KR101661933B1 - Ccertificate authentication system and method based on block chain - Google Patents

Abstract

The present invention relates to a public certificate authenticating system based on a block chain and an authenticating method using the same. The public certificate authenticating system comprises: a user terminal (100) configured to request block chain based public authentication; a block chain based public certificate authentication request server (500); a block chain based public certificate management server (300); and block chain holding servers (400) configured to transmit transaction information for a public key record, matched with an electronic wallet, and transaction information for user verification to the block chain based public certificate management server (300). Therefore, the public certificate authenticating system can maximally prevent hacking.

Description

Technical Field [0001] The present invention relates to a public key certificate authentication system based on a block chain,

In the case of a public key for a public certificate that requires maintenance, the present invention is not limited to a server operated by an accredited certification authority (CA), but may be a block chain via a distributed database based on a peer-to-peer network (P2P) The cost of establishing an authorized certificate authentication system in which a high security system is interlocked so that a hacking can be blocked as much as possible by means of storage management in a block chain of electronic wallets mounted on servers and the operation of the established authorized certificate authentication system The user can monitor the denial of the user requesting the authorized authentication and the PC security level to the user through the means to guide the authorized authentication process to be performed even if the ActiveX is not installed Level, it is not only strong in the risk environment such as hacking, The present invention relates to an authorized certificate authentication system based on a compatible block chain in a web browser, and an authentication method using the same.

With the development of IT technology, various services can be used by anyone, regardless of place, regardless of location.

In other words, by accessing a server operated by a bank or a securities company, it can be used for financial services such as account transfer and stock trading, access to servers operated by government agencies, and sales of civil service and goods such as issuance of various proofs Such as e-commerce services, such as purchasing goods, by connecting to a server that is connected to the Internet, via the Internet.

On the other hand, when using services in various industrial fields, the user who is a customer must perform certification proving himself / herself.

Here, an authorized certificate is electronic information issued by an accredited certification authority (CA) for the purpose of confirming the identity of a user, preventing forgery and alteration of documents, Represents a seal certificate for cyber transactions. Such authorized certificates include the certificate version, the certificate serial number, the validity period of the certificate, the personalization agent, the digital signature verification information of the user, the user name, the identification information, and the digital signature method.

These public certificates are used in public key infrastructure (PKI), which is a security standard.

The public key infrastructure is a user authentication system that encrypts transmission and reception data using a public key composed of encryption and decryption keys, and verifies the identity of a trader using a password possessed by an Internet user.

However, in the public key infrastructure, since the user's private key exists in a file format in the standardized storage location due to the soft token based storage method, file duplication and automation collection of the private key are easy, There is also a risk that information theft occurs.

Therefore, a public certificate authority (CA) should establish a public certificate issuing system in which a high security system is interlocked so as to block the hacking as much as possible, and operate and maintain the established public certificate issuing system Therefore, a large amount of issuance costs are incurred when an authorized certificate is issued.

In addition, when the user authentication process is performed through a web browser, the public key certificate must be installed in advance in order to provide additional security.

As such, ActiveX, which is installed in the process of user authentication, is a technology used by Microsoft to develop reusable object-oriented software components. It uses Component Object Model (OLE) and Object Linking (OLE) WWW). Most ActiveX is used to create plug-ins for Internet Explorer (IE).

However, because ActiveX can be installed only by lowering the security level of the PC so as to access the resources of the personal computer (hereinafter referred to as PC), such as the file and the registry, the security of the user authentication process The user's PC security level is lowered due to the ActiveX, which is necessarily installed, and thus it is not only vulnerable to a dangerous environment such as hacking but also has a problem of complicating the procedure of public authentication.

For this reason, the Republic of Korea is promoting the policy of abolishing the Active X policy at the government level, such as the head of the state pointing out Active X as a typical old financial regulation at the press conference of the New Year in 2015.

Certified certificates, which require ActiveX to be installed for security during the certification process, can only be used by Internet Explorer (IE) provided by Microsoft among various types of web browsers, and other web browsers (Chrome, Safari, , Firefox, etc.).

That is, a user accesses a server operated by a bank or a securities company through an Internet-based web browser, and accesses financial services such as account transfer and stock transactions, a server operated by a government agency, and issues various proof documents such as a resident registration copy (IE) to use a public certificate for user authentication while using services in various industrial fields such as e-commerce services such as purchasing goods by accessing a server for selling goods, etc. In the Internet Explorer (IE) The service is available, but other web browsers do not support ActiveX, so there is a limitation in using the service because it is not available.

Patent Document 1: Korean Patent Application Publication No. 10-0411448 (Dec. 03, 2003), an issuing method and a system for issuing an optical recording medium storing a private key and a certificate of a public key infrastructure.

Non-Patent Document 1: Related to Active X in Wikipedia (https://en.wikipedia.org/wiki/%EC%95%A1%ED%8B%B0%EB%B8%8CX) Non-Patent Document 2: Media It (internet newspaper) related to the policy of abolishing Active X (http://www.it.co.kr/news/article.html?no=2793878&sec_no=)

It is an object of the present invention to provide a public key for a public key certificate that requires maintenance by using a distributed key database (PK) based on peer-to-peer network (P2P) based distributed database rather than a server operated by an accredited certification authority It is possible to control the storage and management in the electronic wallet mounted on the chain holding servers so that the operation and maintenance cost of the authorized certificate authentication system in which the high security system is interlocked so as to block the hacking as much as possible, And to provide a public key certificate authentication system and an authentication method based on a block chain capable of monitoring the denial of a user requesting authentication.

Another object of the present invention is to provide a method and system for managing a PC security level, which can maintain a PC security level at a desired level by means of guiding the public authentication process to be performed even when ActiveX is not installed, The present invention also provides a public key certificate authentication system based on a block chain compatible with various web browsers, and a public key certificate authentication method based on a block chain using the same.

In order to accomplish the present invention, a public key certificate authentication system based on a block chain according to a first embodiment of the present invention includes: a user terminal for requesting a block-chain-based public key authentication; A block-chain-based authorized certificate authentication request server for relaying requests for block chain-based public authentication by transmitting designated user identification information of a corresponding user operating the user terminal according to a block chain-based authorized authentication request of the user terminal; A public key recording transaction ID information and a user verification transaction ID information matched with the designated user identification information transmitted from the block chain-based public key certificate authentication request server to transmit the public key recording transaction information and the user verification transaction information A block chain-based public key certificate management server for requesting a public key certificate; An electronic purse having a block chain in which bit coin settlement transaction information is authenticated and bit coin settlement transaction information is recorded in accordance with the authenticated bit coin settlement transaction information by verifying the transferred bit coin settlement transaction information is transmitted In the electronic wallet, transaction information for public key recording including a public key for a public certificate and user authentication transaction information including user verification verification information are also recorded, and the information is transmitted from the block chain- A block chain for transmitting transaction ID information for public key recording and transaction ID information for user verification to the electronic wallet and transmitting matched public transaction key transaction information and user verification transaction information to the block chain based public key certificate management server Server, wherein the block chain-based authorized certificate management server comprises: Extracts the public key and the user verification proof information for the public key from the public key recording transaction information and the user verification transaction information transmitted from the lock chain holding server and extracts the public key for the public key certificate and the user verification proof information And transmits the certificate validation signal including transaction ID information for public key recording to the block chain-based public key certificate authentication request server, wherein the block chain-based public key certificate authentication request server Extracts the user identification information of the extracted user, performs hashing operation on the extracted user identification information, processes the extracted user identification identification information, and transmits the processed user identification identification information and the block chain based authentication certificate management server Of the information contained in the validated certificate validation signal And the hash value of the user verification verification information among the information included in the certificate validation verification signal transmitted from the block chain based public certificate management server and the hash value of the user verification verification information, And transmits the public key for the public certificate to the user terminal when the hash values of the public key and the public key are identical to each other, Performs public authentication based on key.

The step of authenticating the public authentication using the public key certificate authentication system based on the block chain according to the first embodiment includes the steps of accessing the block chain based public key certificate authentication request server at the user terminal and requesting the block chain public key authentication Wow; In the block chain-based authorized certificate authentication request server, the designated user identification information of the corresponding user operating the user terminal is extracted from the user identification information DB for each member according to the block chain-based authorized authentication request, To a server; The block-chain-based authorized certificate management server matches the transmitted designated user identification information with the per-user transaction search keyword information DB, and transmits matching transaction ID information for public key recording and transaction ID information for user verification to the block chain holding server Requesting download of transaction information for public key recording and transaction information for user verification; The block chain holding server may match the transferred transaction ID information for public key recording and the transaction ID information for user verification with the electronic wallet to match transaction information for public key recording and transaction information for user verification to the block chain To a public certificate management server; Operating a transaction processing engine in the block chain-based public key certificate management server, extracting a public key and a user verification Hash information for a public key certificate from the transmitted transaction information for public key recording and transaction information for user authentication; The certificate validity check signal including the public key and the user verification verification information for the extracted public key certificate and the transaction ID information for public key recording stored in the transaction keyword information DB for each user in the block chain- To the block chain-based authorized certificate authentication request server; In the block chain-based authorized certificate authentication request server, the identification information of the corresponding user is extracted from the user identification information DB for each member, the hash processing engine is operated, the identification information of the extracted user is hashed, The transaction ID information for public key recording among the information included in the processed validity identification identification information and the certificate validity confirmation signal transmitted from the block chain based public key certificate authentication server is subjected to a hashing operation And processing the data into a cost-effective user verification verification information; Wherein the hash value of the user verification verification information among the information included in the certificate validity verification signal transmitted from the block chain-based authorized certificate management server and the hash value of the user verification verification information transmitted from the block chain- Calculating a hash value of the time constant beam, and confirming whether the computed hash values are the same; The hash value of the user verification verification information and the hash value of the user verification verification information of the user verification verification information among the information included in the certificate validation verification signal transmitted from the block chain based public certificate management server are respectively calculated, The method comprising: transmitting, in the block-chain-based authorized certificate authentication request server, a public key for a public certificate among the information included in the certificate validation signal to the user terminal; And performing public authentication on the basis of the transmitted public key for the public key certificate in the user terminal.

The authorized certificate authentication system based on the block chain according to the second embodiment includes: a user terminal for requesting a block chain-based public authentication; Extracts the identification information of the corresponding user from the user identification information DB for each member according to the block chain based authentication request of the user terminal, performs hashing operation on the extracted user identification information, A block-chain-based authorized certificate authentication requesting server for transmitting the processed user identification identification information and the designated user identification information of the user; The method includes receiving billing user identification information and designated user identification information from the block chain-based authorized certificate authentication requesting server, matching designated user identification information among the transmitted information with a transaction search keyword information DB for each user, A block chain-based authorized certificate management server for requesting download of transaction information for public key recording and transaction information for user verification by transmitting recording transaction ID information and user verification transaction ID information; An electronic purse having a block chain in which bit coin settlement transaction information is authenticated and bit coin settlement transaction information is recorded in accordance with the authenticated bit coin settlement transaction information by verifying the transferred bit coin settlement transaction information is transmitted In the electronic wallet, transaction information for public key recording including a public key for a public certificate and user authentication transaction information including user verification verification information are also recorded, and the information is transmitted from the block chain- A block chain for transmitting transaction ID information for public key recording and transaction ID information for user verification to the electronic wallet and transmitting matched public transaction key transaction information and user verification transaction information to the block chain based public key certificate management server Server, wherein the block chain-based authorized certificate management server comprises: Extracting the public key for the public key and the user verification verification information from the public key recording transaction information and the user verification transaction information transmitted from the lock chain holding server, The transaction ID information for public key recording stored in the search keyword information DB is subjected to hashing operation and processed as cost user verification proof information, and the hash value of the extracted user verification proof information is compared with the processed user cost verification information And transmits the extracted public key for the public key certificate and the designated user identification information of the corresponding user to the block chain-based public key certificate authentication request server if the hash values of both the public key and the public key are identical, Based authorization certificate authentication request server refers to the designated user identification information among the transmitted information, Transmits the public key for the public key certificate to the user terminal, and the user terminal performs public key authentication based on the transmitted public key for the public key certificate.

The step of authenticating the public authentication using the public key certificate authentication system based on the block chain according to the second embodiment comprises the steps of: requesting block chain-based public authentication by accessing a block chain- Wow; In the block chain-based authorized certificate authentication requesting server, the identification information of the corresponding user is extracted from the user identification information DB for each member according to the block chain-based authorized authentication request, the hash processing engine is operated, And transmitting the processed user identification identification information and the designated user identification information of the user to the block chain-based authorized certificate management server; The block chain based public key certificate management server receives the cost identification identification information and the designated user identification information and matches the designated user identification information among the transmitted information with a transaction search keyword information DB for each user, Requesting downloading of transaction information for public key recording and transaction information for user verification by transmitting the recording transaction ID information and the user verification transaction ID information to the block chain holding server; The block chain holding server may match the transferred transaction ID information for public key recording and the transaction ID information for user verification with the electronic wallet to match transaction information for public key recording and transaction information for user verification to the block chain To a public certificate management server; Operating a transaction processing engine in the block chain-based public key certificate management server, extracting a public key and a user verification Hash information for a public key certificate from the transmitted transaction information for public key recording and transaction information for user authentication; The hash processing engine is operated in the block chain-based public key certificate management server to perform hashing operation on the transferred cost identification identification information and transaction ID information for public key recording stored in the per-user transaction search keyword information DB, Processing the user verification verification information; Wherein the hash value of the extracted user verification verification information and the hash value of the processed user cost verification verification information are respectively calculated in the hash processing engine of the block chain based public key certificate management server, Checking whether the hash values are the same; If the hash value of the extracted user verification hash value is equal to the hash value of the processed user fee verification validation information, the public key for public key certificate and corresponding user Transmitting the designated user identification information to the block chain-based authorized certificate authentication requesting server; Transmitting the transmitted public key for the public key certificate to the user terminal by referring to the designated user identification information among the transmitted information in the block chain based public key certificate authentication request server; And performing public authentication on the basis of the transmitted public key for the public key certificate in the user terminal.

In the case of a public key for a public certificate that requires maintenance, the present invention is not limited to a server operated by an accredited certification authority (CA), but may be a block chain via a distributed database based on a peer-to-peer network (P2P) The cost of establishing an authorized certificate authentication system in which a high security system is interlocked so that a hacking can be blocked as much as possible by means of storage management in a block chain of electronic wallets mounted on servers and the operation of the established authorized certificate authentication system And maintenance costs are not incurred, it is possible to monitor the denial of the user who requests the authentication.

Further, according to the present invention, the PC security level can be maintained at a desired level by the means for guiding the public authentication process to be performed even when the ActiveX is not installed, so that the present invention is not only resistant to a risk environment such as hacking, There is also a simple, compatible effect on various web browsers.

1 is a block diagram illustrating a public certificate issuing system based on a block chain of the present invention;
FIG. 2 is a block diagram illustrating a detailed configuration of a user terminal in a configuration of a public certificate issuing system based on the block chain of the present invention;
FIG. 3 is a block diagram illustrating a detailed configuration of a block chain-based authorized certificate issuing request server among a configuration of a public certificate issuing system based on the block chain of the present invention.
FIG. 4 is a block diagram illustrating a detailed configuration of a configuration block chain-based public key certificate management server constituting a public key certificate issuing system based on the block chain of the present invention;
FIG. 5 is a diagram illustrating a key generation guide screen unit displaying a process of issuing a public key for a public key and a private key for a public key in a user terminal using a public key certificate issuing system based on the block chain of the present invention;
6 is a diagram schematically showing a data structure of various transaction information divided into input data and output data,
FIG. 7 is a flowchart illustrating a block chain-based public key certificate issuing process using a public key certificate issuing system based on the block chain of the present invention.
FIG. 8 is a block diagram illustrating a public key certificate authentication system based on the block chain of the present invention.
FIG. 9 is a block diagram illustrating a detailed configuration of a block-chain-based authorized certificate authentication requesting server among constituent parts of a public key certificate authentication system based on the block chain of the present invention;
FIG. 10 is a block diagram illustrating a detailed configuration of a user terminal in a configuration of an authorized certificate authentication system based on the block chain of the present invention.
FIG. 11 is a view illustrating a process of selecting a password and an image designated by a user in a user terminal using a public certificate authentication system based on the block chain of the present invention; FIG.
12 to 14 are flowcharts illustrating an authentication process of a block chain-based public key certificate using a public key certificate authentication system based on the block chain of the present invention.
15 to 17 are flowcharts illustrating a public key certificate authentication method based on a block chain according to another embodiment.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the configuration and operation of an embodiment of the present invention will be described in detail with reference to the accompanying drawings. In the various embodiments, the same reference numerals are used for the same components.

The present invention is largely divided into an issuance part of a public key certificate based on a block chain and an authentication part of a public key certificate based on a block chain.

1 to 7 relate to a system and method for issuing a public certificate based on a block chain, which is an issuing part of a public certificate based on a block chain.

As shown in the figure, the authorized certificate issuing system based on the block chain of the present invention includes a user terminal 100, a block chain-based authorized certificate issuing request server 200, a block chain-based authorized certificate managing server 300, And a block chain holding server 400.

First, the user terminal 100 generates a public key for a public key certificate and a public key for a public key certificate, generates a block key composed of a public key for the public key certificate and a user's identification information required for issuing the public key certificate based on the block- Based authorization certificate issuing server 200 to the block chain-based authorized certificate issuance request server 200 described later. Here, the personal information for issuing the public key certificate based on the block chain is information including user name, user's date of birth, user's telephone number, and user's e-mail.

The user terminal 100 includes an information output unit 101 for outputting information, an information storage unit 102 for storing data and application programs, an information input unit for generating a user input signal A key generation engine 110 and an encryption / decryption engine 120 are provided in addition to a control unit (not shown) for performing overall operation control of the user terminal 100.

Here, the key generation engine 110, the encryption / decryption engine 120, and a key generation guide screen section, which will be described later, are installed in the form of an application program when the user terminal 100 is a desktop type such as a personal computer (PC) If the user terminal 100 is a mobile device such as a smart phone capable of accessing the Internet, it is installed and provided in the form of a mobile dedicated application.

Also, before generating the public key for the public key certificate and the public key for the public key certificate, the user terminal 100 sends the block chain-based public key certificate issuance request server 200 to the user operating the user terminal 100, Is registered.

To this end, the DB unit 210 is mounted on the block chain-based authorized certificate issuance request server 200, and the identification information of the user operating the user terminal 100 is stored in the DB unit 210 And a user identification information DB 211 for each member in which the identification information of the same user as the personal information for issuing the block chain based authentication certificate is stored.

Then, the user terminal 100 transmits the personal information for issuing the block-chain-based public-key certificate to the block-chain-based public-key certificate issuing request server 200 to request issuance of the block-chain-based public-key certificate, (200) matches the personal information for issuing the block-chain-based authorized certificate with the user-specific user identification information DB (211), and if there is matching information, generates a public key for the public key certificate and a private key for the public key certificate And transmits the generated key generation guide signal to the user terminal 100.

When the key generation guidance signal is transmitted from the block chain-based authorized certificate issuing request server 200, the user terminal 100 generates the public key for the public key certificate and the private key for the public key certificate by operating the key generation engine 110 , The user terminal 100 controls the generation of the public key for the public key certificate and the public key for the public key certificate in the state where the network is blocked so as to prevent the outflow of each key that may occur even if the user terminal 100 exits.

In addition, the user terminal 100 operates the encryption / decryption engine 120 to encrypt the private key for the public key certificate based on the password and the photograph image designated by the user, 102).

Accordingly, even if the private key for the user's authorized certificate is leaked, it is practically difficult to deduce the password and the photograph image designated by the user, thereby minimizing the risk of information theft.

In addition, a key generation guide screen portion indicating a process of issuing a public key for a public certificate and a private key for a public certificate in the user terminal 100 is stored in the information storage unit 102 of the user terminal 100.

As described above, the stored key generation guidance screen includes a user name input field 141a for inputting the user's name, a user's date of birth input field 141b for inputting the user's date of birth, a user's telephone number input field 141c for inputting the user's telephone number, A user identification information input screen 141 including a user email input field 141d for inputting a user's email and a network connected to the user terminal 100 before generating a public key for a public key certificate and a private key for a public key certificate A network blocking display screen 143 for indicating that the network of the user terminal 100 is blocked and a password input box for inputting a password necessary for issuing a block chain based authentication certificate A password input screen 144 including a plurality of images 144a, 144a, Screen 145, a key generation guidance screen 146 for guiding generation of a public key for a public key certificate and a public key for a public key certificate, a public key for a public key certificate and a private key for a public key certificate, And a issuing completion guide screen 148 indicating that issuance of the block chain-based authorized certificate is completed.

The block chain-based certificate issuance request server 200 receives personal information for issuing a public key for a public certificate and a public key certificate based on a block chain from the user terminal 100, and forwards the personal information for issuing a block chain- And the identification information of the user constituting the personal information for issuing the public key certificate based on the block identification information and the public key for the public key certificate and the personal identification information for issuing the public key certificate based on the block chain, And transmits the generated transaction request signal to the block chain-based authorized certificate management server 300, which will be described later. Here, the designated user identification information can use the telephone number of the user, in particular, the telephone number of the mobile communication terminal.

In order to perform such a function, the hash processing engine 220 is mounted in the block chain-based authorized certificate issuance request server 200.

As described above, the hash processing engine 220 installed in the block-chain-based public-key certificate issuance requesting server 200 performs a function of hashing the private information for issuing the block-chain-based public key certificate and processing it into user identification hash information.

The block-chain-based public key certificate management server 300 receives the public key certificate including the public key for the public key certificate from the information gathered in the public key certificate transaction request signal transmitted from the block- And transaction ID information for public key recording used as a key value to retrieve the transaction information for public key recording, and transmits the transaction information for public key recording among the generated information for recording, And transaction ID information for public key recording among the pieces of information collected in the transaction generation request signal for public key recording are processed by a hashing operation and processed as user verification verification information, A user verification transaction information including processed user verification verification information and a user verification transaction information And generates transaction ID information for user verification used as a key value for coloring, and transmits user authentication transaction information among the generated information for recording, stores and manages transaction ID information for user verification, generates transaction for public key recording The designated user identification information among the information collected in the request signal is a member for storing and managing.

In order to perform such a function, the block chain-based authorized certificate management server 300 is provided with a DB unit 310, a transaction processing engine 320 and a hash processing engine 330 having a transaction search keyword information DB 311 for each user .

First, the transaction processing engine 320 stores the specified user identification information in the per-user transaction search keyword information DB 311, and stores the transaction information for public key recording including the public key for the public key certificate and the public key recording transaction And generates transaction ID information for public key recording used as a key value in retrieving information.

The hash processing engine 330 performs a hashing operation on the user identification identification information and the public key recording transaction ID information among the information collected in the transaction request signal for public key recording, and processes the user identification verification information.

In the case of transaction information for public key recording, the transaction processing engine 320 transmits to the block chain holding servers 400 for recording, and in the case of transaction ID information for public key recording, a transaction search keyword information DB 311 And generates transaction ID information for user verification used as a key value to retrieve transaction information for user verification including user verification verification information and transaction information for user verification, The transaction information is transmitted to the block chain holding servers 400 for recording, and the transaction ID information for user verification is stored and managed in the transaction search keyword information DB 311 for each user.

The block chain-based authorized certificate management server 300 performing such functions performs authorization authentication when using services such as a server operated by a bank or a securities company, a server operated by a government agency, and a server operated in a shopping mall performing Internet commerce The server of the desired vendor can be applied.

On the other hand, the bit coin settlement transaction information recorded in the block chain of the electronic wallet of the block chain holding server 400, which will be described later, A bit coin usage right information, a bit coin usage right information, and a bit coin usage right information, which are used for determining validity of previous bit coin settlement transaction ID information, a remitter bit coin use right information, and a bit coin use right information, A public key for payment, OP_DUP information indicating that the transaction is a transaction for bit coin transaction, a bit coin amount to be remitted, and receiver identification information for identifying the receiver.

Here, the previous bit coin settlement transaction ID information is information used as a key value for retrieving the previous bitcoin settlement transaction information. The bit coin usage right information of the remitter is the electronic signature information of the remitter, and the remitter corresponds to the user who remits the bit coin from the previous bit coin settlement transaction information.

In the transaction information for bit coin settlement, the data structure is divided into input data (ID) and output data (OD). In the input data (ID), transaction ID information for previous bit coin settlement, And a public key for bit coin settlement are classified and stored, and OP_DUP information, bit coin amount, and receiver identification information are separately stored in the output data OD.

6B, the transaction information for public key recording is transferred from the previous bit coin settlement transaction information to the previous coin transaction record information used for identifying the storage location of the to-be-used bit coin to be used among the bit coin amounts held by the remitter A bit coin settlement transaction ID information, a remitter's bit coin usage right information, a bit coin settlement public key necessary for judging the validity of the bit coin use right information, a public key for public key authentication A public key registration cost information which is a cost required for registration, OP_RETURN information indicating that the transaction is a transaction for information recording rather than a transaction for bit coin transaction, and the public key for the authorized certificate.

At this time, the transaction information for public key recording is divided into input data ID1 and output data OD1. In the input data ID1, the previous bit coin settlement transaction ID information, the sender's bit coin usage right Information and bit key coin settlement public key and public key registration cost information are classified and stored in the output data OD1 and the OP_RETURN information and the public key for the public key are classified and stored.

Here, the public key registration cost information is a fee to be paid to a minor involved in registering public key recording transaction information in a block chain provided in an electronic wallet of the block chain holding servers 400. The public key registration cost information is approximately 0.0001 bit coin do. In addition, the user verification validation registration cost information, which will be described later, is also a fee paid to a minor who is involved in allowing the user verification transaction information to be registered in the block chain provided in the electronic purse of the block chain holding servers 400. [

And the price of 0.0001 bit coin is about 40 won at the price of July 2015, and the total cost of issuing the bit coin based certificate is lower than 100 won.

In addition, referring to FIG. 6C, the user verification transaction information includes information indicating a transfer position of a coin to be used, which is used for identifying a storage location of a to-be-used bit coin to be used among bit coin amounts held by the remitter through the previous bit coin settlement transaction information A bit coin settlement transaction ID information of a sender, a bit coin use permission information of a sender, a public key for a bit coin settlement necessary for judging the validity of bit coin use authority information, a registration of user verification assertion information required for issuing a public key certificate based on a block chain A block chain-based certificate destruction stockpile cost, which is a cost to be used for destroying the public key certificate based on the block chain, and a transaction for recording information other than a transaction for bit coin transaction OP_RETURN information, transaction information for the user verification, Server 400, the block chain-based public certificate certificate storage cost saving information corresponding to the block chain-based public certificate destruction storage cost information is transferred to a designated bit coin address, Based authentication certificate data based on the block chain based on the destruction stockpile cost transfer information indicated by the amount of the stockpiling storage cost and the user verification proof information.

Thus, the block-chain holding servers 400 record transaction information for user verification and refer to block chain-based certificate revocation checking information, and store block chain-based authorized certificate destruction storage The information that the cost information has been transferred and filled up is recorded so that it can be used as data for checking whether or not the block chain-based public key certificate is destroyed later.

The transaction information for user verification has a data structure divided into input data ID2 and output data OD2. In the input data ID2, transaction ID information for previous bit coin settlement, bit coin usage right information of a sender, The public key for bit coin settlement, the block chain, and the user verification proof storage cost information are classified and stored. The output data (OD2) includes OP_RETURN information, information on whether or not to revoke the authorized certificate based on the block chain, Hash information is classified and stored.

The block chain holding servers 400 are devices constituting a bit coin network that performs bit coin settlement through authentication and recording of bit coin settlement upon bit coin settlement.

Here, the bit coin will be briefly described. Bitcoin is a digital currency that can be settled in 2009 by Satoshi Nakamoto (Satoshi Nakamoto) and has no central device for issuing and managing currency. Instead, the transaction of the bit coin is performed by a distributed database based on peer-to-peer network (P2P), and transactions are performed based on the public key cryptography.

Such a bit coin having a payment method has an advantage in that it can be used without any information such as a card number, an expiration date, and a CCV number necessary for payment of a credit card, as well as a fee for use. In addition, the bit coin is stored in an electronic wallet in the form of a file, and each unique address (public address) is assigned to the electronic wallet, and bit coin transaction is performed based on the address.

In order to use the bit coin having the settlement characteristic, the bit coin user first subscribes to the bit coin exchange (for example, www.coinplug.com) and charges the KRW corresponding to the won coin while opening the electronic wallet.

Then, after confirming the current price of the bit coin being traded at the bit coin exchange and entering the purchase order by inputting the quantity and unit price of the bit coin desired to be purchased, the transaction is established through the sales order matching the transaction condition, The settlement can be performed through the bit-coin.

As described above, the server operated by the bit coin exchange may be a member of the block chain holding servers 400.

For this purpose, an electronic wallet having a block chain must be mounted on the individual block chain holding server 400, and the electronic chain wall of the block chain holding server 400 is provided with a bit coin settlement The transaction information for bit coin settlement is recorded in accordance with the authentication of the bit coin settlement through the verification of the received transaction information for bit coin settlement, 400 to the bit-coin settlement transaction information.

That is, the propagation of the bit-coin settlement transaction information is promised by a communication protocol. When the transaction information for bit coin settlement is generated, one node (here, referred to as a block chain holding server) And all the block chains on which the electronic wallet having the block chain necessary for performing the bit coin settlement through the pyramidal wave propagating repeatedly propagates to the eight nodes specified for each of the eight nodes having received the bit coin settlement transaction information To the holding server 400, thereby completing.

As described above, not only the bit-coin settlement transaction information recorded in the block chain but also all the transaction information including the transaction information for public key recording and the transaction information for user verification can be forgiven later.

On the other hand, in the block chain holding servers 400, an electronic wallet having a block chain is mounted. A server (or terminal) operated by a miner who mines a bit coin or a user terminal for bit coin settlement Or smartphone) can also be made of one member.

In addition, in the case of the bit coin settlement, payment is basically performed based on the electronic wallet equipped with the block chain. As such, payment based on the electronic wallet equipped with the block chain includes light coin, dark coin, name coin, And ripple, and this can also be used as a substitute for performing functions such as bit coin in the forgery verification of a financial institution's certificate document in the present invention.

In addition to transaction information for bit coin settlement for general bit coin settlement, personal information can also be recorded in the block chain of the block chain holding server 400 as described above. That is, it is also possible to record transaction information for public key recording and transaction information for user verification, which includes a public key for a public key and a user verification Hash information required for executing a bit coin-based public key authentication.

That is, if OP_RETURN (Operation Code " RETURN ") information is included in transaction information, which is transaction information generated at the time of bit coin settlement, the electronic wallet of each block chain holding server 400 is private information And the OP return information is recorded in the transaction information for verifying the certificate so as to be used as an important structure for judging prevention of forgery and falsification of the digital contents.

Herein, if the OP_RETURN information is read in the electronic wallet of the block chain holding server 400 and the OP return message is read on the bit coin settlement transaction information in the bit coin settlement authentication, the information on which the OP return message is written is the bit coin transaction information But it is used as information to inform that it is an arbitrary 40 byte data value.

The process of issuing a public key certificate based on the block chain using the public key certificate issuing system based on the block chain of the present invention will now be described.

When the user accesses the block chain-based authorized certificate issuance request server 200 by executing a mobile exclusive application (or a dedicated program) for guiding issuance of the bit coin based public certificate installed in the user terminal 100, (Hereinafter, referred to as controlled by the user terminal for the sake of convenience of explanation) extracts the user identification information input screen 141 stored in the information storage unit 102 and outputs it to the information output unit 101 do.

The user inputs a user name input field 141a for inputting the user's name on the output user identification information input screen 141, a user's date of birth input field 141b for inputting the user's date of birth, a user's telephone number input field And inputs the information in accordance with the input form in the user email input field 141d in which the user's e-mail is input, and requests transmission.

The user terminal 100 collects user information such as a user name, a user's date of birth, a user's phone number, and user's e-mail as input information into personal information for issuing a block chain-based authorized certificate, Based authorization certificate issuance requesting server 200 to request issuance of the block chain-based authorization certificate (S100).

The block chain-based authorized certificate issuance request server 200 matches the personal information for issuing the block chain-based authorized certificate with the user-specific user identification information DB 211 for each member to check whether matching information exists (S110) If there is no information, a message (S111) for disabling issuance of the block chain-based authorized certificate is transmitted to the user terminal 100. [

If there is matching information, the block chain-based authorized certificate issuance request server 200 generates a key generation guide signal for guiding the generation of the public key for the public key certificate and the private key for the public key certificate, (S120).

When the key generation guide signal is transmitted, the user terminal 100 extracts the network blocking guide screen 142 from the information storage unit 102 and outputs the extracted network blocking guide screen 142 to the information output unit 101.

When the user clicks the menu for requesting the network setting after viewing the outputting blocking guide screen 142, the user terminal 100 extracts the network blocking display screen 143 stored in the information storage unit 102 and outputs information (101). Thereafter, the user disconnects the connected network, such as Wi-Fi, on the output network cutoff display 143.

The user terminal 100 extracts the password input screen 144 stored in the information storage unit 102 and outputs the password input screen 144 to the information output unit 101 so that the user can enter the password input screen 144a of the password input screen 144 Enter the password and click OK.

Then, the user terminal 100 extracts the image selection screen 145 stored in the information storage unit 102 and outputs the extracted image selection screen 145 to the information output unit 101. Then, the user selects a desired one of the plurality of images displayed on the output image selection screen 145. [

Then, the user terminal 100 controls the key generation engine 110 to generate a public key for the public key certificate and a private key for the public key certificate. At this time, the key generation guide screen 146 stored in the information storage unit is output So that the user can recognize that the public key for the public key certificate and the private key for the public key certificate are generated.

Then, when the public key for the public key and the public key for the public key certificate are generated, the user terminal 100 operates the encryption / decryption engine 120 to encrypt the private key for the public key certificate based on the password and the photo image designated by the user, And stored in the information storage unit 102 in a processed state with the private key for the authorized certificate.

After storing the private key for the certificate, the user terminal 100 outputs a message to reconnect the network, and the user connects the network.

Then, the user terminal 100 outputs a network connection guidance screen 147 stored in the information storage unit 102 to guide the user to recognize that the network is connected again.

Then, the user terminal 100 transmits the public key for the public key certificate to the block chain-based public key certificate issuance request server 200 (S130).

Upon receiving the public key for the public key certificate, the block chain-based public key certificate requesting server 200 operates the hash processing engine 220 to perform hashing operation on the personal information for issuing the block chain-based public key certificate, And collects the designated user identification information corresponding to the identification information of the user designated in the identification information of the user, the public key for the public key for the authorized certificate, and the personal information for issuing the public key certificate based on the block chain, To the block chain-based authorized certificate management server 300 (S140).

In addition, the block-chain-based authorized certificate management server 300 operates the transaction processing engine 320 to transmit designated user identification information among the information collected in the transaction generation request signal for public key recording, 311), and generates transaction ID information for public key recording that includes the public key for the public key and public key recording transaction ID information used as a key value in retrieving the public key recording transaction information (S150).

Thereafter, the block-chain-based authorized certificate management server 300 operates the hash processing engine 330 to hash the user identification identification information and the transaction ID for public key recording among the information collected in the transaction generation request signal for public key recording And processes it as user verification verification information (S160).

Thereafter, the block chain-based public key certificate management server 300 operates the transaction processing engine 320 to transmit the transaction information for public key recording to the block chain holding servers 400 for recording, In the case of the ID information, it is stored in the transaction search keyword information DB 311 for each user, and the user verification transaction information including the user verification verification information and the user verification transaction ID And transmits the user verification transaction information among the generated information to the block chain holding servers 400 for recording. The transaction ID information for user verification is stored in the transaction search keyword information DB 311 for each user (S170).

The block chain holding servers 400 write the transaction information for public key recording and the transaction information for user verification in the block chain to complete issuance of the block chain-based public key certificate (S180).

Then, the block chain-based authorized certificate management server 300 notifies the user terminal 100 of the completion of issuance of the block-chain-based authorized certificate (S190) upon completion of issuance of the block chain-based authorization certificate (S180).

The user terminal 100 outputs the issuance completion guide screen 148 stored in the information storage unit 102 through the information output unit 101 and provides the information to the user for recognition.

8 to 14 relate to a system and method for authenticating a public key certificate based on a block chain, which is an authentication part of a public key certificate based on a block chain. Prior to describing the drawings, the description will be omitted if there is a content overlapping with the contents described in the certificate issuance section.

As shown in the figure, the public key certificate authentication system based on the block chain of the present invention includes a user terminal 100, a block-chain-based public key certificate authentication request server 500, a block-chain-based public key certificate management server 300, And a block chain holding server 400.

First, the user terminal 100 is a terminal member requesting a block chain-based public authentication.

The block-chain-based authorized certificate authentication request server 500 transmits the designated user identification information of the corresponding user operating the user terminal 100 in accordance with the block chain-based authentication request of the user terminal 100, To the server.

To this end, the block chain-based authorized certificate authentication request server 500 includes a DB unit 510, and identification information of a user operating the user terminal 100 is stored in the DB unit 510, Based on the block chain made up of the user's identification information used in issuing the public key certificate based on the block chain, the designated user identification information corresponding to the identification information of the user designated by the identification information of the user identical to the personal information for issuing the authorized certificate And a user ID information DB 511 for each member stored.

Based on this, the block-chain-based public-key certificate authentication request server 500 transmits a block chain-based public-key authentication request to the user Extracts the user identification information, and transmits it to the block chain-based authorized certificate management server 300.

The block-chain-based authorized certificate management server 300 transmits transaction ID information for public key recording and transaction ID information for user verification matching with designated user identification information transmitted from the block-chain-based authorized certificate authentication request server 500 A server member for requesting download of transaction information for public key recording and transaction information for user verification.

To this end, in the block chain-based public key certificate management server 300, a DB unit 310 is mounted, and a block chain including a user's identification information used for issuing a block- Based user ID information corresponding to identification information of a designated user among the identification information of the same user as the personal information for issuing the public key certificate, transaction ID information for public key recording used as a key value for retrieving transaction information for public key recording, And a user-specific transaction search keyword information DB 311 in which transaction ID information for user verification used as a key value for retrieving transaction information for verification is stored.

Here, if the block chain-based authorized certificate destruction storage cost information and the transaction information for user verification are recorded in the block chain of the block chain holding servers 400 as the cost to be used for destroying the block chain- Based on the above-mentioned block chain, the amount of stockpiling cost stored in the block chain-based public certificate certificate storage destruction cost corresponding to the above-mentioned block chain-based public certificate destruction cost information is transferred to the designated bit coin address, Includes stock disposal cost escalation information.

Accordingly, the transaction processing engine 320 of the block-chain-based authorized certificate management server 300 extracts the parasite bitcoin address for storing the parasite stored in the parity stockpile cost transfer information among the information included in the user verification transaction information, Based on the block chain, the block chain-based public certificate destruction checking request signal for inquiring whether or not the block chain-based authorized certificate destruction stockpile corresponding to the bit coin amount charged at the extracted biting-to-parity bit storage address has been transferred, To the block chain holding server (400). Here, the block chain-based certificate revocation confirmation request signal may be sent to a plurality of block chain holding servers 400 or a predetermined block chain holding server 400.

The block chain holding server 400 matches the destruction bit coin address included in the transmitted block chain based public certificate revocation confirmation request signal with the block chain to the corresponding block digest Based on the block chain, the block chain-based public certificate destruction / announcement signal to the block chain-based public certificate management server 300.

The transaction processing engine 320 of the block chain-based public key certificate management server 300 refers to the block chain-based public key certificate revocation information guidance signal and determines whether or not the block chain-based public key certificate storage cost charged in the bit- The user terminal 100 is notified that a block chain-based authentication process is rejected.

Then, the block-chain-based authorized certificate management server 300 extracts the public key recording transaction ID information and the user verification transaction ID information by matching the designated user identification information with the per-user transaction search keyword information DB 311, The processing engine 320 is operated to control the public key for user authentication and the user verification verification information to be extracted from the public key recording transaction information and the user verification transaction information.

The block-chain holding server 400 authenticates the bit coin settlement through the verification of the bit-coin settlement transaction information transmitted when the bit-coin settlement transaction information is transmitted, and in accordance with the authentication, The transaction information for public key recording including the public key for the public certificate and the user verification transaction information including the user verification verification information are also recorded in the electronic wallet, Based transaction ID information and transaction ID information for user verification transmitted from the chain-based authorized certificate management server 300 to the electronic wallet, and transmits matched public key recording transaction information and user verification transaction information to the electronic wallet, Based certificate management server 300 to the chain-based authorized certificate management server 300.

In particular, as a main feature of the present invention, the block-chain-based public key certificate management server 300 obtains public key certificate public key certificate information from public key key transaction information and transaction information for user verification transmitted from the block- And a certificate validation signal including the public key for the extracted public key certificate and the user verification verification information and the transaction ID information for public key recording to the block chain-based public key certificate authentication server (500).

In addition, the block-chain-based authorized certificate authentication server 500 extracts the identification information of the corresponding user from the user identification information DB 511 for each member, operates the hash processing engine 520, And the processed information of the processed user identification information and the information included in the certificate validity confirmation signal transmitted from the block chain-based authorized certificate management server 300 The transaction ID information for public key recording is subjected to hashing to be processed as the cost user verification verification information and the user verification verification information among the information included in the certificate validation signal transmitted from the block chain- And the hash value of the cost validation verification information is calculated, and if both hash values are the same, And it transmits the public key for the certificate to the user terminal 100.

Then, the user terminal 100 performs public authentication based on the transmitted public key for the public key.

To this end, the user terminal 100 is provided with an information storage unit 102 and an encryption / decryption engine 120, which are stored in a state of a private key for an encrypted public key certificate based on a password and a photo image set by the user, .

Also, the block-chain-based public key certificate authentication request server 500 transmits the public key for the public key certificate to the public key for the encrypted public key certificate based on the password set by the user and the user authentication request message requesting the input of the photo image do.

The user terminal 100 extracts the authentication execution password input screen 151 stored in the information storage unit 102 and outputs the same through the information output unit 101 when the public key for the authentication certificate is transmitted, The password registered at the time is input into the password input field 151a.

When the user terminal 100 extracts the image 152 for performing authentication from the information storage unit 102 and outputs the extracted image 152 through the information output unit 101, Select.

Then, the user terminal 100 decrypts the private key for the encrypted public key certificate stored in the information storage unit 102 by referring to the public key for the encrypted public key certificate, which is operated by the encryption / decryption engine 120, If the password and the photographic image are correct, the user authentication signal is transmitted to the block chain-based authorized certificate authentication request server 500.

On the other hand, the user can cancel the block chain-based public key certificate issued by the block chain-based authorized certificate management server 300 corresponding to the remitter.

To this end, when a certificate destruction signal requesting destruction of a block-chain-based certificate is generated in the block-chain-based authorized certificate management server 300, the transaction processing engine 320 is operated to access the transaction- Extracts transaction ID information for user verification, and transmits it to the block chain holding server 400.

The block chain holding server 400 transmits the user verification transaction information extracted by matching the transferred user verification transaction ID information with the block chain of the electronic purse to the block chain based public key certificate management server 300.

The transaction processing engine 320 of the block chain-based public key certificate management server 300 receives transaction information for user verification, and when transaction information for revoking the authorized certificate is recorded in the block chain holding server 400, (OD2) of the discarding corpus for destruction according to the output data (OD2) of the discarding block chain. The multi-bit coin usage right information including the right to use the stored block chain-based public key certificate storage cost, the input data including the bit coin payment public key necessary for judging the validity of the multi-bit coin usage right information ID3) and destruction-based bit-coin- And stores the bit-coin address of the receiver to which the stockpiling cost is to be transferred and the output data OD3 including the destruction cost receiver identification information for identifying the receiver, and transmits the generated transaction information to the block chain holding server 400 ).

The block chain holding servers 400 write the transaction information for destroying the public certificate into the block chain to destroy the block chain based public key certificate of the user.

On the other hand, if a certificate revocation signal is generated in the user terminal 100, the block chain-based authorized certificate management server 300 transmits the created certificate revocation transaction certificate information to the user terminal 100 to request an electronic signature.

The user terminal 100 operates the transaction signing engine 130, electronically signs the transmitted transaction information for revoking the authorized certificate, and transmits the information to the block chain-based authorized certificate management server 300.

Thereafter, the block chain-based authorized certificate management server 300 performs a function of controlling the block chain holding server 400 to transmit transaction information for digital certificate-signed certificate revocation by the user transmitted from the user terminal 100 do.

If the certificate revocation signal is generated by itself, the block chain-based authorized certificate management server 300 operates the transaction processing engine 320 to transmit the electronic signature of the remitter corresponding to the block-chain-based authorized certificate management server 300 to an authorized certificate And transmits the transaction information for digital certificate, which is digitally signed by the remitter, to the block-chain holding servers 400. The block-

The authentication process of the block chain-based public key certificate using the public key certificate authentication system based on the block chain of the present invention will now be described.

The user terminal 100 accesses the block-chain-based authorized certificate authentication request server 500 and requests block chain-based authorization authentication (S300).

The block-chain-based public-key-certificate-authentication-requesting server 500 generates a block-chain-based public-key certificate according to a block-chain-based public authentication request of the user terminal 100, And transmits the extracted information to the block chain-based authorized certificate management server 300 (S310).

The block chain-based authorized certificate management server 300 matches the transmitted designated user identification information with the per-user transaction search keyword information DB 311, and matches the transaction ID for public key recording and the transaction ID for user verification, To the holding server 400 to request the download of the transaction information for public key recording and the transaction information for user verification (S320).

The block chain holding server 400 matches the transmitted transaction ID information for public key recording and the transaction ID information for user verification with the electronic wallet and transmits matching transaction information for public key recording and transaction information for user verification to a block chain- To the certificate management server 300 (S330).

The block chain-based public key certificate management server 300 operates the transaction processing engine 320, extracts a parity bit storage address for destruction according to the parity stockpile cost information included in the transferred user verification transaction information, Based on the block-chain-based public-key certificate destruction storage cost corresponding to the bit coin amount charged at the extracted bit-coin address for destruction of the extracted destruction, To the chain holding server 400 (S340).

The block chain holding server 400 matches the destructive bit coin address included in the transmitted block chain based public certificate revocation confirmation request signal with the block chain to match the corresponding block destructive bit coin address to be matched, Based on the chain chain, the block chain-based public certificate destruction guide signal is transmitted to the block chain-based public certificate management server 300 (S350).

The transaction processing engine 320 of the block chain-based public key certificate management server 300 refers to the transmitted block chain-based public key certificate revocation information whether or not to generate a block chain-based public key certificate storage cost (S360). If the block chain-based authorized certificate destruction storage cost charged in the parity bit storage address for destruction is shifted, a message indicating that the user terminal 100 has rejected the block chain-based authorized authentication process is displayed (S361). If the block chain-based authorized certificate destruction cost stored in the parity bit storage address for destruction is not transferred, the transaction processing engine 320 is operated to transmit the transferred transaction information for public key recording, The public key for the public key certificate and the user verification proof information are extracted from the verification transaction information (S370).

The block-chain-based public key certificate management server 300 receives the public key for the public key certificate and the user verification assertion information extracted and the certificate validity information including the transaction ID information for public key recording stored in the per-user transaction key word information DB 311 And transmits an acknowledgment signal to the block-chain-based authorized certificate authentication request server 500 (S380).

In the block chain-based public key certificate authentication request server 500, the identification information of the corresponding user is extracted from the user identification information DB 511 for each member, the hash processing engine 520 is operated, Based on the processed user cost identification information and the information included in the certificate validity confirmation signal transmitted from the block chain based public key certificate authentication server 500, The transaction ID information for key recording is subjected to hashing operation and processed as cost information verification proof information (S390).

Thereafter, the hash processing engine 520 of the block chain-based public key certificate authentication requesting server 500 selects a hash of the user verification Hash information among the information included in the certificate validation signal transmitted from the block- (Step S400). First, if both hash values are not identical to each other, the user terminal 100 transmits the hash value of the block chain authentication certificate And a message indicating that the execution process is rejected is notified (S401).

Then, the block-chain-based authorized certificate authentication request server 500 calculates the hash value of the user verification verification information and the hash value of the verification user verification verification information, respectively. If the computed hash values are identical, And transmits the public key for the authorized certificate out of the information included in the confirmation signal to the user terminal 100 (S410).

Thereafter, the user terminal 100 performs the public authentication based on the transmitted public key for the public key certificate (S420).

If a certificate revocation signal requesting destruction of a block-chain-based certificate is generated (S430), if a certificate revocation signal requesting destruction of a block-chain-based certificate is generated, the user terminal 100 and the block- It is checked in which of the management servers 300 the data is created (S440).

First, when a certificate revocation signal requesting destruction of a block-chain-based certificate is generated in the user terminal 100, the user terminal 100 transmits the generated certificate revocation signal to the block-chain-based authorized certificate management server 300 (S450 )do.

The block-chain-based authorized certificate management server 300 operates the transaction processing engine 320 to extract the certificate revocation signal transmitted from the client 300 and the transaction ID information 311 for user verification, To the block chain holding server 400 (S460).

The block chain holding server 400 transmits the user verification transaction information extracted by matching the transferred user verification transaction ID information with the block chain of the electronic wallet to the block chain-based authorized certificate management server 300 (S470).

Thereafter, the transaction processing engine 320 of the block chain-based public key certificate management server 300 receives the transaction information for user verification, and when the transaction information for revoking the authorized certificate is recorded in the block chain holding server 400, Based on the output data (OD2) of the transaction information, to be stored in the bit coin address based on the block chain, to be transferred to the coin address. A multi-bit coin usage right information including a right to use a block chain based public key certificate destruction cost charged at a coin address, an input including a bit coin payment public key necessary for judging the validity of the multi-bit coin usage right information Data (ID3) and destruction-based bit-coin address reserved The user terminal 100 generates the transaction information for the authorized certificate destruction, which is divided into the output data OD3 including the bit coin address of the receiver to which the certificate storage stockpiling cost is to be transferred and the destruction cost receiver identification information for identifying the receiver, To request an electronic signature (S480).

The user terminal 100 operates the transaction signing engine 130 and electronically signs the transferred transaction information for certificate revocation, and transmits it to the block chain-based authorized certificate management server 300 (S490).

The block chain-based authorized certificate management server 300 transmits (500) transaction information for digital certificate-signed public certificate revocation by the user to be transferred to the block chain holding servers 400. [

The block chain holding servers 400 write transaction information for digital certificate-signed public certificate revocation into the block chain (S510) by the user to be transmitted, thereby destroying the user's block chain-based certificate.

Meanwhile, when a certificate revocation signal requesting destruction of a block-chain-based certificate is generated, it is checked in which of the user terminal 100 and the block-chain-based authorized certificate management server 300 is generated (S440) Based certificate is generated in the block chain-based public key certificate management server 300, the block chain-based public key certificate management server 300 operates the transaction processing engine 320 to generate transaction certificate information for user verification And when the transaction information for destroying the authorized certificate is recorded in the block chain holding server 400, the output data OD2 of the user verification transaction information is referred to and the block chain- If you do not have a certificate, you will not be able to process it. A multi-bit coin usage right information including a right to use a block chain based public key certificate destruction cost charged at a coin address, an input including a bit coin payment public key necessary for judging the validity of the multi-bit coin usage right information (OD3) and the output data (OD3) including the bit coin address of the harbinger to which the block chain-based authorized certificate destruction stockpile charged at the bit-coin address for destruction vs. storage destruction is stored and the destruction cost number identification information for identifying the receiver, And generates the electronic signature of the remitter corresponding to the block chain-based authorized certificate management server 300 in the generated transaction information for revoking the authorized certificate, And transmits transaction information for destroying the public certificate to the block chain holding servers 400 (S441).

The block-chain holding servers 400 write transaction information for digital certificate-signed public certificate destruction by the remitter in the block chain (S442), thereby destroying the user's block-chain-based authorized certificate.

15 to 17 illustrate a public key certificate authentication method based on a block chain according to another embodiment, which is different from that of the public key certificate authentication system based on the above-described block chain, The authentication system related drawings are omitted.

The public key certificate authentication system and method based on the block chain according to another embodiment differs from the public key certificate authentication system and method based on the above-mentioned block chain by merely performing user verification Based on the block chain-based public key certificate authentication server 300 or the block chain-based public key certificate authentication server 300, It's a car.

That is, according to another embodiment, a public key certificate authentication system based on a block chain includes a user terminal 100 requesting block chain-based public authentication, Extracts the identification information of the user from the identification information DB 511, performs hashing operation on the identification information of the extracted user, processes it as cost information user identification information, And the block-chain-based authorized certificate authentication request server 500 that transmits the designated user identification information of the corresponding user and the block-chain-based authorized certificate authentication request server 500 , The designated user identification information among the transmitted information is matched with the transaction search keyword information DB 311 for each user, ID information and transaction ID information for user verification to request download of the transaction information for public key recording and the transaction information for user verification, a block chain-based public certificate management server 300 for transmitting the transaction information for bit coin settlement, An electronic wallet having a block chain in which bit coin settlement is authenticated through verification of the transmitted bit coin settlement transaction information and bit coin settlement transaction information is recorded in accordance with the authentication, The transaction information for public key recording including the public key and the user verification transaction information including the user verification hash information are also recorded, and the transaction ID information for public key recording transmitted from the block chain-based public key certificate server 300 And transaction identity information for user verification with the electronic wallet, And a block chain holding server (400) for transmitting transaction information and user verification transaction information to the block chain based public certificate management server (300), wherein the block chain based public certificate management server (300) 400, and public key for user authentication and user verification verification information are extracted from the transaction information for public key recording and user verification transaction information, and the transmitted user identification identification information and the transaction search keyword information DB The hash value of the extracted user verification verification information and the processed value of the user verification verification information of the processed user verification verification information If the hash values of both are the same, the extracted public key for the authorized certificate and the designated user identification information of the corresponding user are stored in the block chain basis The block-chain-based public-key-certificate-authentication-requesting server 500 transmits the public key for the public-key certificate to the user terminal 100 by referring to the designated user identification information among the transmitted information And the user terminal 100 is configured to perform public authentication based on the transmitted public key for the public key certificate.

According to this configuration, in the public key certificate authentication method based on the block chain according to another embodiment, the user terminal 100 accesses the block chain-based public key certificate authentication request server 500 to request block chain- , The block chain based authentication certificate authentication request server 500 extracts the identification information of the corresponding user from the user identification information DB 511 for each member according to the block chain based authentication request, The identification information of the extracted user is subjected to a hashing operation to be processed as the idle user identifying identification information, and the processed user identification identification information of the user and the designated user identification information of the corresponding user are stored in the block (Step S610), and the block-chain-based authorized certificate management server 300 transmits the identification information to the chain-based authorized certificate management server 300 Information matching the designated user identification information among the transmitted information with the transaction-specific keyword information DB 311 for each user, and the transaction ID information for public key recording and the transaction ID information for user verification, (S620) for requesting download of transaction information for public key recording and user verification transaction (S620), and transferring the transaction ID for public key recording and user verification (S630) of matching the transaction ID information with the electronic wallet and transmitting matching transaction information for public key recording and transaction information for user verification to the block chain-based authorized certificate management server 300 (S630) The server 300 operates the transaction processing engine 320 to obtain transaction information for public key recording and transaction information for user verification A step S670 of extracting the public key for user certificate and the user verification verification information, and the operation of the hash processing engine 330 in the block chain-based public key certificate management server 300, (Step S680) of processing transaction ID information for public key recording stored in the user-specific transaction search keyword information DB 311 and processing the processed transaction ID information into cost user verification verification information (step S680). The block chain-based authorized certificate management server 300 The hash value of the extracted user verification hash information and the hash value of the processed user cost verification validation information are processed in the hash processing engine 330 of the first embodiment, (Step S690). If the hash value of the extracted user verification verification information is equal to the hash value of the processed user verification verification information, the block chain-based authorized certificate management server 300 acquires the extracted authentication certificate A step S700 of transmitting the public key and the designated user identification information of the user to the block chain based public key certificate authentication requesting server 500 and the block chain based public key certificate authentication requesting server 500, (S710) transmitting the transmitted public key for the public key certificate to the user terminal 100 by referring to the identification information, and performing public key authentication based on the public key for the public key certificate transmitted from the user terminal 100 Step S720.

100: user terminal 101: information output section
102: information storage unit 110: key generation engine
120: encryption / decryption engine 130: transaction signature engine
141: User identification information input screen 141a: User name input field
141b: input date of user's date of birth 141c: input number of user's phone number
141d: User's email input box 142: Network blocking guide screen
143: Network blocking display screen 144: Password input screen
144a, 151a: Password input field 145: Image selection screen
146: Key generation guidance screen 147: Network connection display screen
148: Issuance completion guide screen
151: Password input screen for authentication
152: Image selection screen for authentication
200: Block Chain Based Authorized Certificate Issuing Request Server
210, 310, 510:
211,511: user identification information DB 220, 330, 520: hash processing engine
300: Block Chain Based Authorized Certificate Management Server
311: Transaction search keyword information DB for each user
400: block chain holding server
500: Block Chain based authentication certificate authentication request server

Claims (30)

A user terminal (100) requesting a block chain based authentication;
Based on the block chain-based public authentication request of the user terminal 100, a block chain-based public key certificate authentication for relaying a block chain-based public key authentication request by transmitting designated user identification information of a corresponding user operating the user terminal 100 A request server 500;
Based public key certificate transaction ID information and user verification transaction ID information matched with the designated user identification information transmitted from the block-chain-based public-key certificate authentication request server 500 to transmit public-key record transaction information and user verification transaction A block chain-based public key certificate management server 300 for requesting download of information;
An electronic purse having a block chain in which bit coin settlement transaction information is authenticated and bit coin settlement transaction information is recorded in accordance with the authenticated bit coin settlement transaction information by verifying the transferred bit coin settlement transaction information is transmitted In the electronic wallet, transaction information for public key recording including a public key for a public certificate and user authentication transaction information including user verification verification information are also recorded. The block chain- Based transaction ID information and user verification transaction ID information to the electronic wallet and transmits the matching transaction information for public key recording and transaction information for user verification to the block chain- And a block chain holding server (400)
The block-chain-based authorized certificate management server 300 extracts the public key and the user verification verification information for the public key certificate from the public key recording transaction information and the user verification transaction information transmitted from the block-chain holding server 400 Transmits the certificate validation signal including the extracted public key for the public key certificate, the user verification verification information and the public key recording transaction ID information to the block chain based public key certificate authentication server 500,
The block-chain-based authorized certificate authentication request server 500 extracts the identification information of the corresponding user from the user identification information DB 511 for each member, performs hashing on the extracted identification information of the user, And the transaction ID information for public key recording among the information included in the processed validity identification identification information and the certificate validity confirmation signal transmitted from the block chain based public key certificate management server 300 is subjected to a hashing operation The hash value of the user verification verification information among the information included in the certificate validation verification signal transmitted from the block chain based public key certificate management server 300 and the hash value of the user verification verification information If the hash values of the hash information are respectively calculated and the hash values of both are the same, Key to the user terminal 100,
Wherein the user terminal (100) performs public authentication based on the transmitted public key for the public key certificate.
The method according to claim 1,
The block chain-based authorized certificate authentication request server 500 includes a DB unit 510; And a hash processing engine 520,
In the DB unit 510, identification information of a user who operates the user terminal 100 is stored, and personal information for issuing a block chain-based public key certificate, which is composed of identification information of a user used in issuing a block chain- A user identification information DB 511 for each member in which designated user identification information corresponding to identification information of a user designated in the identification information of the same user and identification information of the user is stored,
The block-chain-based public key certificate authentication request server 500 generates a block chain-based public key certificate based on the block chain-based public key authentication request of the corresponding user operating the user terminal 100 in the user identification information DB 511 Extracts the designated user identification information, transmits it to the block chain-based authorized certificate management server 300,
The hash processing engine 520 performs a hashing operation on the identification information of the user and processes the processed identification information into the identification information of the cost user, The hash value of the user verification verification information and the hash value of the user verification verification information are calculated to determine whether the hash values of both users are the same or not Wherein the certificate authentication system is based on a block chain.
The method according to claim 1,
The block chain-based authorized certificate management server 300 includes a DB unit 310; And a transaction processing engine 320,
In the DB unit 310, a user who is a member of the block chain-based authentication certificate issuing personal information, which is made up of the identification information of the user used in issuing the block chain- Transaction ID information for public key recording used as a key value in retrieving transaction information for public key recording and transaction ID information for user verification used as a key value to retrieve transaction information for user verification, Information DB 311,
The block-chain-based authorized certificate management server 300 matches the designated user identification information with the per-user transaction-specific keyword information DB 311, and stores the public key recording transaction ID information and the user verification transaction ID information Extraction,
Wherein the transaction processing engine (320) controls the public key and the user verification verification information for the public key certificate to be extracted from the public key recording transaction information and the user verification transaction information, Certificate authentication system.
The method of claim 3,
If the block chain-based authorized certificate destruction stockpile information, which is a cost to be used to destroy the block chain-based public certificate, and the transaction information for user verification are recorded in the block chain of the block chain holding servers 400, Block Chain Based Certified Certificate Block Chain Based on Block Chain Cost Corresponding Certificate Destroys Certified Certificate Destroy the storage cost of stockpile storage to be assigned to the designated bit coin address Bit Coin Address for storage and destruction of authorized certificate based on block chain Includes stockpile cost escalation information,
The transaction processing engine 320 of the block-chain-based public key certificate management server 300 extracts a parity bitcoin address for reserving a parity included in the parity stockpile cost transfer information among the information included in the user verification transaction information, Based on the block-chain-based public-key certificate destruction check request signal for inquiring whether or not the block chain-based authorized certificate destruction stockpile corresponding to the bit coin amount charged at the extracted destruction-to-destruction bit coin address has been transferred, To the block chain holding server 400,
The block chain holding server 400 matches the destruction bit coin address included in the transmitted block chain based certificate revocation confirmation request signal with the block chain to match the corresponding destruction bit coin address Based on the block chain, a block chain based public certificate revocation guide signal for informing whether or not to transfer the charged block chain based public certificate destruction storage cost to the block chain based public certificate management server 300,
The transaction processing engine 320 of the block chain-based public key certificate management server 300 refers to the block chain-based public key certificate revocation information guidance signal and determines whether or not the block chain-based public key certificate storage cost charged in the bit- Based on the block chain, a message indicating that the process of performing the block chain-based public authentication is rejected to the user terminal (100).
The method according to claim 1,
The transaction information for public key recording may include a bit coin settlement transaction used for identifying a storage location of a to-be-used bit coin to be used among the bit coin amounts held by the remitter through the previous bit coin settlement transaction information, ID coincidence information, bit coin usage right information of the sender, bit coin settlement public key necessary for judging the validity of the bit coin use right information, cost required for registration of the public key for the public key certificate And a public key for the public key certificate, the public key registration fee information including the public key registration fee information, the OP_RETURN information indicating that the transaction is a transaction for information recording, not the transaction for bit coin transaction, and the public key for the public key certificate.
The method according to claim 1,
The user terminal 100 includes an information storage unit 102 in which a private key for a public key certificate is stored as a private key for an encrypted public key certificate based on a password and a photograph image set by the user; And an encryption / decryption engine (120)
The block-chain-based public key certificate authentication request server 500 transmits the public key for the public key certificate to the public key for the encrypted public key certificate based on the password set by the user and the user authentication request message requesting the input of the photo image In addition,
The encryption / decryption engine 120 of the user terminal 100 decrypts the private key for the encrypted public key certificate stored in the information storage unit 102 with reference to the transmitted public key for the encrypted public key certificate, If the password and the photographic image match, a user authentication signal is transmitted to the block chain-based authorized certificate authentication server 500. [
The method according to claim 6,
A user authentication screen part is stored in the information storage part 102 of the user terminal 100,
The stored user authentication screen part,
An authentication execution password input screen 151 including a password input field 151a for inputting a password set by the user when issuing the block chain based public key certificate;
And an image selection screen (152) for performing an authentication, in which a plurality of images are displayed, and an image designated by the user when the issuance of the block chain-based public key certificate is displayed in a selectable manner. Authentication system.
The method according to claim 1,
The user verification transaction information is divided into input data (ID2) and output data (OD2), and the input data (ID2) includes the bit coin amount A previous bit coin settlement transaction ID information used to identify a storage location of a to-be-used bit coin to be used, a bit coin usage right information of a sender, and a bit coin settlement public key , The cost of registration of the user verification verification information required to issue the block chain-based certificate, the cost of the user verification verification registration fee, and the cost to be used to destroy the block chain-based certificate. , And the output data (OD2) includes, for the information recording, not the transaction for the bit coin transaction If the OP_RETURN information indicating the transaction, the user verification verification information (OD21), and the transaction information for the user verification are recorded in the block chain of the block chain holding servers 400, the block corresponding to the block chain- Destroy the chain-based authorized certificate Destroy the stockpile so that the stockpile cost is transferred to the designated bit coin address. Bit for stockpiling. Coin address and the corresponding block chain. Destroy the authorized certificate. Discard the amount of the stockpile cost. Stockpile cost. Confirmation information (OD22) is included,
The block chain-based authorized certificate management server 300 includes a DB unit 310 having a user-specific transaction search keyword information DB 311 storing transaction ID information for public key recording and transaction ID information for user verification. And a transaction processing engine (320)
When the certificate destruction signal requesting destruction of the block-chain-based certificate is generated, the block-chain-based authorized certificate management server 300 operates the transaction processing engine 320 to access the transaction-specific keyword database 311 Extracts transaction ID information for user verification, and transmits it to the block chain holding server 400,
The block chain holding server 400 transmits the user verification transaction information extracted by matching the transferred user verification transaction ID information with the block chain of the electronic purse to the block chain based public certificate management server 300,
When the transaction processing engine 320 of the block chain-based authorized certificate management server 300 receives the transaction information for user verification and the transaction information for revoking the authorized certificate is recorded in the block chain holding server 400, Based on the output data (OD2) of the transaction information for verification, to be stored in a bit coin-based address. Block Chain-Based Certificate Stamping Charged at a Coin Address Bit coin usage right information including a right to use the block chain based public key certificate destruction storage fee charged at the bit coin address for the multi-bit coin, a public key for payment of the bit coin required to determine the validity of the multi-bit coin usage right information (ID3) including the input data (ID3) and the parity bits Generates transaction information for public certificate destruction, which is divided into output data (OD3) including the bit coin address of the receiver to which the block chain-based public key certificate destruction storage cost is transmitted and the destruction cost receiver identification information for identifying the receiver, To the chain holding servers 400,
The block chain holding servers 400 write the transaction information for destroying the public certificate into the block chain to destroy the block chain based public key certificate of the user.
9. The method of claim 8,
The user terminal 100 includes a transaction signature engine 130,
If the certificate revocation signal is generated in the user terminal 100, the block-chain-based authorized certificate management server 300 transmits the created certificate revocation transaction certificate information to the user terminal 100, In addition,
The user terminal 100 operates the transaction signing engine 130 to electronically sign the transaction information for revoking the public certificate and transmits the transaction information to the block chain based public key certificate management server 300,
The block-chain-based authorized certificate management server 300 controls to transmit transaction information for digital certificate-signed certificate revocation by a user transmitted from the user terminal 100 to the block chain holding server 400 A certificate chain authentication system based on block chaining.
9. The method of claim 8,
If the certificate revocation signal is generated by itself, the block chain-based public key certificate management server 300 operates the transaction processing engine 320 to generate an electronic signature of the remitter corresponding to the block chain- To the block chain holding server (400), transaction information for revoking the public certificate, which is signed by the remitter, to the block chain holding server (400) Authentication system.
A step S300 of accessing the block chain-based authorized certificate authentication requesting server 500 from the user terminal 100 and requesting block chain based authentication;
In the block-chain-based authorized certificate authentication requesting server 500, the designated user identification information of the corresponding user operating the user terminal 100 is extracted from the user identification information DB 511 for each member according to the block chain- (S310) to the block chain-based authorized certificate management server 300;
The block chain-based authorized certificate management server 300 matches the transmitted designated user identification information with the per-user transaction search keyword information DB 311 to match public key recording transaction ID information and user verification transaction ID information Block chain holding server 400 to request downloading of transaction information for public key recording and transaction information for user verification (S320);
In the block chain holding server 400, the transmitted transaction ID information for public key recording and the transaction ID information for user verification are matched with the electronic purse, and matching transaction information for public key recording and transaction information for user verification To the block chain-based public key certificate management server 300 (S330);
The block chain based public key certificate management server 300 operates the transaction processing engine 320 to generate public key and public key verification information for the public key certificate in the transferred transaction information for public key recording and the transaction information for user verification Extracting (S370);
The block chain based public key certificate management server 300 may include the extracted public key and public key verification information for the public key certificate and transaction ID information for public key recording stored in the per-user transaction key word information DB 311 (S380) of transmitting the certificate validation signal to the block chain-based authorized certificate authentication request server (500);
In the block chain-based public certificate authentication requesting server 500, the identification information of the corresponding user is extracted from the per-member user identification information DB 511, the hash processing engine 520 is operated, And processing the processed user cost identification information and the processed user cost identification information included in the certificate validity confirmation signal transmitted from the block chain based authorized certificate authentication request server 500 (S390) of processing the transaction ID information for public key recording among the information by performing a hashing operation on the transaction ID information for the public key recording;
In the hash processing engine 520 of the block chain-based public certificate authentication requesting server 500, the block chain-based authorized certificate management server 300 generates a certificate validation acknowledgment information Computing a hash value and a hash value of the cost user verification validation information, respectively, and confirming whether the computed hash values are identical (S400);
The hash value of the user verification verification information and the hash value of the cost verification verification information among the information included in the certificate validation signal transmitted from the block chain based public certificate management server 300 are respectively calculated, (S410) of transmitting the public key for the authorized certificate from the information included in the certificate validation signal to the user terminal (100) in the block chain-based public key certificate authentication request server (500)
(S420) performing public authentication based on the transmitted public key for the public key certificate (S420) in the user terminal (100).
12. The method of claim 11,
In the block chain holding server 400, the transmitted transaction ID information for public key recording and the transaction ID information for user verification are matched with the electronic purse, and matching transaction information for public key recording and transaction information for user verification After the step S330 of transmitting to the block chain-based authorized certificate management server 300,
The block chain based public key certificate management server 300 operates the transaction processing engine 320 to extract a bit coin address for reserving the destruction storage in the destruction storage cost transfer information included in the transferred user verification transaction information, Based on the block chain, the block chain-based public certificate destruction checking request signal for inquiring whether or not the block chain-based authorized certificate destruction stockpile corresponding to the bit coin amount charged at the extracted biting-to-parity bit storage address has been transferred, To the block chain holding server 400 (S340);
In the block-chain holding server 400, the block-chain-based public-key certificate revocation check request signal included in the transmitted block-chain-based public certificate revocation confirmation request signal is matched with the block chain, (S350) of transmitting a block chain-based certificate revocation list signal to the block-chain-based authorized certificate management server 300, which informs whether or not the block chain-based authorized certificate destruction storage cost charged in the block chain is eased;
The transaction processing engine 320 of the block-chain-based public key certificate management server 300 refers to the transmitted block chain-based certificate revocation guide information signal and generates a block chain-based public key certificate Confirming whether the destruction stockpiling cost has been transferred (S360);
Based on the block chain-based public key certificate stored in the bit-coin address for destruction and destruction, is transferred to the user terminal 100 in the block chain-based authorized certificate management server 300, (S361) of notifying that a message indicating rejection has been received (S361).
13. The method of claim 12,
The transaction processing engine 320 of the block-chain-based public key certificate management server 300 refers to the transmitted block chain-based certificate revocation guide information signal and generates a block chain-based public key certificate In step S360 of confirming whether the destruction stockpiling cost has been transferred,
If it is determined that the block chain-based authorized certificate destruction and storage cost charged in the destruction-to-destruction bit coin address has not been transferred, the block chain-based authorized certificate management server 300 operates the transaction processing engine 320, The public key certificate for the public key and the user verification verification information are extracted from the transaction information for public key recording and the transaction information for user verification, in step S370.
12. The method of claim 11,
In the hash processing engine 520 of the block-chain-based public key certificate authentication requesting server 500, the key verification based on the information included in the certificate validity confirmation signal transmitted from the block- And the hash value of the cost user verification verification information, and confirms whether the computed hash values are identical to each other. In step S400,
The hash value of the user verification verification information and the hash value of the cost verification verification information among the information included in the certificate validation signal transmitted from the block chain based public certificate authentication request server 500, If the calculated hash values are not the same, step S401 is performed so that the block chain-based authorized certificate management server 300 notifies the user terminal 100 of a message that block chain- The method of claim 1, further comprising:
12. The method of claim 11,
Confirming whether a certificate revocation signal requesting destruction of a block-chain-based certificate is generated (S430);
(S440) if the certificate revocation signal requesting destruction of the block-chain-based certificate is generated (S440), which is generated at the user terminal (100) and the block chain-based authorized certificate management server (300);
When the certificate revocation signal requesting destruction of the block-chain-based certificate is generated in the user terminal 100, transmitting the generated certificate revocation signal to the block-chain-based authorized certificate management server 300 in the user terminal 100 (S450);
The transaction processing engine 320 is operated in the block chain-based authorized certificate management server 300 to extract the transaction certificate ID for user verification by matching the transmitted certificate revocation signal with the transaction search keyword information DB 311 for each user , And transmitting it to the block chain holding server 400 (S460);
The block chain holding server 400 transmits the user verification transaction information extracted by matching the transferred user verification transaction ID information with the block chain of the electronic purse to the block chain based public certificate management server 300 Step S470;
When the transaction processing engine 320 of the block chain-based authorized certificate management server 300 receives the transaction information for user verification and the corresponding transaction information for revoking the authorized certificate is recorded in the block chain holding server 400, Based on the output data (OD2) of the transaction information for verification. Bit for stock destruction According to the block chain filled in the coin address Destroys the accredited certificate Destroys the stockpile Cost to transfer the stockpile Cost Stockpile Cost Information to be transferred Either transfer information, Bit coin usage right information including a right to use the block chain based public key certificate destruction storage fee charged at the bit coin address for the multi-bit coin, a public key for payment of the bit coin required to determine the validity of the multi-bit coin usage right information Input data (ID3) included in the discarding bit coin address and the discarding bit coin address Generating transaction information for authenticating certificate destruction, which is divided into output data (OD3) including the bit coin address of the receiver to which the block chain-based public-key certificate destruction storage cost is transferred and the destruction cost receiver identification information for identifying the receiver, Transmitting the digital signature to the terminal 100 (S480);
The user terminal 100 operates the transaction signing engine 130 to electronically sign the transaction information for revoking the public certificate and transmits the transaction information to the block chain based public key certificate management server 300 in operation S490;
(500) of transmitting block-chain-based authorized certificate management server (300) transaction information for digitally signed certificate revocation by the user to the block chain holding server (400);
(S510), in the block chain holding server (400), writing transaction information for digital certificate-signed public certificate revocation to the block chain by the user (S510) Wherein the certificate chain includes a plurality of block chains.
16. The method of claim 15,
If it is determined in step S440 that the generated certificate revocation signal is generated in the user terminal 100 and the block chain-based authorized certificate management server 300,
When the certificate revocation signal requesting the destruction of the block-chain-based certificate is generated in the block-chain-based authorized certificate management server 300, the block chain-based authorized certificate management server 300 operates the transaction processing engine 320 When the transaction information for the user verification is received and the transaction information for revoking the authorized certificate is recorded in the block chain holding server 400, the output data OD2 of the user verification transaction information is referred to, Based on a block chain that has been filled in. A bankruptcy guideline based on a chain of blocks destroying a stockpile leading to a transfer of costs. Stockpile information. Bit coin usage right information including the multi-bit coin usage right information, The input data (ID3) including the public key for bit coin necessary for judging the affinity, and the bit coin address of the receiver to which the block chain-based authorized certificate destruction stockpiling charge charged to the destruction bit coin- Based on the transaction information for destroying public-key certificate, the transaction information for revoking the public-key certificate, which is distinguished by the output data OD3 including the destruction cost receiver identification information, (S441) of transmitting the electronic signature of the remitter corresponding to the electronic certificate to the block chain holding servers 400;
(S442) of, in the block chain holding servers (400), recording transaction information for denying public certificate, which is digitally signed by the transmitted remitter, in the block chain (S442) Wherein the certificate chain includes a plurality of block chains.
A user terminal (100) requesting a block chain based authentication;
In accordance with the block chain-based authentication request of the user terminal 100, the identification information of the corresponding user is extracted from the user identification information DB 511 for each member, the identification information of the extracted user is subjected to hashing calculation, A block-chain-based authorized certificate authentication requesting server 500 for transmitting the processed user identification identification information and the designated user identification information of the user;
Based user identification information and the designated user identification information from the block chain-based authorized certificate authentication requesting server 500 and transmits the designated user identification information among the transmitted information to the user-specific transaction search keyword information DB 311 A block chain-based authorized certificate management server 300 for requesting download of transaction information for public key recording and transaction information for user verification by transmitting matching transaction ID information for public key recording and transaction ID information for user verification;
An electronic purse having a block chain in which bit coin settlement transaction information is authenticated and bit coin settlement transaction information is recorded in accordance with the authenticated bit coin settlement transaction information by verifying the transferred bit coin settlement transaction information is transmitted In the electronic wallet, transaction information for public key recording including a public key for a public certificate and user authentication transaction information including user verification verification information are also recorded. The block chain- Based transaction ID information and user verification transaction ID information to the electronic wallet and transmits the matching transaction information for public key recording and transaction information for user verification to the block chain- And a block chain holding server (400)
The block-chain-based authorized certificate management server 300 extracts the public key and the user verification verification information for the public key certificate from the public key recording transaction information and the user verification transaction information transmitted from the block-chain holding server 400 , The transaction ID information for the public key recording stored in the DB 311 of the per-user transaction identification keyword information 311 and the transmitted cost identification ID information is subjected to a hashing operation to be processed as cost user verification verification information, The hash value of the user verification verification information and the hash value of the processed user verification verification information are computed, and if both hash values are the same, the extracted public key for the public certificate and the designated user Transmits the identification information to the block-chain-based authorized certificate authentication request server (500)
The block-chain-based public key certificate authentication request server 500 transmits the transmitted public key for the public key certificate to the user terminal 100 by referring to the designated user identity information among the transmitted information,
Wherein the user terminal (100) performs public authentication based on the transmitted public key for the public key certificate.
18. The method of claim 17,
The block chain-based public key certificate authentication request server 500 includes a hash processing engine 520,
The user ID information DB 511 for each member stores identification information of a user operating the user terminal 100. The block chain-based authorized certificate issuing unit The identification information of the user identical to the personal information for the user and the designated user identification information corresponding to the identification information of the designated user of the identification information of the user,
The hash processing engine (520) performs a hashing operation on the identification information of the user and processes the identification information of the user as identification information of the cost user, based on the block chain.
18. The method of claim 17,
The block chain-based authorized certificate management server 300 includes a transaction processing engine 320; And a hash processing engine 330,
In the user-specific transaction search keyword information DB 311, identification information of a user designated in the same user as the personal information for issuing the block chain-based authorized certificate, which is made up of the user's identification information used in issuing the block chain- , Transaction ID information for public key recording used as a key value for retrieving transaction information for public key recording, and transaction ID information for user verification used as a key value to retrieve transaction information for user verification are stored ,
The transaction processing engine 320 extracts the public key for the public key certificate and the user verification verification information from the transaction information for public key recording and the transaction information for user verification,
The hash processing engine 330 performs hashing operation on the transferred cost identification identification information and transaction ID information for public key recording stored in the per-user transaction search keyword information DB 311, Wherein the hash value of the extracted user verification verification information and the hash value of the processed user verification verification information are processed to determine whether the hash values of both of the user verification verification information are the same. Authorized certificate authentication system based on chain.
20. The method of claim 19,
If the block chain-based authorized certificate destruction stockpile information, which is a cost to be used to destroy the block chain-based public certificate, and the transaction information for user verification are recorded in the block chain of the block chain holding servers 400, Block Chain Based Certified Certificate Block Chain Based on Block Chain Cost Corresponding Certificate Destroys Certified Certificate Destroy the storage cost of stockpile storage to be assigned to the designated bit coin address Bit Coin Address for storage and destruction of authorized certificate based on block chain Includes stockpile cost escalation information,
The transaction processing engine 320 of the block-chain-based public key certificate management server 300 extracts a parity bitcoin address for reserving a parity included in the parity stockpile cost transfer information among the information included in the user verification transaction information, Based on the block-chain-based public-key certificate destruction check request signal for inquiring whether or not the block chain-based authorized certificate destruction stockpile corresponding to the bit coin amount charged at the extracted destruction-to-destruction bit coin address has been transferred, To the block chain holding server 400,
The block chain holding server 400 matches the destruction bit coin address included in the transmitted block chain based certificate revocation confirmation request signal with the block chain to match the corresponding destruction bit coin address Based on the block chain, a block chain based public certificate revocation guide signal for informing whether or not to transfer the charged block chain based public certificate destruction storage cost to the block chain based public certificate management server 300,
The transaction processing engine 320 of the block chain-based public key certificate management server 300 refers to the block chain-based public key certificate revocation information guidance signal and determines whether or not the block chain-based public key certificate storage cost charged in the bit- Based on the block chain, a message indicating that the process of performing the block chain-based public authentication is rejected to the user terminal (100).
18. The method of claim 17,
The transaction information for public key recording may include a bit coin settlement transaction used for identifying a storage location of a to-be-used bit coin to be used among the bit coin amounts held by the remitter through the previous bit coin settlement transaction information, ID coincidence information, bit coin usage right information of the sender, bit coin settlement public key necessary for judging the validity of the bit coin use right information, cost required for registration of the public key for the public key certificate And a public key for the public key certificate, the public key registration fee information including the public key registration fee information, the OP_RETURN information indicating that the transaction is a transaction for information recording, not the transaction for bit coin transaction, and the public key for the public key certificate.
18. The method of claim 17,
The user terminal 100 includes an information storage unit 102 in which a private key for a public key certificate is stored as a private key for an encrypted public key certificate based on a password and a photograph image set by the user; And an encryption / decryption engine (120)
The block-chain-based public key certificate authentication request server 500 transmits the public key for the public key certificate to the public key for the encrypted public key certificate based on the password set by the user and the user authentication request message requesting the input of the photo image In addition,
The encryption / decryption engine 120 of the user terminal 100 decrypts the private key for the encrypted public key certificate stored in the information storage unit 102 with reference to the transmitted public key for the encrypted public key certificate, If the password and the photographic image match, a user authentication signal is transmitted to the block chain-based authorized certificate authentication server 500. [
23. The method of claim 22,
A user authentication screen part is stored in the information storage part 102 of the user terminal 100,
The stored user authentication screen part,
An authentication execution password input screen 151 including a password input field 151a for inputting a password set by the user when issuing the block chain based public key certificate;
And an image selection screen (152) for performing an authentication, in which a plurality of images are displayed, and an image designated by the user when the issuance of the block chain-based public key certificate is displayed in a selectable manner. Authentication system.
18. The method of claim 17,
The user verification transaction information is divided into input data (ID2) and output data (OD2), and the input data (ID2) includes the bit coin amount A previous bit coin settlement transaction ID information used to identify a storage location of a to-be-used bit coin to be used, a bit coin usage right information of a sender, and a bit coin settlement public key , The cost of registration of the user verification verification information required to issue the block chain-based certificate, the cost of the user verification verification registration fee, and the cost to be used to destroy the block chain-based certificate. , And the output data (OD2) includes, for the information recording, not the transaction for the bit coin transaction If the OP_RETURN information indicating the transaction, the user verification verification information (OD21), and the transaction information for the user verification are recorded in the block chain of the block chain holding servers 400, the block corresponding to the block chain- Destroy the chain-based authorized certificate Destroy the stockpile so that the stockpile cost is transferred to the designated bit coin address. Bit for stockpiling. Coin address and the corresponding block chain. Destroy the authorized certificate. Discard the amount of the stockpile cost. Stockpile cost. Confirmation information (OD22) is included,
The block chain-based authorized certificate management server 300 includes a DB unit 310 having a user-specific transaction search keyword information DB 311 storing transaction ID information for public key recording and transaction ID information for user verification. And a transaction processing engine (320)
When the certificate destruction signal requesting destruction of the block-chain-based certificate is generated, the block-chain-based authorized certificate management server 300 operates the transaction processing engine 320 to access the transaction-specific keyword database 311 Extracts transaction ID information for user verification, and transmits it to the block chain holding server 400,
The block chain holding server 400 transmits the user verification transaction information extracted by matching the transferred user verification transaction ID information with the block chain of the electronic purse to the block chain based public certificate management server 300,
When the transaction processing engine 320 of the block chain-based authorized certificate management server 300 receives the transaction information for user verification and the transaction information for revoking the authorized certificate is recorded in the block chain holding server 400, Based on the output data (OD2) of the transaction information for verification. Bit for stock destruction According to the block chain filled in the coin address Destroys the accredited certificate Destroys the stockpile Cost to transfer the stockpile Cost Stockpile Cost Information to be transferred Either transfer information, Bit coin usage right information including a right to use the block chain based public key certificate destruction storage fee charged at the bit coin address for the multi-bit coin, a public key for payment of the bit coin required to determine the validity of the multi-bit coin usage right information (ID3) including the input data (ID3) and the parity bits Generating transaction information for authenticating certificate destruction, which is divided into output data (OD3) including the bit coin address of the receiver to which the block chain-based private certificate destruction storage cost is transferred and the destruction cost receiver identification information for identifying the receiver, To the block chain holding server 400,
Wherein the block chain holding server (400) writes the transaction information for destroying the authorized certificate in the block chain and destroys the block chain based public key certificate of the user.
25. The method of claim 24,
The user terminal 100 includes a transaction signature engine 130,
If the certificate revocation signal is generated in the user terminal 100, the block-chain-based authorized certificate management server 300 transmits the created certificate revocation transaction certificate information to the user terminal 100, In addition,
The user terminal 100 operates the transaction signing engine 130 to electronically sign the transaction information for revoking the public certificate and transmits the transaction information to the block chain based public key certificate management server 300,
The block-chain-based authorized certificate management server 300 controls to transmit transaction information for digital certificate-signed certificate revocation by a user transmitted from the user terminal 100 to the block chain holding server 400 A certificate chain authentication system based on block chaining.
25. The method of claim 24,
If the certificate revocation signal is generated by itself, the block chain-based public key certificate management server 300 operates the transaction processing engine 320 to generate an electronic signature of the remitter corresponding to the block chain- To the block chain holding server (400), transaction information for revoking the public certificate, which is signed by the remitter, to the block chain holding server (400) Authentication system.
(S600) accessing the block chain-based authorized certificate authentication request server (500) in the user terminal (100) and requesting block chain based authentication;
In the block-chain-based authorized certificate authentication request server 500, the identification information of the corresponding user is extracted from the per-member user identification information DB 511 according to the block chain-based authentication request, and the hash processing engine 520 is operated The extracted user identification information is subjected to a hashing operation to be processed as cost identification identification information, and the processed user identification identification information and the designated user identification information of the user are processed by the block chain- (S610);
The block-chain-based authorized certificate management server 300 receives the cost identification identification information and the designated user identification information from the block chain-based authorized certificate management server 300, and transmits the designated user identification information to the per-user transaction search keyword information DB 311 (S620) requesting download of transaction information for public key recording and transaction information for user verification by transmitting transaction ID information for matching public key and transaction ID for user verification to block chain holding server 400, Wow;
In the block chain holding server 400, the transmitted transaction ID information for public key recording and the transaction ID information for user verification are matched with the electronic purse, and matching transaction information for public key recording and transaction information for user verification To the block chain-based public key certificate management server 300 (S630);
The block chain based public key certificate management server 300 operates the transaction processing engine 320 to generate public key and public key verification information for the public key certificate in the transferred transaction information for public key recording and the transaction information for user verification Extracting (S670);
The block chain based public key certificate management server 300 operates the hash processing engine 330 to generate the public key key information for the public key recorded in the per-user transaction identification keyword information DB 311, Processing the transaction ID information by hashing and processing the transaction ID information into cost user verification verification information (S680);
The hash value of the extracted user verification verification information and the hash value of the processed user verification verification information are respectively calculated by the hash processing engine 330 of the block chain based public key certificate management server 300 A step (S690) of confirming whether the computed hash values are the same;
If the hash value of the extracted user verification verification information is equal to the hash value of the processed user verification verification information, the block chain-based authorized certificate management server (300) And transmitting the designated user identification information of the corresponding user to the block chain-based authorized certificate authentication request server 500 (S700);
(S710) of transmitting the transmitted public key for the public key certificate to the user terminal 100 by referring to the designated user identification information in the block chain-based public key certificate authentication request server 500;
(S720) performing public authentication based on the transmitted public key for the public key certificate (S720) in the user terminal (100).
28. The method of claim 27,
In the block chain holding server 400, the transmitted transaction ID information for public key recording and the transaction ID information for user verification are matched with the electronic purse, and matching transaction information for public key recording and transaction information for user verification After the step S630 of transmitting to the block-chain-based authorized certificate management server 300,
The block chain based public key certificate management server 300 operates the transaction processing engine 320 to extract a bit coin address for reserving the destruction storage in the destruction storage cost transfer information included in the transferred user verification transaction information, Based on the block chain, the block chain-based public certificate destruction checking request signal for inquiring whether or not the block chain-based authorized certificate destruction stockpile corresponding to the bit coin amount charged at the extracted biting-to-parity bit storage address has been transferred, To the block chain holding server 400 (S640);
In the block-chain holding server 400, the block-chain-based public-key certificate revocation check request signal included in the transmitted block-chain-based public certificate revocation confirmation request signal is matched with the block chain, (S650) of transmitting a block chain-based certificate revocation list signal to the block-chain-based authorized certificate management server 300, which informs whether or not the block chain-based authorized certificate destruction storage cost charged in the block chain is transferred.
The transaction processing engine 320 of the block-chain-based public key certificate management server 300 refers to the transmitted block chain-based certificate revocation guide information signal and generates a block chain-based public key certificate Confirming whether the destruction stockpiling cost has been transferred (S660);
Based on the block chain-based public key certificate stored in the bit-coin address for destruction and destruction, is transferred to the user terminal 100 in the block chain-based authorized certificate management server 300, (S661) of notifying that the message has been rejected (S661).
29. The method of claim 28,
The transaction processing engine 320 of the block-chain-based public key certificate management server 300 refers to the transmitted block chain-based certificate revocation guide information signal and generates a block chain-based public key certificate In step S660 to confirm whether the destruction stockpiling cost has been transferred,
If it is determined that the block chain-based authorized certificate destruction and storage cost charged in the destruction-to-destruction bit coin address has not been transferred, the block chain-based authorized certificate management server 300 operates the transaction processing engine 320, And entering the step S670 of extracting the public key and the user verification proof information from the transaction information for public key recording and the transaction information for user verification.
28. The method of claim 27,
The hash value of the extracted user verification verification information and the hash value of the processed user verification verification information are respectively calculated by the hash processing engine 330 of the block chain based public key certificate management server 300 , It is determined in step S690 whether or not the calculated hash values are the same,
If the computed hash values are not identical, controlling the block chain-based authorized certificate management server 300 to notify the user terminal 100 of a message denying the block chain-based public authentication process (S691 ); ≪ / RTI >

Images