KR101680260B1 - Certificate issuance system and method based on block chain - Google Patents

Abstract

The present invention relates to a block chain-based public certificate issuance system and a block chain-based public certificate issuance method using the same. The block chain-based public certificate issuance system comprises: a user terminal (100); a block chain-based public certificate issuance request server (200); a block chain-based public certificate management server (300); and a block chain possession server (400), thereby minimizing network overload by minimizing traffic occurring.

Description

[0001] The present invention relates to a certificate issuing system based on a block chain and a block chain,

In the case of a public key for a public certificate that requires maintenance, the present invention is not limited to a server operated by an accredited certification authority (CA), but may be a block chain via a distributed database based on a peer-to-peer network (P2P) Since it is stored and managed in the block chain of the electronic wallet mounted on the servers, the cost of constructing a public certificate issuing system in which a high security system is interlocked so that the hacking can be blocked as much as possible and operation and maintenance of the established certificate issuing system It is possible to perform the authorized authentication process without ActiveX (ActiveX) installation and also drastically reduce the issuing cost even when issuing the authorized certificate based on the block chain, In the process of issuing a public key certificate based on a block chain, the transaction information including the public key for the user's public key certificate The system administrator minimizes the generation of traffic through the means of grouping and compressing as many as the predetermined number when registering with the lock chain holding server and registering the transaction information including the list of the public keys for the public key of the compressed user , The network overload is minimized, and the public key for the user's authorized certificate is not registered in the block chain holding server in the process of issuing and authenticating the public key certificate based on the block chain, so that the public key for the user's authorized certificate is not exposed The issuing process and the authentication process of the public key certificate based on the block chain can be performed while monitoring whether or not the authorized authentication related information including the public key for the authorized certificate of the user who has issued the public key certificate is falsified Authorized certificate issuing system based on block chain and block using it Relates to a method for the issued certificate is based.

Generally, an authorized certificate is electronic information issued by a certificate authority (CA) for the purpose of identifying a user and forging or tampering with a document, Represents a seal certificate for cyber transactions. Such authorized certificates include the certificate version, the certificate serial number, the validity period of the certificate, the personalization agent, the digital signature verification information of the user, the user name, the identification information, and the digital signature method.

Such public certificates are used in public key infrastructure (PKI), which is a security standard method (refer to Patent Document 1).

The public key infrastructure is a user authentication system that encrypts transmission and reception data using a public key composed of encryption and decryption keys, and verifies the identity of a trader using a password possessed by an Internet user.

However, since the private key used as the key for decrypting the encrypted public key under the public key infrastructure is provided to the user after being generated by the authorized certification authority (CA) outside the user, the user is exposed to the risk of hacking Due to the existence of the user's private key in a file format in the standardized storage location due to the soft token-based storage method, it is possible to easily copy the file of the private key and collect the automation, thereby causing the risk of financial damage and user information theft Therefore, a public certificate authority (CA) that provides a generated private key to a user must establish a public certificate issuing system in which a high security system is interlocked so that hacking can be blocked as much as possible , The operation and maintenance of the established certificate issuing system must be performed Therefore, there is a problem that a large amount of issuing cost is caused when issuing a conventional authorized certificate.

In addition, the authorized certificate can be used only when ActiveX (ActiveX) is installed in advance for the purpose of additional security for the user authentication process through a web browser. However, because ActiveX can be installed only by lowering the security level of the PC so as to access the resources of the personal computer (hereinafter referred to as PC), such as the file and the registry, the security of the user authentication process The user's PC security level is lowered due to ActiveX, which is necessarily installed, and there is a problem of exposure to a dangerous environment such as hacking.

Each of the problems related to the public certificate is based on a public key certificate issuing system based on a block chain (refer to Patent Document 2), a method of issuing public key certificates based on a block chain using the same, and a block chain Which is based on a block chain using the public key certificate system.

An authorized certificate issuing system based on a conventional block chain, an authorized certificate issuing method based on a block chain using the same, and a public key certificate authentication system based on a block chain and a public key certificate authentication method based on a block chain using the same The present invention provides a method for directly generating a public key for a public certificate and a private key for a public certificate in a user terminal operating a user, wherein the public key for the public certificate and the private key for the public certificate And the private key for the authorized certificate among the generated keys is encrypted and stored together with the password and the photo image designated by the user so as to prevent the outflow of each key that may occur even if it is done, The public key for the required public certificate is required to be maintained by a certificate authority (CA). Is stored and managed in the block chain of the electronic wallet mounted on the block chain holding servers through a distributed database based on a peer-to-peer network (P2P) rather than a server so as to block the hacking as much as possible The installation cost of the public certificate issuing system in which a high security system is interlocked and the operation and maintenance cost of the constructed public certificate issuing system are not incurred, so that it takes almost no maintenance cost. Even if the ActiveX is not installed Provides a feature that enables the accredited certification process to be performed.

However, in spite of this advantage, a conventional certificate chain issuing system based on a block chain, an authorized certificate issuing method based on a block chain using the same, and a public key certificate authentication system based on a block chain and a block chain using the same , The public key for the public key certificate required for the authorized authentication process must be initially paid for storing and managing the public key in the block chain holding server.

In this case, the issuance cost is 0.0001 bit coin, which is 0.0001 bit coin in July 2015, which is low cost of about 40 won for the Korean won won, but this is the cost that is required when issuing the public key certificate based on the block chain There is a problem that the issuing cost increases proportionally as the number of issuance increases.

Furthermore, a conventional certificate chain issuing system based on a conventional block chain, an authorized certificate issuing method based on a block chain using the system, and a public certificate authentication system based on a block chain and an authorized certificate authentication Method registers and manages a public key for a public certificate in a server having more than 100,000 block chains so that the public key for the public certificate can not be forged or altered in the event of a hack.

That is, the propagation of the transaction information including the public key for the public certificate is promised by the protocol, and when the transaction information is generated, one node (referred to as a block chain holding server in this case) And all the block chains on which the electronic wallet having the block chain necessary for performing the bit coin settlement through the pyramidal wave propagating repeatedly propagates to the eight nodes specified for each of the eight nodes having received the bit coin settlement transaction information It is completed by being propagated to the holding server.

Therefore, a public key certificate-based issuing system based on a conventional block chain, an authorized certificate issuing method based on a block chain using the same, and a public key certificate authentication system based on a block chain and a public key certificate In the authentication method, when a request for registration of a public key for a public key certificate is inundated, not only the risk of network overload due to excessive traffic of the transaction information including the public key for the public key certificate but also the authorized certificate The public key for the user's public key certificate is exposed to the outside because the transaction information including the public key for the public key can be read by anyone.

Patent Document 1: Korean Patent Application Publication No. 10-0411448 (Registered on December 03, 2003) Patent Document 2: Korean Patent Office Patent Application Publication No. 10-2015-0109320 (filed on August 03, 2015)

SUMMARY OF THE INVENTION The present invention has been made to solve the above problems of the prior art and it is an object of the present invention to provide a public key for a public key certificate that requires maintenance, Block Chain via Peer-to-Peer Network-based Distributed Database Because it is stored and managed in a block chain of electronic wallets mounted on servers, it is possible to use a public certificate A block chain that does not require system related costs such as the cost of constructing the issuance system and the operation and maintenance costs of the established authorized certificate issuing system and drastically reducing the issuing cost even when issuing the authorized certificate based on the block chain And a public key certificate based on the block chain To provide a rapid way.

It is another object of the present invention to provide a method and system for managing transaction information including a public key for a public certificate for a user in a block chain based public authentication issuing process, A public key certificate issuing system based on a block chain that minimizes the occurrence of traffic through means of registering transaction information including a list of public keys for a public certificate and minimizes network overload, Based certificate issuing method.

It is yet another object of the present invention to provide a public key management system and a public key cryptography method in which a public key for a user's authorized certificate is not registered in a block chain holding server in issuing a public key certificate based on a block chain, And a public key certificate for a user who has been issued a public key certificate, and which can monitor whether or not the authentication-related information including the public key for the public key A certificate issuing system, and a method of issuing an authorized certificate based on a block chain using the same.

Technical Solution In order to accomplish the object of the present invention, a public key certificate issuing system based on a block chain of the present invention generates a public key for a public key certificate and a public key for a public key certificate, A user terminal for transmitting private information for issuing a public certificate, which is made up of user identification information necessary for issuing a public key certificate based on the block chain; A block key chain for transmitting a public key for a public key and personal information for issuing a public key certificate from the user terminal and transmitting a private certificate registration request signal including a private key for issuing the public key certificate and a public key for a public key certificate An authorized certificate issuing request server; The personal information for issuing the public certificate and the public key for the public certificate among the information included in the customer-specific public certificate registration request signal transmitted from the block chain-based public-key certificate issuing request server into the public key certificate-related information DB sequentially When the number of public keys for public certificate issuance and the number of public keys for public certificate reaching a predetermined root hash generation period is accumulated and stored, the hash processing engine is operated to count The personal information for issuing the public key certificate and the public key for the public key certificate are hashed in the order of storage and processed into public key certificate node decryption information, and the processed public key certificate node decryption information is composed of a merge tree structure The certificate is processed as root certificate information of a public certificate for registration, and a transaction processing engine is operated, The transaction ID information for forgery monitoring used as a key value for retrieving the transaction information for forgery-fugitive monitoring including the transaction information for forgery-fugitive monitoring including the root certificate information for the authorized certificate, and the transaction information for monitoring forgery- A block chain-based public certificate management server for transmitting; An electronic purse having a block chain in which bit coin settlement transaction information is authenticated and bit coin settlement transaction information is recorded in accordance with the authenticated bit coin settlement transaction information by verifying the transferred bit coin settlement transaction information is transmitted And block chain holding servers for recording transaction information for forgery monitoring transmitted from the block chain-based authorized certificate management server in the block chain.

The block chain-based authorized certificate issuing process using the public key certificate issuing system based on the block chain of the present invention is a process for issuing a public key certificate based on block chain based personal information To the block chain-based authorized certificate issuance requesting server to request issuance of the block chain-based authorized certificate; The block chain-based public key certificate issuing request server generates a key generation guide signal for guiding generation of the public key for the public key certificate and the private key for the public key certificate after confirming the personal information for issuing the public key certificate, Transmitting the certificate issuance request to the user terminal; Wherein the key generation guidance engine is operated to control generation of a public key for a public key certificate and a private key for a public key certificate when the key generation guidance signal is transmitted from the user terminal, To the issuing request server; Wherein the block chain-based authorized certificate issuing request server receives the public key for the public key certificate, and transmits a private certificate registration request signal for each customer including the personal information for issuing the public key certificate and the public key for the public key certificate, To a public certificate management server; In the block chain-based authorized certificate management server, a hash processing engine is operated to divide the personal information for issuing the public key certificate and the public key for the public key certificate contained in the transmitted customer-specific public key certificate registration request signal into one set, Sequentially cumulatively storing the information in an information DB; Checking whether a cumulative set of private information for issuing a public certificate and a public key for a public certificate has reached a predetermined root hash generation period in the block chain based public key certificate management server; In the block chain-based public key certificate management server, when a set of private information for issuing a public key certificate and the number of public keys for a public key certificate reach the predetermined root hash generation period, a hash processing engine is operated, The personal information for issuing the public certificate and the public key for the public certificate, which are counted according to the generation period, are processed in the order of storing the public key, and processed as the public key certificate node identification information, Processing the registered certification root certification information for registration; In the block chain-based public key certificate management server, a transaction processing engine is operated to search for transaction information for forgery-proof monitoring and transaction information for forgery-proof monitoring including the public key certificate root hash information for registration, Generating transaction ID information and transmitting transaction information for forgery monitoring among the generated information to block chain holding servers; In the block chain holding servers, the transaction information for forgery monitoring to be transmitted is recorded in the block chain to complete issuance of the block chain based authentication certificate.

delete

delete

In the case of a public key for a public certificate that requires maintenance, the present invention is not limited to a server operated by an accredited certification authority (CA), but may be a block chain via a distributed database based on a peer-to-peer network (P2P) Since it is stored and managed in the block chain of the electronic wallet mounted on the servers, the cost of constructing a public certificate issuing system in which a high security system is interlocked so that the hacking can be blocked as much as possible and operation and maintenance of the established certificate issuing system It does not require system-related costs such as maintenance cost, etc., and also significantly reduces the issuing cost even when issuing a public key certificate based on a block chain.

In addition, the present invention is characterized in that, in the process of issuing a public key certificate based on a block chain, transaction information including a public key for a public certificate of a user is grouped and compressed by a system administrator as many as the number set in the block chain holding server, The method includes the steps of registering transaction information including a list of public keys for the public key certificate of the public key certificate, thereby minimizing traffic overhead, thereby minimizing network overload.

In addition, the present invention prevents the public key for the user's public certificate from being registered in the block chain holding server in the authentication process of the public key certificate based on the block chain, so that the public key for the user's public key certificate is not exposed, It is possible to monitor the forgery or falsification of the authentication-related information including the public key for the authorized certificate of the user who has issued the authorized certificate.

1 is a block diagram illustrating a public certificate issuing system based on a block chain of the present invention;
FIG. 2 is a block diagram illustrating a detailed configuration of a user terminal in a configuration of a public certificate issuing system based on the block chain of the present invention;
FIG. 3 is a block diagram illustrating a detailed configuration of a block chain-based authorized certificate issuing request server among a configuration of a public certificate issuing system based on the block chain of the present invention.
FIG. 4 is a block diagram illustrating a detailed configuration of a configuration block chain-based public key certificate management server constituting a public key certificate issuing system based on the block chain of the present invention;
5 to 8 are flowcharts illustrating a block chain-based public key certificate issuing process using a public key certificate issuing system based on the block chain of the present invention.
9 is a block diagram illustrating a public key certificate authentication system based on the block chain of the present invention.
FIG. 10 is a block diagram illustrating a detailed configuration of a block-chain-based authorized certificate authentication request server among the configurations of the public key certificate authentication system based on the block chain of the present invention.
11 to 17 are flowcharts illustrating an authentication process of a block chain-based public key certificate using a public key certificate authentication system based on the block chain of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the configuration and operation of an embodiment of the present invention will be described in detail with reference to the accompanying drawings. In the various embodiments, the same reference numerals are used for the same components.

The present invention is largely divided into an issuance part of a public key certificate based on a block chain and an authentication part of a public key certificate based on a block chain.

1 to 8 relate to a system and method for issuing a public certificate based on a block chain, which is an issuing part of a public certificate based on a block chain.

As shown in the figure, the authorized certificate issuing system based on the block chain of the present invention includes a user terminal 100, a block chain-based authorized certificate issuing request server 200, a block chain-based authorized certificate managing server 300, And a block chain holding server 400.

First, the user terminal 100 generates a public key for a public key certificate and a public key for a public key certificate, and generates a public key for the public key certificate and a public key certificate And transmits the personal information for issuing. Here, the personal information for issuing the authorized certificate is information including user name, user's date of birth, user's telephone number, and user's e-mail.

The detailed configuration of the user terminal 100 for performing the functions includes a key generation engine 110 for generating a public key for a public key certificate and a private key for a public key certificate, The hash processing engine 140, the decryption engine 160 and the key generation engine 110, the encryption engine 130, the hash processing engine 140, And a control unit 150 for controlling the operation of the decryption engine 160.

Here, the key generation engine 110, the encryption engine 130, the hash processing engine 140, and the decryption engine 160 may be in the form of an application program when the user terminal 100 is a desktop type such as a personal computer (PC) And when the user terminal 100 is a mobile device such as a smart phone capable of accessing the Internet, it is installed and provided in the form of a mobile dedicated app.

Also, before generating the public key for the public key certificate and the public key for the public key certificate, the user terminal 100 sends the block chain-based public key certificate issuance request server 200 to the user operating the user terminal 100, Is registered.

To this end, the DB unit 210 is mounted on the block chain-based authorized certificate issuance request server 200, and the identification information of the user operating the user terminal 100 is stored in the DB unit 210 And a user identification information DB 211 for each member in which identification information of the same user as the personal information for issuing the authorized certificate is stored.

The user terminal 100 transmits the personal information for issuing the authorized certificate to the block chain-based authorized certificate issuance requesting server 200 to request issuance of the block chain-based authorized certificate, and the block chain- If the matching personal information for the authorized certificate issuing is matched with the user-specific user information DB 211 for each member and there is matching information, a key generation guidance signal for guiding generation of the public key for the public key certificate and the private key for the public key certificate And transmits it to the user terminal 100.

When the key generation guidance signal is transmitted from the block chain-based authorized certificate issuing request server 200, the user terminal 100 generates the public key for the public key certificate and the private key for the public key certificate by operating the key generation engine 110 , The user terminal 100 controls the generation of the public key for the public key certificate and the public key for the public key certificate in the state where the network is blocked so that the user terminal 100 blocks the outflow of each key that may be generated even if the user terminal 100 exits.

The block chain-based certificate issuance request server 200 receives the public key for the public key certificate and the personal information for issuing the public key certificate from the user terminal 100, and transmits the personal information for issuing the public key certificate and the public key for the public key certificate To the block-chain-based authorized certificate management server 300, which is described later.

At this time, the hash processing engine 220 is installed in the block chain-based authorized certificate issuance request server 200, so that the personal information for issuance of the authorized certificate is hashed and processed into user identification identification information, And transmits it to the certificate management server 300.

The block chain-based certificate issuance request server 200 that performs such functions performs authorization authentication when using services such as a server operated by a bank or a securities company, a server operated by a government agency, and a server operated in a shopping mall performing an Internet commerce transaction The server of the company in which the demand is required can be applied.

The block-chain-based authorized certificate management server 300 transmits the personal certificate for issuing the public key certificate and the public key for the public key certificate, which are included in the customer-specific public key certificate request signal transmitted from the block- Are stored in the public certificate registration related information DB 311. The cumulative number of private keys for issuance of the public certificate and the number of public keys for the public certificate stored cumulatively are stored in a predetermined root hash generation period The hash processing engine 320 operates the hash processing engine 320 to hash a set of private information for issuing private certificates and a public key for the authorized certificate counted by the number of the predetermined root hash generation sections in the order of storage, And processing the processed certificate certificate node hash information, which is a merge tree structure registration certificate certificate root certificate information And operates the transaction processing engine 320 to search for transaction information for forgery monitoring and forgery monitoring information including registration public key certificate root hash information and transaction ID information for forgery monitoring used as a key value And transmits transaction information for forgery monitoring, among the generated information.

At this time, the authorized certificate registration related information DB 311 is managed in the DB unit 310 as an information storage member.

In addition, the public key registration related information DB 311 includes a set of personal information for issuing public certificates and a public key for public key certificates, as well as personal information for issuing public key certificates and a public key for public key certificates, Certificate node hash information is cumulatively stored in sequence and stored sequentially, and the authorized certificate node's hash information is stored in a merge tree structure. Are cumulatively stored.

In addition, transaction ID information for forgery-proof monitoring and identifier information for registration of public key certificates for registration, which are generated together as identifiers, are cumulatively stored in the DB unit 310 whenever the transaction processing engine 330 generates transaction information for forgery-proof monitoring And an authentication information forgery-and-surveillance related information DB 312.

In addition, the block-chain-based public key certificate management server 300, when the number of private keys for issuing the public key certificate and the number of public keys for the public key certificate reaches the preset root hash generation period, A new set of private information for issuing the authorized certificate and a public key for the authorized certificate stored in the information DB 311 are newly counted so that new customers requesting issuance of the block chain based authorized certificate will be issued a block chain- To be received.

Here, the root hash generation section is a section in which the system administrator bundles the transaction information including the client certificate information during the client certificate registration process based on the block chain to the block chain holding server by a predetermined number. By doing so, the transaction information of the client certificate information compressed by the predetermined number is processed to minimize the traffic generation, thereby reducing the network overload.

The number of such root hash generation intervals may be the number of the pre-established certificate node hash information, or the number of the pre-stored node certificate hash information accumulated for a predetermined time, and the number of such cases may be specified.

On the other hand, the block-chain-based authorized certificate management server 300 transmits a set of private information for issuance of the authorized certificate and a public key for the authorized certificate stored and managed in the authorized certificate registration related information DB 311 during the block chain- By monitoring forgery and falsification periodically, it is possible to perceive the tampering of a public key for personal information and authorized certificate for issuing one set of authorized certificates due to illegal such as hacking, and perform post-processing according to forgery and falsification.

To this end, the block-chain-based authorized certificate management server 300, when the number of the personal information for issuing a set of authorized certificate and the number of public keys for the public key certificate reaches the predetermined root hash generation period, All of the transaction ID information for forgery monitoring accumulated and accumulated in the DB 312 is extracted and transmitted to the block chain holding server 400.

The block chain holding server 400 matches each transmitted transaction ID information for forgery-monitoring with the block chain provided in the electronic wallet, extracts matching transaction information for forgery-monitoring and outputs the extracted transaction information for each forgery- And transmits the extracted registration certificate authority root certificate hash information to the block chain-based public certificate management server 300. The block certificate issuing certificate issuing server 300 transmits the registration certificate certificate root certificate information to the block chain-

Thereafter, the block-chain-based public key certificate management server 300 receives the individual certificate public key certificate hash information, operates the hash processing engine 320, and sequentially accumulates and stores the key certificate in the public key certificate related information DB 311 The number of public keys for personal information and authorized certificates for issuing public key certificates is divided into predetermined root hash generation sections.

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 hash as many as the numbers belonging to the divided root-hash generation sections, and processes them into the corresponding public-key certificate root-hash information.

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 compares each transferred public key certificate root certificate hash information and each generated public key certificate root certificate hash information in the order of generation .

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 obtains the hash values of the registration public key certificate root hash information and the corresponding public key certificate root hash information, And checks whether the computed hash values are the same from the first generation order to the last generation order.

Accordingly, when the hash values of both hash values are identical, the hash processing engine 320 of the block chain-based authorized certificate management server 300 recognizes that the forgery / falsification of the certificate-related information issued by the users has not occurred, So that transaction information can be generated.

In addition, the hash processing engine 320 of the block chain-based public key certificate management server 300 recognizes that forgery and falsification of information related to the public key certificate issued by the users occurs when a hash value of both hashes is not the same, By controlling not to generate the transaction information, the post-processing according to occurrence of forgery and falsification is proceeded.

In addition, the hash processing engine 320 of the block-chain-based public key certificate management server 300 also generates public key certificate node index information indicating the storage order number of the generated public key certificate node hash information when generating the public key certificate node hash information And also generates information for identifying a registered public certificate root root hash identifier, which is information for identifying the registered public certificate root root hash information generated when generating the public root certificate hash information for registration.

Also, the hash processing engine 320 of the block chain-based public key certificate management server 300 transmits the hash information of the authorized certificate node, the authorized certificate node index information, and the identifier information of the authorized certificate root for registration to the authorized certificate registration related information DB 311), and controls to accumulate the ID information of the authorized certificate root for authentication for registration in the authorized certificate forgery-and-falsification monitoring related information DB 312 as well.

The transaction processing engine 320 of the block chain-based certificate issuance requesting server 200 controls the generated transaction ID for forgery-monitoring to be cumulatively stored in the authorized certificate forgery-and-falsification monitoring related information DB 312, The related information DB 312 controls to store and manage the transaction ID information for forgery and falsification monitoring and the identifier information of the authorized certificate root file for registration separately.

On the other hand, the greater the degree of easiness of forgery and falsification becomes, the more concretely the registration of the registered certificate root route hash information stored in the block chain of the block chain holding server 400 is connected to each other.

Accordingly, the hash processing engine 320 of the block-chain-based public key certificate management server 300 transmits the private key information for registration of the public key certificate for registration, which has been previously generated, to the personal information for issuance of the public key certificate and the public key for the public key certificate The hash information is processed so as to be processed into the registration certificate root route hash information in the form of a merge tree structure in a state where the hash information is disposed in the pre-designated storage order between the processed certificate certificate node hash information.

Thus, in the case of the public key certificate root hash information for registration stored in the transaction information for forgery-proof stored and managed in the block-chain holding server 400, the registration information of the last registered public key certificate root- The certificate has a structure in which the root certificate information is linked as a mutual chain so that the number of transaction information for forgery monitoring that is registered in the block chain holding server 400 in the block chain based public certificate management server 300 increases proportionally It is controlled so that the forgery and falsification of the public key for the private information and the public certificate for issuing the public certificate made up of a set by the illegal by the hacking becomes more difficult.

In addition, the auditing entity related to the governmental organization that audits the authorized certificate can request the forgery or falsification verification request terminal 500 to audit the forgery or falsification in connection with the authorized certificate of the specific user issuing the authorized certificate of the present invention.

To this end, the state agency-related audit organization operates the forgery verification request terminal 500 to request the block chain-based public certificate issue request server 200 to monitor the block chain-based public certificate of the specific user.

Then, the block chain-based certificate issuance request server 200 extracts the personal information for issuing the authorized certificate of the specific user requesting monitoring of the block-chain-based public key certificate from the public key certificate related information DB 311, To the public certificate management server 300.

The block-chain-based authorized certificate management server 300 matches personal information for issuing a public certificate of a specific user requesting monitoring of the transmitted block-chain-based public key certificate with the public key certificate related information DB 311, Confirm the existence of the hash information.

The block-chain-based authorized certificate management server 300 then operates the hash processing engine 320 when the authentication information of the specific user does not exist, and sequentially accumulates the information in the authorized certificate registration related information DB 311 A public key for personal information and public certificate for issuing a set of public certificates A public key for private information issuing and a public key for public certificate is hashed in the order that the public key of the public key Process it as information.

Thereafter, the hash processing engine 320 of the block chain-based public key certificate management server 300 generates public key certificate node index information indicating the storage order number of the processed public key certificate node hash information, The time stamps are processed as the registration certificate root certificate information consisting of the merge tree structure, and the registration certificate certificate root certificate identification information, which is the information for identifying the processed public certificate certificate root certificate information, is generated.

Then, the block chain-based authorized certificate management server 300 operates the transaction processing engine 320 and searches for transaction information for forgery-proofing monitoring and transaction information for forgery-proofing monitoring including the public-key certificate root- Generates forgery-and-surveillance monitoring transaction ID information to be used, and transmits the forged transaction monitoring information to the block-chain holding servers 400. [

The block chain holding servers 400 write transaction information for forgery monitoring to be transmitted in a block chain.

The hash processing engine 320 of the block chain-based public key certificate management server 300 receives the public key certificate information of the specific user, The certification root certificate for the registration of a specific user's certificate with the certificate information of the root certificate is obtained by referencing the certificate root hash identifier information. Generate certificate root hashing information.

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 refers to the public key certificate root hash identifier information for registration, and obtains the transaction information for forgery-proof including the public key certificate root hash information for registration To the block chain holding server (400). Here, the block chain holding server 400 receiving the forgery-and-surveillance monitoring transaction ID information may use any one of the block chain holding servers 400 distributed around the world. In order to increase the efficiency of the business, Can be used.

Then, the block-chain holding server 400 matches the transferred transaction ID information for forgery-monitoring with the block chain provided in the electronic wallet, extracts matching transaction information for forgery-monitoring, Extracts the included certification root certificate hash information, and transmits it to the block chain-based authorized certificate management server 300.

Then, the block chain-based public key certificate management server 300 operates the hash processing engine 320 to transmit the hash value of the registered public key certificate root hash information, The hash value of the cost authentication certificate root hash information is calculated, and the hash values of both of the calculated hash values are identical.

Thereafter, the hash processing engine 320 of the block chain-based public key certificate management server 300, if the hash value of the authentication certificate node hash value computed from the hash value of the public key certificate node is the same, The personal information for issuing the public key certificate made up of a set of specific users requested by the verification request terminal 500 and the public key for the public key certificate are notified.

Meanwhile, the hash processing engine 320 of the block chain-based public key certificate management server 300 determines whether the calculated hash value of the public key certificate node hash value and the calculated hash value of the public key certificate node hash value are not the same The public certificate corresponding to the hash value of the root certificate hash value of the public key certificate corresponding to the hash value of the root hash information of the transmitted certificate Check that the sequence number is the same.

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 determines whether the corresponding authentication certificate node hash information having the same hash value is stored in the same storage order The forgery proof verification request terminal 500 controls the personal information for issuing the public key certificate composed of a set of specific users and a message indicating that the public key for the public key certificate has been tampered with is notified.

In addition, the hash processing engine 320 of the block chain-based public key certificate management server 300 obtains a hash value of the public key certificate corresponding to the hash value of the public key certificate root hash information If the corresponding authentication certificate node hash information and the storage order of the certification information of the specific user are not the same, the private information for issuing the public key certificate and the public key for the public key certificate So that a message indicating that no forgery is generated is notified.

The process of issuing a public key certificate based on the block chain using the public key certificate issuing system based on the block chain of the present invention will now be described.

First, the user accesses the block chain-based authorized certificate issuance requesting server 200 through the user terminal 100, and transmits personal information for issuing the authorized certificate, which is made up of the identification information of the user necessary for issuing the block chain- Requesting issuance of the chain-based authorized certificate (S100).

The block chain-based public certificate issue request server 200 generates a key generation guide signal that guides the generation of the public key for the public certificate and the private key for the public certificate after confirming the private information for issuing the public certificate, (S110) to the corresponding user terminal 100 requesting issuance of the authorized certificate.

When the key generation guidance signal is transmitted, the user terminal 100 controls the key generation engine 110 to generate a public key for a public key certificate and a private key for a public key certificate, and the private key for the public key certificate is stored in the memory 120 , And transmits the public key for the public key certificate to the block chain-based public key certificate issuance request server 200 (S120).

The block chain-based certificate issuance request server 200 receives a public key for a public certificate, receives a private certificate registration request signal for each customer including personal information for issuing a public certificate and a public key for a public certificate, The hash processing engine 220 is operated so that the personal information for issuance of the authorized certificate is hashed to be transmitted to the management server 300 in a processed state as the user identification hash information.

The block-chain-based public key certificate management server 300 operates the hash processing engine 320 to divide the private key for issuing the public key certificate and the public key for the public key certificate included in the customer's public key certificate registration request signal, And cumulatively stores them in the certificate registration-related information DB 31 sequentially (S140).

Thereafter, the block-chain-based public key certificate management server 300 determines whether a set of private keys for public key certificate issuance and a public key for public key certificate have reached a predetermined root hash generation period (S150).

First, the block-chain-based public key certificate management server 300 determines whether the number of public keys for private certificate issuance and public key certificates to be counted is equal to the number of public keys Perform counting.

When the number of public keys for issuing a public certificate and a public key for a public key reaches a root hash generation period, the block chain-based public key certificate management server 300 accumulates Extracts all of the stored transaction ID information for forgery monitoring, and transmits the extracted transaction ID information for forgery monitoring to the block chain holding server 400 (S160).

The block chain holding server 400 matches each transmitted transaction ID information for forgery-monitoring with the block chain provided in the electronic wallet, extracts matching transaction information for forgery-monitoring and outputs the extracted transaction information for each forgery- (Step S170). ≪ / RTI >

Thereafter, the block-chain holding server 400 transmits the extracted respective registered certificate root certificate hash information to the block-chain-based authorized certificate management server 300 (S180).

The block chain-based public key certificate management server 300 receives the public key certificate root certificate hash information for each registration and then operates the hash processing engine 320 to acquire a set of authorized public key certificate information stored in the authorized certificate registration related information DB 311 The number of public keys for certificate issuing personal information and public key certificate is divided into a predetermined root hash generation section, and as many as the number belonging to the divided root cancellation generation section are distinguished, (S190).

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 compares each transferred public key certificate root certificate hash information and each generated public key certificate root certificate hash information in the order of generation The hash value of each registered public certificate root hash value and the corresponding public trust certificate root hash information, which are compared with each other in the order of generation, are computed, and the hash values of both the computed hash values from the first generation order to the last generation order (S200).

Meanwhile, the hash processing engine 320 of the block chain-based public key certificate management server 300, if the calculated hash values of both of the first to the last generation order are not the same, (S201) that the customer's private key for issuing the public key certificate and the public key for the public key certificate are falsified (step S201).

The hash processing engine 320 of the block-chain-based public key certificate management server 300 determines whether the hash value of the first generation sequence number And the public key for the public certificate is hashed in the order of storage and processed into the certificate information of the certified certificate node.

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 processes the hashed public key certificate node hash information into a public key certificate root hash information for registration (S210) .

Then, the block chain-based authorized certificate management server 300 operates the transaction processing engine 320 and searches for transaction information for forgery-proofing monitoring and transaction information for forgery-proofing monitoring including the public-key certificate root- And generates transaction ID information for forgery monitoring, and forwards the transaction information for forgery monitoring to the block chain holding servers 400 (S220).

At this time, the hash processing engine 320 of the block-chain-based public key certificate management server 300 stores the private key information for issuance of the authorized certificate and the public key for the public key certificate In the state where the hash is sequentially arranged in the designated storage sequence number between the processed public key certificate node identification information and the processed public key certificate root hash information of the merge tree structure.

The block chain holding servers 400 write the transaction information for forgery monitoring, which is transmitted, in the block chain to execute the block chain-based certificate issuance (S230).

Meanwhile, there is also included a process of checking whether a forgery or falsification has been made by requesting an audit through a forgery proof verification request terminal 500 with respect to an authorized certificate of a specific user issuing the authorized certificate of the present invention from an auditing entity related to a state agency that audits the authorized certificate Loses.

To this end, the block chain-based authorized certificate issuance request server 200 determines whether the forgery proof verification request terminal 500 requests monitoring of a block chain-based authorized certificate of a specific user (S251) Based private certificate management server 300 extracts the private information for issuing the authorized certificate of the specific user requested to be monitored by the block chain-based public key certificate from the public key certificate related information DB 311, (S252).

Thereafter, the block-chain-based authorized certificate management server 300 matches the personal information for issuing the authorized certificate of the specific user requesting monitoring of the transmitted block-chain-based authorized certificate with the authorized certificate registration related information DB 311, It is confirmed that certification node decryption information exists (S253).

The block-chain-based authorized certificate management server 300 directly enters the step S257 of generating the costly authorized-certificate-root-hash information, which will be described later, when the authorized user certificate node hash information exists.

The block-chain-based public key certificate management server 300 operates the hash processing engine 320 when there is no public key certificate node hash information of a specific user, and stores the public key certificate in the authorized certificate registration related information DB 311 Of public key for personal information and public certificate for issuing public key of public key of public key certificate for public key of public key for public key of authorized public key certificate .

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 generates public key certificate node index information indicating a storage order number of the processed public key certificate node identification information, The hash information is processed into registration certification root route hash information in the form of a merge tree structure and the information for identifying the processed certificate root certificate has been generated (S254).

Thereafter, the block chain-based authorized certificate management server 300 operates the transaction processing engine 320 to search for forgery-proofing transaction information including the public key certificate root certificate information for registration and the forgery-monitoring transaction information, And generates transaction ID information for forgery-monitoring to be used, and forwards the transaction information for dual forgery-monitoring to the block chain holding servers 400 (S255).

The block chain holding servers 400 write the transmitted transaction information for forgery monitoring in the block chain (S256).

The hash processing engine 320 of the block chain-based public key certificate management server 300 receives the public key certificate information of the specific user, The certification root certificate for the registration of a specific user's certificate with the certificate information of the root certificate is obtained by referencing the certificate root hash identifier information. And generates the certificate root hash information (S257).

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 refers to the public key certificate root hash identifier information for registration, and obtains the transaction information for forgery-proof including the public key certificate root hash information for registration To the block chain holding server 400 (step S258).

Then, the block-chain holding server 400 matches the transferred transaction ID information for forgery-monitoring with the block chain provided in the electronic wallet, extracts matching transaction information for forgery-monitoring, Extracts the included certification root certificate hash information, and transmits it to the block chain-based authorized certificate management server 300 (S259).

Thereafter, the block-chain-based public key certificate management server 300 receives the public key certificate root hash information for registration, operates the hash processing engine 320, and generates a hash value of the public key certificate root hash information for registration, The hash value of the cost authentication certificate root hash information is calculated, and it is confirmed whether the calculated hash values of both sides are the same (S260).

Meanwhile, the hash processing engine 320 of the block-chain-based public key certificate management server 300, if the hash value of the hash value of the public key certificate node is equal to the hash value of the public key certificate node hash information, (S261) to notify the requesting terminal 500 of a message indicating that personal information for issuing the public key certificate and a public key for the public key certificate, which are a set of specific users requested, are not forged.

If the hash value of the public key certificate root hash information for registration and the hash value of the corresponding public key certificate root hash information are not the same, the block chain-based public key certificate management server 300 obtains the authentication certificate node hash information (S262) of the public key certificate node index information of a specific user among the public key certificate node hash information constituting the merge tree structure of the public key certificate root certificate information for registration, (S263) whether the corresponding authentication certificate node hash information having the same hash value among the public key certificate node identification information corresponding to the value is stored in the same storage order of the authentication certificate node identification information of the specific user.

The block-chain-based authorized certificate management server 300 determines whether or not the corresponding authentication certificate node hash information having the same hash value is stored in the authentication certificate requesting terminal 500 (S264) so that a message indicating that the private key for issuing the public certificate and the public key for the public certificate, which is a set of the user, is forged or not is notified.

In addition, the block-chain-based public key certificate management server 300 obtains the corresponding certificate key node hash information having the same hash value among the public key certificate node hash information corresponding to the hash value of the public key certificate root hash information for registration If the storage order of the authorized certificate node identification information of the specific user is not the same, control is performed so that the personal information for issuing the public key certificate and the public key for the public key certificate, S265).

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 transmits the public key information for the public key certificate for the public key certificate and the personal information for issuing the public key certificate, which are cumulatively managed in the public key certificate related information DB 311 Certified certificate of a specific user Certified certificate for registration of the node to which the hash information belongs Certified certificate that constitutes the merge tree structure of the root hash information Information for issuing private certificates and public keys for public certificates (S266), and performs post-processing according to the forgery and falsification.

7 to 14 relate to a system and method for authenticating an authorized certificate based on a block chain.

As shown in the figure, a public key certificate authentication system based on the block chain of the present invention includes a user terminal 100, a block-chain-based public key certificate authentication request server 600, a block-chain-based public key certificate management server 300, A block chain holding server 400 and a forgery verification validation request terminal 500.

The block-chain-based authorized certificate authentication request server 600 includes a random number generator 630 and an encryption engine 640. The block chain-based public key certificate authentication request server 600 operates the user terminal 100 And transmits the personal information for issuance of the authorized certificate of the corresponding user, which relays the request of the block chain-based authorized authentication.

To this end, the block chain-based authorized certificate authentication request server 600 includes a DB unit 610.

In the DB unit 610, identification information of a user who operates the user terminal 100 is stored. In the DB unit 610, personal information for issuing a public certificate, which is made up of identification information of a user used in issuing a block chain- And an information DB 611. Here, the personal information for issuing the authorized certificate is stored and transmitted in a state processed as user identification information by hashing calculation.

The block-chain-based authorized certificate management server 300 determines the validity of the authorized certificate of the user based on the personal information for issuing the authorized certificate transmitted from the block-chain-based authorized certificate authentication requesting server 600, And transmits the public key for the authorized certificate of the user to the block chain-based authorized certificate authentication requesting server 600 when it is determined.

In order to perform such a function, the block chain-based authorized certificate management server 300 includes a DB unit 310 and a hash processing engine 320.

First, in the DB unit 310, a set of personal information for issuing a public certificate, a public key for a public certificate, a personal information for issuing a public certificate, and a public key for a public certificate, And sequentially stored cumulatively stored and sequentially accumulated cumulative stored public certificate certificates for which registration information of the node has a merge tree structure, which are stored in an accumulation manner. Each time transaction information for forgery-proofing monitoring is generated in the public key certificate registration-related information DB 311 and the block chain-based public key certificate management server 300, the authentication certificate forgery-and-fake monitoring A related information DB 312 is provided.

Based on this, the block chain-based authorized certificate management server 300 determines the validity of the authorized certificate based on the personal information for issuing the authorized certificate.

First, the block-chain-based authorized certificate management server 300 matches the personal information for issuing the authorized certificate transmitted from the block-chain-based authorized certificate authentication requesting server 600 with the authorized certificate registration related information DB 311, Extracts the public key for the certificate, operates the hash processing engine 320, and hashs the extracted public key for the public key certificate and the personal information for issuing the public key certificate, and processes the public key for the public key of the authorized public key certificate .

Then, the hash processing engine 320 of the block-chain-based public key certificate management server 300 extracts the authorized certificate node decryption information registered when issuing the block chain-based public key certificate among the information stored in the public key certificate related information DB 311 do.

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 calculates a hash value of the extracted public key certificate node hash value and a hash value of the public key certificate node hash information, It is judged that the validity of the authorized certificate is legitimate.

If the hash value of the hash value of the public certificate node hash value is not equal to the hash value of the hash value of the public key certificate node, And performs a function of notifying the user terminal 100 of a message indicating that the block chain-based authentication process is rejected.

This allows the user to recognize whether a forgery or falsification has occurred and to promptly respond to the user, thereby preventing unauthorized use of the illegal user due to hacking in advance and minimizing adverse effects of the legitimate user.

Meanwhile, the hash processing engine 320 of the block-chain-based public key certificate management server 300 adds the calculated hash value of the authorized certificate node hash value to the calculated hash value of the corresponding authorized certificate node hash value, Registration certificate for registering the authorized certificate in the issuance of the authorized certificate, the registered certificate for the registration in which the hash information is included in the merge tree structure, and the root certificate identifier for the registered root certificate, which is an identifier for identifying the root hash information, .

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 refers to the extracted public key certificate root certificate ID information for registration, All the authorized certificate node hash information constituting the merge tree structure of the hash information is extracted from the authorized certificate registration related information DB 311, and the extracted authorized certificate node hash information is stored in a mass-certified root The hash information is processed.

In addition, the hash processing engine 320 of the block-chain-based public key certificate management server 300 matches the extracted public key certificate root hash identifier information with the public key certificate forgery related monitoring information DB 312, Extracts the ID information, and transmits it to the block chain holding server 400.

The block chain holding server 400 matches the transferred transaction ID information for forgery monitoring with a block chain provided in the electronic purse to extract matching transaction information for forgery monitoring, Extracts the public key certificate root certificate information for registration, and transmits it to the block chain-based public key certificate management server 300.

The block-chain-based public key certificate management server 300 receives the public key certificate root hash information for registration, operates the hash processing engine 320, and calculates a hash value of the public key certificate root certificate information for registration, The hash value of the public key certificate root hash information is computed and it is determined that the computed hash values are identical to each other, and if it is the same, the validity of the public key certificate is judged to be legitimate.

In addition, the hash processing engine 320 of the block-chain-based public key certificate management server 300 obtains the hash value of both the unauthorized hash value of the public key certificate root hash information for registration and the hash value of each cost public key certificate root hash information If it is present, the personal information for issuing the customer's authorized certificate cumulatively managed in the DB 311 related to the registration of the authorized certificate or the public key information for the authorized certificate, the authorized certificate of the corresponding user, The public key for private certificate issuing and the public key for public certificate, which are a set corresponding to the public key certificate node identification information constituting the merge tree structure of information, are detected as being tampered with, and the post processing according to the occurrence of forgery and falsification is performed.

Accordingly, every time a block chain-based public authentication is requested, the present invention monitors forgery or falsification of information related to public certificate registration of customers issued to the block-chain-based authorized certificate management server 300, Based certificate management server 300, the information on the authorized certificate registration of the customer stored and managed is perceived as soon as it is forged and provided so as to be able to cope with it.

Then, the block-chain-based authorized certificate authentication request server 600 receives the public key for the public key certificate and confirms the Internet communication protocol between the user terminals 100.

Here, the Internet communication protocol is a communication protocol used for transmitting a hypertext document between a web server and a user's Internet browser on the Internet, and is classified into http (Hypertext Transfer Protocol) and https (Hypertext Transfer Protocol over Secure Socket Layer) The difference is whether or not the document is encrypted. That is, http is passed in plain text when delivering documents, and https is encrypted when delivering documents.

For this reason, in the case of the use environment of http, a document is transmitted in plain text, and thus a risk of hacking is caused.

Accordingly, the block-chain-based authorized certificate management server 300 operates the random number generator 630 when the Internet communication protocol between the user terminals 100 is http, in order to solve the risk of hacking and authenticate the user as a legitimate authorized certificate user Thereby generating a random session key that is a random value.

Thereafter, the block-chain-based authorized certificate management server 300 operates the encryption engine 640 to encrypt the random session key using the public key for the public certificate, which is included in the certificate validation signal, And transmits it to the user terminal 100.

The user terminal 100 operates the decryption engine 160 to decrypt the encrypted random session key transmitted on the basis of the private key for public authentication stored in the memory 120 so as to be converted into a random session key, thereby confirming that the user is a legitimate user And performs user authentication to confirm that the user is a user.

That is, if the user terminal 100 possessed by the user does not have a private key for public authentication, it can not verify that the user is a legitimate user because the decryption process itself can not be performed.

In addition, under an environment in which the Internet protocol is http, the document transmitted between the user terminal 100 and the block-chain-based authorized certificate authentication requesting server 600 is decrypted based on the random session key provided from the user terminal 100 It is possible to completely block the case where the private key for public authentication is exposed to the outside even after the user authentication so as to provide the authorized authentication based on the block chain securely without the risk of hacking.

In the case where the Internet communication protocol is https, a document transmitted through the communication between the user terminal 100 and the block-chain-based authorized certificate authentication requesting server 600 is transmitted in an encrypted state and is decrypted and output, .

To this end, the block-chain-based authorized certificate management server 300 controls the random number generator 630 to generate random number data, which is a random value, when the Internet communication protocol between the user terminals 100 is https, 100).

The user terminal 100 operates the hash processing engine 140, performs hashing calculation on the transmitted random number data, and processes it into random number hash information.

Then, the user terminal 100 operates the encryption engine 130 to encrypt the random number information based on the private key for authentication, which is stored and managed in the memory 120, converts the information into encrypted random number hash information, Based certificate authentication request server 600 to the chain-

The block-chain-based public key certificate authentication request server 600 operates the hash processing engine 620 to perform hashing operation on the random number data having the same value as that transmitted to the user terminal 100, .

Then, the block-chain-based public key certificate authentication request server 600 operates the decryption engine 650 to decrypt the encrypted random-number hash information transmitted on the basis of the public key for the public key of the corresponding user, And performs a user authentication by calculating the hash value of the converted random number hash value information and the hash value of the hash value information of the pseudo random number to confirm that both hash values are the same.

On the other hand, the user can destroy the issued block chain-based public key certificate.

To this end, the block-chain-based public key certificate authentication request server 600, if there is a block chain-based public key certificate revocation request from the user terminal 100, generates a public key certificate of the corresponding user stored in the public key certificate related information DB 311 And decrypts the public key of the user who requested destruction of the block-chain-based public key certificate to be counted as a number belonging to the predetermined root hash generation period, And stores it repeatedly in the public certificate registration related information DB 311.

Accordingly, the block-chain-based public key certificate management server 300 transmits a set of private information for issuing the public key certificate including the hash information of the corresponding user who requested the destruction of the block-chain-based public key certificate and the number of public keys for the public key certificate The hash processing engine 320 operates the hash processing engine 320 to collect a set of private information for issuing public certificates and public keys for the public certificates counted by the predetermined root hash generation period, A block chain is created based on the merit structure of the authorized certificate root hash information included in the transaction information for forgery-proof transmitted and registered to the block chain holding servers 400, It is controlled so that the certification information of the corresponding user who has requested the revocation of the public certificate is also included in the hash information, The guide can confirm that the certificate was half destroyed.

And, the auditing entity related to the government agency that audits the authorized certificate can request the forgery or falsification verification request terminal 500 for the forgery or falsification by referring to the authorized certificate of the specific user using the authorized certificate of the present invention.

To this end, in the DB unit 610 of the block-chain-based authorized certificate authentication requesting server 600, the personal information for issuing the authorized certificate of the user operating the user terminal 100 is provided in the member-specific user identification information DB 611 Loses.

In the public key certificate registration related information DB 311 of the block chain-based public key certificate management server 300, a set of private information for issuing the public key certificate and a public key for the public key certificate are classified into hash processed public key certificate node identification information And they are cumulatively stored sequentially.

In this way, the forgery verification validation request terminal 500 requests the block chain-based authorized certificate authentication request server 600 to monitor the block chain-based authorized certificate of the specific user.

The block-chain-based public-key certificate authentication request server 600 extracts personal information for issuing a public-key certificate of a specific user requesting monitoring of a block-chain-based public key certificate from the user-specific user identity information DB 611, To the management server (300).

The block-chain-based authorized certificate management server 300 matches personal information for issuing a public certificate of a specific user requesting monitoring of the transmitted block-chain-based public key certificate with the public key certificate related information DB 311, Recognizes the hash information, and identifies the registered public key certificate root hash information for registration, which is a member of the mutual tree structure of the recognized private key certificate node identification information, And extracts it from the registration-related information DB 311.

Thereafter, the block-chain-based public key certificate management server 300 operates the hash processing engine 320 and refers to the extracted public key certificate root certificate identification information for registration, Extracts all the authorized certificate node hash information constituting the merge tree structure of the public key certificate root hash information from the public key certificate related information DB 311 and extracts the extracted public key certificate node hash information The certificate is processed as root certificate information.

Also, the hash processing engine 320 of the block-chain-based public key certificate management server 300 matches the extracted public key certificate root certificate ID information with the public key certificate forgery-and-falsification monitoring related information DB 312, And forcibly monitoring transaction ID information for identifying the forgery-and-surveillance monitoring transaction information including the hash information, and transmits the extracted transaction ID information to the block chain holding server (400).

The block chain holding server 400 matches the transferred transaction ID information for forgery monitoring with a block chain included in the electronic purse to extract matching transaction information for forgery monitoring and stores the transaction information included in the extracted transaction information for forgery- Extracts the public key certificate root certificate information for registration, and transmits it to the block chain-based public key certificate management server 300.

The block-chain-based public key certificate management server 300 receives the public key certificate root hash information for registration, operates the hash processing engine 320, and calculates a hash value of the public key certificate root certificate information for registration, The hash value of the authorized certificate root hash information is calculated and if the hash values of both of the calculated hash values are the same, the personal information for issuing the authorized certificate composed of a set of specific users requested by the forgery and deny verification request terminal 500 And a message indicating that the public key for the public key certificate is not forged is notified.

The hash processing engine 320 of the block chain-based public key certificate management server 300 determines whether the calculated hash value of the public key certificate node hash value is the same as the calculated hash value of the public key certificate node decryption information A public certificate that has a hash value that is not the same among the hash values of the public certificate node that constitutes the merge tree structure of the public certificate certificate for registration in which the user's public certificate node hash information is included. And recognizes through the public certificate registration related information DB 311 the public key certificate node index information.

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 obtains the authorized certificate node index information of the corresponding authorized certificate node hash value having the same hash value, Is identical to the storage sequence number of the public key certificate node index information.

Accordingly, the hash processing engine 320 of the block-chain-based public key certificate management server 300 obtains the authorized certificate node index information of the corresponding authorized certificate node hash value having the same hash value, If the storage order of the public key certificate node index information is the same, the forgery proof authentication request terminal 500 controls the personal authentication information issuing personal information composed of a set of specific users and a message indicating that the public key for the public key certificate has been tampered with.

In addition, the block-chain-based public key certificate management server 300 obtains public key certificate node index information of the corresponding authorized certificate node hash value having the same hash value and public key certificate node index information of the specific user's public key certificate node identification information If the stored order is not the same, the forgery proof verification request terminal 500 controls the personal information for issuing the public key certificate and a message indicating that the public key for the public key certificate has not been tampered with is notified.

Thereafter, the block-chain-based public key certificate management server 300 acquires public key information for public key information for issuing private certificates and public key information for a public key certificate, which is composed of a set cumulatively managed in the public key certificate related information DB 311 The public key for private certificate issuing and the public key for public certificate, which is a set corresponding to the public key certificate node collating information constituting the merge tree structure of the registered public key certificate root certificate to which the time stamp belongs, is forged, And performs post-processing according to occurrence of forgery or falsification.

The authentication process of the block chain-based public key certificate using the public key certificate authentication system based on the block chain of the present invention will now be described.

The user accesses the block-chain-based authorized certificate authentication request server 600 through the user terminal 100 and requests the block chain-based public authentication (S300).

The block-chain-based authorized certificate authentication request server 600 extracts the personal information for issuing the authorized certificate of the user processed from the user-identification information DB 611 for each member in accordance with the block chain-based authorized authentication request And transmits it to the block chain-based authorized certificate management server 300 (S310).

The block-chain-based authorized certificate management server 300 judges the validity of the authorized certificate of the user based on the transmitted personal information for issuing the authorized certificate (S320). First, the block-chain- The personal information for issuing the authorized certificate transmitted from the certificate authentication requesting server 600 is matched with the authorized certificate registration related information DB 311 to extract the public key for the authorized certificate of the user and operates the hash processing engine 320 The extracted public key for the public key certificate and the personal information for issuing the public key certificate are hashed and processed into the cost certification certificate node decryption information (S321).

Then, the hash processing engine 320 of the block-chain-based public key certificate management server 300 extracts the authorized certificate node decryption information registered when issuing the block chain-based public key certificate among the information stored in the public key certificate related information DB 311 The hash value of the extracted public key certificate node hash value and the hash value of the hash value of the cost authentication certificate node are respectively calculated and it is confirmed whether the computed hash values are identical to each other (S322).

Based on this, the hash processing engine 320 of the block-chain-based public key certificate management server 300 determines whether the calculated hash value of the public key certificate node hash value is equal to the calculated hash value of the public key certificate node hash value The control proceeds to step S323 to notify the user terminal 100 of a message indicating that the block chain-based authentication process is rejected.

The hash processing engine 320 of the block chain-based public key certificate management server 300 generates a public key certificate if the calculated hash value of the public key certificate node hash value and the calculated hash value of the public key certificate node hash value are the same Which is an identifier for identifying the public key certificate root hash information for registration belonging to the mutual tree structure in which the public key certificate node identification information is registered at the time of registration, is extracted from the public key certificate registration related information DB 311 (S324).

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 refers to the extracted public key certificate root certificate ID information for registration, All the authorized certificate node hash information constituting the merge tree structure of the hash information is extracted from the authorized certificate registration related information DB 311, and the extracted authorized certificate node hash information is stored in a mass-certified root The hash information is processed (S325).

Then, the hash processing engine 320 of the block-chain-based public key certificate management server 300 matches the extracted public key certificate root certificate identification information with the public key certificate forgery-and-falsification monitoring related information DB 312, The forgery-and-guard monitoring transaction ID information that identifies the forgery-and-surveillance transaction information including the hash information is extracted and transmitted to the block chain holding server 400 (S326).

The block chain holding server 400 matches the transferred transaction ID information for forgery monitoring with a block chain included in the electronic purse to extract matching transaction information for forgery monitoring and stores the transaction information included in the extracted transaction information for forgery- Extracts the certification root route hash information for registration, and transmits it to the block chain-based authorized certificate management server 300 (S327).

The block-chain-based public key certificate management server 300 receives the public key certificate root hash information for registration, operates the hash processing engine 320, and calculates a hash value of the public key certificate root certificate information for registration, The hash value of the public certificate root hash value is computed, and the computed hash values are identical (S328).

First, the hash processing engine 320 of the block-chain-based public key certificate management server 300, if the calculated hash values are not the same, authenticates the customer who is cumulatively managed in the public key certificate registration related information DB 311 The public key information for certificate issuing personal information and public key information for public key certificate of the corresponding user in the public key information for the certificate issuance, and the certificate corresponding to the public key information The personal information for issuing the authorized certificate and the public key for the authorized certificate are forged (S329), and the post-processing according to the forgery and falsification is performed.

The hash processing engine 320 of the block chain-based public key certificate management server 300 determines whether the hash value of the public key certificate information is equal to the hash value of the public key certificate information And judges that the validity is legitimate.

Accordingly, the block-chain-based authorized certificate management server 300 extracts the public key for the public key of the corresponding user from the public key certificate related information DB 311 and transmits it to the block-chain-based public key certificate authentication server 600 (S330).

The block chain-based public key certificate authentication request server 600 receives a public key for a public key certificate and performs a user authentication between the user keyers 100 based on the public key for the public key certificate (S3400) As follows.

First, the block-chain-based authorized certificate authentication request server 600 determines whether the Internet communication protocol between the corresponding user terminal 100 requesting block-chain-based public authentication is http or https (S340).

The block-chain-based authorized certificate authentication request server 600 controls the random number generator 630 to generate a random session key in step S350 when the Internet communication protocol between the user terminals 100 is http.

The block-chain-based public key certificate authentication request server 600 operates the encryption engine 640 to encrypt the random session key using the public key for the public key certificate, converts it into an encrypted random key, and transmits it to the user terminal 100 S360).

The user terminal 100 receives the encrypted random session key and operates the decryption engine 160 to decrypt the encrypted random session key based on the private key for public authentication stored in the memory 120 so as to be converted into a random session key Thereby completing the authentication of the user (S370).

The block-chain-based public-key certificate authentication request server 600 generates a random-number random-number data by operating a random-number generator 630 when the Internet communication protocol between the user terminals 100 requesting the block- And transmits it to the user terminal 100 (S380).

The user terminal 100 operates the hash processing engine 140, performs hashing operation on the transmitted random number data, and processes the random number hash information (S390).

The user terminal 100 operates the encryption engine 130 to encrypt the random number information on the basis of the private key for public authentication stored and managed in the memory 120 to convert it into encrypted random number hash information, To the public certificate authentication request server 600 (S400).

The block chain-based public key certificate authentication request server 600 operates the hash processing engine 620 to perform hashing operation on the random number data having the same value as that transmitted to the user terminal 100, And a decryption engine 650 to decrypt the decrypted encrypted random number hash information based on the public key for the public key of the corresponding user so as to be converted into random number hash information, And the hash value of the pseudo random number hash value, and confirms that both hash values are identical to each other, thereby completing the user authentication (S410).

On the other hand, the user can destroy the issued block chain-based public key certificate.

To this end, the block-chain-based authorized certificate authentication request server 600 confirms whether the user terminal 100 requests destruction of the block-chain-based public key certificate (S500). If the block chain-based public key certificate authentication request is requested, The authorized certification node node decryption information stored in the related information DB 311 is changed to the digested certificate node node decryption information (S510).

Thereafter, the block-chain-based public key certificate authentication requesting server 600 transmits a public key certificate to the block chain-based public key certificate authentication request server 600 so that it can be counted as the number belonging to the predetermined root- It is repeatedly stored in the registration-related information DB 311 (S520).

Thereafter, the block-chain-based public key certificate management server 300 transmits a set of private information for issuing the public key certificate including the hash information of the corresponding user requesting the cancellation of the block chain-based public key certificate and the number of public keys for the public key certificate The hash processing engine 320 operates the personal information for issuing a set of authorized certificates and the public key for the authorized certificate counted by the number of the predetermined root hash generation sections, And the hash information is processed as the certification certificate node hash information to be processed by the block chain holding server 400. In this way, (S530) the information of the authorized certificate node of the corresponding user requesting destruction of the chain-based public key certificate is also included.

Through this, the user is guided to confirm that the authorized certificate based on his block chain has been destroyed.

In addition, a user or an auditing entity related to a government agency that audits a public certificate can inquire whether a forgery or falsification has been made with respect to a specific user's public certificate by requesting a forgery or falsification verification request through the terminal 500.

That is, the block-chain-based authorized certificate authentication request server 600 checks whether the forgery-verification-authentication request terminal 500 requests monitoring of a block chain-based authorized certificate of a specific user (S600) The personal information for issuing the authorized certificate of the specific user requesting monitoring of the block chain-based authorized certificate is extracted from the authorized certificate registration related information DB 311 and transmitted to the block chain-based authorized certificate management server 300 S610).

The block-chain-based authorized certificate management server 300 matches personal information for issuing a public certificate of a specific user requesting monitoring of the transmitted block-chain-based public key certificate with the public key certificate related information DB 311, Recognizes the hash information, and identifies the registered public key certificate root hash information for registration, which is a member of the mutual tree structure of the recognized private key certificate node identification information, And extracted from the registration-related information DB 311 (S620).

The hash processing engine 320 of the block chain-based public key certificate management server 300 refers to the extracted public key certificate root certificate hash information to extract the public key certificate root certificate All the authorized certificate node hash information constituting the merge tree structure of information is extracted from the public key certificate related information DB 311 and the extracted public key certificate node decryption information is decrypted using a mass- (S630).

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 matches the extracted public key certificate root certificate identification information with the public key certificate forgery-and-falsification monitoring related information DB 312, And forcibly monitoring transaction ID information for identifying the forgery-and-alteration monitoring transaction information including the timing information, and transmits it to the block chain holding server 400 (S640).

The block chain holding server 400 matches the transferred transaction ID information for forgery monitoring with a block chain included in the electronic purse to extract matching transaction information for forgery monitoring and stores the transaction information included in the extracted transaction information for forgery- Extracts the public key certificate root certificate information for registration, and transmits it to the block chain-based public key certificate management server 300 (S650).

The block-chain-based public key certificate management server 300 receives the public key certificate root hash information for registration, operates the hash processing engine 320, and calculates a hash value of the public key certificate root certificate information for registration, The hash value of the public key certificate route hash value is computed, and it is determined whether the calculated hash values are the same (S660).

The hash processing engine 320 of the block chain-based public key certificate management server 300 determines whether the calculated hash value of the public key certificate node hash value is equal to the calculated hash value of the public key certificate node hash information, (S670) that the personal information for issuing the public certificate and the public key for the public certificate, which are a set of specific users requested by the public key 500, are not forged.

The hash processing engine 320 of the block chain-based public key certificate management server 300 determines whether the calculated hash value of the public key certificate node hash value is the same as the calculated hash value of the public key certificate node decryption information A public certificate that has a hash value that is not the same among the hash values of the public certificate node that constitutes the merge tree structure of the public certificate certificate for registration in which the user's public certificate node hash information is included. (Step S661) through the public key certificate registration-related information DB 311 (step S661).

Thereafter, the hash processing engine 320 of the block-chain-based public key certificate management server 300 obtains the authorized certificate node index information of the corresponding authorized certificate node hash value having the same hash value, (Step S662). In step S662,

First, the hash processing engine 320 of the block chain-based public key certificate management server 300 obtains public key certificate node index information of the corresponding public key certificate node hash information having the same hash value, If the storage order of the public key certificate node index information of the public key certificate index information is the same, control proceeds to step 663 so that a message indicating that personal information for issuing a public key certificate and a public key for the public key certificate .

Then, the hash processing engine 320 of the block chain-based public key certificate management server 300 obtains the public key certificate index information of the corresponding authorized certificate node hash information having the same hash value, If the storage order of the public key certificate node index information is not the same, control is passed to the forgery authentication verification request terminal 500 so as to notify the personal information for issuing the public key certificate and the public key for the public key certificate to be notified (S664).

Thereafter, the block-chain-based public key certificate management server 300 acquires public key information for public key information for issuing private certificates and public key information for a public key certificate, which is composed of a set cumulatively managed in the public key certificate related information DB 311 It is detected that the public key for private certificate issuing and the public key for public certificate, which is a set corresponding to the public key certificate node collating information constituting the merge tree structure of the registered public key certificate root hash information, is forged (S665 ), And performs post-processing according to the forgery and falsification.

100: user terminal 110: key generation engine
120: memory 130, 640: encryption engine
140, 220, 320, 620: hash processing engine 150:
160,650: Decryption engine
200: Block Chain Based Authorized Certificate Issuing Request Server
210, 310, 610:
211,611: User identification information DB by member
300: Block Chain Based Authorized Certificate Management Server
311: DB related to registration of certificate by customer
312: Information about authorized certificate forgery monitoring
330: Transaction Processing Engine 400: Block Chain Retention Server
500: Forgery verification request terminal
600: Block Chain-Based Certified Certificate Authentication Request Server
630: a random number generator

Claims (45)

A public key for the public certificate and a private key for the public certificate, and transmits the public key for the public key certificate and the private information for issuing the public key certificate, A terminal 100;
Receives the public key for the public key certificate and the personal information for issuing the public key certificate from the user terminal 100 and transmits a private certificate registration request signal for each customer including the private key for issuing the public key certificate and the public key for the public key certificate A block chain-based certificate issuance request server 200;
The personal information for issuing private certificates and the public keys for public certificates among the information included in the customer-specific public key certificate request signal transmitted from the block-chain-based public key certificate issuing request server 200 are classified into a set, The hash processing engine 320 is operated when the number of the private information for issuing a public certificate and the number of public keys for the public key certificate accumulated in the accumulation storing unit 311 reaches a preset root hash generation period The personal information for issuing the public certificate counted by the predetermined route hash generation section and the public key for the public key certificate are hashed in the order of storing the public key certificate information and processed into the public key certificate node identification information, The hash information is processed into a registration public certificate route hash information having a merge tree structure, and the transaction processing engine 320 is operated And generates transaction ID information for forgery monitoring, which is used as a key value in retrieving transaction information for forgery-fugitive monitoring including transaction information for forgery-fugitive monitoring and transaction information for forgery-proof monitoring that includes the registration certificate root certificate hash information, A block chain-based authorized certificate management server 300 for transmitting transaction information;
An electronic purse having a block chain in which bit coin settlement transaction information is authenticated and bit coin settlement transaction information is recorded in accordance with the authenticated bit coin settlement transaction information by verifying the transferred bit coin settlement transaction information is transmitted And block chain holding servers 400 for recording transaction information for forgery monitoring transmitted from the block chain based public key certificate managing server 300 in the block chain,
Wherein the root hash generation period is the number of the previously set public key certificate node hash information or the number of public key certificate node hash information stored cumulatively for a preset time period.
The method according to claim 1,
The user terminal 100 is equipped with a key generation engine 110,
The user terminal 100 controls the key generation engine 110 to generate the public key for the public key certificate and the private key for the public key certificate in a state in which the network is shut off. A certificate issuing system.
The method according to claim 1,
Wherein the personal information for issuing the authorized certificate includes at least two of user name, user's date of birth, user's telephone number, and user's e-mail.
The method according to claim 1,
The block chain-based authorized certificate issuance request server 200 includes a hash processing engine 220,
The block chain-based certificate issuance request server 200 operates the hash processing engine 220 to process the personal information for issuance of the authorized certificate by performing a hashing operation on the personal information for issuing the authorized certificate to process the user identification identification information, And the private information for issuing the public key certificate is included in the customer-specific public key certificate registration request signal.
delete The method according to claim 1,
The block chain-based authorized certificate management server 300 includes a DB unit 310,
In the DB unit 310, the personal information for issuing the public key certificate, the public key for the public key certificate, and the public key for the public key certificate, An authorized certificate registration related information DB 311 in which information is accumulated and stored sequentially; An authorized certificate forgery-and-fever monitoring related information DB 312 in which transaction ID information for forgery-monitoring generated together as an identifier is accumulated every time the transaction information for forgery-improving monitoring is generated in the block chain-based authorized certificate managing server 300; ≪ / RTI &
When the number of public keys for public certificate issuance and the number of public keys for public certificate reaches the predetermined root hash generation period, the block chain-based public key certificate management server (300) All of the transaction ID information for forgery monitoring accumulated and accumulated in the DB 312 is extracted, the extracted transaction ID information is transmitted to the block chain holding server 400,
The block chain holding server 400 matches the transferred transaction ID information for forgery monitoring with the block chain provided in the electronic wallet and obtains the registered certificate root route decryption information included in each matching forgery prevention monitoring transaction information And transmits the extracted registration certificate authority root certificate decryption information to the block chain-based authorized certificate management server 300,
The block-chain-based authorized certificate management server 300 receives the registration certificate root certificate hash information for each registration and operates the hash processing engine 320 to sequentially accumulate the certificate certificate registration related information DB 311 The number of public keys for issuing private certificates and public certificates for a set of stored public key certificates is divided into a predetermined root hash generation section and as many as the numbers belonging to the divided root cancellation generation sections are classified, The generated root certificate information is compared with the generated root certificate information in the order of generation, and the generated root certificate information is compared with the generated root certificate information in the order of generation, Each hash value of the public key certificate root certificate hash value and each of the public key certificate root certificate hash values is calculated, and the hash value from the first generation order to the last generation order If both hash values are the same, it is recognized that the forgery and falsification of information related to the public key certificate issued by the users has not occurred and the control is made so that the forgery-and-surveillance monitoring transaction information can be generated And if the hash value of both of the hash values is not the same, it is recognized that the forgery and falsification of information related to the authorized certificate issued by the users occurs, and control is made so that the forgery-and-surveillance monitoring transaction information is not generated. Authorized certificate issuing system.
The method according to claim 1,
The block chain-based authorized certificate management server 300 includes a DB unit 310,
In the DB unit 310, the personal information for issuing the public key certificate, the public key for the public key certificate, and the public key for the public key certificate, An authorized certificate registration related information DB 311 in which information is accumulated and stored sequentially; An authorized certificate forgery-and-fever monitoring related information DB 312 in which transaction ID information for forgery-monitoring generated together as an identifier is accumulated every time the transaction information for forgery-improving monitoring is generated in the block chain-based authorized certificate managing server 300; ≪ / RTI &
The hash processing engine 320 of the block-chain-based public key certificate management server 300 also generates public key certificate node index information indicating the storage order number of the generated public key certificate node hash information when generating the public key certificate node hash information And generates the public key certificate root hash identifier information for registration, which is information for identifying the generated public key certificate root hash information when generating the public key certificate root hash information for registration, , The public key certificate node index information and the public key certificate root certificate identification information for registration are accumulated and stored in the public key certificate registration related information DB 311, and the registration public key certificate root key identification information is stored in the public key certificate forgery / Related information DB 312,
The transaction processing engine 320 of the block chain-based certificate issuance requesting server 200 controls the generated transaction ID for forgery-monitoring to be cumulatively stored in the authorized certificate forgery-monitoring related information DB 312, The certificate forgery and falsification monitoring related information DB 312 stores the transaction ID information for the forgery and falsification monitoring and the identifier information for the unauthorized certificate root certificate for registration and is stored and managed.
8. The method of claim 7,
The hash processing engine 320 of the block-chain-based public key certificate management server 300 transmits the public key certificate root certificate information for registration generated previously to the personal information for issuing the public key certificate and the public key for the public key certificate Wherein the control unit performs processing so as to be processed into the registration public key certificate root hash information in the form of a merge tree structure in a state of being placed in a pre-designated storage sequence number between the processed public key certificate node hash information. Based certificate issuance system.
8. The method of claim 7,
A forgery verification request terminal (500)
The forgery verification request terminal 500 requests the block chain-based authorized certificate issuance request server 200 to monitor a block chain-based authorized certificate of a specific user,
The block-chain-based certificate issuance request server 200 extracts the personal information for issuing the authorized certificate of the specific user requesting monitoring of the block-chain-based public key certificate from the public key certificate related information DB 311, To the public certificate management server 300,
The block-chain-based authorized certificate management server 300 matches the personal information for issuing the authorized certificate of the specific user requesting monitoring of the transmitted block-chain-based authorized certificate with the authorized certificate registration related information DB 311, If there is no certification node node hash information of the specific user, the hash processing engine 320 is operated to sequentially accumulate the certificate node registration information in the authorized certificate registration related information DB 311 Of public key for personal information and public certificate for issuing public key of public key of public key certificate for public key of public key for public key of authorized public key certificate And the public key certificate node index information indicating the storage order number of the processed public key certificate node identification information Processing the processed public key certificate node decryption information into registration public key certificate root certificate decryption information having a merge tree structure and registering the registered public key certificate root certificate decryption information, And the transaction processing engine 320 operates the transaction processing engine 320 to search the forgery monitoring transaction information and the forgery monitoring transaction information including the registered public certificate root hash information, And transmits transaction information for forgery-monitoring of the generated information to the block chain holding servers 400,
The block chain holding servers 400 write the transferred transaction information for forgery monitoring in a block chain,
The hash processing engine 320 of the block-chain-based public key certificate management server 300 receives the private key of the specific user, which is an identifier for identifying the authorized public key certificate root- The certification authority root certificate is stored in the root directory of the root certificate. The certificate root certificate is stored in the private key of the root certificate. And generating transaction ID information for forgery monitoring for identifying the forgery-and-surveillance transaction information including the registration public key certificate root hash information by referring to the registration public key certificate root hash identifier information, To the block chain holding server 400,
The block chain holding server 400 matches the transferred transaction ID information for forgery-monitoring with a block chain provided in the electronic purse to extract matching transaction information for forgery-proof monitoring, and stores the transaction information for forgery- Extracts the included certification root certificate hash information and transmits it to the block chain-based authorized certificate management server 300,
The block-chain-based public key certificate management server 300 receives the public key certificate root hash information for registration and operates the hash processing engine 320 to obtain a hash value of the transferred public key certificate root key hash information Calculating a hash value of the generated public key certificate root hash value, verifying whether the calculated hash values are identical to each other, comparing the calculated hash value of the public key certificate node hash value with the corresponding public key certificate If the computed hash values of the node hash information are the same, control is performed so that the personal information for issuing the public key certificate made up of a set of specific users requested by the forgery-and-alteration authentication request terminal 500 and a message indicating that the public key for the public key certificate is not forged Wherein the certificate issuing system is based on a block chain.
10. The method of claim 9,
The hash processing engine 320 of the block chain-based public key certificate management server 300 determines whether the calculated hash value of the public key certificate node hash value and the calculated hash value of the public key certificate node hash value The corresponding authentication certificate node hash information having the same hash value among the public key certificate node decryption information corresponding to the hash value of the registered public key certificate root certificate hash information and the authentication certificate node hash information If the corresponding authentication certificate node hash information having the same hash value and the storage order of the certification information of the specific user are the same, the forgery proof verification request terminal 500 transmits a specific user The personal information for issuing the public key certificate and the public key for the public key certificate are made to be notified Certificate issuing system based on a chain of blocks ranging.
11. The method of claim 10,
The hash processing engine 320 of the block-chain-based public key certificate management server 300 receives the hash value of the public key certificate corresponding to the hash value of the transmitted public key certificate root certificate hash value If the corresponding authentication certificate node hash information and the storage order of the certification information of the specific user are not the same, the private information for issuing the public certificate and the public key for the public certificate Is notified that a message has not been forged or not.
The user terminal 100 transmits the personal information for issuing the public certificate, which is composed of the identification information of the user necessary for issuing the block chain-based public key certificate, to the block chain-based public key certificate issuing request server 200 to request issuance of the block chain- (S100);
The block-chain-based certificate issuance request server 200 generates a key generation guide signal for informing the generation of the public key for the public key certificate and the public key for the public key certificate after checking the private information for issuing the public key certificate, (S110) to the user terminal (100) requesting issuance of the chain-based authorization certificate;
When the key generation guide signal is transmitted from the user terminal 100, the key generation engine 110 is operated to control the generation of the public key for the public key certificate and the public key for the public key certificate, To the block chain-based authorized certificate issuance request server 200 (S120);
In the block-chain-based certificate issuance requesting server 200, the public key for the public key certificate is received, and the public key certificate for each customer including the personal information for issuing the public key certificate and the public key for the public key certificate To the block chain-based public key certificate management server 300 (S130);
In the block chain-based public key certificate management server 300, the hash processing engine 320 is operated to transmit private information for issuing public key certificates and public keys for public key certificates included in the transmitted customer- (S140) sequentially accumulating the certificate in the public certificate registration-related information DB 311;
In the block chain-based public key certificate management server 300, a step (S150) of checking whether the private key for issuing one set of authorized certificates and the public key for the public key certificate have reached a predetermined root hash generation period;
In the block chain-based public key certificate management server 300, when a set of private information for issuing the public key certificate and the number of public keys for the public key certificate reach the predetermined root hash generation period, the hash processing engine 320 The personal information for issuing the public certificate and the public key for the public certificate, which are counted by the predetermined root hash generation period, are processed in the order of storage in order to process the public key of the public key certificate, A step (S210) of processing the information into a registration certificate root certification information comprising a merge tree structure;
In the block chain-based public key certificate management server 300, the transaction processing engine 320 is operated to search for transaction information for forgery-proof monitoring and forgery-and-monitoring transaction information including the public key certificate root hash information for registration, (S220) of generating transaction ID information for forgery-monitoring used for forgery-monitoring and transmitting transaction information for forgery-monitoring of the generated information to the block chain holding servers (400);
(S230), in the block-chain holding servers (400), the block chain-based authorized certificate issuance is completed by recording the transferred transaction information for forgery-monitoring in a block chain,
Wherein the root hash generation interval is the number of the predetermined certificate node hash information or the number of public key certificate node hash information stored cumulatively for a preset time period.

13. The method of claim 12,
In the block-chain-based certificate issuance requesting server 200, the public key for the public key certificate is received, and the public key certificate for each customer including the personal information for issuing the public key certificate and the public key for the public key certificate In step S130, which is transmitted to the block chain-based authorized certificate management server 300,
The block chain-based certificate issuance request server 200 operates the hash processing engine 220 to process the personal information for issuance of the authorized certificate into a user identification identification information, And the processed personal information for issuing the authorized certificate is included in the customer-specific public key certificate registration request signal.
delete 13. The method of claim 12,
In the block chain-based public key certificate management server 300, in step S150, it is determined whether the private key for issuing one set of public key certificate and the public key for the public key certificate have reached a predetermined root hash generation period,
In the block chain-based public key certificate management server 300, when the calculated number of pieces of private information for issuing private key certificates and the number of public keys for public key certificates reach the predetermined root hash generation period, (S160) of extracting all of the transaction ID information for forgery-monitoring accumulated and accumulated in the block-chain management server (312), and transmitting the extracted transaction ID information for forgery-monitoring to the block chain holding server (400);
The block chain holding server 400 may match the transmitted transaction ID information for forgery monitoring with the block chain provided in the electronic wallet to obtain registration certificate authority root certificate information for registration included in each matching transaction information for forgery- (S170);
The block chain holding server 400 transmits the extracted registration certificate authority root certificate hash information to the block chain based public certificate management server 300 (S180);
The block chain-based public key certificate management server 300 receives the respective certificate public key certificate hash information and operates the hash processing engine 320 to sequentially accumulate the public key certificate information in the public key certificate related information DB 311 The number of public keys for issuing private certificates and public certificates for a set of stored public key certificates is divided into a predetermined root hash generation section and as many as the numbers belonging to the divided root cancellation generation sections are classified, Processing (S190) processing into root hash information;
In the hash processing engine 320 of the block chain-based public key certificate management server 300, the generated public key certificate root certificate decryption information and the generated public key certificate root key decryption information are generated in the order The hash value of each registered public certificate root hash information and the corresponding public trust certificate root hash information, which are compared with each other in the order of generation, are computed, and the hash values of the two generated hash values (S200); after,
In the block chain-based public key certificate management server 300, when a set of private information for issuing the public key certificate and the number of public keys for the public key certificate reach the predetermined root hash generation period, the hash processing engine 320 The personal information for issuing the public certificate and the public key for the public certificate, which are counted by the predetermined root hash generation period, are processed in the order of storage in order to process the public key of the public key certificate, Wherein the information is processed in a step S210 of processing the information as a registration certificate certificate root hash information having a merge tree structure.
16. The method of claim 15,
In the hash processing engine 320 of the block chain-based public key certificate management server 300, the generated public key certificate root certificate decryption information and the generated public key certificate root key decryption information are generated in the order The hash value of each registered public certificate root hash information and the corresponding public trust certificate root hash information, which are compared with each other in the order of generation, are computed, and the hash values of the two generated hash values In step S200 of determining whether the values are the same,
In the hash processing engine 320 of the block-chain-based public key certificate management server 300, the hash value of each registered public key certificate root hash information and the corresponding hash value of each public key certificate root key hash information (Step S201). If there is a hash value of both the hash value and the hash value of the authorized certificate, the personal information for issuing the private certificate and the public key for the authorized certificate, which are accumulated in the authorized certificate registration related information DB 311, ); And a method for issuing a public certificate based on a block chain.
13. The method of claim 12,
In the block chain-based public key certificate management server 300, when a set of private information for issuing the public key certificate and the number of public keys for the public key certificate reach the predetermined root hash generation period, the hash processing engine 320 The personal information for issuing the public certificate and the public key for the public certificate, which are counted by the predetermined root hash generation period, are processed in the order of storage in order to process the public key of the public key certificate, In the step S210, the information is processed into registration certificate root route hash information having a merge tree structure,
The hash processing engine 320 of the block-chain-based public key certificate management server 300 transmits the public key certificate root certificate information for registration generated previously to the personal information for issuing the public key certificate and the public key for the public key certificate Wherein the control unit performs processing so as to be processed into the registration public key certificate root hash information in the form of a merge tree structure in a state of being placed in a pre-designated storage sequence number between the processed public key certificate node hash information. Based certificate issuance method.
13. The method of claim 12,
In the block chain-based public key certificate management server 300, when a set of private information for issuing the public key certificate and the number of public keys for the public key certificate reach the predetermined root hash generation period, the hash processing engine 320 The personal information for issuing the public certificate and the public key for the public certificate, which are counted by the predetermined root hash generation period, are processed in the order of storage in order to process the public key of the public key certificate, In the step S210, the information is processed into registration certificate root route hash information having a merge tree structure,
The hash processing engine 320 of the block chain-based public key certificate management server 300 generates public key certificate node index information indicating the storage order of the processed public key certificate node identification information, And generating identification certificate root certificate identification information for registration, which is information for identifying the time and date information, based on the block chain.
19. The method of claim 18,
(S251) whether the block-chain-based authorized certificate issuance requesting server (200) has requested monitoring of a block chain-based authorized certificate of a specific user at the forgery proof verification request terminal (500);
If the block-chain-based authorized certificate issuance requesting server 200 requests the block-chain-based authorized certificate issuance requesting server 200 to monitor the block chain-based authorized certificate of a specific user in the forgery proof verification request terminal 500, (Step S252) of extracting the personal information for issuing the authorized certificate of the specific user who requested the monitoring of the block chain-based authorized certificate from the authorized certificate registration related information DB 311 and transmitting it to the block chain-based authorized certificate management server 300 )Wow;
In the block-chain-based authorized certificate management server 300, the personal information for issuing the authorized certificate of the specific user requesting monitoring of the transmitted block-chain-based authorized certificate is matched with the authorized certificate registration related information DB 311, A step (S253) of confirming that the authorized certificate node has been decrypted;
In the block chain-based public key certificate management server 300, when there is no authorized certificate node decryption information of a specific user, the hash processing engine 320 is operated to sequentially accumulate the public key certificate in the public key certificate related information DB 311 The public key for personal information and public key certificate for storing a set of stored public key certificate public key for public key for private key certificate for personal information and private key for issuing public key certificate And generating public key certificate node index information indicating a storage order number of the processed public key certificate node decryption information, wherein the processed public key certificate node decryption information comprises a merge tree structure registration certificate The information is processed into the certificate root hash information, and information for identifying the processed public certificate root root hash information Step (S254) of generating identification information when it routes rokyong certificate and;
In the block chain-based public key certificate management server 300, the transaction processing engine 320 is operated to search for transaction information for forgery-proof monitoring and forgery-and-monitoring transaction information including the public key certificate root hash information for registration, (S255) of generating transaction ID information for forgery monitoring used for forgery monitoring and transmitting transaction information for forgery monitoring of the generated information to the block chain holding servers 400;
In the block chain holding servers 400, the transaction information for forgery monitoring to be transmitted is recorded in a block chain (S256);
In the hash processing engine 320 of the block chain-based public key certificate management server 300, the hash value of the private key of the specific user is registered as an identifier that identifies the public key certificate root hash information for registration belonging to the merge tree structure The root certificate has the root node identification information of the root certificate, and the root certificate of the root certificate is stored in the private root certificate. A step (S257) of generating cost-certified certificate root hash information;
The hash processing engine 320 of the block chain-based public key certificate management server 300 refers to the registration public key certificate root hash identifier information, (S258) of transmitting transaction ID information for forgery-monitoring to identify the information to the block chain holding server (400);
In the block chain holding server 400, the transferred transaction ID information for forgery-monitoring is matched with a block chain included in the electronic wallet to extract matching transaction information for forgery-monitoring, and the extracted transaction information for forgery- (S259) after extracting the certification public root certificate hash information included in the public key certificate and transmitting it to the block chain-based public key certificate management server 300;
The block chain based public key certificate management server 300 receives the public key certificate root hash information for registration and operates the hash processing engine 320 to obtain a hash value of the transferred public key certificate root certificate hash value And a step (S260) of calculating a hash value of the generated cost certification root route hash information, respectively, and checking whether the calculated hash values are identical to each other;
In the hash processing engine 320 of the block chain-based public key certificate management server 300, if the hash value of the authorized certificate node decryption information is the same as the computed hash value of the corresponding certified certificate node decryption information The block chain-based authorized certificate management server 300 may control the personal information for issuing the public key certificate, which is a set of specific users requested by the forgery authentication verification request terminal 500, and a message that the public key for the public key certificate is not forged And a step (S261) of issuing a public key certificate based on the block chain.
20. The method of claim 19,
The block chain based public key certificate management server 300 receives the public key certificate root hash information for registration and operates the hash processing engine 320 to obtain a hash value of the transferred public key certificate root certificate hash value And the hash value of the generated cost authentication certificate root hash information, and confirms whether the computed hash values are identical to each other,
In the hash processing engine 320 of the block-chain-based public key certificate management server 300, the hash value of the authorized certificate node decryption information and the computed hash value of the cost authentication certificate node decryption information are the same A step S262 of recognizing the authorized certificate node index information of a specific user among the authorized certificate node decryption information constituting the merge tree structure of the registered public key certificate root hash information to which the specific user's certification node node decryption information belongs, Wow;
The corresponding authorized certificate node hash information having the same hash value among the public key certificate node hash information corresponding to the hash value of the transmitted public key certificate root certificate hash information, Confirming whether the storage order is the same (S263);
If the corresponding authentication certificate node hash information having the same hash value and the storage order of the certificate information of the specific user are the same, the block chain-based authorized certificate management server 300 determines whether the forgery verification request terminal 500 And a step (S264) of notifying a message that the personal information for issuing the authorized certificate and the public key for the authorized certificate consisting of a set of specific users are forged (S264). Way.
21. The method of claim 20,
The corresponding authorized certificate node hash information having the same hash value among the public key certificate node hash information corresponding to the hash value of the transmitted public key certificate root certificate hash information, In the step S263 of confirming whether the storage order is the same,
In the block chain-based authorized certificate management server 300, if the corresponding authentication certificate node hash information having the same hash value and the storage order of the certification information of the specific user are not the same, (S265) controlling the personal information for issuing the public key certificate and the public key for the public key certificate to be notified that the public key is not forged;
In the hash processing engine 320 of the block chain-based public key certificate management server 300, the public key certificate public key information for private certificate issuing and the private key certificate public key information Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates Certified Certificates And detecting that the key is forged or corrupted (S266).
delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete

Images