KR101858653B1 - Method for certifying a user by using mobile id through blockchain database and merkle tree structure related thereto, and terminal and server using the same - Google Patents
Method for certifying a user by using mobile id through blockchain database and merkle tree structure related thereto, and terminal and server using the same Download PDFInfo
- Publication number
- KR101858653B1 KR101858653B1 KR1020160183930A KR20160183930A KR101858653B1 KR 101858653 B1 KR101858653 B1 KR 101858653B1 KR 1020160183930 A KR1020160183930 A KR 1020160183930A KR 20160183930 A KR20160183930 A KR 20160183930A KR 101858653 B1 KR101858653 B1 KR 101858653B1
- Authority
- KR
- South Korea
- Prior art keywords
- user
- value
- block chain
- information
- hash value
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
A method for authenticating a user using a mobile ID, the method comprising the steps of: (a) determining a user's public key, user identification information for identifying the user, and a user information hash value And a second block chain ID corresponding to the first block chain transaction ID, the specific hash value generated by applying a hash function to the user certificate, In a state where a representative hash value obtained by computing one neighboring hash value or a value obtained by processing the representative hash value is registered in the second block chain database and the second block chain transaction ID corresponding to the value is processed, The user's public key or the user identification information Wherein the authentication server comprises: (i) a first transaction ID corresponding to the public key of the user or the first transaction ID corresponding to the user identification information; (Ii) acquiring a data message from the second block chain database using the second block chain transaction ID corresponding to the user's public key or the user identification information, Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the value obtained by processing the representative hash value or the representative hash value, Referring to the leaf node information, Identifying the user certificate registered in the base site; (b) if the user certificate for the user is verified, the authentication server generates a verification means value, encodes the verification means value using the public key of the user, and transmits the encoded verification means value to the user terminal (I) decrypting the encoded verification means value with the user's private key to obtain the verification means value, (ii) assisting the user terminal to decrypt the encoded verification means value with the private key of the user, To display a mobile identity including an identity to be verified that is an identity for the user corresponding to the user identity; And (c) if the information of the mobile identity is obtained from the authentication requesting terminal, the authentication server obtains the verification means value and the verification target identity from the information of the mobile identity, And verifying whether the mobile ID is valid by comparing the verification means value generated corresponding to the user certificate verification with the verification means value obtained from the mobile ID information, To transmit or transmit the authentication result information for the user according to the validity of the authentication request terminal to the authentication request terminal; And a control unit.
Description
The present invention relates to a method for authenticating a user by using a mobile ID through a block chain database and a merge tree structure interworking with the server, a terminal, and a server using the same. More particularly, And processing a representative hash value or a representative hash value, which is calculated by computing a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matching the specific hash value, When a user authentication request transaction is acquired from a user terminal in response to a user authentication request in a state where a second block chain transaction ID corresponding to the second block chain transaction ID is registered in the second block chain database, The second block chain transaction corresponding to the identification information Acquiring a data message from the second block chain database by using the ID, comparing the representative hash value or the representative hash value included in the data message with the processed value, Information in a first block-chain database, verifies the user certificate registered in the first block-chain database, generates a verification means value when the user certificate for the user is verified, To support the user terminal to decode the encoded verification means value with the user's private key to obtain the verification means value, and the mobile terminal obtains the verification value from the mobile terminal From the information of the ID, Verifies the validity of the mobile ID by comparing the verification means value generated from the mobile ID information with the verification means value generated in correspondence with the user certificate verification using the obtained verification target ID, And transmitting the authentication result information to the authentication requesting terminal according to whether the mobile ID is valid or not, and a terminal and a server using the method.
In general, a mobile ID refers to an identification card in the form of an app on a mobile device instead of an ID card issued by a paper or plastic card, and it is possible to confirm the identity through the presentation of the ID card stored in the mobile device, .
Because they store and use IDs on these mobile devices, they are likely to be lost or stolen. Therefore, personal information leakage or theft should be prevented from being lost or stolen.
However, the conventional mobile ID has a problem that it is vulnerable to copying or tampering because it stores information required for user authentication such as a certificate in a mobile device.
In addition, since the conventional mobile ID always uses the same information for authenticating the user, there is a problem that a third party can easily steal information due to leakage of information or the like.
SUMMARY OF THE INVENTION The present invention has been made to solve all the problems described above.
It is another object of the present invention to provide a method, terminal and server for registering a user certificate in a block chain of virtual money to make it impossible to copy or digitize / modulate the user certificate.
Another object of the present invention is to provide a method, terminal, and server for ensuring security by using a hash function and an encryption technique, and making it impossible for the user certificate to be tampered with.
Another object of the present invention is to provide a method, a terminal and a server that can prevent a problem caused by user information theft by authenticating a user through one-time mobile ID information.
In order to accomplish the above object, a representative structure of the present invention is as follows.
According to an embodiment of the present invention, there is provided a method for authenticating a user using a mobile ID, the method comprising the steps of: (a) receiving a public key of the user, user identification information for identifying the user, And a first block chain transaction ID corresponding to the user certificate is registered in the first block chain database, and a specific hash value generated by applying a hash function to the user certificate, A representative hash value obtained by computing at least one neighboring hash value matched with a hash value or a value obtained by processing the representative hash value is registered in the second block chain database, and in a state of managing the second block chain transaction ID corresponding to the representative hash value , A public key or an upper key of the user from the user terminal in response to the user authentication request When the user authentication request transaction including the user identification information is obtained, the authentication server registers (i) the first block chain database with the public key of the user or the first transaction ID corresponding to the user identification information (Ii) obtain a data message from the second block chain database using the second block chain transaction ID corresponding to the user's public key or the user identification information, and Searches the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the processed value of the representative hash value or the representative hash value included in the message, By referring to the merge tree information and the leaf node information Identifying the user certificate registered in the first block group chain database; (b) if the user certificate for the user is verified, the authentication server generates a verification means value, encodes the generated verification means value using the user's public key, (I) decrypting the encoded verification means value with the user's private key to obtain the verification means value, and (ii) Supporting a display of a mobile identity including a verification means value and a verification subject identity that is an identity for the user corresponding to the verification means value; And (c) if the information of the mobile ID is obtained from the authentication requesting terminal, the authentication server acquires the verification value and the verification target ID from the information of the mobile ID, And verifying means for comparing the verification means value generated in correspondence with the user certificate verification with the verification means value obtained from the mobile ID information to verify the validity of the mobile ID And transmitting or transmitting authentication result information for the user according to whether the mobile ID is validated to the authentication request terminal; Is provided.
According to another aspect of the present invention, there is provided a method of authenticating a user using a mobile ID, the method comprising the steps of: (a) generating and storing a public key of the user and a private key of the user; A user certificate including a user identification information for identifying the user and a user information hash value as a hash value of the user information of the user is registered in the first block chain database and a hash function is applied to the user certificate A representative hash value obtained by computing a specific hash value and at least one neighborhood hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state where the mobile ID corresponding to the certificate is being managed, A user terminal transmits or transmits a user authentication request transaction including the user's public key or the user identification information to an authentication server by (i) causing the authentication server to transmit the public key of the user or (I) identifying the user certificate registered in the block-chain database using the first block-chain transaction ID corresponding to the user identification information, (ii) enabling the authentication server to determine whether the user's public key or the user identification Acquiring a data message from the second block-chain database using the second block-chain transaction ID corresponding to the first block-chain-information, associating the representative hash value or the representative hash value included in the data- Stored in the database Retrieving the merge tree information and leaf node degree from the first block chain database and supporting the user certificate registered in the first block chain database by referring to the retrieved merge tree information and leaf node information; (b) if the user certificate for the user is verified and the authentication server generates a verification means value, encodes the generated verification means value with the user's public key and transmits the encoded verification means value, The terminal decodes the encoded verification means value with the user's private key to obtain the verification means value and includes the verification target value obtained as the verification means value and the verification target value corresponding to the verification means value Displaying a mobile ID; And (c) supporting, by the user terminal, the authentication requesting terminal to acquire the information of the mobile ID and transmit the information to the authentication server through the indicated mobile ID, thereby allowing the authentication server to (i) (Ii) acquiring the verification target value and the verification target ID, and verifying the verification means value generated corresponding to the user certificate verification using the obtained verification target identification, (ii) Comparing the generated verification means value with the verification means value acquired from the mobile ID information to check whether the mobile ID is valid and verifying the authentication result information about the user according to the validity of the mobile ID, Supporting transmission to the terminal; Is provided.
According to another embodiment of the present invention, there is provided a method for authenticating a user using a mobile ID, the method comprising the steps of: (a) inputting user's public key, user identification information for identifying the user, A hash value of the user information, which is a hash value of the first block chain, in the first block chain database, manages the first block chain transaction ID corresponding to the user certificate, A representative hash value obtained by calculating at least one neighboring hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database and the second block chain transaction ID corresponding to the representative hash value is managed The user identification information corresponding to the user authentication request from the service server is < RTI ID = 0.0 > (I) identifying the user certificate registered in the first block chain database using the first block chain transaction ID corresponding to the user identification information, or (ii) Acquires a data message from the second block chain database using the second block chain transaction ID corresponding to the first block chain, and associates the representative hash value or the representative hash value included in the data message with the processed value, 1 block chain database and the leaf node information stored in the first block chain database in the first block chain database and referring to the retrieved merch tree information and leaf node information, ; (b) if the user certificate for the user is verified, the authentication server generates a verification means value, encodes the generated verification means value using the user's public key, (B1) supporting the user terminal to decode the encoded verification means value with the user's private key to obtain the verification means value, or (b2) To decode the encoded verification means value with the user's private key to obtain the verification means value, and to display a mobile identity including the obtained verification means value; And (c) comparing the verification means value of the mobile identity indicated by (b2) with the service web by (c1) the verification means value is obtained from the user terminal by (b1) The authentication server compares the obtained verification means value with the generated verification value to perform authentication on the user, and transmits the authentication result information To the service server; Is provided.
According to another aspect of the present invention, there is provided a method of authenticating a user using a mobile ID, the method comprising the steps of: (a) generating and storing a public key of the user and a private key of the user; A user certificate including a user identification information for identifying the user and a user information hash value as a hash value of the user information of the user is registered in the first block chain database and a hash function is applied to the user certificate A representative hash value obtained by computing a specific hash value and at least one neighborhood hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state in which the mobile ID corresponding to the certificate is managed, A verification means value encoded with the public key of the user from the authentication server, wherein the verification means value comprises: (i) using the first block chain transaction ID corresponding to the user identification information according to the user authentication request obtained from the service server, (Ii) identifying the user certificate registered in the first block chain database by using the second block chain transaction ID corresponding to the user identification information according to the user authentication request obtained from the service server, Acquiring a data message from the database, comparing the representative node hash value or the representative hash value included in the data message with the merge tree information and the leaf node degree stored in the first block chain database, , And the retrieved Merck < RTI ID = 0.0 > Information with reference to leaf node information to determine the first block in which the user certificate registered in the chain database, and if the user certificate for the user identification, the authentication server will generate - obtaining a; (b) the user terminal decodes the encoded verification means value with the user's private key to obtain the verification means value; and (b1) transmitting the obtained verification means value to the authentication server, Compares the verification means value received from the user terminal with the verification means value used to encode the user's public key to support authentication of the user and transmits the authentication result information to the service server (b2) displaying a mobile ID including the obtained verification means value, and allowing the user to input the verification means value of the indicated mobile ID through the service web, so that the service server To send the means value to the authentication server, And comparing the verification means value received from the service server with the generated verification means value to perform authentication for the user. Supporting the transmitted authentication result information to the service server; Is provided.
According to another aspect of the present invention, there is provided an authentication server for authenticating a user using a mobile ID, the authentication server comprising: a public key of the user; user identification information for identifying the user; And a first block chain transaction ID corresponding to the user certificate is registered in the first block chain database, and a specific hash value generated by applying a hash function to the user certificate, A representative hash value obtained by computing at least one neighboring hash value matched with a hash value or a value obtained by processing the representative hash value is registered in the second block chain database, and in a state of managing the second block chain transaction ID corresponding to the representative hash value , The user's public key from the user terminal in response to the user authentication request A communication unit for acquiring a user authentication request transaction including the user identification information; And (i) verifying the user's certificate registered in the first block chain database using the public key of the user or the first transaction ID corresponding to the user identification information of the acquired user authentication request transaction, (ii) obtaining a data message from the second block chain database using the public key of the user or the second block chain transaction ID corresponding to the user identification information, and wherein the representative hash value or Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the value obtained by processing the representative hash value and referring to the retrieved merge tree information and leaf node information To the first block chain database Generating a verification means value when the user certificate for the user is verified; encoding the generated verification means value using the user's public key; and comparing the encoded verification means value (I) decrypting the encoded verification means value with the user's private key to obtain the verification means value, and (ii) A process for supporting a display of a mobile ID including a verification means value and a verification target ID that is an identification for the user corresponding to the verification means value; and when the information of the mobile ID is acquired from the authentication request terminal, From the information of the verification target value and the verification target value Acquiring a verification value corresponding to the verification of the user certificate by using the acquired verification ID, verifying the verification value generated in response to the verification of the user certificate, A verification unit for verifying whether or not the mobile ID is valid and for transmitting authentication result information for the user according to whether the mobile ID is validated to the authentication request terminal, ; Is provided.
According to another aspect of the present invention, there is provided a user terminal for authenticating a user using a mobile ID, the user terminal generating and storing the public key of the user and the private key of the user, A user certificate including a user identification information for identifying a user and a user information hash value as a hash value of the user information of the user is registered in the first block chain database and a hash function is applied to the user certificate A representative hash value obtained by calculating one hash value and at least one neighbor hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state where the corresponding mobile ID is managed, (I) the authentication server transmits the user authentication request transaction including the public key of the user or the user authentication request transaction to the authentication server, (Ii) the authentication server is configured to determine whether the public key or the user identification information is included in the public key or the user identification information of the user Obtains a data message from the second block chain database using the corresponding second block chain transaction ID, and transmits the data message to the first block chain database in association with the representative hash value or the representative hash value included in the data message Merck stored Information and leaf nodes in the first block chain database and supporting the user certificate to be registered in the first block chain database by referring to the retrieved merge tree information and leaf node information, Wherein the user certificate is verified and the authentication server generates a verification means value and encodes the generated verification means value with the user's public key and transmits the encoded verification means value, Performing a process of displaying a mobile ID including a verification target value which is an identification of the user corresponding to the verification means value and the verification means value obtained by decoding with the private key of the user, A processor; And (i) supporting the authentication requesting terminal to acquire the information of the mobile ID and transmit it to the authentication server through the indicated mobile ID, thereby enabling the authentication server to (i) extract the verification value from the information of the mobile ID, Identifies the verification means value generated corresponding to the user certificate verification using the obtained verification target ID, (ii) verifies the verification means value generated corresponding to the user certificate verification, A communication unit for verifying the validity of the mobile ID by comparing the verification means value obtained from the ID information and for transmitting the authentication result information for the user according to whether the mobile ID is validated to the authentication request terminal; A user terminal is provided.
According to another embodiment of the present invention, there is provided an authentication server for authenticating a user using a mobile ID, the authentication server comprising: a public key of the user; user identification information for identifying the user; And a first block chain transaction ID corresponding to the user certificate is registered in the first block chain database, and a specific hash value generated by applying a hash function to the user certificate, A representative hash value obtained by computing at least one neighboring hash value matched with a hash value or a value obtained by processing the representative hash value is registered in the second block chain database, and in a state of managing the second block chain transaction ID corresponding to the representative hash value , The user identification information corresponding to the user authentication request from the service server Obtaining communication unit; And (i) identifying the user certificate registered in the first block chain database using the first block chain transaction ID corresponding to the user identification information, or (ii) Acquiring a data message from the second block chain database using a block chain transaction ID and storing the representative hash value or the representative hash value included in the data message in the first block chain database A step of searching the first block chain database for the merge tree information and the leaf node information and checking the user certificate registered in the first block chain database with reference to the retrieved merge tree information and leaf node information; If the user certificate for the user is verified, Generating a verification means value, encoding the generated verification means value using the public key of the user, and transmitting or transmitting the encoded verification means value to the user terminal, and (b1) (B2) decodes the encoded verification means value with the private key of the user, and outputs the verification means value to the verification means (C1) the verification means value is obtained from the user terminal by (b1), (c2) the verification means value is obtained from the user terminal by (b1) The verification means of the mobile ID indicated by (b2) is transmitted to the user via the service web When the verification means value is obtained from the service server, performs authentication for the user by comparing the obtained verification means value with the generated verification means value, and transmits the performed authentication result information to the service server A processor for performing a process for supporting the transmission or the transmission of data; Is provided.
According to another aspect of the present invention, there is provided a user terminal for authenticating a user using a mobile ID, the user terminal generating and storing the public key of the user and the private key of the user, A user certificate including a user identification information for identifying a user and a user information hash value as a hash value of the user information of the user is registered in the first block chain database and a hash function is applied to the user certificate A representative hash value obtained by calculating one hash value and at least one neighbor hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state where the corresponding mobile ID is being managed, (I) a first block chain transaction ID corresponding to the user identification information according to a user authentication request obtained from the service server, (Ii) a second block-chain transaction ID corresponding to the user identification information in response to a user authentication request obtained from the service server, from the second block chain database The first block chain database and the second block chain database, the first block chain database and the second block chain database, , And the retrieved muckle tree information and Refer to the program information to determine the node the user certificate registered in the first block chain, and the database, and if the user certificate for the user identification, the authentication server will create-communication to obtain a; And decrypting the encoded verification means value with the user's private key to obtain the verification means value; and (b1) transmitting the obtained verification means value to an authentication server, Comparing the verification means value with the verification means value used to encode the user's public key to perform authentication for the user and to support the transmitted authentication result information to the service server; (b2) And the verification means of the displayed mobile ID is input by the user through the service web so that the service server inputs the verification means value to the authentication server So that the authentication server can be provided to the service server It compares the generated value and the verifying means verifying means value emitter receives and performs authentication for the user. And to transmit the performed authentication result information to the service server; A user terminal is provided.
In addition, a computer readable recording medium for recording a computer program for executing the method of the present invention is further provided.
The present invention has the following effects.
The present invention can register a user certificate in a block chain of virtual money to make it impossible to copy or up / modulate.
In addition, the present invention can secure the security of the user certificate using the hash function and the encryption technique, and make it impossible to up / modulate the user certificate.
In addition, the present invention allows a user to be authenticated through one-time mobile ID information, thereby preventing problems caused by user information theft.
FIG. 1 schematically illustrates a system for authenticating a user using a mobile ID according to an embodiment of the present invention,
2 schematically illustrates a method of issuing a mobile ID in a method of authenticating a user using a mobile ID according to an embodiment of the present invention,
3 and 4 schematically illustrate a process of anchoring a transaction related to a mobile ID to a second block chain database according to an embodiment of the present invention,
5 illustrates an example of a mobile ID issued in a method of authenticating a user using a mobile ID according to an embodiment of the present invention,
6 schematically shows a method of authenticating a user using a mobile ID according to an embodiment of the present invention,
7 schematically shows a system for authenticating a user using a mobile ID according to another embodiment of the present invention,
FIG. 8 is a schematic view illustrating a method of authenticating a user using a mobile ID according to another embodiment of the present invention,
9 schematically shows a modification of a method for authenticating a user using a mobile ID according to another embodiment of the present invention.
The following detailed description of the invention refers to the accompanying drawings, which illustrate, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different, but need not be mutually exclusive. For example, certain features, structures, and characteristics described herein may be implemented in other embodiments without departing from the spirit and scope of the invention in connection with an embodiment. It is also to be understood that the position or arrangement of the individual components within each disclosed embodiment may be varied without departing from the spirit and scope of the invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is to be limited only by the appended claims, along with the full scope of equivalents to which such claims are entitled, if properly explained. In the drawings, like reference numerals refer to the same or similar functions throughout the several views.
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, so that those skilled in the art can easily carry out the present invention.
FIG. 1 schematically illustrates a system for authenticating a user using a mobile ID according to an embodiment of the present invention. The system includes a
The
The
The
Specifically, the
The
The
A method for authenticating a user using a mobile ID according to an exemplary embodiment of the present invention will now be described with reference to FIG.
First, a method of issuing a mobile ID in a method of authenticating a user using a mobile ID according to an embodiment of the present invention will be described with reference to FIG.
In a state in which the user is connected to the
Then, when the user inputs the mobile ID information and requests the issuance of the mobile ID, the
Then, the
When the user is confirmed, the
Then, the
Then, the
Then, the
For example, the
Then, when the triggering condition for anchoring and registering a predetermined hash value in a second block chain database such as public block chain data is satisfied, the
The
At this time, the
In other words, the
More specifically, (x1) the
The
On the other hand, when the
In particular, if the first data structure and the second data structure are merc trees as in the above example, the root value of the first data structure or the hash value of the root value may be assigned to the first leaf node of the second data structure .
In addition, when the second data structure is created, verification of the first data structure is performed, so that data integrity can be further guaranteed. Verification of the second data structure will be described later.
In addition, in the case of the first one of the at least one merch tree connected in a chain form, the first leaf node of the first merch tree may be assigned a hash value or a processed value of predetermined message data composed of text, numbers, or symbols have. For example, a hash value of an input message initially assigned by the
Figures 3 and 4 illustrate an example of a merge tree generated in accordance with an embodiment of the present invention.
FIG. 3 shows a merge tree having four leaf nodes. Since the illustrated merge tree is the first merge tree (tree_id = 0), it can be seen that a hash value (sha256 (coinplug_unique_message)) of a predetermined message data is assigned to the first leaf node h0. If there is a registration request (i.e., a write request related to the mobile ID) for the record data, the
On the other hand, the above-mentioned predetermined condition is a condition that (i) a transaction related to the mobile ID is generated by a predetermined number, (ii) a condition that a predetermined time elapses (for example, (Iii) a condition for generating a block in the first block chain database, and (iv) a condition for a service characteristic.
On the other hand, for example, if a plurality of certificate registrations or mobile ID related transactions are acquired for the leaf nodes of the merge tree, a merge tree is generated, the root value of the merge tree is registered in the second
Also, the
In this case, although a predetermined time has elapsed, a value may not be assigned to a sibling node of a node to which a particular hash value of the merge tree is assigned. If a hash value is not assigned to a sibling node of a node to which a specific hash value is allocated even though a predetermined condition is satisfied, the
The service characteristics include the cost information provided by the issuer that issued the transaction related to the mobile ID, the time zone information in which the mobile ID related transaction registration is registered, the area information in which the mobile ID related transaction registration service is performed, May be at least a part of the company type information. However, the present invention is not limited to the one described here, but includes various condition information in which a generally accepted differential service can be provided.
On the other hand, when a new merge tree generation is started and a predetermined condition is satisfied in a state where there is no mobile ID related transaction, the
Meanwhile, as described above, the
4 is a diagram illustrating a merge tree generated as a second data structure according to an embodiment of the present invention.
Referring to FIG. 4, it can be seen that the root value (hex (h0123)) of the merge tree (tree_id = 0) of FIG. 3 is assigned to the first leaf node (h4 node) of the new merge tree (sha256 (input4)). The present invention has an advantage of improving data integrity by enabling easy tracking even when data is modulated in the middle by connecting a plurality of data structures generated at the time of occurrence of a transaction.
In response to the user's certificate creation, the
5, the mobile ID can be used in a mobile device, which is a
The mobile
In addition, the mobile
Referring to FIG. 6, a method for authenticating a user using a mobile ID according to an embodiment of the present invention in a state where a mobile ID is issued by the above method will be described.
The user certificate including the public key of the user, the user identification information, and the user information hash value, which is a hash value of the user information, is registered in the first block chain database and the corresponding first block chain transaction ID A representative hash value or a representative hash value obtained by computing at least one neighborhood hash value matching the specific hash value and a specific hash value generated by applying a hash function to the user certificate is processed in a second block chain database (100) storing a user's private key and a public key to request a user authentication using a mobile ID in a state in which the second block chain transaction ID is registered in the first block chain (S200), the
Then, the
Alternatively, the
At this time, the
The
Thereafter, the
Then, the
First, when the
Then, the
In this state, when the user presents a mobile ID for user authentication, the
At this time, the mobile ID information may include at least one of bar code, QR code, and NFC tag information, and the
Then, the
At this time, the
Also, when the time stamp is used as the verification means value, the
In response to the authentication result information received from the
Second, when the
Then, the
In this state, when the user presents a mobile ID for user authentication, the
Then, the
Also, when the time stamp is used as the verification means value, the
In response to the authentication result information received from the
7 schematically shows a system for authenticating a user using a mobile ID according to another embodiment of the present invention. The system includes a
The
The
The
Specifically, the
The
The
A method of authenticating a user using a mobile ID according to another embodiment of the present invention through the thus configured system will be described with reference to FIG.
The user certificate including the public key of the user, the user identification information, and the user information hash value, which is a hash value of the user information, is registered in the first block chain database and the corresponding first block chain transaction ID A value obtained by processing a representative hash value or a representative hash value obtained by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matching the specific hash value, In step S300, when the user registers the user ID information of the user to authenticate the user on the service web such as the Internet web page in the state where the second block chain transaction ID is registered and registered in the
Then, the
When the user certificate for the user is confirmed, a verification means value corresponding to the user is generated (S303). At this time, the verification means value may include a nonce, an OTP (one time password), a time stamp, and the like.
Thereafter, the
Then, the
Then, the
Then, the
In addition, when using the time stamp as the verification means value, the
The
A modification of the method for authenticating a user using a mobile ID according to another embodiment of the present invention through the system configured as in FIG. 7 will be described with reference to FIG.
The user certificate including the public key of the user, the user identification information, and the user information hash value, which is a hash value of the user information, is registered in the first block chain database and the corresponding first block chain transaction ID A representative hash value or a representative hash value obtained by computing at least one neighborhood hash value matching the specific hash value and a specific hash value generated by applying a hash function to the user certificate is processed in a second block chain database When the user inputs the user identification information of the user in order to perform the user authentication in the service web such as the Internet web page in the state of registering the second block chain transaction ID corresponding to the second block chain transaction ID in step S400, The
Then, the
When the user certificate for the user is confirmed, a verification means value corresponding to the user is generated (S403). At this time, the verification means value may include a nonce, an OTP (one time password), a time stamp, and the like.
Thereafter, the
The
Then, the
Thereafter, when the user inputs a verification means value displayed through the
Then, the
Also, when the time stamp is used as the value of the verification means, the
The
In addition, the embodiments of the present invention described above can be implemented in the form of program instructions that can be executed through various computer components and recorded in a computer-readable recording medium. The computer-readable recording medium may include program commands, data files, data structures, and the like, alone or in combination. The program instructions recorded on the computer-readable recording medium may be those specially designed and constructed for the present invention or may be those known and used by those skilled in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules for performing the processing according to the present invention, and vice versa.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, Those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims.
Therefore, the spirit of the present invention should not be construed as being limited to the above-described embodiments, and all of the equivalents or equivalents of the claims, as well as the following claims, I will say.
100: user terminal,
110: authentication request terminal,
111: service server,
200: authentication server,
210:
220: processor,
300: second block chain database
Claims (28)
(a) a user certificate including a public key of the user, user identification information for identifying the user, and a user information hash value, the user information hash value being a hash value of the user information of the user, A first block chain ID corresponding to the first hash value and a second block hash value corresponding to the first hash value, A hash value or a value obtained by processing the representative hash value in a second block chain database and managing a second block chain transaction ID corresponding to the second block chain transaction ID from the user terminal in response to the user authentication request, Or a user authentication request transaction including the user identification information The authentication server confirms (i) the user's certificate registered in the first block chain database using the public key of the user or the first block chain transaction ID corresponding to the user identification information, (ii) obtaining a data message from the second block chain database using the public key of the user or the second block chain transaction ID corresponding to the user identification information, and wherein the representative hash value or Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the value obtained by processing the representative hash value and referring to the retrieved merge tree information and leaf node information And a second block chain database Steps to verify the certificate;
(b) if the user certificate for the user is verified, the authentication server generates a verification means value, encodes the generated verification means value using the user's public key, (I) decrypting the encoded verification means value with the user's private key to obtain the verification means value, and (ii) Supporting a display of a mobile identity including a verification means value and a verification subject identity that is an identity for the user corresponding to the verification means value; And
(c) if the information of the mobile ID is obtained from the authentication requesting terminal, the authentication server obtains the verification value and the verification target ID from the information of the mobile ID, and uses the obtained verification target ID And verifying means for comparing the verification means value generated in correspondence with the user certificate verification with the verification means value obtained from the mobile ID information to determine whether the mobile ID is valid And transmitting or transmitting the authentication result information for the user according to whether the mobile ID is validated to the authentication request terminal;
≪ / RTI >
Before the step (a)
(a01) When a mobile ID issuance application transaction including at least user information is obtained from the user terminal, the authentication server confirms the user using the user information, and requests or requests a certificate registration with the user terminal Supporting step;
(a02) If the public key of the user and the user identification information are obtained from the user terminal in response to the certificate registration request, the authentication server obtains the public key, the user identification information, and the user information hash value Registering a user certificate including the first block chain in the first block chain database, managing a first block-chain transaction ID therefor, and issuing or issuing the mobile ID to the user terminal; And
(a03) If the predetermined condition is satisfied, the authentication server calculates a representative hash value by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Registering a value obtained by processing the representative hash value in a second block chain database and managing a second block chain transaction ID corresponding to the value;
≪ / RTI >
In the step (a03)
The predetermined condition is that,
(i) a condition in which a transaction related to the mobile ID is generated by a predetermined number, (ii) a condition that a predetermined time has elapsed to generate a new merge tree after generation of the merge tree, (iii) A condition to be generated, and (iv) a condition for a service characteristic.
In the step (a03)
Wherein the authentication server supports to generate or generate a merkle tree in which the particular hash value is assigned to a leaf node,
A value obtained by processing the representative hash value or the hash value generated by calculating a hash value assigned to at least one other leaf node matching the specific hash value, To be registered or registered.
If the merge tree is a first tree among at least one merge tree connected in a chain form, the first leaf node of the merge tree is assigned a hash value or a processed value of predetermined message data composed of text, numbers or symbols Lt; / RTI >
If the predetermined condition is satisfied,
(x1) the authentication server is configured to (i) calculate or calculate a hash value assigned to the sibling node of the node to which the specific hash value is assigned, and (ii) And (ii) assigning or assigning a hash value of a computed value of a hash value assigned to a sibling node of the node to which the specific hash value is allocated, to a parent node of the node,
(x2) if the parent node is the root node of the merge tree, support to register or register the hash value assigned to the parent node as the representative hash value in the second block chain database,
(x3) If the parent node is not the root node of the merge tree, the step (x1) to (x2) are repeated by using the hash value assigned to the parent node as the specific hash value.
At (x1)
If the hash value is not assigned to the sibling node of the node to which the specific hash value is assigned even though the predetermined condition is satisfied, the authentication server supports to assign or assign a predetermined hash value to the sibling node, x1) to (x3). < / RTI >
When the authentication server stores the specific hash value and the at least one neighbor hash value in a predetermined first data structure and then stores and manages a second data structure of the same type as the first data structure, 1 data structure and the second data structure are connected in a chain form.
Wherein a root value of the first data structure or a hash value of the root value is assigned to a first leaf node of the second data structure if the first data structure and the second data structure are merc trees. .
Wherein the verification means comprises a nonce or timestamp,
Wherein the verification target ID includes a public key of the user or the user information hash value obtained from the user certificate.
If the verification means value is the time stamp,
The authentication server includes:
A second time at which the verification value for the mobile ID is obtained from the authentication request terminal at a first time when the verification means value is supported or transmitted to the user terminal in the step (b) When the time interval between the first authentication and the second authentication is equal to or greater than the set value, the authentication is determined to have failed.
Wherein the user identification information is at least one of a push token, a user ID, a resident registration number, a user terminal ID, an IP address of the user terminal, and a telephone number, Way.
The mobile ID includes:
The image information of the user, and the display information of each ID card.
The authentication request terminal,
A computing device for acquiring a signal of a reader for acquiring the mobile ID information from the mobile ID displayed through the user terminal or a computing device for acquiring the mobile ID information through communication with the user terminal, How to.
(a) generating and storing the public key of the user and the private key of the user, storing the public key of the user, the user identification information for identifying the user, and the hash value of the user information of the user, A user certificate including a hash value is registered in a first block chain database, a representative hash value generated by applying a hash function to the user certificate, and at least one neighbor hash value matched with the specific hash value, A hash value or a value obtained by processing the representative hash value is registered in the second block chain database, and when a user authentication request signal is input in a state of managing the mobile ID corresponding to the registered user certificate, , The public key of the user or the user identification information (I) using the first block-chain transaction ID corresponding to the user's public key or the user identification information to allow the authentication server to send the user authentication request transaction to the authentication server, Or (ii) the authentication server obtains the public key from the second block chain database using the second block chain transaction ID corresponding to the user's public key or the user identification information The first block chain database and the second block chain database, the first block chain database and the second block chain database, , And the retrieved muffle Lee information and further comprising: reference to leaf node information to support the user to check the certificates registered in the first block chain database;
(b) if the user certificate for the user is verified and the authentication server generates a verification means value, encodes the generated verification means value with the user's public key and transmits the encoded verification means value, The terminal decodes the encoded verification means value with the user's private key to obtain the verification means value and includes the verification target value obtained as the verification means value and the verification target value corresponding to the verification means value Displaying a mobile ID; And
(c) supporting, by the user terminal, the authentication requesting terminal to acquire the information of the mobile ID and transmit the information to the authentication server through the indicated mobile ID, thereby allowing the authentication server to (i) (Ii) acquiring the verification target value and the verification target ID, (ii) verifying the verification target value generated corresponding to the user certificate verification using the obtained verification target identification, (ii) A verification means for comparing the verification value with a verification means value obtained from the mobile ID information to verify whether the mobile ID is validated and for verifying authentication result information for the user according to the validity of the mobile ID, To transmit to the base station;
≪ / RTI >
Before the step (a)
(a01) supporting the user terminal to transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server; And
(a02) If a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuing application transaction, the user terminal generates the public key of the user and the private key of the user using the user authentication key, Public key and the user identification information to the authentication server so as to allow the authentication server to transmit a user certificate including the public key of the user, the user identification information, and the user information hash value to the first A first block chain transaction ID indicating the location information on the first block chain database of the user certificate registered in the first block chain database and managing the first block chain transaction ID to issue the mobile ID to the user terminal, To support .;
≪ / RTI >
(a) registering, in a first block chain database, a user certificate including a public key of the user, user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, A representative hash value obtained by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Is registered in the second block chain database and the second block chain transaction ID corresponding to the second block chain transaction ID is managed, if the user identification information corresponding to the user authentication request is obtained from the service server, (i) associating the first block chain transaction ID corresponding to the user identification information with (Ii) obtaining a data message from the second block-chain database using the second block-chain transaction ID corresponding to the user identification information, Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the processed value of the representative hash value or the representative hash value included in the data message, Checking the user certificate registered in the first block chain database with reference to the retrieved merge tree information and leaf node information;
(b) if the user certificate for the user is verified, the authentication server generates a verification means value, encodes the generated verification means value using the user's public key, (B1) supporting the user terminal to decode the encoded verification means value with the user's private key to obtain the verification means value, or (b2) Decrypting the encoded verification means value with the user's private key to obtain the verification means value and then supporting to display the mobile identity including the obtained verification means value; And
(c2) the verification means value of the mobile ID indicated by (b2) is transmitted to the user via the service web (c1) When the verification means obtains the verification value from the service server, the authentication server performs authentication on the user by comparing the obtained verification value and the generated verification value, Supporting the transmission or transmission to the service server;
≪ / RTI >
Before the step (a)
(a01) If a mobile ID issuance application transaction including at least the user information is obtained from the user terminal, the authentication server confirms the user using the user information, requests a certificate registration to the user terminal, ;
(a02) If the public key of the user and the user identification information are obtained from the user terminal in response to the certificate registration request, the authentication server obtains the public key, the user identification information, and the user information hash value And a second block chain database for managing the first block chain transaction ID indicating location information on the first block chain database of the user certificate registered in the first block chain database And issuing or issuing the mobile ID to the user terminal; And
(a03) If the predetermined condition is satisfied, the authentication server calculates a representative hash value by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Registering a value obtained by processing the representative hash value in a second block chain database and managing a second block chain transaction ID corresponding to the value;
≪ / RTI >
(a) generating and storing the public key of the user and the private key of the user, storing the public key of the user, the user identification information for identifying the user, and the hash value of the user information of the user, A user certificate including a hash value is registered in a first block chain database, a representative hash value generated by applying a hash function to the user certificate, and at least one neighbor hash value matched with the specific hash value, A hash value or a value obtained by processing the representative hash value is registered in a second block chain database, and in a state where the mobile ID corresponding to the registered user certificate is managed, A verification means value encoded with a public key, said verification means value comprising: (i) (Ii) checking the user certificate registered in the first block chain database using a first block-chain transaction ID corresponding to the user identification information obtained from the user, Acquiring a data message from the second block chain database using a second block-chain transaction ID corresponding to the user identification information according to an authentication request, and associating the representative hash value or the representative hash value included in the data message And searches the first block chain database for the merch tree information and the leaf node information stored in the first block chain database, and registers the merch tree information and leaf node information registered in the first block chain database with reference to the retrieved merch tree information and leaf node information The user certificate OK, and when the user certificate for the user identification, the authentication server will generate - obtaining a;
(b) the user terminal decodes the encoded verification means value with the user's private key to obtain the verification means value; and (b1) transmitting the obtained verification means value to the authentication server, Compares the verification means value received from the user terminal with the verification means value used to encode the user's public key to support authentication of the user and transmits the authentication result information to the service server (b2) displaying a mobile ID including the obtained verification means value, and allowing the user to input the verification means value of the indicated mobile ID through the service web, so that the service server To send the means value to the authentication server, And comparing the verification means value received from the service server with the generated verification means value to perform authentication for the user. Supporting the transmitted authentication result information to the service server;
≪ / RTI >
Before the step (a)
(a01) supporting the user terminal to transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server; And
(a02) If a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuing application transaction, the user terminal generates the public key of the user and the private key of the user using the user authentication key, Public key and the user identification information to the authentication server so as to allow the authentication server to transmit a user certificate including the public key of the user, the user identification information, and the user information hash value to the first A first block chain transaction ID indicating the location information on the first block chain database of the user certificate registered in the first block chain database and managing the first block chain transaction ID to issue the mobile ID to the user terminal, To support .;
≪ / RTI >
A user certificate including a public key of the user, user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, is registered in the first block chain database, A representative hash value or a representative hash value obtained by computing a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Value in the second block chain database and manages the second block chain transaction ID corresponding to the second block chain transaction ID from the user terminal in response to the user authentication request, the public key of the user or the user authentication information including the user identification information A communication unit for acquiring a request transaction; And
(I) verifying the user's certificate registered in the first block chain database using the public key of the user or the first block chain transaction ID corresponding to the user identification information of the obtained user authentication request transaction (ii) obtaining a data message from the second block chain database using the public key of the user or the second block chain transaction ID corresponding to the user identification information, and wherein the representative hash value Or the leaf node information stored in the first block chain database in association with a value obtained by processing the representative hash value, in the first block chain database, and extracts the retrieved merge tree information and leaf node information To the first block chain database Generating a verification means value when the user certificate for the user is verified; encoding the generated verification means value using the user's public key; (I) decrypting the encoded verification means value with the user's private key to obtain the verification means value, and (ii) acquiring And a verification process step of, when information on the mobile identity is acquired from the authentication requesting terminal, determining whether the verification result is valid or not, From the information of the mobile ID, And verifying means for verifying the verification means value generated corresponding to the user certificate verification using the obtained verification target identification, and comparing the verification means value generated corresponding to the user certificate verification and the mobile identification information A process of confirming whether the mobile ID is valid by comparing the obtained verification means value and supporting the transmission or transmission of authentication result information about the user according to whether the mobile ID is validated to the authentication request terminal Processor; And an authentication server for authenticating the authentication server.
The processor comprising:
A process of confirming the user using the user information and requesting or requesting a certificate registration to the user terminal when a mobile ID issuance application transaction including at least user information is obtained from the user terminal, When the public key of the user and the user identification information are acquired from the user terminal in response to the first block chain database and the user identification information, the user certificate including the user's public key, the user identification information, A process of managing a first block-chain transaction ID for the mobile terminal, a process of issuing or issuing the mobile ID to the user terminal, and a process of applying a hash function to the user certificate One hash value And a value obtained by processing the representative hash value or the processed value of the representative hash value in the second block chain database and managing the corresponding second block chain transaction ID Wherein the authentication server further performs the authentication process.
And generating and storing the public key of the user and the private key of the user and storing the public key, the user identification information for identifying the user, and the user information hash value, which is a hash value for the user information of the user, A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A value obtained by processing the representative hash value is registered in the second block chain database, and when a user authentication request signal is input in a state of managing the mobile ID corresponding to the registered user certificate, Or a user authentication request including the user identification information (I) causing the authentication server to send a transaction to the first block chain database using the public key of the user or the first block chain transaction ID corresponding to the user identification information Or (ii) the authentication server receives a data message from the second block chain database using a second block chain transaction ID corresponding to the user's public key or the user identification information, And searches the first block chain database for the merge tree information and leaf node degree stored in the first block chain database in association with the representative hash value or the representative hash value included in the data message, The retrieved muckle tree information and leaf And a process of supporting the user to verify the user certificate registered in the first block chain database by referring to the first block chain database and the user certificate for the user is confirmed and the authentication server generates a verification means value, Means for decrypting the encoded verification means value with the private key of the user to obtain the verification means value, and if the verification means value obtained is the same as the verification means value, A processor for performing a process of displaying a mobile ID including a verification target ID that is an identification for the user corresponding to a verification means value; And
Wherein the authentication requesting terminal obtains information of the mobile ID through the mobile ID and transmits the information to the authentication server so as to allow the authentication server to determine (i) the verification value from the information of the mobile ID, (Ii) verifying means for verifying the value of the verification means generated in correspondence with the user certificate verification using the obtained verification target identification, and (ii) A communication unit for verifying the validity of the mobile ID by comparing the verification means value obtained from the information and supporting authentication result information for the user according to whether the mobile ID is validated to the authentication request terminal;
And a user terminal.
Wherein,
To transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server,
The processor comprising:
Generating a public key of the user and a private key of the user using the user authentication key when the certificate registration request signal is obtained from the authentication server in response to the mobile ID issue application transaction, And registers the user certificate including the public key of the user, the user identification information, and the user information hash value in the first block chain database by supporting the authentication server to transmit or transmit the authentication information to the authentication server, Managing a first block chain transaction ID indicating location information on the first block chain database of the user certificate registered in the first block chain database and issuing the mobile ID to the user terminal. He said.
A user certificate including a public key of the user, user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, is registered in the first block chain database, A representative hash value or a representative hash value obtained by computing a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, In a second block chain database and managing a second block chain transaction ID corresponding to the second block chain transaction ID, a communication unit for obtaining the user identification information corresponding to the user authentication request from the service server; And
(i) identifying the user certificate registered in the first block chain database using the first block chain transaction ID corresponding to the user identification information, or (ii) Acquiring a data message from the second block chain database using a chain transaction ID and storing the representative hash value or the representative hash value included in the data message in the first block chain database Searching the first block chain database for the merge tree information and the leaf node information and checking the user certificate registered in the first block chain database with reference to the retrieved merge tree information and leaf node information, If the user certificate is confirmed for Encrypting the generated verification means value using the public key of the user and supporting the encoded verification means value to transmit or transmit the verification means value to the user terminal, and (b1) (B2) decrypting the encoded verification means value with the private key of the user to obtain the verification means value < RTI ID = 0.0 > (C1) the verification means value is obtained from the user terminal by (b1), (c2) the verification means value is obtained from the user terminal, (b2) inputs the verification means value of the indicated mobile identity via the service web by the user The verification means value is obtained from the service server, and the verification means value obtained is compared with the verification means value to authenticate the user, and the performed authentication result information is transmitted to the service server A processor for performing a process for supporting transmission;
And an authentication server for authenticating the authentication server.
The processor comprising:
A process of confirming the user using the user information and requesting or requesting a certificate registration to the user terminal when a mobile ID issuance application transaction including at least the user information is obtained from the user terminal, When the user's public key and the user identification information are obtained from the user terminal in response to the request, the user certificate including the public key of the user, the user identification information, The mobile terminal managing the first block chain transaction ID indicating location information on the first block chain database of the user certificate registered in the first block chain database, And generating a hash value by applying a hash function to the user certificate and a representative hash value obtained by calculating at least one neighbor hash value matching the specific hash value, Further comprising: registering a value obtained by processing the representative hash value in a second block chain database and managing a second block chain transaction ID corresponding to the value.
And generating and storing the public key of the user and the private key of the user and storing the public key, the user identification information for identifying the user, and the user information hash value, which is a hash value for the user information of the user, A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A value obtained by processing the representative hash value is registered in the second block chain database, and in a state in which the mobile ID corresponding to the registered user certificate is managed, a verification means value - the verification means value is (i) obtained from a service server (Ii) checking the user certificate registered in the first block chain database using the first block chain transaction ID corresponding to the user identification information according to the user authentication request, or (ii) Acquires a data message from the second block chain database using a second block chain transaction ID corresponding to the user identification information according to the first block chain database, The method of claim 1, further comprising: searching, in the first block chain database, the merch tree information and leaf node information stored in the one block chain database, referring to the retrieved merch tree information and the leaf node information, , And After confirmation by the user certificate for the user, the authentication server will create-communication to obtain a; And
(B1) transmitting the obtained verification means value to an authentication server by decoding the encoded verification means value with the private key of the user to obtain the verification means value, (B2) performing authentication for the user by comparing the verification means value and the verification means value used for encoding with the public key of the user, and transmitting the authentication result information to the service server; (b2) Means for displaying the mobile ID including the value of the means for allowing the user to input the verification means value of the displayed mobile ID through the service web so that the service server transmits the verification means value to the authentication server So as to allow the authentication server to access the service server And performs authentication for the user by comparing the verification means value received with the generated verification means value. And to transmit the performed authentication result information to the service server;
And a user terminal.
Wherein,
To transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server,
The processor comprising:
Generating a public key of the user and a private key of the user using the user authentication key when the certificate registration request signal is obtained from the authentication server in response to the mobile ID issue application transaction, And registers the user certificate including the public key of the user, the user identification information, and the user information hash value in the first block chain database by supporting the authentication server to transmit or transmit the authentication information to the authentication server, Managing a first block chain transaction ID indicating location information on the first block chain database of the user certificate registered in the first block chain database and issuing the mobile ID to the user terminal. He said.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160183930A KR101858653B1 (en) | 2016-12-30 | 2016-12-30 | Method for certifying a user by using mobile id through blockchain database and merkle tree structure related thereto, and terminal and server using the same |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160183930A KR101858653B1 (en) | 2016-12-30 | 2016-12-30 | Method for certifying a user by using mobile id through blockchain database and merkle tree structure related thereto, and terminal and server using the same |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101858653B1 true KR101858653B1 (en) | 2018-06-28 |
Family
ID=62780135
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020160183930A KR101858653B1 (en) | 2016-12-30 | 2016-12-30 | Method for certifying a user by using mobile id through blockchain database and merkle tree structure related thereto, and terminal and server using the same |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101858653B1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111047439A (en) * | 2018-10-12 | 2020-04-21 | 北京邦天信息技术有限公司 | Transaction processing method based on block chain |
KR20200057985A (en) | 2018-11-19 | 2020-05-27 | 주식회사 비즈블록스 | A solution that combines hybrid block chains with enterprise-grade hadware key archival systems |
CN111861484A (en) * | 2019-04-24 | 2020-10-30 | 国际信任机器股份有限公司 | Verification system and method suitable for cooperation between block chain and downlink |
CN113243093A (en) * | 2018-10-29 | 2021-08-10 | 先进信息技术公司 | System and method for message transmission and retrieval using blockchains |
CN114726875A (en) * | 2021-01-05 | 2022-07-08 | 中国移动通信有限公司研究院 | Deviation reporting method, device and related equipment |
CN116956258A (en) * | 2023-09-21 | 2023-10-27 | 杭州锘崴信息科技有限公司 | Calculation element authentication method and device for data calculation in data operation |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100870202B1 (en) * | 2007-11-22 | 2008-12-09 | 주식회사 오엘콥스 | Method and system of issuing accredited certificate using encrypted image |
KR20130065829A (en) * | 2011-12-01 | 2013-06-20 | 주식회사 비즈모델라인 | Method and system for providing service by using object mapped one time code |
KR101680260B1 (en) * | 2015-12-14 | 2016-11-29 | 주식회사 코인플러그 | Certificate issuance system and method based on block chain |
JP2016208510A (en) * | 2015-04-21 | 2016-12-08 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | Authentication of user computers |
-
2016
- 2016-12-30 KR KR1020160183930A patent/KR101858653B1/en active IP Right Grant
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100870202B1 (en) * | 2007-11-22 | 2008-12-09 | 주식회사 오엘콥스 | Method and system of issuing accredited certificate using encrypted image |
KR20130065829A (en) * | 2011-12-01 | 2013-06-20 | 주식회사 비즈모델라인 | Method and system for providing service by using object mapped one time code |
JP2016208510A (en) * | 2015-04-21 | 2016-12-08 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | Authentication of user computers |
KR101680260B1 (en) * | 2015-12-14 | 2016-11-29 | 주식회사 코인플러그 | Certificate issuance system and method based on block chain |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111047439A (en) * | 2018-10-12 | 2020-04-21 | 北京邦天信息技术有限公司 | Transaction processing method based on block chain |
CN113243093A (en) * | 2018-10-29 | 2021-08-10 | 先进信息技术公司 | System and method for message transmission and retrieval using blockchains |
KR20200057985A (en) | 2018-11-19 | 2020-05-27 | 주식회사 비즈블록스 | A solution that combines hybrid block chains with enterprise-grade hadware key archival systems |
CN111861484A (en) * | 2019-04-24 | 2020-10-30 | 国际信任机器股份有限公司 | Verification system and method suitable for cooperation between block chain and downlink |
CN111861484B (en) * | 2019-04-24 | 2024-04-02 | 国际信任机器股份有限公司 | Security protocol apparatus, authentication method, terminal apparatus, and method for executing terminal apparatus |
CN114726875A (en) * | 2021-01-05 | 2022-07-08 | 中国移动通信有限公司研究院 | Deviation reporting method, device and related equipment |
CN116956258A (en) * | 2023-09-21 | 2023-10-27 | 杭州锘崴信息科技有限公司 | Calculation element authentication method and device for data calculation in data operation |
CN116956258B (en) * | 2023-09-21 | 2023-12-05 | 杭州锘崴信息科技有限公司 | Calculation element authentication method and device for data calculation in data operation |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101829729B1 (en) | Method for certifying a user by using mobile id through blockchain and merkle tree structure related thereto, and terminal and server using the same | |
KR101877335B1 (en) | Method for authenticating a user without a face-to-face contact by using mobile id based on blockchain and merkle tree structure related thereto, and terminal and server using the same | |
KR101877333B1 (en) | Method for authenticating a user without a face-to-face contact by using mobile id based on blockchain, and terminal and server using the same | |
US11664997B2 (en) | Authentication in ubiquitous environment | |
KR101858653B1 (en) | Method for certifying a user by using mobile id through blockchain database and merkle tree structure related thereto, and terminal and server using the same | |
US20230246842A1 (en) | Compact recordation protocol | |
KR101829730B1 (en) | Method for certifying a user by using mobile id through blockchain database, and terminal and server using the same | |
RU2702076C2 (en) | Authentication in distributed environment | |
KR101829721B1 (en) | Method for certifying a user by using mobile id through blockchain, and terminal and server using the same | |
JP4736744B2 (en) | Processing device, auxiliary information generation device, terminal device, authentication device, and biometric authentication system | |
KR102177848B1 (en) | Method and system for verifying an access request | |
KR20190093640A (en) | Methods, apparatus, and systems for processing two-dimensional barcodes | |
KR101941227B1 (en) | A FIDO authentication device capable of identity confirmation or non-repudiation and the method thereof | |
JP6585038B2 (en) | Systems and methods for encryption | |
JP2019004475A (en) | Authentication under ubiquitous environment | |
WO2020161203A1 (en) | Identity management on a mobile device | |
KR20190114421A (en) | Method for sso service through blockchain, and terminal and server using the same | |
US20240013198A1 (en) | Validate digital ownerships in immutable databases via physical devices | |
JP7379400B2 (en) | Information processing system, server device, information processing method and program | |
JP2020115386A (en) | Authentication in ubiquitous environment | |
CN114830092A (en) | System and method for protecting against malicious program code injection | |
TW201036385A (en) | Method for implementing and authenticating an one time password (OTP) for integrated circuit cards |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GRNT | Written decision to grant |