KR102003731B1 - System and method for protecting crypto currency using virtual machine - Google Patents

Abstract

The present invention relates to a system for protecting cryptocurrency using a virtual machine and a method thereof. Displayed are the system for protecting cryptocurrency using a virtual machine and the method thereof. The system comprises: a user terminal carried by each user to access a cryptocurrency exchange market to request a cryptocurrency transaction service; an external network which can be accessed by the user terminal through the Internet and includes a cryptocurrency exchange market server; an internal network which is independently configured after being blocked from the external network while being connected to the external network only for receiving a cryptocurrency transaction therefrom to sign an autograph and includes an electronic wallet embodied in a virtual machine storing the cryptocurrency of the user terminal; and a blockchain main network connected to the external network and embodied by a blockchain technology which stores the wallet information of all users. Therefore, provided are the system for protecting cryptocurrency using a virtual machine and the method thereof, wherein any user terminal can easily make access without an additional physical device such as a secure USB or a card and cryptocurrency can be strongly protected from hacking by the external network.

Description

Cryptocurrency protection system and method using virtual machine {SYSTEM AND METHOD FOR PROTECTING CRYPTO CURRENCY USING VIRTUAL MACHINE}

The present invention relates to a cryptocurrency protection system and method using a virtual machine, and more particularly, to a cryptocurrency protection system using an easily accessible virtual machine that provides a cold wallet without an additional physical device using a virtualization system and It is about a method.

The contents described in this section merely provide background information on the present embodiment and do not constitute a prior art.

Cryptocurrency is distributed and operated in a peer-to-peer manner on the Internet network around the world without a central bank issuing money, unlike real currencies such as dollars ($) and won (\). The key technique for issuing and managing cryptocurrencies is blockchain technology. A blockchain is a collection of "chains" followed by "blocks." The validity of each cryptocurrency coin is given by the blockchain. Blockchain is a list of records (blocks) that continues to grow, and blocks are secured by connecting them using encryption. Each block typically contains the cryptographic hash, timestamp and transaction data of the previous block. By design, the blockchain is resistant to data modification from the beginning. It is an open distributed ledger that can be recorded to prove valid and permanent transactions between the parties. Once writing is done, the data in that block cannot be changed retroactively without changing all subsequent blocks.

Cryptocurrency doesn't cost production costs at all, and can greatly reduce transaction costs such as transfer costs. In addition, since it is stored in a computer hard disk or the like, there is no storage cost, and there is no risk of theft or loss.

However, despite these advantages, the security of cryptocurrency trading has become a problem, such as the recent hacking of virtual currency exchanges around the world.

Cryptocurrency itself utilizes blockchain technology, which is distributed among everyone participating in a network of decentralized books, and is virtually impossible to hack, forge, or forge. However, cryptocurrency exchanges that are brokering trades for investors who want to buy or sell such cryptocurrencies allow exchange operators to store user accounts and cryptocurrency wallet information among investors. In other words, unlike a decentralized blockchain, the exchange is a centralized entity, so you can easily extract cryptocurrency from the customer's account simply by hacking the exchange's encrypted database. As a result, every year since 2011, when cryptocurrency transactions began in earnest, heavy exchange hacking incidents have not stopped.

Exchanges store a large amount of cryptocurrencies and have a system that can be sent immediately, making it a good food for hackers and dangerous because people aren't keeping it for 24 hours. Technically, cryptocurrency exchanges often keep customers' cryptocurrencies in their hot wallets because of liquidity problems. Hot wallets store wallet keys on a regular PC or Web site and are connected online. Are more likely to be exposed.

In order to solve the hacking threat of the hot wallet, Cold Wallet, which separates the cryptocurrency wallet from the network in the concept of a commercially available secure USB, is in the spotlight.

However, cold wallets such as USB or CARD are physical devices, so it is difficult to recover them if they are lost. Also, a private key must also be physically stored.

Accordingly, the present invention is to propose a cryptocurrency protection system and method using a virtual machine that can solve the above technical constraints.

Korean Patent Publication No. 10-2017-0142374, published on December 28, 2017 (name: remittance system and method using virtual currency) Korean Patent Publication No. 10-2017-0123290, published on November 7, 2017 (name: Electronic Money Trading System and Method) Korean Patent Registration No. 10-1370020, published April 3, 2013 (Name: System and method for using domain-specific security sandbox to facilitate secure transactions)

The present invention has been proposed to solve the above-mentioned problems of the prior art, and it is mainly to provide a cryptocurrency protection system and method using a virtual machine that is easily accessible from any user terminal without a physical device such as a separate secure USB or card. There is a purpose.

In addition, another object of the present invention to provide a cryptocurrency protection system and method using a virtual machine that can strongly protect the cryptocurrency in hacking from the external network.

The problem to be solved of the present invention is not limited to those mentioned above, and another problem to be solved which is not mentioned will be clearly understood by those skilled in the art from the following description.

One aspect of the present invention for achieving the above object is a user terminal for requesting a cryptocurrency trading service connected to a cryptocurrency exchange possessed by an individual user; An external network accessible from the user terminal via the Internet and including a cryptocurrency exchange server; An internal network that is isolated from the external network and is configured independently, is connected only to receive a cryptocurrency transaction from the external network for signing, and includes an electronic wallet implemented on a virtual machine that stores the cryptocurrency of the user terminal. ; And a blockchain mainnet implemented with a blockchain technology that is connected to the external network and stores wallet information of all users.

The electronic wallet of the internal network may be implemented on a virtual machine.

The electronic wallet of the internal network may allow only access to a multi-signal authenticated user in the external network.

Transactions may be transmitted between the external network and the internal network in the form of a stream, and may transmit only a predetermined type of information and block other information transmission.

The predetermined type of information may be a key value including a user wallet, a transfer wallet, and coin quantity information.

The electronic wallet may include a key for activating a cryptocurrency transaction transaction, and may sign a transaction received from the external network.

The transaction signed in the electronic wallet can be verified through each of the coin nodes constituting the blockchain mainnet through the external network and can carry out a transaction of cryptocurrency.

The internal network may include a service API for classifying a cryptocurrency transaction transaction transmitted to the internal network through the external network into an assigned electronic wallet of the user terminal.

Another aspect of the invention, the step of receiving the user account information from the user terminal to perform a cryptocurrency transaction; Receiving the user account information from the cryptocurrency exchange server and interworking with an electronic vault server; The electronic vault server receiving a cryptocurrency transaction command from a user terminal and generating a transaction; Performing multi-signal authentication on the transaction in an authentication server; Transmitting a transaction (TX) on which authentication has been performed to an internal network; Transmitting a transaction by dividing an electronic wallet of a virtual machine allocated to the user terminal in a service API of an internal network; If the received transaction is valid in the electronic wallet, performing a personal signature and delivering a signed transaction to an external network; And verifying and sharing the signed transaction through respective coin nodes of the blockchain mainnet.

According to the cryptocurrency protection system and method using a virtual machine of the present invention, there is provided a cryptocurrency protection system and method using a virtual machine that is easy to access from any user terminal without a physical device such as a separate secure USB or card. It can be effective.

In addition, there is an effect that can provide a cryptocurrency protection system and method using a virtual machine that can strongly protect the cryptocurrency from hacking from the external network.

The effects obtainable in the present invention are not limited to the above-mentioned effects, and other effects not mentioned will be clearly understood by those skilled in the art from the following description. .

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, included as part of the detailed description in order to provide a thorough understanding of the present invention, provide embodiments of the present invention and together with the description, describe the technical features of the present invention.
1 is a diagram illustrating the configuration of a cryptocurrency protection system using a virtual machine according to an embodiment of the present invention.
2 is a diagram illustrating in more detail the configuration of a cryptocurrency protection system using a virtual machine according to an embodiment of the present invention.
3 is a diagram illustrating a cryptocurrency protection method using a virtual machine according to an embodiment of the present invention.
4 is a diagram illustrating another configuration of a cryptocurrency protection system using a virtual machine according to an embodiment of the present invention.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. The detailed description, which will be given below with reference to the accompanying drawings, is intended to explain exemplary embodiments of the present invention and is not intended to represent the only embodiments in which the present invention may be practiced. The following detailed description includes specific details in order to provide a thorough understanding of the present invention. However, one of ordinary skill in the art appreciates that the present invention may be practiced without these specific details.

In some instances, well-known structures and devices may be omitted or shown in block diagram form centering on the core functions of the structures and devices in order to avoid obscuring the concepts of the present invention.

Throughout the specification, when a part is said to "comprising" (or including) a component, this means that it may further include other components, except to exclude other components unless specifically stated otherwise. do. In addition, the terms “… unit”, “… unit”, “module”, etc. described in the specification mean a unit that processes at least one function or operation, which may be implemented by hardware or software or a combination of hardware and software. have. Also, "a or an", "one", "the", and the like are used differently in the context of describing the present invention (particularly in the context of the following claims). Unless otherwise indicated or clearly contradicted by context, it may be used in the sense including both the singular and the plural.

In describing the embodiments of the present invention, if it is determined that a detailed description of a known function or configuration may unnecessarily obscure the gist of the present invention, the detailed description thereof will be omitted. In addition, terms to be described below are terms defined in consideration of functions in the embodiments of the present invention, which may vary according to intentions or customs of users and operators. Therefore, the definition should be made based on the contents throughout the specification.

Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings.

1 is a diagram illustrating the configuration of a cryptocurrency protection system using a virtual machine according to an embodiment of the present invention.

The user terminal 100 refers to a user's terminal that can access cryptocurrency exchanges and trade cryptocurrencies.

Examples of user terminal 100 are Internet access devices such as personal computers, laptop computers, personal digital assistants, cellular telephones, mainframe computers, mini computers and Web TVs.

Further, the user terminal 100 is preferably equipped with web browser software such as MICROSOFT INTERNET EXPLORER, MOZILLAFIREFOX, etc. to connect to the server via a communication network using any known data communication networking technology. The user terminal 100 is equipped with a series of computer programs designed to perform a specific task, that is, an application that is a program for performing a target task using a system that is a computer equipment.

The external network 200 refers to an internet network (Internet) that is publicly accessible from the user terminal (100). It is usually accessed from a public IP address, also called an extranet. Cryptocurrency exchange web exists in the external network 200.

 The internal network 300 is a network used by a predetermined organization that is isolated from the external network 200 and is usually composed of a private IP address. Refers to a section in which direct access from the external network 200 is controlled or blocked by physical network separation, an access control system, or the like. In an embodiment of the present invention, the internal network 300 refers to a network whose access is controlled in order to securely protect the electronic wallet of the user terminal 100.

The internal network 300 stores wallet information for storing the cryptocurrency of each of the user terminals 100, and the network is blocked, but is only connected to the external network 200 by the network connection section 400, and thoroughly. It cannot be accessed except by an authorized user.

 The transaction is transmitted in the form of a stream between the external network 200 and the internal network 300, and separately transmits only a predetermined type of information such as a key value (for example, a user wallet, a wallet, a coin quantity, and the like). Information transmission should be blocked.

Blockchain Mainnet 500 refers to a network to which blockchain technology is applied, and wallet information of all users is stored.

Blockchain technology is originally a technology that prevents money from being paid more than once when using cryptocurrencies (such as bitcoin) that travel between trading parties (P2P networks).

We often think of a central server of a particular institution as a device that stores and downloads information.Blockchain doesn't use these physical servers, but the data of all users who participate in transactions by sharing information in a space like 'file sharing community'. It is a technique that prevents forgery by comparing the stored data by using distributed storage for each user.

Blockchain is, in other words, a 'public ledger' technology, mainly considered as a technology to prevent hacking that can occur when online financial transactions. For example, electronic money exists only on a computer, and copying money like a file copy eliminates the difference between the original and the copy.In order to use electronic money, a device is required to prevent data from being tampered with. It is included.

2 is a diagram illustrating in more detail the configuration of a cryptocurrency protection system using a virtual machine according to an embodiment of the present invention.

The user terminal 100 accesses an account assigned to the cryptocurrency exchange server 210 of the external network 200 for the cryptocurrency transaction.

The cryptocurrency exchange reconnects to the electronic vault server 220 for the financial transaction of the cryptocurrency, and the account information value at this time may utilize the account information of the cryptocurrency exchange server 210.

The electronic safe server 220 is connected to the coin nodes 230, and the location of the coin node 230 may be built by utilizing a node external to itself.

The coin node 230 is an individual unit that constitutes a huge trust network called a blockchain. A blockchain network is made up of a number of nodes, which in other words can be electronic devices such as PCs, tablet PCs, and smartphones owned by those who participate in the network. Each node accesses the blockchain network and downloads the blockchain to share, view and store all transactions. In addition, it may be the role of the node to check and approve new transaction details and finally create a block and proceed to mining to receive cryptocurrency as a reward.

Nodes send blocks to other nearby nodes via a gossip protocol. Nodes that receive the block verify the transaction through their blockchain network, and then propagate the transaction to nearby nodes. In other words, the node verifies the received transaction and propagates the transaction to other nodes. The connection configuration between the nodes is shown in more detail in FIG.

Electronic vault server 220 provides the user's cryptocurrency transaction information function, for example, if the user wants to transfer the cryptocurrency to another user's account, select the coin remittance menu and remittance information (remittance address, remittance coin, remittance quantity) You can enter the form of transfer (immediate transfer, scheduled transfer or direct debit).

The authentication server 240 performs authentication to access the electronic wallet of the internal network when a coin transaction command such as a coin remittance is performed in the electronic safe deposit server 220. Preferably, a multi-sig (multi sig) method is used. Multi-signature is an electronic signature that requires multiple private keys for the digital signature. For example, multiple authentication may be performed by personal One Time Password (OTP) or biometric authentication.

The transaction passed through the multisignal in the authentication server 240 is connected to the internal network 300 via the network connection section 400.

The transaction that has passed through the network connection section 400 is transmitted to the service API 310 of the internal network 300, and the service API 310 transmits the corresponding transaction to the assigned electronic wallet 331 of the user terminal 100. do.

The service API 310 classifies the transaction information selected and generated by the user in the electronic vault server 220, and when the transaction relates to the reservation transfer, the service API 310 directly transfers the transaction to the electronic wallet 331. If not, it is held for a predetermined reservation time and transferred to the electronic wallet 331 when the reservation time is reached.

When the transaction is related to automatic transfer, the service API 310 does not transfer the transaction directly to the electronic wallet 331, but holds it for a predetermined transfer setting time, and then the electronic wallet 331 whenever the transfer setting time is reached. To pass.

The user may transmit a reservation transfer or direct debit cancellation command within the reservation time or before the arrival of the debit period, and the service API 310 receiving the reservation transfer deletes the transaction.

Each electronic wallet 331 is implemented on a virtual machine 330. The virtual machine 330 is a software implementation of a computing environment, that is, software that emulates a computer. An operating system or an application program can be installed and executed on the virtual machine 330. In the present invention, the electronic wallet 330 is executed.

The virtual machine manager 320 manages the virtual machines 330 of various users in the internal network 300.

The electronic wallet 331 implemented on the virtual machine 330 includes a key for activating a transaction, so that the transaction can be signed by an external network.

The transaction signed in the electronic wallet 331 is transferred to the coin node 230 through the network connection section 400 again, which is verified through the respective coin nodes constituting the blockchain mainnet 500 and the transfer of coins. The transaction of the cryptocurrency is completed.

In the process transmitted from the service API 310 to each electronic wallet 331, it is preferable that a cryptographic protocol such as SSH (Secure Shell) is applied to protect the section.

Hash function, a kind of computer encryption technology, is an algorithm that generates pseudo-random numbers of fixed length in a given text. The value generated through the hash function is called a hash value.

In a digital file, there is a value obtained by inserting the number and alphabet of each file into a specific function, which is called a hash value. It is also called a digital fingerprint because it is a unique value obtained like a human fingerprint. If you modify only one character of the digital file, the hash value is completely different, so you can determine if the file has been tampered with.

3 is a diagram illustrating a cryptocurrency protection method using a virtual machine according to an embodiment of the present invention.

When the user terminal 100 accesses the cryptocurrency exchange server 210 located in the external network 200 for cryptocurrency trading, inputs user account information (S301), the user account information is transmitted to the cryptocurrency exchange server 210. The transmission (S303), the cryptocurrency exchange server 210 is connected to the electronic safe deposit box server 220 using the account information of the cryptocurrency exchange server 210 (S305).

 When the user terminal 100 inputs a transaction command such as cryptocurrency transfer to the electronic vault server 220 (S307), the authentication server 240 performs multi-signal authentication in preparation for external hacking (S309). Multi-signal authentication may be performed by multi-authentication such as personal one time password (OTP) or biometric authentication.

The transaction (TX) is performed is transmitted to the internal network 300 for personal signature (S311), the virtual machine 330 assigned to the user terminal 100 in the service API 310 of the internal network 300 By transmitting the transaction by dividing the electronic wallet 331 of (S313).

The service API 310 classifies the transaction information selected and generated by the user in the electronic vault server 220, and when the transaction relates to the reservation transfer, the service API 310 directly transfers the transaction to the electronic wallet 331. If not, it is held for a predetermined reservation time and transferred to the electronic wallet 331 when the reservation time is reached.

When the transaction is related to automatic transfer, the service API 310 does not transfer the transaction directly to the electronic wallet 331, but holds it for a predetermined transfer setting time, and then the electronic wallet 331 whenever the transfer setting time is reached. To pass.

Although not shown, the user may transmit a reservation transfer or debit cancellation command within a reservation time or before the arrival of the debit period, and the service API 310 receiving the same may delete a corresponding transaction.

The electronic wallet 331 includes a key for activating the transaction, and if the received transaction is reasonable, the electronic wallet 331 performs a personal signature (S315) and transmits the signed transaction to the coin node 230 of the external network 200. (S317).

The coin node 230 verifies and shares the transaction through each coin node of the blockchain mainnet 500 using the blockchain technique to complete the transaction of the cryptocurrency (S321).

In FIG. 3, steps S301 to S321 are described as being sequentially executed. However, these are merely illustrative examples of the technical idea of the present embodiment. 3 may be modified and modified by changing the order described in FIG. 3 or executing one or more steps of steps S301 to S321 in parallel without departing from the essential characteristics thereof. It is not limited.

4 is a diagram illustrating another configuration of a cryptocurrency protection system using a virtual machine according to an embodiment of the present invention.

In FIG. 4, the components of FIG. 2 are described in more detail in terms of the connection relationship between the cryptocurrency exchange server 210, the electronic safe deposit server 220, the coin node 230, and the virtual machine 330.

Combinations of each block of the block diagrams and each step of the flowcharts attached herein may be performed by computer program instructions. These computer program instructions may be mounted on a processor of a general purpose computer, special purpose computer, or other programmable data processing equipment such that instructions executed through the processor of the computer or other programmable data processing equipment may not be included in each block or flowchart of the block diagram. It will create means for performing the functions described in each step. These computer program instructions may be stored in a computer usable or computer readable memory that can be directed to a computer or other programmable data processing equipment to implement functionality in a particular manner, and thus the computer usable or computer readable memory. It is also possible for the instructions stored in to produce an article of manufacture containing instruction means for performing the functions described in each block or flowchart of each step of the block diagram. Computer program instructions may also be mounted on a computer or other programmable data processing equipment, such that a series of operating steps may be performed on the computer or other programmable data processing equipment to create a computer-implemented process to create a computer or other programmable data. Instructions that perform processing equipment may also provide steps for performing the functions described in each block of the block diagram and in each step of the flowchart.

In addition, each block or step may represent a portion of a module, segment or code that includes one or more executable instructions for executing a specified logical function (s). It should also be noted that in some alternative embodiments, the functions noted in the blocks or steps may occur out of order. For example, the two blocks or steps shown in succession may in fact be executed substantially concurrently or the blocks or steps may sometimes be performed in the reverse order, depending on the functionality involved.

The above description is merely illustrative of the technical idea of the present invention, and those skilled in the art to which the present invention pertains may make various modifications and changes without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are not intended to limit the technical idea of the present invention but to describe the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be interpreted by the following claims, and all technical ideas falling within the scope of the present invention should be construed as being included in the scope of the present invention.

According to the cryptocurrency protection system and method using the virtual machine of the present invention, it is easy to access from any user terminal without a physical device such as a separate secure USB or card and can strongly protect the cryptocurrency from hacking from an external network. As it can be used as a solution to provide a cryptocurrency protection system and method using a virtual machine, the possibility of commercialization or sales of the applied device is not only sufficient, because it is beyond the limitation of the existing technology. But it is an invention that is industrially applicable because it is practically evident.

100: user terminal 200: external network 300: internal network
400: network segment 500: blockchain main net
210: cryptocurrency exchange server 220: electronic safe box server 230: coin node
240: authentication server 310: service API 320: virtual machine administrator
330: virtual machine 331: electronic wallet

Claims (15)

A user terminal for requesting a cryptocurrency trading service by accessing a cryptocurrency exchange possessed by an individual user;
An external network accessible from the user terminal via the Internet and including a cryptocurrency exchange server;
An internal network that is configured to be independent of the external network and is connected only to receive a cryptocurrency transaction from the external network for signing, and includes an electronic wallet implemented on a virtual machine that stores the cryptocurrency of the user terminal; And
Including a blockchain mainnet connected to the external network and implemented with blockchain technology that stores wallet information of all users,
The external network,
Cryptocurrency exchange server that provides a cryptocurrency web service; An electronic vault server linked with the cryptocurrency exchange server to provide a cryptocurrency money transaction service; A coin node for linking the transaction information performed in connection with the electronic vault server to a blockchain mainnet; And an authentication server for performing multi-signature authentication,
The electronic wallet implemented on the virtual machine is allowed only access to a multi-signature authenticated user in the external network, and can sign a transaction received from an external network including a key for activating the transaction.
The internal network including the electronic wallet implemented on the virtual machine,
A service API for classifying a cryptocurrency transaction transaction transmitted to the internal network through the external network into an allocated electronic wallet of the user terminal; And a virtual machine manager for managing the virtual machine of multiple users in the internal network,
Transaction between the external network and the internal network is transmitted in the form of a stream, the cryptocurrency protection system using a virtual machine, characterized in that to distinguish and transmit only a predetermined type of information and to block other information transmission. delete The method of claim 1,
The electronic safe server,
If the user terminal wants to transfer the cryptocurrency to the account of the other user terminal, the cryptocurrency protection system using a virtual machine characterized in that to provide a coin remittance menu and to input the remittance information. The method of claim 1,
Multi-signal authentication is a cryptocurrency protection system using a virtual machine, characterized in that performed by a personal OTP (One Time Password) or biometric authentication method. The method of claim 3,
The remittance information,
Cryptocurrency protection system using a virtual machine, characterized in that it comprises any one or more of the remittance address, remittance coin, remittance quantity, transfer form (immediate transfer / reservation transfer / automatic transfer). delete delete The method of claim 1,
The predetermined type of information is
Cryptocurrency protection system using a virtual machine, characterized in that the key value including any one or more information of the user wallet, the transfer wallet and the amount of coins. delete The method of claim 1,
Transaction signed in the electronic wallet,
Cryptocurrency protection system using a virtual machine characterized in that verified through each of the coin nodes constituting the blockchain mainnet through the external network and performs a transaction of cryptocurrency. delete The method of claim 1,
The service API,
When transaction is related to reservation transfer by separating transaction information received from the external network, the transaction is not immediately delivered to the electronic wallet but held for a predetermined reservation time and then transferred to the electronic wallet when the reservation time is reached. Cryptocurrency protection system using a virtual machine, characterized in that. The method of claim 1,
The service API,
When transaction is related to automatic transfer by dividing the transaction information received from the external network, the transaction is not transferred directly to the electronic wallet but held for a predetermined transfer setting time, and then whenever the transfer setting time is reached Cryptocurrency protection system using a virtual machine, characterized in that the transmission to the electronic wallet. The method of claim 12,
The service API,
If the reservation transfer cancellation command is received before the arrival of the reservation time cryptocurrency protection system using a virtual machine, characterized in that for deleting the transaction. The method of claim 13,
The service API,
If the debit cancellation command is received before the debit period arrives, the transaction stored in the cryptocurrency using a virtual machine, characterized in that for deleting the transaction.

Images