WO2018124857A1

WO2018124857A1 - Blockchain database-based method and terminal for authenticating user non-face-to-face by utilizing mobile id, and server utilizing method and terminal

Info

Publication number: WO2018124857A1
Application number: PCT/KR2018/000065
Authority: WO
Inventors: 박종은; 현상훈; 송주한; 이준섭; 어준선; 홍재우
Original assignee: 주식회사 코인플러그
Priority date: 2017-01-02
Filing date: 2018-01-02
Publication date: 2018-07-05
Also published as: KR101877333B1; KR20180079805A

Abstract

The present invention, with respect to a method for executing a non-face-to-face authentication by utilizing a mobile ID, is characterized in that, in the state in which a user authentication certificate is registered in a blockchain database and a transaction ID corresponding thereto is being managed, an authentication server, when a mobile ID authentication request data is acquired, confirms the user authentication certificate, supports so that a non-face-to-face authentication is requested by a user terminal from a service server, and transmits results of the particular mobile ID verification, which is in accordance with whether a user signature value is valid, to the service server, thus supporting so that the verification results are referenced by the service server to execute a non-face-to-face authentication of the user.

Description

Method for non-face-to-face authentication using a blockchain-based mobile ID, terminal, and server using the same

The present invention relates to a method for non-face-to-face authentication of a user using a blockchain-based mobile ID, a terminal, and a server using the same. More specifically, a user certificate is registered in a blockchain database and a blockchain transaction ID corresponding thereto. In the state of managing, if the mobile ID authentication request information of the user is obtained from the user terminal in response to the user's specific mobile ID selection for non-face-to-face authentication, a blockchain transaction corresponding to the user's public key or the user identification information Check the user certificate registered in the blockchain database with reference to the ID, and if the user certificate is confirmed, by supporting or transmitting the verification means value to the user terminal, the user terminal to sign the verification means value with the user's private key One user Supports non-face-to-face authentication with the service server using the signature value, the verification target ID which is the ID of the user who signed the verification means value, and the non-face-to-face authentication request information including the user information. When the verification request information is obtained, the user signature value is checked using the public key of the user certificate corresponding to the verification target ID, and the verification result of the specific mobile ID according to the validity is sent to the service server. By transmitting or transmitting, a method of non-face-to-face authentication of a user using a blockchain-based mobile ID that enables the service server to perform non-face-to-face authentication of a user by referring to the verification result, and to a terminal and a server using the same. It is about.

Due to the continuous development of information and communication technology, financial transactions previously made through face-to-face authentication have recently been transferred to face-to-face financial transactions using non-face-to-face authentication based on wired communication networks or wired communication networks.

On the other hand, non-face-to-face financial transactions, due to the non-face-to-face authentication characteristics of all financial transactions including funds withdrawal and transfer, non-face-to-face financial channels, browser vulnerabilities, communication network security vulnerabilities, Numerous security features such as keyboard hacking security, security card, and one time password (OTP) have been added, but the conventional security functions are exposed when security information is exposed through memory hacking or sniffing on the customer's network. In addition, it is difficult to detect even if the user requests to transfer a large amount of funds to the hacker's account by changing some of the information transmitted and received through the communication network, and the transaction request is converted into a normal transaction request by the manipulation information as described above. Contains the problem to handle.

The present invention aims to solve all the above-mentioned problems.

In addition, another object of the present invention is to provide a method, a terminal, and a server to which copying or forgery is impossible using a blockchain-based mobile ID.

In addition, another object of the present invention is to provide a method, a terminal, and a server for securing a user certificate according to a mobile ID by using a hash function and an encryption technique, and for ensuring that the forgery / modulation is impossible.

In another aspect, the present invention is to provide a method, a terminal and a server that can prevent the problem due to user information theft because the user is verified and authenticated through a one-time verification means value.

Representative configuration of the present invention for achieving the above object is as follows.

According to an embodiment of the present invention, a method for performing non-face-to-face authentication using a mobile ID, comprising: (a) a public key of a user, user identification information for identifying the user, and user information of the user; In the state of registering a user certificate including a hash value of a user information hash value in a blockchain database and managing a blockchain transaction ID corresponding thereto, the user terminal corresponding to a specific mobile ID selection of the user for non-face-to-face authentication When the mobile ID authentication request information including the user's public key or the user identification information is obtained from the authentication server, the authentication server refers to the blockchain transaction ID corresponding to the user's public key or the user identification information. Use of the above registered in the chain database Steps to verify the certificate; (b) if the user certificate for the user is verified, the authentication server supports or sends the verification means value to the user terminal, thereby causing the user terminal to sign the verification means value with the private key of the user. Supporting a non-face-to-face authentication request with a service server using a user signature value, a verification target ID which is an ID for the user who signed the verification means value, and non-face-to-face authentication request information including the user information; And (c) when the verification request information for the specific mobile ID including the user signature value and the verification target ID is obtained from the service server, the authentication server determines that the verification of the user certificate corresponding to the verification target ID is performed. By checking the validity of the user signature value using the user's public key, and supporting or transmitting the verification result for the specific mobile ID according to the confirmed user signature value to the service server, Assisting a service server to perform non-face-to-face authentication for the user with reference to the verification result; There is provided a method comprising a.

In addition, according to an embodiment of the present invention, in a method for performing non-face-to-face authentication using a mobile ID, (a) a verification means value obtained by the user terminal from the authentication server-the verification means value is a public of the user A user certificate including a key, user identification information for identifying the user, and a user information hash value that is a hash value for the user information of the user is registered in a blockchain database and manages a corresponding blockchain transaction ID. In the state, the authentication server is the blockchain corresponding to the user's public key or the user identification information included in the mobile ID authentication request information obtained from the user terminal in response to the specific mobile ID selection of the user for non-face-to-face authentication The blockchain database with reference to the transaction ID Confirming the user certificate registered to the user, and if the user certificate for the user is confirmed, to transmit to the user terminal-the user signature value signed with the user's private key, for the user who signed the verification means value Obtaining, by the service server, the non-face-to-face authentication request information received from the user terminal when a non-face-to-face authentication request is made using a verification target ID which is an ID and non-face-to-face authentication request information including the user information; (b) the service server, by sending the verification request information for the specific mobile ID, wherein the verification request information includes the user signature value and the verification target ID, to the authentication server, thereby causing the authentication server to perform the verification. Confirming whether the user signature value is valid using the public key of the user of the user certificate corresponding to the verification target ID, and verifying the verification result for the specific mobile ID according to the validity of the confirmed user signature value Supporting transmission to the service server; And (c) when a verification result for the specific mobile ID is obtained from the authentication server, the service server performs a non-face-to-face authentication with respect to the user with reference to the verification result, and performs the non-face-to-face authentication result. Supporting or transmitting to the user terminal; There is provided a method comprising a.

In addition, according to an embodiment of the present invention, in a method for performing non-face-to-face authentication using a mobile ID, (a) generates and stores a user's public key and the user's private key, and the user's public A user certificate including a key, user identification information for identifying the user, and a user information hash value that is a hash value for the user information of the user, to be registered in a blockchain database, the user certificate corresponding to the registered user certificate In the state where the mobile ID is being managed, when a specific mobile ID is selected by the user for non-face-to-face authentication, the user terminal requests a mobile ID authentication request including the user's public key or the user identification information. By sending the information to the authentication server, Step support with reference to the gold chain block transaction identifier corresponding to the public key or the user identification information of the user to determine the user certificate registered in the database, wherein the block chain; And (b) if a verification means value is obtained from the authentication server in response to the verification of the user certificate for the user, the user terminal signing the verification means value with the private key of the user, the verification By requesting a non-face-to-face authentication to the service server using the verification target ID, which is an ID for the user who signed the means value, and non-face-to-face authentication request information including the user information, the service server causes the user server to verify the user signature value and the verification. The verification request for the specific mobile ID is requested to the authentication server using the verification request information for the specific mobile ID including a target ID, and the user is referred to the verification result for the specific mobile ID received from the authentication server. Assisting to perform non-face-to-face authentication for; There is provided a method comprising a.

Further, according to another embodiment of the present invention, in a method for performing non-face-to-face authentication using a mobile ID, (a) a user's public key, user identification information for identifying the user, and user information of the user Responding to the non-face-to-face authentication information input signal of the user through the service web while registering a user certificate including a user information hash value, which is a hash value for, in a blockchain database and managing a corresponding blockchain transaction ID When the user identification information for the non-face-to-face authentication is obtained from a service server, the authentication server supports (i) transmitting or transmitting a selection request signal for the mobile ID to a user terminal corresponding to the user identification information. , (ii) the user from the user terminal a specific mobile ID When the mobile ID authentication request information corresponding to the selection is obtained, checking the user certificate registered in the blockchain database by referring to the public key of the user or the blockchain transaction ID corresponding to the user identification information; (b) (i) if the user certificate for the user is verified, the authentication server supports or transmits a verification means value to the user terminal, and (ii) sends the verification means value from the user terminal. When the non-face-to-face authentication request information including the user signature value signed with the user's private key, the verification target ID which is the ID for the user who signed the verification means value, and the user information is obtained, the authentication server determines that the Supporting the service server to transmit the non-face-to-face authentication request information to the service web by supporting, or transmitting, the face-to-face authentication request information to the service server; And (c) when verification request information for the specific mobile ID including the user signature value and the verification target ID is obtained from the service server in response to the non-face-to-face authentication request signal of the user through the service web, The authentication server checks whether the user signature value is valid using the public key of the user of the user certificate corresponding to the verification target ID, and checks the specific mobile ID according to whether the verified user signature value is valid. Supporting the service server to perform non-face-to-face authentication with respect to the user by referring to the verification result by supporting or transmitting the verification result to the service server; There is provided a method comprising a.

Further, according to another embodiment of the present invention, in a method for performing non-face-to-face authentication using a mobile ID, (a) the user's public key by the authentication server, user identification information for identifying the user, and In a state where a user certificate including a user information hash value, which is a hash value of a user's user information, is registered in the blockchain database and a corresponding blockchain transaction ID is managed, the service server may be configured to perform the user's service through the service web. By transmitting the user identification information for the non-face-to-face authentication to the authentication server in response to the non-face-to-face authentication information input signal, the authentication server (i) to the user terminal corresponding to the user identification information for the mobile ID Support to transmit a selection request signal, and (ii) from the user terminal When the mobile ID authentication request information corresponding to the user selects a specific mobile ID is obtained, the mobile terminal is registered in the blockchain database with reference to the blockchain transaction ID corresponding to the user's public key or the user identification information. Assisting in verifying a user certificate; (b) the user certificate for the user is verified to support the authentication server to (i) transmit or transmit verification means values to the user terminal, and (ii) send the verification means values from the user terminal to the user. When the non-face-to-face authentication request information including the user signature value signed with the private key, the verification target ID which is the ID for the user who signed the verification means value, and the user information is transmitted and the non-face-to-face authentication request information is transmitted, Acquiring, by the service server, the non-face-to-face authentication request information transmitted from the authentication server, and transmitting or transmitting the obtained non-face-to-face authentication request information to a service web; (c) when the user transmits a non-face-to-face authentication request signal using the non-face-to-face authentication request information through the service web, the service server responds to the non-face-to-face authentication request signal and the user signature value and the verification. By supporting or transmitting the verification request information for the specific mobile ID including the target ID to the authentication server, the authentication server uses the public key of the user of the user certificate corresponding to the verification target ID. Confirming whether the user signature value is valid and supporting or transmitting a verification result for the specific mobile ID according to the confirmed user signature value to the service server; And (d) when the verification result for the specific mobile ID is obtained from the authentication server, performing, by the service server, non-face-to-face authentication with respect to the user with reference to the verification result; There is provided a method comprising a.

Further, according to another embodiment of the present invention, in a method for performing non-face-to-face authentication using a mobile ID, (a) generates and stores a user's public key and the user's private key, and the user's public Register a user certificate including a key, user identification information for identifying the user, and a user information hash value that is a hash value for the user information of the user in a blockchain database, wherein the user certificate corresponds to the registered user certificate. In the state of managing a mobile ID, in response to the user identification information for the non-face-to-face authentication from the service server corresponding to the non-face-to-face authentication information input signal of the user through the service web for the mobile ID from the authentication server When the selection request signal is obtained, the user terminal, the user Transmitting the mobile ID authentication request information corresponding to the specific mobile ID selection by the authentication server to cause the authentication server to refer to the blockchain transaction ID corresponding to the public key of the user or the user identification information. Assisting in verifying the user certificate registered in the chain database; And (b) if a verification means value is obtained from the authentication server in response to the verification of the user certificate for the user, the user terminal signing the verification means value with the private key of the user, the verification Supporting or transmitting the non-face-to-face authentication request information including the verification target ID, which is an ID for the user who signed the means value, and the user information to the authentication server, thereby causing the authentication server to (i) the non-face-to-face. Authentication request information is transmitted to the service web through the service server, and (ii) the user signature value and the verification received from the service server in response to a non-face-to-face authentication request signal of the user via the service web. Validation request information for the specific mobile ID including the target ID is captured And, if the user signature value is valid using the public key of the user of the user certificate corresponding to the verification target ID, (iii) the identification according to whether the checked user signature value is valid. Transmitting a verification result for a mobile ID to the service server so that the service server can perform non-face-to-face authentication with respect to the user with reference to the verification result; There is provided a method comprising a.

In addition, according to an embodiment of the present invention, in an authentication server performing non-face-to-face authentication using a mobile ID, a public key of a user, user identification information for identifying the user, and user information of the user In the state of registering a user certificate including a hash value of a user information hash value in a blockchain database and managing a blockchain transaction ID corresponding thereto, the user terminal corresponding to a specific mobile ID selection of the user for non-face-to-face authentication A communication unit for obtaining mobile ID authentication request information including the public key of the user or the user identification information from the communication unit; And checking the user certificate registered in the blockchain database with reference to the blockchain transaction ID corresponding to the user's public key or the user identification information, and if the user certificate for the user is verified, a verification means value. By transmitting or transmitting the user terminal to the user terminal, the user signature value of signing the verification means value with the private key of the user, a verification target ID which is an ID for the user who signed the verification means value, and A process for supporting a non-face-to-face authentication request to a service server using non-face-to-face authentication request information including the user information, and for the specific mobile ID including the user signature value and the verification target ID from the service server. The verification request information If so, the user signature value is checked using a public key of the user of the user certificate corresponding to the verification target ID, and for the specific mobile ID according to whether the checked user signature value is valid. A processor that performs a process of supporting or transmitting a verification result to the service server, thereby enabling the service server to perform non-face-to-face authentication with respect to the user with reference to the verification result; An authentication server comprising a is provided.

Further, according to an embodiment of the present invention, in a service server performing non-face-to-face authentication using a mobile ID, a verification means value obtained by the user terminal from the authentication server-the verification means value is a public key of the user, In a state in which a user certificate including user identification information for identifying the user and a user information hash value that is a hash value of the user information of the user is registered in a blockchain database and a blockchain transaction ID corresponding thereto is managed. The blockchain transaction ID corresponding to the public key of the user or the user identification information included in the mobile ID authentication request information obtained from the user terminal in response to selection of a specific mobile ID of the user for non-face-to-face authentication. The blockchain data with reference to Confirming the user certificate registered in e-mail, and transmitting the user certificate to the user terminal when the user certificate for the user is confirmed-to the user who signed the private key of the user and the verification means value. A communication unit that obtains the non-face-to-face authentication request information received from the user terminal when the non-face-to-face authentication request is made using a verification target ID which is a user ID and a non-face-to-face authentication request information including the user information; And the verification request information for the specific mobile ID, wherein the verification request information includes the user signature value and the verification target ID, so that the authentication server corresponds to the verification target ID. Confirming whether the user signature value is valid using the public key of the user of the user certificate, and supporting a verification result for the specific mobile ID according to the verified user signature value to be transmitted to the service server Process, and when the verification result for the specific mobile ID is obtained from the authentication server, perform non-face-to-face authentication with respect to the user with reference to the verification result, and transmit the performed non-face-to-face authentication result to the user terminal. The program that performs the process that supports the transfer. Processors; There is provided a service server comprising a.

In addition, according to an embodiment of the present invention, in a user terminal performing non-face-to-face authentication using a mobile ID, a user's public key and a user's private key are generated and stored, and the user's public key, The user certificate including user identification information for identifying the user, and a user information hash value that is a hash value for the user information of the user is registered in a blockchain database, and the mobile corresponding to the registered user certificate. In the state of managing an ID, when a specific mobile ID is selected by the user for non-face-to-face authentication, the mobile ID authentication request information including the user's public key or the user identification information is transmitted to an authentication server. Thereby causing the authentication server to A user public key or the communication unit by referring to the block chain transaction identifier corresponding to the user identification information to check for support of the user certificate registered in the database of the chain block; And when a verification means value is obtained from the authentication server in response to the verification of the user certificate for the user, a user signature value of signing the verification means value with the private key of the user, and for the user who signed the verification means value. By requesting a non-face-to-face authentication to the service server using the non-face-to-face authentication request information including the verification target ID and the user information, the service server causes the service server to include the user signature value and the verification target ID. Request verification of the specific mobile ID to the authentication server by using verification request information for the ID, and perform non-face-to-face authentication with respect to the user by referring to the verification result of the specific mobile ID received from the authentication server. Supporting processor; There is provided a user terminal comprising a.

In addition, according to another embodiment of the present invention, in the authentication server to perform a non-face-to-face authentication using a mobile ID, a public key of the user, user identification information for identifying the user, and the user information of the user In response to a user certificate including a hash value of a user information being a hash value registered in a blockchain database and managing a blockchain transaction ID corresponding thereto, a service corresponding to a non-face-to-face authentication information input signal of the user through a service web A communication unit for obtaining the user identification information for the non-face-to-face authentication from a server; And (i) supporting or transmitting a selection request signal for the mobile ID to a user terminal corresponding to the user identification information, and (ii) the mobile corresponding to the user selecting a specific mobile ID from the user terminal. A process of verifying the user certificate registered in the blockchain database with reference to the blockchain transaction ID corresponding to the public key of the user or the user identification information when the ID authentication request information is obtained, (i) to the user When the user certificate is verified, the verification means value is transmitted or transmitted to the user terminal, and (ii) the user signature value signed by the user's private key with the verification means value from the user terminal, the verification means value. Verification vs. ID for the user who signed the When the non-face-to-face authentication request information including the ID and the user information is obtained, the non-face-to-face authentication request information is supported or transmitted to the service server so that the service server requests the non-face-to-face authentication request to the service web. A process for supporting information, and verification request information for the specific mobile ID including the user signature value and the verification target ID from the service server in response to a non-face-to-face authentication request signal of the user through the service web; Is obtained, confirming whether the user signature value is valid using the public key of the user of the user certificate corresponding to the verification target ID, and checking the specific mobile ID according to whether the confirmed user signature value is valid. Verification results for the service server A processor for supporting the service server to perform non-face-to-face authentication with respect to the user by referring to the verification result; An authentication server comprising a is provided.

Further, according to another embodiment of the present invention, in a service server performing non-face-to-face authentication using a mobile ID, the public server of the user, the user identification information for identifying the user, and the user's by the authentication server The user's non-face-to-face authentication information input signal through the service web while a user certificate including a user information hash value, which is a hash value for user information, is registered in the blockchain database and a corresponding blockchain transaction ID is managed. Correspondingly transmitting the user identification information for the non-face-to-face authentication to the authentication server, thereby causing the authentication server to (i) transmit a selection request signal for the mobile ID to the user terminal corresponding to the user identification information. (Ii) the use from the user terminal When the mobile ID authentication request information corresponding to selecting a specific mobile ID is obtained, the user certificate registered in the blockchain database with reference to the blockchain transaction ID corresponding to the user's public key or the user identification information Communication unit to support to confirm; And the user certificate for the user is verified to support the authentication server to (i) transmit or transmit a verification means value to the user terminal, and (ii) convert the verification means value from the user terminal to the user's private key. When the non-face-to-face authentication request information including a signed user signature value, a verification target ID which is an ID for the user who signed the verification means value, and the user information is transmitted and the non-face-to-face authentication request information is transmitted, the authentication is performed. Obtaining the non-face-to-face authentication request information transmitted from a server, and supporting or transmitting the obtained non-face-to-face authentication request information to a service web, wherein the user uses the non-face-to-face authentication request information through the service web. When the non-face-to-face authentication request signal is transmitted, the non-face-to-face authentication request signal is transmitted. In response to the verification server transmitting or transmitting verification request information for the specific mobile ID including the user signature value and the verification target ID to the authentication server, thereby causing the authentication server to perform the verification of the user certificate corresponding to the verification target ID. A process of confirming whether the user signature value is valid using the public key of the user, and transmitting or transmitting a verification result for the specific mobile ID according to the confirmed user signature value to the service server; And a processor for performing a process of performing non-face-to-face authentication with respect to the user by referring to the verification result when the verification result for the specific mobile ID is obtained from the authentication server. There is provided a service server comprising a.

Further, according to another embodiment of the present invention, in a user terminal performing non-face-to-face authentication using a mobile ID, the user's public key and the user's private key are generated and stored, and the user's public key, The user certificate including user identification information for identifying the user and a user information hash value that is a hash value of the user information of the user is registered in a blockchain database, and the mobile ID corresponding to the registered user certificate. In the state of managing, the request for selection of the mobile ID from the authentication server in response to the user identification information for the non-face-to-face authentication from the service server corresponding to the non-face-to-face authentication information input signal of the user through the service web A communication unit for obtaining a signal; And transmitting the mobile ID authentication request information corresponding to the specific mobile ID selection by the user to the authentication server, thereby causing the authentication server to refer to the blockchain transaction ID corresponding to the user's public key or the user identification information. And a verification means value obtained from the authentication server in response to the verification of the user certificate registered in the blockchain database, and the verification of the user certificate for the user. By transmitting or transmitting the non-face-to-face authentication request information including the user signature value signed with the private key, the verification target ID which is the ID for the user who signed the verification means value, and the user information, to the authentication server, As an authentication server (I) the non-face-to-face authentication request information is transmitted to the service web through the service server, and (ii) received from the service server in response to the non-face-to-face authentication request signal of the user through the service web. When the verification request information for the specific mobile ID including the user signature value and the verification target ID is obtained, validity of the user signature value using the public key of the user of the user certificate corresponding to the verification target ID is obtained. And (iii) transmitting a verification result for the specific mobile ID according to whether the verified user signature value is valid to the service server so that the service server refers to the verification result for the user. Process to enable non-face-to-face authentication Performing a processor; There is provided a user terminal comprising a.

In addition to this, a computer readable recording medium for recording a computer program for executing the method of the present invention is further provided.

According to the present invention, the following effects are obtained.

The present invention can be made impossible to copy or forgery / alteration using a blockchain-based mobile ID.

In addition, the present invention by using a hash function and encryption technology for the user certificate according to the mobile ID can be secured and forgery / forgery is impossible.

In addition, the present invention is to verify and authenticate the user through a one-time verification means value to prevent the problem of the user information theft in advance.

1 schematically shows a system for performing non-face-to-face authentication using a mobile ID according to an embodiment of the present invention.

2 schematically illustrates a method for issuing a mobile ID in a method for performing non-face-to-face authentication using a mobile ID according to an embodiment of the present invention.

3 illustrates an example of a mobile ID issued in a method for performing non-face-to-face authentication using a mobile ID according to an embodiment of the present invention.

4 schematically illustrates a method for performing non-face-to-face authentication using a mobile ID according to an embodiment of the present invention.

FIG. 5 schematically illustrates a modification of a method for performing non-face-to-face authentication using a mobile ID according to an embodiment of the present invention.

6 schematically illustrates a method for performing non-face-to-face authentication using a mobile ID according to another embodiment of the present invention.

DETAILED DESCRIPTION The following detailed description of the invention refers to the accompanying drawings that show, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different but need not be mutually exclusive. For example, certain shapes, structures, and characteristics described herein may be embodied in other embodiments without departing from the spirit and scope of the invention with respect to one embodiment. In addition, it is to be understood that the location or arrangement of individual components within each disclosed embodiment may be changed without departing from the spirit and scope of the invention. The following detailed description, therefore, is not to be taken in a limiting sense, and the scope of the present invention, if properly described, is defined only by the appended claims, along with the full range of equivalents to which such claims are entitled. Like reference numerals in the drawings refer to the same or similar functions throughout the several aspects.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily implement the present invention.

1 schematically illustrates a system for authenticating a user using a mobile ID according to an embodiment of the present invention, the system including a user terminal 100, an authentication server 200, and a service server 300. can do.

First, the user terminal 100 is a mobile device that displays a mobile ID, and may include a mobile computer, a PDA / EDA, a mobile phone, a smartphone, a tablet, and the like. The user terminal 100 is not limited thereto, and may include all mobile devices such as a portable game machine having a wired / wireless communication function, a digital camera personal navigation, and the like. In addition, the user terminal 100 may include a communication unit that supports the transmission and reception of information and a processor that processes the information.

In addition, the user terminal 100 may include a mobile ID app 110 which is a user interface provided by an authentication server and a service app 120 which is a user interface provided by a service server.

Next, the authentication server 200 may include a communication unit 210 and a processor 220. The same reference numerals are used for the convenience of description and are not intended to mean that these individual devices are the same. In another embodiment of the present invention, the server may be configured differently to perform the corresponding method or may be performed through the same authentication server 200. In addition, the authentication server 200 may be a server corresponding to each node of the blockchain database 400 or a server managing each node of the blockchain database 400.

Specifically, authentication server 200 is typically a computing device (eg, a device that may include components of a computer processor, memory, storage, input and output devices, other conventional computing devices; electronics such as routers, switches, etc.). A desired system using a combination of a communication device; an electronic information storage system such as network attached storage (NAS) and a storage area network (SAN) and computer software (ie, instructions that cause a computing device to function in a particular way). May be to achieve performance.

The communication unit 210 of the computing device may transmit and receive a request and a response with another computing device to be interlocked. For example, the request and response may be made by the same TCP session, but are not limited thereto. For example, it may be transmitted and received as a UDP datagram.

In addition, the processor 220 of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, a data bus, and the like. In addition, the operating system may further include a software configuration of an application performing a specific purpose.

Next, the service server 300 may include a communication unit and a processor, and may provide a corresponding service to a user through non-face-to-face authentication of the user. For example, the service server 300 may be a financial server, but is not limited thereto, and may include all servers that provide a service through non-face-to-face authentication.

Specifically, service server 300 is typically a computing device (eg, a device that may include components of a computer processor, memory, storage, input and output devices, other conventional computing devices; electronics such as routers, switches, etc.). A desired system using a combination of a communication device; an electronic information storage system such as network attached storage (NAS) and a storage area network (SAN) and computer software (ie, instructions that cause a computing device to function in a particular way). May be to achieve performance.

The method for performing non-face-to-face authentication using a mobile ID according to an embodiment of the present invention through the system configured as described above is as follows.

First, a method of issuing a mobile ID in a method of performing non-face-to-face authentication using a mobile ID according to an embodiment of the present invention will be described with reference to FIG. 2.

A state in which a user is connected to the authentication server 200 through the user terminal 100 to obtain a mobile ID, for example, an application for the user to issue a mobile ID, that is, a mobile ID app 110, is provided by the user terminal 100. Run in), and enter the mobile ID information required for the mobile ID to be issued (S100). In this case, the mobile ID may include all commonly used IDs such as a national license, a private certificate, an employee ID, a student ID, as well as a public ID such as a driver's license, a health insurance card, an alien registration card, a civil servant card, a youth card, a disability registration card, and a resident registration card. .

When the user inputs the mobile ID information and completes the mobile ID issue request, the user terminal 100 transmits the mobile ID issue request transaction to the authentication server 200 (S101). In this case, the mobile ID issuance request transaction includes mobile ID information input by the user, and the mobile ID information may be a picture image of the user and display information for each ID. In addition, the mobile ID information may include personal information of the user.

Then, the authentication server 200 obtains a mobile ID issuance request transaction including at least user information from the user terminal 100, and confirms the user using the obtained user information and the like (S102). In this case, the user verification may use a public key infrastructure (PKI) certificate or user's personal information, but is not limited thereto. For example, a specific issuer can be verified through a public key-based certificate such as an accredited certificate or an OPSign certificate, or an individual, a bank, or an organization can verify the identity of an individual such as a social security number, a passport, a corporate registration number, a business registration number, and login information. User can be identified through personal information.

When the user is confirmed, the authentication server 200 transmits a certificate registration request signal to the user terminal 100 (S103).

Then, the user terminal 100 generates a public key and a private key, which are authentication keys, in response to the certificate registration request signal (S104), so that confirmation information for controlling user access to the private key is set by the user. (S105). In this case, the confirmation information is pass information for accessing the private key and may include a password, biometric information, and the like. Alternatively, setting of confirmation information for access control on the private key may be omitted. In addition, the setting of the confirmation information may be performed before generating the authentication key of the user.

Thereafter, the user terminal 100 may extract the public key of the user from the authentication key, and transmit the certificate registration information including the extracted public key and user identification information to the authentication server 200 (S106). . In this case, the user identification information is unique information given for each user for user identification, and may include a push token, a user ID, a social security number, a user terminal ID, an IP address of a user terminal, a phone number, and the like.

Then, the authentication server 200 generates a user's certificate with reference to the certificate registration information transmitted and obtained from the user terminal 100 (S107). That is, the authentication server 200 generates a user certificate including a user information hash value, which is a hash value generated by applying a hash function to the confirmed user information, in addition to the public key and user identification information obtained from the certificate registration information. . In this case, hash functions for generating hash values are MD4 function, MD5 function, SHA-0 function, SHA-1 function, SHA-224 function, SHA-256 function, SHA-384 function, SHA-512 function, and HAS-160 function. It may include, but is not limited to this will be appreciated by those skilled in the art. For example, Triple SHA256 would be possible.

In addition, the authentication server 200 registers the generated user certificate in the blockchain database 400 such that copying or forgery / modulation is impossible (S108).

For example, the authentication server 200 registers a user certificate in the blockchain database 400 (S108), and the blockchain indicating location information on the blockchain database 400 of the user certificate registered in the blockchain database 400. The transaction ID may be obtained (S109) and managed. In this case, the blockchain database 400 may include at least some of a private blockchain database and a public blockchain database.

In addition, the authentication server 200 may issue a mobile ID to the user terminal 100 (S110).

In this case, as shown in FIG. 3, the mobile ID may be used by the mobile device, which is the user terminal 100, and may have a mobile ID display area 10 and a mobile ID information area 20.

The mobile ID display area 10 relates to user information to be displayed for each ID. The mobile ID display area 10 includes information such as a photo image, a name, an ID number, and the like. The mobile ID display area 10 may be changed according to the display information of the ID to be implemented by the mobile ID. The corresponding information may be stored in the user terminal 100 or in the authentication server 200.

In addition, the mobile ID information area 20 includes information for authentication of the user as a user signature value signed with the user's private key, and has a changed value every time authentication is performed, thereby preventing problems due to user information theft. Will be prevented.

Referring to FIG. 4, a method for performing non-face-to-face authentication using a mobile ID according to an embodiment of the present invention in a state where a mobile ID is issued by such a method is as follows.

By using the method of FIG. 2, a user certificate including a public key of a user, user identification information for identifying a user, and a user information hash value that is a hash value for the user information of the user is registered in the blockchain database 400, and If the user generates a non-face-to-face authentication information input signal through the service app 120 of the user terminal 100 for non-face-to-face authentication in a state of managing a corresponding blockchain transaction ID (S200), for example, If the user clicks the non-face-to-face authentication start button to proceed with the non-face-to-face authentication for access to the corresponding service through the service app 120, the user terminal 100 is a non-face-to-face authentication information input signal through the service app 120 In response to the mobile ID selection request signal (S201) according to the user to select a specific mobile ID through the mobile ID app (110) Can.

In addition, when the user selects a specific mobile ID through the mobile ID app 110 of the user terminal 100 (S202), the user terminal 100 authenticates the specific mobile ID selected by the user with the authentication server 200. The request transaction can be transmitted (S203). In this case, the authentication request transaction may be mobile ID authentication request information including a user's public key or user identification information. In addition, the user terminal 100 allows the user to input confirmation information when a specific mobile ID is selected by the user, and authentication according to user confirmation when the confirmation information input by the user matches the set confirmation information. The request transaction may be transmitted to the authentication server 200.

Then, the authentication server 200 registers in the blockchain database 400 with reference to the blockchain transaction ID corresponding to the user's public key or user identification information included in the mobile ID authentication request information obtained from the user terminal 100. The registered user certificate.

For example, a certificate verification transaction is transmitted to the blockchain blockchain database 400 using a blockchain transaction ID corresponding to the user's public key or user identification information (S204), and the blockchain blockchain database 400 correspondingly. Check the certificate included in the data message received from the (S205). At this time, the authentication server 200 checks whether the confirmed user certificate is valid. If there is no certificate matching the user or the user certificate is invalid due to revocation, the authentication server 200 transmits an error signal corresponding to the authentication failure to the user terminal. Can be.

In addition, the authentication server 200 may obtain a user information hash value by referring to the confirmed user certificate.

Thereafter, the authentication server 200 may generate a verification means value (S206) and support the transmission or transmission to the user terminal 100 (S207). In this case, the verification means value may include a nonce, an OTP, a timestamp, and the like. In addition, the authentication server 200 may transmit the verification target ID to the user terminal 100 together with the verification means value. In this case, the verification target ID indicates owner information on the generated verification means value and may be a user information hash value obtained from the user certificate. In addition, the verification target ID may be a public key of the user.

Then, the mobile ID app 110 of the user terminal 100 may request the user to input confirmation information, and if the confirmation information input by the user matches the set information, the access to the private key allows the authentication server ( A user signature value signed using the private key of the user is generated using the verification means value obtained from the user 200 (S208). However, if the confirmation information input by the user does not match the set information, access to the private key is denied so that the user signature value is not generated.

In addition, the user terminal 100 faces the service server 300 using a non-face-to-face authentication request information including a user signature value, a verification target ID which is an ID for the user who signed the verification means value, and user information. You can request certification. In this case, the verification target ID may be a user information hash value obtained along with the verification means value from the authentication server 200. Otherwise, the public key of the user may be used as the verification target ID.

That is, the mobile ID app 110 of the user terminal 100 generates non-face-to-face authentication request information including the user signature value, the verification target ID, and the user information, and transmits the generated information to the service app 120 (S209). The app 120 may request non-face-to-face authentication to the service server 300 using the non-face-to-face authentication request information (S210 and S211).

Then, the service server 300 may request verification of a specific mobile ID to the authentication server 200 using a user signature value of non-face-to-face authentication request information obtained from the user terminal 100.

That is, the service server 300 extracts the user signature value and the verification target ID from the non-face-to-face authentication request information obtained from the user terminal 100 (S212), and the specific mobile ID including the user signature value and the verification target ID. The verification request information is transmitted to the authentication server 200 (S213).

Then, the authentication server 200 checks the validity of the verification request user signature value using the public key of the user certificate of the user certificate corresponding to the verification target ID (S214), according to the validity of the confirmed user signature value The verification result for the specific mobile ID is transmitted to the service server 300 (S215).

In this case, the verification target ID may be a public key of the user or a hash value of the user information transmitted from the authentication server 200 to the user terminal 100, and the authentication server 200 may be a public key of the user obtained from the service server 300. Alternatively, the verification means value is extracted from the user signature value by using the public key of the user included in the user certificate matching the user information hash value, and the verification means value extracted from the user signature value and the verification means value transmitted to the user terminal are By checking the match, it is possible to determine whether the user signature value is valid.

In addition, when the verification means value transmitted to the user terminal 100 is a timestamp, the authentication server 200 transmits the verification means value to the user terminal or supports a specific mobile ID from the service server. If the time interval between second times at which the verification request information is obtained is greater than or equal to the set value, it may be determined that the user signature value is invalid. In addition, the authentication server 200 may transmit the verification result for the specific mobile ID to the service server 300 as the verification failure due to the invalid user signature value.

Then, the service server 300 performs a non-face-to-face authentication with respect to the user by referring to the verification result received from the authentication server 200 (S216), and performs the non-face-to-face authentication result of the service app of the user terminal 100 ( 120 may be transmitted (S217).

FIG. 5 schematically illustrates a modified example of a method for performing non-face-to-face authentication using a mobile ID according to an embodiment of the present invention. Hereinafter, an embodiment of the present invention according to FIG. 5 will be described.

By using the method of FIG. 2, a user certificate including a public key of a user, user identification information for identifying a user, and a user information hash value that is a hash value for the user information of the user is registered in the blockchain database 400, and While managing the corresponding blockchain transaction ID, the mobile app 110 of the user terminal 100 supports the user to select a specific mobile ID for non-face-to-face authentication, the user of the user terminal 100 When a specific mobile ID is selected through the mobile ID app 110 (S300), the user terminal 100 may transmit an authentication request transaction for the specific mobile ID selected by the user to the authentication server 200 (S301). ). In this case, the authentication request transaction may be mobile ID authentication request information including a user's public key or user identification information. In addition, the user terminal 100 allows the user to input confirmation information when a specific mobile ID is selected by the user, and authentication according to user confirmation when the confirmation information input by the user matches the set confirmation information. The request transaction may be transmitted to the authentication server 200.

For example, a certificate verification transaction is transmitted to the blockchain blockchain database 400 using a blockchain transaction ID corresponding to the user's public key or user identification information (S302), and correspondingly, the blockchain blockchain database 400 Check the certificate included in the data message received from the (S303). At this time, the authentication server 200 checks whether the confirmed user certificate is valid. If there is no certificate matching the user or the user certificate is invalid due to revocation, the authentication server 200 transmits an error signal corresponding to the authentication failure to the user terminal. Can be.

Thereafter, the authentication server 200 may generate a verification means value (S304) and support the transmission or transmission to the user terminal 100 (S305). In this case, the verification means value may include a nonce, an OTP, a timestamp, and the like. In addition, the authentication server 200 may transmit the verification target ID to the user terminal 100 together with the verification means value. In this case, the verification target ID indicates owner information on the generated verification means value and may be a user information hash value obtained from the user certificate. In addition, the verification target ID may be a public key of the user.

Then, the mobile ID app 110 of the user terminal 100 may request the user to input confirmation information, and if the confirmation information input by the user matches the set information, the access to the private key allows the authentication server ( A user signature value signed using the private key of the user is generated using the verification means value obtained from 200 (S306). However, if the confirmation information input by the user does not match the set information, access to the private key is denied so that the user signature value is not generated.

In addition, the user terminal 100 uses the user signature value, the verification target ID which is the ID for the user who signed the verification means value, and the non-face-to-face authentication request information including the user information to the service server 300. In-person authentication may be requested. In this case, the verification target ID may be a user information hash value obtained along with the verification means value from the authentication server 200. Otherwise, the public key of the user may be used as the verification target ID.

That is, the mobile ID app 110 of the user terminal 100 generates non-face-to-face authentication request information including a user signature value, verification target ID, and user information, and then accesses a service for performing face-to-face authentication. It supports the user to select a specific service app among a plurality of service apps for (S307). When a specific service app for performing non-face-to-face authentication is selected by the user, the mobile ID app 110 of the user terminal 100 transmits the non-face-to-face authentication request information to the specific service app 120 selected by the user. In operation S308, the service app 120 may request non-face-to-face authentication to the service server 300 using the non-face-to-face authentication request information (S309 and S310).

That is, the service server 300 extracts the user signature value and the verification target ID from the non-face-to-face authentication request information obtained from the user terminal 100 (S311), and to a specific mobile ID including the user signature value and the verification target ID. The verification request information is transmitted to the authentication server 200 (S312).

Then, the authentication server 200 checks the validity of the verification request user signature value using the public key of the user certificate of the user certificate corresponding to the verification target ID (S313), according to the validity of the confirmed user signature value The verification result for the specific mobile ID is transmitted to the service server 300 (S314).

Then, the service server 300 performs a non-face-to-face authentication with respect to the user with reference to the verification result received from the authentication server 200 (S315), and the service app (the service app of the user terminal 100) 120 may be transmitted (S316)

FIG. 6 schematically illustrates a method for performing non-face-to-face authentication using a mobile ID according to another embodiment of the present invention. Hereinafter, another embodiment of the present invention will be described with reference to FIG. 6.

By using the method of FIG. 2, a user certificate including a public key of a user, user identification information for identifying a user, and a user information hash value that is a hash value for the user information of the user is registered in the blockchain database 400, and In a state in which a corresponding blockchain transaction ID is being managed, when a user accesses the service server 300 through the service web and generates a non-face-to-face authentication information input signal in the service web for non-face-to-face authentication (S400), for example In order to proceed with the non-face-to-face authentication for access to the corresponding service through the service web, when the user clicks the non-face-to-face authentication start button and transmits the user identification information to the service server 300, the service server 300 face-to-face The user identification information for the user for authentication is transmitted to the authentication server 200 (S401).

Then, the authentication server 200 transmits the selection request signal for the mobile ID to the user terminal 100 corresponding to the user identification information (S402), the user terminal 100 is a mobile ID transmitted from the authentication server 200 The user may select a specific mobile ID in response to the selection request signal (S403).

When the user selects a specific mobile ID through the user terminal 100 (S403), the user terminal 100 may transmit an authentication request transaction for the specific mobile ID selected by the user to the authentication server 200. There is (S404). In this case, the authentication request transaction may be mobile ID authentication request information including a user's public key or user identification information. In addition, the user terminal 100 allows the user to input confirmation information when a specific mobile ID is selected by the user, and authentication according to user confirmation when the confirmation information input by the user matches the set confirmation information. The request transaction may be transmitted to the authentication server 200.

For example, a certificate verification transaction is transmitted to the blockchain blockchain database 400 using a blockchain transaction ID corresponding to the user's public key or user identification information (S405), and the blockchain blockchain database 400 corresponding thereto. Check the certificate included in the data message received from the (S406). At this time, the authentication server 200 checks whether the confirmed user certificate is valid. If there is no certificate matching the user or the user certificate is invalid due to revocation, the authentication server 200 transmits an error signal corresponding to the authentication failure to the user terminal. Can be.

Thereafter, the authentication server 200 may generate a verification means value (S407) and support the transmission or transmission to the user terminal 100 (S408). In this case, the verification means value may include a nonce, an OTP, a timestamp, and the like. In addition, the authentication server 200 may transmit the verification target ID to the user terminal 100 together with the verification means value. In this case, the verification target ID indicates owner information on the generated verification means value and may be a user information hash value obtained from the user certificate. In addition, the verification target ID may be a public key of the user.

Then, the user terminal 100 may request the user to input the confirmation information, and when the confirmation information input by the user matches the set information, the verification means obtained from the authentication server 200 by allowing access to the private key. A user signature value signed using the user's private key is generated (S409). However, if the confirmation information input by the user does not match the set information, access to the private key is denied so that the user signature value is not generated.

The user terminal 100 transmits the non-face-to-face authentication request information including the user signature value, the verification target ID which is the ID for the user who signed the verification means value, and the user information to the authentication server 200 (S410). ). In this case, the verification target ID may be a user information hash value obtained along with the verification means value from the authentication server 200. Otherwise, the public key of the user may be used as the verification target ID.

Then, the authentication server 200 transmits the non-face-to-face authentication request information transmitted from the user terminal 100 to the service server 300, and the service server 300 knows the non-face-to-face authentication request information through the service web. It is displayed to be able to (S411).

In this state, when the user checks the non-face-to-face authentication request information and requests non-face-to-face authentication through the service web (S412, S413), the service server 300 signs the user of the non-face-to-face authentication request information transmitted through the service web The verification server 200 may request verification of a specific mobile ID using the value.

That is, the service server 300 extracts the user signature value and the verification target ID from the non-face-to-face authentication request information obtained through the service web (S414), and verifies the specific mobile ID including the user signature value and the verification target ID. The request information is transmitted to the authentication server 200 (S415).

Then, the authentication server 200 checks the validity of the verification request user signature value using the public key of the user certificate of the user certificate corresponding to the verification target ID (S416), according to the validity of the confirmed user signature value The verification result for the specific mobile ID is transmitted to the service server 300 (S417).

Then, the service server 300 performs a non-face-to-face authentication for the user with reference to the verification result received from the authentication server 200 (S418), and transmits the performed non-face-to-face authentication result to the user through the service web. It may be (S419).

In addition, the embodiments according to the present invention described above may be implemented in the form of program instructions that may be executed by various computer components, and may be recorded in a computer-readable recording medium. The computer-readable recording medium may include program instructions, data files, data structures, etc. alone or in combination. Program instructions recorded on the computer-readable recording medium may be those specially designed and configured for the present invention, or may be known and available to those skilled in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs, DVDs, and magneto-optical media such as floptical disks. media), and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like. Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules to perform the process according to the invention, and vice versa.

Although the present invention has been described by specific embodiments such as specific components and the like, but the embodiments and the drawings are provided to assist in a more general understanding of the present invention, the present invention is not limited to the above embodiments. For those skilled in the art, various modifications and variations can be made from these descriptions.

Accordingly, the spirit of the present invention should not be limited to the above-described embodiments, and all of the equivalents or equivalents of the claims, as well as the appended claims, fall within the scope of the spirit of the present invention. I will say.

Claims

In a method for performing non-face-to-face authentication using a mobile ID,

(a) registering a user certificate including a public key of a user, user identification information for identifying the user, and a user information hash value that is a hash value of the user information of the user in a blockchain database and corresponding blockchain; In the state of managing the transaction ID, if the mobile ID authentication request information including the user's public key or the user identification information is obtained from the user terminal in response to the user's specific mobile ID selection for non-face-to-face authentication, authentication Checking, by the server, or allowing another device to verify the user certificate registered in the blockchain database with reference to the blockchain transaction ID corresponding to the user's public key or the user identification information;

(b) if the user certificate for the user is confirmed, the authentication server sends the verification means value to the user terminal or enables another device to send the verification means value to the user terminal. Support for requesting non-face-to-face authentication to the service server using a user signature value signed with the private key of the user, a verification target ID which is an ID for the user who signed the verification means value, and non-face-to-face authentication request information including the user information. Making; And

(c) when the verification request information for the specific mobile ID including the user signature value and the verification target ID is obtained from the service server, the authentication server determines the user of the user certificate corresponding to the verification target ID. Check whether the user signature value is valid using the public key of the user, and transmit a verification result for the specific mobile ID according to the validity of the confirmed user signature value to the service server or allow another device to transmit the result. Thereby supporting the service server to perform non-face-to-face authentication with respect to the user with reference to the verification result;

Method comprising a.
The method of claim 1,

In the step (c),

The authentication server,

The verification means value is extracted from the user signature value by using the public key of the user of the user certificate matching the verification target ID, and the verification means value extracted from the user signature value and the verification transmitted to the user terminal. Determining whether the user signature value is valid by checking whether the means values match.
The method of claim 2,

The verification means value comprises a nonce or a timestamp,

And the verification target ID includes the user information hash value obtained from the public key of the user or the user certificate.
The method of claim 3,

If the verification means value is the timestamp,

The authentication server,

A first time in which the verification means value is transmitted or transmitted to the user terminal in step (b) and a second time when verification request information for the specific mobile ID is obtained from the service server in step (c); And if the time interval between is greater than or equal to a set value, determining that the user signature value is invalid.
The method of claim 1,

The user identification information is unique information given for each user for user identification, and includes at least one of a pushtocon, a user ID, a social security number, a user terminal ID, an IP address of a user terminal, and a phone number. Way.
The method of claim 1,

Before step (a) above,

(a01) When a mobile ID issuance request transaction including at least the user information is obtained from the user terminal, the authentication server confirms the user by using the user information, and requests or requests a certificate registration to the user terminal. Assisting to; And

(a02) When the public key of the user and the user identification information are obtained from the user terminal in response to the certificate registration request, the authentication server determines the public key of the user, the user identification information, and the user information hash value. Registering the user certificate in the blockchain database, managing the blockchain transaction ID representing location information on the blockchain database of the user certificate registered in the blockchain database, and transmitting the mobile certificate to the user terminal. Issuing or supporting to issue an ID;

Method further comprising a.
In a method for performing non-face-to-face authentication using a mobile ID,

(a) Verification means value obtained by the user terminal from the authentication server-The verification means value is a user information hash that is a public key of the user, user identification information for identifying the user, and a hash value for the user information of the user. While registering a user certificate including a value in the blockchain database and managing a corresponding blockchain transaction ID, the authentication server is obtained from the user terminal in response to the specific mobile ID selection of the user for non-face-to-face authentication. Confirming the user certificate registered in the blockchain database with reference to the blockchain transaction ID corresponding to the user's public key or the user identification information included in the mobile ID authentication request information, and the user certificate for the user When it is confirmed The user signature value signed with the user's private key, the verification target ID which is the ID for the user who signed the verification means value, and the non-face-to-face authentication request information including the user information. When the non-face-to-face authentication is requested, obtaining, by the service server, the non-face-to-face authentication request information received from the user terminal or allowing another device to obtain the face-to-face authentication request information;

(b) the service server, by sending the verification request information for the specific mobile ID, wherein the verification request information includes the user signature value and the verification target ID, to the authentication server, thereby causing the authentication server to perform the verification. Confirming whether the user signature value is valid using the public key of the user of the user certificate corresponding to the verification target ID, and verifying the verification result for the specific mobile ID according to the validity of the confirmed user signature value Transmitting to a service server or supporting another device to transmit; And

(c) when a verification result for the specific mobile ID is obtained from the authentication server, the service server performs a non-face-to-face authentication with respect to the user with reference to the verification result and displays the performed non-face-to-face authentication result. Transmitting to a user terminal or supporting another device to transmit;

Method comprising a.
In a method for performing non-face-to-face authentication using a mobile ID,

(a) generating and storing a user's public key and the user's private key, wherein the user information hash is a hash value for the user's public key, user identification information for identifying the user, and user information of the user; The user certificate including the value is registered in the blockchain database, and the mobile ID corresponding to the registered user certificate is managed, and selection of a specific mobile ID by the user for non-face-to-face authentication is performed. If so, the user terminal transmits the mobile ID authentication request information including the user's public key or the user identification information to an authentication server, thereby causing the authentication server to correspond to the user's public key or the user identification information. The blockchain transaction ID Confirming the user certificate registered in the blockchain database with reference or supporting another device for verification; And

(b) if a verification means value is obtained from the authentication server in response to the verification of the user certificate for the user, the user terminal signing the verification means value with the private key of the user, the verification means By requesting a non-face-to-face authentication to a service server using a verification target ID that is an ID of a user who signed a value and non-face-to-face authentication request information including the user information, the service server causes the service server to request the user signature value and the verification target. The verification request for the specific mobile ID is requested to the authentication server using the verification request information for the specific mobile ID including the ID, and the user is referred to the verification result for the specific mobile ID received from the authentication server. Perform non-face-to-face authentication of the Supporting to perform;

Method comprising a.
The method of claim 8,

The user terminal includes a service app that is a user interface provided by the service server and a mobile ID app that is a user interface provided by the authentication server,

In the step (a), when the user generates a non-face-to-face authentication information input signal through the service app, the user terminal supports the user to select the specific mobile ID through the mobile ID app, Transmit the mobile ID authentication request information to the authentication server or allow other devices to transmit;

In step (b), when the verification means value is obtained from the authentication server through the mobile ID app, the user terminal signs the verification means value with the private key of the user through the mobile ID app. Generate non-face-to-face authentication request information including a value, the verification target ID, and the user information, and transmit the generated non-face-to-face authentication request information to the service app, and the service app performs face-to-face authentication to the service server using the non-face-to-face authentication request information. Requesting or supporting another device to make a request.
The method of claim 8,

The user terminal includes a service app that is a user interface provided by the service server and a mobile ID app that is a user interface provided by the authentication server,

In the step (a), the user terminal supports the user to select the specific mobile ID for non-face-to-face authentication through the mobile ID app, and transmits the mobile ID authentication request information to the authentication server To allow other devices to transmit,

In step (b), when the verification means value is obtained from the authentication server through the mobile ID app, the user terminal signs the verification means value with the private key of the user through the mobile ID app. Generates non-face-to-face authentication request information including a value, the verification target ID, and the user information, transfers the non-face-to-face authentication request information to a specific service app selected by the user among a plurality of service apps, and provides the specific service App to request non-face-to-face authentication or the other device to request the service server using the non-face-to-face authentication request information.
The method of claim 8,

The user identification information is unique information given for each user for user identification, and includes at least one of a pushtocon, a user ID, a social security number, a user terminal ID, an IP address of a user terminal, and a phone number. Way.
The method of claim 8,

Before step (a) above,

(a01) the user terminal transmitting a mobile ID issuance request transaction including at least user information to the authentication server or allowing another device to transmit; And

(a02) When a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuance application transaction, the user terminal generates a public key of the user and a private key of the user with a user authentication key, Assisting the authentication server to transmit or transmit a public key and the user identification information to the authentication server, thereby causing the authentication server to include a user certificate including the public key of the user, the user identification information, and the user information hash value. Register in a database, manage the blockchain transaction ID representing location information on the blockchain database of the user certificate registered in the blockchain database, issue the mobile ID to the user terminal or issue it to another device; Steps to support;

Method further comprising a.
In a method for performing non-face-to-face authentication using a mobile ID,

(a) registering a user certificate including a public key of a user, user identification information for identifying the user, and a user information hash value that is a hash value of the user information of the user in a blockchain database and corresponding blockchain; If the user ID information for the non-face-to-face authentication is obtained from the service server in response to the non-face-to-face authentication information input signal of the user through the service web in the state of managing the transaction ID, the authentication server, (i) the Sending a selection request signal for the mobile ID to the user terminal corresponding to the user identification information or to allow other devices to transmit, (ii) the mobile ID corresponding to the user selecting a specific mobile ID from the user terminal When the authentication request information is obtained, the user's public Step of referring to the key block or the chain transaction identifier corresponding to the user identification information to determine the user certificate registered in the database, the block chain or support to make cause the other device;

(b) (i) if the user certificate for the user is verified, the authentication server sends a verification means value to the user terminal or allows another device to transmit; and (ii) the verification from the user terminal. When the non-face-to-face authentication request information including a user signature value signed with a private key of the user, a verification target ID which is an ID for the user who signed the verification means value, and the user information is obtained, the authentication server. A) supporting the service server to transmit the non-face-to-face authentication request information to the service web by transmitting the non-face-to-face authentication request information to the service server or by allowing another device to transmit; And

(c) when verification request information for the specific mobile ID including the user signature value and the verification target ID is obtained from the service server in response to a non-face-to-face authentication request signal of the user through the service web, the authentication The server verifies whether the user signature value is valid using the public key of the user of the user certificate corresponding to the verification target ID, and for the specific mobile ID according to the validity of the confirmed user signature value. Supporting the service server to perform non-face-to-face authentication with respect to the user by referring to the verification result by transmitting a verification result to the service server or by allowing another device to transmit the verification result;

Method comprising a.
The method of claim 13,

In the step (c),

The authentication server,

The verification means value is extracted from the user signature value by using the public key of the user of the user certificate matching the verification target ID, and the verification means value extracted from the user signature value and the verification transmitted to the user terminal. Determining whether the user signature value is valid by checking whether the means values match.
The method of claim 13,

Before step (a) above,

(a01) When a mobile ID issuance request transaction including at least the user information is obtained from the user terminal, the authentication server confirms the user by using the user information and requests or registers a certificate from the user terminal. Assisting the device to request; And

(a02) When the public key of the user and the user identification information are obtained from the user terminal in response to the certificate registration request, the authentication server determines the public key of the user, the user identification information, and the user information hash value. Registering the user certificate in the blockchain database, managing the blockchain transaction ID representing location information on the blockchain database of the user certificate registered in the blockchain database, and transmitting the mobile certificate to the user terminal. Issuing an ID or supporting another device to issue an ID;

Method further comprising a.
In a method for performing non-face-to-face authentication using a mobile ID,

(a) A user certificate is registered in the blockchain database, including a public key of the user, user identification information for identifying the user, and a user information hash value that is a hash value for the user information of the user by the authentication server. In the state where the corresponding blockchain transaction ID is managed, the service server transmits the user identification information for the non-face-to-face authentication to the authentication server in response to the non-face-to-face authentication information input signal of the user through the service web. And support the authentication server to (i) transmit a selection request signal for the mobile ID to a user terminal corresponding to the user identification information, and (ii) respond to the user selecting a specific mobile ID from the user terminal. If the mobile ID authentication request information is obtained, Group comprising: support referring to the block chain transaction identifier corresponding to the user's public key, or identifying the user information to determine the user certificate registered in the database, or to check the chain block causes the other device;

(b) the user certificate for the user is verified to support the authentication server to (i) transmit or transmit verification means values to the user terminal, and (ii) send the verification means values from the user terminal to the user. When the non-face-to-face authentication request information including the user signature value signed with the private key, the verification target ID which is the ID for the user who signed the verification means value, and the user information is transmitted and the non-face-to-face authentication request information is transmitted, Acquiring, by the service server, the non-face-to-face authentication request information transmitted from the authentication server, and transmitting the obtained non-face-to-face authentication request information to a service web or allowing another device to transmit it;

(c) when the user transmits a non-face-to-face authentication request signal using the non-face-to-face authentication request information through the service web, the service server responds to the non-face-to-face authentication request signal and the user signature value and the verification. By supporting or transmitting the verification request information for the specific mobile ID including the target ID to the authentication server, the authentication server uses the public key of the user of the user certificate corresponding to the verification target ID. Confirming whether the user signature value is valid and transmitting a verification result for the specific mobile ID according to the confirmed user signature value to the service server or supporting another device to transmit the verification result; And

(d) if the verification result for the specific mobile ID is obtained from the authentication server, the service server performing non-face-to-face authentication for the user or supporting another device with reference to the verification result;

Method comprising a.
In a method for performing non-face-to-face authentication using a mobile ID,

(a) generating and storing a user's public key and the user's private key, wherein the user information hash is a hash value for the user's public key, user identification information for identifying the user, and user information of the user; A service corresponding to a non-face-to-face authentication information input signal of the user through a service web while a user certificate including a value is registered in a blockchain database and the mobile ID corresponding to the registered user certificate is managed. When a selection request signal for the mobile ID is obtained from an authentication server in response to the user identification information for non-face-to-face authentication from a server, the user terminal requests a mobile ID authentication request corresponding to a specific mobile ID selection by the user. Sending information to the authentication server. Writing, supporting, by the authentication server, verifying the user certificate registered in the blockchain database or supporting another device by referring to the blockchain transaction ID corresponding to the user's public key or the user identification information. ; And

(b) if a verification means value is obtained from the authentication server in response to the verification of the user certificate for the user, the user terminal signing the verification means value with the private key of the user, the verification means By transmitting the non-face-to-face authentication request information including the verification target ID, which is the ID of the user who signed the value, and the user information to the authentication server or by allowing another device to transmit, the authentication server (i) The non-face-to-face authentication request information is transmitted to the service web through the service server, and (ii) the user signature value received from the service server in response to the non-face-to-face authentication request signal of the user through the service web. And verifying the specific mobile ID including the verification target ID. When the request information is obtained, support to confirm whether the user signature value is valid using the public key of the user of the user certificate corresponding to the verification target ID, and (iii) whether the verified user signature value is valid Transmitting a verification result for the specific mobile ID according to the service server to support the service server to perform non-face-to-face authentication with respect to the user by referring to the verification result;

Method comprising a.
The method of claim 17,

Before step (a) above,

(a01) the user terminal transmitting a mobile ID issuance request transaction including at least user information to the authentication server or allowing another device to transmit; And

(a02) When a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuance application transaction, the user terminal generates a public key of the user and a private key of the user with a user authentication key, A user certificate including the public key of the user, the user identification information, and the user information hash value by sending a public key and the user identification information to the authentication server or by allowing another device to send it Register in the blockchain database, manage the blockchain transaction ID representing location information on the blockchain database of the user certificate registered in the blockchain database, issue the mobile ID to the user terminal, or Supporting an issue;

Method further comprising a.
In the authentication server to perform a non-face-to-face authentication using a mobile ID,

A user certificate including a public key of a user, user identification information for identifying the user, and a user information hash value that is a hash value of the user information of the user is registered in a blockchain database and a corresponding blockchain transaction ID is entered. In the state of management, in response to the user's specific mobile ID selection for non-face-to-face authentication, obtain mobile ID authentication request information including the user's public key or the user identification information from the user terminal or allow other devices to obtain it. Communication unit to support; And

Checking the user certificate registered in the blockchain database with reference to the blockchain transaction ID corresponding to the user's public key or the user identification information, and if the user certificate for the user is confirmed, the verification means value By transmitting or transmitting to the user terminal, the user terminal by the user terminal signed the verification means value with the user's private key value, the verification target ID that is the ID for the user who signed the verification means value, and the A process for supporting a non-face-to-face authentication request to a service server using non-face-to-face authentication request information including user information, and verification of the specific mobile ID including the user signature value and the verification target ID from the service server Request information is stroked When the user signature value is valid using the public key of the user of the user certificate corresponding to the verification target ID, the verification of the specific mobile ID according to the validity of the confirmed user signature value is performed. A processor for performing a process for supporting the service server to perform a non-face-to-face authentication for the user by referring to the verification result by transmitting a result to the service server or by allowing another device to transmit the result;

Authentication server comprising a.
The method of claim 19,

The communication unit,

Obtaining a mobile ID issuance application transaction including at least the user information from the user terminal;

The processor,

A process of identifying the user by using the user information, requesting a certificate registration to the user terminal, or supporting another device to make a request; and a public key of the user from the user terminal in response to the certificate registration request; When the user identification information is obtained, the user certificate including the public key of the user, the user identification information, and the user information hash value is registered in the blockchain database, and the user certificate registered in the blockchain database. And managing the blockchain transaction ID indicating the location information on the blockchain database, and issuing the mobile ID to the user terminal or supporting another device to issue it.
In the service server to perform a non-face-to-face authentication using a mobile ID,

Verification means value obtained by the user terminal from the authentication server-The verification means value includes a public key of the user, user identification information for identifying the user, and a user information hash value that is a hash value for the user information of the user Mobile ID authentication obtained from the user terminal in response to the user's specific mobile ID selection for non-face-to-face authentication in a state where the user certificate is registered in the blockchain database and the corresponding blockchain transaction ID is managed. Confirming the user certificate registered in the blockchain database with reference to the blockchain transaction ID corresponding to the user's public key or the user identification information included in the request information, and if the user certificate for the user is confirmed Use above The user signature value signed by the user's private key, the verification target ID which is the ID of the user who signed the verification means value, and the non-face-to-face authentication request information including the user information. A communication unit for obtaining the non-face-to-face authentication request information received from the user terminal or allowing another device to obtain the face-to-face authentication; And

Verifying the request information for the specific mobile ID, wherein the verification request information includes the user signature value and the verification target ID to the authentication server, thereby causing the authentication server to correspond to the user corresponding to the verification target ID. A process of confirming whether the user signature value is valid using a public key of the user of a certificate, and transmitting a verification result for the specific mobile ID according to the confirmed user signature value to the service server; And, when the verification result for the specific mobile ID is obtained from the authentication server, perform non-face-to-face authentication with respect to the user with reference to the verification result, and transmit or perform the non-face-to-face authentication result to the user terminal. The process that enables the device to send Processor to perform;

Service server comprising a.
In a user terminal performing non-face-to-face authentication using a mobile ID,

A public key of a user and a private key of the user are generated and stored, and include the public key of the user, user identification information for identifying the user, and a user information hash value that is a hash value of the user information of the user. When the user certificate is registered in the blockchain database and the mobile ID corresponding to the registered user certificate is managed, when a specific mobile ID is selected by the user for non-face-to-face authentication, By transmitting the mobile ID authentication request information including the user's public key or the user identification information to an authentication server, the authentication server refers to the blockchain transaction ID corresponding to the user's public key or the user identification information. By the above Check the user certificate registered in the database, or the communication chain that supports other devices to identify causes; And

When a verification means value is obtained from the authentication server in response to the verification of the user certificate for the user, a user signature value of signing the verification means value with the private key of the user, an ID of the user who signed the verification means value. Requesting non-face-to-face authentication to the service server using the verification target ID and non-face-to-face authentication request information including the user information, causing the service server to include the specific mobile ID including the user signature value and the verification target ID. Request verification of the specific mobile ID to the authentication server by using verification request information for the non-face-to-face authentication for the user by referring to a verification result of the specific mobile ID received from the authentication server. A processor;

A user terminal comprising a.
The method of claim 22,

The user terminal includes a service app that is a user interface provided by the service server and a mobile ID app that is a user interface provided by the authentication server,

The processor,

When the user generates a non-face-to-face authentication information input signal through the service app, the mobile ID app supports the user to select the specific mobile ID, and transmits the mobile ID authentication request information to the authentication server. To send or to other devices,

When the verification means value is obtained from the authentication server through the mobile ID app, the user terminal signed the verification means value with the private key of the user through the mobile ID app, the user signature value, the verification target ID, And generates non-face-to-face authentication request information including the user information, and transmits the generated non-face-to-face authentication request information to the service app, wherein the service app requests non-face-to-face authentication to the service server using the non-face-to-face authentication information or makes a request to another device. User terminal, characterized in that for supporting.
The method of claim 22,

The user terminal includes a service app that is a user interface provided by the service server and a mobile ID app that is a user interface provided by the authentication server,

The processor,

Support the user to select the specific mobile ID for non-face-to-face authentication through the mobile ID app, and transmits the mobile ID authentication request information to the authentication server or other devices,

When the verification means value is obtained from the authentication server through the mobile ID app, the user signature value, the verification target ID, and the user information that sign the verification means value with the user's private key through the mobile ID app. Generates non-face-to-face authentication request information, and transmits the non-face-to-face authentication request information to a specific service app selected by the user among a plurality of service apps, and wherein the specific service app uses the non-face-to-face authentication information. The user terminal, characterized in that for requesting non-face-to-face authentication to the server or supporting other devices to request.
The method of claim 22,

The communication unit,

Transmit a mobile ID issuance application transaction including at least user information to the authentication server or allow other devices to transmit;

The processor,

When a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuance request transaction, a public key of the user and a private key of the user are generated using a user authentication key, and the public key and the user identification information of the user are generated. By sending to the authentication server or by allowing other devices to transmit, the authentication server registers a user certificate including the public key of the user, the user identification information, and the user information hash value in the blockchain database. Managing the blockchain transaction ID indicating location information on the blockchain database of the user certificate registered in the blockchain database, and issuing the mobile ID to the user terminal or causing another device to issue it. User terminal, characterized in that desired.
In the authentication server to perform a non-face-to-face authentication using a mobile ID,

A user certificate including a public key of a user, user identification information for identifying the user, and a user information hash value that is a hash value of the user information of the user is registered in a blockchain database and a corresponding blockchain transaction ID is entered. A communication unit configured to acquire the user identification information for the non-face-to-face authentication from a service server or to allow another device to obtain the non-face-to-face authentication information input signal through a service web in a managed state; And

(i) transmitting a selection request signal for the mobile ID or supporting another device to a user terminal corresponding to the user identification information, and (ii) responding to the user selecting a specific mobile ID from the user terminal. When the mobile ID authentication request information is obtained, checking the user certificate registered in the blockchain database with reference to the blockchain transaction ID corresponding to the user's public key or the user identification information, (i) When the user certificate for the user is confirmed, the verification means value is transmitted to the user terminal or supported by another device, and (ii) the user who signed the verification means value with the private key of the user from the user terminal. The signature value, signing the verification means value When the non-face-to-face authentication request information including the verification target ID, which is an ID for a user, and the user information is obtained, the non-face-to-face authentication request information is transmitted to the service server or by another device to transmit the service. A process for supporting a server to transmit the non-face-to-face authentication request information to the service web, and receiving the user signature value and the verification target ID from the service server in response to a non-face-to-face authentication request signal of the user through the service web. When the verification request information for the specific mobile ID is included, the validity of the user signature value is checked using the public key of the user of the user certificate corresponding to the verification target ID, and the confirmed user signature The above specification depending on the validity of the value A processor that performs a process of supporting the service server to perform a non-face-to-face authentication with respect to the user by referring to the verification result by transmitting the verification result for the mobile ID to the service server or by allowing another device to transmit the verification result. ;

Authentication server comprising a.
The method of claim 26,

The communication unit,

Obtaining a mobile ID issuance application transaction including at least the user information from the user terminal;

The processor,

A process of identifying the user by using the user information, requesting a certificate registration to the user terminal, or supporting another device to make a request; and a public key of the user from the user terminal in response to the certificate registration request; When the user identification information is obtained, the user certificate including the public key of the user, the user identification information, and the user information hash value is registered in the blockchain database, and the user certificate registered in the blockchain database. And managing the blockchain transaction ID indicating the location information on the blockchain database, and issuing the mobile ID to the user terminal or supporting another device to issue it.
In the service server to perform a non-face-to-face authentication using a mobile ID,

A user certificate including a public key of a user, user identification information for identifying the user, and a user information hash value that is a hash value of the user information by the authentication server is registered in the blockchain database and corresponding block. In the state where the chain transaction ID is being managed, the authentication server transmits the user identification information for the non-face-to-face authentication to the authentication server in response to the non-face-to-face authentication information input signal of the user through a service web. i) support to transmit a selection request signal for the mobile ID to a user terminal corresponding to the user identification information; and (ii) the mobile ID authentication request information corresponding to the user selecting a specific mobile ID from the user terminal. Is obtained, the user's public Communication unit for supporting a reference key or the chain block transaction identifier corresponding to the user identification information to determine the user certificate registered in the database, or to check the chain block causes the other device; And

Wherein the user certificate for the user is verified and the authentication server supports (i) sending verification means values to the user terminal or allowing other devices to transmit, and (ii) sending the verification means values from the user terminal to the user. When the non-face-to-face authentication request information including the user signature value signed with the private key of, the verification target ID which is the ID for the user who signed the verification means value, and the user information is transmitted, and the non-face-to-face authentication request information is transmitted. Acquiring the non-face-to-face authentication request information transmitted from the authentication server, and transmitting the obtained non-face-to-face authentication request information to a service web or allowing another device to transmit the request information to the user through the service web. When the non-face-to-face authentication request signal is transmitted using the non-face-to-face authentication request information, In response to the non-face-to-face authentication request signal, verification request information about the specific mobile ID including the user signature value and the verification target ID is transmitted to the authentication server or by another device to be transmitted to the authentication server. Confirming whether the user signature value is valid using the public key of the user of the user certificate corresponding to the verification target ID, and verifying the specific mobile ID according to whether the verified user signature value is valid And a process for supporting or transmitting to the service server, and if a verification result for the specific mobile ID is obtained from the authentication server, performing a non-face-to-face authentication with respect to the user with reference to the verification result. A processor;

Service server comprising a.
In a user terminal performing non-face-to-face authentication using a mobile ID,

A public key of the user and a private key of the user are generated and stored, and include the public key of the user, user identification information for identifying the user, and a user information hash value that is a hash value of the user information of the user. The user certificate is registered in the blockchain database, and the mobile ID corresponding to the registered user certificate is managed, from the service server corresponding to the non-face-to-face authentication information input signal of the user through the service web. A communication unit configured to acquire a selection request signal for the mobile ID from an authentication server or to allow another device to obtain a response from the authentication server in response to the user identification information for the non-face-to-face authentication; And

By transmitting mobile ID authentication request information corresponding to a specific mobile ID selection by the user to the authentication server, the authentication server refers to the blockchain transaction ID corresponding to the user's public key or the user identification information. A process for supporting the verification of the user certificate registered in the blockchain database; and when the verification means value is obtained from the authentication server in response to the verification of the user certificate for the user, the verification means value is stored in the private of the user. The authentication by transmitting or transmitting the non-face-to-face authentication request information including a user signature value signed with a key, a verification target ID which is an ID for the user who signed the verification means value, and the user information to the authentication server As a server (I) assisting the non-face-to-face authentication request information to be transmitted to the service web through the service server, and (ii) received from the service server in response to the non-face-to-face authentication request signal of the user through the service web. When the verification request information for the specific mobile ID including the user signature value and the verification target ID is obtained, validity of the user signature value using the public key of the user of the user certificate corresponding to the verification target ID is obtained. And (iii) transmitting a verification result for the specific mobile ID according to whether the verified user signature value is valid to the service server so that the service server refers to the verification result for the user. Follow the process that enables you to perform non-face-to-face authentication A processor;

A user terminal comprising a.
The method of claim 29,

The communication unit,

Transmit a mobile ID issuance request transaction including at least user information to the authentication server or allow other devices to transmit;

The processor,

When a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuance request transaction, a public key of the user and a private key of the user are generated using a user authentication key, and the public key and the user identification information of the user are generated. By sending or transmitting the authentication server to the authentication server, allowing the authentication server to register a user certificate including the public key of the user, the user identification information, and the user information hash value in the blockchain database, and the blockchain Managing the blockchain transaction ID indicating location information on the blockchain database of the user certificate registered in a database, and issuing the mobile ID to the user terminal or supporting another device to issue the mobile ID; The user terminal according to.