WO2019138850A1 - Dispositif de traitement d'informations, procédé de traitement d'informations, programme de traitement d'informations, et dispositif électronique - Google Patents

Dispositif de traitement d'informations, procédé de traitement d'informations, programme de traitement d'informations, et dispositif électronique Download PDF

Info

Publication number
WO2019138850A1
WO2019138850A1 PCT/JP2018/047333 JP2018047333W WO2019138850A1 WO 2019138850 A1 WO2019138850 A1 WO 2019138850A1 JP 2018047333 W JP2018047333 W JP 2018047333W WO 2019138850 A1 WO2019138850 A1 WO 2019138850A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
authentication information
iot device
information processing
authentication
Prior art date
Application number
PCT/JP2018/047333
Other languages
English (en)
Japanese (ja)
Inventor
暢宏 金子
Original Assignee
ソニー株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ソニー株式会社 filed Critical ソニー株式会社
Publication of WO2019138850A1 publication Critical patent/WO2019138850A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks

Definitions

  • the present technology relates to an information processing device, an information processing method, an information processing program, and an electronic device.
  • a short distance wireless communication technology is used as a method of connecting devices in a personal computer, a mobile phone, a terminal device, an audio device, a digital camera, and the like (Japanese Patent Application Laid-Open No. 2008-101501).
  • the short distance wireless communication technology includes Bluetooth (registered trademark).
  • IoT Internet of Things
  • IoT devices such as smart locks do not have a means of confirmation by human eyes such as a display, and during unauthorized access from malicious IoT devices, users are not present. There is a problem that the presence or absence can not be detected. Also, since IoT devices such as smart locks maintain fixed authentication information inside the devices, there is a risk that security may be breached by man-in-the-middle attacks from malicious external devices.
  • the present technology has been made in view of such problems, and provides an information processing apparatus, an information processing method, an information processing program, and an electronic apparatus capable of detecting and responding to malicious external attacks. With the goal.
  • the information processing apparatus includes an authentication information generation unit that generates new authentication information for connection.
  • the authentication information generation unit when it is detected that the first device associated with authentication information for communication connection is attacked from the outside, the authentication information generation unit is connected to the first device Information processing method for generating new authentication information.
  • the authentication information generation unit when it is detected that the first device associated with authentication information for communication connection is attacked from the outside, the authentication information generation unit is connected to the first device Is an information processing program that causes a computer to execute an information processing method for generating new authentication information.
  • the fourth technology includes notification means for holding authentication information for communication connection, communicating with another device, and notifying the server apparatus of that when it is detected that an external attack has been received. It is an electronic device.
  • the present technology it is possible to detect and respond to malicious external attacks.
  • the effect described here is not necessarily limited, and may be any effect described in the specification.
  • FIG. 2A is a block diagram showing the configuration of the IoT device
  • FIG. 2B is a block diagram showing another example of the configuration of the IoT device 100.
  • It is a block diagram showing composition of an information processing system.
  • It is a block diagram showing composition of a cloud.
  • It is a sequence diagram which shows the flow of attack detection from an external apparatus, and the countermeasure process with respect to it.
  • It is a flow chart which shows a flow of attestation processing of an external apparatus.
  • It is a flowchart which shows the flow of the other example of the authentication process of an external apparatus.
  • It is a block diagram showing a modification of a form of application of this art.
  • FIG. 18 is a block diagram showing a configuration of a use form of a second modified example of the present technology.
  • FIG. 21 is a block diagram showing a configuration of a use form of a third modified example of the present technology. It is a sequence diagram of a process in the 3rd modification of this art.
  • Embodiment> [1-1. Configuration of usage form of the present technology] [1-2. Configuration of IoT Device] [1-3. Cloud configuration] [1-4. Detection processing of external device] ⁇ 2. Modified example> [2-1. First Modified Example] [2-2. Second Modified Example] [2-3. Third Modified Example]
  • the usage mode of the present technology includes the IoT device 100, a cloud 200 having a function as an information processing apparatus according to the present technology, and a terminal device 300.
  • the IoT device 100 is configured as a smart lock in the present embodiment.
  • the smart lock is a general term for devices and systems that can communicate keys of a house, a car, etc., and can perform key opening / closing and management using a smartphone or the like.
  • the IoT device 100 can perform communication by connecting to another IoT device, a terminal device, and the like using near-field wireless communication. Although the details will be described later, at that time, the IoT device 100 requests transmission of authentication information to another external IoT device or the like that requests connection. Then, only other IoT devices that can confirm that the transmitted authentication information is correct can communicate with the IoT device 100 by connecting.
  • the IoT device 100 corresponds to the first device and the electronic device in the claims.
  • the cloud 200 is built in a management apparatus such as a server owned by a company providing a cloud service.
  • the cloud is one of the forms of computer use, and is built on the server of a cloud service provider, and all necessary processing is basically performed on the server side.
  • Users store data on servers on the Internet, not on their personal computers, smart phones, cell phones, etc. Therefore, services can be used, data can be viewed, edited, uploaded, etc., even in various environments such as home, office, cafe, school, outing.
  • the IoT device 100 and the cloud 200 are connected by broadband wireless communication.
  • the terminal device 300 is a smartphone, a tablet terminal, a laptop computer, a desktop computer, a wearable device, or the like owned by a user who uses the IoT device 100.
  • the terminal device 300 and the cloud 200 can communicate with each other via a wireless local area network (LAN) such as Wi-Fi (Wireless Fidelity), 4G (fourth generation mobile communication system), broadband, or the like.
  • LAN wireless local area network
  • Wi-Fi Wireless Fidelity
  • 4G fourth generation mobile communication system
  • broadband or the like.
  • the terminal device 300 corresponds to the second device in the claims.
  • the present technology addresses the case where an attack from the external device 400 on the IoT device 100 is detected.
  • the attack from the external device 400 corresponds to the “external attack” in the claims.
  • the IoT device 100 detects an attack from the external device 400, the IoT device 100 notifies the cloud 200 to that effect.
  • the cloud 200 newly generates authentication information required for connection authentication of the IoT device 100 and transmits the authentication information to the IoT device 100.
  • the cloud 200 notifies the terminal device 300 that there is an attack on the IoT device 100.
  • the IoT device 100 includes a central processing unit (CPU) 101, a random access memory (RAM) 102, a read only memory (ROM) 103, a storage 104, a battery 105, a broadband wireless module 106, a near field wireless module 107, and a bus 108. It is configured.
  • the CPU 101 controls the entire IoT device 100 by executing various processes according to programs stored in the ROM 103 and issuing commands.
  • the RAM 102 is used as a work memory of the CPU 101.
  • the ROM 103 stores programs and the like read and operated by the CPU 101.
  • the storage 104 is, for example, a storage medium configured by an HDD (Hard Disc Drive), a semiconductor memory, an SSD (solid state drive), etc., and stores Passkey as authentication information and other data necessary for using the IoT device 100 It is done.
  • HDD Hard Disc Drive
  • SSD solid state drive
  • the battery 105 supplies power to each part of the IoT device 100, and is configured of, for example, a lithium ion battery.
  • the broadband wireless module 106 is a module that communicates with an external device, a network, or the like according to a communication standard such as, for example, enhanced machine type communication (eMTC) or narrow band-IoT (NB-IoT).
  • eMTC enhanced machine type communication
  • NB-IoT narrow band-IoT
  • the eMTC is a system that can communicate in a mobile unit, and is characterized in that it supports low to medium speed movement and can transmit and receive relatively large-sized data.
  • NB-loT is a standard for mobile communication technology LTE (Long Term Evolution), which is a standard for IoT devices, and features such as 180kHz width and very narrow bandwidth, and is suitable for small amount of data communication There is.
  • LTE Long Term Evolution
  • NB-IoT are IoT technologies based on mobile phones with features such as wide area and low power consumption, smart meters such as power, gas and water, smart locks, various sensors, wearable devices, medical healthcare It is used in fields such as
  • the broadband wireless module 106 is connected to a SIM (Subscriber Identity Module) card 109 which is an IC card in which identification information such as an ID necessary for communication is recorded.
  • SIM Subscriber Identity Module
  • the short distance wireless module 107 is a communication module that performs wireless communication with an external device such as another IoT device or a network.
  • Examples of the wireless communication method include Bluetooth (registered trademark) and Zigbee (registered trademark). In the present embodiment, communication is performed using Bluetooth (registered trademark).
  • Bluetooth (registered trademark) is a wireless communication method used when connecting between terminal devices or between a terminal device and its peripheral device, and in addition to game devices, music players, and peripheral devices of personal computers, in recent years smart household appliances Etc. are also adopted.
  • SSP secure simple pairing
  • the Passkey Entry mode is a mode in which authentication is performed by inputting to the terminal Passkey as authentication information consisting of a six-digit number.
  • authentication of the external device in the IoT device 100 is performed by Passkey Entry.
  • Passkey is associated as unique to each IoT device.
  • the IoT device 100 is configured as described above. Note that, as shown in FIG. 2B, the storage device 104 may not be provided in the IoT device 100, and authentication information, various data, and the like may be stored in the ROM 103.
  • FIG. 3 is a block diagram showing the configuration of the IoT device system 150 executed by the IoT device 100.
  • the IoT device system 150 includes a main control unit 151, a broadband wireless module control unit 152, a short distance wireless module control unit 153, a device detection unit 154, and a data holding management unit 155.
  • the main control unit 151 controls the entire IoT device system 150 and each unit.
  • the broadband wireless module control unit 152 controls communication by the broadband wireless module 106.
  • the short distance wireless module control unit 153 controls the communication by the short distance wireless module 107.
  • the device detection unit 154 detects an external device 400 that attacks the IoT device 100.
  • the IoT device 100 uses Bluetooth (registered trademark) as a short distance wireless communication method and uses Passkey Entry as an authentication method
  • the device detection unit 154 determines that the number of failed pairings by Passkey authentication is a predetermined number or more. It is determined that there is an external device 400 attacking the. Specific processing of detection of the external device 400 will be described later.
  • the data holding management unit 155 holds Passkey as authentication information and a threshold of the pairing failure allowable number of times.
  • the data holding management unit 155 may be provided in an area in the storage 104 of the IoT device 100.
  • the IoT device system 150 is configured as described above.
  • the SIM card 109 may be inserted into the IoT device 100 and the power may be turned on.
  • the cloud 200 includes a main control unit 201, an IoT device data transmission / reception unit 202, a user data transmission / reception unit 203, a user data holding unit 204, a Passkey generation unit 205, and a notification processing unit 206.
  • the main control unit 201 controls the entire cloud 200 and each unit by executing a predetermined program or the like.
  • the IoT device data transmission / reception unit 202 is a communication module that transmits / receives data to / from the IoT device 100, and transmits / receives various data, information, etc. to / from the IoT device 100.
  • a notification to that effect is sent from the IoT device 100 to the cloud 200, so the data transmitting / receiving unit 202 for IoT device is used for the notification.
  • the user data transmission / reception unit 203 is a communication module that transmits / receives data to / from the terminal device 300. Data specific to a user who is a user of the IoT device 100 (referred to as user data) transmitted from the terminal device 300 is received.
  • the user data holding unit 204 is, for example, a storage medium configured by an HDD, a semiconductor memory, an SSD, etc.
  • the user data received by the user data transmitting / receiving unit 203 is processed by the main control unit 201.
  • Stored in The user data transmission / reception unit 203 also receives information transmitted in the setup for using the IoT device 100 and the cloud 200.
  • the Passkey generating unit 205 When the data transmitting / receiving unit 202 for IoT device receives a notification that there is an attack from the IoT device 100, the Passkey generating unit 205 newly generates Passkey as authentication information used for authentication in the IoT device 100. . Since Passkey consists of a six-digit number, Passkey generation unit 205 generates a new six-digit number randomly or according to a predetermined algorithm as a new Passkey. The new Passkey generated by the Passkey generation unit 205 is transmitted to the IoT device 100 by the data transmission / reception unit 202 for the IoT device. The Passkey generation unit 205 corresponds to the authentication information generation unit in the claims.
  • the notification processing unit 206 communicates with the terminal device 300 according to the control of the main control unit 201, and transmits notification data for performing various notifications to the user in the terminal device 300.
  • a new Passkey is generated to notify that the Passkey is updated in the IoT device 100.
  • the cloud 200 is configured as described above.
  • the function as an information processing apparatus executed by the cloud 200 is configured by a program, and the program may be previously operable in the cloud 200, or may be distributed by download, storage medium, etc. A company or the like to be provided may be installed and operable.
  • the function as an information processing apparatus may be realized not only by a program but also by combining a dedicated device, a circuit and the like by hardware having the function.
  • the user accesses the cloud 200 via the Internet using a personal computer, a smartphone, or the like.
  • an account is created in the cloud 200.
  • the creation of an account in the cloud 200 can be performed on a website or the like of a company that provides the cloud 200 service.
  • the user registers in the account the user's contact information such as the telephone number and mail address of the terminal device 300, registration of an ID that can identify a SIM card such as IMSI (International Mobile Subscriber Identity), and IoT associated with the SIM card.
  • IMSI International Mobile Subscriber Identity
  • IoT International Mobile Subscriber Identity
  • the user creates a device group for managing the IoT device 100 as a group, and registers the IoT device 100 used by the user in the device group.
  • the user sets a Passkey in units of device groups, and further sets a threshold value for the number of Bluetooth pairing failures.
  • the threshold information of the pairing failure tolerance number is transmitted to the IoT device 100, and is used for detecting an attack from the external device 400 in the device detection unit 154.
  • the threshold value of the pairing failure allowable number may be automatically set in the IoT device 100 or the cloud 200.
  • the setup of the cloud 200 is performed as described above.
  • Various data sent from the user to the cloud 200 via the Internet in the setup of the cloud 200 are received by the user data transmission / reception unit 203.
  • the main control unit 201 of the cloud 200 causes the user data holding unit 204 to hold the various data.
  • the power of the IoT device 100 is turned on.
  • the program stored in the ROM 103 is loaded to the RAM 102 and the CPU 101 executes it.
  • the main control unit 151 of the IoT device system 150 queries the data holding management unit 155 whether the IoT device 100 is in the initial state. If the IoT device 100 is in the initial state, the main control unit 151 notifies the cloud 200 of setup via the broadband wireless communication module 106 from the broadband wireless module control unit 152.
  • the main control unit 201 of the cloud 200 acquires threshold information on the number of failures of pairing with the Passkey from the user data holding unit 204, and the IoT device 100 receives the IoT device data transmission / reception unit 202. Send to
  • the IoT device 100 receives the threshold value of the number of failures of pairing with the Passkey in the broadband wireless module 106, and stores the threshold information in the data holding management unit 155.
  • the IoT device 100 notifies the cloud 200 that there is an attack from the external device 400 in step S12. Do. Details of detection of an attack from the external device 400 will be described later.
  • step S13 the external device 400 is notified that the authentication has failed.
  • step S14 the Passkey generation unit 205 of the cloud 200 generates a new Passkey as new authentication information. Then, in step S15, a new Passkey is transmitted from the cloud 200 to the IoT device 100, and in step S16, the Passkey is updated to a new Passkey in the IoT device 100.
  • step S17 the cloud 200 notifies the terminal device 300 of the user that there has been an attack from the external device 400 and that the Passkey has been updated.
  • the IoT device 100 does not have a display or the like, or even when the user is not near the IoT device 100, the user can know that the IoT device 100 has been attacked.
  • the flow of Passkey authentication in the device detection unit 154 of the IoT device 100 will be described with reference to the flowchart in FIG. First, when the Passkey is transmitted from the external device 400 and authentication and connection request are made, the Passkey is read from the data holding management unit 155 in step S21 and supplied to the device detection unit 154. The Passkey held by the data holding management unit 155 is a legitimate Passkey.
  • step S22 the device detection unit 154 performs Passkey authentication processing by exchange / confirmation of the Passkey transmitted from the external device 400 and the Passkey held by the IoT device 100.
  • step S24 a short distance wireless communication connection between the external device 400 and the IoT device 100 is established as the authentication success.
  • step S23 a Passkey authentication failure number counter is incremented.
  • step S26 it is determined whether the number of authentication failures is less than a predetermined threshold. If the number of authentication failures is less than the predetermined threshold, the process proceeds to step S27 (Yes in step S25), and the connection between the external device 400 and the IoT device 100 is not established as authentication failure.
  • step S28 the IoT device 100 notifies the cloud 200 of the authentication failure, that is, the attack from the external device 400. Then, the connection between the external device 400 and the IoT device 100 is not established as authentication failure in step S27.
  • the Passkey authentication in the IoT device 100 is performed. Usually, since the user knows the correct Passkey, the Passkey will not be mismatched unless communication failure or an input error is considered. However, in the case of a malicious attack from the external device 400, in order to match the Passkey, different types of Passkeys are transmitted to try pairing. Therefore, if the number of consecutive authentication failures is not less than the predetermined threshold, it can be determined that this is an attack from the external device 400.
  • a plurality of thresholds for the authentication failure allowable number of times may be set, and different notifications may be issued to the terminal device 300 of the user each time each threshold is exceeded. This makes it possible to notify the user that there is a possibility that a malicious external device may be attacking before determining whether the external device that has transmitted the Passkey is a malicious external device.
  • Steps S21 to S28 in FIG. 7 are the same as those in the flowchart of FIG.
  • step S23 If it is determined in step S23 that the Passkey transmitted from the external device 400 matches the Passkey held by the IoT device 100, the process proceeds to step S31 (Yes in step S23).
  • step S31 confirmation of additional authentication data is performed in step S31.
  • the confirmation of the additional authentication data requests the external device 400 to transmit the additional authentication data, and the transmitted additional authentication data and the additional authentication data held by the IoT device 100 are requested as in step S22. Is performed by determining whether or not there is a match.
  • the additional authentication data may be a random character string similar to Passkey, may be a character string arbitrarily set by the user, or may be data for an authentication method other than Passkey, IoT device 100 and other devices Anything can be used as long as it can be used for authentication.
  • the additional authentication data corresponds to the second authentication information in the claims.
  • step S24 a short distance wireless communication connection between the external device 400 and the IoT device 100 is established as the authentication success.
  • step S32 the process proceeds from step S32 to step S25 (Yes in step S32).
  • step S25 the counter of the number of authentication failures is incremented. After this, the same processing as that of the flowchart of FIG. 6 is performed.
  • the security of the IoT device 100 can be enhanced by preventing the Passkey authentication from being accidentally completed and the malicious external device 400 being connected.
  • the present technology it is possible to detect an attack from a malicious external device by short-distance wireless communication, and to prevent connection of the malicious external device 400 and also to prevent a spoofing attack.
  • the IoT device 100 is not limited to a smart lock, and can be connected to the Internet such as TVs, digital cameras, media players such as Blue-ray players, water heaters, sensors, lighting devices, surveillance cameras, refrigerators, wearable devices, etc. Any device may be used.
  • the IoT device 100 determines whether the authentication from the external device 400 and the connection request are an attack. However, since the Passkey of the IoT device 100 also holds the cloud 200, when the transmission of the Passkey is received from the external device 400, the IoT device 100 transmits the Passkey to the cloud 200, and the Passkey matches in the cloud 200. It may be checked whether or not it is present.
  • Bluetooth registered trademark
  • Passkey Entry is used as the authentication method
  • Passkey is used as the authentication information
  • the communication method may be another method, or the device to be connected is authenticated. Other methods that can be used may be used, or other information may be used as authentication information.
  • the same processing as that of the embodiment may be performed using a large capacity storage medium and a management IoT device having high processing capability.
  • the IoT device 100 and the cloud 200 are connected by broadband wireless communication, and the external device 400 and the IoT device 100 are connected by short distance wireless communication, but the communication connection method is not limited thereto.
  • the IoT device 100 and the cloud 200 are connected by broadband wireless communication, and the cloud 200 and the terminal device 300 are also connected by broadband wireless communication. Furthermore, the IoT device 100 and the terminal device 300 are connected by near field communication.
  • Information is periodically transmitted from the IoT device 100 to the cloud 200. If the information can not be received at a predetermined time, the cloud 200 notifies the terminal device 300 of the user.
  • the terminal device 300 that has received the notification performs near field communication with the IoT device 100, receives information from the IoT device 100, and transmits the information to the cloud 200. This makes it possible to keep transmitting information to the cloud 200 reliably.
  • This example is useful, for example, in a use case where an IoT device 100 as a sensor such as a thermometer or a pulse meter is attached to a human body and biological information such as temperature and pulse is continuously transmitted to the cloud 200. Moreover, it is useful also to the use case which monitors the state of not only a human body but livestock, cargo, vehicle-mounted, a household appliance, etc., and transmits state information to the cloud 200 regularly.
  • the IoT devices may be connected by near field communication.
  • the first IoT device 1000, the second IoT device 2000, and the third IoT device 3000 can be connected to the cloud 200 by broadband wireless communication.
  • the first IoT device 1000 is set to periodically transmit information to the cloud 200, and if the cloud 200 can not receive information at a predetermined time, the cloud 200 is closest to the first IoT device 1000 And select the IoT device that performed broadband wireless communication immediately before.
  • the second IoT device 2000 is selected.
  • the second IoT device 2000 that has received the notification from the cloud 200 makes short-distance wireless connection with the first IoT device 1000, and transmits information of the first IoT device 1000 to the cloud 200.
  • information can be reliably transmitted to the cloud 200 continuously.
  • the cloud 200 does not select the IoT device to be connected in the short distance wireless connection, but after the information transmission to the cloud 200 fails, the adjacent IoT devices automatically establish the short distance wireless connection and the connection is established. Information may be transmitted to the cloud 200 via an IoT device.
  • the first IoT device 1000, the second IoT device 2000, and the third IoT device 3000 are each connected to the cloud 200, and information is periodically transmitted to the cloud 200. If information transmission to the cloud 200 in the first IoT device 1000 fails, in step S41, the first IoT device 1000 starts an advertisement by transmitting an advertisement packet to convey its presence to surrounding IoT devices. .
  • the second IoT device 2000 and the third IoT device 3000 scan in steps S42 and S43, the first IoT device 1000 can be found in steps S44 and S45.
  • the second IoT device 2000 that has found the first IoT device 1000 performs authentication and connection request to the first IoT device 1000 by near field communication in step S46.
  • the third IoT device 3000 that has found the first IoT device 1000 sends an authentication and connection request to the first IoT device 1000 by near field communication in step S47.
  • the first IoT device 1000 selects a device having the strongest radio wave intensity from the IoT devices that have received the authentication and connection request.
  • the second IoT device 2000 has a stronger radio wave intensity than the third IoT device 3000.
  • step S49 the first IoT device 1000 transmits an error message without connecting to the third IoT device 3000 not selected.
  • the first IoT device 1000 receives the authentication and connection request from the selected second IoT device 2000 and establishes a connection.
  • step S51 the first IoT device 1000 transmits information by near-field wireless communication to the second IoT device 2000 in which the connection has been established. Then, in step S52, the second IoT device 2000 transmits the information received from the first IoT device 1000 to the cloud 20 by broadband wireless communication.
  • the present technology is not limited to the smart lock described in the embodiment, and can be used in various fields.
  • each cargo is equipped with an IoT device with a GPS function, and grouping is performed based on the type of cargo, destination, and the like.
  • IoT devices periodically send GPS information to the cloud.
  • the current position of the cargo can be periodically grasped, and when the cargo is forgotten or left unstacked, the cloud can notify the user of the terminal device of that fact.
  • notification of transport completion can be sent to the user's terminal device.
  • it detects an attack from an external device to an IoT device loaded in cargo for the purpose of replacement of cargo, loss of cargo, obstruction of transportation, etc. that effect is notified to the user's terminal device You can also.
  • the present technology can also be used in a so-called smart meter that manages water consumption and gas consumption in condominiums, apartment buildings, and the like.
  • the smart meter is an IoT device, and transmits various usage data acquired by the smart meter to the cloud. Then, if an attack by a malicious external device for the purpose of hijacking an IoT device, falsification of data, interruption of data transmission, transmission of erroneous information, or the like is detected, that effect can be notified to the user's terminal device.
  • the technology can also be used to manage livestock. Attach an IoT device as a sensor capable of acquiring biological information such as body temperature and pulse to each of domestic animals, and periodically transmit biological information from the IoT device to the cloud. Then, when various conditions are set for biological information in the cloud and the conditions are satisfied, it is possible to notify the user terminal device of occurrence of disease, risk of disease, timing of birth, timing of seeding, etc. . In addition, when an attack by a malicious external device for the purpose of hijacking IoT devices, falsification of biological information, interruption of data transmission, transmission of erroneous information, or the like is detected, that effect can be notified to the user's terminal device. .
  • the present technology can also be used to manage equipment in a factory or the like.
  • Attach an IoT device as a sensor that can obtain the condition of the device such as temperature to each of the devices, and periodically transmit the device state information from the IoT device to the cloud. Then, when various conditions are set for the equipment state information in the cloud and the conditions are satisfied, it is possible to notify the terminal device of the user of an abnormality of the equipment, a failure of the equipment, and the like.
  • an attack by a malicious external device for the purpose of hijacking IoT devices falsification of equipment status information, interruption of data transmission, transmission of false information, etc. is detected, that effect is notified to the user's terminal device. You can also.
  • the present technology can also be configured as follows.
  • the attack is detected by confirming whether the authentication information transmitted to the first device from the outside matches the authentication information associated with the first device (1) to (4)
  • the attack occurs when a plurality of pieces of authentication information continuously transmitted from the outside to the first device and the authentication information associated with the first device do not continuously match a predetermined number of times (5) the information processing apparatus according to (5).
  • Second authentication information is further associated with the first device, and another device authenticated by the authentication information is authenticated by the second authentication information (1) to (8).
  • the information processing apparatus according to any one of the above.
  • the information processing apparatus according to any one of (1) to (9), which operates in a server apparatus connected to the first apparatus by broadband wireless communication.
  • the authentication information generation unit When it is detected that the first device to which authentication information for communication connection is associated is attacked from the outside, the authentication information generation unit generates new authentication information for connecting to the first device. Information processing method to generate. (12) When it is detected that the first device to which authentication information for communication connection is associated is attacked from the outside, the authentication information generation unit generates new authentication information for connecting to the first device. An information processing program that causes a computer to execute an information processing method to be generated.
  • An electronic device comprising notification means for holding authentication information for communication connection, communicating with another device, and notifying a server device of a cloud system of that when it is detected that an external attack has been received.
  • the electronic device according to (13), wherein, when transmission of the information to the server device fails, the information is transmitted to another electronic device, and the information is transmitted to the server device via the other electronic device.
  • IoT device 200 Cloud 300: Terminal device 400: External device

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne un dispositif de traitement d'informations qui est pourvu d'un moyen de génération d'informations d'authentification, lorsqu'il est détecté qu'un premier dispositif associé à des informations d'authentification pour un accès de communication a reçu une attaque externe, le moyen de génération d'informations d'authentification générant de nouvelles informations d'authentification pour accéder au premier dispositif.
PCT/JP2018/047333 2018-01-10 2018-12-21 Dispositif de traitement d'informations, procédé de traitement d'informations, programme de traitement d'informations, et dispositif électronique WO2019138850A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2018002188A JP2019121994A (ja) 2018-01-10 2018-01-10 情報処理装置、情報処理方法、情報処理プログラムおよび電子機器
JP2018-002188 2018-01-10

Publications (1)

Publication Number Publication Date
WO2019138850A1 true WO2019138850A1 (fr) 2019-07-18

Family

ID=67219578

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/047333 WO2019138850A1 (fr) 2018-01-10 2018-12-21 Dispositif de traitement d'informations, procédé de traitement d'informations, programme de traitement d'informations, et dispositif électronique

Country Status (2)

Country Link
JP (1) JP2019121994A (fr)
WO (1) WO2019138850A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2022123675A (ja) * 2021-02-12 2022-08-24 オムロンヘルスケア株式会社 無線通信装置、無線通信方法およびプログラム

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004072327A (ja) * 2002-08-05 2004-03-04 Hitachi Ltd 無線通信処理システム、無線通信処理装置、無線通信処理装置を用いた機器及び無線通信処理方法
JP2015153258A (ja) * 2014-02-17 2015-08-24 パナソニックIpマネジメント株式会社 車両用個人認証システム及び車両用個人認証方法
JP2015177359A (ja) * 2014-03-14 2015-10-05 富士通株式会社 無線通信装置、無線通信システム、及び無線通信方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004072327A (ja) * 2002-08-05 2004-03-04 Hitachi Ltd 無線通信処理システム、無線通信処理装置、無線通信処理装置を用いた機器及び無線通信処理方法
JP2015153258A (ja) * 2014-02-17 2015-08-24 パナソニックIpマネジメント株式会社 車両用個人認証システム及び車両用個人認証方法
JP2015177359A (ja) * 2014-03-14 2015-10-05 富士通株式会社 無線通信装置、無線通信システム、及び無線通信方法

Also Published As

Publication number Publication date
JP2019121994A (ja) 2019-07-22

Similar Documents

Publication Publication Date Title
US9774451B2 (en) Using secure elements to authenticate devices in point-to-point communication
CN101617346B (zh) 用以基于接近度来部署动态凭证基础结构的方法和设备
CN102348209B (zh) 接入无线网络及其认证的方法和设备
RU2546610C1 (ru) Способ определения небезопасной беспроводной точки доступа
KR102013683B1 (ko) M2m 부트스트래핑
US10009359B2 (en) System, apparatus and method for transferring ownership of a device from manufacturer to user using an embedded resource
US10862684B2 (en) Method and apparatus for providing service on basis of identifier of user equipment
US10097358B2 (en) Securing IoT devices using an out-of-band beacon
CN112260995A (zh) 接入认证方法、装置及服务器
US10470102B2 (en) MAC address-bound WLAN password
CN105262773B (zh) 一种物联网系统的验证方法及装置
KR20180081160A (ko) 3gpp lte에서 모바일 통신 디바이스 간의 근접성 발견, 인증 및 링크 설정
US20170238236A1 (en) Mac address-bound wlan password
CN113169962A (zh) 对网状网络中安全威胁的检测
KR20160131572A (ko) 이동 통신 시스템에서 결제 관련 정보 인증 방법 및 장치
KR100651717B1 (ko) 스마트 카드를 이용한 원격 단말기와 홈 네트워크 간의인증방법 및 홈 네트워크 시스템
US20190238532A1 (en) Authentication system utilizing secondary connection
CN110365559B (zh) 用于安全设备操作的系统和方法
US10542434B2 (en) Evaluating as to whether or not a wireless terminal is authorized
WO2019138850A1 (fr) Dispositif de traitement d'informations, procédé de traitement d'informations, programme de traitement d'informations, et dispositif électronique
CN108702705B (zh) 一种信息传输方法及设备
KR101487349B1 (ko) 무선 ap에서의 단말 인증 방법 및 이를 이용한 무선랜 시스템
US11316890B2 (en) Network denial of service defense method and system
US11696138B2 (en) Security appliance for protecting power-saving wireless devices against attack
US20240179532A1 (en) Privacy Preserving Bluetooth Low Energy Pairing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18900474

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18900474

Country of ref document: EP

Kind code of ref document: A1