LOCK SYSTEM USING FIDO AUTHENTICATION

Abstract

Disclosed is a lock system of a device by using FIDO authentication, the lock system including: an input terminal to which a biometric FIDO authenticator registered to a relying party on the cloud is inserted; an agent which receives an authentication message from the biometric FIDO authenticator and attempts FIDO authentication to a relying party when the biometric FIDO authenticator is inserted into the input terminal and biometric information of a user registered to the relying party is input to the biometric FIDO authenticator, and generates a lock releasing signal when an authentication response is received; and an operation control unit which releases a lock so that the device is operable when the lock releasing signal is received.

Claims

1. A lock system of a device by using FIDO authentication, the lock system comprising: an input terminal to which a biometric FIDO authenticator registered to a relying party on the cloud is inserted; an agent which receives an authentication message from the biometric FIDO authenticator and challenges FIDO authentication to a relying party when the biometric FIDO authenticator is inserted into the input terminal and biometric information of a user registered to the relying party is input to the biometric FIDO authenticator, and generates a lock releasing signal when an authentication response is received; and an operation control unit which releases a lock so that the device is operable when the lock releasing signal is received.

2. The lock system of claim 1, wherein when the biometric FIDO authenticator is separated from the input terminal, the agent generates a lock signal, and the operation control unit controls the device to be locked so that the device is inoperable when the lock signal is received.

3. The lock system of claim 1, further comprising: a transmission unit which transmits an event at the time of the use of the device by the user to an external device based on the lock releasing signal.

4. The lock system of claim 1, wherein the agent is connected to the relying party via a LoRa network.

Description

DESCRIPTION OF DRAWINGS

[0016] FIG. 1 is a block diagram illustrating an example of a lock system using FIDO authentication according to an exemplary embodiment of the present invention.

[0017] FIG. 2 is a block diagram illustrating an example of a device access control system using FIDO authentication according to an exemplary embodiment of the present invention, and illustrates a drone controller as an example of the device.

BEST MODE

[0018] Hereinafter, an exemplary embodiment of the present disclosure will be described in detail with reference to the accompanying drawings. The advantages and characteristics of the present invention, and a method for achieving the advantages and characteristics will become clear by referring to the exemplary embodiment, which is described in detail, together with the accompanying drawings. However, the present disclosure is not limited to exemplary embodiments disclosed herein but will be implemented in various forms, and the exemplary embodiments are provided so that the present disclosure is completely disclosed, and a person of ordinary skilled in the art can fully understand the scope of the present disclosure, and the present disclosure will be defined only by the scope of the appended claims. Throughout the specification, the same reference numeral indicates the same constituent element.

[0019] Unless otherwise defined, all of the terms (including technical and scientific terms) used in the present specification may be used as a meaning commonly understandable by those skilled in the art. Further, terms defined in a generally used dictionary shall not be construed as being ideal or excessive in meaning unless they are clearly defined.

[0020] Further, the connection of a specific member or module to the front, rear, left, right, top, or bottom of another member or module may include not only a direct connection, but also a case where the specific member or module is connected to the front, rear, left, right, top, or bottom of another member or module with another third member or module interposed therebetween. Further, a member or module performing a specific function may be divided into and implemented with two or more members or modules by dividing the function, and on the contrary, two or more members or modules each having a function may be combined and implemented as one member or module by combining the functions. Further, a specific electronic functional block may be implemented by execution of software, and may also be implemented in the form in which the software is implemented in hardware through an electric circuit.

Basic Configuration

[0021] The present invention relates to a lock system 30 of a device (in FIG. 2, a drone controller is exemplified) using FIDO authentication. Lock and unlock of the device are the concepts including an operation control, the control of the right of use, the control of access of the device, as well as an entrance through a door.

[0022] The lock system 30 of the present invention includes an input terminal 32, an agent 34, and an operation control unit 36.

[0023] The input terminal 32 is the terminal that enables a biometric FIDO authenticator 20 registered in a relying party 40 on the Cloud to be inserted. Herein, the terminal is the concept of the connection interface, and is the concept including both wired and wireless.

[0024] For example, when the biometric FIDO authenticator 20 includes, for example, a USB interface, the input terminal also includes a corresponding USB interface corresponding to that of the biometric FIDO authenticator 20. For example, when the biometric FIDO authenticator 20 includes, for example, a Bluetooth interface, the input terminal also includes a Bluetooth interface corresponding to that of the biometric FIDO authenticator 20, and in this case, a physical terminal that appears externally may not exist.

[0025] Original biometric information of a user 10 is registered in the biometric FIDO authenticator 20 and user information and verification data for the original biometric information is registered in the relying party 40.

[0026] The agent 34 is a means for generating a lock signal or a lock releasing signal according to an authentication result, and may be formed of hardware or software. When the biometric FIDO authenticator 20 is inserted into the input terminal 32, and instantaneous biometric information of the user 10 registered in the relying party 40 is input to the biometric FIDO authenticator 20, the biometric FIDO authenticator 20 verifies the instantaneous biometric information by the original biometric information and outputs an authentication message when sameness is approved, and the agent 34 receives an authentication message from the biometric FIDO authenticator 20 and challenges the FIDO authentication to the relying party 40. The relying party 40 outputs an authentication response when the registered user information and the verification data for original biometric information are verified through the authentication message. As a result, the agent 34 generates the lock release signal when an authentication response is received.

[0027] The operation control unit 36 is the control element for releasing the lock, that is unlocking so that the device becomes operable when the lock releasing signal is received. The lock of the device may be achieved, for example, by disconnection of power supplied to an actuator such as a motor, by a mechanical brake on an operating part such as a control stick, or by disconnection of a signal transceiving unit such as an antenna. That is, locking is preventing the device from performing an original function of the device, and releasing the lock, that is, unlocking, is making the device recover a function of the device.

[0028] By the foregoing configuration, when the biometric FIDO authenticator 20 is inserted into the input terminal 32 and the instantaneous biometric information of the user 10 is input to the biometric FIDO authenticator 20, the agent 34 receives an authentication message from the biometric FIDO authenticator 20 and attempts FIDO authentication to the relying party 40 on the Cloud, and as a result, when the agent 34 receives an authentication response, the agent 34 generates a lock releasing signal and thus the operation control unit 36 releases the lock of the device.

[0029] Herein, only when the biometric FIDO authenticator 20 expected to be possessed by the rightful user 10 registered in the relying party is present in the input terminal 32 (proof of presence) and the right biometric information, such as the fingerprint, irises, face, vein, and voiceprint, of the user 10 is input to the biometric FIDO authenticator 20, the authentication message is transmitted from the biometric FIDO authenticator 20 to the agent 34 of the device at last. Accordingly, only when both the user 10 registered in the relying party and the biometric FIDO authenticator 20 are rightful, the authentication message is generated, thereby increasing a security level.

[0030] Further, only when the authentication message is verified by the relying party and the authentication response is generated, the lock is released (unlock), thereby increasing a security level.

[0031] <Performance of Lock>

[0032] Herein, when the biometric FIDO authenticator 20 is separated from the input terminal 32, the agent 34 generates a lock signal, and when the operation control unit 36 receives the lock signal, the operation control unit 36 may control the device to be locked so that the device is inoperable.

[0033] That is, in the state where the device is unlocked, when the biometric FIDO authenticator 20 is separated from the input terminal 32, the unlock state of the device is immediately switched to the lock state. Accordingly, it is possible to prevent illegal use of the device.

[0034] <External Transmission of Usage History>

[0035] Herein, the present invention may further include a transmission unit (not illustrated) which transmits an event at the time of the use of the device by the user 10 to an external device (not illustrated) based on the lock releasing signal.

[0036] For example, in the case of a drone education, the input terminal 32, the agent 34, and the operation control unit 36 are provided in the drone controller, and a wireless transmission unit is provided so as to permit (unlock) the use of the drone controller by the user 10 who is a specific student and transmit a drone operation history of the user 10 to a credit (score) server that is an external device, thereby promoting scientific credit (score) evaluation.

[0037] <Authentication Path>

[0038] For example, the agent 34 may be configured to be connected with the relying party 40 through a LoRa network.

[0039] The LoRa is one of the low-power wide-area networks, and has suitable performance for FIDO authentication because the LoRa can cover a distance of several tens of kilometers.

[0040] While the exemplary embodiment of the present invention has been described with reference to the accompanying drawings, and it will be understood by those skilled in the art that the present invention may be made in other specific forms without the change of the technical spirit or the essential features of the present invention. Therefore, it should be understood that the aforementioned exemplary embodiments are all illustrative and are not limited in all aspects.

INDUSTRIAL APPLICABILITY

[0041] The present invention is usable to an industry of a lock system using FIDO authentication.

EXPLANATION OF REFERENCE NUMERALS AND SYMBOLS

[0042] 10: User

[0043] 20: Biometric FIDO authenticator

[0044] 30: Lock system

[0045] 32: Input terminal

[0046] 34: Agent

[0047] 36: Operation control unit

[0048] 40: Relying party