KR102526406B1 - Access management system apparatus which manages access to the original contents data, which is to be a subject to an nft, and the operating method thereof - Google Patents

Abstract

An access management system device and an operating method thereof are disclosed. The present invention provides the access management system device and the operating method for managing access to original content data subject to the NFT. Only users who are confirmed to be the owner of the NFT can provide access to content data stored in a cloud server.

Description

Access management system device for managing access to original content data subject to NFT and its operating method THEREOF}

The present invention relates to an access management system device and method of operating the same for managing access to original content data that is a target of NFT.

NFT (Non-Fungible Token) means 'non-fungible token', and each token has a unique value, so it means a virtual asset that cannot be replaced with other tokens.

Recently, as the introduction of NFTs increases in various fields, various types of NFT issuance and transaction services that support issuing and trading NFTs for multimedia contents such as video, sound sources, images, and digital items have emerged. there is.

On the other hand, when issuing an NFT for content data, in general, the original content data that is the target of the NFT is stored separately in a pre-set cloud server for data storage, and the content data is stored in the NFT for the corresponding content data. Contains information about the stored path.

However, when a problem such as hacking occurs and the information on the storage path included in the NFT is leaked to someone other than the owner of the NFT, the original content data stored in the cloud server is leaked to the outside. this can happen In this case, since it cannot be confirmed whether the content data stored in the cloud server is original data that has not been forged or altered, there is a problem in that reliability of the content data is lowered.

In order to prevent this problem, it is necessary to introduce a technology that allows only users who are confirmed to be the owner of the NFT to access content data. In the case of a user who is not subscribed, it is possible to consider introducing a technology that issues an authentication token for access to content data to the user's electronic terminal and allows the user to access the content data based on the authentication token. .

Therefore, research on technology for managing access to the original content data that is the subject of NFT is needed to support access to content data stored in the cloud server by only users who have been confirmed as the owner of the NFT. need.

The present invention proposes an access management system device and method of operating the same for managing access to original content data that is a target of NFT, so that only a user confirmed to be the owner of the NFT can access content data stored in a cloud server. We want to help you get access.

An access management system device for managing access to original content data that is a target of NFT according to an embodiment of the present invention is a user's electronic terminal - in the electronic terminal, a private key for data encryption, the private key and A public key constituting a key pair is pre-issued and stored - A first NFT (Non-Fungible Token) registered in a pre-set blockchain network from - The first NFT is a first NFT stored in a pre-set cloud server. An NFT for content data, wherein the first NFT includes information on a first storage path on the cloud server where the first content data is stored, and owner identification information for an owner of the first content data - When identification information and the public key are received and a request for issuance of an authentication token for access to the first content data is received, a random data generation unit randomly generating random data, when the random data is generated, Random data encryption unit generating encrypted random data by encrypting the random data with the public key, and when the encrypted random data is generated, while transmitting the encrypted random data to the electronic terminal, feedback data for the encrypted random data A feedback requesting unit requesting to generate and transmit, in response to the transmission request of the feedback data, first feedback data from the electronic terminal - the first feedback data, the electronic terminal converts the encrypted random data to the private key After decrypting and restoring the random data, generating concatenated data by concatenating the restored random data and data for the user's first owner identification information, and then encrypting the concatenated data with the private key. When - is received, the concatenated data is restored by decoding the first feedback data with the public key, and then the random data is removed from the restored concatenated data, thereby data for the first owner identification information. Data extraction unit for extracting, when the data for the first owner identification information is extracted, based on the identification information for the first NFT, to query the first NFT registered in the blockchain network, An owner verification unit that checks whether the owner of the first NFT is the user by checking whether the owner identification information included in the NFT matches the first owner identification information, and is included in the first NFT When it is confirmed that the existing owner identification information matches the first owner identification information, and the owner of the first NFT is confirmed to be the user, a first authentication token for access to the first content data is generated. Then, in a token issuance history database, a storage processing unit for storing the first owner identification information and the first authentication token in correspondence with each other, an authentication token transmission unit for transmitting the first authentication token to the electronic terminal, the first After the authentication token is transmitted to the electronic terminal, information about the first storage path, the first owner identification information, the first authentication token, and the public key are received from the electronic terminal, and the first content data When the request for provision of is received, it is checked whether the first authentication token is stored in correspondence with the first owner identification information on the token issuance history database, and the first authentication token is stored on the token issuance history database. If it is confirmed that the information is stored in correspondence with the first owner identification information, a validation event generating unit generating a validation event indicating that the validity of the first authentication token has been verified, and when the validation event occurs, the and a data transmitter configured to receive the first content data stored on the first storage path from the cloud server based on the information on the first storage path and transmit the first content data to the electronic terminal. .

In addition, an operating method of an access management system device for managing access to original content data that is a target of NFT according to an embodiment of the present invention is a user's electronic terminal - in the electronic terminal, a private key for data encryption and , A public key constituting a key pair with the private key is pre-issued and stored - A first NFT registered in a pre-set blockchain network from - The first NFT is a first content stored in a pre-set cloud server. An NFT for data, wherein the first NFT includes information about a first storage path on the cloud server where the first content data is stored, and owner identification information about the owner of the first content data. When identification information and the public key are received and a request for issuance of an authentication token for access to the first content data is received, randomly generating random data, when the random data is generated, the random data Generating encrypted random data by encrypting with the public key; requesting, when the encrypted random data is generated, to generate and transmit feedback data for the encrypted random data while transmitting the encrypted random data to the electronic terminal Step, in response to a transmission request of the feedback data, from the electronic terminal, first feedback data - the first feedback data, the electronic terminal decrypts the encrypted random data with the private key to restore the random data; If concatenated data is generated by concatenating the restored random data and data for the user's first owner identification information, and then the concatenated data is encrypted with the private key - is received, the first feedback extracting data for the first owner identification information by restoring the concatenated data by decrypting data with the public key and then removing the random data from the restored concatenated data; When the data for the first NFT is extracted, based on the identification information on the first NFT, the first NFT registered in the blockchain network is searched, and the owner identification information included in the first NFT is the first owner. Confirming whether the owner of the first NFT is the user by checking whether the identification information matches, confirming that the owner identification information included in the first NFT matches the first owner identification information Accordingly, if it is confirmed that the owner of the first NFT is the user, after generating a first authentication token for access to the first content data, the token issuance history database, the first owner identification information and storing the first authentication tokens in correspondence with each other, transmitting the first authentication token to the electronic terminal, and after the first authentication token is transmitted to the electronic terminal, from the electronic terminal, the first storage When a request for providing the first content data is received while information about the path, the first owner identification information, the first authentication token, and the public key are received, the first authentication token is displayed on the token issuance history database. It is checked whether the first owner identification information is stored in correspondence with the first owner identification information, and when it is confirmed that the first authentication token is stored in correspondence with the first owner identification information on the token issuance history database, the first authentication token is stored in correspondence with the first owner identification information. Generating a validation event indicating that the validity of the token has been verified, and when the validation event occurs, information stored on the first storage path from the cloud server based on information on the first storage path and receiving the first content data and transmitting the first content data to the electronic terminal.

The present invention proposes an access management system device and method of operating the same for managing access to original content data that is a target of NFT, so that only a user confirmed to be the owner of the NFT can access content data stored in a cloud server. support for access.

1 is a diagram showing the structure of an access management system device for managing access to original content data that is a target of NFT according to an embodiment of the present invention.
2 is a flowchart illustrating an operating method of an access management system apparatus for managing access to original content data that is a target of NFT according to an embodiment of the present invention.

Hereinafter, embodiments according to the present invention will be described in detail with reference to the accompanying drawings. This description is not intended to limit the present invention to specific embodiments, but should be understood to include all modifications, equivalents, and substitutes included in the spirit and scope of the present invention. While describing each drawing, similar reference numerals have been used for similar components, and unless otherwise defined, all terms used in this specification, including technical or scientific terms, are common knowledge in the art to which the present invention belongs. has the same meaning as commonly understood by the person who has it.

In this document, when a certain component is said to "include", it means that it may further include other components without excluding other components unless otherwise stated. In addition, in various embodiments of the present invention, each component, functional block, or means may be composed of one or more sub-components, and the electrical, electronic, and mechanical functions performed by each component are electronic It may be implemented with various known elements or mechanical elements such as circuits, integrated circuits, ASICs (Application Specific Integrated Circuits), and may be implemented separately or two or more may be integrated into one.

On the other hand, the blocks of the accompanying block diagram or the steps of the flowchart are computer program instructions that perform designated functions by being loaded into a processor or memory of a device capable of data processing, such as a general-purpose computer, a special purpose computer, a portable notebook computer, and a network computer. can be interpreted as meaning Since these computer program instructions may be stored in a memory included in a computer device or in a computer readable memory, the functions described in blocks of a block diagram or steps of a flowchart are produced as a product containing instruction means for performing them. It could be. Further, each block or each step may represent a module, segment or portion of code that includes one or more executable instructions for executing specified logical function(s). Also, it should be noted that in some alternative embodiments, functions mentioned in blocks or steps may be executed out of a predetermined order. For example, two blocks or steps shown in succession may be performed substantially simultaneously or in reverse order, and in some cases, some blocks or steps may be omitted.

1 is a diagram showing the structure of an access management system device for managing access to original content data that is a target of NFT according to an embodiment of the present invention.

Referring to FIG. 1, the access management system apparatus 110 according to an embodiment of the present invention includes a random data generator 111, a random data encryption unit 112, a feedback request unit 113, and a data extraction unit 114. ), an owner verification unit 115, a storage processing unit 116, an authentication token transmission unit 117, a validation event generation unit 118, and a data transmission unit 119.

The random data generator 111 receives identification information about the first Non-Fungible Token (NFT) registered in the preset blockchain network 100 and the public key from the electronic terminal 140 of the user 130. Upon reception, when a request for issuing an authentication token for access to the first content data is received, random data is randomly generated.

Here, a private key for data encryption and a public key forming a key pair with the private key are pre-issued and stored in the electronic terminal 140 .

In addition, the first NFT is an NFT for the first content data stored in the preset cloud server 150, and the first NFT includes first storage on the cloud server 150 in which the first content data is stored. Information about a path and owner identification information about the owner of the first content data are included. Here, the storage path means a URI (Uniform Resource Identifier) on the cloud server 160 where data is stored.

When the random data is generated by the random data generator 111, the random data encryption unit 112 generates encrypted random data by encrypting the random data with the public key.

When the encrypted random data is generated by the random data encryption unit 112, the feedback requesting unit 113 generates feedback data for the encrypted random data while transmitting the encrypted random data to the electronic terminal 140. request to be sent

In response to the request for transmission of the feedback data, the data extractor 114 receives first feedback data from the electronic terminal 140 (the first feedback data is the electronic terminal 140 converts the encrypted random data to the private key). After decrypting and restoring the random data, concatenating the restored random data and data for the first owner identification information of the user 130 to generate concatenated data, the concatenated data is encrypted with the private key. After the concatenated data is restored by decoding the first feedback data with the public key, and then the random data is removed from the restored concatenated data, the first owner identification information extract data about

When the data for the first owner identification information is extracted by the data extraction unit 114, the owner confirmation unit 115 is registered in the blockchain network 100 based on the identification information for the first NFT. Check whether the owner of the first NFT is the user 130 by inquiring the first NFT and checking whether the owner identification information included in the first NFT matches the first owner identification information. do.

As the storage processing unit 116 confirms that the owner identification information included in the first NFT matches the first owner identification information by the owner verification unit 115, the owner of the first NFT is the user ( 130) is confirmed to be correct, after generating a first authentication token for access to the first content data, the first owner identification information and the first authentication token are stored in the token issuance history database 124 to each other. Respond and save

The authentication token transmitter 117 transmits the first authentication token to the electronic terminal 140 .

After the first authentication token is transmitted to the electronic terminal 140, the validation event generating unit 118 receives information about the first storage path, the first owner identification information, and the first owner identification information from the electronic terminal 140. 1 When the request for providing the first content data is received while the authentication token and the public key are received, whether the first authentication token is stored in the token issuance history database 124 in correspondence with the first owner identification information When it is confirmed that the first authentication token is stored in the token issuance history database 124 in correspondence with the first owner identification information, validity indicating that the validity of the first authentication token has been verified. Generates a validation event.

Hereinafter, a random data generator 111, a random data encryption unit 112, a feedback request unit 113, a data extraction unit 114, an owner verification unit 115, a storage processing unit 116, and an authentication token transmission unit (117), the operation of the validation event generating unit 118 will be described in detail by way of example.

First, let's assume that 'NFT 1' is registered in the preset blockchain network 100. At this time, 'NFT 1' is an NFT for 'content data 1' stored in the preset cloud server 150, and in 'NFT 1', 'content data 1' is stored in the 'storage path on the cloud server 150'. 1' and owner identification information about the owner of 'content data 1' may be included. In relation to this, if the owner of 'contents data 1' is user 130 and the owner identification information for user 130 is 'owner identification information 1', in 'NFT 1', 'contents data 1' As owner identification information about the owner, 'owner identification information 1' may be included.

In addition, it is assumed that a 'private key 1' for data encryption and a 'public key 1', which is a public key forming a key pair with the 'private key 1', are pre-issued and stored in the electronic terminal 140 of the user 130. let's do it.

In this situation, while the access management system device 110 receives 'identification information 1' and 'public key 1', which are identification information for 'NFT 1', from the electronic terminal 140, 'content data 1' When it is assumed that a request for issuance of an authentication token for access is received, the random data generating unit 111 may randomly generate random data.

Then, the random data encryption unit 112 may generate encrypted random data by encrypting the random data with 'Public Key 1'.

Then, the feedback requesting unit 113 may request the electronic terminal 140 to generate and transmit feedback data for the encrypted random data while transmitting the encrypted random data.

Accordingly, when the electronic terminal 140 receives a transmission request for the feedback data while the encrypted random data is received from the access management system device 110, the electronic terminal 140 transmits the encrypted random data as a 'private key'. The random data may be restored by decoding with 1'.

In this regard, the encrypted random data is encrypted data generated by encrypting the random data with 'Public Key 1', and 'Private Key 1' is a private key forming a key pair with 'Public Key 1', so the electronic terminal 140 decrypts the encrypted random data with 'private key 1' so that the random data can be normally restored.

Then, the electronic terminal 140 generates concatenated data by concatenating the restored random data with data for 'owner identification information 1', which is the owner identification information of the user 130, and converts the concatenated data to 'personal'. By encrypting with key 1', 'feedback data 1' can be generated and transmitted to the access management system device 110.

In this way, when 'feedback data 1' is received from the electronic terminal 140 in the access management system device 110, the data extraction unit 114 decrypts the 'feedback data 1' with 'public key 1', The concatenated data may be restored.

In this regard, 'feedback data 1' is feedback data generated by encrypting the concatenated data with 'private key 1', and 'public key 1' is a public key forming a key pair with 'private key 1', so the data extraction unit ( 114) decrypts 'feedback data 1' with 'public key 1', so that the concatenated data can be normally restored.

Then, the data extraction unit 114 may extract data for 'owner identification information 1' by removing the random data from the restored concatenated data.

Then, the owner verification unit 115 searches for 'NFT 1' registered in the blockchain network 100 based on 'Identification Information 1', which is identification information for 'NFT 1', and identifies 'NFT 1'. By checking whether the included owner identification information matches 'owner identification information 1', it is possible to determine whether the user 130 is the owner of 'NFT 1'.

In relation to this, 'NFT 1' includes 'owner identification information 1' as owner identification information for the owner of 'content data 1', so the owner confirmation unit 115 determines the owner included in 'NFT 1'. After confirming that the identification information matches 'owner identification information 1', it can be confirmed that the owner of 'NFT 1' is the user 130.

Then, the storage processing unit 116 generates 'authentication token 1' for access to 'content data 1', and then stores 'owner identification information 1' and 'owner identification information 1' in the token issuance history database 124 as shown in Table 1 below. 'Authentication Token 1' can be stored in correspondence with each other.

owner identification information authentication token Owner Identification 1 auth token 1

Then, the authentication token transmitter 117 may transmit 'authentication token 1' to the electronic terminal 140 .

After that, while the access management system device 110 receives information about 'storage path 1', 'owner identification information 1', 'authentication token 1' and 'public key 1' from the electronic terminal 140, ' Assume that a request for provision of content data 1' is received.

Then, the validation event generation unit 118 checks whether 'authentication token 1' is stored in correspondence with 'owner identification information 1' on the token issuance history database 124 as shown in Table 1, and After confirming that 'authentication token 1' is stored in correspondence with 'owner identification information 1' on the token issuance history database 124 such as 1, a validation event indicating that the validity of 'authentication token 1' has been verified. can cause

In this way, when the validation event is generated by the validation event generating unit 118, the data transmission unit 119 transmits information on the first storage path from the cloud server 150 based on the information on the first storage path. receives the first content data stored in and transmits the first content data to the electronic terminal 140 .

At this time, according to an embodiment of the present invention, in order to prevent the first content data from being indiscriminately exposed to a person other than the owner of the first NFT, on the cloud server 150, the first encrypted data (the above The first encrypted data may be encrypted data generated by encrypting the first content data with an encryption key pre-stored on the cloud server 150).

At this time, according to an embodiment of the present invention, the data transmission unit 119 has a specific configuration for transmitting the first content data stored in the form of the first encrypted data to the electronic terminal 140, and requests transmission. It may include a unit 120, a data restoration unit 121, and an encrypted data transmission unit 122.

When the validation event is generated by the validation event generator 118, the transmission requesting unit 120 sends information to the cloud server 150 on the first storage path based on the information on the first storage path. At the same time as requesting transmission of the first encryption data stored in , transmission of the encryption key used for encryption of the first content data is requested.

The data recovery unit 121 receives the first encryption data and the encryption key stored on the first storage path from the cloud server 150 in response to a transmission request of the first encryption data and the encryption key. When is received, the first content data is restored by decrypting the first encrypted data with the encryption key.

When the first content data is restored by the data recovery unit 121, the encrypted data transmitter 122 encrypts the first content data with the public key to generate second encrypted data, and then the electronic terminal 140 ) to transmit the second encrypted data.

At this time, when the second encrypted data is received from the access management system device 110, the electronic terminal 140 decrypts the second encrypted data with the private key previously stored in the electronic terminal 140, 1 Restore content data.

Hereinafter, operations of the transmission requesting unit 120, the data recovery unit 121, and the encrypted data transmission unit 122 will be described in detail by way of example.

First, assume that 'encryption key 1' is pre-stored on the cloud server 150, and 'content data 1' is stored in the form of 'encryption data 1' on the cloud server 150. At this time, 'encrypted data 1' is encrypted data generated by encrypting 'content data 1' with 'encryption key 1'.

In this situation, according to the above-described example, when it is assumed that the validation event is generated by the validation event generating unit 118, the transmission requesting unit 120 transmits the cloud server based on the information on the 'storage path 1'. For (150), it is possible to request transmission of 'encryption data 1' stored on 'storage path 1' and transmission of 'encryption key 1' used to encrypt 'content data 1'. .

Then, the cloud server 150 may transmit 'encryption key 1' together with 'encryption data 1' stored on 'storage path 1' to the access management system device 110.

At this time, since 'encrypted data 1' is encrypted data generated by encrypting 'content data 1' with 'encryption key 1', the data recovery unit 121 decrypts 'encrypted data 1' with 'encryption key 1', 'Content data 1' can be restored normally.

Then, the encrypted data transmission unit 122 generates 'encrypted data 2' by encrypting 'content data 1' with 'public key 1', and then transmits 'encrypted data 2' to the electronic terminal 140. .

Accordingly, when 'encrypted data 2' is received by the electronic terminal 140, the electronic terminal 140 decrypts 'encrypted data 2' with 'private key 1' previously stored in the electronic terminal 140, 'Content data 1' can be restored.

In relation to this, 'encrypted data 2' is encrypted data generated by encrypting 'content data 1' with 'public key 1', and 'private key 1' is a private key forming a key pair with 'public key 1', so the electronic terminal 140 decrypts 'encrypted data 2' with 'private key 1' pre-stored in the electronic terminal 140, so that 'contents data 1' can be restored normally.

According to one embodiment of the present invention, the access management system device 110 limits the number of times the first authentication token can be used when requesting access to the first content data, thereby improving security for the first content data. It may further include a configuration that enhances.

In this regard, according to one embodiment of the present invention, the storage processing unit 116 determines that the owner identification information included in the first NFT matches the first owner identification information by the owner verification unit 115. As confirmed, if it is confirmed that the owner of the first NFT is the user 130, after generating the first authentication token for access to the first content data, in the token issuance history database 124, While storing the first owner identification information and the first authentication token in correspondence with each other, information about a preset usable number of times of the first authentication token may be additionally stored.

For example, as in the above example, as the owner identification information included in 'NFT 1' is confirmed to match 'owner identification information 1' by the owner verification unit 115, the owner of 'NFT 1' If it is confirmed that the user 130 is correct, the storage processing unit 116 generates 'authentication token 1' for access to 'content data 1', and then stores the token issuance history database 124 in Table 2 below. As such, while storing 'owner identification information 1' and 'authentication token 1' in correspondence with each other, it is possible to additionally store information on the preset usable number of times for 'authentication token 1'.

owner identification information authentication token Number of uses (times) Owner Identification 1 auth token 1 5

Then, the authentication token transmitter 117 may transmit 'authentication token 1' to the electronic terminal 140 .

At this time, after the first authentication token is transmitted to the electronic terminal 140 by the authentication token transmission unit 117, the validation event generator 118 sends the access management system device 110 from the electronic terminal 140. , When a request for providing the first content data is received while the information on the first storage path, the first owner identification information, the first authentication token, and the public key are received, the token issuance history database 124 It is checked whether the first authentication token is stored in correspondence with the first owner identification information, and the first authentication token is stored in correspondence with the first owner identification information on the token issuance history database 124 If it is confirmed that there is, by additionally checking the information on the usable number of the first authentication token stored in the token issuance history database 124, the usable number of the first authentication token is not '0'. If it is confirmed that the validation event is generated, the number of usable times of the first authentication token stored in the token issuance history database 124 may be deducted by '1'.

For example, as in the above example, after 'authentication token 1' is transmitted to the electronic terminal 140 by the authentication token transmission unit 117, from the electronic terminal 140 to the access management system device 110, 'save It is assumed that a request to provide 'contents data 1' has been received while information on path 1, 'owner identification information 1', 'authentication token 1', and 'public key 1' are received, and thereafter, the validation event generating unit Assume that it is confirmed by (118) that 'authentication token 1' is stored in correspondence with 'owner identification information 1' on the token issuance history database 124 as shown in Table 2 above.

Then, the validation event generating unit 118 may additionally check information on the usable number of 'authentication token 1' stored in the token issuance history database 124 as shown in Table 2 above.

At this time, in the token issuance history database 124 as shown in Table 2, since information on the number of times that 'authentication token 1' can be used is stored as '5 (times)', the validation event generating unit 118 It can be confirmed that the usable count of 'authentication token 1' is not '0'.

Then, after generating the validation event, the validation event generation unit 118 deducts the usable number of 'authentication token 1' stored in the token issuance history database 124 as shown in Table 2 by '1'. can do.

That is, the access management system device 110 deducts the usable number of 'authentication token 1' by '1' whenever a request for providing 'content data 1' is received from the electronic terminal 140, so that the user ( 130) may limit the number of times that 'content data 1' can be accessed based on 'authentication token 1' to the number of times that 'authentication token 1' can be used.

At this time, according to an embodiment of the present invention, the validation event generation unit 118 checks information on the number of times the first authentication token can be used stored in the token issuance history database 124, and as a result, the When it is confirmed that the number of times that one authentication token can be used is '0', a reissuance request message requesting reissuance of an authentication token for access to the first content data may be generated and transmitted to the electronic terminal 140. .

For example, in the same manner as in the above example, as a result of checking the information on the number of usable counts of 'authentication token 1' stored in the token issuance history database 124, the validation event generating unit 118 finds that 'authentication token If it is confirmed that the number of available times of '1' is '0', the verification event generating unit 118 generates a reissuance request message requesting reissuance of an authentication token for access to 'content data 1'. It can be transmitted to the terminal 140.

That is, as the user 130 exhausts the available number of times of 'authentication token 1', which is the number of times that 'content data 1' can be accessed based on 'authentication token 1', the token issuance history database 124 ) When the usable number of 'authentication token 1' stored on the '0' becomes '0', the user 130 checks the reissue request message, and the access management system device 110 through the electronic terminal 140 , a request for issuing an authentication token for access to 'content data 1' may be transmitted. Through this, the access management system device 110 may proceed with the process of issuing an authentication token for access to 'content data 1' to newly issue 'authentication token 2', and then, the user 130 can access 'content data 1' based on 'authentication token 2'.

In addition, according to an embodiment of the present invention, the access management system device 110 verifies whether the first content data restored based on the private key in the electronic terminal 140 is authentic data that has not been forged or altered. Additional functions may be supported.

In this regard, according to one embodiment of the present invention, in the first NFT registered in the blockchain network 100, the first hash value generated by applying the first content data as an input to a preset hash function This may be included, and at this time, the access management system device 110 may further include a hash value transmission unit 123.

The hash value transmission unit 123 forges and modifies the first content data while receiving identification information on the first NFT from the electronic terminal 140 after the first content data is restored in the electronic terminal 140. When a request for transmission of a hash value for determining whether or not is received, based on the identification information on the first NFT, the first NFT registered in the blockchain network 100 is queried and included in the first NFT. The first hash value is transmitted to the electronic terminal 140.

For example, 'NFT 1' registered in the blockchain network 100 may include 'hash value 1' generated by applying 'content data 1' as an input to a preset hash function.

In this situation, as in the above example, it is assumed that 'content data 1' is restored in the electronic terminal 140, and then, from the electronic terminal 140 to the access management system device 110, 'NFT 1' Assume that 'identification information 1', which is identification information, is received, and a request for transmission of a hash value for determining whether 'content data 1' is forged or altered is received.

Then, the hash value transmission unit 123 searches for 'NFT 1' registered in the blockchain network 100 based on 'identification information 1', and retrieves 'hash value 1' included in 'NFT 1'. It can be transmitted to the electronic terminal (140).

At this time, the electronic terminal 140 pre-stores the hash function in the electronic terminal 140, and when the first hash value is received from the access management system device 110, the first hash value restored based on the private key. 1 content data is applied as an input to the hash function pre-stored in the electronic terminal 140, and it is checked whether the result value calculated is identical to the first hash value, and the result value is the first hash value. If it is confirmed that the hash values match, after confirming that the first content data is authentic data that has not been forged or altered, a verification confirmation message indicating that the first content data is authentic data that has not been forged or altered is generated and displayed on the screen. can

For example, it is assumed that the hash function is pre-stored in the electronic terminal 140, and as the hash value transmission unit 123 transmits 'hash value 1' to the electronic terminal 140 as in the above example, the electronic terminal Assume that 'hash value 1' is received at 140.

Then, when the electronic terminal 140 applies 'contents data 1' restored based on 'private key 1' as an input to the hash function pre-stored in the electronic terminal 140, the result value calculated is ' You can check whether it matches hash value 1'.

In this regard, since 'hash value 1' is a hash value generated by applying 'content data 1' as an input to the hash function, the electronic terminal 140 can confirm that the resulting value matches 'hash value 1'. there is.

Then, after confirming that 'contents data 1' is authentic data that has not been forged or altered, the electronic terminal 140 can generate a verification confirmation message indicating that 'contents data 1' is authentic data that has not been forged or altered, and display it on the screen. there is.

2 is a flowchart illustrating an operating method of an access management system apparatus for managing access to original content data that is a target of NFT according to an embodiment of the present invention.

In step S210, the user's electronic terminal (in the electronic terminal, a private key for data encryption and a public key constituting a key pair with the private key are pre-issued and stored), registered in a preset blockchain network A first NFT (the first NFT is an NFT for first content data stored in a preset cloud server, and in the first NFT, a first storage path on the cloud server where the first content data is stored) While the identification information and the public key are received, a request for issuance of an authentication token for access to the first content data is received. If received, random data is randomly generated.

In step S220, when the random data is generated, encrypted random data is generated by encrypting the random data with the public key.

In step S230, when the encrypted random data is generated, the electronic terminal is requested to generate and transmit feedback data for the encrypted random data while transmitting the encrypted random data.

In step S240, in response to the transmission request of the feedback data, first feedback data (the first feedback data is, the electronic terminal decrypts the encrypted random data with the private key to obtain the random data from the electronic terminal) When the restored random data and data for the first owner identification information of the user are concatenated to generate concatenated data, and then the concatenated data is encrypted with the private key) is received. After restoring the concatenated data by decoding first feedback data with the public key, data for the first owner identification information is extracted by removing the random data from the restored concatenated data.

In step S250, when the data for the first owner identification information is extracted, the first NFT registered in the blockchain network is searched based on the identification information for the first NFT, and the first NFT By checking whether the owner identification information included in is consistent with the first owner identification information, it is confirmed whether the owner of the first NFT is the user.

In step S260, when it is confirmed that the owner identification information included in the first NFT matches the first owner identification information, and it is confirmed that the owner of the first NFT is the user, the first content After generating a first authentication token for access to data, the first owner identification information and the first authentication token are stored in correspondence with each other in a token issuance history database.

In step S270, the first authentication token is transmitted to the electronic terminal.

In step S280, after the first authentication token is transmitted to the electronic terminal, information about the first storage path, the first owner identification information, the first authentication token, and the public key are received from the electronic terminal. When the request for providing the first content data is received, it is checked whether the first authentication token is stored in correspondence with the first owner identification information on the token issuance history database, and the token issuance history database If it is confirmed that the first authentication token is stored corresponding to the first owner identification information, a validation event indicating that the validity of the first authentication token is verified is generated.

In step S290, when the validation event occurs, the electronic terminal receives the first content data stored on the first storage path from the cloud server based on the information on the first storage path. Transmits the first content data to.

At this time, according to one embodiment of the present invention, the first content data is, on the cloud server, first encrypted data (the first encrypted data, the first content data is pre-stored on the cloud server It may be stored in the form of encrypted data generated by being encrypted with an existing encryption key), and when the validation event occurs in step S290, for the cloud server based on the information on the first storage path, requesting transmission of the first encrypted data stored on the first storage path and simultaneously requesting transmission of the encryption key used for encryption of the first content data; In response to a request for transmission of an encryption key, when the first encryption data stored on the first storage path and the encryption key are received from the cloud server, by decrypting the first encryption data with the encryption key, Restoring the first content data and when the first content data is restored, generating second encrypted data by encrypting the first content data with the public key, and then sending the second encrypted data to the electronic terminal. and transmitting, when the electronic terminal receives the second encrypted data from the access management system device, by decrypting the second encrypted data with the private key pre-stored in the electronic terminal, The first content data may be restored.

In addition, according to one embodiment of the present invention, in step S260, as it is confirmed that the owner identification information included in the first NFT matches the first owner identification information, the owner of the first NFT If it is confirmed that the user is correct, after generating the first authentication token for access to the first content data, the first owner identification information and the first authentication token are matched with each other in the token issuance history database. While storing, information on the preset usable number of times for the first authentication token may be additionally stored, and in step S280, after the first authentication token is transmitted to the electronic terminal, from the electronic terminal, the When a request to provide the first content data is received while the information on the first storage path, the first owner identification information, the first authentication token, and the public key are received, the first content data is displayed on the token issuance history database. It is checked whether the authentication token is stored in correspondence with the first owner identification information, and if it is confirmed that the first authentication token is stored in correspondence with the first owner identification information on the token issuance history database, the Information on the usable number of the first authentication token stored in the token issuance history database is additionally checked, and when it is confirmed that the usable number of the first authentication token is not '0', the validity After generating the verification event, the usable number of times of the first authentication token stored in the token issuance history database may be deducted by '1'.

At this time, according to one embodiment of the present invention, in step S280, as a result of checking the information on the usable number of times of the first authentication token stored in the token issuance history database, the first authentication token can be used. When it is confirmed that the number of times is '0', a reissue request message requesting reissuance of an authentication token for access to the first content data may be generated and transmitted to the electronic terminal.

In addition, according to one embodiment of the present invention, the first NFT registered in the blockchain network may include a first hash value generated by applying the first content data as an input to a preset hash function. In the method of operating the access management system device, after the first content data is restored in the electronic terminal, while the identification information on the first NFT is received from the electronic terminal, the first content data is forged and falsified. When a request for transmission of a hash value for determining whether or not is received, based on the identification information on the first NFT, the first NFT registered in the blockchain network is inquired, and the first NFT included in the first NFT is retrieved. The method may further include transmitting a first hash value to the electronic terminal, wherein the electronic terminal pre-stores the hash function in the electronic terminal, and when the first hash value is received from the access management system device , Check whether a result value calculated when the first content data restored based on the private key is applied as an input to the hash function pre-stored in the electronic terminal matches the first hash value So, if it is confirmed that the result value matches the first hash value, after confirming that the first content data is authentic data that has not been forged or altered, verification confirmation indicating that the first content data is authentic data that has not been forged or altered A message can be created and displayed on the screen.

In the above, with reference to FIG. 2 , a method of operating an access management system device for managing access to original content data that is a target of NFT according to an embodiment of the present invention has been described. Here, the operating method of the access management system device for managing access to original content data that is the target of NFT according to an embodiment of the present invention is a configuration for the operation of the access management system device 110 described with reference to FIG. Since it may correspond to , a more detailed description thereof will be omitted.

An operating method of an access management system apparatus for managing access to original content data that is a target of NFT according to an embodiment of the present invention may be implemented as a computer program stored in a storage medium for execution through combination with a computer. .

In addition, the operating method of the access management system device for managing access to original content data that is a target of NFT according to an embodiment of the present invention is implemented in the form of program instructions that can be executed through various computer means and is computer readable. can be recorded on media. The computer readable medium may include program instructions, data files, data structures, etc. alone or in combination. Program instructions recorded on the medium may be those specially designed and configured for the present invention or those known and usable to those skilled in computer software. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tapes, optical media such as CD-ROMs and DVDs, and magnetic media such as floptical disks. - includes hardware devices specially configured to store and execute program instructions, such as magneto-optical media, and ROM, RAM, flash memory, and the like. Examples of program instructions include high-level language codes that can be executed by a computer using an interpreter, as well as machine language codes such as those produced by a compiler.

As described above, the present invention has been described by specific details such as specific components and limited embodiments and drawings, but these are provided to help a more general understanding of the present invention, and the present invention is not limited to the above embodiments. , Those skilled in the art in the field to which the present invention belongs can make various modifications and variations from these descriptions.

Therefore, the spirit of the present invention should not be limited to the described embodiments, and it will be said that not only the claims to be described later, but also all modifications equivalent or equivalent to these claims belong to the scope of the present invention. .

110: Access management system device for managing access to original content data that is the target of NFT
111: random data generator 112: random data encryption unit
113: feedback request unit 114: data extraction unit
115: owner confirmation unit 116: storage processing unit
117: authentication token transmission unit 118: validation event generating unit
119: data transmission unit 120: transmission request unit
121: data restoration unit 122: encryption data transmission unit
123: hash value transmission unit 124: token issuance history database
100: blockchain network
101, 102, 103, 104, 105, 106: a plurality of nodes
130: user
140: electronic terminal
150: cloud server

Claims (12)

In the access management system device for managing access to original content data that is a target of NFT,
A first NFT registered in a pre-set blockchain network from the user's electronic terminal - in which a private key for data encryption and a public key forming a key pair with the private key are pre-issued and stored in the electronic terminal (Non-Fungible Token) -The first NFT is an NFT for first content data stored in a preset cloud server, and in the first NFT, first storage on the cloud server in which the first content data is stored Information on the path and owner identification information for the owner of the first content data are included - request for issuance of an authentication token for access to the first content data while identification information and the public key are received a random data generating unit that randomly generates random data when the received data is received;
a random data encryption unit generating encrypted random data by encrypting the random data with the public key when the random data is generated;
When the encrypted random data is generated, a feedback request unit requesting the electronic terminal to generate and transmit feedback data for the encrypted random data while transmitting the encrypted random data;
In response to a transmission request of the feedback data, from the electronic terminal, first feedback data - the first feedback data, the electronic terminal decrypts the encrypted random data with the private key to restore the random data, and restores the random data. Data generated by concatenating the random data and data for the user's first owner identification information to generate concatenated data and then encrypting the concatenated data with the private key - is received, the first a data extraction unit extracting data for the first owner identification information by restoring the concatenated data by decoding feedback data with the public key and then removing the random data from the restored concatenated data;
When the data for the first owner identification information is extracted, the first NFT registered in the blockchain network is searched based on the identification information for the first NFT, and the owner included in the first NFT is retrieved. Owner confirmation unit for checking whether the owner of the first NFT is the user by checking whether the identification information matches the first owner identification information;
When it is confirmed that the owner identification information included in the first NFT matches the first owner identification information, and the owner of the first NFT is confirmed to be the user, access to the first content data is restricted. After generating a first authentication token for the first authentication token, a storage processing unit for storing the first owner identification information and the first authentication token in correspondence with each other in a token issuance history database;
an authentication token transmitter for transmitting the first authentication token to the electronic terminal;
After the first authentication token is transmitted to the electronic terminal, information about the first storage path, the first owner identification information, the first authentication token, and the public key are received from the electronic terminal, and the first authentication token is received. 1 When a request for providing content data is received, it is checked whether the first authentication token is stored in correspondence with the first owner identification information on the token issuance history database, and the first authentication token is stored on the token issuance history database. a validation event generating unit generating a validation event indicating that the validity of the first authentication token has been verified, when it is confirmed that the authentication token is stored in correspondence with the first owner identification information; and
When the validation event occurs, the first content data stored on the first storage path is received from the cloud server based on the information on the first storage path, and the first content data is transmitted to the electronic terminal. Data transmission unit that transmits data
Access management system device comprising a. According to claim 1,
The first content data is, on the cloud server, first encrypted data - the first encrypted data is encrypted data generated by encrypting the first content data with an encryption key pre-stored on the cloud server - is stored in the form of
The data transmission unit
When the validation event occurs, a request is made to the cloud server based on the information on the first storage path to transmit the first encrypted data stored on the first storage path, and the first storage path is requested. 1 transmission requesting unit requesting transmission of the encryption key used for encryption of content data;
When the first encryption data stored on the first storage path and the encryption key are received from the cloud server in response to a transmission request of the first encryption data and the encryption key, the first encryption data a data restoration unit which restores the first content data by decrypting the first content data with the encryption key; and
When the first content data is restored, an encryption data transmitter configured to generate second encrypted data by encrypting the first content data with the public key and then transmit the second encrypted data to the electronic terminal.
Including,
The electronic terminal
When the second encrypted data is received from the access management system device, the first content data is restored by decrypting the second encrypted data with the private key pre-stored in the electronic terminal. system device. According to claim 1,
The storage processing unit
When it is confirmed that the owner identification information included in the first NFT matches the first owner identification information, and the owner of the first NFT is confirmed to be the user, access to the first content data is restricted. After generating the first authentication token for the first authentication token, while storing the first owner identification information and the first authentication token in correspondence with each other in the token issuance history database, store additional information about
The validation event generating unit
After the first authentication token is transmitted to the electronic terminal, information about the first storage path, the first owner identification information, the first authentication token, and the public key are received from the electronic terminal, and the first authentication token is received. 1 When a request for providing content data is received, it is checked whether the first authentication token is stored in correspondence with the first owner identification information on the token issuance history database, and the first authentication token is stored on the token issuance history database. If it is confirmed that the authentication token is stored in correspondence with the first owner identification information, information on the number of times the first authentication token can be used stored in the token issuance history database is additionally checked, and the first When it is confirmed that the usable count of the authentication token is not '0', after generating the validation event, the usable count of the first authentication token stored in the token issuance history database is deducted by '1'. An access management system device characterized in that for doing. According to claim 3,
The validation event generating unit
As a result of checking the information about the number of times the first authentication token can be used stored in the token issuance history database, when it is confirmed that the number of times the first authentication token can be used is '0', the first content data An access management system device, characterized in that for generating a reissue request message requesting reissuance of an authentication token for access to and transmitting it to the electronic terminal. According to claim 2,
The first NFT registered in the blockchain network includes a first hash value generated by applying the first content data as an input to a preset hash function,
The access management system device is
After the first content data is restored in the electronic terminal, while identification information on the first NFT is received from the electronic terminal, a request for transmission of a hash value for determining whether the first content data is forged or altered is received. , based on the identification information on the first NFT, the hash for querying the first NFT registered in the blockchain network and transmitting the first hash value included in the first NFT to the electronic terminal. value transmission
Including more,
The electronic terminal
The hash function is pre-stored in the electronic terminal, and when the first hash value is received from the access management system device, the first content data restored based on the private key is pre-stored in the electronic terminal It is checked whether the resultant value calculated when inputting the hash function as an input to the hash function in the above matches the first hash value, and if it is confirmed that the resultant value matches the first hash value, the first content data After confirming that the first content data is authentic data that has not been forged or altered, a verification confirmation message indicating that the first content data is authentic data that has not been forged or altered is generated and displayed on the screen. In the operating method of the access management system device for managing access to original content data that is the target of NFT,
A first NFT registered in a pre-set blockchain network from the user's electronic terminal - in which a private key for data encryption and a public key forming a key pair with the private key are pre-issued and stored in the electronic terminal (Non-Fungible Token) -The first NFT is an NFT for first content data stored in a preset cloud server, and in the first NFT, first storage on the cloud server in which the first content data is stored Information on the path and owner identification information for the owner of the first content data are included - request for issuance of an authentication token for access to the first content data while identification information and the public key are received If is received, randomly generating random data;
generating encrypted random data by encrypting the random data with the public key when the random data is generated;
when the encrypted random data is generated, requesting the electronic terminal to generate and transmit feedback data for the encrypted random data while transmitting the encrypted random data;
In response to a transmission request of the feedback data, from the electronic terminal, first feedback data - the first feedback data, the electronic terminal decrypts the encrypted random data with the private key to restore the random data, and restores the random data. Data generated by concatenating the random data and data for the user's first owner identification information to generate concatenated data and then encrypting the concatenated data with the private key - is received, the first restoring the concatenated data by decoding feedback data with the public key, and then extracting data for the first owner identification information by removing the random data from the restored concatenated data;
When the data for the first owner identification information is extracted, the first NFT registered in the blockchain network is searched based on the identification information for the first NFT, and the owner included in the first NFT is retrieved. Confirming whether the owner of the first NFT is the user by checking whether the identification information matches the first owner identification information;
When it is confirmed that the owner identification information included in the first NFT matches the first owner identification information, and the owner of the first NFT is confirmed to be the user, access to the first content data is restricted. After generating a first authentication token for the first authentication token, storing the first owner identification information and the first authentication token in correspondence with each other in a token issuance history database;
transmitting the first authentication token to the electronic terminal;
After the first authentication token is transmitted to the electronic terminal, information about the first storage path, the first owner identification information, the first authentication token, and the public key are received from the electronic terminal, and the first authentication token is received. 1 When a request for providing content data is received, it is checked whether the first authentication token is stored in correspondence with the first owner identification information on the token issuance history database, and the first authentication token is stored on the token issuance history database. generating a validation event indicating that the validity of the first authentication token has been verified, if it is confirmed that the authentication token is stored in correspondence with the first owner identification information; and
When the validation event occurs, the first content data stored on the first storage path is received from the cloud server based on the information on the first storage path, and the first content data is transmitted to the electronic terminal. steps to transmit data
A method of operating an access management system device comprising a. According to claim 6,
The first content data is, on the cloud server, first encrypted data - the first encrypted data is encrypted data generated by encrypting the first content data with an encryption key pre-stored on the cloud server - is stored in the form of
Transmitting the first content data to the electronic terminal
When the validation event occurs, a request is made to the cloud server based on the information on the first storage path to transmit the first encrypted data stored on the first storage path, and the first storage path is requested. 1 requesting transmission of the encryption key used for encryption of content data;
When the first encryption data stored on the first storage path and the encryption key are received from the cloud server in response to a transmission request of the first encryption data and the encryption key, the first encryption data restoring the first content data by decrypting with the encryption key; and
If the first content data is restored, generating second encrypted data by encrypting the first content data with the public key, and then transmitting the second encrypted data to the electronic terminal.
Including,
The electronic terminal
When the second encrypted data is received from the access management system device, the first content data is restored by decrypting the second encrypted data with the private key pre-stored in the electronic terminal. How the system unit works. According to claim 6,
The step of storing the first owner identification information and the first authentication token in correspondence with each other
When it is confirmed that the owner identification information included in the first NFT matches the first owner identification information, and the owner of the first NFT is confirmed to be the user, access to the first content data is restricted. After generating the first authentication token for the first authentication token, while storing the first owner identification information and the first authentication token in correspondence with each other in the token issuance history database, store additional information about
The step of generating the validation event is
After the first authentication token is transmitted to the electronic terminal, information about the first storage path, the first owner identification information, the first authentication token, and the public key are received from the electronic terminal, and the first authentication token is received. 1 When a request for providing content data is received, it is checked whether the first authentication token is stored in correspondence with the first owner identification information on the token issuance history database, and the first authentication token is stored on the token issuance history database. If it is confirmed that the authentication token is stored in correspondence with the first owner identification information, information on the number of times the first authentication token can be used stored in the token issuance history database is additionally checked, and the first When it is confirmed that the usable count of the authentication token is not '0', after generating the validation event, the usable count of the first authentication token stored in the token issuance history database is deducted by '1'. A method of operating an access management system device, characterized in that for doing. According to claim 8,
The step of generating the validation event is
As a result of checking the information about the number of times the first authentication token can be used stored in the token issuance history database, when it is confirmed that the number of times the first authentication token can be used is '0', the first content data A method of operating an access management system device, characterized in that for generating a reissue request message requesting reissuance of an authentication token for access to and transmitting it to the electronic terminal. According to claim 7,
The first NFT registered in the blockchain network includes a first hash value generated by applying the first content data as an input to a preset hash function,
The method of operating the access management system device
After the first content data is restored in the electronic terminal, while identification information on the first NFT is received from the electronic terminal, a request for transmission of a hash value for determining whether the first content data is forged or altered is received. If so, based on the identification information on the first NFT, querying the first NFT registered in the blockchain network, and transmitting the first hash value included in the first NFT to the electronic terminal.
Including more,
The electronic terminal
The hash function is pre-stored in the electronic terminal, and when the first hash value is received from the access management system device, the first content data restored based on the private key is pre-stored in the electronic terminal It is checked whether the resultant value calculated when inputting the hash function as an input to the hash function in the above matches the first hash value, and if it is confirmed that the resultant value matches the first hash value, the first content data After confirming that is authentic data that has not been forged or altered, a verification confirmation message indicating that the first content data is authentic data that has not been forged or altered is generated and displayed on the screen. A computer-readable recording medium recording a computer program for executing the method of any one of claims 6 to 10 through a combination with a computer. A computer program stored in a storage medium for executing the method of any one of claims 6 to 10 through a combination with a computer.

Images