KR20210058459A - Method of multiple checking and system implementing thereof - Google Patents

Abstract

The present invention relates to a multiple verification method and a system thereof. According to an embodiment of the present invention, the multiple verification method comprises: a first interface unit for receiving information of a first type based on a first internal network system and a non-network information transfer mechanism or for transferring the information of the first type to the first internal network system; and a control unit for converting first information of a first type received by the first interface unit into second information of a second type to generate a public key and a backup key based on the second information and converting them into third information of the first type. The first interface unit transmits the third information of the first type to the outside. Therefore, a system, separated from the outside, processes information to prevent falsification of information when the embodiment of the present invention is applied.

Description

Multiple verification method and system {METHOD OF MULTIPLE CHECKING AND SYSTEM IMPLEMENTING THEREOF}

The present invention relates to a multiple verification method and system.

As the realm of life expands offline and online, economic activity is also expanding online. Interest and demand for cryptocurrency or cryptocurrency transactions, online banking and securities account processing are increasing, and information is increasingly treated as assets.

When information is treated as an asset, the security of the information and the technology to prevent information tampering are importantly requested. If the security of the information is not provided, the information is easily altered, resulting in hacking and exploitation of assets traded online.

Accordingly, in this specification, a system and method for preventing tampering in order to increase the security of information will be described.

In order to prevent the forgery and alteration of the above-described information, a method in which a system separated from the outside processes information is proposed.

In addition, in the case of a separate system exchanging information with the outside, it is intended to propose a method to prevent information loss or forgery by using a non-network information delivery mechanism.

In addition, in order to confirm that information has been manipulated in situations such as asset movement, we intend to propose a method of stopping asset movement when information is manipulated by either party through multiple verification.

The problem to be solved by the present invention is not limited to the problems mentioned above, and other problems not mentioned herein will be clearly understood by those skilled in the art from the following description.

The multi-verification system according to an embodiment of the present invention receives information of a first type based on a first internal network system and a non-network information delivery mechanism, or transmits information of a first type to the first internal network system. 1 The interface unit and the first interface unit convert the first type of information received by the first type into second type of second information to generate a public key and a backup key based on the second information. And a control unit for converting the information into third information of, and the first interface unit transfers the third information of the first type to the outside.

In the multiple verification method according to an embodiment of the present invention, a first interface unit of a multiple verification system receives information of a first type based on a first internal network system and a non-network information transmission mechanism, and a control unit of the multiple verification system. A step of generating a public key and a backup key based on the second information by converting the first type of first information received by the first interface unit into second type of second information, and the generated public key and backup by the control unit And converting the key into third information of the first type, and transmitting the third information of the first type to the first internal network system by the first interface unit.

When the embodiments of the present invention are applied, a system separated from the outside can process information to prevent forgery of information.

When the embodiments of the present invention are applied, a separated system can exchange information with the outside by using a non-network information delivery mechanism.

In the case of applying the embodiments of the present invention, when information is manipulated by either side through multiple verification, it is possible to stop the movement of the asset, confirm that the information has been manipulated in a situation such as asset movement, and process it.

The effects provided by the present invention are not limited to the above-mentioned effects, and other effects not mentioned herein will be clearly understood by those skilled in the art from the following description.

1 shows a configuration for generating information to be double-checked according to an embodiment of the present invention.
2 shows a process of generating and transmitting information according to an embodiment of the present specification.
3 shows a detailed process of generating a key in a checking system according to an embodiment of the present invention.
4 shows a key confirmation process according to an embodiment of the present invention.
5 shows a configuration of a checking system according to an embodiment of the present invention.
6 shows the configuration of a non-network information delivery mechanism according to an embodiment of the present invention.
7 shows a private key decryption process according to an embodiment of the present invention.

Advantages and features of the present invention, and a method of achieving them will become apparent with reference to the embodiments described below in detail together with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but will be implemented in a variety of different forms, only the present embodiments are intended to complete the disclosure of the present invention, and common knowledge in the technical field to which the present invention pertains. It is provided to completely inform the scope of the invention to those who have, and the invention is only defined by the scope of the claims. The same reference numerals refer to the same elements throughout the specification.

In order to clearly describe the present invention, parts irrelevant to the description have been omitted, and the same reference numerals are attached to the same or similar components throughout the specification. In addition, some embodiments of the present invention will be described in detail with reference to exemplary drawings. In adding reference numerals to elements of each drawing, the same elements may have the same numerals as possible even if they are indicated on different drawings. In addition, in describing the present invention, when it is determined that a detailed description of a related known configuration or function may obscure the subject matter of the present invention, the detailed description may be omitted.

In addition, in describing the constituent elements of the present invention, terms such as first, second, A, B, (a) and (b) may be used. These terms are only for distinguishing the component from other components, and the nature, order, order, or number of the component is not limited by the term. When a component is described as being "connected", "coupled" or "connected" to another component, the component may be directly connected or connected to that other component, but other components between each component It should be understood that "interposed" or that each component may be "connected", "coupled" or "connected" through other components.

In this specification, as an example of information that should prevent tampering and maintain security, a description will be given focusing on identification information for a wallet. In one embodiment, the identification information on the wallet may be a wallet address. This wallet address is used when trading or moving assets. In addition, the information may be information about an account or an account password.

In addition, as an embodiment of a non-network information relay method, information is exchanged between systems based on a communication method using a QR code. However, the present invention is not limited thereto, and non-network information delivery methods based on various methods such as barcodes, encrypted images, and images for identification information are included in the embodiments of the present invention.

1 shows a configuration for generating information to be double-checked according to an embodiment of the present invention.

Users who own a wallet or want to create a wallet, or users who want to perform transactions using a wallet access the service system 100 in the Internet domain, which is a public network. The service system 100 connects to a backend of the first internal network system 200. In addition, information required by the user is generated or processed as a result of interaction with the checking system 300 via the first gateway 220.

The multi-verification system, or checking system 300 for short, exchanges information with a gateway through a non-network information delivery method such as a QR code. Hereinafter, as an embodiment of information exchange of the checking system 300, a description will be given focusing on QR code reading, but the present invention is not limited thereto.

At this time, the first gateway 220 generates a QR code using an input gateway relay (iGWRelay). In addition, the QR code is input to the checking system 300 in a QR code reading method, which is one of the non-network information delivery methods. The checking system 300 may process the input QR code and store it in a separate second internal network system 250 or may return a processing result through the first internal network system 200.

The second gateway 270 reads the QR code using an output gateway relay (oGWRelay). In addition, the QR code is input to the second internal network system 250 in a QR code reading method, which is one of the non-network information delivery methods.

Information transfer between the second internal network system 250 and the checking system 300 may also use a QR code, which is a non-network method.

The checking system 300 may communicate with N internal network systems (N is a natural number of 2 or more). N internal network systems are maintained for multi-checking, and these internal network systems can store information distributedly or redundantly. Although two internal network systems 200 and 250 are shown in FIG. 1, the checking system 300 can perform multiple internal network systems and non-network type information transfer.

Each of the internal network systems 200 and 250 includes a database and a backend. In addition, a node may be separately included when communicating with the outside of the internal network system.

In this specification, two types of passcodes are used. The first type is specified by the user. In one embodiment, the user passcode (passcode #1) is a passcode created and provided by a user.

Next, there is a second type that is created in the double checking system and then stored in the double checking system, or stored in a separate key management system. Multiple passcodes of the second type can be generated. At least two can be generated for the security of key generation.

In one embodiment, there may be three types of passcodes that are automatically generated in the system. In one embodiment, passcode #0 as a private key passcode, passcode #2 as a system backup passcode, and passcode #3 as a system passcode may be generated in the checking system. Passcode #0, passcode #2, and passcode #3 can be randomly generated and stored in the system. Alternatively, the system may pre-store the randomly generated passcodes and then extract and use them.

The QR code processing unit 310 and the wallet processing unit 320 of the checking system of FIG. 1 may be implemented as one component called a control unit 350.

2 shows a process of generating and transmitting information according to an embodiment of the present specification. Here, as an example of information, a process of generating and delivering a wallet and a key corresponding thereto is presented based on the configuration of FIG. 1. In addition, the information generated in FIG. 2 is information on a wallet in which cryptocurrencies are stored and transacted, such as a block chain, as an embodiment.

The user accesses the service system 100 through the Internet and requests creation of a wallet (S1). The request for creating a wallet includes a request for generating a key corresponding to the wallet. At this time, the user inputs information about the target coin, which is identification information about the cryptocurrency to be held by the wallet, and a user passcode (passcode #1). Information input through the service system 100 is stored in a database (DB) of the first internal network system 200. The user passcode refers to a kind of password generated by a user.

The first internal network system 200 generates basic information on the wallet based on the information input in S1 and stores it in the DB (S2). The stored information stores the identification information for the wallet owner, the identification information for the wallet (Wid), and the hash value for the user passcode (passcode #1).

Thereafter, the first internal network system 200 requests the double QR code checking system 300 to generate a key via the first gateway 220. First, the first internal network system 200 provides the following information, which is information necessary for key generation, to the first gateway 220 (S3).

Owner identification information, wallet identification information (wid), and user passcode (passcode #1) are transmitted to the first gateway 220.

The first gateway 220 converts the above-described information into one or more QR codes (S4). Then, the first gateway 220 provides the converted QR code to the checking system 300 via the first interface (I/F #1) (S5). As a method of providing, the first gateway 220 outputs a QR code and the checking system 300 reads it as an embodiment.

Since the QR code is transmitted through a non-network information transmission method without using a network, there is no possibility of hacking, tampering, or forgery.

The checking system 300 converts the QR code received from the first gateway 220 into data. For example, the first interface (I/F #1) of the checking system 300 decodes the QR code to identify the owner, wallet identification information (wid), and user passcode (passcode #1). Is extracted (S6). In addition, the checking system 300 may generate additional information necessary for key generation. For example, passcode #0, which is a private key passcode applied to encryption of a private key corresponding to a public key by the system, passcode #2, which is a system backup passcode, and passcode #3, which is a system passcode, may be generated. Passcode #0, passcode #2, and passcode #3 may be generated and stored randomly or according to a preset algorithm in the system. Alternatively, the system may pre-store the randomly generated passcodes and then extract and use them.

In addition, the QR code processing unit 310 in the checking system 300 stores the extracted information in a queue for key generation (S7). This is to sequentially process when many users request key generation or key verification.

Thereafter, the information accumulated in the queue is sequentially processed by the checking system 300. That is, when a key generation request is input from the QR code processing unit 310 to the wallet processor 320 through a queue (request queue) (S8), the wallet processing unit 320 generates a key (S9). Then, the generated key information is transmitted to the QR code processing unit 310 again. At this time, the generated key includes a public key and a backup key. The process of transmitting the generated key information is also input to a separate queue (generating queue) and transmitted to the QR code processing unit 310.

And this key is converted into a QR code again through the first interface #1 (I/F #1) (S12). The converted QR code is output toward the first gateway 220, and the first gateway 220 restores the transmitted QR code back to a key and transmits it to the first internal network system 200 (S15). The first internal network system 200 updates wallet information through a node using the received key (S16).

The public key may be stored in the first internal network system 200. In addition, in the above-described embodiment, the second internal network system 250 or the checking system 300 separated from the first internal network 200 may store key-related information in a database. Alternatively, various keys generated by the checking system 300 may be stored.

Meanwhile, the second internal network system 250 that receives information from the first internal network system 200 connected to the external Internet area may receive user request data encrypted with a public key. The user request data is data requesting the movement of an asset such as virtual currency or cryptocurrency as an embodiment. In addition, as shown in FIG. 4 to be described later, the second internal network system 250 compares the data received from the checking system 300 with the data received from the first internal network system 200 to check whether they are identical to verify data. You can do it.

3 shows a detailed process of generating a key in a checking system according to an embodiment of the present invention. The key generation process of FIG. 3 may be performed by the control unit 350 in the checking system 300.

The user can provide the necessary information for key generation. In an exemplary embodiment, when user identification information and user passcode #1 are transmitted to the system, it is converted into a QR code and transmitted to the checking system 300.

The QR code processing unit 310 of the checking system 300 provides the wallet processing unit 320 with predetermined information necessary for key generation.

The process of generating a public key/private key initiated from a user's request is as follows. The control unit 350 or the wallet processing unit 320 of the checking system 300 generates a public key (pub key) and a private key (private key, priv key) (S21). These public and private keys are generated in pairs.

Since the checking system 300 exists in an independent network separated from the external Internet, a hacker cannot invade even if a public key and a private key are generated, and this cannot be leaked to the outside.

After generating a private key (S21), the control unit 250 performs primary encryption with passcode #0, which is a private key passcode that is generated randomly in the system or previously generated and stored. As a result, an encrypted private key (Enc priv key) is generated. And the original private key (priv key) information is permanently deleted (S22, S23). As a result, the private key is not leaked to the outside of the system and security is enhanced.

The control unit 350 or the wallet processing unit 320 separates the first encrypted private key (Enc priv key) into three pieces, such as a first piece, a second piece, and a third piece (S24). Thereafter, the first piece may be denoted as “piece 1”, the second piece may be denoted “piece 2”, and the third piece may be denoted “piece 3”. After separation, the primary encrypted key data (Enc priv key) is permanently deleted (S25).

The wallet processing unit 320 encrypts "fragment 1" with a passcode #1, which is a user passcode designated by the requester (S26a). The generated encrypted key is referred to as a user key.

The wallet processing unit 320 encrypts "fragment 2" with passcode #2, which is a backup passcode that has been randomly generated or stored in a system of an independent network, for example, the checking system 300 (S26b). The generated encrypted key is referred to as a backup key.

The wallet processing unit 320 encrypts "fragment 3" with passcode #3, which is a system passcode that has been randomly generated or stored in a system of an independent network, for example, the checking system 300 (S26c). The generated encrypted key is referred to as a system key.

When the encryption process of S26 is over, each piece 1, 2, and 3 are deleted. As a result, each piece in S26 is created through encryption, a user key, a backup key, and a system key. ) Only remains.

Here, "fragment 2" is a backup key and is not used in the decryption process. If only fragment 1 and fragment 3 are combined, the private key can be regenerated. For example, the checking system 300 may recover using a secret sharing algorithm. This will be described later.

The checking system 300 stores passcode #0 as a private key passcode, passcode #2 as a backup passcode, and passcode #3 as a system passcode. Then, the encrypted fragment 1 and the encrypted fragment 3 are stored (S28).

In addition, the checking system delivers the public key and backup key generated through QR communication to the user. And the checking system deletes the backup key.

The keys generated and exported in this way are used for future asset movement.

For example, in order to request asset movement, the user transmits information (receiving address, quantity) necessary for asset movement to the checking system composed of an independent network through 　QR communication. At this time, the 　 user-designated 　 user passcode (passcode #1) 　 information is also transmitted 　.

The 　checking system of the independent network 　decrypts 　fragment 1 with 　 given by the 　passcode #1 by the requestor.

In this process, after 　 fragment 3 　 　 decrypted 　 using passcode #3, which is 　 stored in the system 　, and then recovered the private key (Enc Priv Key) encrypted with passcode #0, the private key passcode using these two pieces. It decrypts with passcode #0 and restores the user's private key.

The checking system 300 encrypts the 　 data that has been transmitted 　 with the decrypted 　 cashin key. After this, the private key is deleted again.

Encrypted data is transmitted through 　QR communication 　 Internet 　 network. And the work is performed in the internal network system 200 connected to the Internet network.

If the above-described process is summarized, the private key required in the information transfer process is encrypted and then stored, and even if the private key is used, it is decrypted and then deleted again after use, so the possibility of the private key being hacked is low.

Data to be encrypted is transmitted from a public network, which is a network connected to the Internet, as shown in FIGS. 1 and 2, and a private key is generated and stored in an independent network separated from the Internet. In addition, in order to encrypt the information to be transmitted, it is performed in the checking system 300 which is an independent network independent of the Internet. Information exchange between the public network and the independent network uses a non-network type information exchange method. Information is transmitted using QR.

The first gateway 220, the second gateway 270, and the checking system 300 may all include both a QR generator and a QR reader to generate and read QR data, that is, to transmit information through QR.

As shown in FIG. 3, the independent network checking system 300 generates a public key and a private key and encrypts the private key, so that the private key cannot be forged or altered from the outside. Because, after the private key is first encrypted with passcode #0, which is the private key passcode, it is permanently deleted. In addition, after the key information (Enc Priv Key) encrypted with passcode #0 is also divided into three pieces, the primary encrypted key information (Enc Priv Key) is deleted.

Separate fragments 1, 2, and 3 are also encrypted with passcode #1, a user passcode designated by the requester, passcode #2, a backup passcode, and passcode #3, a system passcode. According to an embodiment, the private key may be regenerated by combining the encrypted fragment 1 and the encrypted fragment 3.

The process of FIG. 3 is summarized as follows. Information is transmitted to the checking system 300 in connection with the accumulation of assets such as virtual currency or the movement of assets. The information transmitted at this time includes identification information about the owner, identification information about the wallet, and a passcode (passcode #1, which is a user passcode).

Thereafter, the information generated by the checking system 300 and transmitted to the outside is composed of a public key and a backup key. At this time, the control unit 350 of the checking system 300 includes one passcode included in the information previously transmitted from the outside and one or more passcodes generated by the system (for example, passcode #0, which is a private key passcode, and a backup pass). The private key corresponding to the public key is encrypted using the code passcode #2, the system passcode passcoede #3, etc.). Then, any one of two or more encrypted private keys separated into two or more pieces is set as the backup key. In FIG. 3, a process in which a piece encrypted with a backup passcode is transmitted as a backup key was examined.

4 shows a key confirmation process according to an embodiment of the present invention.

The user requests the asset movement (S41). At this time, the information included in the asset transfer request includes identification information on the wallet to be withdrawn (withdrawal wallet), user passcode (passcode #1), the address to be moved, and the number of transfers. The first internal network system 200 verifies passcode #1 for the corresponding wallet using a hash (S42).

Upon completion of the verification, the first internal network system 200 transmits the asset movement request information to the second internal network system 250 (S43). In this process, the first internal network system 200 may record a task for the requested item prior to transmission to the checking system 300. In addition, since information is transmitted to the second internal network system 250 before or immediately after recording, the possibility of forgery or alteration of information is eliminated. The information to be transmitted includes identification information on the wallet to be withdrawn (withdrawal wallet), the destination address to be moved, and the quantity to be moved.

In addition, the first internal network system 200 transmits the asset movement information to the checking system 300 (S44). The information to be transferred includes identification information on the wallet to be withdrawn (withdrawal wallet), the destination address to be moved, and the quantity to be moved.

The first gateway 220 converts the information provided in S44 into a QR code (S45), and transmits the QR code to the checking system 300 (S46). The checking system 300 converts the QR code back to data (S47). Then, the converted data is loaded into the verification waiting queue (S48).

The queue sequentially verifies data with the second internal network system 230.

The checking system 300 converts the information into a QR code to transmit the information to the second internal network system 250 (S49). The QR code is transmitted to the second gateway 270 (S50), and the second gateway 270 converts the QR code into data (S51), requests verification, and transmits it to the second internal network system 250 Do (S52).

The second internal network system 250 verifies the information received in S52 and the information provided in S43 to confirm that there is no forgery or alteration in both information (S53). And, as in S54, the verification result is transmitted to the second gateway 270.

The second gateway 270 converts the verification result back into a QR code (S55) and provides it to the checking system 300 (S56). The checking system 300 converts the QR code back into data to confirm that the verification has been completed, and inputs this information to the approval waiting queue (S58).

In addition, for the data in the order of output from the queue, the QR code processing unit 310 requests the wallet processing unit 320 to generate asset movement information (self movement data) (S59). Thereafter, the wallet processing unit 320 generates asset movement information (S60). In this process, the wallet processing unit 320 performs encryption with a private key. And the wallet processing unit 320 returns the asset movement data (S61), which is converted back into a QR code (S62).

And the QR code is transmitted to the first gateway 220 (S63), and the first gateway 220 converts the QR code back to data (S64) and transfers the asset movement data to the first internal network system 220 Do (S65).

The first internal network system 220 receiving the asset movement data executes the asset movement (S66). It performs asset movement by providing asset movement data to the corresponding asset's blockchain network.

Here, the asset movement data is delivered in the form of a first type. That is, the asset movement data is transmitted by the non-network information transmission mechanism, and the first internal network system 200 restores it. When the asset movement data is restored, the internal network system 200 executes the asset movement using this.

In the embodiment of the present invention, the private key applies a secret sharing algorithm as an embodiment. The secret sharing algorithm divides information into two or more pieces and provides them separately. And, using the provided pieces, the minimum pieces are used to restore the original information again. At this time, the minimum number of pieces can be set to be less than the number of pieces that were originally separated.

Accordingly, the checking system according to an exemplary embodiment of the present invention may be divided into two or more pieces, and original information may be restored using only some of them. That is, the checking system can divide the private keys into n (n> 1). n can be increased or decreased depending on the number of subjects separately stored. If n is 3, the user and the service provider share the key and store it, and even if any one of them is lost, recovery is possible.

The number of pieces needed for restoration can be less than n.

If the separated keys are stored separately and the number of separate storage systems increases, n can be set to 4 or more.

And, since a unique wallet identifier (wid) is given when the public key-private key is generated, each piece can be specified using this. For example, it can be specified as wid-piece #1, wid-piece #2, and wid-piece #3.

In addition, passcode #1, which is a user passcode, is input by a user when creating a wallet and has a characteristic given per private key.

The process of FIG. 4 is summarized as follows.

Before performing the asset movement in response to the asset movement request message, the checking system 300 checks whether the request message has been forged or altered. To this end, the control unit 350 converts the first type of information (identification information on the wallet to be withdrawn (withdrawal wallet), the address to be moved, the quantity of movement, etc.) received from the first interface unit 301 to request an asset movement. Create

In addition, the controller 250 converts all or part of the information included in the asset movement message into the first type of fourth information and transmits it to the second internal network system through the second interface unit (S46 to S50). Here, the first type of information is based on a non-network information delivery mechanism, and uses a QR code, a barcode, an encrypted image, and the like as an embodiment.

The second internal network system 220 verifies the request information as described in S53. It is checked whether the information previously provided by the first internal network system 200 and the information transmitted in S52 are the same. As a result, the second internal network system 220 may generate a verification result.

In addition, the second interface unit 302 of the checking system 300 receives the verification result for the fourth information as fifth information of the first type. The controller 250 converts the fifth information to generate asset movement data. In addition, the controller 250 converts the information into a first type of information and provides it to the first interface unit 301.

Since the first internal network system 200 is connected to the Internet area, it may be hacked. However, even when the first internal network system 200 is hacked, if the information is different from the information of the second internal network system 250, verification fails, so that hacking or information forgery in the process of moving an asset can be prevented.

Meanwhile, in order to prepare for frequent requests related to asset movement, the control unit 350 verifies that verification has been completed by converting the fifth information received by the second interface unit. In addition, the control unit 350 stores the checked information in the approval waiting queue. As a result, the wallet processing unit 320 of the control unit 350 may generate the asset movement data according to the order of input to the approval waiting queue. If the verification result is inconsistent, the asset movement request message is forged or altered, and thus is not entered into the waiting queue for approval.

5 shows a configuration of a checking system according to an embodiment of the present invention. The checking system of FIG. 5 can be applied to the embodiments of FIGS. 1 to 4 described above.

The checking system is independent from the outside on the network. In other words, it is an independent network system that cannot be accessed using a network from outside. The checking system 300 uses a non-network information delivery mechanism to exchange information with the outside. The non-network information delivery mechanism refers to a mechanism that communicates with other adjacent devices (separated by communication) or transmits information in a manner other than a network. For example, the non-network information delivery mechanism refers to a case of outputting and reading a QR code with another external device, a case of outputting and reading a barcode, or a case of outputting and reading an encrypted image.

The checking system may include interface units 301 and 302 according to the number of external devices exchanging information. In one embodiment, the first interface unit 301 receives the first type of information based on the first internal network system 200 and the non-network information delivery mechanism, or the first type of information is transmitted to the first internal network system 200. Convey the information. The first type refers to a type of information exchange in the non-network information delivery mechanism described above. These include QR codes, barcodes, or encrypted images.

Accordingly, the first interface unit 301 includes a reader that reads the above-described first type of information. In addition, the first interface unit 301 includes an output unit that outputs the above-described first type of information. An embodiment of the reader may be a camera, a QR code reader, a barcode reader, or the like.

The second interface unit 302 also receives the first type of information or the second internal network system 250 based on the second internal network system 250 and the non-network information delivery mechanism that are distinguished from the first internal network system. The first type of information can be delivered.

or. The first interface unit 301 and the second interface unit 302 are integrated so that one interface unit can exchange information with a plurality of internal network systems.

The control unit 350 includes a QR code processing unit 310 and a wallet processing unit 320. The control unit 350 converts the first type of first information received by the first interface unit 301 into the second type of second information. Then, the control unit 350 generates a public key and a backup key based on the second information, and then converts the public key and the backup key back into third information of the first type.

Unlike the first type, the second type means information composed of text codes, numbers, special characters, and the like. The second information includes original information intended to be provided by the external device.

In addition, the first interface unit 301 transmits the third information of the first type to the outside.

In this way, by using the non-network information delivery mechanism, it is possible to prevent the possibility of hacking or forgery and alteration of information in the process of generating information related to the wallet holding assets such as virtual currency, and the process of transferring assets. Because the checking system 300 is performed in an independent network, hacking through a network is impossible, and information transmission does not use a network or communication, so that forgery and alteration of information does not occur.

Meanwhile, in order for the checking system 300 to sequentially process the generation of a number of keys and reception of the asset movement request message during the information processing process, the control unit 350 may set an information processing order using a queue. For example, the control unit 250 also controls the key generation request to be sequentially generated by storing related information in the key generation queue. Likewise, when checking the key during the asset movement process, the controller 250 loads the requested message into the queue and loads the verified result into the queue so that the information can be sequentially processed.

That is, the control unit 350 stores the information received from the first interface unit 301 in the first queue and sequentially processes it, and similarly, the information received from the second interface unit 302 is also stored in the second queue and sequentially. It is processed as.

In the configuration shown in FIG. 5, the control unit 350 transmits a message (first message) for requesting asset movement received from the first interface unit 301 to the second interface unit 302. Thereafter, when the verification result for the first message is transmitted from the second interface unit 302, the control unit 350 generates asset movement data corresponding to the first message, so that when the first message is forged or altered, the asset You can verify that no moving data is generated.

6 shows the configuration of a non-network information delivery mechanism according to an embodiment of the present invention.

For information exchange between the internal network system and the checking system, the gateways 220 and 270 that are included in or separated from the internal network system and connected through a communication/network with the internal network system are an output device 205p and a reader 205r that output information. Includes. The output unit 205p outputs any one of the first type of information, for example, barcode information, QR code information, and encrypted image information (S71). This information is read by the reader 305r of the interface units 301 and 302.

Similarly, the interface units 301 and 302 also include an output unit 305p for outputting information and a reader 305r for reading information. The output unit 305p of the interface units 301 and 302 outputs any one of the first type of information, for example, barcode information, QR code information, and encrypted image information (S72). This information is read by the reader 205r of the gateways 220 and 270.

The S71 and S72 processes are based on a non-network information delivery mechanism and cannot be hacked from outside. For security, a physical device shielding the gateways 220 and 270 and the interface units 301 and 302 from the outside may be disposed.

7 shows a private key decryption process according to an embodiment of the present invention.

The user can provide the necessary information for key generation. In an exemplary embodiment, when user identification information and user passcode #1 are transmitted to the system, it is converted into a QR code and transmitted to the checking system 300.

The QR code processing unit 310 of the checking system 300 provides the wallet processing unit 320 with predetermined information necessary for key generation.

The private key decryption process started from the user's request is as follows.

The control unit 350 or the wallet processing unit 320 of the checking system 300 decrypts the user key using passcode #1, which is a user passcode (S81). In this example, fragment 1 is decoded.

Next, the control unit 350 or the wallet processing unit 320 of the checking system 300 decrypts the system key using passcode #3, which is a system passcode (S82). In this example, the fragment 3 is decoded.

The control unit 350 or the wallet processing unit 320 of the checking system 300 decrypts an encrypted private key (Enc prive key) using two pieces (piece 1 and piece 3). This can use the secret sharing algorithm described above.

Then, the control unit 350 or the wallet processing unit 320 of the checking system 300 recovers and decrypts the encrypted private key using passcode #0, which is a private key passcode (S83, S85). Further, the decrypted fragment 1 and fragment 3 are deleted (S84).

The control unit 350 or the wallet processing unit 320 of the checking system 300 decrypts the private key (S85), and deletes the previously restored encrypted private key (Enc priv key) (S86).

In addition, after the private key is used in a process such as asset movement (S87), the corresponding private key is also deleted. Therefore, since the private key undergoes the process of creation/use/deletion as in S81 to S88 only at the time when the use is requested, the private key does not exist anywhere after use. As a result, the leakage of private keys is prevented and the theft of cryptocurrency or virtual currency assets due to the theft of the private key can be prevented.

Even if all the constituent elements constituting the embodiments of the present invention are described as being combined into one or operating in combination, the present invention is not necessarily limited to these embodiments, and all constituent elements within the scope of the present invention are one or more. It can also be selectively combined and operated. In addition, although all of the components may be implemented as one independent hardware, a program module that performs some or all functions combined in one or more hardware by selectively combining some or all of the components. It may be implemented as a computer program having Codes and code segments constituting the computer program may be easily inferred by those skilled in the art of the present invention. Such a computer program is stored in a computer-readable storage medium, and is read and executed by a computer, thereby implementing an embodiment of the present invention. The storage medium of the computer program includes a magnetic recording medium, an optical recording medium, and a storage medium including a semiconductor recording element. In addition, a computer program implementing an embodiment of the present invention includes a program module that is transmitted in real time through an external device.

It should be understood that the above-described embodiments are illustrative and non-limiting in all respects, and the scope of the present invention will be indicated by the claims to be described later rather than the detailed description described above. And the meaning and scope of the claims, as well as all changes and modifications derived from the equivalent concept should be construed as being included in the scope of the present invention.

200, 250: internal network system
300: checking system

Claims (18)

A first interface unit for receiving information of a first type or transmitting information of the first type to the first internal network system based on a first internal network system and a non-network information delivery mechanism;
The first type of first information received by the first interface unit is converted into second type of second information, and a public key and a backup key are generated based on the second information. It includes a control unit that converts into 3 information,
The first interface unit for transmitting the third information of the first type to the outside.
The method of claim 1,
The first information includes identification information on the owner, identification information on the wallet, and one or more passcodes,
The second information consists of a pair of public keys and backup keys,
The control unit encrypts the private key corresponding to the public key using one or more passcodes included in the first information and one or more passcodes generated by the multi-verification system, and separates two or more encrypted pieces into two or more pieces. A multi-verification system that sets any one of the private keys as a backup key.
The method of claim 2,
The first information includes a user passcode,
The control unit generates a pair of public key and private key, encrypts the private key with a private key passcode provided by the system, and then encrypts the private key with a passcode of a private key provided by the system. Separated by,
The control unit generates a user key by encrypting the first piece with the user passcode, the second piece generating the backup key by encrypting with a backup passcode provided by the system, and the third piece in the system A multi-verification system that generates a system key by encrypting it with the provided system passcode.
The method of claim 1,
The multi-verification system further includes a second interface unit for receiving information of a first type or transmitting information of the first type to the second internal network system based on a second internal network system and a non-network information delivery mechanism. And
The control unit converts the first type of information received by the first interface unit to generate an asset movement request message, and then converts all or part of the information included in the asset movement message into the first type of fourth information. And transmits it to the second internal network system through the second interface unit,
When the second interface unit receives the verification result of the fourth information as the first type of fifth information, the control unit converts the fifth information to generate asset movement data, and then converts it to first type of information. And provided to the first interface unit, a multiple verification system.
The method of claim 4,
The first internal network system receives the fifth information and restores it to the asset movement message to perform asset movement.
The method of claim 4,
When the control unit converts the fifth information received by the second interface unit and confirms that the verification has been completed, the control unit stores the checked information in an approval waiting queue,
The wallet processing unit of the control unit generates asset movement data according to an order of input to the approval waiting queue.
The method of claim 1,
The control unit stores the information received from the first interface unit in a queue and sequentially processes the information.
The method of claim 1,
The multi-verification system further includes a second interface unit for receiving information of a first type or transmitting information of the first type to the second internal network system based on a second internal network system and a non-network information delivery mechanism. And
The control unit transmits the message requesting the asset movement received by the first interface unit to the second interface unit, and then, when the verification result of the message is transmitted from the second interface unit, the asset movement data corresponding to the message is transmitted. Generating, multiple verification system.
The method of claim 1,
The non-network information delivery mechanism includes a reader for reading visual information and an output device for outputting the visual information,
The first type of information includes any one of barcode information, QR code information, and encrypted image information.
Receiving, by a first interface unit of the multiple verification system, the first type of information based on the first internal network system and the non-network information delivery mechanism;
Generating a public key and a backup key based on the second information by converting the first type of first information received by the first interface unit into the second type of second information, by the control unit of the multiple verification system;
Converting, by the control unit, the generated public key and backup key into third information of the first type; And
And transmitting the first type of third information to the first internal network system by the first interface unit.
The method of claim 10,
The first information includes identification information on the owner, identification information on the wallet, and one or more passcodes,
The second information consists of a pair of public keys and backup keys,
The control unit encrypts the private key corresponding to the public key using one or more passcodes included in the first information and one or more passcodes generated by the multi-verification system, and separates two or more encrypted pieces into two or more pieces. Further comprising the step of setting any one of the private keys as a backup key, multiple verification method.
The method of claim 11,
The first information includes a user passcode,
The control unit generates a pair of public key and private key, encrypts the private key with a private key passcode provided by the system, and then encrypts the private key with a passcode of a private key provided by the system. Separating into steps; And
The control unit generates a user key by encrypting the first piece with the user passcode, the second piece generating the backup key by encrypting with a backup passcode provided by the system, and the third piece in the system Generating a system key by encrypting with the provided system passcode, multiple verification method.
The method of claim 10,
The multi-verification system further includes a second interface unit for receiving information of a first type or transmitting information of the first type to the second internal network system based on a second internal network system and a non-network information delivery mechanism. And
The control unit converts the first type of information received by the first interface unit to generate an asset movement request message, and then converts all or part of the information included in the asset movement message into the first type of fourth information. And transmitting it to the second internal network system through the second interface unit;
When the second interface unit receives the verification result of the fourth information as the first type of fifth information, the control unit converts the fifth information to generate asset movement data, and then converts it to first type of information. And providing the first interface to the first interface unit.
The method of claim 13,
The first internal network system further comprises the step of executing the asset movement by restoring it to the asset movement message after receiving the fifth information.
The method of claim 13,
When the control unit converts the fifth information received by the second interface unit to confirm that the verification has been completed, the control unit stores the checked information in an approval waiting queue; And
The wallet processing unit of the control unit further comprises the step of generating asset movement data according to an order of input to the approval waiting queue.
The method of claim 10,
The control unit further comprises the step of sequentially processing the information received from the first interface unit by storing the information in a queue (queue).
The method of claim 10,
The multi-verification system further includes a second interface unit for receiving information of a first type or transmitting information of the first type to the second internal network system based on a second internal network system and a non-network information delivery mechanism. And
The control unit transferring a message requesting the asset movement received by the first interface unit to the second interface unit; And
The control unit further comprises the step of generating asset movement data corresponding to the message when the verification result of the message is transmitted from the second interface unit.
The method of claim 10,
The non-network information delivery mechanism includes a reader for reading visual information and an output device for outputting the visual information,
The first type of information includes any one of barcode information, QR code information, and encrypted image information.

Images