WO2019138850A1 - Information processing device, information processing method, information processing program, and electronic device - Google Patents

Information processing device, information processing method, information processing program, and electronic device Download PDF

Info

Publication number
WO2019138850A1
WO2019138850A1 PCT/JP2018/047333 JP2018047333W WO2019138850A1 WO 2019138850 A1 WO2019138850 A1 WO 2019138850A1 JP 2018047333 W JP2018047333 W JP 2018047333W WO 2019138850 A1 WO2019138850 A1 WO 2019138850A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
authentication information
iot device
information processing
authentication
Prior art date
Application number
PCT/JP2018/047333
Other languages
French (fr)
Japanese (ja)
Inventor
暢宏 金子
Original Assignee
ソニー株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ソニー株式会社 filed Critical ソニー株式会社
Publication of WO2019138850A1 publication Critical patent/WO2019138850A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks

Definitions

  • the present technology relates to an information processing device, an information processing method, an information processing program, and an electronic device.
  • a short distance wireless communication technology is used as a method of connecting devices in a personal computer, a mobile phone, a terminal device, an audio device, a digital camera, and the like (Japanese Patent Application Laid-Open No. 2008-101501).
  • the short distance wireless communication technology includes Bluetooth (registered trademark).
  • IoT Internet of Things
  • IoT devices such as smart locks do not have a means of confirmation by human eyes such as a display, and during unauthorized access from malicious IoT devices, users are not present. There is a problem that the presence or absence can not be detected. Also, since IoT devices such as smart locks maintain fixed authentication information inside the devices, there is a risk that security may be breached by man-in-the-middle attacks from malicious external devices.
  • the present technology has been made in view of such problems, and provides an information processing apparatus, an information processing method, an information processing program, and an electronic apparatus capable of detecting and responding to malicious external attacks. With the goal.
  • the information processing apparatus includes an authentication information generation unit that generates new authentication information for connection.
  • the authentication information generation unit when it is detected that the first device associated with authentication information for communication connection is attacked from the outside, the authentication information generation unit is connected to the first device Information processing method for generating new authentication information.
  • the authentication information generation unit when it is detected that the first device associated with authentication information for communication connection is attacked from the outside, the authentication information generation unit is connected to the first device Is an information processing program that causes a computer to execute an information processing method for generating new authentication information.
  • the fourth technology includes notification means for holding authentication information for communication connection, communicating with another device, and notifying the server apparatus of that when it is detected that an external attack has been received. It is an electronic device.
  • the present technology it is possible to detect and respond to malicious external attacks.
  • the effect described here is not necessarily limited, and may be any effect described in the specification.
  • FIG. 2A is a block diagram showing the configuration of the IoT device
  • FIG. 2B is a block diagram showing another example of the configuration of the IoT device 100.
  • It is a block diagram showing composition of an information processing system.
  • It is a block diagram showing composition of a cloud.
  • It is a sequence diagram which shows the flow of attack detection from an external apparatus, and the countermeasure process with respect to it.
  • It is a flow chart which shows a flow of attestation processing of an external apparatus.
  • It is a flowchart which shows the flow of the other example of the authentication process of an external apparatus.
  • It is a block diagram showing a modification of a form of application of this art.
  • FIG. 18 is a block diagram showing a configuration of a use form of a second modified example of the present technology.
  • FIG. 21 is a block diagram showing a configuration of a use form of a third modified example of the present technology. It is a sequence diagram of a process in the 3rd modification of this art.
  • Embodiment> [1-1. Configuration of usage form of the present technology] [1-2. Configuration of IoT Device] [1-3. Cloud configuration] [1-4. Detection processing of external device] ⁇ 2. Modified example> [2-1. First Modified Example] [2-2. Second Modified Example] [2-3. Third Modified Example]
  • the usage mode of the present technology includes the IoT device 100, a cloud 200 having a function as an information processing apparatus according to the present technology, and a terminal device 300.
  • the IoT device 100 is configured as a smart lock in the present embodiment.
  • the smart lock is a general term for devices and systems that can communicate keys of a house, a car, etc., and can perform key opening / closing and management using a smartphone or the like.
  • the IoT device 100 can perform communication by connecting to another IoT device, a terminal device, and the like using near-field wireless communication. Although the details will be described later, at that time, the IoT device 100 requests transmission of authentication information to another external IoT device or the like that requests connection. Then, only other IoT devices that can confirm that the transmitted authentication information is correct can communicate with the IoT device 100 by connecting.
  • the IoT device 100 corresponds to the first device and the electronic device in the claims.
  • the cloud 200 is built in a management apparatus such as a server owned by a company providing a cloud service.
  • the cloud is one of the forms of computer use, and is built on the server of a cloud service provider, and all necessary processing is basically performed on the server side.
  • Users store data on servers on the Internet, not on their personal computers, smart phones, cell phones, etc. Therefore, services can be used, data can be viewed, edited, uploaded, etc., even in various environments such as home, office, cafe, school, outing.
  • the IoT device 100 and the cloud 200 are connected by broadband wireless communication.
  • the terminal device 300 is a smartphone, a tablet terminal, a laptop computer, a desktop computer, a wearable device, or the like owned by a user who uses the IoT device 100.
  • the terminal device 300 and the cloud 200 can communicate with each other via a wireless local area network (LAN) such as Wi-Fi (Wireless Fidelity), 4G (fourth generation mobile communication system), broadband, or the like.
  • LAN wireless local area network
  • Wi-Fi Wireless Fidelity
  • 4G fourth generation mobile communication system
  • broadband or the like.
  • the terminal device 300 corresponds to the second device in the claims.
  • the present technology addresses the case where an attack from the external device 400 on the IoT device 100 is detected.
  • the attack from the external device 400 corresponds to the “external attack” in the claims.
  • the IoT device 100 detects an attack from the external device 400, the IoT device 100 notifies the cloud 200 to that effect.
  • the cloud 200 newly generates authentication information required for connection authentication of the IoT device 100 and transmits the authentication information to the IoT device 100.
  • the cloud 200 notifies the terminal device 300 that there is an attack on the IoT device 100.
  • the IoT device 100 includes a central processing unit (CPU) 101, a random access memory (RAM) 102, a read only memory (ROM) 103, a storage 104, a battery 105, a broadband wireless module 106, a near field wireless module 107, and a bus 108. It is configured.
  • the CPU 101 controls the entire IoT device 100 by executing various processes according to programs stored in the ROM 103 and issuing commands.
  • the RAM 102 is used as a work memory of the CPU 101.
  • the ROM 103 stores programs and the like read and operated by the CPU 101.
  • the storage 104 is, for example, a storage medium configured by an HDD (Hard Disc Drive), a semiconductor memory, an SSD (solid state drive), etc., and stores Passkey as authentication information and other data necessary for using the IoT device 100 It is done.
  • HDD Hard Disc Drive
  • SSD solid state drive
  • the battery 105 supplies power to each part of the IoT device 100, and is configured of, for example, a lithium ion battery.
  • the broadband wireless module 106 is a module that communicates with an external device, a network, or the like according to a communication standard such as, for example, enhanced machine type communication (eMTC) or narrow band-IoT (NB-IoT).
  • eMTC enhanced machine type communication
  • NB-IoT narrow band-IoT
  • the eMTC is a system that can communicate in a mobile unit, and is characterized in that it supports low to medium speed movement and can transmit and receive relatively large-sized data.
  • NB-loT is a standard for mobile communication technology LTE (Long Term Evolution), which is a standard for IoT devices, and features such as 180kHz width and very narrow bandwidth, and is suitable for small amount of data communication There is.
  • LTE Long Term Evolution
  • NB-IoT are IoT technologies based on mobile phones with features such as wide area and low power consumption, smart meters such as power, gas and water, smart locks, various sensors, wearable devices, medical healthcare It is used in fields such as
  • the broadband wireless module 106 is connected to a SIM (Subscriber Identity Module) card 109 which is an IC card in which identification information such as an ID necessary for communication is recorded.
  • SIM Subscriber Identity Module
  • the short distance wireless module 107 is a communication module that performs wireless communication with an external device such as another IoT device or a network.
  • Examples of the wireless communication method include Bluetooth (registered trademark) and Zigbee (registered trademark). In the present embodiment, communication is performed using Bluetooth (registered trademark).
  • Bluetooth (registered trademark) is a wireless communication method used when connecting between terminal devices or between a terminal device and its peripheral device, and in addition to game devices, music players, and peripheral devices of personal computers, in recent years smart household appliances Etc. are also adopted.
  • SSP secure simple pairing
  • the Passkey Entry mode is a mode in which authentication is performed by inputting to the terminal Passkey as authentication information consisting of a six-digit number.
  • authentication of the external device in the IoT device 100 is performed by Passkey Entry.
  • Passkey is associated as unique to each IoT device.
  • the IoT device 100 is configured as described above. Note that, as shown in FIG. 2B, the storage device 104 may not be provided in the IoT device 100, and authentication information, various data, and the like may be stored in the ROM 103.
  • FIG. 3 is a block diagram showing the configuration of the IoT device system 150 executed by the IoT device 100.
  • the IoT device system 150 includes a main control unit 151, a broadband wireless module control unit 152, a short distance wireless module control unit 153, a device detection unit 154, and a data holding management unit 155.
  • the main control unit 151 controls the entire IoT device system 150 and each unit.
  • the broadband wireless module control unit 152 controls communication by the broadband wireless module 106.
  • the short distance wireless module control unit 153 controls the communication by the short distance wireless module 107.
  • the device detection unit 154 detects an external device 400 that attacks the IoT device 100.
  • the IoT device 100 uses Bluetooth (registered trademark) as a short distance wireless communication method and uses Passkey Entry as an authentication method
  • the device detection unit 154 determines that the number of failed pairings by Passkey authentication is a predetermined number or more. It is determined that there is an external device 400 attacking the. Specific processing of detection of the external device 400 will be described later.
  • the data holding management unit 155 holds Passkey as authentication information and a threshold of the pairing failure allowable number of times.
  • the data holding management unit 155 may be provided in an area in the storage 104 of the IoT device 100.
  • the IoT device system 150 is configured as described above.
  • the SIM card 109 may be inserted into the IoT device 100 and the power may be turned on.
  • the cloud 200 includes a main control unit 201, an IoT device data transmission / reception unit 202, a user data transmission / reception unit 203, a user data holding unit 204, a Passkey generation unit 205, and a notification processing unit 206.
  • the main control unit 201 controls the entire cloud 200 and each unit by executing a predetermined program or the like.
  • the IoT device data transmission / reception unit 202 is a communication module that transmits / receives data to / from the IoT device 100, and transmits / receives various data, information, etc. to / from the IoT device 100.
  • a notification to that effect is sent from the IoT device 100 to the cloud 200, so the data transmitting / receiving unit 202 for IoT device is used for the notification.
  • the user data transmission / reception unit 203 is a communication module that transmits / receives data to / from the terminal device 300. Data specific to a user who is a user of the IoT device 100 (referred to as user data) transmitted from the terminal device 300 is received.
  • the user data holding unit 204 is, for example, a storage medium configured by an HDD, a semiconductor memory, an SSD, etc.
  • the user data received by the user data transmitting / receiving unit 203 is processed by the main control unit 201.
  • Stored in The user data transmission / reception unit 203 also receives information transmitted in the setup for using the IoT device 100 and the cloud 200.
  • the Passkey generating unit 205 When the data transmitting / receiving unit 202 for IoT device receives a notification that there is an attack from the IoT device 100, the Passkey generating unit 205 newly generates Passkey as authentication information used for authentication in the IoT device 100. . Since Passkey consists of a six-digit number, Passkey generation unit 205 generates a new six-digit number randomly or according to a predetermined algorithm as a new Passkey. The new Passkey generated by the Passkey generation unit 205 is transmitted to the IoT device 100 by the data transmission / reception unit 202 for the IoT device. The Passkey generation unit 205 corresponds to the authentication information generation unit in the claims.
  • the notification processing unit 206 communicates with the terminal device 300 according to the control of the main control unit 201, and transmits notification data for performing various notifications to the user in the terminal device 300.
  • a new Passkey is generated to notify that the Passkey is updated in the IoT device 100.
  • the cloud 200 is configured as described above.
  • the function as an information processing apparatus executed by the cloud 200 is configured by a program, and the program may be previously operable in the cloud 200, or may be distributed by download, storage medium, etc. A company or the like to be provided may be installed and operable.
  • the function as an information processing apparatus may be realized not only by a program but also by combining a dedicated device, a circuit and the like by hardware having the function.
  • the user accesses the cloud 200 via the Internet using a personal computer, a smartphone, or the like.
  • an account is created in the cloud 200.
  • the creation of an account in the cloud 200 can be performed on a website or the like of a company that provides the cloud 200 service.
  • the user registers in the account the user's contact information such as the telephone number and mail address of the terminal device 300, registration of an ID that can identify a SIM card such as IMSI (International Mobile Subscriber Identity), and IoT associated with the SIM card.
  • IMSI International Mobile Subscriber Identity
  • IoT International Mobile Subscriber Identity
  • the user creates a device group for managing the IoT device 100 as a group, and registers the IoT device 100 used by the user in the device group.
  • the user sets a Passkey in units of device groups, and further sets a threshold value for the number of Bluetooth pairing failures.
  • the threshold information of the pairing failure tolerance number is transmitted to the IoT device 100, and is used for detecting an attack from the external device 400 in the device detection unit 154.
  • the threshold value of the pairing failure allowable number may be automatically set in the IoT device 100 or the cloud 200.
  • the setup of the cloud 200 is performed as described above.
  • Various data sent from the user to the cloud 200 via the Internet in the setup of the cloud 200 are received by the user data transmission / reception unit 203.
  • the main control unit 201 of the cloud 200 causes the user data holding unit 204 to hold the various data.
  • the power of the IoT device 100 is turned on.
  • the program stored in the ROM 103 is loaded to the RAM 102 and the CPU 101 executes it.
  • the main control unit 151 of the IoT device system 150 queries the data holding management unit 155 whether the IoT device 100 is in the initial state. If the IoT device 100 is in the initial state, the main control unit 151 notifies the cloud 200 of setup via the broadband wireless communication module 106 from the broadband wireless module control unit 152.
  • the main control unit 201 of the cloud 200 acquires threshold information on the number of failures of pairing with the Passkey from the user data holding unit 204, and the IoT device 100 receives the IoT device data transmission / reception unit 202. Send to
  • the IoT device 100 receives the threshold value of the number of failures of pairing with the Passkey in the broadband wireless module 106, and stores the threshold information in the data holding management unit 155.
  • the IoT device 100 notifies the cloud 200 that there is an attack from the external device 400 in step S12. Do. Details of detection of an attack from the external device 400 will be described later.
  • step S13 the external device 400 is notified that the authentication has failed.
  • step S14 the Passkey generation unit 205 of the cloud 200 generates a new Passkey as new authentication information. Then, in step S15, a new Passkey is transmitted from the cloud 200 to the IoT device 100, and in step S16, the Passkey is updated to a new Passkey in the IoT device 100.
  • step S17 the cloud 200 notifies the terminal device 300 of the user that there has been an attack from the external device 400 and that the Passkey has been updated.
  • the IoT device 100 does not have a display or the like, or even when the user is not near the IoT device 100, the user can know that the IoT device 100 has been attacked.
  • the flow of Passkey authentication in the device detection unit 154 of the IoT device 100 will be described with reference to the flowchart in FIG. First, when the Passkey is transmitted from the external device 400 and authentication and connection request are made, the Passkey is read from the data holding management unit 155 in step S21 and supplied to the device detection unit 154. The Passkey held by the data holding management unit 155 is a legitimate Passkey.
  • step S22 the device detection unit 154 performs Passkey authentication processing by exchange / confirmation of the Passkey transmitted from the external device 400 and the Passkey held by the IoT device 100.
  • step S24 a short distance wireless communication connection between the external device 400 and the IoT device 100 is established as the authentication success.
  • step S23 a Passkey authentication failure number counter is incremented.
  • step S26 it is determined whether the number of authentication failures is less than a predetermined threshold. If the number of authentication failures is less than the predetermined threshold, the process proceeds to step S27 (Yes in step S25), and the connection between the external device 400 and the IoT device 100 is not established as authentication failure.
  • step S28 the IoT device 100 notifies the cloud 200 of the authentication failure, that is, the attack from the external device 400. Then, the connection between the external device 400 and the IoT device 100 is not established as authentication failure in step S27.
  • the Passkey authentication in the IoT device 100 is performed. Usually, since the user knows the correct Passkey, the Passkey will not be mismatched unless communication failure or an input error is considered. However, in the case of a malicious attack from the external device 400, in order to match the Passkey, different types of Passkeys are transmitted to try pairing. Therefore, if the number of consecutive authentication failures is not less than the predetermined threshold, it can be determined that this is an attack from the external device 400.
  • a plurality of thresholds for the authentication failure allowable number of times may be set, and different notifications may be issued to the terminal device 300 of the user each time each threshold is exceeded. This makes it possible to notify the user that there is a possibility that a malicious external device may be attacking before determining whether the external device that has transmitted the Passkey is a malicious external device.
  • Steps S21 to S28 in FIG. 7 are the same as those in the flowchart of FIG.
  • step S23 If it is determined in step S23 that the Passkey transmitted from the external device 400 matches the Passkey held by the IoT device 100, the process proceeds to step S31 (Yes in step S23).
  • step S31 confirmation of additional authentication data is performed in step S31.
  • the confirmation of the additional authentication data requests the external device 400 to transmit the additional authentication data, and the transmitted additional authentication data and the additional authentication data held by the IoT device 100 are requested as in step S22. Is performed by determining whether or not there is a match.
  • the additional authentication data may be a random character string similar to Passkey, may be a character string arbitrarily set by the user, or may be data for an authentication method other than Passkey, IoT device 100 and other devices Anything can be used as long as it can be used for authentication.
  • the additional authentication data corresponds to the second authentication information in the claims.
  • step S24 a short distance wireless communication connection between the external device 400 and the IoT device 100 is established as the authentication success.
  • step S32 the process proceeds from step S32 to step S25 (Yes in step S32).
  • step S25 the counter of the number of authentication failures is incremented. After this, the same processing as that of the flowchart of FIG. 6 is performed.
  • the security of the IoT device 100 can be enhanced by preventing the Passkey authentication from being accidentally completed and the malicious external device 400 being connected.
  • the present technology it is possible to detect an attack from a malicious external device by short-distance wireless communication, and to prevent connection of the malicious external device 400 and also to prevent a spoofing attack.
  • the IoT device 100 is not limited to a smart lock, and can be connected to the Internet such as TVs, digital cameras, media players such as Blue-ray players, water heaters, sensors, lighting devices, surveillance cameras, refrigerators, wearable devices, etc. Any device may be used.
  • the IoT device 100 determines whether the authentication from the external device 400 and the connection request are an attack. However, since the Passkey of the IoT device 100 also holds the cloud 200, when the transmission of the Passkey is received from the external device 400, the IoT device 100 transmits the Passkey to the cloud 200, and the Passkey matches in the cloud 200. It may be checked whether or not it is present.
  • Bluetooth registered trademark
  • Passkey Entry is used as the authentication method
  • Passkey is used as the authentication information
  • the communication method may be another method, or the device to be connected is authenticated. Other methods that can be used may be used, or other information may be used as authentication information.
  • the same processing as that of the embodiment may be performed using a large capacity storage medium and a management IoT device having high processing capability.
  • the IoT device 100 and the cloud 200 are connected by broadband wireless communication, and the external device 400 and the IoT device 100 are connected by short distance wireless communication, but the communication connection method is not limited thereto.
  • the IoT device 100 and the cloud 200 are connected by broadband wireless communication, and the cloud 200 and the terminal device 300 are also connected by broadband wireless communication. Furthermore, the IoT device 100 and the terminal device 300 are connected by near field communication.
  • Information is periodically transmitted from the IoT device 100 to the cloud 200. If the information can not be received at a predetermined time, the cloud 200 notifies the terminal device 300 of the user.
  • the terminal device 300 that has received the notification performs near field communication with the IoT device 100, receives information from the IoT device 100, and transmits the information to the cloud 200. This makes it possible to keep transmitting information to the cloud 200 reliably.
  • This example is useful, for example, in a use case where an IoT device 100 as a sensor such as a thermometer or a pulse meter is attached to a human body and biological information such as temperature and pulse is continuously transmitted to the cloud 200. Moreover, it is useful also to the use case which monitors the state of not only a human body but livestock, cargo, vehicle-mounted, a household appliance, etc., and transmits state information to the cloud 200 regularly.
  • the IoT devices may be connected by near field communication.
  • the first IoT device 1000, the second IoT device 2000, and the third IoT device 3000 can be connected to the cloud 200 by broadband wireless communication.
  • the first IoT device 1000 is set to periodically transmit information to the cloud 200, and if the cloud 200 can not receive information at a predetermined time, the cloud 200 is closest to the first IoT device 1000 And select the IoT device that performed broadband wireless communication immediately before.
  • the second IoT device 2000 is selected.
  • the second IoT device 2000 that has received the notification from the cloud 200 makes short-distance wireless connection with the first IoT device 1000, and transmits information of the first IoT device 1000 to the cloud 200.
  • information can be reliably transmitted to the cloud 200 continuously.
  • the cloud 200 does not select the IoT device to be connected in the short distance wireless connection, but after the information transmission to the cloud 200 fails, the adjacent IoT devices automatically establish the short distance wireless connection and the connection is established. Information may be transmitted to the cloud 200 via an IoT device.
  • the first IoT device 1000, the second IoT device 2000, and the third IoT device 3000 are each connected to the cloud 200, and information is periodically transmitted to the cloud 200. If information transmission to the cloud 200 in the first IoT device 1000 fails, in step S41, the first IoT device 1000 starts an advertisement by transmitting an advertisement packet to convey its presence to surrounding IoT devices. .
  • the second IoT device 2000 and the third IoT device 3000 scan in steps S42 and S43, the first IoT device 1000 can be found in steps S44 and S45.
  • the second IoT device 2000 that has found the first IoT device 1000 performs authentication and connection request to the first IoT device 1000 by near field communication in step S46.
  • the third IoT device 3000 that has found the first IoT device 1000 sends an authentication and connection request to the first IoT device 1000 by near field communication in step S47.
  • the first IoT device 1000 selects a device having the strongest radio wave intensity from the IoT devices that have received the authentication and connection request.
  • the second IoT device 2000 has a stronger radio wave intensity than the third IoT device 3000.
  • step S49 the first IoT device 1000 transmits an error message without connecting to the third IoT device 3000 not selected.
  • the first IoT device 1000 receives the authentication and connection request from the selected second IoT device 2000 and establishes a connection.
  • step S51 the first IoT device 1000 transmits information by near-field wireless communication to the second IoT device 2000 in which the connection has been established. Then, in step S52, the second IoT device 2000 transmits the information received from the first IoT device 1000 to the cloud 20 by broadband wireless communication.
  • the present technology is not limited to the smart lock described in the embodiment, and can be used in various fields.
  • each cargo is equipped with an IoT device with a GPS function, and grouping is performed based on the type of cargo, destination, and the like.
  • IoT devices periodically send GPS information to the cloud.
  • the current position of the cargo can be periodically grasped, and when the cargo is forgotten or left unstacked, the cloud can notify the user of the terminal device of that fact.
  • notification of transport completion can be sent to the user's terminal device.
  • it detects an attack from an external device to an IoT device loaded in cargo for the purpose of replacement of cargo, loss of cargo, obstruction of transportation, etc. that effect is notified to the user's terminal device You can also.
  • the present technology can also be used in a so-called smart meter that manages water consumption and gas consumption in condominiums, apartment buildings, and the like.
  • the smart meter is an IoT device, and transmits various usage data acquired by the smart meter to the cloud. Then, if an attack by a malicious external device for the purpose of hijacking an IoT device, falsification of data, interruption of data transmission, transmission of erroneous information, or the like is detected, that effect can be notified to the user's terminal device.
  • the technology can also be used to manage livestock. Attach an IoT device as a sensor capable of acquiring biological information such as body temperature and pulse to each of domestic animals, and periodically transmit biological information from the IoT device to the cloud. Then, when various conditions are set for biological information in the cloud and the conditions are satisfied, it is possible to notify the user terminal device of occurrence of disease, risk of disease, timing of birth, timing of seeding, etc. . In addition, when an attack by a malicious external device for the purpose of hijacking IoT devices, falsification of biological information, interruption of data transmission, transmission of erroneous information, or the like is detected, that effect can be notified to the user's terminal device. .
  • the present technology can also be used to manage equipment in a factory or the like.
  • Attach an IoT device as a sensor that can obtain the condition of the device such as temperature to each of the devices, and periodically transmit the device state information from the IoT device to the cloud. Then, when various conditions are set for the equipment state information in the cloud and the conditions are satisfied, it is possible to notify the terminal device of the user of an abnormality of the equipment, a failure of the equipment, and the like.
  • an attack by a malicious external device for the purpose of hijacking IoT devices falsification of equipment status information, interruption of data transmission, transmission of false information, etc. is detected, that effect is notified to the user's terminal device. You can also.
  • the present technology can also be configured as follows.
  • the attack is detected by confirming whether the authentication information transmitted to the first device from the outside matches the authentication information associated with the first device (1) to (4)
  • the attack occurs when a plurality of pieces of authentication information continuously transmitted from the outside to the first device and the authentication information associated with the first device do not continuously match a predetermined number of times (5) the information processing apparatus according to (5).
  • Second authentication information is further associated with the first device, and another device authenticated by the authentication information is authenticated by the second authentication information (1) to (8).
  • the information processing apparatus according to any one of the above.
  • the information processing apparatus according to any one of (1) to (9), which operates in a server apparatus connected to the first apparatus by broadband wireless communication.
  • the authentication information generation unit When it is detected that the first device to which authentication information for communication connection is associated is attacked from the outside, the authentication information generation unit generates new authentication information for connecting to the first device. Information processing method to generate. (12) When it is detected that the first device to which authentication information for communication connection is associated is attacked from the outside, the authentication information generation unit generates new authentication information for connecting to the first device. An information processing program that causes a computer to execute an information processing method to be generated.
  • An electronic device comprising notification means for holding authentication information for communication connection, communicating with another device, and notifying a server device of a cloud system of that when it is detected that an external attack has been received.
  • the electronic device according to (13), wherein, when transmission of the information to the server device fails, the information is transmitted to another electronic device, and the information is transmitted to the server device via the other electronic device.
  • IoT device 200 Cloud 300: Terminal device 400: External device

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

This information processing device is provided with an authentication information generation means, wherein, when it is detected that a first device associated with authentication information for communication access has received an external attack, the authentication information generation means generates new authentication information for accessing the first device.

Description

情報処理装置、情報処理方法、情報処理プログラムおよび電子機器INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, INFORMATION PROCESSING PROGRAM, AND ELECTRONIC APPARATUS
 本技術は、情報処理装置、情報処理方法、情報処理プログラムおよび電子機器に関する。 The present technology relates to an information processing device, an information processing method, an information processing program, and an electronic device.
 パーソナルコンピュータ、携帯電話、端末装置、オーディオ機器、デジタルカメラなどにおける機器同士の接続方法として近距離無線通信技術が用いられている(特許文献1)。近距離無線通信技術としてはBluetooth(登録商標)などがある。また、近年盛んになっているIoT(Internet of Things)の分野においても近距離無線通信が用いられている。 A short distance wireless communication technology is used as a method of connecting devices in a personal computer, a mobile phone, a terminal device, an audio device, a digital camera, and the like (Japanese Patent Application Laid-Open No. 2008-101501). The short distance wireless communication technology includes Bluetooth (registered trademark). In the field of IoT (Internet of Things), which has become popular in recent years, near field communication is used.
特開2005-323092号公報Japanese Patent Application Laid-Open No. 2005-323092
 例えばIoTの中でもスマートロックのようなIoT機器は、ディスプレイ等の人の目による確認手段がなく、また、悪意あるIoT機器からの不正アクセス中は、ユーザはその場に居ないため、不正アクセスの有無を検知することができない、という問題がある。また、スマートロックのようなIoT機器は、固定の認証情報を機器内部で保持するため、悪意ある外部機器からの中間者攻撃により、セキュリティが破られるリスクがある。 For example, even in IoT, IoT devices such as smart locks do not have a means of confirmation by human eyes such as a display, and during unauthorized access from malicious IoT devices, users are not present. There is a problem that the presence or absence can not be detected. Also, since IoT devices such as smart locks maintain fixed authentication information inside the devices, there is a risk that security may be breached by man-in-the-middle attacks from malicious external devices.
 本技術はこのような問題点に鑑みなされたものであり、悪意ある外部からの攻撃を検知してそれに対応することができる情報処理装置、情報処理方法、情報処理プログラムおよび電子機器を提供することを目的とする。 The present technology has been made in view of such problems, and provides an information processing apparatus, an information processing method, an information processing program, and an electronic apparatus capable of detecting and responding to malicious external attacks. With the goal.
 上述した課題を解決するために、第1の技術は、通信接続のための認証情報が対応付けられた第1の機器が外部から攻撃を受けたことが検知されると、第1の機器に接続するための新たな認証情報を生成する認証情報生成手段を備える情報処理装置である。 In order to solve the problems described above, according to the first technology, when it is detected that the first device associated with authentication information for communication connection is attacked from the outside, the first device transmits The information processing apparatus includes an authentication information generation unit that generates new authentication information for connection.
 また、第2の技術は、通信接続のための認証情報が対応付けられた第1の機器が外部から攻撃を受けたことが検知されると、認証情報生成手段が第1の機器に接続するための新たな認証情報を生成する情報処理方法である。 Further, in the second technique, when it is detected that the first device associated with authentication information for communication connection is attacked from the outside, the authentication information generation unit is connected to the first device Information processing method for generating new authentication information.
 また、第3の技術は、通信接続のための認証情報が対応付けられた第1の機器が外部から攻撃を受けたことが検知されると、認証情報生成手段が第1の機器に接続するための新たな認証情報を生成する情報処理方法をコンピュータに実行させる情報処理プログラムである。 In the third technique, when it is detected that the first device associated with authentication information for communication connection is attacked from the outside, the authentication information generation unit is connected to the first device Is an information processing program that causes a computer to execute an information processing method for generating new authentication information.
 さらに、第4の技術は、通信接続のための認証情報を保持し、他の機器と通信を行い、外部から攻撃を受けたことを検知した場合その旨をサーバ装置に通知する通知手段を備える電子機器である。 Furthermore, the fourth technology includes notification means for holding authentication information for communication connection, communicating with another device, and notifying the server apparatus of that when it is detected that an external attack has been received. It is an electronic device.
 本技術によれば、悪意ある外部からの攻撃を検知してそれに対応することができる。なお、ここに記載された効果は必ずしも限定されるものではなく、明細書中に記載されたいずれかの効果であってもよい。 According to the present technology, it is possible to detect and respond to malicious external attacks. In addition, the effect described here is not necessarily limited, and may be any effect described in the specification.
本技術の利用形態の構成を示すブロック図である。It is a block diagram showing composition of an application form of this art. 図2Aは、IoT機器の構成を示すブロック図であり、図2BはIoT機器100の構成の他の例を示すブロック図である。FIG. 2A is a block diagram showing the configuration of the IoT device, and FIG. 2B is a block diagram showing another example of the configuration of the IoT device 100. 情報処理システムの構成を示すブロック図である。It is a block diagram showing composition of an information processing system. クラウドの構成を示すブロック図である。It is a block diagram showing composition of a cloud. 外部機器からの攻撃検知およびそれに対する対処処理の流れを示すシーケンス図である。It is a sequence diagram which shows the flow of attack detection from an external apparatus, and the countermeasure process with respect to it. 外部機器の認証処理の流れを示すフローチャートである。It is a flow chart which shows a flow of attestation processing of an external apparatus. 外部機器の認証処理の他の例の流れを示すフローチャートである。It is a flowchart which shows the flow of the other example of the authentication process of an external apparatus. 本技術の利用形態の変形例を示すブロック図である。It is a block diagram showing a modification of a form of application of this art. 本技術の変形例における処理を示すシーケンス図である。It is a sequence diagram showing processing in a modification of this art. 本技術の第2の変形例の利用形態の構成を示すブロック図である。FIG. 18 is a block diagram showing a configuration of a use form of a second modified example of the present technology. 本技術の第3の変形例の利用形態の構成を示すブロック図である。FIG. 21 is a block diagram showing a configuration of a use form of a third modified example of the present technology. 本技術の第3の変形例における処理のシーケンス図である。It is a sequence diagram of a process in the 3rd modification of this art.
 以下、本技術の実施の形態について図面を参照しながら説明する。なお、説明は以下の順序で行う。
<1.実施の形態>
[1-1.本技術の利用形態の構成]
[1-2.IoT機器の構成]
[1-3.クラウドの構成]
[1-4.外部機器の検知処理]
<2.変形例>
[2-1.第1の変形例]
[2-2.第2の変形例]
[2-3.第3の変形例] Hereinafter, embodiments of the present technology will be described with reference to the drawings. The description will be made in the following order.
<1. Embodiment>
[1-1. Configuration of usage form of the present technology]
[1-2. Configuration of IoT Device]
[1-3. Cloud configuration]
[1-4. Detection processing of external device]
<2. Modified example>
[2-1. First Modified Example]
[2-2. Second Modified Example]
[2-3. Third Modified Example]
<1.実施の形態>
[1-1.本技術の利用形態の構成]
 本技術の利用形態は、IoT機器100と、本技術に係る情報処理装置としての機能を備えるクラウド200と、端末装置300とから構成されている。 <1. Embodiment>
[1-1. Configuration of usage form of the present technology]
The usage mode of the present technology includes the IoT device 100, a cloud 200 having a function as an information processing apparatus according to the present technology, and a terminal device 300.
 IoT機器100は、本実施の形態ではスマートロックとして構成されている。スマートロックとは、家、車などの鍵を通信可能な状態とし、スマートフォン等を用いて鍵の開閉・管理を行うことができる機器およびシステムの総称である。 The IoT device 100 is configured as a smart lock in the present embodiment. The smart lock is a general term for devices and systems that can communicate keys of a house, a car, etc., and can perform key opening / closing and management using a smartphone or the like.
 IoT機器100は、近距離無線通信を用いて他のIoT機器、端末装置などと接続して通信を行うことが可能となっている。詳細は後述するが、その際、IoT機器100は接続を要求する外部の他のIoT機器などに対して認証情報の送信を要求する。そして、送信された認証情報が正しいものとして確認できた他のIoT機器のみがIoT機器100と接続して通信を行うことができる。なお、IoT機器100は特許請求の範囲における第1の機器および電子機器に相当するものである。 The IoT device 100 can perform communication by connecting to another IoT device, a terminal device, and the like using near-field wireless communication. Although the details will be described later, at that time, the IoT device 100 requests transmission of authentication information to another external IoT device or the like that requests connection. Then, only other IoT devices that can confirm that the transmitted authentication information is correct can communicate with the IoT device 100 by connecting. The IoT device 100 corresponds to the first device and the electronic device in the claims.
 クラウド200は、クラウドサービスを提供する会社などが所有するサーバなどの管理装置内に構築されている。クラウドとはコンピュータの利用形態の1つであり、クラウドサービス提供会社のサーバに構築され、必要な処理は基本的に全てサーバ側で行われる。ユーザはデータを自分のパソコン、スマートフォン、携帯電話機などではなく、インターネット上のサーバに保存する。よって、自宅、会社、ネットカフェ、学校、外出先など、さまざまな環境においてもサービスの利用、データを閲覧、編集、アップロードなどを行うことができる。IoT機器100とクラウド200とは広帯域無線通信により接続されている。 The cloud 200 is built in a management apparatus such as a server owned by a company providing a cloud service. The cloud is one of the forms of computer use, and is built on the server of a cloud service provider, and all necessary processing is basically performed on the server side. Users store data on servers on the Internet, not on their personal computers, smart phones, cell phones, etc. Therefore, services can be used, data can be viewed, edited, uploaded, etc., even in various environments such as home, office, cafe, school, outing. The IoT device 100 and the cloud 200 are connected by broadband wireless communication.
 端末装置300は、IoT機器100を使用するユーザが所有するスマートフォン、タブレット端末、ノートパソコン、デスクトップパソコン、ウェアラブル機器などである。端末装置300とクラウド200とは、Wi-Fi(Wireless Fidelity)などの無線LAN(Local Area Network)、4G(第4世代移動通信システム)、ブロードバンドなどにより通信可能となっている。なお、端末装置300は特許請求の範囲における第2の機器に相当するものである。 The terminal device 300 is a smartphone, a tablet terminal, a laptop computer, a desktop computer, a wearable device, or the like owned by a user who uses the IoT device 100. The terminal device 300 and the cloud 200 can communicate with each other via a wireless local area network (LAN) such as Wi-Fi (Wireless Fidelity), 4G (fourth generation mobile communication system), broadband, or the like. The terminal device 300 corresponds to the second device in the claims.
 本技術は、IoT機器100に対する外部機器400からの攻撃が検知された場合にそれに対処するものである。この外部機器400からの攻撃が特許請求の範囲における「外部からの攻撃」に相当するものである。詳しくは後述するが、IoT機器100が外部機器400からの攻撃を検知するとIoT機器100からクラウド200に対してその旨の通知が行われる。そして、クラウド200はIoT機器100の接続認証に必要な認証情報を新たに生成してIoT機器100に送信する。さらに、クラウド200はIoT機器100に攻撃があった旨を端末装置300に通知する。 The present technology addresses the case where an attack from the external device 400 on the IoT device 100 is detected. The attack from the external device 400 corresponds to the “external attack” in the claims. As will be described in detail later, when the IoT device 100 detects an attack from the external device 400, the IoT device 100 notifies the cloud 200 to that effect. Then, the cloud 200 newly generates authentication information required for connection authentication of the IoT device 100 and transmits the authentication information to the IoT device 100. Furthermore, the cloud 200 notifies the terminal device 300 that there is an attack on the IoT device 100.
[1-2.IoT機器の構成]
 次に図2Aを参照してIoT機器100の構成について説明する。IoT機器100は、CPU(Central Processing Unit)101、RAM(Random Access Memory)102、ROM(Read Only Memory)103、ストレージ104、電池105、広帯域無線モジュール106、近距離無線モジュール107およびバス108とから構成されている。 [1-2. Configuration of IoT Device]
Next, the configuration of the IoT device 100 will be described with reference to FIG. 2A. The IoT device 100 includes a central processing unit (CPU) 101, a random access memory (RAM) 102, a read only memory (ROM) 103, a storage 104, a battery 105, a broadband wireless module 106, a near field wireless module 107, and a bus 108. It is configured.
 CPU101は、ROM103に記憶されたプログラムに従い様々な処理を実行してコマンドの発行を行うことによってIoT機器100全体の制御を行う。RAM102は、CPU101のワークメモリとして用いられる。ROM103には、CPU101により読み込まれ動作されるプログラムなどが記憶されている。 The CPU 101 controls the entire IoT device 100 by executing various processes according to programs stored in the ROM 103 and issuing commands. The RAM 102 is used as a work memory of the CPU 101. The ROM 103 stores programs and the like read and operated by the CPU 101.
 ストレージ104は、例えば、HDD(Hard Disc Drive)、半導体メモリ、SSD(solid state drive)などにより構成された記憶媒体であり、認証情報としてのPasskey、その他IoT機器100の利用に必要なデータが格納されている。 The storage 104 is, for example, a storage medium configured by an HDD (Hard Disc Drive), a semiconductor memory, an SSD (solid state drive), etc., and stores Passkey as authentication information and other data necessary for using the IoT device 100 It is done.
 電池105は、IoT機器100の各部に電力を供給するものであり、例えば、リチウムイオン電池などにより構成されている。 The battery 105 supplies power to each part of the IoT device 100, and is configured of, for example, a lithium ion battery.
 広帯域無線モジュール106は、例えば、eMTC(enhanced Machine Type Communication)、NB-IoT(Narrow Band-IoT)などの通信規格により外部機器やネットワークなどと通信を行うモジュールである。eMTCとは、移動体において通信可能な方式であり、低~中速の移動に対応、比較的サイズが大きいデータの送受信が可能であるなどの特徴がある。 The broadband wireless module 106 is a module that communicates with an external device, a network, or the like according to a communication standard such as, for example, enhanced machine type communication (eMTC) or narrow band-IoT (NB-IoT). The eMTC is a system that can communicate in a mobile unit, and is characterized in that it supports low to medium speed movement and can transmit and receive relatively large-sized data.
 NB-loTとは、モバイル通信技術であるLTE(Long Term Evolution)方式の中でも、IoT機器向けの規格であり、180kHz幅と非常に狭い帯域を用いる、少量のデータ通信に最適であるなどの特徴がある。eMTC、NB-IoTどちらもワイドエリア、低消費電力といった特徴を有する携帯電話をベースとしたIoT技術であり、電力、ガス、水道などのスマートメータ、スマートロック、各種センサ、ウェアラブル機器、医療ヘルスケアなどの分野で利用されている。なお、広帯域無線モジュール106には通信に必要なIDなどの識別情報が記録されたICカードであるSIM(Subscriber Identity Module)カード109が接続されている。 NB-loT is a standard for mobile communication technology LTE (Long Term Evolution), which is a standard for IoT devices, and features such as 180kHz width and very narrow bandwidth, and is suitable for small amount of data communication There is. Both eMTC and NB-IoT are IoT technologies based on mobile phones with features such as wide area and low power consumption, smart meters such as power, gas and water, smart locks, various sensors, wearable devices, medical healthcare It is used in fields such as The broadband wireless module 106 is connected to a SIM (Subscriber Identity Module) card 109 which is an IC card in which identification information such as an ID necessary for communication is recorded.
 近距離無線モジュール107は、他のIoT機器等の外部機器やネットワークと無線通信を行う通信モジュールである。無線通信方法としては、Bluetooth(登録商標)、Zigbee(登録商標)などがある。本実施の形態ではBluetooth(登録商標)を用いて通信を行うものとする。 The short distance wireless module 107 is a communication module that performs wireless communication with an external device such as another IoT device or a network. Examples of the wireless communication method include Bluetooth (registered trademark) and Zigbee (registered trademark). In the present embodiment, communication is performed using Bluetooth (registered trademark).
 Bluetooth(登録商標)は、端末装置間や端末装置とその周辺機器とを接続する際に使用される無線通信方式であり、ゲーム機器、音楽プレーヤー、パーソナルコンピュータの周辺機器に加え、近年ではスマート家電等にも採用されている。端末同士を通信可能な状態にするためには、端末間で相互認証し、関連付け(ペアリング)を行う必要がある。ペアリングには、セキュアシンプルペアリング(SSP)と呼ばれる方式があり、SSPには、Just Works, Numeric Comparison, Out of band, Passkey Entryという4つのモードがある。Passkey Entryモードは、6桁の番号からなる認証情報としてのPasskeyを端末に入力することにより認証を行うモードである。本実施の形態においてはIoT機器100における外部機器の認証はPasskey Entryにより行われる。この認証情報としてPasskeyはIoT機器のそれぞれに固有のものとして対応づけられている。 Bluetooth (registered trademark) is a wireless communication method used when connecting between terminal devices or between a terminal device and its peripheral device, and in addition to game devices, music players, and peripheral devices of personal computers, in recent years smart household appliances Etc. are also adopted. In order to enable the terminals to communicate with each other, it is necessary to mutually authenticate between the terminals and perform association (pairing). There is a pairing method called secure simple pairing (SSP), and there are four modes of SSP: Just Works, Numeric Comparison, Out of band, and Passkey Entry. The Passkey Entry mode is a mode in which authentication is performed by inputting to the terminal Passkey as authentication information consisting of a six-digit number. In the present embodiment, authentication of the external device in the IoT device 100 is performed by Passkey Entry. As this authentication information, Passkey is associated as unique to each IoT device.
 以上のようにしてIoT機器100が構成されている。なお、図2Bに示すように、IoT機器100にストレージ104を設けず、認証情報、各種データなどをROM103に格納するようにしてもよい。 The IoT device 100 is configured as described above. Note that, as shown in FIG. 2B, the storage device 104 may not be provided in the IoT device 100, and authentication information, various data, and the like may be stored in the ROM 103.
 図3はIoT機器100が実行するIoT機器システム150の構成を示すブロック図である。IoT機器システム150は、メイン制御部151、広帯域無線モジュール制御部152、近距離無線モジュール制御部153、機器検知部154、データ保持管理部155とから構成されている。 FIG. 3 is a block diagram showing the configuration of the IoT device system 150 executed by the IoT device 100. As shown in FIG. The IoT device system 150 includes a main control unit 151, a broadband wireless module control unit 152, a short distance wireless module control unit 153, a device detection unit 154, and a data holding management unit 155.
 メイン制御部151は、IoT機器システム150全体および各部を制御するものである。広帯域無線モジュール制御部152は、広帯域無線モジュール106による通信を制御するものである。近距離無線モジュール制御部153は、近距離無線モジュール107による通信を制御するものである。詳しくは後述するが、機器検知部154が攻撃を仕掛ける外部機器400を検知した場合、メイン制御部151は広帯域無線モジュール制御部152による通信によりその旨をクラウド200に通知する。これが特許請求の範囲における通知手段に相当するものである。 The main control unit 151 controls the entire IoT device system 150 and each unit. The broadband wireless module control unit 152 controls communication by the broadband wireless module 106. The short distance wireless module control unit 153 controls the communication by the short distance wireless module 107. Although the details will be described later, when the device detection unit 154 detects the external device 400 that mounts an attack, the main control unit 151 notifies the cloud 200 of that by communication by the broadband wireless module control unit 152. This corresponds to the notification means in the claims.
 機器検知部154は、IoT機器100に攻撃を仕掛ける外部機器400を検知するものである。IoT機器100が近距離無線通信の方法としてBluetooth(登録商標)を用い、かつ、認証方式としてPasskey Entryを用いる場合、機器検知部154はPasskey認証によるペアリングの失敗回数が所定数以上である場合に攻撃する外部機器400があると判断する。外部機器400の検知の具体的な処理については後述する。 The device detection unit 154 detects an external device 400 that attacks the IoT device 100. When the IoT device 100 uses Bluetooth (registered trademark) as a short distance wireless communication method and uses Passkey Entry as an authentication method, the device detection unit 154 determines that the number of failed pairings by Passkey authentication is a predetermined number or more. It is determined that there is an external device 400 attacking the. Specific processing of detection of the external device 400 will be described later.
 データ保持管理部155は、認証情報としてのPasskeyとペアリング失敗許容回数の閾値を保持するものである。データ保持管理部155はIoT機器100のストレージ104内の領域に設けられていてもよい。 The data holding management unit 155 holds Passkey as authentication information and a threshold of the pairing failure allowable number of times. The data holding management unit 155 may be provided in an area in the storage 104 of the IoT device 100.
 以上のようにしてIoT機器システム150が構成されている。ユーザがIoT機器100を使用するためには、IoT機器100にSIMカード109を挿入し、電源をオンにすればよい。 The IoT device system 150 is configured as described above. In order for the user to use the IoT device 100, the SIM card 109 may be inserted into the IoT device 100 and the power may be turned on.
[1-3.クラウドの構成]
 次に図4を参照してクラウド200の構成について説明する。クラウド200は、メイン制御部201、IoT機器用データ送受信部202、ユーザデータ送受信部203、ユーザデータ保持部204、Passkey生成部205および通知処理部206を備えている。 [1-3. Cloud configuration]
Next, the configuration of the cloud 200 will be described with reference to FIG. The cloud 200 includes a main control unit 201, an IoT device data transmission / reception unit 202, a user data transmission / reception unit 203, a user data holding unit 204, a Passkey generation unit 205, and a notification processing unit 206.
 メイン制御部201は、所定のプログラムなどを実行することによりクラウド200の全体および各部を制御するものである。 The main control unit 201 controls the entire cloud 200 and each unit by executing a predetermined program or the like.
 IoT機器用データ送受信部202は、IoT機器100とデータの送受信を行う通信モジュールであり、IoT機器100との間で各種データ、情報など送受信を行う。本実施形態においては、IoT機器100が外部機器400からの攻撃を受けたことを検出するとその旨の通知がIoT機器100からクラウド200になされるので、IoT機器用データ送受信部202はその通知用データを受信する。 The IoT device data transmission / reception unit 202 is a communication module that transmits / receives data to / from the IoT device 100, and transmits / receives various data, information, etc. to / from the IoT device 100. In this embodiment, when it is detected that the IoT device 100 receives an attack from the external device 400, a notification to that effect is sent from the IoT device 100 to the cloud 200, so the data transmitting / receiving unit 202 for IoT device is used for the notification. Receive data
 ユーザデータ送受信部203は、端末装置300とデータの送受信を行う通信モジュールである。端末装置300から送信された、IoT機器100の利用者であるユーザ固有のデータ(ユーザデータと称する。)を受信するものである。ユーザデータ保持部204は、例えば、HDD、半導体メモリ、SSDなどにより構成された記憶媒体であり、ユーザデータ送受信部203が受信したユーザデータはメイン制御部201の処理のもとユーザデータ保持部204に格納される。また、ユーザデータ送受信部203はIoT機器100とクラウド200の利用のためのセットアップにおいて送信された情報なども受信する。 The user data transmission / reception unit 203 is a communication module that transmits / receives data to / from the terminal device 300. Data specific to a user who is a user of the IoT device 100 (referred to as user data) transmitted from the terminal device 300 is received. The user data holding unit 204 is, for example, a storage medium configured by an HDD, a semiconductor memory, an SSD, etc. The user data received by the user data transmitting / receiving unit 203 is processed by the main control unit 201. Stored in The user data transmission / reception unit 203 also receives information transmitted in the setup for using the IoT device 100 and the cloud 200.
 Passkey生成部205は、IoT機器用データ送受信部202がIoT機器100から攻撃があった旨の通知を受信すると、IoT機器100における認証に使用する認証情報としてのPasskeyを新たに生成するものである。Passkeyは6桁の番号からなるものであるため、Passkey生成部205は新たなPasskeyとしてランダムにまたは所定のアルゴリズムに従い新たな6桁の番号を生成する。Passkey生成部205により生成された新たなPasskeyはIoT機器用データ送受信部202によりIoT機器100に送信される。Passkey生成部205は特許請求の範囲における認証情報生成手段に相当するものである。 When the data transmitting / receiving unit 202 for IoT device receives a notification that there is an attack from the IoT device 100, the Passkey generating unit 205 newly generates Passkey as authentication information used for authentication in the IoT device 100. . Since Passkey consists of a six-digit number, Passkey generation unit 205 generates a new six-digit number randomly or according to a predetermined algorithm as a new Passkey. The new Passkey generated by the Passkey generation unit 205 is transmitted to the IoT device 100 by the data transmission / reception unit 202 for the IoT device. The Passkey generation unit 205 corresponds to the authentication information generation unit in the claims.
 通知処理部206は、メイン制御部201の制御に従って端末装置300と通信を行い、端末装置300においてユーザへの種々の通知を行うための通知用データを送信するものである。本実施形態においては、IoT機器100が外部機器400から攻撃を受けた旨、新たなPasskeyを生成してIoT機器100においてPasskeyが更新される旨を通知する。 The notification processing unit 206 communicates with the terminal device 300 according to the control of the main control unit 201, and transmits notification data for performing various notifications to the user in the terminal device 300. In the present embodiment, to the effect that the IoT device 100 has been attacked by the external device 400, a new Passkey is generated to notify that the Passkey is updated in the IoT device 100.
 以上のようにしてクラウド200が構成されている。なお、クラウド200が実行する情報処理装置としての機能はプログラムで構成され、そのプログラムは、予めクラウド200内で動作可能されていてもよいし、ダウンロード、記憶媒体などで配布されて、クラウドサービスを提供する会社などがインストールして動作可能にしてもよい。また、情報処理装置としての機能は、プログラムによって実現されるのみでなく、その機能を有するハードウェアによる専用の装置、回路などを組み合わせて実現されてもよい。 The cloud 200 is configured as described above. In addition, the function as an information processing apparatus executed by the cloud 200 is configured by a program, and the program may be previously operable in the cloud 200, or may be distributed by download, storage medium, etc. A company or the like to be provided may be installed and operable. In addition, the function as an information processing apparatus may be realized not only by a program but also by combining a dedicated device, a circuit and the like by hardware having the function.
 ここで、クラウド200を利用するためのセットアップの手順について説明する。まず、ユーザはパーソナルコンピュータ、スマートフォンなどを用いてインターネット経由でクラウド200にアクセスする。次にクラウド200においてアカウントを作成する。クラウド200におけるアカウントの作成はクラウド200サービスを提供する企業のウェブサイトなどにおいて行うことができる。 Here, a setup procedure for using the cloud 200 will be described. First, the user accesses the cloud 200 via the Internet using a personal computer, a smartphone, or the like. Next, an account is created in the cloud 200. The creation of an account in the cloud 200 can be performed on a website or the like of a company that provides the cloud 200 service.
 次にユーザは、そのアカウントに端末装置300の電話番号、メールアドレスなどのユーザの連絡先の登録、IMSI(International Mobile Subscriber Identity)などのSIMカードを識別できるIDの登録、SIMカードと紐づくIoT機器100の名称、機器IDなどの登録を行う。 Next, the user registers in the account the user's contact information such as the telephone number and mail address of the terminal device 300, registration of an ID that can identify a SIM card such as IMSI (International Mobile Subscriber Identity), and IoT associated with the SIM card. The name of the device 100, the device ID and the like are registered.
 次にユーザは、IoT機器100をグループとして管理するためのデバイスグループを作成し、ユーザが使用するIoT機器100をそのデバイスグループに登録する。 Next, the user creates a device group for managing the IoT device 100 as a group, and registers the IoT device 100 used by the user in the device group.
 そして、ユーザはデバイスグループ単位のPasskeyを設定し、さらにBluetooth(登録商標)のペアリングの失敗許容回数の閾値を設定する。このペアリングの失敗許容回数の閾値情報はIoT機器100に送信され、機器検知部154における外部機器400からの攻撃検知に使用される。なお、ペアリングの失敗許容回数の閾値はIoT機器100またはクラウド200において自動的に設定されてもよい。 Then, the user sets a Passkey in units of device groups, and further sets a threshold value for the number of Bluetooth pairing failures. The threshold information of the pairing failure tolerance number is transmitted to the IoT device 100, and is used for detecting an attack from the external device 400 in the device detection unit 154. Note that the threshold value of the pairing failure allowable number may be automatically set in the IoT device 100 or the cloud 200.
 以上のようにしてクラウド200のセットアップが行われる。このクラウド200のセットアップにおいてユーザからインターネットを経由してクラウド200に送られた各種データはユーザデータ送受信部203で受信する。そしてクラウド200のメイン制御部201はそれら各種データをユーザデータ保持部204に保持させる。 The setup of the cloud 200 is performed as described above. Various data sent from the user to the cloud 200 via the Internet in the setup of the cloud 200 are received by the user data transmission / reception unit 203. Then, the main control unit 201 of the cloud 200 causes the user data holding unit 204 to hold the various data.
 IoT機器100とクラウド200とを接続してIoT機器100の使用におけるクラウドサービスを利用するためには、まず、IoT機器100の電源をオンにする。そうすると、ROM103に記憶されたプログラムがRAM102にロードされてCPU101がそれを実行する。 In order to connect the IoT device 100 and the cloud 200 and use the cloud service in the use of the IoT device 100, first, the power of the IoT device 100 is turned on. Then, the program stored in the ROM 103 is loaded to the RAM 102 and the CPU 101 executes it.
 そうすると、IoT機器システム150のメイン制御部151がデータ保持管理部155に対してIoT機器100が初期状態であるか否かを問い合わせる。IoT機器100が初期状態である場合、メイン制御部151は広帯域無線モジュール制御部152から広帯域無線通信モジュール106を介してクラウド200にセットアップを行う旨を通知する。 Then, the main control unit 151 of the IoT device system 150 queries the data holding management unit 155 whether the IoT device 100 is in the initial state. If the IoT device 100 is in the initial state, the main control unit 151 notifies the cloud 200 of setup via the broadband wireless communication module 106 from the broadband wireless module control unit 152.
 クラウド200がセットアップの通知を受けると、クラウド200のメイン制御部201はユーザデータ保持部204からPasskeyとペアリングの失敗許容回数の閾値情報を取得し、IoT機器用データ送受信部202からIoT機器100に送信する。 When the cloud 200 receives the setup notification, the main control unit 201 of the cloud 200 acquires threshold information on the number of failures of pairing with the Passkey from the user data holding unit 204, and the IoT device 100 receives the IoT device data transmission / reception unit 202. Send to
 そして、IoT機器100は広帯域無線モジュール106でPasskeyとペアリングの失敗許容回数の閾値情報を受信し、データ保持管理部155に格納する。 Then, the IoT device 100 receives the threshold value of the number of failures of pairing with the Passkey in the broadband wireless module 106, and stores the threshold information in the data holding management unit 155.
[1-4.外部機器の検知処理]
 次に図5のシーケンス図を参照して、外部機器400からの攻撃の検知およびそれに対する対処処理の流れについて説明する。まず、外部機器400からIoT機器100にBluetooth(登録商標)のPasskeyが送信されて認証および接続要求がなされると、ステップS11でIoT機器100はPasskey認証を行う。Passkey認証は機器検知部154が、IoT機器100自身が保持しているPasskeyと外部機器400から送信されたPasskeyが一致しているか否かを確認することにより行われる。 [1-4. Detection processing of external device]
Next, detection of an attack from the external device 400 and the flow of a process for coping with it will be described with reference to the sequence diagram of FIG. First, when Passkey of Bluetooth (registered trademark) is transmitted from the external device 400 to the IoT device 100 and authentication and connection request are made, the IoT device 100 performs Passkey authentication in step S11. The passkey authentication is performed by the device detection unit 154 checking whether the Passkey held by the IoT device 100 itself matches the Passkey transmitted from the external device 400 or not.
 Passkey認証が失敗し、外部機器400からの認証および接続要求が攻撃であったことを検知した場合、ステップS12でIoT機器100はクラウド200に対して外部機器400からの攻撃があったことを通知する。外部機器400からの攻撃の検知の詳細については後述する。 If the Passkey authentication fails and it is detected that the authentication and connection request from the external device 400 is an attack, the IoT device 100 notifies the cloud 200 that there is an attack from the external device 400 in step S12. Do. Details of detection of an attack from the external device 400 will be described later.
 さらに、Passkey認証が失敗、すなわち、Bluetooth(登録商標)のペアリングが失敗すると、ステップS13で外部機器400に対して認証が失敗したことを通知する。 Furthermore, if Passkey authentication fails, that is, Bluetooth (registered trademark) pairing fails, in step S13, the external device 400 is notified that the authentication has failed.
 次にステップS14でクラウド200のPasskey生成部205が新しい認証情報として新たなPasskeyを生成する。そしてステップS15で新たなPasskeyがクラウド200からIoT機器100に送信され、ステップS16でIoT機器100においてPasskeyが新たなPasskeyに更新される。 Next, in step S14, the Passkey generation unit 205 of the cloud 200 generates a new Passkey as new authentication information. Then, in step S15, a new Passkey is transmitted from the cloud 200 to the IoT device 100, and in step S16, the Passkey is updated to a new Passkey in the IoT device 100.
 これは、IoT機器100が外部機器400から攻撃を受けたため、外部機器400から送信されるPasskeyとIoT機器100が保持するPasskeyとが一致してしまう前にPasskeyを新しくしてIoT機器100の安全性を高めるためである。 This is because the IoT device 100 is attacked by the external device 400, so the Passkey transmitted from the external device 400 and the Passkey held by the IoT device 100 match before the Passkey is renewed to make the IoT device 100 secure. It is to enhance sex.
 また、ステップS17で、クラウド200は外部機器400からの攻撃があった旨およびPasskeyを更新した旨をユーザの端末装置300に通知する。これにより、IoT機器100がディスプレイなどを備えていない場合やユーザがIoT機器100の近くにいない場合であってもユーザはIoT機器100に対して攻撃があったことを知ることができる。 In step S17, the cloud 200 notifies the terminal device 300 of the user that there has been an attack from the external device 400 and that the Passkey has been updated. As a result, even when the IoT device 100 does not have a display or the like, or even when the user is not near the IoT device 100, the user can know that the IoT device 100 has been attacked.
 ここで、図6のフローチャートを参照してIoT機器100の機器検知部154におけるPasskey認証の流れについて説明する。まず、外部機器400からPasskeyが送信され認証および接続要求がなされると、ステップS21でデータ保持管理部155からPasskeyが読み出され、機器検知部154に供給される。データ保持管理部155が保持するPasskeyは正規のPasskeyである。 Here, the flow of Passkey authentication in the device detection unit 154 of the IoT device 100 will be described with reference to the flowchart in FIG. First, when the Passkey is transmitted from the external device 400 and authentication and connection request are made, the Passkey is read from the data holding management unit 155 in step S21 and supplied to the device detection unit 154. The Passkey held by the data holding management unit 155 is a legitimate Passkey.
 次にステップS22で機器検知部154は、外部機器400から送信されたPasskeyとIoT機器100が保持しているPasskeyの交換・確認によるPasskey認証処理を行う。その結果、Passkeyが一致する場合ステップS23からステップS24に進む(ステップS23のYes)。そしてステップS24で、認証成功として外部機器400とIoT機器100の近距離無線通信接続を確立させる。 Next, in step S22, the device detection unit 154 performs Passkey authentication processing by exchange / confirmation of the Passkey transmitted from the external device 400 and the Passkey held by the IoT device 100. As a result, when the Passkey matches, the process proceeds from step S23 to step S24 (Yes in step S23). Then, in step S24, a short distance wireless communication connection between the external device 400 and the IoT device 100 is established as the authentication success.
 一方、Passkeyが一致しない場合、ステップS23からステップS25に進む(ステップS23のNo)。次にステップS25で、Passkey認証失敗回数のカウンタをインクリメントする。次にステップS26で認証失敗回数が所定の閾値未満であるか否かを判断する。認証失敗回数が所定の閾値未満である場合、処理はステップS27に進み(ステップS25のYes)、認証失敗として外部機器400とIoT機器100との接続は確立されない。 On the other hand, if the Passkeys do not match, the process proceeds from step S23 to step S25 (No in step S23). Next, in step S25, a Passkey authentication failure number counter is incremented. Next, in step S26, it is determined whether the number of authentication failures is less than a predetermined threshold. If the number of authentication failures is less than the predetermined threshold, the process proceeds to step S27 (Yes in step S25), and the connection between the external device 400 and the IoT device 100 is not established as authentication failure.
 一方、認証失敗回数が所定の閾値未満ではない場合、処理はステップS28に進む(ステップS25のNo)。そしてステップS28でIoT機器100は認証失敗したこと、すなわち、外部機器400からの攻撃があったことをクラウド200に対して通知する。そしてステップS27で認証失敗として外部機器400とIoT機器100との接続は確立されない。 On the other hand, if the number of authentication failures is not less than the predetermined threshold, the process proceeds to step S28 (No in step S25). Then, in step S28, the IoT device 100 notifies the cloud 200 of the authentication failure, that is, the attack from the external device 400. Then, the connection between the external device 400 and the IoT device 100 is not established as authentication failure in step S27.
 以上のようにしてIoT機器100におけるPasskey認証が行われる。通常、ユーザは正しいPasskeyを知っているので通信障害や入力ミスを考えなければPasskeyが不一致なることはない。しかし、外部機器400からの悪意ある攻撃の場合、Passkeyを一致させるために複数回異なる種類のPasskeyを送信してペアリングを試みる。よって、認証の連続失敗回数が所定の閾値未満ではない場合、それは外部機器400からの攻撃であると判断することができる。 As described above, the Passkey authentication in the IoT device 100 is performed. Usually, since the user knows the correct Passkey, the Passkey will not be mismatched unless communication failure or an input error is considered. However, in the case of a malicious attack from the external device 400, in order to match the Passkey, different types of Passkeys are transmitted to try pairing. Therefore, if the number of consecutive authentication failures is not less than the predetermined threshold, it can be determined that this is an attack from the external device 400.
 なお、認証失敗許容回数の閾値を複数設定し、各閾値を超えるごとに異なる通知をユーザの端末装置300へ行うようにしてもよい。これにより、Passkeyを送信してきた外部機器が悪意ある外部機器であるかを判断する前に、悪意ある外部機器が攻撃を行っている可能性があることをユーザに通知することができる。 A plurality of thresholds for the authentication failure allowable number of times may be set, and different notifications may be issued to the terminal device 300 of the user each time each threshold is exceeded. This makes it possible to notify the user that there is a possibility that a malicious external device may be attacking before determining whether the external device that has transmitted the Passkey is a malicious external device.
 なお、Passkeyは偶然一致する可能性もあるため、IoT機器100の安全性をより高めるために、Passkey認証が正常に行われた後に追加認証処理を行うようにしてもよい。 Note that since there is a possibility that Passkey will coincide by chance, in order to further enhance the security of the IoT device 100, additional authentication processing may be performed after Passkey authentication is normally performed.
 図7のフローチャートに基づいて追加認証処理について説明する。図7においてステップS21乃至ステップS28は図6のフローチャートと同様であるため、その説明を省略する。 The additional authentication process will be described based on the flowchart of FIG. Steps S21 to S28 in FIG. 7 are the same as those in the flowchart of FIG.
 ステップS23で、外部機器400から送信されたPasskeyとIoT機器100が保持するPasskeyとが一致すると判定された場合、処理はステップS31に進む(ステップS23のYes)。次にステップS31で追加認証用データの確認が行われる。この追加認証用データの確認は、外部機器400に追加認証用データの送信を要求し、ステップS22と同様にして、送信された追加認証用データとIoT機器100が保持している追加認証用データが一致するか否かを判断することにより行われる。 If it is determined in step S23 that the Passkey transmitted from the external device 400 matches the Passkey held by the IoT device 100, the process proceeds to step S31 (Yes in step S23). Next, confirmation of additional authentication data is performed in step S31. The confirmation of the additional authentication data requests the external device 400 to transmit the additional authentication data, and the transmitted additional authentication data and the additional authentication data held by the IoT device 100 are requested as in step S22. Is performed by determining whether or not there is a match.
 追加認証用データはPasskeyと同様のランダムの文字列からなるものでもよいし、ユーザが任意に設定した文字列でもよいし、Passkey以外の認証方式用のデータでもよく、IoT機器100と他の機器との認証に用いることができるものであればどのようなものでもよい。この追加認証用データが特許請求の範囲における第2の認証情報に相当するものである。 The additional authentication data may be a random character string similar to Passkey, may be a character string arbitrarily set by the user, or may be data for an authentication method other than Passkey, IoT device 100 and other devices Anything can be used as long as it can be used for authentication. The additional authentication data corresponds to the second authentication information in the claims.
 その結果、外部機器400から送信された追加認証用データとIoT機器100が保持する追加認証用データとが一致する場合、ステップS32からステップS24に進む(ステップS32のYes)。そしてステップS24で、認証成功として外部機器400とIoT機器100の近距離無線通信接続を確立させる。 As a result, when the additional authentication data transmitted from the external device 400 matches the additional authentication data held by the IoT device 100, the process proceeds from step S32 to step S24 (Yes in step S32). Then, in step S24, a short distance wireless communication connection between the external device 400 and the IoT device 100 is established as the authentication success.
 一方、外部機器400から送信された追加認証用データとIoT機器100が保持する追加認証用データとが一致しない場合、ステップS32からステップS25に進む(ステップS32のYes)。次にステップS25で、認証失敗回数のカウンタをインクリメントする。これ以降は図6のフローチャートと同様の処理が行われる。 On the other hand, if the additional authentication data transmitted from the external device 400 does not match the additional authentication data held by the IoT device 100, the process proceeds from step S32 to step S25 (Yes in step S32). Next, in step S25, the counter of the number of authentication failures is incremented. After this, the same processing as that of the flowchart of FIG. 6 is performed.
 このようにして追加認証用データを用いることにより、偶然にPasskey認証が成功してしまい悪意ある外部機器400が接続されてしまうことを防止して、IoT機器100の安全性を高めることができる。 In this way, by using the additional authentication data, the security of the IoT device 100 can be enhanced by preventing the Passkey authentication from being accidentally completed and the malicious external device 400 being connected.
 本技術によれば、近距離無線通信で悪意ある外部機器からの攻撃を検知することができ、さらに悪意ある外部機器400の接続を防止するとともに、なりすまし攻撃も回避することができる。 According to the present technology, it is possible to detect an attack from a malicious external device by short-distance wireless communication, and to prevent connection of the malicious external device 400 and also to prevent a spoofing attack.
<2.変形例>
 以上、本技術の実施の形態について具体的に説明したが、本技術は上述の実施の形態に限定されるものではなく、本技術の技術的思想に基づく各種の変形が可能である。 <2. Modified example>
As mentioned above, although embodiment of this technique was described concretely, this technique is not limited to the above-mentioned embodiment, Various deformation | transformation based on the technical idea of this technique are possible.
 IoT機器100はスマートロックに限られず、テレビ、デジタルカメラ、Blue-ray(登録商標)プレーヤーなどのメディアプレーヤー、給湯器、センサ類、照明機器、監視カメラ、冷蔵庫、ウェアラブル機器などインターネットに接続可能な機器であればどのようなものであってもよい。 The IoT device 100 is not limited to a smart lock, and can be connected to the Internet such as TVs, digital cameras, media players such as Blue-ray players, water heaters, sensors, lighting devices, surveillance cameras, refrigerators, wearable devices, etc. Any device may be used.
 実施の形態では外部機器400からの認証および接続要求が攻撃であるか否かの判断はIoT機器100側で行った。しかし、IoT機器100のPasskeyはクラウド200も保持しているため、外部機器400からPasskeyの送信を受けた場合、IoT機器100はそのPasskeyをクラウド200に送信し、クラウド200においてPasskeyが一致しているか否かを確認するようにしてもよい。 In the embodiment, the IoT device 100 determines whether the authentication from the external device 400 and the connection request are an attack. However, since the Passkey of the IoT device 100 also holds the cloud 200, when the transmission of the Passkey is received from the external device 400, the IoT device 100 transmits the Passkey to the cloud 200, and the Passkey matches in the cloud 200. It may be checked whether or not it is present.
 実施の形態では、近距離無線通信としてBluetooth(登録商標)を用い、認証方式としてPasskey Entryを用い、認証情報としてPasskeyを用いたが、通信方式は他の方式でもよいし、接続する機器を認証することができる他の方法を用いてもよいし、他の情報を認証情報として用いてもよい。 In the embodiment, although Bluetooth (registered trademark) is used as the short distance wireless communication, Passkey Entry is used as the authentication method, and Passkey is used as the authentication information, the communication method may be another method, or the device to be connected is authenticated. Other methods that can be used may be used, or other information may be used as authentication information.
 クラウド200に代えて、大容量の記憶媒体および高い処理能力を有する管理用IoT機器を用い、実施の形態と同様の処理を行うようにしてもよい。 Instead of the cloud 200, the same processing as that of the embodiment may be performed using a large capacity storage medium and a management IoT device having high processing capability.
[2-1.第1の変形例]
 実施の形態では、悪意ある外部機器400を検知すると新たなPasskeyを生成してIoT機器100におけるPasskeyを更新した。しかし、図8のブロック図および図9のシーケンス図に示すように、Passkeyの生成および更新は行わず、端末装置300に対して外部機器400からの攻撃があった旨の通知のみを行うようにしてもよい。なお、この場合、IoT機器100の安全性確保のため、外部機器400から攻撃があった旨の通知に加え、ユーザにPasskeyの更新を促す旨の通知を行ってもよい。 [2-1. First Modified Example]
In the embodiment, when the malicious external device 400 is detected, a new Passkey is generated and the Passkey in the IoT device 100 is updated. However, as shown in the block diagram of FIG. 8 and the sequence diagram of FIG. 9, generation and update of Passkey are not performed, and only notification that there is an attack from the external device 400 to the terminal device 300 is performed. May be In this case, in order to ensure the safety of the IoT device 100, in addition to the notification that there is an attack from the external device 400, a notification may be issued to prompt the user to update the Passkey.
[2-2.第2の変形例]
 実施の形態ではIoT機器100とクラウド200とを広帯域無線通信で接続し、外部機器400とIoT機器100とが近距離無線通信で接続されていたが、通信接続方法はそれに限られない。 [2-2. Second Modified Example]
In the embodiment, the IoT device 100 and the cloud 200 are connected by broadband wireless communication, and the external device 400 and the IoT device 100 are connected by short distance wireless communication, but the communication connection method is not limited thereto.
 例えば図10に示すように、IoT機器100とクラウド200を広帯域無線通信で接続し、クラウド200と端末装置300も広帯域無線通信で接続する。さらに、IoT機器100と端末装置300とを近距離無線通信で接続する。 For example, as shown in FIG. 10, the IoT device 100 and the cloud 200 are connected by broadband wireless communication, and the cloud 200 and the terminal device 300 are also connected by broadband wireless communication. Furthermore, the IoT device 100 and the terminal device 300 are connected by near field communication.
 IoT機器100から、定期的に情報をクラウド200に送信するように設定し、もし、予め決められた時間に情報を受信できなかった場合、クラウド200は、ユーザの端末装置300に通知を行う。通知を受け取った端末装置300はIoT機器100と近距離無線通信を行い、IoT機器100から情報を受信してクラウド200に送信する。これにより、情報を確実にクラウド200に送信し続けることができる。 Information is periodically transmitted from the IoT device 100 to the cloud 200. If the information can not be received at a predetermined time, the cloud 200 notifies the terminal device 300 of the user. The terminal device 300 that has received the notification performs near field communication with the IoT device 100, receives information from the IoT device 100, and transmits the information to the cloud 200. This makes it possible to keep transmitting information to the cloud 200 reliably.
 なお、この例は例えば、温度計、脈拍計などのセンサとしてのIoT機器100を人体に装着し、体温、脈拍などの生体情報をクラウド200に送信し続けるようなユースケースにおいて有用である。また、人体に限らず、家畜、貨物、車載や家電等の状態を監視し、定期的に状態情報をクラウド200に送信するユースケースに対しても有用である。 This example is useful, for example, in a use case where an IoT device 100 as a sensor such as a thermometer or a pulse meter is attached to a human body and biological information such as temperature and pulse is continuously transmitted to the cloud 200. Moreover, it is useful also to the use case which monitors the state of not only a human body but livestock, cargo, vehicle-mounted, a household appliance, etc., and transmits state information to the cloud 200 regularly.
[2-3.第3の変形例]
 また、IoT機器と端末装置とを近距離無線通信で接続するのではなく、IoT機器同士を近距離無線通信で接続するようにしてもよい。図11の例では第1IoT機器1000があり、第1IoT機器1000と近距離無線通信により接続可能な第2IoT機器2000および第3IoT機器3000がある。第1IoT機器1000、第2IoT機器2000および第3IoT機器3000は広帯域無線通信によりクラウド200に接続可能となっている。 [2-3. Third Modified Example]
Further, instead of connecting the IoT device and the terminal device by near field communication, the IoT devices may be connected by near field communication. In the example of FIG. 11, there is a first IoT device 1000, and there are a second IoT device 2000 and a third IoT device 3000 that can be connected to the first IoT device 1000 by near field communication. The first IoT device 1000, the second IoT device 2000, and the third IoT device 3000 can be connected to the cloud 200 by broadband wireless communication.
 第1IoT機器1000から定期的に情報をクラウド200に送信するように設定し、もし、クラウド200が予め決められた時間に情報を受信できなかった場合、クラウド200は第1IoT機器1000の一番近くに存在し、直前に広帯域無線通信を行ったIoT機器を選択して通信を行う。図11では、第2IoT機器2000が選択されている。クラウド200から通知を受け取った第2IoT機器2000は、第1IoT機器1000と近距離無線接続を行い、第1IoT機器1000の情報をクラウド200に送信する。これにより、第2の変形例と同様に、情報を確実にクラウド200に送信し続けることができる。 The first IoT device 1000 is set to periodically transmit information to the cloud 200, and if the cloud 200 can not receive information at a predetermined time, the cloud 200 is closest to the first IoT device 1000 And select the IoT device that performed broadband wireless communication immediately before. In FIG. 11, the second IoT device 2000 is selected. The second IoT device 2000 that has received the notification from the cloud 200 makes short-distance wireless connection with the first IoT device 1000, and transmits information of the first IoT device 1000 to the cloud 200. Thus, as in the second modification, information can be reliably transmitted to the cloud 200 continuously.
 また、近距離無線接続するIoT機器をクラウド200が選択するのではなく、クラウド200への情報送信失敗後に、自動的に隣接しているIoT機器同士が近距離無線接続を行い、接続ができたIoT機器を介して情報をクラウド200に送信するようにしてもよい。 In addition, the cloud 200 does not select the IoT device to be connected in the short distance wireless connection, but after the information transmission to the cloud 200 fails, the adjacent IoT devices automatically establish the short distance wireless connection and the connection is established. Information may be transmitted to the cloud 200 via an IoT device.
 この点について、図12のシーケンス図を参照して説明する。図12の例では、第1IoT機器1000、第2IoT機器2000および第3IoT機器3000がそれぞれクラウド200と接続されており、情報を定期的にクラウド200に送信しているものとする。第1IoT機器1000におけるクラウド200への情報送信が失敗すると、ステップS41で、第1IoT機器1000は自分の存在を周囲のIoT機器に伝えるために、アドバタイズメント・パケットを送信することによりアドバタイズを開始する。そしてステップS42およびステップS43で、第2IoT機器2000と第3IoT機器3000がスキャンを行うと、そしてステップS44およびステップS45で第1IoT機器1000を発見することができる。 This point will be described with reference to the sequence diagram of FIG. In the example of FIG. 12, it is assumed that the first IoT device 1000, the second IoT device 2000, and the third IoT device 3000 are each connected to the cloud 200, and information is periodically transmitted to the cloud 200. If information transmission to the cloud 200 in the first IoT device 1000 fails, in step S41, the first IoT device 1000 starts an advertisement by transmitting an advertisement packet to convey its presence to surrounding IoT devices. . When the second IoT device 2000 and the third IoT device 3000 scan in steps S42 and S43, the first IoT device 1000 can be found in steps S44 and S45.
 次に第1IoT機器1000を発見した第2IoT機器2000はステップS46で第1IoT機器1000に対して近距離無線通信により認証および接続要求を行う。同様に、第1IoT機器1000を発見した第3IoT機器3000はステップS47で第1IoT機器1000に対して近距離無線通信により認証および接続要求を行う。 Next, the second IoT device 2000 that has found the first IoT device 1000 performs authentication and connection request to the first IoT device 1000 by near field communication in step S46. Similarly, the third IoT device 3000 that has found the first IoT device 1000 sends an authentication and connection request to the first IoT device 1000 by near field communication in step S47.
 次にステップS48で第1IoT機器1000は認証および接続要求を受けたIoT機器の中から最も電波強度が強い機器を選択する。図12の例では第2IoT機器2000の方が第3IoT機器3000よりも電波強度が強いものとする。 Next, in step S48, the first IoT device 1000 selects a device having the strongest radio wave intensity from the IoT devices that have received the authentication and connection request. In the example of FIG. 12, it is assumed that the second IoT device 2000 has a stronger radio wave intensity than the third IoT device 3000.
 次にステップS49において、第1IoT機器1000は、選択しなかった第3IoT機器3000に対して接続を行わずエラーメッセージを送信する。一方、ステップS50で第1IoT機器1000は選択した第2IoT機器2000からの認証および接続要求を受けて接続を確立させる。 Next, in step S49, the first IoT device 1000 transmits an error message without connecting to the third IoT device 3000 not selected. On the other hand, in step S50, the first IoT device 1000 receives the authentication and connection request from the selected second IoT device 2000 and establishes a connection.
 次にステップS51で第1IoT機器1000は接続が確立した第2IoT機器2000に対して近距離無線通信により情報を送信する。そしてステップS52で第2IoT機器2000は第1IoT機器1000から受信した情報を広帯域無線通信によりクラウド20に送信する。 Next, in step S51, the first IoT device 1000 transmits information by near-field wireless communication to the second IoT device 2000 in which the connection has been established. Then, in step S52, the second IoT device 2000 transmits the information received from the first IoT device 1000 to the cloud 20 by broadband wireless communication.
 このようにして、自動的に隣接しているIoT機器同士が近距離無線通信を行って接続を確立させたIoT機器により情報をクラウド200に送信するということも可能である。 In this manner, it is also possible to transmit information to the cloud 200 by the IoT device in which the IoT devices adjacent to each other automatically perform near field communication and establish a connection.
 また、本技術は実施の形態で説明したスマートロックに限らず、様々な分野において利用することが可能である。例えば、車両、船舶などにおける貨物追跡において、各貨物にGPS機能付きのIoT機器を搭載し、貨物の種類、送り先などに基づいてグルーピングする。そしてIoT機器は定期的にGPS情報をクラウドに送信する。これにより、貨物の現在位置を定期的に把握することができ、貨物の積み忘れ、積み残しを発見した場合クラウドからユーザの端末装置にその旨を通知することができる。また、輸送完了の通知をユーザの端末装置に送ることもできる。さらに、貨物の挿げ替え、貨物の紛失、輸送の妨害などを目的とした、貨物に搭載されたIoT機器に対する外部機器からの攻撃を検知した場合、その旨をユーザの端末装置に通知することもできる。 Further, the present technology is not limited to the smart lock described in the embodiment, and can be used in various fields. For example, in cargo tracking in vehicles, ships, etc., each cargo is equipped with an IoT device with a GPS function, and grouping is performed based on the type of cargo, destination, and the like. And IoT devices periodically send GPS information to the cloud. As a result, the current position of the cargo can be periodically grasped, and when the cargo is forgotten or left unstacked, the cloud can notify the user of the terminal device of that fact. Also, notification of transport completion can be sent to the user's terminal device. Furthermore, when it detects an attack from an external device to an IoT device loaded in cargo for the purpose of replacement of cargo, loss of cargo, obstruction of transportation, etc., that effect is notified to the user's terminal device You can also.
 また、本技術は、マンション、集合住宅などにおける水道使用量、ガス使用量を管理するいわゆるスマートメータにおいても利用可能である。そのスマートメータをIoT機器とし、スマートメータで取得した各種使用量データをクラウドに送信する。そして、IoT機器の乗っ取り、データの改ざん、データ送信の妨害、誤情報の送信などを目的とした悪意ある外部機器による攻撃を検知した場合、その旨をユーザの端末装置に通知することもできる。 In addition, the present technology can also be used in a so-called smart meter that manages water consumption and gas consumption in condominiums, apartment buildings, and the like. The smart meter is an IoT device, and transmits various usage data acquired by the smart meter to the cloud. Then, if an attack by a malicious external device for the purpose of hijacking an IoT device, falsification of data, interruption of data transmission, transmission of erroneous information, or the like is detected, that effect can be notified to the user's terminal device.
 また、本技術は家畜の管理にも利用可能である。家畜のそれぞれに体温、脈拍などの生体情報を取得可能なセンサとしてのIoT機器を取り付け、IoT機器からクラウドに定期的に生体情報を送信する。そして、クラウドにおいて生体情報に対して種々の条件を設定し、条件を満たした場合、病気が発生、病気の危険性、お産のタイミング、種付けのタイミングなどをユーザの端末装置に通知することができる。また、IoT機器の乗っ取り、生体情報の改ざん、データ送信の妨害、誤情報の送信などを目的とした悪意ある外部機器による攻撃を検知した場合、その旨をユーザの端末装置に通知することもできる。 The technology can also be used to manage livestock. Attach an IoT device as a sensor capable of acquiring biological information such as body temperature and pulse to each of domestic animals, and periodically transmit biological information from the IoT device to the cloud. Then, when various conditions are set for biological information in the cloud and the conditions are satisfied, it is possible to notify the user terminal device of occurrence of disease, risk of disease, timing of birth, timing of seeding, etc. . In addition, when an attack by a malicious external device for the purpose of hijacking IoT devices, falsification of biological information, interruption of data transmission, transmission of erroneous information, or the like is detected, that effect can be notified to the user's terminal device. .
 また、本技術は工場などにおける設備の管理にも利用可能である。設備のそれぞれに温度など設備の状態を得ることができるセンサとしてのIoT機器を取り付け、IoT機器からクラウドに定期的に設備状態情報を送信する。そして、クラウドにおいて設備状態情報に対して種々の条件を設定し、条件を満たした場合、設備の異常、設備の故障などをユーザの端末装置に通知することができる。また、IoT機器の乗っ取り、設備状態情報の改ざん、データ送信の妨害、誤情報の送信、などを目的とした悪意ある外部機器による攻撃を検知した場合、その旨をユーザの端末装置に通知することもできる。 The present technology can also be used to manage equipment in a factory or the like. Attach an IoT device as a sensor that can obtain the condition of the device such as temperature to each of the devices, and periodically transmit the device state information from the IoT device to the cloud. Then, when various conditions are set for the equipment state information in the cloud and the conditions are satisfied, it is possible to notify the terminal device of the user of an abnormality of the equipment, a failure of the equipment, and the like. In addition, when an attack by a malicious external device for the purpose of hijacking IoT devices, falsification of equipment status information, interruption of data transmission, transmission of false information, etc. is detected, that effect is notified to the user's terminal device. You can also.
 本技術は以下のような構成も取ることができる。
(1)
 通信接続のための認証情報が対応付けられた第1の機器が外部から攻撃を受けたことが検知されると、前記第1の機器に接続するための新たな認証情報を生成する認証情報生成手段を備える
情報処理装置。
(2)
 前記新たな認証情報により前記第1の機器の認証情報が更新される(1)に記載の情報処理装置。
(3)
 前記外部からの攻撃があったことが第2の機器に通知される(1)または(2)に記載の情報処理装置。
(4)
 さらに、前記認証情報を更新したことが前記第2の機器に通知される(3)に記載の情報処理装置。
(5)
 前記外部から前記第1の機器に送信された認証情報が前記第1の機器に対応付けられた前記認証情報と一致するかを確認することにより前記攻撃が検知される(1)から(4)のいずれかに記載の情報処理装置。
(6)
 前記外部から前記第1の機器に連続して送信された複数の認証情報と前記第1の機器に対応付けられた認証情報とが連続して所定回数一致しなかった場合に前記攻撃があったと判断される(5)に記載の情報処理装置。
(7)
 前記通信は近距離無線通信および/または広帯域無線通信により行われる(1)から(6)のいずれかに記載の情報処理装置。
(8)
 前記認証情報は、Bluetoothによる通信におけるPasskeyである(1)から(7)のいずれかに記載の情報処理装置。
(9)
 前記第1の機器にはさらに第2の認証情報が対応付けられ、前記認証情報により認証された他の機器に対して前記第2の認証情報による認証が行われる(1)から(8)のいずれかに記載の情報処理装置。
(10)
 前記第1の機器と広帯域無線通信で接続されたサーバ装置において動作する(1)から(9)のいずれかに記載の情報処理装置。
(11)
 通信接続のための認証情報が対応付けられた第1の機器が外部から攻撃を受けたことが検知されると、認証情報生成手段が前記第1の機器に接続するための新たな認証情報を生成する
情報処理方法。
(12)
 通信接続のための認証情報が対応付けられた第1の機器が外部から攻撃を受けたことが検知されると、認証情報生成手段が前記第1の機器に接続するための新たな認証情報を生成する
情報処理方法をコンピュータに実行させる情報処理プログラム。
(13)
 通信接続のための認証情報を保持し、他の機器と通信を行い、外部から攻撃を受けたことを検知した場合その旨をクラウドシステムのサーバ装置に通知する通知手段を備える
電子機器。
(14)
 前記サーバ装置に対する情報の送信に失敗した場合、他の電子機器に情報を送信し、前記他の電子機器を介して前記サーバ装置に前記情報を送信する(13)に記載の電子機器。 The present technology can also be configured as follows.
(1)
Authentication information generation for generating new authentication information for connection to the first device when it is detected that the first device associated with the authentication information for communication connection is attacked from the outside An information processor provided with a means.
(2)
The information processing apparatus according to (1), wherein authentication information of the first device is updated by the new authentication information.
(3)
The information processing apparatus according to (1) or (2), wherein the second device is notified that there has been an attack from the outside.
(4)
Furthermore, the information processing apparatus according to (3), wherein the second device is notified that the authentication information has been updated.
(5)
The attack is detected by confirming whether the authentication information transmitted to the first device from the outside matches the authentication information associated with the first device (1) to (4) The information processing apparatus according to any one of the above.
(6)
The attack occurs when a plurality of pieces of authentication information continuously transmitted from the outside to the first device and the authentication information associated with the first device do not continuously match a predetermined number of times (5) the information processing apparatus according to (5).
(7)
The information processing apparatus according to any one of (1) to (6), wherein the communication is performed by near field wireless communication and / or broadband wireless communication.
(8)
The information processing apparatus according to any one of (1) to (7), wherein the authentication information is Passkey in communication by Bluetooth.
(9)
Second authentication information is further associated with the first device, and another device authenticated by the authentication information is authenticated by the second authentication information (1) to (8). The information processing apparatus according to any one of the above.
(10)
The information processing apparatus according to any one of (1) to (9), which operates in a server apparatus connected to the first apparatus by broadband wireless communication.
(11)
When it is detected that the first device to which authentication information for communication connection is associated is attacked from the outside, the authentication information generation unit generates new authentication information for connecting to the first device. Information processing method to generate.
(12)
When it is detected that the first device to which authentication information for communication connection is associated is attacked from the outside, the authentication information generation unit generates new authentication information for connecting to the first device. An information processing program that causes a computer to execute an information processing method to be generated.
(13)
An electronic device comprising notification means for holding authentication information for communication connection, communicating with another device, and notifying a server device of a cloud system of that when it is detected that an external attack has been received.
(14)
The electronic device according to (13), wherein, when transmission of the information to the server device fails, the information is transmitted to another electronic device, and the information is transmitted to the server device via the other electronic device.
100・・・IoT機器
200・・・クラウド
300・・・端末装置
400・・・外部機器 100: IoT device 200: Cloud 300: Terminal device 400: External device

Claims (14)

  1.  通信接続のための認証情報が対応付けられた第1の機器が外部から攻撃を受けたことが検知されると、前記第1の機器に接続するための新たな認証情報を生成する認証情報生成手段を備える
    情報処理装置。     Authentication information generation for generating new authentication information for connection to the first device when it is detected that the first device associated with the authentication information for communication connection is attacked from the outside An information processor provided with a means.
  2.  前記新たな認証情報により前記第1の機器の認証情報が更新される
    請求項1に記載の情報処理装置。     The information processing apparatus according to claim 1, wherein authentication information of the first device is updated by the new authentication information.
  3.  前記外部からの攻撃があったことが第2の機器に通知される
    請求項1に記載の情報処理装置。     The information processing apparatus according to claim 1, wherein the second device is notified that the external attack has occurred.
  4.  さらに、前記認証情報を更新したことが前記第2の機器に通知される
    請求項3に記載の情報処理装置。     The information processing apparatus according to claim 3, wherein the second device is notified that the authentication information has been updated.
  5.  前記外部から前記第1の機器に送信された認証情報が前記第1の機器に対応付けられた前記認証情報と一致するかを確認することにより前記攻撃が検知される
    請求項1に記載の情報処理装置。     The information according to claim 1, wherein the attack is detected by confirming whether the authentication information transmitted from the outside to the first device matches the authentication information associated with the first device. Processing unit.
  6.  前記外部から前記第1の機器に連続して送信された複数の認証情報と前記第1の機器に対応付けられた認証情報とが連続して所定回数一致しなかった場合に前記攻撃があったと判断される
    請求項5に記載の情報処理装置。     The attack occurs when a plurality of pieces of authentication information continuously transmitted from the outside to the first device and the authentication information associated with the first device do not continuously match a predetermined number of times The information processing apparatus according to claim 5, wherein it is determined that
  7.  前記通信は近距離無線通信および/または広帯域無線通信により行われる
    請求項1に記載の情報処理装置。     The information processing apparatus according to claim 1, wherein the communication is performed by near field wireless communication and / or broadband wireless communication.
  8.  前記認証情報は、Bluetoothによる通信におけるPasskeyである
    請求項1に記載の情報処理装置。     The information processing apparatus according to claim 1, wherein the authentication information is Passkey in communication by Bluetooth.
  9.  前記第1の機器にはさらに第2の認証情報が対応付けられ、前記認証情報により認証された他の機器に対して前記第2の認証情報による認証が行われる
    請求項1に記載の情報処理装置。     The information processing according to claim 1, wherein second authentication information is further associated with the first device, and the other device authenticated by the authentication information is authenticated by the second authentication information. apparatus.
  10.  前記第1の機器と広帯域無線通信で接続されたサーバ装置において動作する
    請求項1に記載の情報処理装置。     The information processing apparatus according to claim 1, wherein the information processing apparatus operates in a server apparatus connected to the first apparatus by broadband wireless communication.
  11.  通信接続のための認証情報が対応付けられた第1の機器が外部から攻撃を受けたことが検知されると、認証情報生成手段が前記第1の機器に接続するための新たな認証情報を生成する
    情報処理方法。     When it is detected that the first device to which authentication information for communication connection is associated is attacked from the outside, the authentication information generation unit generates new authentication information for connecting to the first device. Information processing method to generate.
  12.  通信接続のための認証情報が対応付けられた第1の機器が外部から攻撃を受けたことが検知されると、認証情報生成手段が前記第1の機器に接続するための新たな認証情報を生成する
    情報処理方法をコンピュータに実行させる情報処理プログラム。     When it is detected that the first device to which authentication information for communication connection is associated is attacked from the outside, the authentication information generation unit generates new authentication information for connecting to the first device. An information processing program that causes a computer to execute an information processing method to be generated.
  13.  通信接続のための認証情報を保持し、他の機器と通信を行い、外部から攻撃を受けたことを検知した場合その旨をクラウドシステムのサーバ装置に通知する通知手段を備える
    電子機器。     An electronic device comprising notification means for holding authentication information for communication connection, communicating with another device, and notifying a server device of a cloud system of that when it is detected that an external attack has been received.
  14.  前記サーバ装置に対する情報の送信に失敗した場合、他の電子機器に情報を送信し、前記他の電子機器を介して前記サーバ装置に前記情報を送信する
    請求項13に記載の電子機器。     The electronic device according to claim 13, wherein when transmission of the information to the server device fails, the information is transmitted to another electronic device, and the information is transmitted to the server device via the other electronic device.
PCT/JP2018/047333 2018-01-10 2018-12-21 Information processing device, information processing method, information processing program, and electronic device WO2019138850A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2018002188A JP2019121994A (en) 2018-01-10 2018-01-10 Information processing device, information processing method, information processing program, and electronic apparatus
JP2018-002188 2018-01-10

Publications (1)

Publication Number Publication Date
WO2019138850A1 true WO2019138850A1 (en) 2019-07-18

Family

ID=67219578

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/047333 WO2019138850A1 (en) 2018-01-10 2018-12-21 Information processing device, information processing method, information processing program, and electronic device

Country Status (2)

Country Link
JP (1) JP2019121994A (en)
WO (1) WO2019138850A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2022123675A (en) * 2021-02-12 2022-08-24 オムロンヘルスケア株式会社 Wireless communication device, wireless communication method, and program

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004072327A (en) * 2002-08-05 2004-03-04 Hitachi Ltd Radio communication processing system, radio communication processing device, apparatus using the same, and radio communication processing method
JP2015153258A (en) * 2014-02-17 2015-08-24 パナソニックIpマネジメント株式会社 Vehicle-purposed personal authentication system and vehicle-purposed personal authentication method
JP2015177359A (en) * 2014-03-14 2015-10-05 富士通株式会社 Device, system and method for radio communication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004072327A (en) * 2002-08-05 2004-03-04 Hitachi Ltd Radio communication processing system, radio communication processing device, apparatus using the same, and radio communication processing method
JP2015153258A (en) * 2014-02-17 2015-08-24 パナソニックIpマネジメント株式会社 Vehicle-purposed personal authentication system and vehicle-purposed personal authentication method
JP2015177359A (en) * 2014-03-14 2015-10-05 富士通株式会社 Device, system and method for radio communication

Also Published As

Publication number Publication date
JP2019121994A (en) 2019-07-22

Similar Documents

Publication Publication Date Title
CN101617346B (en) Method and apparatus to deploy dynamic credential infrastructure based on proximity
US9774451B2 (en) Using secure elements to authenticate devices in point-to-point communication
US10009359B2 (en) System, apparatus and method for transferring ownership of a device from manufacturer to user using an embedded resource
KR102013683B1 (en) Machine-to-machine bootstrapping
RU2546610C1 (en) Method of determining unsafe wireless access point
KR101949116B1 (en) Proximity Discovery, Authentication and Link Establishment Between Mobile Devices in 3GPP LTE
US10862684B2 (en) Method and apparatus for providing service on basis of identifier of user equipment
US10097358B2 (en) Securing IoT devices using an out-of-band beacon
US10470102B2 (en) MAC address-bound WLAN password
CN105262773B (en) A kind of verification method and device of Internet of things system
US20170238236A1 (en) Mac address-bound wlan password
CN113169962A (en) Detection of security threats in a mesh network
KR20160131572A (en) Method and apparatus for certificating information related payment in a mobile communication system
KR100651717B1 (en) Method and home network system for authentication between remote terminal and home network using smart card
US20190238532A1 (en) Authentication system utilizing secondary connection
CN110365559B (en) System and method for secure device operation
US10542434B2 (en) Evaluating as to whether or not a wireless terminal is authorized
WO2019138850A1 (en) Information processing device, information processing method, information processing program, and electronic device
Desamsetti Internet of Things (IoT) Technology for Use as Part of the Development of Smart Home Systems
CN108702705B (en) Information transmission method and equipment
KR101487349B1 (en) Terminal Authentication Method in Wireless Access Point and Wireless LAN System using the same
Patel et al. Safeguarding the IoT: Taxonomy, security solutions, and future research opportunities
US11316890B2 (en) Network denial of service defense method and system
US20240179532A1 (en) Privacy Preserving Bluetooth Low Energy Pairing
US20230276240A1 (en) Security Appliance for Protecting Power-Saving Wireless Devices Against Attack

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18900474

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18900474

Country of ref document: EP

Kind code of ref document: A1