1. Field of the Invention
Control devices, home network systems controlled by the control devices, and methods consistent with the present invention relate to creating a one-time password, and authenticating a control device with the one-time password. More particularly, exemplary embodiments of the present invention relate to a control device which creates a one-time password using a button code input during a remote control function procedure of the control device and a home network system which uses the created one-time password, a one-time password creation method, and a method for authenticating the control device with the one-time password.
2. Description of the Related Art
With the advancement of electronics and telecommunications technologies, research has been actively conducted on a home network system which networks and integrally controls various home appliances. The home network system consists of at least one slave and a home server for controlling the slave. A user can access the home server via a control device and can control the whole home network system whether the user is indoors or outdoors. The control device can be a mobile phone, a personal digital assistant (PDA), and a notebook computer, which are portable by users.
The home network system is under development for a user's convenience, but home network systems are vulnerable to third party interference. To prevent this, the user needs to input his or her identification (ID) and password to certify that the user is an authorized user. However, since the ID and the password input by the user are transferred to the home server in the form of wireless packets, a third party may steal the password using password sniffing. In this situation, the security system of the home network system becomes meaningless. Thus, security maintenance technology has been introduced to prevent such a problem. For example, a one-time password (OTP) can be used.
The OTP scheme frequently changes the password which is delivered between the control device and the home server. Specifically, even when the user inputs the same password, a different password is always transferred. Accordingly, security can be assured against password sniffing by the third party.
Conventional OTP implementation methods take advantage of a time synchronous scheme and a one-way hash function scheme. The time synchronous scheme constantly changes the password using a random number generated from a token device and a personal identification number (PIN) input by the user. However, disadvantageously, the time synchronous scheme requires a separate token device and time synchronization with the server.
The one-way hash function scheme creates a password using a hash function which transforms an input data string to a hash code of a fixed-length output. The hash function is a function that satisfies two properties: 1) it is infeasible to find a data string that creates the same hash code as the given hash code; and 2) it is impossible to find another data string that produces the same hash code with respect to the given data string.
As the one-way hash function scheme reduces the number of hash functions by one for each certification, the hash function should be initiated at a specific time. However, the home network system is subject to the frequent access of the user according to its system characteristics. Thus, it is not easy to apply the one-way hash function scheme.
In view of the above, the conventional OTP methods are insufficient for a home network system.