Images

Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/04—Payment circuits
  • G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
  • G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
  • H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
  • G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
  • G06F16/23—Updating
  • G06F16/2379—Updates performed during online database operations; commit processing
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
  • G06Q20/401—Transaction verification
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
  • H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
  • H04L9/0637—Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
  • H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
  • H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
  • H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
  • H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash

Definitions

• the private key for public authentication is generated and stored by itself through a random number generator mounted in a terminal that cannot be physically connected to the system or installed with a separate program, it is stored and managed.
• a public key for a certificate that cannot be leaked and requires maintenance, it is through a distributed database based on peer-to-peer network (P2P) rather than a server operated by a CA.
• P2P peer-to-peer network
• an authentication certificate issuing system based on a blockchain capable of performing an authentication process, and an authentication certificate issuing method based on a blockchain using the same, and an authentication certificate authentication system based on a blockchain It relates to a method for authenticating a certificate based on blockchain.
• an accredited certificate is electronic information issued by a certification authority (CA) for the purpose of verifying the user's identity when using services in various industries, and for preventing the forgery and alteration of documents or the denial of transaction facts. It shows the seal certificate for cyber transaction.
• CA certification authority
• These certificates include certificate version, certificate serial number, certificate validity period, issuer, user digital signature verification information, user name, identity verification information, digital signature method.
• PKI public key infrastructure
• the public key infrastructure refers to a user authentication system that encrypts transmission and reception data using a public key composed of encryption and decryption keys, and verifies the identity of a trader using a password possessed by an Internet user.
• the private key used as a key for decrypting the encrypted public key under the public key infrastructure is generated by an authorized certification authority (CA) that is not an individual user but provided to the user, it is not only exposed to the risk of hacking. Due to the soft token-based storage method, the user's private key exists as a file in a standardized storage location, which makes it easy to duplicate and automate the collection of the private key, leading to financial damage and theft of user information. For this reason, the certification authority (CA) that provides the generated private key to the user should build an accredited certificate issuing system in which a highly secure system is interlocked to block the hacking as much as possible. In addition, the operation and maintenance of the established certificate issuance system should be performed. Therefore, there was a problem that a large amount of issuance costs are caused when issuing a conventional public certificate.
• CA authorized certification authority
• the accredited certificate is available only when ActiveX is installed in advance for the purpose of additional security when performing the user authentication process through a web browser.
• ActiveX can be installed only by lowering the security level of the PC so that it can access resources such as files and registry of personal computers (hereinafter referred to as PCs). Due to the ActiveX installed mandatory to lower the user's PC security level, there was also a problem exposed to dangerous environments such as hacking.
• Each of the problems related to the accredited certificate is based on the blockchain based on the blockchain filed by the present applicant (see Patent Document 2), and the blockchain-based method for issuing the certificate and the method of issuing the certificate. It was solved through the public certificate authentication system and the public certificate authentication method based on the blockchain using the same.
• the gist is provided with a means for generating the public key for the public certificate and the private key for the public certificate directly from the user terminal operating the user, and the user terminal has a public key for the public certificate and the private key for the public certificate while the network is blocked.
• the private key for the public certificate is encrypted and stored together with the password and photo image specified by the user, thereby preventing external leakage of each key that may occur even in advance, and maintaining The public key required for the public certificate is operated by the CA.
• the public key for the public certificate and the private key for the public certificate are generated from the user terminal that is blocked from the network, and the private key for the public certificate together with the password and photo image designated by the user. It is more secure than plain text because it is encrypted and managed.
• the private key for public certificate is recorded in RAM memory as plain text at the moment of entering a password and selecting a picture image. Through the performance of memory dumps Using the certificate's private key for it implies the slightest risk that moment to be released.
• Patent Document 1 Korean Patent Office Publication No. 10-0411448 (Registration Date: December 03, 2003)
• Patent Document 2 Korean Patent Office Patent Application Publication No. 10-2015-0109320 (Application Date: August 03, 2015)
• the present invention is to solve the problems of the prior art, the object of the present invention is a private key for public authentication through a random number generator mounted on the terminal that can not be installed or installed a separate program physically connected to the system for viewing Because it is created and stored and managed by itself, it is impossible to leak private key for public certification, and in case of public key for public certificate that requires maintenance, it is not equivalent to server operated by CA.
• a highly secure system is interlocked to block as much as possible if hacking occurs because it is stored and managed in the blockchain of electronic wallets mounted on blockchain holding servers through a peer-to-peer network (P2P) based distributed database.
• P2P peer-to-peer network
• the public certificate issuing system based on the blockchain of the present invention is provided to a user in a state in which a private key for public authentication, which is a random value generated from a random number generator, is stored in a memory.
• An information leakage blocking terminal that operates an encryption engine in response to a request for transmitting a public key for a public certificate and generates a public key for a public certificate based on the private key stored in the memory and transmits the public key;
• a user terminal which is possessed by the user and transmits the personal information for issuing the blockchain-based official certificate, which is made up of the public key for the public certificate transmitted from the information leakage blocking terminal and the identification information of the user for issuing the blockchain-based public certificate;
• Request to create a transaction for recording a public key by collecting the specified user identification information corresponding to the predetermined user identification information among the identification information of the user that constitutes the hash information, the public key for the public certificate, and the personal information for issuing the blockchain-based public certificate
• a blockchain-based public certificate issuing request server for processing the signal and transmitting the same;
• public key recording transaction ID information used as a key value, wherein the public key recording transaction information is transmitted for recording, and the public key recording transaction ID information is stored and managed;
• the user identification hash information and the public key recording transaction ID information are hashed and processed into user verification hash information among information collected in the transaction creation request signal for key recording, and the processed user verification hash information is processed.
• the user verification transaction information of the generated information is transmitted for recording, the user verification transaction ID information is stored and managed, the transaction creation request for recording the public key
• the designated user identification information is a blockchain-based authorized certificate management server for storing and managing;
• the electronic wallet with a blockchain that authenticates the bitcoin payment by verifying the transmitted transaction information for the bitcoin payment and records the transaction information for the bitcoin payment according to the authentication is mounted.
• the process of issuing an accredited certificate by using an accredited certificate issuing system based on the blockchain includes a random number generator, and stores the information stored in the memory of a private key for public authentication, which is a random value generated from the random number generator. Acquiring the leakage blocking terminal by the user and connecting the obtained information leakage blocking terminal to the user terminal; In the user terminal, transmitting a blockchain-based official certificate issuing personal information consisting of identification information of a user required for issuing a blockchain-based public certificate to a blockchain-based public certificate issuing request server and requesting to issue a blockchain-based public certificate.
• Steps Relaying, by the user terminal, the transmitted public key for the public certificate to the blockchain-based public certificate issuing request server;
• the public key for the public certificate is relayed, and a hash processing engine is operated to hash the personal information for issuing the blockchain-based public certificate to be processed into user identification hash information.
• the designated user identification information is stored in a transaction search keyword information DB for each user among the information collected in the transaction generation request signal for recording the public key by operating a transaction processing engine.
• Generating public key recording transaction information including a public key for a public certificate and public key recording transaction ID information used as a key value for retrieving the public key recording transaction information;
• a hash processing engine is operated to hash the user identification hash information and the transaction ID information for recording the public key from among the information collected in the transaction creation request signal for recording the public key.
• the transaction processing engine is operated to transmit the transaction information for the public key recording to the blockchain holding servers for recording, and the user for the transaction ID information for the public key recording.
• Stores transaction search keyword information DB for each generates user verification transaction information including the user verification hash information and user verification transaction ID information used as a key value for searching the user verification transaction information, and generates the transaction information.
• Comprising, in the blockchain holding servers, the blockchain-based authorized certificate is issued by recording the transmitted public key recording transaction information and user verification transaction information on the blockchain.
• An authentication certificate authentication system based on a blockchain includes an information leakage blocking terminal equipped with a memory storing a decryption engine and a private key for authentication; A user terminal for requesting blockchain-based authorized authentication; It is equipped with a random number generator and an encryption engine, and in accordance with the blockchain-based authorized authentication request of the user terminal, the blockchain relaying the request for the blockchain-based authorized authentication by transmitting designated user identification information of the corresponding user operating the user terminal.
• Based certificate authentication request server Downloading public key recording transaction information and user verification transaction information by transmitting transaction ID information for public key recording and transaction ID information for user verification matching the designated user identification information transmitted from the blockchain-based public certificate authentication request server.
• Blockchain-based authorized certificate management server for requesting;
• the electronic wallet with a blockchain that authenticates the bitcoin payment by verifying the transmitted transaction information for the bitcoin payment and records the transaction information for the bitcoin payment according to the authentication is mounted.
• the electronic wallet also records the transaction information for the user verification including the public key recording transaction information including the public key for the public certificate and the user verification hash information, which is transmitted from the blockchain-based public certificate management server Matching the public key recording transaction ID information and the user verification transaction ID information with the electronic wallet, the block chain for transmitting the matching public key recording transaction information and user verification transaction information to the blockchain-based authorized certificate management server Server; consisting of, the blockchain-based public certificate management server is the Public key for public certificate and user verification hash information are extracted from public key recording transaction information and user verification transaction information transmitted from lockchain holding server, and the extracted public key for public certificate and user verification hash information and
• the certificate validation signal including the transaction ID information for recording the public key is transmitted to the blockchain-based public certificate authentication request server, and the blockchain-based public certificate authentication
• Hashing the transaction ID information for public key recording among the information included in the certificate validation signal Compute and process the user verification hash information for preparation, and the hash value of the user verification hash information among the information included in the certificate validation signal transmitted from the blockchain-based certificate management server and the verification user verification hash for the preparation. If each hash value is calculated by calculating the hash value of the information respectively, check the Internet communication protocol between the user terminals, and if the confirmed Internet communication protocol is http, the random number generator is operated by operating the random number generator.
• the control unit is relayed to the information leakage blocking terminal, and the information leakage blocking terminal is
• a decryption engine is operated to decrypt the relayed encrypted random session key and convert the encrypted random session key into a random session key based on the private key for public authentication stored in the memory, and transmit the same to a user terminal, thereby performing user authentication.
• the process of authenticating the authentication using the blockchain-based public certificate authentication system comprises the steps of requesting a blockchain-based public certificate by accessing a blockchain-based public certificate certificate request server from a user terminal.
• Wow In the blockchain-based public certificate authentication request server, extracts the designated user identification information of the user operating the user terminal from the user identification information DB for each member according to the blockchain-based public authentication request, and manages the blockchain-based public certificate Transmitting to a server;
• the public key recording transaction ID information and user verification transaction ID information matched by matching the designated user identification information transmitted from the blockchain-based authorized certificate management server with the transaction search keyword information DB for each user are transmitted to the blockchain holding server.
• the transmitted public key recording transaction ID information and user verification transaction ID information are matched with an electronic wallet, and the matching public key recording transaction information and user verification transaction information are based on the blockchain.
• the certificate validation signal including the public certificate for public certificate and the user verification hash information extracted from the transaction information and the public key record transaction ID information stored in the user-specific transaction search keyword information DB Transmitting to the blockchain-based authorized certificate authentication request server;
• the identification information of the user is extracted from the user identification information DB for each member, and a hash processing operation is performed by hashing the extracted user identification information to operate the hash processing engine.
• the Internet communication protocol between the user terminal and the blockchain-based authorized certificate authentication request server is http or https; If the internet communication protocol between the user terminal and the blockchain-based authorized certificate authentication request server is http, controlling the random chain generator to generate a random session key having a random value by operating a random number generator; ; In the blockchain-based public certificate authentication request server, an encryption engine is operated to encrypt the random session key using a public key for public certificate among information included in the certificate validation signal, and to convert the random session key into an encrypted random session key.
• a decryption engine is operated to decrypt the relayed encrypted random session key based on an authorized private key stored and managed in a memory to be converted to a random session key and transmitted to the user terminal. , Performing authentication of the user.
• An authentication certificate authentication system based on a blockchain includes: an information leakage blocking terminal having a memory storing a decryption engine and a private key for authentication; A user terminal for requesting blockchain-based authorized authentication; It is equipped with a random number generator and an encryption engine, and extracts the identification information of the corresponding user from the user identification information DB for each member according to the blockchain-based authorized authentication request of the user terminal, and hashes the extracted user identification information.
• a blockchain-based authorized certificate authentication request server which processes the cost-user identification hash information and transmits the processed user-prepared hash information and the designated user identification information of the corresponding user;
• the public key is received by matching the user identification hash information and the designated user identification information for the preparation from the blockchain-based authorized certificate authentication request server and matching the user identification information of the transmitted information with the transaction search keyword information DB for each user.
• a blockchain-based authorized certificate management server for transmitting the transaction ID information for recording and the transaction ID information for user verification and requesting the download of the public key recording transaction information and the user verification transaction information;
• the electronic wallet with a blockchain that authenticates the bitcoin payment by verifying the transmitted transaction information for the bitcoin payment and records the transaction information for the bitcoin payment according to the authentication is mounted.
• the electronic wallet also records the transaction information for the user verification including the public key recording transaction information including the public key for the public certificate and the user verification hash information, which is transmitted from the blockchain-based public certificate management server Matching the public key recording transaction ID information and the user verification transaction ID information with the electronic wallet, the block chain for transmitting the matching public key recording transaction information and user verification transaction information to the blockchain-based authorized certificate management server Server; consisting of, the blockchain-based public certificate management server, the The public key for public authentication and the user verification hash information are extracted from the public key recording transaction information and the user verification transaction information transmitted from the blockchain holding server, and the prepared contrast user identification hash information and the transaction for each user are extracted.
• the random session key is encrypted by using the public key for the public certificate and converted into an encrypted random session key and controlled to be relayed to the information leakage blocking terminal via the user terminal.
• the information leakage blocking terminal operates the decryption engine, controls the decryption of the encrypted random session key transmitted on the basis of the public key stored in the memory to be converted into a random session key, and transmits the same to the user terminal. Perform user authentication.
• a step of requesting a blockchain-based public certificate by accessing a blockchain-based public certificate authentication request server from a user terminal is performed.
• Wow In the blockchain-based public certificate authentication request server, extract the identification information of the user from the user identification information DB for each member according to the blockchain-based public authentication request, and hash the extracted user identification information by operating a hash processing engine.
• an encryption engine is operated to encrypt the random session key using a public key for public certificate among information included in the certificate validation signal, and to convert the random session key into an encrypted random session key.
• a decryption engine is operated to decrypt the relayed encrypted random session key based on an authorized private key stored and managed in a memory to be converted to a random session key and transmitted to the user terminal. , Performing authentication of the user.
• the private key for public authentication is generated and stored by itself through a random number generator mounted in a terminal that cannot be physically connected to the system or installed with a separate program, it is stored and managed.
• a public key for a certificate that cannot be leaked and requires maintenance, it is through a distributed database based on peer-to-peer network (P2P) rather than a server operated by a CA.
• P2P peer-to-peer network
• FIG. 1 is a block diagram showing a system for issuing an accredited certificate based on the blockchain of the present invention
• Figure 2 is a block diagram showing the detailed configuration of the information leakage blocking terminal of the configuration constituting the system for issuing a public certificate based on the blockchain of the present invention
• Figure 3 is a block diagram showing the detailed configuration of the blockchain-based authorized certificate issuing request server of the configuration constituting the system for issuing a public certificate based on the blockchain of the present invention
• Figure 4 is a block diagram showing the detailed configuration of the blockchain-based official certificate management server constituting the public certificate issuance system based on the blockchain of the present invention
• FIG. 5 is a view schematically showing a data structure of various transaction information divided into input data and output data
• FIG. 6 is a flowchart showing a process for issuing a blockchain-based accredited certificate using a system for issuing an accredited certificate based on the blockchain of the present invention.
• FIG. 7 is a block diagram showing a certificate authentication system based on the blockchain of the present invention.
• FIG. 8 is a block diagram showing the detailed configuration of the blockchain-based official certificate authentication request server among the components constituting the certificate authentication system based on the blockchain of the present invention
• 9 to 12 are flowcharts illustrating a process of authenticating a blockchain-based accredited certificate using an accredited certificate authentication system based on the blockchain of the present invention.
• 13 to 16 are flowcharts illustrating a method for authenticating a certificate based on a blockchain according to another embodiment.
• the present invention is largely divided into the issuance part of the public certificate based on the blockchain and the authentication part of the public certificate based on the blockchain.
• 1 to 6 relate to a system and a method for issuing an accredited certificate based on a blockchain which is an issuing part of an accredited certificate based on a blockchain.
• the certificate issuance system based on the blockchain of the present invention is largely information leakage blocking terminal 100, the user terminal 200, blockchain-based authorized certificate issuance request server 300, blockchain Based on the certificate management server 400 and the blockchain holding server (500).
• the information leakage blocking terminal 100 is a terminal capable of physically connecting and reading a system or installing a separate program.
• the private key for authentication is a random value through a random number generator 110 mounted therein. Since it is generated by itself and delivered to the user in the pre-stored state in the memory 120, when generating the public key for the public certificate by itself generated by the information leakage blocking terminal 100, the private key for public authentication leaks to the outside It is a terminal member that can be blocked in advance.
• the detailed configuration of the information leakage blocking terminal 100 to perform the function is a random number generator 110 to generate, the memory 120 is stored in the private key for authentication generated in the random number generator 110, the public certificate
• the encryption engine 130 and the random number generator 110, the memory 120, and the encryption engine 130 which generate the public key for the public certificate based on the private key stored in the memory 120 by the request for the public key for the public certificate.
• Control unit 150 for controlling the operation.
• the information leakage blocking terminal 100 performing such a function is a hack because the private information key for public authentication is generated and stored and provided to the user immediately after the information leakage blocking terminal 100 is manufactured.
• a terminal with high safety without risk currently provided puffs (PUFs) or tamper resistance hardware are applied.
• the user terminal 200 is held by the user receiving the aforementioned information leakage blocking terminal 100, and is required for issuing a blockchain-based authorized certificate together with the public key for the authentication certificate transmitted from the information leakage blocking terminal 100. It is a terminal member that transmits the personal information for issuing a blockchain-based public certificate consisting of identification information of the user to the blockchain-based public certificate issuing request server 300 described later.
• the personal information for issuing a blockchain-based public certificate is information including a user name, a user's date of birth, a user's telephone number, and a user's email.
• the user terminal 200 performing such a function is applied to various terminal members such as a personal computer (PC) or a smartphone, and the connection between the user terminal 200 and the information leakage blocking terminal 100 is BLE (Bluetooth Low Energy). , Wired and wireless communication such as Near Field Communication (NFC) and Universal Serial Bus (USB).
• BLE Bluetooth Low Energy
• Wired and wireless communication such as Near Field Communication (NFC) and Universal Serial Bus (USB).
• the user terminal 200 before the process of transmitting the personal information for issuing the blockchain-based public certificate to the blockchain-based public certificate issuance request server 300 to be described later, the user operating the user terminal 200 blockchain-based The user's information is recognized by performing a process of first checking whether the user's identification information is registered in the certificate issuance request server 300.
• the DB block 310 is mounted on the blockchain-based public certificate issuing request server 300 to be described later, and the identification information of the user who operates the user terminal 200 is mounted on the DB unit 310. It is stored, the user identification information DB 311 for each member is stored, the same user identification information is stored as the blockchain-based authorized certificate issuing personal information.
• the user terminal 200 transmits the personal information for issuing a blockchain-based public certificate to the blockchain-based public certificate issuing request server 300 to request a blockchain-based public certificate, and issuing a blockchain-based public certificate issuing server. If the matching information exists by matching the personal information for issuing the blockchain-based public certificate issuance with the user identification information DB 311 for each member (300), the key transmission guide signal for requesting the delivery of the public key for the public certificate Generate and transmit to the user terminal 200, the user terminal 200 relays the transmitted key transmission guide signal to the information leakage blocking terminal 100, the information leakage blocking terminal 100 is a key transmission guide signal When the relay is transmitted, the encryption engine 130 is operated to generate a public key for the public certificate based on the private key for public authentication stored and managed in the memory 120, and the user The terminal 200 transmits the transmitted public key to the blockchain-based authorized certificate issuing request server 300.
• the generation of the public key for public authentication and public certificate for public authentication is performed only in the information leakage blocking terminal 100, which cannot be physically connected to the system and installed in a separate program, or for the installation of a separate program. It completely blocks private key from leaking to the outside.
• the blockchain-based official certificate issuing request server 300 receives the public key for the public certificate and the personal information for issuing the blockchain-based official certificate from the user terminal 200, and hashes the personal information for issuing the blockchain-based official certificate.
• Designated user corresponding to the predetermined user's identification information among the user's identification information that is processed into the user identification hash information, and constitutes the user identification hash information, the public key for the certificate, and the personal information for issuing the blockchain-based certificate. It collects the identification information is processed into a transaction creation request signal for public key recording, and transmits it to the block chain-based public certificate management server 400 to be described later to transmit the server member.
• the designated user identification information may use a telephone number of the user, in particular, a telephone number of the mobile communication terminal.
• a hash processing engine 320 is mounted on the blockchain-based official certificate issuing request server 300.
• the hash processing engine 320 mounted on the blockchain-based official certificate issuing request server 300 performs a function of hashing the blockchain-based official certificate issuing personal information to process the user identification hash information.
• the blockchain-based authorized certificate issuing request server 300 performing the function may be operated in a bank.
• the blockchain-based public certificate management server 400 records a public key including a public key for public certificate among information collected in a transaction generation request signal for public key recording transaction transmitted from the blockchain-based public certificate issuance request server 300.
• Transaction information for public key recording used for retrieving the transaction information for the public key and the transaction information for the public key recording, and the transaction information for the public key recording among the generated information is transmitted for recording, and the public key recording.
• the transaction ID information is stored and managed, and the user identification hash information and the transaction ID information for public key recording are hashed among the information collected in the transaction creation request signal for public key recording, and processed into user verification hash information.
• User verification transaction information including processed user verification hash information and the user verification transaction information Generates transaction ID information for user verification, which is used as a key value for searching, transmits user verification transaction information for recording, stores and manages transaction ID information for user verification, and generates a transaction for public key recording.
• the designated user identification information among the information collected in the request signal is a member for storing and managing.
• the blockchain-based public certificate management server 400 includes a DB unit 410, a transaction processing engine 420, and a hash processing engine 430 having a user-specific transaction search keyword information DB 411. Include.
• the transaction processing engine 420 stores designated user identification information in the transaction search keyword information DB 411 for each user, and public key recording transaction information including the public key for a public certificate and the public key recording transaction. Generates transaction ID information for public key recording that is used as a key value to retrieve information.
• the hash processing engine 430 hashes the user identification hash information and the public key recording transaction ID information among the information collected in the public key recording transaction generation request signal, and processes the user identification hash information.
• the transaction processing engine 420 transmits the transaction information for the public key recording to the blockchain holding server 500 for recording, and the transaction search keyword information DB 411 for each user in the case of the transaction ID information for the public key recording. ), And generate user verification transaction information including user verification hash information and transaction identification information for user verification used as a key value for retrieving transaction verification information for the user verification, and for user verification among the generated information.
• the transaction information is transmitted to the blockchain holding server 500 for recording, and the transaction ID information for user verification is stored and managed in the user-specific transaction search keyword information DB 411.
• the blockchain-based official certificate management server 400 that performs these functions is required to perform public certification when using services such as servers operated by banks or securities companies, servers operated by government agencies, and servers operated by shopping malls performing Internet commerce.
• the vendor's server may be applied.
• the bitcoin payment transaction information recorded in the blockchain provided in the electronic wallet of the blockchain holding server 500 to be described later with reference to Figure 5a which the sender holds through the previous Bitcoin payment transaction information Bitcoin necessary to determine the validity of previous Bitcoin payment transaction ID information, remitter's Bitcoin usage right information, and Bitcoin usage right information used to identify the Bitcoin storage location
• the data includes a public key for payment, OP_DUP information for guiding a transaction for Bitcoin transactions, bitcoin amount remitted, and recipient identification information for identifying a recipient.
• the previous Bitcoin payment transaction ID information is information used as a key value to retrieve the previous Bitcoin payment transaction information.
• the sender's bitcoin usage authority information is the sender's digital signature information, and the sender corresponds to a user who remits bitcoin from previous transaction information for Bitcoin payment.
• the bitcoin payment transaction information data structure is divided into input data (ID) and output data (OD), the input data (ID), the previous bitcoin payment transaction ID information, the remitter's bitcoin usage rights information And the public key for bitcoin payment is stored separately, and the OP_DUP information, the bitcoin amount and the recipient identification information are stored separately in the output data (OD).
• the transaction information for the previously used bitcoin to be used among the amount of Bitcoin held by the remitter through the previous transaction information for bitcoin payment is used.
• Bitcoin payment transaction ID information the transaction information for the previously used bitcoin to be used among the amount of Bitcoin held by the remitter through the previous transaction information for bitcoin payment is used.
• Bitcoin payment transaction ID information the transaction information for the previously used bitcoin to be used among the amount of Bitcoin held by the remitter through the previous transaction information for bitcoin payment is used.
• Bitcoin payment transaction ID information Bitcoin use authority information of the remitter
• the public key of the public certificate for the certificate required for issuing a blockchain-based public certificate
• Public key registration cost information which is a cost required for registration
• OP_RETURN information for guiding that it is a transaction for information recording, not a transaction for bitcoin transactions, and data including the public key for the public certificate.
• the public key recording transaction information is divided into input data ID1 and output data OD1.
• the input data ID1 includes the previous Bitcoin payment transaction ID information and the remitter's authority to use Bitcoin.
• the information and the bitcoin payment public key and public key registration cost information are stored separately, and the output data OD1 stores the OP_RETURN information and the public certificate public key.
• the public key registration cost information is a cost paid to the miner who is involved in registering the public key recording transaction information in the blockchain provided in the electronic wallet of the blockchain holding servers 500, and it takes approximately 0.0001 bitcoins. do.
• the user verification hash registration cost information to be described later is a cost that is paid to the miner involved in enabling the user verification transaction information to be registered in the blockchain provided in the electronic wallet of the blockchain holding server 500.
• the transaction information for user verification is described with reference to FIG. 5C, and used to identify a storage location of the scheduled Bitcoin to be used among the amount of Bitcoin held by the remitter through the previous transaction information for Bitcoin payment.
• Registration of transaction ID information for Bitcoin payment, Bitcoin permission information of remitter, Bitcoin payment public key for determining validity of Bitcoin permission information, and user verification hash information for issuing blockchain-based public certificate
• User verification hash registration cost information which is the cost required to block
• blockchain-based authorized certificate destruction cost information which is the cost to be used to destroy the blockchain-based authentication information, which is a transaction for information recording, not a transaction for bitcoin transactions OP_RETURN information
• transaction information for the user verification is blockchain
• the blockchain-based authorized certificate discard reserve cost information corresponding to the blockchain-based authorized certificate discard reserve cost information is transferred to the designated Bitcoin address, bitcoin address for the reserve compared to the destruction and the corresponding blockchain
• the data includes the blockchain-based certification certificate destruction information and user verification hash information including the information on the transfer of the destruction
• the blockchain holding server 500 records the transaction verification information for the user and at the same time refers to the blockchain-based accredited certificate destruction information, and reserves the blockchain-based accredited certificate at the bitcoin address for stockpile compared to the designated discard. It records the information that the cost information has been transferred and charged and provides it as data to confirm the destruction of the blockchain-based accredited certificate later.
• the transaction information for user verification has a data structure divided into input data ID2 and output data OD2.
• the input data ID2 includes previous transaction ID information for bitcoin payment, bitcoin usage right information of a remitter, and Bitcoin payment public key
• blockchain-based accredited certificate destruction cost information and user verification hash registration cost information is stored separately
• the output data (OD2) OP_RETURN information, blockchain-based accredited certificate destruction information and user verification Hash information is stored separately.
• the blockchain holding server 500 is a device forming a bitcoin network that performs bitcoin payment through authentication and recording of the bitcoin payment during bitcoin payment.
• Bitcoin is a digital currency that can be paid for in kind created by Satoshi Nakamoto in 2009, and has no structure for issuing and managing currency. Instead, Bitcoin's transactions are made through a peer-to-peer network (P2P) based distributed database, which performs transactions based on public key cryptography.
• P2P peer-to-peer network
• Bitcoin having a payment method can be used without information such as a card number or expiration date and CCV number required for credit card payment, and there is an advantage in using a low fee.
• Bitcoin is stored in an electronic wallet, which is a file, and each electronic wallet is given a unique address (public address), and trading of Bitcoin is performed based on the address.
• a bitcoin user subscribes to a bitcoin exchange (eg, www.coinplug.com) and charges KRW corresponding to the won while opening an electronic wallet.
• a bitcoin exchange eg, www.coinplug.com
• the blockchain holding server 500 may be a server operated by the bitcoin exchange side as one member.
• an electronic wallet having a blockchain must be mounted on each blockchain holding server 500, and a bitcoin payment generated in accordance with general bitcoin payment on a blockchain by an electronic wallet of the blockchain holding server 500.
• the bitcoin payment is authenticated by verifying the received transaction information of the bitcoin, and the transaction information for the bitcoin payment is recorded according to the authentication, and the blockchain holding server of the next stage designated ( 500 to propagate transaction information for Bitcoin payment.
• the propagation of the transaction information for Bitcoin payment is promised by the communication protocol, and when the occurrence of the transaction information for Bitcoin payment, one node (here referred to as a blockchain holding server) is propagated to eight nodes designated. All blockchains equipped with an electronic wallet with a blockchain necessary to perform Bitcoin payments through pyramid propagation are repeatedly propagated to each of the eight designated nodes for each of the eight nodes receiving the transaction information for the Bitcoin payment. By propagating to the holding server 500, it is completed.
• the blockchain holding server 500 is equipped with an electronic wallet having a blockchain, a server (or terminal) operated by a miner for mining Bitcoin, or a user terminal for Bitcoin payment (for example, PC Or smartphone) can also be made up of one member.
• payments based on an electronic wallet equipped with a blockchain include Litecoin, Dark Coin, Namecoin, and Ceramic Coin. And ripple, etc., which may also be used as a substitute for performing a function such as bitcoin in the forgery verification of a certificate of a financial institution.
• the transaction information that is generated during bitcoin payment includes OP_RETURN (Operation Code RETURN) information and transmits it
• the electronic wallet of each blockchain holding server 500 is treated as private information instead of general bitcoin payment.
• the OP return information is recorded in the transaction information for verifying the certificate, and used as an important configuration for determining the forgery prevention of digital content.
• the OP_RETURN information reads the OP return message on the Bitcoin payment transaction information during the Bitcoin payment authentication in the electronic wallet of the blockchain holding server 500, the information that the OP return message is recorded Bitcoin transaction information It is used to inform that it is used as information to inform that it is an arbitrary 40 byte data value.
• the process of issuing a blockchain-based accredited certificate using the accredited certificate issuing system based on the blockchain of the present invention is as follows.
• the user visits the bank that operates the blockchain-based public certificate issuing request server 300, and the user's name, the date of birth, the user's phone number, the user's identification information such as the user's email, and the designated user identification information such as the user's phone number.
• the bank should operate the blockchain-based authorized certificate issuing request server 300 to database the user identification information and the designated user identification information provided by the member-specific user identification information DB (311).
• the bank operating the blockchain-based authorized certificate issuing request server 300 stores an information leakage blocking terminal in which a private key for authentication authentication, which is a random value generated from the random number generator 110, is stored and managed in the memory 120. 100).
• the information leakage blocking terminal 100 may be separately purchased and acquired by the user as well as the bank operating the blockchain-based authorized certificate issuing request server 300.
• the user connected to the acquired information leakage blocking terminal 100 to the user terminal 200 (S100) in the mobile dedicated app for guiding the issuance of a bitcoin-based authorized certificate mounted on the user terminal 200 (or dedicated) Program) to access the blockchain-based official certificate issuance request server 300, and then issue a blockchain-based official certificate for personal information for issuing a blockchain-based public certificate consisting of identification information of a user required for issuing a blockchain-based public certificate.
• Send to the request server 300 requests a blockchain-based authorized certificate issuance (S110).
• the blockchain-based authorized certificate issuing request server 300 is authorized in a state in which the user is recognized through matching information by matching the personal information for issuing the blockchain-based authorized certificate with the user identification information DB 311 for each member.
• a key delivery guide signal for requesting the delivery of the certificate public key is generated and transmitted to the user terminal 200 (S120).
• the user terminal 200 relays the transmitted key transmission guide signal to the information leakage blocking terminal 100 (S130).
• the encryption engine 130 is operated to generate a public key for the public certificate based on the private key for public authentication stored and managed in the memory 120. This is transmitted to the user terminal 200 (S140).
• the user terminal 200 relays the transmitted public certificate public key to the blockchain-based public certificate issuing request server 300 (S150).
• the blockchain-based public certificate issuance request server 300 When the blockchain-based public certificate issuance request server 300 receives the public key for the public certificate, it operates a hash processing engine 320 to hash the personal information for issuing the blockchain-based public certificate to process the user identification hash information.
• the public key record is collected by collecting the specified user identification information corresponding to the predetermined user identification information among the user identification information that forms the user identification hash information, the public key for the certificate, and the personal information for issuing the blockchain-based certificate. Process the transaction generation request signal for the blockchain-based official certificate management server 400 and transmits (S160).
• the blockchain-based authorized certificate management server 400 operates the transaction processing engine 420 to search the user-specific transaction search keyword information DB (user identification information) among the information collected in the transaction creation request signal for public key recording transmitted. 411), and generates public key recording transaction information including a public key for a public certificate and public key recording transaction ID information used as a key value to retrieve the public key recording transaction information (S170).
• the transaction processing engine 420 to search the user-specific transaction search keyword information DB (user identification information) among the information collected in the transaction creation request signal for public key recording transmitted. 411), and generates public key recording transaction information including a public key for a public certificate and public key recording transaction ID information used as a key value to retrieve the public key recording transaction information (S170).
• the blockchain-based authorized certificate management server 400 operates the hash processing engine 430 to hash user identification hash information and transaction ID information for public key recording among information collected in the transaction creation request signal for public key recording. Compute and process the user verification hash information (S180).
• the blockchain-based authorized certificate management server 400 operates the transaction processing engine 420 to transmit the transaction information for the public key recording to the blockchain holding server 500 for recording, and transmits the public key recording transaction.
• ID information the transaction search keyword information DB for each user is stored in the DB 411, and the transaction ID for user verification used as a key value for searching the user verification transaction information including the user verification hash information and the transaction verification information for the user verification.
• Management S190).
• the blockchain holding server 500 completes the issuance of a blockchain-based authorized certificate by recording the transmitted public key recording transaction information and user verification transaction information in the blockchain (S200).
• the blockchain-based official certificate management server 400 When the blockchain-based official certificate management server 400 completes the issuance of the blockchain-based official certificate (S200), the blockchain-based official certificate management server 400 notifies the user terminal 200 of the completion of the blockchain-based official certificate issuance (S210).
• And 9 to 12 relates to an authentication certificate authentication system and method based on the block chain, which is an authentication part of the authentication certificate based on the block chain.
• the certificate authentication system based on the blockchain of the present invention is an information leakage blocking terminal 100, a user terminal 200, a blockchain-based authorized certificate authentication request server 600, blockchain-based It consists of a certificate management server 400, the blockchain holding server 500.
• the information leakage blocking terminal 100 is a terminal that cannot be physically connected to the system and can be installed or installed with a separate program, and has a random value through the random number generator 110 mounted therein. Since the private key for authentication is generated by itself and delivered to the user in a state previously stored in the memory 120, when the public key for the public certificate is generated, the private key for public authentication is generated by itself. Is a terminal member that can block outflow to the outside in advance, there is no risk of hacking to provide a safe part to perform the certification part.
• the information leakage blocking terminal 100 is additionally mounted to the hash processing engine 140 and the decryption engine 160 to perform the authentication part authentication.
• the user terminal 200 is a terminal member for requesting blockchain-based authorized authentication.
• the blockchain-based authorized certificate authentication request server 600 is equipped with a random number generator 630 and an encryption engine 640, and operates the user terminal 200 according to the blockchain-based authorized authentication request of the user terminal 200. It is a server member that relays a request for blockchain-based authorized authentication by transmitting specified user identification information of a corresponding user.
• the blockchain-based authorized certificate authentication request server 600 designates a corresponding user who operates the user terminal 200 in the user identification information DB 611 according to the blockchain-based authorized authentication request of the user terminal 200. Extract user identification information, and transmit it to the blockchain-based authorized certificate management server (400).
• the blockchain-based public certificate management server 400 transmits transaction ID information for public key recording and transaction ID information for user verification matching with designated user identification information transmitted from the blockchain-based public certificate authentication request server 600.
• Server member for requesting the download of the transaction information for public key recording and transaction information for user verification.
• the transaction information for user verification if the blockchain-based official certificate destruction cost information and the user verification transaction information, which is the cost to be used to destroy the blockchain-based public certificate, are recorded in the blockchain of the blockchain holding server 500 The amount of the bitcoin address for stockpile and the blockchain-based accredited certificate destruction cost are displayed so that the blockchain-based accredited certificate destruction stock cost corresponding to the blockchain-based accredited certificate destruction stock cost is transferred to the designated bitcoin address. Includes information on transfer of waste reserves.
• the transaction processing engine 420 of the blockchain-based authorized certificate management server 400 extracts the bitcoin address for stockpile compared to the discarded stock cost, which is included in the discard stock cost transfer information, among the information included in the user verification transaction information, Generates a blockchain-based accredited certificate confirmation request signal that inquires whether the blockchain-based accredited certificate destruction cost has been transferred to the bitcoin amount charged to the bitcoin address for stockpile compared to the extracted discarded data.
• the blockchain holding server 500 is transmitted.
• the blockchain-based official certificate destruction request confirmation signal may be sent to a plurality of blockchain holding server 500 or to a predetermined blockchain holding server 500.
• the blockchain holding server 500 matches the blockchain with the Bitcoin address for stockpile compared to the discarded block included in the transmitted blockchain-based authorized certificate confirmation request signal, and charges the corresponding Bitcoin address for stockpile for the discarded match.
• the blockchain-based authorized certificate destruction guide signal for guiding whether or not the transfer of the blockchain-based accredited certificate storage reserve costs is transmitted to the blockchain-based accredited certificate management server (400).
• the transaction processing engine 420 of the blockchain-based certificate management server 400 transfers the blockchain-based certificate certificate storage cost charged to the bitcoin address for stockpiling for destruction by referring to the blockchain-based certificate destruction guide signal. If so, it performs a function of controlling to be notified to the user terminal 200 a message that the blockchain-based authentication process has been rejected.
• the blockchain-based authorized certificate management server 400 matches the designated user identification information with the transaction search keyword information DB 411 for each user, extracts the transaction ID information for the public key recording and the transaction ID information for the user verification, and the transaction.
• the processing engine 420 By operating the processing engine 420, the public key recording transaction information and the user verification transaction information from the public key for public authentication and user verification hash information is controlled to be extracted.
• the blockchain holding server 500 authenticates Bitcoin payment by verifying the transmitted Bitcoin payment transaction information when the transaction information for Bitcoin payment is transmitted, and the transaction information for Bitcoin payment is recorded according to the authentication.
• An electronic wallet having a block chain is mounted, and the electronic wallet also records transaction information for user verification including public key recording transaction information including a public key for public certificate and user verification hash information.
• the public key recording transaction ID information and the user verification transaction ID information transmitted from the chain-based public certificate management server 400 are matched with the electronic wallet, and the matching public key recording transaction information and the user verification transaction information are stored in the block. It is a member transmitting the chain-based public certificate management server (400).
• the blockchain-based public certificate management server 400 is disclosed in the public key record transaction information and user verification transaction transmitted from the blockchain-based public certificate management server 400 for the public certificate public certificate
• Block chain-based certificate authentication request server extracts the key and user verification hash information, and the certificate validation signal including the extracted public key for public certificate and user verification hash information and transaction ID information for public key recording. Send to 600.
• the blockchain-based public certificate authentication request server 600 extracts the identification information of the corresponding user from the user identification information DB 611 for each member, hashing the extracted user identification information to prepare for the user identification hash Information processing, hashing operation of the processed user identification hash information of the processed and public key recording transaction ID information among the information contained in the certificate validation signal transmitted from the blockchain-based public certificate management server 400 Process and process the user verification hash information for the provision, and the hash value of the user verification hash information among the information contained in the certificate validation signal transmitted from the blockchain-based certificate management server 400 and the user verification for the contrast
• the hash values of the time information are respectively calculated and both hash values are the same, the Internet communication protocol between the user terminals 200 is checked.
• the Internet communication protocol is a communication protocol used to transfer hypertext documents between a web server and a user's Internet browser on the Internet, and is divided into http (Hypertext Transfer Protocol) and https (Hypertext Transfer Protocol over Secure Socket Layer). The difference is whether the document is encrypted when it is delivered. In other words, http is delivered in plain text when delivering documents, and https is encrypted when delivering documents.
• the blockchain-based authorized certificate management server 400 operates a random number generator 630 when the Internet communication protocol between the user terminal 200 is http.
• the random session key which is a random value, is controlled to be generated, and the encryption engine 640 is operated to encrypt the random session key using the public key for the public certificate among the information included in the certificate validation signal, and convert the encrypted session into an encrypted random session key. This is controlled to be relayed to the information leakage blocking terminal 100 via the user terminal 200.
• the information leakage blocking terminal 100 operates the decryption engine 160 to control the decryption of the encrypted random session key relayed and transmitted based on the private authentication private key stored in the memory 120 to be converted into a random session key.
• the user terminal 200 By transmitting to the user terminal 200, it performs a user authentication to confirm that the user confirms that the user is a legitimate. That is, if there is no private key for public authentication in the information leakage blocking terminal 100 held by the user, the decryption process itself may not be performed, thereby proving that the user is a legitimate user.
• a random session key provided between the user terminal 200 and the blockchain-based authorized certificate authentication request server 600 is transmitted from the information leakage blocking terminal 100 under an environment where the Internet communication protocol is http. Since the encryption and decryption communication can be performed based on this, even if the private key for public authentication is exposed to the outside even after user authentication, it can be provided safely so that the public authentication can be performed based on the blockchain without the risk of hacking. have.
• the user terminal 200 may also be provided with an encryption engine and a decryption engine.
• the documents already transmitted through communication between the user terminal 200 and the blockchain-based public certificate authentication request server 600 are delivered in an encrypted state, and are decrypted and output. You only need to perform authentication.
• the blockchain-based authorized certificate management server 400 controls the random number data generator to generate random values by operating a random number generator 630 when the Internet communication protocol between the user terminals 200 is https, and the user terminal ( Control to be transmitted to the information leakage blocking terminal 100 via the 200.
• the information leakage blocking terminal 100 operates the hash processing engine 140 to hash the transmitted random number data to process it into random number hash information, and operates the encryption engine 130 to operate the authorized data stored in the memory 120.
• the random number hash information is encrypted based on the private key for authentication to be converted into encrypted random number hash information, and it is controlled to be relayed to the blockchain-based authorized certificate authentication request server 600 via the user terminal 200.
• the blockchain-based authorized certificate authentication request server 600 operates the hash processing engine 620 to hash the random number data having the same value as that transmitted to the information leakage blocking terminal 100 to process the random number hash information for the preparation. And decrypts the encrypted random number hash information relayed and transmitted based on the public key for the public certificate by controlling the decryption engine 650 to convert the random number hash information into a hash value of the converted random number hash information.
• User authentication is performed by calculating the hash values of the random number hash information for the comparison and confirming that both hash values are the same.
• the user can block the blockchain-based official certificate management server 400 corresponding to the remitter is issued blockchain-based official certificate.
• a transaction processing engine 420 is operated to search for the user-specific transaction search keyword information DB 411. Extract transaction ID information for user verification, and transmit it to the blockchain holding server 500.
• the blockchain holding server 500 transmits the user verification transaction information extracted by matching the transmitted user verification transaction ID information with the blockchain of the electronic wallet to the blockchain-based authorized certificate management server 400.
• the transaction processing engine 420 of the blockchain-based authorized certificate management server 400 receives transaction information for user verification, and transaction information for user verification is recorded when the transaction information for destroying the corresponding certificate is recorded in the blockchain holding server 500.
• Blockchain-based accredited certificate charged to the Bitcoin address for stockpiling for destruction, referring to the output data of OD2.
• Input data including the Bitcoin payment public key required to determine the validity of the multi-bitcoin usage rights information, including the right to use the blockchain-based authorized certificate destruction cost charged in the ( Blockchain-based accredited certificate charged to ID3) and Bitcoin address for stockpiling Generate the transaction information for destroying the certificate, which is divided into the output data (OD3) including the bitcoin address of the depositor to which the savings cost is remitted and the discarding cost collector identification information identifying the recipient, and the blockchain holding server 500 To send).
• OD3 including the Bitcoin address of the depositor to which the savings cost is remitted and the discarding cost collector identification information identifying the recipient
• the blockchain holding server 500 records the transaction information for destroying the transmitted public certificate on the blockchain to destroy the user's blockchain-based public certificate.
• the blockchain-based official certificate management server 400 if the certificate destruction signal is generated in the user terminal 200, and transmits the generated authentication certificate for transaction information to the user terminal 200 to request the electronic signature.
• the user terminal 200 operates the transaction signature engine 130, and digitally signs the transaction information for destroying the certificate to be transmitted to the blockchain-based authorized certificate management server 400.
• the blockchain-based official certificate management server 400 performs a function of controlling the transaction information for destroying the electronic certificate signed by the user transmitted from the user terminal 200 to the blockchain holding server 500. do.
• the electronic signature of the remitter corresponding to the blockchain-based official certificate management server 400 is operated by operating a transaction processing engine 420. It performs the function of controlling the discarded transaction information, so that the transaction information for discarding the authorized certificate digitally signed by the remitter is transmitted to the blockchain holding server 500.
• the authentication process of the blockchain-based accredited certificate using the accredited certificate authentication system based on the blockchain of the present invention is as follows.
• the user terminal 200 accesses the blockchain-based official certificate authentication request server 600 and requests a blockchain-based official certificate (S300).
• the blockchain-based authorized certificate authentication request server 600 identifies the designated user of the corresponding user who operates the user terminal 200 in the user identification information DB 611 for each member according to the blockchain-based authorized authentication request of the user terminal 200. Extract the information, and transmits it to the blockchain-based public certificate management server 400 (S310).
• the blockchain-based public certificate management server 400 matches the designated user identification information transmitted with the transaction search keyword information DB 411 for each user, and matches the transaction ID information for public key recording and the transaction ID information for user verification. Transmission to the holding server 500 requests the download of public key recording transaction information and user verification transaction information (S320).
• the blockchain holding server 500 matches the transmitted public key recording transaction ID information and user verification transaction ID information with the electronic wallet, and the matching public key recording transaction information and user verification transaction information is recognized on a block chain basis.
• the certificate management server 400 is transmitted (S330).
• the blockchain-based authorized certificate management server 400 operates a transaction processing engine 420 to extract bitcoin addresses for stockpiling versus discarding from discarding stock cost transfer information included in the transmitted user verification transaction information, and Generates a blockchain-based accredited certificate confirmation request signal that inquires whether the blockchain-based accredited certificate destruction cost has been transferred to the bitcoin amount charged to the reserved bitcoin address compared to the extracted discarded block.
• the chain holding server 500 transmits (S340).
• the blockchain holding server 500 matches the blockchain with the Bitcoin address for the reserve compared to the discarded block included in the transmitted blockchain-based authorized certificate confirmation request signal, and the block is filled in the corresponding Bitcoin address for the reserve compared to the discarded match.
• the blockchain-based authorized certificate destruction guide signal that guides the transfer of the chain-based official certificate destruction cost is transmitted to the blockchain-based official certificate management server 400 (S350).
• the transaction processing engine 420 of the blockchain-based official certificate management server 400 refers to the blockchain-based official certificate destruction guide signal transmitted, and the blockchain-based official certificate discarding cost charged to the bitcoin address for stockpiling for disposal.
• the public key for the public certificate and the user verification hash information are extracted from the transaction information for verification (S370).
• the blockchain-based public certificate management server 400 includes a certificate validity that includes public ID and extracted user verification hash information for the public certificate and transaction ID information for public key recording stored in the user-specific transaction search keyword information DB 411.
• the confirmation signal is transmitted to the blockchain-based official certificate authentication request server 600 (S380).
• the identification information of the user is extracted from the user identification information DB 611 for each member, and the hash processing engine 620 is operated to hash the extracted user identification information. Calculate and process the processed user identification hash information, and disclose the processed user identification hash information and the information included in the certificate validation signal transmitted from the blockchain-based authorized certificate authentication request server 600. Hashing the transaction ID information for key recording to process the user verification hash information for preparation (S390).
• the hash processing engine 620 of the blockchain-based public certificate authentication request server 600 hashes the user verification hash information among the information included in the certificate validation signal transmitted from the blockchain-based public certificate management server 400. Compute the hash value of the user verification hash information for each value and contrast, and check whether the hash values of both sides are the same (S400). First, if both hash values are not the same, block chain-based authorized authentication with the user terminal 200. A message indicating that the execution process is denied is controlled (S401).
• the blockchain-based public certificate authentication request server 600 calculates a hash value of the user verification hash information and a hash value of the contrasting user verification hash information, respectively, and if the calculated hash values are the same, the user terminal ( 200) and whether the Internet communication protocol between the blockchain-based public certificate authentication request server 600 is http or https (S410).
• the blockchain-based official certificate authentication request server 600 is a blockchain-based official certificate authentication request server 600 when the Internet communication protocol between the user terminal 200 and the blockchain-based official certificate authentication request server 600 is http.
• the random number generator 630 operates to generate a random session key having a random value (S420), and operates an encryption engine 640 to use a public key for a public certificate among information included in a certificate validation signal. Encrypting the random session key and converting the random session key into an encrypted random session key and transmitting the encrypted random session key to the user terminal 200 (S430);
• the user terminal 200 relays the transmitted encrypted random session key to the information leakage blocking terminal 100 connected in a wired or wireless manner (S440).
• the information leakage blocking terminal 100 operates the decryption engine 160, and controls the data to be converted into a random session key by decrypting the encrypted random session key relayed and transmitted based on the private key for public authentication stored in the memory 120, By transmitting this to the user terminal 200, the user is authenticated (S450).
• the blockchain-based official certificate authentication request server 600 operates a random number generator 630 when the Internet communication protocol between the user terminal 200 and the blockchain-based official certificate authentication request server 600 is https. Phosphorus random number data is controlled to be generated, and it is controlled to be transmitted to the information leakage blocking terminal 100 via the user terminal 200 (S460).
• the information leakage blocking terminal 100 operates the hash processing engine 140 to hash the transmitted random number data to process the random number hash information (S470), and operates the encryption engine 130 to operate the memory. Based on the private key for public authentication stored and managed in the 120, encrypts the random number hash information and converts it into encrypted random number hash information, and through the user terminal 200, the blockchain-based authorized certificate authentication request server 600 Control to be relayed to the transmission (S480).
• the blockchain-based official certificate authentication request server 600 operates a hash processing engine 620 to hash random data having the same value as that transmitted to the information leakage blocking terminal 100 to prepare random number hash information for preparation.
• Processing and processing the decryption engine 650 to decrypt the randomly transmitted encrypted random number hash information based on the public key for the public certificate and control the data to be converted into random number hash information, and hashing the converted random number hash information.
• the user authentication is performed by calculating the hash value of the random number hash information for the value and the contrast, and confirming that both hash values are the same (S490).
• the user terminal 200 transmits the generated certificate destruction signal to the blockchain-based authorized certificate management server 400 (S520). )do.
• the blockchain-based public certificate management server 400 extracts transaction ID information for user verification by matching the certificate destruction signal transmitted by operating the transaction processing engine 420 with the transaction search keyword information DB 411 for each user.
• the blockchain holding server 500 transmits (S530).
• the blockchain holding server 500 transmits the user verification transaction information extracted by matching the transmitted user verification transaction ID information with the blockchain of the electronic wallet to the blockchain-based authorized certificate management server 400 (S540).
• the transaction processing engine 420 of the blockchain-based certificate management server 400 receives transaction information for user verification, and the transaction information for destroying the certificate is recorded in the blockchain holding server 500 for user verification.
• Blockchain-based accredited certificate charged to the Bitcoin address for stockpiling for destruction by referring to the output data (OD2) of transaction information.
• Input containing multi-bitcoin authorization information including the right to use the blockchain-based authorized certificate destruction cost charged in the coin address, and the public key for bitcoin payment required to determine the validity of the multi-bitcoin usage authorization information
• Blockchain-based accredited person charged with data (ID3) and Bitcoin address for stocks to destroy Proof of destroying the certificate generates transaction information for destroying the certificate, which is divided into the output data (OD3) including the bitcoin address of the payee to which the remittance is stored and the discarding cost collector identification information identifying the payee, and the user terminal 200 By controlling the transmission to the information leakage blocking terminal 100 via the request for the electronic signature (S550).
• the information leakage blocking terminal 100 electronically signs transaction information for destroying a certificate that is transmitted by operating the encryption engine 130 and transmits it to the blockchain-based certificate management server 400 via the user terminal 200.
• the control is performed (S560).
• the blockchain-based public certificate management server 400 transmits (570) the transaction information for discarding the public certificate digitally signed by the user to be transmitted to the blockchain holding server 500.
• the blockchain holding server 500 records the transaction information for destroying the electronic certificate signed by the transmitted user in the blockchain (S580) and destroys the user's blockchain-based authorized certificate.
• a certificate destruction signal is generated requesting the destruction of the blockchain-based certificate is generated in the process of checking which of the user terminal 200 and the blockchain-based public certificate management server 400 is generated (S510)
• the certificate destruction signal requesting the destruction of the base certificate is generated in the blockchain-based authorized certificate management server 400
• the blockchain-based authorized certificate management server 400 operates a transaction processing engine 420 to perform transaction information for user verification.
• the blockchain holding server 500 records the transaction information for destroying the electronic certificate signed by the remitter transmitted (S512) in the blockchain to destroy the user's blockchain-based authorized certificate.
• Figures 13 to 16 is a view showing a method of authenticating a certificate based on a blockchain according to another embodiment of the present invention. Since the same is true, the drawings related to the authentication system are omitted.
• the authentication system and method based on the blockchain is different from the above-mentioned blockchain based authentication system and method, which is a process of confirming whether the correct public certificate is a valid user certificate.
• Each hash value calculation and determination portion of the hash information and the user verification hash information for contrast is to be performed in the blockchain-based public certificate authentication request server 600 or in the blockchain-based public certificate management server 400. It is the difference.
• the certificate authentication system based on the blockchain includes an information leakage blocking terminal 100 equipped with a memory 120 storing a decryption engine 160 and a private key for authentication authentication; A user terminal 200 for requesting blockchain-based authorized authentication; The random number generator 630 and the encryption engine 640 are mounted, and extracts identification information of the corresponding user from the user identification information DB 611 for each member according to the blockchain-based authorized authentication request of the user terminal 200, Block chain-based accredited certificate that hashes the extracted user's identification information and processes it into contrast user identification hash information, and transmits the processed contrast user identification hash information and the user's designated user identification information.
• An authentication request server 600 Receive the user identification hash information and the designated user identification information for the preparation from the blockchain-based authorized certificate authentication request server 600, and the designated user identification information among the transmitted information and the user-specific transaction search keyword information DB (411) and A blockchain-based authorized certificate management server 400 which transmits matching transaction ID information for public key recording and transaction verification information for user verification by requesting to download the transaction information for public key recording and transaction verification for user verification;
• the electronic wallet with a blockchain that authenticates the bitcoin payment by verifying the transmitted transaction information for the bitcoin payment and records the transaction information for the bitcoin payment according to the authentication is mounted.
• the electronic wallet has also recorded the transaction information for the user verification including the public key recording transaction information and the user verification hash information including the public key for the public certificate, the blockchain-based public certificate management server 400
• the block chain-based authorized certificate management server 400 matches the public key recording transaction ID information and the user verification transaction ID information transmitted from the electronic wallet with the electronic wallet, and matches the matching public key recording transaction information and the user verification transaction information.
• the server 400 extracts the public key and the user verification hash information for the public certificate from the public key recording transaction information and the user verification transaction information transmitted from the blockchain holding server 500, and the prepared contrast.
• the authentication method authentication method based on the blockchain is connected to the blockchain-based authorized certificate authentication request server 600 in the user terminal 200 to request a blockchain-based authorized authentication Step S600;
• the blockchain-based official certificate authentication request server 600 the identification information of the corresponding user is extracted from the user identification information DB 611 for each member according to the blockchain-based official authentication request, and the hash processing engine 620 is operated. Hashing the extracted user's identification information and processing it into contrast user identification hash information, and the processed contrast user identification hash information and the designated user identification information of the user are the blockchain-based authorized certificate management server.
• the blockchain-based authorized certificate management server 400 receives the provisioning user identification hash information and the designated user identification information, and among the transmitted information, the designated user identification information for each user transaction search keyword information DB (411) and Transmitting the matching public ID recording transaction ID information and the user verification transaction ID information by matching to the blockchain holding server 500 to request the download of the public key recording transaction information and the user verification transaction information (S620).
• the transmitted public key recording transaction ID information and user verification transaction ID information are matched with an electronic wallet, and the matched public key recording transaction information and user verification transaction information are read.
• Transmitting to the blockchain-based authorized certificate management server 400 (S630); Operating the transaction processing engine 420 in the blockchain-based public certificate management server 400, and the public key for public certificate and user verification hash information from the transmitted public key recording transaction information and user verification transaction information. Extracting (S670); Operating the hash processing engine 430 in the blockchain-based authorized certificate management server 400, for recording the public key stored in the prepared contrasting user identification hash information and the user-specific transaction search keyword information DB (411) Hashing the transaction ID information and processing the transaction ID information into the verification user verification hash information (S680); In the hash processing engine 430 of the blockchain-based authorized certificate management server 400, the hash value of the extracted user verification hash information and the hash value of the processed user verification hash information are respectively calculated.
• an encryption engine 640 operates an encryption random session by encrypting the random session key using a public key for public certificate among information included in the certificate validation signal. Converting it to a key and transmitting it to the user terminal 200 (S730);
• the information leakage blocking terminal 100 operates the decryption engine 160 to decrypt the relayed encrypted random session key based on an authorized private key stored and managed in the memory 120 to be converted into a random session key.
• the authentication of the user S750;
• control unit 160,650 decryption engine

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Business, Economics & Management (AREA)
• Signal Processing (AREA)
• Computer Networks & Wireless Communication (AREA)
• Theoretical Computer Science (AREA)
• Accounting & Taxation (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Finance (AREA)
• Computing Systems (AREA)
• Databases & Information Systems (AREA)
• Power Engineering (AREA)
• Data Mining & Analysis (AREA)
• General Engineering & Computer Science (AREA)
• Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
• Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Description

Claims (45)

Priority Applications (4)

Applications Claiming Priority (2)

Publications (1)

Family

ID=56504639

Family Applications (1)

Country Status (6)

Cited By (27)

Families Citing this family (177)

Citations (4)

Family Cites Families (10)

• 2015
  • 2015-10-16 KR KR1020150144803A patent/KR101637854B1/ko active Active
• 2016
  • 2016-07-07 EP EP16855607.4A patent/EP3364351A4/en not_active Withdrawn
  • 2016-07-07 CN CN201680074522.3A patent/CN108369697B/zh active Active
  • 2016-07-07 WO PCT/KR2016/007342 patent/WO2017065389A1/ko active Application Filing
  • 2016-07-07 US US15/768,576 patent/US10885501B2/en active Active
  • 2016-07-07 CA CA3017893A patent/CA3017893C/en active Active

Patent Citations (4)

Non-Patent Citations (2)

Also Published As

Similar Documents

Legal Events