WO2020138525A1 - Procédé d'authentification distribuée d'un dispositif dans un environnement de chaînes de blocs de l'internet des objets, et système d'authentification distribuée de dispositif l'utilisant - Google Patents

Procédé d'authentification distribuée d'un dispositif dans un environnement de chaînes de blocs de l'internet des objets, et système d'authentification distribuée de dispositif l'utilisant Download PDF

Info

Publication number
WO2020138525A1
WO2020138525A1 PCT/KR2018/016652 KR2018016652W WO2020138525A1 WO 2020138525 A1 WO2020138525 A1 WO 2020138525A1 KR 2018016652 W KR2018016652 W KR 2018016652W WO 2020138525 A1 WO2020138525 A1 WO 2020138525A1
Authority
WO
WIPO (PCT)
Prior art keywords
owner
network
message
key
blockchain
Prior art date
Application number
PCT/KR2018/016652
Other languages
English (en)
Korean (ko)
Inventor
조수환
박수용
김순태
Original Assignee
서강대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 서강대학교 산학협력단 filed Critical 서강대학교 산학협력단
Publication of WO2020138525A1 publication Critical patent/WO2020138525A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1061Peer-to-peer [P2P] networks using node-based peer discovery mechanisms
    • H04L67/1065Discovery involving distributed pre-established resource-based relationships among peers, e.g. based on distributed hash tables [DHT] 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present invention relates to an IoT blockchain environment, and more specifically, distribution by a blockchain agreement to prevent the creation of signature keys of participants and forgery of authentication information for distributed authentication of numerous devices in the IoT blockchain environment.
  • a device distributed authentication method having stability using a multi-signature verification technique for verifying authentication history data for storage and devices, and a device distributed authentication system implemented using the same.
  • the Internet of Things has built-in various sensors and communication functions such as Bluetooth, Wi-Fi, LTE, Zigbee, and NFC in a system that can be identified as an object to connect data in real time based on the Internet. It refers to intelligent technologies and services that exchange information between objects and objects and people.
  • the IoT environment is developing in the form of fog, edge computing, a distributed environment that connects devices in a cloud-based centralized environment due to problems such as connection control, scalability, large-capacity data processing, and security of numerous devices. .
  • IBM has proposed an IoT blockchain environment, which consists of IoT devices, cloud, computers, etc., which are blockchain-based IoT peer-to-peer network environments.
  • a newly proposed problem is device authentication. Authentication of unauthorized devices and participation in the network may lead to imitation attacks, privacy attacks, blocking attacks, spoofing attacks, etc. As a result, security threats that prevent the normal provision and use of the Internet of Things appear. In particular, this device authentication problem causes security problems of a centralized certificate authority (CA).
  • CA centralized certificate authority
  • an authentication system is required through consensus among nodes in a distributed environment.
  • it in order to solve the authentication problem by the CA agency of the Internet of Things, it is intended to present a device distributed authentication protocol in a decentralized IoT blockchain environment.
  • the problems to be solved in distributed device authentication in the IoT blockchain environment are as follows. 1. Compared to the authentication by the centralized CA authority, the distributed authentication system must perform the correct authentication even when a malicious node attacks or the system fails. 2. It should be possible to perform proper authentication of the authentication information (device unique identification value, signature verification, network brewery) of the previously approved device. It should be possible to prevent unauthorized devices from joining the network due to falsification of authentication information from an attacker or incorrect information. 3. Every thing device has a user and has ownership of the device. Therefore, it should be possible to prove ownership of the device and to deny ownership of unauthorized users. 4. When ownership of the thing device is proved, access control to the resource of the device must be possible, and access control to the device by a malicious attacker must be blocked. 5. In the Internet of Things (IoT) environment, devices are frequently exchanged, and in this case, proper ownership of the device from the old owner to the new owner should be possible.
  • IoT Internet of Things
  • An object of the present invention is to provide a device distributed authentication method in an IoT blockchain environment according to the present invention for solving the above-mentioned problems.
  • Another object of the present invention is to provide a device distributed authentication system implemented by the above-described device distributed authentication method.
  • the device distributed authentication system relates to a device distributed authentication system in an IoT blockchain environment in which participants including a device manufacturer, a device, an owner, and a service provider form a blockchain network (PIBN).
  • the provisioning module for generating a signature key and verification key for each of the participants of the blockchain network, and register with the blockchain network with a unique identification value;
  • a device registration module that registers a device created by the manufacturer. Equipped with,
  • the device registration module the manufacturer generates a unique identification value (UUID) and signature key and verification key of the device, generates a device registration message (Md) and propagates the process to the blockchain network, participating nodes of the network If the validity is verified by verifying the device registration message propagated by the pre-registered manufacturer's verification key, the message content is agreed upon with a preset consensus algorithm, and when agreed, the process of storing the message in the distributed hash table (DHT) is executed.
  • UUID unique identification value
  • Md device registration message
  • the device registration message Md is a message signed with the device's signature key, including the device's unique identification value and a verification key.
  • the device distributed authentication system further includes a device transfer module for transferring a device registered by the manufacturer to a service provider,
  • the device migration module performs a process in which a service provider receives a signature key for a device from a manufacturer through a secure channel, generates a device transfer registration message (Sd), and propagates it to a blockchain network.
  • the device transfer registration message Sd includes a unique identification value of the device and a verification key, and is a multi-encrypted message by first encrypting it with the device's signature key and secondly encrypting it again with the service provider's signature key.
  • the device distributed authentication system further includes an owner registration module in which an owner transfers the device from a service provider,
  • the owner registration module executes a process in which the owner receives the signature key for the device through the secure channel from the service provider, generates the owner registration message (Od) and propagates it to the blockchain network, and the participating nodes of the network Once the propagated owner registration message is first decrypted with the owner's verification key and second decrypted with the device's verification key, if it is valid, consensus on the contents is performed through the consensus algorithm, and if agreed, each node executes the process of storing in DHT Characterized by,
  • the owner registration message (Od) is a multi-encrypted message that includes the device's unique identification value and verification key, the network MAC address to which the device is connected, and is first encrypted with the device's signature key and second encrypted with the owner's signature key. desirable.
  • the device distributed authentication system further includes a device access control module for controlling access to a device to an owner who has transferred the device from a service provider,
  • the device access control module executes a process in which the owner generates an owner registration message (Od), generates a device access control request message (DAC) including the owner registration message, and propagates it to the blockchain network, and participates in the network If the nodes first decrypt the propagated device access control request message with the user's verification key and second decrypt it again with the device's verification key, if they are valid, they agree on the content through the consensus algorithm, and if agreed, the owner Characterized by executing the process of passing the access token,
  • Od owner registration message
  • DAC device access control request message
  • the owner registration message (Od) includes a unique identification value of the device, a verification key, and a network MAC address to which the device is connected, and is a multi-encrypted message that is first encrypted with the device's signature key and secondly encrypted with the owner's signature key. desirable.
  • the device distributed authentication system further includes a device authentication module
  • the device authentication module executes a process in which the device generates an authentication request message (DA) in which the device uniquely identifies the device (UUID) and the connected network MAC address with the device's signature key, and then propagates it to the PIBN network. If the participating node's propagation request message is decrypted with the verification key of the device and is valid, it is preferable to agree on the content through the consensus algorithm, and if agreed, each node executes the process of passing the authentication token.
  • DA authentication request message
  • the device distributed authentication system further includes a device ownership transfer module in which the device owner transfers the device to a new device owner,
  • the device ownership transfer module executes a process in which a new device owner receives a signature key for a device from a previous device owner through a secure channel, generates a new owner registration message (New_Od), and propagates it to the blockchain network. If the participating node's propagation request message is first decrypted with the verification key of the new device owner and second decrypted with the verification key of the device again, the content is agreed through the consensus algorithm, and if agreed, each node Characterized in that it executes the process of storing in DHT,
  • the new owner registration message (New_Od) includes a unique identification value of the device, a verification key, and a network MAC address to which the previously received device is connected.
  • the first encryption is performed with the device's signature key and the second encryption is performed again with the new user's signature key. It is preferably an encrypted message.
  • authentication for a device is performed through verification and agreement of multiple signatures by nodes in a blockchain network based on the distributed stored details. This proves that the authentication system is secure as long as a majority of the blockchain (more than 51%) is not attacked. If you look at the probability of failure of the certification authority, it can be said that it is safer than the authentication system by the existing single CA authority.
  • the device distributed authentication method of the present invention in order for the device to participate in the network, the histories of manufacturer signature key verification, service platform signature key verification, and owner signature key verification must be stored in a distributed manner. It must be done by agreement. Accordingly, devices that have been forged and manufactured without permission or devices with forged authentication information cannot participate in the network because they cannot falsify the signature verification and the historical data of the devices at each step.
  • the device distributed authentication method of the present invention can prevent an attack on the stealing of a device by a malicious user.
  • the device distributed authentication method of the present invention In order to prove the ownership of the device or transfer the ownership, the device's signature key is transferred through the secure channel, the device's signature key and the owner's signature key are multi-signed, verified based on the distributed stored history, and agreed by the consensus algorithm. Agreement must be reached. Therefore, the ownership of the user To seize Within the blockchain network Although forgery of the stored contents is required and the signature key of the device and the signature key of the owner are required, the authentication method according to the present invention is actually impossible to falsify the stored contents in the blockchain network and know the signature key of the device and the signature key of the owner. It is impossible to take ownership.
  • the device distributed authentication method of the present invention In order to access the device, the device registration information is multi-signed with the owner's signature key and the device's signature key, and distributed It must be verified based on the stored details and subject to device access through agreement. Therefore, if a malicious user wants to access the device, it is within the blockchain network. It is necessary to falsify the stored contents and take the signature key of the device and the signature key of the owner.
  • forgery of the stored contents of the blockchain network and forgery of the signature keys are impossible, so a user who is not the owner cannot access the device.
  • the distributed authentication method in the IoT blockchain environment can solve the conventional authentication problem in the centralized IoT.
  • FIG. 1 is a block diagram showing a device distributed authentication system implementing a device distributed authentication method according to a preferred embodiment of the present invention.
  • FIG. 2 is a diagram illustrating definitions of symbols used to describe a distributed authentication protocol in the device distributed authentication system according to the present invention.
  • FIG. 3 is a code exemplarily showing an authentication pre-visioning protocol implemented by an authentication pre-visioning module in the device distributed authentication system according to the present invention.
  • FIG. 4 is a code exemplarily showing a device registration protocol implemented by a device registration module in the device distributed authentication system according to the present invention.
  • FIG. 5 is a code exemplarily showing a device transfer protocol implemented by a device transfer module in the device distributed authentication system according to the present invention.
  • FIG. 6 is a code exemplarily showing a device owner registration protocol implemented by a device owner registration module in the device distributed authentication system according to the present invention.
  • FIG. 7 is a code exemplarily showing a device access control protocol for a user implemented by a device access control module in the device distributed authentication system according to the present invention.
  • FIG. 8 is a code exemplarily showing a device authentication protocol implemented by a device authentication module in the device distributed authentication system according to the present invention.
  • 9 is a code exemplarily showing a device ownership transfer protocol implemented by a device ownership transfer module in the device distributed authentication system according to the present invention.
  • each node stores information and details of devices for each step in a distributed hash table ('DHT') through a blockchain agreement for authentication in the IoT blockchain environment.
  • access control to the user or authentication of the device is requested from the blockchain network, and each node agrees and approves based on the stored history, and the message propagated by the manufacturer, service provider, and user is multi-encrypted. Therefore, the device distributed authentication system according to the present invention cannot prevent forgery of authentication information or participation in a forged device, can prevent an attack by device takeover, can prevent the user from taking ownership of the user, and a malicious user Will prevent access to the device.
  • FIG. 1 is a block diagram showing a device distributed authentication system implementing a device distributed authentication method according to a preferred embodiment of the present invention.
  • the device distributed authentication system 1 forms a blockchain network (PIBN) as a node in which participants including a device manufacturer, a device, an owner, and a service provider providing an IoT platform are nodes, Devices are devices that form the Internet of Things, and form an Internet of Things blockchain environment as a whole.
  • PIBN blockchain network
  • Each node of the device distributed authentication system according to the present invention described above includes an authentication pre-visioning module 100, a device registration module 110, a device transfer module 120, a device owner registration module 130, and a device access control module ( 140), a device authentication module 150, and a device owner transfer module 160.
  • FIG. 2 is a diagram illustrating definitions of symbols used to describe a distributed authentication protocol in the device distributed authentication system according to the present invention.
  • the authentication provisioning module 100 generates signature key and verification key, each key pair using ECDSA (2561kl kurve) algorithm, and registers it to the blockchain network with a unique identification value. do.
  • the authentication pre-visioning module verifies each details of the device with a signature and is pre-visioning for distributed consensus.
  • FIG. 3 is a code exemplarily showing an authentication pre-provisioning protocol in the device distributed authentication system according to the present invention.
  • the device registration module 110 is a module for a manufacturer to create a device and register it in the IoT blockchain network.
  • the device registration module executes a process in which the manufacturer generates a unique identification value (UUID), a signature key and a verification key of the device, generates a message md of the device, and then propagates it to the PIBN.
  • the device message md is a message signed by the manufacturer's signature key that includes the device's unique identification value (UUID) and the device's signature key, and is a device manufactured by the correct manufacturer by each node after being propagated to the blockchain network. This is a message to verify whether it is recognized.
  • the device registration module if the participating nodes of the network verify the validity of the received device message with a verification key of a pre-registered manufacturer, proceeds to agree on the message content with a preset consensus algorithm, and if distributed, hash The process of storing in the table DHT is executed.
  • 4 is a code illustrating an example of a device registration protocol in the device distributed authentication system according to the present invention.
  • the device transfer module 120 is a module that transfers a device registered by the manufacturer to a service provider.
  • a service provider receives a signature key for a device through a secure channel from a manufacturer, and the service provider generates a device transfer registration message (Sd) for device transfer registration and propagates it to the PIBN network.
  • the device transfer registration message (Sd) by the service provider includes a unique identification value (UUID) and a verification key of the device, and is first encrypted with the signature key of the previously received device and secondly encrypted with the sign key of the service provider to perform multiple encryption As a message, it is a message for verifying device transfer through verification of a correct service provider and verification of a device's signature key through multiple encryptions.
  • UUID unique identification value
  • the device transfer module is effective by first decrypting the propagated device transfer registration message with the verification key of the service provider and again with the verification key of the device, when the participating nodes of the network are valid, the content transfer agreement is reached through the consensus algorithm.
  • each node executes the process of storing in DHT. 5 is a code for exemplarily showing a device transfer protocol in the device distributed authentication system according to the present invention.
  • the device owner registration module 130 is a module in which a user transfers the device from a service provider as an owner and registers as an owner.
  • the device owner registration module executes a process in which a user receives a signature key for a device through a secure channel from a service provider as an owner, generates an owner registration message (Od), and propagates it to the PIBN network.
  • the owner registration message (Od) is a multi-encrypted message that includes a device's unique identification value, a verification key, and a network MAC address to which the device is connected, and is first encrypted with the device's signature key and second encrypted with the owner's signature key.
  • the device owner registration module if the nodes participating in the network first decrypt the propagated message with the verification key of the owner and then decrypt it again with the verification key of the device, if it is valid, proceed to agree on the content through the consensus algorithm.
  • each node executes the process of storing in DHT. 6 is a code for exemplarily showing a device owner registration protocol in the device distributed authentication system according to the present invention.
  • the device access control module 140 is a module that controls access to a device to an owner who has transferred the device from a service provider.
  • the device access control module executes a process in which the owner generates a device access control request message (DAC) including an owner registration message (Od) and propagates it to the PIBN network.
  • DAC device access control request message
  • the owner registration message (Od) is a message that includes a unique identification value of the device, a verification key, and a network MAC address to which the device is connected, and is a multi-encrypted message that is first encrypted with the device's signature key and secondly encrypted with the owner's signature key.
  • the participating nodes of the network first decrypt the propagated message with the user's verification key and second decrypt it again with the verification key of the device, if it is valid, the device proceeds to agree on the content through the consensus algorithm.
  • one of the nodes executes the process of passing the access token to the device to the owner.
  • 7 is a code exemplarily showing a device access control protocol for a user in the device distributed authentication system according to the present invention.
  • the device authentication module 150 generates a device authentication request message (DA) in which the device signs a unique identification value (UUID) for the device and a network MAC address to which the device is connected with the device's signature key, and then propagates it to the PIBN network. Execute the process, and the participating nodes of the network decrypt the propagated device authentication request message with the verification key of the device, and if it is valid, agree on the content through the consensus algorithm, and when agreed, one of the nodes passes the authentication token Execute the process.
  • DA device authentication request message
  • UUID unique identification value
  • the device ownership transfer module 160 is a module for a device owner to transfer a device to a new device owner.
  • the device ownership transfer module executes a process in which a new device owner transfers a signature key for a device from a previous device owner through a secure channel, and generates a new owner registration message (New_Od) to propagate to the PIBN network. do.
  • the new owner registration message (New_Od) includes a unique identification value of the device, a verification key, and a network MAC address to which the previously received device is connected, and is first encrypted with the device's signature key and second encrypted with the new owner's signature key for multiple encryption. Is the message.
  • the participating nodes of the network first decrypt the propagated new owner registration message with the verification key of the new device owner and second decrypt it again with the verification key of the device, if it is valid, the content is transferred through the consensus algorithm. Consensus is reached, and when agreed, each node executes the process of storing in DHT. 9 is a code for exemplifying a device ownership transfer protocol in a device distributed authentication system according to the present invention.
  • the device distributed authentication method according to the present invention is implemented by each module constituting the device distributed authentication system according to the present invention described above, an authentication pre-provisioning step, a device registration step from a manufacturer, and a device transfer step to a service provider , Device owner registration step, device access control step, device authentication step, device ownership transfer step, each of the above-described authentication pre-visioning module, device registration module, device transfer module, device owner registration module, device access control module, It is performed in the same way as the device authentication module and the device ownership transfer module.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un système et un procédé d'authentification distribuée d'un dispositif dans un environnement de chaînes de blocs de l'internet des objets. Dans le système d'authentification distribuée d'un dispositif, chaque nœud : stocke des informations et des détails relatifs à un dispositif à chaque étage d'une table de hachage distribuée (DHT) par l'intermédiaire d'un consensus de chaînes de blocs afin d'effectuer une authentification dans un environnement de chaînes de blocs de l'internet des objets; demande, à un réseau de chaînes de blocs, le contrôle de l'accès utilisateur ou de l'authentification d'un dispositif, effectue une authentification en parvenant à un consensus sur la base des détails stockés dans les nœuds respectifs, et multi-chiffre un message propagé par un fabricant, un fournisseur de services, un utilisateur, et similaires. Le système d'authentification distribuée d'un dispositif selon la présente invention peut ainsi empêcher la participation de dispositifs contrefaits et de dispositifs ayant des informations d'authentification contrefaites ou falsifiées, empêcher des attaques à l'aide de dispositifs volés, empêcher des utilisateurs de perdre leur droit de propriété, et empêcher des utilisateurs malveillants d'accéder à un dispositif.
PCT/KR2018/016652 2018-12-26 2018-12-26 Procédé d'authentification distribuée d'un dispositif dans un environnement de chaînes de blocs de l'internet des objets, et système d'authentification distribuée de dispositif l'utilisant WO2020138525A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020180169042A KR102177794B1 (ko) 2018-12-26 2018-12-26 사물인터넷 블록체인 환경에서의 디바이스 분산 인증 방법 및 이를 이용한 디바이스 분산 인증 시스템
KR10-2018-0169042 2018-12-26

Publications (1)

Publication Number Publication Date
WO2020138525A1 true WO2020138525A1 (fr) 2020-07-02

Family

ID=71126052

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2018/016652 WO2020138525A1 (fr) 2018-12-26 2018-12-26 Procédé d'authentification distribuée d'un dispositif dans un environnement de chaînes de blocs de l'internet des objets, et système d'authentification distribuée de dispositif l'utilisant

Country Status (2)

Country Link
KR (1) KR102177794B1 (fr)
WO (1) WO2020138525A1 (fr)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111884815A (zh) * 2020-08-07 2020-11-03 上海格尔安全科技有限公司 一种基于区块链的分布式数字证书认证系统
CN111967056A (zh) * 2020-07-18 2020-11-20 赣州市智能产业创新研究院 一种基于区块链的无线通讯信息采集方法及系统
CN112003926A (zh) * 2020-08-20 2020-11-27 上海和数软件有限公司 基于区块链的物联网设备编码方法、系统以及存储介质
CN112529518A (zh) * 2020-11-17 2021-03-19 北京思路创新科技有限公司 基于日常活动水平检测和管理系统的企业数据管理方法
CN112600892A (zh) * 2020-12-07 2021-04-02 北京邮电大学 面向物联网的区块链设备、系统及工作方法
CN113079215A (zh) * 2021-04-08 2021-07-06 华北电力大学(保定) 一种基于区块链的配电物联网无线安全接入方法
CN113783685A (zh) * 2021-08-30 2021-12-10 武汉海昌信息技术有限公司 一种使用区块链保护车联网数据的系统
CN116192383A (zh) * 2023-02-22 2023-05-30 深圳市怡丰云智科技股份有限公司 基于erp加密的物联网监控方法、装置、设备及存储介质
CN114615299B (zh) * 2022-03-09 2023-07-21 华中师范大学 一种远程医疗监测方法、系统、介质、设备及终端

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170300901A1 (en) * 2016-04-13 2017-10-19 Paypal, Inc. Public ledger authentication system
WO2017207314A1 (fr) * 2016-06-03 2017-12-07 Gemalto Sa Procédé et appareil pour publier des assertions dans une base de données distribuée d'un réseau de télécommunication mobile et pour personnaliser des dispositifs d'internet des objets
US20180183587A1 (en) * 2016-12-23 2018-06-28 Vmware, Inc. Blockchain-Assisted Public Key Infrastructure for Internet of Things Applications
US20180254898A1 (en) * 2017-03-06 2018-09-06 Rivetz Corp. Device enrollment protocol
US20180359095A1 (en) * 2017-06-12 2018-12-13 Cisco Technology, Inc. Dynamically-Changing Identity For IoT Devices With Blockchain Validation

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101686167B1 (ko) * 2015-07-30 2016-12-28 주식회사 명인소프트 사물 인터넷 기기의 인증서 배포 장치 및 방법
KR101678795B1 (ko) 2015-11-30 2016-11-22 전삼구 블록체인 인증을 이용하는 IoT 기반 사물 관리 시스템 및 방법
GB201607476D0 (en) * 2016-04-29 2016-06-15 Eitc Holdings Ltd Operating system for blockchain IOT devices
KR101800737B1 (ko) 2016-06-27 2017-11-23 경북대학교 산학협력단 사용자 인증을 위한 스마트기기의 제어방법, 이를 수행하기 위한 기록매체
KR101887894B1 (ko) * 2018-02-23 2018-08-14 (주)케이사인 메쉬 타입 블록체인 기반의 사물 인터넷 기기 관리 시스템

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170300901A1 (en) * 2016-04-13 2017-10-19 Paypal, Inc. Public ledger authentication system
WO2017207314A1 (fr) * 2016-06-03 2017-12-07 Gemalto Sa Procédé et appareil pour publier des assertions dans une base de données distribuée d'un réseau de télécommunication mobile et pour personnaliser des dispositifs d'internet des objets
US20180183587A1 (en) * 2016-12-23 2018-06-28 Vmware, Inc. Blockchain-Assisted Public Key Infrastructure for Internet of Things Applications
US20180254898A1 (en) * 2017-03-06 2018-09-06 Rivetz Corp. Device enrollment protocol
US20180359095A1 (en) * 2017-06-12 2018-12-13 Cisco Technology, Inc. Dynamically-Changing Identity For IoT Devices With Blockchain Validation

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111967056A (zh) * 2020-07-18 2020-11-20 赣州市智能产业创新研究院 一种基于区块链的无线通讯信息采集方法及系统
CN111884815A (zh) * 2020-08-07 2020-11-03 上海格尔安全科技有限公司 一种基于区块链的分布式数字证书认证系统
CN112003926A (zh) * 2020-08-20 2020-11-27 上海和数软件有限公司 基于区块链的物联网设备编码方法、系统以及存储介质
CN112529518A (zh) * 2020-11-17 2021-03-19 北京思路创新科技有限公司 基于日常活动水平检测和管理系统的企业数据管理方法
CN112600892A (zh) * 2020-12-07 2021-04-02 北京邮电大学 面向物联网的区块链设备、系统及工作方法
CN113079215A (zh) * 2021-04-08 2021-07-06 华北电力大学(保定) 一种基于区块链的配电物联网无线安全接入方法
CN113783685A (zh) * 2021-08-30 2021-12-10 武汉海昌信息技术有限公司 一种使用区块链保护车联网数据的系统
CN114615299B (zh) * 2022-03-09 2023-07-21 华中师范大学 一种远程医疗监测方法、系统、介质、设备及终端
CN116192383A (zh) * 2023-02-22 2023-05-30 深圳市怡丰云智科技股份有限公司 基于erp加密的物联网监控方法、装置、设备及存储介质
CN116192383B (zh) * 2023-02-22 2023-10-31 深圳市怡丰云智科技股份有限公司 基于erp加密的物联网监控方法、装置、设备及存储介质

Also Published As

Publication number Publication date
KR20200080441A (ko) 2020-07-07
KR102177794B1 (ko) 2020-11-12

Similar Documents

Publication Publication Date Title
WO2020138525A1 (fr) Procédé d'authentification distribuée d'un dispositif dans un environnement de chaînes de blocs de l'internet des objets, et système d'authentification distribuée de dispositif l'utilisant
WO2019083082A1 (fr) Procédé d'authentification et de communication fondé sur ksi pour environnement résidentiel, sans danger et intelligent, et système associé
US20090199009A1 (en) Systems, methods and computer program products for authorising ad-hoc access
US11689367B2 (en) Authentication method and system
US8145917B2 (en) Security bootstrapping for distributed architecture devices
WO2014003362A1 (fr) Système et procédé d'authentification fondée sur otp
CN105917342A (zh) 基于地理位置分发许可的方法
CN115277168B (zh) 一种访问服务器的方法以及装置、系统
Patel et al. Vehiclechain: Blockchain-based vehicular data transmission scheme for smart city
WO2021187782A1 (fr) Procédé de détection de trafic malveillant et dispositif associé
JP4783340B2 (ja) 移動ネットワーク環境におけるデータトラフィックの保護方法
CN113614720A (zh) 一种动态配置可信应用程序访问控制的装置和方法
WO2014092425A1 (fr) Procédé pour effectuer une authentification d'utilisateur intégrée par génération de nombre aléatoire
WO2015178597A1 (fr) Système et procédé de mise à jour de clé secrète au moyen d'un module puf
CN101577620A (zh) 一种以太网无源光网络(epon)系统认证方法
WO2020032351A1 (fr) Procédé permettant d'établir une identité numérique anonyme
CN112446050B (zh) 应用于区块链系统的业务数据处理方法及装置
CN100499453C (zh) 一种客户端认证的方法
CN114091009A (zh) 利用分布式身份标识建立安全链接的方法
CN112968779A (zh) 一种安全认证与授权控制方法、控制系统、程序存储介质
WO2022060156A1 (fr) Procédé, appareil et programme de mise à jour d'un micrologiciel d'authentificateur
WO2022102989A1 (fr) Système d'authentification et de localisation d'emplacement et procédé de fonctionnement de celui-ci
Chaira et al. A decentralized blockchain-based authentication scheme for cross-communication in IoT networks
JP4158758B2 (ja) プログラムid通信処理制御方法、プログラムid通信範囲制御方法および公開鍵毎通信路提供方法
KR100834576B1 (ko) P2p 네트워크에서 보안통신을 위한 키 관리 방법 및이를 위한 장치

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18944991

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18944991

Country of ref document: EP

Kind code of ref document: A1