WO2020242107A1 - Automatic key update-type joining method, device and program - Google Patents

Automatic key update-type joining method, device and program Download PDF

Info

Publication number
WO2020242107A1
WO2020242107A1 PCT/KR2020/006503 KR2020006503W WO2020242107A1 WO 2020242107 A1 WO2020242107 A1 WO 2020242107A1 KR 2020006503 W KR2020006503 W KR 2020006503W WO 2020242107 A1 WO2020242107 A1 WO 2020242107A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
join
network server
app
server
Prior art date
Application number
PCT/KR2020/006503
Other languages
French (fr)
Korean (ko)
Inventor
상근 오스티븐
조효원
전병국
서진영
조윤호
Original Assignee
(주)이더블유비엠
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)이더블유비엠 filed Critical (주)이더블유비엠
Publication of WO2020242107A1 publication Critical patent/WO2020242107A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0827Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Definitions

  • the present invention relates to a key auto-update type join method, apparatus, and program, in which a new key is automatically generated instead of a server join key already planted in a device, and then a server using the new key It relates to a key auto-update type join method, an apparatus, and a program for joining to.
  • a network server In order for a device having a specific function (for example, a sensor control device using LoRa) to communicate and connect to an app server (for example, a sensor control device data collection and control server) that provides a service for that function, a network server (for example, it may be configured to join to a server that authenticates the device and delivers the device data. Joining to this network server is performed using, for example, an AppKey provided in both the device and the network server in the LoRa (Long Range) communication technology.
  • an AppKey provided in both the device and the network server in the LoRa (Long Range) communication technology.
  • an AppKey is provided in common to the device 10 and the network server 20.
  • the network server 20 accepts the join if the two app keys correspond.
  • both the device 10 and the network server 20 generate corresponding session keys, for example, a network session key (Nwk_SKey) and an app session key (App_SKey).
  • the network server 20 transmits the app session key (App_SKey) to the app server 30.
  • an app session key (App_SKey) is provided in common with the device 10 and the app server 30, and in this state, the device 10 is connected to the app server 30 through the network server 20. ).
  • the AppKey in order for the AppKey to be provided in common with the device 10 and the network server 20, when the device 10 is shipped from the factory, a storage device in the device 10, for example, a flash memory The AppKey is stored, and the corresponding AppKey is configured to be stored in the network server 20.
  • a storage device in the device 10 for example, a flash memory
  • the AppKey is stored, and the corresponding AppKey is configured to be stored in the network server 20.
  • the device 10 is distributed to users and strict management of various users is not always expected, not only a hacking possibility problem such as reverse engineering by a hacker or the like, but also various leakage possibilities exist.
  • the network server 20 may transmit a large amount of the AppKey to the factory, and the factory may arrange and store the AppKey on the device.
  • the leakage accident of the AppKey may occur in various parts such as the transmission process or the storage process.
  • an illegal device may be communicated to the app server 30 via the network server 20, which may cause various problems. Accordingly, there is a need for a technology capable of post-changing an already built-in AppKey.
  • a ZigBee device for transmitting a channel to join ZigBee network and PAN ID to a ZigBee device; After receiving a channel and a PAN ID from the channel/PAN ID changing device, the ZigBee device joins the ZigBee network matching the received PAN ID as the received channel, and the channel/PAN ID changing device, A ZigBee device search trigger receiving a scan request for searching a nearby ZigBee device from a user; A display window for displaying a list of ZigBee devices responding to the scan and selecting a ZigBee device to change a channel and PAN ID from a user; A channel setting switch for receiving a channel to be changed from a user; A PAN ID setting switch that receives a PAN ID to be changed from a user; A channel change trigger requested by a user to transmit the channel to be changed to the selected Zigbee device; A PAN ID change trigger requested by a user to transmit the PAN ID to be changed
  • Patent Document 1 Patent Registration No. 10-1469991 Publication
  • the technology of the above patent document is not strictly the same technology field as it does not change the AppKey afterwards, but it is the subject of comparison in that the connection channel and PAN ID as a preset communication connection setting value are changed afterwards. do.
  • the technology of the patent document is applied to one specific target device to change the connection channel and PAN ID. Therefore, there is a problem that it is not suitable to be applied to a plurality of devices equipped with a large number of AppKeys transmitted to the factory for mass production.
  • the technology of the patent document is configured to receive a scan request, selection of a ZigBee device to be changed, a channel, a PAN ID, a channel transmission request, a PAN ID transmission request, and a transmission request from a user.
  • it is a configuration that requires user action.
  • the post-modification process does not work at all unless the user enters this input.
  • the present invention is to solve the problem of the prior art, and the app key set in advance in a plurality of devices distributed to users and the app key set in the network server corresponding to the app key can be updated afterwards. It is intended to provide a key auto-update type join method, apparatus, and program.
  • any one of a plurality of devices in which an app key is set in advance joins a network server in which an app key corresponding to the app key is previously set.
  • a join request is transmitted from the device to the network server, and the app key of the device and the app key of the network server correspond, a join acceptance is transmitted from the network server to the device.
  • Temporary joining stage A public key among the key pairs of the private key and public key generated by the device by the ECC algorithm is transmitted to the join server through the relay of the network server, and the private key and public key generated by the ECC algorithm in the join server
  • a public key exchange step in which a public key among the key pairs of is transmitted to the device through relay of the network server;
  • An app key generation step in which a new app key is generated in each of the device and the join server, and the new app key is transmitted from the join server to the network server;
  • a communication connection step is the device that is communicatively coupled to the app server It is preferable that it is further included.
  • the key auto-update type joining device of the present invention for achieving the above object is a network server in which any one of a plurality of devices in which an app key is preset in advance is preset with an app key corresponding to the app key.
  • a key auto-update type joining device for joining to wherein when a join request is transmitted from the device to the network server, and the app key of the device and the app key of the network server correspond, the network server accepts the join to the device.
  • the public key of the key pair of the private key and public key generated by the device by the ECC algorithm is transmitted to the join server through the relay of the network server, and the private key and public key generated by the ECC algorithm in the join server
  • An app key generation member for generating a new app key in each of the device and the join server, and transmitting the new app key from the join server to the network server;
  • a join member for transmitting a join acceptance to the device from the network server is included.
  • the program of the present invention for achieving the above object is a key auto-update type join program, in a storage medium readable by an information processing device in which a program for executing each step of the invention described above is recorded in the information processing device. It is a recorded program.
  • an automatic key renewal type joining method and apparatus capable of later updating an app key set in advance in a plurality of devices distributed to a user and an app key set in a network server corresponding to the app key.
  • the program is provided.
  • a key auto-update type joining method, apparatus, and program for automatically updating and joining the app key of the device and the app key of the network server without user intervention.
  • 1 is an operation time chart of a key auto-update type join method, apparatus, and program according to an embodiment of the present invention.
  • the relationship in which other members are arranged or connected to the front, rear, left and right sides, top and bottom of a certain member includes a case where a separate member is inserted in the middle.
  • a member is said to be'right' before, left, or above and below the other member, it means that there is no separate member in the middle.
  • a part is said to'include' other components, it means that other components may be further included, rather than excluding other components unless otherwise stated.
  • the classification of the names of the configurations into first, second, etc. is for classifying the configurations in the same relationship, and is not necessarily limited to the order.
  • terms such as'unit','means','part', and'member' described in the specification refer to a unit of a comprehensive structure that performs at least one function or operation.
  • information processing devices such as terminals and servers described in the specification basically mean hard wiring, which means hardware in which a specific function or operation is implemented, but should not be construed to be limited to specific hardware. It does not exclude soft wiring made of software that is driven in order to implement a specific function or operation. That is, the terminal or the server may be a certain device, or may be software installed on a certain device, such as an app.
  • any one of a plurality of devices 10 in which an AppKey is preset in advance is sent to the network server 20 in which an AppKey corresponding to the AppKey is preset in advance. It is a key auto-update type join method that allows joins.
  • the method of the present invention includes a temporary joining step ; A public key exchange step ; App key generation step and; It is characterized in that the joining step ;
  • the device 10 is a device that performs a specific function, such as, for example, a network camera, and may be joined to a network to communicate with an app server to exchange data.
  • the network server 20 is a server that determines the authority for the device 10 to join the network. In the present invention, whether to join may be determined by whether or not the device 10 and the network server 20 correspond to each other's AppKey.
  • the AppKey is one of PSK (Pre-Shared Key).
  • PSK Pre-Shared Key
  • LoRaWAN is a communication method based on this PSK method.
  • a root key that is shared in advance between the device 10 and the network server 20, such as AppKey or NwkKey has a fixed characteristic. Therefore, once this root key is stolen, the security between the device 10 and the network server 20 is destroyed.
  • the present invention automatically generates a new app key instead of the original app key, and then connects the device 10 to the network server 20 through the new app key, thereby protecting security. It is a technology that can be.
  • the app key of the device 10 and the app key of the network server 20 are provided to correspond to each other, and it can be expressed as being shared.
  • the term'correspondence' or'share' may include not only a configuration configured to have the same data with each other, but also a case where security can be confirmed by a simple predetermined operation even though they are different from each other at a glance.
  • the network server 20 In this step, a join acceptance is transmitted to the device 10 from ).
  • the temporary join step is a join process in a general conventional LoRaWAN.
  • the device 10 is finally and definitively joined to the network server 20 by this joining process, and thereafter, the session key generation of the device 10 and the network server 20 and the session key app server Through transmission to (30), the device 10 is connected to the app server (30) for communication.
  • the app server for communication.
  • an illegal device can access the app server when the app key is leaked.
  • the device 10 is not finally and definitively joined to the network server 20 by the temporary joining step. And by this temporary join step, the device 10 simply acquires only the temporary authority to be connected to the join server 40 to be described later via the network server 20. Therefore, even if the app key is leaked, security is not compromised.
  • the private key generated by the device 10 by the ECC algorithm, the public key among the key pairs of the public key is transmitted to the join server 40 through the relay of the network server 20,
  • a public key among a key pair of the private key and the public key generated by the ECC algorithm in the join server 40 is transmitted to the device 10 through relay of the network server 20.
  • the device 10 has a key pair generation function using an ECC algorithm, generates a key pair of a private key and a public key by this function, and the generated public key is a device public key (Dev_PubKey).
  • the join server 40 also has a key pair generation function according to the ECC algorithm, generates a key pair of a private key and a public key by this function, and the generated public key is a server public key (Svr_PubKey), which It is generated corresponding to the device public key (Dev_PubKey) received from the device 10. Therefore, when the device 10 receives a server public key (Svr_PubKey) from the join server 40, it is possible to check whether the key is a valid key.
  • the network server 20 may be configured to allow communication between the device 10 and the app server 30 or the device 10 and the join server 40, and relay data transfer. have.
  • the present invention is not limited to this, and may be configured to allow only communication without relaying data.
  • the app key generation step is a step in which a new app key is generated in each of the device 10 and the join server 40, and the new app key is transmitted from the join server 40 to the network server 20.
  • each of the device 10 and the join server 40 is provided with a module capable of generating a new app key corresponding to each other.
  • a new app key to replace the original app key is generated in the device 10 and the join server 40, respectively.
  • the new app key generated by the join server 40 is transmitted to the network server 20. Therefore, the new app key is provided corresponding to the device 10 and the network server 20.
  • the network server ( This is a step in which a join acceptance is transmitted to the device 10 from 20).
  • the joining step is a PSK-based joining process generally performed in LoRaWAN. Accordingly, the only difference is that the join process is performed by the new app key, and the module used in the join process is the same as the module of the prior art, and also the module used in the temporary join step.
  • the temporary join step is performed by the original app key by the same module as the conventional join process module, and thereafter, the public key generation and exchange peculiar to the present invention and the new app key generation step are performed. After that, it consists of a structure in which the join step is performed again by a new app key by the same module as the conventional module for the join process.
  • the device 10 after temporarily joining with the original app key, exchanging the public key, and automatically generating a new app key instead of the original app key, the device 10 is sent to the network server 20 through the new app key.
  • the method of the present invention may be used for the purpose of connecting the device 10 to the app server 30 through the joining of the device 10 and the network server 20.
  • the communication connection step is a step in which the device 10 communicates with the app server 30.
  • each session key (Nwk_SKey, App_SKey) is generated in the device 10 and the network server 20, and the session keys (Nwk_SKey, App_SKey) are transferred from the network server 20 to the app server ( 30) after being transmitted.
  • the apparatus of the present invention allows any one of a plurality of devices 10 in which an app key is preset in advance to be joined to a network server 20 in which an app key corresponding to the app key is preset in advance, It is a key auto-update type joining device.
  • the apparatus of the present invention includes a temporary joining member ; A public key exchange member ; App key generation member and; Joining member ; characterized in that it is made.
  • the network server 20 When a join request is transmitted from the device 10 to the network server 20 and the app key of the device 10 and the app key of the network server 20 correspond to the temporary join member , the network server 20 ) To the device 10 from which the join acceptance is transmitted.
  • the public key exchange member the private key generated by the ECC algorithm in the device 10, the public key (Dev_PubKey) of the key pair of the public key to the join server 30 through the relay of the network server 20 And a public key (Svr_PubKey) among a key pair of a private key and a public key generated by the ECC algorithm in the join server 30 is transmitted to the device 10 through relay of the network server 20 Is absent.
  • the app key generating member is a member that generates a new app key in each of the device 10 and the join server 40 and transmits the new app key from the join server 40 to the network server 20.
  • the network server ( It is a member that allows a join acceptance to be transmitted from 20) to the device 10.
  • the program of the present invention is a key auto-update type join program, which is a program recorded on a storage medium that can be read by an information processing device in which a program for executing each step of the invention described above is recorded in the information processing device.
  • the present invention can be used in the industry of a key auto-update type join method, apparatus, and program.

Abstract

An automatic key update-type joining method allows any one of a plurality of devices, in which an AppKey is preconfigured, to join a network server in which an AppKey corresponding to the AppKey is preconfigured. The method comprises: a temporary joining step in which a join request is transmitted from the device to the network server and, if the AppKey of the device corresponds to the AppKey of the network server, a join acceptance is transmitted from the network server to the device; a public key exchanging step in which a device public key is generated by means of ECC key generation in the device and is transmitted to a join server by means of a relay of the network server and, a server public key is generated by means of ECC key generation in the join server and is transmitted to the device by means of a relay of the network server; an AppKey generating step in which new AppKeys are generated in the device and the join server, respectively, and the new AppKeys are transmitted from the join server to the network server; and a joining step in which a join request is transmitted from the device to the network server and, if the new AppKey of the device corresponds to the new AppKey of the network server, a join acceptance is transmitted from the network server to the device.

Description

키 자동 갱신형 조인방법, 장치 및 프로그램 Key auto-renewable join method, device and program
본 발명은, 키 자동 갱신형 조인방법, 장치 및 프로그램에 관한 것으로서, 이미 디바이스에 심어져 있는 서버 조인(join)용 키 대신에 자동으로 신규 키를 생성한 후, 이 신규 키를 이용하여 하여 서버에 조인하도록 하는, 키 자동 갱신형 조인방법, 장치 및 프로그램에 관한 것이다.The present invention relates to a key auto-update type join method, apparatus, and program, in which a new key is automatically generated instead of a server join key already planted in a device, and then a server using the new key It relates to a key auto-update type join method, an apparatus, and a program for joining to.
일반적으로, 특정 기능을 가지는 디바이스(예컨대 LoRa를 사용하는 센서제어장치)가 그 기능에 관한 서비스를 제공하는 앱 서버(예컨대 센서제어장치 데이터 수집 및 제어서버)에 통신 연결되기 위해, 먼저 네트워크 서버(예컨대 장치를 인증하고 장치 데이터를 전달하는 서버)에 조인하도록 구성된 경우가 있다. 이 네트워크 서버에 대한 조인은, 예컨대 LoRa(Long Range) 통신기술에 있어서는, 상기 디바이스와 네트워크 서버에 공히 구비된 앱키(AppKey)를 이용하여 수행된다.In general, in order for a device having a specific function (for example, a sensor control device using LoRa) to communicate and connect to an app server (for example, a sensor control device data collection and control server) that provides a service for that function, a network server ( For example, it may be configured to join to a server that authenticates the device and delivers the device data. Joining to this network server is performed using, for example, an AppKey provided in both the device and the network server in the LoRa (Long Range) communication technology.
종래에는 예컨대 도 2와 같이, 디바이스(10)와 네트워크 서버(20)에 공통으로 앱키(AppKey)가 구비되어 있다. 이 상태에서, 상기 디바이스(10)로부터 상기 네트워크 서버(20)에 조인 요청이 전송되면, 상기 네트워크 서버(20)는, 양측 앱키가 상응하면, 조인 수락을 한다. 그리고 상기 디바이스(10)와 상기 네트워크 서버(20) 양자는, 상응하는 세션키, 예컨대 네트워크 세션키(Nwk_SKey)와 앱 세션키(App_SKey)를 생성한다. 그리고 상기 네트워크 서버(20)는, 상기 앱 세션키(App_SKey)를 앱 서버(30)에 전송한다. 이로써 상기 디바이스(10)와 앱 서버(30)에 공통으로 앱 세션키(App_SKey)가 구비되어 있게 되고, 이 상태에서, 상기 디바이스(10)가 상기 네트워크 서버(20)를 통해 상기 앱 서버(30)에 통신 연결된다.Conventionally, for example, as shown in FIG. 2, an AppKey is provided in common to the device 10 and the network server 20. In this state, when a join request is transmitted from the device 10 to the network server 20, the network server 20 accepts the join if the two app keys correspond. And, both the device 10 and the network server 20 generate corresponding session keys, for example, a network session key (Nwk_SKey) and an app session key (App_SKey). Further, the network server 20 transmits the app session key (App_SKey) to the app server 30. Accordingly, an app session key (App_SKey) is provided in common with the device 10 and the app server 30, and in this state, the device 10 is connected to the app server 30 through the network server 20. ).
여기서, 상기 앱키(AppKey)가 상기 디바이스(10)와 네트워크 서버(20)에 공통으로 구비되기 위해서는, 상기 디바이스(10)의 공장 출하 시에, 상기 디바이스(10) 내의 저장장치, 예컨대 플래시 메모리에 상기 앱키(AppKey)가 저장되고, 이와 상응하는 앱키(AppKey)가 상기 네트워크 서버(20)에 저장되도록 구성된다. 그런데, 상기 디바이스(10)는, 이용자에게 배포되는 것이고, 다양한 이용자들에 대해 엄격한 관리를 항상 기대할 수 있는 것이 아니기 때문에, 해커 등에 의한 리버스 엔지니어링 등 해킹 가능성 문제 뿐만 아니라, 다양한 유출 가능성이 존재한다.Here, in order for the AppKey to be provided in common with the device 10 and the network server 20, when the device 10 is shipped from the factory, a storage device in the device 10, for example, a flash memory The AppKey is stored, and the corresponding AppKey is configured to be stored in the network server 20. However, since the device 10 is distributed to users and strict management of various users is not always expected, not only a hacking possibility problem such as reverse engineering by a hacker or the like, but also various leakage possibilities exist.
특히, 예컨대 대량생산 시에는 상기 네트워크 서버(20) 측에서 공장에 상기 앱키(AppKey)를 다량 전송하고, 상기 공장에서 디바이스에 상기 앱키(AppKey)를 배치 저장시키도록 하는 경우가 있는데, 이런 경우에, 상기 전송과정이나 상기 저장과정 등 다양한 부분에서 상기 앱키(AppKey)의 유출사고가 발생될 여지가 있다. 앱키(AppKey)가 유출되면, 정당하지 않은 디바이스가 네트워크 서버(20)를 거쳐 앱 서버(30)에 통신 연결될 수 있고, 이는 다양한 문제를 야기할 수 있게 된다. 따라서, 이미 내장된 앱키(AppKey)를 사후적으로 변경시킬 수 있는 기술이 요청된다.In particular, for example, in mass production, the network server 20 may transmit a large amount of the AppKey to the factory, and the factory may arrange and store the AppKey on the device. , There is a possibility that the leakage accident of the AppKey may occur in various parts such as the transmission process or the storage process. When the AppKey is leaked, an illegal device may be communicated to the app server 30 via the network server 20, which may cause various problems. Accordingly, there is a need for a technology capable of post-changing an already built-in AppKey.
종래에 하기 특허문헌에 '지그비 디바이스에게 지그비 네트워크 조인할 채널 및 PAN ID를 전송하는 채널/PAN ID 변경 디바이스; 상기 채널/PAN ID 변경 디바이스로부터 채널 및 PAN ID를 수신한 후, 상기 수신한 PAN ID와 일치하는 지그비 네트워크에 상기 수신한 채널로서 조인하는 지그비 디바이스를 포함하며, 상기 채널/PAN ID 변경 디바이스는, 주변 지그비 디바이스를 검색하는 스캔 요청을 사용자로부터 입력받는 지그비 디바이스 검색 트리거; 상기 스캔에 응답한 지그비 디바이스들의 목록을 디스플레이하여 채널 및 PAN ID 변경할 지그비 디바이스를 사용자로부터 선택받는 표시창; 변경할 채널을 사용자로부터 입력받는 채널 설정 스위치; 변경할 PAN ID를 사용자로부터 입력받는 PAN ID 설정 스위치; 상기 변경할 채널을 상기 선택된 지그비 디바이스에게 전송해줄 것을 사용자로부터 요청받는 채널 변경 트리거; 상기 변경할 PAN ID를 상기 선택된 지그비 디바이스에게 전송해줄 것을 사용자로부터 요청받는 PAN ID 변경 트리거; 상기 선택된 지그비 디바이스로 하여금 상기 채널 및 PAN ID로서 지그비 네트워크에 접속하도록 사용자로부터 요청받는 조인 트리거를 포함하는 지그비 네트워크 조인 장치'가 개시되어 있다.Conventionally, in the following patent documents,'Channel/PAN ID changing device for transmitting a channel to join ZigBee network and PAN ID to a ZigBee device; After receiving a channel and a PAN ID from the channel/PAN ID changing device, the ZigBee device joins the ZigBee network matching the received PAN ID as the received channel, and the channel/PAN ID changing device, A ZigBee device search trigger receiving a scan request for searching a nearby ZigBee device from a user; A display window for displaying a list of ZigBee devices responding to the scan and selecting a ZigBee device to change a channel and PAN ID from a user; A channel setting switch for receiving a channel to be changed from a user; A PAN ID setting switch that receives a PAN ID to be changed from a user; A channel change trigger requested by a user to transmit the channel to be changed to the selected Zigbee device; A PAN ID change trigger requested by a user to transmit the PAN ID to be changed to the selected Zigbee device; Disclosed is a ZigBee network join device including a join trigger requested from a user to allow the selected ZigBee device to access the ZigBee network as the channel and PAN ID.
[선행기술문헌][Prior technical literature]
[특허문헌][Patent Literature]
(특허문헌 1) 특허등록 제10-1469991호 공보(Patent Document 1) Patent Registration No. 10-1469991 Publication
상기 특허문헌의 기술은, 앱키(AppKey)를 사후에 변경시키는 것이 아니라서 엄격히 동일 기술분야는 아니지만, 사전에 설정된 통신연결용 설정치로서의 연결용 채널과 PAN ID를 사후에 변경시킨다는 점에서 비교의 대상으로 한다. 다만, 상기 특허문헌의 기술은, 연결용 채널과 PAN ID를 변경할 하나의 특정 대상 디바이스에 대해 적용되는 것이다. 따라서, 대량생산을 위해 공장에 전송된 대량의 앱키(AppKey)가 구비된 다수의 디바이스에 대해 적용되기에는 적합하지 않다는 문제가 있다.The technology of the above patent document is not strictly the same technology field as it does not change the AppKey afterwards, but it is the subject of comparison in that the connection channel and PAN ID as a preset communication connection setting value are changed afterwards. do. However, the technology of the patent document is applied to one specific target device to change the connection channel and PAN ID. Therefore, there is a problem that it is not suitable to be applied to a plurality of devices equipped with a large number of AppKeys transmitted to the factory for mass production.
그리고 상기 특허문헌의 기술은, 스캔 요청, 변경대상 지그비 디바이스의 선택, 채널, PAN ID, 채널 전송 요청, PAN ID 전송 요청, 전송 요청을 사용자로부터 입력받도록 구성되어 있다. 즉, 사용자의 동작을 필요로 하는 구성이다. 하지만, 사용자의 입력에 의존하므로, 사용자의 실수나 나쁜 의도에 의한 네트워크 마비나 데이터 오류 등의 발생 가능성이 있다. 게다가, 사용자가 이러한 입력을 하지 않으면 사후 변경과정은 아예 작동되지 않는다.Further, the technology of the patent document is configured to receive a scan request, selection of a ZigBee device to be changed, a channel, a PAN ID, a channel transmission request, a PAN ID transmission request, and a transmission request from a user. In other words, it is a configuration that requires user action. However, since it depends on the user's input, there is a possibility of a network paralysis or data error due to a user's mistake or bad intention. In addition, the post-modification process does not work at all unless the user enters this input.
본 발명은, 상기 종래기술의 문제를 해소하기 위한 것으로서, 이용자에게 배포되는 복수의 디바이스에 사전에 미리 설정되어 있는 앱키 및 상기 앱키에 상응하게 네트워크 서버에 설정되어 있는 앱키를 사후에 갱신할 수 있는, 키 자동 갱신형 조인방법, 장치 및 프로그램을 제공하고자 하는 것이다.The present invention is to solve the problem of the prior art, and the app key set in advance in a plurality of devices distributed to users and the app key set in the network server corresponding to the app key can be updated afterwards. It is intended to provide a key auto-update type join method, apparatus, and program.
그리고 상기 디바이스의 앱키와 상기 네트워크 서버의 앱키의 갱신 및 조인과정이, 사용자의 개입 없이 자동으로 이루어지도록 하는, 키 자동 갱신형 조인방법, 장치 및 프로그램을 제공하고자 하는 것이다.In addition, it is intended to provide a key auto-update type joining method, apparatus, and program that automatically updates and joins the app key of the device and the app key of the network server without user intervention.
상기 과제를 달성하기 위한 본 발명의 키 자동 갱신형 조인방법은, 앱키가 사전에 미리 설정되어 있는 복수의 디바이스 중 어느 하나가, 상기 앱키에 상응하는 앱키가 사전에 미리 설정되어 있는 네트워크 서버에 조인되도록 하는, 키 자동 갱신형 조인방법으로서, 상기 디바이스로부터 상기 네트워크 서버에 조인 요청이 전송되고, 상기 디바이스의 앱키와 상기 네트워크 서버의 앱키가 상응되면, 상기 네트워크 서버로부터 상기 디바이스에 조인 수락이 전송되는 임시조인단계와; 상기 디바이스에서 ECC 알고리즘에 의해 생성된 프라이비트키, 퍼블릭키의 키쌍 중 퍼블릭키가 상기 네트워크 서버의 중계를 통해 조인서버에 전송되고, 상기 조인서버에서 ECC 알고리즘에 의해 생성된 프라이비트키, 퍼블릭키의 키쌍 중 퍼블릭키가 상기 네트워크 서버의 중계를 통해 상기 디바이스에 전송되는 퍼블릭키 교환단계와; 상기 디바이스 및 상기 조인서버에서 각각 신규 앱키가 생성되고, 상기 조인서버로부터 상기 네트워크 서버에 상기 신규 앱키가 전송되는 앱키생성단계와; 상기 디바이스로부터 상기 네트워크 서버에 조인 요청이 전송되고, 상기 디바이스의 신규 앱키와 상기 네트워크 서버의 신규 앱키가 상응되면, 상기 네트워크 서버로부터 상기 디바이스에 조인 수락이 전송되는 조인단계;가 포함되어 이루어짐을 특징으로 한다.In the key auto-update type join method of the present invention for achieving the above object, any one of a plurality of devices in which an app key is set in advance joins a network server in which an app key corresponding to the app key is previously set. As a key auto-update type join method, wherein when a join request is transmitted from the device to the network server, and the app key of the device and the app key of the network server correspond, a join acceptance is transmitted from the network server to the device. Temporary joining stage ; A public key among the key pairs of the private key and public key generated by the device by the ECC algorithm is transmitted to the join server through the relay of the network server, and the private key and public key generated by the ECC algorithm in the join server A public key exchange step in which a public key among the key pairs of is transmitted to the device through relay of the network server; An app key generation step in which a new app key is generated in each of the device and the join server, and the new app key is transmitted from the join server to the network server; A join step of transmitting a join acceptance to the device from the network server when a join request is transmitted from the device to the network server, and the new app key of the device and the new app key of the network server correspond to each other. To do.
여기서, 상기 조인단계 후에, 상기 디바이스와 상기 네트워크 서버에서 각각 세션키가 생성되고, 상기 세션키가 상기 네트워크 서버로부터 앱 서버에 전송된 후, 상기 디바이스가 상기 앱 서버에 통신연결되는 통신연결단계가 더 포함되어 이루어짐이 바람직하다.Wherein, after the joining step, in the device and the network server, each of the session key is generated, and after the session key is sent to the app server from the network server, a communication connection step is the device that is communicatively coupled to the app server It is preferable that it is further included.
한편, 상기 과제를 달성하기 위한 본 발명의 키 자동 갱신형 조인장치는, 앱키가 사전에 미리 설정되어 있는 복수의 디바이스 중 어느 하나가, 상기 앱키에 상응하는 앱키가 사전에 미리 설정되어 있는 네트워크 서버에 조인되도록 하는, 키 자동 갱신형 조인장치로서, 상기 디바이스로부터 상기 네트워크 서버에 조인 요청이 전송되고, 상기 디바이스의 앱키와 상기 네트워크 서버의 앱키가 상응되면, 상기 네트워크 서버로부터 상기 디바이스에 조인 수락이 전송되는 임시조인부재와; 상기 디바이스에서 ECC 알고리즘에 의해 생성된 프라이비트키, 퍼블릭키의 키쌍 중 퍼블릭키가 상기 네트워크 서버의 중계를 통해 조인서버에 전송되고, 상기 조인서버에서 ECC 알고리즘에 의해 생성된 프라이비트키, 퍼블릭키의 키쌍 중 퍼블릭키가 상기 네트워크 서버의 중계를 통해 상기 디바이스에 전송되는 퍼블릭키 교환부재와; 상기 디바이스 및 상기 조인서버에서 각각 신규 앱키가 생성되고, 상기 조인서버로부터 상기 네트워크 서버에 상기 신규 앱키가 전송되는 앱키생성부재와; 상기 디바이스로부터 상기 네트워크 서버에 조인 요청이 전송되고, 상기 디바이스의 신규 앱키와 상기 네트워크 서버의 신규 앱키가 상응되면, 상기 네트워크 서버로부터 상기 디바이스에 조인 수락이 전송되는 조인부재;가 포함되어 이루어짐을 특징으로 한다.On the other hand, the key auto-update type joining device of the present invention for achieving the above object is a network server in which any one of a plurality of devices in which an app key is preset in advance is preset with an app key corresponding to the app key. A key auto-update type joining device for joining to, wherein when a join request is transmitted from the device to the network server, and the app key of the device and the app key of the network server correspond, the network server accepts the join to the device. A temporary joining member to be transmitted; The public key of the key pair of the private key and public key generated by the device by the ECC algorithm is transmitted to the join server through the relay of the network server, and the private key and public key generated by the ECC algorithm in the join server A public key exchange member in which a public key among the key pairs of is transmitted to the device through relay of the network server; An app key generation member for generating a new app key in each of the device and the join server, and transmitting the new app key from the join server to the network server; When a join request is transmitted from the device to the network server, and a new app key of the device and a new app key of the network server correspond to each other, a join member for transmitting a join acceptance to the device from the network server is included. To do.
한편, 상기 과제를 달성하기 위한 본 발명의 프로그램은, 키 자동 갱신형 조인 프로그램으로서, 정보처리기기에 상기에 기재된 발명의 각 단계를 실행시키기 위한 프로그램을 기록한 정보처리기기로 읽을 수 있는 저장매체에 기록된 프로그램이다.On the other hand, the program of the present invention for achieving the above object is a key auto-update type join program, in a storage medium readable by an information processing device in which a program for executing each step of the invention described above is recorded in the information processing device. It is a recorded program.
본 발명에 의하면, 이용자에게 배포되는 복수의 디바이스에 사전에 미리 설정되어 있는 앱키 및 상기 앱키에 상응하게 네트워크 서버에 설정되어 있는 앱키를 사후에 갱신할 수 있는, 키 자동 갱신형 조인방법, 장치 및 프로그램이 제공된다.According to the present invention, an automatic key renewal type joining method and apparatus capable of later updating an app key set in advance in a plurality of devices distributed to a user and an app key set in a network server corresponding to the app key. The program is provided.
그리고 상기 디바이스의 앱키와 상기 네트워크 서버의 앱키의 갱신 및 조인과정이, 사용자의 개입 없이 자동으로 이루어지도록 하는, 키 자동 갱신형 조인방법, 장치 및 프로그램이 제공된다.In addition, there is provided a key auto-update type joining method, apparatus, and program for automatically updating and joining the app key of the device and the app key of the network server without user intervention.
도 1은, 본 발명의 일실시예에 의한 키 자동 갱신형 조인방법, 장치 및 프로그램의 동작 타임차트이다.1 is an operation time chart of a key auto-update type join method, apparatus, and program according to an embodiment of the present invention.
도 2는, 종래의 조인방법의 동작 타임차트이다.2 is an operation time chart of a conventional joining method.
이하, 첨부도면을 참조하면서 본 발명에 따른 키 자동 갱신형 조인방법, 장치 및 프로그램에 대해 상세히 설명한다. 다만, 동일구성에 의해 동일기능을 가지는 부재에 대해서는, 도면이 달라지더라도 동일부호를 유지함으로써, 그 상세한 설명을 생략하는 경우가 있다.Hereinafter, a key auto-update type joining method, apparatus, and program according to the present invention will be described in detail with reference to the accompanying drawings. However, for members having the same function by the same configuration, the same reference numerals are maintained even if the drawings are different, and thus detailed description thereof may be omitted.
또한, 어떤 부재의 전후, 좌우, 상하에 다른 부재가 배치되거나 연결되는 관계는, 그 중간에 별도 부재가 삽입되는 경우를 포함한다. 반대로, 어떤 부재가 다른 부재의 '바로' 전후, 좌우, 상하에 있다고 할 때에는, 중간에 별도 부재가 없는 것을 뜻한다. 그리고 어떤 부분이 다른 구성요소를 '포함'한다고 할 때, 이는 특별히 반대되는 기재가 없는 한, 다른 구성요소를 제외하는 것이 아니라, 다른 구성요소를 더 포함할 수 있는 것을 의미한다.In addition, the relationship in which other members are arranged or connected to the front, rear, left and right sides, top and bottom of a certain member includes a case where a separate member is inserted in the middle. Conversely, when a member is said to be'right' before, left, or above and below the other member, it means that there is no separate member in the middle. And, when a part is said to'include' other components, it means that other components may be further included, rather than excluding other components unless otherwise stated.
그리고 구성의 명칭을 제1, 제2 등으로 구분한 것은, 그 구성이 동일한 관계로 이를 구분하기 위한 것으로, 반드시 그 순서에 한정되는 것은 아니다. 또한, 명세서에 기재된 '유닛', '수단', '부', '부재' 등의 용어는, 적어도 하나의 기능이나 동작을 하는 포괄적인 구성의 단위를 의미한다. 그리고 명세서에 기재된 단말, 서버 등의 정보처리기기는, 특정한 기능이나 동작이 구현된 하드웨어를 의미하는 하드 와이어링을 기본적으로 의미하지만, 특정한 하드웨어에 한정되도록 해석되어서는 안되고, 일반 범용 하드웨어 상에 그 특정한 기능이나 동작이 구현되도록 하기 위해 구동되는 소프트웨어로 이루어지는 소프트 와이어링을 배제하는 것이 아니다. 즉, 단말 또는 서버는, 어떤 장치가 될 수도 있고, 앱과 같이, 어떤 기기에 설치되는 소프트웨어가 될 수도 있다.In addition, the classification of the names of the configurations into first, second, etc. is for classifying the configurations in the same relationship, and is not necessarily limited to the order. In addition, terms such as'unit','means','part', and'member' described in the specification refer to a unit of a comprehensive structure that performs at least one function or operation. In addition, information processing devices such as terminals and servers described in the specification basically mean hard wiring, which means hardware in which a specific function or operation is implemented, but should not be construed to be limited to specific hardware. It does not exclude soft wiring made of software that is driven in order to implement a specific function or operation. That is, the terminal or the server may be a certain device, or may be software installed on a certain device, such as an app.
그리고 도면에 나타난 각 구성의 크기 및 두께는, 설명의 편의를 위해 임의로 나타내었으므로, 본 발명이 반드시 도면에 도시된 바에 한정되지 않으며, 층 및 영역 등의 여러 부분 및 영역을 명확하게 표현하기 위해 두께 등은 과장하여 확대 또는 축소하여 나타낸 경우가 있다.In addition, the size and thickness of each component shown in the drawings are arbitrarily shown for convenience of description, so the present invention is not necessarily limited to those shown in the drawings, and in order to clearly express various parts and regions such as layers and regions In some cases, the thickness is exaggerated and enlarged or reduced.
<기본구성 - 방법><Basic configuration-method>
본 발명의 방법은, 앱키(AppKey)가 사전에 미리 설정되어 있는 복수의 디바이스(10) 중 어느 하나가, 상기 앱키에 상응하는 앱키(AppKey)가 사전에 미리 설정되어 있는 네트워크 서버(20)에 조인되도록 하는, 키 자동 갱신형 조인방법이다. 본 발명의 방법은, 임시조인단계와; 퍼블릭키 교환단계와; 앱키생성단계와; 조인단계;가 포함되어 이루어짐을 특징으로 한다.In the method of the present invention, any one of a plurality of devices 10 in which an AppKey is preset in advance is sent to the network server 20 in which an AppKey corresponding to the AppKey is preset in advance. It is a key auto-update type join method that allows joins. The method of the present invention includes a temporary joining step ; A public key exchange step ; App key generation step and; It is characterized in that the joining step ;
상기 디바이스(10)는, 예컨대 네트워크 카메라와 같이 특정 기능을 수행하는 장치로서, 네트워크에 조인되어 앱 서버에 통신 연결되어 데이터를 주고 받도록 이루어질 수 있다.The device 10 is a device that performs a specific function, such as, for example, a network camera, and may be joined to a network to communicate with an app server to exchange data.
상기 네트워크 서버(20)는, 디바이스(10)가 네트워크에 조인되는 권한을 결정하는 서버이다. 본 발명에 있어서는, 조인 여부는, 예컨대 디바이스(10)와 네트워크 서버(20)에서 각각 구비하고 있는 앱키(AppKey)의 상응 여부에 의해 결정하도록 이루어질 수 있다.The network server 20 is a server that determines the authority for the device 10 to join the network. In the present invention, whether to join may be determined by whether or not the device 10 and the network server 20 correspond to each other's AppKey.
상기 앱키(AppKey)는, PSK(Pre-Shared Key)의 하나이다. 예컨대 LoRaWAN은, 이러한 PSK 방식에 기초하는 통신방식이다. 일반적으로 디바이스(10)와 네트워크 서버(20)에 미리 공유되어 있는 루트키, 예컨대 AppKey나 NwkKey는, 고정적인 성격을 가진다. 따라서, 이러한 루트키가 일단 탈취되면, 디바이스(10)와 네트워크 서버(20) 사이의 보안이 무너지게 된다. 본 발명은, 이러한 경우에 대한 해결책을 제시하는 것으로서, 원래의 앱키 대신에 신규 앱키를 자동 생성시킨 후, 이 신규 앱키를 통해 디바이스(10)가 네트워크 서버(20)에 연결되도록 함으로써, 보안을 지킬 수 있는 기술이다. The AppKey is one of PSK (Pre-Shared Key). For example, LoRaWAN is a communication method based on this PSK method. In general, a root key that is shared in advance between the device 10 and the network server 20, such as AppKey or NwkKey, has a fixed characteristic. Therefore, once this root key is stolen, the security between the device 10 and the network server 20 is destroyed. The present invention, as a solution to this case, automatically generates a new app key instead of the original app key, and then connects the device 10 to the network server 20 through the new app key, thereby protecting security. It is a technology that can be.
상기 디바이스(10)의 앱키와 상기 네트워크 서버(20)의 앱키는, 서로 상응되도록 구비되어 있고, 이는 공유된다고도 표현될 수 있다. 여기서 '상응' 또는 '공유'라 함은, 서로 동일한 데이터를 가지도록 이루어지는 구성 뿐아니라, 일견 서로 상이하더라도 미리 정해져 있는 간단한 연산에 의해 보안을 확인할 수 있는 경우를 포함할 수 있다. The app key of the device 10 and the app key of the network server 20 are provided to correspond to each other, and it can be expressed as being shared. Here, the term'correspondence' or'share' may include not only a configuration configured to have the same data with each other, but also a case where security can be confirmed by a simple predetermined operation even though they are different from each other at a glance.
상기 임시조인단계는, 상기 디바이스(10)로부터 상기 네트워크 서버(20)에 조인 요청이 전송되고, 상기 디바이스(10)의 앱키와 상기 네트워크 서버(20)의 앱키가 상응되면, 상기 네트워크 서버(20)로부터 상기 디바이스(10)에 조인 수락이 전송되는 단계이다.In the temporary joining step , when a join request is transmitted from the device 10 to the network server 20 and the app key of the device 10 and the app key of the network server 20 correspond, the network server 20 In this step, a join acceptance is transmitted to the device 10 from ).
상기 임시조인단계는, 일반적인 종래의 LoRaWAN에 있어서의 조인과정이다. 종래의 LoRaWAN에서는, 이 조인과정에 의해 디바이스(10)는 네트워크 서버(20)에 최종적이고 확정적으로 조인되고, 그 후에 디바이스(10)와 네트워크 서버(20)의 세션키 생성 및 세션키의 앱 서버(30)로의 전송을 통해, 디바이스(10)가 앱 서버(30)에 통신 연결되도록 되어 있다. 하지만, 앱키의 유출이 발생되면 부정 디바이스가 앱 서버에 접속 가능하게 된다는 문제가 발생될 수 있음은 전술한 바와 같다.The temporary join step is a join process in a general conventional LoRaWAN. In the conventional LoRaWAN, the device 10 is finally and definitively joined to the network server 20 by this joining process, and thereafter, the session key generation of the device 10 and the network server 20 and the session key app server Through transmission to (30), the device 10 is connected to the app server (30) for communication. However, as described above, there may be a problem that an illegal device can access the app server when the app key is leaked.
본 발명에서는, 상기 임시조인단계에 의해 상기 디바이스(10)가 상기 네트워크 서버(20)에 최종적이고 확정적으로 조인되지 않도록 하는 것이 특징이다. 그리고 이 임시조인단계에 의해, 상기 디바이스(10)는, 단순히 상기 네트워크 서버(20)를 통해 후술하는 조인서버(40)에 연결될 임시적 권한만 획득하는 것이 된다. 따라서, 설령 앱키가 유출된 경우라 하더라도, 보안이 침해되지 않는다.In the present invention, the device 10 is not finally and definitively joined to the network server 20 by the temporary joining step. And by this temporary join step, the device 10 simply acquires only the temporary authority to be connected to the join server 40 to be described later via the network server 20. Therefore, even if the app key is leaked, security is not compromised.
상기 퍼블릭키 교환단계는, 상기 디바이스(10)에서 ECC 알고리즘에 의해 생성된 프라이비트키, 퍼블릭키의 키쌍 중 퍼블릭키가 상기 네트워크 서버(20)의 중계를 통해 조인서버(40)에 전송되고, 상기 조인서버(40)에서 ECC 알고리즘에 의해 생성된 프라이비트키, 퍼블릭키의 키쌍 중 퍼블릭키가 상기 네트워크 서버(20)의 중계를 통해 상기 디바이스(10)에 전송되는 단계이다.In the public key exchange step , the private key generated by the device 10 by the ECC algorithm, the public key among the key pairs of the public key is transmitted to the join server 40 through the relay of the network server 20, In this step, a public key among a key pair of the private key and the public key generated by the ECC algorithm in the join server 40 is transmitted to the device 10 through relay of the network server 20.
상기 디바이스(10)는, ECC 알고리즘에 의한 키쌍 생성기능을 가지고, 이 기능에 의해 프라이비트키와 퍼블릭키의 키쌍을 생성하며, 이 생성된 퍼블릭키가 디바이스 퍼블릭키(Dev_PubKey)이다. 마찬가지로 상기 조인서버(40)도, ECC 알고리즘에 의한 키쌍 생성기능을 가지고, 이 기능에 의해 프라이비트키와 퍼블릭키의 키쌍을 생성하며, 이 생성된 퍼블릭키가 서버 퍼블릭키(Svr_PubKey)이고, 이는 상기 디바이스(10)로부터 받은 디바이스 퍼블릭키(Dev_PubKey)에 상응하여 생성된다. 따라서, 상기 디바이스(10)에서 상기 조인서버(40)로부터 서버 퍼블릭키(Svr_PubKey)를 받으면, 정당한 키인지 여부를 확인할 수 있다.The device 10 has a key pair generation function using an ECC algorithm, generates a key pair of a private key and a public key by this function, and the generated public key is a device public key (Dev_PubKey). Similarly, the join server 40 also has a key pair generation function according to the ECC algorithm, generates a key pair of a private key and a public key by this function, and the generated public key is a server public key (Svr_PubKey), which It is generated corresponding to the device public key (Dev_PubKey) received from the device 10. Therefore, when the device 10 receives a server public key (Svr_PubKey) from the join server 40, it is possible to check whether the key is a valid key.
상기 네트워크 서버(20)은, 상기 디바이스(10)와 상기 앱서버(30) 또는 상기 디바이스(10)와 상기 조인서버(40) 사이의 통신여부를 허용하고, 데이터의 수수를 중계하도록 구성될 수 있다. 하지만, 본 발명은 이에 한하지 않고, 데이트의 수수는 중계하지 않고, 통신여부만 허용하도록 구성되어도 좋다. The network server 20 may be configured to allow communication between the device 10 and the app server 30 or the device 10 and the join server 40, and relay data transfer. have. However, the present invention is not limited to this, and may be configured to allow only communication without relaying data.
상기 앱키생성단계는, 상기 디바이스(10) 및 상기 조인서버(40)에서 각각 신규 앱키가 생성되고, 상기 조인서버(40)로부터 상기 네트워크 서버(20)에 상기 신규 앱키가 전송되는 단계이다.The app key generation step is a step in which a new app key is generated in each of the device 10 and the join server 40, and the new app key is transmitted from the join server 40 to the network server 20.
이를 위해 상기 디바이스(10) 및 상기 조인서버(40)에는 각각, 서로 상응하는 신규 앱키를 생성시킬 수 있는 모듈이 구비되어 있다. 상기 퍼블릭키 교환단계에서 디바이스 퍼블릭키(Dev_PubKey)와 서버 퍼블릭키(Svr_PubKey)의 교환이 성공되면, 원래의 앱키를 대신할 신규 앱키가 상기 디바이스(10) 및 상기 조인서버(40)에서 각각 생성되는 것이 본 발명의 특징이 된다. 특히, 상기 상기 조인서버(40)에서 생성된 신규 앱키는, 상기 네트워크 서버(20)에 전송된다. 따라서, 신규 앱키는, 상기 디바이스(10) 및 상기 네트워크 서버(20)에 상응되게 구비된다.To this end, each of the device 10 and the join server 40 is provided with a module capable of generating a new app key corresponding to each other. When the exchange of the device public key (Dev_PubKey) and the server public key (Svr_PubKey) is successful in the public key exchange step, a new app key to replace the original app key is generated in the device 10 and the join server 40, respectively. This is a feature of the present invention. In particular, the new app key generated by the join server 40 is transmitted to the network server 20. Therefore, the new app key is provided corresponding to the device 10 and the network server 20.
상기 조인단계는, 상기 디바이스(10)로부터 상기 네트워크 서버(20)에 조인 요청이 전송되고, 상기 디바이스(10)의 신규 앱키와 상기 네트워크 서버(20)의 신규 앱키가 상응되면, 상기 네트워크 서버(20)로부터 상기 디바이스(10)에 조인 수락이 전송되는 단계이다.In the joining step , when a join request is transmitted from the device 10 to the network server 20 and the new app key of the device 10 and the new app key of the network server 20 correspond, the network server ( This is a step in which a join acceptance is transmitted to the device 10 from 20).
상기 조인단계는, 일반적으로 LoRaWAN에 있어서 일반적으로 이루어지는 PSK 기반의 조인과정이다. 따라서, 신규 앱키에 의하여 조인과정이 이루어진다는 점이 다를 뿐, 조인과정에 이용되는 모듈은 종래기술의 모듈과 동일하고, 또한 상기 임시조인단계에서 이용되는 모듈과도 동일하다.The joining step is a PSK-based joining process generally performed in LoRaWAN. Accordingly, the only difference is that the join process is performed by the new app key, and the module used in the join process is the same as the module of the prior art, and also the module used in the temporary join step.
이처럼, 본 발명에 있어서는, 종래기술의 조인과정용 모듈과 동일한 모듈에 의해, 원래의 앱키에 의해 임시조인단계를 수행하고, 그 후 본 발명 특유의 퍼블릭키 생성 및 교환과 신규 앱키 생성단계를 수행한 후, 다시 종래기술의 조인과정용 모듈과 동일한 모듈에 의해, 신규 앱키에 의해 조인단계를 수행하는 구조로 이루어져 있다.As described above, in the present invention, the temporary join step is performed by the original app key by the same module as the conventional join process module, and thereafter, the public key generation and exchange peculiar to the present invention and the new app key generation step are performed. After that, it consists of a structure in which the join step is performed again by a new app key by the same module as the conventional module for the join process.
<효과><Effect>
따라서, 본 발명에 의하면, 일단 원래 앱키로 임시조인하여, 퍼블릭키를 교환하고, 원래의 앱키 대신에 신규 앱키를 자동 생성시킨 후, 이 신규 앱키를 통해 디바이스(10)가 네트워크 서버(20)에 최종 조인되도록 함으로써, 루트키, 예컨대 앱키가 일단 탈취 또는 유출됐다 하더라도, 보안을 지킬 수 있게 된다는 우수한 효과가 생긴다.Therefore, according to the present invention, after temporarily joining with the original app key, exchanging the public key, and automatically generating a new app key instead of the original app key, the device 10 is sent to the network server 20 through the new app key. By making the final join, even if the root key, such as the app key, is stolen or leaked once, there is an excellent effect that security can be maintained.
<앱 서버에의 연결><Connection to app server>
여기서, 본 발명의 방법은, 상기 디바이스(10)와 상기 네트워크 서버(20)의 조인을 통해, 상기 디바이스(10)가 앱 서버(30)에 연결되도록 하기 위한 목적으로 사용되어도 좋다. 이를 위해, 상기 조인단계 후에, 통신연결단계가 더 포함되어 이루어지도록 함이 바람직하다. Here, the method of the present invention may be used for the purpose of connecting the device 10 to the app server 30 through the joining of the device 10 and the network server 20. To this end, after the joining step, it is preferable to further include a communication connection step .
상기 통신연결단계는, 상기 디바이스(10)가 상기 앱 서버(30)에 통신연결되는 단계이다. 상기 통신연결단계는, 상기 디바이스(10)와 상기 네트워크 서버(20)에서 각각 세션키(Nwk_SKey, App_SKey)가 생성되고, 상기 세션키(Nwk_SKey, App_SKey)가 상기 네트워크 서버(20)로부터 앱 서버(30)에 전송된 후에 이루어진다. The communication connection step is a step in which the device 10 communicates with the app server 30. In the communication connection step, each session key (Nwk_SKey, App_SKey) is generated in the device 10 and the network server 20, and the session keys (Nwk_SKey, App_SKey) are transferred from the network server 20 to the app server ( 30) after being transmitted.
이로써, 복수의 디바이스(10)에 대한 앱키의 대량 설정시에, 앱키가 해킹된 경우라 하더라도, 모든 디바이스(10)에 대해 각각 원래의 앱키 대신에 신규 앱키가 자동 생성되도록 하고, 이 신규 앱키를 이용해서 각 디바이스(10)가 앱 서버(30)에 통신 연결될 수 있다. 따라서, 신규 앱키를 통한 각 디바이스(10)의 자동 보안연결이 가능하다.Thus, when setting a large amount of app keys for a plurality of devices 10, even if the app keys are hacked, a new app key is automatically generated for all devices 10 instead of the original app key, and this new app key is Each device 10 can be connected to the app server 30 by using communication. Therefore, automatic secure connection of each device 10 through a new app key is possible.
<장치><device>
한편, 본 발명의 장치는, 앱키가 사전에 미리 설정되어 있는 복수의 디바이스(10) 중 어느 하나가, 상기 앱키에 상응하는 앱키가 사전에 미리 설정되어 있는 네트워크 서버(20)에 조인되도록 하는, 키 자동 갱신형 조인장치이다. 본 발명의 장치는, 임시조인부재와; 퍼블릭키 교환부재와; 앱키생성부재와; 조인부재;가 포함되어 이루어짐을 특징으로 한다.On the other hand, the apparatus of the present invention allows any one of a plurality of devices 10 in which an app key is preset in advance to be joined to a network server 20 in which an app key corresponding to the app key is preset in advance, It is a key auto-update type joining device. The apparatus of the present invention includes a temporary joining member ; A public key exchange member ; App key generation member and; Joining member ; characterized in that it is made.
상기 임시조인부재는, 상기 디바이스(10)로부터 상기 네트워크 서버(20)에 조인 요청이 전송되고, 상기 디바이스(10)의 앱키와 상기 네트워크 서버(20)의 앱키가 상응되면, 상기 네트워크 서버(20)로부터 상기 디바이스(10)에 조인 수락이 전송되도록 하는 부재이다.When a join request is transmitted from the device 10 to the network server 20 and the app key of the device 10 and the app key of the network server 20 correspond to the temporary join member , the network server 20 ) To the device 10 from which the join acceptance is transmitted.
상기 퍼블릭키 교환부재는, 상기 디바이스(10)에서 ECC 알고리즘에 의해 생성된 프라이비트키, 퍼블릭키의 키쌍 중 퍼블릭키(Dev_PubKey)가 상기 네트워크 서버(20)의 중계를 통해 조인서버(30)에 전송되고, 상기 조인서버(30)에서 ECC 알고리즘에 의해 생성된 프라이비트키, 퍼블릭키의 키쌍 중 퍼블릭키(Svr_PubKey)가 상기 네트워크 서버(20)의 중계를 통해 상기 디바이스(10)에 전송되도록 하는 부재이다.The public key exchange member , the private key generated by the ECC algorithm in the device 10, the public key (Dev_PubKey) of the key pair of the public key to the join server 30 through the relay of the network server 20 And a public key (Svr_PubKey) among a key pair of a private key and a public key generated by the ECC algorithm in the join server 30 is transmitted to the device 10 through relay of the network server 20 Is absent.
상기 앱키생성부재는, 상기 디바이스(10) 및 상기 조인서버(40)에서 각각 신규 앱키가 생성되고, 상기 조인서버(40)로부터 상기 네트워크 서버(20)에 상기 신규 앱키가 전송되도록 하는 부재이다.The app key generating member is a member that generates a new app key in each of the device 10 and the join server 40 and transmits the new app key from the join server 40 to the network server 20.
상기 조인부재는, 상기 디바이스(10)로부터 상기 네트워크 서버(20)에 조인 요청이 전송되고, 상기 디바이스(10)의 신규 앱키와 상기 네트워크 서버(20)의 신규 앱키가 상응되면, 상기 네트워크 서버(20)로부터 상기 디바이스(10)에 조인 수락이 전송되도록 하는 부재이다.In the joining member , when a join request is transmitted from the device 10 to the network server 20 and the new app key of the device 10 and the new app key of the network server 20 correspond, the network server ( It is a member that allows a join acceptance to be transmitted from 20) to the device 10.
<프로그램><Program>
한편, 본 발명의 프로그램은, 키 자동 갱신형 조인 프로그램으로서, 정보처리기기에 상기에 기재된 발명의 각 단계를 실행시키기 위한 프로그램을 기록한 정보처리기기로 읽을 수 있는 저장매체에 기록된 프로그램이다.On the other hand, the program of the present invention is a key auto-update type join program, which is a program recorded on a storage medium that can be read by an information processing device in which a program for executing each step of the invention described above is recorded in the information processing device.
이상 본 발명의 바람직한 실시예에 대해 설명했지만, 본 발명은, 상기 개시되는 실시예들에 한정되는 것이 아니라, 특허청구범위와 발명의 상세한 설명 및 첨부 도면의 범위 안에서 서로 다른 다양한 형태로 변형하여 구현 실시될 수 있고, 균등한 타 실시예가 가능하며, 이 또한 본 발명의 범위에 속하는 것은 당해 분야에서 통상적 지식을 가진 자에게 당연하며, 단지 실시예들은, 본 발명의 개시가 완전하도록 하고, 본 발명이 속하는 기술분야에서 통상의 지식을 가진 자에게 발명의 범주를 완전하게 알려주기 위해 제공되는 것이며, 본 발명은, 청구항의 범주에 의해 정의될 뿐이다.Although the preferred embodiments of the present invention have been described above, the present invention is not limited to the disclosed embodiments, but is implemented by modifying in various forms different from within the scope of the claims, the detailed description of the invention, and the accompanying drawings. It can be practiced, and other equivalent embodiments are possible, and it is natural to those of ordinary skill in the art that this also falls within the scope of the present invention, and only the embodiments are intended to make the disclosure of the present invention complete, and the present invention It is provided to completely inform the scope of the invention to those of ordinary skill in the art to which it belongs, and the invention is only defined by the scope of the claims.
본 발명은, 키 자동 갱신형 조인방법, 장치 및 프로그램의 산업에 이용될 수 있다.The present invention can be used in the industry of a key auto-update type join method, apparatus, and program.
[부호의 설명][Explanation of code]
10: 디바이스(Device)10: Device
20: 네트워크 서버(Network Server)20: Network Server
30: 앱 서버(App Server)30: App Server
40: 조인서버(Join Server)40: Join Server

Claims (4)

  1. 앱키가 사전에 미리 설정되어 있는 복수의 디바이스 중 어느 하나가, 상기 앱키에 상응하는 앱키가 사전에 미리 설정되어 있는 네트워크 서버에 조인되도록 하는, 키 자동 갱신형 조인방법으로서, A key auto-update type joining method in which any one of a plurality of devices in which an app key is preset in advance is joined to a network server in which an app key corresponding to the app key is preset in advance,
    상기 디바이스로부터 상기 네트워크 서버에 조인 요청이 전송되고, 상기 디바이스의 앱키와 상기 네트워크 서버의 앱키가 상응되면, 상기 네트워크 서버로부터 상기 디바이스에 조인 수락이 전송되는 임시조인단계와; A temporary join step of transmitting a join acceptance to the device from the network server when a join request is transmitted from the device to the network server, and the app key of the device and the app key of the network server correspond;
    상기 디바이스에서 ECC 알고리즘에 의해 생성된 프라이비트키, 퍼블릭키의 키쌍 중 퍼블릭키가 상기 네트워크 서버의 중계를 통해 조인서버에 전송되고, 상기 조인서버에서 ECC 알고리즘에 의해 생성된 프라이비트키, 퍼블릭키의 키쌍 중 퍼블릭키가 상기 네트워크 서버의 중계를 통해 상기 디바이스에 전송되는 퍼블릭키 교환단계와; A public key among the key pairs of the private key and public key generated by the device by the ECC algorithm is transmitted to the join server through the relay of the network server, and the private key and public key generated by the ECC algorithm in the join server A public key exchange step in which a public key among the key pairs of is transmitted to the device through relay of the network server;
    상기 디바이스 및 상기 조인서버에서 각각 신규 앱키가 생성되고, 상기 조인서버로부터 상기 네트워크 서버에 상기 신규 앱키가 전송되는 앱키생성단계와; An app key generation step in which a new app key is generated in each of the device and the join server, and the new app key is transmitted from the join server to the network server;
    상기 디바이스로부터 상기 네트워크 서버에 조인 요청이 전송되고, 상기 디바이스의 신규 앱키와 상기 네트워크 서버의 신규 앱키가 상응되면, 상기 네트워크 서버로부터 상기 디바이스에 조인 수락이 전송되는 조인단계; Joining step if the join request is sent to the network server from the device, the new and novel aepki aepki of the network server of the device corresponds, from the network server that accepts join sent to the device;
    가 포함되어 이루어짐을 특징으로 하는 키 자동 갱신형 조인방법.Key auto-update type join method, characterized in that the included.
  2. 청구항 1에 있어서, The method according to claim 1,
    상기 조인단계 후에, 상기 디바이스와 상기 네트워크 서버에서 각각 세션키가 생성되고, 상기 세션키가 상기 네트워크 서버로부터 앱 서버에 전송된 후, 상기 디바이스가 상기 앱 서버에 통신연결되는 통신연결단계 After the joining step, a communication connection phase and then from the device and the network server, each session key is generated, the session key is sent to the app server from the network server, wherein the device is communicatively coupled to the server app
    가 더 포함되어 이루어짐을 특징으로 하는 키 자동 갱신형 조인방법.A key auto-update type join method, characterized in that it is further included.
  3. 앱키가 사전에 미리 설정되어 있는 복수의 디바이스 중 어느 하나가, 상기 앱키에 상응하는 앱키가 사전에 미리 설정되어 있는 네트워크 서버에 조인되도록 하는, 키 자동 갱신형 조인장치로서, As a key auto-update type joining device that allows any one of a plurality of devices in which an app key is preset in advance to be joined to a network server in which an app key corresponding to the app key is preset in advance,
    상기 디바이스로부터 상기 네트워크 서버에 조인 요청이 전송되고, 상기 디바이스의 앱키와 상기 네트워크 서버의 앱키가 상응되면, 상기 네트워크 서버로부터 상기 디바이스에 조인 수락이 전송되는 임시조인부재와; A temporary joining member for transmitting a join acceptance to the device from the network server when a join request is transmitted from the device to the network server and the app key of the device and the app key of the network server correspond;
    상기 디바이스에서 ECC 알고리즘에 의해 생성된 프라이비트키, 퍼블릭키의 키쌍 중 퍼블릭키가 상기 네트워크 서버의 중계를 통해 조인서버에 전송되고, 상기 조인서버에서 ECC 알고리즘에 의해 생성된 프라이비트키, 퍼블릭키의 키쌍 중 퍼블릭키가 상기 네트워크 서버의 중계를 통해 상기 디바이스에 전송되는 퍼블릭키 교환부재와; A public key among the key pairs of the private key and public key generated by the device by the ECC algorithm is transmitted to the join server through the relay of the network server, and the private key and public key generated by the ECC algorithm in the join server A public key exchange member in which a public key among the key pairs of is transmitted to the device through relay of the network server;
    상기 디바이스 및 상기 조인서버에서 각각 신규 앱키가 생성되고, 상기 조인서버로부터 상기 네트워크 서버에 상기 신규 앱키가 전송되는 앱키생성부재와; An app key generation member for generating a new app key in each of the device and the join server, and transmitting the new app key from the join server to the network server;
    상기 디바이스로부터 상기 네트워크 서버에 조인 요청이 전송되고, 상기 디바이스의 신규 앱키와 상기 네트워크 서버의 신규 앱키가 상응되면, 상기 네트워크 서버로부터 상기 디바이스에 조인 수락이 전송되는 조인부재;A join member for transmitting a join acceptance to the device from the network server when a join request is transmitted from the device to the network server and the new app key of the device and the new app key of the network server correspond;
    가 포함되어 이루어짐을 특징으로 하는 키 자동 갱신형 조인장치.Key auto-update type joining device, characterized in that the included.
  4. 키 자동 갱신형 조인 프로그램으로서, As a key auto-update type join program,
    정보처리기기에 청구항 1 또는 청구항 2에 기재된 발명의 각 단계를 실행시키기 위한 프로그램을 기록한 정보처리기기로 읽을 수 있는 저장매체에 기록된 프로그램.A program recorded on a storage medium readable by an information processing device in which a program for executing each step of the invention according to claim 1 or 2 is recorded on the information processing device.
PCT/KR2020/006503 2019-05-29 2020-05-18 Automatic key update-type joining method, device and program WO2020242107A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020190063480A KR102334896B1 (en) 2019-05-29 2019-05-29 Joining method, device and program with automatic key update
KR10-2019-0063480 2019-05-29

Publications (1)

Publication Number Publication Date
WO2020242107A1 true WO2020242107A1 (en) 2020-12-03

Family

ID=73554090

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2020/006503 WO2020242107A1 (en) 2019-05-29 2020-05-18 Automatic key update-type joining method, device and program

Country Status (2)

Country Link
KR (1) KR102334896B1 (en)
WO (1) WO2020242107A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050135622A1 (en) * 2003-12-18 2005-06-23 Fors Chad M. Upper layer security based on lower layer keying
KR20060084717A (en) * 2005-01-20 2006-07-25 삼성전자주식회사 Device authentication method and system in home network
KR20110080100A (en) * 2010-01-04 2011-07-12 삼성전자주식회사 Method and apparatus for transmitting and receiving a voice data packet using a cryptograph key based on voice characteristic
KR20140067588A (en) * 2012-11-27 2014-06-05 가천대학교 산학협력단 Medical information exchange system, authentication proxy server and medical information exchange method
KR20170059788A (en) * 2015-11-23 2017-05-31 에스케이텔레콤 주식회사 Method and apparatus for controlling data transmission

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101469991B1 (en) 2008-06-02 2014-12-10 엘지이노텍 주식회사 Apparatus for joining zigbee network and method for operating the same
KR20130039394A (en) * 2011-10-12 2013-04-22 삼성에스엔에스 주식회사 Subscriber data allocation system and method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050135622A1 (en) * 2003-12-18 2005-06-23 Fors Chad M. Upper layer security based on lower layer keying
KR20060084717A (en) * 2005-01-20 2006-07-25 삼성전자주식회사 Device authentication method and system in home network
KR20110080100A (en) * 2010-01-04 2011-07-12 삼성전자주식회사 Method and apparatus for transmitting and receiving a voice data packet using a cryptograph key based on voice characteristic
KR20140067588A (en) * 2012-11-27 2014-06-05 가천대학교 산학협력단 Medical information exchange system, authentication proxy server and medical information exchange method
KR20170059788A (en) * 2015-11-23 2017-05-31 에스케이텔레콤 주식회사 Method and apparatus for controlling data transmission

Also Published As

Publication number Publication date
KR20200137327A (en) 2020-12-09
KR102334896B1 (en) 2021-12-06

Similar Documents

Publication Publication Date Title
WO2018043865A2 (en) Blockchain-based file management/search system and file management/search method
WO2018066961A1 (en) Trusted execution environment secure element communication
WO2009125919A1 (en) Terminal and method for managing secure devices
CN101436923B (en) Method, equipment and network system for synchronizing clock
WO2020138532A1 (en) Dynamic blind voting-based blockchain consensus method for internet of things environment
CN107113319A (en) Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification
CN101483707A (en) Multifunctional machine and synchronization system
CN102195930B (en) Security access method among equipment and communication equipment
CN101394677A (en) Method and device for verifying link attribute in node of ASON
CN103281755A (en) WIFI (wireless fidelity) network access method and device, electronic equipment and communication system
WO2019177380A1 (en) Hybrid blockchain system and control transaction transmission method using same
CN102984045A (en) Access method of Virtual Private Network and Virtual Private Network client
CN103430479A (en) Systems, methods, and apparatus to authenticate communications modules
WO2016148483A1 (en) Apparatus and method for managing home energy using beacon in home energy management system
US20090113065A1 (en) Integrity mechanism for file transfer in communications networks
WO2019182377A1 (en) Method, electronic device, and computer-readable recording medium for generating address information used for transaction of blockchain-based cryptocurrency
WO2020235942A9 (en) System for restoring lost private key
WO2015178597A1 (en) System and method for updating secret key using puf
CN109660565A (en) A kind of isolation gap equipment and implementation method
WO2022203328A1 (en) Smart locking device, locking management system including same device, and locking management method using same system
WO2020242107A1 (en) Automatic key update-type joining method, device and program
WO2024090845A1 (en) Method for authenticating ownership of blockchain wallet without signature function, and system using same
WO2013100636A1 (en) Master tsm
WO2022060156A1 (en) Method, apparatus, and program for updating firmware of authenticator
WO2019066319A1 (en) Method of provisioning key information and apparatus using the method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20815425

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20815425

Country of ref document: EP

Kind code of ref document: A1