KR101829721B1 - Method for certifying a user by using mobile id through blockchain, and terminal and server using the same - Google Patents

Abstract

A method for authenticating a user using a mobile ID includes the steps of: obtaining a hash value for user information from a user′s certificate; supporting to display a variable authentication value or to display the mobile ID; and transmitting authentication result information to an authentication request terminal or supporting the transmission of the authentication result information to the authentication request terminal. The mobile ID information includes photograph image information of the user and display information of each ID card. The variable authentication value includes at least one or more of a bar code, a QR code, and NFC tag information. Therefore, the present invention can register the user′s certificate in a blockchain of virtual money, thereby preventing copying or forgery.

Description

TECHNICAL FIELD [0001] The present invention relates to a method for authenticating a user using a mobile ID through a block chain, a terminal, and a server using the terminal,

The present invention relates to a method for authenticating a user using a mobile ID through a block chain, a terminal, and a server using the terminal. More particularly, the present invention relates to a method for registering a user certificate in a block chain database and managing a private transaction ID, When a user authentication request transaction including at least a user's public key and a terminal ID is obtained from the user terminal in response to the user authentication request, the user certificate registered in the block chain database is checked using the corresponding public transaction ID, A user signature value obtained by transmitting a random hash value and a hash value of user information to a user terminal, and allowing the user terminal to sign the random nonce with the user's private key; And a hash value for user information; And a mobile identity including the mobile identity information, and when the mobile identity variable authentication value displayed on the user terminal is obtained from the authentication requesting terminal, the user signature value from the variable authentication value; And a hash value for user information; Checks the validity of the user signature value using the public key of the user certificate matched with the hash value of the user information, and authenticates the authentication result information for the user according to the validity of the user signature value The present invention relates to a method for authenticating a user using a mobile ID that is transmitted to a requesting terminal, and a terminal and a server using the same.

In general, a mobile ID refers to an identification card in the form of an app on a mobile device instead of an ID card issued by a paper or plastic card, and it is possible to confirm the identity through the presentation of the ID card stored in the mobile device, .

Because they store and use IDs on these mobile devices, they are likely to be lost or stolen. Therefore, personal information leakage or theft should be prevented from being lost or stolen.

However, the conventional mobile ID has a problem that it is vulnerable to copying or tampering because it stores information required for user authentication such as a certificate in a mobile device.

In addition, since the conventional mobile ID always uses the same information for authenticating the user, there is a problem that a third party can easily steal information due to leakage of information or the like.

SUMMARY OF THE INVENTION The present invention has been made to solve all the problems described above.

It is another object of the present invention to provide a method, terminal and server for registering a user certificate in a block chain of virtual money to make it impossible to copy or digitize / modulate the user certificate.

Another object of the present invention is to provide a method, terminal, and server for ensuring security by using a hash function and an encryption technique, and making it impossible for the user certificate to be tampered with.

Another object of the present invention is to provide a method, a terminal, and a server that can prevent problems caused by user information theft by authenticating a user through a one-time variable authentication value.

In order to accomplish the above object, a representative structure of the present invention is as follows.

According to an embodiment of the present invention, there is provided a method for authenticating a user using a mobile ID, the method comprising: (a) (i) a user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and managing a public transaction ID corresponding to the user certificate in the public block chain database, (ii) registering the user certificate in the public block chain database and managing the corresponding public transaction ID, At the same time, in the state where the user certificate is registered in the private block chain database and the private transaction ID is managed, a user authentication request transaction including at least the public key of the user and the terminal ID from the user terminal in response to the user authentication request The authentication server checks (i) the user certificate registered in the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID (Ii) checking the user certificate registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, and extracting a hash of the user information from the user's certificate Obtaining a value; (b) (b1) when the authentication server supports to transmit or transmit the random number and the hash value of the user information to the user terminal of the user matching the terminal ID, A user signature value obtained by signing the randomness with a private key of the user; And a hash value for the user information; (Ii) display a mobile identity including the mobile identity information of the user along with the variable authentication value; and (b2) the authentication server supports to display a random non- (I) a user signature value obtained by signing the random non-existence with the user's private key; And a public key of the user; (Ii) supporting a display of a mobile identity including the mobile identity information of the user with the variable authentication value; And (c) (c1) when the variable authentication value of the mobile ID is obtained from the authentication request terminal according to (b1), the authentication server calculates the user signature value from the variable authentication value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) if the variable authentication value of the mobile identity is obtained from the authentication request terminal by (b2), the authentication server transmits the authentication result information to the authentication request terminal The user signature value from the variable authentication value; And a public key of the user; The validity of the user signature value is verified by using the user's public key of the user certificate matching the extracted public key of the user, To transmit or transmit authentication result information to the authentication request terminal; Is provided.

According to an embodiment of the present invention, there is also provided a method of authenticating a user using a mobile ID, the method comprising: (a) (i) a user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and managing a public transaction ID corresponding to the user certificate in the public block chain database, (ii) registering the user certificate in the public block chain database and managing the corresponding public transaction ID, At the same time, in the state where the user certificate is registered in the private block chain database and the corresponding private transaction ID is managed, the mobile ID displayed on the user terminal in response to the user authentication request includes: (i) Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a variable authentication value including a public key of the user; (Ii) the mobile authentication information includes the mobile identity information of the user together with the variable authentication value, and if the variable authentication value of the user is acquired via the authentication requesting terminal, the authentication server reads, from the obtained variable authentication value, Terminal ID; The time stamp; The user signature value; And a public key of the user; ; And (b) the authentication server checks (i) the user's certificate registered in the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, (ii) The private key of the user is registered in the private block chain database by using the public key of the user and the private transaction ID corresponding to the terminal ID and is matched with the public key of the user extracted from the variable authentication value Extracts the time stamp from the user signature value using the public key of the user of the user certificate and checks whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value The value of the user signature value Step supporting determine whether the effect, and to transmit the authentication result information for the user of the validity of the user identified signature value to the terminal authentication request, transmitted; Is provided.

According to an embodiment of the present invention, there is also provided a method of authenticating a user using a mobile ID, the method comprising: (a) (i) a user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and managing a public transaction ID corresponding to the user certificate in the public block chain database, (ii) registering the user certificate in the public block chain database and managing the corresponding public transaction ID, At the same time, when the user identification information is acquired through the authentication request terminal in the state where the user certificate is registered in the private block chain database and the corresponding private transaction ID is managed, the authentication server transmits the user identification information to the user terminal (1) a message requesting the user authentication or (2) a message requesting the user authentication including a random non-response. The user authentication request signal includes a user authentication request signalA mobile ID corresponding to the request, wherein the mobile ID is: (i) the terminal ID; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a variable authentication value including a public key of the user; (Ii) mobile ID information of the user together with the variable authentication value, and in case (2), (i) the UE ID; A user signature value obtained by signing the randomness with a private key of the user; And a variable authentication value including a public key of the user; (Ii) if the variable authentication value of the user includes the mobile identity information of the user together with the variable authentication value, from the obtained variable authentication value, , The terminal ID; The time stamp; The user signature value; And a public key of the user; (2), the terminal ID: the user signature value: and the user's public key; ; And (b) the authentication server checks (i) the user's certificate registered in the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, (ii) (1), the private key of the user registered in the private block chain database is checked using the public key of the user and the private transaction ID corresponding to the terminal ID, and in the case of (1) Extracting the time stamp from the user signature value using the public key of the user of the user certificate matching the public key of the user, extracting the time stamp extracted from the user signature value and the time stamp extracted from the variable authentication value It is checked whether or not the time stamps match, (2), from the user signature value using the user's public key of the user certificate matching the public key of the user extracted from the variable authentication value, The method comprising the steps of: extracting randomness from the user signature value, verifying whether the randomness extracted from the user signature value matches the randomness transmitted in the user authentication request signal to check whether the user signature value is valid, And transmitting the authentication result information for the user according to the validity of the value to the authentication request terminal; Is provided.

According to another aspect of the present invention, there is provided a method for authenticating a user using a mobile ID, the method comprising the steps of: (a) generating and storing a public key of the user and a private key of the user; Public key of; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and registering the user certificate in the private block chain database, and registering the user certificate in the private block chain database, When a user authentication request signal is acquired in a state of managing the mobile ID corresponding to the user certificate, the user terminal transmits at least the user authentication request transaction including the user's public key and the terminal ID to the authentication server Supporting transmission; (b) (b1) when a random nonce and a hash value for the user information are obtained from the authentication server in response to the user authentication request transaction, the user terminal transmits (i) the random nonce to the user's private key One user signature value; And a hash value for the user information; (Ii) displaying a mobile ID including the mobile identity information of the user together with the variable authentication value; and (b2) displaying a random identity from the authentication server in response to the user authentication request transaction, (I) a user signature value obtained by signing the randomness with the user's private key; And a public key of the user; (Ii) displaying a mobile ID including the mobile ID information of the user together with the variable authentication value; And (c) (c1) allowing the user terminal to acquire the variable authentication value of the mobile ID by the authentication server through the authentication request terminal according to (b1), thereby causing the authentication server to transmit the variable authentication value The user signature value from a value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) the user terminal transmits the variable authentication value of the mobile ID to the authentication request terminal through the authentication request terminal by (b2) The server obtains the user signature value from the variable authentication value; And a public key of the user; The validity of the user signature value is verified by using the public key of the user certificate of the user certificate matching the extracted public key of the user, Supporting authentication result information for the user to be transmitted to the authentication request terminal; Is provided.

According to another aspect of the present invention, there is provided a method for authenticating a user using a mobile ID, the method comprising the steps of: (a) generating and storing a public key of the user and a private key of the user; Public key of; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) the user certificate is registered in the public block chain database, and the user certificate is registered in the private block chain database, and the registered user certificate is registered in the public block chain database, When a user authentication request signal is acquired in a state of managing the mobile ID corresponding to the user certificate, the user terminal transmits (i) the terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) displaying a mobile ID including the mobile ID information of the user together with the variable authentication value; And (b) supporting, by the user terminal, the authentication server obtaining the variable authentication value of the mobile ID via the authentication request terminal, thereby causing the authentication server to obtain the terminal ID from the variable authentication value; The time stamp; The user signature value; And a public key of the user; (I) to verify the user's certificate registered in the public block chain database using the extracted public key of the user and the public transaction ID corresponding to the terminal ID, (ii) ) To support the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, Extracting the time stamp from the user signature value using the public key of the user of the user certificate matching the public key of the user certificate, extracting the time stamp extracted from the user signature value and the time stamp extracted from the variable authentication value The stamp Step supporting values determine whether to check the validity of the user signature value, and to transmit the authentication result information for the user of the validity of the identified value of the user signature in the authentication request terminal; Is provided.

According to another aspect of the present invention, there is provided a method for authenticating a user using a mobile ID, the method comprising the steps of: (a) generating and storing a public key of the user and a private key of the user; Public key of; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) the user certificate is registered in the public block chain database, and the user certificate is registered in the private block chain database, and the registered user certificate is registered in the public block chain database, In a state where the mobile ID corresponding to the user certificate is being managed, the authentication server transmits a user authentication request signal in response to the user identification information transmitted from the authentication request terminal, and the user authentication request signal requests (1) (2) a message requesting the user authentication including (2) the random nonce, the user terminal responds to the user authentication request signal, and in the case (1), the terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; And generates a variable authentication value including the terminal ID of the user terminal in case of (2); A user signature value obtained by signing the randomness with a private key of the user; And a public key of the user; Generating a variable authentication value including the authentication value; And (b) allowing the user terminal to obtain the variable authentication value of the mobile ID from the authentication server, thereby allowing the authentication server to determine, from the variable authentication value, the terminal ID in case of (1); The time stamp; The user signature value; And a public key of the user; And in the case of (2), the terminal ID; The user signature value; And a public key of the user; (I) to verify the user's certificate registered in the public block chain database using the extracted public key of the user and the public transaction ID corresponding to the terminal ID, (ii) ) To support the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, and in the case of (1) Extracting the time stamp from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the authentication value and comparing the time stamp extracted from the user signature value and the variable The above- Time stamps to confirm whether the user signature value is valid and to support the authentication result information for the user according to the validity of the user signature value to be transmitted to the authentication request terminal, Extracts the randomness from the user signature value using the user's public key of the user certificate matching the public key of the user extracted from the variable authentication value, Checking the validity of the user signature value by verifying whether or not the random nonce and the randomness transmitted in the user authentication request signal are identical to each other and checking whether the user signature value is valid or not, To the authentication request terminal; Is provided.

According to an embodiment of the present invention, there is provided an authentication server for authenticating a user using a mobile ID, the authentication server comprising: (i) a user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and managing a public transaction ID corresponding to the user certificate in the public block chain database, (ii) registering the user certificate in the public block chain database and managing the corresponding public transaction ID, At the same time, in the state where the user certificate is registered in the private block chain database and the private transaction ID is managed, a user authentication request transaction including at least the public key of the user and the terminal ID from the user terminal in response to the user authentication request A communicating unit for acquiring; And (i) checking the user certificate registered in the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, (ii) checking the user certificate of the public key and the terminal ID (B1) acquiring a hash value for the user information from the user's certificate, (b1) checking the user certificate registered in the private block chain database using the private non- (I) a user signature value obtained by signing the random nonce with the private key of the user, when the hash value of the information is transmitted or transmitted to the user terminal of the user matching the terminal identity; And a hash value for the user information; (Ii) supporting a display of a mobile identity including the mobile identity information of the user along with the variable authentication value, and (b2) transmitting a random nonce to the user terminal or transmitting (I) a user signature value obtained by signing the randomness with the user's private key; And a public key of the user; (Ii) supporting a display of a mobile identity including the mobile identity information of the user with the variable authentication value, and (c1) supporting the display of the mobile identity by the mobile When the variable authentication value of the ID is obtained from the authentication requesting terminal, the user signature value from the variable authentication value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) when the variable authentication value of the mobile ID is obtained from the authentication request terminal by (b2), the authentication request information for the user is transmitted or transmitted to the authentication request terminal; The user signature value; And a public key of the user; The validity of the user signature value is verified by using the user's public key of the user certificate matching the extracted public key of the user, And transmitting the authentication result information to the authentication request terminal; Is provided.

According to an embodiment of the present invention, there is provided an authentication server for authenticating a user using a mobile ID, the authentication server comprising: (i) a user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and managing a public transaction ID corresponding to the user certificate in the public block chain database, (ii) registering the user certificate in the public block chain database and managing the corresponding public transaction ID, At the same time, in the state where the user certificate is registered in the private block chain database and the corresponding private transaction ID is managed, the mobile ID displayed on the user terminal in response to the user authentication request includes: (i) Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a variable authentication value including a public key of the user; Or (ii) includes the mobile identity information of the user in addition to the variable authentication value, the communication unit acquiring the variable authentication value via the authentication request terminal; And from the acquired variable authentication value, the terminal ID; The time stamp; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, (ii) checking the user's public key A process of checking the user's certificate registered in the private block chain database using the private transaction ID corresponding to the user ID and the user ID of the user extracted from the variable authentication value, Extracting the time stamp from the user signature value using the user's public key of the user signature value of the user signature and checking whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value, Value of A processor for verifying validity and supporting transmission or transmission of authentication result information for the user according to validity of the user signature value to the authentication request terminal; Is provided.

According to an embodiment of the present invention, there is provided an authentication server for authenticating a user using a mobile ID, the authentication server comprising: (i) a user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and managing a public transaction ID corresponding to the user certificate in the public block chain database, (ii) registering the user certificate in the public block chain database and managing the corresponding public transaction ID, At the same time, in a state where the user certificate is registered in the private block chain database and the corresponding private transaction ID is managed, when the user identification information is obtained from the authentication request terminal, the user authentication request signal Wherein the user authentication request signal comprises: (1) a message requesting the user authentication or (2) a message requesting the user authentication including randomness, In the case of The terminal ID from the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And obtains a variable authentication value including the public key of the user, and in the case of (2), acquires a terminal ID from the user terminal; A user signature value obtained by signing the randomness with a private key of the user; And a communication unit for obtaining a variable authentication value including the public key of the user; And from the acquired variable authentication value, in the case of (1), the terminal ID; The time stamp; The user signature value; And a public key of the user; And in the case (2), extracts the terminal ID; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, (ii) checking the user's public key And a process of checking the user's certificate registered in the private block chain database using the private transaction ID corresponding to the terminal ID, and in the case (1) Extracting the time stamp from the user signature value using the public key of the user of the user certificate matching the key, the time stamp extracted from the user signature value and the time stamp extracted from the variable authentication value are And then, (2), the randomness is extracted from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value, and the random signature is extracted from the user signature value Checking whether the extracted randomness and the randomness transmitted in the user authentication request signal agree with each other, verifying whether the user signature value is valid, checking whether the user signature value is valid or not, A processor for supporting transmission or transmission of authentication result information to the authentication request terminal; Is provided.

According to another aspect of the present invention, there is provided a user terminal for authenticating a user using a mobile ID, the method comprising: generating and storing a public key of the user and a private key of the user; key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and registering the user certificate in the private block chain database, and registering the user certificate in the private block chain database, When the user authentication request signal is acquired in a state where the mobile ID corresponding to the user certificate is being managed, a user authentication request transaction including at least the public key of the user and the terminal ID is transmitted or transmitted to the authentication server (b1) when a hash value for the random nonce and the user information is obtained from the authentication server in response to the user authentication request transaction, (i) a user signature value obtained by signing the random nonce with the private key of the user; And a hash value for the user information; (Ii) displaying a mobile ID including the mobile identity information of the user together with the variable authentication value; and (b2) displaying a random identity from the authentication server in response to the user authentication request transaction, (I) a user signature value obtained by signing the randomness with the private key of the user; And a public key of the user; (Ii) displaying a mobile ID including the mobile ID information of the user together with the variable authentication value; And (c1) allowing the authentication server to obtain the variable authentication value of the mobile identity via the authentication request terminal by (b1), thereby allowing the authentication server to obtain the user signature value from the variable authentication value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) the authentication server obtains the variable authentication value of the mobile identity through the authentication request terminal by (b2), so as to transmit the authentication result information to the authentication request terminal Thereby enabling the authentication server to obtain the user signature value from the variable authentication value; And a public key of the user; The validity of the user signature value is verified by using the public key of the user certificate of the user certificate matching the extracted public key of the user, A communication unit for supporting authentication result information for the user to the authentication request terminal; A user terminal is provided.

According to another aspect of the present invention, there is provided a user terminal for authenticating a user using a mobile ID, the method comprising: generating and storing a public key of the user and a private key of the user; key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) the user certificate is registered in the public block chain database, and the user certificate is registered in the private block chain database, and the registered user certificate is registered in the public block chain database, When a user authentication request signal is acquired in a state of managing the mobile ID corresponding to a user certificate, (i) the terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) a mobile ID indicating the mobile ID including the mobile ID information of the user together with the variable authentication value; And supporting the authentication server to obtain the variable authentication value of the mobile ID via the authentication request terminal, thereby causing the authentication server to obtain the terminal ID from the variable authentication value; The time stamp; The user signature value; And a public key of the user; (I) to verify the user's certificate registered in the public block chain database using the extracted public key of the user and the public transaction ID corresponding to the terminal ID, (ii) ) To support the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, Extracting the time stamp from the user signature value using the public key of the user of the user certificate matching the public key of the user certificate, extracting the time stamp extracted from the user signature value and the time stamp extracted from the variable authentication value The stamp Value to determine whether the communication support check the validity of the user signature value, and to transmit the authentication result information for the user of the validity of the identified value of the user signature in the authentication request terminal; A user terminal is provided.

According to another aspect of the present invention, there is provided a user terminal for authenticating a user using a mobile ID, the method comprising: generating and storing a public key of the user and a private key of the user; key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) the user certificate is registered in the public block chain database, and the user certificate is registered in the private block chain database, and the registered user certificate is registered in the public block chain database, A user authentication request signal corresponding to the user identification information acquired from the authentication requesting terminal, the user authentication request signal including (1) a message requesting the user authentication or ( 2) the message requesting the user authentication including the random nonce is obtained from the authentication server, and in case of (1), the terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; And generates a variable authentication value of the mobile ID including the terminal ID of the user terminal in case of (2); A user signature value obtained by signing the randomness with a private key of the user; And a public key of the user; A processor for generating a variable authentication value of the mobile ID; And supporting the authentication server to obtain the variable authentication value of the mobile ID, thereby enabling the authentication server to obtain the terminal ID from the variable authentication value in the case of (1) above. The time stamp; The user signature value; And a public key of the user; And in the case (2), extracting the terminal ID from the variable authentication value; The user signature value; And a public key of the user; (I) to verify the user's certificate registered in the public block chain database using the extracted public key of the user and the public transaction ID corresponding to the terminal ID, (ii) ) To support the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, and in the case of (1) Extracting the time stamp from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the authentication value and comparing the time stamp extracted from the user signature value and the variable The above- The validity of the user signature value is confirmed by confirming whether the user's signature matches the time stamp, and in case of (2), the public key of the user of the user certificate matching the public key of the user extracted from the variable authentication value And checking the validity of the user signature value by checking whether the randomness extracted from the user signature value matches the randomness included in the authentication request signal, A communication unit for supporting authentication result information for the user according to whether the user signature value is validated to the authentication request terminal; A user terminal is provided.

In addition, a computer readable recording medium for recording a computer program for executing the method of the present invention is further provided.

The present invention has the following effects.

The present invention can register a user certificate in a block chain of virtual money to make it impossible to copy or up / modulate.

In addition, the present invention can secure the security of the user certificate using the hash function and the encryption technique, and make it impossible to up / modulate the user certificate.

In addition, since the present invention authenticates a user through a one-time variable authentication value, it is possible to prevent problems caused by user information theft.

FIG. 1 schematically illustrates a system for authenticating a user using a mobile ID according to an embodiment of the present invention,
2 schematically illustrates a method of issuing a mobile ID in a method of authenticating a user using a mobile ID according to an embodiment of the present invention,
3 illustrates an example of a mobile ID issued in a method for authenticating a user using a mobile ID according to an exemplary embodiment of the present invention,
4 schematically shows a method of authenticating a user using a mobile ID according to an embodiment of the present invention,
5 schematically shows a method for authenticating a user using a mobile ID according to another embodiment of the present invention,
FIG. 6 schematically shows a method for authenticating a user using a mobile ID according to another embodiment of the present invention.

The following detailed description of the invention refers to the accompanying drawings, which illustrate, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different, but need not be mutually exclusive. For example, certain features, structures, and characteristics described herein may be implemented in other embodiments without departing from the spirit and scope of the invention in connection with an embodiment. It is also to be understood that the position or arrangement of the individual components within each disclosed embodiment may be varied without departing from the spirit and scope of the invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is to be limited only by the appended claims, along with the full scope of equivalents to which such claims are entitled, if properly explained. In the drawings, like reference numerals refer to the same or similar functions throughout the several views.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, so that those skilled in the art can easily carry out the present invention.

FIG. 1 schematically illustrates a system for authenticating a user using a mobile ID according to an embodiment of the present invention. The system includes a user terminal 100, an authentication request terminal 110, and an authentication server 200 .

The user terminal 100 is a mobile device that displays a mobile ID, and may include a mobile computer, a PDA / EDA, a mobile phone, a smart phone, a tablet, and the like. The user terminal 100 is not limited to this, and may include all mobile devices such as a portable game machine having a wired / wireless communication function, a digital camera personal navigation, and the like. In addition, the user terminal 100 may include a communication unit for supporting transmission and reception of information and a processor for processing information

The authentication request terminal 110 obtains the variable authentication value through communication with the computing device or the user terminal 100 that obtains the signal of the reader that obtains the variable authentication value from the mobile ID displayed through the user terminal 100 A computing device, and may include a desktop computer, a mobile computer, a PDA / EDA, a smart phone, a tablet, and the like. However, the authentication request terminal 110 is not limited to this, and may be a computing device that performs general operation processing, and may include a server.

The authentication server 200 may include a communication unit 210 and a processor 220. The use of the same reference numerals is for convenience of explanation only and is not intended to mean that these individual devices are the same. In another embodiment of the present invention, a server may be configured differently to perform the corresponding method, or may perform the corresponding method through the same authentication server 200. Also, the authentication server 200 may be a server corresponding to each node of the private block-chain database, or a server for managing each node of the private block-chain database.

Specifically, the authentication server 200 typically includes a computing device (e.g., a computer processor, memory, storage, input and output devices, and other devices capable of including components of a conventional computing device; (E. G., An electronic information storage system such as a network attached storage (NAS) and a storage area network (SAN)) and computer software (i. E. Instructions that cause a computing device to function in a particular manner) Performance. ≪ / RTI >

The communication unit 210 of such a computing device can send and receive requests and responses to and from other interworking computing devices. As an example, such requests and responses can be made by the same TCP session, For example, as a UDP datagram.

The processor 220 of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, and a data bus. It may further include a software configuration of an operating system and an application that performs a specific purpose.

A method for authenticating a user using a mobile ID according to an exemplary embodiment of the present invention will now be described with reference to FIG.

First, a method of issuing a mobile ID in a method of authenticating a user using a mobile ID according to an embodiment of the present invention will be described with reference to FIG.

In a state in which the user is connected to the authentication server 200 through the user terminal 100 in order to receive the mobile ID, for example, the user executes an application for issuing the mobile ID in the user terminal 100, The mobile ID information necessary for the mobile ID is input (S200). At this time, the mobile ID may include all commonly used IDs such as a national license, a private license, an employee ID, a student ID, as well as a public ID such as a driver's license, a health insurance card, an alien registration card, a civil service card,

Then, when the user inputs the mobile ID information and requests the issuance of the mobile ID, the user terminal 100 transmits the mobile ID issuance request transaction to the authentication server 200 (S210). At this time, the mobile ID issue request transaction includes the mobile ID information input by the user, and the mobile ID information may be the photo image of the user and the display information of each ID card. In addition, the mobile ID information may include personal information of the user.

Then, the authentication server 200 obtains a mobile ID issue application transaction including at least user information from the user terminal 100, and confirms the user using the obtained user information (S211). At this time, the user confirmation may use a public key infrastructure (PKI) certificate or use personal information of the user, but the present invention is not limited thereto. For example, it is possible to identify a specific issuer through public key based certificate, OPSign certificate, etc., or personal information such as a resident registration number, a passport, a corporation registration number, a business registration number, etc., To identify the user.

When the user is confirmed, the authentication server 200 transmits a certificate registration request signal to the user terminal 100 (S212)

In response to the certificate registration request signal, the user terminal 100 generates a public key and a private key, which are authentication keys (S214), and sets confirmation information for controlling the user access to the private key by the user (S215). At this time, the confirmation information is path information for accessing the private key, and may include a password, biometric information, and the like. Alternatively, the setting of confirmation information for access control on the private key may be omitted.

Then, the user terminal 100 extracts the public key of the user among the authentication keys, and transmits the certificate registration information including the extracted public key of the user and the terminal ID of the user terminal to the authentication server 200 (S215) , The authentication server 200 generates the user's certificate with reference to the certificate registration information transmitted and obtained from the user terminal 100 (S216). That is, the authentication server 200 generates, in addition to the public key and the terminal ID obtained from the certificate registration information, a user certificate including a hash value for the user information generated by applying the hash function to the confirmed user information. The hash function for generating the hash value is MD4 function, MD5 function, SHA-0 function, SHA-1 function, SHA-224 function, SHA-256 function, SHA-384 function, SHA-512 function and HAS-160 function But it should be understood that the present invention is not limited thereto. For example, Triple SHA256 would be possible.

Then, the authentication server 200 registers the created user certificate in the block-chain database which makes it impossible to copy / move / modify the created user certificate (S217).

For example, the authentication server 200 registers the user certificate in the public block chain database 300 (S217), and the location information on the public block chain database 200 of the user certificate registered in the public block chain database 200 (S218) and obtain the public transaction ID.

Also, the authentication server 200 registers the user certificate in the public block chain database 300, manages the public transaction ID corresponding to the user certificate, registers the user certificate in the private block chain database, registers the user certificate in the private block chain database The private transaction ID indicating the location information on the private block chain database of the user certificate may be acquired and managed.

The authentication server 200 may issue a mobile ID to the user terminal 100 (S219).

3, the mobile ID can be used in a mobile device that is a user terminal 100, and may have a mobile ID information area 10 and a variable authentication value area 20.

The mobile ID information 10 is related to user information to be displayed for each ID and includes information such as a photograph image, a name and an ID number. The mobile ID information 10 can be changed according to display information of an ID card to be implemented, The information may be stored in the user terminal 100 or in the authentication server 200.

The variable authentication value 20 includes information for user authentication with a user signature value signed by the user's private key, and has a changed value every time authentication is performed, thereby preventing a problem caused by user information theft .

Referring to FIG. 4, a method for authenticating a user using a mobile ID according to an embodiment of the present invention in a state where a mobile ID is issued by the above method will be described.

In a state in which a user certificate including a public key of a user, a terminal ID, and a hash value of user information is registered in the public block chain database 300 and the corresponding public transaction ID is managed by the method of FIG. 2, When the user inputs a user authentication request signal to the user terminal 100 storing the user's private key and public key to request the user authentication using the mobile ID at step S1, And transmits a user authentication request transaction including the public key and the terminal ID to the authentication server 200 (S2). Then, the authentication server 200 searches the public transaction ID corresponding to the user's public key and the terminal ID of the obtained user authentication request transaction, and checks the user certificate registered in the public block chain database with reference to the retrieved public transaction ID do. That is, the public transaction ID corresponding to the user's public key and the terminal ID is transmitted to the public block chain database 200 (S3) And confirms the included certificate (S4). At this time, the authentication server 200 checks whether the confirmed user certificate is valid, and if the user does not have a matching certificate or the user certificate is invalid due to disposal or the like, the authentication server 200 transmits an error signal corresponding to the authentication failure to the user terminal .

2, the user certificate is registered in the public block chain database 300 and the corresponding public transaction ID is managed. At the same time, the user certificate is registered in the private block chain database, and the private transaction ID The authentication server 200 searches the private transaction ID corresponding to the user's public key and the terminal ID of the acquired user authentication request transaction and registers in the private block chain database with reference to the retrieved private transaction ID You can also check the user's certificate.

Then, the authentication server 200 acquires a hash value of the user information with reference to the identified user certificate.

Thereafter, the authentication server 200 may transmit the random hash value and the hash value of the user information to the user terminal 100 (S5). At this time, the authentication server 200 may transmit only the random non-existence to the user terminal 100 to the user terminal 100.

First, when the authentication server 200 transmits a random nonce and a hash value of the user information to the user terminal 100 matching the terminal ID with the user terminal 100, the user terminal 100 transmits the hash value to the user (S6). If the confirmation information input by the user matches the set information, access to the private key is allowed to generate random signature, and the user signature value signed using the user's private key is generated (S7). However, if the confirmation information input by the user does not match the set information, access to the private key is denied and the user signature value is not generated.

Then, the user terminal 100 displays the mobile ID as shown in FIG. 3 (S8). That is, the user terminal 100 displays the photograph image stored in the terminal or acquired through the authentication server and the mobile ID information, which is display information according to the identification card. Then, a variable authentication value including the user signature value signed by the user's private key and the hash value for the user information is displayed. At this time, the variable authentication value may include random nonce. Also, the variable authentication value is changed according to the random non-existence of the same user, and the authentication server can provide a new random nonce every time authentication is performed.

In this state, when the user presents a mobile ID for user authentication, the authentication request terminal 110 obtains a variable authentication value from the mobile ID displayed in the user terminal 100 (S9) and transmits it to the authentication server 200 (S10).

At this time, the variable authentication value may include at least one of a bar code, a QR code, and NFC tag information, and the authentication request terminal 110 may be a computing device directly or indirectly coupled to a QR reader or an NFC reader . For example, the authentication request terminal 110 can recognize the QR code, which is a variable authentication value of the mobile ID, through the QR reader and transmit the same to the authentication server. When the NFC reader is used, the user terminal 100 receives the NFC tag information, which is the variable authentication value of the mobile ID through the NFC reader, or the user or the third party clicks the variable authentication value of the mobile ID, NFC reader or the like.

Then, the authentication server 200 extracts the user signature value and the hash value of the user information from the variable authentication value obtained from the authentication request terminal 110, and extracts the hash value of the user certificate matching the hash value of the extracted user information The validity of the user signature value is confirmed using the public key of the user (S11), and the authentication result information for the user according to the validity of the verified user signature value is transmitted to the authentication request terminal (S12).

At this time, the authentication server 200 extracts a random nonce from the user signature value using the user's public key of the user certificate matched with the hash value of the user information extracted from the variable authentication value, That is, the randomness transmitted to the user terminal 100 is identical, and determines whether the user signature value is valid. If the variable authentication value includes randomness, the authentication server 200 may determine whether the user's signature value is valid by checking whether the randomness extracted from the user signature value matches the randomness extracted from the variable authentication value have.

Also, the authentication server 200 invalidates the user authentication request transaction if the time interval between the first time of supporting transmission or transmission of the random non-existence to the user terminal and the second time of acquisition of the variable authentication value is equal to or larger than the set value The user terminal can request a new user authentication request transaction. Accordingly, the authentication server 200 can prevent the user's mobile ID from being used by theft or the like.

In response to the authentication result information received from the authentication server 200, the authentication request terminal 110 performs authentication by the user using the mobile ID.

Second, when the authentication server 200 transmits the random nonce to the user terminal 100 matching the terminal ID with the user terminal 100, the user terminal 100 may request the user to input confirmation information (S6). If the confirmation information input by the user agrees with the set information, access to the private key is permitted, and a random signature is generated using the user's private key (S7). However, if the confirmation information input by the user does not match the set information, access to the private key is denied and the user signature value is not generated.

Then, the user terminal 100 displays the mobile ID as shown in FIG. 3 (S8). That is, the user terminal 100 displays the photograph image stored in the terminal or acquired through the authentication server and the mobile ID information, which is display information according to the identification card. Then, it displays the variable authentication value including the user signature value signed by the user's private key and the public key of the random nonce.

In this state, when the user presents a mobile ID for user authentication, the authentication request terminal 110 obtains a variable authentication value from the mobile ID displayed in the user terminal 100 (S9) and transmits it to the authentication server 200 (S10).

Then, the authentication server 200 extracts the user signature value and the user's public key from the variable authentication value obtained from the authentication request terminal 110, extracts the public key of the user certificate matching the extracted public key, (S11), and transmits the authentication result information about the user according to the validity of the user signature value to the authentication request terminal (S12).

At this time, the authentication server 200 extracts a random nonce from the user signature value using the public key of the user certificate matching the user's public key extracted from the variable authentication value, and outputs the random nonce extracted from the user signature value And determines whether or not the user signature value is valid by checking whether or not the randomness transmitted to the user terminal 100 matches. If the variable authentication value includes randomness, the authentication server 200 may determine whether the user's signature value is valid by checking whether the randomness extracted from the user signature value matches the randomness extracted from the variable authentication value have.

Also, the authentication server 200 invalidates the user authentication request transaction if the time interval between the first time of supporting transmission or transmission of the random non-existence to the user terminal and the second time of acquisition of the variable authentication value is equal to or larger than the set value The user terminal can request a new user authentication request transaction. Accordingly, the authentication server 200 can prevent the user's mobile ID from being used by theft or the like.

In response to the authentication result information received from the authentication server 200, the authentication request terminal 110 performs authentication by the user using the mobile ID.

FIG. 5 schematically shows a method of authenticating a user using a mobile ID according to another embodiment of the present invention. Referring to FIG. 5, another embodiment of the present invention will be described.

A state in which a user certificate including a public key of a user, a terminal ID, and a hash value of user information is registered in the public block chain database 300 and the corresponding public transaction ID is managed The user certificate is registered in the public block chain database 300 and the corresponding public transaction ID is managed. In addition, in the state where the user certificate is registered in the private block chain database and the private transaction ID is managed, The user terminal 100 requests the user to input verification information by inputting a user authentication request signal to the user terminal 100 storing the user's private key and public key in order to request the user authentication (S110).

If the confirmation information input by the user matches the set information, the user terminal 100 generates a time stamp for the current time (S111), permits access to the private key, and stores the generated time stamp in the user's terminal And generates a signed user signature value using the private key (S112). However, if the confirmation information input by the user does not match the set information, access to the private key is denied and the user signature value is not generated.

Also, the user terminal 100 displays the mobile ID as shown in FIG. 3 (S113). That is, the user terminal 100 displays the photograph image stored in the terminal or acquired through the authentication server and the mobile ID information, which is display information according to the identification card. A variable authentication value generated by including the terminal ID, the time stamp, the time stamp, the user signature value signed by the user's private key, and the user's public key is displayed. At this time, the variable authentication value changes according to the time stamp even by the same user, and has a new authentication value every authentication request.

In this state, when the user presents a mobile ID for user authentication, the authentication request terminal 110 obtains a variable authentication value from the mobile ID displayed on the user terminal 100 (S114) and transmits the variable authentication value to the authentication server 200 (S115).

At this time, the variable authentication value may include at least one of a bar code, a QR code, and NFC tag information, and the authentication request terminal 110 may be a computing device directly or indirectly coupled to a QR reader or an NFC reader . For example, the authentication request terminal 110 can recognize the QR code, which is a variable authentication value of the mobile ID, through the QR reader and transmit the same to the authentication server. When the NFC reader is used, the user terminal 100 receives the NFC tag information, which is the variable authentication value of the mobile ID through the NFC reader, or the user or the third party clicks the variable authentication value of the mobile ID, NFC reader or the like.

Then, the authentication server 200 extracts the terminal ID, the time stamp, the user signature value, and the user's public key from the variable authentication value obtained from the authentication request terminal 110.

The authentication server 200 searches the public transaction ID corresponding to the public key of the extracted user and the terminal ID, and confirms the user certificate registered in the public block chain database by referring to the retrieved public transaction ID. That is, the public transaction ID corresponding to the user's public key and the terminal ID is transmitted to the public block chain database 200 (S116), and in response to this, the data message received from the public block chain database 200 And checks the included certificate (S117). Here, as an example of the data message, an OP return message of bit coin or the like may be assumed. At this time, the authentication server 200 checks whether the user certificate is valid, and if the user does not have a certificate matching the user certificate or the user certificate is invalid due to disposal, the authentication server 200 may transmit an error signal corresponding to the authentication failure to the user terminal . Alternatively, the authentication server 200 may retrieve the private transaction ID corresponding to the public key and the terminal ID of the user, and may check the user certificate registered in the private block chain database by referring to the retrieved private transaction ID.

Also, the authentication server 200 extracts the time stamp from the user signature value using the user's public key of the user certificate matching the public key extracted from the variable authentication value. Then, it is confirmed whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value to check whether the user signature value is valid or not (S118). If the validity of the user signature value is confirmed, And transmits the authentication result information to the authentication request terminal 110 (S119).

If the time interval between the time at which the variable authentication value of the mobile ID is obtained from the authentication requesting terminal and the time at which the time stamp is extracted from the variable authentication value is equal to or larger than the set value, the authentication server 200 invalidates the user authentication request, The terminal can request a new user authentication request. Accordingly, the authentication server 200 can prevent the user's mobile ID from being used by theft or the like.

In response to the authentication result information received from the authentication server 200, the authentication request terminal 110 performs authentication by the user using the mobile ID.

FIG. 6 schematically shows a method for authenticating a user using a mobile ID according to another embodiment of the present invention. Referring to FIG. 6, another embodiment of the present invention will be described below.

A state in which a user certificate including a public key of a user, a terminal ID, and a hash value of user information is registered in the public block chain database 300 and the corresponding public transaction ID is managed The user certificate is registered in the public block chain database 300, the corresponding public transaction ID is managed, the user certificate is registered in the private block chain database, and the private transaction ID is managed, When the user identification information of the user is inputted in step S300a, the authentication request terminal 110, which is a web server, transmits the user identification information input by the user to the authentication server 200 in step S300b ). At this time, the user identification information may include user ID, a resident registration number, a user terminal ID, an IP address of the user terminal, a telephone number, and the like.

Then, the authentication server 200 checks the user identification information acquired from the authentication request terminal 110 and searches for the registered user information corresponding to the user identification information (S300c). Then, the authentication server 200 uses the mobile ID And transmits a user authentication request signal to the user terminal 100 to request the user authentication (S300). At this time, the user authentication request signal may be a message requesting user authentication including a message requesting user authentication or a random nonce.

When the confirmation information input by the user matches the set information, the user terminal 100 generates a time stamp for the current time (S311), and stores the generated time stamp in the private key And creates a user signature value that is signed using the user's private key in step S312. However, if the confirmation information input by the user does not match the set information, access to the private key is denied and the user signature value is not generated. Alternatively, if the random number is included in the user authentication request signal, the user terminal 100 requests the user to input confirmation information. If the confirmation information input by the user matches the set information, the user terminal 100 accesses the private key And generates a user signature value that is signed using the user's private key by allowing random nonce. Also, the user terminal 100 transmits the variable authentication value including the terminal ID, the time stamp, the user signature value signed with the user's private key, and the user's public key to the authentication server 200 (S314). Alternatively, when the random number is included in the user authentication request signal, the user terminal 100 generates a variable authentication value including a terminal ID, a random signature, a user signature value signed by the user's private key, To the authentication server (200).

Then, the authentication server 200 extracts the terminal ID, the time stamp, the user signature value, and the user's public key from the variable authentication value obtained from the user terminal 100. [ Alternatively, when the random authentication is included in the user authentication request signal, the authentication server 100 extracts the terminal ID, the user signature value obtained by signing the random nonce with the user's private key, and the user's public key. The authentication server 200 searches the public transaction ID corresponding to the public key of the extracted user and the terminal ID, and confirms the user certificate registered in the public block chain database by referring to the retrieved public transaction ID. That is, the public transaction ID corresponding to the user's public key and the terminal ID is transmitted to the public block chain database 200 (S316), and in response to this, the data message received from the public block chain database 200 And confirms the included certificate (S317). At this time, the authentication server 200 checks whether the user certificate is valid, and if the user does not have a certificate matching the user certificate or the user certificate is invalid due to disposal, the authentication server 200 may transmit an error signal corresponding to the authentication failure to the user terminal . Alternatively, the authentication server 200 may retrieve the private transaction ID corresponding to the public key and the terminal ID of the user, and may check the user certificate registered in the private block chain database by referring to the retrieved private transaction ID.

Also, the authentication server 200 extracts the time stamp from the user signature value using the user's public key of the user certificate matching the public key extracted from the variable authentication value. Then, it is checked whether the time stamp extracted from the user signature value is identical to the time stamp extracted from the variable authentication value to check whether the user signature value is valid (S318). If the validity of the user signature value is confirmed, And transmits authentication result information to the authentication request terminal 110 (S319). Alternatively, when the randomness is included in the user authentication request signal, the authentication server 200 extracts the random signature from the user signature value using the public key of the user certificate matching the user's public key extracted from the variable authentication value, . Then, it is checked whether the time stamp extracted from the user signature value matches with the randomness included in the user authentication request signal to check whether the user signature value is valid, and if the authenticated user signature value is valid or not, And transmits the information to the authentication request terminal 110.

If the time interval between the time at which the variable authentication value of the mobile ID is obtained from the authentication requesting terminal and the time at which the time stamp is extracted from the variable authentication value is equal to or larger than the set value, the authentication server 200 invalidates the user authentication request, The terminal can request a new user authentication request. Accordingly, the authentication server 200 can prevent the user's mobile ID from being used by theft or the like. When the random authentication is included in the user authentication request signal, the authentication server 200 transmits the user authentication request signal including the random nonce to the user terminal, If the time interval between two time points is equal to or greater than the set value, the user authentication request transaction is invalidated and a new user authentication request transaction can be requested to the user terminal.

In response to the authentication result information received from the authentication server 200, the authentication request terminal 110 performs authentication by the user using the mobile ID.

In addition, the embodiments of the present invention described above can be implemented in the form of program instructions that can be executed through various computer components and recorded in a computer-readable recording medium. The computer-readable recording medium may include program commands, data files, data structures, and the like, alone or in combination. The program instructions recorded on the computer-readable recording medium may be those specially designed and constructed for the present invention or may be those known and used by those skilled in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules for performing the processing according to the present invention, and vice versa.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, Those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims.

Therefore, the spirit of the present invention should not be construed as being limited to the above-described embodiments, and all of the equivalents or equivalents of the claims, as well as the following claims, I will say.

100: user terminal,
110: authentication request terminal,
200: authentication server,
210:
220: processor,
300: public block chain database

Claims (31)

A method for authenticating a user using a mobile identity,
(a) (i) a user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and managing a public transaction ID corresponding to the user certificate in the public block chain database, (ii) registering the user certificate in the public block chain database and managing the corresponding public transaction ID, At the same time, in the state where the user certificate is registered in the private block chain database and the private transaction ID is managed, a user authentication request transaction including at least the public key of the user and the terminal ID from the user terminal in response to the user authentication request The authentication server checks (i) the user certificate registered in the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID (Ii) checking the user certificate registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, and extracting a hash of the user information from the user's certificate Obtaining a value;
(b) (b1) when the authentication server supports to transmit or transmit the random number and the hash value of the user information to the user terminal of the user matching the terminal ID, A user signature value obtained by signing the randomness with a private key of the user; And a hash value for the user information; (Ii) display a mobile identity including the mobile identity information of the user along with the variable authentication value; and (b2) the authentication server supports to display a random non- (I) a user signature value obtained by signing the random non-existence with the user's private key; And a public key of the user; (Ii) supporting a display of a mobile identity including the mobile identity information of the user with the variable authentication value; And
(c) (c1) when the variable authentication value of the mobile ID is obtained from the authentication requesting terminal according to (b1), the authentication server determines the user signature value from the variable authentication value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) if the variable authentication value of the mobile identity is obtained from the authentication request terminal by (b2), the authentication server transmits the authentication result information to the authentication request terminal The user signature value from the variable authentication value; And a public key of the user; The validity of the user signature value is verified by using the user's public key of the user certificate matching the extracted public key of the user, To transmit or transmit authentication result information to the authentication request terminal;
≪ / RTI > The method according to claim 1,
In the step (c)
The authentication server includes:
In the case of (c1), the randomness is extracted from the user signature value using the user's public key of the user certificate matching the hash value of the user information extracted from the variable authentication value, c2), the randomness is extracted from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value,
In both cases (c1) and (c2), it is determined whether the random signature extracted from the user signature value matches the randomness transmitted to the user terminal, and whether the user signature value is valid or not Lt; / RTI > The method according to claim 1,
The mobile ID information includes:
The image information of the user, and the display information of each ID card. The method according to claim 1,
The authentication server includes:
(B1) and (b2), a first time at which the random non-existence is supported or transmitted to the user terminal, and a second time at which the variable authentication value is obtained in the case of (c1) If the time interval between two time points is equal to or greater than a preset value, invalidates the user authentication request transaction and requests a new user authentication request transaction to the user terminal. The method according to claim 1,
The variable-
A bar code, a QR code, and NFC tag information. 6. The method of claim 5,
The authentication request terminal,
A computing device that acquires a signal of a reader that obtains the variable authentication value from the mobile ID displayed through the user terminal, or a computing device that acquires the variable authentication value through communication with the user terminal How to. The method according to claim 1,
Before the step (a)
(a01) When a mobile ID issuance application transaction including at least user information is obtained from the user terminal, the authentication server confirms the user using the user information, and requests or requests a certificate registration with the user terminal Supporting step; And
(a02) if the public key of the user and the terminal ID of the user terminal are obtained from the user terminal in response to the certificate registration request, the authentication server may be configured to: (i) the user's public key; A terminal ID for the user terminal; And a hash value for the user information; A public block chain database for managing a public transaction ID indicating location information on the public block chain database of the user certificate registered in the public block chain database, (Ii) registering the user certificate in the public block chain database, managing the corresponding public transaction ID, registering the user certificate in the private block chain database, and registering the user certificate in the private block chain database Managing a private transaction ID indicating location information on the private block chain database of the user certificate registered in the private key chain database and issuing the mobile ID to the user terminal Steps to support or to be issued;
≪ / RTI > A method for authenticating a user using a mobile identity,
(a) (i) a user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and managing a public transaction ID corresponding to the user certificate in the public block chain database, (ii) registering the user certificate in the public block chain database and managing the corresponding public transaction ID, At the same time, in the state where the user certificate is registered in the private block chain database and the corresponding private transaction ID is managed, the mobile ID displayed on the user terminal in response to the user authentication request includes: (i) Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a variable authentication value including a public key of the user; (Ii) the mobile authentication information includes the mobile identity information of the user together with the variable authentication value, and if the variable authentication value of the user is acquired via the authentication requesting terminal, the authentication server reads, from the obtained variable authentication value, Terminal ID; The time stamp; The user signature value; And a public key of the user; And
(b) the authentication server checks (i) the user's certificate registered in the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, and (ii) The private key of the user is registered in the private block chain database using the public key of the user and the private transaction ID corresponding to the terminal ID, Extracting the time stamp from the user signature value using the user's public key of the user certificate, checking whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value, The value of the user signature value Step supporting determine whether, and to transmit the authentication result information for the user of the validity of the user identified signature value to the terminal authentication request, transmitted;
≪ / RTI > 9. The method of claim 8,
The authentication server includes:
If the time interval between the time at which the variable authentication value of the mobile ID is obtained from the authentication requesting terminal and the time at which the time stamp is extracted from the variable authentication value is equal to or larger than the set value, invalidates the user authentication request, And requests a new user authentication request. A method for authenticating a user using a mobile identity,
(a) (i) a user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and managing a public transaction ID corresponding to the user certificate in the public block chain database, (ii) registering the user certificate in the public block chain database and managing the corresponding public transaction ID, At the same time, when the user identification information is acquired through the authentication request terminal in the state where the user certificate is registered in the private block chain database and the corresponding private transaction ID is managed, the authentication server transmits the user identification information to the user terminal (1) a message requesting the user authentication or (2) a message requesting the user authentication including a random non-response. The user authentication request signal includes a user authentication request signal A mobile ID corresponding to the request, wherein the mobile ID is: (i) the terminal ID; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a variable authentication value including a public key of the user; (Ii) mobile ID information of the user together with the variable authentication value, and in case (2), (i) the UE ID; A user signature value obtained by signing the randomness with a private key of the user; And a variable authentication value including a public key of the user; (Ii) if the variable authentication value of the user includes the mobile identity information of the user together with the variable authentication value, from the obtained variable authentication value, , The terminal ID; The time stamp; The user signature value; And a public key of the user; Extracting the terminal ID: the user signature value: and the public key of the user in the case of (2); And
(b) the authentication server checks (i) the user's certificate registered in the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, and (ii) (1), the user's certificate registered in the private block chain database is checked using the public key of the user and the private transaction ID corresponding to the terminal ID, and in the case of (1) Extracting the time stamp from the user signature value using the public key of the user of the user certificate matching the public key of the user certificate, extracting the time stamp extracted from the user signature value and the time stamp extracted from the variable authentication value Check that the stamps match and use Signature value from the user's signature value using the user's public key of the user certificate matching the public key of the user extracted from the variable authentication value, The method comprising the steps of: extracting randomness from the user signature value, verifying whether the randomness extracted from the user signature value matches the randomness transmitted in the user authentication request signal to check whether the user signature value is valid, And transmitting the authentication result information for the user according to the validity of the value to the authentication request terminal;
≪ / RTI > A method for authenticating a user using a mobile identity,
(a) generating and storing the public key of the user and the private key of the user, and (i) the public key of the user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and registering the user certificate in the private block chain database, and registering the user certificate in the private block chain database, When a user authentication request signal is acquired in a state of managing the mobile ID corresponding to the user certificate, the user terminal transmits at least the user authentication request transaction including the user's public key and the terminal ID to the authentication server Supporting transmission; And
(b) (b1) when a random nonce and a hash value for the user information are obtained from the authentication server in response to the user authentication request transaction, the user terminal transmits (i) the random nonce to the user's private key One user signature value; And a hash value for the user information; (Ii) displaying a mobile ID including the mobile identity information of the user together with the variable authentication value; and (b2) displaying a random identity from the authentication server in response to the user authentication request transaction, (I) a user signature value obtained by signing the randomness with the user's private key; And a public key of the user; (Ii) displaying a mobile ID including the mobile ID information of the user together with the variable authentication value; And
(c1) (c1) allowing the user terminal to acquire the variable authentication value of the mobile ID by the authentication server via the authentication request terminal according to (b1), thereby causing the authentication server to transmit the variable authentication value The user signature value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) the user terminal transmits the variable authentication value of the mobile ID to the authentication request terminal through the authentication request terminal by (b2) The server obtains the user signature value from the variable authentication value; And a public key of the user; The validity of the user signature value is verified by using the public key of the user certificate of the user certificate matching the extracted public key of the user, Supporting authentication result information for the user to be transmitted to the authentication request terminal;
≪ / RTI > 12. The method of claim 11,
The mobile ID information includes:
The image information of the user, and the display information of each ID card. 12. The method of claim 11,
The variable-
A bar code, a QR code, and NFC tag information. 14. The method of claim 13,
The authentication request terminal,
A computing device that acquires a signal of a reader that obtains the variable authentication value from the mobile ID displayed through the user terminal, or a computing device that acquires the variable authentication value through communication with the user terminal How to. 12. The method of claim 11,
In the step (b)
When a hash value for the random information and the user information is obtained from the authentication server by the authentication server or when the randomness is obtained from the authentication server by the step b2, And the mobile ID is displayed when the input confirmation information is valid. 12. The method of claim 11,
Before the step (a)
(a01) supporting the user terminal to transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server; And
(a02) If a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuing application transaction, the user terminal generates the public key of the user and the private key of the user using the user authentication key, Public key, and terminal ID for the user terminal to the authentication server so as to allow (i) the authentication server to transmit the public key of the user; A terminal ID for the user terminal; And a hash value for the user information; A public block chain database for managing a public transaction ID indicating location information on the public block chain database of the user certificate registered in the public block chain database, (Ii) the authentication server registers the user certificate in the public block chain database and manages the corresponding public transaction ID, and registers the user certificate in the private block chain database, Managing a private transaction ID indicating location information on the private block chain database of the user certificate registered in the private block chain database, And issuing a vail ID. 17. The method of claim 16,
In the step (a02)
The user terminal comprising:
Before supporting transmission or transmission of the public key of the user and the terminal ID for the user terminal to the authentication server,
And setting confirmation information for the user. A method for authenticating a user using a mobile identity,
(a) generating and storing the public key of the user and the private key of the user, and (i) the public key of the user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) the user certificate is registered in the public block chain database, and the user certificate is registered in the private block chain database, and the registered user certificate is registered in the public block chain database, When a user authentication request signal is acquired in a state of managing the mobile ID corresponding to the user certificate, the user terminal transmits (i) the terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) displaying a mobile ID including the mobile ID information of the user together with the variable authentication value; And
(b) the user terminal supports the authentication server to acquire the variable authentication value of the mobile ID via the authentication request terminal, thereby allowing the authentication server to obtain the terminal ID from the variable authentication value; The time stamp; The user signature value; And a public key of the user; (I) identifying the user's certificate registered in the public block chain database using the extracted public key of the user and the public transaction ID corresponding to the terminal ID; (ii) The method of claim 1, further comprising: supporting a user's certificate registered in the private block chain database using a user's public key and a private transaction ID corresponding to the extracted user ID, Extracting the time stamp from the user signature value using the public key of the user of the user certificate matching the key, the time stamp extracted from the user signature value and the time stamp extracted from the variable authentication value are Match Confirmed by confirming the validity of the user signature value and the support to transmit authentication result information for the user of the validity of the identified value of the user signature in the authentication request terminal;
≪ / RTI > A method for authenticating a user using a mobile identity,
(a) generating and storing the public key of the user and the private key of the user, and (i) the public key of the user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) the user certificate is registered in the public block chain database, and the user certificate is registered in the private block chain database, and the registered user certificate is registered in the public block chain database, In a state where the mobile ID corresponding to the user certificate is being managed, the authentication server transmits a user authentication request signal in response to the user identification information transmitted from the authentication request terminal, and the user authentication request signal requests (1) (2) a message requesting the user authentication including (2) the random nonce, the user terminal responds to the user authentication request signal, and in the case (1), the terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; And generates a variable authentication value including the terminal ID of the user terminal in case of (2); A user signature value obtained by signing the randomness with a private key of the user; And a public key of the user; Generating a variable authentication value including the authentication value; And
(b) the user terminal supports the authentication server to obtain the variable authentication value of the mobile ID, thereby causing the authentication server to determine, from the variable authentication value, the terminal ID in case of (1); The time stamp; The user signature value; And a public key of the user; And in the case of (2), the terminal ID; The user signature value; And a public key of the user; (I) identifying the user's certificate registered in the public block chain database using the extracted public key of the user and the public transaction ID corresponding to the terminal ID; (ii) And supports to verify the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, and in the case of (1) Extracting the time stamp from the user signature value using the public key of the user of the user certificate matching the public key of the user extracted from the user signature value and extracting the time stamp extracted from the user signature value and the variable authentication value The time stamp The validity of the user signature value is verified and the authentication result information for the user according to the validity of the user signature value is transmitted to the authentication request terminal. Extracts the randomness from the user signature value using the user's public key of the user certificate matching the public key extracted from the variable authentication value, And verifying whether or not the nonce and the randomness transmitted in the user authentication request signal are identical to each other to check whether the user signature value is validated, Supporting to transmit to the authentication request terminal;
≪ / RTI > An authentication server for authenticating a user using a mobile ID,
(i) the user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and managing a public transaction ID corresponding to the user certificate in the public block chain database, (ii) registering the user certificate in the public block chain database and managing the corresponding public transaction ID, At the same time, in the state where the user certificate is registered in the private block chain database and the private transaction ID is managed, a user authentication request transaction including at least the public key of the user and the terminal ID from the user terminal in response to the user authentication request A communicating unit for acquiring; And
(i) checking the user certificate registered in the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, (ii) checking the user certificate of the public key and the terminal ID (B1) acquiring a hash value for the user information from the user's certificate by checking the user certificate registered in the private block chain database using the corresponding private transaction ID, (b1) (I) a user signature value obtained by signing the random nonce with the private key of the user, when the hash value of the random number is transmitted to the user terminal of the user matching the terminal ID; And a hash value for the user information; (Ii) supporting a display of a mobile identity including the mobile identity information of the user along with the variable authentication value, and (b2) transmitting a random nonce to the user terminal or transmitting (I) a user signature value obtained by signing the randomness with the user's private key; And a public key of the user; (Ii) supporting a display of a mobile identity including the mobile identity information of the user with the variable authentication value, and (c1) supporting the display of the mobile identity by the mobile When the variable authentication value of the ID is obtained from the authentication requesting terminal, the user signature value from the variable authentication value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) when the variable authentication value of the mobile ID is obtained from the authentication request terminal by (b2), the authentication request information for the user is transmitted or transmitted to the authentication request terminal; The user signature value; And a public key of the user; The validity of the user signature value is verified by using the user's public key of the user certificate matching the extracted public key of the user, And transmitting the authentication result information to the authentication request terminal;
And an authentication server for authenticating the authentication server. 21. The method of claim 20,
The processor comprising:
In the case of (c1), the randomness is extracted from the user signature value using the user's public key of the user certificate matching the hash value of the user information extracted from the variable authentication value, c2), the randomness is extracted from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value,
In both cases (c1) and (c2), it is determined whether the random signature extracted from the user signature value matches the randomness transmitted to the user terminal, and whether the user signature value is valid or not Authentication server. 21. The method of claim 20,
The processor comprising:
(B1) and (b2), a first time at which the random non-existence is supported or transmitted to the user terminal, and a second time at which the variable authentication value is obtained in the case of (c1) And requests a new user authentication request transaction to the user terminal if the time interval between two time points is equal to or greater than a preset value. 21. The method of claim 20,
The processor comprising:
A process of confirming the user using the user information and requesting or requesting a certificate registration to the user terminal when a mobile ID issuance application transaction including at least user information is obtained from the user terminal, Wherein the public key of the user and the terminal ID of the user terminal are obtained from the user terminal in response to the request, the method comprising: (i) the user's public key; A terminal ID for the user terminal; And a hash value for the user information; A public block chain database for managing a public transaction ID indicating location information on the public block chain database of the user certificate registered in the public block chain database, (Ii) registering the user certificate in the public block chain database, managing the corresponding public transaction ID, registering the user certificate in the private block chain database, and registering the user certificate in the private block chain database Managing a private transaction ID indicating location information on the private block chain database of the user certificate registered in the private key chain database and issuing the mobile ID to the user terminal Or authentication server according to claim 1, further perform a process that helps issued. An authentication server for authenticating a user using a mobile ID,
(i) the user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and managing a public transaction ID corresponding to the user certificate in the public block chain database, (ii) registering the user certificate in the public block chain database and managing the corresponding public transaction ID, At the same time, in the state where the user certificate is registered in the private block chain database and the corresponding private transaction ID is managed, the mobile ID displayed on the user terminal in response to the user authentication request includes: (i) Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a variable authentication value including a public key of the user; Or (ii) includes the mobile identity information of the user in addition to the variable authentication value, the communication unit acquiring the variable authentication value via the authentication request terminal; And
From the acquired variable authentication value; The time stamp; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, (ii) checking the user's public key A process of checking the user's certificate registered in the private block chain database using the private transaction ID corresponding to the user ID and the user ID of the user extracted from the variable authentication value, Extracting the time stamp from the user signature value using the user's public key of the user signature value of the user signature and checking whether the time stamp extracted from the user signature value matches the time stamp extracted from the variable authentication value, Value of A processor for verifying validity and supporting transmission or transmission of authentication result information for the user according to validity of the user signature value to the authentication request terminal;
And an authentication server for authenticating the authentication server. An authentication server for authenticating a user using a mobile ID,
(i) the user's public key; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and managing a public transaction ID corresponding to the user certificate in the public block chain database, (ii) registering the user certificate in the public block chain database and managing the corresponding public transaction ID, At the same time, in a state where the user certificate is registered in the private block chain database and the corresponding private transaction ID is managed, when the user identification information is obtained from the authentication request terminal, the user authentication request signal Wherein the user authentication request signal comprises: (1) a message requesting the user authentication or (2) a message requesting the user authentication including randomness, In the case of The terminal ID from the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And obtains a variable authentication value including the public key of the user, and in the case of (2), acquires a terminal ID from the user terminal; A user signature value obtained by signing the randomness with a private key of the user; And a communication unit for obtaining a variable authentication value including the public key of the user; And
From the acquired variable authentication value, in the case of (1), the terminal ID; The time stamp; The user signature value; And a public key of the user; And in the case (2), extracts the terminal ID; The user signature value; And a public key of the user; (I) checking the user's certificate registered in the public block chain database using the public key of the user and the public transaction ID corresponding to the terminal ID, (ii) checking the user's public key And a process of checking the user's certificate registered in the private block chain database using the private transaction ID corresponding to the terminal ID, and in the case (1) Extracting the time stamp from the user signature value using the public key of the user of the user certificate matching the key, the time stamp extracted from the user signature value and the time stamp extracted from the variable authentication value are And then, (2), the randomness is extracted from the user signature value using the user's public key of the user certificate matching the user's public key extracted from the variable authentication value, and the random signature is extracted from the user signature value Checking whether the extracted randomness and the randomness transmitted in the user authentication request signal agree with each other, verifying whether the user signature value is valid, checking whether the user signature value is valid or not, A processor for supporting transmission or transmission of authentication result information to the authentication request terminal;
And an authentication server for authenticating the authentication server. A user terminal for authenticating a user using a mobile ID,
And generating and storing the public key of the user and the private key of the user, wherein (i) the public key of the user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) registering the user certificate in the public block chain database and registering the user certificate in the private block chain database, and registering the user certificate in the private block chain database, When the user authentication request signal is acquired in a state where the mobile ID corresponding to the user certificate is being managed, a user authentication request transaction including at least the public key of the user and the terminal ID is transmitted or transmitted to the authentication server (b1) when a hash value for the random nonce and the user information is obtained from the authentication server in response to the user authentication request transaction, (i) a user signature value obtained by signing the random nonce with the private key of the user; And a hash value for the user information; (Ii) displaying a mobile ID including the mobile identity information of the user together with the variable authentication value; and (b2) displaying a random identity from the authentication server in response to the user authentication request transaction, (I) a user signature value obtained by signing the randomness with the private key of the user; And a public key of the user; (Ii) displaying a mobile ID including the mobile ID information of the user together with the variable authentication value,
(c1) allowing the authentication server to obtain the variable authentication value of the mobile identity via the authentication request terminal according to (b1), thereby causing the authentication server to obtain the user signature value from the variable authentication value; And a hash value for the user information; The validity of the user signature value is verified by using the user's public key of the user certificate matching the hash value of the extracted user information, (C2) the authentication server obtains the variable authentication value of the mobile identity through the authentication request terminal by (b2), so as to transmit the authentication result information to the authentication request terminal Thereby enabling the authentication server to obtain the user signature value from the variable authentication value; And a public key of the user; The validity of the user signature value is verified by using the public key of the user certificate of the user certificate matching the extracted public key of the user, A communication unit for supporting authentication result information for the user to the authentication request terminal;
And a user terminal. 27. The method of claim 26,
The processor comprising:
When a random hash value and a hash value for the user information are obtained from the authentication server by (b1), or when randomness is obtained from the authentication server by (b2), confirmation information input for the user And to display the mobile ID if the received confirmation information is valid. 27. The method of claim 26,
The processor comprising:
Wherein the mobile terminal is configured to transmit or receive a mobile ID issuance application transaction including at least user information to the authentication server, and when a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuance application transaction, Generating a public key and the user's private key,
Wherein,
(I) allowing the authentication server to transmit the public key of the user to the authentication server; and (i) transmitting the public key of the user and the terminal ID of the user terminal to the authentication server. A terminal ID for the user terminal; And a hash value for the user information; A public block chain database for managing a public transaction ID indicating location information on the public block chain database of the user certificate registered in the public block chain database, (Ii) the authentication server registers the user certificate in the public block chain database and manages the corresponding public transaction ID, and registers the user certificate in the private block chain database, Managing a private transaction ID indicating location information on the private block chain database of the user certificate registered in the private block chain database, And to issue a vail ID. 29. The method of claim 28,
The processor comprising:
Before supporting transmission or transmission of the public key of the user and the terminal ID for the user terminal to the authentication server,
And to set confirmation information for the user. A user terminal for authenticating a user using a mobile ID,
And generating and storing the public key of the user and the private key of the user, wherein (i) the public key of the user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) the user certificate is registered in the public block chain database, and the user certificate is registered in the private block chain database, and the registered user certificate is registered in the public block chain database, When a user authentication request signal is acquired in a state of managing the mobile ID corresponding to a user certificate, (i) the terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; (Ii) a mobile ID indicating the mobile ID including the mobile ID information of the user together with the variable authentication value; And
And the authentication server obtains the variable authentication value of the mobile ID through the authentication requesting terminal so that the authentication server obtains the terminal ID from the variable authentication value; The time stamp; The user signature value; And a public key of the user; (I) identifying the user's certificate registered in the public block chain database using the extracted public key of the user and the public transaction ID corresponding to the terminal ID; (ii) The method of claim 1, further comprising: supporting a user's certificate registered in the private block chain database using a user's public key and a private transaction ID corresponding to the extracted user ID, Extracting the time stamp from the user signature value using the public key of the user of the user certificate matching the key, the time stamp extracted from the user signature value and the time stamp extracted from the variable authentication value are Match OK to the communication support check the validity of the user signature value, and to transmit the authentication result information for the user of the validity of the identified value of the user signature in the authentication request terminal;
And a user terminal. A user terminal for authenticating a user using a mobile ID,
And generating and storing the public key of the user and the private key of the user, wherein (i) the public key of the user; A terminal ID for the user terminal of the user; And a hash value for the user information of the user; (Ii) the user certificate is registered in the public block chain database, and the user certificate is registered in the private block chain database, and the registered user certificate is registered in the public block chain database, A user authentication request signal corresponding to the user identification information acquired from the authentication requesting terminal, the user authentication request signal including (1) a message requesting the user authentication or ( 2) the message requesting the user authentication including the random nonce is obtained from the authentication server, and in case of (1), the terminal ID of the user terminal; Timestamp; A user signature value obtained by signing the time stamp with the user's private key; And a public key of the user; And generates a variable authentication value of the mobile ID including the terminal ID of the user terminal in case of (2); A user signature value obtained by signing the randomness with a private key of the user; And a public key of the user; A processor for generating a variable authentication value of the mobile ID; And
And the authentication server obtains the variable authentication value of the mobile ID, thereby allowing the authentication server to determine, in case of (1), the terminal ID from the variable authentication value; The time stamp; The user signature value; And a public key of the user; And in the case (2), extracting the terminal ID from the variable authentication value; The user signature value; And a public key of the user; (I) identifying the user's certificate registered in the public block chain database using the extracted public key of the user and the public transaction ID corresponding to the terminal ID; (ii) And supports to verify the user's certificate registered in the private block chain database using the extracted public key of the user and the private transaction ID corresponding to the terminal ID, and in the case of (1) Extracting the time stamp from the user signature value using the public key of the user of the user certificate matching the public key of the user extracted from the user signature value and extracting the time stamp extracted from the user signature value and the variable authentication value The time stamp In the case of (2), the public key of the user of the user certificate matching the public key of the user extracted from the variable authentication value is used to confirm whether the user signature value is valid Verifies whether the randomness extracted from the user signature value and the randomness included in the authentication request signal are identical to each other to check whether the user signature value is valid or not, A communication unit for supporting authentication result information for the user according to the validity of the user signature value to the authentication request terminal;
And a user terminal.

Images