KR101974452B1 - Methods and system for managing personal information based on programmable blockchain and one-id - Google Patents

Abstract

The present invention encrypts and stores user information whose identity has been confirmed in a programmable block chain, permits a user to perform a user authentication program upon registration and request of user information, and accesses a block chain through a management server, The integrity of the user authentication program can be ensured, personal information can be verified without generating transaction of the block chain individually, and even the management server can handle the user authentication program of the block chain A programmable block chain and an integrated identity based user information management method and system are provided.
In addition, it is possible to store the user information as a backup in preparation for a situation such as loss or theft of the user terminal, so that the new user terminal can re-register in the block chain without re-inputting the user information. Based user information management method and system.

Description

[0001] METHOD AND SYSTEM FOR MANAGING PERSONAL INFORMATION BASED ON PROGRAMMABLE BLOCKCHAIN AND ONE-ID [0002]

The present invention relates to a programmable block chain and an integrated user (ID) -based user information management method and system. More particularly, the present invention relates to a method and system for managing user information And a user information management method and system for allowing a user to access a block chain through a management server and to store user information as a backup in preparation for a situation such as loss or theft of a user terminal.

In order to use services provided by various service providers, user information or personal information is stored in servers of various service providers, so that even if one service server is hacked, user information is leaked. In addition, when the user terminal is lost or hijacked and uses a new terminal, it is impossible to access the service provider server in which the existing user information is stored, or the user information must be reentered for re-registration There is a hassle.

Recently, many block chains have been proven to be secure and reliable in order to manage user information. Korean Patent No. 10-1590076 discloses a technique of encrypting and registering personal information in a block chain. A technology that uses a block chain as an intermediary to send and receive personal information on a one-to-one basis between a user and an institution (service provider) server. Security is enhanced by encrypting personal information with a user's public key and storing it in a block chain. However, each time the stored user information is accessed, it is necessary to confirm the identity or identity of the user every time. Therefore, there is a problem in that cost and waiting time are increased because all institutions must generate a direct transaction every time they access the block chain.

The block chain technology has evolved from a simple storage medium with high security, and various programs can be uploaded. A typical example of this is Ethereum. Etherium is an open platform that allows you to view block chains as a single database, to load all assets, and to program each asset as it runs or trades. Thus, using this evolved block-chain platform, it is possible to secure user information storage and user authentication, and also to guarantee the integrity of the authentication program, thereby solving many security related issues of personal information management.

GB 10-1590076 B.

The present invention encrypts and stores user information whose identity has been confirmed in a programmable block chain, permits a user to execute a user authentication program upon registration and request of user information, and accesses a block chain through a management server, The integrity of the secure storage and user authentication program is ensured and the user information is stored as a backup in preparation for a situation such as loss or theft of the user terminal so that the new user terminal is re-registered in the block chain without re- And to provide a personal information management method and system capable of enabling personal information.

According to another aspect of the present invention, there is provided a method for managing a cipher text, the method comprising: receiving a user's ID, a first cipher text and a management server signature from a management server through a block chain connected to a management server; A user information registration step of signing and verifying the management server signature with a management server public key, and then mapping and registering the first ciphertext with the ID of the user; And transmitting the first ciphertext, which is mapped and registered to the ID of the user, to the management server when the first ciphertext is requested from the management server, wherein the block chain includes at least one of Ethereum Wherein the management server is connected to the user terminal through a network and serves as a relay in the middle of the block chain and the first ciphertext is a block chain in which the user terminal encrypts the user information and transmits the encryption information to the management server Wherein the management server signature is a signature of the first ciphertext with a private key of the management server and the user information includes personal information or documents of the user. Based user information management method is provided.

Wherein the programmable block chain and the integrated identity-based user information management method further comprises: receiving a second cipher text of the user from the management server and mapping the second cipher text to the ID of the user; And transmitting the second ciphertext, which is mapped and registered to the ID of the user, to the management server when the second ciphertext is requested from the management server, wherein the second ciphertext is different from the first ciphertext It may be encrypted in some way.

The second cipher text may be one in which the user terminal encrypts user information based on a password or may further encrypt user information encrypted based on the password using the public key of the management server.

The user information registration step may be a step in which the terminal of the user registers his / her identity after authenticating himself / herself through a public certification authority.

The programmable block chain and the integrated identity-based user information management method include: registering the public key of the user; Receiving a user signature and a text from the management server; And a user authentication step of verifying the user signature with the user public key and comparing the user signature with the original text, wherein the user signature is signed with a user private key, and the original text is transmitted to the management server And the service provider server may be connected to the management server through a network.

The original text may be a user authentication request text sent by the service provider server, and the user signature may be the user terminal signing the user authentication request text with the user private key.

The user information transmission step may be performed when authentication is successful as a result of performing the user authentication step.

Wherein when the service provider server receives the specific information of the user from the user terminal and requests authentication of the specific information, the original text is a original text including the specific information transmitted by the service provider server, The user terminal may select only the information requested by the service provider server from the user information obtained by decrypting after receiving the first cipher text stored in the block chain, and signing with the user private key.

According to another embodiment of the present invention, a management server connected to a user terminal and a block chain via a network receives a user ID and a first cipher text from the user terminal, A user information registration step of registering; And a user information transmission step of receiving the first ciphertext, which is mapped and registered to the ID of the user, from the block chain when receiving the first ciphertext from the user terminal, and transmitting the first ciphertext to the user terminal, Characterized in that the first ciphertext is encrypted by the user terminal with a user public key and the user information includes personal information or a document of the user. A possible block chain and an integrated identity based user information management method are provided.

The programmable block chain and the integrated identity-based user information management method further include mapping and registering the second cipher text of the user to the block chain, wherein the second cipher text is different from the first cipher text . ≪ / RTI >

The second cipher text may be one in which the user terminal encrypts the user information based on a password, or the user information encrypted based on the password may further be encrypted by the management server using a public key of the management server.

The programmable block chain and integrated identity-based user information management method includes: receiving a recovery request from a new user terminal; And receiving the second ciphertext registered in the block chain after receiving the restoration request and transmitting the second ciphertext to the new user terminal.

The user information registration step may be performed by the user terminal after authenticating the user through the authorized certification authority.

Wherein the user information registration step comprises: signing the received first ciphertext with a private key of the management server to generate a management server signature; And transmitting the management server signature to the block chain server together with the user ID and the first ciphertext, wherein when the management server signature is successful in signature verification in the block chain, .

The programmable block chain and integrated identity-based user information management method comprises: receiving a text from a service provider server; Receiving a user signature from the user terminal; Transmitting the received user signature statement and the original text to the block chain; And receiving, by the block chain, an authentication result of comparing the user signature with the user's public key and comparing the user signature with the original text, wherein the service provider server is connected to the management server via a network, The user signature may be signed with the user's private key.

Wherein the original text is a user authentication request text sent by the service provider server, the user signature sent from the management server to the user terminal, and the user terminal transmits the received user authentication request The original text may be signed with the user private key.

Wherein when the service provider server receives the specific information of the user from the user terminal and requests authentication of the specific information, the original text is the original text including the specific information transmitted by the service provider server, The user terminal may select only the information requested by the service provider server from the user information obtained by decrypting after receiving the first cipher text stored in the block chain and signing with the user private key.

According to another preferred embodiment, there is also provided a computer program stored in a computer-readable recording medium for executing a method according to each of the above-described methods.

According to still another preferred embodiment, there is provided a computer-readable recording medium on which a program for executing the above-described respective methods is recorded.

According to another aspect of the present invention, there is provided a block chain connected to a management server via a network, the block chain being operated by a program for executing the above- / RTI >

According to another aspect of the present invention, there is provided a management server connected to a service provider server, a user terminal and a block chain via a network, A management server is provided.

As described above, according to the present invention, it is possible to encrypt and store user information whose identity has been confirmed in a programmable block chain, perform a user authentication program when registering and requesting user information, It is possible to secure user information more securely, to guarantee the integrity of the user authentication program, to enable personal information verification without generating transaction of block chain individually by various agency servers, and even to the management server, The authentication program can not be tampered with.

In addition, the user information is stored as a backup in preparation for the occurrence of a loss or theft of the user terminal, thereby enabling the new user terminal to re-register in the block chain without re-inputting the user information.

1 is a block diagram illustrating a configuration of a programmable block chain and an integrated identity-based user information management system according to an embodiment of the present invention.
FIG. 2 is a flowchart illustrating a concrete example of a user and first ciphertext registration of a programmable block chain and an integrated identity-based user information management method according to an embodiment of the present invention.
3 is a flowchart illustrating a concrete example of a user and a first ciphertext registration of a programmable block chain and an integrated identity-based user information management method according to another embodiment of the present invention.
4 is a flowchart illustrating a concrete example of a second ciphertext registration of a programmable block chain and an integrated identity-based user information management method according to another embodiment of the present invention.
5 is a flowchart illustrating a concrete example of the second cipher text registration of the programmable block chain and the integrated identity-based user information management method according to another preferred embodiment of the present invention.
FIG. 6 is a flowchart illustrating a concrete example of user and first and second ciphertext registrations of a programmable block chain and an integrated identity-based user information management method according to another preferred embodiment of the present invention.
7 is a flowchart illustrating a concrete example of providing personal information of a programmable block chain and an integrated identity-based user information management method according to another preferred embodiment of the present invention.
FIG. 8 is a flowchart illustrating a concrete example of providing user information of a programmable block chain and an integrated ID-based user information management method according to another preferred embodiment of the present invention.
9 is a flowchart illustrating a concrete example of providing personal information of a programmable block chain and an integrated identity-based user information management method according to another preferred embodiment of the present invention.
10 is a flowchart illustrating a concrete example of user authentication and user information provision of a programmable block chain and an integrated identity-based user information management method according to another preferred embodiment of the present invention.
11 is a flowchart illustrating a concrete example of providing a second ciphertext in a programmable block chain and an integrated identity-based user information management method according to another preferred embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. In the following description, only parts necessary for understanding the operation according to the embodiment of the present invention are shown and described, and the other parts of the drawings and descriptions are omitted so as not to obscure the gist of the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein.

In addition, terms and words used in the following description and claims should not be construed to be limited to ordinary or dictionary meanings, but are to be construed in a manner consistent with the technical idea of the present invention As well as the concept.

Throughout the specification, when a part is referred to as being "connected" to another part, it is not limited to the case where it is "directly connected," but is "electrically connected" Or wirelessly or wirelessly over a wired / wireless network. Also, when a part is referred to as " including " an element, it does not exclude other elements unless specifically stated otherwise.

For simplicity of explanation, one or more methods are shown and described herein as a series of steps, for example in the form of a flowchart or a flowchart, but the present invention is not limited by the order of the steps, As it can be done in a different order than that shown and described herein or concurrently with other steps. Furthermore, not all illustrated steps may have to be implemented in accordance with the present invention.

The term " user " throughout the specification may be an individual, an organization, an organization, an enterprise, etc. The user's ID and public key may be registered in a block chain, the user information may be stored in a block chain, Information authentication request can be received.

Also, throughout the specification, the term " user information " includes various types of documents as well as various personal information of the user. The term 'personal information' means information such as a user's social security number, social security number, address, terminal information, server information, and telephone number.

The term " service provider " in the entire specification may be an individual, an organization, an organization, an enterprise, or the like. The ID and the public key need not necessarily be registered in the block chain, Of the user.

1 is a block diagram illustrating a configuration of a programmable block chain and an integrated identity-based user information management system according to an embodiment of the present invention.

1, a programmable block chain and an integrated identity-based user authentication system according to the present invention includes a user terminal 10, a service provider server 20, a management server 30, and a programmable block chain 40 ). ≪ / RTI >

The user terminal 10 may be a variety of personal devices or devices such as a mobile phone, a smart phone, a computer, a tablet, and a PC, and may also be various servers, computers, devices, or devices used in various organizations such as corporations, Lt; / RTI > In this figure, a smart phone, a notebook, and a server are shown, but the present invention is not limited thereto.

Preferably, the user terminal 10 may be equipped with a FIDO (Fast Identity online) authentication device. In this case, the key pair can be generated through the FIDO authentication device, the private key can be stored, and the can key can be acquired through biometric authentication or the like.

The service provider server 20 may be various servers, computers, devices, or devices used in various organizations such as a company, a public institution, a bank, and the like that provide a specific service and may also be a mobile phone, a smart phone, a computer, a tablet, Or a variety of personal devices or devices. In this figure, a notebook computer and a server are shown, but the present invention is not limited thereto.

The management server (or management server) 30 may be an ordinary server that can be operated by an organization, an enterprise, a service provider, an individual, or the like, and may be a variety of devices or devices such as a computer, a tablet, and a PC.

The management server 30 may communicate with the user terminal 10 and the service provider server 20 through various wired or wireless networks and may include various wired and wireless communication means for communication. In addition, the management server 30 can communicate with the block chain 40 via various wired or wireless networks. The communication network may be a wired network such as Ethernet or a wireless network such as a Wi-Fi or a mobile communication network, but is not limited thereto.

In the block chain 40, user information and a user authentication program are stored and executed. The block chain 40 is not limited to a simple storage medium but is a block chain of various types that can be programmed to load various programs, and a representative example thereof is etherium. The programmable block chain 40 is an open platform that can view the block chain as a single database and can program all the assets and directly program the way each asset is driven or traded. On the Etherium, various programs can be designed, and they can be manipulated carefully to the manner and condition of their operation, and the integrity of the program can not be tampered with.

Accordingly, using the programmable block chain 40 can solve not only secure user authentication but also integrity of user information and authentication program, thereby solving many security issues associated with user authentication.

The management server 30 can act as a relay between the user terminal 10 and the service provider server 20 and the block chain 40.

The user terminal 10 and the service provider server 20 access the block chain through the management server 30 so that the user information can be confirmed without causing the service provider servers to individually generate transactions in the block chain directly . That is, there is no need for multiple service provider servers to directly provide logic to access the block chain.

The block chain 40 consists of a large number of nodes and an independent, open common ledge distributed and distributed at each node, and can also be used for proof-of-work or proof of ownership proof-of-take. Therefore, compared to the advantage of high security, P2P service has a disadvantage in that the transaction speed is relatively slow, the upgrade is slow, and the control is complicated.

Therefore, if the access to the block chain is made through the management server 30, the slow transaction speed can be improved and the service provider server 20 does not have to handle complicated control.

In addition, if the user authentication program is put on the block chain 40, even the management server 30 can not arbitrarily manipulate the user authentication program put on the block chain 40. [ Therefore, even if the management server 30 is hacked, the user information and the program stored in the block chain 40 are secure.

Further, by using the management server 30, it becomes possible to log in to a plurality of service provider servers with one ID, provide user information, or authenticate user information. Accordingly, since the user information is not distributed among the multiple agency servers, it is easy to manage the history of providing the user information, and it is necessary to memorize both the user ID and password at the time of user information change or service provider's service subscription, There is an effect of eliminating the inconvenience.

FIG. 2 is a flowchart (S50) illustrating a concrete example of user and first ciphertext registration of a programmable block chain and an integrated identity-based user information management method according to an embodiment of the present invention.

Referring to FIG. 2, a flowchart is shown in which the block chain 40 performs user registration and registers (or stores) the first ciphertext (encrypted user information).

In step S52, the block chain 40 may register (or store) the management server public key. This registration procedure can be performed only once at the beginning. The block chain 40 registers the management server public key in order to verify that the object to send and receive information by signing with the management server public key is the management server 30 when exchanging information with the management server 30.

In step S54, a user ID, a user public key, and a management server signature can be received for user registration. The first cipher text may be stored together with the user at the time of user registration, or the first cipher text may be stored after the user registration. Although the flowchart is shown as storing the first ciphertext together with the user registration, it is not necessarily so.

The first cipher text is that the user terminal 10 encrypts the user information and transmits it to the management server 30. Preferably, the user terminal 10 encrypts user information with a user public key.

It is desirable that the user information is stored in a block chain by encrypting the user information whose identity has been confirmed by the authorized certification authority because the user does not have to check the identity of the user each time the user is authenticated.

The management server signature may be generated by the management server 30 signing the first cipher text with the management server private key.

In step S56, the received signature of the management server signature can be verified by the management server public key. When the signature is verified, it is proved that it is a signature sent from the management server 30.

If the signature verification is successful in step S56, the user ID and the user public key are mapped and registered, and the user registration can be completed. If the first cipher text is received together with the user, it can be mapped to the user ID and stored (S58).

As one embodiment of the program, steps S56 and S58 may be implemented with solidity code used in etherium as follows.

# Block chaining code for registering users

# Signature verification with the management server public key (Server_PublicKey), and only when the public key (PublicKey) and the first ciphertext (EncData) registration

function AddUser (byte32 [] ID, byte32 [] PublicKey, byte32 [] EncData, byte32 [] Signature)

{

if (RSA_Verify (Server_PublicKey, Signature, EncData) == Success)

{

User [ID] .pub = PublicKey

User [ID] .enc1 = EncData

}

}

As described above, by registering the user in the programmable block chain 40 and signing the signature verification procedure, the integrity of the signature verification program as well as the secure storage of the user ID and the first ciphertext can be guaranteed.

3 is a flow chart (S60) illustrating a concrete example of user and first ciphertext registration of a programmable block chain and an integrated identity-based user information management method according to another embodiment of the present invention.

Referring to FIG. 3, there is shown a specific embodiment in which the system of FIG. 1 registers a user and a first cipher text.

The user terminal 10 may generate a user key pair (private key and public key) (S62).

Among the generated key pairs, the user private key may be stored in a secure zone (S64). If the user terminal 10 is equipped with the FIDO authentication device, key pair generation and private key storage can be performed through authentication such as biometric authentication.

The user terminal 10 can receive the identity or identity of the user's personal information through an accredited certification authority (S66).

The user terminal 10 can generate the first cipher text by encrypting the original text including the user information with the user public key (S68). The user information may further include various types of documents in addition to the personal information of the user (resident registration number, etc.).

The registration of the first ciphertext may be performed separately, not at the time of user registration. In the present embodiment, it is described that they are performed at the same time, but the present invention is not limited thereto.

The user terminal 10 may request the management server 30 to register the user information (S70). At this time, the user ID, the user public key, and the first cipher text can be transmitted together.

Upon receiving the user information registration request, the management server 30 can generate the management server signature by signing the first ciphertext with the management server private key (S72).

The management server 30 which has generated the management server signature statement can request the block chain 40 to register the user information (S74). At this time, a user ID, a user public key, a first cipher text, and a management server signature can be transmitted together.

The block chain 40 receiving the user information registration request can verify the signature with the management server public key stored in advance in the management server signature statement (S76).

If the signature verification is successful, it is proven that the user information registration request is received from the management server 30 specified in advance.

If the signature verification is successful, the block chain 40 can map and store the received user ID, the user public key, and the first cipher text (S78).

In step S80, the block chain 40 may transmit to the management server 30 a result indicating that the user information registration has been successfully performed.

The management server 30 having received the user information registration result can transmit the result to the user terminal 10 (S82).

According to the embodiment as described above, the block chain 40 can register a plurality of users through the management server 30.

4 is a flowchart (S90) illustrating a concrete example of the second cipher text registration of the programmable block chain and the integrated identity-based user information management method according to another embodiment of the present invention.

Referring to FIG. 4, there is shown a flow chart illustrating a procedure by which the block chain 40 registers a second cipher text. The present embodiment allows the user terminal 10 to store user information as a backup in preparation for a situation such as loss or theft of the user terminal 10 so that the new user terminal 50 can access the block chain 40 and the service provider server 20 to be re-registered.

The second cipher text stored in the backup is preferably encrypted in a manner different from the first cipher text because the user terminal 10 can access the management server 30 and the block chain 40 even if the user terminal 10 is lost, It is necessary to be able to decrypt the second cipher text.

In step S92, the block chain 40 may receive a user ID, a second cipher text, a user signature, and a management server signature from the management server 30. The user signature is obtained by encrypting the user information with the user's private key after the user terminal 10 encrypts it, the second cipher text is the encrypted user information with the management server public key, and the management server signature is used to manage the second cipher text It may be signed with the server private key.

In step S94, the signature of the management server signature is verified with the management server public key, so that the received management server signature can be verified as being received from the management server 30.

In step S96, it is possible to verify that the received user signature is received from the terminal 10 of the user registered with the user ID by signing the user signature with the user's public key.

In step S98, if the verification in steps S94 and S96 is successful, the received second cipher text can be mapped to the user ID and registered.

5 is a flowchart (S100) illustrating a concrete example of the second cipher text registration of the programmable block chain and the integrated identity-based user information management method according to another preferred embodiment of the present invention.

Referring to FIG. 5, there is shown a flow chart illustrating a procedure for the system of FIG. 1 to register a second cipher text. 4, it is preferable that the second cipher text stored in the backup is encrypted in a manner different from the first cipher text. In this embodiment, the second cipher text encrypted in the password is stored in the block chain 40 .

In step S102, the user terminal 10 may generate a backup cipher text by encrypting the original text including user information on a password basis. The reason for using the password is that, if the user terminal 10 becomes unusable due to loss or theft, the user can not use the private key, so that the password is used instead.

The user terminal 10 can generate a user signature by signing the generated backup ciphertext with the user's private key (S104).

The user terminal 10 can send a user information registration request for backup while transmitting the generated user signature to the management server 30 together with the user ID and the backup cipher text (S106).

The management server 30 receiving the backup user information registration request can generate the second cipher text by encrypting the backup cipher text with the management server public key (S108). The reason for further encrypting the backup passphrase with the management server public key is because the backup passphrase is password-based and may be vulnerable to security. Of course, a password-based encrypted backup ciphertext may be used as a second ciphertext without further encryption.

The management server 30 may generate the management server signature by signing the generated second cipher text with the management server private key (S110).

The management server 30 which has generated the management server signature can request the user information registration for backup while transmitting the user ID, the second ciphertext, the management server signature, and the user signature to the block chain 40 (S112).

The block chain 40 may verify the received management server signature with the management server public key to verify that the received management server signature is received from the management server 30 (S114).

In addition, the block chain 40 can verify that the received user signature is received from the terminal 10 of the user registered with the user ID by signing the user signature with the user public key (S116).

If the verification in steps S114 and S116 is successful, the block chain 40 can map and register the received second cipher text to the user ID (S118).

As described above, the block chain 40 that has registered the second ciphertext through the two-stage signature verification transmits the backup user information registration result to the management server 30 (S120), and the management server 30 transmits the result to the user When transmitting to the terminal 10, the registration of the second cipher text is completed.

FIG. 6 is a flowchart (S200) illustrating a concrete example of user and first and second ciphertext registrations of a programmable block chain and an integrated identity-based user information management method according to another preferred embodiment of the present invention.

Referring to FIG. 6, the system of FIG. 1 performs user registration and first and second cipher text registration at the same time.

The user terminal 10 generates a user key pair (S202), and the user private key among the generated key pairs may be stored in a trust zone (S204).

The user terminal 10 can confirm identity or identity of the user's personal information through an accredited certification authority (S206).

The user terminal 10 may generate the first cipher text by encrypting the original text including the user information with the user public key (S208).

In addition, the user terminal 10 may generate a backup cipher text by encrypting the original text including the user information based on a password (S210).

The user terminal 10 can request the management server 30 to register the user information (S212). At this time, the user ID, the user public key, the first ciphertext, and the backup ciphertext can be transmitted together.

The management server 30 receiving the user information registration request can generate the second cipher text by encrypting the received backup cipher text with the management server public key (S214). At this time, the backup ciphertext can be used as the second ciphertext without further encryption.

The management server 30 can generate the management server signature by signing the first cipher text and the second cipher text with the management server private key (S216).

The management server 30 which has generated the management server signature statement can request the block chain 40 to register the user information (S218). At this time, a user ID, a user public key, a first cipher text, a second cipher text, and a management server signature can be transmitted together.

Upon receipt of the user information registration request, the block chain 40 may verify the signature with the management server public key previously stored in the management server signature (S220). If the signature verification is successful, it is proven that the user information registration request is received from the management server 30.

If the signature verification is successful, the block chain 40 may map and store the received user ID, the user public key, the first cipher text, and the second cipher text (S222).

In step S224, the block chain 40 may transmit to the management server 30 a result indicating that the user information registration has been successfully performed.

The management server 30 having received the user information registration result can transmit the result to the user terminal 10 (S226).

As described above, the first ciphertext and the second ciphertext may be registered and stored at the time of user registration, but the first and second ciphertexts may be separately registered and stored.

FIG. 7 is a flowchart (S300) illustrating a specific example of providing personal information of a programmable block chain and an integrated identity-based user information management method according to another preferred embodiment of the present invention.

Referring to Fig. 7, a method of providing personal information in the system shown in Fig. 1 is shown.

When the user terminal 10 receives the personal information request from the service provider server 20 (S302), the user terminal 10 can request the stored personal information to the management server 30 (S304).

The management server 30 having received the personal information request may request the block chain 40 of the user's first cipher text (S306). At this time, the user ID can be transmitted together.

The block chain 40 requesting the first ciphertext may transmit the first ciphertext mapped to the received user ID to the management server 30 in step S308.

The management server 30 may transmit the received first cipher text to the user terminal 10 (S310).

The user terminal 10 may decrypt the received first cipher text using the user's private key to obtain user information (S312). If the user terminal 10 has the FIDO authentication device, it can acquire and use the user's private key via the FIDO authentication.

The user terminal 10 can transmit the acquired user information to the service provider server 20 (S314). If the personal information requested by the service provider server 20 is some information included in the user information, only the information requested by the service provider server 20 among the acquired user information is selected and transmitted to the service provider server 20 You may.

As described above, since user information can be provided to a plurality of institution servers with one ID and user information is not distributed among various agency servers, it is easy to manage the history of providing user information and address information, , There is an effect that both the ID and the password are memorized at the time of changing the personal information such as the telephone number or at the service subscriber's service subscription, and there is no inconvenience to re-enter the user information every time.

FIG. 8 is a flowchart illustrating a concrete example of providing user information of a programmable block chain and an integrated ID-based user information management method according to another preferred embodiment of the present invention.

Referring to FIG. 8, when the block chain 40 receives a first ciphertext request, the user authentication is performed before the ciphertext transmission is performed. Since the first ciphertext is encrypted with the user public key and can not be decrypted if the user has no private key, it is difficult to decrypt the third ciphertext even if it is leaked to a third party. However, in order to prevent even the third ciphertext from being transmitted to a third party, It verifies whether the user terminal 10 having the private key has actually requested it, and transmits the verification result.

In step S352, the block chain 40 may be requested for the first ciphertext. At this time, the original text, the user signature, and the user ID can be received together.

The received original text may be a user authentication request original sent by the service provider server 20, and the received user signature may be a user terminal 10 signing a user authentication request original with a user private key.

In step S354, the received user signature can be verified with a user's public key to extract the original text. If the signature verification is successful, it is proved that the signature is the signature sent from the user terminal 10.

In step S356, it is possible to compare whether the extracted original text and the received original text are the same.

If the comparison result in step S356 is the same, the user is successfully authenticated. That is, it is proved that the user terminal 10 has signed the user authentication request text transmitted by the service provider server 20 with the user's private key.

If the signature verification is successful, the first cipher text that has been mapped and registered in the user ID can be transmitted (S358).

As described above, it is possible to prevent the first ciphertext from being transmitted to the third party other than the user terminal 10 by transmitting the first ciphertext through the user authentication process in the block chain 40.

FIG. 9 is a flowchart (S400) illustrating a concrete example of providing personal information of a programmable block chain and an integrated identity-based user information management method according to another preferred embodiment of the present invention.

Referring to FIG. 9, in comparison with FIG. 7, when requesting user information stored in the block chain 40 for providing personal information, a user authentication procedure for authenticating whether the user information is actually requested by the user terminal 10 (S350 of FIG. That is, it is an embodiment in which the security is further enhanced than the user information providing method (S300) of FIG.

When the user terminal 10 receives the personal information request from the service provider server 20 (S402), the user terminal 10 can request the stored personal information to the management server 30 (S408). At this time, the user ID can be transmitted together.

In addition, the service provider server 20 may generate a user authentication request original text (or a login original text) (S404), and may request the management server 30 for a user authentication (S406). At this time, the user authentication request text and the user ID can be transmitted together.

The management server 30 receiving the user authentication request and the user information request may transmit the received user authentication request original text to the user terminal 10 (S410).

The user terminal 10 may generate the user signature by signing the received user authentication request original with the user's private key (S412). At this time, if the user terminal 10 has the FIDO authentication device, the user private key can be acquired and used by biometric authentication.

The user terminal 10 can transmit the created user signature to the management server S30 (S414).

The management server 30 having received the user signature may simultaneously transmit the user authentication request and the first ciphertext request while transmitting the user authentication request original sent in step S406 to the block chain 40 together with the user signature S416). At this time, the user ID can also be transmitted together.

The block chain 40 receiving the user authentication request and the first ciphertext request can extract the original text by signature verification of the received user signature with the registered user public key at step S418.

At this time, if the signature verification is successful, it is proved that the received user signature is actually signed by the user.

The block chain 40 may compare the extracted original text with the original text (S420).

At this time, if the verification result is the same, the user authentication request requested by the service provider server 20 is successful.

Since the user authentication is successful, the block chain 40 may transmit the first ciphertext mapped to the user ID to the management server 30 (S422).

The management server 30 may transmit the received first cipher text to the user terminal 10 (S424).

The user terminal 10 can decrypt the received first cipher text with the user's private key to obtain user information (S426). If the user terminal 10 has the FIDO authentication device, it can acquire and use the user's private key via the FIDO authentication.

The user terminal 10 can transmit the acquired user information to the service provider server 20 (S428). If the personal information requested by the service provider server 20 is some information included in the user information, only the information requested by the service provider server 20 among the acquired user information is selected and transmitted to the service provider server 20 You may.

As described above, the first cipher text is transmitted and received through the user authentication process, thereby enabling more secure user information management.

10 is a flowchart illustrating a concrete example of user authentication and user information provision of a programmable block chain and an integrated identity-based user information management method according to another preferred embodiment of the present invention.

10, when the service provider server 20 receives the user authentication request from the user terminal 10, it is necessary to confirm whether the specific information of the user (a part of the personal information) Is an embodiment of the present invention.

When the user terminal 10 is requested to input the user's specific information at the request of the service provider server 20, the specific information of the user is received from the user (S502). At this time, the specific information of the user may be some information included in the user information (personal information, document, etc.) stored in the block chain 40 by the user.

The user terminal 10 which has re-received specific information from the user can transmit specific information to the service provider server 20 (S504).

The service provider server 20 generates a user authentication request text (S506), and can simultaneously request the user authentication request and the specific information to the management server 30 (S508). At this time, the user authentication request text, specific information, and user ID can be transmitted together.

The management server 30 receiving the user authentication request and the user information request can transmit the received user authentication request original text to the user terminal 10 (S510).

The user terminal 10 can generate the user signature by signing the received user authentication request original with the user's private key (S512). At this time, if the user terminal 10 has the FIDO authentication device, the user private key can be acquired and used by biometric authentication.

The user terminal 10 can transmit the generated user signature to the management server S30 (S514).

Upon receiving the user signature, the management server 30 may simultaneously transmit the user authentication request and the first ciphertext request while transmitting the user authentication request original text and the user ID received in step S508 to the block chain 40 (S516 ).

The block chain 40 receiving the user authentication request and the first ciphertext request can extract the original text by signature verification of the received user signature with the registered user public key (S518).

At this time, if the signature verification is successful, it is proved that the received user signature is actually signed by the user.

The block chain 40 may compare and verify the extracted original text with the original text received (S520).

At this time, if the verification result is the same, the user authentication request requested by the service provider server 20 is successful.

Since the user authentication is successful, the block chain 40 may transmit the first ciphertext, which is mapped and registered to the user ID, to the management server 30 (S522).

The management server 30 may transmit the received first cipher text to the user terminal 10 (S524).

The user terminal 10 may decrypt the received first cipher text using the user's private key to obtain user information (S526). If the user terminal 10 has the FIDO authentication device, it can acquire and use the user's private key via the FIDO authentication.

The user terminal 10 may select only the information requested by the service provider server 20 from among the acquired user information, that is, specific information, and sign it with the user's private key to generate a user signature statement (S528).

The user terminal 10 can transmit the created user signature to the management server S30 (S530).

Upon receiving the user signature, the management server 30 may request authentication of specific information while hashing the specific information received in step S508 and transmitting it to the block chain 40 together with the user signature statement (S532). At this time, the user ID can also be transmitted together.

That is, only the information requested by the service provider server 20 out of the specific information received from the service provider server 20 in step S508 and the user information obtained by decoding the first cipher text stored in the user terminal 10 And asking the block chain 40 for authentication to determine whether the signature selected with the user's private key is identical.

The block chain 40 receiving the specific information authentication request can extract the original text by signature verification of the received user signature with the registered user public key (S534).

At this time, if the signature verification is successful, it is proved that the received user signature is actually signed by the user.

The block chain 40 may compare and verify the extracted original text with the original text (hashed specific information) (S536).

At this time, if the verification result is the same, it is proved that the specific information requested by the service provider server 20 is actually the information of the user.

The block chain 40 sends the user authentication result to the management server 30 in step S538 and the management server 30 sends the result to the service provider server 20 in step S540, The secure user authentication and specific information confirmation are completed by transmitting to the user terminal 10 that the user authentication is successful (S542).

11 is a flowchart (S600) illustrating a concrete example of providing a second ciphertext in a programmable block chain and an integrated identity-based user information management method according to another preferred embodiment of the present invention.

Referring to FIG. 11, when the user terminal 10 is unavailable due to loss or theft, the user private key previously used for the recovery request can not be used. Therefore, the second ciphertext registered in the block chain is used . As described above, the second cipher text is preferably encrypted in a manner different from the first cipher text. In the above-described embodiment, encryption is performed based on a password, but the present invention is not limited thereto.

When the new user terminal 50 issues a recovery request to the management server (S602), the management server 30 can deliver the recovery URL to the new user terminal 50. [

Then, the new user terminal 50 can request the management server 30 to decrypt the user information (S606).

The management server 30 having received the decryption request of the user information can request the second cipher text while transmitting the user ID to the block chain 40 (S608).

The block chain 40 receiving the second ciphertext request can transmit the second ciphertext, which has been mapped and registered to the received user ID, to the management server 30.

The management server 30 having received the second cipher text can extract the backup cipher text by decrypting the second cipher text with the management server private key (S612). Referring to S108 in Fig. 5 or S214 in Fig. 6, the second ciphertext encrypts the backup ciphertext with the management server public key.

The management server S30 can transmit the extracted backup cipher text to the new user terminal 50 (S614).

The new user terminal 50 may obtain the user information by decrypting the backup cipher text based on the password (S616).

The new user terminal 50 may re-register to the block chain 40 or the service provider server 20 with the new user terminal 50 without re-inputting the user's user information through the decrypted user information (S618) .

As described above, according to the present embodiments, user information whose identity has been confirmed in the programmable block chain is encrypted and stored, the user authentication program is executed when the user information is registered and requested, The user information can be stored more securely, the integrity of the user authentication program can be ensured, personal information can be verified without causing various agency servers to individually generate transactions in the block chain, It is possible to prevent the user authentication program of the user from being tampered with.

In addition, the user information may be stored as a backup in preparation for a loss or theft of the user terminal, so that the new user terminal can be re-registered in the block chain without re-entering the user information.

In addition, embodiments of the authentication chain based FIDO and method of performing certificate registration described above may be implemented in the form of computer program instructions that may be executed through various computer components. Furthermore, the computer program embodied may be recorded on a computer-readable recording medium. The recording medium mentioned above may be, but is not necessarily, a ROM, a magnetic disk or a compact disk, an optical disk, or the like.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, . Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

10: User terminal
20: Service Provider Server
30: Management server
40: Programmable block chain
50: New user terminal

Claims (21)

An ethereum or programmable block chain, networked with the management server,
(The user terminal encrypts the user information and transmits it to the management server) and the management server signature (signed by the private key of the management server of the first cipher text from the management server) ≪ / RTI >
A user information registration step of signing and verifying the management server signature with a management server public key and mapping the first ciphertext and a public key of the user to the ID of the user; And
And transmitting the first ciphertext, which is mapped and registered to the ID of the user, to the management server when the first ciphertext is requested from the management server, As an information management method,
Receiving a user signature (signed by the user's private key) and the original text (the one sent by the service provider server to the management server) from the management server; And
Authenticating the user signature with the user public key and comparing the user signature with the original text;
Further comprising:
When the service provider server receives the specific information of the user from the user terminal and requests authentication of the specific information,
Wherein the original text is a text containing the specific information transmitted by the service provider server,
Wherein the user signature is a signature of the user terminal selected from only the information requested by the service provider server from the user information obtained by decrypting the first cipher text stored in the block chain and signed by the user's private key A programmable block chain and an integrated identity based user information management method.
The method according to claim 1,
Receiving a second cipher text of the user from the management server and mapping the second cipher text to the ID of the user; And
Transmitting the second ciphertext mapped to the user's ID to the management server when the second ciphertext is requested from the management server;
Further comprising:
Wherein the second ciphertext is encrypted in a manner different from the first ciphertext, and wherein the second ciphertext is encrypted in a manner different from the first ciphertext.
3. The method of claim 2,
The second cipher text includes:
Characterized in that the user terminal encrypts user information based on a password or the user information encrypted based on the password is further encrypted by the management server with a public key of the management server. And integrated identity based user information management method.
The method according to claim 1,
Wherein the user information registration step is performed after the user terminal authenticates the user through the authorized certification authority and registers the same.
delete delete The method according to claim 1,
Wherein the user information transmission step is performed when authentication is successful as a result of performing the user authentication step.
delete A user terminal and an administrative or networked management server with an Ethernet or programmable block chain,
A user information registration step of receiving a user ID and a first cipher text (a user terminal encrypts user information with a user public key) from the user terminal and mapping the same to the block chain; And
Receiving the first cipher text mapped to the user's ID from the block chain when receiving the first cipher text from the user terminal, and transmitting the first cipher text to the user terminal;
A programmable block chain and an integrated identity based user information management method,
Receiving a text from a service provider server;
Receiving a user signature statement (signed with a user private key) from the user terminal;
Transmitting the received user signature statement and the original text to the block chain; And
The block chain sign-verifying the user signature with a user's public key and receiving an authentication result compared with the original text;
Further comprising:
When the service provider server receives the specific information of the user from the user terminal and requests authentication of the specific information,
Wherein the original text is a text containing specific information transmitted by the service provider server,
Wherein the user signature is a signature of the user terminal selected from only the information requested by the service provider server from the user information obtained by decrypting the first cipher text stored in the block chain and signed by the user's private key A programmable block chain and an integrated identity based user information management method.
10. The method of claim 9,
Mapping the second ciphertext of the user to the block chain;
Further comprising:
Wherein the second ciphertext is encrypted in a manner different from the first ciphertext, and wherein the second ciphertext is encrypted in a manner different from the first ciphertext.
11. The method of claim 10,
The second cipher text includes:
Characterized in that the user terminal encrypts the user information based on a password or the user information encrypted based on the password is further encrypted by the management server with a public key of the management server, Chain and integrated identity based user information management.
11. The method of claim 10,
Receiving a recovery request from a new user terminal; And
Receiving the second ciphertext registered in the block chain after receiving the restoration request and transmitting the second ciphertext to the new user terminal;
Further comprising: a programmable block chain and an integrated identity based user information management method.
10. The method of claim 9,
Wherein the user information registration step is performed after the user terminal authenticates the user through the authorized certification authority and registers the same.
10. The method of claim 9,
Wherein the user information registration step comprises:
Signing the received first ciphertext with a private key of the management server to generate a management server signature; And
Transmitting the management server signature to the block chain together with the user ID and the first ciphertext;
, ≪ / RTI &
Wherein the first ciphertext is registered when the signature of the management server signature is successfully verified in the block chain.
delete delete delete A computer program stored in a computer-readable medium for executing the method according to any one of claims 1 to 4, 7 and 9 to 14.
delete A block chain networked with a management server,
A block chain, characterized in that it operates by means of a program for carrying out the method according to any one of claims 1 to 4.
A management server connected to a network with a service provider server, a user terminal, and a block chain,
A management server characterized by being operated by a program for executing a method according to any one of claims 9 to 14.

Images