KR102025837B1 - Access control system with blockchain network and smart contract - Google Patents

Abstract

The present invention relates to a blockchain network and an access control system with a smart contract using the same. The access control system using the access control system including the blockchain network to verify the user′s authentication information for the user′s access request and manage an access control record comprises: a user terminal requesting a door access approval by a user; a system server checking an access authority from the received authentication information of the user according to the access request of the user terminal, and when the access request is approved, providing an approval signal to a door control device and storing an access record of the user; a blockchain network storing a hash value of the access record of the user received from the system server; and a manager terminal requesting the access control record to be viewed with the administrator authentication information to the system server, and receiving and confirming the access control record from the system server. Thus, the present invention can minimize the size of data stored on the blockchain and reduce costs.

Description

Blockchain network and access control system with smart contract using it {Access control system with blockchain network and smart contract}

The present invention relates to a blockchain network and an access control system using a smart contract using the same, and more particularly, to an access control system for managing and operating an access control of a user through a blockchain and a smart contract.

In recent years, many companies have installed access control systems to control outsiders' access or manage users' access, and have strengthened access control measures to selectively restrict employees' access to employees for reasons of corporate secret protection.

Therefore, all accessors must have an access card, remember a preset password, or have a certain verification means to be freely accessible. In some cases, permission must be obtained every time they enter. In the conventional art, when the accessor identification means is provided, the accessor identification means determines whether the value matches the value stored in the storage device, and opens the door by the access problem fisherman. If the user does not have access control means or is a visitor, if the call is made with the user by pressing the extension number of the internal user through the key input unit of the access control terminal, the user presses a button for remotely controlling the access control terminal through the internal telephone. It is configured to open the door by detecting the input signal of the internal telephone from the access problem fisherman, and manages the door control thoroughly.

On the other hand, blockchain technology, which is spreading worldwide recently, can be used to store data in an immutable and permanent manner. Blockchain technology is a consensus-based electronic ledger implemented as a computer-based decentralized distributed system of blocks of transactions. Each transaction is a data structure that encodes data transfer between participants in a blockchain system and includes at least one input and at least one output. Each block contains a hash value of the previous block for which the blocks are chained together to create a permanent and immutable record of all transactions written to the blockchain since the beginning of the transaction.

As mentioned above, the door control system currently applied is a centralized method of managing access records internally, and the access information of the user can be easily exposed or forged by the outside, which limits the reliability of the access records. There are disadvantages.

KR 10-0682485 Issue KR 10-1595413 KR 10-1223899 KR 10-1541145 KR 10-2015-0115766

In order to solve the above problems, the present invention implements a door control system, and converts access control records (access records, access records of access records, access permission records, etc.) into hash values and stores them on a blockchain basis. Therefore, it is impossible to forgery the access control record, strengthen the security so that access record can not be checked even if the access record is encrypted and read, and the user can give the administrator the right to view his / her access record so that the access record can be managed by himself. It is intended to be.

In addition, the present invention provides an access control system that can reduce the size of the data stored in the block chain by reducing the size of the data stored in the block chain by grouping the access control records and converting them into a hash value to store one Mercule per group in the block chain There is a purpose.

The present invention for achieving the above object, in the access control system for verifying the authentication information of the user for the access request of the user using an access control system including a blockchain network and manages the access control record, Check the access authority from the user terminal requesting the door access approval by the user and the user's authentication information received according to the access request of the user terminal, and if the access request is approved, provide the approval signal to the door controller and enter the user's access. Requests the access control record to be viewed along with the system server storing the record, the blockchain network storing the hash value of the access record of the user received from the system server, and the administrator authentication information from the system server. The administrator terminal that receives and checks the control record It is configured to hereinafter.

The system server may group the access records to store the access records for each group, a hash value of the access records, and a merkle tree of the group, and the blockchain network stores the mercury of the group.

In addition, the system server, when the access record reading request from the administrator terminal occurs, and transmits the access request for access record and administrator authentication information to the system server, the access record for each group by reading the access record of the group by group Stores hash value of record, access record of access record and group tree of group.

In addition, the system server, when an access right change request from the administrator terminal occurs, transmits an access right change request and administrator authentication information to the system server, and group the access rights change record to group the access right change record and access by the group Stores hash value of authority change record and group tree of group.

The system server may receive a hash value of the access record from the blockchain network and calculate a hash value from the access record stored in the system server when a request for forgery confirmation of access record is received from the administrator terminal. Compare the hash value received from the blockchain network to check whether the access control record forgery, and transmits a forgery confirmation message to the administrator terminal.

In addition, the system server, when there is a request for forgery confirmation of the access control record from the administrator terminal, requests the Mercule of the access control record (access record, access record, access record change record) to the blockchain network And after receiving the transmission, calculate a hash value from the access control record stored in the system server, compare the calculated hash value with the hash value stored in the system server, and determine whether or not it is the same. After calculating the Mercule from the value and the Merkle Tree, and comparing the Mercule received from the blockchain network to check whether the access control record forgery, and transmits a forgery confirmation message to the administrator terminal.

In addition, in the access control system that uses the access control system including a smart contract (verbal contract) to verify the user's authentication information for the user's access request and manages the access control record, the door access approval by the user The requesting user terminal checks the access authority from the authentication information of the user received according to the access request of the user terminal, and when the access request is approved, provides an approval signal to the door controller, and corresponds to the encryption key and the corresponding encryption key. A system server for encrypting a user's access record with a decryption key, grouping and storing the encrypted access record, and storing a hash value of the encrypted access record and a merkle tree of the group, and an encrypted access received from the system server. A smart contract that stores the decryption key of the record and the merlute of the group And an administrator terminal for accessing and requesting an access control record to be accessed with the administrator authentication information and receiving and confirming the access control record therefrom, wherein the system server records the access control from the administrator terminal. Check the authority and request the decryption key of the access record to the smart contract, and if the read condition is satisfied, the decryption key is received from the smart contract, and the access record is decrypted by decrypting the encrypted access record. Send to the terminal.

In addition, the user terminal stores a program accessible to the smart contract, and if the administrator terminal connected to the system server does not have the right to view the access record, the system server grants the user terminal the right to view the access record. And the user terminal requests the smart contract to change the reading condition so that the administrator can view the decryption key of the access record, and notifies the system server of the read approval, and the system server sends the smart contract to the smart contract. When the decryption key of the access record is requested and the reading condition is satisfied, the decryption key of the access record is received from the smart contract, the encrypted access record is decrypted, and the access record is transmitted to the manager terminal.

In addition, when an administrator terminal having a compulsory reading authority among the administrator terminals requests the system server to read the access record forcibly, the system server causes the smart contract to store the compulsory reading record of the access record while decrypting the access record. Upon requesting the key, the smart contract transmits the decryption key of the access record to the system server only for the compulsory reading request, and the system server receiving the decryption key transmits the compulsory reading record to the user terminal and encrypts it. The access record is decrypted and the access record is transmitted to the administrator terminal.

In addition, when there is a request for forgery confirmation of access record from the administrator terminal, the system server requests and transmits the mercury of the encrypted access record to the smart contract, and then receives the encrypted access record from the encrypted access record stored in the system server. Calculate the hash value and compare the calculated hash value with the hash value stored in the system server to determine whether it is the same, and if it is the same, calculate the Mercut from the hash value and the Merkle tree, and then send it from the smart contract. It checks whether the access record is forged or not compared with the received Mercule, and transmits a forgery confirmation message to the manager terminal.

The present invention configured and operated as described above is a forgery and impossibility of forgery and security through encryption storage by configuring the access control system by applying the blockchain network and smart contract (smart contract), and the user can access his / her administrator to the administrator. Since the authority to view the record can be given, the access record can be managed by yourself.

In addition, the present invention has the effect of reducing the size of the data stored in the block chain by reducing the cost by storing a single group in each block in the block chain by grouping the access control records and converted to a hash value.

Therefore, since the present invention is based on the black chain network and smart contract, forgery of the access control record is impossible, it is possible to secure the reliability of access information, and furthermore, the access control with high satisfaction through personal information protection according to the information age. There is an advantage to implementing a system.

1 is an overall configuration diagram of an access control system to which a block chain network and a smart contract using the same according to the present invention,
2 is a block diagram of a blockchain network and an access control system using a smart contract using the same according to the present invention;
3 is a flow chart of an access record storage process in a blockchain network and an access control system to which a smart contract using the same according to the present invention;
4 is a flow chart of an access record reading process in a blockchain network and an access control system to which a smart contract using the same according to the present invention;
5 is a flowchart of a process for changing access rights in a blockchain network and an access control system to which smart contracts using the same according to the present invention;
6 is a flowchart of a process of checking forgery of an access control record in a blockchain network and an access control system to which a smart contract using the same according to the present invention;
7 is a flowchart illustrating a process of encrypting and storing access records in a blockchain network and an access control system to which a smart contract using the same according to the present invention;
8 is a flowchart illustrating an encrypted access record reading process in a blockchain network and an access control system to which a smart contract using the same according to the present invention;
9 is a flowchart illustrating a request for viewing authority and reading process of an encrypted access record in a blockchain network and an access control system to which a smart contract using the same according to the present invention;
10 is a flowchart of a forced reading process of an encrypted access record in a blockchain network and an access control system to which a smart contract using the same according to the present invention;
11 is a flowchart of a process for checking whether a forged access record is encrypted in an access control system to which a block chain network and a smart contract using the same according to the present invention are applied.

Hereinafter, a preferred embodiment of a blockchain network according to the present invention and an access control system to which a smart contract using the same according to the present invention will be described in detail with reference to the accompanying drawings.

The present invention provides an access control system for verifying authentication information of a user for an access request of a user using an access control system including a blockchain network and managing access control records, wherein the user requests access approval for a door access by the user. A system server for checking an access right from user authentication information received according to an access request of the user terminal and providing an approval signal to a door control device and storing an access record of the user when the access request is approved. An administrator terminal that requests the system server for access control records to be viewed along with the blockchain network and administrator authentication information that stores the hash value of the user's access records received from the server, and receives and confirms the access control records therefrom. It is configured to include.

In addition, in the access control system that uses the access control system including a smart contract (verbal contract) to verify the user's authentication information for the user's access request and manages the access control record, the door access approval by the user The requesting user terminal checks the access authority from the authentication information of the user received according to the access request of the user terminal, and when the access request is approved, provides an approval signal to the door controller, and corresponds to the encryption key and the corresponding encryption key. A system server for encrypting a user's access record with a decryption key, grouping and storing the encrypted access record, and storing a hash value of the encrypted access record and a merkle tree of the group, and an encrypted access received from the system server. A smart contract that stores the decryption key of the record and the merlute of the group And an administrator terminal for requesting the access control record to be viewed with the administrator authentication information to the system server, and receiving and confirming the access control record therefrom, wherein a request for access to the access record is generated from the administrator terminal. The system server checks the administrator's authority and requests the decryption key of the access record to the smart contract to receive the decryption key if the reading condition is satisfied.

The blockchain network and the access control system using the smart contract using the same according to the present invention are to provide a blockchain network-based access control record management system and a smart contract-based access record management system on the blockchain network. have.

In the present invention, the access control system according to the present invention implements the door control system, and converts the access control record (entry record, access record of the access record, access permission change record, etc.) into a hash value and stores it on a blockchain basis. Accordingly, the purpose is to configure the record so that the information about the access record cannot be confirmed even if the record is impossible to be forged and the access record is encrypted (based on the smart contract).

Blockchain is a technology in which the ledger that records data information is distributed to P2P networks rather than a central server of a specific institution, and jointly recorded and managed by the computing devices participating in the network. Existing system had arbitrary central managers to confirm and clear data between both parties and keep transaction records.But blockchain ultimately makes these central managers unnecessary, so system infrastructure cost is low and The more participating computing devices, the greater the integrity of the data.

In addition, the smart contract (smart contract) described in the present invention is that the mutual agreement implementation and verification process is automated to the network using a blockchain technology base. On the basis of building trust in the contract and the outcome of the contract through a shared network between stakeholders, all the computing devices participating in the network in the form of automated contract processing jointly verify, record and store transaction information. More specifically, it refers to program code that can execute the execution and enforcement of contracts or negotiations using blockchain technology.

1 and 2 is a block diagram of the blockchain network according to the present invention and the access control system to which the smart contract using the same is applied.

The present invention is a system server 400 for opening a door (unsigned) by receiving an access request from the user terminal 300 and the access request from the user terminal and greatly providing an approval signal to the door control apparatus 100. ), And a blockchain network 200 that stores a hash value of a user's access control record received from the system server, and an administrator terminal 500 operated by an administrator.

In addition, in the access control system according to the present invention for the door control device 100, the operation of the access control record, such as the access record, access record of the access record, access authority change record, check the integrity of the access control record (forgery confirmation) Processes related to overall access operation such as blockchain-based and smart contract are applied.

In the present invention, the user terminal 300 corresponds to a smart device (smartphone) that the user carries or an operation device (password input, fingerprint input, tag scanning, etc.) that acts when the user approaches and passes the door. The system is configured to control the door opening and closing in the control device (100). The door control device 100 corresponds to a control device for controlling whether the door is open.

3 to 11 are diagrams illustrating a process of a system operated by an administrator from a process of storing access records of a user. 3 is a flow chart of the access record storage process in the access control system to which the block chain network and smart contract using the same according to the present invention.

The access control system transmits user authentication information from the user terminal to the system server when a door opening / closing request is generated according to a user's access request. The system server checks whether there is an access right from the user authentication information and transmits an open signal to the door control device if there is authority to control the door to be opened and closed.

The system server determines whether the user authentication information transmitted from the user terminal matches the user authentication information stored in the system server and confirms the access right of the user.

Here, the system server 400 is to store the access record according to a certain standard, in the present invention, the access control information such as access record, access record reading record, access authority change record, etc., and collectively referred to as "entry access" "Control records" collectively refers to the overall data of access. The system server groups the access control records according to a predetermined criterion, and stores the access control records for each group, a hash value for the records, and a merkle tree for the group. The system is then implemented so that group-specific merclutes are stored in the blockchain network.

The system server generates a transaction including the Mercule as data and stores the Mercule in the blockchain network through a method of propagating the transaction to the blockchain network. The system server stores the transaction ID of the transaction or the blockchain address used to generate the transaction for each group. When the transaction ID or the blockchain address is searched for in the blockchain network, the corresponding mercruit stored in the blockchain network can be checked.

The transaction ID or the blockchain address is information used for specifying the transaction in the blockchain network. The system server may store only one of the transaction ID and the blockchain address. If the transaction ID is known, the blockchain address can be confirmed by checking the transaction in the blockchain network, and the transaction ID can be confirmed if the blockchain address is known.

Merkle tree used in the present invention, even if there is an attempt to falsify the record, the hash value is different when the Merkle tree follows the Merkle path, so that the forgery of the record can be immediately known, and this can be prevented. . In the present invention, the access control record is grouped and stored, and the block chain network stores one hash value for each group. If the Merkle Tree structure is not used in grouping, it can only confirm that a forged access control record exists within the group if the access control record is forged, and it cannot specify the forged access record. By using the Merkle Tree structure, it is possible to specify a forged access control record within a group without storing only the group's Mercut on the blockchain network and storing the hash value of all access control records.

Therefore, in the present invention, the access control record is stored / managed in the Merkle Tree structure.

If the access record is not grouped so that the Merkle Tree structure is not used, the system server stores the access record and stores the hash value for the record in the blockchain network. The system server stores the hash value in the blockchain network by generating a transaction including the hash value as data and propagating the blockchain network. The system server stores the transaction ID of the transaction or the blockchain address used to generate the transaction for each access record. When the transaction ID or the blockchain address is searched in the blockchain network, a corresponding hash value stored in the blockchain network can be checked.

In addition, referring to FIG. 3, the user terminal requests access approval to the system server and transmits user authentication information to the system server, and the third to confirm access authority in the system server. Step 2, Steps 3-3 to transmit the access approval signal from the system server to the door control device, Steps 3-4 to open the door from the door control device and the access record grouped in the system server Steps 3-5 store the access record, the hash value of the access record, and the Merkle Tree for each group, and the third through 6-6 stores the Mercut on the blockchain network in the system server.

4 is a flowchart illustrating an access record viewing process in a blockchain network according to the present invention and an access control system to which a smart contract using the same is applied. When the user wants to view the access record stored in the system server 400 by the administrator, when the access request for access record is generated from the administrator terminal for the request to read in the administrator terminal 500, the request for viewing the access record and the administrator to the system server The authentication information is transmitted, and the system server checks the administrator's authority and transmits the access record to the administrator's terminal if the user has the authority to view the authority.

The system server checks whether the administrator authentication information received from the administrator terminal matches the administrator authentication information stored in the system server and confirms the administrator's authority.

At the same time when the access record is viewed and the access record is forged, the system server checks whether the access record is forged by receiving a mercury of the access record in the blockchain network before transmitting the access record to the administrator terminal. The system server calculates a hash value from the access record and compares it with the hash value stored in the system server. The system server calculates a merkle using the hash value of the access record and the merkle path from the merkle tree and compares it with the mercruit on the blockchain network. Proceed through the procedure to check the access record forgery. If the access record is forged, the hash value or mercruit does not match in the above procedure. The system server checks whether the access record is forged, and then transmits the access record to the administrator terminal 500 or transmits a forgery confirmation message when the forgery is confirmed.

The system server uses the transaction ID or blockchain address of the group to which the access record belongs in receiving the access record mercury from the blockchain network. When the transaction ID or the blockchain address is searched for in the blockchain network, the corresponding mercruit stored in the blockchain network can be checked. In more detail, when the system server requests the information of the transaction while transmitting the transaction ID or the block chain address to the block chain network, the block chain network includes the mercury in the system server. Send the transaction information.

If the access record is not grouped and the merkle tree structure is not used, the hash value is calculated from the access record stored in the system server and compared with the hash value on the blockchain network to check whether the access record is forged or not. The system server uses the transaction ID or the blockchain address of the access record in receiving the hash value from the blockchain network. When the transaction ID or the blockchain address is searched in the blockchain network, a corresponding hash value stored in the blockchain network can be checked.

Thereafter, since the reading record is generated, the system server 400 groups the reading records according to a predetermined criterion in order to manage the reading records, and stores the reading records for each group, the hash values of the reading records, and the Merkle Tree of the group. Mercules according to the Merkle Tree are processed to be stored in the blockchain network 200. Therefore, the blockchain network 200 stores only merclute. The system server generates a transaction including the Mercule as data and stores the Mercule in the blockchain network through a method of propagating the transaction to the blockchain network. The system server stores the transaction ID of the transaction or the blockchain address used to generate the transaction for each group.

In more detail, step 4-1 of requesting to view the access record from the administrator terminal to the system server and transmitting administrator authentication information, and step 4-2 of checking the administrator authority from the system server and the system server Steps 4-3 of requesting mercury of entry and exit records to the blockchain network, and Steps 4-4 of transmitting a mercury of entry and exit records from the blockchain network and the system server. Steps 4-5 for checking forgery and the access record from the system server to the administrator terminal, wherein steps 4-6 for sending a forgery confirmation message when the forgery is checked and grouping the reading records in the system server Steps 4-7 for storing the reading record, the hash value of the reading record, and the Merkle Tree for each step and the blockchain network in the system server. Subjected to a first step 4-8 of storing meokeul root.

5 is a flowchart illustrating a process of changing an access right in a blockchain network according to the present invention and an access control system to which a smart contract using the same is applied.

When the access authority change occurs, the administrator terminal 500 transmits an access authority change request to the system server 400 together with the administrator authentication information, and the system server confirms the administrator authority and changes the access authority. At this time, the user's access authority change is similarly grouped in the access control record (entry access record, access record, access record change record) according to a certain criteria, access control record for each group, hash value for access control record, The mercury tree of the group is stored in the system server, and the mercurt of the mercury tree is stored in the blockchain network 200, and a record according to the change of the access right is recorded. The system server generates a transaction including the Mercule as data and stores the Mercule in the blockchain network through a method of propagating the transaction to the blockchain network. The system server stores the transaction ID of the transaction or the blockchain address used to generate the transaction for each group.

In more detail, step 5-1 of requesting to change the access right from the administrator terminal to the system server and transmitting administrator authentication information, and step 5-2 of checking the administrator right from the system server and the access right Steps 5-3 of changing and the access rights change record grouped by the system server to store the hash value of the access right change record and the access right change record, Merkle Tree for each group and the system server in the step 5-4 There are five to five steps of storing Mercule on the blockchain network.

6 is a flowchart illustrating a process of checking whether a forgery of an access control record is tampered with in an access control system to which a block chain network and a smart contract using the same according to the present invention are applied.

When the system server requests to view an access control record (entry record, access record, access record, access right change record) from the administrator terminal 500, or requests for forgery confirmation of access control record, or periodically the block Receives the Mercule of the access control record from the chain network, calculates a hash value from the access control record stored in the system server 400, compares the hash value with the hash value stored in the system server, and compares the hash value with the merkle tree. Compute the Mercule using the Merkle path to check whether the requested or total access control record is forged and compared with the Mercut received from the blockchain network 500, and forgery with the administrator terminal 500 Send a message. If the access record is forged, the hash value or mercury does not match.

The system server uses the transaction ID or the blockchain address of the group to which the access control record belongs in receiving the access control record in the blockchain network. When the transaction ID or the blockchain address is searched for in the blockchain network, the corresponding mercruit stored in the blockchain network can be checked.

When the access record is not grouped and the merkle tree structure is not used, the system server requests the access record from the administrator terminal 500 or the request for forgery confirmation of the access record, or periodically the blockchain network. Receives the hash value of the access record from the 200 and compares it with the hash value calculated from the access record stored in the system server to check whether or not forgery of the requested or total access control record, and to the administrator terminal 500 Send a message about forgery or not. The system server uses the transaction ID or the blockchain address of the access record in receiving the hash value from the blockchain network. When the transaction ID or the blockchain address is searched in the blockchain network, a corresponding hash value stored in the blockchain network can be checked.

In more detail, step 6-1 and the system server from the system server to the blockchain network requesting forgery confirmation of the access control record or regular forgery confirmation of the entire access control record to the system server in the administrator terminal. Step 6-2 of requesting the Mercule of the access control record, Step 6-3 of transmitting the Mercule of the access control record from the blockchain network to the system server, and confirming the forgery of the access control record of the system server. Step 6-4 and step 6-5 in which the system server transmits a message on the forgery or not forgery.

On the other hand, the present invention proposes a smart contract-based access control method implemented in a blockchain network as another embodiment.

7 to 11 illustrate an access control system to which a smart contract is applied. 7 is a flowchart illustrating a process of encrypting and storing access records in a blockchain network and an access control system to which smart contracts using the same are applied according to the present invention.

When the user terminal 300 transmits user authentication information to the system server 400 according to an access request of the user, the system server checks the access authority from the user authentication information and transmits an open signal to the door control device 100 to access the door. To be opened and closed. Here, the system server includes an encryption key and a decryption key corresponding to the encryption key, and encrypts the access record using the encryption key and groups an encrypted access record to group an encrypted access record and an encrypted access record. Stores the hash value of and Merkle Tree. In addition, the decryption key of the access record and the mercruit of the group are stored in the smart contract.

The system server determines whether the user authentication information transmitted from the user terminal matches the user authentication information stored in the system server and confirms the access right of the user.

The system server has an address of an account that can access the smart contract, and the address of the account has the authority to register a transaction in the smart contract, and the decryption key of the access record and mercury of the group are included in the smart contract. The decryption key and the mercury of the access record are stored in the smart contract through a method of creating a transaction to register a variable in the smart contract and registering the transaction by accessing the smart contract address using the account address. The variable stores as many decryption keys and access points as there are encrypted access records in the group. In one group, the number of decryption keys stored in the smart contract can be reduced by using the same encryption key. The system server stores the variables of the smart contract for each group. The system server accesses the smart contract, requests the reading of the variable, and checks the decryption key and merquet of the corresponding access record stored in the smart contract.

The system server includes an encryption key and a pool or key generation program of a decryption key corresponding to the encryption key, and randomly selects or generates an encryption key and a decryption key corresponding to the encryption key when encrypting access records. If the encryption key and the decryption key corresponding to the encryption key are used once, only the decryption key is stored in the smart contract without being stored in the system server. The encryption key and the decryption key corresponding to the encryption key may be an asymmetric key having different encryption keys and decryption keys or a symmetric key having the same encryption key and decryption key.

Referring to FIG. 7, the user terminal transmits an access approval request and user authentication information to the system server, step 7-1, and checks the access authority from the system server. Step 7-3 of transmitting an access approval signal to the door control device; Step 7-4 of opening the door at the door control device; Step 7-5 of encrypting the access record at the system server and the system server Step 7-6 of storing the encrypted access record, the hash value of the encrypted access record, and the Merkle Tree by grouping the encrypted access records in the group; and storing the decryption key and the Mercut in the smart contract in the system server. Go through steps 7-7.

8 is a flowchart illustrating an encrypted access record reading process in a blockchain network according to the present invention and an access control system to which a smart contract using the same is applied.

When the user wants to view the encrypted access record stored in the system server 400 by the administrator, the administrator terminal 500 transmits a request for viewing the access record and the administrator authentication information to the system server, and the system server transmits the administrator authority. In case of checking and checking authority, the decryption key of the access record is requested to the smart contract 200. If the reading condition of the smart contract is satisfied, the decryption key is provided to the system server 400, and the encrypted access record is decrypted. The access record is transmitted to the manager terminal 500.

The system server receives the decryption key of the encrypted access record in the smart contract, and uses the variable of the smart contract for the group to which the encrypted access record belongs. The system server requests to view the variable by accessing the address of the smart contract with the address of an account accessible to the smart contract, and if the address of the account satisfies the reading condition of the smart contract, the variable of the smart contract. Check the corresponding decryption key stored in. In this case, since the number of decryption keys and one merlute of the encrypted access records in the group are stored, the decryption key to be viewed in the variable is specified to request reading of the variable. Since the order of the encrypted access record in the group stored in the system server and the order of the decryption key stored in the variable of the smart contract are matched, the decryption key may be specified and requested to be read.

In addition, when reading access records, the system checks the administrator's authority on the system server and checks the access authority on the smart contract twice. The system server checks whether the administrator authentication information received from the administrator terminal matches the administrator authentication information stored in the system server and confirms the administrator's authority.

Next, if the administrator authority is confirmed, select the address of the account corresponding to the administrator authority among the addresses of the account for accessing the smart contract stored in the system server, access the smart contract, and request the decryption key. Thereafter, in checking the smart contract viewing condition in the smart contract, the smart contract checks whether the address of the account used by the system server has access authority to the smart contract, or the authority to view the variable or the decryption key stored in the variable. Check if it is. The system server has the address of a plurality of accounts for accessing the smart contract, and the variable that can be viewed according to the address of the account is different, some or all of the variables may be limited in the viewing period.

If the user wants to check the encrypted access record at the same time as checking the encrypted access record, the system server decrypts the access record and transmits the mercury of the access record from the smart contract before transmitting it to the administrator terminal. Check for forgery of records. The system server calculates the hash value from the encrypted access record and compares it with the hash value stored in the system server, and calculates the Mercut using the Merkle path from the hash value of the encrypted access record and the Merkle Tree. Check if the encrypted access record is forged or not by proceeding with the comparison procedure. In the above procedure, if the encrypted access record is forged, the hash value or merclute does not match. The system server checks whether the encrypted access record is forged or not and then decrypts the access record using the decryption key of the access record provided by the smart contract, and transmits the access record to the administrator terminal 500 or checks the forgery. Send a forgery confirmation message. Here, since the access record is obtained by decrypting the encrypted access record, it is possible to confirm whether the access record is forged by checking whether the encrypted access record is forged.

The system server uses a variable of the smart contract for the encrypted access record in receiving the decryption key and merquet of the encrypted access record in the smart contract. The system server requests to view the variable by accessing the address of the smart contract with the address of an account accessible to the smart contract, and if the address of the account satisfies the reading condition of the smart contract, the variable of the smart contract. Check the decryption key and Mercut of the access record stored in the system. At this time, since the number of decryption keys and one mercruit is stored in the variable as many as the number of encrypted access records in the group, the decryption key and merlute to be viewed in the variable are specified to request the reading of the variable.

In the smart contract based system, when the access record is read, the system server requests the decryption key from the smart contract, and when the forgery is checked, the mercurt is requested. When the access record is read, the decryption key and the mercruit are requested.

In more detail, the administrator terminal requests to view the access record to the system server and transmits the administrator authentication information to step 8-1 and step 8-2 to confirm the administrator authority in the system server and the system. Step 8-3, wherein the server requests the decryption key and the mercury of the access record from the server, and if the reading condition is satisfied, the smart contract transmits the decryption key and the mercury of the access record to the system server. Step 8-5 and Step 8-5 of checking forgery and corruption of the encrypted access record in the system server, and Step 8-6 of decrypting the access record in the system server and transmitting the access record to the administrator terminal in the system server However, in this case, the forgery check goes through steps 8-7 of transmitting the forgery confirmation message.

9 is a flowchart illustrating a request for viewing authority and reading process of an encrypted access record in a blockchain network and an access control system using a smart contract using the same according to the present invention.

When the administrator terminal 500 is confirmed that the administrator authority, but does not have the right to view the access record requesting the reading, the system server 400 requests the right to view the access record to the user terminal, the user terminal ( In 300, the administrator reads the decryption key of the corresponding access record and notifies the system server 400 of the reading approval by changing the reading condition of the smart contract, and the decryption key of the access record from the system server to the smart contract. When requesting the smart contract viewing conditions are satisfied, the decryption key of the access record is provided to the system server, and the access record of the user is transmitted to the administrator terminal 500 by decrypting the access record.

In changing the reading condition of the smart contract so that the administrator can view the decryption key of the access record in the user terminal, the user terminal stores a program accessible to the smart contract and the address of the account accessible to the smart contract. And the address of the account is authorized to change the viewing condition of the smart contract so that the system server can view the decryption key of the access record of the user terminal, and the user terminal executes a transaction that changes the viewing condition. The system server accesses the smart contract's address using the account address of the system server and registers the decryption key of the access record of the user terminal through the method of registering the transaction by generating and accessing the smart contract address using the account address. Can be read Change the viewing conditions of the smart contract so that. An access record in which the user terminal can change the reading condition is an access record of the user terminal requested for access approval by the user terminal.

Thereafter, the system server receives the decryption key of the access record from the smart contract, and uses the variable of the smart contract for the encrypted access record. The system server requests to view the variable by accessing the address of the smart contract with the address of an account that is accessible to the smart contract, and if the address of the account satisfies the reading condition of the changed smart contract, Check the decryption key of the access record saved in the variable.

When the encrypted access record is checked at the same time as the encrypted access record is read, the system server decrypts the access record and transmits the mercury of the access record from the smart contract before transmitting the encrypted access record to the administrator terminal. Check the forgery of

In more detail, the administrator terminal requests the system server to view the access record and transmits the administrator authentication information, and steps 9-1 and 9-2 for checking the administrator authority in the system server and the system. A step 9-3 of requesting the access record viewing authority from the server to the user terminal; and a step 9-4 of changing a reading condition of the smart contract so that the administrator can view the decryption key of the access record at the user terminal; Steps 9-5 of notifying the access record reading approval from the user terminal to the system server, steps 9-6 of requesting the decryption key and merquet of the access record from the system server to the smart contract and the reading condition are satisfied. Steps 9-7 and the time for transmitting the decryption key and the mercruit of the entry record from the smart contract to the system server Steps 9-8 to check forgery and corruption of the encrypted access record in the system server, steps 9-9 to decrypt the access record in the system server, and the access log is transmitted from the system server to the administrator terminal. In step 9-10, a time forgery confirmation message is transmitted.

10 is a flowchart illustrating a forced reading process of an encrypted access record in a blockchain network and an access control system to which a smart contract using the same according to the present invention is applied.

When the administrator terminal having the compulsory reading authority in the manager terminal 500 requests the compulsory reading of the access record, the system server requests the decryption key of the access record while storing the decryption key compulsory reading record in the smart contract. Only for the compulsory reading request, the decryption key of the access record is transmitted from the smart contract to the system server, and the system server transmits the compulsory reading record to the user terminal 300. The system server decrypts the encrypted access record and transmits the access record to the administrator terminal.

When the system server requests the decryption key of the access record while storing the decryption key forced reading record in the smart contract, the system server has an address of an account accessible to the smart contract, and the address of the account is used to Have a right to register, create a transaction that registers the compulsory reading record in a variable of a smart contract, request a view of the decryption key of the access record, and access the smart contract address using the account address to execute the transaction. Through the registration method, the compulsory reading record is stored in the smart contract and the decryption key of the access record is checked. The variable of the smart contract is a variable for storing the forced reading record. The decryption key request of the access record is forcibly read even though the access condition is not satisfied because the request for the decryption key is not satisfied, and the system server registers the transaction in the smart contract at the request of the administrator terminal having the compulsory reading authority. It is possible to read only when storing the compulsory reading record.

When the encrypted access record is forced to be checked at the same time as the forced access of the encrypted access record, the system server decrypts the encrypted access record and transmits the mercury of the encrypted access record in the smart contract before transmitting it to the administrator terminal. Check whether the encrypted access record is forged or not. In this case, in generating the transaction for the forced reading, the request for reading the decryption key of the access record and the mercruit together may be requested.

In more detail, the manager terminal requests the system server to read the access record forcibly and transmits administrator authentication information, and steps 10-2 for checking the administrator's authority in the system server and the manager terminal. A step 10-3 of requesting a decryption key and mercury of the access record while storing the compulsory reading record in the smart contract by the system server; and the decryption key of the access record only in the compulsory reading request to the system server in the smart contract. A step 10-4 of transmitting a mercruit, a step 10-5 of transmitting a compulsory reading record from the system server to the user terminal, and a step 10-6 of checking forgery of an encrypted access record in the system server; Steps 10-7 of decrypting the access record in the system server and entering and exiting the manager terminal from the system server But the transfer, this time subjected to the first stage 10-8 to transfer the check forgery upon confirmation message forgery.

FIG. 11 is a flowchart illustrating a process of checking whether or not an encrypted access record is forged in a blockchain network and an access control system using a smart contract using the same according to the present invention.

In order to check the forgery of the encrypted access record based on the smart contract according to the present invention, the system server encrypts the access record when there is a request for viewing the access record or a forgery confirmation request from the administrator terminal, or periodically. The hash value of the encrypted access record is received and the hash value is calculated from the encrypted access record stored in the system server and compared with the hash value stored in the system server. The mercury path is calculated to compare the mercurt with the mercurt of the smart contract to check whether the encrypted access record is forged, and transmits a message regarding the forgery to the administrator terminal. In the above procedure, if the encrypted access record is forged, the hash value or merclute does not match. Since the access record is obtained by decrypting the encrypted access record, it is possible to confirm whether the access record is forged by checking whether the encrypted access record is forged.

The system server uses a variable of the smart contract for the encrypted access record in receiving the mercury of the encrypted access record in the smart contract. The system server accesses the address of the smart contract with the address of an account that can access the smart contract, specifies the mercury in the variable, requests the reading of the variable, and checks the corresponding mercury stored in the variable of the smart contract. do. In the case of reading only the Mercut from the decryption key of the entry record stored in the variable and the Mercut, it is possible to view the Mercut if the address of the account has the authority to access the smart contract. Do.

In more detail, step 11-1 of requesting forgery confirmation of access record from the administrator terminal to the system server or forgery confirmation of the entire access record on a regular basis and mercury of access record to the smart contract from the system server Step 11-2 for requesting a route; Step 11-3 for transmitting a mercury of an access record to the system server in the smart contract; Step 11-4 for checking forgery of an encrypted access record in the system server And the eleventh step of transmitting a message on the forgery or not from the system server to the administrator terminal.

While the invention has been described and illustrated in connection with a preferred embodiment for illustrating the principles of the invention, the invention is not limited to the construction and operation as shown and described. Rather, it will be apparent to those skilled in the art that many changes and modifications to the present invention are possible without departing from the spirit and scope of the appended claims. Accordingly, all such suitable changes and modifications and equivalents should be considered to be within the scope of the present invention.

100: door control device
200: Blockchain Network, Smart Contract
300: user terminal
400: System Server
500: manager terminal

Claims (8)

In the access control system using the access control system to verify the user's authentication information for the user's access request and to manage the access control record,
A user terminal for requesting door access approval by the user;
A system server which checks the access authority from the received authentication information of the user according to the access request of the user terminal, provides an approval signal to the door control apparatus and stores the access record of the user when the access request is approved;
A computing device participating in a blockchain network storing a hash value of an access record of a user received from the system server; And
Blockchain network and smart contract using the same, characterized in that it comprises a manager terminal for requesting the access control record to be viewed with the administrator authentication information to the system server and receiving and confirming the access control record therefrom. Applied access control system. The method of claim 1, wherein the system server,
Grouping the access record and storing the access record for each group, the hash value of the access record, and the Merkle Tree of the group,
And the computing device participating in the blockchain network also stores mercury of the group, and an access control system to which a smart contract using the same is applied. The method of claim 2, wherein the system server,
When a request for access record access from the administrator terminal occurs, the access request for access record and administrator authentication information is transmitted to the system server, and the access record for each group is read and the access record for access record is grouped by grouping the access record of the access record. Blockchain network, characterized in that to store the hash value of the group, Merkle Tree and access control system to which the smart contract using the same. The method of claim 2, wherein the system server,
When the access authority change request is generated from the administrator terminal, the access authority change request and the administrator authentication information are transmitted to the system server, and the access authority change record for each group and the hash value of the access authority change record are grouped by grouping the access authority change record. Block chain network, characterized in that stores the group Merkle tree and access control system applied smart contract using the same. The method of claim 1, wherein the system server,
If there is a request for forgery confirmation of access record from the administrator terminal, Calculate the hash value from the access record stored in the system server,
Receives the hash value of the access record from the computing device participating in the blockchain network, compares the received hash value and the calculated hash value to check whether the access control record is forged, and confirms whether the forgery is forged by the manager terminal. Block chain network, characterized in that for transmitting and access control system applied smart contract using the same. In the access control system that uses the access control system including a smart contract (verification) to verify the user's authentication information for the user's access request and manage the access control record,
A user terminal for requesting door access approval by the user;
Upon confirming the access authority from the authentication information of the user received according to the access request of the user terminal, if the access request is approved, provides the approval signal to the door control device, and provided with an encryption key and a decryption key corresponding to the encryption key A system server for encrypting the access record of the user, grouping and storing the encrypted access record, and storing the hash value of the encrypted access record and the merkle tree of the group;
A smart contract for storing the decryption key of the access record received from the system server and the merlute of the group; And
And an administrator terminal for accessing and requesting an access control record to be accessed with the administrator authentication information and receiving the access control record from the system server.
The system server checks the authority of the administrator when the request for reading the access record is generated from the administrator terminal, requests the decryption key of the access record from the smart contract, and receives the decryption key of the access record from the smart contract when the reading condition is satisfied. And a blockchain network for decrypting an encrypted access record and transmitting the access record to the manager terminal, and an access control system to which a smart contract using the same is applied. The method of claim 6,
When the administrator terminal having the compulsory reading authority of the administrator terminal requests the system server to read the access record,
The system server stores the compulsory reading record of the access record while the smart contract requests the decryption key of the access record, and the smart contract transmits the decryption key of the access record to the system server only for the compulsory reading request. The system server receiving the decryption key transmits a compulsory reading record to the user terminal, decrypts an encrypted access record, and transmits the access record to the administrator terminal, and an access to which a smart contract using the same is applied. Control system. The method of claim 6,
The system server,
When there is a request for forgery confirmation of access record from the manager terminal, the smart contract is requested to receive the Mercut of the encrypted access record and then received.
Calculate the hash value from the encrypted access record stored in the system server and compare the calculated hash value with the hash value stored in the system server to determine whether it is the same. After calculating mercury from the tree, the blockchain network that checks whether the access record is forged or not is compared with the mercurt received from the smart contract, and transmits a forgery confirmation message to the manager terminal, and the smart contract using the same is applied. Access control system.

Images