WO2019088689A1 - Puf-qrng quantum cryptographic security terminal system and cryptographic key generation method - Google Patents

Abstract

PIN data is generated using a physical process variation occurring during a manufacturing process of a PUF chip to generate a symmetric encryption key and an asymmetric encryption key is generated by encrypting the symmetric encryption key with a quantum random number generated through a quantum random number generator. The asymmetric cryptographic key is generated again through any one of the quantum random number generator or the pseudo-random number generator in addition to the asymmetric cryptographic key, wherein the asymmetric cryptographic key generated by the pseudo-random number generator includes a random number hash function in a newly generated asymmetric cryptographic key and is stored.

Description

PUF-QRNG Quantum Cryptographic Security Terminal System and Cryptographic Key Generation Method

The present invention relates to a PUF-QRNG quantum cryptographic security terminal system and a cryptographic key generation method which are composed of an ultra-small PUF (Phisycally Unclonable Function) chip and a QRNG (Quantum Random Number Generator).

Generally, a software-based random number generation technique uses a lot of resources and has a problem in that it can grasp a random number generation pattern by using an advanced hacking technique.

For the security between the Internet devices, it is possible to use natural random numbers or random numbers to extract random numbers from the randomness of natural phenomena. Such a random number is advantageous in that it has no specific pattern and can not be predicted. However, the random number is large and very expensive, and it is difficult to apply it to a miniaturization apparatus because an extraction device is required.

Quantum cryptography technology is based on the principle of quantum mechanics, which is the fundamental law of nature, not safety of mathematical computation. Quantum cryptography is also known as "Quantum Key Distribution Technology (QKD)" as a technique for securely real-time distribution of cryptographic keys (disposable random numbers) between a sender and a recipient based on the laws of quantum physics such as " have.

In order to transmit and receive a quantum cipher, there is a problem that an expensive communication local key and a transmission / reception device between the server are required and the cost increases.

The present invention relates to a security system that can secure a maximum security that can not be hacked by a quantum computer due to OTP (One Time Password) authentication security created by a physical object authentication PUF (Phisycally Unclonable Function) Chip and a Quantum Random Number Generator (QRNG) .

The security terminal includes a quantum random number generator and a PUF PIN data generator. The PUF PIN data generator generates a symmetric encryption key using the PIN data of the PUF chip, And the quantum random number generator generates the asymmetric cryptographic key by encrypting the symmetric cryptographic key with a quantum random number.

The One Time Password (OTP) authentication security generated by the physical object authentication PUF (Phisycally Unclonable Function) Chip of the present invention and the QRNG (Quantum Random Number Generator) generating a natural random number is the best security that can not be hacked by a quantum computer .

Unidirectional cryptographic key that transmits data only in one direction through single PIN data of non-replicable physical PUF chip and one-time OTP quantum cryptographic key using random natural number of quantum random number generators, and integrates with quantum terminal Way tunneling data communication only between servers, OTP (One Time Password) authentication security created through physical object authentication PUF Chip and QRNG generating natural random number has the highest security that can not be hacked by a quantum computer.

The present invention has no memory burden and high processing speed due to physical security implemented in hardware.

1 is a block diagram for understanding the present invention.

2 is a block diagram of a security terminal according to an embodiment of the present invention.

3 is a conceptual diagram for explaining a PUF according to the present invention.

4 is an embodiment of a PUF-QRNG quantum cryptographic security terminal according to the present invention.

5 is a block diagram of a cryptographic key generation method according to the present invention.

6 is a block diagram of a SoC in accordance with the present invention.

 According to the present invention, a PIN (Personal Identification Number) data is extracted from a PUF chip through a process deviation occurring in a semiconductor manufacturing process to generate a symmetric key (decryption key), and the symmetric key is encrypted with a random quantum random number generated through a QRNG To generate an asymmetric key (cryptographic key) and vice versa.

PUF generates a PIN as a circuit that generates different function values even if it is manufactured with the same design drawing by using the characteristic deviation caused by the process change.

In another embodiment, the PIN may be generated using the digital value itself, rather than the digital value generated by the physical characteristics of the PUF.

A value obtained from an external reliable source may be used as a seed and a result value obtained by encrypting the original digital value generated by the PUF may be used as the PIN.

The digital value V _PUF provided by the PUF is inserted into the seed and the hash function. Therefore, the finally used PIN value may be Hash (V _PUF || Seed).

According to this embodiment, when the private key is leaked by any path, the PIN can be easily changed by changing only the seed value, so that safety and convenience can be improved.

However, this PIN value generation is only a few embodiments, and the embodiments include both the case where the digital value itself generated by the PUF is used as a PIN, and the case where the value obtained by separately processing the PUF is used as a PIN. Hereinafter, the process of generating the new PIN by processing the digital value generated by the PUF will not be described in detail, but all of these embodiments should be understood.

On the other hand, the PUF has a random value that can not be predicted, so it can be used to determine the PIN of the device. If the PUF is used, it can prevent the pre-leakage of the PIN that may occur when the PUF is generated from the outside and stored in the memory.

In addition, since the PUF is physically impossible to replicate, it is possible to eliminate the possibility that the PIN number of the device will be leaked or duplicated posteriorly.

Also, the PIN value generated by the PUF is excellent in randomness, and in the embodiments, it is reliable that the value once generated does not change with time.

According to one embodiment, a serial number is stored in a serial number storage unit of a security terminal, the unique value of a device provided by a factory in the manufacturing process of the device, and the unique serial number of the device Input to the device via the I / O interface, and the secret key from the secret key module may be extracted to the factory or to the outside having administrative authority only once for the first time. It does not have to be once according to the policy, but it can be designated as one of security maintenance.

According to one embodiment, the device may be an electronic fuse (eFUSE) comprising a fuse portion. In this embodiment, after the first secret key extraction, the fuse block physically disconnects the connection between the secret key module and the I / O interface, which is irreversible. It is impossible for the subject having the management authority to safely manage the secret key extracted for the first time and it is impossible for the secret key of the device to be newly extracted after the fuse unit is cut off.

The apparatus and method for implementing the PUF (Physically Unclonable Function) by using the process deviation during semiconductor manufacturing and applying the method and apparatus for generating the identification key are used to enhance the security of the physical entity.

If the PUF authenticates the physical terminal in hardware, generating an authentication request key (cryptographic key / decryption key) in which the PIN value of the PUF is generated as a one-time quantum random number OTP (One Time Password) .

And generates a symmetric cryptographic key for mutual cryptographic communication using the cryptographic key with a pair of cryptographic keys.

Unlike quantum random numbers, it is possible to generate an OTP (One Time Password) asymmetric cryptographic key with a pseudorandom number generator (PRNG) through a pseudorandom number generator (PRNG).

In addition, a True Random Number Generator (TRNG) can generate a quantum random number (QRN) symmetric cryptographic key and a pseudorandom number (PRN) asymmetric cryptographic key, and a pair of symmetric cryptographic keys Way communication and authentication is possible.

An asymmetric cryptographic key that is re-encrypted through the pseudo-random number generator to the quantum random symmetric cryptographic key can be generated and the asymmetric cryptographic key can be decrypted through the symmetric cryptographic key.

The system according to the present invention includes a private key module for generating a private key to be used in a public key encryption / decryption communication method, and the private key module can provide a private key by a PUF separate from the private key module.

The private key generated and provided by the private key module is physically isolated from the outside and is not extracted externally from device manufacture to distribution and use. Of course, for the same reasons as the above-described secret key module, it is impossible to leak an artificial private key by a physical attack.

Therefore, since the private key provided by the private key module does not leak, the device can authenticate the device through the PIN generated by itself in the object communication M2M.

Using the private key generated by the private key module, the public key generation unit generates a public key to be used by the device in the public key encryption / decryption communication method, and is stored in the public key storage unit. The public key storage unit is a means for storing the generated public key, and may be a non-volatile memory according to an embodiment.

The public key storage unit can be selectively employed. In another embodiment, it is possible to read the public key generated by the public key generation unit whenever authentication is required without the public key storage unit.

The encryption / decryption processor can be understood as a Crypto-coprocessor for performing normal data encryption and decryption, and a configuration for exchanging actual encrypted data with the outside in the communication network is a communication interface.

The first extracted secret key is used only as a means of verifying that the entity is a legitimate entity when exchanging a public key with a Certification Authority (CA), which is a management entity having a proper authority to perform secure communication with the device do.

That is, the secret key, which is already extracted once but not already used, is not directly used for encryption / decryption, but the secret key is used only in the process of sending the public key to the outside by the secret key encryption method, and double security is ensured. Therefore, the private key used for real device authentication is never exposed to the outside.

A Physically Unclonable Function (PUF) can provide an unpredictable digital value. The individual PUFs are given exact manufacturing processes, and even if they are manufactured in the same process, the digital values provided by the individual PUFs are different.

Therefore, the PUF may be referred to as a physical one-way function (POWF) that is not replicable, and may also be referred to as a PRF (Physical Random Function).

Such a PUF may be used to generate a cryptographic key for security and / or authentication. For example, a PUF can be used to provide a unique key to distinguish devices from one another.

Conventionally, to implement such a PUF, a coating PUF is implemented using randomly doped particles in the top layer of the IC, and a coating PUF is generally used in a hardware chip such as a latch Butterfly PUF, which can be implemented in FPGA using process variation inside CMOS device, has also been implemented.

To be reliable so that the application that utilizes PUF for PIN generation can be commercialized, it is required that the physical unreproducibility of the PUF circuit itself, the randomness of the generated PIN value, and the value of the once generated PIN do not change with time All invariances must be guaranteed.

Most conventional PUF circuits have difficulty in commercialization because they can not guarantee at least one of the randomness to be satisfied as PUF or PRF and the time invariance of value to a high level.

The PUF used in the present invention solves this conventional problem and can be produced at a very low unit price in the semiconductor manufacturing process while ensuring the time invariance and randomness to a very reliable level.

In order to satisfy both the randomness and the time invariance of the PIN generated by the PUF, a random value is generated using the randomness due to the short circuit between the nodes existing in the semiconductor process.

The PUF is designed to realize the size of contacts or vias used for electrically connecting conductive layers (metal) in a semiconductor chip to a certain size or less than a design rule in the process, And whether or not a short circuit is caused to be randomly determined. That is, the PIN value is randomly generated by violating the design rule.

Since this new PUF circuit is composed of a very simple short circuit, there is no additional circuit or process and no special measuring device is needed. Since the process characteristics are used, the stability can be satisfied while maintaining the randomness of the values.

The generation of the PUF according to the embodiment will be described in detail with reference to FIG.

And the vias are formed between the metal 1 layer 302 and the metal 2 layer 301 in the semiconductor manufacturing process.

In the group 310 where the via size is sufficiently large according to the design rule, all the vias short-circuit the metal 1 layer 302 and the metal 2 layer 301,

On the other hand, in the group 330 in which the via size is too small, all the vias can not short-circuit the metal 1 layer 302 and the metal 2 layer 301. Therefore, if a short circuit is represented by a digital value, it becomes 1.

In the group 320 where the via size is between the group 310 and the group 330, some of the vias short-circuit the metal 1 layer 302 and the metal 2 layer 301, 302 and the metal 2 layer 301 can not be short-circuited.

The identification key generating unit short-circuits the metal 1 layer 302 and the metal 2 layer 301 and some of the vias are connected to the metal 1 layer 302 and the metal 2 layer 301, And the via size is set so as not to short-circuit the via.

The design rule for the via size differs depending on the semiconductor manufacturing process. For example, if the design rule of the via in the 0.18 um CMOS (Complementary Metal-Oxide-Semiconductor) process is set to 0.25 um, The via size is set to 0.19 μm in the generation section, so that the short circuit between the metal layers is stochastically distributed.

It is ideal to have a short-circuit probability of 50%, and the secret key module and the private key module according to an embodiment are configured by setting the via size such that the probability distribution is as close to 50% as possible. This via size setting can be made by experimentation according to a specific specific semiconductor process.

According to this embodiment, the tamper resistance is not required for the PUF to cope with a physical attack by providing the secret key or the private key in a random and time-invariant manner.

Tamper-resistance, which is mainly used in encryption modules to cope with physical attacks such as de-packaging, layout analysis, and memory attack, prevents the device's functions from functioning normally by deleting the contents of the memory device when attempting to release the device Protect the contents inside. However, additional protection devices are required or the implementation means is complicated, which not only increases the cost but also has the possibility of unintentional equipment damage such as data erasure due to user's mistake or failure. However, if the PUF is implemented by the principle described above with reference to FIG. 3, there is no such problem.

It is almost impossible to select a PUF cell inside a chip of tens to hundreds of thousands of gates and observe its value because it is very difficult to separate and observe each cell inside the PUF.

Also, since some PUF values are determined only when the power is turned on, when a part of the chip is damaged during the process of depacking for a physical attack or the like, the PUF has a different value from the usual value, Is very difficult.

Therefore, when the present invention uses a PUF, it is possible to provide a private key and a private key, which are robust against physical attacks and maintain randomness and time invariance without requiring additional cost such as tamper resistance.

The present invention generates a PIN that can be used as an authentication key for security authentication and is a time-invariant digital value whose value is not changed according to the surrounding environment after once generated, It is possible to prevent the security threats to the authentication scheme of the device (terminal) by adopting the quantum security technology to the security based on the PUF, so that more secure log authentication and three channel quantum security authentication technology .

PUF Chip is composed of System On Chip (SoC) and is composed of boot ROM, main CPU, I / O port, security MCU, SoC memory, PUF hardware pin (H / W PIN), and SPI (Serial Peripheral Interface) controller.

Conventionally, when the main CPU boots the boot ROM, the debug interface is connected to the input / output port at the same time. The system-on-chip internal programs and data can be accessed from the outside through the debugger interface. In this situation, there is no security measure to protect the data on the system on chip.

On the other hand, the security MCU operates for data security using the security key stored in the SoC memory and the security key from the unique PUF hardware pin.

However, since both the SoC memory and the PUF hardware pin are provided in the PUF chip, the operation and the value may be changed by access from the outside through the debugger interface, and the operation of the main CPU or the security MCU itself is stopped There is also room.

Therefore, as long as the debugger interface is debugged in a connected state through the input / output port, there is a problem that security in a practical sense is impossible.

In order to solve the problems of the prior art, the present invention provides a system-on-chip type PUF chip having a security function. In order to enhance data security, the PUF chip has an internal SoC memory access restriction, a main CPU, And to provide a system-on-chip security method that, when detected, restricting the boot ROM from booting.

In addition, the system-on-chip is replaced with a USB (Universal Serial Bus) or board type.

As shown in FIG. 6, when a security MCU is additionally included in the main CPU, it is the hardware that implements the security algorithm, and takes charge of the operation portion that needs to receive control of the main CPU and process it at a high speed.

The main CPU judges whether or not the symmetric key or the asymmetric key generated from the random number such as the quantized random number (QRNG) and the PIN data of the PUF unique to the pseudo random number (PRNG) coincide with each other.

In the present invention, an apparatus for protecting an application program is provided. When a hacker changes a main CPU application program through a debugger interface or a serial peripheral interface bus (SPI), the input / output port is shut off and the boot ROM is booted I can not.

Will be described in detail with reference to FIG. PIN data is generated using the physical process variation occurring during the manufacturing process of the PUF chip to generate a symmetric key.

And generates the asymmetric key by encrypting the symmetric key with the quantum random number generated through the quantum random number generator.

Generating an asymmetric key through the quantum random number generator or the pseudo random number generator on the asymmetric key, wherein the asymmetric key generated by the pseudo random number generator is a random number generated hash function used for random number generation, Is stored in the memory.

Referring to FIG. 1, a symmetric key 1 is generated through PIN data of a PUF chip and is encrypted through a quantum random number generator (QRNG) to generate an asymmetric key 1.

The cipher text generated through the asymmetric key 1 is decrypted only through the symmetric key 1 and can be decrypted.

When a pseudo random number 1 is generated by putting a hash function 1 into the pseudo random number generator PRNG, the asymmetric key 1 is re-encrypted with the pseudo random number 1 to generate the asymmetric key 2, and the asymmetric key 2 including the hash function 1 is stored in the asymmetric key 2.

The ciphertext generated through the asymmetric key 2 is decrypted only by the asymmetric key 1 and can be decrypted.

When the pseudo random number 2 is generated by putting the hash function 2 into the pseudo random number generator PRNG, the asymmetric key 2 is re-encrypted with the pseudo random number 2 to generate the asymmetric key 3, the asymmetric key 3 including the hash function 2, The asymmetric key 3 stores the hash functions 1 and 2, and the ciphertext (encrypted data) generated through the asymmetric key 3 is decrypted through the asymmetric key 1 or 2 to generate the n-th asymmetric key , As shown in FIG. 1, the asymmetric key 3 can be generated by encrypting the quantum random number generator with the asymmetric key 2 with the quantum random number generated through the (QRNG).

Differentiation occurs in decryption when generating a lower asymmetric key through a quantum random number generator and a pseudo random number generator.

In FIG. 5, the PUF chip-equipped security terminal can decrypt the data encrypted through the asymmetric key 1 - 3 through the asymmetric key 1 - 2 and the asymmetric key 1 - 1, the asymmetric key 1, and the symmetric key 1.

In this process, the pseudo-random number generating hash function of the pseudo-random number generator is stored in order, and the symmetric key 1 can decrypt all the ciphertexts generated by the asymmetric keys 1, 1-1, 1-2 and 1-3, Asymmetric key 1 can decrypt all ciphertexts created in 1-1, 1-2, and 1-3, and asymmetric key 1-1 can decrypt only ciphertexts created in 1-2, 1-3. Do.

However, as shown in FIG. 1, when the PUF-equipped security terminal holds the asymmetric key 3-2 and creates the cipher text, the asymmetric key 2 and the asymmetric key 3 and the asymmetric key 3-1 can decrypt the ciphertext formed by the asymmetric key 3-2 However, when the asymmetric key 3-2 is hacked, the asymmetric key 3 is encrypted by a quantum random number (encrypted by a random quantum random number rather than a pseudo random number generated hash function), and the asymmetric key 3-1 and the asymmetric key 3-1 Key 3 can be hacked, but the asymmetric key 2 generated by the quantum random number generator is not hackable.

That is, the asymmetric key generated through the quantum random number can decrypt the lower asymmetric key generated by the pseudo-random number generator, but before the asymmetric key generated through the quantum random number, only the asymmetric key generated through the quantum random number is decrypted And more can not be hacked by a quantum computer.

That is, even at the manufacturing plant that generates the initial PIN data extracted through the PUF, it is impossible to hack after the quantum random number encryption step.

In conclusion, even if the original PIN data extracted from the PUF manufacturing plant is hacked or leaked, it is impossible for the buyer (user) to perform hacking after self-encrypting through the quantum random number in the middle.

For example, if asymmetric keys 3, 3-1, 3-1, 3-2, 3-3 are generated in FIG. 1 and asymmetric key 2 is discarded, authentication of the PUF chip secure terminal can be performed regardless of the manufacturer do.

It is also possible to encrypt the asymmetric keys 3 and 3-1 with quantum random numbers.

The asymmetric key becomes the symmetric key as compared with the lower asymmetric key in the newly generated order.

The PUF Chip is a System On Chip (SoC), which consists of a boot ROM, a central processing unit (CPU), an I / O port, a secure MCU (Machine Control Unit) PUF hardware pin (H / W PIN), and SPI (Serial Peripheral Interface) controller.

The CPU controls the secure MCU, boot ROM, SoC memory, I / O ports, PUF hardware pins, and SPI controller.

The CPU controls the secure MCU to extract PIN (Personal Identification Number) data from the PUF hardware pin, and is stored in the SoC memory and the platform memory of the high-speed quantum random number generator inside the security platform connected to the network.

The CPU controls the SPI controller to receive a quantum random number generated through a low-speed terminal random number source generator and transmits the quantum random number to the secure MCU.

The secure MCU generates a terminal symmetric cryptographic key using the PIN data in the SoC memory, and then generates a terminal asymmetric cryptographic key by encrypting the terminal symmetric cryptographic key with the quantum random number generated through the low-rate terminal random number source generator.

When the PIN data encrypted with the terminal asymmetric encryption key received through the input / output port is received, the CPU decrypts the encrypted PIN data using the terminal symmetric encryption key, and when the PIN data matches the PIN data stored in the SoC memory, the CPU connects the debugger interface through the input / output port, The quantum terminal is composed of a modem chip, a main MCU, a power amp, and a low-speed terminal quantum random number generator.

The low-rate terminal quantum random number generator includes a low-speed terminal random number source generator and a terminal PUF (Phisycally Unclonable Function) chip.

The secure MCU in the terminal PUF chip generates the terminal symmetric cryptographic key using the PIN data extracted from the PUF hardware pin and then generates the terminal asymmetric cryptographic key by encrypting the terminal symmetric cryptographic key with the quantum random number generated through the low rate terminal random number source generator And transmits the terminal symmetric cryptographic key and the terminal asymmetric cryptographic key to the main MCU in the quantum terminal.

The main MCU amplifies the terminal asymmetric cryptographic key and IP address data in Power Amp, and transmits the amplified data to a security platform through a modem chip.

Wherein the security platform transmits the terminal asymmetric cryptographic key and IP address data to the cloud server, and the fast quantum random number generator in the secure platform comprises a high-speed random number source generator and a platform memory, After generating the fast symmetric encryption key, the fast symmetric encryption key is encrypted through the fast random number source generator to generate the fast asymmetric encryption key, and the fast symmetric encryption key and the asymmetric encryption key are transmitted to the cloud server.

The cloud server encrypts the high speed asymmetric cryptographic key with the terminal asymmetric cryptographic key as a modem chip of the quantum terminal IP address, and the quantum terminal decrypts the fast asymmetric cryptographic key encrypted with the terminal asymmetric cryptographic key using the terminal symmetric cryptographic key.

When the quantum terminal transmits the terminal symmetric cryptographic key encrypted with the high-speed asymmetric cryptographic key to the cloud server, the cloud server decrypts the terminal symmetric cryptographic key with the fast symmetric cryptographic key.

When the cloud server transmits a fast symmetric cryptographic key encrypted with the terminal asymmetric cryptographic key to the quantum terminal, the quantum terminal decrypts the fast symmetric cryptographic key with the terminal symmetric cryptographic key.

When data is transmitted from the quantum terminal to the cloud server unidirectionally, it is encrypted with a fast symmetric encryption key and transmitted.

When data is transmitted from the cloud server to the quantum terminal in one direction, it performs high-speed tunneling data communication by encrypting the data with the terminal symmetric encryption key.

When the fast tunneling data communication is interrupted, the terminal symmetric cipher key and the fast symmetric cipher key generated by the quantum random number generator are lost, but the fast tunneling data communication is interrupted and the terminal symmetric cipher key generated by the quantum random number generator and the fast symmetric cipher key In the high-speed tunneling data communication before the destruction of the cloud local server, the internal low-speed local quantum random number generator comprises a low-speed local random number source generator, a local PUF (Phisycally Unclonable Function) chip and a low-speed local pseudo random number generator.

In an embodiment of the PUF-QRNG quantum cryptographic security terminal system according to the present invention, the PUF chip is mounted in a quantum terminal, the MCU in the quantum terminal generates unique PIN data, Stored in the platform memory; The control server includes a quantum random number generator (QRNG) and a platform memory. The control server generates a symmetric encryption key using a random random number generated through a quantum random number generator, encrypts the symmetric encryption key with PIN data stored in the platform memory To generate an asymmetric cryptographic key; The control server transmits the asymmetric cryptographic key to the quantum terminal; The quantum terminal includes an MCU and a PUF chip, and the MCU receives the asymmetric cryptographic key and transmits data obtained by encrypting the PIN data of the PUF chip with the asymmetric cryptographic key to the control server; The control server connects the control server and the quantum terminal to open the bi-directional tunneling data communication when the PIN data of the PUF chip decrypted with the asymmetric cryptographic key is decrypted with the asymmetric cryptographic key and the PIN data stored in the platform memory coincide with each other .

In an embodiment of the PUF-QRNG quantum cryptographic security terminal system according to the present invention, a PUF chip is mounted on a quantum terminal, and an MCU inside the quantum terminal generates unique PIN data using a physical process variation occurring during a manufacturing process And the PIN data is stored in a platform memory inside the control server; The control server includes a quantum random number generator (QRNG) and a platform memory, and the control server generates a symmetric encryption key using PIN data stored in the platform memory, and the control server generates a symmetric cryptographic key using the quantum random number generated through the quantum random number generator. Encrypting the symmetric encryption key to generate an asymmetric encryption key; The control server transmits the asymmetric cryptographic key to the quantum terminal; The quantum terminal includes an MCU and a PUF chip, and the MCU receives the asymmetric cryptographic key and transmits data obtained by encrypting the PIN data of the PUF chip with the asymmetric cryptographic key to the control server; If the PIN data of the PUF chip decrypted with the asymmetric cryptographic key is identical to the PIN data stored in the platform memory, the control server transmits a user login (log-in) bi-directional tunneling data communication between the control server and the quantum terminal Is opened.

In an embodiment of the PUF-QRNG quantum cryptographic security terminal system according to the present invention, the PUF chip is mounted in a quantum terminal, the MCU in the quantum terminal generates unique PIN data, Stored in the platform memory; The control server includes a pseudo random number generator and a platform memory. The control server generates a random random number through a pseudo random number generator. The control server generates a symmetric encryption key using PIN data stored in the platform memory. Encrypting the symmetric encryption key to generate an asymmetric encryption key; The control server transmits the asymmetric cryptographic key to the quantum terminal; The quantum terminal includes an MCU and a PUF chip, and the MCU receives the asymmetric cryptographic key and transmits data obtained by encrypting the PIN data of the PUF chip with the asymmetric cryptographic key to the control server; If the PIN data of the PUF chip decrypted with the asymmetric cryptographic key is identical to the PIN data stored in the platform memory, the control server logs in the user between the control server and the quantum terminal and transmits the bi-directional tunneling data And communication is started.

In another embodiment of the PUF-QRNG quantum cryptographic security terminal system according to the present invention, the remote server includes a remote PUF chip, a remote random number generator, a remote memory, and a remote control unit, Generates a remote symmetric encryption key with unique remote PIN data using physical process deviations occurring during the remote symmetric encryption process; The remote control unit generates a random random number through the remote random number generator and encrypts the remote symmetric encryption key to generate a remote asymmetric encryption key; Wherein the remote symmetric encryption key is stored in a local server internal local memory; The local server includes a local PUF chip, a local random number generator, a local memory, and a local controller. The local controller generates unique local PIN data using physical process variations occurring during the manufacturing process of the local PUF chip, Generate an encryption key; Wherein the local control unit generates a random number through the local random number generator and encrypts the local symmetric encryption key to generate a local asymmetric encryption key; The local symmetric encryption key is stored in a remote server internal remote memory; When the remote server logs in to the bidirectional tunneling data communication request to the local server, the local server sends the local asymmetric encryption key to the remote server IP address; The remote server receives the local asymmetric cryptographic key and transmits the remote cryptographic key, which is encrypted with the local asymmetric cryptographic key to the remote symmetric cryptographic key to the local server IP address, to the local server; When the remote symmetric encryption key decrypted with the local symmetric encryption key is identical to the remote symmetric encryption key stored in the local memory, the local server performs a log-in bi-directional tunneling data communication between the local server and the remote server Open; At the time of log-in, the local asymmetric encryption key and the remote encryption key are deleted; When the local server logs in to the remote server in a bidirectional tunneling data communication request, the remote server sends the remote asymmetric encryption key to the local server IP address; The local server receives the remote asymmetric cryptographic key and transmits the local cryptographic key, which is the remote symmetric cryptographic key encrypted with the remote server IP address, to the remote server; When the local symmetric encryption key decrypted with the remote symmetric encryption key is identical to the local symmetric encryption key stored in the remote memory, the remote server performs a log-in bi-directional tunneling data communication between the remote server and the local server Open; The remote asymmetric encryption key and the local encryption key are deleted at the time of log-in.

In another embodiment of the PUF-QRNG quantum cryptographic security terminal system according to the present invention, the remote server includes a remote PUF Chip, a remote random number generator, a remote memory, and a remote control unit. The remote random number generator generates a remote symmetric encryption key Generate; Wherein the remote control unit generates unique remote PIN data using a physical process deviation occurring during a manufacturing process of a remote PUF chip and generates a remote asymmetric encryption key by encrypting the remote symmetric encryption key; Wherein the remote symmetric encryption key is stored in a local server internal local memory; Wherein the local server comprises a local PUF Chip, a local random number generator, a local memory, and a local control, wherein the local random number generator generates a local symmetric encryption key; Wherein the local control unit generates unique local PIN data using a physical process variation occurring during the manufacturing process of the local PUF chip to generate a local asymmetric cryptographic key by encrypting the local symmetric cryptographic key; The local symmetric encryption key is stored in a remote server internal remote memory; When the remote server logs in to the bidirectional tunneling data communication request to the local server, the local server sends the local asymmetric encryption key to the remote server IP address; The remote server receives the local asymmetric cryptographic key and transmits the remote cryptographic key, which is encrypted with the local asymmetric cryptographic key to the remote symmetric cryptographic key to the local server IP address, to the local server; When the remote symmetric encryption key decrypted with the local symmetric encryption key is identical to the remote symmetric encryption key stored in the local memory, the local server performs a log-in bi-directional tunneling data communication between the local server and the remote server Open; At the time of log-in, the local asymmetric encryption key and the remote encryption key are deleted; When the local server logs in to the remote server in a bidirectional tunneling data communication request, the remote server sends the remote asymmetric encryption key to the local server IP address; The local server receives the remote asymmetric cryptographic key and transmits the local cryptographic key, which is the remote symmetric cryptographic key encrypted with the remote server IP address, to the remote server; When the local symmetric cipher key decrypted with the remote symmetric encryption key is identical to the local symmetric encryption key stored in the remote memory, the remote server opens the log-in bi-directional tunneling data communication between the remote server and the local server ; The remote asymmetric encryption key and the local encryption key are deleted at the time of log-in.

In another embodiment of the PUF-QRNG quantum cryptographic security terminal system according to the present invention, the secure terminal comprises a quantum random number generator and a PUF PIN data generator, wherein the quantum random number generator comprises a random number generator, a quantum detection diode, a quantum random pulse generator, Wherein the quantum random detector detects quantum particles generated from a random number source generator that emits quantum particles and the quantum random pulse generator detects a quantum particle event from the quantum detection diode to detect quantum particles And the quantum random number control unit comprises a microprocessor for generating a random number from a random random number source generated through the quantum random pulse generator to generate a symmetric encryption key, and the PUF PIN data generator comprises a PUF Chip and main part, and the main part is composed of PIN data of PUF chip Based features that create an asymmetric cryptographic encryption key to encrypt a symmetric encryption key that is generated by a quantum random number generator.

In another embodiment of the PUF-QRNG quantum cryptographic security terminal system according to the present invention, the secure terminal comprises a quantum random number generator and a PUF PIN data generator, wherein the PUF PIN data generator comprises a PUF chip and a main control unit, Generate a symmetric encryption key with the PIN data of the chip; Wherein the quantum random number generator comprises a random number generator, a quantum detection diode, a quantum random pulse generator, and a quantum random number control unit, wherein the quantum detection diode detects quantum particles generated from a random number source generator emitting quantum particles, The generator generates a random pulse corresponding to the detection of the quantum particle by detecting a quantum particle event from the quantum detection diode, and the quantum random number control unit generates a quantum random number with a random random number source generated through the quantum random pulse generator; And the quantum random number control unit encrypts the symmetric cryptographic key with the quantum random number to encrypt and generate the asymmetric cryptographic key.

In another embodiment of the PUF-QRNG quantum cryptographic security terminal system according to the present invention, the remote USB includes a remote PUF chip, a remote random number generator, a remote memory, and a remote control unit, Generates a remote symmetric encryption key with unique remote PIN data using physical process deviations occurring during the remote symmetric encryption process; The remote control unit generates a random random number through the remote random number generator and encrypts the remote symmetric encryption key to generate a remote asymmetric encryption key; Wherein the remote symmetric encryption key is stored in an operating server and a local USB internal local memory; The local USB includes a local PUF chip, a local random number generator, a local memory, and a local controller. The local controller generates unique local PIN data using physical process variations occurring during the manufacturing process of the local PUF chip, Generate an encryption key; The local control unit generates a random random number through the local quantum random number generator to generate a local asymmetric cryptographic key by encrypting the local symmetric cryptographic key; Wherein the local symmetric encryption key is stored in an operating server and a remote USB internal remote memory; When the operation server receives the local asymmetric encryption key and the remote asymmetric encryption key from the remote USB and local USB connected to the network, it decrypts the local symmetric encryption key and the remote symmetric encryption key, In case of PIN data, the connection IP address of the local USB is transmitted through the remote USB, and the connection IP address of the remote USB is transmitted by the local USB, so that bidirectional communication is performed through the local asymmetric encryption key and the remote asymmetric encryption key.

The security terminal includes a quantum random number generator and a PUF PIN data generator. The PUF PIN data generator generates a symmetric encryption key using the PIN data of the PUF chip, And the quantum random number generator generates the asymmetric cryptographic key by encrypting the symmetric cryptographic key with a quantum random number.

The security terminal includes a quantum random number generator and a PUF PIN data generator. The quantum random number generator generates a symmetric cryptographic key with a random random number, generates a PUF PIN data generator, The asymmetric cryptographic key is generated by encrypting the symmetric cryptographic key with the PIN data of the PUF chip.

In one embodiment of the encryption key generation method using the PUF-QRNG according to the present invention, the PUF chip generates PIN data using a physical process variation occurring in the manufacturing process to generate a symmetric encryption key; Encrypting the symmetric cryptographic key with a quantum random number generated through a quantum random number generator to generate an asymmetric cryptographic key; And generating the first asymmetric cryptographic key to the n-th asymmetric cryptographic key using a random number generated through the quantum random number generator or the pseudo random number generator in the asymmetric cryptographic key.

As an embodiment of the encryption key generation method using the PUF-QRNG according to the present invention, the PIN data is generated using the physical process variation occurring during the manufacturing process of the PUF chip to generate the symmetric encryption key; Encrypting the symmetric cryptographic key with a quantum random number generated through a quantum random number generator to generate an asymmetric cryptographic key; Wherein the asymmetric cryptographic key generated by the pseudo random number generator includes a random number generated hash function in a newly generated asymmetric cryptographic key by generating an asymmetric cryptographic key through the quantum random number generator or the pseudo random number generator in the asymmetric cryptographic key, Is stored.

As an embodiment of the encryption key generation method using the PUF-QRNG according to the present invention, the PIN data is generated using the physical process variation occurring during the manufacturing process of the PUF chip to generate the symmetric encryption key; Encrypting the symmetric cryptographic key with a quantum random number generated through a quantum random number generator to generate an asymmetric cryptographic key; The pseudo-random number generator generates a new pseudo-random number by generating a pseudo-random number as a random number generating hash function, and then generates a new asymmetric cryptographic key by encrypting the asymmetric cryptographic key. The new asymmetric cryptographic key generated by the pseudo- And the asymmetric cryptographic key is newly stored in the asymmetric cryptographic key.

In the present invention, the Quantum Random Number Generator (QRNG) can be used as a True Random Number Generator (TRNG) or a Pseudo Random Number Generator (PRNG).

As an embodiment of the present invention, the single PIN data of the non-replicable physical PUF chip and the one-time OTP quantum cryptographic key using the random natural number of the quantum random number generator, compared with the conventional security measures through a pair of VPNs, Directional tunneling data communication is opened only between the quantum terminal and the integrated control server by strengthening the security measures through application of the unidirectional cryptographic key for transmitting the data. The PUF chip is mounted on the quantum terminal, And the PIN data is stored in the integrated control server internal platform memory.

The integrated control server comprises a quantum random number generator and a platform memory.

The quantum random number generator comprises a random number source generator, a quantum detection diode, a quantum random pulse generator, and a quantum random number control unit. The random number source generator emits quantum particles, the quantum detection diode detects quantum particles generated from the random number source generator , The quantum random pulse generator detects a quantum particle event from the quantum detection diode to generate a random pulse corresponding to the detection of the quantum particle, and the quantum random number control unit comprises a microprocessor, Generates a symmetric encryption key by generating a quantum random number from a pulse random number source, and encrypts the symmetric encryption key with PIN data stored in the platform memory to generate an asymmetric encryption key.

The integrated control server transmits the asymmetric cryptographic key to the MAC address of the quantum terminal modem chip, and the quantum terminal includes the modem chip, the MCU, the power amplifier, and the PUF chip. The MCU receives the asymmetric cryptographic key through the modem chip The power amplifier amplifies the MAC address of the modem chip and the PIN data of the PUF chip using the asymmetric cryptographic key, and transmits the amplified data to the integrated control server through the modem chip. The integrated control server decrypts the data encrypted with the asymmetric cryptographic key with the symmetric cryptographic key When the user agrees with the PIN data of one PUF chip and the MAC address of the quantum terminal modem chip, the user logs in between the integrated control server and the quantum terminal to open bi-directional tunneling data communication.

4, the quantum random number generator includes a random number source generator, a quantum detection diode, a quantum random pulse generator, a quantum random number controller, and an input / output unit. The random number source generator includes a light emitting diode (LED) ), A radioisotope, a transistor noise, and a thermal noise, the quantum detection diode detects quantum particles generated from the random number source generator, and the quantum random pulse generator detects the quantum detection diode Wherein the quantum random number generator generates a random number by generating a random random number from a random pulse random number source generated through the quantum random pulse generator to generate a symmetric encryption key, And a microprocessor.

The input / output unit includes a power supply port, an input data port, an output data port, and a grounding port. The input / output unit integrates a protruding input / output unit coupled to the depressed input / output unit of the PUF PIN data generator 1 on a plate, And a protruding input / output unit including a power supply port, an input data port, an output data port, and a grounding port which are inserted into a recessed input / output unit of the quantum terminal, ; An input data port, an output data port, and a grounding port of the protruding input / output unit of the quantum random number generator; And a PUF PIN data generator 1 including an integrated housing including a PUF controller.

When the protruding input / output unit of the PUF PIN data generator is inserted into the recessed input / output unit of the quantum terminal, the PUF control unit is powered by receiving power through a power port and a grounding port inside the quantum terminal, Output unit of the quantum random number generator is inserted into the PUF PIN data generator, the quantum random number controller is driven to receive power through the power port and the ground port in the PUF PIN data generator, and the quantum random number controller controls the random number generator A quantum detection diode, and a quantum random pulse generator, and transmits the generated symmetric cryptographic key to a PUF control unit in the PUF PIN data generator. The PUF control unit controls the quantum random number generator Upon receipt of the symmetric encryption key from the random number generator, the symmetric cipher It encrypts the generated encrypt the asymmetric encryption key is characterized in that transmission to both devices.

The PUF controller generates a symmetric encryption key through the PIN data of the PUF chip, and the quantum random number generator generates the asymmetric encryption key by encrypting the symmetric encryption key with the quantum random number, and outputs the asymmetric encryption key to the input / output Output unit, and the input / output unit of the quantum random number generator comprises a protruding input / output unit and a depressed input / output unit.

And a VPN (Virtual Private Network) is additionally provided to perform 1: 1 encrypted data communication between VPNs.

MAC Address (Media Access Control Address) can be replaced with IP Address (Internet Protocol Address).

When the remote server is connected to the network, the connection server transmits the connection IP address of the remote server to the operation server connected to the network. When the local server connects to the network, the operation server connected to the network When the connection IP address of the local server is transmitted, the operation server transmits the connection IP address of the local server to the remote server and transmits the connection IP address of the remote server to the local server.

When the remote server is connected to the network by replacing the remote server with the remote USB, the connection IP address of the remote USB is transmitted to the operation server. When the local server is replaced with the local USB and connected to the network, When the connection IP address of the local USB is transmitted, the operation server transmits the connection IP address of the local USB to the remote USB and transmits the connection IP address of the remote USB to the local USB.

When the remote server is connected to the network, the remote server transmits the connection IP address and remote PIN data of the remote server to the operation server connected to the network. When the local server connects to the network, When the remote PIN data and the local PIN data are mutually user authenticated, the remote server transmits the connection IP address of the local server and the local server transmits the local IP address and the local PIN data to the connected operation server. And transmits the connection IP address of the remote server.

When the remote server is replaced with the remote USB and connected to the network, the remote server sends the remote USB connection IP address and remote PIN data to the operating server, and the local server replaces the local USB. The remote server transmits the local IP address and local PIN data of the local USB to the operation server, and when the remote PIN data and the local PIN data are mutually user authenticated, the operation server transmits the local IP address of the local server to the remote server, And transmits the connection IP address of the remote server to the server.

The remote server and the local server are replaced with a USB (Universal Serial Bus) equipped with a microprocessor MCU (Micro Control Unit), the remote server is replaced with a remote USB, and the local server is replaced with a local USB .

The remote server can be replaced with a remote virtual private network (VPN), the local server can be replaced with a local virtual private network (VPN), and the remote server and the local server can be replaced with a microprocessor microcontroller (MCU) Board (Peripheral Component Interconnect Board), a remote server is replaced with a remote PCI board, and a local server is replaced with a local PCI board.

USB (Universal Serial Bus) is replaced with a PCI Board (Peripheral Component Interconnect Board).

As an embodiment of a CCTV video surveillance apparatus equipped with a PUF-QRNG quantum cryptographic security terminal, a single PIN data of a non-replicable physical PUF chip and a random natural number of a quantum random number generator are compared with conventional security measures through a pair of VPNs Way tunneling data communication only between the CCTV video surveillance device and the integrated control server by enhancing the security measures by applying the one-way cryptographic key for transmitting the data only in one direction through the disposable OTP quantum cryptographic key, and the PUF chip is used for the CCTV video The MCU in the CCTV video monitoring apparatus generates unique PIN data using a physical process variation occurring in the manufacturing process to generate a symmetric encryption key, and the symmetric encryption key generated through the PIN data It is stored in the internal platform memory of the integrated control server.

Wherein the integrated control server comprises a quantum random number generator and a platform memory, wherein the quantum random number generator comprises a random number source generator, a quantum detection diode, a quantum random pulse generator, and a quantum random number controller, The quantum random number generator detects a quantum particle event from the quantum detection diode to generate a random pulse corresponding to the detection of the quantum particle, and the quantum random number generator And generates a quantum random number by a random pulse random number source generated through the quantum random pulse generator.

The asymmetric cryptographic key is generated by encrypting the symmetric cryptographic key stored in the integrated control server internal platform memory with the quantum random number.

The integrated control server transmits the asymmetric cryptographic key to the MAC address of the CCTV video surveillance device, and the CCTV video surveillance device includes the modem chip, the MCU, the power amplifier, the PUF chip, and the surveillance camera. The asymmetric cipher key is received, and the MAC address of the modem chip and the PIN data of the PUF chip are encrypted with the asymmetric cipher key, and the data is amplified by the power amplifier and transmitted to the integrated control server through the modem chip. If the user matches the PIN data of the PUF chip decrypted with the symmetric encryption key and the MAC address of the CCTV video monitoring device modem chip, the user logs in between the integrated control server and the CCTV video monitoring device and performs bidirectional tunneling And data communication is started.

As an embodiment of a CCTV video surveillance apparatus equipped with a PUF-QRNG quantum cryptographic security terminal, a single PIN data of a non-replicable physical PUF chip and a random natural number of a quantum random number generator are compared with conventional security measures through a pair of VPNs Directional cryptographic key that transmits data only in one direction through the disposable OTP quantum cryptographic key to strengthen the security measures and to open bi-directional tunneling data communication only between the CCTV video surveillance device and the integrated control server.

The PUF chip is mounted on the CCTV video monitoring device. The MCU inside the CCTV video monitoring device generates the unique PIN data using the physical process variation occurring during the manufacturing process, and the PIN data is stored in the platform memory of the integrated control server do.

The integrated control server comprises a quantum random number generator and a platform memory.

The quantum random number generator consists of a random number source generator, a quantum detection diode, a quantum random pulse generator, and a quantum random number controller.

The random number source generator emits quantum particles, the quantum detection diode detects quantum particles generated from the random number source generator, and the quantum random pulse generator detects a quantum particle event from the quantum detection diode to detect quantum particles And generating a random number by generating a random random number from a random pulse random number source generated through the quantum random pulse generator to generate a symmetric encryption key, The integrated control server transmits the asymmetric cryptographic key to the MAC address of the CCTV video surveillance device, and the CCTV video surveillance device transmits the asymmetric cipher key to the modem chip, the MCU, the power amplifier, the PUF chip, And a surveillance camera, and the MCU receives the asymmetric cryptographic key through the modem chip and transmits the MAC Ad dress and PUF chip PIN data with the asymmetric encryption key is amplified by Power Amp and transmitted to the integrated control server through the modem chip and the integrated control server encrypts the data encrypted with the asymmetric encryption key by the symmetric encryption key The user log-in is performed between the integrated control server and the CCTV video surveillance device to open the bi-directional tunneling data communication if the user matches the MAC address of the PIN data and the MAC address of the CCTV video surveillance apparatus modem.

As an embodiment of a CCTV video surveillance apparatus equipped with a PUF-QRNG quantum cryptographic security terminal, the remote server includes a remote PUF chip, a remote random number generator, a remote memory, a surveillance camera, and a remote control unit.

Wherein the remote control unit generates unique remote PIN data using a physical process variation occurring during a manufacturing process of a remote PUF chip to generate a remote symmetric encryption key and the remote control unit generates a random number through the remote random number generator, And encrypts the remote symmetric encryption key to generate a remote asymmetric encryption key.

The remote PIN data is stored in the local server internal local memory.

The local server includes a local PUF chip, a local random number generator, a local memory, and a local control unit.

The local control unit generates unique local PIN data using a physical process variation occurring during the manufacturing process of the local PUF chip to generate a local symmetric encryption key.

The local control unit generates a random random number through the local random number generator and encrypts the local symmetric encryption key to generate a local asymmetric encryption key.

The local PIN data is stored in a remote server internal remote memory.

When the remote server logs in to the bidirectional tunneling data communication request to the local server, the local server sends the local asymmetric encryption key to the remote server IP address.

The remote server receives the local asymmetric cryptographic key and transmits the remote PIN data encrypted with the local asymmetric cipher key to the local server using the local server IP address and the remote PIN data of the remote PUF chip.

If the remote PIN data decrypted by the local symmetric encryption key is identical to the remote PIN data stored in the local memory, the local server performs a log-in bi-directional operation between the local server and the remote server, Tunneling data communication is opened.

At the time of log-in, the remote PIN data encrypted with the local asymmetric encryption key and the local asymmetric encryption key is deleted.

When the local server logs in to the remote server in a bidirectional tunneling data communication request, the remote server transmits the remote asymmetric encryption key to the local server IP address.

The local server receives the remote asymmetric cipher key and transmits the local PIN data, which is encrypted with the remote asymmetric cipher key, to the remote server using the remote server IP address and the local PIN data of the local PUF chip.

When the local PIN data decrypted by the remote symmetric encryption key is decrypted by the remote symmetric encryption key and the local PIN data stored in the remote memory coincides with the remote symmetric encryption key, the remote server logs in (Log-in) between the remote server and the local server. The tunneling data communication is opened and the image data is transmitted to the local server.

The remote asymmetric encryption key and the local PIN data encrypted with the remote asymmetric encryption key are deleted at the time of log-in.

A remote server includes a remote PUF chip, a remote random number generator, a remote memory, a surveillance camera, and a remote control unit. The remote random number generator includes a remote PUF chip, a remote random number generator, Generates a symmetric encryption key.

The remote control unit generates unique remote PIN data using a physical process variation occurring during the manufacturing process of the remote PUF chip, and encrypts the remote symmetric encryption key to generate a remote asymmetric encryption key.

The remote symmetric encryption key is stored in a local memory inside the local server.

The local server includes a local PUF chip, a local random number generator, a local memory, and a local control unit.

The local control unit generates unique local PIN data using a physical process variation occurring during the manufacturing process of the local PUF chip, and encrypts the local symmetric encryption key to generate a local asymmetric encryption key.

The local symmetric encryption key is stored in a remote server internal remote memory.

When the remote server logs in to the bidirectional tunneling data communication request to the local server, the local server sends the local asymmetric encryption key to the remote server IP address.

The remote server receives the local asymmetric cryptographic key and sends the remote cryptographic key, which is encrypted with the local symmetric cryptographic key to the remote symmetric cryptographic key, to the local server with the local server IP address.

When the remote symmetric encryption key decrypted with the local symmetric encryption key is identical to the remote symmetric encryption key stored in the local memory, the local server performs a log-in bi-directional tunneling data communication between the local server and the remote server It opens.

At the time of log-in, the local asymmetric encryption key and the remote encryption key are deleted.

When the local server logs in to the remote server in a bidirectional tunneling data communication request, the remote server transmits the remote asymmetric encryption key to the local server IP address.

The local server receives the remote asymmetric cryptographic key and transmits the local cryptographic key, which is the remote symmetric cryptographic key encrypted with the remote server IP address, to the remote server.

When the local symmetric cipher key decrypted with the remote symmetric encryption key is identical to the local symmetric encryption key stored in the remote memory, the remote server opens the log-in bi-directional tunneling data communication between the remote server and the local server And transmits the data to the local server.

The remote asymmetric encryption key and the local encryption key are deleted at the time of log-in.

The surveillance camera can be replaced with a water leakage sensor, a water meter, a heat meter, a gas meter, a wattage meter, a solar generator, a renewable energy generator, an electricity distribution panel, a broadcasting device, an automatic control panel and an automatic control server.

The present invention can be applied to a security system in object Internet communication. Bidirectional communication with both quantum security and PUF security is possible between any PC in the world connected to the Internet and a PC with remote USB and local USB.

Especially, it can be applied to CCTV IPTV camera, water leakage sensor, water meter, heat meter, gas meter, energy meter, solar generator, renewable energy generator, switchboard, broadcasting device, automatic control panel, have.

Claims (15)

The PUF chip is installed in the quantum terminal, and the MCU inside the quantum terminal generates unique PIN data, and the PIN data is stored in the platform memory inside the control server; The control server comprises a quantum random number generator (QRNG) and a platform memory, The control server generates a symmetric cryptographic key with a random random number generated through the quantum random number generator and encrypts the symmetric cryptographic key with the PIN data stored in the platform memory to generate an asymmetric cryptographic key; The control server transmits the asymmetric cryptographic key to the quantum terminal; The quantum terminal includes an MCU and a PUF chip, and the MCU receives the asymmetric cryptographic key and transmits data obtained by encrypting the PIN data of the PUF chip with the asymmetric cryptographic key to the control server; If the PIN data of the PUF chip decrypted with the asymmetric cryptographic key is identical to the PIN data stored in the platform memory, the control server logs in the user between the control server and the quantum terminal and transmits the bi-directional tunneling data And the PUF-QRNG quantum cryptographic security terminal system. The PUF chip is mounted on the quantum terminal, and the MCU inside the quantum terminal generates the unique PIN data using the physical process variation occurring during the manufacturing process, and the PIN data is stored in the platform memory inside the control server; The control server comprises a quantum random number generator (QRNG) and a platform memory, The control server generates a symmetric encryption key with the PIN data stored in the platform memory, The control server encrypts the symmetric cryptographic key with a quantum random number generated through the quantum random number generator to generate an asymmetric cryptographic key; The control server transmits the asymmetric cryptographic key to the quantum terminal; The quantum terminal includes an MCU and a PUF chip, and the MCU receives the asymmetric cryptographic key and transmits data obtained by encrypting the PIN data of the PUF chip with the asymmetric cryptographic key to the control server; If the PIN data of the PUF chip decrypted with the asymmetric cryptographic key is identical to the PIN data stored in the platform memory, the control server logs in the user between the control server and the quantum terminal and transmits the bi-directional tunneling data And the PUF-QRNG quantum cryptographic security terminal system. The PUF chip is installed in the quantum terminal, and the MCU inside the quantum terminal generates unique PIN data, and the PIN data is stored in the platform memory inside the control server; The control server comprises a pseudo-random number generator and a platform memory, The control server generates a random number through a pseudo-random number generator, The control server generates a symmetric cryptographic key using the PIN data stored in the platform memory and encrypts the symmetric cryptographic key with the random random number to generate an asymmetric cryptographic key; The control server transmits the asymmetric cryptographic key to the quantum terminal; The quantum terminal includes an MCU and a PUF chip, and the MCU receives the asymmetric cryptographic key and transmits data obtained by encrypting the PIN data of the PUF chip with the asymmetric cryptographic key to the control server; If the PIN data of the PUF chip decrypted with the asymmetric cryptographic key is identical to the PIN data stored in the platform memory, the control server logs in the user between the control server and the quantum terminal and transmits the bi-directional tunneling data And the PUF-QRNG quantum cryptographic security terminal system. The remote server includes a remote PUF chip, a remote random number generator, a remote memory, and a remote control unit, Wherein the remote control unit generates a remote symmetric encryption key using unique remote PIN data using a physical process variation occurring during the manufacturing process of the remote PUF chip; The remote control unit generates a random random number through the remote random number generator and encrypts the remote symmetric encryption key to generate a remote asymmetric encryption key; Wherein the remote symmetric encryption key is stored in a local server internal local memory; The local server includes a local PUF chip, a local random number generator, a local memory, and a local controller, The local control unit generates unique local PIN data using a physical process variation occurring during the manufacturing process of the local PUF chip to generate a local symmetric encryption key; Wherein the local control unit generates a random number through the local random number generator and encrypts the local symmetric encryption key to generate a local asymmetric encryption key; The local symmetric encryption key is stored in a remote server internal remote memory; When the remote server logs in to the local server requesting bi-directional tunneling data communication, The local server sends the local asymmetric cryptographic key to the remote server IP Address; The remote server receives the local asymmetric cryptographic key and transmits the remote cryptographic key, which is encrypted with the local asymmetric cryptographic key to the remote symmetric cryptographic key to the local server IP address, to the local server; When the remote symmetric encryption key decrypted with the local symmetric encryption key is identical to the remote symmetric encryption key stored in the local memory, the local server performs a log-in bi-directional tunneling data communication between the local server and the remote server Open; At the time of log-in, the local asymmetric encryption key and the remote encryption key are deleted; When the local server logs in to the remote server requesting bidirectional tunneling data communication, The remote server sends the remote asymmetric cryptographic key to the local server IP Address; The local server receives the remote asymmetric cryptographic key and transmits the local cryptographic key, which is the remote symmetric cryptographic key encrypted with the remote server IP address, to the remote server; When the local symmetric encryption key decrypted with the remote symmetric encryption key is identical to the local symmetric encryption key stored in the remote memory, the remote server performs a log-in bi-directional tunneling data communication between the remote server and the local server Open; Wherein the remote asymmetric encryption key and the local encryption key are deleted at the time of log-in. The remote server includes a remote PUF chip, a remote random number generator, a remote memory, and a remote control unit, Wherein the remote random number generator generates a remote symmetric encryption key; Wherein the remote control unit generates unique remote PIN data using a physical process deviation occurring during a manufacturing process of a remote PUF chip and generates a remote asymmetric encryption key by encrypting the remote symmetric encryption key; Wherein the remote symmetric encryption key is stored in a local server internal local memory; The local server includes a local PUF chip, a local random number generator, a local memory, and a local controller, The local random number generator generating a local symmetric encryption key; Wherein the local control unit generates unique local PIN data using a physical process variation occurring during the manufacturing process of the local PUF chip to generate a local asymmetric cryptographic key by encrypting the local symmetric cryptographic key; The local symmetric encryption key is stored in a remote server internal remote memory; When the remote server logs in to the local server requesting bi-directional tunneling data communication, The local server sends the local asymmetric cryptographic key to the remote server IP Address; The remote server receives the local asymmetric cryptographic key and transmits the remote cryptographic key, which is encrypted with the local asymmetric cryptographic key to the remote symmetric cryptographic key to the local server IP address, to the local server; When the remote symmetric encryption key decrypted with the local symmetric encryption key is identical to the remote symmetric encryption key stored in the local memory, the local server performs a log-in bi-directional tunneling data communication between the local server and the remote server Open; At the time of log-in, the local asymmetric encryption key and the remote encryption key are deleted; When the local server logs in to the remote server requesting bidirectional tunneling data communication, The remote server sends the remote asymmetric cryptographic key to the local server IP Address; The local server receives the remote asymmetric cryptographic key and transmits the local cryptographic key, which is the remote symmetric cryptographic key encrypted with the remote server IP address, to the remote server; When the local symmetric cipher key decrypted with the remote symmetric encryption key is identical to the local symmetric encryption key stored in the remote memory, the remote server opens the log-in bi-directional tunneling data communication between the remote server and the local server ; Wherein the remote asymmetric encryption key and the local encryption key are deleted at the time of log-in. The secure terminal comprises a quantum random number generator and a PUF PIN data generator, Wherein the quantum random number generator comprises a random number generator, a quantum detection diode, a quantum random pulse generator, and a quantum random number control unit, wherein the quantum detection diode detects quantum particles generated from a random number source generator emitting quantum particles, Generator generates a random pulse corresponding to the detection of the quantum particle by detecting a quantum particle event from the quantum detection diode, and the quantum random number control unit generates a quantum random number by a random random number source generated through the quantum random pulse generator, And a microprocessor for generating an encryption key, The PUF PIN data generator consists of a PUF chip and a main controller, Wherein the main controller encrypts the asymmetric cryptographic key by encrypting the symmetric cryptographic key generated by the quantum random number generator with the PIN data of the PUF chip. The secure terminal comprises a quantum random number generator and a PUF PIN data generator, The PUF PIN data generator comprises a PUF chip and a main control unit, and the main control unit generates a symmetric encryption key using PIN data of the PUF chip; Wherein the quantum random number generator comprises a random number generator, a quantum detection diode, a quantum random pulse generator, and a quantum random number control unit, wherein the quantum detection diode detects quantum particles generated from a random number source generator emitting quantum particles, The generator generates a random pulse corresponding to the detection of the quantum particle by detecting a quantum particle event from the quantum detection diode, and the quantum random number control unit generates a quantum random number with a random random number source generated through the quantum random pulse generator; Wherein the quantum random number control unit encrypts the symmetric cryptographic key with the quantum random number to generate an asymmetric cryptographic key. The remote USB includes a remote PUF chip, a remote random number generator, a remote memory, and a remote control unit, Wherein the remote control unit generates a remote symmetric encryption key using unique remote PIN data using a physical process variation occurring during the manufacturing process of the remote PUF chip; The remote control unit generates a random random number through the remote random number generator and encrypts the remote symmetric encryption key to generate a remote asymmetric encryption key; Wherein the remote symmetric encryption key is stored in an operating server and a local USB internal local memory; The local USB comprises a local PUF chip, a local random number generator, a local memory, and a local controller, The local control unit generates unique local PIN data using a physical process variation occurring during the manufacturing process of the local PUF chip to generate a local symmetric encryption key; The local control unit generates a random random number through the local quantum random number generator to generate a local asymmetric cryptographic key by encrypting the local symmetric cryptographic key; Wherein the local symmetric encryption key is stored in an operating server and a remote USB internal remote memory; When the operation server receives the local asymmetric encryption key and the remote asymmetric encryption key from the remote USB and local USB connected to the network, it decrypts the local symmetric encryption key and the remote symmetric encryption key, In the case of PIN data, Directional communication through a local asymmetric cryptographic key and a remote asymmetric cryptographic key by transmitting the connection IP address of the local USB with the remote USB and transmitting the connection IP address of the remote USB with the local USB. . The secure terminal comprises a quantum random number generator and a PUF PIN data generator, The PUF PIN data generator generates a symmetric encryption key using the PIN data of the PUF chip, Wherein the quantum random number generator generates the asymmetric cryptographic key by encrypting the symmetric cryptographic key with a quantum random number. The secure terminal comprises a quantum random number generator and a PUF PIN data generator, A quantum random number generator generates a symmetric cryptographic key with a quantum random number, Wherein the PUF PIN data generator generates the asymmetric encryption key by encrypting the symmetric encryption key with the PIN data of the PUF chip. The secure terminal comprises a pure random number generator (TRNG) and a PUF PIN data generator, The PUF PIN data generator generates a symmetric encryption key using the PIN data of the PUF chip, Wherein the pure random number generator encrypts the symmetric cryptographic key with a pure random number to generate an asymmetric cryptographic key. The secure terminal comprises a pure random number generator (TRNG) and a PUF PIN data generator, A pure random number generator generates a symmetric cryptographic key with a pure random number, Wherein the PUF PIN data generator generates the asymmetric encryption key by encrypting the symmetric encryption key with the PIN data of the PUF chip. PUF Chip generates PIN data using physical process variation occurring during manufacturing process to generate symmetric encryption key; Encrypting the symmetric cryptographic key with a quantum random number generated through a quantum random number generator to generate an asymmetric cryptographic key; Wherein the first asymmetric cryptographic key to the n-th asymmetric cryptographic key are generated by a random number generated through a quantum random number generator or a pseudo random number generator in the asymmetric cryptographic key. Generating PIN data using a physical process variation occurring in the manufacturing process of the PUF chip to generate a symmetric encryption key; Encrypting the symmetric cryptographic key with a quantum random number generated through a quantum random number generator to generate an asymmetric cryptographic key; Generating an asymmetric cryptographic key through the quantum random number generator or the pseudo random number generator in the asymmetric cryptographic key, Wherein the asymmetric cryptographic key generated by the pseudo-random number generator is stored by including the random number generating hash function in a newly generated asymmetric cryptographic key. Generating PIN data using a physical process variation occurring in the manufacturing process of the PUF chip to generate a symmetric encryption key; Encrypting the symmetric cryptographic key with a quantum random number generated through a quantum random number generator to generate an asymmetric cryptographic key; The pseudo random number generator generates a new pseudo random number by generating a pseudo random number as a random number generating hash function, and then encrypts the asymmetric cryptographic key to generate a new asymmetric cryptographic key, Wherein the new asymmetric cryptographic key generated by the pseudo-random number generator is stored by including the random number generated hash function in a newly generated asymmetric cryptographic key.

Images