KR102605368B1 - Method and server for verifying authenticity of mail - Google Patents

Abstract

A method and server for verifying the authenticity of an email are provided. This method includes extracting unique information that can confirm the authenticity of the outgoing mail from an outgoing mail received from a mail server, and sending verification data including the extracted unique information and identification information of the outgoing mail to a blockchain network. Distributing, receiving a request to confirm the authenticity of the received mail from the user terminal, requesting verification data corresponding to the identification information of the received mail from the blockchain network, obtaining verification data received from the blockchain network determining whether the received mail is the same as the sent mail by comparing whether the unique information matches the unique information extracted from the received mail, and sending an authenticity confirmation response including the result of determining the authenticity to the user. It includes the step of transmitting to the terminal.

Description

Method for verifying the authenticity of mail and its server {METHOD AND SERVER FOR VERIFYING AUTHENTICITY OF MAIL}

The present invention relates to a method and server for verifying the authenticity of an email.

The existing mail system stores the hash value of sent and received mail in the blockchain network and uses it as data to prove sending and receiving mail. The mail sender and receiver request mail record verification from the mail system's authentication server through an authentication procedure using a private key and a public key. Then, the authentication server compares the hash value of each requested email and the stored email to check its authenticity and returns the result.

However, the conventional mail transmission/reception verification method requires signing up through a subscription process including an authentication process at each individual server in order to distribute or issue certificates such as private keys and public keys. However, when using private keys and public keys for authentication, there is a problem that it is difficult to manage them. Additionally, the authentication process is complicated, which reduces usability.

In addition, the conventional mail transmission/reception verification method is dependent on the mail sender's system, so there is a problem that implementation is limited to a closed network. In other words, there are restrictions on the participation of external users due to the closed structure. Because you must subscribe to a mail server that provides original authentication, only users who have an account on the subscribed mail server can use the service. Therefore, original authentication cannot be performed for mail received from an external mail server other than the corresponding mail server.

Additionally, there is a problem that the node that stores the original must have high hardware specifications. Conventionally, nodes have a procedure for responding to comparison results through a ledger comparison process, and nodes have a procedure for responding to comparison results through a ledger comparison process. In order to perform verification work, nodes are also required to have a certain level of processing power, so node participation is required. There is a problem that the network becomes complicated because it acts as a barrier to the network and there is a redistribution process.

The task to be solved is to safely protect mail by distributing mail, which is the subject of original authenticity verification, on a blockchain network, and to avoid complex authentication procedures and sign-ups by applying a one-time authentication method and performing user authentication using the sender/recipient account of the mail. It has an open structure that does not require any requests, and provides a method and server for verifying the authenticity of the original using an encrypted hash value to block factors such as forgery and alteration of the original.

According to one feature, a method of operating a mail authenticity verification server includes extracting unique information that can confirm the authenticity of the outgoing mail from an outgoing mail received from a mail server, the extracted unique information and identification information of the outgoing mail. Distributing verification data including to the blockchain network, receiving a request to confirm the authenticity of the received mail from the user terminal, requesting verification data corresponding to the identification information of the received mail from the blockchain network, Comparing the unique information obtained from the verification data received from the blockchain network to see if it matches the unique information extracted from the received mail, determining whether the received mail is the same as the sent mail, and determining whether the received mail is authentic. and transmitting an authenticity confirmation response including a result to the user terminal.

In the distributing step, the verification data may be simultaneously distributed to at least one blockchain node selected from among a plurality of blockchain nodes constituting the blockchain network.

The unique information may be a hash value generated from the outgoing mail.

The identification information may include the sender's account, recipient's account, and title of the outgoing mail.

When the outgoing mail is sent by a mail account registered as a mail authenticity verification service user in the mail server, the mail account of the mail authenticity verification server may be included as a reference account of the outgoing mail and received from the mail server. .

Between the receiving step and the requesting step, it further includes the step of performing account validity authentication to determine whether the mail account of the user terminal matches the recipient account of the received mail, and the requesting step includes: If validity authentication is successful, the verification data can be requested.

Between the receiving step and the requesting step, the user transmits an OTP (One Time Password) to the user's authentication terminal provided by the user terminal, and determines whether the OTP input from the user terminal matches the transmitted OTP. It may further include performing authentication, and the requesting step may request the verification data if both the account validity authentication and the user authentication are successful.

Before the extracting step, a node registration step may be further included to enable the server to participate as a blockchain node through device authentication using hardware information of the server and identity authentication using OTP (One Time Password). .

According to another feature, the mail authenticity verification server includes a communication device, a memory storing a mail authenticity verification program, and at least one processor executing the program, wherein the program is configured to: , request and receive verification data corresponding to the identification information of the received mail from the blockchain network, compare the unique information extracted from the received verification data with the unique information extracted from the received mail, and if they match, the received mail is the original. Includes instructions for authenticating and transmitting an authenticity confirmation response including an authentication result indicating that the received mail is the original to the user terminal.

The program extracts unique information that can confirm the authenticity of the outgoing mail from the outgoing mail received from the mail server, and distributes verification data including the extracted unique information and identification information of the outgoing mail to the blockchain network. Additional commands may be included.

The program performs account validity authentication to determine whether the mail account of the user terminal matches the recipient account of the received mail, and transmits an OTP (One Time Password) to the user's authentication terminal provided by the user terminal, User authentication is performed to determine whether the OTP input from the user terminal matches the transmitted OTP, and if both the account validity authentication and the user authentication are successful, instructions for requesting the verification data may be further included.

According to the embodiment, distributed messaging technology can be used to classify and store mail and then distribute it to a blockchain network to block factors of forgery and falsification.

In addition, it is possible to implement an open mail system that can authenticate the original of sent/received mail by implementing an authentication procedure that minimizes subscription or complicated authentication processes.

Additionally, by using the sending/receiving account in the email header as an authentication method, the inconvenience caused by unnecessary authentication processes can be resolved by providing an original verification service only to the sender/recipient.

In addition, by adding an authentication account to the reference recipients outside of the mail server, you can receive the same service without a registration process, so you can use it without being restricted by the mail server.

In addition, it is possible to fundamentally block forgery and falsification operations such as operators manipulating or hiding data.

In addition, by using the Kafka distributed processing system and blockchain, and using one-time authentication-based technology rather than the complex authentication method of blockchain, the authentication process is simplified and all mail senders and recipients are able to access the server without requiring membership registration. You can verify the authenticity of transmission and reception records without receiving any information.

Figure 1 shows the connection between a mail authenticity verification system and its surrounding components according to an embodiment.
Figure 2 is a flowchart explaining the process of distributing mail verification data according to an embodiment.
Figure 3 is a flowchart explaining the process of verifying the original authenticity of an email according to an embodiment.
Figure 4 explains the communication process between the data gateway module and the blockchain network in the original authenticity verification process according to the embodiment.
Figure 5 explains the communication process between the data gateway module and the blockchain network in the verification data distribution process according to the embodiment.
Figure 6 is a block diagram showing the hardware configuration of a mail authenticity verification server according to an embodiment.

Below, with reference to the attached drawings, embodiments of the present invention will be described in detail so that those skilled in the art can easily implement the present invention. However, the present invention may be implemented in various different forms and is not limited to the embodiments described herein. In order to clearly explain the present invention in the drawings, parts that are not related to the description are omitted, and similar parts are given similar reference numerals throughout the specification.

Throughout the specification, when a part is said to “include” a certain element, this means that it may further include other elements rather than excluding other elements, unless specifically stated to the contrary.

In addition, terms such as “…unit”, “…unit”, and “…module” used in the specification refer to a unit that processes at least one function or operation, which may be implemented through hardware or software or a combination of hardware and software. You can.

The devices described in the present invention are composed of hardware including at least one processor, a memory device, a communication device, etc., and a program that is executed in conjunction with the hardware is stored in a designated location. The hardware has a configuration and performance capable of executing the method of the present invention. The program includes instructions that implement the operating method of the present invention described with reference to the drawings, and executes the present invention by combining it with hardware such as a processor and memory device.

In this specification, “transmission or provision” may include not only direct transmission or provision, but also indirect transmission or provision through another device or by using a circuitous route.

In this specification, expressions described as singular may be interpreted as singular or plural, unless explicit expressions such as “one” or “single” are used.

In this specification, the same reference numbers refer to the same elements regardless of the drawings, and “and/or” includes each and all combinations of one or more of the mentioned elements.

In this specification, terms including ordinal numbers, such as first, second, etc., may be used to describe various components, but the components are not limited by the terms. The above terms are used only for the purpose of distinguishing one component from another. For example, a first component may be referred to as a second component, and similarly, the second component may be referred to as a first component without departing from the scope of the present disclosure.

In the embodiments described herein with reference to the drawings, any embodiment may be implemented independently, several embodiments may be merged or divided, and specific operations may not be performed in each embodiment.

Now, a method and server for verifying the authenticity of mail according to an embodiment will be described with reference to the drawings.

Figure 1 shows the connection between a mail authenticity verification system and its surrounding components according to an embodiment.

Referring to FIG. 1, the mail authenticity verification server 100 safely protects the original of the mail that is subject to authenticity verification or original authentication by distributing it, and has an open structure that does not require complicated authentication procedures and subscriptions to prove the original of the mail. It uses an encrypted hash value to block factors such as forgery and alteration of emails.

The mail authenticity verification server 100 is connected to the Internet network 300. The Internet network 300 provides wired and wireless Internet services.

The Internet network 300 is connected to a mail sending server 400, a mail receiving server 500, a sender terminal 600, and a receiver terminal 700. The mail sending server 400 receives the mail written on the sender terminal 600 from the sender terminal 600 and transmits it to the mail receiving server 500 via the Internet network 300. The recipient terminal 700 connects to the mail reception server 500 and receives the mail sent by the sender terminal 600.

The mail sending server 400 and the mail receiving server 500 send and receive mail using SMTP (Simple Mail Transfer Protocol). The mail sending server 400 and the mail receiving server 500 may be independent servers or the same server. For example, if the mail accounts of the mail sender and the mail recipient are the same mail service subscriber account, the mail sending server 400 and the mail receiving server 500 may be one and the same mail server.

The sender terminal 600 is the sender terminal of the mail, and the receiver terminal 700 is the recipient terminal of the mail. The sender terminal 600 and the receiver terminal 700 are devices with a built-in Internet browser and may include a personal computer (PC), laptop, smartphone, etc.

Meanwhile, the mail authenticity verification server 100 performs original authentication of sent/received mail and general data. The mail authenticity verification server 100 operates as an archive storage for sent/received mail and general data. The mail authenticity verification server 100 performs spam filtering of sent/received mail and collects patterns of general data. The mail authenticity verification server 100 performs one-time authentication management based on sender/recipient accounts. The mail authenticity verification server 100 selects mail distribution blockchain nodes and performs batch distribution.

The mail authenticity verification server 100 verifies validity through test cases that reproduce actual transmission/reception, original authentication requests, and pattern update situations, and system performance and security performance can be quantitatively derived using measurement tools. there is.

The mail authenticity verification server 100 includes a Web Application Server (WAS) module 110, a data processing module 120, and a data gateway module 130.

The WAS module 110 receives the mail as it is delivered from the mail sending server 400 to the mail receiving server 500 and delivers it to the data processing module 120. For example, the sender terminal 600 may receive mail created in a web-based application and uploaded to the mail sending server 400 from the mail sending server 400 and deliver it to the data processing module 120 as the original. The WAS module 110 transmits the original text to the data processing module 120 for original authenticity service.

The WAS module 110 receives the original authenticity service result from the data gateway module 130, stores it, and provides a request result history interface that can be confirmed by the original authenticity requester. In other words, the original authenticity requester can access the WAS module 110 and check the original authenticity verification result of the mail.

The data processing module 120 classifies mail by user account. The data processing module 120 checks whether the classified user's folder exists, creates a user folder if it does not exist, and stores the classified original mail in the user folder. In other words, classified data is stored in user folders created by category.

The data processing module 120 encrypts the stored original mail to extract a hash value, generates the extracted hash value and identification information of the original mail as verification data, and transmits it to the data gateway module 130. At this time, the verification data is saved in the user folder.

The data processing module 120 may generate and store a hash value for mail using the sha-3 512 function, Sha256 function, etc. These hash values can be stored along with the original email in a folder created for each user account. If there is a change in the original data, a completely different value is generated, which serves as a basis for checking whether there has been a change.

The data processing module 120 generates verification data based on the identification information and hash value of the original mail and transmits this verification data to the data gateway module 130. At this time, the identification information of the original mail may include the mail's sending date, sender's account, recipient's account, and title. The data processing module 120 may manage a list that matches the identification information of the original mail and the hash value generated based on the entire data of the original mail.

The data processing module 120 generates a hash value based on sending information such as sender, recipient, CC, and BCC included in the header of the original email, the presence or absence of an attached file, information on the attached file, and the contents of the email body.

The data gateway module 130 is a broker that controls data input/output requests, a node gateway that interfaces with the blockchain network 200, a distributed ledger recording system, a function to classify authentication request contents, and user authenticity. It can perform an authentication function to process confirmation requests, an authentication function to process the recipient's authenticity confirmation request, and a node authentication function to register servers participating in blockchain nodes.

The data gateway module 130 can receive a subscription request from the blockchain network 200 and register the blockchain node 201.

The data gateway module 130 can simultaneously distribute the verification data received from the data processing module 120 to the blockchain nodes 201 that have applied to subscribe to the verification data.

The data gateway module 130 requests and receives verification data from one blockchain node 201 randomly selected from among the plurality of blockchain nodes 201 that have applied for subscription. The data gateway module 130 verifies the authenticity of the original by comparing the hash value extracted from the email requested for original authenticity with the hash value included in the verification data. If the hash values match, the data gateway module 130 determines that it is the original. If the hash values do not match, it determines that it is not the original.

The blockchain node 201 can store the identification information of the original mail and the corresponding hash value as verification data. Accordingly, the data gateway module 130 can request and receive verification data corresponding to the identification information of the original mail from the blockchain node 201.

At this time, since the data gateway module 130 has completed identity verification upon node registration in advance for the blockchain node 201, it does not have a process to prove false nodes, such as BFT (Byzantine Fault Tolerance).

The data gateway module 130 performs the same role as the master node of a general system, but actually acts as an intermediary and verifies the connection between the WAS module 110, the sender terminal 600, the receiver terminal 700, and the blockchain node 201. performs the function of

Therefore, when a large number of requests occur, the data gateway module 130 requires large-scale data processing ability, and to process this, it can be processed as a set of servers with a cluster structure.

The data gateway module 130 may be clustered and exist in multiple numbers. The number may be odd. Any data gateway module 130 configured in a cluster provides the same service and maintains high availability and reliability by preventing work loss due to system damage.

If a load exceeds a certain level according to the data load, it is preferentially connected to the data gateway module 130 with a smaller load, and no matter which side the data load is processed on, the data gateway module 130 belonging to the cluster is linked to output the same result.

The data gateway module 130 may generate an original authenticity verification result and transmit it to the recipient terminal 700 through SMTP in the form of an application event message.

When verification data is delivered from the data processing module 120, the data gateway module 130 can distribute the verification data to the blockchain network 200 after the authentication process. The data gateway module 130 may perform the authentication process using a pre-designated code exchange method rather than a certificate, and then perform distribution if there are no problems.

The data gateway module 130 has a process of selecting a blockchain node 201 to transmit verification data or a blockchain node 201 to receive verification data, and the blockchain node 201 selected through this process ) and send and receive verification data.

The data gateway module 130 performs an original authenticity verification procedure based on the verification data received from the blockchain node 201, returns the verification result to the WAS module 110, and stores the verification history.

Unlike the conventional method of distributing all data equally to all blockchain nodes, the data gateway module 130 according to the embodiment uses a method of distributing verification data in a node-customized manner.

There is only one original data storage of the data processing module 120, but the blockchain node 201 that specifies the category of verification data and applies to subscribe to the data type corresponding to the designated category may be selected as the distribution node.

The blockchain node 201 can select one desired data, and this is called a subscription application. The blockchain node 201 that has applied for subscription receives verification data whenever the corresponding verification data is updated. Verification data is not distributed to blockchain nodes 201 that have not applied for subscription. Through this structure, the node receives and processes selective data, minimizing restrictions on processing performance, and improving transaction speed can be achieved if the specifications are the same.

Unlike the conventional method of distributing by distributing to subordinate nodes based on the master node, according to the embodiment, data update time difference can be minimized by simultaneously distributing to target nodes in batches without the concept of master node. At this time, data updates are also performed in batches, so the threats of attacks and forgery using time differences can be minimized.

The data gateway module 130 performs the decoding task by authenticating 90% of the checksum values of the verification data of the distributed ledger obtained from the blockchain node 201 as the original when it matches the checksum value of the mail for which authenticity verification was requested. does not do This is different from the conventional method of verifying the checksum value in a blockchain by specifying the probability of an error occurring in all nodes (N=3F+1).

Additionally, the verification subject is the data gateway module 130, and the blockchain node 201 does not perform verification. Therefore, since the blockchain node 201 does not use computing power for verification, participation is possible with specifications that only secure storage space.

The data gateway module 130 manages authentication for participation of the blockchain node 201, and compares the function of managing subscription details and distributing them to subscription nodes with the ledger verification data received from the blockchain node 201. Calculate authenticity results.

The blockchain network 200 consists of a plurality of blockchain nodes 201 that operate according to the blockchain algorithm.

The blockchain node 201 may be implemented as a server computing device, but may also be implemented as a virtual machine, etc.

The blockchain node 201 is a node that has applied for subscription to email verification data and stores the verification data for which the subscription has been applied.

The blockchain node 201 only performs the role of storing and updating the verification data distributed by the data gateway module 130.

Verification data including basic information of the file, identification information of the original mail, and hash value are stored in the ledger of the blockchain node 201, and when the verification data is updated, it is also treated as a new ledger. This is because original authentication is a record of each data being sent and is therefore considered unique information. However, since there are situations in which updating is necessary, the data file can be continuously updated if the original owner selects the update by selecting an option when registering. In the case of updates, the update history is recorded in the ledger, each hash value is reflected, and only the hash value of the final state remains.

When the blockchain node 201 receives verification data from the data gateway module 130, it creates a block in which the verification data is stored and returns the block creation result. When the blockchain node 201 receives a verification data request from the data gateway module 130, it searches the stored verification data block and returns the search result.

At this time, the blockchain network 201 has a distributed structure that does not have a master node concept. The consensus process consists of sending a request to a randomly selected node and receiving a response. Each blockchain node 201 simultaneously updates mail data distributed in batches.

Servers wishing to participate in each blockchain node 201 are registered as blockchain nodes 201 through device registration and identity authentication procedures.

The blockchain node 201 stores and stores verification data. The blockchain node 201 provides the corresponding verification data when a request to confirm the stored verification data comes from the data gateway module 130 for the purpose of verifying authenticity.

The blockchain node 201 does not participate in the direct calculation process. No data is exchanged between blockchain nodes 201. The blockchain node 201 receives data through a data subscription application process and stores it in a distributed manner. The blockchain node 201 has a distributed structure without the concept of a master node. The blockchain node 201 updates verification data distributed in batches at the same time to all nodes. The data gateway module 130 sends a request to the randomly selected blockchain node 201 for the consensus process and receives a response.

Server owners who wish to participate in the blockchain node 201 can register through device registration and identity authentication procedures, and request subscription upon registration to participate as a node that stores verification data of the original email. At this time, hardware information and one-time authentication code can be used as an authentication method for the registered device.

POW (Proof-of-Work) type nodes require computation, and PoS (Proof-of-Stake) type nodes also perform the role of authentication, so the processing performance of the node system As a way to solve the problem of being limited beyond a certain level, the role of the node was minimized and limited to make it possible to perform the role even at the level of a commonly used PC. The limited functions performed by nodes are to store the ledger, provide the ledger upon request to verify its authenticity, and record history.

Blockchain nodes 201 can participate after identity verification is completed, and this is possible with a system that secures a level of storage space capable of storing the ledger. To verify system specifications, there may be a procedure to approve participation after a performance test at the subscription application stage.

Identity authentication methods include applying personalized authentication using commonly used authentication systems such as i-pin, mobile phones, and credit cards, or in the case of companies, authentication can be applied through the verification process of proof documents.

As such, the mail authenticity verification structure according to the embodiment has a structure in which the mail authenticity verification server 100 is connected to a general mail system, that is, the mail sending server 400 and the mail receiving server 500. It consists of a decentralized message distribution system and a blockchain network in addition to a general mail system, has the ability to authenticate the original and distribute spam patterns and data in the configured system, and is an open system that does not use certificates and private keys. Implement.

The mail authenticity verification structure according to the embodiment has no data structure limitations and can operate multiple types of service models.

The mail authenticity verification structure according to the embodiment allows receiving only the desired form, for example, mail, file, or ledger of a specific group, through a data subscription application.

The mail authenticity verification structure according to the embodiment has an open structure that distributes verification data in batches to the blockchain nodes 201 that have applied for subscription.

The mail authenticity verification structure according to the embodiment is a service structure provided through a simple authentication method using the recipient's account, and has a structure as lightweight as possible to the extent that it is not diverted for purposes other than those of the original authentication process.

The mail authenticity verification structure according to the embodiment is a structure in which the sender can use the server through an account registration process and has a registered user (sender) authentication process. It is a structure that is as lightweight as possible to the extent that it is not diverted for purposes other than those of the original authentication process. has

The mail authenticity verification structure according to the embodiment is a method of creating a small network to improve the problems of POW and PoS (Proof of Stake), which are widely used in existing technologies, determining the order of transactions internally and uploading the results to the main chain. Companies have used "sharding" techniques or state channels that determine the order of transactions between nodes connected by a hotline and then merge the results into the main chain. However, these techniques are only effective when the usage per second is low, so they cannot accommodate large amounts of requests. In this case, problems that are difficult to handle may arise, so it is limited to not performing the role of a propagator or verification of the node, and is simplified by designing a structure that receives selective data requested in advance by the node. Therefore, distribution to the blockchain node 201 is performed in batches, and the structure only serves as a storage space for data for verification of authenticity.

Figure 2 is a flowchart explaining the process of distributing mail verification data according to an embodiment.

Referring to FIG. 2, the data gateway module 130 performs a node registration procedure with at least one blockchain node 201 in the blockchain network 200 (S101). At this time, device authentication using hardware information of the server wishing to participate as a blockchain node 201 and identity authentication using OTP (One Time Password) can be performed. If all of these authentications are successful, at least one blockchain node 201 can be registered.

The blockchain node 201 can apply for subscription when registering the node (S102). The data gateway module 130 can create and store a library for each blockchain node 201 that has applied for subscription (S103).

The sender terminal 600 generates an outgoing mail while connected to the mail sending server 400 (S104). At this time, the mail sending server 400 may be a server that provides a mail authenticity verification service.

Outgoing mail has components such as sender, recipient, reference person, subject, attached file, and mail content.

The mail sending server 400 determines whether the sender account of the sent mail generated in S104 is an account that has subscribed to the mail original authenticity verification service (S105). Here, registration may be accomplished by registering a sender account.

If the mail sending server 400 determines that it is a subscription account in S105, it adds the mail account of the mail authenticity verification server 100, for example, cert@certmail.co.kr, to the blind carbon copy of the outgoing mail (S106). . At this time, the mail sending server 400 may add a link to check the original in the body of the sent mail.

When the send button is clicked on the sender terminal 600, the mail sending server 400 sends the outgoing mail generated in S104 or the outgoing mail generated in S106 (S107).

The outgoing mail sent by the mail sending server 400 is simultaneously transmitted not only to the recipient terminal 700 but also to the mail authenticity verification server 100 (S108). The blind carbon copy account is the mail authenticity verification server 100, and the original data of all sent mail, for example, original content or original image data, is transmitted to the mail authenticity verification server 100.

The data processing module 120 stores the outgoing mail in the user folder corresponding to the sender's account of the outgoing mail (S109). If there is no user folder corresponding to the sender's account, the outgoing mail can be saved after creating a user folder (S109).

The data processing module 120 may create a partition of a user account name in one memory storage space for verification of each user, classify the partition into topics, and store the partition in the partition. The data processing module 120 can categorize components such as recipients, referents, titles, attached files, etc. into topics.

The data processing module 120 extracts unique information that can confirm the authenticity of the outgoing mail from the outgoing mail (S110). At this time, the unique information may be a hash value generated from the original mail data of the outgoing mail using a hash function.

The data processing module 120 generates verification data including the hash value generated in S110 and identification information of the outgoing mail (S111).

According to one embodiment, the identification information of the outgoing mail may include the sender's account, the recipient's account, and the mail subject of the outgoing mail. The data processing module 120 can map mail identification information, the corresponding original mail, and hash values and manage them as a list. The blockchain node 201 stores verification data including mail identification information and the corresponding hash value. Therefore, verification data can be requested and received from the blockchain node 201 based on the mail identification information.

According to another embodiment, the data processing module 120 generates mail information such as sender account, recipient account, presence of attachments, attached files, original content, title, etc. of the outgoing mail for each outgoing mail, and the original data of the outgoing mail. A list of mapped hash values can also be managed in the form of serial numbers. In this case, the serial number and hash value can be distributed to the blockchain node 201 as verification data, and the hash value can be obtained from the blockchain node 201 using the serial number of the original authentication requested email.

The data processing module 120 transmits a verification data distribution request to the data gateway module 130 (S112).

The data gateway module 130 selects the blockchain node 201 that has applied for subscription to the outgoing mail requested for distribution based on the information stored in the library created in S103 (S113). The selection of blockchain nodes 201 may be selected arbitrarily.

The data gateway module 130 simultaneously distributes verification data to at least one blockchain node 201 selected in S113 among the plurality of blockchain nodes 201 constituting the blockchain network 200 (S114).

The blockchain node 201 that has received the verification data creates a block and stores the verification data (S115).

The blockchain node 201 can be classified into three types of nodes: a node for verifying the recipient, a node for verifying the request history, and a node for verifying the original. Of course, it can also be configured as a blockchain node 201 that includes all three types of classified data, that is, recipient confirmation, request history confirmation, and original confirmation. The blockchain node 201 is also subscribed to through the backup node to prevent loss of the original. The update of the blockchain node 201 is performed every time an email is sent.

Figure 3 is a flowchart explaining the process of verifying the original authenticity of an email according to an embodiment.

Referring to FIG. 3, the received mail received by the recipient terminal 700 includes an original authentication link to request verification of the authenticity of the mail. When the recipient terminal 700 clicks the original authentication link (S201), a request to confirm the authenticity of the mail is transmitted to the mail authenticity verification server 100 (S202). Requests to verify mail authenticity include incoming mail.

The data gateway module 130 compares the recipient account of the received mail with the mail account of the recipient terminal 700 (S203) and determines whether they match (S204). That is, the recipient account validity authentication is performed (S203, S204).

If there is a mismatch, the data gateway module 130 transmits a rejection message (S205). A rejection message may be returned, such as "This is an invalid request."

If they match, the data gateway module 130 requests input of authentication terminal information (S206) and receives authentication terminal information (S207).

The data gateway module 130 transmits the OTP to the authentication terminal received in S207 (S208).

The data gateway module 130 requests the recipient terminal 700 to input an OTP (S209) and receives it (S210).

The data gateway module 130 determines whether the OTP received in S210 matches the OTP transmitted in S208 (S211). That is, user authentication is performed (S211).

If the data gateway module 130 determines that there is a mismatch in S211, it transmits a rejection message (S212).

However, if it is determined to be a match in S211, the data gateway module 130 randomly selects from among the blockchain nodes 201 based on the information stored in the library (S213).

The data gateway module 130 transmits a verification data request to the blockchain node 201 selected in S213 (S214). The verification data request includes identifying information of the incoming mail.

The blockchain node 201 returns the stored verification data (S215).

The data gateway module 130 uses a hash function to compare the hash value generated from the received mail with the hash value of the verification data received in S215 (S216) to determine whether they match (S217).

If there is a mismatch in S217, an original authentication failure is transmitted (S218).

If a match is determined in S218, an email authenticity confirmation response containing successful original authentication is transmitted (S219).

At this time, a step may be added to check whether there is a request for original authenticity verification for the additionally requested received mail after S211, and if there is a request history, sending a “duplicate request message” as a rejection message. On the other hand, if there is no request for original authenticity verification, S213 may be performed. This is to provide original confirmation only once.

If the verification result matches in S217, the data gateway module 130 returns the authentication result through the consensus authentication procedure of the nearest node (S219). And the verification request details can be saved.

The verification node consists of at least 3 nodes and has a 3-step authenticity verification process. The verification sequence proceeds through the following steps: recipient list verification → request history verification → original confirmation verification. The three-step authenticity verification process may be performed through a plurality of different blockchain nodes (201) or through one blockchain node (201).

At this time, the original authentication link may be included in both the original email sent to the sender's account and the recipient's account. According to one embodiment, when an outgoing mail is delivered in S108 of FIG. 3, the data processing module 120 may transmit an original authentication request receipt completion email to both the sender's account and the recipient's account. This received email includes the original email along with the send date, sender, recipient, and email subject, and says, "The email can be verified as original. To authenticate the original, click the Authenticate Original button and follow the instructions. A link to the original authentication may be included along with the instruction “You can proceed.”

Accordingly, when the original authentication link is clicked on the recipient terminal 700 (S201), the steps in FIG. 3 are performed. Additionally, even if the original authentication link is clicked on the sender terminal 600, steps S201 to S219 of FIG. 3 may be performed in the same manner.

Figure 4 explains the communication process between the data gateway module and the blockchain network in the original authenticity verification process according to the embodiment.

Referring to FIG. 4, it can be added to the process from S213 to S214 in FIG. 3.

The data gateway module 130 creates and stores a mail authenticity confirmation request history (S301).

The data gateway module 130 transmits a data access request to the blockchain node 201 (S302).

The data gateway module 130 receives an authentication code from the blockchain node 201 (S303), generates a response code based on the authentication code, and transmits it to the blockchain node 201 (S304).

The blockchain node 201 verifies the response code (S305). Response code verification can generate a response code identical to that of the data gateway module 130 based on the authentication code transmitted from S303 and compare it with the response code received from S304 to determine whether it matches.

If the blockchain node 201 succeeds in verifying the response code in S305, it responds with data access approval (S306). Then, the data gateway module 130 transmits a verification data request (S307).

Figure 5 explains the communication process between the data gateway module and the blockchain network in the verification data distribution process according to the embodiment.

Referring to FIG. 5, this may be performed before performing S115 of FIG. 2 or when updating verification data.

The data gateway module 130 queries the blockchain node 201 about the authentication preparation status (S401) and receives a response (S402).

The data gateway module 130 transmits an authentication code to the blockchain node 201 (S403) and receives a response code generated based on the authentication code by the blockchain node 201 (S404).

The data gateway module 130 generates a response code in the same manner as the blockchain node 201 based on the authentication code transmitted in S403 and performs response code verification by comparing it with the response code received in S404 (S405) .

If the data gateway module 130 succeeds in verifying the response code, it inquires about the reception readiness status (S406) and receives a response (S407).

When a reception ready status response is received, the data gateway module 130 distributes verification data (S408) and receives an update status (S409).

The data gateway module 130 creates and stores verification data distribution history (S411).

Meanwhile, Figure 6 is a block diagram showing the hardware configuration of a mail authenticity verification server and blockchain node according to an embodiment.

Referring to FIG. 6, the mail authenticity verification server and blockchain node described in FIGS. 1 to 5 may be implemented with at least one computing device 800, and instructions described for executing the operations of the present disclosure are provided. You can run the computer program it contains.

The computing device 800 includes a processor 801, a memory 802, a storage 803, and a communication device 804 connected to each other through a bus.

The communication device 804 is connected to at least one processor 801 to transmit and/or receive data over a network. The memory 802 is connected to at least one processor 801 and stores a program including instructions for executing the configuration and/or method according to the embodiments described in FIGS. 1 to 5. The program is combined with hardware such as memory 802 and at least one processor 801 to implement the present invention.

The storage 803 includes information necessary for operating the computing device 800. The processor 801 executes the present invention in combination with hardware such as memory 802 and storage 803.

The embodiments of the present invention described above are not only implemented through devices and methods, but can also be implemented through programs that implement functions corresponding to the configurations of the embodiments of the present invention or recording media on which the programs are recorded.

Although the embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improvements made by those skilled in the art using the basic concept of the present invention defined in the following claims are also possible. It falls within the scope of rights.

Claims (11)

As a method of operating a mail authenticity verification server,
Performing node registration to enable the server to participate as a blockchain node through device authentication using server hardware information and identity authentication using OTP (One Time Password);
Creating a library containing subscription information requested from a server registered as a blockchain node,
Extracting unique information that can confirm the authenticity of the outgoing mail from an outgoing mail received from a mail server, and generating verification data including the extracted unique information and identification information of the outgoing mail,
Based on the subscription information stored in the library, selecting blockchain nodes that have applied for subscription to the outgoing mail, and simultaneously distributing the verification data to at least one selected blockchain node,
Receiving a request to confirm the authenticity of the received mail from the user terminal,
Based on the information stored in the library, requesting and receiving verification data corresponding to the identification information of the received mail from a blockchain node selected from among a plurality of blockchain nodes constituting a blockchain network,
Comparing the unique information obtained from the received verification data with unique information extracted from the received mail to determine whether the received mail is the same as the sent mail and whether it is authentic, and
Transmitting an authenticity confirmation response including a result of determining authenticity to the user terminal.
Method, including. delete In paragraph 1:
The above unique information is,
A method, which is a hash value generated from the outgoing mail. In paragraph 1:
The identification information is,
A method comprising a sender account, a recipient account, and a subject of the outgoing mail. In paragraph 1:
The sending email is:
When sent by a mail account registered as a mail authenticity verification service user in the mail server, the mail account of the mail authenticity verification server is included as a reference account in the outgoing mail and is received from the mail server. In paragraph 1:
Between receiving the authenticity confirmation request and requesting and receiving the verification data,
Further comprising performing account validity authentication to determine whether the mail account of the user terminal matches the recipient account of the received mail,
The step of requesting and receiving the verification data is,
If the account validity verification is successful, a method for requesting the verification data. In paragraph 6:
Between receiving the authenticity confirmation request and requesting and receiving the verification data,
Transmitting an OTP (One Time Password) to the user's authentication terminal provided by the user terminal, and performing user authentication to determine whether the OTP input from the user terminal matches the transmitted OTP,
The step of requesting and receiving the verification data is,
If both the account validity authentication and the user authentication are successful, requesting the verification data. delete communication device,
Memory where the mail authenticity verification program is stored,
At least one processor executing the program,
The above program is,
Node registration is performed to enable the server to participate as a blockchain node through device authentication using server hardware information and identity authentication using OTP (One Time Password), and subscription information requested from the server registered as a blockchain node is performed. Create a library,
Extracting unique information that can confirm the authenticity of the outgoing mail from an outgoing mail received from a mail server, and generating verification data including the extracted unique information and identification information of the outgoing mail,
Simultaneously distribute the verification data to at least one blockchain node that has applied for subscription to the outgoing mail selected based on subscription information stored in the library,
When a request to confirm the authenticity of the received mail is received from the user terminal, verification data corresponding to the identification information of the received mail is sent to the blockchain node selected from among the plurality of blockchain nodes that make up the blockchain network, based on the information stored in the library. Request and receive,
Compare the unique information extracted from the received verification data with the unique information extracted from the received mail, and if they match, certify that the received mail is the original;
A mail authenticity verification server comprising instructions for transmitting an authenticity confirmation response including an authentication result indicating that the received mail is an original to the user terminal. delete In paragraph 9:
The above program is,
Perform account validity authentication to determine whether the mail account of the user terminal matches the recipient account of the received mail,
Transmits an OTP (One Time Password) to the user's authentication terminal provided by the user terminal, and performs user authentication to determine whether the OTP input from the user terminal matches the transmitted OTP,
If both the account validity authentication and the user authentication are successful, the mail authenticity verification server further includes instructions for requesting the verification data.