JP2020058008A - Digital asset management system, information processing system, and management system - Google Patents

Abstract

To provide a digital asset management system to achieve both convenience for a user and security of private key management.SOLUTION: A digital asset management system that manages digital assets among a user, a service provider, and a manager includes tally generating means that divides secret information for accessing the digital asset into at least four tallies using a secret sharing method, and consent determination means that recognizes the access of the user as valid, on condition that tallies having a predetermined threshold number or more are collected from among the tallies, and at least three tallies are distributed to each of the user, the service provider, and the management company as regular tallies, and the number of differences between the number of tallies and the threshold number is stored as a redundant tally.SELECTED DRAWING: Figure 2

Description

  The present invention relates to a digital asset management system and an information processing system and a management system performed using the digital asset management system.

In recent years, opportunities to utilize assets (digital assets) composed of various electronic information such as virtual currencies, cryptocurrencies, coins, and tokens have been increasing.
In managing such digital assets, a so-called public key cryptosystem, which generates a pair of a secret key and a public key and confirms the identity of the user by knowing the secret key, is widely used.
However, such a system for proving the identity of a person using a secret key has a problem that the risk of theft or loss of the secret key becomes extremely high.
In addition, there has been a concern that strict management of the secret key is a high hurdle for service users, leading to a reduction in convenience.
As one of the methods for solving such a problem, a method such as so-called multisig, in which a plurality of persons sign a transaction, is considered, but it is not enough that both convenience and security are sufficiently achieved. Hard to say.

JP 2010-231404 A JP 2007-42027 A

  The present invention is intended to solve such a problem, and an object of the present invention is to provide a digital asset management system for achieving both user convenience and security of private key management.

  In order to solve the above-mentioned problem, a digital asset management system according to the present invention includes: a tally generating unit that divides secret information for accessing the digital asset into at least four tallies using a secret sharing method; A consent determining means for assuming that the access of the user is legitimate on condition that the tallies of a predetermined threshold or more are gathered, and at least three of the tallies are used as regular tallies. It is distributed to each of the user, the service provider, and the management company, and the number of differences between the number of tallies and the number of thresholds is stored as a redundant tally.

  According to the present invention, confidential information required for using digital assets can be managed safely.

1 is a diagram illustrating an example of an overall configuration of an information processing system according to an embodiment of the present invention. It is a figure showing an example of operation of a management system of the present invention. FIG. 2 is a diagram illustrating a concept of a secret sharing scheme used in an embodiment of the present invention. FIG. 4 is a diagram showing a data flow of the management system in the embodiment of the present invention. It is a figure showing an example of operation of a management system in an embodiment of the present invention. FIG. 11 is a diagram showing a conventional example of digital asset management. FIG. 4 is a diagram illustrating the concept of a secret sharing scheme used when a tally is lost in an embodiment of the present invention. FIG. 4 is a conceptual diagram of a method of further distributing a tally in an embodiment of the present invention. FIG. 9 is a conceptual diagram of a method of deactivating a tally by further distributing the tally in the embodiment of the present invention. FIG. 7 is a diagram illustrating an example of an operation of a system when performing authentication / authorization using another system in the embodiment of the present invention.

As a first embodiment of the present invention, a description will be given using a system of a virtual currency exchange that exchanges real money and the like with virtual currency such as bit coin.
In the following description, “digital asset” refers to an asset composed of various types of electronic information such as virtual currency, cryptocurrency, coins, and tokens, and management of digital assets refers to electronic information that constitutes such an asset. Means to properly store it. The management of digital assets may include, for example, in addition to storage as described in the present embodiment, a business type such as a so-called trust that operates based on the consent of the user, a payment settlement agency, and the like.

  The management system 100 includes an IC card 10 sent to the user P, a terminal 11 used by the user P, a server 20 of a service provider Q that provides a virtual currency exchange service to the user P, This is an information processing system configured on the network 9 including the management server 30 included in the storage agent R.

  In this embodiment, in particular, it is assumed that the service provider Q is a virtual currency exchange company that performs virtual currency exchange business, and the management company that manages digital assets entrusted to the service provider Q performs a storage agent. Trader R.

  The IC card 10 is a card in which a tally 51A described later is stored as data. The terminal 11 is a personal computer having a function as a card reader for reading the IC card 10 or other electronic devices including a computer.

  The server 20 includes a first HSM 21 as a hardware security module for combining the tally 51A sent from the terminal 11 with the tally 51B stored in the service provider Q, and an authentication DB 22 as a registration unit for registering the user P. ,have.

The management server 30 includes a tally DB 32 having a tally 51C of the storage agent R, a second HSM 31 which is a hardware security module for combining a tally 51A and a tally 51B sent from the server 20 with the tally 51C, have.
The hardware security module has tamper resistance (resistance to a physical or logical attack), and is not capable of externally reading secret information (encryption key in this embodiment) during decryption or calculation. Wear.
In the present embodiment, the second HSM 31 has a function as a tally generation unit. In addition, the first HSM 21 and the second HSM 31 constitute an agreement determination unit. This function will be described later with reference to FIG.

  First, when the user P connects to the server 20 of the service provider Q, which is a virtual currency exchange company, and registers as a user in the authentication DB 22, the server 20 uses the management server based on the registration information of the user P. Apply for generation of a pair of key pairs to 30 (step S101).

  Next, the management server 30 generates a key pair of a pair of the public key 50 and the secret key 51 from the random number on the second HSM 31 (Step S102). Note that such key generation may use a general RSA encryption method or another public key encryption method.

The second HSM 31 further associates the public key 50 and the secret key 51 generated in step S102 with the digital asset of the user P (step S103).
The second HSM 31 divides the secret key 51 into four pieces of the tally 51A to the tally 51D by using the secret key 51 as secret information (step S104).
In the following, description will be made using Shannon's secret sharing scheme set to threshold value 3.
Each of the tallies 51A to 51D is a data group formed to have a predetermined data type, and is confidential information from which three or more of the tallies 51A to 51D are gathered. This is divided data from which the secret key 51 can be restored.
Also, as is apparent from FIG. 3, the tally marks 51A to 51D are only data groups even if the number of thresholds is less than 3, that is, any one or two are stolen, so that the tally marks 51A to 51D are only data groups. It has a characteristic that the key 51 cannot be restored.

An outline of such a secret sharing scheme will be described with reference to FIG.
As shown in FIG. 3, it is assumed that the secret key 51 serving as secret information is an arbitrary quadratic function f (x) that is a solution of f (x = 0).
At this time, it is desirable that the function f (x) has an order of 2 so that the number of the thresholds minus the order is 1 if the number of the thresholds is 3.
The second HSM 31 returns an argument using the arbitrary four points on the function f (x) as tally marks 51A to 51D.

At this time, the tally marks 51A to 51D are all mere numbers that are discrete and have no information by themselves, but if it is known that they are “functions of degree 2 that pass through all three or four given points”. , Its function f (x) is uniquely determined. When the function f (x) is known in this way, f (x = 0) is also apparent, and therefore, the secret key 51, which is secret information, is known.
The secret sharing scheme uses such a mechanism to restore the secret key 51 using tally marks 51A to 51D, which are data groups.
Although a quadratic function is used here, the present invention is not limited to such a configuration, and any function having an order smaller than the number of thresholds by one may be used. However, equations of order 5 or higher are not generally used because they cannot be solved algebraically. Therefore, the number of thresholds is 2 or more and 5 or less.

The second HSM 31 generates the tallies 51A to 51D by using such a secret sharing scheme, and stores the tally 51A of the tallies 51A in the IC card 10 (step S104).
When the tally 51A is stored as electronic data in the IC card 10 in step S104, the storage agent R sends the IC card 10 to the user P (step S105), and the virtual currency of the user P and the public key 50 are linked.
The storage agent R further transmits the tally 51B generated in step S104 to the server 20 of the service provider Q, and stores the tally 51C in the tally DB 32 of the storage agent R (step S105).
The tally 51D is stored, for example, in the tally DB 32 for backup. The storage location of the tally 51D is not limited to such a configuration, and may be sent to a trusted third party for storage, or may be retained by the user P or the service provider Q. good.
The tally 51D is a redundant tally that functions as a backup when the IC card 10 is lost, as described later.

  In this way, in a state where each of the user P, the service provider Q, and the storage agent R possesses the tally 51A, the tally 51B, and the tally 51C, the user P uses the secret key 51 to create his / her digital asset. 4 and 5 show the processing for accessing.

First, when the user P inserts the IC card 10 into the terminal 11 and connects to the server 20, the terminal 11 reads the tally 51A from the IC card 10 and transmits it to the first HSM 21 (step S201).
Next, the first HSM 21 receives the tally 51B from the authentication DB 22, and combines it with the tally 51A received in step S201 to generate a tally 51A + B (step S202).

The tally 51A + B synthesized in step S202 is transmitted to the second HSM 31 of the management server 30 (step S203).
The second HSM 31 receives the tally 51C from the tally DB 32 and combines it with the tally 51A + B (step S204).

As described above, using the tallies 51A to 51C as the regular tallies and the fact that the tallies 51A to 51C are combined in step S204, the second HSM 31 signs the transaction transmitted by the user P using the decrypted secret key 51 ( Step S205).
That is, the second HSM 31 restores the secret key 51 on condition that at least three of the four tally marks 51A to 51D have gathered in the second HSM 31, and signs the transaction using the secret key 51. As a function.
With such a configuration, since the secret key 51 is restored only on the hardware security module, strong security against external reading can be maintained.
In addition, since the tally 51A to 51C are distributed to the user P, the service provider Q, and the storage agent R as a regular tally, digital assets can be managed based on the consent of the three.

Here, a digital asset refers to an asset composed of electronic data such as virtual currency, for example, and the management of a digital asset refers to an act of receiving some service or performing settlement using the digital asset.
That is, in the present embodiment, the management system 100 has a configuration of “having an approval unit that approves settlement by accessing a digital asset, and performing payment and settlement using a digital asset”. At this time, since the access to the digital asset is approved by the signature of the second HSM 31, the second HSM 31 has a function as an approval unit.

  Further, in such a configuration, even if one of the regular tallies 51A, 51B, and 51C is lost or stolen, the secret key 51 can be decrypted by more than the threshold number of thresholds. Therefore, the management system 100 has strong security against loss or theft of the tallies 51A to 51C.

By the way, in a conventional virtual currency transaction, a so-called wallet of a virtual currency and a secret key are stored in association with each other. Therefore, in private key management, as shown in FIG. 6, it is common for a user P 'to manage his own private key 51' and sign a transaction to consent to his settlement or transfer. there were.
However, if the private key 51 'is stored in the IC card 10' and transported, as in a conventional bank ATM, for example, unauthorized reading, loss, or theft of the IC card 10 'may occur. At the time, both the user P 'and the service provider Q' have a problem that it is difficult to recover their digital assets by any means.
In order to solve such a problem, a method of so-called multi-sig or the like in which a transaction is approved with a plurality of signatures has been considered, but it is necessary for the user P ′, the service provider Q ′, and each signature. Therefore, if any one of them is lost, there is still a difficulty that the movement of the digital asset itself becomes impossible. Therefore, for example, it is not suitable for use in which the secret key 51 'is stored in a portable IC card 10'.

On the other hand, consider a case where, for example, the IC card 10 is lost in the management system 100.
As already described in the present embodiment, the tally 51A stored in the IC card 10 cannot be signed by itself.
Further, in order to decrypt the secret key 51 from the tally 51A, the tally 51B and the tally 51C are required. Therefore, even if the tally 51A leaks out, the digital asset of the user P is protected. Will be maintained.

Therefore, in the present embodiment, even if the IC card 10 is lost, the user P promptly contacts the service provider Q, disables the tally 51A, and uses the redundant tally 51D to The tally 51B, 51C and the redundant tally 51D are configured so that digital assets can be managed.
Specifically, the service provider Q, which has been notified by the user P, accesses the management server 30 and proceeds with the procedure again as in steps S101 to S105, thereby easily reissuing the tally. be able to.
At this time, if the newly generated key pair is a public key 60 and a secret key 61 and tallies 61A to 61D of the secret key 61 as shown in FIG. When the old secret key 51 is linked, the old secret key 51 is decrypted using the tally 51B to 51D, and a transaction from the wallet linked to the old secret key 51 to a new wallet linked to the secret key 61 is performed using the old secret key 51. And sign it.

Alternatively, new tallies 51E, 51F, 51G, and 51H may be provided using different functions g (x) for the same secret key 51.
If different functions are used for the same secret key in this way, there is an advantage that transfer of digital assets is not necessary, but from the viewpoint of security improvement, different functions are used for different secret keys. Is preferred.

In other words, in the present embodiment, the second HSM 31 has a “tally generating means for dividing the secret key 51 for accessing the digital asset into at least four tallies using a secret sharing method, and a predetermined threshold among the tallies 51A to 51D. Consent determining means for deeming the access of the user P to be valid on condition that the tally of the number 3 or more is collected.
Further, in the management system 100, “at least three of the tallies 51A to 51D are distributed to the user P, the service provider Q and the storage agent R as at least three regular ticks, and the difference between the number of tallies and the number of thresholds is Are stored as redundant tallies. '
With such a configuration, when the tally 51A is lost due to the presence of the redundant tally 51D, new tallies 61A to 61D can be easily reissued without losing the digital assets of the user P. be able to.

In the present embodiment, the “tally generation means generates the tallies 51A to 51D on the hardware security module and stores one of the tallies in the IC card 10 sent to the user P”. have.
With this configuration, the user P can easily access his or her digital assets by carrying the IC card 10 and connecting to the server 20 via the terminal 11.

In this embodiment, the transfer of the digital asset is recorded as a transaction using blockchain technology, and the transaction is signed on condition that the consent determination means considers the access valid. doing.
According to this configuration, the user P can easily pay the virtual currency from his or her own wallet for the virtual currency, so that the convenience of the virtual currency is improved.

FIG. 8 illustrates a second embodiment as an application example of the first embodiment.
In the second embodiment, a tally is generated from the redundant tally 51D or 51C generated in the first embodiment by using a secret sharing scheme.
As shown in FIG. 8, the third HSM 91, which is a tally generation unit, generates tallies 91A to 91D as tallies of the redundant tally 51D.
If it is possible to take out the tally 51D by combining these tallies 91A to 91C on the hardware security module, for example, the tallies 91A to 91D may be stored in different data centers 92A to 92D (not shown). Thus, risk diversification can be performed.
In this way, by receiving the tally and functioning as a tally generation unit that further generates a tally, it is possible to distribute the risk of physical damage to the data center due to a disaster or the like while maintaining security.

As described above, the management system 100 according to the second embodiment is a “secret information generation unit that derives secret information” and “generates a plurality of tallies based on the secret information, and generates at least one of the tallies. It has a second HSM 31 as a hardware security module as "tally generating tally means" and a third HSM 91 as "deactivating means for deactivating the tally when transmitting the tally".
In such a configuration, the deactivating means further converts the tally 51D into tally 91A to 91D so that the secret key 51 which is secret information alone cannot be decrypted, that is, deactivates the tally. Thus, making the tally marks 51A to 51D of the secret key 51 unusable further by itself is called "deactivation". Further, the third HSM 91 in the present embodiment may be located at any place. Further, the first HSM 21 and the second HSM 31 may be configured to divide and divide one or more of the tallies 51A to 51D as inactive means.

The deactivating means is not limited to such a configuration. For example, as shown in FIG. 9, after generating two tallies 51A and 51B from the secret key 51, the tally 51A is further converted to tallies 51a and 51b. It may be divided and sent to the user P and the service provider Q, respectively.
In such a case, the first HSM 21 restores the tally 51A using the tally 51a and the tally 51b, and sends the tally 51A to the second HSM 31.
The second HSM 31 can decrypt the secret key 51, which is secret information, using the tally 51A and the tally 51B.

In addition to the tallying of the tally as described above, for example, if the tally is deactivated by encryption using the public key cryptography of the terminal P of the user P, only the secret key of the terminal 11 of the user P is used. Because it can be decrypted, security is further improved. As described above, “deactivation” includes encryption, tallying, and the like, and a key used for such encryption may be any public key or secret key in a public key cryptosystem, or any common key.
By using such a deactivating means, the key is sent from the key generating means in a deactivated state without being exposed to the outside, so that the tally can be exchanged more safely. Become.

In the first and second embodiments, the authentication DB 22 and the tally DB 32 are servers managed by the service provider Q and the storage agent R, respectively. However, the present invention is not limited to such a configuration. Not something.
For example, as shown in FIG. 10, an external authentication system 23, and authorization systems 24Q and 24R for authorizing a user based on the authentication from the authentication system 23 are provided. The configuration may be such that the tally marks 51B and 51C possessed by the user are transmitted based on the approval from the 24R. Further, the authorization systems 24Q and 24R may be separate or the same system.

  Although the preferred embodiments of the present invention have been described above, the present invention is not limited to such specific embodiments, and unless otherwise specified in the above description, the present invention described in the claims Various modifications and changes are possible within the scope of the spirit of the present invention.

  For example, in the present embodiment, a configuration has been described in which three regular tallies 51A to 51C and one redundant tally are used. However, the total number of tallies is set to 3, two regular tallies are used, and one redundant tally is used. It may be a configuration.

  The effects described in the embodiments of the present invention merely enumerate the most preferable effects resulting from the present invention, and the effects of the present invention are limited to those described in the embodiments of the present invention. is not.

10 IC card 11 Terminal 20 Server 21 Consent determination means (first HSM)
22 Authentication DB
30 management server 31 agreement determination means, tally generation means (second HSM)
32 tally DB
100 management system 200 management system P user Q service provider R storage agent

Claims (9)

A digital asset management system for mutually managing a user's digital assets between a user, a service provider, and a management company,
Tally generating means for dividing secret information for accessing the digital asset into at least four tallies using a secret sharing method;
Among the tally, consent determining means for considering the access of the user as legitimate on condition that the tally of a predetermined threshold or more is collected,
Has,
At least three of the tallies are distributed to the user, the service provider, and the manager as a regular tally, and the number of differences between the number of the tallies and the number of the thresholds is stored as a redundant tally. A digital asset management system characterized in that: The digital asset management system according to claim 1,
The digital asset management system according to claim 1, wherein the tally is divided into four or five, and is divided so as not to exceed twice the number of the thresholds. The digital asset management system according to claim 1 or 2,
The digital asset management system, wherein the tally generation means generates the tally on a hardware security module, and stores one of the tally in an IC card sent to the user. The digital asset management system according to any one of claims 1 to 3,
The transfer of the digital asset is recorded as a transaction using blockchain technology,
A digital asset management system, wherein the transaction is signed on condition that the consent determination means considers the access to be valid. The digital asset management system according to claim 4,
Generating two redundant tallies,
A digital asset management system, wherein at least one of the redundant tallies is given to a beneficiary agent. A digital asset management system according to any one of claims 1 to 3,
Approval means for approval of settlement by access to the digital asset,
An information processing system for performing payment and settlement using the digital asset. A confidential information management system for mutually managing digital assets among a plurality,
Secret information generating means for deriving secret information;
Tally generating means for generating a plurality of tallies based on the secret information and sending at least one of the tallies,
Deactivating means for deactivating the tally when sending the tally,
Decryption means for restoring the secret information from the plurality of tallies,
A management system comprising: The management system according to claim 7, wherein
A management system, wherein the tally generation unit and the decryption unit are provided on a hardware security module. The management system according to claim 7 or 8, wherein
The management system, wherein the deactivating means encrypts the tally so that the secret information cannot be derived from the tally without using the decrypting means.

Images