KR100870202B1 - Method and system of issuing accredited certificate using encrypted image - Google Patents

Method and system of issuing accredited certificate using encrypted image Download PDF

Info

Publication number
KR100870202B1
KR100870202B1 KR1020070119724A KR20070119724A KR100870202B1 KR 100870202 B1 KR100870202 B1 KR 100870202B1 KR 1020070119724 A KR1020070119724 A KR 1020070119724A KR 20070119724 A KR20070119724 A KR 20070119724A KR 100870202 B1 KR100870202 B1 KR 100870202B1
Authority
KR
South Korea
Prior art keywords
certificate
user
image
server
issuing
Prior art date
Application number
KR1020070119724A
Other languages
Korean (ko)
Inventor
조성우
Original Assignee
주식회사 오엘콥스
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 오엘콥스 filed Critical 주식회사 오엘콥스
Priority to KR1020070119724A priority Critical patent/KR100870202B1/en
Application granted granted Critical
Publication of KR100870202B1 publication Critical patent/KR100870202B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The present invention provides a method for issuing a public certificate using an encrypted image. In the method for issuing an accredited certificate using an encrypted image of the present invention, the method for issuing an accredited certificate using an encrypted image through a system consisting of a user terminal including an authentication plug-in, an agency server, and an authentication authority server may include: The institution server receives issuance application data including user-specific personal information and user selection image from the agency server, registers the user through the personal information, stores the user selection image, and generates a user identification code. A first step of transmitting to the agency server; A second step of the agency server receiving the user identification code from the certification authority server and issuing the user identification code to the user; A third step of the user terminal generating a signature key pair consisting of a public key and a private key and transmitting the public key and the user identification code to the certification authority server; Step 4-1, wherein the certification authority server checks whether the same as the user registration made in the first step through the user identification code received from the user terminal, by using the public key received from the user terminal. Step 4-2 to generate a public certificate, Step 4-3 to generate an envelope image by encrypting and combining the generated public certificate into the user selection image and transmitting the envelope image to the user terminal A fourth step comprising a fourth to fourth substep; And step 5-1 in which the user terminal decrypts the electronic envelope image received in step 4-4 to extract the public certificate and the user selection image, and extracts the public certificate and the user selected image. And a fifth step of storing the fifth and second substeps.

Description

Method and System for Issuing Accredited Certificate Using Encrypted Image}

The present invention relates to a method for issuing an accredited certificate using an encrypted image. In particular, in issuing, renewing, and reissuing an accredited certificate, the present invention inserts an accredited certificate to be issued, renewed, and reissued in an electronic envelope image, thereby preventing hacking and phishing. It is about how to protect the users of the certificate.

Recently, a public key and a private key are divided into encryption and decryption systems using a public key cryptosystem, so that a public key can be accessed by anyone through the directory server unit. It is authenticated by an electronic document created by. The public certificate system using the public key cryptosystem is becoming a basic premise for Internet banking and electronic commerce.

1 and 2 is a signal flow diagram illustrating a certificate issuing procedure and a certificate renewal / reissue process according to the prior art.

The current issuance of the accredited certificate proceeds with a face-to-face verification procedure at the time of initial issuance, verifying the user's identity, providing a security card, and registering it with a CA server. There is no fear of hacking or phishing on this face-to-face verification procedure. However, after the initial issuance procedure, such personal authentication information may be leaked to a hacker or a third party by transmitting personal authentication information online through a network to confirm that the user is a party user without the face-to-face confirmation procedure. There is a possibility. One of the reasons to further increase the risk is that the above personal authentication information is based on a relatively simple means based on several numbers and texts such as account number, password, and security card number, and thus is widely known as hacking such as keyboard hacking or phishing. It is possible to spill by the method. Of course, various financial institutions and certification agencies, such as keyboard hacking or anti-phishing program to provide a reality, but the hacking techniques are also developed, so the conventional certificate issue system has a problem that can not be said to be absolutely secure.

The present invention is to solve the above problems, an object of the present invention, even if the user's personal information is leaked through phishing, hacking, etc. while maintaining the existing certificate issuance, renewal and reissue system, discarded by a third party And it is to provide a method for issuing, renewing and re-issuing an accredited certificate that can prevent misuse of the accredited certificate caused by the reissue.

Another object of the present invention is to provide a recognition that can be used to increase the recognition and intuitiveness of the information, such as the use of the certificate, the use period and the validity period to the user when using the certificate in a variety of types of certificates or mobile phones with small display window It provides a way to issue, renew, and reissue certificates.

Still another object of the present invention is to provide a method for issuing, renewing, and reissuing a private certificate that can use authentication through a private authentication server as a means for authenticating a user in using a website (CP) that provides content. To provide a method that can minimize the damage caused by phishing / hacking.

The method for issuing an accredited certificate using an encrypted image of the present invention for achieving the above object, issuing an accredited certificate using an encrypted image through a system consisting of a user terminal including an authentication plug-in, an agency server, and a certificate authority server. In the method, the certification authority server receives the issuance application data including the user-specific personal information and the user selection image from the agency server, registers the user through the personal information, and stores the user selection image A first step of generating a user identification code and transmitting it to the agency server; A second step of the agency server receiving the user identification code from the certification authority server and issuing the user identification code to the user; A third step of the user terminal generating a signature key pair consisting of a public key and a private key and transmitting the public key and the user identification code to the certification authority server; Step 4-1, wherein the certification authority server checks whether the same as the user registration made in the first step through the user identification code received from the user terminal, by using the public key received from the user terminal. Step 4-2 to generate a public certificate, Step 4-3 to generate an envelope image by encrypting and combining the generated public certificate into the user selection image and transmitting the envelope image to the user terminal A fourth step comprising a fourth to fourth substep; And step 5-1 in which the user terminal decrypts the electronic envelope image received in step 4-4 to extract the public certificate and the user selection image, and extracts the public certificate and the user selected image. And a fifth step of storing the fifth and second substeps.

In a system for issuing a private certificate using an encrypted image of the present invention, in a system consisting of a user terminal including an authentication plug-in, a content provider server (CP server), and a private authentication server, the CP server may be used for each user from the user terminal. Receiving a private certificate issuance request data including information and a user selection image and transmitting the received private certificate issuance request data to the private authentication server; The private authentication server includes a step 2-1 for registering a user through the personal information and storing the user selection image, and a step 2-2 for generating a user identification code and transmitting the generated user identification code to the user terminal. Second step; A third step of the user terminal generating a signature key pair consisting of a public key and a private key and transmitting the public key and the user identification code to the private authentication server; Step 4-1, wherein the standing authentication server confirms whether it is the same as the user registration made in the first step through the user identification code received from the user terminal, by using the public key received from the user terminal. Step 4-2 to generate a private certificate, Step 4-3 to generate an envelope image by encrypting and combining the generated private certificate with the user selection image and transmitting the envelope image to the user terminal. A fourth step comprising a fourth to fourth substep; And step 5-1, wherein the user terminal decodes the envelope image received in step 4-4 to extract a private certificate and the user selected image, and extracts the extracted private certificate and the user selected image. And a fifth step of storing the fifth and second substeps.

Authorized certificate issuing system using the encrypted image of the present invention, including a user terminal, an agency server and a certification authority server, including the authentication plug-in, by collecting the issuance application data including the user's personal information and the user selection image An agency server including an issuing application data management unit for transmitting to the certification authority server and an identification code issuing unit for receiving the user identification code from the certification authority server and issuing the user identification code to the user; A key pair generation unit for generating a key pair for signature consisting of a public key and a private key, and an electronic envelope decryption unit for decrypting an electronic envelope image and extracting an authentication certificate and the user selection image and the extracted authentication certificate and the user selection A user terminal for transmitting a certificate issuance request signal including the public key generated by the key pair generation unit and the user identification code issued by the identification code issuing unit, to the certification authority server; ; And a user DB for storing personal information and the user identification code included in the issuance application data of the user, an image server unit for storing the user selection image included in the issuance application data, and a user for the user who applied for issuance of a certificate. Identification code generation unit for generating an identification code, a user registration confirmation unit for confirming the registration of the user who requested the certificate issuance by confirming the user identification code, public key, reference number and authorization included in the request for issuance of the certificate issued certificate And an electronic envelope image generating unit generating an electronic envelope image by encrypting and combining the generated public certificate with the user-selected image stored in the image server unit. The encrypted envelope image to the user terminal A certification authority server; characterized in that the configuration, including the configuration comprising a.

The method for issuing an accredited certificate using an encrypted image according to the present invention having the above configuration is a personal identification procedure using an image, not a text-based image, so input using a keyboard is not necessary, so it is difficult to obtain personal information using a keyboard hack. In addition, it can prevent the misuse of accredited accredited certificates resulting from the illegal use of third parties. In addition, the prevention of abuse of the accredited certificate has the advantage that it is possible to maintain the existing accredited certificate issuance, renewal and reissue system.

The method for issuing an accredited certificate according to the present invention provides a display screen of a list of accredited certificates by using an image of an electronic envelope, so that various types of accredited certificates exist or when the accredited certificate is used in a mobile phone having a small display window, the use of the accredited certificate to a user It can increase the perception and intuition of information such as user, institution and expiration date.

Private certificate issuing method according to the present invention, the private certificate user using the website (CP) for providing content, issuance of a private certificate that can use the authentication through the private authentication server as an authentication means for identity verification, In the renewal and reissue method, it is possible to provide a method capable of minimizing damage due to phishing / hacking.

An embodiment of the present invention describes a method for issuing an accredited certificate using an encrypted image based on a general accredited certificate issuing system at the filing date. However, the present invention is not limited to this, and since the core technical idea of the present invention is to seal and deliver a public certificate in an encrypted image, the scope of the present invention may be implemented in the following even if the public certificate issuing method is changed in the future. It is not limited to the example.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

3 is a block diagram of a system for issuing a public certificate using an encrypted image according to the present invention. The system consisting of the user terminal 1, the agency server 2 and the certification authority server 3 is the same as the system for issuing a conventional public certificate. However, there are only internal component differences.

According to the prior art, the certification authority server is interlocked with the directory server 4 for starting the public key of the public certificate and the OCSP server 5 for starting the status information of the public certificate including issuance, revocation, and suspension of the public certificate. In addition, according to the present invention, an image server 6 is provided for registering and storing a user selected image (img_select) and an envelope image. However, for convenience, each of the linked servers is treated as a lower component of the certification authority server, which will be described as the directory server unit 4, the OCSP server unit 5, and the image server unit 6. Such handling may be implemented by each of the linked servers, but in some cases, it may be included in one certification authority server, so only one of them may not be an accurate configuration, and both configurations may be implemented. It will be said that the configuration within the scope of the invention.

4 and 5 show a signal flow diagram for a method for issuing an accredited certificate according to an embodiment of the present invention. Here, FIG. 4 is a configuration in which the user designates the electronic envelope opening password cipher_open at the time of application for issuing an accredited certificate, and FIG. 5 shows the electronic envelope opening password cipher_open in the certification authority server 3 to notify the user. In order to ensure that the configuration of FIG. 5 after salping with reference to FIG. 4 will be described separately.

The dotted lines in FIG. 4 are implemented offline. First, a user who wants to be issued an accredited certificate has an application form containing personal information (info_personal), where the electronic envelope opening password (cipher_open) is written in the issuing application, unlike in FIG. 5. Together with the agency (financial institutions and government offices) to submit (S301). Accordingly, the agency checks the identity of the user through the identification document of the issuing applicant (S303).

After the identification, the personal information (info_personal) described above is stored in the agency server 2 through the terminal of the agency (S311). In addition, the user selection image img_select is stored together (S313). The user selection image (img_select) may be determined by three methods. This will be described later in detail with reference to FIGS. 15 to 17. At this time, the electronic envelope opening password cipher_open is also stored in the agency server 2. (When the electronic envelope opening password cipher_open is generated by the certification authority server 3, there is no such step. Look through 5.)

Issuance application data (data_application) including the user's personal information (info_personal), the user selection image (img_select) and the electronic envelope opening password (cipher_open) stored in the agency server 2 is delivered to the certification authority server (3) 321. The certification authority server 3 receiving the issuance application data (data_application) performs a user registration (S323). The user registration includes name, social security number, and other information (account number, address, telephone number, etc.) required for use of a financial institution or a public institution. In addition, the certification authority server 3 transmits the envelope image (img_envelope) to the image server unit 6, and the image server unit 6 stores the envelope image (img_envelope) (S325).

Thereafter, the certification authority server 3 generates a user identification code (code_identify) such as a reference number / authorization code (S327). The reference number is 7 digits, and the authorization code is a 20 digit code, which enables the confirmation of whether the user is registered and the same person by requesting the codes when the user issues a certificate request. However, the reference number / authorization code may be replaced with another configuration according to the development of the technology, and may be represented by a higher concept of a user identification code (code_identify). The generated user identification code (code_identify) is transmitted to the agency server 2 (S331), and is issued through the issuance of a guide to the user through the agency server 2 (S333).

The user who has completed the application procedure through the issuance of the guide executes the authentication plug-in through the user terminal to request a certificate issuance to the certification authority server 3. First, the authentication plug-in is installed (S341)-if it is already installed, it is omitted-and the authentication plug-in is executed. Then, the user terminal in which the authentication plug-in is installed generates a signature key pair consisting of a public key and a private key (S353). Thereafter, the user terminal transmits the public certificate and the certificate issuance request data (data_request) including the user identification code to the certification authority server (S345). The above steps S341 to S345 are obvious to those skilled in the art to which the present invention pertains, and thus detailed descriptions thereof will be omitted.

The certification authority server 3 receiving the certificate issuance request data (data_request) checks whether the person requesting the issuance of the certificate and the person registered as the user are the same person, and the certification authority server 3 is the user. The identity may be determined based on the user identification code code_identify such as a reference number and an authorization code received from the terminal 1 (S351).

After the user registration is confirmed or not, the certification authority server 3 generates a public certificate using the public key received from the user terminal 1 (S353), and generates the public certificate in the directory server unit ( 4) registration (S355), and the step of initiating the public certificate (S357) to the OCSP server unit 5 (S357), because it is obvious to those of ordinary skill in the field of the present invention, detailed description thereof will be omitted.

After the generation, registration, and start of the accredited certificate in the certification authority server 3, the accredited certificate should be transmitted to the user, and the method of transmitting using the encrypted image in the transmission of the accredited certificate according to the present invention. It is a major feature of, and looks at below.

The certification authority server 3 generates the electronic envelope image img_envelope by combining the generated public certificate by encrypting the user selected image img_select (S359). 8 and 9 are conceptual views schematically illustrating a process of sealing and extracting such a certificate and a user selection image (img_select). Referring to FIG. 8, a public certificate is embedded in a user selected image (img_select) (expressed as a term of suture), and then extracted (opened from the electronic envelope image (img_envelope) to extract a user selected image (img_select) and a public certificate). Set up a password for the envelope image. 9 is related to the opening of the sealed electronic envelope, and when the electronic envelope opening password (cipher_open) set at the time of sealing the electronic certificate sealed electronic envelope is separated into a user-selected image (img_select) and a certificate to be extracted Can be.

The encryption and hiding of a specific message (certificate in the present invention) such as a picture file is called steganography, and apparently there is no difference between including a password or not, and transmitting the same as a general file. see. Famous for these steganographic tools include F5 (http://wwwrn.inf.tu-dresden.de/~westfeld/f5.html) developed in Germany and a secure engine (http://wwwrn.inf.tu-dresden.de/~westfeld/f5.html) that hides text in larger text. http://www.petitcolas.net/fabien/steganography/mp3stego/), which plant secret messages in MP3s (http://www.securengine.isecurelabs.com/).

As a method for sealing the generated certificate in an electronic envelope image (img_envelope), `` Method and Computer Program Product for Hinding Information in an Indexed Color Image '' of US Patent No. 6,697,498 B2 (Registration Date 2004.2.24) may be adopted. have. However, embodiments of the present invention are not limited to the method according to the US patent, and include embodiments that can be implemented using self steganography techniques having ordinary skill in the art. Steganography method of hiding data in a digital picture file is described in `` Seganalysis of JPEG Images: Breaking the F5 Algorithm '' [ISSN 0302-9743 (Print) 1611-3349 (Online) Volume 2578/2003] (http: // www .ws.binghamton.edu / fridrich / Research /f5.pdf), which is obvious to those skilled in the art, and thus detailed description thereof will be omitted below.

According to one preferred embodiment of the present invention, in the sealing step of the envelope image (img_envelope) in step S359 the electronic envelope image (img_envelope) may include information (info_provider) of the operator of the agency. The information (info_provider) of the service provider means providing a list of information available to the user among services of the service provider. For example, if the service provider is an IPTV service provider, it may be considered to provide channel information that can be provided. The included information info_provider may be extracted by the plug-in installed in the user terminal and used by the user.

After the step (S359) of the certification authority server 3 to seal the public certificate to the electronic envelope image (img_envelope), the electronic envelope image (img_envelope) is an image server unit 6 that is linked to the certification authority server (3) (361). The certification authority server 3 notifies that the certification authority has been issued to the agency server 2 before delivering the certification certificate to the user (S363). Be prepared to provide your services.

The certification authority server 3 transmits the electronic envelope image img_envelope to the user terminal 1 (S365). The user terminal 1 receiving the electronic envelope image img_envelope receives the electronic envelope opening cipher_open input (S371) to open the electronic envelope and extracts a public certificate (S373). The opening will be described in detail with reference to the flowchart of FIG. 10 and the exemplary views of FIGS. 11 to 14.

First, as illustrated in FIG. 11, the authentication plug-in program displays an image list including an envelope image (img_envelope) and at least one fake image (S901), and prompts the user to select an image according to the user's selection. (S905). Here, it is determined whether the image selected by the user and the user-selected image img_select previously stored in the image server unit 6 match (S910). If it does not match, the authentication certificate is discarded after displaying the authentication failure message as illustrated in FIG. 14 (S940). Here, when the user-selected image and the user-selected image (img_select) match, the authentication plug-in program requests the input of the electronic envelope opening cipher_open as illustrated in FIG. 12 (S915), and the electronic envelope. It is determined whether the opening password cipher_open is matched (S920). If the electronic envelope opening password (cipher_open) does not match, the authentication certificate is discarded after displaying the screen of FIG. 14 as shown in the case of mismatch of the selected image (S940), and if the password matches, authentication is successful as illustrated in FIG. After displaying the message, the received electronic envelope image (img_envelope) is decrypted to extract the public certificate and the user selection image (img_select) (S930).

Opening the electronic envelope image (img_envelope) and extracting an accredited certificate and a user selection image (img_select) (S373), the user terminal 1 stores the extracted accredited certificate (S375), and selects the user. The image img_select is also stored (S377). The storage step (S377) of the user selection image (img_select) is also necessary because it is used as a means for identity verification in the renewal and re-issuance of the certificate, which will be described below.

In the above, the case in which the user designates the electronic envelope opening password cipher_open at the time of the application for issuance of the certificate through the signal flow diagram of FIG. 4 was described. In FIG. 5, the electronic envelope opening password (cipher_open) is not included in the application for issuance of a certificate of public certification. Therefore, the electronic envelope opening password cipher_open is not included in the issuing application of step S301 or the issuing application data (data_application) in step S321. Instead, a step (S327) of generating the electronic envelope opening password cipher_open is performed in the certification authority server 3 between steps S325 and S331. Since the embodiment of FIG. 4 and the embodiment of FIG. 5 have no configuration difference except for the creator of the electronic encapsulation opening cipher (cipher_open), the rest of the embodiment of FIG. 5 has been described with reference to FIG. 4.

According to a preferred embodiment of the present invention, the user terminal 1 includes a device capable of all electronic commerce such as a PC, a PDA or a mobile phone, and in the user terminal 1, the authorized certificate storage device includes the user terminal ( 1) local disk, optical storage device, portable storage device or IC card.

According to another embodiment of the present invention, when the user terminal 1 is a mobile phone equipped with a SIM / USIM card, the SIM / USIM card without specifying or generating the electronic envelope opening password (cipher_open) separately You can use your phone number as the password.

Up to now, the method of issuing an accredited certificate has been described through the signal flow charts of FIGS. 4 and 5. Hereinafter, a method of updating and reissuing an accredited certificate will be described through the signal flow diagram of FIG.

In order to update or reissue an authorized certificate, the user executes an authentication plug-in in the user terminal 1 and selects an update or reissue command (S510). Accordingly, the authentication plug-in generates a signature key pair consisting of a public key and a private key (S520), and transmits the certificate renewal / reissue request data to the certification authority server 3 (S530). In addition to the public key generated in step S520, the authorized certificate update / reissue request signal includes a user selection image img_select stored in the user terminal 1 through step S377 in the embodiment of FIG. 4.

The certification authority server (3) receiving the certificate renewal / reissue request data confirms whether the person requesting the certificate renewal / reissue is identical to the person registered as a user in the server, and the certificate certificate renewal / reissue request data In the exemplary embodiment of FIG. 4, the included user selected image img_select and the user registered image registered in the image server unit 6 may be determined based on the sameness (S551).

After the user registration is confirmed whether the public certificate received from the user terminal 1 using the public certificate (S553), the generated public certificate in the directory server unit 4 (S555), The step of initiating the state of the accredited certificate in the OCSP server unit 5 (S557) is also obvious to those skilled in the art to which the present invention pertains, and thus detailed description thereof will be omitted.

After the generation, registration, and start of the accredited certificate in the certification authority server 3, the accredited certificate should be transmitted to the user, and the method of transmitting using the encrypted image in the transmission of the accredited certificate according to the present invention. It is a major feature of, and looks at below.

The certification authority server 3 generates the electronic envelope image (img_envelope) by combining the generated public certificate by encrypting the user selected image (img_select) (S559). Since the method for generating the electronic envelope image (img_envelope) has been described above, a detailed description thereof will be omitted below.

After the step (S559) of sealing the accredited certificate with the electronic envelope image (img_envelope) in the certification authority server (3), the image envelope unit 6 linked with the certification authority server (3). ) Is stored in step S561. The certification authority server 3 notifies the fact that the certification certificate has been issued to the agency server 2 before delivering the certification certificate to the user (S563), and recognizes whether the certification authority has been issued by the agency. Prepare to provide services in accordance with certification.

The certification authority server 3 transmits the generated envelope image img_envelope to the user terminal 1 (565). The user terminal 1 receiving the electronic envelope image img_envelope decodes the electronic envelope image img_envelope by inputting the electronic envelope opening password cipher_open (S571), and authenticates the certificate and the user selection image img_select. Extracting step (S373, opening step), but the electronic bag opening has already been described with reference to the flow chart of Figure 10 and 11 to 14, detailed description thereof will be omitted below.

After opening the electronic envelope and extracting the public certificate (S573), the user terminal 1 stores the public certificate (575). In FIG. 4, the storing of the user selection image (img_select) in step 377 is omitted in the method of renewing / re-issuing the certificate. This is because the user selection image (img_select) is already stored in the user terminal 1 when the certificate is initially issued.

Through the above method, even when the certification certificate is renewed or reissued, it can be renewed or reissued only by accessing the online without visiting the certification body or agency directly, so that the user of the certification certificate can be facilitated. According to the prior art, when renewing / re-issuing an accredited certificate, reliability is a problem in checking the identity of the user, so that offline confirmation was essential. According to the present invention, an electronic envelope using an image having an extremely difficult hacking characteristic is present. It will be said that the problem of the prior art can be solved since the renewal / reissue process is performed using.

Hereinafter, a method of determining a user selection image (img_select) will be described with reference to FIGS. 15 to 17.

In the first method, the user selection image (img_select) selects an image that is easy for the user to remember from images provided by an agency or a certification authority. Is selected as the user-selected image (img_select). This step may also be possible through the terminal of the agency server (2).

In the second method, the user selection image (img_select) is input to the agency server 2 through the terminal of the agency directly in the form of a picture file directly selected by the user. In this case, the user should prepare the randomly selected image in advance and deliver it to the agency through a portable storage device or an e-mail. For example, if the user is very fond of the small picture shown in Fig. 16, the user may select the user's selected image (img_select). Therefore, fraudulent users can not know through the phishing or hacking what the electronic envelope of the user's official certificate.

In a third method, the user selection image (img_select) is configured in the form of a personal avatar by selecting and combining a basic configuration provided by the agency. Here, as a user selectable element, the user may select and configure a character's gender (or type of animal when represented as an animal), a hairstyle, a top, a bottom, shoes, a hat, and accessories. Providing such various selection elements can increase the complexity of the selection, thereby preventing the unauthorized user from opening the image envelope.

The above three types of user selection image (img_select) selection methods are intended to prevent unauthorized users from knowing which electronic envelopes are used by authorized certificate users. In general, fraudulent users extract personal information (info_personal) by hacking a keyboard input signal. The user selection image (img_select) selected in the above three methods uses an image associative effect. As a means, it has the effect of preventing the theft of another person.

In addition, the user selection image (img_select) may include the logo of the agency, the logo of the certification body, and the expiration date, regardless of each selection method. One embodiment will be described with reference to FIG. 17. The image selected by the user is represented in the middle (shown in the case of the third way avatar), the logo of a financial institution (agent) is displayed at the top of the image, and the certificate issuer (certificate) The logo is represented. The validity period of the accredited certificate is also expressed in the above embodiment on the right side between the user selection image (img_select) and the certification authority logo.

This user selection image (img_select) is not only used for encryption at the time of issuance of the public certificate, but as shown in FIG. 18, the user selection image (img_select) when displaying the list of public certificates in the authentication plug-in installed in the user terminal 1. ) Can be used as a method of displaying together. This configuration has the effect of increasing the recognition and intuition by allowing the user to know the purpose or expiration date of the accredited certificate even by looking at the envelope of the accredited certificate. In addition, as shown in FIG. 19, when the authentication plug-in is displayed in the authentication plug-in, thumbnails of the user selection image (img_select) may be arranged and displayed. Such a configuration would have an effect of further increasing the user's perception and intuition. FIG. 20 illustrates a screen display in the case of selecting a specific public certificate from the list of FIG. 18 or 19, and particularly illustrates a case where a mobile phone is used as the user terminal 1.

According to another embodiment of the present invention, the user selection image (img_select) may include a user registration sound recording, and the user registration sound recording may include a guide of the contents of the certification certificate notification or user information (info_personal). . Due to this configuration, the contents can be effectively delivered to the public as well as to the visually impaired.

7 is a signal flow diagram for a private certificate issuing method using an encrypted image of the present invention. According to another embodiment of the present invention, a method for issuing a private certificate using an encrypted image in a system consisting of a user terminal 1, a CP server 2, and a private authentication server 3 may be provided. . In other words, in order to solve the problem caused by the theft of social security number, login using a certificate has been adopted. Content providers (CP) adopting a login using a certificate can verify their own identity such as using a public certificate through a private certification company. Can be.

In the configuration of the invention, the agency server 2 in the issuance of the public certificate and the CP server 2 in the issuance of the private certificate correspond to each other, and in the issuance of the private certificate in the issuance of the public certificate. The authentication server 3 corresponds. However, since the private certificate does not need to be as strict as the public certificate, the personal certificate is verified by a mobile phone or e-mail rather than an offline visit. Hereinafter, only the difference will be described through comparison between the embodiment of FIG. 4 for the issuance of the public certificate and the embodiment of FIG. 7 for the issuance of the private certificate.

Compared with the issuance application in step 301 of FIG. 4, the step S601 of FIG. 7 may be performed online. Instead, as an essential requirement for identity verification, at least one specific password such as a telephone number, an e-mail address, or a virtual social security number is required. In addition, in step S303, identity verification is a direct face-to-face such as checking an identification card. In step S603 of FIG. 7, the private authentication server 3 sends an authentication number (num_identify) to the user's mobile phone or e-mail for identification. After the transmission, it is requested to input the authentication number (num_identify) to confirm that the identity through the match.

Similar to transmitting a user identification code (code_identify) such as a reference number and an authorization code to the user terminal 1 in step S331, registration confirmation including a user identification code (code_identify) such as a user serial number (num_serial) in step S630. Send a signal. The user identification code (code_identify) such as the user serial number (num_serial) is transmitted to the private authentication server 3 in step S645, and used for checking user registration in step S651 is the same as in the embodiment of FIG. However, a user ID code (code_identify) such as an electronic envelope opening cipher_open and a user serial number num_serial included in the registration confirmation signal may be transmitted through an e-mail or a mobile phone SMS. The rest of the configuration is the same as in the embodiment of Figure 4 and will be omitted below.

3 is a block diagram of a system for issuing a public certificate using an encrypted image of the present invention. The system for the implementation of the present invention is largely composed of a user terminal 1, an agency server 2 and a certification authority server 3, the three components are connected to the Internet. In addition, the certification authority server 3 is connected to the image server unit 6, the directory server unit 4, and the OCSP server unit 5 via the Internet or an intranet. The server unit 4 and the OCSP server unit 5 can be viewed as having been described above. In the case of configuring the certification authority server 3 as a separate server for each function, it is to increase the compatibility and expandability through modularization.

The directory server unit 4 and the OCSP server unit 5 will be said to have been applied to a conventional public certificate issuing system, but the image server unit 6 is a unique component of the present invention. Since the image server unit 6 is set apart, other components of the certification authority server 3 group are not required to be replaced or changed, which may have an advantageous effect on time and cost. Here, for the configuration for the private certificate issuing system, the CP server (2) instead of the agency server (2), the certification authority server 3 may be replaced only with the private authentication server (3).

The agency server 2 is possible to implement the present invention even if the conventional server configuration as it is, it will be apparent to those skilled in the art, detailed description thereof will be omitted. However, issuing an identification code for collecting the issuing application data (data_request) and receiving the issuing application data management unit for transmitting to the certification authority server and the user identification code (code_identify) to issue the user identification code (code_identify) to the user Contains wealth.

In addition, the user terminal 1 may also be equipped with various types of central processing units (CPUs) to install and execute applications and to access the Internet (for example, a PC, PDA, mobile phone, etc.). Since it can be implemented through the above, those skilled in the art can implement the necessary functions through programming. However, the application (plugin) includes a signature key pair generation module (key pair generation unit) for generating at least one pair of private and public keys; The electronic envelope opening module requesting input of an electronic envelope opening password (cipher_open) and determining whether or not the input password matches, and decrypting the electronic envelope image (img_envelope) when the password matches, the authentication certificate and the user. An authentication certificate extraction module (electronic envelope decoding unit) for extracting the selected image (img_select); And a data storage configured to store the extracted authenticity and the user selection image (img_select).

Hereinafter, only the specific configuration of the certification authority server 3 will be described in detail with reference to the drawings.

FIG. 21 is a detailed diagram illustrating the internal configuration of the certification authority server 3 in the system configuration diagram of FIG. 3.

The certification authority server (3), the user DB (10) for storing the user's personal information (info_personal, D110) and the user identification code (code_identify, D210B) contained in the user's issuance application data (data_application); An image server unit 20 which stores the user selection image img_select included in the issue application data data_application; An identification code generation unit 30 for generating a user identification code (code_identify, D210A) such as a reference number and an authorization code for the user who applied for the issuance of the public certificate; A user registration confirmation unit 40 for confirming whether or not the user who has requested the issuance of a public certificate by checking the user identification code (codeidentify, comparison between D210B and D210C); An accredited certificate generator 50 generating an accredited certificate by using the public key (D220) included in the accredited certificate issuance request data (data_request); A directory server unit 80 for starting a public key of the public certificate and an OCSP server 90 for starting status information of the public certificate including issuance, revocation, and suspension of the public certificate; An official certificate management unit (70) for registering the generated public certificate in the directory server (80) and initiating a state of the generated public certificate in the OCSP server (90); And an electronic envelope image generation unit 60 generating an electronic envelope image img_envelope by encrypting and combining the generated public certificate with the user selection image img_select stored in the image server unit 6. do.

Hereinafter, the function of the certification authority server 3 of the present invention will be described with a focus on the chronological flow of data transmitted and received between the components. A signal flow of FIG. 4 together with FIG. 21 will be described.

The certification authority server 3 receives the issuance application data (data_application) from the agency server 2 (step S321), the issuance application data (data_application) is as described above personal information (info_personal, D110) and user selection Contains an image (img_select, D120). The personal information (info_personal, D110) is transmitted to and stored in the user DB 10 (user registration in step S323). The user selection image (img_select, D120) is transmitted to the image server unit 20 and stored (step S325).

Identification code generation unit 30 generates a user identification code (code_identify, D210) (S327), and transmits the user identification code (code_identify, D210) to the agency server (2) (S331), the user DB The user identification code (code_identify, D210) is also stored in (10).

The user identification code (code_identify, D210) transmitted to the agency server is included in the certificate issuance request data (data_request) issued to the user through the user terminal 1 of the user to the certification authority server (3). Is sent. The certificate issuance request data (data_request) includes a public key (D220) generated by the key pair generator of the user terminal in addition to the user identification code (code_identify, D210).

When the certification authority server 3 receives the public certificate issuance request data (data_request) from the user terminal 1, the user registration confirmation unit 40 is a user included in the public certificate issuance request data (data_request) It is checked whether the user is registered based on the identity of the identification code (code_identify, D210) and the user identification code (code_identify, D210) stored in the user DB (S351).

When it is confirmed in step S351 as a registered user, the user registration confirmation unit 40 sends an official certificate generation command (D250) to the public certificate generation unit 50, and the public certificate generation unit ( 50) generates a public certificate (D300) using the public key (D220) included in the public certificate issuance request data (data_request) (S353). Subsequently, the certificate management unit 70 registers the generated certificate in the directory server unit 80 and starts the state of the generated certificate in the OCSP server unit 90 (S355). , S357).

The public certificate (D300) generated by the public certificate generator (50) is transmitted to the electronic envelope image generator (60), and the electronic envelope image generator (60) receiving the public certificate (D300) is the image server. Receives the user selection image (img_select, D120) stored in the unit 20, and encrypts and combines the received authentication certificate (D300) and the user selection image (img_select, 120) to generate an envelope image (D400). (S359) The electronic envelope image generating unit 60 transmits the generated electronic envelope image (D400) to the user terminal (S365). In this case, prior to the transmission of the electronic envelope image D400 to the user terminal, the official certificate management unit 70 may notify the agency server 2 of the issuance of the official certificate (S363).

The configuration and operation of the certification authority server 3 are as described above. Although the configuration of the certification authority server 3 has been described as an apparatus for performing each function, it may be implemented through a program on a computer having one or more CPUs and storage devices.

Although the preferred embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improvements of those skilled in the art using the basic concepts of the present invention defined in the following claims are also provided. Should be regarded as belonging to

1 is a signal flow diagram illustrating a conventional accredited certificate issuing process.

2 is a signal flow diagram illustrating a conventional certificate update and reissue process.

3 is a block diagram of a system for issuing a public certificate using an encrypted image according to the present invention.

4 is a signal flow diagram illustrating a process for issuing a public certificate using an encrypted image according to an embodiment of the present invention.

5 is a signal flow diagram illustrating a process for issuing a public certificate using an encrypted image according to another embodiment of the present invention.

6 is a signal flow diagram illustrating a process for updating and re-issuing an accredited certificate using an encrypted image according to the present invention.

7 is a signal flow diagram illustrating a private certificate issuing process using an encrypted image according to the present invention.

8 is a conceptual diagram showing the sealing of the electronic envelope image according to the present invention.

9 is a conceptual diagram showing the opening of the electronic envelope image according to the present invention.

11 to 14 are exemplary views for explaining the opening procedure of the electronic envelope image according to the present invention.

15 to 17 are exemplary views for explaining a method of selecting a user selection image according to the present invention.

18 to 20 is an exemplary view for explaining a method for displaying a list of certified certificates according to the present invention.

21 is an internal configuration diagram of a certification authority server according to the present invention.

Claims (34)

In a method for issuing a public certificate using an encrypted image through a system consisting of a user terminal, an agency server, and a certificate authority server including an authentication plug-in, The certification authority server receives issuance application data including user-specific personal information and user selection image from the agency server, registers the user through the personal information, stores the user selection image, and generates a user identification code. A first step of transmitting to the agency server; A second step of the agency server receiving the user identification code from the certification authority server and issuing the user identification code to the user; A third step of the user terminal generating a signature key pair consisting of a public key and a private key and transmitting the public key and the user identification code to the certification authority server; Step 4-1, wherein the certification authority server checks whether the same as the user registration made in the first step through the user identification code received from the user terminal, by using the public key received from the user terminal. Step 4-2 to generate a public certificate, Step 4-3 to generate an envelope image by encrypting and combining the generated public certificate into the user selection image and transmitting the envelope image to the user terminal A fourth step comprising a fourth to fourth substep; And Step 5-1, wherein the user terminal decodes the electronic envelope image received in step 4-4 to extract the public certificate and the user selection image, and stores the extracted public certificate and the user selection image. A method of issuing an accredited certificate using an encrypted image comprising a; The method of claim 1, The issuance application data of the first step further includes an electronic envelope opening password, The fifth step may further include a step of requesting input of the electronic envelope opening password and checking whether the password matches before the step 5-1 of extracting the public certificate. How to issue a certificate. The method of claim 1, The first step may further include the step of generating, by the certification authority server, the electronic envelope opening password and transmitting it to the agency authority server. The second step, the method for issuing a certificate using an encrypted image, characterized in that the agency server further comprises the step of issuing the electronic envelope opening password to the user. The method of claim 1, wherein the user identification code, Method of issuing a public certificate using an encrypted image, characterized in that consisting of a reference number and authorization code. The method of claim 1, The certification authority server further includes an image server unit, The method of issuing an accredited certificate using an encrypted image, wherein the storing of the user selection image in the first step is performed in the image server unit. The method of claim 1, The certification authority server further includes a directory server unit and an online certificate status protocol (OCSP) server unit. Between steps 4-2 and 4-3, the certification authority server registers the certificate created in step 4-2 with the directory server and the status of the certificate with the OCSP server. The public certificate issuing method using the encrypted image, further comprising the step of starting. The method of claim 1, wherein the fourth step, And a 4-5 sub-step of the certification authority server notifying the agency server of the issuance of the certified certificate. The method of claim 1, wherein the user-selected image of the first step, Method for issuing an accredited certificate using an encrypted image, characterized in that the user selected from the images provided by the agency or the certification authority easy to remember. The method of claim 1, wherein the user-selected image of the first step, Method for issuing an accredited certificate using an encrypted image, characterized in that the image selected by the user directly submitted to the agency in the form of a picture file. The method of claim 1, wherein the user-selected image of the first step, Method for issuing an accredited certificate using an encrypted image, characterized in that the configuration in the form of an avatar by selecting and combining from the basic configuration provided by the agency. The method of claim 1, wherein the user-selected image of the first step, Method of issuing an accredited certificate using an encrypted image, comprising the logo of the agency, the logo of the certification authority and the expiration date. The method of claim 1, The first step may further include storing a user registration sound source. The user registration sound source, a method for issuing an accredited certificate using an encrypted image, characterized in that the information contained in the notification information or certification information of the public certificate. The method of claim 1, wherein the user terminal, Method for issuing an accredited certificate using an encrypted image, characterized in that any one of PC, PDA or mobile phone. The method according to any one of claims 2 to 3, The user terminal is a mobile phone equipped with a SIM / USIM card, The electronic envelope opening password is a method of issuing a public certificate using an encrypted image, characterized in that the phone number of the SIM / USIM card. The method of claim 1, wherein in the 4-3 substep, The public certificate issuing method using the encrypted image, characterized in that it further comprises the operator information of the agency when generating the electronic envelope image. The storage device of claim 1, wherein the storage device of the second sub-step 2 includes: Method of issuing a certificate using an encrypted image, characterized in that any one of a local disk, an optical storage device, a portable storage device or an IC card of the user terminal. The method of claim 1, The user terminal is a mobile phone, The storage device of step 5-2 is any one of a flash memory, an IC card, or a SIM / USIM card of the mobile phone. The method according to any one of claims 1 to 3, Transmitting the envelope image in the fourth to fourth sub-steps, wherein at least one of the envelope image and the other image are transmitted together; In the step 5-1, requesting the user to select one of the transmitted at least two images, if the user selects the envelope image, extract the public certificate, and the user has another image. If selected, the method of issuing a public certificate using an encrypted image, characterized in that for discarding the sealed public certificate. The method of claim 2 or 3, wherein the extracting the accredited certificate of the sub-step 5-1, Requesting input of the electronic envelope opening password by the authentication plug-in installed in the user terminal; And extracting the public certificate from the electronic envelope image when the password input by the user matches the electronic envelope opening password by the request, and discarding the sealed public certificate if it does not match. Method for issuing a public certificate using an encrypted image, characterized in that. The method of claim 1, wherein the authentication plug-in, Method for issuing an accredited certificate using an encrypted image, characterized in that to display the image of the electronic envelope with the display of the list of accredited certificates. The method of claim 1, wherein the authentication plug-in, The public certificate issuing method using an encrypted image, characterized in that to display the array of thumbnails of the electronic envelope image when displaying the list of public certificate. The method of claim 1, The user terminal generates a signature key pair consisting of a public key and a private key and transmits, to the certification authority server, the certificate authentication renewal or reissue request data including the public key and the user selection image stored in the user terminal. Sixth step; Part 7-1 in which the certification authority server compares the user selection image included in the certificate renewal or re-issuance request data with the user selection image stored in the certification authority server and confirms the identity of the user according to the match. Step 7-2 to generate a public certificate using the public key received from the user terminal, Step 7-3 for generating the electronic envelope image by encrypting and combining the generated public certificate to the user selection image A seventh step including a substep and a 7-4 substep of transmitting the generated envelope image to the user terminal; And In step 8-1, the user terminal decodes the envelope image received in step 7-3 to extract the public certificate and the user selection image, and stores the extracted public certificate and the user selection image. Method for issuing an accredited certificate using an encrypted image, characterized in that it further comprises a method for renewing or re-issuing the accredited certificate, including an eighth step comprising the second step. The method of claim 22, The certification authority server further includes a directory server unit and an OCSP server unit. Between the substeps 7-2 and 7-3, the certification authority server registers the certificate created in the substep 7-2 with the directory server, and the status of the certificate with the OCSP server. The public certificate issuing method using the encrypted image, further comprising the step of starting. The method of claim 22, wherein the seventh step is And a seventh to five sub-steps in which the certification authority server notifies the agency server of the issuance of the certification certificate. In a method for issuing a private certificate using an encrypted image in a system consisting of a user terminal including an authentication plug-in, a content provider server (CP server) and a private authentication server, A first step of receiving, by the CP server, private certificate issuance application data including user-specific personal information and user selection image from the user terminal and transmitting the received private certificate issuance application data to the private authentication server; The private authentication server includes a step 2-1 for registering a user through the personal information and storing the user selection image, and a step 2-2 for generating a user identification code and transmitting the generated user identification code to the user terminal. Second step; A third step of the user terminal generating a signature key pair consisting of a public key and a private key and transmitting the public key and the user identification code to the private authentication server; Step 4-1, wherein the standing authentication server confirms whether it is the same as the user registration made in the first step through the user identification code received from the user terminal, by using the public key received from the user terminal. Step 4-2 to generate a private certificate, Step 4-3 to generate an envelope image by encrypting and combining the generated private certificate with the user selection image and transmitting the envelope image to the user terminal. A fourth step comprising a fourth to fourth substep; And Step 5-1, wherein the user terminal decodes the envelope image received in step 4-4 to extract the private certificate and the user selected image, and stores the extracted private certificate and the user selected image. A fifth step comprising a fifth step; and a second step of issuing a private certificate using the encrypted image. The method of claim 25, The first stage private certificate issuance application data further includes an electronic envelope opening password, The fifth step may further include a step of requesting input of the electronic envelope opening password and checking whether the password matches before the step 5-1 of extracting the private certificate. How to issue a private certificate. The method of claim 25, In the step 2-2, the private authentication server further comprises the step of generating an electronic envelope opening password and transmitting the generated electronic envelope opening password to the user terminal private certificate using an encrypted image Issuance method. The method of claim 25, wherein the first step is The private authentication server further comprises the step of verifying the identity through the identity of the user after requesting the input of the personal identification number after sending the personal identification number to the mobile phone or email of the user for user identification at the time of user registration; Private certificate issuing method using the encrypted image characterized in that. 28. The method of any of claims 26 or 27, The user identification code or electronic envelope opening password is a private certificate issuing method using an encrypted image, characterized in that the transmission via a mobile phone SMS or email. In the authentication certificate issuance system using an encrypted image, including a user terminal including an authentication plug-in, an agency server and a certification authority server, Issuing application data management unit for collecting and sending issuance application data including the user's personal information and the user selection image to the certification authority server and receiving the user identification code from the certification authority server to issue the user identification code to the user An agency server including an identification code issuing unit; A key pair generation unit for generating a key pair for signature consisting of a public key and a private key, and an electronic envelope decryption unit for decrypting an electronic envelope image and extracting an authentication certificate and the user selection image and the extracted authentication certificate and the user selection A user terminal for transmitting a certificate issuance request signal including the public key generated by the key pair generation unit and the user identification code issued by the identification code issuing unit, to the certification authority server; ; And User DB for storing the personal information and the user identification code included in the issuance application data of the user, an image server unit for storing the user selection image included in the issuance application data, user identification for the user who applied for issuance of a certificate Identification code generation unit for generating a code, a user registration confirmation unit for confirming the registration of the user who requested the certificate issuance by checking the user identification code, public key, reference number and authorization code included in the request for issuing the certificate issued And an electronic certificate image generating unit generating an electronic envelope image by encrypting and combining the generated public certificate to the user-selected image stored in the image server unit. The envelope image to the user terminal. The certification authority server; Authorized certificate issuing system using an encrypted image, characterized in that comprises a. The method of claim 30, wherein the user terminal, Authorized certificate issuance system using an encrypted image, characterized in that it further comprises an opening password determination unit for determining whether or not the input password by the input of the electronic envelope opening password. The method of claim 30, wherein the certification authority server, The directory server unit which starts the public key of the certificate, the OCSP server unit which starts the status information of the certificate including the issuance, revocation, and suspension of the certificate, and the certificate created by the certificate generation unit in the directory server. The certificate issuing system using an encrypted image, characterized in that it further comprises a certificate management unit for registering a certificate and initiating the state of the certificate created in the OCSP server. 33. The method of claim 32, wherein the certificate management unit, Authorized certificate issuance system using an encrypted image, characterized in that it further comprises a configuration for notifying the agency server issuance of the official certificate. The method of claim 32, wherein the user terminal, Authorized certificate issuing system using an encrypted image, characterized in that any one of PC, PDA or mobile phone.
KR1020070119724A 2007-11-22 2007-11-22 Method and system of issuing accredited certificate using encrypted image KR100870202B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020070119724A KR100870202B1 (en) 2007-11-22 2007-11-22 Method and system of issuing accredited certificate using encrypted image

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020070119724A KR100870202B1 (en) 2007-11-22 2007-11-22 Method and system of issuing accredited certificate using encrypted image

Publications (1)

Publication Number Publication Date
KR100870202B1 true KR100870202B1 (en) 2008-12-09

Family

ID=40371630

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020070119724A KR100870202B1 (en) 2007-11-22 2007-11-22 Method and system of issuing accredited certificate using encrypted image

Country Status (1)

Country Link
KR (1) KR100870202B1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101637854B1 (en) * 2015-10-16 2016-07-08 주식회사 코인플러그 Certificate issuance system and method based on block chain, certificate authentication system and method based on block chain
KR101661930B1 (en) * 2015-08-03 2016-10-05 주식회사 코인플러그 Certificate issuance system based on block chain
KR101661933B1 (en) * 2015-12-16 2016-10-05 주식회사 코인플러그 Ccertificate authentication system and method based on block chain
KR101680260B1 (en) * 2015-12-14 2016-11-29 주식회사 코인플러그 Certificate issuance system and method based on block chain
KR101723405B1 (en) * 2016-07-04 2017-04-06 주식회사 코인플러그 Certificate authentication system and method based on block chain
WO2017171165A1 (en) * 2015-12-14 2017-10-05 (주)코인플러그 System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same
KR101858653B1 (en) * 2016-12-30 2018-06-28 주식회사 코인플러그 Method for certifying a user by using mobile id through blockchain database and merkle tree structure related thereto, and terminal and server using the same
WO2019078667A1 (en) * 2017-10-20 2019-04-25 정혜진 Card issuance and payment system and method
CN112949638A (en) * 2019-11-26 2021-06-11 金毛豆科技发展(北京)有限公司 Certificate image uploading method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1995022810A1 (en) * 1994-02-17 1995-08-24 Telia Ab Arrangement and method for a system for administering certificates
US6009173A (en) 1997-01-31 1999-12-28 Motorola, Inc. Encryption and decryption method and apparatus
KR20030035025A (en) * 2001-10-29 2003-05-09 쓰리알소프트(주) System for providing identification service using official certificate based on Public Key Infrastructure and method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1995022810A1 (en) * 1994-02-17 1995-08-24 Telia Ab Arrangement and method for a system for administering certificates
US6009173A (en) 1997-01-31 1999-12-28 Motorola, Inc. Encryption and decryption method and apparatus
KR20030035025A (en) * 2001-10-29 2003-05-09 쓰리알소프트(주) System for providing identification service using official certificate based on Public Key Infrastructure and method thereof

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101661930B1 (en) * 2015-08-03 2016-10-05 주식회사 코인플러그 Certificate issuance system based on block chain
US11082420B2 (en) 2015-08-03 2021-08-03 Coinplug, Inc. Certificate issuing system based on block chain
WO2017022917A1 (en) * 2015-08-03 2017-02-09 (주)코인플러그 Certificate issuing system based on block chain
WO2017065389A1 (en) * 2015-10-16 2017-04-20 (주)코인플러그 Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same
US10885501B2 (en) * 2015-10-16 2021-01-05 Coinplug, Inc. Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same
KR101637854B1 (en) * 2015-10-16 2016-07-08 주식회사 코인플러그 Certificate issuance system and method based on block chain, certificate authentication system and method based on block chain
WO2017171165A1 (en) * 2015-12-14 2017-10-05 (주)코인플러그 System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same
US10164779B2 (en) 2015-12-14 2018-12-25 Coinplug, Inc. System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same
US10848319B2 (en) 2015-12-14 2020-11-24 Coinplug, Inc. System for issuing certificate based on blockchain network, and method for issuing certificate based on blockchain network by using same
US10848318B2 (en) 2015-12-14 2020-11-24 Coinplug, Inc. System for authenticating certificate based on blockchain network, and method for authenticating certificate based on blockchain network by using same
KR101680260B1 (en) * 2015-12-14 2016-11-29 주식회사 코인플러그 Certificate issuance system and method based on block chain
WO2017104899A1 (en) * 2015-12-16 2017-06-22 (주)코인플러그 Block chain-based certificate authentication system and authentication method using same
KR101661933B1 (en) * 2015-12-16 2016-10-05 주식회사 코인플러그 Ccertificate authentication system and method based on block chain
KR101723405B1 (en) * 2016-07-04 2017-04-06 주식회사 코인플러그 Certificate authentication system and method based on block chain
WO2018008800A1 (en) * 2016-07-04 2018-01-11 (주)코인플러그 Accredited certificate authentication system based on blockchain, and accredited certificate authentication method based on blockchain, using same
KR101858653B1 (en) * 2016-12-30 2018-06-28 주식회사 코인플러그 Method for certifying a user by using mobile id through blockchain database and merkle tree structure related thereto, and terminal and server using the same
WO2019078667A1 (en) * 2017-10-20 2019-04-25 정혜진 Card issuance and payment system and method
CN112949638A (en) * 2019-11-26 2021-06-11 金毛豆科技发展(北京)有限公司 Certificate image uploading method and device
CN112949638B (en) * 2019-11-26 2024-04-05 金毛豆科技发展(北京)有限公司 Certificate image uploading method and device

Similar Documents

Publication Publication Date Title
KR100910378B1 (en) System and method for issuing electronically accredited certificate using encrypted image
KR100870202B1 (en) Method and system of issuing accredited certificate using encrypted image
CN104270338B (en) Method and its system that a kind of electronic identity registration and certification are logged in
US8145718B1 (en) Secure messaging system with personalization information
CN101897165B (en) Method of authentication of users in data processing systems
KR102177848B1 (en) Method and system for verifying an access request
WO2009101549A2 (en) Method and mobile device for registering and authenticating a user at a service provider
CN109087056A (en) Electronic contract signs method, apparatus and server
US20080201576A1 (en) Information Processing Server And Information Processing Method
JP2006525563A (en) User and web site authentication method and apparatus
CN104662870A (en) Data security management system
CN103036681B (en) A kind of password safety keyboard device and system
JP2007527059A (en) User and method and apparatus for authentication of communications received from a computer system
CN101652782B (en) Communication terminal device, communication device, electronic card, method for a communication terminal device and method for a communication device for providing a verification
KR100908100B1 (en) Encrypted image data with matryoshka structure and, system and method for mutual synchronization certificating using the same
KR101318154B1 (en) Method of providing image-based user authentication for shared documents, and computer-readable recording medium for the same
EP2530868A1 (en) Method for generating an anonymous routable unlinkable identification token
CN109474431A (en) Client certificate method and computer readable storage medium
KR100420735B1 (en) Mail transmitting/receiving system using watermarking and encoding technique, and method thereof
US11671475B2 (en) Verification of data recipient
US20150302506A1 (en) Method for Securing an Order or Purchase Operation Means of a Client Device
van den Broek et al. Securely derived identity credentials on smart phones via self-enrolment
JP4140617B2 (en) Authentication system using authentication recording medium and method of creating authentication recording medium
CN110138547A (en) Based on unsymmetrical key pond to and sequence number quantum communications service station cryptographic key negotiation method and system
WO2023199619A1 (en) Remote signature system and anti-tamper device

Legal Events

Date Code Title Description
A201 Request for examination
A302 Request for accelerated examination
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
LAPS Lapse due to unpaid annual fee
R401 Registration of restoration
FPAY Annual fee payment

Payment date: 20120924

Year of fee payment: 5

FPAY Annual fee payment

Payment date: 20131108

Year of fee payment: 6

FPAY Annual fee payment

Payment date: 20141117

Year of fee payment: 7

FPAY Annual fee payment

Payment date: 20160125

Year of fee payment: 8

FPAY Annual fee payment

Payment date: 20170201

Year of fee payment: 9

FPAY Annual fee payment

Payment date: 20171219

Year of fee payment: 10

FPAY Annual fee payment

Payment date: 20190212

Year of fee payment: 11