JP2019145926A - Chip wallet - Google Patents

Abstract

To provide convenience (reduction of human error, reduction of costs, reduction of processing time) that is inevitably required when operating a virtual currency exchange without damaging a function of a block chain.SOLUTION: A secret key received from a customer is protected from hackers by using a chip wallet and making the secret key physically independent from a server's internal storage connected to the Internet.SELECTED DRAWING: Figure 27

Description

The present invention relates to a technique for combining safety and convenience of a virtual passage exchange.

As a result of the widespread use of the Internet, the scope of network technology is rapidly expanding. One of them that has attracted the most attention in recent years is virtual currency such as bitcoin, which is based on blockchain. To date, countless virtual currencies have been devised. Although it is so active that it is bought and sold excessively for speculative purposes, the original value of the blockchain is a significant savings related to remittance. The remittance fee is almost free, and international remittances can be processed in about 10 minutes. As a result, any small remittances across national borders are instantaneous, triggering a fundamental overhaul of the financial and tax system.

In this way, blockchain is expected to be a fundamental technology for building the next-generation financial system. The biggest feature is that the data transfer (remittance) between logical nodes (accounts) on the network is made into a ledger and the ledger is made public on the network. Therefore, it is called a public ledger system.

More specifically, several hundred remittance records are put together in a ledger and released. A lump of recorded remittance records is a block. That is, the remittance record included in the block is a collection of past records, and since it is disclosed as a ledger, no one can tamper with it. On the other hand, new remittance records will be recorded and released together when several hundreds are collected. At this time, the existing block and the newly added block are connected in a form satisfying a predetermined condition.

In order to falsify a part of the past remittance records, all the connection conditions between the past blocks from the past to the present must be falsified. The computational power required for this must exceed 50% of the computational power of all participants in the blockchain. Unless such an attack (51% attack) actually occurs, a long-stretched blockchain can prevent remittance records between accounts from being tampered with.

Creating a new block to satisfy this connection condition is called mining, and a person who performs this operation is called a minor. Miners can get a fixed reward (regular virtual currency) every time they make a note. Miners are free participation and do not need to belong to any institution for central management. Therefore, a group of blocks (block chain) connected without a centrally managed server is formed. This network mechanism that does not require a centrally managed server is called peer-to-peer (P2P).

The P2P network structure does not assume the existence of a server that plays a central role, and all nodes (nodes) connected to the network are non-core, equal, and secure security by monitoring each other. is necessary. That is, it is fundamentally different from a client / server network that assumes the existence of a core client / server.

A node is assigned a logical address on the network, which is synonymous with an account name in a virtual currency remittance system. Alternatively, it is a wallet that stores virtual currency that has no physical reality.

The remittance of virtual currency is executed by the following process.
(1) The past remittance history and the logical address of the node that is the subject of processing are combined and encrypted, and this is used as an electronic signature.
(2) The main node adds the latest processing to the past remittance history and transfers it to the remittance destination logical address together with the electronic signature.

Transfer of remittance history is synonymous with transfer of currency, and recognized remittance history is treated like currency. This is the concept of virtual currency. Thus, remittance of virtual currency is performed without going through a specific core entity like a bank. Safety is secured by blockchain.

FIG. 1 shows remittance from node (N-2) to node (N-1) (N-2, N-1), remittance from node (N-1) to node (N) (N-1, N ). N is an arbitrary natural number.

Since it is the remittance of virtual currency that is processed, each node corresponds to account (N-2), account (N-1), account (N). More specifically, account (N-1) and account (N) are processing units for remittance (N-1, N), respectively. The account (N) linked to the node (N) is composed of the following three elements. The first component is a public key (N) that is a logical address on the network of the node (N) or the account (N). The second component is a hash value (N−1) that is the contents of the account (N). The third component is an electronic signature (N-1) that proves that the remittance source of the hash value (N-1) is the node (N-1) or the account (N-1).

The hash value (N-1) that is the contents of the account (N-1) is, for example, a virtual currency transferred from somewhere (actually, a history of past remittance). Let's assume that the monetary value is 1000 yen. The transfer source of 1000 yen is an account (N-2), and an electronic signature (N-2) is attached to the 1000 yen to prove that the remittance source is the account (N-2). However, 1000 yen is merely an example, and any digital information equivalent to or exchangeable with other monetary values may be used. The node (N-1) has an account content of 1000 yen, a private key (N-1) used for creating the next electronic signature, and a unique public key (N-1) paired with the private key (N-1). The digital signature (N-2) proves that the hash value (N-2) has come from the node (N-2). Here, the public key (N-1) is a logical address on the network of the account (N-1) or the node (N-1).

Next, the hash function (SHA-256 as an example) is used from the public key (N-1), the hash value (N-2) that is the contents of the account (N-1), and the electronic signature (N-2). To create a hash value (N-1). This hash value (N-1) is sent to the account (N), and the account (N) stores it as the contents of the account (N). On the other hand, the private key (N-1) is used to encrypt the public key (N) that is the address of the account (N) and the hash value (N-1) that is the contents to generate an electronic signature (N-1) , Transfer to the account (N) together with the hash value (N-1).

Thus, the node (N) is composed of a hash value (N-1), an electronic signature (N-1), and a set of unique public key (N) and private key (N). On the other hand, the account (N) is composed of a hash value (N-1), an electronic signature (N-1), and a unique public key (N). The public key (N) is a logical address on the network of the node (N) or the account (N), and is synonymous with the account address or the account name. The private key (N) forms a one-to-one combination with the public key (N) that cannot be tampered with. In this way, the process of transferring 1000 yen from the account (N-1) to the account (N) is completed.

The hash value (N-1) should contain information that this 1,000 yen came from the account (N-1). However, since the hash cannot be reversely converted unlike the encryption, the hash value (N-1) cannot be reversely converted (deciphered or decrypted) and read. Therefore, an electronic signature (N-1) is attached. This electronic signature (N-1) uses a private key (N-1), a public key (N) that is a logical address on the destination network, and a hash value (N-1) that is sent to the destination. Encrypted together. Therefore, in order to confirm whether this electronic signature really came from the account (N-1), the digital signature (N-1) was decrypted with the public key (N-1) and the account What is necessary is just to compare with the public key (N) and hash value (N-1) stored in (N). As long as the ciphers are not broken, it is true that the digital signature is certainly signed with the private key (N-1). If they do not match, the electronic signature is false. Alternatively, if it matches the result of decryption with another public key, for example, the public key (Q), it can be understood that the account (Q) having the public key (Q) as an address has been illegally processed.

Continuing from FIG. 1, using the hash function (SHA-256 as an example) from the contents of the public key (N), the account (N) (in this case, the hash value (N-1)) and the electronic signature (N-1), Create a hash value (N). The node (N) transmits this hash value (N) to the account (N + 1), and the node (N + 1) stores it as the contents of the account (N + 1). On the other hand, the node (N) encrypts the public key (N + 1), which is a logical address on the network of the account (N + 1), and the hash value (N) by using the secret key (N), and the electronic signature ( N). This electronic signature (N) is sent to the account (N + 1) together with the hash value (N).

From the above, it can be seen that the remittance (N-1, N) from the account (N-1) to the account (N) is recorded as the hash value (N-1) in the contents of the account (N). Similarly, it can be seen that the remittance (N, N + 1) from the account (N) to the account (N + 1) is recorded as the hash value (N) in the contents of the account (N + 1). Thus, it can be seen that the contents of a given account include all past remittance histories in a chain. That is, the latest past hash value represents all past remittance histories.

Assuming that the past remittance history is a currency, forgery of currency is falsification or unauthorized copying of the past remittance history. Since the electronic signature is attached to the remittance history as a proof of successful remittance, currency forgery is forgery of electronic signature. An electronic signature can only be created by the owner of the source account that owns the private key necessary to generate the electronic signature, unless the cipher is broken.

However, once the block chain is lifted as described above, it is difficult to falsify all the connection conditions for connecting the block chains even if they are the owners of the secret key. The longer the blockchain is stretched, the more difficult it becomes. In other words, once the block chain is lengthened, almost no one can tamper with it or edit it.

Nevertheless, it is possible to make a new remittance if you own the private key. Therefore, if the secret key is stolen, the virtual currency will be stolen from the corresponding account. How to manage the private key is a very important issue. In particular, in a blockchain, secret keys should not be managed while connected to the network. If the private key is managed while connected to the network, it may be stolen by a hacker.

A hacker who has stolen the secret key can transfer the virtual currency from the account of the original owner to any other account. This is virtual currency theft.

This shows that the private key should be stored on media that is not connected to the network. The secret key managed in this way is called a cold wallet. On the other hand, a secret key managed while connected to a network is called a hot wallet. For the first time, blockchain becomes the strongest security system in the world because account holders do not give their cold wallets to others.

The cold wallet is obtained, for example, by printing a secret key on paper as shown in FIG. What is printed on paper in this way is not connected to the network. Alternatively, a secret key recorded in a USB memory or the like that is normally stored without being connected to the terminal can be regarded as a cold wallet. Hacking doesn't work for stealing secret keys from cold wallets. There is no choice but to physically rob you.

FIG. 3 shows an example in which the secret key is printed on the paper in binary format of 0 and 1. FIG. 4 is an example in which the secret key is printed on the paper in the barcode format. FIG. 5 shows an example in which the secret key is printed on the paper in the QR code (registered trademark) format. In addition, various printing methods are possible even if not exemplified here. Also, not only paper is printed. Any other printable or writable medium may be used as long as it can be physically separated from the network. Here, as an example, a case of a barcode or QR code (registered trademark) printed on paper will be described as an example.

The secret key printed on the paper can be read by a predetermined reader and used to generate the above-described electronic signature. FIG. 6 is an example of a bar code display. For example, the private key (N-1) is read at the node (N-1) using a barcode reader, the public key (N) which is the logical address of the node (N), and the hash value to be sent to the node (N) (N-1) is encrypted to generate an electronic signature (N-1). The node (N-1) sends this electronic signature (N-1) to the node (N) together with the hash value (N-1).

FIG. 7 shows an example of a QR code (registered trademark) display. For example, the private key (N-1) is read using the QR code (registered trademark) reader at the node (N-1), and the public key (N) which is the logical address of the node (N) and the node (N) The electronic signature (N-1) is generated by encrypting the hash value (N-1) to be sent. The node (N-1) sends this electronic signature (N-1) to the node (N) together with the hash value (N-1).

Of course, even with a secret key printed on paper, the possibility of physical theft rather than hacking is not zero. Therefore, there is a method for printing a secret key encrypted with the common key encryption in order to be more careful. FIG. 8 shows an example of a method of making a cold wallet by printing a binary-encrypted secret key encrypted with a common key cipher on paper. The private key (plaintext) before encryption may be anything printed on paper as in the example of FIG. 8 or saved on other media. However, it is desirable to delete the private key (plaintext) before encryption after generating the cold wallet.

FIG. 9 shows an example of a method in which a secret key encrypted with a bar code is encrypted with a common key encryption and printed on paper to form a cold wallet. The private key (plain text) before encryption may be anything printed on paper as in the example of FIG. 9 or saved on other media. However, it is desirable to delete the private key (plaintext) before encryption after generating the cold wallet.

FIG. 10 shows an example of a method in which a QR-displayed secret key encrypted with a common key cipher is printed on a paper surface to form a cold wallet. The private key (plain text) before encryption may be anything printed on paper as in the example of FIG. 9 or saved on other media. However, it is desirable to delete the private key (plaintext) before encryption after generating the cold wallet.

In any case, the private key (plaintext) before encryption is encrypted by a common key encryption method using an appropriately given common key (passcode or the like). The encrypted private key can be printed on paper, a display, etc., or stored on some medium that can be stored disconnected from the network, and used as a cold wallet.

As described above, when generating an electronic signature, it is necessary to reproduce a secret key from the cold wallet using a common key (passcode or the like). FIG. 11 shows an example in the case of using an encrypted private key represented by a barcode. First, an encrypted secret key (barcode display as an example) is read using a predetermined reader (barcode reader, etc.), and a passcode is input and combined to obtain a secret key before encryption. it can.

FIG. 12 shows an example in the case of using an encrypted secret key represented by a QR code (registered trademark). First, read the secret key (QR code (registered trademark) display as an example) encrypted using a predetermined reader (QR code (registered trademark) reader, etc.), enter the passcode, and compose the original secret You can get the key.

The method for displaying the encrypted private key may be a method other than the barcode or the QR code (registered trademark). In addition to printing on paper, it can be displayed on a display or saved / displayed on any offline media.

In any case, the terminal that decrypts and displays the private key must be offline. This is because if it is combined and displayed on an online terminal, it becomes the same as a hot wallet.

The QR code (registered trademark) can be read without a specific reading device at present. An example using a smartphone is shown in FIG. In general, it is desirable that the cold wallet reader is in an off-line state, so the smart phone is set to the in-flight mode here. When a passcode (common key) is input to a predetermined area on the display, a decrypted secret key is obtained. This can be displayed on the display of the smartphone in airplane mode.

In any case, as shown in FIGS. 14 and 15, the node (N-1) generates an electronic signature (N-1) using the private key (N-1) decrypted by the offline terminal.

The node (N-1) sends this electronic signature together with the hash value (N-1) to the node (N) using an online terminal. FIG. 14 shows an example using a QR code (registered trademark) display, and FIG. 15 shows an example using a bar code display.

In any case, it should be noted that an offline terminal is required to handle the secret key, and an online terminal is required to send the hash value and the electronic signature.

The private key decrypted by the offline terminal can be stored in another medium in an offline state (a state physically separated from the network) as shown in FIG. For example, USB memory, optical media, magnetic media, and other semiconductor media (SSD, etc.). Alternatively, when the above-described common key encryption is not used, as shown in FIG. 17, the secret key read by the reading device can be stored as it is in another medium in an offline state (physically isolated from the network). Is possible. For example, USB memory, optical media, magnetic media, and other semiconductor media (SSD, etc.). Although it is obvious that these media are usually in an offline state (physically isolated from the network), it is desirable to use copy protection as a precaution.

Now, one of the basic roles of the exchange is to act as a proxy for remittance of virtual currency deposited from customers. As described above, it is necessary to generate an electronic signature for remittance of virtual currency. Therefore, it is necessary to deposit from the customer a secret key that is linked one-to-one with the public key that is the account name (logical address on the network) of the customer. As described above, secret key management must be performed as securely as possible. Therefore, it is necessary to store the private key in the cold wallet.

In this way, a virtual currency exchange manages cold wallets from a plurality of customers and manages the funds. As an example, let us consider a cold wallet in which a secret key encrypted with a common key cipher is printed on a sheet with a QR code (registered trademark) display or the like as shown in FIG. Therefore, as the number of customers increases, an innumerable number of papers printed with a QR code (registered trademark) are stored at the exchange. As long as the customer manages the common key (passcode, etc.), even if the cold wallet that was deposited is physically stolen, the secret key is not decrypted and the customer's assets are not stolen.

Exchanges, on the other hand, require a networked (online) server to send customers virtual currency. The exchange requests the customer to input a passcode (common key) to read and decrypt the cold wallet with a predetermined reader. For example, the customer inputs the requested passcode (common key) on the display of the smartphone he owns. Thus, the exchange reader must be online to require the customer to enter a passcode. This is different from the offline reader described with reference to FIGS. In this respect, there are potential vulnerabilities in the operation of the exchange. Nevertheless, the decrypted private key is used to generate an electronic signature on the exchange server and used to process the remittance on behalf of the customer.

FIG. 19 shows an example in the case where bar code display is used. As the number of customers increases, countless papers with barcodes are stored at the exchange. Other details are the same as in the description of FIG.

FIG. 20 illustrates an example in which a secret key encrypted by common key encryption is recorded in a USB memory or the like. As the number of customers increases, the exchange must manage a myriad of USB sticks. In order to generate an electronic signature on behalf of the customer, the exchange connects the USB memory deposited by the customer to a predetermined terminal and reads the encrypted secret key. Next, the customer is requested to input a passcode (common key) for decryption. For example, the customer inputs a passcode (common key) on the display of his / her smartphone. Thus, the terminal must be online to require the customer to enter a passcode. This is different from the offline reader described with reference to FIGS. In this respect, there are potential vulnerabilities in the operation of the exchange.

Therefore, the USB memory must be removed from the online terminal as soon as the electronic signature is generated. The situation is the same even when using optical media, magnetic media, or other semiconductor media (SSD, etc.). The media must be removed from the online terminal immediately after generating the electronic signature. This always causes human error. In any case, the electronic signature generated in this way is used to process the remittance on behalf of the customer.

As described above, it can be understood that a certain manual operation is required to perform the generation of the electronic signature in any cold wallet. When printing on paper, it is necessary to read with a reading device. In the case of a USB memory, it is necessary to insert and remove the USB memory from the online terminal. In the case of an optical medium, it is necessary to insert and remove the optical medium from the optical drive. In the case of a magnetic medium, it is necessary to connect or disconnect the magnetic medium to / from the magnetic drive. In the case of other semiconductor media (SSD, etc.), it is necessary to connect or disconnect the semiconductor media (SSD, etc.) from the online terminal.

As mentioned above, these manual operations not only cause human errors, but also increase labor costs and delay remittance as the number of customers (actually, the number of accounts that transfer money) increases. become. On the other hand, virtual currency was originally expected to reduce remittance fees to the limit and shorten the time required for remittance processing.

The cause of the problem is the very existence of the exchange. The exchange must deposit a cold wallet from the customer to act on behalf of the customer's remittance process. A cold wallet must be handled offline because of its definition, which causes human errors on exchanges, increasing costs and causing processing delays.

In order to avoid such a situation, for example, as shown in FIGS. 21-23, an operation method that does not require the customer to input a passcode (common key) when generating an electronic signature is conceivable. FIG. 21 shows an example of printing an encrypted secret key displayed in QR code (registered trademark) on a sheet, and FIG. 22 shows an example of printing an encrypted secret key displayed in barcode on a sheet. Reference numeral 23 denotes an example in which an encrypted private key is stored in a USB memory. However, these are nothing but depositing a common key at the exchange in addition to the cold wallet. This is the same as depositing a bank passbook and bank seal with the same person. Then, in order to send the generated electronic signature, the reader is also connected to the server and exposed to the online state. Thus, the security of the storage of the private key is significantly impaired.

If further convenience is pursued, there is a risk that the private key of the customer is stored in the storage of the server of the exchange as shown in FIG. Certainly, it is possible to prevent human errors, increased costs, and processing delays that occur when handling cold wallets. However, this is nothing but the transfer of the private key from the customer to the hot wallet from the cold wallet. The coin check case is one example.

In order to protect the secret key deposited by the customer from a hacker's attack, sufficiently data protection is required as shown in FIG. However, data protection has been widely used before the advent of blockchain, and it is widely known that it is a good target for hackers and is always imperfect. Under such circumstances, blockchain has emerged as perhaps the strongest security system with a completely different concept from data protection. Therefore, storing the private key deposited by the customer in the server as shown in FIG. 24 is nothing other than replacing the virtual currency from the block chain security to the data protection (old type) security system. This is a degeneration of the security system. In other words, the essence of the coin check case is that the security of remittance processing has been degenerated from blockchain to data protection in order to pursue convenience.

As mentioned above, if we pursue the convenience (reduction of human error, reduction of costs, reduction of processing time) that is inevitably required in operating a virtual currency exchange, the blockchain will inevitably fail. It can be seen that there is a problem.

The present invention has been made in view of the above circumstances, and does not impair the function of the block chain. Conveniently required to operate a virtual currency exchange (reduction of human error, cost control) , To reduce processing time).

The present invention employs the following means in order to solve the above problems.

The solution proposed by the present invention is a system for transferring digital information with a signature in a network including at least first, second and third nodes, and has the following characteristics.

The first node is composed of a first account and a first hard wallet,
The second node consists of a second account and a second hard wallet,
The third node comprises a third account and a third secret key;

The first hard wallet includes a first secret key unique to the first hard wallet, and a first key generation device,
The second hard wallet includes a second secret key unique to the second hard wallet, and a second key generation device,

The first secret key is confined inside the first hard wallet and forms a pair with a first public key outside the first hard wallet,
The second secret key is confined inside the second hard wallet and forms a pair with a second public key outside the second hard wallet,
The third secret key is paired with a third public key,

The first public key is a logical address on the network of the first account,
The second public key is a logical address on the network of the second account,
The third public key is a logical address on the network of the third account,

The first account includes a first hash value and a first electronic signature;
The second account includes a second hash value and a second electronic signature,
The third account includes a third hash value and a third electronic signature,

The first hardware wallet is first hardware having physical reality,
The second hardware wallet is second hardware having physical reality,

The first, second, and third secret keys are different from each other,
The first, second, and third public keys are different from each other,

The second hash value is generated by hashing the first public key, the first hash value, and the first electronic signature,

The second electronic signature is generated by encrypting the second public key and the second hash value using the first secret key,

The second hash value is sent from the first account to the second account together with the second electronic signature,

The second account receives first signed digital information from the first account,

The digital information with the first signature includes the second hash value and the second electronic signature.

The solution proposed by the present invention further has the following features.

The network further includes a fourth node and an exchange,
The fourth node is composed of a fourth account and a fourth hard wallet,
The fourth hard wallet includes a fourth secret key unique to the fourth hard wallet, and a fourth key generation device,
The fourth secret key is confined inside the fourth hard wallet, and forms a pair with a fourth public key outside the fourth hard wallet,
The fourth public key is a logical address on the network of the fourth account,
The fourth account includes a fourth hash value and a fourth electronic signature;
The fourth hardware wallet is fourth hardware having physical reality,

The fourth secret key is different from the third secret key,
The fourth public key is different from the third public key,

The first account is registered with the exchange,
The second account is registered with the exchange,
The fourth account is registered with the exchange,

The exchange uses the second electronic signature to send the first signed digital information from the first account to the second account,

The third node has the third account outside the exchange;

The third hash value is generated by hashing the fourth public key, the fourth hash value, and the fourth electronic signature,
The third electronic signature is generated by encrypting the third public key and the third hash value using the fourth secret key,
The third hash value is sent from the fourth account to the third account together with the third electronic signature,

The sixth account receives third signed digital information from the fifth account,

The third digital information with signature includes the sixth hash value and the sixth electronic signature.

The solution proposed by the present invention further has the following features.

The network further includes fifth and sixth nodes;

The fifth node is composed of a fifth account and a fifth secret key,
The fifth secret key forms a pair with the fifth public key,
The fifth public key is a logical address on the network of the fifth account,
The fifth account includes a fifth hash value and a fifth electronic signature;

The sixth node is composed of a sixth account and a sixth hard wallet,
The sixth hard wallet includes a sixth secret key unique to the sixth hard wallet, and a sixth key generation device,
The sixth secret key is confined inside the sixth hard wallet and forms a pair with a sixth public key outside the sixth hard wallet;
The sixth public key is a logical address on the network of the sixth account,
The sixth account includes a sixth hash value and a sixth electronic signature;
The sixth hardware wallet is sixth hardware having physical reality,

The sixth secret key is different from the fifth secret key,
The sixth public key is different from the fifth public key,

The sixth account is registered with the exchange,

The sixth hash value is generated by hashing the fifth public key, the fifth hash value, and the fifth electronic signature,
The sixth electronic signature is generated by encrypting the sixth public key and the sixth hash value using the fifth secret key,
The sixth hash value is digital information with a third signature sent from the fifth account to the sixth account together with the sixth electronic signature.

According to the present invention, by using a cold wallet (chip wallet) linked with randomness inherent in a semiconductor chip, convenience (reduction of human error, cost) inevitably required in operating a virtual currency exchange It is possible to provide highly reliable security by using a block chain without impairing the control of the system and shortening the processing time.

The best mode for carrying out the invention will be specifically described below.

As described above, the present invention proposes a cold wallet (chip wallet) in cooperation with randomness inherent to a semiconductor chip and a method for utilizing the cold wallet. This will be specifically described below with reference to the drawings.

(First embodiment)

FIG. 26 shows the concept of transferring and confining the customer's private key stored in the storage server of the exchange to one individual semiconductor chip. Such a semiconductor chip can be mounted on a board constituting an exchange server. Similarly, the above-mentioned problem can be solved if all the private keys stored by other customers can be transferred and confined to individual semiconductor chips. The semiconductor chip that confines the secret key is called a chip wallet.

Alternatively, since it is self-evident, although not shown in particular, the customer's private key stored in the storage server of the exchange may be transferred and confined to an individual chipset. Such a chipset can be connected to a board constituting an exchange server. Similarly, if all secret keys held by other customers can be transferred and confined to individual chipsets, the above problem can be solved. Such a chipset is also included in the same concept as a chip wallet. Alternatively, an electronic device including such a chipset is included in the same concept as the chip wallet. Alternatively, such electronic devices can include semiconductor memory chips, magnetic media, optical media, etc. and various semiconductor chips.

Alternatively, since it is self-evident, although not shown in the figure, the customer's private key stored in the storage server of the exchange may be transferred and confined to an individual board. Such a board can be connected to a board constituting the server of the exchange. Similarly, if all the secret keys stored by other customers can be transferred and confined to individual boards, the above problem can be solved. Such a board is also included in the same concept as a chip wallet.

In order to simplify the description below, such a chip wallet or an electronic device or board having the equivalent function is collectively referred to as a chip wallet. In the following, the concept of the present invention will be described using a semiconductor chip or simply a chip as an example of the physical reality of such a chip wallet, but these semiconductor chip or simply chip is replaced with the electronic device or the board. Even if described, the description is the same and does not depart from the concept of the present invention.

Such a chip wallet satisfies the following conditions.
(3) Two secret keys stored in two different semiconductor chips are different from each other.
(4) One secret key is stored in one semiconductor chip.
(5) The secret key stored in the semiconductor chip cannot be taken out of the semiconductor chip.
(6) If possible, the secret key is linked in some way with the randomness inherent in the semiconductor chip.

27 and 28 show an example of a method of utilizing a chip wallet that satisfies the above conditions (3)-(5) at a virtual currency exchange. In FIG. 27, a semiconductor chip (chip wallet) in which a secret key deposited from a customer is confined is contacted with the server in some form, and an electronic signature is generated while the secret key is confined in the chip. As an example, it is desirable to mount the server interface according to a predetermined format. Alternatively, as an example, it is desirable to mount a part of a board constituting the server according to a predetermined interface. Alternatively, it is desirable to connect to a part of a board constituting the server according to a predetermined interface. When using a chip wallet, it is not necessary to remove it after generating an electronic signature.

In FIG. 28, a secret key encrypted using a common key encryption is deposited from a customer and stored in a semiconductor chip as a chip wallet. Alternatively, a chip wallet (chip authentication) having a unique internal input is deposited from the customer and encrypted with a common encryption key (passcode) input by the customer from outside to generate a secret key. This secret key is confined in the chip wallet. As described above, it is necessary to request the customer to input a passcode (common key) when generating an electronic signature. As an example, the customer's mobile terminal is requested to input a passcode via the network, and when the customer inputs the passcode, an electronic signature necessary for acting on behalf of the customer's remittance process is generated. Since it is self-explanatory, the description is omitted, but the terminal to which the customer inputs the passcode is not limited to direct or indirect, and any terminal can be used as long as the customer can manage the passcode with responsibility.

In either case of FIG. 27 and FIG. 28, an account registered inside the exchange and an account existing outside the exchange can form one network via the Internet. Further, using the electronic signature generated by the above-described method, the virtual currency can be sent between any accounts on the network by the method described with reference to FIG. Therefore, it becomes possible to exchange virtual currency between two accounts registered in the exchange. In addition, by using the electronic signature generated by the above-described method from the account registered in the exchange, the virtual currency can be transferred to any account outside this exchange via the Internet by the method described in FIG. Can be sent. On the other hand, using an electronic signature generated by the above-mentioned method from an arbitrary account outside the exchange, the account described in FIG. Can be sent.

Accounts (logical addresses on the network) owned by each customer are linked to secret keys one by one based on the idea of public key cryptography. Therefore, as long as the conditions (3) and (4) are satisfied, one chip corresponds to one account. Further, as long as the condition (5) is satisfied, even if the hacker succeeds in attacking the server of the exchange, the hacker cannot steal the secret key stored by the exchange from the customer. However, since a secret key is used to generate an electronic signature, some ingenuity is required to keep the secret key in a semiconductor chip.

FIG. 29 is a drawing for explaining an example of the device. Consider a chip wallet (N-1) containing a secret key (N-1) corresponding to a public key (N-1). The public key (N-1) is output outside the chip wallet (N-1) and becomes a logical address on the network of the account (N-1). Therefore, the chip wallet (N-1) can be realized by a semiconductor chip, a chip set, a board, or the like as described above.

This chip wallet (N-1) is linked to the account (N-1) in FIG. 1 for explaining the block chain remittance method. However, the block chain does not assume a specific physical existence (a semiconductor chip as an example), but in the present invention, a secret key is confined to a semiconductor chip that is a physical existence, and it is used as a node on a network or a virtual currency account. There is a feature in the correspondence.

In accordance with the above condition (4), in the chip wallet (N-1), in addition to the secret key (N-1), chip authentication (N-1) generated from randomness inherent to the semiconductor chip, and a predetermined algorithm A key generation device for generating a pair of secret key and public key from the chip authentication (N-1) based on the above is mounted. That is, chip authentication (N-1) or a code obtained by appropriately converting this chip authentication is input to this key generation device, and a pair of a secret key (N-1) and a public key (N-1) is generated. . The public key (N-1) becomes a logical address on the network of the corresponding account (N-1), and the secret key (N-1) is confined in the chip wallet (N-1). Since it is self-evident, it is not particularly shown, but the key generation device may be installed outside the chip as long as the secret key is confined in the chip. Alternatively, the key generation device may be realized by software as long as the secret key is confined in the chip.

As described above, in this embodiment, chip authentication is input to the key generation device, and a secret key and a public key that form a pair with each other are generated. However, it is very difficult to reproduce the secret key from at least the public key. There are a plurality of such key generation algorithms. In this embodiment, as an example, the RSA method (Rivest Shamir Edelman method)
It is desirable to adopt Rivest, Ronald L .; Shamir, Adi; Adelman, Len M. (1977-07-04), “A Method for Obtaining Digital Signature and Public-key Cryptsystems”, MIT-LCS-TM-082 (MIT Laboratory for Computer Science ).

At this time, since the key generation device is an RSA type, this chip wallet can be called an RSA type chip wallet.

In the RSA method, first, an appropriate positive natural number e is prepared. Usually, 2 to the 16th power plus 1 is adopted, but other positive natural numbers can be adopted. Next, a pair of large two prime numbers {p, q} is generated by some method, and a product n (= pq) thereof is calculated. At this time, {e, n} is a public key. Subsequently, a secret key d is obtained by further dividing a positive integer whose remainder is 1 by dividing the product of (p-1) and (q-1) by e. However, if {p, q} is known in addition to {e, n}, d can be obtained by calculation. Therefore, after generating d, {p, q} is discarded or a chip wallet together with d. Must be trapped inside. If the set of prime numbers {p, q} is stored so as not to leak to the outside, it can be considered that the set {d, p, q} is a secret key. In any case, the private key must be confined to the chip wallet. Only the public key can be used externally and used as the logical address of the account on the network.

The appropriate positive integer e can be input from the outside of the chip wallet as an external input.

Alternatively, it is possible to input as an internal input from another part of the semiconductor chip constituting the chip wallet. As an example, it is possible to cut out the first few bits of chip authentication in binary display and add 1 to the above e. Alternatively, a positive integer e may be generated by adding 1 to the chip authentication.

As an example, the method for preparing the pair of large two prime numbers {p, q} subtracts an appropriate integer k from the chip authentication to check whether the prime number is a prime number. If it is a prime number, let p be the prime number. If it is not a prime number, an appropriate integer k is further subtracted to check whether it is a prime number. This is repeated to determine the prime number p. After determining the prime number p, the same procedure is repeated to determine the prime number q. Thus, the prime number {p, q} can be obtained.

At this time, k may be a security parameter. For example, it is possible to select a random number from an integer within a certain range using a physical random number generation or a pseudo-random number and set it as the security parameter k. Alternatively, the synthesis can be repeated until a combination of chip authentication and k by some method becomes a prime number. In any case, as long as the chip authentication is sufficiently large as a numerical value, both p and q are sufficiently large prime numbers, and the selection of the security parameter k becomes more diverse.

The physical random number generator for generating a physical random number can be included in the chip wallet, or can be one installed outside the chip wallet. In the latter case, a random number is given as an external input. The same applies when pseudorandom numbers are generated by software. Here, the chip authentication and k combining method can perform all arithmetic operations of addition, subtraction, multiplication, and division and combinations thereof, or any bit operation as much as possible. In any case, the prime p is a sufficiently large prime as long as the chip authentication or the external input is sufficiently large as a numerical value.

In any case, the method for obtaining the prime number p or q from the chip authentication is, for example, as shown in FIG. 30 and a combining step for combining the chip authentication with a suitably given variable (k as an example). A determination step for determining whether or not the number is a prime number, and repeating the synthesis step and the determination step until the prime number is actually obtained.

FIG. 31 shows an example of a method for connecting a chip wallet to the block chain of FIG. However, as an example, the chip wallet adopts the RSA type.

Here, remittance (N-2, N-1) is performed from node (N-2) to node (N-1), and remittance (N-1, N) is transferred from node (N-1) to node (N-1). To N). As in FIG. 1, each node has an account consisting of a public key, a hash value, and an electronic signature at the bottom. On the other hand, the upper stage is provided with a chip wallet composed of a key generation device, chip authentication and a secret key. Here, N is a natural number associated with a node, and the node (N) is composed of a chip wallet (N) and an account (N). In this respect, it differs from the conventional block chain remittance process described in FIG.

Focus on the rightmost node (N) to see how it works. The hash value (N-1) is the contents of the account (N), and is generated by the following method at the previous node (N-1). First, the node (N-1) has a public key (N-1) that is a logical address on the network of the account (N-1), a hash value (N-2) that is the contents of the account (N-1), The digital signature (N-2) is hashed together to obtain a hash value (N-1). A hash function may be used for hashing. There are many hash functions such as MD2, MD4, MD5, RIPE-MD160, SHA-256, SHA-384, and SHA-512. Among them, SHA-256 is used in bitcoin as an example.

Furthermore, the node (N-1) obtains the public key (N) which is the logical address on the network of the account (N) and encrypts it with the secret key (N-1) together with the hash value (N-1). To generate an electronic signature (N-1). This is sent to the account (N) together with the hash value (N-1). In account (N), public key (N), hash value (N-1) and digital signature (N-1) are hashed together to generate hash value (N), and the account ( N + 1). Since the generation method of the electronic signature (N-2) and the electronic signature (N) is the same as the generation method of the electronic signature (N-1), description thereof is omitted.

In this way, the description is exactly the same as the description of the bit coin of FIG. 1 except that the secret key is included in the chip wallet. Thus, the present invention is fully compatible with conventional blockchains.

On the other hand, the crucial difference from FIG. 1 is the presence of a chip wallet. The public key stored in the lower account is generated by the upper chip wallet using a predetermined physical generation process, and is paired with a secret key confined in the corresponding chip wallet. It is what makes. Furthermore, a chip wallet is a semiconductor chip that is a physical reality and is different from a logical existence.

Alternatively, the secret key can be generated when generating an electronic signature and deleted after the generation of the electronic signature is completed. In any case, it is the same as being “confined” if it does not go outside the chip wallet, and does not depart from the concept that characterizes the present invention.

As described above, the RSA method is assumed as the method for generating the secret key and the public key, and the first embodiment has been described. However, this is only an example, and as long as the key generation device accepts chip authentication or some input related to chip authentication and generates a private key and public key, any other algorithm is used. It doesn't matter.

(Second embodiment)

FIG. 32 is a drawing for explaining another example of the device. Consider a chip wallet (N-1) containing a secret key (N-1) corresponding to a public key (N-1). The public key (N-1) is output outside the chip wallet (N-1) and becomes a logical address on the network of the account (N-1). Therefore, the chip wallet (N-1) can be realized by a semiconductor chip, a chip set, a board, or the like as described above.

This chip wallet (N-1) is linked to the account (N-1) in FIG. 1 for explaining the block chain remittance method. However, the blockchain does not assume a specific physical existence (for example, a semiconductor chip), but in the present invention, a secret key is confined to a semiconductor chip that is a physical existence, and corresponds to a node on a network or a virtual currency account. There is a feature in making it.

In the chip wallet (N-1), in addition to the secret key (N-1), the chip authentication (N-1) generated from the randomness inherent in the semiconductor chip and the secret key and public key based on the El Gamal algorithm Is installed. That is, first, chip authentication (N-1) is used as a secret key, or a secret key is generated by some method from chip authentication (N-1). The secret key is input to an El Gamal type key generation device to generate a public key (N-1). Here, the private key (N-1) and the public key (N-1) form a one-to-one pair. The public key (N-1) becomes a logical address on the network of the corresponding account (N-1), and the secret key (N-1) is confined in the chip wallet (N-1).

As described above, in this embodiment, the chip authentication is used as it is as a secret key, or the chip authentication is appropriately converted into a secret key. This secret key is input to the key generation device, and a public key that forms a pair with this secret key is generated. However, it is very difficult to reproduce the secret key from at least the public key. There are a plurality of such key generation algorithms. In the present embodiment, as an example, the El Gamal method (
reference. ) Is desirable. A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms; Taher Elgamal; IEEE Transactions on Information Theory, vol. 31 Issue 4, 1985, pp. 469-472.

At this time, since the key generation device is an El Gamal type, it can be called an El Gamal type chip wallet.

In the El Gamal method, first, a large prime number p and its primitive root g are determined. The prime number p and the primitive root g can be selected according to the design specification and stored in another module in the key generation device or chip wallet. Next, a non-negative integer x smaller than p−1 is randomly selected as a secret key. In this embodiment, as an example, a secret key can be obtained by performing appropriate code conversion from chip authentication. Subsequently, a remainder obtained by dividing the x-th power of the primitive root g by p is used as a public key, and a secret key is confined in a chip wallet. Only the public key can be used externally and used as the logical address of the account on the network.

In the method of preparing the large prime number p, as an example, an appropriate integer k is subtracted from the chip authentication to check whether the prime number is a prime number. If it is a prime number, let p be the prime number. If it is not a prime number, an appropriate integer k is further subtracted to check whether it is a prime number. This is repeated to determine the prime number p.

At this time, k may be a security parameter. For example, it is possible to select a random number from an integer within a certain range using a physical random number generation or a pseudo-random number and set it as the security parameter k. Alternatively, the synthesis can be repeated until a combination of chip authentication and k by some method becomes a prime number. In any case, as long as the chip authentication is sufficiently large as a numerical value, p becomes a sufficiently large prime number, and the selection of the security parameter k becomes more diverse.

The physical random number generator for generating a physical random number can be included in the chip wallet, or can be one installed outside the chip wallet. In the latter case, a random number is given as an external input. The same applies when pseudorandom numbers are generated by software. Here, the chip authentication and k combining method can perform all arithmetic operations of addition, subtraction, multiplication, and division and combinations thereof, or any bit operation as much as possible. In any case, p is a sufficiently large prime number as long as the chip authentication or the external input is sufficiently large as a numerical value.

In any case, as an example, the method for obtaining the prime number p from the chip authentication includes a combining step of combining the chip authentication and a suitably given variable (k as an example) as shown in FIG. A determination step for determining whether the number is a prime number, and repeating the synthesis step and the determination step until a prime number is actually obtained.

Furthermore, in the present embodiment, as an example, the remainder obtained by dividing the chip authentication by p−1 can be used as a secret key. This is input to the key generation device to generate a public key.

Alternatively, an internal input may be added to chip authentication from another part of the semiconductor chip constituting the chip wallet. That is, the remainder obtained by dividing chip authentication and the internal input by some calculation and dividing by p−1 can be used as the secret key. This is input to the key generation device to generate a public key.

There are various methods for the synthesis. For example, addition, subtraction, multiplication, division, a combination of these arithmetic operations, a logical operation, and any other bit operation as much as possible can be used.

FIG. 33 shows an example of a method for connecting a chip wallet to the block chain of FIG. However, as an example, the chip wallet adopts an El Gamal type.

Here, remittance (N-2, N-1) is performed from node (N-2) to node (N-1), and remittance (N-1, N) is transferred from node (N-1) to node (N-1). To N). As in FIG. 1, each node has an account consisting of a public key, a hash value, and an electronic signature at the bottom. On the other hand, the upper stage includes a chip wallet including a key generation device, an authentication device, and a secret key. Here, N is a natural number associated with a node, and the node (N) is composed of a chip wallet (N) and an account (N).

Focus on the rightmost node (N) to see how it works. The hash value (N-1) is the contents of the account (N), and is generated by the following method at the previous node (N-1). First, the public key (N-1) that is the logical address of the account (N-1) on the network, the hash value (N-2) that is the contents of the account (N-1), and the electronic signature (N-2) Are hashed together to obtain a hash value (N-1). A hash function may be used for hashing. There are many hash functions such as MD2, MD4, MD5, RIPE-MD160, SHA-256, SHA-384, and SHA-512. Among them, SHA-256 is used in bitcoin as an example.

The node (N-1) obtains the public key (N), which is the logical address on the network of the account (N), and encrypts it with the private key (N-1) together with the hash value (N-1) To do. The digital signature (N-1) is sent to the account (N) along with the hash value (N-1). Account (N) hashes the public key (N), hash value (N-1), and digital signature (N-1) together to generate a hash value (N), and the account ( N + 1). Since the generation method of the electronic signature (N-2) and the electronic signature (N) is the same as the generation method of the electronic signature (N-1), description thereof is omitted.

In this way, the description is exactly the same as the description of the bit coin of FIG. 1 except that the secret key is included in the chip wallet. Thus, the present invention is fully compatible with conventional blockchains.

On the other hand, the crucial difference from FIG. 1 is the presence of a chip wallet. The public key stored in the lower account is generated by the upper chip wallet using a predetermined physical generation process, and is paired with a secret key confined in the corresponding chip wallet. It is what makes. Further, the chip wallet is a semiconductor chip, a chip set, or a board, which is a physical reality, and is different from a logical existence.

Alternatively, the secret key can be generated when an electronic signature is generated, and can be deleted after the generation of the electronic signature is completed. In any case, it is the same as being “confined” if it does not go outside the chip wallet, and does not depart from the concept that characterizes the present invention.

As described above, the El Gamal method is assumed as the method for generating the secret key and the public key, and the second embodiment has been described. However, this is merely an example, and any other key generation method may be adopted as long as the key generation device accepts any input associated with chip authentication or chip authentication and generates a public key. .

(Third embodiment)

FIGS. 34-36 illustrate an example of a method for inputting external input to the chip wallet. In FIG. 34, a secret key paired with a public key that is a logical address on the network of the chip wallet is included in the chip wallet. FIG. 35 shows an example of employing an RSA type chip wallet. FIG. 36 shows an example in which an El Gamal type chip wallet is employed. As described above, the chip wallet can be an RSA type chip wallet as shown in FIG. 29 as an example, or an El Gamal type chip wallet as shown in FIG. 32 as another example. Alternatively, as another example, a chip wallet that employs another encryption key generation algorithm may be used.

As shown in FIG. 34, it is possible to input an external input from the outside of the chip wallet and change the generated electronic signature. Alternatively, as shown in FIG. 35 or FIG. 36, it is possible to input an external input to the key generation device and change the generated private key / public key pair. Such a feature is useful when sharing the same chip wallet with multiple accounts. In other words, different external inputs result in different accounts even if the chip wallet is the same. Also, if the chip wallet is different, it is a different account even if the same external input is input.

For example, external input is digital code information such as passcode, PIN code, barcode, QR code (registered trademark), fingerprint information, vein information, retinal information, DNA for starting any application running on the network. Information, other biological information that identifies the authorized user of the app, voice / image information that can characterize the individual extracted from the voice or image of the authorized user, physical information that can characterize the individual extracted from the physical characteristics of the authorized user, etc. , And other personal information that can be used to identify authorized users.

As another example, external input refers to digital code information such as passcode, PIN code, barcode, QR code (registered trademark), fingerprint information, veins, etc. that are requested to the user as needed by some application operating on the network Extracted from information, retina information, DNA information, other biological information that identifies authorized users of the app, voice / image information that can identify individuals extracted from the voice and images of authorized users, physical characteristics of authorized users, etc. Physical information that can characterize individuals, and other personal information that can characterize authorized users.

As yet another example, external input is digital code information such as a passcode, PIN code, barcode, QR code (registered trademark) for starting an information terminal in which some application that operates on the network is installed, Fingerprint information, vein information, retina information, DNA information, other biological information that identifies the authorized user of the app, voice / image information that can identify individuals extracted from the voice and images of the authorized user, physical characteristics of the authorized user Body information that can characterize individuals extracted from the above, and other personal information that can characterize regular users.

Alternatively, as another example, the external input is a special mode acquisition code for acquiring a physical random number generated in a state unique to the semiconductor chip constituting the authentication device by some physical process. Here, the special mode acquisition code is a code that designates at least an access mode, an address, and an operation mode for data in the chip.

Alternatively, the external input may be configured by a combination of the plurality of external inputs.

It is also possible to combine an internal input stored in advance in the chip wallet with an external input for use. This synthesis method can perform addition / subtraction / division / division, a combination thereof, or any bit operation as much as possible.

As an example, chip authentication and external input or internal input are combined by some method to obtain an integer. Subtract an arbitrary integer k from this integer to see if it is a prime number. If it is a prime number, let p be the prime number. If it is not a prime number, subtract k to see if it is a prime number. The prime number p is determined by repeating this. This prime number can be used in both the RSA type key generation device and the El Gamal type key generation device.

At this time, k may be a security parameter.

As an example, the security parameters can be stored inside the chip wallet as an internal input.

As an example, the security parameters can be generated inside the chip wallet. In this case, the security parameter can be regarded as an internal input.

As an example, the security parameter can be externally given to the chip wallet as an external input.

As an example, the security parameter can be randomly selected from an integer within a certain range using a physical random number or a pseudo-random number.

The physical random number generator for generating a physical random number can be included in the chip wallet, or can be one installed outside the chip wallet. In the former case, a physical random number is given as an internal input. In the latter case, a physical random number is given as an external input.

When pseudorandom numbers are generated using software outside the chip wallet, these pseudorandom numbers can be regarded as external inputs. When generating a pseudo-random number using software inside the chip wallet, this pseudo-random number can be regarded as an internal input.

In any case, the chip authentication and the method of obtaining the prime number p from the external input or the internal input, for example, as shown in FIG. 30, a synthesis step of combining the chip authentication and an appropriately given variable (for example, a security parameter). And a determination step for determining whether or not the combined number is a prime number, and repeating the combination step and the determination step until a prime number is actually obtained.

As yet another example, the external input can be the primitive root g.

As another example, a primitive root g can be obtained by combining an external input and an internal input by some method. This synthesis method can perform all arithmetic operations and combinations of addition, subtraction, multiplication, and division, or any bit operation as much as possible.

(Fourth embodiment)

The chip authentication (chip authentication in FIGS. 29-33, 35, and 36 as an example) can be synthesized from some physical randomness extracted from a cell array in a semiconductor chip having physical reality. A semiconductor chip that generates chip authentication in this way is called an authentication chip.

FIG. 37 shows an example of a cell array composed of word lines 503 and bit lines 902. An authentication element 977 is disposed where the word line 503 and the bit line 902 intersect. In this example, the number of rows (number of word lines) is N, and the number of columns (number of bit lines) is M. However, rows and columns can be interchanged at any time.

As an example, each of the authentication elements 977 has at least two terminals (a first terminal and a second terminal), one of the word line 503 and the bit line 902 is connected to the first terminal, and the other is connected to the second terminal. Connect to the terminal.

The authentication element 977 is a resistor 985 as shown in FIG. Alternatively, it is a capacitor 982 as shown in FIG. Alternatively, it is a PN junction 986 as shown in FIG. Alternatively, it is a Schottky junction 987 as shown in FIG. Alternatively, the transistor 983 is used as shown in FIG. Alternatively, as shown in FIG. 43, a DRAM cell 984 including a transistor 983 and a capacitor 982 is formed. Alternatively, as shown in FIG. 44, a variable resistance memory cell 989 including a transistor 983 and a variable resistance 981 is provided.

When the variable resistor 981 controls the resistance value with a voltage, this is a ReRAM cell. When the variable resistor 981 controls the resistance value by heating, this is PCRAM. Alternatively, as shown in FIG. 45, a magnetoresistive memory cell 990 including a transistor 983 and a magnetoresistive 980 is provided. If this magnetoresistance is a GMR film, this is an MRAM cell. If this magnetoresistance is an STT film, this is an STT-MRAM cell. Alternatively, a nonvolatile memory cell 988 with a charge storage layer as shown in FIG. The charge storage layer may be a charge trapping layer or a floating gate.

Alternatively, as shown in FIG. 47, a nonvolatile memory cell 988 with a charge storage layer arranged on a NAND array in which the bit line terminals are intentionally excluded. Alternatively, as shown in FIG. 48, the transistor 983 is arranged on a NAND type array in which the bit line terminals are intentionally excluded.

49 and 50 show another example in which the authentication element 977 is accessed using the bit line 902 and the word line 503. A specific example of the authentication element 977 in this example is the same as that described above, and a detailed description thereof will be omitted.

In any case, it is possible to acquire a physically random authentication specific to the chip from the cell array formed by the word line 503, the bit line 902, and the authentication element 977.

An example of the method will be specifically described below.

First, a word line is selected using a word line decoder, a bit line is selected using a bit line decoder, and authentication elements associated with the selected word line and bit line are selected cells.

Here, there are two types of authentication elements. When the first type is destroyed, a current easily flows when a read voltage is applied, and when it is not destroyed, a current hardly flows.

When the second type is destroyed, it is difficult to pass a current when a read voltage is applied, and when it is not broken, a current is likely to flow.

Here, the address of the bit cell (destructive bit) composed of the authentication element determined to be destructed is an array composed of a word line number and a bit line number. When a plurality of cells are selected and read from a group of authentication elements on the cell array, a plurality of destruction bits are generally found. The distribution of the addresses of these multiple destructive bits is physically messy. Therefore, a code (chip authentication) corresponding to the distribution of the destruction bits can be obtained by arranging the addresses of the plurality of destruction bits by a predetermined method and expressing the codes. As long as the generation of the destruction bit is physically random, it is possible to obtain a physically random authentication code unique to the chip.

Let Q be the number of destruction bits and R be the number of selected cells. However, Q is a number smaller than R. At this time, the number of authentication codes is equal to the number when Q is selected from R. That is, if R is sufficiently large and the probability of the presence of a broken bit is not small enough to be ignored, the number in the case of chip authentication is very large.

Assuming that Q is 1 giga (1 billion) and R is 1 kilo (1000), the number in the case of chip authentication is approximately 10 times 6432 multiplied by 2.5. That is, when 1 trillion (10 12) authentication chips necessary for a trillion node are produced, the probability that the two chip authentications will be the same by chance is the reciprocal of 10 (6420) multiplied by 2.5 ( 4E-6421). Even if 100 trillion authentication chips are supplied, the probability that the two chip authentications coincide by chance is four times the power of −6419 (4E-6419).

Thus, no matter how many chip wallets are produced, the probability that two chip wallets will accidentally have the same chip authentication is virtually zero.

A Q of 1 G and an R of 1 km corresponds to a defective rate of 1 / 1,000,000. That is, even if it is assumed that the defect rate is so low that the authentication chip achieves six sigma (3.4 / 1,000,000 or less), the probability that the two chip wallets will accidentally have the same chip authentication is almost zero. I can say that.

Considering Six Sigma (3.4 / 1,000,000 or less), it is not a problem to use 1 kilobit corresponding to 1 / 1,000,000 or less for other purposes in a 1 gigabit memory chip product. Therefore, 1 kilobit is allocated to the cell array for the authentication element, and some stress is applied to the cell array for the authentication cell to destroy exactly half. At this time, the number in the case of chip authentication is about 2.7 times 10 to the 299th power. In other words, even if 100 trillion chip authentications are supplied, the probability that the chip authentications of the two chip wallets coincide by chance is 2.7 times 10 to the power of −285 (3.7E-286). That is, it is practically almost zero.

The stress includes various types such as an electrical stress, an optical stress, a mechanical stress, and an electromagnetic field stress.

As an example of the electrical stress, first, all the cells of the cell array for the authentication cell are selected simultaneously, and a high voltage pulse is applied to all the selected cells. When each cell is read and the number of non-destructive bits is smaller than the number of destructive bits, only the non-destructive bits are selected and the second high voltage pulse is applied. This process is repeated until the number of non-destructive bits is approximately the same as the number of destructive bits.

As an example of optical stress, a certain amount of X-rays, ultraviolet rays, or the like is irradiated to the authentication element cell array before assembly. The amount of irradiation is adjusted so that the number of non-destructive bits and destructive bits is approximately the same.

One example of mechanical stress is bending the authentication chip. However, since stress is similarly applied to a cell array other than the authentication element cell array, this method is effective only when the entire chip is used as the authentication element cell array.

An example of electromagnetic field stress is exposing the authentication chip to a strong electromagnetic field. However, since stress is similarly applied to a cell array other than the authentication element cell array, this method is effective only when the entire chip is used as the authentication element cell array.

In any case, the chip authentication is physically generated randomly as long as the destruction of the authentication cell occurs stochastically. Further, as long as the probability that the two chip authentications coincide by chance is practically almost zero, the chip authentication described in FIGS. 29-33, 35, and 36 is sufficiently valid.

In this way, it is possible to generate chip authentication by intentionally destroying it randomly.

(Fifth embodiment)

Some memory products are provided with redundant bit lines for replacing bit lines in which defective bits are generated in consideration of the occurrence of defective bits in memory cells at a certain rate or less in advance. The causes of such defects are various and depend on manufacturing variations in the manufacturing stage and naturally occurring variations in the physical formation process of the members. Redundant bit lines are usually not included in the bit capacity of memory chip products. See FIG. 51 as an example.

In FIG. 51, the bit line group arranged in the row direction is divided into two groups. One is a redundant bit line group consisting of a plurality of redundant bit lines, and the other is a normal bit line group consisting of normal bit lines. Let N be the number of rows in the normal bit line group and L be the number of rows in the redundant bit line group. N and L are non-negative integers, and N is larger than L. The bit capacity of the memory product corresponds to the number of cells included in this normal bit line group.

If it is found by inspection before shipment that a defective bit satisfying a certain condition is generated in the normal bit line group, the address of the normal bit line including the defective bit is assigned to one redundant bit in the redundant bit line group. Assign to a line. Such replacement (reading replacement A, replacement B in the figure) is performed for each normal bit line including a defective bit, and the defective bit can be substantially removed.

More specifically, a peripheral memory (for example, a fuse memory or the like) in which a bit line number of a bit line that has been found defective in a pre-shipment inspection and a bit line number of a redundant bit line that replaces the bit line are mixedly loaded in the peripheral area ). In the present embodiment, the information recorded in the peripheral memory plays the same role as the chip authentication.

An example of a memory chip that satisfies these conditions is a DRAM. In addition, a flash memory, a phase change memory, a resistance change memory, a magnetoresistance change memory (MRAM), a spin torque type MRAM (STT-MRAM), and the like can be considered.

Assuming that the number of unrecoverable defective bits detected in the pre-shipment inspection is m, the number in that case is a combination of selecting m from N. That is, C (N, m). Taking into account which redundant bit line is to be replaced with each other, the number of cases must be further multiplied by the number of permutations in which m is selected from the upper rank of m and arranged from L. That is, C (N, m) P (L, m). In other words, the number of cases even when underestimated is about C (N, m).

In the case of a typical 4-gigabit DRAM product, for example, the number of redundant bit lines is about 153,000 with respect to the total number of bit lines of 6,550,000. That is, the number of rows in which defective bits are generated on the bit lines in the regular bit group for some reason can be allowed as a mass production DRAM up to about 153,000. At this time, the number in the case of reassignment to the redundant bit line is equal to the combination of selecting 153,000 out of 6,550,000. When calculated, it becomes about 315 to the power of 289. That is, even if 100 trillion authentication chips are supplied, the probability that the two chip authentications will coincide is 10 −315, the power of 275 (1E-315, 275). Thus, it can be seen that the probability that the two chip wallets accidentally have the same chip authentication is virtually zero.

In this embodiment, the bit line and the word line can be interchanged. That is, when word lines are arranged in the row direction instead of bit lines, the number of combinations for selecting 3,044 from 4.4 million word lines may be calculated. This is approximately 2.9 × 10 to the power of 10,938. Although it is much less than the number in the former case, it is still a terribly large number. That is, even if 100 trillion authentication chips are supplied, the probability that the two chip authentications will coincide is 10 −10,924 (1E-10,924). Thus, it can be seen that the probability that the two chip wallets accidentally have the same chip authentication is virtually zero.

In this way, it is possible to generate a chip certificate having a very large information entropy. It should be noted here that in the present embodiment, no extra bit is allocated to generate chip authentication. That is, the redundant bit line (or redundant word line) is already mounted on the product memory chip, and the peripheral memory for recording the replacement information is the same.

(Sixth embodiment)

All the above embodiments are premised on a chip wallet (for example, FIG. 29 or FIG. 32). However, as described above, the chip wallet may be a single semiconductor chip or a chip set in which a plurality of semiconductor chips are combined. Alternatively, an apparatus in which one or more semiconductor chips and other electronic components are combined may be used. Alternatively, an apparatus in which one or more semiconductor chips and a magnetic medium are combined may be used. Alternatively, an apparatus in which one or more semiconductor chips are combined with an optical component or an optical medium may be used. Alternatively, an apparatus in which one or more semiconductor chips and mechanical parts are combined may be used. Alternatively, an apparatus in which one or more semiconductor chips and a chemical material are combined may be used. Alternatively, an apparatus in which an electronic component and a magnetic medium are combined may be used. Or the apparatus which combined the electronic component, the optical component, and the optical media may be sufficient. Or the apparatus which combined the electronic component and the mechanical component may be sufficient. Or the apparatus which combined the electronic component and the chemical material may be sufficient. Alternatively, an apparatus that combines a mechanical part and a magnetic medium may be used. Alternatively, an apparatus in which a mechanical part and an optical part or an optical medium are combined may be used. Alternatively, an apparatus that combines mechanical parts and chemical materials may be used.

In any case, such devices are collectively referred to as hardware. Unlike the logical nodes on the network, such hardware has a physical reality. Therefore, if the secret key is confined in this hardware, all the above embodiments can be realized.

Let's call the hardware that locks the secret key and links it to the account on the network. However, some ingenuity is necessary to keep the secret key in the hardware.

FIG. 52 shows an example of such a hard wallet. The trapped secret key (N-1) is input to the key generation device, and a public key (N-1) is generated. This public key (N-1) is taken out of the hard wallet and becomes the logical address of the account (N-1) on the network. Since it is self-evident, it is not particularly shown, but the account (N-1) is a hash value (N-) that is the contents of the account (N-1) together with the public key (N-1), as in FIGS. 2) and electronic signature (N-2)

This key generation device is an El Gamal type, and this hard wallet (N-1) is an El Gamal type hard wallet. The hard wallet (N-1) constitutes a node (N-1) that is a logical node on the network together with the account (N-1). As shown in FIG. 53, it is possible to add an external input to the key generation device when generating the public key (N-1). Since this external input is the same as that described with reference to FIG.

As an example, the secret key (N-1) is chip authentication unique to the semiconductor chip constituting the hard wallet (N-1). In this case, the hard wallet (N-1) is a chip wallet (N-1).

The secret key (N-1) can be generated from the internal input (N-1) inside the hard wallet (N-1) as shown in FIG. The method for generating the secret key (N-1) from the internal input (N-1) may be any method. As an example, the generation method is format conversion for adjusting the code format of the secret key. As an example, the generation method is common key cryptography or the like. In this case, a common key (passcode) can be input from an external input as shown in FIG. 53, and the encrypted internal input (N-1) can be used as a secret key (N-1). As an example, the internal input (N-1) is specific information extracted from chemical materials, optical media and optical components, magnetic media and magnetic components, mechanical components, and the like. Alternatively, it is also possible to generate the secret key (N-1) from the internal input (N-1) after adding an arbitrary operation from the outside in combination with the external input of FIG. The internal input (N-1) can also include parameters that affect the operation of the algorithm for generating the secret key (N-1).

As an example, the internal input (N-1) is chip authentication specific to the semiconductor chip constituting the hard wallet (N-1). In this case, the hard wallet (N-1) is a chip wallet (N-1).

FIG. 55 shows an example in which an RSA type key generation device is mounted on a hard wallet (N-1). Therefore, this hard wallet is an RSA type hard wallet.

The hard wallet (N-1) includes at least an internal input (N-1) and a key generation device. The internal input (N-1) is input to the RSA type key generation device, and a pair of secret key (N-1) and public key (N-1) is generated. This public key (N-1) is taken out of the hard wallet and becomes the logical address of the account (N-1) on the network. Since it is self-evident, this account (N-1) is not particularly shown, but the hash value (N-1), which is the contents of the account (N-1), together with the public key (N-1), is the same as in FIGS. -2) and digital signature (N-2) as components.

The hard wallet (N-1) constitutes a node (N-1) that is a logical node on the network together with the account (N-1). Also, as shown in FIG. 56, when generating the secret key (N-1) and the public key (N-1), it is possible to add an external input to the key generation device. Since this external input is the same as that described with reference to FIG. 35 and the like, detailed description thereof is omitted.

54 to 56, as an example, the internal input (N-1) is chip authentication unique to the semiconductor chip constituting the hard wallet (N-1). In this case, the hard wallet (N-1) is a chip wallet (N-1).

Alternatively, in any of FIGS. 54 to 56, the internal input (N-1) can include chip authentication specific to the semiconductor chip constituting the hard wallet (N-1). In this case, the hard wallet (N-1) is the chip wallet (N-1), and the internal input (N-1) affects the process of generating the private key (N-1) and public key (N-1). Can be included. Such parameters are determined by system reasons, code format reasons, algorithm control reasons, and the like.

A system composed of a plurality of hard wallets can be composed of a plurality of types of hard wallets. As an example, it is possible to include both RSA type hard wallets and El Gamal type hard wallets.

In any case, the hard wallet (N-1) contains at least a private key (N-1) that forms a pair with the external public key (N-1). Furthermore, a key generation device is provided that generates a public key (N-1) that forms a pair with at least the secret key (N-1) regardless of the type of algorithm. Thus, FIG. 57 shows a general form of a hard wallet having all the conditions so far. In other words, an example of FIG. 57 is shown in FIGS. FIG. 58 illustrates a mechanism of digital data communication (transfer of virtual currency as an example) between accounts configured using this general form of hard wallet. Since it is self-evident and will not be described in detail, FIG. 58 may include the external input and the internal input of FIGS. Therefore, the cases of FIG. 30 and FIGS. 34 to 36 can also be included. When the hard wallet is a chip wallet, an example of FIG. 57 is FIG. 29 or FIG.

In FIG. 58, remittance (N-2, N-1) is performed from node (N-2) to node (N-1), and remittance (N-1, N) is transferred from node (N-1) to node. To (N). As in FIG. 1, each node has an account consisting of a public key, a hash value, and an electronic signature at the bottom. On the other hand, the upper stage is provided with a chip wallet composed of a key generation device, chip authentication and a secret key. Here, N is a natural number associated with a node, and the node (N) is composed of a chip wallet (N) and an account (N). In this respect, it differs from the conventional block chain remittance process described in FIG.

Focus on the rightmost node (N) to see how it works. The hash value (N-1) is the contents of the account (N), and is generated by the following method at the previous node (N-1). First, the node (N-1) has a public key (N-1) that is a logical address on the network of the account (N-1), a hash value (N-2) that is the contents of the account (N-1), The digital signature (N-2) is hashed together to obtain a hash value (N-1). A hash function may be used for hashing. There are many hash functions such as MD2, MD4, MD5, RIPE-MD160, SHA-256, SHA-384, and SHA-512. Among them, SHA-256 is used in bitcoin as an example.

Furthermore, the node (N-1) obtains the public key (N) which is the logical address on the network of the account (N) and encrypts it with the secret key (N-1) together with the hash value (N-1). To generate an electronic signature (N-1). This is sent to the account (N) together with the hash value (N-1). In account (N), public key (N), hash value (N-1) and digital signature (N-1) are hashed together to generate hash value (N), and the account ( N + 1). Since the generation method of the electronic signature (N-2) and the electronic signature (N) is the same as the generation method of the electronic signature (N-1), description thereof is omitted.

In this manner, the description is exactly the same as the description of the bit coin of FIG. 1 except that the secret key is included in the hard wallet. Thus, the present invention is fully compatible with conventional blockchains.

On the other hand, the decisive difference from FIG. 1 is the presence of a hard wallet. The public key stored in the lower account is generated by the upper hard wallet using a predetermined physical, electronic, chemical, optical, mechanical, and magnetic generation process. As described above, destruction of the authentication element, which is an electronic device, defective bits, and the like occur physically randomly. The public key is a pair with the private key confined in the corresponding hard wallet. Furthermore, a hard wallet is hardware that is a physical reality and is different from a logical existence.

Alternatively, the secret key can be generated when generating an electronic signature and deleted after the generation of the electronic signature is completed. In any case, it is the same as being “confined” if it does not go outside the hard wallet, and does not depart from the concept that characterizes the present invention.

There are multiple types of secret key and public key generation methods. As an example, the RSA method or the El Gamal method can be considered. However, this is only an example, and as long as the key generation device accepts some input individually associated with the hardware making up the hardware wallet and generates a private key and public key, any other algorithm is used to generate the key. A method may be adopted.

Any input associated with the hardware that makes up the hard wallet that the key generator accepts is generated using a predetermined physical, electronic, chemical, optical, mechanical, or magnetic generation process. It is. However, it is desirable that the input reflects the randomness inherent in hardware when the code is converted and extracted.

As an example, the randomness is randomness caused by an uncontrollable distribution on the cell array of destructive elements generated by applying an appropriate stress to the semiconductor chip.

As an example, the randomness is randomness caused by an uncontrollable distribution of defective bits mixed in a semiconductor chip manufacturing stage on the cell array.

As an example, the randomness is an optical randomness caused by an uncontrollable distribution of molecular defects that are chemically mixed when an optical material is applied to an apparatus surface, a substrate surface, a wafer surface, or the like.

As an example, the randomness is a magnetic randomness caused by an uncontrollable distribution of molecular defects that are chemically mixed when a magnetic material is applied to a device surface, a substrate surface, a wafer surface, or the like.

As an example, the randomness is mechanical randomness caused by an uncontrollable mechanical operation error of a precision machine composed of a plurality of parts including a slight error.

Such a hard wallet satisfies the following conditions.
(7) Two secret keys stored in two different hardware are different from each other.
(8) One secret key shall be stored in one hardware.
(9) It is assumed that the private key stored in the hardware cannot be taken out of the hardware.
(10) If possible, it is assumed that the secret key is linked in some way with randomness inherent in hardware. Thus, the secret key is unique to the hardware to be confined.

The above conditions (7) to (10) are equivalent to the conditions (3) to (6) for the chip wallet, respectively, if the chip wallet is replaced with a hard wallet. Therefore, detailed description is omitted.

The randomness unique to the hardware described in the above (10) is, for example, randomness specific to a semiconductor chip. For example, the authentication element is broken or defective bits are distributed. At this time, it is obvious that this hardware is a chip wallet.

Alternatively, the randomness unique to the hardware described in the above (10) is, as an example, randomness specific to an optical device or an optical material.

Or the disorder | damage | failure intrinsic | native to the hardware as described in said (10) is a disorder | damage | failure intrinsic | native to a magnetic apparatus or a magnetic material as an example.

Alternatively, the randomness unique to the hardware described in (10) is, as an example, randomness specific to a mechanical device.

Alternatively, the randomness unique to the hardware described in the above (10) is, as an example, randomness specific to a chemical material.

The hash value in FIG. 58 is signed processing information (or digital information) transferred between accounts associated with the hard wallet. If this signed digital information has monetary value, it becomes a virtual currency such as bit coin, but this is only a special example. In addition, since all work necessary for remittance (N, N + 1) is completed on the account (N) side, it is possible to keep the secret key in the hard wallet (N).

Alternatively, the hash values in FIGS. 31, 33, 35, and 36 are signed processing information (or digital information) transferred between accounts associated with the chip wallet. If this signed digital information has monetary value, it becomes a virtual currency such as bit coin, but this is only a special example. In addition, since all work necessary for remittance (N, N + 1) is completed on the account (N) side, it is possible to keep the secret key in the chip wallet (N).

Specifically, the account (N) first hashes the hash value (N-1), public key (N), and electronic signature (N-1) that are the contents of the account (N) into a hash value ( N). This can be temporarily stored inside the account (N). Next, the public key (N + 1) that is the logical address on the network of the account (N + 1) that is the transfer destination of the process is acquired. Next, the hash value (N) and public key (N + 1) are encrypted together using the secret key (N) confined inside the hard wallet (or chip wallet as an example) linked to the account (N). . Thus, an electronic signature (N) is generated. Finally, the generated electronic signature (N) and hash value (N) are both sent to the account (N + 1).

Therefore, there is no need to take out the secret key outside the chip wallet.

In this way, a pair of a secret key and a public key is generated according to randomness (chip authentication as an example) assigned to hardware (as an example, a semiconductor chip) that is a physical reality in some way. The public key is used as a logical address of an account on the network, and the secret key is preferably confined in a hard wallet (for example, a chip wallet). Alternatively, it is desirable that the private key be generated inside a hard wallet (for example, a chip wallet) every time an electronic signature is generated and deleted after the electronic signature is generated.

(Seventh embodiment)

FIGS. 59 and 60 show an example of a method of utilizing a hard wallet that satisfies the above conditions (7) to (9) at a virtual currency exchange. In FIG. 59, the hardware (hardware wallet) in which the private key stored from the customer is confined is contacted with the server in some form, and the electronic signature is generated while the private key is confined in the hardware. As an example, it is desirable to mount the server interface according to a predetermined format. Alternatively, as an example, it is desirable to mount a part of a board constituting the server according to a predetermined interface. Alternatively, it is desirable to connect to a part of a board constituting the server according to a predetermined interface.

However, FIG. 59 is equivalent to the chip wallet of FIG. 27 replaced with a hard wallet.

Note that the secret key confined in the hard wallet can be encrypted with the common key encryption in the same manner as the secret key confined in the chip wallet.

In FIG. 60, a secret key encrypted using common key encryption is deposited from a customer and stored in hardware to form a hardware wallet. Alternatively, a hard wallet having a unique internal input is deposited from a customer and encrypted with a common encryption key (passcode) input by the customer from outside to generate a secret key. This secret key is confined in the hard wallet. In this case, it is necessary to request the customer to input a passcode (common key) when generating an electronic signature, as in the case of using the chip wallet of FIG. As an example, the customer's mobile terminal is requested to input a passcode via the network, and when the customer inputs the passcode, an electronic signature necessary for acting on behalf of the customer's remittance process is generated. Since it is self-explanatory, the description is omitted, but the terminal to which the customer inputs the passcode is not limited to direct or indirect, and any terminal can be used as long as the customer can manage the passcode with responsibility.

FIG. 60 is equivalent to the chip wallet of FIG. 28 replaced with a hard wallet.

In either case of FIG. 59 and FIG. 60, an account registered on the exchange (account inside the exchange) and an account existing outside the exchange may form one network via the Internet. I can do it. Further, by using the electronic signature generated by the above-described method, virtual currency can be sent between any accounts on the network by the same method as described in FIG. Accordingly, it becomes possible to exchange virtual currency between two accounts registered in the exchange, and from the account registered in the exchange, using the electronic signature generated by the above-described method, FIG. The virtual currency can be sent to any account outside the exchange via the Internet in the same manner as described above. In addition, an account registered with this exchange via the Internet in the same manner as described in FIG. 1 or the like using an electronic signature generated by the above-described method from an arbitrary account outside the exchange. It is also possible to send virtual currency.

As described above, the account registered in the exchange proposed by the present embodiment is desirably managed in association with the hard wallet. Furthermore, the exchange proposed by the present embodiment exchanges signed digital information between an account registered in the exchange proposed by the present embodiment and an external account not registered via the Internet. Is possible. However, regardless of whether the account is registered on the exchange, the following conditions must be met.
(11) Secret keys associated with two different nodes are different from each other.
(12) Public keys related to two different nodes are different from each other.
(13) A secret key and a public key related to the same node form a pair.
(14) The public key is a logical address on the network of the associated node, and is an account name.
(15) The secret key is confined in the related node, and is used to generate an electronic signature necessary for sending digital information from the related node to another node.

Finally, the technical scope of the present invention is not limited to the above embodiment, and various modifications can be made without departing from the spirit of the present invention.

It is possible to provide information infrastructure technology that operates a safe and convenient virtual currency exchange at a lower cost.

The figure explaining an example of the mechanism of the remittance from a node (N-2) to a node (N). The figure explaining an example of a cold wallet. The figure explaining an example of a cold wallet. The figure explaining an example of a cold wallet. The figure explaining an example of a cold wallet. The figure explaining an example of the method of reading the private key printed on the paper with a predetermined reader, and producing | generating an electronic signature. The figure explaining an example of the method of reading the private key printed on the paper with a predetermined reader, and producing | generating an electronic signature. The figure explaining an example of the method of printing the thing which encrypted the secret key displayed in binary with common key encryption on paper, and making it a cold wallet. The figure explaining an example of the method of printing the thing which encrypted the secret key which displayed the barcode with common key encryption on paper, and making it a cold wallet. The figure explaining an example of the method of printing the thing which encrypted the secret key displayed by QR with common key encryption on paper, and making it a cold wallet. The figure explaining an example of the method of reproducing | regenerating a secret key from a cold wallet using a common key (passcode). The figure explaining an example of the method of reproducing | regenerating a secret key from a cold wallet using a common key (passcode). The figure explaining an example of the method of reproducing | regenerating a secret key from a cold wallet using a common key (passcode). The figure explaining an example of the method of producing | generating an electronic signature (N-1) using the compounded private key (N-1) produced | generated with the offline terminal in the node (N-1). The figure explaining an example of the method of producing | generating an electronic signature (N-1) using the compounded private key (N-1) produced | generated with the offline terminal in the node (N-1). The figure explaining an example of the method of preserve | saving to the other medium in an offline state the secret key compounded with the offline terminal. The figure explaining an example of the method of preserve | saving the private key read with the reader in USB memory, an optical media, a magnetic media, other semiconductor media (SSD etc.) etc. as it is. The figure explaining an example of the management method of a virtual currency exchange. The figure explaining an example of the management method of a virtual currency exchange. The figure explaining an example of the management method of a virtual currency exchange. The figure explaining an example of the operation method which does not request | require the input of a passcode (common key) to a customer, when producing | generating an electronic signature. The figure explaining an example of the operation method which does not request | require the input of a passcode (common key) to a customer, when producing | generating an electronic signature. The figure explaining an example of the operation method which does not request | require the input of a passcode (common key) to a customer, when producing | generating an electronic signature. The figure explaining an example of the management method which preserve | saves a customer's private key in the storage of the server of an exchange. The figure explaining an example of the management method which preserve | saves a customer's private key in the storage of the server of an exchange on the assumption of cooperation data protection. The figure explaining an example of the concept which moves and confines the customer's private key stored in the storage of the server of the exchange to one independent semiconductor chip. The figure explaining an example of the management method of the virtual currency exchange using a chip wallet. The figure explaining an example of the management method of the virtual currency exchange using a chip wallet. The figure explaining an example of the method of confining a secret key in a semiconductor chip. The figure explaining an example of the method of calculating | requiring a big prime number from chip | tip authentication. The figure explaining an example of the method of connecting a chip wallet to a block chain. The figure explaining an example of the method of confining a secret key in a semiconductor chip. The figure explaining an example of the method of connecting a chip wallet to a block chain. The figure explaining an example of the method of inputting external input into a chip wallet. The figure explaining an example of the method of inputting external input into a chip wallet. The figure explaining an example of the method of inputting external input into a chip wallet. 2A and 2B illustrate an example of a cell array including word lines and bit lines. The figure explaining an example of an authentication element. The figure explaining an example of an authentication element. The figure explaining an example of an authentication element. The figure explaining an example of an authentication element. The figure explaining an example of an authentication element. The figure explaining an example of an authentication element. The figure explaining an example of an authentication element. The figure explaining an example of an authentication element. The figure explaining an example of an authentication element. The figure explaining an example of an authentication element. The figure explaining an example of an authentication element. The figure explaining another example which accesses an authentication element using a bit line and a word line. The figure explaining another example which accesses an authentication element using a bit line and a word line. The figure explaining an example in which the defective bit is distributed on a cell array. The figure explaining an example of a hard wallet. The figure explaining an example of a hard wallet. The figure explaining an example of a hard wallet. The figure explaining an example of a hard wallet. The figure explaining an example of a hard wallet. The figure explaining an example of the general form of a hard wallet. The figure explaining an example of the method of connecting a hard wallet to a block chain. The figure explaining an example of the concept which moves and confines the customer's private key stored in the storage of the server of the exchange to one independent hardware. The figure explaining an example of the management method of the exchange of the virtual currency using a hard wallet.

503 Word line 902 Bit line 977 Authentication element 985 Resistance 982 Capacitor 986 PN junction 987 Schottky junction 983 Transistor 984 DRAM cell 981 Variable resistance 989 Variable resistance memory cell 980 Magnetoresistance 988 Nonvolatile memory cell 990 with charge storage layer Magnetoresistance memory

Claims (15)

In a network including at least first, second, and third nodes,

The first node is composed of a first account and a first hard wallet,
The second node consists of a second account and a second hard wallet,
The third node comprises a third account and a third secret key;

The first hard wallet includes a first secret key unique to the first hard wallet, and a first key generation device,
The second hard wallet includes a second secret key unique to the second hard wallet, and a second key generation device,

The first secret key is confined inside the first hard wallet and forms a pair with a first public key outside the first hard wallet,
The second secret key is confined inside the second hard wallet and forms a pair with a second public key outside the second hard wallet,
The third secret key is paired with a third public key,

The first public key is a logical address on the network of the first account,
The second public key is a logical address on the network of the second account,
The third public key is a logical address on the network of the third account,

The first account includes a first hash value and a first electronic signature;
The second account includes a second hash value and a second electronic signature,
The third account includes a third hash value and a third electronic signature,

The first hardware wallet is first hardware having physical reality,
The second hardware wallet is second hardware having physical reality,

The first, second, and third secret keys are different from each other,
The first, second, and third public keys are different from each other,

The second hash value is generated by hashing the first public key, the first hash value, and the first electronic signature,

The second electronic signature is generated by encrypting the second public key and the second hash value using the first secret key,

The second hash value is sent from the first account to the second account together with the second electronic signature,

The second account receives first signed digital information from the first account;

The first signed digital information includes the second hash value and the second electronic signature.

A digital information transfer system.
The network further includes a fourth node and an exchange,
The fourth node is composed of a fourth account and a fourth hard wallet,
The fourth hard wallet includes a fourth secret key unique to the fourth hard wallet, and a fourth key generation device,
The fourth secret key is confined inside the fourth hard wallet, and forms a pair with a fourth public key outside the fourth hard wallet,
The fourth public key is a logical address on the network of the fourth account,
The fourth account includes a fourth hash value and a fourth electronic signature;
The fourth hardware wallet is fourth hardware having physical reality,

The fourth secret key is different from the third secret key,
The fourth public key is different from the third public key,

The first account is registered with the exchange,
The second account is registered with the exchange,
The fourth account is registered with the exchange,

The exchange uses the second electronic signature to send the first signed digital information from the first account to the second account,

The third node has the third account outside the exchange;

The third hash value is generated by hashing the fourth public key, the fourth hash value, and the fourth electronic signature,
The third electronic signature is generated by encrypting the third public key and the third hash value using the fourth secret key,
The third hash value is sent from the fourth account to the third account together with the third electronic signature,

The third account receives second signed digital information from the fourth account,

The second signed digital information comprises the third hash value and the third electronic signature.

Second signed digital information,

The digital information transfer system according to claim 1.
The network further includes fifth and sixth nodes;

The fifth node is composed of a fifth account and a fifth secret key,
The fifth secret key forms a pair with the fifth public key,
The fifth public key is a logical address on the network of the fifth account,
The fifth account includes a fifth hash value and a fifth electronic signature;

The sixth node is composed of a sixth account and a sixth hard wallet,
The sixth hard wallet includes a sixth secret key unique to the sixth hard wallet, and a sixth key generation device,
The sixth secret key is confined inside the sixth hard wallet and forms a pair with a sixth public key outside the sixth hard wallet;
The sixth public key is a logical address on the network of the sixth account,
The sixth account includes a sixth hash value and a sixth electronic signature;
The sixth hardware wallet is sixth hardware having physical reality,

The sixth secret key is different from the fifth secret key,
The sixth public key is different from the fifth public key,

The sixth account is registered with the exchange,

The sixth hash value is generated by hashing the fifth public key, the fifth hash value, and the fifth electronic signature,
The sixth electronic signature is generated by encrypting the sixth public key and the sixth hash value using the fifth secret key,
The sixth hash value is sent from the fifth account to the sixth account together with the sixth electronic signature,

The sixth account receives third signed digital information from the fifth account,

The third signed digital information comprises the sixth hash value and the sixth electronic signature.

3. The digital information transfer system according to claim 2, wherein:
The first signed digital information is virtual currency.

The digital information transfer system according to claim 1.
The second signed digital information is virtual currency,

The digital information transfer system according to claim 2.
The third signed digital information is virtual currency,

The digital information transfer system according to claim 3.
The first secret key is generated from a first randomness associated with a physical randomness specific to the first hardware;

The second secret key is generated from a second randomness associated with a physical randomness specific to the second hardware;

The digital information transfer system according to claim 1.
At least one of the first and second randomness is randomness inherent to the semiconductor chip,

The digital information transfer system according to claim 7.
At least one of the first and second randomness is randomness inherent to the optical device or the optical material,

The digital information transfer system according to claim 7.
At least one of the first and second randomness is randomness inherent to the magnetic device or the magnetic material,

The digital information transfer system according to claim 7.
At least one of the first and second randomness is randomness inherent to the mechanical device,

The digital information transfer system according to claim 7.
At least one of the first and second randomness is randomness inherent to the chemical material,

The digital information transfer system according to claim 7.
The network further includes a seventh node;
The seventh node is composed of a seventh account and a seventh hard wallet,
The seventh hard wallet includes a seventh secret key unique to the seventh hard wallet, and a seventh key generation device,
The seventh secret key is confined inside the seventh hard wallet, and forms a pair with a seventh public key outside the seventh hard wallet,
The seventh public key is a logical address on the network of the seventh account,
The seventh account includes a seventh hash value and a seventh electronic signature;
The seventh hardware wallet is seventh hardware having physical reality,

The seventh account is registered with the exchange,

The seventh public key is generated by inputting the seventh secret key to the seventh key generation device,

The seventh secret key is generated from an internal input unique to the seventh hardware by inputting a passcode from the outside by a customer who owns the seventh account,

The exchange requests the customer to input the passcode via the network.

The digital information transfer system according to claim 3.
The seventh key generation device is an El Gamal type,

The digital information transfer system according to claim 1.

The first, second, fourth, and sixth key generation devices are either RSA type or El Gamal type,

The digital information transfer system according to claim 3.

Images