KR101829729B1 - Method for certifying a user by using mobile id through blockchain and merkle tree structure related thereto, and terminal and server using the same - Google Patents

Abstract

A method for authenticating a user by using a mobile ID includes the steps of: checking a user′s certificate registered in a private blockchain database and obtaining a hash value for user information from the user′s certificate; supporting to display a variable authentication value or to display the mobile ID; and transmitting authentication result information to an authentication request terminal or supporting the transmission of the authentication result information to the authentication request terminal. Mobile ID information includes photograph image information of the user and display information of each ID card. The variable authentication value includes at least one or more of a bar code, a QR code, and NFC tag information. Therefore, the present invention registers the user′s certificate in a blockchain of virtual money, thereby preventing copying or forgery.

Description

TECHNICAL FIELD [0001] The present invention relates to a method for authenticating a user by using a mobile ID through a block chain and a merge tree structure interlocked with the server, a terminal, and a server using the same. USING THE SAME}

The present invention relates to a method for authenticating a user using a mobile ID through a block chain and a merge tree structure interlocked with the server, a terminal, and a server using the same. More particularly, And registers a user certificate including a hash value of the user information of the user in the private block chain database, manages the corresponding private transaction ID, applies a hash function to the user certificate, In a state in which a value obtained by processing a representative hash value or a representative hash value obtained by computing at least one neighboring hash value to be matched is registered in a public block chain database and a public transaction ID corresponding to the value is processed, From the terminal, When a user authentication request transaction including a nick key and a terminal ID is obtained, a data message is obtained from a public block chain database using a public transaction ID corresponding to the user's public key and terminal ID, and a representative hash Value or the processed value of the representative hash value, searches the private block chain database for the merch tree information and the leaf node information stored in the private block chain database, refers to the retrieved merch tree information and the leaf node information, It obtains the hash value of the user information from the user certificate and transmits the random number and the hash value of the user information to the user terminal of the matching user with the terminal ID, A user signature value obtained by allowing a user terminal to sign randomness using a user's private key; And a hash value for user information; And a mobile identity including the mobile identity information of the user, and when a variable authentication value of the mobile identity is obtained from the authentication requesting terminal, the user signature value from the variable authentication value; And a hash value for user information; And verifies the validity of the user signature value using the public key of the user certificate matching with the hash value of the extracted user information and verifies the authenticity of the user according to the validity of the verified user signature value A method for supporting information transmission to an authentication requesting terminal, and a terminal and a server using the method.

In general, a mobile ID refers to an identification card in the form of an app on a mobile device instead of an ID card issued by a paper or plastic card, and it is possible to confirm the identity through the presentation of the ID card stored in the mobile device, .

Because they store and use IDs on these mobile devices, they are likely to be lost or stolen. Therefore, personal information leakage or theft should be prevented from being lost or stolen.

However, the conventional mobile ID has a problem that it is vulnerable to copying or tampering because it stores information required for user authentication such as a certificate in a mobile device.

In addition, since the conventional mobile ID always uses the same information for authenticating the user, there is a problem that a third party can easily steal information due to leakage of information or the like.

SUMMARY OF THE INVENTION The present invention has been made to solve all the problems described above.

It is another object of the present invention to provide a method, terminal and server for registering a user certificate in a block chain of virtual money to make it impossible to copy or digitize / modulate the user certificate.

Another object of the present invention is to provide a method, terminal, and server for ensuring security by using a hash function and an encryption technique, and making it impossible for the user certificate to be tampered with.

Another object of the present invention is to provide a method, a terminal, and a server that can prevent problems caused by user information theft by authenticating a user through a one-time variable authentication value.

In order to accomplish the above object, a representative structure of the present invention is as follows.

According to an embodiment of the present invention, there is provided a method of authenticating a user using a mobile ID, the method comprising the steps of: (a) receiving a public key of a user, a terminal ID of the user terminal of the user, And a private hash value generated by applying a hash function to the user certificate and at least one neighbor hash that matches the specific hash value, In the public block chain database and managing a public transaction ID corresponding to the public hash value or the processed value of the representative hash value, User with key and terminal ID When the authentication request transaction is obtained, the authentication server confirms (i) the user's certificate registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, Acquiring a hash value of the user information from a user's certificate; (ii) obtaining a data message from the public block chain database using the public key corresponding to the user's public key and the public ID, Searching the private block chain database for the merge tree information and leaf node information stored in the private block chain database in association with a value obtained by processing the representative hash value or the representative hash value included in the data message,With reference to the information and re-leaf node information to confirm the the user certificate registered in the private block chain database, and from the user certificate, the method comprising: obtaining a hash value for the user information; (b) (b1) when the authentication server supports to transmit or transmit the random number and the hash value of the user information to the user terminal of the user matching the terminal ID, A user signature value obtained by signing the randomness with a private key of the user; And a hash value for the user information; (Ii) display a mobile identity including the mobile identity information of the user along with the variable authentication value; and (b2) the authentication server supports to display a random non- (I) a user signature value obtained by signing the random non-existence with the user's private key; And a public key of the user; (Ii) supporting a display of a mobile identity including the mobile identity information of the user with the variable authentication value; And (c) (c1) when the variable authentication value of the mobile ID is obtained from the authentication request terminal according to (b1), the authentication server calculates the user signature value from the variable authentication value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) if the variable authentication value of the mobile identity is obtained from the authentication request terminal by (b2), the authentication server transmits the authentication result information to the authentication request terminal The user signature value from the variable authentication value; And a public key of the user; The validity of the user signature value is verified by using the user's public key of the user certificate matching the extracted public key of the user, To transmit or transmit authentication result information to the authentication request terminal; Is provided.

Also, according to an embodiment of the present invention, there is provided a method of authenticating a user using a mobile ID, the method comprising: (a) a public key of a user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; And a private hash value generated by applying a hash function to the user certificate and at least one neighbor hash that matches the specific hash value, In a public block chain database and managing a public transaction ID corresponding to the representative hash value or a value obtained by processing the representative hash value, a mobile ID displayed on the user terminal in response to the user authentication request - the mobile ID comprises (i) the terminal identity; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) the mobile authentication information includes the mobile identity information of the user along with the variable authentication value. When the variable authentication value is acquired via the authentication request terminal, the authentication server determines whether the acquired From the variable authentication value; The time stamp; The user signature value; And a public key of the user; ; And (b) the authentication server checks (i) the user's certificate registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, (ii) Acquiring a data message from the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal identity, processing the representative hash value or the representative hash value included in the data message And searching for the merge tree information and the leaf node information stored in the private block chain database in the private block chain database with reference to the retrieved merge tree information and the leaf node information, four Extracting the time stamp from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value, Verifying whether the extracted time stamp is identical to the time stamp extracted from the variable authentication value to check whether the user signature value is valid or not and checking the authentication result information for the user according to the validity of the user signature value To the authentication request terminal; Is provided.

Also, according to an embodiment of the present invention, there is provided a method of authenticating a user using a mobile ID, the method comprising: (a) a public key of a user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; And a private hash value generated by applying a hash function to the user certificate and at least one neighbor hash that matches the specific hash value, When the user identification information is acquired through the authentication request terminal in a state in which the representative hash value obtained by computing the value or the value obtained by processing the representative hash value is registered in the public block chain database and the corresponding public transaction ID is managed, The server transmits a user authentication request signal to the user terminal corresponding to the user identification information, the user authentication request signal includes a message requesting the user authentication including (1) a message requesting the user authentication or (2) To send or transmit And a mobile ID displayed on the user terminal in response to the user authentication request, wherein the mobile ID is: (i) the terminal ID; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) mobile ID information of the user in addition to the variable authentication value, and (ii) the mobile ID information includes (i) the UE ID; A user signature value obtained by signing the randomness with a private key of the user; And a variable authentication value including a public key of the user; (Ii) if the variable authentication value of the user includes the mobile identity information of the user together with the variable authentication value, from the obtained variable authentication value, , The terminal ID; The time stamp; The user signature value; And a public key of the user; In the case (2), the terminal ID; The user signature value: and the user's public key; ; And (b) the authentication server checks (i) the user's certificate registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, (ii) Acquiring a data message from the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal identity, processing the representative hash value or the representative hash value included in the data message And searching for the merge tree information and the leaf node information stored in the private block chain database in the private block chain database with reference to the retrieved merge tree information and the leaf node information, four And extracts the time stamp from the user signature value using the public key of the user certificate matching the user's public key extracted from the variable authentication value in the case of (1) above, And verifies whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value to check whether the user signature value is valid. In case (2), the variable authentication value Extracts the randomness from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the user signature value, And whether the transmitted randomness included in the signal matches Because the method comprising supporting the user check the validity of the signature value, and to transmit the authentication result information for the user of the validity of the user identified signature value to the terminal authentication request, transmitted; Is provided.

According to another aspect of the present invention, there is provided a method of authenticating a user using a mobile ID, the method comprising the steps of: (a) generating and storing a public key of the user and a private key of the user; ; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A hash value is processed in a public block chain database, and when a user authentication request signal is acquired in a state of managing the mobile ID corresponding to the registered user certificate, And transmits the user authentication request transaction including the public key of the terminal and the terminal ID to the authentication server so as to allow the authentication server to transmit the public key of the terminal using the public key of the user and the private transaction ID corresponding to the terminal ID The private block chain (Ii) acquiring a data message from the public block chain database using the user's public key and a public transaction ID corresponding to the terminal identity, Searches the private block chain database for the merge tree information and leaf node information stored in the private block chain database in association with the representative hash value or the value obtained by processing the representative hash value, And supporting leaf node information to identify the user certificate registered in the private block chain database; (b) (b1) when a random nonce and a hash value for the user information are obtained from the authentication server in response to the user authentication request transaction, the user terminal transmits (i) the random nonce to the user's private key One user signature value; And a hash value for the user information; (Ii) displaying a mobile ID including the mobile identity information of the user together with the variable authentication value; and (b2) displaying a random identity from the authentication server in response to the user authentication request transaction, (I) a user signature value obtained by signing the randomness with the user's private key; And a public key of the user; (Ii) displaying a mobile ID including the mobile ID information of the user together with the variable authentication value; And (c) (c1) allowing the user terminal to acquire the variable authentication value of the mobile ID from the authentication server through the authentication request terminal by (b1), thereby allowing the authentication server to obtain the variable authentication value from the variable authentication value The user signature value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) the user terminal transmits the variable authentication value of the mobile ID to the authentication server through the authentication request terminal by (b2) Thereby enabling the authentication server to obtain the user signature value from the variable authentication value; And a public key of the user; The validity of the user signature value is verified by using the user's public key of the user certificate matching the extracted public key of the user, To transmit the authentication result information to the authentication request terminal; Is provided.

According to another aspect of the present invention, there is provided a method of authenticating a user using a mobile ID, the method comprising the steps of: (a) generating and storing a public key of the user and a private key of the user; ; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A value obtained by processing the representative hash value is registered in a public block chain database, and when a user authentication request signal is acquired in a state of managing the mobile ID corresponding to the registered user certificate, i) a terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) displaying a mobile ID including the mobile ID information of the user together with the variable authentication value; And (b) supporting, by the user terminal, the authentication server obtaining the variable authentication value of the mobile ID via the authentication request terminal, thereby causing the authentication server to obtain the terminal ID from the variable authentication value; The time stamp; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, and (ii) Acquiring a data message from the public block chain database using a public key of a user and a public transaction ID corresponding to the terminal ID, and associating the representative hash value or the representative hash value included in the data message with a processed value The private block chain database and the merge tree information stored in the private block chain database are retrieved from the private block chain database, And extracts the time stamp from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value, And verifying whether the time stamp extracted from the variable authentication value matches the time stamp extracted from the variable authentication value to confirm whether or not the user signature value is validated, Supporting result information to be transmitted to the authentication request terminal; Is provided.

According to another aspect of the present invention, there is provided a method of authenticating a user using a mobile ID, the method comprising the steps of: (a) generating and storing a public key of the user and a private key of the user; ; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Wherein the mobile node is registered in the public block chain database, and a value obtained by processing the representative hash value is registered in a public block chain database. In a state in which the mobile ID corresponding to the registered user certificate is managed, The server transmits a user authentication request signal. The user authentication request signal is a message for requesting the user authentication including (1) a message requesting the user authentication or (2) a random non-existence. In response to the user authentication request signal, in the case of (1) A terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; And generates a variable authentication value of the mobile ID including the terminal ID of the user terminal in case of (2); A user signature value obtained by signing the randomness with a private key of the user; And a public key of the user; Generating a variable authentication value including the authentication value; And (b) allowing the user terminal to obtain the variable authentication value of the mobile ID from the authentication server, thereby allowing the authentication server to determine, from the variable authentication value, the terminal ID in case of (1); The time stamp; The user signature value; And a public key of the user; And in the case of (2), the terminal ID; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, and (ii) Acquiring a data message from the public block chain database using a public key of a user and a public transaction ID corresponding to the terminal ID, and associating the representative hash value or the representative hash value included in the data message with a processed value The private block chain database and the merge tree information stored in the private block chain database are retrieved from the private block chain database, (1), using the public key of the user of the user certificate matching the public key of the user extracted from the variable authentication value, the time stamp And verifies whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value to check whether the user signature value is valid. In case (2), the variable Extracting the randomness from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the authentication value and comparing the random non- The randomness value transmitted in the authentication request signal is Confirming whether the user signature value is valid or not and supporting authentication result information for the user according to whether the user signature value is validated to the authentication request terminal; Is provided.

According to another aspect of the present invention, there is provided an authentication server for authenticating a user using a mobile ID, the authentication server including a public key of a user, a terminal ID of the user terminal of the user, And a private hash value generated by applying a hash function to the user certificate and at least one neighbor hash that matches the specific hash value, In the public block chain database and managing a public transaction ID corresponding to the public hash value or the processed value of the representative hash value, Including key and terminal ID Communication unit for acquiring a user authentication request transaction; And (i) verifying the user's certificate registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, (Ii) acquiring a data message from the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal identity, and comparing the representative hash value or the hash value included in the data message Searching the private block chain database for the merch tree information and the leaf node information stored in the private block chain database in association with the processed value of the representative hash value and referring to the retrieved merch tree information and the leaf node information, A process of confirming the user certificate registered in the private block chain database and acquiring a hash value of the user information from the user certificate; (b1) matching the hash value of the random number and the user information with the terminal ID (I) a user signature value obtained by signing the random nonce with the private key of the user; And a hash value for the user information; (Ii) supporting a display of a mobile identity including the mobile identity information of the user along with the variable authentication value, and (b2) transmitting a random nonce to the user terminal or transmitting (I) a user signature value obtained by signing the randomness with the user's private key; And a public key of the user; (Ii) supporting a display of a mobile identity including the mobile identity information of the user along with the variable authentication value; and (c1) supporting, by the (b1) When the variable authentication value of the ID is acquired from the authentication requesting terminal, the user signature value from the variable authentication value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) when the variable authentication value of the mobile ID is obtained from the authentication request terminal by (b2), the authentication request information for the user is transmitted or transmitted to the authentication request terminal; The user signature value; And a public key of the user; The validity of the user signature value is verified by using the user's public key of the user certificate matching the extracted public key of the user, And transmitting the authentication result information to the authentication request terminal; Is provided.

According to an embodiment of the present invention, there is provided an authentication server for authenticating a user using a mobile ID, the authentication server comprising: a public key of a user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; And a private hash value generated by applying a hash function to the user certificate and at least one neighbor hash that matches the specific hash value, In a public block chain database and managing a public transaction ID corresponding to the representative hash value or a value obtained by processing the representative hash value, a mobile ID displayed on the user terminal in response to the user authentication request - the mobile ID comprises (i) the terminal identity; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) the mobile authentication information includes the mobile identity information of the user along with the variable authentication value; and a communication unit that acquires the variable authentication value through the authentication request terminal; And from the acquired variable authentication value, the terminal ID; The time stamp; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, (ii) checking the user's public key Acquiring a data message from the public block chain database using the public transaction ID corresponding to the terminal ID, and associating the representative hash value or the representative hash value included in the data message with a value obtained by processing the private hash value The private block chain database searches the merch tree information and leaf node information stored in the block chain database, and refers to the retrieved merch tree information and leaf node information to identify the user certificate Extracts the time stamp from the user signature value using the user's public key of the user certificate matching the public key of the user extracted from the variable authentication value, Checking the validity of the user signature value by verifying whether the time stamp and the time stamp extracted from the variable authentication value are identical to each other and verifying whether or not the user signature value is valid, A processor for supporting transmission or transmission to an authentication request terminal; Is provided.

According to an embodiment of the present invention, there is provided an authentication server for authenticating a user using a mobile ID, the authentication server comprising: a public key of a user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; And a private hash value generated by applying a hash function to the user certificate and at least one neighbor hash that matches the specific hash value, When the user identification information is acquired from the authentication requesting terminal in a state in which the representative hash value obtained by computing the value or the value obtained by processing the representative hash value is registered in the public block chain database and the corresponding public transaction ID is managed, A user authentication request signal to the user terminal corresponding to the identification information; the user authentication request signal is a message requesting the user authentication including (1) a message requesting the user authentication or (2) a random nonce; , In response to the user authentication request, A mobile ID displayed on the terminal, and the mobile ID is (i) the terminal ID; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) mobile ID information of the user in addition to the variable authentication value, and (ii) the mobile ID information includes (i) the UE ID; A user signature value obtained by signing the randomness with a private key of the user; And a public key of the user; (Ii) the mobile authentication information includes the mobile identity information of the user in addition to the variable authentication value, the communication unit obtaining the variable authentication value from the user terminal; And from the acquired variable authentication value, in the case of (1), the terminal ID; The time stamp; The user signature value; And a public key of the user; And in the case (2), extracts the terminal ID; The user signature value; And extracting the public key of the user, (i) checking the user's certificate registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, (ii) ) Acquiring a data message from the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal identity, and processing the representative hash value or the representative hash value included in the data message And the leaf node information stored in the private block chain database in the private block chain database, referring to the retrieved merge tree information and the leaf node information, (1), from the user signature value using the user's public key of the user certificate matching the public key of the user extracted from the variable authentication value, Wherein the validity of the user signature value is verified by checking whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value, Extracting the randomness from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value, The randomness value transmitted in the user authentication request signal The validity of the user signature value is verified and the authentication result information for the user according to the validity of the user signature value is transmitted to the authentication request terminal or transmitted; Is provided.

According to another aspect of the present invention, there is provided a user terminal for authenticating a user using a mobile ID, the method comprising: generating and storing a public key of the user and a private key of the user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A value obtained by processing the representative hash value is registered in a public block chain database, and when a user authentication request signal is acquired in a state of managing the mobile ID corresponding to the registered user certificate, And transmits the user authentication request transaction including the key and the terminal ID to the authentication server so as to allow the authentication server to transmit the user authentication request transaction to the authentication server using (i) the private key corresponding to the user's public key and the private transaction ID, Block Chain Data (Ii) acquiring a data message from the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, and Searching the private block chain database for the merge tree information and the leaf node information stored in the private block chain database in association with the representative hash value or the processed value of the representative hash value, (B1) a step of, in response to the user authentication request transaction, requesting, from the authentication server, the randomness and the user information for the user information If swigap received, (i) a user signature signed with the private value of the user, the random nonce; And a hash value for the user information; (Ii) displaying a mobile ID including the mobile identity information of the user together with the variable authentication value; and (b2) displaying a random identity from the authentication server in response to the user authentication request transaction, (I) a user signature value obtained by signing the randomness with the private key of the user; And a public key of the user; (Ii) performing a process of displaying a mobile ID including the mobile ID information of the user together with the variable authentication value; And (c1) allowing the user terminal to acquire the variable authentication value of the mobile ID from the authentication server through the authentication requesting terminal by (b1), thereby allowing the authentication server to determine, from the variable authentication value, value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) the user terminal transmits the variable authentication value of the mobile ID to the authentication server through the authentication request terminal by (b2) Thereby enabling the authentication server to obtain the user signature value from the variable authentication value; And a public key of the user; The validity of the user signature value is verified by using the user's public key of the user certificate matching the extracted public key of the user, To transmit the authentication result information to the authentication request terminal; A user terminal is provided.

According to another aspect of the present invention, there is provided a user terminal for authenticating a user using a mobile ID, the method comprising: generating and storing a public key of the user and a private key of the user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Wherein a value obtained by processing the representative hash value is registered in a public block chain database, and when a user authentication request signal is acquired in a state of managing the mobile ID corresponding to the registered user certificate, (i) A terminal ID of the terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) a mobile ID indicating the mobile ID including the mobile ID information of the user together with the variable authentication value; And supporting the authentication server to obtain the variable authentication value of the mobile ID via the authentication requesting terminal, thereby causing the authentication server to obtain the terminal ID from the variable authentication value; The time stamp; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, and (ii) Acquiring a data message from the public block chain database using a public key of a user and a public transaction ID corresponding to the terminal ID, and associating the representative hash value or the representative hash value included in the data message with a processed value And searching the private block chain database for the merch tree information and the leaf node information stored in the private block chain database and referring to the retrieved merch tree information and leaf node information, And extracts the time stamp from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value, Verifying whether or not the time stamp extracted from the variable authentication value matches the time stamp extracted from the variable authentication value to check whether the user signature value is valid, A communication unit for supporting information to be transmitted to the authentication request terminal; A user terminal is provided.

According to another aspect of the present invention, there is provided a user terminal for authenticating a user using a mobile ID, the method comprising: generating and storing a public key of the user and a private key of the user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A value obtained by processing the representative hash value is registered in a public block chain database, and in a state where the mobile ID corresponding to the registered user certificate is managed, a user corresponding to the user identification information acquired from the authentication request terminal Authentication Request Signal The user authentication request signal is obtained from the authentication server when a user authentication request message including (1) a message requesting the user authentication or (2) a random nonce is obtained from the authentication server, A terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; And generates a variable authentication value of the mobile ID including the terminal ID of the user terminal in case of (2); A user signature value obtained by signing the randomness with a private key of the user; And a public key of the user; A processor for generating a variable authentication value of the mobile ID; And supporting the authentication server to obtain the variable authentication value of the mobile ID, thereby enabling the authentication server to obtain the terminal ID from the variable authentication value in the case of (1) above. The time stamp; The user signature value; And a public key of the user; And in the case (2), extracting the terminal ID from the variable authentication value; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, and (ii) Acquiring a data message from the public block chain database using a public key of a user and a public transaction ID corresponding to the terminal ID, and associating the representative hash value or the representative hash value included in the data message with a processed value And searching the private block chain database for the merch tree information and the leaf node information stored in the private block chain database and referring to the retrieved merch tree information and leaf node information, (1), the user's public key of the user certificate matching the public key of the user extracted from the variable authentication value is used to determine the time stamp from the user signature value And verifies whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value to check whether the user signature value is valid. In case (2), the variable authentication Extracting the randomness from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the user signature value, Check that the randomness contained in the signal matches Communication support check the validity of the user signature value, and to transmit the authentication result information for the user of the validity of the identified value of the user signature in the authentication request terminal; A user terminal is provided.

In addition, a computer readable recording medium for recording a computer program for executing the method of the present invention is further provided.

The present invention has the following effects.

The present invention can register a user certificate in a block chain of virtual money to make it impossible to copy or up / modulate.

In addition, the present invention can secure the security of the user certificate using the hash function and the encryption technique, and make it impossible to up / modulate the user certificate.

In addition, since the present invention authenticates a user through a one-time variable authentication value, it is possible to prevent problems caused by user information theft.

FIG. 1 schematically illustrates a system for authenticating a user using a mobile ID according to an embodiment of the present invention,
2 schematically illustrates a method of issuing a mobile ID in a method of authenticating a user using a mobile ID according to an embodiment of the present invention,
FIG. 3 and FIG. 4 schematically show a process of registering a transaction related to a mobile ID in a public block chain database according to an embodiment of the present invention,
5 illustrates an example of a mobile ID issued in a method of authenticating a user using a mobile ID according to an embodiment of the present invention,
6 schematically shows a method of authenticating a user using a mobile ID according to an embodiment of the present invention,
7 schematically shows a method of authenticating a user using a mobile ID according to another embodiment of the present invention,
FIG. 8 is a schematic view illustrating a method of authenticating a user using a mobile ID according to another embodiment of the present invention.

The following detailed description of the invention refers to the accompanying drawings, which illustrate, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different, but need not be mutually exclusive. For example, certain features, structures, and characteristics described herein may be implemented in other embodiments without departing from the spirit and scope of the invention in connection with an embodiment. It is also to be understood that the position or arrangement of the individual components within each disclosed embodiment may be varied without departing from the spirit and scope of the invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is to be limited only by the appended claims, along with the full scope of equivalents to which such claims are entitled, if properly explained. In the drawings, like reference numerals refer to the same or similar functions throughout the several views.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, so that those skilled in the art can easily carry out the present invention.

FIG. 1 schematically illustrates a system for authenticating a user using a mobile ID according to an embodiment of the present invention. The system includes a user terminal 100, an authentication request terminal 110, and an authentication server 200 .

The user terminal 100 is a mobile device that displays a mobile ID, and may include a mobile computer, a PDA / EDA, a mobile phone, a smart phone, a tablet, and the like. The user terminal 100 is not limited to this, and may include all mobile devices such as a portable game machine having a wired / wireless communication function, a digital camera personal navigation, and the like. In addition, the user terminal 100 may include a communication unit for supporting transmission and reception of information and a processor for processing information

The authentication request terminal 110 obtains the variable authentication value through communication with the computing device or the user terminal 100 that obtains the signal of the reader that obtains the variable authentication value from the mobile ID displayed through the user terminal 100 A computing device, and may include a desktop computer, a mobile computer, a PDA / EDA, a smart phone, a tablet, and the like. However, the authentication request terminal 110 is not limited to this, and may be a computing device that performs general operation processing, and may include a server.

The authentication server 200 may include a communication unit 210 and a processor 220. The use of the same reference numerals is for convenience of explanation only and is not intended to mean that these individual devices are the same. In another embodiment of the present invention, a server may be configured differently to perform the corresponding method, or may perform the corresponding method through the same authentication server 200. Also, the authentication server 200 may be a server corresponding to each node of the private block-chain database, or a server for managing each node of the private block-chain database.

Specifically, the authentication server 200 typically includes a computing device (e.g., a computer processor, memory, storage, input and output devices, and other devices capable of including components of a conventional computing device; (E. G., An electronic information storage system such as a network attached storage (NAS) and a storage area network (SAN)) and computer software (i. E. Instructions that cause a computing device to function in a particular manner) Performance. ≪ / RTI >

The communication unit 210 of such a computing device can send and receive requests and responses to and from other interworking computing devices. As an example, such requests and responses can be made by the same TCP session, For example, as a UDP datagram.

The processor 220 of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, and a data bus. It may further include a software configuration of an operating system and an application that performs a specific purpose.

A method for authenticating a user using a mobile ID according to an exemplary embodiment of the present invention will now be described with reference to FIG.

First, a method of issuing a mobile ID in a method of authenticating a user using a mobile ID according to an embodiment of the present invention will be described with reference to FIG.

In a state in which the user is connected to the authentication server 200 through the user terminal 100 in order to receive the mobile ID, for example, the user executes an application for issuing the mobile ID in the user terminal 100, The mobile ID information necessary for the mobile ID is input (S200). At this time, the mobile ID may include all commonly used IDs such as a national license, a private license, an employee ID, a student ID, as well as a public ID such as a driver's license, a health insurance card, an alien registration card, a civil service card,

Then, when the user inputs the mobile ID information and requests the issuance of the mobile ID, the user terminal 100 transmits the mobile ID issuance request transaction to the authentication server 200 (S210). At this time, the mobile ID issue request transaction includes the mobile ID information input by the user, and the mobile ID information may be the photo image of the user and the display information of each ID card. In addition, the mobile ID information may include personal information of the user.

Then, the authentication server 200 obtains a mobile ID issue application transaction including at least user information from the user terminal 100, and confirms the user using the obtained user information (S211). At this time, the user confirmation may use a public key infrastructure (PKI) certificate or use personal information of the user, but the present invention is not limited thereto. For example, it is possible to identify a specific issuer through public key based certificate, OPSign certificate, etc., or personal information such as a resident registration number, a passport, a corporation registration number, a business registration number, etc., To identify the user.

When the user is confirmed, the authentication server 200 transmits a certificate registration request signal to the user terminal 100 (S212)

In response to the certificate registration request signal, the user terminal 100 generates a public key and a private key, which are authentication keys (S214), and sets confirmation information for controlling the user access to the private key by the user (S215). At this time, the confirmation information is path information for accessing the private key, and may include a password, biometric information, and the like. Alternatively, the setting of confirmation information for access control on the private key may be omitted.

Then, the user terminal 100 extracts the public key of the user among the authentication keys, and transmits the certificate registration information including the extracted public key of the user and the terminal ID of the user terminal to the authentication server 200 (S215) , The authentication server 200 generates the user's certificate with reference to the certificate registration information transmitted and obtained from the user terminal 100 (S216). That is, the authentication server 200 generates, in addition to the public key and the terminal ID obtained from the certificate registration information, a user certificate including a hash value for the user information generated by applying the hash function to the confirmed user information. The hash function for generating the hash value is MD4 function, MD5 function, SHA-0 function, SHA-1 function, SHA-224 function, SHA-256 function, SHA-384 function, SHA-512 function and HAS-160 function But it should be understood that the present invention is not limited thereto. For example, Triple SHA256 would be possible.

The authentication server 200 registers the generated user certificate in the private block chain database and acquires and manages a private transaction ID indicating the location information on the private block chain database of the user certificate registered in the private block chain database. For reference, the private block chain database may be a database managed by the authentication server 200. [

When the triggering condition for registering a predetermined hash value in the public block chain database is satisfied, the authentication server 200 determines whether a specific hash value generated by applying a hash function to the user certificate and a specific hash value A representative hash value or a representative hash value, which is a merge root, is generated by calculating at least one neighboring hash value matched with the representative hash value (S217).

In step S218, the authentication server 200 supports registration or registration of the generated value of the representative hash value or the representative hash value in the public block chain database 300. In the public block chain database 300, (S219) to obtain or obtain a currency-issuing public transaction ID indicating location information on the public block chain database of the merchant, which is a value obtained by processing the representative hash value or the representative hash value registered in the public key chain database. At this time, the server 100 can acquire the data message corresponding to the call issuing public transaction ID from the public block chain database 300. [

At this time, the authentication server 200 can store and manage a specific hash value and at least one neighbor hash value in a predetermined data structure. Here, the data structure may be various, for example, a merkle tree structure.

In other words, the authentication server 200 can support a particular hash value to generate or generate a merkle tree assigned to a particular leaf node, and if the predetermined condition is satisfied, It is possible to register or register a value obtained by processing a representative hash value or a representative hash value, which is a merge root generated by computing a hash value assigned to a leaf node, in the public block chain database 300.

More specifically, (x1) the authentication server 200 supports to calculate or calculate a hash value assigned to (i) a particular hash value and (ii) a sibling node of a node to which a particular hash value is assigned, And to assign or assign a hash value for the operation value to the parent node of the node. (x2) If the parent node is the root node of the merge tree, the hash value assigned to the parent node is the representative hash value. (x3). On the other hand, if the parent node is not the root node of the merge tree, the authentication server 200 repeats (x1) to (x3) with the hash value assigned to the parent node as a specific hash value.

The authentication server 200 finally supports registration or registration of the hash value assigned to the root node of the merge tree in the public block chain database 300 as a representative hash value. At this time, a value obtained by processing the representative hash value may be registered. For example, a result obtained by performing a hex operation on a representative hash value may be registered.

On the other hand, when the authentication server 200 stores a specific hash value and at least one neighbor hash value in a predetermined first data structure and then stores and manages a second data structure of the same type as the first data structure, The first data structure and the second data structure may be connected in a chain form.

In particular, if the first data structure and the second data structure are merc trees as in the above example, the root value of the first data structure or the hash value of the root value may be assigned to the first leaf node of the second data structure .

Further, when the second data structure is generated, verification of the first data structure is performed, so that data integrity can be further ensured. Verification of the second data structure will be described later.

In addition, in the case of the first one of the at least one merch tree connected in a chain form, the first leaf node of the first merch tree may be assigned a hash value or a processed value of predetermined message data composed of text, numbers, or symbols have. For example, a hash value of an input message initially assigned by the authentication server 200 can be allocated when generating a merge tree.

Figures 3 and 4 illustrate an example of a merge tree generated in accordance with an embodiment of the present invention.

FIG. 3 shows a merge tree having four leaf nodes. Since the illustrated merge tree is the first merge tree (tree_id = 0), it can be seen that a hash value (sha256 (coinplug_unique_message)) of a predetermined message data is assigned to the first leaf node h0. If there is a registration request (i.e., a write request related to the mobile ID) for the record data, the authentication server 200 generates the next leaf node of the last leaf node of the currently configured merge tree, And assigns or assigns the processed value. For example, if a new leaf node needs to be created in a state where the value assignment from the merge tree to the h1 node as the second leaf node is completed, a h2 node, which is a next leaf node, is generated to process a specific hash value or a specific hash value One value (sha256 (input2)) can be assigned. In addition, the authentication server 200 may support computing or computing (i) a particular hash value assigned to the h2 node and (ii) a hash value assigned to the h3 node, which is a sibling node of the h2 node. The hash value for the operation value is assigned to the h2 node and the parent node (h23 node) of the h3 node. Since the parent node (h23 node) is not the root node of the merge tree, the authentication server 200 can repeat the above process with the hash value assigned to the h23 node as a specific hash value. That is, the hash value assigned to the h23 node is set as a specific hash value, and the hash value assigned to the h23 node and the hash value assigned to the h01 node are calculated and assigned to the h23 node and the parent node (h0123 node) of the h01 node have. Since the h0123 node is the root node of the merge tree, the authentication server 200 registers the value (hex (h {node_index}) obtained by processing the hash value assigned to the node h0123 in the public block chain database 300 or registers Can support

The predetermined conditions include (i) a condition in which a transaction related to a mobile ID is generated by a predetermined number, (ii) a condition in which a predetermined time elapses, (iii) a condition in which a block is generated in a private block chain database, (iv) conditions for service characteristics.

On the other hand, for example, when a plurality of call-related transactions are obtained for the leaf nodes of the merge tree, a merge tree may be created, and the root value of the merge tree may be registered or registered in the public block chain database 300.

Also, the authentication server 200 can generate the root value of the aforementioned mu tree at predetermined time intervals (condition (ii) above). In this case, when a predetermined time elapses, the authentication server 100 may generate a merge tree using the input values up to that time and register or register the root value of the merge tree in the public block chain database 300. [

In this case, although a predetermined time has elapsed, a value may not be assigned to a sibling node of a node to which a particular hash value of the merge tree is assigned. If a hash value is not assigned to a sibling node of a node to which a specific hash value is allocated even though a predetermined condition is satisfied, the authentication server 200 supports to assign or assign a predetermined hash value to the sibling node, The root value of the muckle tree can be calculated. For example, the authentication server 200 may support copying and assigning or assigning a particular hash value to a sibling node.

The service characteristics include the cost information provided by the issuer that issued the transaction related to the mobile ID, the time zone information in which the mobile ID related transaction registration is performed, the area information in which the mobile ID related transaction registration service is performed, And may be at least a part of the company type information. However, the present invention is not limited to the one described here, but includes various condition information in which a generally accepted differential service can be provided.

On the other hand, when a new merge tree generation is started and a predetermined condition is satisfied in a state where there is no mobile ID related transaction, the authentication server 220 determines that the predetermined message data is a merge tree allocated to the first leaf node and the second leaf node And supports the registration or registration of the root value of the merge tree or the processed value in the public block chain database 200. In this case, a merge tree with two leaf nodes may be created.

Meanwhile, as described above, the authentication server 200 stores a specific hash value and at least one neighbor hash value in a predetermined first data structure, and then stores and manages a second data structure of the same type as the first data structure In this case, the first data structure and the second data structure may be connected in a chain form. In particular, if the first data structure and the second data structure are merc trees, the root value of the first data structure or the hash value of the root value may be assigned to the first leaf node of the second data structure.

4 is a diagram illustrating a merge tree generated as a second data structure according to an embodiment of the present invention.

Referring to FIG. 4, it can be seen that the root value (hex (h0123)) of the merge tree (tree_id = 0) of FIG. 3 is assigned to the first leaf node (h4 node) of the new merge tree (sha256 (input4)). The present invention has an advantage of improving data integrity by enabling easy tracking even when data is modulated in the middle by connecting a plurality of data structures generated at the time of occurrence of a transaction.

The authentication server 200 may issue a mobile ID to the user terminal 100 in response to the user's certificate creation (S220). That is, after the user's certificate is generated, the authentication server 200 may issue a mobile ID to the user terminal 100 in parallel with registering the user's certificate in the private block chain database and the public block chain database.

As shown in FIG. 5, the mobile ID can be used in a mobile device that is a user terminal 100, and may have a mobile ID information area 10 and a variable authentication value area 20.

The mobile ID information 10 is related to user information to be displayed for each ID and includes information such as a photograph image, a name and an ID number. The mobile ID information 10 can be changed according to display information of an ID card to be implemented, The information may be stored in the user terminal 100 or in the authentication server 200.

The variable authentication value 20 includes information for user authentication with a user signature value signed by the user's private key, and has a changed value every time authentication is performed, thereby preventing a problem caused by user information theft .

Referring to FIG. 6, a method for authenticating a user using a mobile ID according to an embodiment of the present invention in a state where a mobile ID is issued by the above method will be described.

The user certificate including the terminal ID of the user terminal of the user and the hash value of the user information of the user is registered in the private block chain database and the corresponding private transaction ID is managed by the method of FIG. A value obtained by processing a representative hash value or a representative hash value obtained by computing at least one neighboring hash value matching a specific hash value and a specific hash value generated by applying the hash function is registered in the public block chain database 300, When the user inputs a user authentication request signal to the user terminal 100 storing the user's private key and public key in order to request the user authentication using the mobile ID in the state of managing the public transaction ID, ), The user terminal 100 has at least a public key of the user, Gives sends a user authentication request including a transaction ID to the authentication server (200) (S2).

Then, the authentication server 200 searches the private transaction ID corresponding to the user's public key and the terminal ID of the acquired user authentication request transaction, and refers to the private transaction ID thus found to check the user certificate registered in the private block chain database have.

Alternatively, the authentication server 200 may transmit the certificate confirmation transaction to the public block chain database 300 (S3) using the public transaction ID corresponding to the user's public key and the terminal ID (S3) 300 and stores the merge tree information and leaf node information stored in the private block chain database in association with a value obtained by processing the representative hash value or the representative hash value included in the data message, Search in the database. The user certificate registered in the private block chain database can be checked by referring to the retrieved merge tree information and leaf node information (S4). Here, as an example of the data message, an OP return message of bit coin or the like may be assumed.

At this time, the authentication server 200 checks whether the confirmed user certificate is valid, and if the user does not have a matching certificate or the user certificate is invalid due to disposal or the like, the authentication server 200 transmits an error signal corresponding to the authentication failure to the user terminal .

Then, the authentication server 200 acquires a hash value of the user information with reference to the identified user certificate.

Thereafter, the authentication server 200 may transmit the random hash value and the hash value of the user information to the user terminal 100 (S5). At this time, the authentication server 200 may transmit only the random non-existence to the user terminal 100 to the user terminal 100.

First, when the authentication server 200 transmits a random nonce and a hash value of the user information to the user terminal 100 matching the terminal ID with the user terminal 100, the user terminal 100 transmits the hash value to the user (S6). If the confirmation information input by the user matches the set information, access to the private key is allowed to generate random signature, and the user signature value signed using the user's private key is generated (S7). However, if the confirmation information input by the user does not match the set information, access to the private key is denied and the user signature value is not generated.

Then, the user terminal 100 displays the mobile ID as shown in FIG. 5 (S8). That is, the user terminal 100 displays the photograph image stored in the terminal or acquired through the authentication server and the mobile ID information, which is display information according to the identification card. Then, a variable authentication value including the user signature value signed by the user's private key and the hash value for the user information is displayed. At this time, the variable authentication value may include random nonce. Also, the variable authentication value is changed according to the random non-existence of the same user, and the authentication server can provide a new random nonce every time authentication is performed.

In this state, when the user presents a mobile ID for user authentication, the authentication request terminal 110 obtains a variable authentication value from the mobile ID displayed in the user terminal 100 (S9) and transmits it to the authentication server 200 (S10).

At this time, the variable authentication value may include at least one of a bar code, a QR code, and NFC tag information, and the authentication request terminal 110 may be a computing device directly or indirectly coupled to a QR reader or an NFC reader . For example, the authentication request terminal 110 can recognize the QR code, which is a variable authentication value of the mobile ID, through the QR reader and transmit the same to the authentication server. When the NFC reader is used, the user terminal 100 receives the NFC tag information, which is the variable authentication value of the mobile ID through the NFC reader, or the user or the third party clicks the variable authentication value of the mobile ID, NFC reader or the like.

Then, the authentication server 200 extracts the user signature value and the hash value of the user information from the variable authentication value obtained from the authentication request terminal 110, and extracts the hash value of the user certificate matching the hash value of the extracted user information The validity of the user signature value is confirmed using the public key of the user (S11), and the authentication result information for the user according to the validity of the verified user signature value is transmitted to the authentication request terminal (S12).

At this time, the authentication server 200 extracts a random nonce from the user signature value using the user's public key of the user certificate matched with the hash value of the user information extracted from the variable authentication value, It is determined whether or not the user signature value is valid by checking whether or not the nonce is identical to the stored randomness sent to the user terminal 100. [ If the variable authentication value includes randomness, the authentication server 200 may determine whether the user's signature value is valid by checking whether the randomness extracted from the user signature value matches the randomness extracted from the variable authentication value have.

Also, the authentication server 200 invalidates the user authentication request transaction if the time interval between the first time of supporting transmission or transmission of the random non-existence to the user terminal and the second time of acquisition of the variable authentication value is equal to or larger than the set value The user terminal can request a new user authentication request transaction. Accordingly, the authentication server 200 can prevent the user's mobile ID from being used by theft or the like.

In response to the authentication result information received from the authentication server 200, the authentication request terminal 110 performs authentication by the user using the mobile ID.

Second, when the authentication server 200 transmits the random nonce to the user terminal 100 matching the terminal ID with the user terminal 100, the user terminal 100 may request the user to input confirmation information (S6). If the confirmation information input by the user agrees with the set information, access to the private key is permitted, and a random signature is generated using the user's private key (S7). However, if the confirmation information input by the user does not match the set information, access to the private key is denied and the user signature value is not generated.

Then, the user terminal 100 displays the mobile ID as shown in FIG. 3 (S8). That is, the user terminal 100 displays the photograph image stored in the terminal or acquired through the authentication server and the mobile ID information, which is display information according to the identification card. Then, it displays the variable authentication value including the user signature value signed by the user's private key and the public key of the random nonce.

In this state, when the user presents a mobile ID for user authentication, the authentication request terminal 110 obtains a variable authentication value from the mobile ID displayed in the user terminal 100 (S9) and transmits it to the authentication server 200 (S10).

Then, the authentication server 200 extracts the user signature value and the user's public key from the variable authentication value obtained from the authentication request terminal 110, extracts the public key of the user certificate matching the extracted public key, (S11), and transmits the authentication result information about the user according to the validity of the user signature value to the authentication request terminal (S12).

At this time, the authentication server 200 extracts a random nonce from the user signature value using the public key of the user certificate matching the user's public key extracted from the variable authentication value, and outputs the random nonce extracted from the user signature value And determines whether the user signature value is valid by confirming whether or not the randomness transmitted to the user terminal is identical. If the variable authentication value includes randomness, the authentication server 200 may determine whether the user's signature value is valid by checking whether the randomness extracted from the user signature value matches the randomness extracted from the variable authentication value have.

Also, the authentication server 200 invalidates the user authentication request transaction if the time interval between the first time of supporting transmission or transmission of the random non-existence to the user terminal and the second time of acquisition of the variable authentication value is equal to or larger than the set value The user terminal can request a new user authentication request transaction. Accordingly, the authentication server 200 can prevent the user's mobile ID from being used by theft or the like.

In response to the authentication result information received from the authentication server 200, the authentication request terminal 110 performs authentication by the user using the mobile ID.

FIG. 7 schematically shows a method of authenticating a user using a mobile ID according to another embodiment of the present invention. Referring to FIG. 7, another embodiment of the present invention will be described.

2, a user certificate including a public key of the user, a terminal ID of the user terminal of the user, and a hash value of the user information of the user is registered in the private block chain database and the corresponding private transaction ID is managed A representative hash value obtained by computing a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matching the specific hash value or a value obtained by processing the representative hash value is stored in a public block chain database In order to request the user authentication using the mobile ID, the user terminal 100 storing the user's private key and the public key transmits a user authentication request signal to the user terminal 100 storing the public key and the public key Upon inputting (S100), the user terminal 100 uses (S110). ≪ / RTI >

If the confirmation information input by the user matches the set information, the user terminal 100 generates a time stamp for the current time (S111), permits access to the private key, and stores the generated time stamp in the user's terminal And generates a signed user signature value using the private key (S112). However, if the confirmation information input by the user does not match the set information, access to the private key is denied and the user signature value is not generated.

Also, the user terminal 100 displays the mobile ID as shown in FIG. 5 (S113). That is, the user terminal 100 displays the photograph image stored in the terminal or acquired through the authentication server and the mobile ID information, which is display information according to the identification card. A variable authentication value generated by including the terminal ID, the time stamp, the time stamp, the user signature value signed by the user's private key, and the user's public key is displayed. At this time, the variable authentication value changes according to the time stamp even by the same user, and has a new authentication value every authentication request.

In this state, when the user presents a mobile ID for user authentication, the authentication request terminal 110 obtains a variable authentication value from the mobile ID displayed on the user terminal 100 (S114) and transmits the variable authentication value to the authentication server 200 (S115).

At this time, the variable authentication value may include at least one of a bar code, a QR code, and NFC tag information, and the authentication request terminal 110 may be a computing device directly or indirectly coupled to a QR reader or an NFC reader . For example, the authentication request terminal 110 can recognize the QR code, which is a variable authentication value of the mobile ID, through the QR reader and transmit the same to the authentication server. When the NFC reader is used, the user terminal 100 receives the NFC tag information, which is the variable authentication value of the mobile ID through the NFC reader, or the user terminal 100 clicks the variable authentication value of the mobile ID, Reader or the like.

Then, the authentication server 200 extracts the terminal ID, the time stamp, the user signature value, and the user's public key from the variable authentication value obtained from the authentication request terminal 110.

Then, the authentication server 200 searches the private transaction ID corresponding to the extracted public key and the terminal ID, and confirms the user certificate registered in the private block chain database by referring to the retrieved private transaction ID.

Alternatively, the authentication server 200 transmits a certificate confirmation transaction to the public block chain database 300 using the public key corresponding to the user's public key and the terminal ID (S116) 300, which is associated with a value obtained by processing the representative hash value or the representative hash value included in the data message, and transmits the merge tree information and leaf node information stored in the private block chain database to a private block Search in the database. Then, the authentication server 200 can confirm the user certificate registered in the private block chain database by referring to the retrieved mu tree tree information and leaf node information (S117).

At this time, the authentication server 200 checks whether the user certificate is valid, and if the user does not have a certificate matching the user certificate or the user certificate is invalid due to disposal, the authentication server 200 may transmit an error signal corresponding to the authentication failure to the user terminal .

Also, the authentication server 200 extracts the time stamp from the user signature value using the user's public key of the user certificate matching the public key extracted from the variable authentication value. Then, it is confirmed whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value to check whether the user signature value is valid or not (S118). If the validity of the user signature value is confirmed, And transmits the authentication result information to the authentication request terminal 110 (S119).

If the time interval between the time at which the variable authentication value of the mobile ID is obtained from the authentication requesting terminal and the time at which the time stamp is extracted from the variable authentication value is equal to or larger than the set value, the authentication server 200 invalidates the user authentication request, The terminal can request a new user authentication request. Accordingly, the authentication server 200 can prevent the user's mobile ID from being used by theft or the like.

In response to the authentication result information received from the authentication server 200, the authentication request terminal 110 performs authentication by the user using the mobile ID.

FIG. 8 schematically shows a method of authenticating a user using a mobile ID according to another embodiment of the present invention. Referring to FIG. 8, another embodiment of the present invention will be described below.

2, a user certificate including a public key of the user, a terminal ID of the user terminal of the user, and a hash value of the user information of the user is registered in the private block chain database and the corresponding private transaction ID is managed A representative hash value or a representative hash value obtained by calculating at least one neighborhood hash value matching a specific hash value and a specific hash value generated by applying a hash function to the user certificate is registered in the public block chain database In a state where the public transaction ID corresponding to the public transaction ID is managed, when the user inputs the user identification information of the user in order to authenticate the user on the Internet web page or the like (S300a), the authentication request terminal 110, which is the web server, And transmits the input user identification information to the authentication server 200 (S300b). At this time, the user identification information may include user ID, a resident registration number, a user terminal ID, an IP address of the user terminal, a telephone number, and the like.

Then, the authentication server 200 checks the user identification information acquired from the authentication request terminal 110 and searches for the registered user information corresponding to the user identification information (S300c). Then, the authentication server 200 uses the mobile ID And transmits a user authentication request signal to the user terminal 100 to request the user authentication (S300). At this time, the user authentication request signal may be a message requesting user authentication including a message requesting user authentication or a random nonce.

When the confirmation information input by the user matches the set information, the user terminal 100 generates a time stamp for the current time (S311), and stores the generated time stamp in the private key And creates a user signature value that is signed using the user's private key in step S312. However, if the confirmation information input by the user does not match the set information, access to the private key is denied and the user signature value is not generated. Alternatively, if the random number is included in the user authentication request signal, the user terminal 100 requests the user to input confirmation information. If the confirmation information input by the user matches the set information, the user terminal 100 accesses the private key And generates a user signature value that is signed using the user's private key by allowing random nonce.

Also, the user terminal 100 transmits the variable authentication value including the terminal ID, the time stamp, the user signature value signed with the user's private key, and the user's public key to the authentication server 200 (S314). Alternatively, when the random number is included in the user authentication request signal, the user terminal 100 generates a variable authentication value including a terminal ID, a random signature, a user signature value signed by the user's private key, To the authentication server (200).

Then, the authentication server 200 extracts the terminal ID, the time stamp, the user signature value, and the user's public key from the variable authentication value obtained from the user terminal 100. [ Alternatively, when the random authentication is included in the user authentication request signal, the authentication server 100 extracts the terminal ID, the user signature value obtained by signing the random nonce with the user's private key, and the user's public key.

Then, the authentication server 200 searches the private transaction ID corresponding to the extracted public key and the terminal ID, and confirms the user certificate registered in the private block chain database by referring to the retrieved private transaction ID.

Alternatively, the authentication server 200 transmits the certificate confirmation transaction to the public block chain database 300 using the public transaction ID corresponding to the user's public key and the terminal ID (S316) 300, which is associated with a value obtained by processing the representative hash value or the representative hash value included in the data message, and transmits the merge tree information and leaf node information stored in the private block chain database to a private block Search in the database. Then, the authentication server 200 can confirm the user certificate registered in the private block chain database by referring to the retrieved mu tree tree information and the leaf node information (S317).

At this time, the authentication server 200 checks whether the user certificate is valid, and if the user does not have a certificate matching the user certificate or the user certificate is invalid due to disposal, the authentication server 200 may transmit an error signal corresponding to the authentication failure to the user terminal .

Also, the authentication server 200 extracts the time stamp from the user signature value using the user's public key of the user certificate matching the public key extracted from the variable authentication value. Then, it is checked whether the time stamp extracted from the user signature value is identical to the time stamp extracted from the variable authentication value to check whether the user signature value is valid (S318). If the validity of the user signature value is confirmed, And transmits authentication result information to the authentication request terminal 110 (S319). Alternatively, when the randomness is included in the user authentication request signal, the authentication server 200 extracts the random signature from the user signature value using the public key of the user certificate matching the user's public key extracted from the variable authentication value, . Then, it is checked whether the time stamp extracted from the user signature value matches with the randomness included in the user authentication request signal to check whether the user signature value is valid, and if the authenticated user signature value is valid or not, And transmits the information to the authentication request terminal 110.

If the time interval between the time at which the variable authentication value of the mobile ID is obtained from the authentication requesting terminal and the time at which the time stamp is extracted from the variable authentication value is equal to or larger than the set value, the authentication server 200 invalidates the user authentication request, The terminal can request a new user authentication request. Accordingly, the authentication server 200 can prevent the user's mobile ID from being used by theft or the like. When the random authentication is included in the user authentication request signal, the authentication server 200 transmits the user authentication request signal including the random nonce to the user terminal, If the time interval between two time points is equal to or greater than the set value, the user authentication request transaction is invalidated and a new user authentication request transaction can be requested to the user terminal.

In response to the authentication result information received from the authentication server 200, the authentication request terminal 110 performs authentication by the user using the mobile ID.

In addition, the embodiments of the present invention described above can be implemented in the form of program instructions that can be executed through various computer components and recorded in a computer-readable recording medium. The computer-readable recording medium may include program commands, data files, data structures, and the like, alone or in combination. The program instructions recorded on the computer-readable recording medium may be those specially designed and constructed for the present invention or may be those known and used by those skilled in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules for performing the processing according to the present invention, and vice versa.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, Those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims.

Therefore, the spirit of the present invention should not be construed as being limited to the above-described embodiments, and all of the equivalents or equivalents of the claims, as well as the following claims, I will say.

100: user terminal,
110: authentication request terminal,
200: authentication server,
210:
220: processor,
300: public block chain database

Claims (38)

A method for authenticating a user using a mobile identity,
(a) a user certificate including a public key of the user, a terminal ID of the user terminal of the user, and a hash value of the user information of the user is registered in the private block chain database and the corresponding private transaction ID is managed A representative hash value obtained by computing a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value or a value obtained by processing the representative hash value is stored in a public block chain database When a user authentication request transaction including at least a public key of a user and a terminal ID is obtained from a user terminal in response to a user authentication request in the state that a public transaction ID corresponding to the public key is registered, The public key of the user and the terminal eye And a hash value for the user information is obtained from the user's certificate, (ii) the hash value of the user's public key is obtained from the private key chain database using the private transaction ID corresponding to the private key chain, Acquiring a data message from the public block chain database using the public transaction ID corresponding to the terminal ID, and associating the representative hash value or the representative hash value included in the data message with a value obtained by processing the private hash value The private block chain database and the merge tree information stored in the block chain database are read from the private block chain database, Identifying a user certificate and obtaining a hash value for the user information from the user certificate;
(b) (b1) when the authentication server supports to transmit or transmit the random number and the hash value of the user information to the user terminal of the user matching the terminal ID, A user signature value obtained by signing the randomness with a private key of the user; And a hash value for the user information; (Ii) display a mobile identity including the mobile identity information of the user along with the variable authentication value; and (b2) the authentication server supports to display a random non- (I) a user signature value obtained by signing the random non-existence with the user's private key; And a public key of the user; (Ii) supporting a display of a mobile identity including the mobile identity information of the user with the variable authentication value; And
(c) (c1) when the variable authentication value of the mobile ID is obtained from the authentication requesting terminal according to (b1), the authentication server determines the user signature value from the variable authentication value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) if the variable authentication value of the mobile identity is obtained from the authentication request terminal by (b2), the authentication server transmits the authentication result information to the authentication request terminal The user signature value from the variable authentication value; And a public key of the user; The validity of the user signature value is verified by using the user's public key of the user certificate matching the extracted public key of the user, To transmit or transmit authentication result information to the authentication request terminal;
≪ / RTI > The method according to claim 1,
In the step (c)
The authentication server includes:
In the case of (c1), the randomness is extracted from the user signature value using the user's public key of the user certificate matching the hash value of the user information extracted from the variable authentication value, c2), the randomness is extracted from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value,
In both cases (c1) and (c2), it is determined whether the random signature extracted from the user signature value matches the randomness transmitted to the user terminal, and whether the user signature value is valid or not , The method according to claim 1,
The mobile ID information includes:
The image information of the user, and the display information of each ID card. The method according to claim 1,
The authentication server includes:
(B1) and (b2), a first time at which the random non-existence is supported or transmitted to the user terminal, and a second time at which the variable authentication value is obtained in the case of (c1) If the time interval between two time points is equal to or greater than a preset value, invalidates the user authentication request transaction and requests a new user authentication request transaction to the user terminal. The method according to claim 1,
The variable-
A bar code, a QR code, and NFC tag information. 6. The method of claim 5,
The authentication request terminal,
A computing device that acquires a signal of a reader that obtains the variable authentication value from the mobile ID displayed through the user terminal, or a computing device that acquires the variable authentication value through communication with the user terminal How to. The method according to claim 1,
Before the step (a)
(a01) When a mobile ID issuance application transaction including at least user information is obtained from the user terminal, the authentication server confirms the user using the user information, and requests or requests a certificate registration with the user terminal Supporting step;
(a02) If the public key of the user and the terminal ID of the user terminal are obtained from the user terminal in response to the certificate registration request, the authentication server transmits the public key of the user, the terminal ID of the user terminal, And registering a user certificate including a hash value of the user information in a private block chain database, managing a private transaction ID therefor, and issuing or issuing the mobile ID to the user terminal; And
(a03) If the predetermined condition is satisfied, the authentication server calculates a representative hash value by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Registering a value obtained by processing the representative hash value in a public block chain database and managing a corresponding public transaction ID;
≪ / RTI > 8. The method of claim 7,
In the step (a03)
The predetermined condition is that,
(ii) a condition that a predetermined time elapses; (iii) a condition in which a block is generated in a private block chain; (iv) a condition for a service characteristic; RTI ID = 0.0 > 1, < / RTI > 8. The method of claim 7,
In the step (a03)
Wherein the authentication server supports to generate or generate a merkle tree in which the particular hash value is assigned to a leaf node,
If the predetermined condition is satisfied, a value obtained by processing the representative hash value or the hash value generated by computing a hash value assigned to at least one other leaf node matching the specific hash value is stored in the public block chain database And registering or registering the same. 10. The method of claim 9,
If the merge tree is a first tree among at least one merge tree connected in a chain form, the first leaf node of the merge tree is assigned a hash value or a processed value of predetermined message data composed of text, numbers or symbols Lt; / RTI > 10. The method of claim 9,
If the predetermined condition is satisfied,
(x1) the authentication server is configured to (i) calculate or calculate a hash value assigned to the sibling node of the node to which the specific hash value is assigned, and (ii) And (ii) a hash value for a computed value of a hash value assigned to a sibling node of the node to which the particular hash value is allocated is assigned or assigned to a parent node of the node to which the particular hash value is assigned,
(x2) if the parent node is the root node of the merge tree, supports to register or register the hash value assigned to the parent node as the representative hash value in the public block chain database,
(x3) If the parent node is not the root node of the merge tree, the step (x1) to (x2) are repeated by using the hash value assigned to the parent node as the specific hash value. 12. The method of claim 11,
At (x1)
If the hash value is not assigned to the sibling node of the node to which the specific hash value is assigned even though the predetermined condition is satisfied, the authentication server supports to assign or assign a predetermined hash value to the sibling node, x1) to (x3). < / RTI > 8. The method of claim 7,
When the authentication server stores the specific hash value and the at least one neighbor hash value in a predetermined first data structure and then stores and manages a second data structure of the same type as the first data structure, 1 data structure and the second data structure are connected in a chain form. 14. The method of claim 13,
Wherein a root value of the first data structure or a hash value of the root value is assigned to a first leaf node of the second data structure if the first data structure and the second data structure are merc trees. . A method for authenticating a user using a mobile identity,
(a) the user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; And a private hash value generated by applying a hash function to the user certificate and at least one neighbor hash that matches the specific hash value, In a public block chain database and managing a public transaction ID corresponding to the representative hash value or a value obtained by processing the representative hash value, a mobile ID displayed on the user terminal in response to the user authentication request - the mobile ID comprises (i) the terminal identity; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) the mobile authentication information includes the mobile identity information of the user along with the variable authentication value. When the variable authentication value is acquired via the authentication request terminal, the authentication server determines whether the acquired From the variable authentication value; The time stamp; The user signature value; And a public key of the user; And
(b) the authentication server checks (i) the user's certificate registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, (ii) Obtaining a data message from the public block chain database by using the public key of the user and the public transaction ID corresponding to the terminal ID, calculating a value obtained by processing the representative hash value or the representative hash value included in the data message, And the leaf node information stored in the private block chain database is retrieved from the private block chain database and stored in the private block chain database by referring to the retrieved merge tree information and leaf node information, Extracting the time stamp from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value, extracting the time stamp from the user signature value, Verifying whether the user signature value is valid or not by checking whether the time stamp extracted from the variable authentication value coincides with the time stamp of the user and verifying whether the user signature value is valid, Supporting the transmission or transmission to the authentication request terminal;
≪ / RTI > 16. The method of claim 15,
The authentication server includes:
If the time interval between the time at which the variable authentication value of the mobile ID is obtained from the authentication requesting terminal and the time at which the time stamp is extracted from the variable authentication value is equal to or larger than the set value, invalidates the user authentication request, And requests a new user authentication request. A method for authenticating a user using a mobile identity,
(a) the user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; And a private hash value generated by applying a hash function to the user certificate and at least one neighbor hash that matches the specific hash value, When the user identification information is acquired through the authentication request terminal in a state in which the representative hash value obtained by computing the value or the value obtained by processing the representative hash value is registered in the public block chain database and the corresponding public transaction ID is managed, The server transmits a user authentication request signal to the user terminal corresponding to the user identification information, the user authentication request signal includes a message requesting the user authentication including (1) a message requesting the user authentication or (2) To send or transmit And a mobile ID displayed on the user terminal in response to the user authentication request, wherein the mobile ID is: (i) the terminal ID; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) mobile ID information of the user in addition to the variable authentication value, and (ii) the mobile ID information includes (i) the UE ID; A user signature value obtained by signing the randomness with a private key of the user; And a variable authentication value including a public key of the user; (Ii) if the variable authentication value of the user includes the mobile identity information of the user together with the variable authentication value, from the obtained variable authentication value, , The terminal ID; The time stamp; The user signature value; And a public key of the user; In the case (2), the terminal ID; Extracting the user signature value and the public key of the user; And
(b) the authentication server checks (i) the user's certificate registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, (ii) Obtaining a data message from the public block chain database by using the public key of the user and the public transaction ID corresponding to the terminal ID, calculating a value obtained by processing the representative hash value or the representative hash value included in the data message, And the leaf node information stored in the private block chain database is retrieved from the private block chain database and stored in the private block chain database by referring to the retrieved merge tree information and leaf node information, In the case of (1) above, the time stamp is extracted from the user signature value using the user's public key of the user certificate matching the public key of the user extracted from the variable authentication value , Verifies whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value to check whether the user signature value is valid or not. In case (2), the variable authentication value Extracts the random nonce from the user signature value using the user's public key of the user certificate matching the extracted public key of the user, extracts the random nonce from the user signature value, Check whether the transmitted randomness included in Confirming the validity of the user signature value and supporting transmission or transmission of authentication result information for the user according to the validity of the user signature value to the authentication request terminal;
≪ / RTI > A method for authenticating a user using a mobile identity,
(a) generating and storing the public key of the user and the private key of the user, and storing the public key of the user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A value obtained by processing the representative hash value is registered in a public block chain database, and when a user authentication request signal is acquired in a state of managing the mobile ID corresponding to the registered user certificate, (I) transmitting a public key corresponding to the user's public key and a private transaction ID corresponding to the terminal ID to the authentication server, and transmitting the user authentication request transaction including the user's public key and the terminal ID to the authentication server, The private (Ii) acquiring a data message from the public block chain database using a public transaction ID corresponding to the public key of the user and the terminal ID, and Searching the private block chain database for the merge tree information and the leaf node information stored in the private block chain database in association with the representative hash value or the value obtained by processing the representative hash value included in the message, Supporting information for identifying the user certificate registered in the private block chain database with reference to information and leaf node information;
(b) (b1) when a random nonce and a hash value for the user information are obtained from the authentication server in response to the user authentication request transaction, the user terminal transmits (i) the random nonce to the user's private key One user signature value; And a hash value for the user information; (Ii) displaying a mobile ID including the mobile identity information of the user together with the variable authentication value; and (b2) displaying a random identity from the authentication server in response to the user authentication request transaction, (I) a user signature value obtained by signing the randomness with the user's private key; And a public key of the user; (Ii) displaying a mobile ID including the mobile ID information of the user together with the variable authentication value; And
(c1) (c1) allowing the user terminal to acquire the variable authentication value of the mobile ID from the authentication server through the authentication requesting terminal according to (b1) User signature value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) the user terminal transmits the variable authentication value of the mobile ID to the authentication server through the authentication request terminal by (b2) Thereby enabling the authentication server to obtain the user signature value from the variable authentication value; And a public key of the user; The validity of the user signature value is verified by using the user's public key of the user certificate matching the extracted public key of the user, To transmit the authentication result information to the authentication request terminal;
≪ / RTI > 19. The method of claim 18,
The mobile ID information includes:
The image information of the user, and the display information of each ID card. 19. The method of claim 18,
The variable-
A bar code, a QR code, and NFC tag information. 21. The method of claim 20,
The authentication request terminal,
A computing device that acquires a signal of a reader that obtains the variable authentication value from the mobile ID displayed through the user terminal, or a computing device that acquires the variable authentication value through communication with the user terminal How to. 19. The method of claim 18,
In the step (b)
When a hash value for the random information and the user information is obtained from the authentication server by the authentication server or when the randomness is obtained from the authentication server by the step b2, And the mobile ID is displayed when the input confirmation information is valid. 19. The method of claim 18,
Before the step (a)
(a01) supporting the user terminal to transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server; And
(a02) If a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuing application transaction, the user terminal generates the public key of the user and the private key of the user using the user authentication key, The public key and the terminal ID for the user terminal to the authentication server so that the authentication server can obtain the hash value of the user's public key, the terminal ID for the user terminal, and the user information Registering a user certificate including the user certificate in the private block chain database, managing a private transaction ID therefor, and issuing the mobile ID to the user terminal;
≪ / RTI > 24. The method of claim 23,
In the step (a02)
The user terminal comprising:
Before supporting transmission or transmission of the public key of the user and the terminal ID for the user terminal to the authentication server,
And setting confirmation information for the user. A method for authenticating a user using a mobile identity,
(a) generating and storing the public key of the user and the private key of the user, and storing the public key of the user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A value obtained by processing the representative hash value is registered in a public block chain database, and when a user authentication request signal is acquired in a state of managing the mobile ID corresponding to the registered user certificate, i) a terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) displaying a mobile ID including the mobile ID information of the user together with the variable authentication value; And
(b) the user terminal supports the authentication server to obtain the variable authentication value of the mobile ID via the authentication request terminal, thereby allowing the authentication server to obtain the terminal ID from the variable authentication value; The time stamp; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, and (ii) Acquiring a data message from the public block chain database using a public key of a user and a public transaction ID corresponding to the terminal ID, and associating the representative hash value or the representative hash value included in the data message with a processed value The private block chain database and the merge tree information stored in the private block chain database are retrieved from the private block chain database, And extracts the time stamp from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value, And verifying whether the time stamp extracted from the variable authentication value matches the time stamp extracted from the variable authentication value to confirm whether or not the user signature value is validated, Supporting result information to be transmitted to the authentication request terminal;
≪ / RTI > A method for authenticating a user using a mobile identity,
(a) generating and storing the public key of the user and the private key of the user, and storing the public key of the user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Wherein the mobile node is registered in the public block chain database, and a value obtained by processing the representative hash value is registered in a public block chain database. In a state in which the mobile ID corresponding to the registered user certificate is managed, The server transmits a user authentication request signal. The user authentication request signal is a message for requesting the user authentication including (1) a message requesting the user authentication or (2) a random non-existence. In response to the user authentication request signal, in the case of (1) A terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; And generates a variable authentication value of the mobile ID including the terminal ID of the user terminal in case of (2); A user signature value obtained by signing the randomness with a private key of the user; And a public key of the user; Generating a variable authentication value including the authentication value; And
(b) the user terminal supports the authentication server to obtain the variable authentication value of the mobile ID, thereby causing the authentication server to determine, from the variable authentication value, the terminal ID in case of (1); The time stamp; The user signature value; And a public key of the user; And in the case of (2), the terminal ID; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, and (ii) Acquiring a data message from the public block chain database using a public key of a user and a public transaction ID corresponding to the terminal ID, and associating the representative hash value or the representative hash value included in the data message with a processed value The private block chain database and the merge tree information stored in the private block chain database are retrieved from the private block chain database, (1), using the public key of the user of the user certificate matching the public key of the user extracted from the variable authentication value, the time stamp And verifies whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value to check whether the user signature value is valid. In case (2), the variable Extracting the randomness from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the authentication value and comparing the random non- The randomness value transmitted in the authentication request signal is Confirming whether the user signature value is valid or not and supporting authentication result information for the user according to whether the user signature value is validated to the authentication request terminal;
≪ / RTI > An authentication server for authenticating a user using a mobile ID,
Registers a user certificate including a public key of the user, a terminal ID of the user terminal of the user, and a hash value of the user information of the user in the private block chain database and manages the corresponding private transaction ID, A representative hash value obtained by calculating a specific hash value generated by applying a hash function to the certificate and at least one neighbor hash value matched with the specific hash value or a value obtained by processing the representative hash value is registered in the public block chain database A communication unit for acquiring a user authentication request transaction including at least a user's public key and a terminal ID from a user terminal in response to a user authentication request in a state of managing a corresponding public transaction ID; And
(i) checking the certificate of the user registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, and extracting a hash value (Ii) acquiring a data message from the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, and transmitting the representative hash value or the representative hash value included in the data message Searching the private block chain database for the merge tree information and the leaf node information stored in the private block chain database in association with the value obtained by processing the representative hash value and referring to the retrieved merge tree information and the leaf node information, A process of confirming the user certificate registered in the library block chain database and acquiring a hash value of the user information from the user certificate; (b1) comparing a hash value of the random number and the user information with the terminal ID, (I) a user signature value obtained by signing the random nonce with the private key of the user, if the user terminal supports sending or transmitting to the matching user terminal; And a hash value for the user information; (Ii) supporting a display of a mobile identity including the mobile identity information of the user along with the variable authentication value, and (b2) transmitting a random nonce to the user terminal or transmitting (I) a user signature value obtained by signing the randomness with the user's private key; And a public key of the user; (Ii) supporting a display of a mobile identity including the mobile identity information of the user along with the variable authentication value; and (c1) supporting, by the (b1) When the variable authentication value of the ID is obtained from the authentication requesting terminal, the user signature value from the variable authentication value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) when the variable authentication value of the mobile ID is obtained from the authentication request terminal by (b2), the authentication request information for the user is transmitted or transmitted to the authentication request terminal; The user signature value; And a public key of the user; The validity of the user signature value is verified by using the user's public key of the user certificate matching the extracted public key of the user, And transmitting the authentication result information to the authentication request terminal;
And an authentication server for authenticating the authentication server. 28. The method of claim 27,
The processor comprising:
In the case of (c1), the randomness is extracted from the user signature value using the user's public key of the user certificate matching the hash value of the user information extracted from the variable authentication value, c2), the randomness is extracted from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value,
In both cases (c1) and (c2), it is determined whether the random signature extracted from the user signature value matches the randomness transmitted to the user terminal, and whether the user signature value is valid or not Authentication server, 28. The method of claim 27,
The processor comprising:
A process of confirming the user using the user information and requesting or requesting a certificate registration to the user terminal when a mobile ID issuance application transaction including at least user information is obtained from the user terminal, If the public key of the user and the terminal ID of the user terminal are acquired from the user terminal in response to the user ID of the user terminal, the user ID of the user terminal, and the hash value of the user information, A process of registering a certificate in a private block chain database, managing a private transaction ID therefor, issuing or issuing the mobile ID to the user terminal, and, if a predetermined condition is satisfied, And a representative hash value obtained by calculating at least one neighboring hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the public block chain database, And further performs a process of managing a transaction ID. 30. The method of claim 29,
The predetermined condition is that,
(ii) a condition that a predetermined time elapses; (iii) a condition in which a block is generated in a private block chain; (iv) a condition for a service characteristic; The authentication server comprising: 30. The method of claim 29,
Wherein the processor is configured to support the particular hash value to generate or generate a merkle tree assigned to a leaf node,
If the predetermined condition is satisfied, a value obtained by processing the representative hash value or the hash value generated by computing a hash value assigned to at least one other leaf node matching the specific hash value is stored in the public block chain database And to register or register the authentication server. An authentication server for authenticating a user using a mobile ID,
The user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; And a private hash value generated by applying a hash function to the user certificate and at least one neighbor hash that matches the specific hash value, In a public block chain database and managing a public transaction ID corresponding to the representative hash value or a value obtained by processing the representative hash value, a mobile ID displayed on the user terminal in response to the user authentication request - the mobile ID comprises (i) the terminal identity; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) the mobile authentication information includes the mobile identity information of the user along with the variable authentication value; and a communication unit that acquires the variable authentication value through the authentication request terminal; And
From the acquired variable authentication value; The time stamp; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, (ii) checking the user's public key Acquiring a data message from the public block chain database using the public transaction ID corresponding to the terminal ID, and associating the representative hash value or the representative hash value included in the data message with a value obtained by processing the private hash value The private block chain database searches the merch tree information and leaf node information stored in the block chain database, and refers to the retrieved merch tree information and leaf node information to identify the user certificate Extracts the time stamp from the user signature value using the user's public key of the user certificate matching the public key of the user extracted from the variable authentication value, Checking the validity of the user signature value by verifying whether the time stamp and the time stamp extracted from the variable authentication value are identical to each other and verifying whether or not the user signature value is valid, A processor for supporting transmission or transmission to an authentication request terminal;
And an authentication server for authenticating the authentication server. 33. The method of claim 32,
The processor comprising:
If the time interval between the time at which the variable authentication value of the mobile ID is obtained from the authentication requesting terminal and the time at which the time stamp is extracted from the variable authentication value is equal to or larger than the set value, invalidates the user authentication request, And requests a new user authentication request. An authentication server for authenticating a user using a mobile ID,
The user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; And a private hash value generated by applying a hash function to the user certificate and at least one neighbor hash that matches the specific hash value, When the user identification information is acquired from the authentication requesting terminal in a state in which the representative hash value obtained by computing the value or the value obtained by processing the representative hash value is registered in the public block chain database and the corresponding public transaction ID is managed, A user authentication request signal to the user terminal corresponding to the identification information; the user authentication request signal is a message requesting the user authentication including (1) a message requesting the user authentication or (2) a random nonce; , In response to the user authentication request, A mobile ID displayed on the terminal, and the mobile ID is (i) the terminal ID; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) mobile ID information of the user in addition to the variable authentication value, and (ii) the mobile ID information includes (i) the UE ID; A user signature value obtained by signing the randomness with a private key of the user; And a public key of the user; (Ii) the mobile authentication information includes the mobile identity information of the user in addition to the variable authentication value, the communication unit obtaining the variable authentication value from the user terminal; And
From the acquired variable authentication value, in the case of (1), the terminal ID; The time stamp; The user signature value; And a public key of the user; And in the case (2), extracts the terminal ID; The user signature value; And extracting the public key of the user, (i) checking the user's certificate registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, (ii) ) Acquiring a data message from the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal identity, and processing the representative hash value or the representative hash value included in the data message And the leaf node information stored in the private block chain database in the private block chain database, referring to the retrieved merge tree information and the leaf node information, (1), from the user signature value using the user's public key of the user certificate matching the public key of the user extracted from the variable authentication value, Wherein the validity of the user signature value is verified by checking whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value, Extracting the randomness from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value, The randomness value transmitted in the user authentication request signal The validity of the user signature value is verified and the authentication result information for the user according to the validity of the user signature value is transmitted to the authentication request terminal or transmitted;
And an authentication server for authenticating the authentication server. A user terminal for authenticating a user using a mobile ID,
And generating and storing the public key of the user and the private key of the user, the public key of the user, A terminal ID for the user terminal of the user; And a hash value for the user information of the user; A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A value obtained by processing the representative hash value is registered in a public block chain database, and when a user authentication request signal is acquired in a state of managing the mobile ID corresponding to the registered user certificate, And transmits the user authentication request transaction including the key and the terminal ID to the authentication server so as to allow the authentication server to transmit the user authentication request transaction to the authentication server using (i) the private key corresponding to the user's public key and the private transaction ID, Block Chain Data (Ii) acquiring a data message from the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, and Searching the private block chain database for the merge tree information and the leaf node information stored in the private block chain database in association with the representative hash value or the processed value of the representative hash value, (B1) a step of, in response to the user authentication request transaction, requesting, from the authentication server, the randomness and the user information for the user information If swigap received, (i) a user signature signed with the private value of the user, the random nonce; And a hash value for the user information; (Ii) displaying a mobile ID including the mobile identity information of the user together with the variable authentication value; and (b2) displaying a random identity from the authentication server in response to the user authentication request transaction, (I) a user signature value obtained by signing the randomness with the private key of the user; And a public key of the user; (Ii) a process of displaying a mobile ID including the mobile ID information of the user together with the variable authentication value; And
(c1) allowing the user terminal to acquire the variable authentication value of the mobile ID from the authentication server through the authentication requesting terminal according to (b1), thereby allowing the authentication server to determine, from the variable authentication value, ; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) the user terminal transmits the variable authentication value of the mobile ID to the authentication server through the authentication request terminal by (b2) Thereby enabling the authentication server to obtain the user signature value from the variable authentication value; And a public key of the user; The validity of the user signature value is verified by using the user's public key of the user certificate matching the extracted public key of the user, To transmit the authentication result information to the authentication request terminal;
And a user terminal. 36. The method of claim 35,
Wherein the communication unit supports to transmit or transmit a mobile ID issue application transaction including at least user information to the authentication server,
Wherein the processor generates a public key of the user and a private key of the user with a user authentication key when a certificate registration request signal is obtained from the authentication server in response to the mobile ID issue application transaction, The authentication server transmits the terminal ID of the user terminal to the authentication server, thereby enabling the authentication server to transmit the user certificate including the public key of the user, the terminal ID of the user terminal, and the hash value of the user information To the private block chain database, manages the private transaction ID, and issues the mobile ID to the user terminal. A user terminal for authenticating a user using a mobile ID,
And generating and storing the public key of the user and the private key of the user, the public key of the user, A terminal ID for the user terminal of the user; And a hash value for the user information of the user; A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Wherein a value obtained by processing the representative hash value is registered in a public block chain database, and when a user authentication request signal is acquired while the mobile ID corresponding to the registered user certificate is acquired, (i) A terminal ID of the terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) a mobile ID indicating the mobile ID including the mobile ID information of the user together with the variable authentication value; And
And the authentication server obtains the variable authentication value of the mobile ID through the authentication requesting terminal so as to allow the authentication server to obtain the terminal ID from the variable authentication value. The time stamp; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, and (ii) Acquiring a data message from the public block chain database using a public key of a user and a public transaction ID corresponding to the terminal ID, and associating the representative hash value or the representative hash value included in the data message with a processed value And searching the private block chain database for the merch tree information and the leaf node information stored in the private block chain database and referring to the retrieved merch tree information and leaf node information, And extracts the time stamp from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value, Verifying whether or not the time stamp extracted from the variable authentication value matches the time stamp extracted from the variable authentication value to check whether the user signature value is valid, A communication unit for supporting information to be transmitted to the authentication request terminal;
And a user terminal. A user terminal for authenticating a user using a mobile ID,
And generating and storing the public key of the user and the private key of the user, the public key of the user, A terminal ID for the user terminal of the user; And a hash value for the user information of the user; A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A value obtained by processing the representative hash value is registered in a public block chain database, and in a state where the mobile ID corresponding to the registered user certificate is managed, a user corresponding to the user identification information acquired from the authentication request terminal (1) a message requesting the user authentication or (2) a request for user authentication including a random non-existence - is obtained from the authentication server, A terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; And generates a variable authentication value of the mobile ID including the terminal ID of the user terminal in case of (2); A user signature value obtained by signing the randomness with a private key of the user; And a public key of the user; A processor for generating a variable authentication value of the mobile ID; And
And the authentication server obtains the variable authentication value of the mobile ID, thereby allowing the authentication server to determine, in case of (1), the terminal ID from the variable authentication value; The time stamp; The user signature value; And a public key of the user; And in the case (2), extracting the terminal ID from the variable authentication value; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, and (ii) Acquiring a data message from the public block chain database using a public key of a user and a public transaction ID corresponding to the terminal ID, and associating the representative hash value or the representative hash value included in the data message with a processed value And searching the private block chain database for the merch tree information and the leaf node information stored in the private block chain database and referring to the retrieved merch tree information and leaf node information, (1), the user's public key of the user certificate matching the public key of the user extracted from the variable authentication value is used to determine the time stamp from the user signature value And verifies whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value to check whether the user signature value is valid. In case (2), the variable authentication Extracting the randomness from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the user signature value, Check that the randomness contained in the signal matches Communication support check the validity of the user signature value, and to transmit the authentication result information for the user of the validity of the identified value of the user signature in the authentication request terminal;
And a user terminal.

Images