1. Field of the Invention
The present invention relates generally to an authentication apparatus and method for a non-real-time Internet Protocol Television (IPTV) system. More particularly, the present invention relates to a multi-agent-based authentication apparatus and method for a non-real-time IPTV system.
2. Description of the Related Art
According to a conventional scheme for authenticating remote users based on smart cards, the remote users are authenticated using unidirectional hash values that are created using random numbers, generated by the remote users, and passwords.
However, in the case of such a conventional scheme, an overhead may be caused on a server according to the number of users, and a security policy based on the authentication information of the users is not provided, so that it is difficult to guarantee the security of contents provided by unauthorized users. Further, in order to provide non-real-time services in heterogeneous network environments, it is difficult to provide access control and policy contents together with technology for authenticating users.
According to another conventional scheme using an Internet Protocol (IP) multimedia subsystem, authentication management technology can be simply initialized, and an anonymous and seamless service can be provided.
However, in the case of this conventional scheme, an attacker is capable of making a password-guessing attack by comparing the current password of a user with the previous password of the user using known information and the previous login information of the user during a procedure for registering the user in advance. Further, when an attacker extracts a password using a password extraction attack, he or she can generate forged login information and can be then disguised as an actual user based on the forged login information. In particular, since unidirectional identification is provided based on the security of sharing passwords, it is difficult to verify the disguised attacker and operate security policies related to services.
A further conventional scheme using a multi-agent structure uses an Intelligent Distributed Autonomous Power System (IDAPS) which is an automated agent management system for a home network.
However, according to the further conventional scheme, a hardware-based additional security system is required based on reliable entities, and, in addition, a security service is provided based on middleware similar to software, thus making it difficult to provide additional security services other than a previously defined security service. In particular, since the messages of agents are exchanged based on Transmission Control Protocol/Internet Protocol (TCP/IP) of reliable entities, confidentiality and integrity-based security services that may occur in TCP/IP-based public channels are required, but they are not provided. Further, since this scheme uses an authentication method based on the Identification (ID)/password of a user, it includes the vulnerability of existing password authentication without any changes. Therefore, the exchange of authentication information between separate agents is not performed, so that the exchange of security information in an automated format is difficult, and a security policy is not provided.