WO2021132756A1 - System for preventing hacking of internet of things - Google Patents

System for preventing hacking of internet of things Download PDF

Info

Publication number
WO2021132756A1
WO2021132756A1 PCT/KR2019/018438 KR2019018438W WO2021132756A1 WO 2021132756 A1 WO2021132756 A1 WO 2021132756A1 KR 2019018438 W KR2019018438 W KR 2019018438W WO 2021132756 A1 WO2021132756 A1 WO 2021132756A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
main control
control device
things
internet
Prior art date
Application number
PCT/KR2019/018438
Other languages
French (fr)
Korean (ko)
Inventor
나정환
Original Assignee
주식회사 성강이지에스
나정환
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 성강이지에스, 나정환 filed Critical 주식회사 성강이지에스
Priority to PCT/KR2019/018438 priority Critical patent/WO2021132756A1/en
Publication of WO2021132756A1 publication Critical patent/WO2021132756A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications

Definitions

  • the present invention relates to an IoT hacking prevention system, and more particularly, a situation in which only a registered terminal can be used in order to externally control a plurality of internal devices connected in an Internet of Things method, and a situation in which a registered terminal is impersonated It relates to an IoT hacking prevention system that can prevent hacking and reliably prevent hacking.
  • the Internet of Things is an environment in which all things in life are connected through a wired/wireless network to share information.
  • the Internet of Things is an intelligent technology and service that communicates information between people and things and between things and things. to provide.
  • M2M Machine to Machine
  • the IoT is applied to a home automation system, and the home automation system may communicate with and control a thing (eg, a plurality of digital devices) included in the system using the Internet of Things.
  • a thing eg, a plurality of digital devices
  • FIGS. 1 and 2 As an example of a home automation system using the Internet of Things, the technology described in Korean Patent No. 10-1438769 as shown in FIGS. 1 and 2 has been proposed, and its technical features are the wall pad ( 100), the common entrance unit 110 installed in the common entrance of each building, the security office unit 120 installed in the security room in the complex, and various devices controlled by them are connected through a wired communication network of RS-485 or RS-422.
  • the main device 210 includes a first communication unit 212 having an RS-485 or RS-422 communication module so as to be connected to the wired communication network, and a first communication unit having an Ethernet communication module for communication with the DB server 220 .
  • the communication unit 213 and the flow of the communication protocol of the wired communication network are monitored to manage the home automation system 200 and control the wall pad 100, the common entrance unit 110, the actual security unit 120 and from them.
  • a control unit 214 capable of controlling various receiving devices, wherein the DB server 220 stores and updates the monitoring result received from the main unit 210 and stores and updates the control information received from the manager PC 230 .
  • the DB management module 221 that stores and manages and transmits the monitoring result received from the main device 210 to the DB management module 221 and transmits the control information received from the DB management module 221 to the main device 210 . It is characterized in that it comprises a main device control module (222).
  • Korean Patent No. 10-1438769 has the advantage of being able to solve problems occurring in home automation from a remote PC through the Internet without visiting the site by combining the Internet of Things and the home automation system, but it is easy through an external communication network. There is a problem that it is difficult to prevent hacking because it can penetrate.
  • the present invention has been devised to solve the above problems, and an object of the present invention consists of a plurality of internal devices connected to each other through an internal communication network, and a main control device connected to and controlling the internal devices through an internal communication network,
  • the main control device is to provide an IoT hacking prevention system that prevents hacking by storing information on terminals that can be accessed from the outside and allowing external access only to registered terminals.
  • the main control device is provided with a storage unit to register the phone number of the terminal, and when a terminal such as a smartphone connects through a telephone communication network, the main control device confirms the phone number of the attempted connection and then , to provide an IoT hacking prevention system that can reliably block an attempt to access by impersonating a phone number by blocking access and re-connecting with the corresponding phone number.
  • the present invention for solving these problems
  • the main control device is characterized in that the terminal information is stored and only the registered terminal can be accessed.
  • the main control device blocks the connection with the terminal requesting access, and when the terminal requesting access is a terminal registered in the main control device, the main control device requests access It is characterized in that it is connected by requesting access to the terminal.
  • the main control device stores the phone number of the registered terminal, and the main control device tries to access the registered phone number through the phone communication network.
  • the main control device is characterized in that the information of the terminal is stored, it is characterized in that by setting the authority of the terminal to limit the controllable internal devices.
  • the main control device is characterized in that it receives the information of the internal device in real time, and transmits the set information to the registered terminal.
  • a plurality of internal devices connected to each other through an internal communication network and a main control device connected to and controlled by the internal devices and an internal communication network are provided, and the main control device can be accessed from the outside.
  • the main control device is provided with a storage unit, the phone number of the terminal is registered, and when a terminal such as a smartphone connects through a telephone communication network, the main control device confirms the phone number of the terminal to which the connection was attempted, and then establishes the connection. By blocking and attempting to access the phone number again, there is an effect that can reliably block attempts to access by impersonating the phone number.
  • FIG. 1 is a schematic diagram of a conventional home automation system using the Internet of Things.
  • FIG. 2 is a block diagram showing the overall configuration of a conventional home automation system using the Internet of Things.
  • FIG. 3 is a conceptual diagram of an IoT hacking prevention system according to the present invention.
  • FIG. 4 is a block diagram of an IoT hacking prevention system according to the present invention.
  • FIG. 5 is a flowchart showing a connection process of the IoT hacking prevention system according to the present invention.
  • FIG. 6 is a block diagram showing an example in which the IoT hacking prevention system according to the present invention is applied to home automation.
  • FIG. 3 is a conceptual diagram of the IoT hacking prevention system according to the present invention
  • FIG. 4 is a block diagram of the IoT hacking prevention system according to the present invention
  • the present invention relates to an Internet of Things (IoT) hacking prevention system, and as shown in FIGS. 3 to 6 , the configuration includes a plurality of internal devices 400 connected to each other by communication and a main connected to the internal devices 400 by communication. It consists of a control device 300 and a terminal 500 connected to the main control device 300 to control the internal device 400 .
  • IoT Internet of Things
  • the internal device 400 is provided with an auxiliary communication module 410, respectively, are connected to each other using an internal communication network to exchange information with each other, and the main control device 300 is also an internal device ( 400 ) to receive information from the internal device 400 .
  • the main control device 300 is provided with a main communication module 310 to be connected to each internal device 400 as well as to the terminal 500 and an external communication network (external) through the main communication module 310 .
  • Internet, telephone communication network, etc. since the internal device 400 cannot be directly connected to an external communication network, the terminal 500 is connected to each internal device 400 through the main control device 300 to control it. do.
  • the main control device 300 stores the information of the main communication module 310 and the connectable terminal 500 for communication with each internal device 400 and the external terminal 500 as described above. It consists of a storage unit 320 that is.
  • the main control device 300 is connected to each internal device 400 to receive the information of the internal device 400 in real time, the information set by the administrator among the information received from the internal device 400 is It is transmitted to the terminal 500 of the manager through the main communication module 310 .
  • the internal device 400 is composed of appliances used at home as shown in FIG. 6 , and as an example, a gas oven range, which is a household appliance 400 , is lit.
  • the main control device 300 notifies the manager through the main communication module 310 by checking the overheating state through the temperature sensor provided in the gas range. By controlling the valve in the pipe to cut off the gas supply, it is possible to prevent a fire.
  • the technology of the present invention is not only applicable to home automation, and although not shown in the drawing, it is applicable to a general company or factory, etc., so that the information of each device constituting the company or factory is transmitted in real time to the main control device 300 It allows the administrator to respond quickly according to the situation by notifying the administrator only for the information received by the administrator and set by the administrator.
  • the main control device 300 is provided with a storage unit 320 to store the information of the terminal 500, the main control device 300 is stored in the storage unit 320 is a registered terminal ( Only 500 is allowed to connect to the main control device 300 through the main communication module 310 .
  • the unique information of the terminal 500 is transmitted together, so that the main control device 300 can specify the terminal 400 requesting access. Only the registered terminal 500 enables access.
  • the terminal 500 transmits a connection request signal to the main control device 300 , and , when the main control device 300 receives the connection request signal transmitted from the terminal 500 , it first blocks the connection with the terminal 500 that has requested the connection.
  • the main control device 300 checks the information of the terminal 500 that has requested access, and blocks the access if it is not the terminal 500 registered in the storage unit 320 provided in the main control device 300 . In the case where the terminal 500 that requested the connection is the terminal 500 registered in the storage 320, the main control device 300 makes a connection request to the terminal 500 that requested the connection. will connect
  • the phone number of the terminal 500 is stored in the storage unit 320 of the main control device 300, and the phone number of the terminal 500 that has requested access can be checked to determine whether it is a registered terminal 500.
  • the connection is requested through a registered phone number.
  • the main communication module 310 of the main control device 300 not only enables general communication, but also has a modem function to enable connection through a telephone communication network, and the terminal 500 is also made of a smartphone.
  • An application capable of a modem function is installed to enable communication with the main control device 300 .
  • information of the terminal 500 is stored in the storage unit 320 of the main control device 300 , and the storage unit 320 limits the internal device 400 that can be controlled for each terminal 500 . You can also set permissions.
  • the present invention relates to an IoT hacking prevention system, and more particularly, a situation in which only a registered terminal can be used in order to externally control a plurality of internal devices connected in an Internet of Things method, and a situation in which a registered terminal is impersonated It relates to an IoT hacking prevention system that can prevent hacking and reliably prevent hacking.

Abstract

The present invention relates to a system for preventing the hacking of the internet of things, and more specifically, to a system which allows only a registered terminal to be used for externally controlling a plurality of internal devices connected in the manner of the internet of things, and prevents a connection from being made through the impersonation of the registered terminal, and thus can reliably prevent the hacking of the internet of things. The present invention for achieving the above purpose is characterized by comprising: a plurality of internal devices connected to each other through communication; a main control device connected to the internal devices through communication; and a terminal that is connected to the main control device and controls the internal devices, wherein only the terminal which is registered by having information about the terminal stored in the main control device can connect to the main control terminal.

Description

사물인터넷 해킹 방지 시스템Internet of Things Hacking Prevention System
본 발명은 사물인터넷 해킹 방지 시스템에 관한 것으로서, 더욱 상세하게는 사물인터넷 방식으로 연결되는 다수의 내부장치를 외부에서 제어하기 위해서는 등록된 단말기만을 사용할 수 있도록 하며 등록된 단말기를 사칭하여 접속하는 상황도 방지할 수 있어 해킹을 안정적으로 방지할 수 있는 사물인터넷 해킹 방지 시스템에 관한 것이다.The present invention relates to an IoT hacking prevention system, and more particularly, a situation in which only a registered terminal can be used in order to externally control a plurality of internal devices connected in an Internet of Things method, and a situation in which a registered terminal is impersonated It relates to an IoT hacking prevention system that can prevent hacking and reliably prevent hacking.
일반적으로 사물인터넷(Internet of Things, IoT)은 생활 속 모든 사물들을 유무선 네트워크로 연결해 정보를 공유하는 환경으로서, 상기 사물인터넷은 사람과 사물, 사물과 사물 간의 정보를 상호 소통하는 지능형 기술 및 서비스를 제공한다.In general, the Internet of Things (IoT) is an environment in which all things in life are connected through a wired/wireless network to share information. The Internet of Things is an intelligent technology and service that communicates information between people and things and between things and things. to provide.
이러한 사물인터넷에 의하면, 가전제품, 전자기기뿐만 아니라 헬스케어, 원격검침, 스마트홈, 스마트카 등 다양한 분야에서 사물을 네트워크로 연결해 정보를 공유할 수 있다.According to the Internet of Things, it is possible to share information by connecting objects through a network, not only in home appliances and electronic devices, but also in various fields such as healthcare, remote meter reading, smart home, and smart car.
그리고, 사물인터넷은 기존의 유비쿼터스나 M2M(Machine to Machine: 사물지능통신)과 비슷하기도 하지만, 통신장비와 사람과의 통신을 주목적으로 하는 M2M의 개념을 인터넷으로 확장하여 사물은 물론이고 현실과 가상세계의 모든 정보와 상호작용하는 개념으로 진화한 단계라고 할 수 있다.Also, although the Internet of Things is similar to the existing ubiquitous or M2M (Machine to Machine: Machine to Machine), the concept of M2M, whose main purpose is to communicate with communication equipment and people, is extended to the Internet, so that not only objects but also real and virtual It can be said that it is a stage that has evolved into a concept that interacts with all information in the world.
이러한 사물인터넷은 홈 오토메이션 시스템에 적용되고 있는데, 홈 오토메이션 시스템은 사물인터넷을 이용하여, 시스템에 포함되는 사물(예를 들어, 복수의 디지털 디바이스)과 통신하고 상기 사물을 제어할 수 있다.The IoT is applied to a home automation system, and the home automation system may communicate with and control a thing (eg, a plurality of digital devices) included in the system using the Internet of Things.
여기서, 사물인터넷을 이용한 홈 오토메이션 시스템의 일 예로, 도 1 및 도 2에 도시된 바와 같은 한국등록특허 10-1438769에 기재된 기술이 제안되었는데, 그 기술적 특징은 각 세대의 실내에 설치되는 월패드(100), 각 동의 공동현관에 설치되는 공동현관기(110), 단지 내의 경비실에 설치되는 경비실기(120) 그리고 이들로부터 제어를 받는 각종기기가 RS-485 또는 RS-422의 유선통신망으로 연결되어 구축된 홈오토메이션 시스템(200), 상기 홈오토메이션 시스템(200)을 통합관리하는 주장치(210), 원격관리를 위한 DB서버(220) 및 상기 DB서버(220)와 이더넷 통신망으로 연결된 관리자 PC(230)를 포함하되; 상기 주장치(210)는, 상기 유선통신망에 연결될 수 있도록 RS-485 또는 RS-422 통신모듈을 구비한 제1통신부(212), 상기 DB서버(220)와의 통신을 위해 이더넷 통신모듈을 구비한 제2통신부(213) 및 상기 유선통신망의 통신 프로토콜의 흐름을 모니터링하여 홈오토메이션 시스템(200)을 관리하고 상기 월패드(100), 공동현관기(110), 경비실기(120) 그리고 이들로부터 제어를 받는 각종기기를 제어할 수 있는 제어부(214)를 포함하며, 상기 DB서버(220)는, 상기 주장치(210)로부터 전송받은 모니터링 결과를 저장하고 업데이트하며 관리자 PC(230)로부터 전송받은 제어정보를 저장하고 관리하는 DB 관리모듈(221)과 상기 주장치(210)로부터 전송받은 모니터링 결과를 DB 관리모듈(221)로 전송하고 DB 관리모듈(221)로부터 전송받은 제어정보를 주장치(210)로 전송하는 주장치 제어모듈(222)을 포함하는 것을 특징으로 한다.Here, as an example of a home automation system using the Internet of Things, the technology described in Korean Patent No. 10-1438769 as shown in FIGS. 1 and 2 has been proposed, and its technical features are the wall pad ( 100), the common entrance unit 110 installed in the common entrance of each building, the security office unit 120 installed in the security room in the complex, and various devices controlled by them are connected through a wired communication network of RS-485 or RS-422. The built-in home automation system 200, the main unit 210 for integrated management of the home automation system 200, a DB server 220 for remote management, and an administrator PC 230 connected to the DB server 220 through an Ethernet communication network. ), including; The main device 210 includes a first communication unit 212 having an RS-485 or RS-422 communication module so as to be connected to the wired communication network, and a first communication unit having an Ethernet communication module for communication with the DB server 220 . 2 The communication unit 213 and the flow of the communication protocol of the wired communication network are monitored to manage the home automation system 200 and control the wall pad 100, the common entrance unit 110, the actual security unit 120 and from them. and a control unit 214 capable of controlling various receiving devices, wherein the DB server 220 stores and updates the monitoring result received from the main unit 210 and stores and updates the control information received from the manager PC 230 . The DB management module 221 that stores and manages and transmits the monitoring result received from the main device 210 to the DB management module 221 and transmits the control information received from the DB management module 221 to the main device 210 . It is characterized in that it comprises a main device control module (222).
그런데, 한국등록특허 10-1438769에 기재된 기술은 사물인터넷과 홈오토메이션 시스템을 접목함으로써, 홈오토메이션에서 발생하는 문제점을 현장 방문 없이도 인터넷을 통해 원격 PC에서 해결할 수 있는 장점은 있으나, 외부 통신망을 통하여 용이하게 침투가 가능하므로 해킹을 방지하기가 어려운 문제점이 있다.However, the technology described in Korean Patent No. 10-1438769 has the advantage of being able to solve problems occurring in home automation from a remote PC through the Internet without visiting the site by combining the Internet of Things and the home automation system, but it is easy through an external communication network. There is a problem that it is difficult to prevent hacking because it can penetrate.
본 발명은 상기한 문제점을 해결하기 위하여 안출된 것으로서, 본 발명의 목적은 내부 통신망으로 서로 연결되는 다수의 내부장치들과 상기 내부장치들과 내부 통신망으로 연결되어 제어하는 메인제어장치로 이루어지고, 상기 메인제어장치에는 외부에서 접속할 수 있는 단말기의 정보가 저장되어 등록된 단말기로만 외부 접속이 가능하도록 하여 해킹을 방지하도록 하는 사물인터넷 해킹 방지 시스템을 제공하는 것이다.The present invention has been devised to solve the above problems, and an object of the present invention consists of a plurality of internal devices connected to each other through an internal communication network, and a main control device connected to and controlling the internal devices through an internal communication network, The main control device is to provide an IoT hacking prevention system that prevents hacking by storing information on terminals that can be accessed from the outside and allowing external access only to registered terminals.
그리고, 본 발명의 다른 목적은 메인제어장치에는 저장부가 구비되어 단말기의 전화번호가 등록되며, 스마트폰 등의 단말기에서 전화 통신망을 통하여 접속하면 메인제어장치는 접속을 시도한 단말기의 전화번호를 확인한 후, 접속을 차단하고 해당 전화번호로 다시 접속을 시도함으로써, 전화번호를 사칭하여 접속을 시도하는 것을 안정적으로 차단할 수 있는 사물인터넷 해킹 방지 시스템을 제공하는 것이다.And, another object of the present invention is that the main control device is provided with a storage unit to register the phone number of the terminal, and when a terminal such as a smartphone connects through a telephone communication network, the main control device confirms the phone number of the attempted connection and then , to provide an IoT hacking prevention system that can reliably block an attempt to access by impersonating a phone number by blocking access and re-connecting with the corresponding phone number.
이러한 문제점을 해결하기 위한 본 발명은;The present invention for solving these problems;
서로 통신으로 연결되는 다수의 내부장치와, 상기 내부장치와 통신으로 연결되는 메인제어장치와, 상기 메인제어장치에 접속하여 상기 내부장치를 제어하는 단말기로 이루어지는 것을 특징으로 한다.It characterized in that it consists of a plurality of internal devices connected to each other by communication, a main control device connected to the internal device by communication, and a terminal connected to the main control device to control the internal device.
여기서, 상기 메인제어장치에는 단말기의 정보가 저장되어 등록된 단말기만 접속 가능한 것을 특징으로 한다.Here, the main control device is characterized in that the terminal information is stored and only the registered terminal can be accessed.
그리고, 상기 메인제어장치는 단말기에서 접속 요청 신호가 수신되면 접속을 요청한 단말기와의 연결을 차단하고, 접속을 요청한 단말기가 상기 메인제어장치에 등록된 단말기일 경우, 상기 메인제어장치가 접속을 요청한 단말기로 접속을 요청하여 연결되는 것을 특징으로 한다.And, when the access request signal is received from the terminal, the main control device blocks the connection with the terminal requesting access, and when the terminal requesting access is a terminal registered in the main control device, the main control device requests access It is characterized in that it is connected by requesting access to the terminal.
이때, 상기 메인제어장치에는 등록된 단말기의 전화번호가 저장되며, 상기 메인제어장치는 전화 통신망을 통하여 등록된 전화번호로 접속을 시도하는 것을 특징으로 한다.In this case, the main control device stores the phone number of the registered terminal, and the main control device tries to access the registered phone number through the phone communication network.
또한, 상기 메인제어장치에는 단말기의 정보가 저장되되, 단말기의 권한을 설정하여 제어할 수 있는 내부장치를 제한하는 것을 특징으로 한다.In addition, the main control device is characterized in that the information of the terminal is stored, it is characterized in that by setting the authority of the terminal to limit the controllable internal devices.
그리고, 상기 메인제어장치는 내부장치의 정보를 실시간으로 수신받고, 설정된 정보를 등록된 단말기로 전송하는 것을 특징으로 한다.And, the main control device is characterized in that it receives the information of the internal device in real time, and transmits the set information to the registered terminal.
상기한 구성의 본 발명에 따르면, 내부 통신망으로 서로 연결되는 다수의 내부장치들과 상기 내부장치들과 내부 통신망으로 연결되어 제어하는 메인제어장치로 이루어지고, 상기 메인제어장치에는 외부에서 접속할 수 있는 단말기의 정보가 저장되어 등록된 단말기로만 외부 접속이 가능하도록 하여 해킹을 방지하도록 하는 효과가 있다.According to the present invention having the above configuration, a plurality of internal devices connected to each other through an internal communication network and a main control device connected to and controlled by the internal devices and an internal communication network are provided, and the main control device can be accessed from the outside. There is an effect of preventing hacking by allowing external access only to the terminal that is stored and registered in the terminal information.
그리고, 본 발명은 메인제어장치에는 저장부가 구비되어 단말기의 전화번호가 등록되며, 스마트폰 등의 단말기에서 전화 통신망을 통하여 접속하면 메인제어장치는 접속을 시도한 단말기의 전화번호를 확인한 후, 접속을 차단하고 해당 전화번호로 다시 접속을 시도함으로써, 전화번호를 사칭하여 접속을 시도하는 것을 안정적으로 차단할 수 있는 효과가 있다.And, according to the present invention, the main control device is provided with a storage unit, the phone number of the terminal is registered, and when a terminal such as a smartphone connects through a telephone communication network, the main control device confirms the phone number of the terminal to which the connection was attempted, and then establishes the connection. By blocking and attempting to access the phone number again, there is an effect that can reliably block attempts to access by impersonating the phone number.
도 1은 종래의 사물인터넷을 이용한 홈오토메이션 시스템의 개략도이다.1 is a schematic diagram of a conventional home automation system using the Internet of Things.
도 2는 종래의 사물인터넷을 이용한 홈오토메이션 시스템의 전체구성을 보여주는 블럭도이다.2 is a block diagram showing the overall configuration of a conventional home automation system using the Internet of Things.
도 3은 본 발명에 따른 사물인터넷 해킹 방지 시스템의 개념도이다.3 is a conceptual diagram of an IoT hacking prevention system according to the present invention.
도 4는 본 발명에 따른 사물인터넷 해킹 방지 시스템의 블럭도이다.4 is a block diagram of an IoT hacking prevention system according to the present invention.
도 5는 본 발명에 따른 사물인터넷 해킹 방지 시스템의 연결과정을 보여주는 흐름도이다.5 is a flowchart showing a connection process of the IoT hacking prevention system according to the present invention.
도 6은 본 발명에 따른 사물인터넷 해킹 방지 시스템이 홈오토메이션에 적용된 예를 보여주는 블럭도이다.6 is a block diagram showing an example in which the IoT hacking prevention system according to the present invention is applied to home automation.
이하, 첨부한 도면을 참조하여 본 발명의 바람직한 실시 예를 보다 상세하게 설명한다. 도면상의 동일한 구성요소에 대해서는 동일한 참조부호를 사용하고 동일한 구성요소에 대해서 중복된 설명은 생략한다. 그리고, 본 발명은 다수의 상이한 형태로 구현될 수 있고, 기술된 실시 예에 한정되지 않음을 이해하여야 한다. Hereinafter, preferred embodiments of the present invention will be described in more detail with reference to the accompanying drawings. The same reference numerals are used for the same components in the drawings, and repeated descriptions of the same components are omitted. And, it should be understood that the present invention may be implemented in many different forms and is not limited to the described embodiments.
도 3은 본 발명에 따른 사물인터넷 해킹 방지 시스템의 개념도이고, 도 4는 본 발명에 따른 사물인터넷 해킹 방지 시스템의 블럭도이고, 도 5는 본 발명에 따른 사물인터넷 해킹 방지 시스템의 연결과정을 보여주는 흐름도이고, 도 6은 본 발명에 따른 사물인터넷 해킹 방지 시스템이 홈오토메이션에 적용된 예를 보여주는 블럭도이다.3 is a conceptual diagram of the IoT hacking prevention system according to the present invention, FIG. 4 is a block diagram of the IoT hacking prevention system according to the present invention, and FIG. 5 is a connection process of the IoT hacking prevention system according to the present invention 6 is a block diagram showing an example in which the IoT hacking prevention system according to the present invention is applied to home automation.
본 발명은 사물인터넷 해킹 방지 시스템에 관한 것으로, 도 3 내지 도 6에 도시된 바와 같이 그 구성은 서로 통신으로 연결되는 다수의 내부장치(400)와 상기 내부장치(400)와 통신으로 연결되는 메인제어장치(300)와 상기 메인제어장치(300)에 접속하여 상기 내부장치(400)를 제어하는 단말기(500)로 이루어진다.The present invention relates to an Internet of Things (IoT) hacking prevention system, and as shown in FIGS. 3 to 6 , the configuration includes a plurality of internal devices 400 connected to each other by communication and a main connected to the internal devices 400 by communication. It consists of a control device 300 and a terminal 500 connected to the main control device 300 to control the internal device 400 .
여기서, 상기 내부장치(400)는 각각 보조 통신모듈(410)을 구비하고 있어 서로 내부 통신망을 사용하여 연결되어 서로 정보를 교환하게 되며, 상기 메인제어장치(300) 역시 내부 통신망을 통하여 내부장치(400)와 연결되어 내부장치(400)로부터 정보를 수신하게 된다.Here, the internal device 400 is provided with an auxiliary communication module 410, respectively, are connected to each other using an internal communication network to exchange information with each other, and the main control device 300 is also an internal device ( 400 ) to receive information from the internal device 400 .
이때, 상기 메인제어장치(300)는 메인통신모듈(310)이 구비되어 각각의 내부장치(400)와 연결될 뿐만 아니라, 상기 메인통신모듈(310)을 통하여 상기 단말기(500)와 외부 통신망(외부 인터넷, 전화 통신망 등)으로 연결되는데, 상기 내부장치(400)는 외부 통신망과 직접 연결될 수 없기 때문에 상기 단말기(500)는 메인제어장치(300)를 통하여 각 내부장치(400)와 연결되어 제어하게 된다.At this time, the main control device 300 is provided with a main communication module 310 to be connected to each internal device 400 as well as to the terminal 500 and an external communication network (external) through the main communication module 310 . Internet, telephone communication network, etc.), since the internal device 400 cannot be directly connected to an external communication network, the terminal 500 is connected to each internal device 400 through the main control device 300 to control it. do.
그리고, 상기 메인제어장치(300)는 전술한 바와 같이 각 내부장치(400) 및 외부의 단말기(500)와 통신으로 연결하기 위한 메인통신모듈(310)과 접속 가능한 단말기(500)의 정보가 저장되는 저장부(320)로 이루어진다.In addition, the main control device 300 stores the information of the main communication module 310 and the connectable terminal 500 for communication with each internal device 400 and the external terminal 500 as described above. It consists of a storage unit 320 that is.
여기서, 상기 메인제어장치(300)는 각 내부장치(400)와 연결되어 내부장치(400)의 정보를 실시간으로 수신받게 되는데, 상기 내부장치(400)로부터 수신받은 정보 중에서 관리자가 설정한 정보는 상기 메인통신모듈(310)을 통하여 관리자의 단말기(500)로 전송하도록 한다.Here, the main control device 300 is connected to each internal device 400 to receive the information of the internal device 400 in real time, the information set by the administrator among the information received from the internal device 400 is It is transmitted to the terminal 500 of the manager through the main communication module 310 .
즉, 본 발명이 홈오토메이션에 적용된 경우는 내부장치(400)는 도 6에 도시된 바와 같이, 가정에서 사용되는 기기들로 이루어지는데, 일 예로서 가전기기(400)인 가스오븐레인지에 불을 켜둔 상태로 외출할 경우, 가스레인지에 구비된 온도센서를 통하여 과열상태를 확인하여 상기 메인제어장치(300)가 메인통신모듈(310)을 통하여 관리자에게 통지함으로써, 가스레인지를 소등하거나 불가능할 경우 가스배관의 밸브를 제어하여 가스 공급을 차단하도록 하여 화재를 예방할 수 있게 한다.That is, when the present invention is applied to home automation, the internal device 400 is composed of appliances used at home as shown in FIG. 6 , and as an example, a gas oven range, which is a household appliance 400 , is lit. When going out in the turned on state, the main control device 300 notifies the manager through the main communication module 310 by checking the overheating state through the temperature sensor provided in the gas range. By controlling the valve in the pipe to cut off the gas supply, it is possible to prevent a fire.
물론, 본 발명의 기술은 홈오토메이션에만 적용가능한 것이 아니라, 도면에 도시되지는 않았지만 일반 회사나 공장 등에도 적용이 가능하여 회사나 공장을 구성하는 각 기기들의 정보를 실시간으로 메인제어장치(300)에서 수신하여 관리자가 설정한 정보에 한하여 관리자에게 통지하도록 하여 관리자가 상황에 따라 신속하게 대처할 수 있게 한다.Of course, the technology of the present invention is not only applicable to home automation, and although not shown in the drawing, it is applicable to a general company or factory, etc., so that the information of each device constituting the company or factory is transmitted in real time to the main control device 300 It allows the administrator to respond quickly according to the situation by notifying the administrator only for the information received by the administrator and set by the administrator.
한편, 상기 메인제어장치(300)에는 저장부(320)가 구비되어 있어 단말기(500)의 정보가 저장되는데, 상기 메인제어장치(300)는 상기 저장부(320)에 저장되어 등록된 단말기(500)만이 메인통신모듈(310)을 통하여 메인제어장치(300)와 접속을 허용하게 된다.On the other hand, the main control device 300 is provided with a storage unit 320 to store the information of the terminal 500, the main control device 300 is stored in the storage unit 320 is a registered terminal ( Only 500 is allowed to connect to the main control device 300 through the main communication module 310 .
즉, 상기 단말기(500)를 사용하여 메인제어장치(300)에 접속할 때에는 단말기(500)의 고유정보가 같이 전송되어 메인제어장치(300)에서 접속을 요청하는 단말기(400)를 특정할 수 있어 등록된 단말기(500)만 접속을 가능하게 한다.That is, when accessing the main control device 300 using the terminal 500, the unique information of the terminal 500 is transmitted together, so that the main control device 300 can specify the terminal 400 requesting access. Only the registered terminal 500 enables access.
그리고, 외부에서 단말기(500)를 통하여 메인제어장치(300)로 접속하는 과정을 살펴보면, 도 5에 도시된 바와 같이, 단말기(500)에서 메인제어장치(300)로 접속 요청 신호를 전송하게 되고, 상기 메인제어장치(300)는 단말기(500)에서 전송한 접속 요청 신호를 수신하게 되면 접속을 요청한 단말기(500)와의 연결을 우선 차단하게 된다.And, looking at the process of accessing the main control device 300 through the terminal 500 from the outside, as shown in FIG. 5 , the terminal 500 transmits a connection request signal to the main control device 300 , and , when the main control device 300 receives the connection request signal transmitted from the terminal 500 , it first blocks the connection with the terminal 500 that has requested the connection.
여기서, 상기 메인제어장치(300)는 접속을 요청한 단말기(500)의 정보를 확인하여 메인제어장치(300)에 구비되는 저장부(320)에 등록된 단말기(500)가 아닐 경우에는 접속을 차단한 상태를 유지하게 되며, 상기 메인제어장치(300)는 접속을 요청한 단말기(500)가 저장부(320)에 등록된 단말기(500)일 경우에는 접속을 요청한 단말기(500)로 접속 요청을 하여 연결하게 된다.Here, the main control device 300 checks the information of the terminal 500 that has requested access, and blocks the access if it is not the terminal 500 registered in the storage unit 320 provided in the main control device 300 . In the case where the terminal 500 that requested the connection is the terminal 500 registered in the storage 320, the main control device 300 makes a connection request to the terminal 500 that requested the connection. will connect
이때, 상기 메인제어장치(300)의 저장부(320)에는 단말기(500)의 전화번호가 저장되어, 접속을 요청한 단말기(500)의 전화번호를 확인하여 등록된 단말기(500)인지를 확인할 수 있으며, 단말기(500)로 접속 요청을 할 때에는 등록된 전화번호로 접속을 요청하게 된다.At this time, the phone number of the terminal 500 is stored in the storage unit 320 of the main control device 300, and the phone number of the terminal 500 that has requested access can be checked to determine whether it is a registered terminal 500. In addition, when a connection request is made to the terminal 500, the connection is requested through a registered phone number.
그래서, 외부에서 단말기(500)를 통하여 메인제어장치(300)로 접속을 시도할 때, 외부인이 등록되지 않은 단말기(500)를 사용할 경우 이를 차단할 수 있어 등록된 관리자만이 접속하여 내부장치(400)를 제어할 수 있게 된다.Therefore, when an external person tries to connect to the main control device 300 through the terminal 500, if an outsider uses the unregistered terminal 500, it can be blocked, so only a registered administrator accesses the internal device 400 ) can be controlled.
즉, 요즘에는 발신자 번호를 사칭하는 경우도 종종 있는데, 발신자 번호를 등록된 전화번호로 사칭하여 접속을 시도하더라도 접속 요청시 일단 접속을 차단하고, 메인제어장치(300)가 해당 발신자 번호로 다시 접속 요청신호를 전송하게 되므로 전화번호를 사칭한 단말기(500)로는 접속 요청신호가 가지 않게 되므로 사칭한 전화번호로 접속을 시도하더라도 이를 차단할 수 있게 된다.That is, these days, there are often cases where the caller number is impersonated. Even if access is attempted by impersonating the caller number as a registered phone number, the connection is once blocked when an access request is made, and the main control device 300 reconnects with the caller number. Since the request signal is transmitted, the connection request signal does not go to the terminal 500 masquerading as a phone number, so that even if an attempt is made to access the impersonated phone number, it can be blocked.
물론, 상기 메인제어장치(300)의 메인통신모듈(310)은 일반적인 통신을 가능하게 할 뿐만 아니라, 모뎀기능을 구비하여 전화 통신망을 통하여 접속을 가능하게 하며, 단말기(500) 역시 스마트폰으로 이루어지고 모뎀기능이 가능한 어플리케이션이 설치되어 있어 메인제어장치(300)와 통신을 가능하게 한다.Of course, the main communication module 310 of the main control device 300 not only enables general communication, but also has a modem function to enable connection through a telephone communication network, and the terminal 500 is also made of a smartphone. An application capable of a modem function is installed to enable communication with the main control device 300 .
한편, 상기 메인제어장치(300)의 저장부(320)에는 단말기(500)의 정보가 저장되는데, 상기 저장부(320)에는 각 단말기(500)마다 제어할 수 있는 내부장치(400)를 제한하는 권한을 설정할 수도 있다.Meanwhile, information of the terminal 500 is stored in the storage unit 320 of the main control device 300 , and the storage unit 320 limits the internal device 400 that can be controlled for each terminal 500 . You can also set permissions.
즉, 홈오토메이션의 경우에는 모든 가족 구성원을 관리자로 설정하고, 권한도 모든 내부장치(400)를 제어 가능하도록 설정하더라도 문제가 없지만, 회사나 공장과 같이 규모가 큰 곳에서는 한 명의 관리자로는 원활한 제어가 불가능하기 때문에 여러 명의 관리자를 두게 되는데, 각 관리자마다 제어할 수 있는 내부장치(400)의 한계를 다르게 설정함으로써, 일반적인 문제는 직급이 낮은 관리자가 제어할 수 있게 하지만 회사나 공장의 중요한 기밀에는 직급이 낮은 관리자의 접근을 차단하여 기밀이 유출되는 것을 방지할 수 있게 한다.That is, in the case of home automation, there is no problem even if all family members are set as administrators and permissions are set to be able to control all internal devices 400, but in a large place such as a company or factory, one manager can Because it is impossible to control, there are several managers. By setting the limit of the internal device 400 that can be controlled differently for each manager, a general problem is that a lower-ranking manager can control it, but important secrets of the company or factory It is possible to prevent the leakage of confidential information by blocking the access of low-ranking managers.
이상에서 본 발명의 바람직한 실시 예를 설명하였으나, 본 발명의 권리범위는 이에 한정되지 않으며, 본 발명의 실시 예와 실질적으로 균등한 범위에 있는 것까지 본 발명의 권리 범위가 미치는 것으로 본 발명의 정신을 벗어나지 않는 범위 내에서 당해 발명이 속하는 기술분야에서 통상의 지식을 가진 자에 의해 다양한 변형 실시가 가능한 것이다.Although preferred embodiments of the present invention have been described above, the scope of the present invention is not limited thereto, and the scope of the present invention extends to those substantially equivalent to the embodiments of the present invention. Various modifications are possible by those of ordinary skill in the art to which the invention pertains without departing from the scope of the invention.
본 발명은 사물인터넷 해킹 방지 시스템에 관한 것으로서, 더욱 상세하게는 사물인터넷 방식으로 연결되는 다수의 내부장치를 외부에서 제어하기 위해서는 등록된 단말기만을 사용할 수 있도록 하며 등록된 단말기를 사칭하여 접속하는 상황도 방지할 수 있어 해킹을 안정적으로 방지할 수 있는 사물인터넷 해킹 방지 시스템에 관한 것이다.The present invention relates to an IoT hacking prevention system, and more particularly, a situation in which only a registered terminal can be used in order to externally control a plurality of internal devices connected in an Internet of Things method, and a situation in which a registered terminal is impersonated It relates to an IoT hacking prevention system that can prevent hacking and reliably prevent hacking.

Claims (6)

  1. 서로 통신으로 연결되는 다수의 내부장치와,A plurality of internal devices connected to each other by communication,
    상기 내부장치와 통신으로 연결되는 메인제어장치와,a main control device connected by communication with the internal device;
    상기 메인제어장치에 접속하여 상기 내부장치를 제어하는 단말기로 이루어지는 것을 특징으로 하는 사물인터넷 해킹 방지 시스템.Internet of Things (IoT) hacking prevention system, characterized in that the terminal is connected to the main control device to control the internal device.
  2. 제1항에 있어서,According to claim 1,
    상기 메인제어장치에는 단말기의 정보가 저장되어 등록된 단말기만 접속 가능한 것을 특징으로 하는 사물인터넷 해킹 방지 시스템.Internet of Things (IoT) hacking prevention system, characterized in that the main control device stores terminal information and only registered terminals can access it.
  3. 제2항에 있어서,3. The method of claim 2,
    상기 메인제어장치는 단말기에서 접속 요청 신호가 수신되면 접속을 요청한 단말기와의 연결을 차단하고,When the connection request signal is received from the terminal, the main control device blocks the connection with the terminal requesting access,
    접속을 요청한 단말기가 상기 메인제어장치에 등록된 단말기일 경우, 상기 메인제어장치가 접속을 요청한 단말기로 접속을 요청하여 연결되는 것을 특징으로 하는 사물인터넷 해킹 방지 시스템.If the terminal requesting access is a terminal registered in the main control device, the main control device requests access to the terminal requesting access and connects to the terminal.
  4. 제3항에 있어서,4. The method of claim 3,
    상기 메인제어장치에는 등록된 단말기의 전화번호가 저장되며,The main control device stores the phone number of the registered terminal,
    상기 메인제어장치는 전화 통신망을 통하여 등록된 전화번호로 접속을 시도하는 것을 특징으로 하는 사물인터넷 해킹 방지 시스템.The main control device is an Internet of Things (IoT) hacking prevention system, characterized in that it attempts to access a registered phone number through a telephone communication network.
  5. 제2항에 있어서,3. The method of claim 2,
    상기 메인제어장치에는 단말기의 정보가 저장되되,The main control device stores information of the terminal,
    단말기의 권한을 설정하여 제어할 수 있는 내부장치를 제한하는 것을 특징으로 하는 사물인터넷 해킹 방지 시스템.Internet of Things (IoT) hacking prevention system, characterized in that it limits the internal devices that can be controlled by setting the authority of the terminal.
  6. 제1항에 있어서,According to claim 1,
    상기 메인제어장치는 내부장치의 정보를 실시간으로 수신받고, 설정된 정보를 등록된 단말기로 전송하는 것을 특징으로 하는 사물인터넷 해킹 방지 시스템.The main control device receives the information of the internal device in real time, and transmits the set information to the registered terminal.
PCT/KR2019/018438 2019-12-26 2019-12-26 System for preventing hacking of internet of things WO2021132756A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/KR2019/018438 WO2021132756A1 (en) 2019-12-26 2019-12-26 System for preventing hacking of internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/KR2019/018438 WO2021132756A1 (en) 2019-12-26 2019-12-26 System for preventing hacking of internet of things

Publications (1)

Publication Number Publication Date
WO2021132756A1 true WO2021132756A1 (en) 2021-07-01

Family

ID=76574787

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2019/018438 WO2021132756A1 (en) 2019-12-26 2019-12-26 System for preventing hacking of internet of things

Country Status (1)

Country Link
WO (1) WO2021132756A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030217110A1 (en) * 2002-05-16 2003-11-20 Weiss Eugene S. Home gateway server appliance
US20090086688A1 (en) * 2007-10-01 2009-04-02 Verizon Services Organization Inc. Remote access to a customer home network
KR20120064916A (en) * 2010-12-10 2012-06-20 주식회사 케이티 Method and apparatus for controlling home network access using phone numbers, and system thereof
KR20170132017A (en) * 2016-05-23 2017-12-01 엘지전자 주식회사 Method for controlling mobile terminal
KR20200029786A (en) * 2018-09-11 2020-03-19 주식회사 성강이지에스 a prevention system of hacking for internet of things

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030217110A1 (en) * 2002-05-16 2003-11-20 Weiss Eugene S. Home gateway server appliance
US20090086688A1 (en) * 2007-10-01 2009-04-02 Verizon Services Organization Inc. Remote access to a customer home network
KR20120064916A (en) * 2010-12-10 2012-06-20 주식회사 케이티 Method and apparatus for controlling home network access using phone numbers, and system thereof
KR20170132017A (en) * 2016-05-23 2017-12-01 엘지전자 주식회사 Method for controlling mobile terminal
KR20200029786A (en) * 2018-09-11 2020-03-19 주식회사 성강이지에스 a prevention system of hacking for internet of things

Similar Documents

Publication Publication Date Title
US7640349B2 (en) Systems and methods for providing secure access to household terminals
CN110519306B (en) Equipment access control method and device of Internet of things
WO2013100419A1 (en) System and method for controlling applet access
WO2013085217A1 (en) Security management system having multiple relay servers, and security management method
WO2016148483A1 (en) Apparatus and method for managing home energy using beacon in home energy management system
US20050177640A1 (en) Method for selectively providing access to voice and data networks by use of intelligent hardware
KR101751910B1 (en) Method and apparatus for controlling delegation of authority for internet-of-things device, and method and apparatus for controlling access to internet-of-things device
WO2016190663A1 (en) Security management device and security management method in home network system
KR102270432B1 (en) a prevention system of hacking for internet of things
WO2021132756A1 (en) System for preventing hacking of internet of things
WO2019093581A1 (en) Device and method for providing terminal management and message filtering in lora network
CN107483514A (en) Attack monitoring device and smart machine
KR200495991Y1 (en) Multiplexer providing security function to networks in a household of home networks in an apartment house
CN102710625A (en) Method for controlling external terminal to access electric appliance and home gateway
US8555341B2 (en) Method, apparatus, and system for network security via network wall plate
JP4647440B2 (en) Network service security system and network service security method
CN208985237U (en) Remote authorization device and system based on building conversational system
WO2016117776A1 (en) Router-based harmful site blocking system and method therefor
KR100381171B1 (en) Home Appliance Controlling System and Operating Method for the Same
CN107659932B (en) Equipment access method and device
WO2012128423A1 (en) Networking system for smart matching using a router
WO2023140398A1 (en) Method for setting linking by means of door lock administrator right
JP2022147898A (en) Illegal access monitoring system and illegal access monitoring method
KR20080017164A (en) A information access control service system and its method on a home gateway
JP2001014023A (en) Monitor control system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19957276

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19957276

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 13/12/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 19957276

Country of ref document: EP

Kind code of ref document: A1