KR102030053B1 - Parking management system and method supporting lightweight security - Google Patents

Abstract

The present invention relates to a parking control system and method for supporting a lightweight security method, and more particularly, to an error coefficient used for time synchronization with a terminal and a hash of a block chain to generate an encryption key for communication with the terminal. Security and security complexity at the same time to improve the security complexity provides a lightweight security method, and also through the block chain to ensure the security of the encryption key, and the encryption through the encryption key between the terminals configured in the end The present invention relates to a parking control system and method for supporting a lightweight security scheme configured to perform parking control based on communication.

Description

Parking control system and method supporting lightweight security

The present invention relates to a parking control system and method for supporting a lightweight security method, and more particularly, to an error coefficient used for time synchronization with a terminal and a hash of a block chain to generate an encryption key for communication with the terminal. Security and security complexity at the same time to improve the security complexity provides a lightweight security method, and also through the block chain to ensure the security of the encryption key, and the encryption through the encryption key between the terminals configured in the end The present invention relates to a parking control system and method for supporting a lightweight security scheme configured to perform parking control based on communication.

Currently, various security methods for the security of data transmitted / received between devices constituting various systems such as a video surveillance system, an IoT system, a parking control system, etc. have emerged, and the importance of such data security is directly related to data reliability, which is becoming increasingly important. .

However, the existing encryption method is so complicated that the server that manages the system can have a hardware configuration that supports the encryption method, but it is difficult to support such a security protocol when the end device communicating with the server in the system is a low-performance device. There is.

Even if a hardware configuration supporting a security protocol is possible for such an end device, the load on the end device is significant when communicating with the server, which may cause communication failures and communication delays caused by such a load, thereby deteriorating system stability and reliability. There is a problem.

Korea Patent Registration No. 10-0577875

The present invention can be easily applied to the terminal even when the terminal constituting the system is configured as a low-performance device, and provides a lightweight security method using a symmetric encryption key to secure the security of the communication session with the terminal securely. Rather, the purpose is to ensure the stability and reliability of the system by lowering the processing load of the security related terminal.

In addition, the present invention has an object to ensure the security of the entire system by easily detecting the forgery of the symmetric encryption key used in communication with the terminal to ensure the security of the encryption key.

Parking control system that supports a lightweight security method according to an embodiment of the present invention, and communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypting the specific terminal In the pre-stored shared ledger used for the block chain for key generation, the new block associated with the encryption key of the specific terminal is identified with the previous block to be connected, and the existing block includes information related to other encryption keys of other terminals. The other key information and the existing key block including a hash value used to generate another encryption key related to another terminal, identification information of the other terminal, and another encryption key related to another terminal in a hash algorithm preset in a key block. Extract the existing keyblock hash value obtained by applying the generation time of Generating an encryption key for the specific terminal by applying an error coefficient according to the time error with the specific terminal and the existing keyblock hash value measured through the inter-synchronization to a preset hash algorithm, and the same encryption key in the specific terminal A security server configured to transmit the existing keyblock hash value so as to generate a specific algorithm, and a preset hash algorithm for the error coefficient according to time synchronization with the security server and the existing keyblock hash value received from the security server. To generate the encryption key, and perform a vehicle number recognizer and a parking fee settlement based on data received from at least one of at least one CCTV camera, at least one parking guidance terminal, and at least one parking sensor. Among the breakers that open and close the unmanned payment At least one control target is connected to a parking control server that performs a parking control or is configured as a module inside the parking control server and transmits the encrypted data generated by the parking control server with the encryption key or transmits the parking. It may include a proxy device for decrypting the received data encrypted with the encryption key received by the control server with the encryption key.

The parking control system supporting the lightweight security scheme according to another embodiment of the present invention communicates with a plurality of different terminals through a communication network, performs time synchronization with a specific terminal according to a preset synchronization protocol, In the pre-stored shared ledger used in the blockchain for generating an encryption key, a new block associated with the encryption key of the specific terminal is identified and a previous block to be connected, and stored in the previous block to store other encryption key related information of another terminal. The other encryption key related information and the existing key including a hash value used to generate another encryption key related to another terminal, identification information of the other terminal, and another encryption key related to another terminal in a hash algorithm preset in an existing key block. Extract the existing keyblock hash value obtained by applying the generation time of the block, Generates an encryption key for the specific terminal by applying an error coefficient according to a time error with the specific terminal measured through time synchronization and the existing keyblock hash value to a preset hash algorithm, and encrypts the same at the specific terminal. Applying an encryption key generation process for the specific terminal that transmits the existing keyblock hash value to generate a key for each of the plurality of terminals to generate different encryption keys in the plurality of terminals, the plurality of terminals A security server configured to generate and store the same encryption key as each generated encryption key, and one of the plurality of terminals, and generating a first encryption key according to the encryption key generation process through communication with the security server. And connected to the parking control server for parking control or the And a second proxy key configured as a module to generate a second encryption key according to the encryption key generation process through communication with the security server and configured as another one of the plurality of terminals, the CCTV camera or the parking guidance terminal, and And a second proxy device connected to an end device configured with any one of the parking sensors or configured as a module inside the end device, wherein the security server is configured to include the first and the second proxy devices from any one of the first and second proxy devices. 2 when the other one of the proxy devices receives a communication request with the communication target connected to the first proxy device and transmits the second encryption key to the first proxy device, the parking control server and the Data transmitted / received between the end device is transmitted by the one of the first and second proxy devices to the first and second devices. 2 may be characterized by being encrypted with one of the encryption keys.

As an example related to the present invention, the security server may generate a transaction for a transmission / reception process of the first and second encryption keys, generate a block including the transaction, and store the transaction in the shared ledger. have.

As an example related to the present invention, the security server encrypts and transmits the second encryption key with the first encryption key when transmitting the second encryption key to the first proxy device, and transmits the first encryption key to the second proxy device. When the encryption key is transmitted, the first encryption key is encrypted and transmitted using the second encryption key, and the first proxy device decrypts the encrypted second encryption key with the first encryption key, and the second proxy device encrypts the encrypted key. The first encryption key may be decrypted with the second encryption key.

As an example related to the present invention, the second proxy apparatus may transmit transmission data including one of an image generated by the CCTV camera, state information of the parking guidance terminal, and sensing information of the parking sensor. The second encryption key may be encrypted and transmitted to the first proxy device.

Parking control system supporting a lightweight security scheme according to another embodiment of the present invention, the communication with a plurality of different terminals through a communication network and performs a time synchronization with a specific terminal according to a preset synchronization protocol, the specific terminal In the pre-stored shared ledger used in the blockchain to generate the encryption key of the identification block, the new block associated with the encryption key of the specific terminal is identified with the previous block to be connected. The other encryption key related information including the hash value used to generate another encryption key related to another terminal, identification information of the other terminal, and another encryption key related to the other terminal in a hash algorithm preset in a stored existing key block, and the existing information. Extract the existing keyblock hash value obtained by applying the generation time of the keyblock, Generates an encryption key for the specific terminal by applying an error coefficient according to the time error with the specific terminal and the existing keyblock hash value measured through the time synchronization to a preset hash algorithm, and the same encryption in the specific terminal Applying an encryption key generation process for the specific terminal that transmits the existing keyblock hash value to generate a key for each of the plurality of terminals to generate different encryption keys in the plurality of terminals, the plurality of terminals A security server configured to generate and store the same encryption key as each generated encryption key, and one of the plurality of terminals, and generating a first encryption key according to the encryption key generation process through communication with the security server. , Connected to the parking control server for parking control or of the parking control server A second proxy key configured as a module in the unit and another one of the plurality of terminals and configured to generate a second encryption key according to the encryption key generation process through communication with the security server, and induces a CCTV camera or parking The encryption key is generated through communication with the security server and configured with another of the second proxy device and the plurality of terminals connected to an end device configured as one of a terminal and a parking sensor or configured as a module inside the end device. And generating a third encryption key according to the procedure, connected to a control target device configured as one of a vehicle number recognizer, an unattended payment machine, and a breaker or configured as a module inside the control target device. The security server may be configured to store the first server within the first from a specific proxy device of the first to third proxy devices. A specific encryption corresponding to the specific proxy device among the first to third encryption keys when another proxy device, which is one of the third proxy devices except for the specific proxy device, is connected or receives a communication request with a communication target configured therein. Transmits a key to the other proxy device, and transmits another encryption key corresponding to the other proxy device among the first to third encryption keys to the specific proxy device, so that the parking control server, the terminal device, and the control target The data transmitted and received between the devices may be encrypted by any one of the first to third encryption keys by any one of the first to third proxy devices.

The parking control system supporting the lightweight security method according to an additional embodiment of the present invention communicates with a plurality of different terminals through a communication network, performs time synchronization with a specific terminal according to a preset synchronization protocol, In the pre-stored shared ledger used in the blockchain for generating an encryption key, a new block associated with the encryption key of the specific terminal is identified and a previous block to be connected, and stored in the previous block to store other encryption key related information of another terminal. The other encryption key related information and the existing key including a hash value used to generate another encryption key related to another terminal, identification information of the other terminal, and another encryption key related to another terminal in a hash algorithm preset in an existing key block. Extract the existing keyblock hash value obtained by applying the generation time of the block, Generates an encryption key for the specific terminal by applying an error coefficient according to a time error with the specific terminal measured through time synchronization and the existing keyblock hash value to a preset hash algorithm, and encrypts the same at the specific terminal. Applying an encryption key generation process for the specific terminal that transmits the existing keyblock hash value to generate a key for each of the plurality of terminals to generate different encryption keys in the plurality of terminals, the plurality of terminals In the process of generating the encryption key through communication with the security server, including a security server for generating and storing the same encryption key and the first proxy device configured as any one of the plurality of terminals; A parking control server for controlling a parking for generating a first encryption key according to the plurality; A second encryption device according to the encryption key generation process through communication with the security server, including a second proxy device configured as another one of terminals of at least one of a CCTV camera, a parking guidance terminal, and a parking sensor A third proxy device configured to generate a third encryption key according to the encryption key generation process through communication with the security server, including a terminal device configured to include a third proxy device configured as another one of the plurality of terminals and the plurality of terminals, and a vehicle number And a control target device including at least one of a recognizer, an unmanned payer, and a blocker, wherein the security server is configured to include the specific proxy of the first to third proxy devices from a specific proxy device of the first to third proxy devices. Any other proxy device other than the device is connected to or communicates with internally configured communication destinations. Sending a specific encryption key corresponding to the specific proxy device among the first to third encryption keys to the other proxy device when receiving a new request, and another encryption corresponding to the other proxy device among the first to third encryption keys. Transmits a key to the specific proxy device so that data transmitted / received between the parking control server, the terminal device, and the control target device is transmitted by one of the first to third proxy devices to the first to third encryption keys. It may be characterized in that the encryption to any one of.

In a parking control method of a parking control system including a security server and a proxy device according to an embodiment of the present invention, the security server performs time synchronization with a specific terminal according to a preset synchronization protocol; Identifying a previous block that is to be connected with a new block associated with the encryption key of the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the terminal, and the security server is included in the previous block for another terminal A hash value used to generate another encryption key related to another terminal, identification information of the other terminal, and another encryption key related to the other terminal to a hash algorithm preset in an existing key block in which the other encryption key related information is stored; A device obtained by applying encryption key related information and generation time of the existing key block Extracting a keyblock hash value and generating the encryption key by applying an error coefficient according to a time error with the specific terminal and the existing keyblock hash value measured through the time synchronization to a preset hash algorithm; Transmitting, by the security server, the existing keyblock hash value to generate the encryption key at the specific terminal, and configured as the specific terminal, from at least one of one or more CCTV cameras, one or more parking guidance terminals, and one or more parking sensors. A vehicle number recognizer for recognizing a vehicle number based on the received data, an unmanned payer for performing parking fee settlement, and a breaker for opening / closing a blocking rod to control at least one control target to perform a parking control; Program configured as a module inside the parking control server The proxy device generates the encryption key by applying an error coefficient according to time synchronization with the security server and the existing keyblock hash value received from the security server to a preset hash algorithm, and transmits the generated traffic key from the parking control server. Transmitting data by encrypting the data with the encryption key, or performing parking control by decrypting the received data encrypted with the encryption key received by the parking control server with the encryption key.

The present invention combines a time error generated during a time synchronization process with a terminal and a hash generated based on encryption key related information of another terminal stored in a blockchain to secure a communication session between the service providing device and the terminal. By generating the encryption key of the terminal as a hash through the hash algorithm, by creating a symmetric encryption key that is not inductive and highly secure, and based on this, the data transmitted and received through the communication session is encrypted, so it is composed of a hash By providing a lightweight security method using a high symmetric encryption key, it not only secures the security of the communication session with the terminal, but also reduces the processing load of the terminal in connection with security, so that the terminal is easily configured even when the terminal is configured as a low performance device. High security and trust with respect to sending and receiving data while being applicable It has the effect of guaranteed.

In addition, the present invention uses a block chain to check the forgery of the encryption key, in addition to the block generated based on the transaction generated in the encryption key generation process corresponding to the information and the encryption key used in the generation of the encryption key By using the identification information of the terminal and the encryption key to generate a separate key block for forgery of the encryption key distinguished from the block and stored in the shared ledger so that they are connected like a chain between different key blocks, encryption as well as encryption key When the forgery of the key-related information is generated to be easily detected, there is an effect of increasing the security of the encryption key used for encryption of the communication session.

In addition, the present invention configures a proxy device for generating an encryption key through communication with a security server for each of a plurality of devices related to parking control, and the security server communicates with each other for each of the devices through communication with the proxy device. It is possible to generate another unique encryption key, and when the communication between the device to support the mutual exchange of the encryption key between the proxy device by the encryption device for the parking control related data transmitted and received between the device through the proxy device By using encryption to support the end-to-end encryption through a high-security encryption key, as well as saving the encryption key exchange on a blockchain basis, it is possible to increase the security and convenience of encryption key management. In addition, to ensure reliable and secure parking control You may wish.

1 is a block diagram of a parking control system configured with a security service providing apparatus supporting a lightweight security scheme according to an embodiment of the present invention.
2 is a view illustrating an operation of a security service providing method of a security service providing apparatus supporting a lightweight security scheme according to an embodiment of the present invention.
3 is a flowchart illustrating a security service providing method supporting a lightweight security scheme according to an embodiment of the present invention.
4 is an exemplary diagram of blockchain management of a security service providing apparatus supporting a lightweight security scheme according to an embodiment of the present invention.
5 is a detailed configuration diagram of a security service providing apparatus supporting a lightweight security scheme according to an embodiment of the present invention.
6 to 9 are diagrams illustrating an algorithm related to a security service providing method that supports a lightweight security scheme according to an embodiment of the present invention.
10 is a block diagram of a parking control system supporting a lightweight security method according to an embodiment of the present invention.
11 is an exemplary view illustrating the operation of a parking control system supporting a lightweight security scheme according to an embodiment of the present invention.

Hereinafter, exemplary embodiments of the present invention will be described with reference to the accompanying drawings.

1 is a block diagram of a parking control system configured with a security service providing apparatus 100 supporting a lightweight security scheme according to an embodiment of the present invention, Figures 2 and 3 are the security service providing apparatus (hereinafter, service) It is an operation example and a flowchart of a security service providing method that supports a lightweight security method of the providing device (100).

A detailed operation configuration of the present invention will be described with reference to FIGS. 1 to 3.

As shown, the service providing apparatus 100 may be interconnected with one or more terminals 10 through a communication network, and the service providing apparatus 100 may store a blockchain-based shared ledger in advance. .

At this time, the communication network may be applied to a variety of well-known wired and wireless communication methods, and examples of such wireless communication networks include a wireless LAN (WLAN), a DLNA (Digital Living Network Alliance), a Wi-Fi (Wibro), and a WiMAX (World). Interoperability for Microwave Access: Wimax, Global System for Mobile Communication (GSM), Code Division Multi Access (CDMA), Code Division Multi Access 2000 (CDMA2000), Enhanced Voice-Data Optimized or Enhanced Voice-Data Only (EV-DO) Wideband CDMA (WCDMA), High Speed Downlink Packet Access (HSDPA), High Speed Uplink Packet Access (HSUPA), IEEE 802.16, Long Term Evolution (LTE), Long Term Evolution-Advanced (LTE-A), Wireless Mobile Broadband Service (WMBS), 5G Mobile Service, Bluetooth, LoRa (Long Range), RFID (Radio Frequency Identification), Infrared Data Association (IrDA), UWB (Ultra) Wideband, ZigBee, Inn Near Field Communication (NFC), Ultra Sound Communication (USC), Visible Light Communication (VLC), Wi-Fi, Wi-Fi Direct, etc. Can be. In addition, wired communication networks include wired LAN (Local Area Network), wired WAN (Wide Area Network), Power Line Communication (PLC), USB communication, Ethernet, serial communication, optical / coaxial Cable and the like.

In addition, the service providing apparatus 100 may be configured as a server, the terminal is a camera, a sensor, a video management system (VMS), a digital video recorder (DVR), a network video recorder (NVR), the Internet of Things A variety of terminals, such as a terminal).

In this case, the camera may be configured as an IP (Internet Protocol) camera.

In addition, the terminal 10 may be configured as an end device.

On the other hand, the service providing apparatus 100 when the terminal 10 is configured as a low-performance device by supporting a lightweight security method while ensuring the security of the communication session (session) during communication with the terminal 10 In addition, it is possible to easily form a secure communication session with the terminal, and also to ensure the security of the encryption key used in the communication session with the terminal 10 to ensure the reliability of the security when communicating with the terminal 10 This can be done in detail.

First, the service providing apparatus 100 may perform time synchronization for each of the one or more terminals 10 according to a preset synchronization protocol.

In this case, the synchronization protocol may be a network time protocol (NTP).

Accordingly, the service providing apparatus 100 may perform time synchronization for each of the one or more terminals 10 according to the synchronization protocol, thereby measuring and storing a time error for each of the terminals 10 (S1). ).

In this case, the specific terminal 10 that performs time synchronization with the service providing device 100 according to the synchronization protocol is equal to the time error measured by the service providing device 100 with respect to the specific terminal 10. Can be calculated and stored.

In this way, the service providing apparatus 100 and the specific terminal 10 may share the same time error.

Meanwhile, the service providing apparatus 100 may be connected to a new block associated with the encryption key of the specific terminal 10 in a pre-stored shared ledger used in the block chain to generate an encryption key for the specific terminal 10. The previous block may be identified (S2).

In this case, the new block may be a block that includes one or more transactions for the encryption key generation process of the specific terminal 10 or is generated based on a transaction related to the encryption key generation process of the specific terminal 10. have.

In addition, the previous block includes one or more transactions for the process of generating an encryption key (other encryption key) of another terminal different from the specific terminal 10 or performs a transaction related to the process of generating an encryption key (other encryption key) of the other terminal. It may be a block generated based on.

That is, the blocks stored in the shared ledger may include a transaction or information related to the transaction for the encryption key generation process of the terminal communicating with the service providing apparatus 100.

In addition, the service providing apparatus 100 is included in the previous block stored in the shared ledger, the other encryption key related to the other terminal in a hash algorithm preset in the existing key block in which the other encryption key related information of the other terminal is stored. An existing keyblock hash value obtained by applying the other encryption key related information including the hash value used for generation, the identification information of the other terminal and the other encryption key related to the other terminal, and the generation time of the existing keyblock may be extracted. It may be (S3).

In this case, the other encryption key related information may include a hash value used to generate another encryption key related to the other terminal, identification information of the other terminal, and another encryption key related to the other terminal, and the generation time of the existing key block. It may also be included in the other encryption key related information. In addition, the existing keyblock may store (include) the existing keyblock hash value.

The other encryption key is a symmetric encryption key shared by the service providing apparatus 100 with the other terminal for data security with the other terminal, and in the same manner as the encryption key generation process of the specific terminal 10. It may be an encryption key generated for the other terminal.

The hash value used to generate the other encryption key may be a keyblock hash value of a previous keyblock connected to the existing keyblock in a shared ledger, and the previous keyblock may correspond to the specific terminal-related encryption key and the other terminal-related other keys. The key block generated in the process of generating an encryption key other than the encryption key and stored in the shared ledger may be a key block including the other encryption key related information. In addition, the previous keyblock may be a keyblock for the other encryption key generated immediately before generation of the other encryption key.

In addition, the service providing apparatus 100 calculates a random number by applying an error coefficient according to a time error with the specific terminal 10 and the existing keyblock hash value measured through the time synchronization to a preset hash algorithm. Then, the random number value can be generated as an encryption key for the specific terminal 10 (S4).

In this case, the hash algorithm described in the present invention may be Secure Hash Algorithm-1 (SHA-1).

In addition, when the previous block is not identified, the service providing apparatus 100 may generate an encryption key for the specific terminal 10 by applying the error coefficient to a preset hash algorithm.

For example, the service providing apparatus 100 may share the previous block that is most recently generated and stored in the shared ledger before generation of a new block scheduled to be generated in association with generating an encryption key of the specific terminal 10. It can be identified in the ledger.

In addition, the apparatus 100 for providing a service applies the information included in the existing keyblock to a hash algorithm in an existing keyblock included in the previous block and includes information related to another encryption key generated for another terminal. The existing keyblock hash value set in the existing keyblock is extracted from the shared ledger to determine whether the information contained in the existing keyblock is forged, and the time error-related error coefficients previously stored for the specific terminal 10 and the The random key value, which is a hash value generated by applying an existing keyblock hash value to a preset hash algorithm, may be generated as an encryption key for the specific terminal 10.

In this case, when the encryption key is generated during the generation period of the specific block constituting the block chain, the service providing apparatus 100 may generate a separate key block for the corresponding encryption key and include it in the specific block. The key block is associated with a generation time of the key block, a key block hash value of another key block which is used to generate a terminal-related encryption key, and a target to be connected to the key block, identification information of the terminal and the terminal-related encryption key. Can be included as information.

Here, the key block hash value used for generating the terminal-related encryption key is a value obtained by hashing information (included) stored in the other key block through a hash algorithm and may be stored (included) or set in the other key block. Can be.

In addition, the generation time of the key block included in the key block may be replaced with a time error related error coefficient for the terminal according to time synchronization between the terminal and the service providing apparatus 100.

For example, the existing key block includes (stores) a time error related error coefficient calculated according to time synchronization between another terminal corresponding to the existing key block and the service providing apparatus 100 instead of the generation time of the existing key block. In order to calculate an existing keyblock hash value of the existing keyblock, the other terminal-related error coefficient may be applied to a hash algorithm instead of the generation time of the existing keyblock to calculate the existing keyblock hash value.

In addition, in the new key block described below, a time error related error coefficient calculated according to time synchronization between the specific terminal 10 corresponding to the new key block and the service providing apparatus 100 instead of the generation time of the new key block. In order to calculate a new keyblock hash value of the new keyblock, an error coefficient related to the specific terminal 10 may be applied to a hash algorithm instead of a generation time of the new keyblock to calculate the new keyblock hash value. Can be.

In addition, the device for providing a service 100 applies a key block which is a block hash value for a key block by applying the encryption key related information included in the key block to a hash algorithm, similarly to interconnecting different blocks using a block hash value. A hash value may be calculated and included in the key block, and the other key block and the key block generated for the other terminal are connected like a chain in a shared ledger by using the key block hash value for generating an encryption key of another terminal. You can do that.

That is, the service providing apparatus 100 may connect different key blocks to each other like a chain through the key block hash value separately from the chain connection of the blocks.

When the information included in the keyblock is forged, the keyblock hash value in the keyblock is changed, so that the service providing apparatus 100 easily modulates the information in the keyblock by changing the keyblock hash value. Forgery can be tracked through the key block separately for the encryption key separately from information stored in blocks other than the key block.

Meanwhile, the service providing apparatus 100 transmits the existing keyblock hash value extracted from the existing keyblock included in the previous block to the specific terminal 10 so that the service providing apparatus 100 at the specific terminal 10. The same encryption key as may be generated (S5).

In this case, the service providing apparatus 100 may generate the encryption key for each of the one or more terminals through the above-described configuration, and may generate different encryption keys between the one or more terminals.

In addition, the specific terminal 10 that has received the existing keyblock hash value from the service providing device 100 relates to a time error measured in the process of performing synchronization between the existing keyblock hash value and the service providing device 100. The encryption coefficient may be generated by applying an error coefficient to the hash algorithm set in the service providing apparatus 100 and applying the preset hash algorithm.

That is, the specific terminal 10 may generate the same encryption key as the encryption key generated corresponding to the specific terminal 10 in the service providing apparatus 100, and the service providing apparatus 100 and the specific terminal (10) Each generated encryption key may be composed of a symmetric encryption key.

In the above-described configuration, when the service providing apparatus 100 is operated in plurality in correspondence with a plurality of different sites (eg, company A service providing apparatus and company B service providing apparatus), the plurality of sites are divided and the encryption is performed. As a weighting factor for weighting a key change, the service providing apparatus 100 may be preset with a unique setting value (or magic number) different from the other service providing apparatus 100.

In addition, the service providing apparatus 100 may share the unique set value with terminals communicating with the service providing apparatus 100.

In addition, the service providing apparatus 100 generates a first random number value by applying the error coefficient related to the specific terminal 10 and the existing keyblock hash value to a hash algorithm, and then the first random number value and the unique set value. The second random number value can be calculated by applying to the hash algorithm again, and the second random number value can be generated as an encryption key of the specific terminal 10.

In addition, the specific terminal 10 also stores in advance the unique setting value of the service providing apparatus 100, and based on the existing key block hash value received from the service providing apparatus 100 and the first random number based on the error coefficient After the value is generated, the second random number value calculated by applying the first random number value and the unique setting value to the hash algorithm again may be generated as an encryption key.

Accordingly, the same second random number value used as an encryption key between the service providing apparatus 100 and the specific terminal 10 may be calculated.

Meanwhile, the service providing apparatus 100 may transmit an encryption key generated in correspondence with the specific terminal 10 to the specific terminal 10 and transmit the encrypted key. The specific terminal 10 may transmit the service providing apparatus 100. After decrypting the encryption key received from the comparison between the encryption key generated in the specific terminal 10 and the encryption key received by the service providing apparatus 100 and the encryption key generated in the specific terminal 10 It can be determined whether or not the same.

In addition, the specific terminal 10 verifies the encryption key generated by the specific terminal 10 according to whether the same or not, and upon completion of verification with the service providing apparatus 100 with the encryption key generated by the specific terminal 10. It can be used as an encryption key for data encryption and decryption during data transmission and reception.

For example, the service providing apparatus 100 may encrypt an encryption key generated corresponding to the specific terminal 10 with the corresponding encryption key and transmit the encrypted key to the specific terminal 10, and the specific terminal 10 transmits the service. After decrypting the encrypted encryption key received from the providing device 100 with the encryption key generated by the specific terminal 10 and compares with the encryption key generated by the specific terminal 10 to determine if the verification is complete. Can be.

In addition, the specific terminal 10 may transmit verification completion-related completion information to the service providing apparatus 100 when the verification is completed, and the service providing apparatus 100 may receive the completion information when the specific terminal 10 is received. The encryption key generated corresponding to may be used as an encryption key for section encryption of the communication session.

Accordingly, the service providing apparatus 100 may encrypt and transmit the transmission data transmitted to the specific terminal 10 as an encryption key generated corresponding to the specific terminal 10, and the specific terminal 10 may be The transmission data encrypted by the encryption key from the service providing apparatus 100 may be decrypted by the encryption key generated by the specific terminal 10 (S6).

In addition, the specific terminal 10 may also encrypt and transmit data to be transmitted to the service providing apparatus 100 with the same encryption key generated by the service providing apparatus 100 corresponding to the specific terminal 10. The service providing apparatus 100 may decrypt the received data encrypted with the encryption key received from the specific terminal 10 with an encryption key generated corresponding to the specific terminal 10.

In this case, the service providing apparatus 100 and the specific terminal 10 may encrypt or decrypt data with the encryption key using a Lightweight Encryption Algorithm (LEA) algorithm, and the LEA algorithm may be based on 128 bits.

In addition, the service providing apparatus and the specific terminal may encrypt and decrypt data with the encryption key by selectively using various symmetric encryption algorithms such as AES (Advanced Encryption Standard) -256, ARIA, as well as the LEA algorithm.

In addition, the identification information (or terminal identification information) of the terminal described in the present invention may include an IP, MAC address, serial number, and the like.

As described above, the present invention is generated based on the time error generated during the time synchronization process with the terminal for the security of the communication session between the service providing device and the terminal and the encryption key related information of the other terminal stored in the block chain. By combining the hashes generated by the hash algorithm to generate the encryption key of the terminal as a hash by generating a symmetric encryption key that is not inductive and highly secure, and based on this to support the encryption of data transmitted and received through the communication session, It is designed to provide a lightweight security method using a highly secured symmetric encryption key to secure the security of the communication session with the terminal, as well as to reduce the processing load of the terminal in connection with security, so that the terminal is a low performance device. Easily applicable even if configured, while at the same time It can guarantee the security and reliability.

Meanwhile, the apparatus 100 for providing a service may prevent forgery of the encryption key through a blockchain, and is generated immediately before a new block generated in association with the encryption key when the encryption key is generated, and is connected with the new block. By using the key block hash (key block hash value) of the existing key block included in the previous block to be connected to the encryption key generation, the security can be improved, which will be described in detail with reference to FIG. 4.

First, the blockchain described in the present invention is an algorithm that configures a plurality of transaction information into blocks and manages security information by connecting several blocks as a chain using a hash.

In addition, a transaction described in the present invention may mean transaction information, and the transaction information may include one or more arithmetic functions and data necessary to perform a unit operation or a unit transaction.

According to the above configuration, the service providing apparatus 100 may generate one or more transactions in association with the encryption key of the specific terminal 10.

For example, the apparatus 100 for providing a service may include a time error related error coefficient generated when time synchronization of the specific terminal 10 is performed and data and commands transmitted and received with the specific terminal 10 to perform the time synchronization. It may create a first transaction comprising.

In addition, the service providing device 100 is pre-stored in the shared ledger for the block chain, the service providing device 100 is a connection target to a new block associated with the generation of the encryption key corresponding to the specific terminal (10). The existing keyblock hash value, the error coefficient and the random number value, and the random number value for setting an existing keyblock hash value included in the previous block and the random coefficient obtained by applying the error coefficient to a preset hash algorithm as an encryption key are encrypted keys. The second transaction may include a command for setting and the like.

As such, the service providing apparatus 100 may generate first and second transactions related to encryption key generation of the specific terminal 10.

In addition, the service providing apparatus 100 may transmit and receive data (eg, image data) to and from another terminal other than the specific terminal 10 during a generation period of a new block generated in association with an encryption key of the specific terminal 10. A transaction can be generated in association with the C), and a transaction generated according to data transmission / reception with the other terminal can be included in the new block.

In addition, the service providing apparatus 100 applies a plurality of transactions including the first and second transactions generated during the generation period of the new block to the preset hash algorithm, respectively, to correspond to a plurality of transactions. Generate a hash value of the root block and apply a plurality of hash values to the hash algorithm according to a predetermined binary tree (or merkle tree) structure according to a generation order for each transaction, and then apply a root hash value corresponding to the new block. Can be generated.

That is, the service providing apparatus 100 is associated with at least one transaction generated in association with an encryption key of the specific terminal 10 and data transmitted and received according to communication with at least one other terminal during the generation period of the new block. A root hash value for determining whether the new block is forged may be generated based on a hash value for each of the generated one or more transactions.

In addition, the service providing apparatus 100 generates a block hash value for connecting the new block to the previous block based on the block hash value of the previous block and the root hash value, and includes the block hash value in the new block. A block may be registered and stored in the shared ledger to be connected to the previous block.

Through this, one root hash value must exist in one block, and if one of the information included in the block is forged, the hash value and all upper hash values are changed so that the root hash value is changed. Therefore, if you compare only the root hash value of a block, you can immediately check whether the data has been forged even if you do not compare the hashes below.

In addition, the service providing apparatus 100 combines a date and time of creation of a new block, a version, bits, a root hash value, a block hash value of a previous block, a temporary value called a nonce, and the like as a hash. A block hash value of the new block may be generated by converting, and after generating a new block including the block hash value of the new block, the new block is connected to the previous block just before the generation of the new block like a chain. Can be stored in the shared ledger.

In the above-described configuration, the service providing apparatus 100 may apply only the hash value obtained by applying each of the plurality of transactions corresponding to the new block to a preset hash algorithm to include in the new block. Transaction information may be stored in the DB included in the service providing apparatus 100.

For example, the service providing apparatus 100 may store corresponding image data in a DB when receiving image data from a terminal configured as a camera, and apply the hash value obtained by applying a transaction generated in relation to the image data to a hash algorithm. Can be included in a new block.

On the other hand, through the above-described block chain configuration, the service providing apparatus 100 can determine whether the forgery for the transaction, but even if the forgery for the encryption key occurs, it is tied to one operation called a transaction corresponding to the transaction Since the hash value is changed, it is difficult to determine whether a forgery occurs in the encryption key itself or whether a forgery occurs in the encryption key generation process.

To solve this problem, the service providing apparatus 100 may generate a separate key block and include it in the new block.

In detail, the service providing apparatus 100 may generate a new block connected to the previous block based on one or more transactions generated in association with the encryption key of the specific terminal 10.

In addition, the service providing apparatus 100 is another terminal included in the previous block that is connected to the new block in the shared ledger during the generation period of the new block generated in association with generating the encryption key of the specific terminal 10. An existing key block hash value, which is a hash value related to an existing key block for use in generating an encryption key of the specific terminal 10, may be extracted from an existing key block corresponding to an encryption key of the other terminal.

In this case, the existing key block corresponding to the other terminal is a hash value (key block hash value) included in another key block used for generating another encryption key of the other terminal, terminal identification information of the other terminal, and the existing It may include a generation time (or generation date and time) of the key block, another encryption key corresponding to the other terminal, and an existing key block hash value related to the existing key block.

The existing key block hash value may include a hash value included in another key block used for generating another encryption key of another terminal, terminal identification information of the other terminal, and another encryption key corresponding to the other terminal. The other encryption key related information and the generation time of the existing key block can be obtained by applying the hash algorithm.

In this case, the generation time of the existing key block may be information included in the other encryption key related information without being configured separately from the other encryption key related information.

In addition, the generation time of the existing key block included in the existing key block may be replaced by a time error related error coefficient measured according to the synchronization protocol between the other terminal and the service providing apparatus 100.

Accordingly, the service providing apparatus 100 extracts an existing keyblock hash value related to the existing keyblock from the existing keyblock and then synchronizes the existing keyblock hash value related to the existing keyblock and the synchronization with the specific terminal 10. A random number value, which is a hash value calculated by applying the error coefficient obtained through the time synchronization process according to the preset hash algorithm, may be generated as an encryption key for the specific terminal 10.

In addition, the service providing apparatus 100 corresponds to the specific terminal 10 and the existing key block hash value and the specific terminal 10 used for generating an encryption key for the specific terminal 10 when generating an encryption key. The new key including the generation time (or creation date and time) of the new key block including (stored) the encryption key-related information including the identification information and the encryption key associated with the specific terminal 10, and the encryption key-related information. The specific terminal 10 may be generated by applying a generation time (or generation date and time) and the encryption key related information of the new key block stored in the new key block (included) to the preset hash algorithm. A new keyblock hash value related to a new keyblock corresponding to may be generated.

In addition, the service providing apparatus 100 may include the new keyblock hash value in the new keyblock or set the keyblock hash value of the new keyblock.

Accordingly, the service providing apparatus 100 generates an encryption key corresponding to the specific terminal 10, the existing key block hash value, terminal identification information of the specific terminal 10, and generation of the new key block. A new key block including a time (or creation date and time) and the new key block hash value may be generated corresponding to the new block, and after the new key block is included in the new block, the new block is added to the shared ledger. When stored, the new keyblock can be stored in the shared ledger together with the new block.

In this case, the service providing apparatus 100, when generating (calculating) the new key block hash value, substitutes a time error related error coefficient obtained through time synchronization with the specific terminal 10 to the hash algorithm instead of the generation time of the new key block. In addition, the new keyblock hash value may be generated, or a new keyblock including a time error related error coefficient of the specific terminal 10 may be generated instead of the generation time of the new keyblock.

In addition, the generation time of the new key block may be information included in the encryption key related information without being configured separately from the encryption key related information.

Through the above-described configuration, the service providing apparatus 100 may generate a new key block in association with an encryption key of the specific terminal 10 during the generation period of the new block, and encrypt the specific terminal 10. Generate a keyblock hash value for determining whether a forgery of the new keyblock associated with the specific terminal 10 is forged based on the information related to the key, and include the hash in the new keyblock as a separate block in the new block. May be included in the new block and stored in the shared ledger.

In this case, the service providing apparatus 100 includes the existing keyblock hash value of the existing keyblock used for generating the encryption key of the specific terminal 10 in the new keyblock to check whether the new keyblock is forged or not. By using to generate a new key block hash value for the new key block generated in association with the new key block generated in association with the encryption key of the specific terminal 10 stored in the shared ledger new key block included in the new block And existing key blocks included in the previous block may be connected like a chain through the existing key block hash value and the new key block hash value.

That is, the service providing apparatus 100 may generate a separate key block for each encryption key generated for each terminal in addition to connecting blocks related to a transaction like a chain in a shared ledger, and then connect the key blocks with each other in a shared ledger like a mutual chain. have.

Accordingly, when the service providing apparatus 100 forgeries encryption key related information including an encryption key included in a specific key block, the specific key block as well as a key block hash value for determining whether the specific key block is forged or not. Since the keyblock hash value is changed for each keyblock to be linked, one or more keyblocks whose hash value is changed can be easily detected to detect forgery and alteration of the specific keyblock.

That is, the present invention uses a block chain to check forgery and alteration of the encryption key, in addition to the block generated based on the transaction generated in the encryption key generation process, the information corresponding to the encryption key and the information used in the encryption key generation process By using the identification information of the terminal and the encryption key to generate a separate key block for forgery verification of the encryption key-related information distinguished from the block, and stored in the shared ledger so that they are connected like a chain between different key blocks as well as the encryption key Rather, it is possible to easily detect the forgery of the encryption key related information, thereby increasing the security of the encryption key used for encryption of the communication session.

Meanwhile, in the above-described configuration, the service providing apparatus 100 may generate and store an encryption key for the specific terminal 10 and then delete and discard the previously stored encryption key when the encryption key needs to be changed. .

In addition, the service providing apparatus 100 may transmit update request information for changing (or updating) the encryption key to the specific terminal 10, and the specific terminal 10 may receive the update request information when receiving the update request information. The generated and stored encryption key can be deleted and discarded.

In addition, the apparatus 100 for providing a service may add encryption key related revocation information to be discarded from a specific key block generated at the time of revocation of the encryption key to the specific key block, and add the specific key block including the revocation information to the specific key block. It can be registered and saved in the shared ledger.

In this case, the service providing apparatus 100, when calculating the key block hash value of the specific key block in which the discard information is stored (included), the key block before the specific key block included in the specific key block. The hash algorithm together with a keyblock hash value for the at least one terminal-specific identification information corresponding to the specific keyblock, at least one new encryption key corresponding to the specific keyblock, and a generation time of the specific keyblock. A keyblock hash value of the specific keyblock may be calculated to be applied to, and the keyblock hash value reflecting the discard information may be included or set in the specific keyblock.

In addition, the apparatus 100 for providing a service uses a key block hash value of a specific key block reflecting the discarding information when generating an encryption key corresponding to a next key block generated after the specific key block, and the next key block. By using the keyblock hash value of the specific keyblock when calculating the keyblock hash value of the forgery, the forgery of the discard information stored in the shared ledger can also be detected, thereby preventing security from using the discarded encryption key. .

In addition, the service providing apparatus 100 measures a time error through the time synchronization with respect to the specific terminal 10 in which the encryption key is discarded, and then uses the above-described encryption key generation process to the specific terminal 10. A new encryption key may be generated and stored, and a key block corresponding to the new encryption key may be generated and stored in the shared ledger.

5 is a detailed block diagram of the service providing apparatus 100 according to the above-described configuration.

The apparatus 100 for providing a service may include a synchronization unit 110, an encryption key generator 120, an encryption / decryption unit 130, and a blockchain manager 140.

The synchronization unit 110 may perform time synchronization with a specific terminal 10 according to a preset synchronization protocol.

In addition, the encryption key generation unit 120 is a previous block that is connected to the new block associated with the encryption key of the specific terminal 10 in a pre-stored shared ledger used in the block chain for generating the encryption key of the specific terminal 10. And a hash value used to generate the other encryption key related to the other terminal and the identification information of the other terminal in a hash algorithm preset in the existing key block in which the other encryption key related information of the other terminal is stored in the previous block. Extracting an existing keyblock hash value obtained by applying the other encryption key related information including the other encryption key related to the other terminal and the generation time of the existing keyblock, and measuring the specific terminal 10 measured through the time synchronization An error coefficient according to a time error of and the existing keyblock hash value to the specific terminal 10 by applying a preset hash algorithm. It can generate an encryption key.

In addition, the encryption key generation unit 120 may transmit the hash value to the specific terminal 10 so that the specific terminal 10 generates the encryption key.

Meanwhile, the encryption / decryption unit 130 encrypts and transmits the transmission data with the encryption key to the specific terminal 10 that has generated the encryption key, or the received data encrypted with the encryption key received from the specific terminal 10. Can be decrypted with the encryption key.

In addition, the blockchain management unit 140 manages the above-described blockchain and a shared ledger is set in advance, in association with the encryption key generation unit 120 in association with the encryption key of the specific terminal 10 the new block. And generate a keyblock and store it in the shared ledger.

For example, the blockchain manager 140 may generate a new block connected to the previous block based on one or more transactions generated in association with the encryption key of the specific terminal 10, and when the new block is generated or the When generating an encryption key of a specific terminal 10, the existing key block hash value used to generate an encryption key for the specific terminal 10, identification information of the specific terminal 10 and the encryption key associated with the specific terminal 10 Generating a new key block including a generation time of a new key block including (stored) the encryption key related information including a new key block hash value obtained by applying the encryption key related information to the hash algorithm; After the new block is included in the new block so that the existing key block corresponding to the existing key block hash value included in the previous block and the new key block are interconnected. A rule block may be registered in the shared ledger.

At this time, the synchronization unit 110, encryption key generation unit 120, encryption and decryption unit 130 and block chain management unit 140 may be included in one control unit, the control unit is a service providing apparatus 100 It can be configured to perform the overall control function of.

The controller may include a RAM, a ROM, a CPU, a GPU, and a bus, and the RAM, a ROM, a CPU, a GPU, and the like may be connected to each other through a bus. The CPU may access the storage unit to perform booting using a pre-stored operating system (O / S), and the service providing apparatus 100 described in the present invention using various prestored programs, contents, and data. Various operations can be performed.

6 to 9 are exemplary diagrams of an algorithm related to a security service providing method for supporting a lightweight security scheme set in the service providing apparatus 100 and a specific terminal 10 according to an exemplary embodiment of the present invention.

First, as shown in FIG. 6, the service providing apparatus 100 may calculate a time-defference _new when compared to a reference time when attempting time synchronization in correspondence with a specific terminal 10.

In addition, the apparatus 100 for providing a service is included in a previous block which is to be connected with a new block for generating an encryption key of the specific terminal 10 in a pre-stored shared ledger and is a key block of an existing key block associated with an encryption key of another terminal. The hash value can be extracted, the existing keyblock hash value and time-defference _new are combined, hashed using a preset hash algorithm, and a first random-value hash value (40 bytes) can be calculated. .

Next, the service providing apparatus 100 combines the first random number hash with a predetermined magic-number and applies the hash algorithm to the hash algorithm to hash the second random number hash value (symmetric-key _new , 40 bytes). One symmetric encryption key can be generated.

In addition, the service providing apparatus 100 generates a new block corresponding to the encryption key, generates a new key block related to the encryption key generated corresponding to the specific terminal 10 and includes the new block in the new block. Can be stored in the shared ledger.

In this way, the apparatus 100 for providing a service generates the block hash value of the new block based on the block hash value of the previous block, stores the new block and the previous block as a chain, and stores the new key block. The key block hash value of the key block may be generated using the key block hash value of the existing key block included in the previous block, and then the new key block and the existing key block may be connected and stored as a chain to ensure security of the encryption key. have.

In addition, as shown in FIG. 7, since the encryption key generated corresponding to the specific terminal 10 is formed of a symmetric key, the same key must be used between the service providing apparatus 100 and the specific terminal 10. ,

Therefore, it is necessary to verify once again whether the key newly generated by the service providing device 100 and shared by the service providing device 100 is a key generated by the same terminal 10.

In this case, since only the service providing apparatus 100 may know the existing key block hash value among the elements necessary for calculating the first random random hash value (primary random number value), the specific terminal 10 may include a service providing apparatus ( BC server 100 requests and receives the existing key block hash value, and the time-difference _stored that the specific terminal 10 already knows and the existing key block received from the service providing apparatus 100. The same encryption key generation process as the service providing apparatus 100 is performed by combining a hash value (keymap-hash ₋₁ ), and finally two hashed encryption key values (symmetric-key _{new and} symmetric-key _calc ) You can verify by comparing the same.

If the service providing device 100 and the specific terminal 10 are not included in the same system, they have different setting values, and thus the two encryption key values do not always match.

In addition, as shown in FIG. 8, data to be transmitted / received may be encrypted using a shared encryption key generated through the above-described process.

Since various low-performance devices are connected to the service providing device 100, a LEA 128bit block encryption algorithm showing strong performance and security among the lightweight encryption algorithms can be used to facilitate encryption / decryption even with low computing power. do.

The sender of the service providing apparatus 100 and the specific terminal 10 may encrypt the plain-data data to be transmitted for encryption using the shared algorithm using the LEA algorithm.

In addition, as shown in FIG. 9, the receiving side of the service providing apparatus 100 and the specific terminal 10 receives cipher-data data and checks whether there is no problem with the data, and the shared encryption key matched with the transmitting side. It can be decrypted using the LEA algorithm.

Based on the above-described configuration, a parking control system supporting a lightweight security method according to an embodiment of the present invention includes a plurality of terminals configured as proxy devices connected to each of a plurality of different equipment related to parking control or configured as modules therein. It may be configured to include a security service providing device and the proxy device for communicating with the service providing apparatus 100, a plurality of different in communication between the plurality of different terminals for communication between the plurality of equipment Supports encryption key exchange between terminals to support encryption and decryption of data transmitted / received between the plurality of different devices based on encryption keys generated for each of a plurality of different terminals, thereby providing a lightweight security scheme. To ensure the security of communication sessions between devices, As a result, the processing load of the equipment can be lowered, so that the equipment can be easily applied even when the equipment is configured as a low-performance device, and at the same time, it can ensure high security and reliability with respect to transmission / reception data. The configuration and operation example of the parking control system supporting the security method will be described in detail with reference to FIGS. 10 and 11.

In this case, the service providing apparatus 100 may be configured as a security server 100, which will be referred to as a security server 100 in the following description.

First, as shown in FIG. 10, the security server 100 may communicate with a proxy device configured for each server device and an end device (edge device) included in a plurality of parking control related equipment through a communication network.

That is, the security server 100 may communicate with a proxy device corresponding to the terminal described with reference to FIGS. 1 through 9 through a communication network, and may communicate with the plurality of devices through the plurality of proxy devices.

In more detail, the server device may be connected with a first proxy adapter for communication with the security server 100, and the first proxy device is configured as the specific terminal to connect with the security server 100. The encryption key generation process described above may be performed.

Accordingly, the security server 100 may generate a first encryption key for the first proxy device, and the first encryption key is included in a specific block of a shared ledger stored in the security server 100. It can be stored in a block.

In this case, the first proxy device may generate and store the first encryption key according to the above-described encryption key generation process.

In addition, the end device may be connected to a second proxy device for communication with the security server 100, the second proxy device is also configured as the specific terminal in place of the first proxy device is the security server 100 ) And the above-described encryption key generation process.

In this way, the security server 100 may generate a second encryption key for the second proxy device, and another block different from the specific block of the shared ledger stored in the security server 100. It can be stored in the key block included in the.

In this case, the second proxy device may generate and store the second encryption key according to the encryption key generation process described above.

That is, the security server 100 applies different encryption key generation procedures for the specific terminal to each of the first proxy device and the second proxy device, and thus different from each other for the first and second proxy devices. An encryption key can be generated and stored.

The first proxy device may generate and store a first encryption key that is the same as the first encryption key generated by the security server 100 for the first proxy device, and the second proxy device may store the security server. In operation 100, a second encryption key identical to the second encryption key generated for the second proxy device may be generated and stored.

In the above configuration, the first proxy device and the second proxy device may each be configured as separate devices independent of the server device and the end device.

In this case, the first proxy device may be directly connected to the server device through an Ethernet, and the server device may be connected to the server device, and the second proxy device may be directly connected to the end device through an Ethernet.

Alternatively, the first proxy apparatus may be configured as a module configured inside the server apparatus, and the second proxy apparatus may be configured as a module configured inside the termination apparatus.

In addition, the first proxy device and the second proxy device when configured as the module may be configured in the form of software that is executed in the server device or the end device rather than an independent device.

That is, the first proxy device and the second proxy device are the first proxy device and the second device without changing the server device and the terminal device when the server device and the terminal device are already installed configurations that constitute the parking control system. Each proxy device may be connected to a server device and an end device to configure the parking control system. When the server device and the end device are newly added to the parking control system, the proxy device may be an internal module of the server device and the end device. The first proxy device and the second proxy device can be configured.

According to the above configuration, the first proxy apparatus may receive transmission data generated by the server apparatus and transmitted to the outside from the server apparatus, and the transmission data of the server apparatus may be encrypted with the security server 100. The first encryption key generated through the generation process may be encrypted and transmitted through a communication network.

In addition, the first proxy device may decrypt the received data encrypted with the first encryption key and receive the first encryption key to the server device through a communication network, and transmit the decrypted data to the server device.

At this time, even when the first proxy apparatus is configured as the module inside the server apparatus, the first proxy apparatus encrypts the transmission data generated inside the server apparatus with the first encryption key and then configures the server apparatus. And transmit through a first communication unit communicating through the communication network, and decrypt the encrypted received data received through the first communication unit with the first encryption key and provide the same to the server device.

In addition, the second proxy device may receive transmission data generated by the terminal device and transmitted to the outside from the terminal device, and through the process of generating an encryption key with the security server 100. The second encryption key may be encrypted to transmit the generated encryption key.

In addition, the second proxy device may decrypt the received data encrypted with the second encryption key and receive the second encryption key to the terminal device through the communication network, and transmit the decrypted data to the terminal device.

In this case, even when the second proxy device is configured as the module inside the terminal device, the second proxy device encrypts the transmission data generated inside the terminal device with the second encryption key and then configures the terminal device. It can be transmitted through the second communication unit to communicate through the communication network, it is possible to decrypt the encrypted received data received through the second communication unit with the second encryption key to provide to the end device.

In addition, a control target device which communicates with the server device and is a control target of the server device may be included in the plurality of parking control related equipment.

In this case, the control target device may also be connected to the control target device or may be configured as a module inside the control target device, similarly to the server device and the end device.

The third proxy device may encrypt and transmit the transmission data transmitted from the control target device to the outside using a third encryption key generated through an encryption key generation process with the security server 100. When configured as a module, the transmission data generated in the control target device and encrypted by the third encryption key by the third proxy device may be transmitted to the outside through a third communication unit configured in the control target device.

The third proxy device may decrypt the encrypted received data received by the control device with the third encryption key and provide the decrypted data to the control device.

In this case, the parking control system may be configured to include a plurality of different control target devices, each of the plurality of different control target devices may be connected to a proxy device or may be configured as a module therein.

Accordingly, the proxy device for each control target device may generate and store a unique encryption key through the above-described encryption key generation process through communication with the security server 100, and through this, the proxy devices configured for each control target device may mutually Another encryption key may be generated and stored.

In addition, the security server 100 may generate and store the same encryption key as the encryption key stored for each proxy device.

According to the above-described configuration, the parking control system supporting the lightweight security method according to the embodiment of the present invention transmits and receives encrypted data based on the encryption key through the proxy device configured for each device between the equipment for parking control This function can be used to perform functions related to parking control, and can improve the security of communication sessions between devices as well as the high security of the encryption key generated based on a hash algorithm. It explains in detail.

As shown, the parking control system supporting a lightweight security method according to an embodiment of the present invention includes a plurality of equipment and security server 100 including a server device for controlling the parking, a control target device and a termination device. Can be configured.

At this time, the server device for parking control may be configured as a parking control server.

The control target device may be configured by any one of a vehicle number recognizer, an unmanned payment machine, and a breaker, or may include at least one of the vehicle number recognizer, an unmanned payment machine, and a breaker.

In addition, the parking control system may include a plurality of control target devices different from each other.

In this case, the vehicle number recognizer may generate a vehicle number related data by recognizing the number of the vehicle entering or leaving after parking, and transmitting the vehicle number related data to the parking control server.

In addition, the unmanned payment machine may perform the settlement for the parking fee and generate the settlement related data and transmit it to the parking control server.

In addition, the breaker may be configured to control the opening and closing rods installed in the parking lot entrance and the parking lot exit, it is possible to generate data about the state of the opening and closing rods to transmit to the parking control server.

The terminal device may include one of a CCTV camera, a parking guidance terminal, and a parking sensor, or may include at least one of the CCTV camera, a parking guidance terminal, and a parking sensor.

In addition, the parking control system may include a plurality of termination devices different from each other.

At this time, the CCTV camera may take an image of the monitoring target area related to the parking lot and transmit it to the parking control server, and the parking guidance terminal may be configured as a terminal for displaying a parking state of a parking area or for parking guidance and parking state and Status information related to the parking guide may be generated and transmitted to the parking control server.

The parking sensor may detect a vehicle parked in the parking area, generate sensing information related to whether the vehicle is parked in the parking area, and transmit the sensing information to the parking control server.

According to the above-described configuration, the parking control server performs a parking fee calculation with a vehicle number recognizer for recognizing a vehicle number based on data received from at least one of one or more CCTV cameras, one or more parking guidance terminals, and one or more parking sensors. Parking control may be performed by controlling at least one control target among an unmanned payment machine and a breaker for opening and closing the blocking rod.

In this case, the parking control server may control the control target device or the terminal device by transmitting control-related data to the control target device or the terminal device.

Meanwhile, an encryption key generated through the encryption key generation process corresponding to each of a plurality of devices including a parking control server, at least one control target device, and at least one end device, which constitutes a parking control system according to an embodiment of the present invention. Through the exchange, a proxy device that supports encryption using an encryption key for a communication session between devices may be configured inside the device or connected to the device, and may communicate with each other by communicating with each other through a communication network between the proxy devices. Can be.

First, the parking control server may designate a control target device or an end device as a communication target, and request the security server 100 to communicate with the communication target to the security server 100.

In this case, the terminal device or the control target device may request the communication with the corresponding communication target by designating the parking control server as the communication target to the security server 100.

Accordingly, when receiving the request information for the request, the security server 100 identifies at least two or more equipment corresponding to the request information among the parking control server, the control target device, and the terminal device based on the request information, Each of the identified devices may identify a proxy device configured as a module or connected to the device.

In addition, the security server 100 may be mediated to exchange the encryption key between the proxy devices identified in response to the request information, through which the encryption communication between the device for each proxy device corresponding to the request information In addition to performing the functions related to parking control can be performed.

As an example of an operation related to parking control through encryption communication using the encryption key, the security server 100 may include a first proxy device connected to the parking control server in response to the request information, and a second device connected to the end device. 2 Proxy device can be identified.

In addition, the security server 100 transmits a first encryption key stored in advance corresponding to the first proxy device identified according to the request to the second proxy device, and a second stored in advance corresponding to the second proxy device. The encryption key may be transmitted to the first proxy device so that a key exchange is performed between the first proxy device and the second proxy device.

In this case, the security server 100 may extract the first and second encryption keys from the shared ledger and transmit them to the first proxy device and the second proxy device.

The security server 100 may encrypt and transmit the second encryption key with the first encryption key of the first proxy device when transmitting the second encryption key of the second proxy device to the first proxy device. The first proxy device may decrypt and store the second encryption key encrypted with the first encryption key with the first encryption key stored in advance according to the above-described encryption key generation process with the security server 100.

The security server 100 may encrypt and transmit the first encryption key with the second encryption key of the second proxy device when transmitting the first encryption key of the first proxy device to the second proxy device. The second proxy apparatus may decrypt and store the first encryption key encrypted with the second encryption key with a second encryption key stored in advance according to the above-described encryption key generation process with the security server 100.

Accordingly, the first proxy device stores the second encryption key of the second proxy device received from the security server 100, and the second proxy device receives the first encryption key received from the security server 100. The first encryption key of the proxy device may be stored.

In addition, the first proxy device connected to the parking control server or configured as a module inside the corresponding parking control server may receive transmission data generated by the parking control server and transmitted to the terminal device from the parking control server. After encrypting with any one of the first and second encryption key may be transmitted to the end device through a communication network.

Accordingly, the second proxy device configured or connected to the terminal device encrypts transmission data transmitted from the parking control server to the terminal device configured or connected to the second proxy device through communication with the first proxy device. And the second proxy apparatus may decrypt the encrypted transmission data with any one of the first and second encryption keys, and then transmit the encrypted transmission data to the end device corresponding to the destination of the transmission data. .

In this way, the terminal apparatus may receive the decoded transmission data of the parking control server, perform a specific function or change an operation, or transmit an image to the parking control server based on the transmission data.

In addition, the second proxy device may encrypt the transmission data composed of any one of the image, the state information or the sensing information generated by the end device with any one of the first and second encryption key to transmit to the parking control server. The first proxy device connected to the parking control server or configured as a module therein decrypts the transmission data of the encrypted terminal device received from the second proxy device with any one of the first and second encryption keys, and then parks the parking. Can be provided to the control server.

Accordingly, the parking control server detects the parking status based on the transmission data of the terminal device, and controls to control the control target device including any one of the vehicle number recognizer, the unmanned payer, and the breaker based on the parking status. Information can be generated and transmitted.

On the other hand, as another example of the parking control-related operation through the encryption communication using the encryption key, the first proxy device is configured as any one of the plurality of terminals and the encryption key through communication with the security server 100 The first encryption key may be generated according to the generation process, and may be connected to a parking control server for parking control or configured as a module inside the parking control server.

In addition, the second proxy device is configured as another one of the plurality of terminals to generate a second encryption key according to the encryption key generation process through communication with the security server 100, CCTV camera or parking guidance terminal and It may be connected to an end device constituted by any one of the parking sensors or may be configured as a module inside the end device.

In addition, the third proxy device is configured to another one of the plurality of terminals to generate a third encryption key according to the encryption key generation process through communication with the security server 100, the vehicle number recognizer, unmanned payment and breaker It may be connected to the control target device constituted by any one of them or may be configured as a module inside the control target device.

In addition, the security server 100 is connected to or configured in the other proxy device which is any one other than the specific proxy device of the first to third proxy device from the specific proxy device of the first to third proxy device is connected or configured therein. When receiving a communication request with a target, a specific encryption key corresponding to the specific proxy device among the first to third encryption keys may be transmitted to the other proxy device.

Further, the security server 100 may transmit another encryption key corresponding to the other proxy device among the first to third encryption keys to the specific proxy device.

In this way, data transmitted and received between the parking control server, the terminal device, and the control target device may be encrypted and transmitted by any one of the first to third encryption keys by any one of the first to third proxy devices. The apparatus may perform an operation and a function related to parking control by performing encryption communication based on an encryption key between the parking control server, the terminal device, and the control target device.

In this case, the parking control server may communicate with a plurality of different control target devices, and a proxy device may be configured for each of a plurality of different control target devices.

Accordingly, a parking control related function may be performed between the parking control server and the plurality of different control target devices through communication between the plurality of different control target device proxy devices and the first proxy device of the parking control server. Can be.

For example, the first proxy device of the parking control server controls the vehicle number recognizer after exchanging the encryption key as described above with the plurality of different proxy devices for the control target device through the security server 100. When encrypted data related to the vehicle number of a specific vehicle is received from the proxy device of the target device, the encrypted data may be decrypted and provided to the parking control server.

In addition, when the first proxy device receives data encrypted with an encryption key related to the request for settlement of the specific vehicle from a control target device configured as an unmanned payment machine, the first proxy device may decrypt the data and provide the same to the parking control server. When the settlement fee related data generated based on the vehicle number and the parking time of the specific vehicle is received, the settlement fee related data may be encrypted with an encryption key and transmitted to the proxy device of the control target device configured as the unmanned payment machine.

Accordingly, the proxy device of the control target device configured as the unmanned payment device may decrypt the encrypted settlement fee related data received from the first proxy device and provide it to the unmanned payment device, and the unmanned payment device displays data related to the payment fee And the settlement process.

On the other hand, the security server 100 is an encryption key (for example, the second proxy device) of the other proxy device (for example, the second proxy device) to a specific proxy device (for example, the first proxy device) according to the communication request according to the request information At least one transaction for the encryption key exchange process when an encryption key exchange process is performed to transmit an encryption key (eg, a first encryption key) of the specific proxy device to the other proxy device. It may be generated, and the block containing the transaction can be generated and stored in the shared ledger.

Alternatively, the security server 100 may add encryption key exchange information related to a plurality of encryption keys to be exchanged to a specific key block generated at the time of exchange of the encryption key, and the specific key block including the encryption key exchange information may be added. It can be registered and stored in the shared ledger.

In this case, the security server 100 transfers the encryption key exchange information to the specific key block when calculating the key block hash value of the specific key block in which the encryption key exchange information is stored (included). A key block hash value for a key block of < RTI ID = 0.0 >, < / RTI > identification information for each terminal (proxy device) corresponding to the specific key block, a plurality of different encryption targets corresponding to the specific key block, and generation of the specific key block. The keyblock hash value of the specific keyblock may be calculated by applying the hash algorithm with time, and the keyblock hash value reflecting the encryption key exchange information may be included or set in the specific keyblock.

In addition, the security server 100 uses a key block hash value of a specific key block in which encryption key exchange information is reflected when generating an encryption key corresponding to a next key block generated after the specific key block, and the next key block. By using the key block hash value of the specific key block when calculating the key block hash value of the forgery, the forgery of the encryption key exchange information stored in the shared ledger can also be detected. Security can be increased by helping to detect illegal takeovers.

As described above, the present invention configures a proxy device for generating an encryption key through communication with the security server 100 for each of a plurality of equipment related to parking control, and the security server 100 is connected with the proxy device. It is possible to generate a different unique encryption key for each of the devices through the communication, and when the communication between the devices to support the mutual exchange of the encryption key between the proxy devices to be transmitted and received between the devices through the proxy device By supporting encryption using the encryption key for parking control-related data, it ensures end-to-end encryption through a highly secure encryption key and stores the exchange process of the encryption key on a blockchain basis to manage the encryption key. Highly reliable and secure parking as well as increased security and convenience Support can be made for control.

Various devices and components described herein may be implemented by hardware circuitry (eg, CMOS based logic circuitry), firmware, software, or a combination thereof. For example, it may be implemented using transistors, logic gates, and electronic circuits in the form of various electrical structures.

The above description may be modified and modified by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are not intended to limit the technical idea of the present invention but to describe the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The protection scope of the present invention should be interpreted by the following claims, and all technical ideas within the equivalent scope should be interpreted as being included in the scope of the present invention.

10: terminal 100: security service providing apparatus, security server
110: synchronization unit 120: encryption key generation unit
130: encryption and decryption unit 140: blockchain management unit

Claims (8)

It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through Group existing key block by applying the hash value to a predetermined hash algorithm to generate an encryption key for the particular terminal and the security server to send the conventional block key hash value to generate the same encryption key in the specific terminal; And
The encryption terminal is configured as the specific terminal and generates the encryption key by applying an error coefficient according to time synchronization with the security server and the existing keyblock hash value received from the security server to a preset hash algorithm, and generating at least one CCTV camera. At least one control target among a vehicle number recognizer for recognizing a vehicle number based on data received from at least one of the one or more parking guidance terminals and one or more parking sensors, an unmanned payer for performing parking fee settlement, and a breaker for opening and closing the blocking rod. The control unit may be connected to a parking control server for controlling and controlling a parking control or configured as a module in the parking control server to encrypt and transmit the transmission data generated by the parking control server with the encryption key or be received by the parking control server. Receive encrypted with encryption key Proxy device for decrypting data with the encryption key
Parking control system that supports a lightweight security method including a.
It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through An encryption key for the specific terminal is generated by applying an existing key block hash value to a preset hash algorithm, and transmitting the existing key block hash value to generate the same encryption key in the specific terminal. A security server for applying a key generation process to each of the plurality of terminals to generate different encryption keys from the plurality of terminals, and generating and storing the same encryption key generated in each of the plurality of terminals;
Is configured as any one of the plurality of terminals and generates a first encryption key according to the encryption key generation process through communication with the security server, connected to the parking control server for parking control or inside the parking control server A first proxy device configured as a module; And
An end device configured as another one of the plurality of terminals and generating a second encryption key according to the encryption key generation process through communication with the security server, and configured as any one of a CCTV camera, a parking guidance terminal, and a parking sensor; A second proxy device connected or configured as a module inside the termination device
Including,
The security server transmits the first encryption key to the second proxy device when a communication request is received from one of the first and second proxy devices with a communication target to which the other of the first and second proxy devices is connected. And transmitting the second encryption key to the first proxy device so that data transmitted and received between the parking control server and the terminal device is encrypted by either one of the first and second proxy devices. Parking control system that supports a lightweight security method characterized in that the encryption to any one of the keys.
It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through An encryption key for the specific terminal is generated by applying an existing key block hash value to a preset hash algorithm, and transmitting the existing key block hash value to generate the same encryption key in the specific terminal. A security server for applying a key generation process to each of the plurality of terminals to generate different encryption keys from the plurality of terminals, and generating and storing the same encryption key generated in each of the plurality of terminals;
Is configured as any one of the plurality of terminals and generates a first encryption key according to the encryption key generation process through communication with the security server, connected to the parking control server for parking control or inside the parking control server A first proxy device configured as a module; And
An end device configured as another one of the plurality of terminals and generating a second encryption key according to the encryption key generation process through communication with the security server, and configured as any one of a CCTV camera, a parking guidance terminal, and a parking sensor; A second proxy device connected or configured as a module inside the termination device
Including,
The security server transmits the first encryption key to the second proxy device when a communication request is received from one of the first and second proxy devices with a communication target to which the other of the first and second proxy devices is connected. And transmitting the second encryption key to the first proxy device so that data transmitted and received between the parking control server and the terminal device is encrypted by either one of the first and second proxy devices. To be encrypted with either key,
The security server generates a transaction for the transmission and reception process of the first and second encryption keys, and generates a block containing the transaction and stores in the shared ledger, the parking control to support the lightweight security method system.
It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through An encryption key for the specific terminal is generated by applying an existing key block hash value to a preset hash algorithm, and transmitting the existing key block hash value to generate the same encryption key in the specific terminal. A security server for applying a key generation process to each of the plurality of terminals to generate different encryption keys from the plurality of terminals, and generating and storing the same encryption key generated in each of the plurality of terminals;
Is configured as any one of the plurality of terminals and generates a first encryption key according to the encryption key generation process through communication with the security server, connected to the parking control server for parking control or inside the parking control server A first proxy device configured as a module; And
An end device configured as another one of the plurality of terminals and generating a second encryption key according to the encryption key generation process through communication with the security server, and configured as any one of a CCTV camera, a parking guidance terminal, and a parking sensor; A second proxy device connected or configured as a module inside the termination device
Including,
The security server transmits the first encryption key to the second proxy device when a communication request is received from one of the first and second proxy devices with a communication target to which the other of the first and second proxy devices is connected. And transmitting the second encryption key to the first proxy device so that data transmitted and received between the parking control server and the terminal device is encrypted by either one of the first and second proxy devices. To be encrypted with either key,
The security server encrypts and transmits the second encryption key with the first encryption key when transmitting the second encryption key to the first proxy device, and transmits the second encryption key with the second encryption key when transmitting the first encryption key to the second proxy device. Encrypting and transmitting the first encryption key,
The first proxy device decrypts the encrypted second encryption key with the first encryption key, and the second proxy device decrypts the encrypted first encryption key with the second encryption key. Parking control system to support the system.
It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through An encryption key for the specific terminal is generated by applying an existing key block hash value to a preset hash algorithm, and transmitting the existing key block hash value to generate the same encryption key in the specific terminal. A security server for applying a key generation process to each of the plurality of terminals to generate different encryption keys from the plurality of terminals, and generating and storing the same encryption key generated in each of the plurality of terminals;
Is configured as any one of the plurality of terminals and generates a first encryption key according to the encryption key generation process through communication with the security server, connected to the parking control server for parking control or inside the parking control server A first proxy device configured as a module; And
An end device configured as another one of the plurality of terminals and generating a second encryption key according to the encryption key generation process through communication with the security server, and configured as any one of a CCTV camera, a parking guidance terminal, and a parking sensor; A second proxy device connected or configured as a module inside the termination device
Including,
The security server transmits the first encryption key to the second proxy device when a communication request is received from one of the first and second proxy devices with a communication target to which the other of the first and second proxy devices is connected. And transmitting the second encryption key to the first proxy device so that data transmitted and received between the parking control server and the terminal device is encrypted by either one of the first and second proxy devices. To be encrypted with either key,
The second proxy apparatus encrypts the transmission data including any one of the image generated by the CCTV camera, the state information of the parking guidance terminal or the sensing information of the parking sensor with any one of the first and second encryption keys. Parking control system that supports a lightweight security method characterized in that the transmission to the first proxy device.
It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through An encryption key for the specific terminal is generated by applying an existing key block hash value to a preset hash algorithm, and transmitting the existing key block hash value to generate the same encryption key in the specific terminal. A security server for applying a key generation process to each of the plurality of terminals to generate different encryption keys from the plurality of terminals, and generating and storing the same encryption key generated in each of the plurality of terminals;
Is configured as any one of the plurality of terminals and generates a first encryption key according to the encryption key generation process through communication with the security server, connected to the parking control server for parking control or inside the parking control server A first proxy device configured as a module;
An end device configured as another one of the plurality of terminals and generating a second encryption key according to the encryption key generation process through communication with the security server, and configured as any one of a CCTV camera, a parking guidance terminal, and a parking sensor; A second proxy device coupled or configured as a module inside the termination device; And
A control target device which is configured as another one of the plurality of terminals and generates a third encryption key according to the encryption key generation process through communication with the security server, and comprises one of a vehicle number recognizer, an unmanned payer and a breaker; A third proxy device connected or configured as a module inside the controlled device;
Including,
The security server requests a communication from a specific proxy device of the first to third proxy devices to another communication device, which is any one except the specific proxy device of the first to third proxy devices, or to a communication target configured therein. Upon reception, transmits a specific encryption key corresponding to the specific proxy device among the first to third encryption keys to the other proxy device, and receives another encryption key corresponding to the other proxy device among the first to third encryption keys. Any one of the first to third encryption keys may be transmitted to the specific proxy device so that data transmitted / received between the parking control server, the terminal device, and the control device is transmitted by any one of the first to third proxy devices. Parking control system supporting lightweight security method characterized by being encrypted as one .
It communicates with a plurality of different terminals through a communication network and performs time synchronization with a specific terminal according to a preset synchronization protocol, and encrypts the specific terminal in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal. Identifying a new block associated with a key and a previous block to be connected, and used to generate another encryption key related to another terminal in a hash algorithm preset in an existing key block that is included in the previous block and stores other encryption key related information of another terminal. Extracting an existing keyblock hash value obtained by applying a hash value, identification information of the other terminal, the other encryption key related information including the other encryption key related to the other terminal, and the generation time of the existing keyblock, and synchronizing the time An error coefficient according to a time error with the specific terminal measured through An encryption key for the specific terminal is generated by applying an existing key block hash value to a preset hash algorithm, and transmitting the existing key block hash value to generate the same encryption key in the specific terminal. A security server for applying a key generation process to each of the plurality of terminals to generate different encryption keys from the plurality of terminals, and generating and storing the same encryption key generated in each of the plurality of terminals;
A parking control server for parking control including a first proxy device configured as one of the plurality of terminals to generate a first encryption key according to the encryption key generation process through communication with the security server;
A second encryption device according to the encryption key generation process through communication with the security server, including a second proxy device configured as another one of the plurality of terminals, and among a CCTV camera or a parking guidance terminal and a parking sensor. An end device comprising at least one; And
A third proxy device including a third proxy device configured as another one of the plurality of terminals to generate a third encryption key according to the encryption key generation process through communication with the security server, wherein at least one of a vehicle number recognizer, an unmanned payer, and a blocker; Device to be controlled, including one
Including,
The security server requests a communication from a specific proxy device of the first to third proxy devices to another communication device, which is any one except the specific proxy device of the first to third proxy devices, or to a communication target configured therein. Upon reception, transmits a specific encryption key corresponding to the specific proxy device among the first to third encryption keys to the other proxy device, and receives another encryption key corresponding to the other proxy device among the first to third encryption keys. Any one of the first to third encryption keys may be transmitted to the specific proxy device so that data transmitted / received between the parking control server, the terminal device, and the control device is transmitted by any one of the first to third proxy devices. Parking control system supporting lightweight security method characterized by being encrypted as one .
In the parking control method of the parking control system including a security server and a proxy device,
The security server performing time synchronization with a specific terminal according to a preset synchronization protocol;
Identifying, by the security server, a new block associated with an encryption key of the specific terminal and a previous block to be connected in a pre-stored shared ledger used in the blockchain for generating an encryption key of the specific terminal;
The hash is used to generate the other encryption key related to the other terminal and the identification information of the other terminal in a hash algorithm preset in the existing key block in which the security server is included in the previous block and the other encryption key related information of the other terminal is stored; Extracting an existing keyblock hash value obtained by applying the other encryption key related information including the other encryption key related to the other terminal and the generation time of the existing keyblock, and the time with the specific terminal measured through the time synchronization Generating the encryption key by applying an error coefficient according to an error and the existing keyblock hash value to a preset hash algorithm;
Transmitting, by the security server, the existing keyblock hash value to generate the encryption key at the specific terminal; And
An unmanned payment device and a blocking rod configured as the specific terminal and a vehicle number recognizer for recognizing a vehicle number based on data received from at least one of at least one CCTV camera, at least one parking guidance terminal, and at least one parking sensor. And a proxy device connected to the parking control server for controlling the control of at least one control unit of the circuit breaker for opening and closing the control unit or configured as a module in the parking control server, according to the time synchronization with the security server. The encryption key is generated by applying the existing key block hash value received from the security server to a preset hash algorithm, and the transmission data generated by the parking control server is encrypted with the encryption key and then transmitted to the parking control server. With the encryption key received Performing parking control by decrypting the encrypted received data with the encryption key.
Parking control method that supports a lightweight security method including a.

Images