KR102368805B1 - Notification server using blockchain-based mobile hacking prevention process and notification method using the same - Google Patents

Abstract

The present invention relates to a notification notification server and notification notification method.
In the present invention, the notification notification server and notification using an encrypted communication channel to which the content of the notification notice is composed of a title, contents and an attached image, authenticity is verified when registering the attached assignment, and an encrypted communication channel to which a sequential channel number is assigned. A known method is disclosed.
According to the notification notification server and notification notification method according to the present invention, it is possible to obtain consent when using personal information and to provide compensation to the individual who provided the corresponding personal information in accordance with the consent.

Description

Notification notification server and notification notification method using blockchain-based mobile hacking prevention process

The present invention relates to a notification notification server and notification notification method using a block chain-based mobile hacking prevention process, and more specifically, to a terminal transmitting and receiving a notification notification using a third-party authentication server, and further It relates to a notification notification server and notification notification method using a block chain-based mobile hacking prevention process that has excellent security by applying a session key communication method assigned with a serial number.

One of the types of mail is a certificate of contents. A proof of content is a postal mail that proves that the sender has sent the document to the recipient, which is a third party post office. In order to send mail using the proof-of-contents method, the same document is filled out in detail and brought to the post office, one copy is returned to the sender, the other copy is mailed to the recipient, and the other copy is kept at the post office. Sending mail with proof of content is a mail delivery method that is often used to prepare for legal disputes in the future because it can prove that it was sent legally.

However, this method of proof-of-contents is inconvenient to use and the postage is relatively expensive, so it is difficult for the general public to use it easily. Also, in the case of mail with certified contents, the recipient is designated as the representative of the corporation and sent, but even if the employee of the relevant corporation receives it and does not deliver it to the representative, whether intentionally or by mistake, it is legally considered to have been delivered to the CEO. It can be said that there is no problem in administrative and legal aspects, but from the point of view of the representative, it is not actually received, so it is placed in an unfair position.

Meanwhile, although legal proof is not required in real life, it frequently occurs that the sender delivers a document or message to the recipient and the recipient has to confirm that the document or message has been viewed. In Korea, simple contents or documents are delivered using so-called 'KakaoTalk' operated by Kakao Co., Ltd., and an indication is provided to confirm that the recipient has received it, which is well received by users. However, because KakaoTalk is vulnerable to hacking, it has a weak security problem in delivering important documents and messages.

Korean Patent Registration No. 10-2042935 (Registered on 11/04/2019)

An object of the present invention is to solve the above problems, and to provide a notification notification server and notification notification method by which a sender can safely send a document to a recipient while maintaining security.

The above object of the present invention is a master user terminal that prepares and sends a notification notification document composed of a title, content and attached image, a plurality of family user terminals that receive the notification notification document, the master user terminal and the family user In a notification notification system comprising an authentication server for authenticating a terminal and a notification server for transmitting the notification document between the master user terminal and the family user terminal, the method for transmitting the notification notification document from the notification server In the following, the first step of receiving the unique information of the master user terminal, the family user list, and the notification notification document from the master user terminal, and configuring the unique information and the notification notification document of the master user terminal received in the first step A second step of transmitting the attached image to the authentication server, a third step of generating and receiving a random number after authenticating the master user terminal's unique information and the notification notice document from the authentication server, and the third step; After transmitting the received random number to the master user terminal, the random number, the master user terminal unique information, and the attached image (hereinafter referred to as '(random number, unique information, attached)') are hashed from the master user terminal. The fourth step of receiving the generated hash value, the fifth step of hashing the (random number, unique information, attached) hash value transmitted in the fourth step once more and transmitting it to the authentication server, and the authentication result from the authentication server This can be achieved by a method of transmitting a notification notification document from a notification notification server, characterized in that it includes a sixth step of receiving and storing the notification notification document in the master user terminal when authenticated.

Another object of the present invention is a master user terminal that prepares and sends a notification notice document composed of title, content and attached image, a plurality of family user terminals that receive the notification notice document, the master user terminal and the family In the notification notification system comprising an authentication server for authenticating a user terminal and a notification server for delivering the notification document between the master user terminal and the family user terminal, the notification server is Receives the unique information, the family user list, and the notification notification document, transmits the received unique information of the master user terminal and the attached image constituting the notification document to the authentication server, and the master user from the authentication server After authenticating the terminal's unique information and the notification notification document, a random number is generated and transmitted, and the received random number is transmitted to the master user terminal, and then the random number from the master user terminal, the master user terminal unique information, the Receive a hash value generated by hashing the attached image (hereinafter referred to as '(random number, unique information, attachment)'), and hash the received (random number, unique information, attachment) hash value once again It can be achieved by the notification notification server, characterized in that it transmits to the authentication server, receives the authentication result from the authentication server, and stores the notification notification document in the master user terminal when it is authenticated.

The master terminal may create a list of family users. First, each family user terminal receives personal information (step b1), stores the personal information of the family user terminal input in step b1 as a personal information database (step b2), and the master user terminal stores the personal information database Obtain personal information of a plurality of family user terminals by inquiring (step b3). The personal information obtained in step b3 is information that cannot be used because at least some items are blanked. The master user terminal makes a purchase request for at least some of the personal information obtained in step b3 (step b4) and receives the requested personal information from the personal information database to the master user terminal (step b5). The master terminal will be able to create a list of family users using the personal information transmitted in step b5 (step b6)

According to the notification notification server and notification notification method according to the present invention, by using the encrypted channel opening method, the packet is hashed even when the packet is stolen, and even if the hash is unpacked, a mixed hash (including a random number value) is obtained. After the valid time value has passed, the image notification information of electronic transmission cannot be hacked. In addition, by using the sequential channel number, it is possible to secure attached images between authenticated user terminals.

In addition, according to the notification notification server and notification notification method according to the present invention, it is possible to obtain consent when using personal information and to provide compensation to the individual who provided the corresponding personal information in accordance with the consent.

1 is a configuration diagram of a multi-security authentication system between a block chain-based user terminal and a notification notification server according to the present invention.
Figure 2 is a block flow diagram showing a registration process of the registration step according to the present invention.
3 is a flowchart illustrating a notification notification server access request and approval process according to the first embodiment of the present invention.
4 is a flowchart illustrating a notification notification server access request and approval process according to a second embodiment of the present invention.
5 is a flowchart illustrating a notification notification server access request and approval process according to a third embodiment of the present invention.
6 is a processing flow chart showing a process for preventing personal information hacking of the authentication server according to the present invention.
7 is a part of a program source code showing an algorithm for dividing into two records in units of bytes in the personal information hacking prevention process according to the present invention.
8 is a flowchart illustrating a process of authenticating a user terminal by using the third-party authentication method described so far in a complex manner.
9 is a flowchart illustrating a process of notifying a notification using a notification notification system according to an embodiment of the present invention.
10 is a flowchart illustrating an encrypted communication channel establishment flow executed in the present invention.
11 is a flowchart illustrating a process of authenticating when a master user terminal executes a notification notification registration menu by using the third-party authentication method described so far in a complex manner.
12 is a flowchart illustrating an encrypted communication channel establishment flow executed in the present invention to prevent packets from being hijacked between authenticated user terminals;
13 is a flowchart illustrating a procedure for an individual to input information and utilize it.
14 is a flowchart for explaining the flow of obtaining personal information from a personal terminal when there is a personal terminal in which personal information is first purchased, stored and stored;

The terms used herein are used only to describe specific embodiments, and are not intended to limit the present invention. The singular expression includes the plural expression unless the context clearly dictates otherwise. In the present specification, terms such as “comprise” or “have” are intended to designate that a feature, number, step, operation, component, part, or combination thereof exists in the specification, and includes one or more other features or It should be understood that the existence or addition of numbers, steps, operations, components, parts, or combinations thereof does not preclude the possibility of addition.

In addition, in this specification, when a component is referred to as “connected” or “connected” with another component, the component may be directly connected or directly connected to the other component, but in particular It should be understood that, unless there is a description to the contrary, it may be connected or connected through another element in the middle.

Also, in this specification, terms such as “first, second” may be used to describe various elements, but the elements should not be limited by the terms. The above terms are used only for the purpose of distinguishing one component from another.

Hereinafter, preferred embodiments, advantages and features of the present invention will be described in detail with reference to the accompanying drawings.

1 is a configuration diagram of a multi-security authentication system between a block chain-based user terminal and a notification notification server according to the present invention. 1, the multiple security authentication system between the block chain-based user terminal and the notification notification server is largely a notification notification server 20, user terminal 10, authentication server 30, block chain 40 and AI ( 50).

The notification notification server 20 of the present invention communicates with the user terminal 10 through a wired/wireless Internet network such as a voice communication network, a data communication network, and a Wi-Fi network, and downloads and stores the contents to be notified by the user terminal 10, and stores it It is a computer device that performs a function of transmitting to the destination user terminal 10 of the.

The user terminal 10 of the present invention communicates with the notification notification server 20 through a wired/wireless Internet network to create and send out the contents to be notified of the notification, and the sending user terminal and the sending user terminal notify the notification. It consists of a receiving-side user terminal downloaded from the server (20). The user terminal 10 may be a mobile terminal such as a smart phone, a tablet PC, a wearable device, or a PDA, and furthermore, a desktop computer, a notebook computer, and the like may correspond to this.

The user terminal 10 can notify or receive a notification by being approved for access to the notification notification server 20 through an authentication procedure by the authentication server 30 .

The block chain 40 refers to a network to which a distributed ledger is applied, and the AI 50 refers to an artificial intelligence computer. AI 50 processes the data flow between the user terminal 10 and the authentication server 30, the notification notification server 20 and the authentication server 30, and the user terminal 10 and the notification notification server 20 as big data and hacking recognition data for determining whether or not hacking is performed.

On the other hand, the user terminal 10 may be installed with an application program (hereinafter, referred to as 'algong app') that is driven in connection with the authentication server 30 or the notification server 20 . In this case, when registering/changing/adding the user terminal 10 or requesting approval of the notification server 20, the user terminal 10 runs the Algong app mounted thereon and then logs in by inputting a user ID/password. It is interlocked with the authentication server 30 or the notification server 20, whereby the registration/change/addition of the user terminal 10 and the process for allowing access to the notification server 20 can be performed. Here, a user ID (ID) and password (password) can be generated when installing the Algon app or when registering as a member.

In addition, when signing up for membership, user authentication usually verifies the identity of the counterparty between the parties to the transaction (Identity Validation). (identity claim) is to establish validity, and it is identified and authenticated for each user (personal identity).

In the present invention, the user authenticates through the authentication server 30 or a third-party authentication API in the authentication server 30 through the user terminal 10, and the first access is performed. Methods for user authentication include the user's mobile phone number, resident registration number, various identification numbers, and biometric information.

The authentication server 30 of the present invention registers the user terminal 10 and the notification notification server 20, and when there is a request for access to the notification notification server 20 from the user terminal 10, the corresponding user Authenticates the legitimacy of the terminal 10, and approves the access of the notification server by the user terminal 10 when the legitimacy is authenticated.

For reference, 'registration' referred to in the present invention includes generation, recording, and storage of authentication means (ie, registration hash value) required for approval of the notification notification server 20 of the user terminal 10 . Furthermore, the 'registration' of the present invention is to input and store information related to the user terminal 10 and the notification notification server 20 to be accessed by the user terminal 10 in the authentication server 30. may include more.

Hereinafter, specific functions of the authentication server 30 will be described. Here, the functions of the authentication server 30 include functions for approving a request for access to the notification server 20 of the user terminal 10 and preventing personal information hacking.

According to the first embodiment, the authentication server 30 includes a function of recording registration hash value related information in the block chain 40 .

'Registered hash value related information' is information about a first hash, information about a second hash, or information about a hash in which the first hash and the second hash are mixed (hereinafter, a first mixed hash) .

As an extended embodiment, the 'registered hash value related information' is information about a first hash, a second hash, or a third hash, or a hash in which at least two of the first hash, the second hash, and the third hash are mixed. (hereinafter, the second mixed hash) may be information.

Specifically, the 'registered hash value related information' is information on a combination method of first identification information to be described later of a first hash (hereinafter, first combination information), or a combination of second identification information to be described later in a second hash Information on a method (hereinafter, second combination information), information on a combination method of third identification information to be described later (hereinafter, third combination information) of the third hash, or first and second combination hashes ,2,3 Includes information on a combination method of identification information (hereinafter, mixed combination information).

The first hash consists of at least two pieces of identification information among a plurality of identification information unique to the notification notification server 20 (hereinafter, first identification information).

The first identification information includes physical code-related information of the notification notification server 20, operating system (OS)-related information, and app-related information, and may further include communication packet information and manufacturer information.

Accordingly, the first hash may be made of a combination of at least two pieces of information among physical code related information, operating system (OS) related information, app related information, communication packet information, and manufacturer information of the notification notification server 20. .

Specifically, the physical code related information of the first identification information includes a serial number (Serial Number) of the notification notification server 20, CPU information, model number, and the like.

The operating system (OS) related information of the first identification information includes version information and the OS type of the operating system (OS) mounted on the notification notification server 20 .

App-related information of the first identification information includes version information and checksum information of the application mounted on the notification notification server 20 in question. Here, the app mounted on the notification notification server 20 may be the aforementioned Algong app.

The communication packet information of the first identification information may include connection path information of the notification notification server 20 , and the manufacturer information may include information related to the manufacturer of the notification notification server 20 .

For reference, the information related to the registration hash value of the first embodiment is provided to the user terminal 10 that the user terminal 10 accesses and registers the authentication server 30, or the authentication server 30 generates and attempts to register. You may.

The second hash consists of at least two pieces of identification information among a plurality of pieces of identification information unique to the user terminal 10 (hereinafter, second identification information).

The second identification information includes physical code-related information of the user terminal 10, operating system (OS)-related information, and App-related information, and may further include communication packet information and manufacturer information.

Accordingly, the second hash may be formed of a combination of at least two pieces of information among physical code related information, operating system (OS) related information, App related information, communication packet information, and manufacturer information of the corresponding user terminal 10 .

Specifically, the physical code-related information of the second identification information includes a mobile communication number, serial number, model number, USIM information, MAC address information, smart phone unique number (IMEI), etc. of the corresponding user terminal 10 .

The operating system (OS) related information of the second identification information includes version information and an OS type of the operating system (OS) mounted on the corresponding user terminal 10 .

App-related information of the second identification information includes version information and checksum information of an application mounted on the corresponding user terminal 10 . Here, the app mounted on the user terminal 10 may be the aforementioned Algong app.

The communication packet information of the second identification information may include access path information of the user terminal 10 , and the manufacturer information may include information related to the manufacturer of the corresponding user terminal 10 .

The third hash may include at least two pieces of third identification information among a plurality of pieces of identification information unique to the user of the user terminal 10 (hereinafter, referred to as 'third identification information').

The third identification information may include a phone number, name, date of birth, access time, access IP and GPS information.

Furthermore, the third identification information may further include identification information made up of wired/wireless network equipment or other servers formed between the user terminal 10 and the notification server 20 .

According to an extended embodiment, the registered hash value related information may be information about a hash in which a random number is further mixed with a first hash, a second hash, a third hash, or a mixed hash. In this case, the random number value may be generated by the authentication server 30 or the notification server 20 and provided to the user terminal 10 .

According to the second embodiment, when the user terminal 10 attempts to register, the authentication server 30 may be configured to record the hash value itself in the block chain 40 as registration hash value related information.

That is, the first embodiment is not the hash value itself, but the 'combination method' of the first identification information and/or the second identification information for generating a specific hash value (that is, a registered hash value) in the block chain 40 Whereas, the second embodiment is different in that the actual value corresponding to the registered hash value is recorded in the block chain 40 .

The 'combination method' of the first embodiment will be described as follows. For example, it is assumed that the registered hash value is a value composed of OS information 'A' and app version information 'B' of the first identification information, and physical code 'C' and OS information 'D' of the second identification information.

In this case, the 'registered hash value', which is the object recorded in the block chain 40 of the second embodiment, is the actual value corresponding to each identification information item constituting the registered hash value, that is, 'A, B, C, D' Corresponds to the value generated by the combination.

On the other hand, 'registration hash value related information', which is an object recorded in the block chain 40 of the first embodiment, means item information of identification information required to generate this registered hash value. That is, 'registration hash value related information' refers not to the actual value of each identification information constituting the registered hash value, but to the identification information item that is a higher concept of this value. Accordingly, in the case of the above example, the OS information item as the first item of the first identification information, the app version information item as the second item, the physical code item as the first item and the OS information item as the second item of the second identification information are It corresponds to 'registered hash value related information'.

Accordingly, according to the second embodiment, the registered hash value is a value generated using the first hash or the second hash, or a value generated by combining the first hash and the second hash.

As an extended embodiment, the registered hash value is a value generated using the first hash, the second hash, or the third hash, or a value generated by combining at least two of the first hash, the second hash, and the third hash can

That is, the type of hash for generating the registered hash value and the number of combinations thereof may increase in proportion to the security strength.

As another extended embodiment, the registered hash value may be a value generated by further combining random number values. In this case, when the user terminal 10 wants to generate a registration hash value for a registration attempt or a request for approval of access to the notification notification server 20, the authentication server 30 generates it and sends it to the user terminal 10. can be configured to provide. As another embodiment, when the user terminal 10 wants to generate a registered hash value, the random number value may be configured so that the notification server 20 generates it and provides it to the user terminal 10 .

In the second embodiment, when the user terminal 10 generates and registers a registration hash value, the registered hash value is transmitted to the authentication server 30, and the authentication server 30 receives it and stores it in the block chain 40 Keep records. Meanwhile, the registered hash value may be configured so that the user terminal 10 that has generated it directly transmits the registered hash value to the authentication server 30 . Alternatively, the registered hash value may be provided to the authentication server 30 via the notification notification server 20 . That is, when the user terminal 10 transmits the registration hash value to the notification notification server, the notification notification server 20 may be configured to receive it and deliver it to the authentication server 30 .

The blockchain 40 of the present invention is a decentralized electronic ledger or database platform. A digital record or transaction on a thread is called a block, through which a public or controlled set of users can participate in the electronic ledger. , each time-stamped and creates an immutable record of the transaction associated with the previous one.

The authentication server 30 corresponds to a community connected by the block chain 40 in this way, that is, one participant in the user set.

The blockchain 40 has a structure for processing transactions through a distributed network-based timestamp server. The blockchain 40 is composed of a distributed data structure, in which numerous blocks with timestamp records are connected. Each block can be identified through a hash value and has a structure that refers to the previous block.

Specifically, the block chain 40 is largely composed of a block header consisting of a digital signature of a previous block header, a hash value, a timestamp of the current block, a hash value, etc. and a transaction. Accordingly, the first hash value recorded in the first block is stored as a 'previous block hash value' in the second block connected to the first block by a chain.

The registered hash value related information or registered hash value of the present invention is recorded in the block body of the block chain 40, and for an index value, a user code (eg, serial number) is added to the hash value to create the block chain 40 configurable. According to an embodiment, the user code may be placed before the corresponding hash value.

Accordingly, the date and time when the first generated and registered hash value (ie, the first registered hash value) is recorded in the block chain 40 corresponds to the timestamp of the first block of the block chain 40 .

According to the first embodiment, the authentication server 30 receives an authentication hash value generated by the user terminal 10 when receiving a request for access approval of the notification notification server 20, and is recorded in the block chain 40 and a function of determining the validity of the authentication hash value by using the registered hash value related information (hereinafter referred to as a 'legitimacy determination function'). And, when the authentication hash value is valid as a result of the determination, the authentication server further includes a function of approving access of the notification notification server 20 of the corresponding user terminal 10 .

According to the first embodiment, the authentication server 30 further includes a function of receiving at least two pieces of identification information among the above-described first identification information, second identification information, and third identification information and storing the received identification information in a management DB.

The validity determination function of the authentication server 30 will be described in detail as follows.

When the authentication server 30 receives a request for permission to access the notification notification server 20 , the authentication server 30 reads information about the combination method recorded in the block chain 40 . Here, the combination method information recorded in the block chain 40 is information about the 'identification information combination method' determined in the registration process by the user terminal 10, and the first combination information, the second combination information, and the third It may be any one of combination information or mixed combination information.

And, according to the combination method corresponding to the combination method information read in the block chain 40, the authentication server 30 is the first stored in the management DB in relation to the user terminal 10 and the notification notification server 20. A registered hash value is generated by combining the identification information, the second identification information, and/or the third identification information.

Then, the authentication server 30 compares this registered hash value with the authentication hash value transmitted by the user terminal 10, and determines the validity of the authentication hash value (that is, the validity of the user terminal 10). do.

As a result of comparing the registered hash value and the authentication hash value, if the authentication hash value matches the registered hash value, the authentication server 30 approves the notification notification server 20 access of the corresponding user terminal 10 .

After all, the authentication hash value of the present invention is an authentication means for determining the legitimacy of the user terminal 10 requesting access approval of the notification notification server 20 . If the user terminal 10 is a legitimate user terminal, the user terminal 10 generates a hash value identical to the registered hash value registered in the authentication server 30 (that is, an authentication hash value) to the authentication server 30 . will send

If the user terminal 10 is an invalid user terminal, it is impossible to generate a hash value identical to the registered hash value (that is, an authentication hash value), and in the end, it is impossible to obtain access approval from the notification notification server 20 do.

Accordingly, the authentication hash value consists of a value generated using the same identification information as the registration hash value. That is, the authentication hash value may be a value generated using the first hash, the second hash, or the second hash, or a value generated by combining at least two of the first hash, the second hash, and the third hash.

Like the registration hash value, the first hash of the authentication hash value is made of a combination of at least two first identification information among a plurality of first identification information unique to the notification notification server 20, and the second hash is the user terminal ( 10) is made of a combination of at least two pieces of second identification information among a plurality of second identification information unique to It consists of a combination of 3 identification information. In the authentication hash value, the detailed configuration of the first, second, and third identification information is the same as described in the registered hash value.

Meanwhile, the authentication hash value may be configured so that the user terminal 10 that has generated it directly transmits the authentication hash value to the authentication server 30 . Alternatively, the authentication hash value may be provided to the authentication server 30 via the notification notification server 20 . That is, when the user terminal 10 transmits the authentication hash value to the notification notification server, the notification notification server 20 may be configured to receive it and deliver it to the authentication server 30 .

According to the second embodiment, the authentication server 30 receives an authentication hash value generated by the user terminal 10 when receiving a request for access approval of the notification notification server 20 and registers recorded in the block chain 40 . The hash value is compared, and when the authentication hash value matches the registered hash value recorded in the block chain 40 as a result of the comparison, it may be configured to approve the notification notification server 20 access of the corresponding user terminal 10 .

Through the above-described first or second embodiment, when the user terminal 10 approves the request for access to the notification server 20 , the authentication server 30 grants access to the user terminal 10 . The message is transmitted, and an access request is transmitted to the notification notification server 20 .

Then, an encrypted communication channel is established between the notification notification server 20 and the user terminal 10 to enable mutual communication.

If, as a result of comparing the authentication hash value and the registration hash value, the authentication hash value does not match the registration hash value, the authentication server 30 delivers an access disapproval message to the corresponding user terminal 10 and ends communication.

The authentication server 30 of the present invention may be configured to further perform the following functions for security when transmitting and receiving information with the user terminal 10, and for security of the Algon app (ie, prevention of hacking and forgery).

The authentication server 30 issues a new session key when the user terminal 10 logs in to the Algon app, or periodically issues a new session key to the notification notification server 20 that is an access target of the user terminal 10 . Then, when the user terminal 10 attempts to access the notification server 20, using the most recently issued session key, the user terminal 10 and the authentication server 30 to perform communication for transmitting and receiving information. can Here, the information transmitted and received between the user terminal 10 and the authentication server 30 may be, for example, first, second, and third identification information, a registered hash value, and authentication hash value information.

On the other hand, when configured to generate a registered hash value and an authentication hash value by further combining random number values, the authentication server 30 receives the integrity verification key of the Algon app from the user terminal 10, and uses the integrity verification key It may be configured to check whether the program of the Algong app has been tampered with. The authentication server 30 provides a random number value to the user terminal 10 when the Algong app is not tampered with as a result of the inspection. Such an integrity verification key may be a key value generated using the version information of the Algon app or checksum information of the source code.

The multi-security authentication system between the block chain-based mobile terminal and the notification notification server of the present invention described above has been described with one user terminal 10 as an example, but a plurality of user terminals are registered and the plurality of user terminals receive the same notification It goes without saying that the notification server 20 may be configured to request access approval and download the notification notification.

For example, if the first user terminal registers and stores related information in the block chain 40 for access to the notification server, the second user terminal, the third user terminal,... Accordingly, after registering the user terminal-related information in the block chain 40 , the notification notification server access request and access approval can be performed through the authentication process of the authentication server 30 .

In this case, the authentication server 30 is configured to register the user terminal 10 by dividing it into a master and a family according to the access right to the notification notification server 20 of the user terminal 10. can

And, the authentication server 30 may be configured to request approval of the user terminal divided by the master when attempting to register the user terminal divided into the family, or to authorize the registration of the user terminal divided into the family as a condition of this approval. . For example, when a notification service is provided for apartment residents, the apartment manager who sends the notification registers as a master user terminal and the rest of the residents as user terminals divided into families. The master user terminal is given the authority to create a notification notice, and is given the right to transmit and modify the attachments included in the created notification notice to the notification notification server, and can approve the subscription of the family user terminal.

According to an embodiment, the authentication server 30 can be registered as a master and a family according to the access right to the notification server, and in this case, the user terminals divided into families (eg, When registering the second, third,..N user terminals), it is necessary to obtain the approval of the user terminal (eg, the first user terminal) divided into the master. there is. In other words, if the apartment manager is registered as a master user terminal, if the apartment resident requests registration as a family user terminal It sends a number, etc. and asks for approval.

Meanwhile, when changing the registered user terminal 10 , the registered user terminal 10 may request the authentication server 30 to change the user terminal. In this case, when the registered user terminal 10 generates an authentication hash value and transmits it to the authentication server 30 , the authentication server 30 receiving it compares it with the registered hash value recorded in the block chain 40 . As a result of the comparison, when the authentication hash value matches the registered hash value, it may be configured to approve the task of changing the registered user terminal 10 to another user terminal. Here, the change of the registered user terminal may include changing the user terminal corresponding to the above-described master.

The authentication server 30 of the present invention receives the user terminal 10 and information related to the notification server to be accessed by the user terminal 10 and stores it in a DB for self-management, such information is the above-described registration hash It corresponds to the property of the value. Therefore, when such personal information is hacked, a notification notification server access control hacking (ie, erroneous approval of an unauthorized user terminal) may occur, and a method to prevent this should be established.

Hereinafter, a function for preventing personal information hacking among functions of the authentication server 30 will be described with reference to FIG. 6 .

The authentication server 30 provides a plurality of identification information unique to the notification notification server 20 (ie, first identification information) and a plurality of identification information unique to the user terminal 10 (ie, second identification information). Includes storage management functions. Meanwhile, a plurality of pieces of identification information unique to the user (ie, third identification information) may be stored and managed.

Specifically, the authentication server 30 is configured to receive the first identification information and the second identification information from the user terminal 10 or the notification server to configure a personal information record (S21). On the other hand, it goes without saying that the authentication server 30 may configure a personal information record by receiving the third identification information. Accordingly, the 'personal information record' referred to in the present invention may mean a record of the aforementioned identification information (ie, first, second, and third identification information) or a record including the same.

Here, the personal information record (Record) refers to a collection of data stored in relation to the data field. In addition, a 'data field' is an item for storing each data, and the aggregate of data composed of these fields is called a data table, and several data tables are gathered to constitute one database (DB). The number of fields in each data table may be different for each table.

When the configuration of the personal information record is completed, the authentication server 30 encrypts the personal information record. According to a preferred embodiment, the authentication server 30 may be configured to encrypt the personal information record according to the AES algorithm (Advanced Encryption Standard Algorithm) (S23).

For reference, the AES algorithm is an encryption algorithm designed to secure the vulnerability of the Data Encryption Standard (DES), which was used as a national standard, and is a symmetric encryption algorithm used as an American standard. Unlike the DES encryption algorithm, the AES algorithm does not have a Feistel cipher, and the cipher block size is 128 bits. In addition, it is possible to expand the block size to 192-bit and 256-bit as well as 128-bit without changing the algorithm.

The authentication server 30 is configured to divide the personal information record into a plurality of groups (S25). For example, the authentication server 30 may classify the personal information record in a two- or three-division method, and in this case, it may be divided according to a Byte unit or Bit unit shift algorithm.

According to a preferred embodiment, the authentication server 30 divides the personal information records corresponding to the odd-numbered terms among the personal information records into a first group, and divides the personal information records corresponding to the even-numbered terms among the personal information records into the second group. can be configured to For reference, FIG. 7 shows a code for dividing personal information records into three groups as an algorithm for dividing records in units of bytes into three groups.

When the division of the personal information record is completed, the authentication server 30 stores the personal information record belonging to the first group in the first server, and the personal information record belonging to the second group is a second server that is separated from the first server , and the personal information records belonging to the N-th group are stored in the N-th server that is distinguished from the first, second, and third servers (S27). Accordingly, personal information records belonging to different groups are distributed and stored in different servers. Therefore, even if some servers are hacked, decryption is impossible, and since it is impossible to grasp personal information, the security of the notification notification server 20 can be greatly improved.

The authentication server 30 may be configured to record and back up the aforementioned personal information records on a Write Once Read Many (WORM) disk in preparation for the authentication server inoperability and restoration due to hacking (S29). In this case, preferably, the personal information record belonging to the first group is recorded on a first WORM disk, and the personal information record belonging to the second group is recorded on a second WORM disk which is separate from the first WORM disk, The personal information record belonging to the N group may be configured to be recorded on an Nth WORM disk that is distinct from the first and second WORM disks.

A WORM disk is a large-capacity standard network storage based on a hard disk, and once stored data cannot be deleted or forged even with administrator privileges. A WORM (Write Once Read Many) disc can write data only once, but the data written to it can be read many times.

Hereinafter, a multi-security authentication method between the blockchain-based mobile user terminal and the notification server of the present invention will be described. For reference, the detailed content and configuration of each subject (eg, user terminal, notification server, authentication server, etc.) performing each step of the multi-security authentication method to be described later is the same as described above, so a detailed description thereof will be omitted. do it with

The multi-security authentication method between the block chain-based mobile user terminal and the notification server according to the present invention largely includes generating and registering a registration hash value, and requesting/approving access to the notification server.

(1) Registration step

The registration step is a procedure for recording and storing information related to authenticity authentication of the user terminal 10 in the block chain 40 .

2 is a block flow diagram illustrating a registration process of a registration step according to the present invention.

According to the first embodiment, first, the user terminal 10 runs the Algong app or accesses the authentication server 30 to generate a registered hash value (S10). Alternatively, when the user terminal 10 requests registration, the authentication server 30 may generate a registration hash value.

When the generation of the registered hash value is completed, the authentication server 30 records the registered hash value related information in the block chain 40, thereby completing the registration process of the registered hash value.

Here, the 'registered hash value related information' is information about a first hash, a second hash, or a third hash, or information about a hash in which at least two of the first hash, the second hash, and the third hash are mixed can be

Specifically, the 'registered hash value related information' is information on a combination method of first identification information to be described later of a first hash (hereinafter, first combination information) or a combination method of second identification information to be described later of a second hash (hereinafter, second combination information), or information on a combination method (hereinafter, third combination information) of the third identification information to be described later of the third hash, or the first of the first and second mixed hashes; 2,3 Includes information on a combination method of identification information (hereinafter, mixed combination information).

On the other hand, the step of recording the registered hash value related information in the block chain 40 includes the step of adding a user code that functions as an index value to the registered hash value (S11), and a block of the registered hash value related information to which the user code is added. It may further include a step (S12) of writing to the body of the chain (40).

When steps S10 to S12 are completed, information related to the registered hash value of the user terminal 10 is stored in the block chain 40 and used in the legitimacy authentication process of the user terminal 10 .

According to the second embodiment, the user terminal 10 may generate a registered hash value using the above-described first hash, second hash or third hash, or a combination thereof to generate a registered hash value, Furthermore, a registered hash value may be generated by further combining random number values. If the random number value is further combined when generating the registration hash value, the random number value may be provided by the authentication server 30 or the notification notification server 20 .

At this time, the user terminal 10 may generate a registered hash value by driving the mounted Algong app, and may transmit the generated registered hash value to the authentication server 30 or the notification server 20 .

The registered hash value may be directly transmitted by the user terminal 10 to the authentication server 30 , or may be provided to the authentication server 30 via the notification notification server 20 . That is, when the user terminal 10 transmits the registration hash value to the notification notification server, the notification notification server 20 may be configured to receive it and deliver it to the authentication server 30 .

The authentication server 30 records the registered hash value received from the user terminal 10 or the notification notification server 20 in the block chain 40, thereby completing the registration process of the registered hash value.

On the other hand, the step of recording the registered hash value in the block chain includes the steps of adding a user code functioning as an index value to the registered hash value, and recording the registered hash value to which the user code is added in the body of the block chain 40 may further include.

When the above-described process is completed, the registered hash value of the user terminal 10 is stored in the block chain 40 and used in the legitimacy authentication process of the user terminal 10 .

(2) Notification notification server access request and approval steps

In the notification notification server access request and approval step, the user terminal 10 requests the authentication server 30 to approve the access of the notification notification server 20, and the authentication server 30 responds to this request to the user terminal ( After verifying the legitimacy of 10), it is a step of authorizing access to the notification notification server 20 . Such notification notification server access request and approval steps may be implemented in various embodiments.

(2-1) first embodiment

3 is a flowchart illustrating a notification notification server access request and approval process according to the first embodiment of the present invention.

Referring to FIG. 3 , the user terminal 10 runs the Algong app to log in to the notification server 20 . At this time, if the log-in to the notification notification server 20 is not normally performed, the number of failures is counted and the first authentication application step is performed and the authentication process is performed again from the beginning.

When log-in to the notification notification server 20 is normally performed, the notification notification server 20 approves the login of the user terminal 10 . And, when the login is approved, the user terminal 10 information from the user terminal 10 to the notification server 20 and the integrity verification key of the Algon app installed in the user terminal 10 (eg, version information, checksum) etc.) is transmitted (S101).

The notification server 20 transmits the user terminal information, the integrity verification key, and the notification server information received from the user terminal 10 to the authentication server 30 (S103).

The authentication server 30 checks the integrity verification key received from the notification notification server 20, and confirms that there is no abnormality in the Algong app of the corresponding user terminal 10 (S105). Here, checking whether there is an abnormality in the Algon app may mean, for example, checking whether the Algong app is forged/falsified by hacking or the like. And, the integrity verification key check may be performed in a manner of comparing the integrity verification key of the user terminal 10 registered in the management terminal DB of the authentication server 30 .

As a result of the integrity verification key check, if there is an error in the corresponding Algong app, the authentication server 30 transmits an authentication failure message to the notification notification server. And, the notification server 20 transmits the received authentication failure message to the user terminal (10).

As a result of the integrity verification key check, if there is no abnormality in the corresponding Algon App, the authentication server 30 notifies that there is no abnormality in the Algon App of the corresponding user terminal 10 (S107). Then, the notification server 20 generates a random number value through the random number generator and transmits it to the user terminal 10 (S109).

When the random number value is received from the notification notification server 20, the user terminal 10 generates an authentication hash value using the random number value, and then transmits it to the notification notification server 20 (S111). Here, the authentication hash value is an authentication means for confirming the legitimacy of the user terminal 10, and is a value generated using the first hash, the second hash, or the third hash as described above, or the first hash; A value generated by combining at least two of the second hash and the third hash. Furthermore, the authentication hash value may be a value generated by further combining random number values.

The notification notification server 20 transmits the authentication hash value received from the user terminal 10, the user terminal information, and the notification notification server information to the authentication server 30 (S113).

When the authentication hash value is received from the notification notification server 20, the authentication server 30 records the identification information registered and stored in the management DB, the random number generated by the notification notification server 20, and the block chain 40. A registered hash value is generated by using the registered hash value related information (S117).

Specifically, when the authentication server 30 receives a request for access approval of the notification notification server 20 (that is, when receiving an authentication hash value from the notification notification server 20), the registration hash recorded in the block chain 40 Value-related information, that is, information on a combination method is read (S115). Here, the combination method information recorded in the block chain 40 is the same as described in FIG. 1 .

And, according to the combination method corresponding to the combination method information read in the block chain 40, the authentication server 30 is the first stored in the management DB in relation to the user terminal 10 and the notification notification server 20. A registered hash value is generated by combining the identification information, the second identification information, and/or the third identification information. If additional random number values are used, the registered hash value is generated by further combining the random number values.

Then, the authentication server 30 compares the authentication hash value generated by the user terminal 10 with the registered hash value to determine the validity of the authentication hash value (that is, the validity of the user terminal) (S119).

As a result of the comparison, if the authentication hash value does not match the registered hash value, the authentication server 30 transmits an authentication failure message to the notification notification server 20, and this authentication failure message is transmitted from the notification notification server 20. It is transmitted back to the user terminal 10 to notify that authentication has failed.

As a result of the comparison, if the authentication hash value matches the registered hash value, the authentication server 30 authenticates the user terminal 10 logged into the notification notification server 20 as a legitimate user terminal 10, and sends an authentication success message It is transmitted to the notification server, and the authentication result and terminal information and notification server information of the authenticated user terminal 10 are registered (S121).

Then, when the authentication server 30 transmits the authentication success message to the notification notification server 20, the notification notification server 20 notifies the authentication success by delivering it to the user terminal 10 (S123).

Then, an encrypted communication channel is established between the notification notification server 20 and the user terminal 10, so that the user terminal 10 can connect to the notification notification server 20 (S125).

(2-2) second embodiment

4 is a flowchart illustrating a notification notification server access request and approval process according to a second embodiment of the present invention.

Referring to FIG. 4 , the user terminal 10 runs the Algong app to log in to the authentication server 30 . At this time, if the login is not performed normally in the authentication server 30, the number of failures is counted, and the authentication process proceeds again from the beginning by going to the initial authentication application stage.

When the login is normally performed in the authentication server 30 , the authentication server 30 approves the login of the user terminal 10 . And, when the login is approved, the user terminal 10 information from the user terminal 10 to the authentication server 30 and the integrity verification key (eg, version information, checksum) of the Algon app installed in the user terminal 10, etc. ) is transmitted (S201).

The authentication server 30 checks the integrity verification key received from the user terminal 10, and confirms that there is no abnormality in the Algong app of the user terminal 10 (S203). Here, checking whether there is an abnormality in the Algon app may mean, for example, checking whether the Algong app is forged/falsified by hacking or the like. In addition, the integrity verification key check may be performed in a manner of comparing the integrity verification key of the user terminal 10 registered in the management terminal DB of the authentication server 30 with the Arkong app integrity verification key.

As a result of the integrity verification key check, if there is an error in the corresponding Algong app, the authentication server 30 transmits an authentication failure message to the user terminal 10 .

As a result of the integrity verification key check, if there is no abnormality in the corresponding Algong app, the authentication server 30 notifies the user terminal 10 that there is no abnormality (S205). Then, the authentication server 30 generates a random number value through the random number generator and transmits it to the user terminal 10 (S207).

When the random number value is received from the authentication server 30, the user terminal 10 generates an authentication hash value using the random number value, and then sends the authentication hash value and the terminal information of the user terminal 10 to the notification server ( 20) (S209).

The notification notification server 20 transmits the authentication hash value received from the user terminal 10, the user terminal information, and the notification notification server information to the authentication server 30 (S211).

When the authentication hash value is received from the notification notification server 20, the authentication server 30 records the identification information registered and stored in the management DB, the random number generated by the notification notification server 20, and the block chain 40. A registered hash value is generated by using the registered hash value related information (S215).

Specifically, when the authentication server 30 receives a request for access approval of the notification notification server 20 (that is, when receiving an authentication hash value from the notification notification server 20), the registration hash recorded in the block chain 40 Value-related information, that is, information on a combination method is read (S213). Here, the combination method information recorded in the block chain 40 is the same as described in FIG. 1 .

And, according to the combination method corresponding to the combination method information read in the block chain 40, the authentication server 30 is the first stored in the management DB in relation to the user terminal 10 and the notification notification server 20. A registered hash value is generated by combining the identification information, the second identification information, and/or the third identification information. If additional random number values are used, the registered hash value is generated by further combining the random number values.

Then, the authentication server 30 compares the authentication hash value generated by the user terminal 10 with the registered hash value to determine the validity of the authentication hash value (that is, the validity of the user terminal) (S217).

As a result of the comparison, if the authentication hash value does not match the registered hash value, the authentication server 30 transmits an authentication failure message to the user terminal 10 to notify that authentication has failed.

As a result of the comparison, if the authentication hash value matches the registered hash value, the authentication server 30 authenticates the corresponding user terminal 10 as a legitimate user terminal, and transmits an authentication success message to the user terminal 10 to perform authentication. Notifies of success, and registers the authentication result, terminal information of the authenticated user terminal 10, and notification notification server information (S219).

Then, an encrypted communication channel is established between the notification notification server 20 and the user terminal 10, so that the user terminal 10 can connect to the notification notification server 20 (S221).

(2-3) Third embodiment

5 is a flowchart illustrating a notification notification server access request and approval process according to a third embodiment of the present invention.

Referring to FIG. 5 , the user terminal 10 runs the Algong app to log in to the application verification server 50 . At this time, if the login to the application verification server 50 is not normally performed, the number of failures is counted and the first authentication application step is performed and the authentication process is performed again from the beginning.

When the application verification server 50 is normally logged in, the application verification server 50 approves the login of the user terminal 10 . And, when the login is approved, the user terminal 10 to the application verification server 50 transmits the user terminal information and the integrity verification key (eg, version information, checksum, etc.) of the Algon app installed in the user terminal ( S301).

The application verification server 50 checks the integrity verification key received from the user terminal 10, and confirms that there is no abnormality in the Algong app of the corresponding user terminal 10 (S303).

As a result of the integrity verification key check, if there is an abnormality in the corresponding Algong app, the application verification server 50 transmits an authentication failure message to the user terminal 10 .

As a result of the integrity verification key check, if there is no abnormality in the corresponding Algong app, the application verification server 50 notifies the user terminal 10 that there is no abnormality (S305). Then, the application verification server 50 generates a random number value, and then uses the random number value to generate an authentication hash value (S309).

On the other hand, when the application verification server 50 is notified that there is no abnormality in the corresponding Algong app, the user terminal 10 transmits the terminal information of the user terminal 10 to the notification notification server 20 (S307). Then, the notification server 20 transmits the user terminal information and the notification server information received from the user terminal 10 to the authentication server 30 (S311).

The application verification server 50 transmits the terminal information and the authentication hash value of the user terminal 10 to the authentication server 30 (S313). Then, the authentication server 30 uses the registered and stored identification information in the management DB, the random number generated by the application verification server 50, and the registered hash value related information recorded in the block chain 40 to obtain the registered hash value. generated (S317).

Specifically, when the authentication server 30 receives a request for access approval of the notification notification server 20 (that is, when receiving an authentication hash value from the application verification server 50), the registration hash recorded in the block chain 40 Value-related information, that is, information on a combination method is read (S315). Here, the combination method information recorded in the block chain 40 is the same as described in FIG. 1 .

And, according to the combination method corresponding to the combination method information read in the block chain 40, the authentication server 30 stores the first identification information, the second identification information and/or the third identification information stored in the management DB. Combined to create a registered hash value. If additional random number values are used, the registered hash value is generated by further combining the random number values.

And, according to the combination method corresponding to the combination method information read in the block chain 40, the authentication server 30 is the first stored in the management DB in relation to the user terminal 10 and the notification notification server 20. A registered hash value is generated by combining the identification information, the second identification information, and/or the third identification information. If additional random number values are used, the registered hash value is generated by further combining the random number values.

Then, the authentication server 30 compares the authentication hash value with the registered hash value to determine the validity of the authentication hash value (that is, the validity of the user terminal) (S319).

As a result of the comparison, if the authentication hash value does not match the registered hash value, the authentication server 30 transmits an authentication failure message to the user terminal 10 to notify that authentication has failed.

As a result of the comparison, if the authentication hash value matches the registered hash value, the authentication server 30 authenticates the corresponding user terminal 10 as a legitimate user terminal, and transmits an authentication success message to the user terminal 10 to perform authentication. It notifies that it has succeeded, and registers the authentication result, terminal information of the authenticated user terminal 10, and notification notification server information (S321).

Then, an encrypted communication channel is established between the notification notification server 20 and the user terminal 10, so that the user terminal 10 can access the notification notification server 20 (S323).

8 is a flowchart illustrating a process of authenticating a user terminal by using the third-party authentication method described so far in a complex manner. After the user terminal 10 logs in, when the user terminal 10 enters the menu to be authenticated in the Algong app of the user terminal 10, the unique information of the user terminal is transmitted to the notification server 20 and notification The server 20 transmits the unique information of the user terminal to the authentication server 30 , and the authentication server 30 compares it with the terminal-specific information stored in the authentication DB (Auth DB).

If the comparison result is false, the date and time and authentication failure details are stored in the log DB. If true, the random number value generated by the authentication server 30 is transmitted to the user terminal 10 through the notification notification server 20 .

The user terminal 10 receiving the random number value creates a first mixed hash value by mixing the unique information of the user terminal and the random number value, and transmits it to the notification notification server 20 .

The notification notification server 20 that has received the first mixed hash value applies the hash function once more to create an authentication hash value and transmits it to the authentication server 30 .

The notification notification server 20 compares the received authentication hash value with the registered hash value generated in the same way by using the authentication DB (Auth DB) and the hash DB (Hash DB) from the authentication server 30, and the same random number value. do.

If it is false, the date and time and authentication failure details are stored in the log DB. If true, the authentication server 30 transmits an authentication success message (eg, Auth OK) to the notification notification server 20 . The user terminal 10 for which authentication has been completed permits the notification notification server 20 to execute the corresponding menu to the user terminal 10 . The authentication information of the user terminal 10 is compared in the authentication DB (Auth DB), and mixed hash values are compared in the hash DB (Hash DB). If authentication fails, it plays a role of filtering out whether the log DB is hacked or not.

9 is a flowchart illustrating a process of notifying a notification using the notification notification system according to an embodiment of the present invention. In the same situation as in the above-described example, it is assumed that the smart phone terminal of the apartment management owner is set as the master user terminal 10a and the general owner of the apartment is the family user terminal 10b.

The master user terminal 10a prepares a notice notice document composed of 'title, content, and attached image' for the content to be notified, and stores it in the master user terminal (S501). The title does not exceed one line and is in the form of a short paragraph to briefly inform the main content to be announced. The content consists of sentences that explain the content of the notification in text format in more detail than the title. The attached image refers to an image file of a document that notifies the entire notification content. For example, prior to the present invention, in order to inform apartment residents of the contents of 'opening of an apartment agricultural market every Tuesday and Thursday', a related official document with the seal of the management director stamped on the bulletin board located near the elevator or entrance is posted. Attached image as used in the present invention can be viewed as an image file obtained by photographing the document printed after writing such notice as an electronic document (PDF, Hangul, Word, or picture file). In other words, in order to accurately check the announced notification, the title and content alone cannot be grasped, and the attached image must be checked.

The prepared notification notification document is transmitted to the notification notification server 20 (S503). At this time, a list of families to receive the notification notification document is also transmitted. In the family list transmitted in step S503, a list of each family user terminal that will actually receive the notification document may be transmitted, or a group name stored in advance may be transmitted instead of transmitting each family user terminal list. In the step of registering the user terminal or in the step of designating a master user terminal and a plurality of family user terminals for performing a notification notification as a separate procedure, since these lists are stored in advance as a group in the notification server, in step S503, the corresponding family is specified It is only necessary to transmit an identifier for For example, the manager of apartment A (master user terminal) is selected by voting from among all the residents, or the 'All residents of apartment A' group, which has all residents (family user terminals) as the recipient list, or the manager of apartment A (master user terminal) is selected by voting from among all residents It is also possible to designate and operate the 'Apartment management executives' group, which has only the registered management executives (family user terminals) as the receiving list. In this way, a desired number of groups can be created by the master user terminal. In this example, in step S503, there is no need to designate the entire family user terminal list in order to specify the recipient, but the 'Apartment All Residents' group may be designated and transmitted.

Notification server 20 stores the sent notification notification document (S505), transmits the title and contents in a push manner to the family list target family user terminal 10b (S509), and transmits the transmission history to the block chain 40 transact on In step S509, the attached image is not transmitted to the family user terminal 10b. When the family user terminal 10b requests a notification notification to the notification notification server 20 in order to check the title and contents received in the push method and check the entire detailed contents (S511), the notification notification server 20 is stored and A time stamp is created on the attached image (S513), the attached image with the time stamp is downloaded to the family user terminal 10b (S515), and the download record is transacted on the block chain 40 (S517). When the family user terminal 10b reads the time-stamped attached image (S519), the reading record is also transacted with the block chain network (S521).

In the flow of FIG. 9 , the notification notification server 20, the master user terminal 10a, and the notification notification server 20 and the family user terminal 10b use encrypted session key communication. 10 is a flowchart illustrating an encrypted communication channel establishment flow executed in the present invention. After third-party authentication through the authentication server 30 is completed for the user terminal and notification notification server according to FIGS. 3 to 5, the communication channel is established in step S125 in FIG. 3, step S221 in FIG. 4, and step S323 in FIG. will be opened FIG. 10 describes the flow of establishing such an encrypted communication channel.

The user terminal 10 requests to open a communication channel (①). At this time, SD (Session ID) and PID (Peer ID) are transmitted together. The notification notification server 20 transmits the SD and PID to the authentication server 30 . The authentication server 30 transmits a random number value to the notification notification server 20 when the received SD and PID match values in the server DB. The notification server 20 transmits the random number value received from the authentication server 30 to the user terminal 10 (②).

After combining the received random number value with user terminal information, it is hashed and transmitted to the notification notification server 20 (③). The hash value transmitted from the user terminal 10 is hashed once more with the unique value of the notification notification server, and the final hash value is transmitted to the authentication server 30 (④).

The authentication server 30 checks whether the received final hash value matches the hashed authentication hash value by combining it with a random number using the user terminal information and combination information previously stored in the block chain 40 (⑤) . Communication channel opening is allowed when authentication is successful, and communication channel opening is not allowed when authentication fails (⑥).

Even if this authentication method is applied, some security problems may still occur. One problem is that verification of the authenticity of the attached image included in the notification notice generated by the master user terminal 10 is not sufficient. In order to solve this problem, in the present invention, as shown in FIG. 11 , when the master user terminal 10 executes the notification notification registration menu, it is implemented as an additional authentication procedure as shown in FIG. 8 .

11 is a flowchart illustrating a process of authenticating when the master user terminal executes a notification notification registration menu by using the third-party authentication method described so far in a complex manner. After the master user terminal 10 logs in, when the notification notification registration menu is executed in the Algong app of the master user terminal 10, the master user terminal's unique information and attached image are transmitted to the notification notification server 20 and the notification notification The server 20 transmits the user terminal's unique information and the attached image to the authentication server 30, and the authentication server 30 first stores the master user terminal's unique information in the authentication DB (Auth DB). compare with If the comparison result is false, the date and time and authentication failure details are stored in the log DB, and the master user terminal 10 is notified.

If true, latitude, longitude, GPS location information, camera information of the image, size, resolution, image name, etc… from the attached image. Classify the data such as . and compare it with the master user terminal 10 information stored in the authentication DB (Auth DB) using the classified data. Therefore, in the case of the master user terminal 10, the latitude, longitude, and GPS location information where the corresponding master user terminal 10 generally resides or stays must be identified in advance and stored, and camera information provided in the master user terminal 10 is also It should be identified in advance and saved.

If the attached image comparison result is false, the date and time and authentication failure details are stored in the log DB and notified to the master user terminal 10. If true, the random number value generated by the authentication server 30 is sent to the notification notification server ( 20) through the user terminal 10.

The user terminal 10 receiving the random number value creates a first mixed hash value by mixing the unique information of the user terminal and the random number value, and transmits it to the notification notification server 20 . The notification notification server 20 that has received the first mixed hash value applies the hash function once more to create an authentication hash value and transmits it to the authentication server 30 . The notification notification server 20 compares the received authentication hash value with the registered hash value generated in the same way by using the authentication DB (Auth DB) and the hash DB (Hash DB) from the authentication server 30, and the same random number value. do.

If it is false, the date and time and authentication failure details are stored in the log DB. If true, the authentication server 30 transmits an authentication success message (eg, Auth OK) to the notification notification server 20 . The user terminal 10 for which authentication has been completed permits the notification notification server 20 to execute the corresponding menu to the user terminal 10 . The authentication information of the user terminal 10 is compared in the authentication DB (Auth DB), and mixed hash values are compared in the hash DB (Hash DB). If authentication fails, it plays a role of filtering out whether the log DB is hacked or not.

The correlation between the processing flows shown in FIG. 11 and FIG. 9 will be described. The step shown in FIG. 11 may be understood as a procedure performed before step S5505 in FIG. 9 . That is, in FIG. 9, after writing the notification notification content consisting of 'title, content and attached image' written in the master user terminal 10a in step S501 in FIG. 9, the notification notification content is transmitted to the notification notification server 20 in step S503. However, when FIG. 11 is applied, in step S503 in FIG. 9, only the title, content, and family list are transmitted to the notification notification server 20, and the attached image and the unique information transmitted from the master user terminal 10a are sent to the authentication server. After transmission (this information may be transmitted to the authentication server after passing through the notification notification server), authentication is performed according to the unique information and the attached image according to FIG. 11, and then applied from step S505 in FIG. Specifically, in step S503, the notification notification content, the family list, and the master user terminal-specific information should be modified to be transmitted from the master user terminal 10a to the notification notification server 20.

Even if authentication is performed in the direction shown in FIG. 11, the family user terminal 10b that is not authenticated as the family user terminal 10b for the notification document from the notification notification server 20 accesses the attached document that is not designated as the reception list. Reading problems may arise. This is because the family user terminal 10b authenticated by the authentication server 30 has a communication channel with the notification server 20, so the packet between the family user terminal and the notification server 20 is not included as a recipient. This is because it is relatively easy to deodorize. For example, it is assumed that one of the family user terminals belonging to the group 'All residents in apartment A' but not in the group 'Apartment management executives' is the first family user terminal. In the case of the first family user terminal, since there is no problem in authentication by the authentication server, a communication channel can be formed with the notification notification server 20 . However, in the state in which the communication channel is established in this way, to view the attached image sent by the head of apartment A (master user terminal) to the family user terminal (referred to as the 'family second user terminal') belonging to the 'A apartment management executive' group For this purpose, a problem may occur in which an unauthorized document may be viewed by hijacking the packet between the notification notification server 20 and the second family user terminal.

In order to solve this problem, the present invention proposes a method of sequentially generating and using a channel number whenever an encrypted communication channel is established. Here, sequentially generating channel numbers means generating channel numbers that sequentially increase or decrease according to a certain rule. For example, '1, 2, 3, 4, 5, ...' or '1, 3, 5, 7, 9, ...' or '1000, 999, 998, 997, 996, ... ", etc., for example.

12 is a flowchart illustrating an encrypted communication channel establishment flow executed in the present invention in order to prevent packets from being hijacked between authenticated user terminals. After third-party authentication through the authentication server 30 is completed for the user terminal and notification notification server according to FIGS. 3 to 5, the communication channel is established in step S125 in FIG. 3, step S221 in FIG. 4, and step S323 in FIG. will be opened FIG. 10 describes the flow of establishing such an encrypted communication channel.

The user terminal 10 requests to open a communication channel (①). At this time, SD (Session ID) and PID (Peer ID) are transmitted together. The notification notification server 20 transmits the SD and PID to the authentication server 30 . The authentication server 30 generates a random number and a sequentially assigned channel number (hereinafter referred to as a 'sequential channel number') to the notification notification server 20 when the received SD and PID match the values in the server DB. transmit The notification server 20 transmits the random number value and the sequential channel number received from the authentication server 30 to the user terminal 10 (②).

After combining the received random number value with user terminal information, it is hashed and transmitted to the notification notification server 20 together with the sequential channel number (③). The hash value received from the user terminal 10 is hashed once more as a unique value of the notification notification server, and the final hash value and the sequential channel number are transmitted to the authentication server 30 (④).

The authentication server 30 checks whether the received final hash value matches the hashed authentication hash value by combining it with a random number using the user terminal information and combination information previously stored in the block chain 40 (⑤) . Communication channel opening is allowed while transmitting a sequential channel number when authentication is successful, and communication channel opening is not allowed when authentication fails (⑥).

As shown in FIG. 12, when an encrypted communication channel is established between the user terminal 10 and the notification notification server 20, a sequential channel number is assigned, as shown in the above example, the family first in which viewing of the attached image is not permitted. In order for the user terminal to check the attached image of the second user terminal of the family in which the viewing of the attached image is permitted, the packet on the encrypted communication channel must be hijacked. However, when the packet is hijacked, the sequential channel number is inevitably hijacked as well. Therefore, when the authentication server 30 detects that a packet is transmitted using a sequential channel number generated earlier than the latest sequential channel number generated so far, it identifies that the packet is not a legitimate packet and closes the encrypted communication channel. As a way to discard it, security of attached images between already authenticated user terminals can also be performed.

That is, according to the encrypted channel opening method according to FIG. 12, even if the packet is stolen, the hashed value is hashed more than 100 times. Even if unpacked, it is a mixed hash (including random number values), so the valid time value has passed due to TTL application, making it impossible to hack the image notification notice information of electronic transmission. In addition, by using the sequential channel number Attached image security between authenticated user terminals can also be performed.

It is illegal to transmit personal information to a third party without the person's consent as it may cause disadvantages to individuals. The use of personal information by the apartment management manager (master user terminal) of the apartment A (master user terminal) is also using personal information, so prior permission must be obtained. In the present invention, a system for allowing and rewarding the use of personal information in advance will also be described. 13 is a flowchart illustrating a procedure for an individual to input information and utilize it.

Individuals who want to use their own information enter their personal information through the input screen provided in the information management app (step ⓐ). The entered information is transmitted to the personal information service provider (step ⓑ) and the information is stored in the personal information DB (step ⓒ). Along with this, personal information is encrypted and stored in the blockchain network 40 after generating a personal digital key (step ⓓ).

After accessing the personal information service provider, the terminal of the enterprise that wants to utilize personal information searches for the desired information and inquires the personal information within the required range (step ⓔ). These inquiry details are notified to the personal terminal information management app, and a certain point or pay is provided to the point e-wallet as a reward (step ⓕ), and the inquiry record is also distributed and stored in the blockchain network 40 network (step ⓖ) .

After selecting the desired individual from the personal information inquired in step ⓔ, the terminal of the utilizing company requests to purchase only the selected personal information data (step ⓗ). The personal information service provider notifies the information management app of the personal terminal that such a purchase has occurred, and asks for consent (step ⓘ). The personal terminal owner notifies the personal information service provider of consent or refusal (step ⓙ), and the personal information service provider transmits only the personal information of the individual for whom consent has been obtained (step ⓚ), and the blockchain network (40 ) After distributing the inquiry record in the network (step ⓛ), notify the personal terminal that personal information has been sold and provide a certain point or pay to the point e-wallet (step ⓜ).

Of course, the personal terminal in FIG. 13 may be a terminal (smartphone) owned by the resident of Apartment A, and the terminal of the utilizing company may be the terminal of the apartment manager A. When the apartment manager A purchases the personal information of the resident according to the procedure shown in FIG. 13 , the agreed resident information is stored in the terminal of the apartment manager A. In this state, the use of the information of the resident (Famiril user terminal) with the consent of the apartment manager A (master user terminal) is permitted to be used by the resident only for the purpose of apartment management. Therefore, if the manager of Apartment A arbitrarily provides the resident information possessed by the apartment manager to a merchant who opens a market in the apartment, it is illegal because it is outside the scope of use permitted by the resident. Since the problem of using personal information will become more and more important in the future, the present invention proposes a method for systematically managing it.

14 is a flowchart for explaining a flow of obtaining personal information from a personal terminal when there is a personal terminal in which personal information is first purchased and stored and stored. A state in which data of resident A, which was purchased first, is stored in the terminal of the apartment manager A will be described as an example.

The manager of apartment A prepares to transmit the resident information of apartment A that he has to the data platform (step ①). Transmission preparation can be done in various ways, for example, through API Sync. The data platform is a module that identifies the format of personal information held by an individual or group through API Sync, converts it into a format to be stored in the DB, and stores it in the personal information DB. Of course, the personal information service provider may be a single component provided in the notification notification server or may be implemented as a separate service provider.

The personal information service provider asks the residents of Apartment A whether they can provide the resident information they have within the scope of use and asks for their consent (step ②). Such a consent request can be sent by text message, etc., and information such as the url of the data platform is provided. If the resident of Apartment A agrees or refuses, the consent or rejection information is transmitted to the data platform (step ③). The data platform stores only the resident information of apartment A that has received consent from the personal information of the resident transmitted from the terminal of the apartment manager A in the personal information DB (step ④). At the same time, personal information is encrypted and a personal digital key is generated and stored in a distributed manner in the blockchain 40 network (step ⑤).

A company that wants to utilize personal information (smartphones, merchants opening an apartment market A) forms API Sync, connects to the personal information DB, and inquires about the personal information of apartment residents who have agreed to use personal information (step ⑥). After notifying the occupants of apartment A who used personal information and paying compensation (points or pay) at the same time (step ⑦), the inquiry records are distributed and stored on the blockchain 40 network to make the access records transparent Save (step ⑧). Subsequent steps proceed according to the flow presented in FIG. 13 .

15 is an example of a screen for inputting personal information through the information management app presented in step ⓐ of FIG. 13 and the screen viewed in step ⓔ of FIG. 13 . As shown in Fig. 15 (a), details are written in the input items, and whether each input item is disclosed or not is checked. The information presented in Fig. 15(a) is stored in the personal information DB, but when it is inquired by the terminal of the utilizing company, as shown in Fig. 15(b), the input item that refuses to be disclosed is removed, and the input item that is allowed to be disclosed is data A portion is provided after blanking. When a company that uses personal information purchases personal information, it will provide the input items that are allowed to be disclosed without blank processing.

A flow of creating a list of family users by the manager of apartment A using the processing flow shown in FIGS. 13 and 14 will be summarized. First, each family user terminal receives personal information (step b1), stores the personal information of the family user terminal input in step b1 as a personal information database (step b2), and the master user terminal stores the personal information database Obtain personal information of a plurality of family user terminals by inquiring (step b3). The personal information obtained in step b3 is information that cannot be used because at least some items are blanked. The master user terminal makes a purchase request for at least some of the personal information obtained in step b3 (step b4) and receives the requested personal information from the personal information database to the master user terminal (step b5). The master terminal will be able to create a list of family users by using the personal information transmitted in step b5 (step b6).

In the above, preferred embodiments of the present invention have been described and illustrated using specific terms, but such terms are only for clearly describing the present invention, and the embodiments and described terms of the present invention are the spirit and scope of the following claims. It is obvious that various changes and changes can be made without departing from it. Such modified embodiments should not be separately understood from the spirit and scope of the present invention, but should be considered to fall within the scope of the claims of the present invention.

10: user terminal
15: analysis server
20: notification notification server
30: authentication server
40: Blockchain

Claims (10)

delete delete A master user terminal that prepares and sends a notification notice document composed of a title, content, and attached image, a plurality of family user terminals that receive the notification notice document, and an authentication server for authenticating the master user terminal and the family user terminal and a notification server configured to transmit the notification document between the master user terminal and the family user terminal, the method for transmitting the notification document from the notification server,
A first step of receiving the unique information of the master user terminal, the family user list, and the notification notice document from the master user terminal;
a second step of transmitting the unique information of the master user terminal received in the first step and an attached image constituting the notification notification document to the authentication server;
A third step of receiving and generating a random number after authenticating the unique information of the master user terminal and the notification notification document from the authentication server;
After transmitting the random number received in the third step to the master user terminal, the random number, the master user terminal unique information, and the attached image (hereinafter referred to as '(random number, unique information, attached)' a fourth step of receiving a hash value generated by hashing the
A fifth step of hashing the (random number, unique information, attached) hash value transmitted in the fourth step once more and transmitting it to the authentication server; and
a sixth step of receiving an authentication result from the authentication server, and storing a notification notice document in the master user terminal when authentication is performed;
A seventh step of transmitting the title and content of the notification notice document to the plurality of family user terminals corresponding to the family user terminal list in a push manner;
An eighth step of receiving a request for an attached image from the family user terminal;
A ninth step of forming a timestamp in the attached image according to the request of the eighth step; and
A tenth step of delivering the attached image with a timestamp formed thereto to the family user,
Transmitting a notification notice document from the notification notification server, characterized in that the communication between the master user terminal and the notification server is performed in an encrypted communication channel,
The encrypted communication channel is
Step a1 of receiving a request to open a communication channel while receiving SD (Session ID) and PID (Peer ID) from the master user terminal;
a second step of transferring the SD and the PID to the authentication server 30;
a3 step of transmitting the random number value to the master user terminal after receiving the random number value and the sequentially assigned channel number (hereinafter referred to as 'sequential channel number') from the authentication server;
a4 step of receiving a hashed first hash result using the unique information and random number value of the mast user terminal from the master user terminal;
a5th step of transmitting a final hash value obtained by hashing the first hash value received from the master user terminal as a unique value of the notification server once more and a sequential channel number to the authentication server;
A method of transmitting a notification notification document from a notification notification server, characterized in that when authentication is successful from the authentication server, the communication channel to which the sequential channel number is assigned is opened using step a6.
A master user terminal that prepares and sends a notification notice document composed of a title, content, and attached image, a plurality of family user terminals that receive the notification notice document, and an authentication server for authenticating the master user terminal and the family user terminal and a notification server configured to transmit the notification document between the master user terminal and the family user terminal, the method for transmitting the notification document from the notification server,
A first step of receiving the unique information of the master user terminal, the family user list, and the notification notice document from the master user terminal;
a second step of transmitting the unique information of the master user terminal received in the first step and an attached image constituting the notification notification document to the authentication server;
A third step of receiving and generating a random number after authenticating the unique information of the master user terminal and the notification notification document from the authentication server;
After transmitting the random number received in the third step to the master user terminal, the random number, the master user terminal unique information, and the attached image (hereinafter referred to as '(random number, unique information, attached)' a fourth step of receiving a hash value generated by hashing the
A fifth step of hashing the (random number, unique information, attached) hash value transmitted in the fourth step once more and transmitting it to the authentication server; and
A sixth step of receiving an authentication result from the authentication server, and storing a notification notice document in the master user terminal if authentication is performed;
Transmitting a notification notice document from the notification notification server, characterized in that the communication between the master user terminal and the notification server is performed in an encrypted communication channel,
The encrypted communication channel is
Step a1 of receiving a request to open a communication channel while receiving SD (Session ID) and PID (Peer ID) from the master user terminal;
a second step of transferring the SD and the PID to the authentication server 30;
a3 step of transmitting the random number value to the master user terminal after receiving the random number value and the sequentially assigned channel number (hereinafter referred to as 'sequential channel number') from the authentication server;
a4 step of receiving a hashed first hash result using the unique information and random number value of the mast user terminal from the master user terminal;
a5th step of transmitting a final hash value obtained by hashing the first hash value received from the master user terminal as a unique value of the notification server once more and a sequential channel number to the authentication server;
A method of transmitting a notification notification document from a notification notification server, characterized in that when authentication is successful from the authentication server, the communication channel to which the sequential channel number is assigned is opened using step a6.
5. The method of claim 3 or 4,
As a step performed before the first step,
A step b1 of inputting personal information by each of the family user terminals;
Step b2 of storing the personal information of the family user terminal input in step b1 as a personal information database;
A step b3 of the master user terminal acquiring personal information of a plurality of family user terminals by inquiring the personal information database;
- At least some items of the personal information obtained in step b3 are blank and cannot be used-
a step b4 of the master user terminal requesting to purchase at least some of the personal information obtained in step b3;
Step b5 of transmitting the personal information requested for purchase of step b4 from the personal information database to the master user terminal;
- The personal information obtained in step b3 is not blank-
A method of transmitting a notification notice document from a notification notification server, comprising the step b6 of generating the list of family users by using the personal information transmitted in step b5.
delete delete delete A master user terminal that prepares and sends a notification notice document composed of a title, content, and attached image, a plurality of family user terminals that receive the notification notice document, and an authentication server for authenticating the master user terminal and the family user terminal and a notification server configured to transmit the notification document between the master user terminal and the family user terminal, wherein the notification server comprises:
The master user terminal receives the unique information of the master user terminal, the family user list, and the notification document, and transmits the received unique information of the master user terminal and the attached image constituting the notification document to the authentication server. and, after authenticating the unique information of the master user terminal and the notification notification document from the authentication server, generating and receiving a random number, and transmitting the received random number to the master user terminal, the random number from the master user terminal , a hash value generated by hashing the master user terminal unique information and the attached image (hereinafter referred to as '(random number, unique information, attachment)'), and the received (random number, unique information, attachment) hash Hashing the value once more and transmitting it to the authentication server, receiving an authentication result from the authentication server, and storing a notification notice document in the master user terminal when authentication is performed,
Communication between the master user terminal and the notification server is characterized in that it is performed in an encrypted communication channel,
The encrypted communication channel is
While receiving SD (Session ID) and PID (Peer ID) from the master user terminal, a communication channel opening request is received, the SD and the PID are transmitted to the authentication server 30, and a random number value is sequentially received from the authentication server After receiving the assigned channel number (hereinafter referred to as 'sequential channel number'), the random number value is transmitted to the master user terminal, and the master user terminal uses unique information and random number values of the master user terminal from the master user terminal. Receive the hashed first hash result, and transmit the final hash value and the sequential channel number hashed once more by hashing the first hash value delivered from the master user terminal to the unique value of the notification server to the authentication server, , Notification notification server, characterized in that when authentication is successful from the authentication server, the communication channel to which the sequential channel number is assigned is opened and established.
A master user terminal that prepares and sends a notification notice document composed of a title, content, and attached image, a plurality of family user terminals that receive the notification notice document, and an authentication server for authenticating the master user terminal and the family user terminal and a notification server configured to transmit the notification document between the master user terminal and the family user terminal, wherein the notification server comprises:
The master user terminal receives the unique information of the master user terminal, the family user list, and the notification document, and transmits the received unique information of the master user terminal and the attached image constituting the notification document to the authentication server. and, after authenticating the unique information of the master user terminal and the notification notification document from the authentication server, generating and receiving a random number, and transmitting the received random number to the master user terminal, the random number from the master user terminal , a hash value generated by hashing the master user terminal unique information and the attached image (hereinafter referred to as '(random number, unique information, attachment)'), and the received (random number, unique information, attachment) hash Hashing the value once more and transmitting it to the authentication server, receiving an authentication result from the authentication server, and storing a notification notice document in the master user terminal when authentication is performed,
The notification server
Transmitting the title and content of the notification notice document to a plurality of the family user terminals corresponding to the family user terminal list in a push manner, receiving a request for an attached image from the family user terminal, and adding time to the attached image according to the request Forming a stamp and delivering the attached image with the timestamp formed to the family user,
The encrypted communication channel is
While receiving SD (Session ID) and PID (Peer ID) from the master user terminal, a communication channel opening request is received, the SD and the PID are transmitted to the authentication server 30, and a random number value is sequentially received from the authentication server After receiving the assigned channel number (hereinafter referred to as 'sequential channel number'), the random number value is transmitted to the master user terminal, and the master user terminal uses unique information and random number values of the master user terminal from the master user terminal. Receive the hashed first hash result, and transmit the final hash value and the sequential channel number hashed once more by hashing the first hash value delivered from the master user terminal to the unique value of the notification server to the authentication server, , Notification notification server, characterized in that when authentication is successful from the authentication server, the communication channel to which the sequential channel number is assigned is opened and established.

Images