KR101858653B1

KR101858653B1 - Method for certifying a user by using mobile id through blockchain database and merkle tree structure related thereto, and terminal and server using the same

Info

Publication number: KR101858653B1
Application number: KR1020160183930A
Authority: KR
Inventors: 박종은; 현상훈; 송주한; 이준섭; 어준선; 홍재우
Original assignee: 주식회사 코인플러그
Priority date: 2016-12-30
Filing date: 2016-12-30
Publication date: 2018-06-28

Abstract

A method for authenticating a user using a mobile ID, the method comprising the steps of: (a) determining a user's public key, user identification information for identifying the user, and a user information hash value And a second block chain ID corresponding to the first block chain transaction ID, the specific hash value generated by applying a hash function to the user certificate, In a state where a representative hash value obtained by computing one neighboring hash value or a value obtained by processing the representative hash value is registered in the second block chain database and the second block chain transaction ID corresponding to the value is processed, The user's public key or the user identification information Wherein the authentication server comprises: (i) a first transaction ID corresponding to the public key of the user or the first transaction ID corresponding to the user identification information; (Ii) acquiring a data message from the second block chain database using the second block chain transaction ID corresponding to the user's public key or the user identification information, Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the value obtained by processing the representative hash value or the representative hash value, Referring to the leaf node information, Identifying the user certificate registered in the base site; (b) if the user certificate for the user is verified, the authentication server generates a verification means value, encodes the verification means value using the public key of the user, and transmits the encoded verification means value to the user terminal (I) decrypting the encoded verification means value with the user's private key to obtain the verification means value, (ii) assisting the user terminal to decrypt the encoded verification means value with the private key of the user, To display a mobile identity including an identity to be verified that is an identity for the user corresponding to the user identity; And (c) if the information of the mobile identity is obtained from the authentication requesting terminal, the authentication server obtains the verification means value and the verification target identity from the information of the mobile identity, And verifying whether the mobile ID is valid by comparing the verification means value generated corresponding to the user certificate verification with the verification means value obtained from the mobile ID information, To transmit or transmit the authentication result information for the user according to the validity of the authentication request terminal to the authentication request terminal; And a control unit.

Description

TECHNICAL FIELD [0001] The present invention relates to a method for authenticating a user using a mobile ID through a block chain database and a merge tree structure interworking with the same, a terminal, and a server using the terminal. AND SERVER USING THE SAME}

The present invention relates to a method for authenticating a user by using a mobile ID through a block chain database and a merge tree structure interworking with the server, a terminal, and a server using the same. More particularly, And processing a representative hash value or a representative hash value, which is calculated by computing a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matching the specific hash value, When a user authentication request transaction is acquired from a user terminal in response to a user authentication request in a state where a second block chain transaction ID corresponding to the second block chain transaction ID is registered in the second block chain database, The second block chain transaction corresponding to the identification information Acquiring a data message from the second block chain database by using the ID, comparing the representative hash value or the representative hash value included in the data message with the processed value, Information in a first block-chain database, verifies the user certificate registered in the first block-chain database, generates a verification means value when the user certificate for the user is verified, To support the user terminal to decode the encoded verification means value with the user's private key to obtain the verification means value, and the mobile terminal obtains the verification value from the mobile terminal From the information of the ID, Verifies the validity of the mobile ID by comparing the verification means value generated from the mobile ID information with the verification means value generated in correspondence with the user certificate verification using the obtained verification target ID, And transmitting the authentication result information to the authentication requesting terminal according to whether the mobile ID is valid or not, and a terminal and a server using the method.

In general, a mobile ID refers to an identification card in the form of an app on a mobile device instead of an ID card issued by a paper or plastic card, and it is possible to confirm the identity through the presentation of the ID card stored in the mobile device, .

Because they store and use IDs on these mobile devices, they are likely to be lost or stolen. Therefore, personal information leakage or theft should be prevented from being lost or stolen.

However, the conventional mobile ID has a problem that it is vulnerable to copying or tampering because it stores information required for user authentication such as a certificate in a mobile device.

In addition, since the conventional mobile ID always uses the same information for authenticating the user, there is a problem that a third party can easily steal information due to leakage of information or the like.

SUMMARY OF THE INVENTION The present invention has been made to solve all the problems described above.

It is another object of the present invention to provide a method, terminal and server for registering a user certificate in a block chain of virtual money to make it impossible to copy or digitize / modulate the user certificate.

Another object of the present invention is to provide a method, terminal, and server for ensuring security by using a hash function and an encryption technique, and making it impossible for the user certificate to be tampered with.

Another object of the present invention is to provide a method, a terminal and a server that can prevent a problem caused by user information theft by authenticating a user through one-time mobile ID information.

In order to accomplish the above object, a representative structure of the present invention is as follows.

According to an embodiment of the present invention, there is provided a method for authenticating a user using a mobile ID, the method comprising the steps of: (a) receiving a public key of the user, user identification information for identifying the user, And a first block chain transaction ID corresponding to the user certificate is registered in the first block chain database, and a specific hash value generated by applying a hash function to the user certificate, A representative hash value obtained by computing at least one neighboring hash value matched with a hash value or a value obtained by processing the representative hash value is registered in the second block chain database, and in a state of managing the second block chain transaction ID corresponding to the representative hash value , A public key or an upper key of the user from the user terminal in response to the user authentication request When the user authentication request transaction including the user identification information is obtained, the authentication server registers (i) the first block chain database with the public key of the user or the first transaction ID corresponding to the user identification information (Ii) obtain a data message from the second block chain database using the second block chain transaction ID corresponding to the user's public key or the user identification information, and Searches the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the processed value of the representative hash value or the representative hash value included in the message, By referring to the merge tree information and the leaf node information Identifying the user certificate registered in the first block group chain database; (b) if the user certificate for the user is verified, the authentication server generates a verification means value, encodes the generated verification means value using the user's public key, (I) decrypting the encoded verification means value with the user's private key to obtain the verification means value, and (ii) Supporting a display of a mobile identity including a verification means value and a verification subject identity that is an identity for the user corresponding to the verification means value; And (c) if the information of the mobile ID is obtained from the authentication requesting terminal, the authentication server acquires the verification value and the verification target ID from the information of the mobile ID, And verifying means for comparing the verification means value generated in correspondence with the user certificate verification with the verification means value obtained from the mobile ID information to verify the validity of the mobile ID And transmitting or transmitting authentication result information for the user according to whether the mobile ID is validated to the authentication request terminal; Is provided.

According to another aspect of the present invention, there is provided a method of authenticating a user using a mobile ID, the method comprising the steps of: (a) generating and storing a public key of the user and a private key of the user; A user certificate including a user identification information for identifying the user and a user information hash value as a hash value of the user information of the user is registered in the first block chain database and a hash function is applied to the user certificate A representative hash value obtained by computing a specific hash value and at least one neighborhood hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state where the mobile ID corresponding to the certificate is being managed, A user terminal transmits or transmits a user authentication request transaction including the user's public key or the user identification information to an authentication server by (i) causing the authentication server to transmit the public key of the user or (I) identifying the user certificate registered in the block-chain database using the first block-chain transaction ID corresponding to the user identification information, (ii) enabling the authentication server to determine whether the user's public key or the user identification Acquiring a data message from the second block-chain database using the second block-chain transaction ID corresponding to the first block-chain-information, associating the representative hash value or the representative hash value included in the data- Stored in the database Retrieving the merge tree information and leaf node degree from the first block chain database and supporting the user certificate registered in the first block chain database by referring to the retrieved merge tree information and leaf node information; (b) if the user certificate for the user is verified and the authentication server generates a verification means value, encodes the generated verification means value with the user's public key and transmits the encoded verification means value, The terminal decodes the encoded verification means value with the user's private key to obtain the verification means value and includes the verification target value obtained as the verification means value and the verification target value corresponding to the verification means value Displaying a mobile ID; And (c) supporting, by the user terminal, the authentication requesting terminal to acquire the information of the mobile ID and transmit the information to the authentication server through the indicated mobile ID, thereby allowing the authentication server to (i) (Ii) acquiring the verification target value and the verification target ID, and verifying the verification means value generated corresponding to the user certificate verification using the obtained verification target identification, (ii) Comparing the generated verification means value with the verification means value acquired from the mobile ID information to check whether the mobile ID is valid and verifying the authentication result information about the user according to the validity of the mobile ID, Supporting transmission to the terminal; Is provided.

According to another embodiment of the present invention, there is provided a method for authenticating a user using a mobile ID, the method comprising the steps of: (a) inputting user's public key, user identification information for identifying the user, A hash value of the user information, which is a hash value of the first block chain, in the first block chain database, manages the first block chain transaction ID corresponding to the user certificate, A representative hash value obtained by calculating at least one neighboring hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database and the second block chain transaction ID corresponding to the representative hash value is managed The user identification information corresponding to the user authentication request from the service server is < RTI ID = 0.0 > (I) identifying the user certificate registered in the first block chain database using the first block chain transaction ID corresponding to the user identification information, or (ii) Acquires a data message from the second block chain database using the second block chain transaction ID corresponding to the first block chain, and associates the representative hash value or the representative hash value included in the data message with the processed value, 1 block chain database and the leaf node information stored in the first block chain database in the first block chain database and referring to the retrieved merch tree information and leaf node information, ; (b) if the user certificate for the user is verified, the authentication server generates a verification means value, encodes the generated verification means value using the user's public key, (B1) supporting the user terminal to decode the encoded verification means value with the user's private key to obtain the verification means value, or (b2) To decode the encoded verification means value with the user's private key to obtain the verification means value, and to display a mobile identity including the obtained verification means value; And (c) comparing the verification means value of the mobile identity indicated by (b2) with the service web by (c1) the verification means value is obtained from the user terminal by (b1) The authentication server compares the obtained verification means value with the generated verification value to perform authentication on the user, and transmits the authentication result information To the service server; Is provided.

According to another aspect of the present invention, there is provided a method of authenticating a user using a mobile ID, the method comprising the steps of: (a) generating and storing a public key of the user and a private key of the user; A user certificate including a user identification information for identifying the user and a user information hash value as a hash value of the user information of the user is registered in the first block chain database and a hash function is applied to the user certificate A representative hash value obtained by computing a specific hash value and at least one neighborhood hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state in which the mobile ID corresponding to the certificate is managed, A verification means value encoded with the public key of the user from the authentication server, wherein the verification means value comprises: (i) using the first block chain transaction ID corresponding to the user identification information according to the user authentication request obtained from the service server, (Ii) identifying the user certificate registered in the first block chain database by using the second block chain transaction ID corresponding to the user identification information according to the user authentication request obtained from the service server, Acquiring a data message from the database, comparing the representative node hash value or the representative hash value included in the data message with the merge tree information and the leaf node degree stored in the first block chain database, , And the retrieved Merck < RTI ID = 0.0 > Information with reference to leaf node information to determine the first block in which the user certificate registered in the chain database, and if the user certificate for the user identification, the authentication server will generate - obtaining a; (b) the user terminal decodes the encoded verification means value with the user's private key to obtain the verification means value; and (b1) transmitting the obtained verification means value to the authentication server, Compares the verification means value received from the user terminal with the verification means value used to encode the user's public key to support authentication of the user and transmits the authentication result information to the service server (b2) displaying a mobile ID including the obtained verification means value, and allowing the user to input the verification means value of the indicated mobile ID through the service web, so that the service server To send the means value to the authentication server, And comparing the verification means value received from the service server with the generated verification means value to perform authentication for the user. Supporting the transmitted authentication result information to the service server; Is provided.

According to another aspect of the present invention, there is provided an authentication server for authenticating a user using a mobile ID, the authentication server comprising: a public key of the user; user identification information for identifying the user; And a first block chain transaction ID corresponding to the user certificate is registered in the first block chain database, and a specific hash value generated by applying a hash function to the user certificate, A representative hash value obtained by computing at least one neighboring hash value matched with a hash value or a value obtained by processing the representative hash value is registered in the second block chain database, and in a state of managing the second block chain transaction ID corresponding to the representative hash value , The user's public key from the user terminal in response to the user authentication request A communication unit for acquiring a user authentication request transaction including the user identification information; And (i) verifying the user's certificate registered in the first block chain database using the public key of the user or the first transaction ID corresponding to the user identification information of the acquired user authentication request transaction, (ii) obtaining a data message from the second block chain database using the public key of the user or the second block chain transaction ID corresponding to the user identification information, and wherein the representative hash value or Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the value obtained by processing the representative hash value and referring to the retrieved merge tree information and leaf node information To the first block chain database Generating a verification means value when the user certificate for the user is verified; encoding the generated verification means value using the user's public key; and comparing the encoded verification means value (I) decrypting the encoded verification means value with the user's private key to obtain the verification means value, and (ii) A process for supporting a display of a mobile ID including a verification means value and a verification target ID that is an identification for the user corresponding to the verification means value; and when the information of the mobile ID is acquired from the authentication request terminal, From the information of the verification target value and the verification target value Acquiring a verification value corresponding to the verification of the user certificate by using the acquired verification ID, verifying the verification value generated in response to the verification of the user certificate, A verification unit for verifying whether or not the mobile ID is valid and for transmitting authentication result information for the user according to whether the mobile ID is validated to the authentication request terminal, ; Is provided.

According to another aspect of the present invention, there is provided a user terminal for authenticating a user using a mobile ID, the user terminal generating and storing the public key of the user and the private key of the user, A user certificate including a user identification information for identifying a user and a user information hash value as a hash value of the user information of the user is registered in the first block chain database and a hash function is applied to the user certificate A representative hash value obtained by calculating one hash value and at least one neighbor hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state where the corresponding mobile ID is managed, (I) the authentication server transmits the user authentication request transaction including the public key of the user or the user authentication request transaction to the authentication server, (Ii) the authentication server is configured to determine whether the public key or the user identification information is included in the public key or the user identification information of the user Obtains a data message from the second block chain database using the corresponding second block chain transaction ID, and transmits the data message to the first block chain database in association with the representative hash value or the representative hash value included in the data message Merck stored Information and leaf nodes in the first block chain database and supporting the user certificate to be registered in the first block chain database by referring to the retrieved merge tree information and leaf node information, Wherein the user certificate is verified and the authentication server generates a verification means value and encodes the generated verification means value with the user's public key and transmits the encoded verification means value, Performing a process of displaying a mobile ID including a verification target value which is an identification of the user corresponding to the verification means value and the verification means value obtained by decoding with the private key of the user, A processor; And (i) supporting the authentication requesting terminal to acquire the information of the mobile ID and transmit it to the authentication server through the indicated mobile ID, thereby enabling the authentication server to (i) extract the verification value from the information of the mobile ID, Identifies the verification means value generated corresponding to the user certificate verification using the obtained verification target ID, (ii) verifies the verification means value generated corresponding to the user certificate verification, A communication unit for verifying the validity of the mobile ID by comparing the verification means value obtained from the ID information and for transmitting the authentication result information for the user according to whether the mobile ID is validated to the authentication request terminal; A user terminal is provided.

According to another embodiment of the present invention, there is provided an authentication server for authenticating a user using a mobile ID, the authentication server comprising: a public key of the user; user identification information for identifying the user; And a first block chain transaction ID corresponding to the user certificate is registered in the first block chain database, and a specific hash value generated by applying a hash function to the user certificate, A representative hash value obtained by computing at least one neighboring hash value matched with a hash value or a value obtained by processing the representative hash value is registered in the second block chain database, and in a state of managing the second block chain transaction ID corresponding to the representative hash value , The user identification information corresponding to the user authentication request from the service server Obtaining communication unit; And (i) identifying the user certificate registered in the first block chain database using the first block chain transaction ID corresponding to the user identification information, or (ii) Acquiring a data message from the second block chain database using a block chain transaction ID and storing the representative hash value or the representative hash value included in the data message in the first block chain database A step of searching the first block chain database for the merge tree information and the leaf node information and checking the user certificate registered in the first block chain database with reference to the retrieved merge tree information and leaf node information; If the user certificate for the user is verified, Generating a verification means value, encoding the generated verification means value using the public key of the user, and transmitting or transmitting the encoded verification means value to the user terminal, and (b1) (B2) decodes the encoded verification means value with the private key of the user, and outputs the verification means value to the verification means (C1) the verification means value is obtained from the user terminal by (b1), (c2) the verification means value is obtained from the user terminal by (b1) The verification means of the mobile ID indicated by (b2) is transmitted to the user via the service web When the verification means value is obtained from the service server, performs authentication for the user by comparing the obtained verification means value with the generated verification means value, and transmits the performed authentication result information to the service server A processor for performing a process for supporting the transmission or the transmission of data; Is provided.

According to another aspect of the present invention, there is provided a user terminal for authenticating a user using a mobile ID, the user terminal generating and storing the public key of the user and the private key of the user, A user certificate including a user identification information for identifying a user and a user information hash value as a hash value of the user information of the user is registered in the first block chain database and a hash function is applied to the user certificate A representative hash value obtained by calculating one hash value and at least one neighbor hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state where the corresponding mobile ID is being managed, (I) a first block chain transaction ID corresponding to the user identification information according to a user authentication request obtained from the service server, (Ii) a second block-chain transaction ID corresponding to the user identification information in response to a user authentication request obtained from the service server, from the second block chain database The first block chain database and the second block chain database, the first block chain database and the second block chain database, , And the retrieved muckle tree information and Refer to the program information to determine the node the user certificate registered in the first block chain, and the database, and if the user certificate for the user identification, the authentication server will create-communication to obtain a; And decrypting the encoded verification means value with the user's private key to obtain the verification means value; and (b1) transmitting the obtained verification means value to an authentication server, Comparing the verification means value with the verification means value used to encode the user's public key to perform authentication for the user and to support the transmitted authentication result information to the service server; (b2) And the verification means of the displayed mobile ID is input by the user through the service web so that the service server inputs the verification means value to the authentication server So that the authentication server can be provided to the service server It compares the generated value and the verifying means verifying means value emitter receives and performs authentication for the user. And to transmit the performed authentication result information to the service server; A user terminal is provided.

In addition, a computer readable recording medium for recording a computer program for executing the method of the present invention is further provided.

The present invention has the following effects.

The present invention can register a user certificate in a block chain of virtual money to make it impossible to copy or up / modulate.

In addition, the present invention can secure the security of the user certificate using the hash function and the encryption technique, and make it impossible to up / modulate the user certificate.

In addition, the present invention allows a user to be authenticated through one-time mobile ID information, thereby preventing problems caused by user information theft.

FIG. 1 schematically illustrates a system for authenticating a user using a mobile ID according to an embodiment of the present invention,
2 schematically illustrates a method of issuing a mobile ID in a method of authenticating a user using a mobile ID according to an embodiment of the present invention,
3 and 4 schematically illustrate a process of anchoring a transaction related to a mobile ID to a second block chain database according to an embodiment of the present invention,
5 illustrates an example of a mobile ID issued in a method of authenticating a user using a mobile ID according to an embodiment of the present invention,
6 schematically shows a method of authenticating a user using a mobile ID according to an embodiment of the present invention,
7 schematically shows a system for authenticating a user using a mobile ID according to another embodiment of the present invention,
FIG. 8 is a schematic view illustrating a method of authenticating a user using a mobile ID according to another embodiment of the present invention,
9 schematically shows a modification of a method for authenticating a user using a mobile ID according to another embodiment of the present invention.

The following detailed description of the invention refers to the accompanying drawings, which illustrate, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different, but need not be mutually exclusive. For example, certain features, structures, and characteristics described herein may be implemented in other embodiments without departing from the spirit and scope of the invention in connection with an embodiment. It is also to be understood that the position or arrangement of the individual components within each disclosed embodiment may be varied without departing from the spirit and scope of the invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is to be limited only by the appended claims, along with the full scope of equivalents to which such claims are entitled, if properly explained. In the drawings, like reference numerals refer to the same or similar functions throughout the several views.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, so that those skilled in the art can easily carry out the present invention.

FIG. 1 schematically illustrates a system for authenticating a user using a mobile ID according to an embodiment of the present invention. The system includes a user terminal 100, an authentication request terminal 110, and an authentication server 200 .

The user terminal 100 is a mobile device that displays a mobile ID, and may include a mobile computer, a PDA / EDA, a mobile phone, a smart phone, a tablet, and the like. The user terminal 100 is not limited to this, and may include all mobile devices such as a portable game machine having a wired / wireless communication function, a digital camera personal navigation, and the like. In addition, the user terminal 100 may include a communication unit for supporting transmission and reception of information and a processor for processing information

The authentication request terminal 110 obtains mobile ID information through communication with the computing device or the user terminal 100 that obtains the signal of the reader that obtains the mobile ID information from the mobile ID displayed through the user terminal 100 A computing device, and may include a desktop computer, a mobile computer, a PDA / EDA, a smart phone, a tablet, and the like. However, the authentication request terminal 110 is not limited to this, and may be a computing device that performs general operation processing, and may include a server.

The authentication server 200 may include a communication unit 210 and a processor 220. The use of the same reference numerals is for convenience of explanation only and is not intended to mean that these individual devices are the same. In another embodiment of the present invention, a server may be configured differently to perform the corresponding method, or may perform the corresponding method through the same authentication server 200. Also, the authentication server 200 may be a server corresponding to each node of the block-chain database, or a server that manages each node of the block-chain database.

Specifically, the authentication server 200 typically includes a computing device (e.g., a computer processor, memory, storage, input and output devices, and other devices capable of including components of a conventional computing device; (E. G., An electronic information storage system such as a network attached storage (NAS) and a storage area network (SAN)) and computer software (i. E. Instructions that cause a computing device to function in a particular manner) Performance. &Lt; / RTI >

The communication unit 210 of such a computing device can send and receive requests and responses to and from other interworking computing devices. As an example, such requests and responses can be made by the same TCP session, For example, as a UDP datagram.

The processor 220 of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, and a data bus. It may further include a software configuration of an operating system and an application that performs a specific purpose.

A method for authenticating a user using a mobile ID according to an exemplary embodiment of the present invention will now be described with reference to FIG.

First, a method of issuing a mobile ID in a method of authenticating a user using a mobile ID according to an embodiment of the present invention will be described with reference to FIG.

In a state in which the user is connected to the authentication server 200 through the user terminal 100 in order to receive the mobile ID, for example, the user executes an application for issuing the mobile ID in the user terminal 100, The mobile ID information required for the mobile ID is input (S100). At this time, the mobile ID may include all commonly used IDs such as a driver's license, health insurance card, alien registration card, public employee card, .

Then, when the user inputs the mobile ID information and requests the issuance of the mobile ID, the user terminal 100 transmits the mobile ID issuance application transaction to the authentication server 200 (S101). At this time, the mobile ID issue request transaction includes the mobile ID information input by the user, and the mobile ID information may be the photo image of the user and the display information of each ID card. In addition, the mobile ID information may include personal information of the user.

Then, the authentication server 200 obtains a mobile ID issue application transaction including at least user information from the user terminal 100, and confirms the user using the acquired user information or the like (S102). At this time, the user confirmation may use a public key infrastructure (PKI) certificate or use personal information of the user, but the present invention is not limited thereto. For example, it is possible to identify a specific issuer through public key based certificate, OPSign certificate, etc., or personal information such as a resident registration number, a passport, a corporation registration number, a business registration number, etc., To identify the user.

When the user is confirmed, the authentication server 200 can support sending or transmitting a certificate registration request signal to the user terminal 100 (S103).

Then, the user terminal 100 generates a public key and a private key, which are authentication keys, in response to the certificate registration request signal (S104), and sets confirmation information for controlling the user access to the private key by the user (S105). At this time, the confirmation information is path information for accessing the private key, and may include a password, biometric information, and the like. Alternatively, the setting of confirmation information for access control on the private key may be omitted. Further, the confirmation information for access control of the private key may be set before generating the authentication key of the user.

Then, the user terminal 100 extracts the public key of the user among the authentication keys, transmits the certificate registration information including the extracted public key of the user and the user identification information to the authentication server 200 (S106) The server 200 generates a user's certificate by referring to the certificate registration information transmitted and obtained from the user terminal 100 (S107). That is, in addition to the public key and the user identification information obtained from the certificate registration information, the authentication server 200 generates a user certificate including a user information hash value, which is a hash value generated by applying a hash function to the identified user information . At this time, the user identification information may include at least one of a push token, a user ID, a resident registration number, a user terminal ID, an IP address of the user terminal, and a telephone number. The hash function for generating the hash value is MD4 function, MD5 function, SHA-0 function, SHA-1 function, SHA-224 function, SHA-256 function, SHA-384 function, SHA-512 function and HAS-160 function But it should be understood that the present invention is not limited thereto. For example, Triple SHA256 would be possible.

Then, the authentication server 200 registers the generated user certificate in the first block chain database such as private block chain data or the like, in order to make copying or up / modulating impossible.

For example, the authentication server 200 registers the user certificate in the first block-chain database, acquires the first block-chain transaction ID indicating the location information on the first block-chain database of the user certificate registered in the first block-chain database . For reference, the first block chain database may be a block-chain database managed by the authentication server 200.

Then, when the triggering condition for anchoring and registering a predetermined hash value in a second block chain database such as public block chain data is satisfied, the authentication server 200 applies a hash function to the user certificate The generated hash value and at least one neighbor hash value matching with the specific hash value are computed to generate a value obtained by processing the representative hash value or the representative hash value that is the merge root (S108).

The authentication server 200 also supports registering or registering the generated value of the representative hash value or the representative hash value in the second block chain database 300 in step S109, (S110) to obtain or obtain a second block chain transaction ID indicating the location information on the second block chain database of the merchant, which is a value obtained by processing the representative hash value or the representative hash value registered in the second block chain database. At this time, the server 100 may acquire the data message corresponding to the second block chain transaction ID from the second block chain block chain database 300.

At this time, the authentication server 200 can store and manage a specific hash value and at least one neighbor hash value in a predetermined data structure. Here, the data structure may be various, for example, a merkle tree structure.

In other words, the authentication server 200 can support a particular hash value to generate or generate a merkle tree assigned to a particular leaf node, and if the predetermined condition is satisfied, It is possible to register or register a value obtained by processing the representative hash value or the representative hash value, which is a merge root generated by computing the hash value assigned to the leaf node, in the second block chain database 300.

More specifically, (x1) the authentication server 200 supports (i) a particular hash value and (ii) a hash value assigned to a sibling node of a node to which a particular hash value is assigned, You can support assigning or assigning a hash value for a value to a node's parent node. (x2) If the parent node is the root node of the merge tree, the hash value assigned to the parent node is the representative hash value. (x3). On the other hand, if the parent node is not the root node of the merge tree, the authentication server 200 repeats (x1) to (x3) with the hash value assigned to the parent node as a specific hash value.

The authentication server 200 finally registers the hash value assigned to the root node of the merge tree as a representative hash value in the second block chain database 300 or supports registration. At this time, a value obtained by processing the representative hash value may be registered. For example, a result obtained by performing a hex operation on a representative hash value may be registered.

On the other hand, when the authentication server 200 stores a specific hash value and at least one neighbor hash value in a predetermined first data structure and then stores and manages a second data structure of the same type as the first data structure, The first data structure and the second data structure may be connected in a chain form.

In particular, if the first data structure and the second data structure are merc trees as in the above example, the root value of the first data structure or the hash value of the root value may be assigned to the first leaf node of the second data structure .

In addition, when the second data structure is created, verification of the first data structure is performed, so that data integrity can be further guaranteed. Verification of the second data structure will be described later.

In addition, in the case of the first one of the at least one merch tree connected in a chain form, the first leaf node of the first merch tree may be assigned a hash value or a processed value of predetermined message data composed of text, numbers, or symbols have. For example, a hash value of an input message initially assigned by the authentication server 200 can be allocated when generating a merge tree.

Figures 3 and 4 illustrate an example of a merge tree generated in accordance with an embodiment of the present invention.

FIG. 3 shows a merge tree having four leaf nodes. Since the illustrated merge tree is the first merge tree (tree_id = 0), it can be seen that a hash value (sha256 (coinplug_unique_message)) of a predetermined message data is assigned to the first leaf node h0. If there is a registration request (i.e., a write request related to the mobile ID) for the record data, the authentication server 200 generates the next leaf node of the last leaf node of the currently configured merge tree, And assigns or assigns the processed value. For example, if a new leaf node needs to be created in a state where the value assignment from the merge tree to the h1 node as the second leaf node is completed, a h2 node, which is a next leaf node, is generated to process a specific hash value or a specific hash value One value (sha256 (input2)) can be assigned. In addition, the authentication server 200 may support computing or computing (i) a particular hash value assigned to the h2 node and (ii) a hash value assigned to the h3 node, which is a sibling node of the h2 node. The hash value for the operation value is assigned to the h2 node and the parent node (h23 node) of the h3 node. Since the parent node (h23 node) is not the root node of the merge tree, the authentication server 200 can repeat the above process with the hash value assigned to the h23 node as a specific hash value. That is, the hash value assigned to the h23 node is set as a specific hash value, and the hash value assigned to the h23 node and the hash value assigned to the h01 node are calculated and assigned to the h23 node and the parent node (h0123 node) of the h01 node have. Since the h0123 node is the root node of the merge tree, the authentication server 200 registers the value (hex (h {node_index}) obtained by processing the hash value assigned to the node h0123 in the second block chain database 300 Can support to register

On the other hand, the above-mentioned predetermined condition is a condition that (i) a transaction related to the mobile ID is generated by a predetermined number, (ii) a condition that a predetermined time elapses (for example, (Iii) a condition for generating a block in the first block chain database, and (iv) a condition for a service characteristic.

On the other hand, for example, if a plurality of certificate registrations or mobile ID related transactions are acquired for the leaf nodes of the merge tree, a merge tree is generated, the root value of the merge tree is registered in the second block chain database 300, .

Also, the authentication server 200 can generate the root value of the aforementioned mu tree at predetermined time intervals (condition (ii) above). In this case, the authentication server 100 may generate a merge tree using the input values up to that time and register or register the root value of the merge tree in the second block chain database 300 when a predetermined time elapses.

In this case, although a predetermined time has elapsed, a value may not be assigned to a sibling node of a node to which a particular hash value of the merge tree is assigned. If a hash value is not assigned to a sibling node of a node to which a specific hash value is allocated even though a predetermined condition is satisfied, the authentication server 200 supports to assign or assign a predetermined hash value to the sibling node, The root value of the muckle tree can be calculated. For example, the authentication server 200 may support copying and assigning or assigning a particular hash value to a sibling node.

The service characteristics include the cost information provided by the issuer that issued the transaction related to the mobile ID, the time zone information in which the mobile ID related transaction registration is registered, the area information in which the mobile ID related transaction registration service is performed, May be at least a part of the company type information. However, the present invention is not limited to the one described here, but includes various condition information in which a generally accepted differential service can be provided.

On the other hand, when a new merge tree generation is started and a predetermined condition is satisfied in a state where there is no mobile ID related transaction, the authentication server 220 determines that the predetermined message data is a merge tree allocated to the first leaf node and the second leaf node And supports to register or register the root value of the merge tree or the processed value in the second block chain database 300. In this case, a merge tree with two leaf nodes may be created.

Meanwhile, as described above, the authentication server 200 stores a specific hash value and at least one neighbor hash value in a predetermined first data structure, and then stores and manages a second data structure of the same type as the first data structure In this case, the first data structure and the second data structure may be connected in a chain form. In particular, if the first data structure and the second data structure are merc trees, the root value of the first data structure or the hash value of the root value may be assigned to the first leaf node of the second data structure.

4 is a diagram illustrating a merge tree generated as a second data structure according to an embodiment of the present invention.

Referring to FIG. 4, it can be seen that the root value (hex (h0123)) of the merge tree (tree_id = 0) of FIG. 3 is assigned to the first leaf node (h4 node) of the new merge tree (sha256 (input4)). The present invention has an advantage of improving data integrity by enabling easy tracking even when data is modulated in the middle by connecting a plurality of data structures generated at the time of occurrence of a transaction.

In response to the user's certificate creation, the authentication server 200 may issue a mobile ID to the user terminal 100 (S111). That is, after the user's certificate is generated, the authentication server 200 may issue the mobile ID to the user terminal 100 in parallel with registering the user's certificate in the first block chain database and the second block chain database.

5, the mobile ID can be used in a mobile device, which is a user terminal 100, and can have a mobile ID display area 10 and a mobile ID information area 20. [

The mobile ID display area 10 is related to user information to be displayed for each ID and includes information such as a photograph image, a name and an ID number, and may be changed according to the display information of the ID card to be implemented by the mobile ID , The corresponding information may be stored in the user terminal 100 or stored in the authentication server 200.

In addition, the mobile ID information area 20 includes information for user authentication, and has a changed value every time authentication is performed, thereby preventing a problem caused by user information theft.

Referring to FIG. 6, a method for authenticating a user using a mobile ID according to an embodiment of the present invention in a state where a mobile ID is issued by the above method will be described.

The user certificate including the public key of the user, the user identification information, and the user information hash value, which is a hash value of the user information, is registered in the first block chain database and the corresponding first block chain transaction ID A representative hash value or a representative hash value obtained by computing at least one neighborhood hash value matching the specific hash value and a specific hash value generated by applying a hash function to the user certificate is processed in a second block chain database (100) storing a user's private key and a public key to request a user authentication using a mobile ID in a state in which the second block chain transaction ID is registered in the first block chain (S200), the user terminal 100 transmits the user authentication request signal And transmits the user authentication request transaction including the public key or the user identification information to the authentication server 200 (S201).

Then, the authentication server 200 searches for the first block-chain transaction ID corresponding to the user's public key or the user identification information of the obtained user authentication request transaction, and refers to the first block- You can check the user certificate registered in the database. That is, the certificate verification transaction is transmitted to the first block chain block chain database using the first block chain transaction ID corresponding to the user's public key or the user identification information, and the corresponding data message Can be verified.

Alternatively, the authentication server 200 may transmit the certificate confirmation transaction to the second block chain database 300 (S202) using the public key of the user and the second block chain transaction ID corresponding to the user identification information, Acquires a data message from the second block chain database 300, and associates the representative hash value or the representative hash value included in the data message with the processed value, Is retrieved from the first block chain database. Then, the user certificate registered in the first block chain database can be checked with reference to the retrieved mu tree tree information and leaf node information (S204). Here, as an example of the data message, an OP return message of bit coin or the like may be assumed.

At this time, the authentication server 200 checks whether the confirmed user certificate is valid, and if the user does not have a matching certificate or the user certificate is invalid due to disposal or the like, the authentication server 200 transmits an error signal corresponding to the authentication failure to the user terminal .

The authentication server 200 can obtain a hash value for the user information by referring to the identified user certificate.

Thereafter, the authentication server 200 generates a verification means value (S204) and encodes the verification means value (S205). At this time, the verification means value may include a nonce, an OTP (one time password), a time stamp, and the like. The encoding of the verification means value can be performed using the user's public key.

Then, the authentication server 200 may transmit the encoded verification value and the verification target ID to the user terminal 100 (S206). At this time, the verification target ID may include a user's public key, a user information hash value obtained from the user's certificate, and the like. Unlike the case where the authentication server 200 transmits the encoded verification value and the verification target ID, only the verification means encoded in the user terminal 100 may be transmitted.

First, when the authentication server 200 transmits the detection means value encoded in the user terminal 100 and the verification target ID to the user terminal 100 of the user, the user terminal 100 requests the user to input verification information (S207). When the confirmation information input by the user matches the set information, the verification means can obtain the verification means value by allowing access to the private key and decoding the encoded detection means value using the user's private key (S208). However, if the confirmation information input by the user does not match the set information, the access to the private key is denied so that the decoding of the encoded detection means value is prevented.

Then, the user terminal 100 displays the mobile ID as shown in FIG. 5 (S209). That is, the user terminal 100 displays a photograph image stored in the terminal or acquired through the authentication server and a mobile ID, which is display information according to the identification card. Then, the mobile ID information including the detection means value obtained by decoding by the user's private key and the verification target ID can be displayed.

In this state, when the user presents a mobile ID for user authentication, the authentication request terminal 110 acquires mobile ID information from the mobile ID displayed on the user terminal 100 (S210) and transmits the mobile ID information to the authentication server 200 (S211).

At this time, the mobile ID information may include at least one of bar code, QR code, and NFC tag information, and the authentication request terminal 110 may be a computing device directly or indirectly coupled to a QR reader or an NFC reader . For example, the authentication request terminal 110 may recognize the QR code of the mobile ID of the mobile ID through the QR reader and transmit the same to the authentication server. When the NFC reader is used, the user terminal 100 receives the NFC tag information, which is the mobile ID information of the mobile ID, through the NFC reader, or the user or the third party clicks the mobile ID information area of the mobile ID, NFC reader or the like.

Then, the authentication server 200 extracts the verification means value and the verification target ID from the mobile ID information obtained from the authentication request terminal 110 (S212), and generates the verification target value and the verification target ID in response to the user certificate verification using the extracted verification target ID A validation means value is verified and the verification means value generated in correspondence with the user certificate verification is compared with the verification means value obtained from the mobile ID information (S213), the validity of the mobile ID is confirmed, and the validity of the confirmed mobile ID (S214) whether the authentication result information of the user is transmitted or transmitted to the authentication request terminal.

At this time, the authentication server 200 determines whether the validity of the mobile ID is valid by checking whether the verification means value generated in correspondence with the user certificate verification matches the verification means value obtained from the mobile ID information.

Also, when the time stamp is used as the verification means value, the authentication server 200 determines whether or not the verification time is the first time that the verification means value is transmitted to or transmitted from the user terminal and the second time when the verification means value is obtained Is greater than or equal to the set value, it is possible to invalidate the value of the user authentication request transaction or the verification means, that is, judge that the authentication has failed. Accordingly, the authentication server 200 can prevent the user's mobile ID from being used by theft or the like.

In response to the authentication result information received from the authentication server 200, the authentication request terminal 110 performs authentication by the user using the mobile ID.

Second, when the authentication server 200 transmits the verification means value encoded by the user terminal 100 to the user terminal 100, the user terminal 100 may request the user to input verification information (S 207 If the verification information input by the user is identical to the set information, access to the private key is allowed, and the encoded verification means is decoded using the user's private key (S208). However, if the verification information input by the user does not match the set information, access to the private key is denied, so that decoding of the encoded verification value is not performed.

Then, the user terminal 100 displays the mobile ID as shown in FIG. 3 (S209). That is, the user terminal 100 displays a photograph image stored in the terminal or acquired through the authentication server and a mobile ID, which is display information according to the identification card. Then, the mobile ID information including the verification target value obtained by decoding and the verification target ID, which is an ID for the user corresponding to the verification means value, is displayed. At this time, the verification target ID may be the public key of the user.

Then, the authentication server 200 extracts the verification means value and the verification target ID from the mobile ID information obtained from the authentication request terminal 110 (S212), and generates the verification target value and the verification target ID in response to the user certificate verification using the extracted verification target ID (S213). The validity of the mobile ID is verified by comparing the verification means value generated corresponding to the user certificate verification with the verification means value obtained from the mobile ID information (S213) And transmits the authentication result information for the user according to the validity to the authentication request terminal (S214).

Also, when the time stamp is used as the verification means value, the authentication server 200 transmits the encrypted verification value to the user terminal at a first time that is supported to transmit or transmit the encrypted verification value to the user terminal, , It can be determined that the authentication has failed, that is, the verification of the mobile ID has failed. Accordingly, the authentication server 200 can prevent the user's mobile ID from being used by theft or the like.

7 schematically shows a system for authenticating a user using a mobile ID according to another embodiment of the present invention. The system includes a user terminal 100, a service server 111, and an authentication server 200 can do.

The service server 111 provides services to users through the service web, and may be a computing device that performs general operation processing.

A method of authenticating a user using a mobile ID according to another embodiment of the present invention through the thus configured system will be described with reference to FIG.

The user certificate including the public key of the user, the user identification information, and the user information hash value, which is a hash value of the user information, is registered in the first block chain database and the corresponding first block chain transaction ID A value obtained by processing a representative hash value or a representative hash value obtained by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matching the specific hash value, In step S300, when the user registers the user ID information of the user to authenticate the user on the service web such as the Internet web page in the state where the second block chain transaction ID is registered and registered in the database 300, , The service server 111 for providing the service web authenticates the user identification information inputted by the user The server gives a transmission (200) (S301). At this time, the user identification information may include unique information such as a push-to-talk, a user ID, a resident registration number, a user terminal ID, an IP address of the user terminal, a telephone number, and the like.

Then, the authentication server 200 checks the user identification information acquired from the service server 111, searches registered user information corresponding to the user identification information (S302), and generates a verification value corresponding to the searched user (S303). That is, the authentication server 200 confirms the user certificate registered in the first block chain database using the first block chain transaction ID corresponding to the user identification information, Obtains a data message from the second block chain database 300 using the block-chain transaction ID, and transmits the merge tree information stored in the first block chain database in association with the representative hash value or the representative hash value included in the data message, The leaf node degree is retrieved from the first block chain database, and the user certificate registered in the first block chain database can be confirmed by referring to the retrieved merch tree information and the leaf node information.

When the user certificate for the user is confirmed, a verification means value corresponding to the user is generated (S303). At this time, the verification means value may include a nonce, an OTP (one time password), a time stamp, and the like.

Thereafter, the authentication server 200 encodes the verification means value generated in order to request the user terminal to authenticate the user using the mobile ID (S304), and transmits the verification means value encoded in the user terminal 100 to the public key And transmits it as a user authentication request signal (S305). At this time, the authentication server 200 may transmit a verification target ID such as a user information hash value and a user's public key, in addition to the encoded verification means value.

Then, the user terminal 100 requests the user to input confirmation information (S306). If the confirmation information input by the user matches the set information, the user terminal 100 permits access to the private key, By using the private key to decode, the verification means value can be obtained (S307). However, if the confirmation information input by the user does not match the set information, the access to the private key is denied so that the decoding of the encoded detection means value is prevented.

Then, the user terminal 100 transmits the verification means value obtained through decoding to the authentication server 200 (S308). At this time, the user terminal 100 may transmit a verification target value such as a user's public key and a user information hash value together with the verification means value.

Then, the authentication server 200 confirms the verification means value transmitted from the user terminal 100 (S309), generates the verification means value obtained from the user terminal 100 and the user certificate confirmation, that is, In operation S309, the verification result is verified to verify whether the mobile ID is valid. In operation S310, authentication result information on the user according to the validity of the mobile ID is transmitted to the service server 111. At this time, the authentication server 200 can acquire the verification target ID such as the user's public key and the user information hash value together with the verification means value from the user terminal 100, and matches the verification target ID to the user terminal The verification means can verify the value of the verification means.

In addition, when using the time stamp as the verification means value, the authentication server 200 may perform a verification operation between the first time at which the encoded verification means value is transmitted to or transmitted from the user terminal and the second time at which the verification means value is obtained from the user terminal It is judged that the authentication has failed. Accordingly, the authentication server 200 can prevent the user's mobile ID from being used by theft or the like.

The service server 111 performs authentication by the user using the mobile ID in response to the authentication result information received from the authentication server 200. [

A modification of the method for authenticating a user using a mobile ID according to another embodiment of the present invention through the system configured as in FIG. 7 will be described with reference to FIG.

The user certificate including the public key of the user, the user identification information, and the user information hash value, which is a hash value of the user information, is registered in the first block chain database and the corresponding first block chain transaction ID A representative hash value or a representative hash value obtained by computing at least one neighborhood hash value matching the specific hash value and a specific hash value generated by applying a hash function to the user certificate is processed in a second block chain database When the user inputs the user identification information of the user in order to perform the user authentication in the service web such as the Internet web page in the state of registering the second block chain transaction ID corresponding to the second block chain transaction ID in step S400, The service server 111 that provides the service web stores the user identification information input by the user in the authentication server 2 00) (S401). At this time, the user identification information may include unique information such as a push-to-talk, a user ID, a resident registration number, a user terminal ID, an IP address of the user terminal, a telephone number, and the like.

Then, the authentication server 200 checks the user identification information acquired from the service server 111, searches registered user information corresponding to the user identification information (S402), and generates a verification value corresponding to the searched user (S403). That is, the authentication server 200 confirms the user certificate registered in the first block chain database using the first block chain transaction ID corresponding to the user identification information, or the second block chain transaction ID corresponding to the user identification information Acquiring a data message from the second block chain database 300 using the first block chain database 300 and associating the representative hash value or the representative hash value included in the data message with the processed value, The node information is retrieved from the first block chain database, and the user certificate registered in the first block chain database can be confirmed by referring to the retrieved merch tree information and leaf node information.

When the user certificate for the user is confirmed, a verification means value corresponding to the user is generated (S403). At this time, the verification means value may include a nonce, an OTP (one time password), a time stamp, and the like.

Thereafter, the authentication server 200 encodes the verification means value generated in order to request the user terminal to authenticate the user using the mobile ID (S404), and transmits the verification means value encoded in the user terminal 100 to the public key And transmits it as a user authentication request signal (S405). At this time, the authentication server 200 may transmit a verification target ID such as a user information hash value and a user's public key, in addition to the encoded verification means value.

The user terminal 100 requests the user to input verification information (S406). If the verification information input by the user matches the set information, the user terminal 100 permits access to the private key, By using the private key to decode, the verification means value can be obtained (S407). However, if the confirmation information input by the user does not match the set information, the access to the private key is denied so that the decoding of the encoded detection means value is prevented.

Then, the user terminal 100 displays the verification means value obtained through decoding so that the user can know the verification means value. At this time, the user terminal 100 may display the verification target value such as the user's public key and the user information hash value together with the verification means value (S408).

Thereafter, when the user inputs a verification means value displayed through the user terminal 100 through the service web (S409), the service server 111 confirms the verification means value inputted by the user through the service web, And transmits the verification means value to the authentication server 200 (S410).

Then, the authentication server 200 confirms the verification means value transmitted from the service server 111 (S411), and generates and verifies the verification means value obtained from the service server 111 and the user certificate confirmation, that is, (Step S412). The validity of the mobile ID is verified by comparing the validation value of the mobile ID, and the authentication result information of the user according to the validity of the mobile ID is transmitted to the service server 111 (S412).

Also, when the time stamp is used as the value of the verification means, the authentication server 200 may further include a first time at which the encoded verification means value is transmitted or transmitted to the user terminal and a second time at which the verification means value is obtained from the service server It is judged that the authentication has failed. Accordingly, the authentication server 200 can prevent the user's mobile ID from being used by theft or the like.

In addition, the embodiments of the present invention described above can be implemented in the form of program instructions that can be executed through various computer components and recorded in a computer-readable recording medium. The computer-readable recording medium may include program commands, data files, data structures, and the like, alone or in combination. The program instructions recorded on the computer-readable recording medium may be those specially designed and constructed for the present invention or may be those known and used by those skilled in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules for performing the processing according to the present invention, and vice versa.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, Those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims.

Therefore, the spirit of the present invention should not be construed as being limited to the above-described embodiments, and all of the equivalents or equivalents of the claims, as well as the following claims, I will say.

100: user terminal,
110: authentication request terminal,
111: service server,
200: authentication server,
210:
220: processor,
300: second block chain database

Claims

A method for authenticating a user using a mobile identity,
(a) a user certificate including a public key of the user, user identification information for identifying the user, and a user information hash value, the user information hash value being a hash value of the user information of the user, A first block chain ID corresponding to the first hash value and a second block hash value corresponding to the first hash value, A hash value or a value obtained by processing the representative hash value in a second block chain database and managing a second block chain transaction ID corresponding to the second block chain transaction ID from the user terminal in response to the user authentication request, Or a user authentication request transaction including the user identification information The authentication server confirms (i) the user's certificate registered in the first block chain database using the public key of the user or the first block chain transaction ID corresponding to the user identification information, (ii) obtaining a data message from the second block chain database using the public key of the user or the second block chain transaction ID corresponding to the user identification information, and wherein the representative hash value or Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the value obtained by processing the representative hash value and referring to the retrieved merge tree information and leaf node information And a second block chain database Steps to verify the certificate;
(b) if the user certificate for the user is verified, the authentication server generates a verification means value, encodes the generated verification means value using the user's public key, (I) decrypting the encoded verification means value with the user's private key to obtain the verification means value, and (ii) Supporting a display of a mobile identity including a verification means value and a verification subject identity that is an identity for the user corresponding to the verification means value; And
(c) if the information of the mobile ID is obtained from the authentication requesting terminal, the authentication server obtains the verification value and the verification target ID from the information of the mobile ID, and uses the obtained verification target ID And verifying means for comparing the verification means value generated in correspondence with the user certificate verification with the verification means value obtained from the mobile ID information to determine whether the mobile ID is valid And transmitting or transmitting the authentication result information for the user according to whether the mobile ID is validated to the authentication request terminal;
&Lt; / RTI >

The method according to claim 1,
Before the step (a)
(a01) When a mobile ID issuance application transaction including at least user information is obtained from the user terminal, the authentication server confirms the user using the user information, and requests or requests a certificate registration with the user terminal Supporting step;
(a02) If the public key of the user and the user identification information are obtained from the user terminal in response to the certificate registration request, the authentication server obtains the public key, the user identification information, and the user information hash value Registering a user certificate including the first block chain in the first block chain database, managing a first block-chain transaction ID therefor, and issuing or issuing the mobile ID to the user terminal; And
(a03) If the predetermined condition is satisfied, the authentication server calculates a representative hash value by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Registering a value obtained by processing the representative hash value in a second block chain database and managing a second block chain transaction ID corresponding to the value;
&Lt; / RTI >

3. The method of claim 2,
In the step (a03)
The predetermined condition is that,
(i) a condition in which a transaction related to the mobile ID is generated by a predetermined number, (ii) a condition that a predetermined time has elapsed to generate a new merge tree after generation of the merge tree, (iii) A condition to be generated, and (iv) a condition for a service characteristic.

3. The method of claim 2,
In the step (a03)
Wherein the authentication server supports to generate or generate a merkle tree in which the particular hash value is assigned to a leaf node,
A value obtained by processing the representative hash value or the hash value generated by calculating a hash value assigned to at least one other leaf node matching the specific hash value, To be registered or registered.

5. The method of claim 4,
If the merge tree is a first tree among at least one merge tree connected in a chain form, the first leaf node of the merge tree is assigned a hash value or a processed value of predetermined message data composed of text, numbers or symbols Lt; / RTI >

5. The method of claim 4,
If the predetermined condition is satisfied,
(x1) the authentication server is configured to (i) calculate or calculate a hash value assigned to the sibling node of the node to which the specific hash value is assigned, and (ii) And (ii) assigning or assigning a hash value of a computed value of a hash value assigned to a sibling node of the node to which the specific hash value is allocated, to a parent node of the node,
(x2) if the parent node is the root node of the merge tree, support to register or register the hash value assigned to the parent node as the representative hash value in the second block chain database,
(x3) If the parent node is not the root node of the merge tree, the step (x1) to (x2) are repeated by using the hash value assigned to the parent node as the specific hash value.

The method according to claim 6,
At (x1)
If the hash value is not assigned to the sibling node of the node to which the specific hash value is assigned even though the predetermined condition is satisfied, the authentication server supports to assign or assign a predetermined hash value to the sibling node, x1) to (x3). < / RTI >

3. The method of claim 2,
When the authentication server stores the specific hash value and the at least one neighbor hash value in a predetermined first data structure and then stores and manages a second data structure of the same type as the first data structure, 1 data structure and the second data structure are connected in a chain form.

9. The method of claim 8,
Wherein a root value of the first data structure or a hash value of the root value is assigned to a first leaf node of the second data structure if the first data structure and the second data structure are merc trees. .

The method according to claim 1,
Wherein the verification means comprises a nonce or timestamp,
Wherein the verification target ID includes a public key of the user or the user information hash value obtained from the user certificate.

11. The method of claim 10,
If the verification means value is the time stamp,
The authentication server includes:
A second time at which the verification value for the mobile ID is obtained from the authentication request terminal at a first time when the verification means value is supported or transmitted to the user terminal in the step (b) When the time interval between the first authentication and the second authentication is equal to or greater than the set value, the authentication is determined to have failed.

The method according to claim 1,
Wherein the user identification information is at least one of a push token, a user ID, a resident registration number, a user terminal ID, an IP address of the user terminal, and a telephone number, Way.

The method according to claim 1,
The mobile ID includes:
The image information of the user, and the display information of each ID card.

The method according to claim 1,
The authentication request terminal,
A computing device for acquiring a signal of a reader for acquiring the mobile ID information from the mobile ID displayed through the user terminal or a computing device for acquiring the mobile ID information through communication with the user terminal, How to.

A method for authenticating a user using a mobile identity,
(a) generating and storing the public key of the user and the private key of the user, storing the public key of the user, the user identification information for identifying the user, and the hash value of the user information of the user, A user certificate including a hash value is registered in a first block chain database, a representative hash value generated by applying a hash function to the user certificate, and at least one neighbor hash value matched with the specific hash value, A hash value or a value obtained by processing the representative hash value is registered in the second block chain database, and when a user authentication request signal is input in a state of managing the mobile ID corresponding to the registered user certificate, , The public key of the user or the user identification information (I) using the first block-chain transaction ID corresponding to the user's public key or the user identification information to allow the authentication server to send the user authentication request transaction to the authentication server, Or (ii) the authentication server obtains the public key from the second block chain database using the second block chain transaction ID corresponding to the user's public key or the user identification information The first block chain database and the second block chain database, the first block chain database and the second block chain database, , And the retrieved muffle Lee information and further comprising: reference to leaf node information to support the user to check the certificates registered in the first block chain database;
(b) if the user certificate for the user is verified and the authentication server generates a verification means value, encodes the generated verification means value with the user's public key and transmits the encoded verification means value, The terminal decodes the encoded verification means value with the user's private key to obtain the verification means value and includes the verification target value obtained as the verification means value and the verification target value corresponding to the verification means value Displaying a mobile ID; And
(c) supporting, by the user terminal, the authentication requesting terminal to acquire the information of the mobile ID and transmit the information to the authentication server through the indicated mobile ID, thereby allowing the authentication server to (i) (Ii) acquiring the verification target value and the verification target ID, (ii) verifying the verification target value generated corresponding to the user certificate verification using the obtained verification target identification, (ii) A verification means for comparing the verification value with a verification means value obtained from the mobile ID information to verify whether the mobile ID is validated and for verifying authentication result information for the user according to the validity of the mobile ID, To transmit to the base station;
&Lt; / RTI >

16. The method of claim 15,
Before the step (a)
(a01) supporting the user terminal to transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server; And
(a02) If a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuing application transaction, the user terminal generates the public key of the user and the private key of the user using the user authentication key, Public key and the user identification information to the authentication server so as to allow the authentication server to transmit a user certificate including the public key of the user, the user identification information, and the user information hash value to the first A first block chain transaction ID indicating the location information on the first block chain database of the user certificate registered in the first block chain database and managing the first block chain transaction ID to issue the mobile ID to the user terminal, To support .;
&Lt; / RTI >

A method for authenticating a user using a mobile identity,
(a) registering, in a first block chain database, a user certificate including a public key of the user, user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, A representative hash value obtained by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Is registered in the second block chain database and the second block chain transaction ID corresponding to the second block chain transaction ID is managed, if the user identification information corresponding to the user authentication request is obtained from the service server, (i) associating the first block chain transaction ID corresponding to the user identification information with (Ii) obtaining a data message from the second block-chain database using the second block-chain transaction ID corresponding to the user identification information, Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the processed value of the representative hash value or the representative hash value included in the data message, Checking the user certificate registered in the first block chain database with reference to the retrieved merge tree information and leaf node information;
(b) if the user certificate for the user is verified, the authentication server generates a verification means value, encodes the generated verification means value using the user's public key, (B1) supporting the user terminal to decode the encoded verification means value with the user's private key to obtain the verification means value, or (b2) Decrypting the encoded verification means value with the user's private key to obtain the verification means value and then supporting to display the mobile identity including the obtained verification means value; And
(c2) the verification means value of the mobile ID indicated by (b2) is transmitted to the user via the service web (c1) When the verification means obtains the verification value from the service server, the authentication server performs authentication on the user by comparing the obtained verification value and the generated verification value, Supporting the transmission or transmission to the service server;
&Lt; / RTI >

18. The method of claim 17,
Before the step (a)
(a01) If a mobile ID issuance application transaction including at least the user information is obtained from the user terminal, the authentication server confirms the user using the user information, requests a certificate registration to the user terminal, ;
(a02) If the public key of the user and the user identification information are obtained from the user terminal in response to the certificate registration request, the authentication server obtains the public key, the user identification information, and the user information hash value And a second block chain database for managing the first block chain transaction ID indicating location information on the first block chain database of the user certificate registered in the first block chain database And issuing or issuing the mobile ID to the user terminal; And
(a03) If the predetermined condition is satisfied, the authentication server calculates a representative hash value by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Registering a value obtained by processing the representative hash value in a second block chain database and managing a second block chain transaction ID corresponding to the value;
&Lt; / RTI >

A method for authenticating a user using a mobile identity,
(a) generating and storing the public key of the user and the private key of the user, storing the public key of the user, the user identification information for identifying the user, and the hash value of the user information of the user, A user certificate including a hash value is registered in a first block chain database, a representative hash value generated by applying a hash function to the user certificate, and at least one neighbor hash value matched with the specific hash value, A hash value or a value obtained by processing the representative hash value is registered in a second block chain database, and in a state where the mobile ID corresponding to the registered user certificate is managed, A verification means value encoded with a public key, said verification means value comprising: (i) (Ii) checking the user certificate registered in the first block chain database using a first block-chain transaction ID corresponding to the user identification information obtained from the user, Acquiring a data message from the second block chain database using a second block-chain transaction ID corresponding to the user identification information according to an authentication request, and associating the representative hash value or the representative hash value included in the data message And searches the first block chain database for the merch tree information and the leaf node information stored in the first block chain database, and registers the merch tree information and leaf node information registered in the first block chain database with reference to the retrieved merch tree information and leaf node information The user certificate OK, and when the user certificate for the user identification, the authentication server will generate - obtaining a;
(b) the user terminal decodes the encoded verification means value with the user's private key to obtain the verification means value; and (b1) transmitting the obtained verification means value to the authentication server, Compares the verification means value received from the user terminal with the verification means value used to encode the user's public key to support authentication of the user and transmits the authentication result information to the service server (b2) displaying a mobile ID including the obtained verification means value, and allowing the user to input the verification means value of the indicated mobile ID through the service web, so that the service server To send the means value to the authentication server, And comparing the verification means value received from the service server with the generated verification means value to perform authentication for the user. Supporting the transmitted authentication result information to the service server;
&Lt; / RTI >

20. The method of claim 19,
Before the step (a)
(a01) supporting the user terminal to transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server; And
(a02) If a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuing application transaction, the user terminal generates the public key of the user and the private key of the user using the user authentication key, Public key and the user identification information to the authentication server so as to allow the authentication server to transmit a user certificate including the public key of the user, the user identification information, and the user information hash value to the first A first block chain transaction ID indicating the location information on the first block chain database of the user certificate registered in the first block chain database and managing the first block chain transaction ID to issue the mobile ID to the user terminal, To support .;
&Lt; / RTI >

An authentication server for authenticating a user using a mobile ID,
A user certificate including a public key of the user, user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, is registered in the first block chain database, A representative hash value or a representative hash value obtained by computing a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Value in the second block chain database and manages the second block chain transaction ID corresponding to the second block chain transaction ID from the user terminal in response to the user authentication request, the public key of the user or the user authentication information including the user identification information A communication unit for acquiring a request transaction; And
(I) verifying the user's certificate registered in the first block chain database using the public key of the user or the first block chain transaction ID corresponding to the user identification information of the obtained user authentication request transaction (ii) obtaining a data message from the second block chain database using the public key of the user or the second block chain transaction ID corresponding to the user identification information, and wherein the representative hash value Or the leaf node information stored in the first block chain database in association with a value obtained by processing the representative hash value, in the first block chain database, and extracts the retrieved merge tree information and leaf node information To the first block chain database Generating a verification means value when the user certificate for the user is verified; encoding the generated verification means value using the user's public key; (I) decrypting the encoded verification means value with the user's private key to obtain the verification means value, and (ii) acquiring And a verification process step of, when information on the mobile identity is acquired from the authentication requesting terminal, determining whether the verification result is valid or not, From the information of the mobile ID, And verifying means for verifying the verification means value generated corresponding to the user certificate verification using the obtained verification target identification, and comparing the verification means value generated corresponding to the user certificate verification and the mobile identification information A process of confirming whether the mobile ID is valid by comparing the obtained verification means value and supporting the transmission or transmission of authentication result information about the user according to whether the mobile ID is validated to the authentication request terminal Processor; And an authentication server for authenticating the authentication server.

22. The method of claim 21,
The processor comprising:
A process of confirming the user using the user information and requesting or requesting a certificate registration to the user terminal when a mobile ID issuance application transaction including at least user information is obtained from the user terminal, When the public key of the user and the user identification information are acquired from the user terminal in response to the first block chain database and the user identification information, the user certificate including the user's public key, the user identification information, A process of managing a first block-chain transaction ID for the mobile terminal, a process of issuing or issuing the mobile ID to the user terminal, and a process of applying a hash function to the user certificate One hash value And a value obtained by processing the representative hash value or the processed value of the representative hash value in the second block chain database and managing the corresponding second block chain transaction ID Wherein the authentication server further performs the authentication process.

A user terminal for authenticating a user using a mobile ID,
And generating and storing the public key of the user and the private key of the user and storing the public key, the user identification information for identifying the user, and the user information hash value, which is a hash value for the user information of the user, A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A value obtained by processing the representative hash value is registered in the second block chain database, and when a user authentication request signal is input in a state of managing the mobile ID corresponding to the registered user certificate, Or a user authentication request including the user identification information (I) causing the authentication server to send a transaction to the first block chain database using the public key of the user or the first block chain transaction ID corresponding to the user identification information Or (ii) the authentication server receives a data message from the second block chain database using a second block chain transaction ID corresponding to the user's public key or the user identification information, And searches the first block chain database for the merge tree information and leaf node degree stored in the first block chain database in association with the representative hash value or the representative hash value included in the data message, The retrieved muckle tree information and leaf And a process of supporting the user to verify the user certificate registered in the first block chain database by referring to the first block chain database and the user certificate for the user is confirmed and the authentication server generates a verification means value, Means for decrypting the encoded verification means value with the private key of the user to obtain the verification means value, and if the verification means value obtained is the same as the verification means value, A processor for performing a process of displaying a mobile ID including a verification target ID that is an identification for the user corresponding to a verification means value; And
Wherein the authentication requesting terminal obtains information of the mobile ID through the mobile ID and transmits the information to the authentication server so as to allow the authentication server to determine (i) the verification value from the information of the mobile ID, (Ii) verifying means for verifying the value of the verification means generated in correspondence with the user certificate verification using the obtained verification target identification, and (ii) A communication unit for verifying the validity of the mobile ID by comparing the verification means value obtained from the information and supporting authentication result information for the user according to whether the mobile ID is validated to the authentication request terminal;
And a user terminal.

24. The method of claim 23,
Wherein,
To transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server,
The processor comprising:
Generating a public key of the user and a private key of the user using the user authentication key when the certificate registration request signal is obtained from the authentication server in response to the mobile ID issue application transaction, And registers the user certificate including the public key of the user, the user identification information, and the user information hash value in the first block chain database by supporting the authentication server to transmit or transmit the authentication information to the authentication server, Managing a first block chain transaction ID indicating location information on the first block chain database of the user certificate registered in the first block chain database and issuing the mobile ID to the user terminal. He said.

An authentication server for authenticating a user using a mobile ID,
A user certificate including a public key of the user, user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, is registered in the first block chain database, A representative hash value or a representative hash value obtained by computing a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, In a second block chain database and managing a second block chain transaction ID corresponding to the second block chain transaction ID, a communication unit for obtaining the user identification information corresponding to the user authentication request from the service server; And
(i) identifying the user certificate registered in the first block chain database using the first block chain transaction ID corresponding to the user identification information, or (ii) Acquiring a data message from the second block chain database using a chain transaction ID and storing the representative hash value or the representative hash value included in the data message in the first block chain database Searching the first block chain database for the merge tree information and the leaf node information and checking the user certificate registered in the first block chain database with reference to the retrieved merge tree information and leaf node information, If the user certificate is confirmed for Encrypting the generated verification means value using the public key of the user and supporting the encoded verification means value to transmit or transmit the verification means value to the user terminal, and (b1) (B2) decrypting the encoded verification means value with the private key of the user to obtain the verification means value < RTI ID = 0.0 > (C1) the verification means value is obtained from the user terminal by (b1), (c2) the verification means value is obtained from the user terminal, (b2) inputs the verification means value of the indicated mobile identity via the service web by the user The verification means value is obtained from the service server, and the verification means value obtained is compared with the verification means value to authenticate the user, and the performed authentication result information is transmitted to the service server A processor for performing a process for supporting transmission;
And an authentication server for authenticating the authentication server.

26. The method of claim 25,
The processor comprising:
A process of confirming the user using the user information and requesting or requesting a certificate registration to the user terminal when a mobile ID issuance application transaction including at least the user information is obtained from the user terminal, When the user's public key and the user identification information are obtained from the user terminal in response to the request, the user certificate including the public key of the user, the user identification information, The mobile terminal managing the first block chain transaction ID indicating location information on the first block chain database of the user certificate registered in the first block chain database, And generating a hash value by applying a hash function to the user certificate and a representative hash value obtained by calculating at least one neighbor hash value matching the specific hash value, Further comprising: registering a value obtained by processing the representative hash value in a second block chain database and managing a second block chain transaction ID corresponding to the value.

A user terminal for authenticating a user using a mobile ID,
And generating and storing the public key of the user and the private key of the user and storing the public key, the user identification information for identifying the user, and the user information hash value, which is a hash value for the user information of the user, A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A value obtained by processing the representative hash value is registered in the second block chain database, and in a state in which the mobile ID corresponding to the registered user certificate is managed, a verification means value - the verification means value is (i) obtained from a service server (Ii) checking the user certificate registered in the first block chain database using the first block chain transaction ID corresponding to the user identification information according to the user authentication request, or (ii) Acquires a data message from the second block chain database using a second block chain transaction ID corresponding to the user identification information according to the first block chain database, The method of claim 1, further comprising: searching, in the first block chain database, the merch tree information and leaf node information stored in the one block chain database, referring to the retrieved merch tree information and the leaf node information, , And After confirmation by the user certificate for the user, the authentication server will create-communication to obtain a; And
(B1) transmitting the obtained verification means value to an authentication server by decoding the encoded verification means value with the private key of the user to obtain the verification means value, (B2) performing authentication for the user by comparing the verification means value and the verification means value used for encoding with the public key of the user, and transmitting the authentication result information to the service server; (b2) Means for displaying the mobile ID including the value of the means for allowing the user to input the verification means value of the displayed mobile ID through the service web so that the service server transmits the verification means value to the authentication server So as to allow the authentication server to access the service server And performs authentication for the user by comparing the verification means value received with the generated verification means value. And to transmit the performed authentication result information to the service server;
And a user terminal.

28. The method of claim 27,
Wherein,
To transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server,
The processor comprising:
Generating a public key of the user and a private key of the user using the user authentication key when the certificate registration request signal is obtained from the authentication server in response to the mobile ID issue application transaction, And registers the user certificate including the public key of the user, the user identification information, and the user information hash value in the first block chain database by supporting the authentication server to transmit or transmit the authentication information to the authentication server, Managing a first block chain transaction ID indicating location information on the first block chain database of the user certificate registered in the first block chain database and issuing the mobile ID to the user terminal. He said.