단계, IoT 디바이스의 메시지 생성 및 서명으로서 KSI 기반의 글로벌 타임 스탬프 생성단계, IoT 디바이스의 등록 및 탈퇴로 인한 그룹 세션키(그룹키) 갱신 단계를 포함한다. The present invention relates to a smart home system for KSI-based authentication and communication, which updates a group key through XOR coupling as a multiply-distributed body and provides encryption and confidentiality through the same, An IoT device registration and a KSI certificate issuing step, a KSI-based global timestamp generation step as a message generation and signature of the IoT device, a registration and withdrawal of the IoT device as a group key registration step, a pre-secret key distribution step as a group key, And updating the group session key (group key).
본 발명의 실시예에 대한 설명에 앞서, 이하 내용에서 사용되는 기호들에 대하여 다음과 같이 정의한다.Before describing the embodiments of the present invention, the symbols used in the following description are defined as follows.
· IDDEV : IoT Device 시리얼 넘버ID DEV : IoT Device serial number
· SMIMEI : 스마트폰 IMEI 값· SM IMEI : Smartphone IMEI value
· IVK : 초기 공유 비밀 그룹키· IV K : initial shared secret group key
· IDS : KSI 서버 ID· ID S : KSI Server ID
· M : 메세지· M: Message
· ZIDi: Device 비밀키, 초기 난수 SEED의 해시체인 연산을 통해 생성. i=1· Z IDi : Device secret key, generated by hash chain operation of the initial random number SEED. i = 1
· ZID0 : Device 해시 체인의 최종 생성값, 공개키· Z ID0 : Last generated value of device hash chain, public key
· IDr : 해시체인으로부터 생성한 이진해시 트리의 Root값, 공개키ID r : Root value of the binary hash tree generated from the hash chain, public key
· CIDi: 이진해시 트리의 Root값 검증을 위해 사용되는 이웃 형제 노드· C IDi : neighbor sibling node used to verify the root value of the binary hash tree
· St : KSI의 글로벌 해시 트리로 생성한 타임스탬프 값· S t : timestamp value generated by KSI's global hash tree
· UID : 사용자 U의 식별자UID: User U's identifier
· t0 : 공개키 생성 시점 타임스탬프· T 0 : timestamp of when the public key is generated
· tn : 일회용 키 사용여부 판단, 비밀키 타임스탬프. tn = t0 +i· T n : Judge whether to use one-time key, secret key time stamp. t n = t 0 + i
· SKi +1 : 그룹 내 Device 세션키. Smi +1 = ZNEWIDi
Figure PCTKR2017013840-appb-I000001
ZID +1 ….· SK i +1 : Device session key in the group. Sm i +1 = Z NEWIDi
Figure PCTKR2017013840-appb-I000001
Z ID +1 ... .
· h : 해시 연산· H: hash operation
도 1은 본 발명의 일 실시예에 따른 KSI 기반 인증 및 통신에 관한 스마트 홈 시스템의 개략적인 구성을 도시한 도면이다. 1 is a diagram illustrating a schematic configuration of a smart home system for KSI-based authentication and communication according to an embodiment of the present invention.
도 1을 참조하면, 본 실시예에 따른 시스템은, 사용자 단말, KSI 서버 및 IoT 디바이스를 포함한다. 본 실시예를 설명함에 있어서, 상기 사용자 단말은 스마트폰일 수 있다. 이하, 스마트폰으로 기재된 구성은 사용자 단말인 것으로 간주한다. 한편, 본 실시예에 따른 상술한 구성요소들은, 유무선 네트워크를 통해 인터넷(네트워크)에 접속하여 정보(데이터)를 송수신하며, 스마트 홈 내의 그룹 디바이스들은 해시 체인을 통해 키 체인을 만든다. 이때, 스마트 홈 내의 그룹 디바이스들 사이에는 사전에 비밀키가 분배되어 있다. 또한, 본 실시예에 따른 시스템은, 다양한 서비스를 제공하는 서버 및/또는 클라우드를 더 포함할 수도 있다. Referring to FIG. 1, the system according to the present embodiment includes a user terminal, a KSI server, and an IoT device. In describing the present embodiment, the user terminal may be a smart phone. Hereinafter, the configuration described as a smart phone is regarded as a user terminal. Meanwhile, the above-described components according to the present embodiment connect to the Internet (network) through the wired / wireless network to transmit / receive information (data), and the group devices in the smart home create a key chain through a hash chain. At this time, secret keys are distributed in advance among the group devices in the smart home. In addition, the system according to the present embodiment may further include a server and / or a cloud providing various services.
본 실시예에 따른 시스템은, 안전하고 효율적인 인증 및 통신이 가능한 환경 조성을 목적으로 하며, 분산된 서버로 구성된 KSI 서버를 기반으로 한다. 본 실시예에 따른 시스템은 크게, KSI 서버 및 스마트 홈 내의 시스템(예컨대, 사용자 단말, IoT 디바이스, 게이트웨이(Gateway) 등)으로 구성될 수 있다. KSI 서버는 인증서 등록 및 생성, 글로벌 타임 스탬프 생성을 할 수 있고, 스마트 홈 내에서는 비밀 그룹키와 인증서를 통한 상호인증 및 기밀통신을 수행할 수 있다.The system according to the present embodiment is based on a KSI server composed of distributed servers for the purpose of creating an environment for secure and efficient authentication and communication. The system according to the present embodiment can be largely composed of a KSI server and a system (e.g., a user terminal, an IOT device, a gateway, etc.) in a smart home. The KSI server can perform certificate registration and generation, global timestamp generation, and mutual authentication and confidential communication through a secret group key and a certificate in a smart home.
KSI 서버는, 사용자 인증을 위해 해시 체인 및 해시 트리로 구성한 키 체인으로 인증 및 등록하여 인증서를 발급받을 수 있으며 이후, 통신할 메시지를 글로벌 타임스탬프로 만들어 블록체인을 반환할 수 있다. The KSI server can authenticate and register with a key chain composed of a hash chain and a hash tree to authenticate the user, receive a certificate, and then return a block chain by making a message to be communicated with a global time stamp.
스마트 홈 내에서는 기밀성을 위해 사전 분배한 그룹키로 IoT 디바이스와의 암호화 통신을 진행하고, 이후 새로운 IoT 디바이스 등록 및 기존 IoT 디바이스의 탈퇴 시, 다중해시체인의 XOR을 통해 그룹키를 갱신할 수 있다. 전체 과정은 IoT 디바이스 등록, 인증서 생성, 메시지 생성 및 서명, 그룹키 갱신 과정을 포함할 수 있다. In the smart home, encrypted communication with the IoT device is performed with the pre-allocated group key for confidentiality. Then, when the new IoT device is registered and the existing IoT device is withdrawn, the group key can be updated by XOR of the multiplexed time chain . The entire process can include IoT device registration, certificate creation, message creation and signing, and group key renewal.
IoT 디바이스는, 게이트웨이를 통해 KSI 서버 및 사용자 단말과 통신하는 IoT 디바이스 및 게이트웨이를 거치지 않고 직접 KSI 서버 및 사용자 단말과 통신하는 IoT 디바이스를 포함할 수 있다. 다시 말해, IoT 디바이스는, 외부 인터넷통신이 가능하고 자체 연산량이 높은 IoT 디바이스와 게이트웨이와 무선 BLE 및/또는 WiFi를 통해 연산이 수행되는 IoT 디바이스로 나뉠 수 있다. 게이트웨이를 통해 연산하는 IoT 디바이스는 등록 및 인증서 생성 과정에서 그룹 내 IoT 디바이스들은 랜덤난수 SEED를 통해 일방향 해시체인을 생성한 후, 제일 마지막으로 생성한 해시값을 공개키로 사용한다. 다시, 해시체인을 리프(Leaf) 노드로 하는 해시 트리를 엮어 가장 상위 루트(Root)를 공개키로 사용한다. IoT 디바이스는 IoT 디바이스 정보와 공개키를 사전 분배한 그룹키를 통해 사용자 단말과 게이트웨이에 등록한다. 게이트웨이는 그룹키로 IoT 디바이스 및 사용자 단말을 확인하고, KSI 서버로 정보를 전달하여 IoT 디바이스를 등록한다. IoT 디바이스는 그룹키로 암호화한 메시지와 IoT 디바이스 정보와 개인키 및 메시지 해시값 공개키 트리 Authentication path 값을 게이트웨이에 전달한다. 게이트웨이는 이를 복호화하여 전달한 후, KSI 서버가 생성한 타임스탬프 값을 반환받는다. 이후, 게이트웨이는 사용자 단말로 메시지와 글로벌 타임스탬프 값을 전달한다. 사용자 단말은 KSI 서버로부터 전달된 정보를 검증한다. 새로운 등록이나 탈퇴를 원하는 IoT 디바이스 및 스마트 홈 그룹원은 스마트 홈 내의 그룹키로 갱신한다. 일회용 해시 체인을 사용하는 KSI의 특성상, 모든 IoT 디바이스는 하나의 해시체인을 갖게된다. 따라서, 그룹키는 사전 분배한 초기 비밀 그룹키로부터 각각의 IoT 디바이스들의 해시체인을 XOR하여 갱신하다. The IoT device may include an IoT device communicating with a KSI server and a user terminal via a gateway and an IoT device communicating directly with a KSI server and a user terminal without going through a gateway. In other words, the IoT device can be divided into an IoT device capable of external Internet communication, a high self-calculation amount, and an IoT device in which operations are performed through a gateway and wireless BLE and / or WiFi. IoT devices that operate through the gateway use the hash value generated last time after the one-way hash chain is generated through the random random number SEED in the group IoT devices in the registration and certificate generation process. Again, we use a hash tree with a leaf node as a hash chain, and use the top root as the public key. The IoT device registers the IoT device information and the public key in the user terminal and the gateway through the pre-allocated group key. The gateway confirms the IoT device and the user terminal using the group key, and transmits the information to the KSI server to register the IoT device. The IoT device transmits the message encrypted with the group key, the IoT device information, the private key, and the message hash value public key tree Authentication path value to the gateway. The gateway decrypts and delivers it, and then returns the time stamp value generated by the KSI server. The gateway then forwards the message and the global timestamp value to the user terminal. The user terminal verifies the information transmitted from the KSI server. The IoT device and the smart home group circle that want to register or withdraw are updated with the group key in the smart home. Due to the nature of KSI using disposable hash chains, all IoT devices will have one hash chain. Thus, the group key is updated by XORing the hash chain of each IoT devices from the pre-distributed initial secret group key.
게이트웨이 필요 없이 바로 KSI 서버와 사용자 단말과 통신이 가능한 IoT 디바이스는 상술한 과정에서 게이트웨이에 전달하는 과정없이 바로 KSI 서버 및 사용자 단말과 통신한다. An IoT device capable of directly communicating with a KSI server and a user terminal without requiring a gateway communicates directly with the KSI server and the user terminal without transmitting to the gateway in the above process.
이하, 도 2 내지 6을 통해 본 실시예에 따른 다중해시체인 XOR 결합을 통해 그룹키를 갱신하고, 이를 통해 암호화 및 기밀성을 제공하는 KSI 기반 인증 및 통신에 관한 스마트 홈 시스템 및 방법에 대하여 상세히 설명하기로 한다. Hereinafter, a smart home system and method for authentication and communication based on KSI, which update the group key through XOR combining, which is a multi-domain body according to the present embodiment, and provide encryption and confidentiality through the group key, I will explain.
도 2는 본 발명의 일 실시예에 따른 KSI 서버의 글로벌 타임 스탬프 값을 생성하는 방법을 도시한 도면이다. FIG. 2 is a diagram illustrating a method of generating a global time stamp value of a KSI server according to an exemplary embodiment of the present invention. Referring to FIG.
도 2를 참조하면, 분산되어 있는 여러 클라이언트(여기서는 IoT 디바이스를 포함한 스마트홈, 게이트웨이)들은, 생성한 인증서와 개인키로 클라이언트 인증 후, 메시지와 개인키 페어(pair)와 사용자 ID를 KSI 서버에 전달한다. KSI 서버의 어그리게이터(Aggregator)는 이를 종합하여 상위 트리를 생성하고, 이의 루트(root)값에 세계협정시간을 링킹(linking)한다. 이들 글로벌 타임 스탬프값을 트랜잭션으로 하여 블록체인을 구성한다. 블록체인에 포함된 글로벌 타임 스탬프는 이중 트랜잭션을 방지하고 위조로부터 안전하다. Referring to FIG. 2, distributed clients (here, smart home and gateways including IoT devices) transmit a message, a private key pair and a user ID to the KSI server after authentication of the client with the generated certificate and private key do. The aggregator of the KSI server synthesizes them, creates a parent tree, and links global time to its root value. These global timestamp values are used as transactions to construct a block chain. The global timestamp included in the block chain prevents double transactions and is safe from counterfeiting.
도 3은 본 발명의 일 실시예에 따른 게이트웨이를 통하는 IoT 디바이스가 게이트웨이, 사용자 단말 및 KSI 서버에 사전 등록하는 단계를 도시한 도면이다.FIG. 3 is a diagram illustrating a step of pre-registering an IoT device through a gateway according to an embodiment of the present invention to a gateway, a user terminal, and a KSI server.
도 3을 참조하면, KSI 기반 인증 및 통신에 관한 스마트 홈 시스템에서는 IoT 디바이스가 지속적으로 스마트폰, 게이트웨이, KSI 서버와 인증 및 통신을 할 필요가 있다. 따라서, 사전에 분배한 비밀 그룹키로 암호화하여 IoT 디바이스의 정보를 등록할 필요가 있다. 이에, 본 실시예에 따른 인증 및 통신을 위한 IoT 디바이스는 사전에 생성한 해시 체인으로부터 공개키 쌍 IDr, ZID0과 t0, IDDEV을 IVK로 암호화하여 사용자 단말에 전송한다(310). 사용자 단말은 사전에 공유한 IVK로 복호화한 후, 자신의 SMIMEI와 IDDEV를 XOR하여 다시 IVK로 암호화하여 게이트웨이에 전달한다(320). 사전에 공유한 그룹키의 암,복호화를 통해 상호 인증을 제공하고 IoT 디바이스는 사용자 단말과 게이트웨이에 등록된다. 게이트웨이는 KSI 서버에 IoT 디바이시의 인증서 정보를 전송한다(330). KSI 서버는 IDr, ZID0과 t0, IDDEV에 IDS를 같이하여 인증서를 생성하여 반환한다(340). Referring to FIG. 3, in a smart home system for KSI-based authentication and communication, the IoT device needs to continuously authenticate and communicate with a smart phone, a gateway, and a KSI server. Therefore, it is necessary to encrypt the information with the secret group key distributed in advance and to register the information of the IoT device. Thus, IoT device for authentication and communication according to the present embodiment encrypts the public key pair ID r, Z ID0 and t 0, ID DEV from a hash chain generated in advance IV K transmits to the user terminal (310) . The user terminal decrypts the IV with the previously shared IV K , XORs its own SM IMEI and ID DEV , encrypts it again with IV K , and transmits the encrypted IV K to the gateway (320). The mutual authentication is achieved through encryption and decryption of the previously shared group key, and the IoT device is registered in the user terminal and the gateway. The gateway transmits the certificate information of the IoT device to the KSI server (330). The KSI server generates and returns a certificate with ID r , Z ID0 and t 0 , and ID DEV with ID S (340).
도 4는 본 발명의 일 실시예에 따른 게이트웨이를 통하는 IoT 디바이스가 메시지 생성 및 KSI 서버를 통해 생성된 글로벌 타임 스탬프 값을 포함하여 서명하는 단계를 도시한 도면이다.4 is a diagram illustrating a step in which an IoT device through a gateway according to an embodiment of the present invention includes a global timestamp value generated through a message generation and a KSI server.
도 4를 참조하면, KSI 기반 인증 및 통신에 관한 스마트 홈 시스템에서는 메시지를 보낸 사용자의 인증과 메시지의 무결성 및 부인방지를 위해 안전한 통신을 할 필요가 있다. 따라서, 사전에 등록한 IoT 디바이스는 비밀 그룹키로 암호화하여 메시지를 송수신해야하며, KSI 서버의 인증서 정보를 보장할 수 있는 개인키를 포함하여 서명을 요청할 필요가 있다. Referring to FIG. 4, in the smart home system for KSI-based authentication and communication, it is necessary to perform secure communication in order to authenticate a user who sends a message and to prevent the integrity and non-repudiation of the message. Therefore, the IoT device registered in advance needs to send and receive a message by encrypting it with a secret group key, and request a signature including a private key that can guarantee the certificate information of the KSI server.
IoT 디바이스는 서명할 메시지 M을 IVK로 암호화한 값, KSI 서버에 등록한 인증서 유효를 검증할 수 있는 IDDEV, ZIDi, CIDi와 함께, M, ZIDn의 해시값 페어를 게이트웨이에 전달한다(410). 게이트웨이는 복호화하여 M을 확인하고 나머지 정보 IDDEV, ZIDi, CIDi, h=(M, ZIDi)를 KSI 서버에 전송한다(420). KSI 서버는 IDDEV의 인증서를 ZIDi와 CIdi로 공개키 검증이 완료되면 인증서가 유효하다고 판단하여, h=(M, ZIDi)로부터 글로벌 타임 스탬프를 생성하고, 블록체인에 포함된 St를 게이트웨이로 반환한다(430). 게이트웨이는 IoT 디바이스가 생성한 메시지를 암호화한 값과 함께 반환받은 St, St를 검증할 수 있는 h=(M, ZIDi)을 사용자 단말로 전달한다(440). 여기서, 사용자 단말은 h=(M, ZIDi), St로 KSI 서버가 한번 등록하여 배포하면, 변경이 불가한 블록체인으로부터 St의 변조와 M 위조를 판단할 수 있다.IoT device is capable of verifying the encrypted message M to sign into IV K value, the server certificate valid registered in KSI ID DEV, Z IDi , C IDi, and a hash value pair of M, Z IDn to the gateway (410). The gateway decodes M to check the remaining information ID DEV , Z IDi , C IDi , h = (M, Z IDi ) to the KSI server (420). KSI server when the certificate of the ID DEV to Z IDi and C Idi public key verification is complete, determines that the certificate is valid, h = (M, Z IDi) from generating a global time stamp, and the S t included in the block chain To the gateway (430). The gateway transmits the encrypted value of the message generated by the IoT device together with the value h = (M, Z IDi ) to the user terminal, which can verify the returned S t and S t (440). Here, if the KSI server registers and distributes the h = (M, Z IDi ) and S t , the user terminal can determine the modulation of S t and the M forgery from the block chain that can not be changed.
도 5는 본 발명의 일 실시예에 따른 새로운 IoT 디바이스의 등록 및 기존 IoT 디바이스의 탈퇴시, 그룹키를 갱신하는 단계를 도시한 도면이다. 5 is a diagram illustrating a step of registering a new IoT device according to an embodiment of the present invention and updating a group key when leaving an existing IoT device.
도 5를 참조하여, 본 발명의 실시예에 따른 그룹키 갱신 과정을 살펴보기로 한다.Referring to FIG. 5, a process of updating a group key according to an embodiment of the present invention will be described.
스마트 홈 내에서는 IoT 디바이스 및/또는 사용자 단말의 등록 및/또는 탈퇴가 발생할 수 있다. 같은 그룹키를 사용하기 때문에, 새롭게 등록한 IoT 디바이스와 사용자 단말은 그룹키의 도난 및 탈취를 방어하기 위해 그룹키의 갱신이 필요하다. Registration and / or withdrawal of IoT devices and / or user terminals may occur within the smart home. Since the same group key is used, the newly registered IoT device and the user terminal need to update the group key to prevent the group key from being stolen and hijacked.
그룹키는 새로운 IoT 디바이스 등록 이전에, 안전한 통신을 통해 분배된다. 이후, IoT 디바이스 및 그룹원의 탈퇴 시, 기존의 그룹키는 사용되고 있던 IoT 디바이스들의 해시 키체인의 다중 XOR 계산으로 갱신된다. 스마트 홈 내의 IoT 디바이스 및/또는 사용자 단말, 게이트웨이는 KSI 서비스 이용을 위해 키 해시체인을 하나씩 가지고 순차적으로 사용한다. 따라서, 기존 KSI 시스템을 사용하면서 그룹 내의 세션키(그룹키)를 효율적으로 사용하기 위해 키 해시체인을 통해 갱신한다. The group key is distributed via secure communications prior to registration of the new IoT device. Thereafter, when the IoT device and the group circle are disconnected, the existing group key is updated by the multiple XOR calculation of the hash key chain of the used IoT devices. IoT devices and / or user terminals and gateways in a smart home sequentially use key hash chains for KSI service use. Therefore, in order to efficiently use the session key (group key) in the group while using the existing KSI system, the key is updated through the key hash chain.
도 6은 본 발명의 다른 실시예에 따른 게이트웨이없이 자체 연산과 통신이 가능한 IoT 디바이스가 KSI 기반으로 사용자단말의 인증 및 통신을 하는 단계를 도시한 도면이다.6 is a diagram illustrating a step in which an IoT device capable of performing its own operation and communication without a gateway according to another embodiment of the present invention performs authentication and communication of a user terminal based on KSI.
도 6을 참조하여, 본 발명의 실시예에 따른 스마트 홈 내의 게이트웨이를 통하지 않은 IoT 디바이스와 사용자 단말, KSI 서버와의 인증 및 통신 과정을 살펴보기로 한다.Referring to FIG. 6, authentication and communication processes between the IoT device, the user terminal, and the KSI server that do not pass through the gateway in the smart home according to the embodiment of the present invention will be described.
게이트웨이를 통하지 않은 IoT 디바이스는 상술한 시스템에서 게이트웨이를 거치지 않고 KSI 서버와 바로 통신이 이루어진다. IoT 디바이스는 인증서 생성 정보(IDDEV, IDr, ZID0, t0)를 KSI 서버에 전달한다(610). 이후, KSI 서버는 자신의 IDS를 포함한 IoT 디바이스 인증서를 반환한다(620). IoT 디바이스는 이후, 자신의 해시 이전 값인 개인키와 해시 트리를 구성하는 정보를 포함하여 서명을 요청한다(630). IoT 디바이스는 KSI 서버로부터 St를 반환받아, 사용자 단말로 사전 분배한 그룹키를 통해 암호화한 메시지와 St를 검증할 수 있는 h=(M, ZIDi)를 전달한다(640)(650). 이후, 추가 IoT 디바이스 등록 및 탈퇴가 발생했을 때 IoT 디바이스들 간 다중해시체인을 XOR 계산하여 그룹키를 갱신한다(660)(670).An IoT device not passing through the gateway is directly communicated with the KSI server without going through the gateway in the system described above. IoT device transmits the certificate generation information (ID DEV, r ID, Z ID0, t 0) in KSI server 610. Thereafter, the KSI server returns an IoT device certificate including its ID S (620). The IoT device then requests 630 a signature including the information that constitutes the hash tree and the private key, which is its pre-hash value. The IoT device returns S t from the KSI server, and transmits h = (M, Z IDi ) (640) 650, which can verify the message encrypted with the group key pre-distributed to the user terminal and S t , . Thereafter, when additional IoT device registration and withdrawal occur, the group key is updated by XORing the multiplexed time chain between IoT devices (660) (670).
상술한 바와 같은 본 발명에 따르면, 블록체인 합의 기술을 통해 인증 및 무결성을 제공하는 메커니즘을 도입하였다. 블록체인은 널리 알려진 비트코인의 기반 기술로 모든 참여자의 내역을 블록으로 추가한 후, 이를 체인처럼 엮어 참여자에게 다시 분배하여 하나의 서비스 모델을 구축하기 위해 모두가 참여 및 책임을 지게 한다. 본 발명은 이러한 블록체인 기술을 통해 탈중앙화를 제공하여, Single Point of Failure(SPOF)를 극복하고, 참여자가 작업을 공동으로 수행하도록 할 수 있다. 한편, KSI(Keyless Signature Infrastructure)는 분산 네트워크로, 블록체인 기반의 글로벌 타임 스탬프를 제공한다. 여기서, Keyless란 키가 없는 것이 아니라, 일방향 해시함수를 통해 생성한 해시체인 및 그로 엮은 해시트리로 키를 사용하기 때문에 Keyless로 명칭한다. 일방향 해시함수는, 불가역성의 특징으로 해시한 값은 공개가 되어도 해시 이전의 값은 사용자만 알 수 있다는 특징에 따라, 사용자는 해시 체인의 해시 이전값을 순차적으로 공개하여 사용자 인증을 한다. 하지만, 도중에 키가 노출될 경우, 일방향 해시 체인은 키 노출 이후의 모든 해시값을 공격자가 계산할 수 있으므로 위험하므로, 일방향 해시체인만을 사용하지 않고 일방향 해시체인으로 엮은 해시 트리의 루트(root)를 일방향 해시체인의 최종값과 함께 공개키 쌍으로 공개한다. 해시 트리는 복수 개의 데이터를 리프(Leaf) 노드로 하여 각각 해시한 후, 이를 2개씩 연접하고 다시 해시화하는 방법으로 최종 1개의 데이터가 생성될 때까지 이를 반복한다. 따라서, 이렇게 생성된 최종 1개의 노드를 루트(root) 노드라 하며, 루트 노드를 이용하여 해당 데이터의 무결성을 판별한다. 따라서, 인증을 위해 사용자는 루트값을 계산할 수 있는 중간 계산값인 이웃 노드인 형제노드(Sibling Node)를 Authentication Path 값과 해시 체인의 순차적인 개인키(해시 이전의 값)를 같이 공개한다. 이후, 사용자의 서명할 메시지를 분산된 KSI 서버가 해시 트리로 엮어 최종 루트값에 세계협정시간 값을 링킹하고, 고유 타임스탬프 값을 트랜잭션으로 블록체인을 생성하여 이중트랜잭션을 방지하고 탈중앙화호 사용자 인증 및 메시지 무결성을 제공하게 된다. 마지막으로, KSI 서버는 해시 기반의 일회용 키를 사용하기 때문에, 양자컴퓨팅의 면역을 갖는다. 따라서, KSI 서버는 키를 일회용으로 사용하고 해시 기반의 키 체인을 사용하므로 양자컴퓨터를 이용한 키 해독 공격에 안전함을 제공할 수 있다. According to the present invention as described above, a mechanism for providing authentication and integrity through the technique of block chain agreement has been introduced. Block Chain is a well-known bit coin base technology that adds all the participants' blocks to a block, then binds them like a chain and redistributes them to the participants so that everyone can participate and take responsibility to build one service model. The present invention can provide decentralization through this block chain technique to overcome the Single Point of Failure (SPOF) and allow participants to perform tasks jointly. KSI (Keyless Signature Infrastructure), on the other hand, is a distributed network and provides a global timestamp based on block chaining. Here, Keyless is called Keyless because it does not have a key but uses a key in a hash chain generated by a one-way hash function and a hash tree formed by the one-way hash function. A one-way hash function is characterized by its irrevocability, so that even if the hash value is disclosed, only the value before the hash can be known by the user, and the user sequentially authenticates the hash of the hash chain in order to authenticate the user. However, if the key is exposed on the way, the one-way hash chain is dangerous because the attacker can calculate all the hash values after the key exposure. Therefore, the root of the hash tree, which is one-way hash chain, Public key pair with the final value of the hash chain. A hash tree is a method of hashing a plurality of data as leaf nodes, and then hashing them together and hashing them again until the last one data is generated. Therefore, the last one node thus generated is called a root node, and the integrity of the data is determined by using the root node. Therefore, for authentication, the user discloses the authentication path value and the sequential private key (value before hash) of the hash chain to the sibling node, which is the intermediate calculation value that can calculate the root value, as the sibling node. Thereafter, the message to be signed by the user is bundled into a hash tree by the distributed KSI server, the universal time value is linked to the final root value, a block chain is generated by using the unique timestamp value as a transaction to prevent double transaction, Authentication and message integrity. Finally, since the KSI server uses a hash-based one-time key, it has immunity to quantum computing. Therefore, the KSI server uses the key as a one-time use and uses a hash-based keychain, so it can provide security for a key decryption attack using a quantum computer.
한편, 스마트 홈 환경은 개인 사생활로 이루어진 공간이므로 프라이버시 보호가 매주 중요한데, 해시함수의 특성으로만 이루어지는 경우 자체적으로 기밀성을 제공하지 못하기 때문에, IoT 디바이스 및/또는 사용자 단말의 추가 등록 및/또는 탈퇴의 경우 키 보호를 위해 그룹키 갱신을 수행하여 기밀성을 제공할 수 있다. On the other hand, since the smart home environment is a private privacy space, privacy protection is important every week. When the smart home environment is only a characteristic of a hash function, it can not provide confidentiality by itself. Therefore, additional registration and / or withdrawal of the IoT device and / The group key update may be performed to provide confidentiality for key protection.
본 발명의 실시예에 따른 방법들은 애플리케이션으로 구현되거나 다양한 컴퓨터 구성요소를 통하여 수행될 수 있는 프로그램 명령어의 형태로 구현되어 컴퓨터 판독 가능한 기록 매체에 기록될 수 있다. 상기 컴퓨터 판독 가능한 기록 매체는 프로그램 명령어, 데이터 파일, 데이터 구조 등을 단독으로 또는 조합하여 포함할 수 있다. 상기 컴퓨터 판독 가능한 기록 매체에 기록되는 프로그램 명령어는, 본 발명을 위한 특별히 설계되고 구성된 것들이거니와 컴퓨터 소프트웨어 분야의 당업자에게 공지되어 사용 가능한 것일 수도 있다. 컴퓨터 판독 가능한 기록 매체의 예에는, 하드 디스크, 플로피 디스크 및 자기 테이프와 같은 자기 매체, CD-ROM, DVD와 같은 광기록 매체, 플롭티컬 디스크(floptical disk)와 같은 자기-광 매체(magneto-optical media) 및 ROM, RAM, 플래시 메모리 등과 같은 프로그램 명령어를 저장하고 수행하도록 특별히 구성된 하드웨어 장치가 포함된다. 프로그램 명령어의 예에는, 컴파일러에 의해 만들어지는 것과 같은 기계어 코드뿐만 아니라 인터프리터 등을 사용해서 컴퓨터에 의해서 실행될 수 있는 고급 언어 코드도 포함된다. 상기 하드웨어 장치는 본 발명에 따른 처리를 수행하기 위해 하나 이상의 소프트웨어 모듈로서 작동하도록 구성될 수 있으며, 그 역도 마찬가지이다.The methods according to embodiments of the present invention may be implemented in an application or implemented in the form of program instructions that may be executed through various computer components and recorded on a computer readable recording medium. The computer-readable recording medium may include program commands, data files, data structures, and the like, alone or in combination. The program instructions recorded on the computer-readable recording medium may be ones that are specially designed and configured for the present invention and are known and available to those skilled in the art of computer software. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules for performing the processing according to the present invention, and vice versa.
본 명세서는 많은 특징을 포함하는 반면, 그러한 특징은 본 발명의 범위 또는 특허청구범위를 제한하는 것으로 해석되어서는 아니 된다. 또한, 본 명세서의 개별적인 실시예에서 설명된 특징들은 단일 실시예에서 결합되어 구현될 수 있다. 반대로, 본 명세서의 단일 실시예에서 설명된 다양한 특징들은 개별적으로 다양한 실시예에서 구현되거나, 적절히 결합되어 구현될 수 있다.While the specification contains many features, such features should not be construed as limiting the scope of the invention or the scope of the claims. In addition, the features described in the individual embodiments herein may be combined and implemented in a single embodiment. On the contrary, the various features described in the singular embodiments may be individually implemented in various embodiments or properly combined.
도면에서 동작들이 특정한 순서로 설명되었으나, 그러한 동작들이 도시된 바와 같은 특정한 순서로 수행되는 것으로 또는 일련의 연속된 순서, 또는 원하는 결과를 얻기 위해 모든 설명된 동작이 수행되는 것으로 이해되어서는 안 된다. 특정 환경에서 멀티태스킹 및 병렬 프로세싱이 유리할 수 있다. 아울러, 상술한 실시예에서 다양한 시스템 구성요소의 구분은 모든 실시예에서 그러한 구분을 요구하지 않는 것으로 이해되어야 한다. 상술한 앱 구성요소 및 시스템은 일반적으로 단일 소프트웨어 제품 또는 멀티플 소프트웨어 제품에 패키지로 구현될 수 있다.Although the operations are described in a particular order in the figures, it should be understood that such operations are performed in a particular order as shown, or that all described operations are performed in a series of sequential orders, or to obtain the desired result. In certain circumstances, multitasking and parallel processing may be advantageous. It should also be understood that the division of various system components in the above embodiments does not require such distinction in all embodiments. The above-described application components and systems can generally be packaged into a single software product or multiple software products.
이상에서 설명한 본 발명은, 본 발명이 속하는 기술분야에서 통상의 지식을 가진 자에게 있어 본 발명의 기술적 사상을 벗어나지 않는 범위 내에서 여러 가지 치환, 변형 및 변경이 가능하므로 전술한 실시예 및 첨부된 도면에 의해 한정되는 것은 아니다.It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention. The present invention is not limited to the drawings.

Claims (10)

  1. 사용자 단말, KSI 서버 및 게이트웨이를 통해 상기 KSI 서버 및 상기 사용자 단말과 통신하는 IoT 디바이스를 포함하는 시스템에서의 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법에 있어서,A KSI-based authentication and communication method for a secure smart home environment in a system including a user terminal, a KSI server, and an IoT device communicating with the KSI server and the user terminal via a gateway,
    상기 IoT 디바이스가, 상기 게이트웨이, 사용자 단말 및 KSI 서버와 지속적인 통신을 위해 사전에 분배한 비밀 그룹키로 암호화하여 본인 정보를 사전 등록하는 단계;Encrypting the IoT device with a secret group key distributed in advance for continuous communication with the gateway, the user terminal, and the KSI server to pre-register the identity information;
    상기 IoT 디바이스가, 사전 공유한 비밀 그룹키를 사용하여 상호 인증을 수행하는 단계; 및Performing the mutual authentication using the pre-shared secret group key by the IoT device; And
    상기 IoT 디바이스가, 기밀 통신을 수행하는 단계;를 포함하는 것을 특징으로 하는 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법.And performing the confidential communication with the IoT device according to the KSI-based authentication and communication method.
  2. 제 1 항에 있어서,The method according to claim 1,
    상기 상호 인증을 수행하는 단계는,Wherein the performing mutual authentication comprises:
    상기 IoT 디바이스가, 서명할 메시지 M을 초기 공유 비밀 그룹키 IVk로 암호화한 값, KSI 서버에 등록한 인증서 유효를 검증할 수 있는 IDDEV, ZIDi, CIDi와 함께 M, ZIDn의 해시값 페어를 게이트웨이로 전달하는 단계;The IoT device encrypts a message M to be signed with an initial shared secret group key IV k , a hash value of M, Z IDn with identifiers DEV , Z IDi , and C IDi that can verify the certificate validity registered in the KSI server Forwarding the pair to the gateway;
    상기 게이트웨이가, 수신한 메시지 M을 복호화하여 메시지 M을 확인하고 나머지 정보 IDDEV, ZIDi, CIDi, h=(M, ZIDi)를 KSI 서버로 전송하는 단계;The gateway decrypts the received message M to confirm the message M and transmits the remaining information ID DEV , Z IDi , C IDi , h = (M, Z IDi ) to the KSI server;
    상기 KSI 서버가, IDDEV의 인증서를 ZIDi, CIDi를 이용하여 공개키 검증이 완료되면 인증서가 유효하다고 판단하여, h=(M, ZIDi)로부터 글로벌 타임 스탬프를 생성하고, 블록 체인에 포함된 St를 게이트웨이로 반환하는 단계; 및The KSI server judges that the certificate is valid when the public key verification of the ID DEV is completed using the Z IDi and C IDi , generates a global time stamp from h = (M, Z IDi ) Returning the included St to the gateway; And
    상기 게이트웨이가, 상기 IoT 디바이스가 생성한 메시지를 암호화한 값과 함께 반환받은 St, 상기 St를 검증할 수 있는 h=(M, ZIDi)를 사용자 단말로 전달하는 단계;를 포함하는 것을 특징으로 하는 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법.And transmitting to the user terminal ht = (M, Z IDi ) that the gateway can verify the S t and the S t returned together with the value obtained by encrypting the message generated by the IoT device KSI based authentication and communication method for secure smart home environment.
  3. 제 1 항에 있어서,The method according to claim 1,
    상기 기밀 통신을 수행하는 단계는,The step of performing the confidential communication includes:
    새로운 IoT 디바이스가 등록되거나 제거되는 경우, 그룹키를 갱신하는 단계;를 더 포함하는 것을 특징으로 하는 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법.And updating the group key if the new IoT device is registered or removed. ≪ Desc / Clms Page number 19 >
  4. 제 3 항에 있어서,The method of claim 3,
    IoT 디바이스는, The IoT device,
    키 해시체인으로 다중해시체인을 XOR하여 그룹키를 갱신하는 것을 특징으로 하는 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법.And XORs the multiple hash chains with the key hash chain to update the group key.
  5. 제 2 항에 있어서,3. The method of claim 2,
    KSI 서버는, The KSI server,
    분산 네트워크 블록체인을 기반으로 사용자 인증서 생성과 데이터의 유일한 글로벌 타임 스탬프를 생성하되,Based on a distributed network block chain, generates a user certificate and a unique global timestamp of the data,
    IoT 디바이스가 생선한 해시체인과 해시트리의 공개값과 공개값 생성 시점의 타임스탬프값, IoT 디바이스의 ID를 통해 인증서를 생성하며 이후, 사용자 인증과 메시지로 글로벌 해시 트리를 만들어 세계협정시간과 링킹(linking)하여 블록체인으로 커미트함으로써 글로벌 타임 스탬프를 생성하는 것을 특징으로 하는 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법.The IoT device generates the hash chain and the hash tree public value, the time stamp value at the time of creation of the public value, and the ID of the IoT device. Then, it creates a global hash tree with user authentication and message, wherein the global timestamp is generated by linking the global timestamp to a block chain and committing the global timestamp to a block chain.
  6. 사용자 단말, KSI 서버 및 게이트웨이를 거치지 않고 직접 상기 KSI 서버 및 상기 사용자 단말과 통신하는 IoT 디바이스를 포함하는 시스템에서의 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법에 있어서,A KSI-based authentication and communication method for a secure smart home environment in a system including an IoT device communicating directly with the KSI server and the user terminal without going through a user terminal, a KSI server and a gateway,
    상기 IoT 디바이스가, 인증서 생성 정보를 KSI 서버로 전달하는 단계;The IoT device transmitting certificate generation information to a KSI server;
    상기 KSI 서버가, 자신의 IDs를 포함한 IoT 디바이스의 인증서를 반환하는 단계;The KSI server returning a certificate of the IoT device including its ID s ;
    상기 IoT 디바이스가, 자신의 해시 이전 값인 개인키와 해시 트리를 구성하는 정보를 포함하여 KSI 서버로 서명을 요청하고 St를 반환받는 단계;The IoT device includes a private key which is a value before the hash of itself and information constituting the hash tree, requests signature from the KSI server and returns S t ;
    상기 IoT 디바이스가, 상기 반환받은 St, 사전 분배한 그룹키를 통해 암호화한 메시지 및 St를 검증할 수 있는 해시연산 h=(m,ZIDi)를 사용자 단말로 전달하는 단계; 및The IoT device transmitting a hash operation h = (m, Z IDi ) to the user terminal, the message being encrypted through the returned S t , the pre-distributed group key, and the S t ; And
    상기 IoT 디바이스가, 기밀 통신을 수행하는 도중, 새로운 IoT 디바이스가 등록되거나 제거되는 경우, 그룹키를 갱신하는 단계;를 포함하는 것을 특징으로 하는 안전한 스마트 홈 환경을 위한 KSI 기반 인증 및 통신 방법.And updating the group key when the new IoT device is registered or removed while the IoT device is performing the confidential communication. ≪ RTI ID = 0.0 > [10] < / RTI >
  7. 사용자 단말, KSI 서버 및 게이트웨이를 통해 상기 KSI 서버 및 상기 사용자 단말과 통신하는 IoT 디바이스를 포함하는 시스템에 있어서,1. A system comprising an IoT device communicating with a KSI server and a user terminal via a user terminal, a KSI server and a gateway,
    상기 IoT 디바이스는, 게이트웨이, 사용자 단말 및 KSI 서버와 지속적인 통신을 위해 사전에 분배한 비밀 그룹키로 암호화하여 본인 정보를 사전 등록하고, 사전 공유한 비밀 그룹키를 사용하여 상호 인증을 수행하며, 기밀 통신을 수행하되,The IoT device encrypts the IoT device with a secret group key distributed in advance for continuous communication with the gateway, the user terminal, and the KSI server, preregisters the identity information, performs mutual authentication using a pre-shared secret group key, Lt; / RTI >
    상기 IoT 디바이스는, 사전 공유한 비밀 그룹키를 사용하여 상호 인증을 수행하는 경우,When the mutual authentication is performed using the pre-shared secret group key,
    상기 IoT 디바이스가, 서명할 메시지 M을 초기 공유 비밀 그룹키 IVk로 암호화한 값, KSI 서버에 등록한 인증서 유효를 검증할 수 있는 IDDEV, ZIDi, CIDi와 함께 M, ZIDn의 해시값 페어를 게이트웨이로 전달하고, 상기 게이트웨이가, 수신한 메시지 M을 복호화하여 메시지 M을 확인하고 나머지 정보 IDDEV, ZIDi, CIDi, h=(M, ZIDi)를 KSI 서버로 전송하고, 상기 KSI 서버가, IDDEV의 인증서를 ZIDi, CIDi를 이용하여 공개키 검증이 완료되면 인증서가 유효하다고 판단하여, h=(M, ZIDi)로부터 글로벌 타임 스탬프를 생성하고, 블록 체인에 포함된 St를 게이트웨이로 반환하고, 상기 게이트웨이가, 상기 IoT 디바이스가 생성한 메시지를 암호화한 값과 함께 반환받은 St, 상기 St를 검증할 수 있는 h=(M, ZIDi)를 사용자 단말로 전달하는 것을 특징으로 하는 시스템.The IoT device encrypts a message M to be signed with an initial shared secret group key IV k , a hash value of M, Z IDn with identifiers DEV , Z IDi , and C IDi that can verify the certificate validity registered in the KSI server And transmits the remaining information IDs DEV , Z IDi , C IDi , h = (M, Z IDi ) to the KSI server by decrypting the received message M to confirm the message M, The KSI server judges that the certificate is valid when the public key verification is completed by using the certificate of ID DEV using Z IDi and C IDi and generates a global time stamp from h = (M, Z IDi ) to which the gateway, the IoT device has received the return along with the value to encrypt the generated message S t, h = (M, Z IDi) capable of verifying the S t a user terminal returns the S t to the gateway, and Lt; / RTI >
  8. 제 7 항에 있어서,8. The method of claim 7,
    상기 IoT 디바이스는, 기밀 통신을 수행하는 경우, 새로운 IoT 디바이스가 등록되거나 제거되면 그룹키를 갱신하는 것을 특징으로 하는 시스템.Wherein the IoT device updates the group key when a new IoT device is registered or removed when performing the confidential communication.
  9. 제 8 항에 있어서,9. The method of claim 8,
    상기 IoT 디바이스는, The IoT device includes:
    키 해시체인으로 다중해시체인을 XOR하여 그룹키를 갱신하는 것을 특징으로 하는 시스템.And XORs the multiple hash chain with the key hash chain to update the group key.
  10. 제 7 항에 있어서,8. The method of claim 7,
    KSI 서버는, The KSI server,
    분산 네트워크 블록체인을 기반으로 사용자 인증서 생성과 데이터의 유일한 글로벌 타임 스탬프를 생성하되,Based on a distributed network block chain, generates a user certificate and a unique global timestamp of the data,
    IoT 디바이스가 생선한 해시체인과 해시트리의 공개값과 공개값 생성 시점의 타임스탬프값, IoT 디바이스의 ID를 통해 인증서를 생성하며 이후, 사용자 인증과 메시지로 글로벌 해시 트리를 만들어 세계협정시간과 링킹(linking)하여 블록체인으로 커미트함으로써 글로벌 타임 스탬프를 생성하는 것을 특징으로 하는 시스템.The IoT device generates the hash chain and the hash tree public value, the time stamp value at the time of creation of the public value, and the ID of the IoT device. Then, it creates a global hash tree with user authentication and message, wherein the global timestamp is generated by linking and committing to a block chain.
PCT/KR2017/013840 2017-10-26 2017-11-29 Ksi-based authentication and communication method for safe smart home environment, and system therefor WO2019083082A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201780088464.4A CN110419193B (en) 2017-10-26 2017-11-29 KSI-based authentication and communication method and system for secure smart home environment

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020170140309A KR101936080B1 (en) 2017-10-26 2017-10-26 Ksi-based authentication and communication method for secure smart home environment and system therefor
KR10-2017-0140309 2017-10-26

Publications (1)

Publication Number Publication Date
WO2019083082A1 true WO2019083082A1 (en) 2019-05-02

Family

ID=66165349

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2017/013840 WO2019083082A1 (en) 2017-10-26 2017-11-29 Ksi-based authentication and communication method for safe smart home environment, and system therefor

Country Status (3)

Country Link
KR (1) KR101936080B1 (en)
CN (1) CN110419193B (en)
WO (1) WO2019083082A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110267264A (en) * 2019-05-20 2019-09-20 广西蛋壳机器人科技有限公司 A kind of system and method for failed cluster intelligent terminal and customer mobile terminal binding
CN111092717A (en) * 2019-12-16 2020-05-01 南京信息工程大学 Group authentication-based safe and reliable communication method in smart home environment
CN111800386A (en) * 2020-06-08 2020-10-20 熊涛 Intelligent household terminal user communication safety authentication system
CN111953495A (en) * 2020-06-30 2020-11-17 杭州天谷信息科技有限公司 Private-key-free signing method under electronic signature mixed cloud scene
CN112039821A (en) * 2019-06-03 2020-12-04 厦门本能管家科技有限公司 Block chain-based private message exchange method and system in group
CN112153151A (en) * 2020-09-28 2020-12-29 刘华 Intelligent manufacturing workshop safety management method and system based on block chain
CN112653557A (en) * 2020-12-25 2021-04-13 北京天融信网络安全技术有限公司 Digital identity processing method and device, electronic equipment and readable storage medium
CN114430324A (en) * 2022-01-02 2022-05-03 西安电子科技大学 On-line quick identity authentication method based on Hash chain
CN114710299A (en) * 2022-06-07 2022-07-05 杭州雅观科技有限公司 Lightweight authentication method suitable for cloud LED lighting energy-saving system
CN115580415A (en) * 2022-12-12 2023-01-06 南方电网数字电网研究院有限公司 Data interaction authentication method, device and system in block chain
WO2023071751A1 (en) * 2021-10-29 2023-05-04 华为技术有限公司 Authentication method and communication apparatus
CN117097561A (en) * 2023-10-18 2023-11-21 华东交通大学 Trusted equipment transfer identity authentication method for industrial Internet of things
CN117135626A (en) * 2023-10-25 2023-11-28 北京数盾信息科技有限公司 Safe Internet of things control system based on high-speed encryption technology
CN117318941A (en) * 2023-11-29 2023-12-29 合肥工业大学 Method, system, terminal and storage medium for distributing preset secret key based on in-car network

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102229438B1 (en) * 2019-05-17 2021-03-18 군산대학교산학협력단 Cloud computing and blockchain based smart home system
CN110730074A (en) * 2019-09-09 2020-01-24 谈建 Implementation method and data structure of nested traceable digital twin body
US20220021542A1 (en) * 2020-07-14 2022-01-20 Raytheon Company Low latency immutable data integrity
KR20220035773A (en) 2020-09-14 2022-03-22 서강대학교산학협력단 Method for generating a group key on a blockchain network
CN113301432B (en) * 2021-05-14 2023-01-06 Vidaa(荷兰)国际控股有限公司 Display device, terminal device and communication connection method
CN113890778B (en) * 2021-11-04 2023-08-25 深圳海智创科技有限公司 Intelligent home authentication and encryption method and system based on local area network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101678795B1 (en) * 2015-11-30 2016-11-22 전삼구 Iot-basesd things management system and method using block chain authentification
US20160358186A1 (en) * 2015-06-04 2016-12-08 Chronicled, Inc. Open registry for identity of things
US20170054611A1 (en) * 2015-08-17 2017-02-23 Accenture Global Solutions Limited Trust framework for platform data
US20170104598A1 (en) * 2015-02-20 2017-04-13 Telefonaktiebolaget Lm Ericsson (Publ) Methods of providing a hash value, and of deriving a time stamp for a piece of data, electronic device, server, network node and computer programs

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101478397B (en) * 2008-12-24 2012-01-18 北京握奇数据系统有限公司 Method and system for authentication of public telephone card and public telephone machine
CN103781026B (en) * 2012-10-19 2017-05-31 中国移动通信集团公司 The authentication method of common authentication mechanism
CN102916968B (en) * 2012-10-29 2016-01-27 北京天诚盛业科技有限公司 Identity identifying method, authentication server and identification authentication system
US9853819B2 (en) * 2013-08-05 2017-12-26 Guardtime Ip Holdings Ltd. Blockchain-supported, node ID-augmented digital record signature method
CN103685323B (en) * 2014-01-02 2016-08-17 中国科学院信息工程研究所 A kind of Smart Home safe network implementation method based on intelligent cloud television gateway
CN104506534B (en) * 2014-12-25 2017-11-21 青岛微智慧信息有限公司 Secure communication key agreement interaction schemes
GB2535165B (en) * 2015-02-09 2021-09-29 Arm Ip Ltd A method of establishing trust between a device and an apparatus
US10158492B2 (en) * 2015-02-25 2018-12-18 Guardtime Ip Holdings Limited Blockchain-supported device location verification with digital signatures
US20160358158A1 (en) * 2015-06-04 2016-12-08 Chronicled, Inc. Open registry for identity of things including item location feature
ES2750652T3 (en) * 2015-06-30 2020-03-26 Ericsson Telefon Ab L M Methods and devices to manage data signatures based on hash trees
US10069834B2 (en) * 2016-04-18 2018-09-04 Verizon Patent And Licensing Inc. Using mobile devices as gateways for internet of things devices
CN106338923A (en) * 2016-09-14 2017-01-18 上海百芝龙网络科技有限公司 Intelligent household control system
CN106657124B (en) * 2017-01-03 2020-03-20 宜春学院 Anonymous authentication and key agreement optimization authentication method and optimization authentication analysis method based on pseudonym for Internet of things

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170104598A1 (en) * 2015-02-20 2017-04-13 Telefonaktiebolaget Lm Ericsson (Publ) Methods of providing a hash value, and of deriving a time stamp for a piece of data, electronic device, server, network node and computer programs
US20160358186A1 (en) * 2015-06-04 2016-12-08 Chronicled, Inc. Open registry for identity of things
US20170054611A1 (en) * 2015-08-17 2017-02-23 Accenture Global Solutions Limited Trust framework for platform data
KR101678795B1 (en) * 2015-11-30 2016-11-22 전삼구 Iot-basesd things management system and method using block chain authentification

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
RA, GYEONGJIN ET AL.: "A Study on the KSI Based Authentication Management and Communication for Safe Smart Home Environment", CONFERENCE ON INFORMATION SECURITY AND CRYPTOGRAPHY-WINTER 2017, 23 June 2017 (2017-06-23), pages 1 - 4 *

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110267264A (en) * 2019-05-20 2019-09-20 广西蛋壳机器人科技有限公司 A kind of system and method for failed cluster intelligent terminal and customer mobile terminal binding
CN110267264B (en) * 2019-05-20 2022-10-25 广西蛋壳机器人科技有限公司 System for binding non-networked intelligent terminal and user mobile terminal
CN112039821A (en) * 2019-06-03 2020-12-04 厦门本能管家科技有限公司 Block chain-based private message exchange method and system in group
CN111092717A (en) * 2019-12-16 2020-05-01 南京信息工程大学 Group authentication-based safe and reliable communication method in smart home environment
CN111092717B (en) * 2019-12-16 2023-02-21 南京信息工程大学 Group authentication-based safe and reliable communication method in smart home environment
CN111800386A (en) * 2020-06-08 2020-10-20 熊涛 Intelligent household terminal user communication safety authentication system
CN111953495B (en) * 2020-06-30 2022-09-23 杭州天谷信息科技有限公司 Private-key-free signing method under electronic signature mixed cloud scene
CN111953495A (en) * 2020-06-30 2020-11-17 杭州天谷信息科技有限公司 Private-key-free signing method under electronic signature mixed cloud scene
CN112153151A (en) * 2020-09-28 2020-12-29 刘华 Intelligent manufacturing workshop safety management method and system based on block chain
CN112153151B (en) * 2020-09-28 2024-02-02 山西万佳印业有限公司 Intelligent manufacturing workshop safety management method and system based on blockchain
CN112653557A (en) * 2020-12-25 2021-04-13 北京天融信网络安全技术有限公司 Digital identity processing method and device, electronic equipment and readable storage medium
CN112653557B (en) * 2020-12-25 2023-10-13 北京天融信网络安全技术有限公司 Digital identity processing method, digital identity processing device, electronic equipment and readable storage medium
WO2023071751A1 (en) * 2021-10-29 2023-05-04 华为技术有限公司 Authentication method and communication apparatus
CN114430324A (en) * 2022-01-02 2022-05-03 西安电子科技大学 On-line quick identity authentication method based on Hash chain
CN114710299A (en) * 2022-06-07 2022-07-05 杭州雅观科技有限公司 Lightweight authentication method suitable for cloud LED lighting energy-saving system
CN114710299B (en) * 2022-06-07 2022-08-30 杭州雅观科技有限公司 Lightweight authentication method suitable for cloud LED lighting energy-saving system
CN115580415A (en) * 2022-12-12 2023-01-06 南方电网数字电网研究院有限公司 Data interaction authentication method, device and system in block chain
CN117097561B (en) * 2023-10-18 2024-01-16 华东交通大学 Trusted equipment transfer identity authentication method for industrial Internet of things
CN117097561A (en) * 2023-10-18 2023-11-21 华东交通大学 Trusted equipment transfer identity authentication method for industrial Internet of things
CN117135626A (en) * 2023-10-25 2023-11-28 北京数盾信息科技有限公司 Safe Internet of things control system based on high-speed encryption technology
CN117135626B (en) * 2023-10-25 2024-01-26 北京数盾信息科技有限公司 Safe Internet of things control system based on high-speed encryption technology
CN117318941A (en) * 2023-11-29 2023-12-29 合肥工业大学 Method, system, terminal and storage medium for distributing preset secret key based on in-car network
CN117318941B (en) * 2023-11-29 2024-02-13 合肥工业大学 Method, system, terminal and storage medium for distributing preset secret key based on in-car network

Also Published As

Publication number Publication date
CN110419193B (en) 2022-06-14
CN110419193A (en) 2019-11-05
KR101936080B1 (en) 2019-04-03

Similar Documents

Publication Publication Date Title
WO2019083082A1 (en) Ksi-based authentication and communication method for safe smart home environment, and system therefor
US10021080B2 (en) Group membership block chain
CA2944646C (en) Certificate authority master key tracking on distributed ledger
CN103118027B (en) The method of TLS passage is set up based on the close algorithm of state
CA3121771C (en) Information masking using certificate authority
WO2018147673A1 (en) Symmetric key-based user authentication method for ensuring anonymity in wireless sensor network environment
CN107708112A (en) A kind of encryption method suitable for MQTT SN agreements
CN107453868A (en) A kind of safe and efficient quantum key method of servicing
WO2020138525A1 (en) Method for distributed authentication of device in internet-of-things blockchain environment, and system for distributed authentication of device using same
CN108964896B (en) Kerberos identity authentication system and method based on group key pool
CN105873031A (en) Authentication and key negotiation method of distributed unmanned aerial vehicle based on trusted platform
ES2847751T3 (en) Public key infrastructure and distribution method
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
CN111324881A (en) Data security sharing system and method fusing Kerberos authentication server and block chain
WO2022177204A1 (en) Did-based decentralized system for storing and sharing user data
CN108880799B (en) Multi-time identity authentication system and method based on group key pool
WO2019125041A1 (en) Authentication system using separation, then distributed storage of personal information using blockchain
CN114503508A (en) Computer-implemented method and system for storing authenticated data on blockchains
CN101577620A (en) Authentication method of Ethernet passive optical network (EPON) system
WO2019125069A1 (en) Authentication system using separation, then combination of personal information using blockchain
CN106713338A (en) Long connection tunnel establishment method based on server hardware information
CN112446050A (en) Business data processing method and device applied to block chain system
WO2019017525A1 (en) User authentication server and system
CN108965266B (en) User-to-User identity authentication system and method based on group key pool and Kerberos
CN113987546A (en) Alliance chain system based on identification password system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17929760

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17929760

Country of ref document: EP

Kind code of ref document: A1