KR20130021774A - Method for providing security service based on digital certificate and system for providing security service based on digital certificate - Google Patents

Method for providing security service based on digital certificate and system for providing security service based on digital certificate Download PDF

Info

Publication number
KR20130021774A
KR20130021774A KR1020110084242A KR20110084242A KR20130021774A KR 20130021774 A KR20130021774 A KR 20130021774A KR 1020110084242 A KR1020110084242 A KR 1020110084242A KR 20110084242 A KR20110084242 A KR 20110084242A KR 20130021774 A KR20130021774 A KR 20130021774A
Authority
KR
South Korea
Prior art keywords
certificate
key
user
file
security
Prior art date
Application number
KR1020110084242A
Other languages
Korean (ko)
Inventor
서정훈
Original Assignee
주식회사 스마트솔루션
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 스마트솔루션 filed Critical 주식회사 스마트솔루션
Priority to KR1020110084242A priority Critical patent/KR20130021774A/en
Publication of KR20130021774A publication Critical patent/KR20130021774A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

In today's wired and wireless Internet environment, the storage and transmission of data is carried out through a myriad of host computers, sub-computers and networks, and in the process, the contents of the data may be stolen, tampered with, or forged. The most obvious way to stay secure in these situations is to encrypt the content of the data so that it is not visible to third parties.
The present invention devises a technology for continuously managing a public key of an electronic certificate that is revoked every year, and a method for easily obtaining a public key of a counterpart required by the general public, and based on this.
How to provide security services including security service application and certificate registration procedures, key file registration procedures,
User who owns computer and mobile phone, online service subject that provides e-mail service to user, user registration information including e-mail account, certificate file (public key), mobile number and key file of revoked certificate Security service system consisting of Security Gateway to provide to,
The above method and system are used to provide security services such as secure mail, cloud, electronic notice, message, voice call (VoIP), and the like.
The present invention not only solves the security problems occurring in the wired and wireless Internet, but also can provide solutions to existing portal operators such as 'Naver' and 'Daum' who have 'security' as their homework. It is easy to connect with the public, and the public security in our society in a short time can be minimized by minimizing the cost burden of the online service subject and the security service user by utilizing the certificate that has been verified as a social security infrastructure and possessed by everyone in the economically active population. It has the effect of spreading to services.

Figure P1020110084242

Description

Method for providing security service based on digital certificate and system for providing security service based on digital certificate}

The present invention relates to a method and a system for providing an electronic certificate-based security service that makes it easy for the general public to use a data encryption technology using a digital certificate.

Recently, as internet technology is combined with smartphone and cloud technology, it is possible to access and use information anytime and anywhere. This is consistent with the modern man's desire for convenience, immediateness and diversity. However, as the usefulness is great, the side effects are also great. In 2011 alone, security accidents such as Nonghyup, Hyundai Capital, and Nate (hacking of personal information about 35 million people) continue to occur. These security incidents are not limited to the Internet. We can easily anticipate that the stage of hacking will cross into smartphones and clouds in the future.

Smartphones are expected to exceed 20 million units by the end of 2011. Recently, various media and research institutes have directly reported that the smartphone is very vulnerable to hacking of illegal applications and Wi-Fi. Smartphone banking and smartphone trading people are also using smartphones knowing that there is a security problem. There is no special alternative to security at this time.

If a message sent or received privately in a messenger service such as KakaoTalk, which has 13 million members in just one year of service, is hacked or leaked due to server carelessness, it will cause a huge social wave. Already, we are well aware of the fact that extremely private content is stored in the KakaoTalk server as a police seizure search warrant.

As a recent megatrend, cloud computing, which is expected to grow drastically, is also a security issue. Cloud computing ranks first in the 2010-2011 consecutive year (second place in 2009) among the 10 strategic technologies selected by IT research firm Gartner. Internet research firm IDC forecasts the global market for cloud computing to reach 109 trillion won in 2014 from 39 trillion won in 2010. The domestic market is also expected to explode from KRW 106.7 billion in 2010 and KRW 163.9 billion in 2011 to KRW 2.45 trillion in 2014, and domestic private cloud users have recently surpassed 10 million.

However, according to IBM, 77 percent of cloud computing surveyed companies are most concerned about security issues, such as hacking of archived data. IDC also found that 87.5% of the companies pointed to security issues. Cloud services, by their very nature, store data from businesses and individuals in cloud storage. Cloud users will not use the cloud if their data is likely to be hacked.

As seen above, security incidents in smartphones and the cloud are likely to lead to sensitive data leakage of companies and individuals. In the wired and wireless Internet environment, data is stored and transmitted and received through a myriad of host computers, sub-computers, and networks. In the process, the contents of data may be stolen, tampered with, or forged. The most obvious way to stay secure in these situations is to encrypt the content of the data so that it is not visible to third parties. Data encryption should ensure that neither the cloud server administrator nor the mail server administrator can access the customer's data. This allows customers to use the cloud with peace of mind and to send their mail with confidence.

Current data encryption technologies include symmetric key cryptography and public key cryptography. Symmetric key cryptography uses the same key for encryption and decryption, while public key cryptography uses a public key for encryption and a private key for decryption.

Symmetric key cryptography has the advantage of fast encryption due to its relatively simple encryption algorithm, but has the disadvantage of difficult key management. Keys should be produced and managed by the number of counterparts to exchange keys, and delivered to the counterparts so that keys are not exposed.

Public key cryptography takes relatively long time to encrypt because the encryption algorithm is relatively complex, but it has the advantage of easy key management. The user receives two keys from the public key issuer, one is used as the public key, and the other (private key) is managed by the user. In other words, only one private key needs to be well managed in the public key method.

Therefore, a hybrid method that combines the advantages of symmetric key cryptography and public key cryptography is used as a data encryption method. If you use a symmetric key to encrypt data with a lot of content to encrypt, and the symmetric key with short content to encrypt is encrypted with the other party's public key and then forwarded to the other party, the other party opens the public key with their private key and obtains the symmetric key. Decrypt the data with a symmetric key. If the hybrid method is used, even if the data is hacked, it is only a waste value, so the data can be safely managed.

But even the best hybrid of existing data encryption technologies has to be overcome in order for the general public to easily use it. First, electronic certificates are renewed and revoked once a year for security management purposes. In other words, there is no technology that can decrypt the document encrypted with the public key before it is discarded. Second, there is no easy way to obtain the public key of the other party that the general public needs from over 25 million public keys.

On the other hand, Patent Document 1 discloses a technique using an electronic certificate to improve the security of the web-based email.

The first core content of the patent document 1, the electronic signature on the e-mail to the other party to check whether the e-mail creator is the real author. In order to achieve this effectively, both the user's certificate file (public key) and the key file (private key) should be registered on the service provider's server. Providing is the second core content of Patent Document 1.

The problem which the said patent document 1 has is largely two. First, the cited patent only confirms the authenticity of the e-mail author, but does not provide a method of encrypting the mail content itself. That is, it does not solve the problem of exposing mail contents to the outside at all. The actual e-mail user wants the contents of the e-mail written by him, rather than the authenticity of the e-mail author, to be delivered to the recipients in a state where it is not exposed or altered by a third party.

Second, Patent Document 1 takes a method of entrusting and storing an entire electronic certificate including a key file (private key) to a service provider, which causes another security problem. Private keys are important personal authentication information, such as seal stamps, and leaving them to others is a risk. It's like leaving my seal in the hands of others. There is a possibility that another person illegally acquires the electronic certificate including the private key and transfers the money from the bank account of the owner of the electronic certificate. This is why the Financial Supervisory Service and the Ministry of Public Administration and Security do not keep electronic certificates on hard disks of PCs that are likely to be hacked.

In conclusion, Patent Document 1 does not provide a method of easily encrypting the data and used by the general public. Most Internet users expect that data encryption technology will be available to the Internet server administrators or Internet hackers so that even if they open data such as mail, they cannot know what the data is.

The present invention starts from the worries to solve these problems, and focuses on the effective use of the already established and disseminated certificate infrastructure rather than propose a new solution.

Patent Document 1: Republic of Korea Patent Registration No. 10-0506700

The present invention, which was devised to solve the above-described problem, enables the decryption of data encrypted with a previous electronic certificate even after the renewal or reissuance of the electronic certificate, and the public key of the other party required for various security services by the general public. It is an object of the present invention to provide a method and system for providing an electronic certificate-based security service that can be easily obtained.

In accordance with an aspect of the present invention, there is provided a method for providing an electronic certificate-based security service, wherein a user accesses a web site provided by a service subject through a computer and applies for a security service. Registering the user's e-mail account, certificate file (public key), mobile phone number to the S / G during the service application process, and storing the certificate (private key, public key) to the user's mobile phone at the same time as the user information registration Security service application and certificate registration procedures; After the registration process, the user renews or reissues an existing certificate stored in the computer, the user executes a web (or dedicated) program on the computer to access a security service, and the program sends the certificate file to the S / G. Key), S / G checks the validity (revocation) of the requested certificate file, if it is not valid, S / G requests the user to register a new certificate file, and the user requests a new certificate file. Registering the S / G through the program, the user storing the new certificate stored in the computer through the program in the mobile phone, decrypting the key file of the existing certificate with the existing certificate password through the user mobile phone, and decrypting the decrypted key. Key file consisting of encrypting the file with the public key of the new certificate and registering the resulting key file with the S / G It may be made, including; registration.

At this time, the user runs a web (or dedicated) program on the computer and logs in with his or her email account, writes a mail through the program and selects a secure mail service, and the recipient's email specified in the mail is written. Requesting the recipient's certificate file by sending the account to S / G, checking whether the recipient is registered with the payee, and inquiring the validity of the certificate (if discarded) to the certification authority if S / G is registered, S / G G is the recipient registration and the result of the validity of the certificate and if the certificate is valid, sending the certificate file to the program; in the case of an unregistered or invalid certificate, notifying the processing of secure e-mail or, if valid, notifying the start of transmission; In this case, the encryption key is generated, the contents of the mail are encrypted with the generated encryption key, and the transmitted certificate wave Encrypting the encryption key with a (public key), generating a secure mail including an encrypted encryption key, encrypted mail contents, and a key ID of the certificate file, and transmitting the generated secure mail to a recipient via a service subject; Secure mail transmission procedure performed in a step; A user running a web (or dedicated) program on a computer and logging in to his or her email account, selecting a secure mail received through the program, selecting his or her certificate through the program, Comparing the key ID included in the secure mail with the key ID included in the selected certificate; if there is a match, inputting the password of the selected certificate by the user through the program; and using the input password, the key file of the selected certificate. Extracting the private key by decrypting the data; extracting the encryption key by decrypting the encrypted encryption key included in the secure mail with the extracted private key; decrypting the contents of the mail encrypted with the extracted encryption key; If it does not match, the program stores the key ID included in the selected secure mail and the Requesting a key file list by transmitting the key ID of the selected certificate to the S / G, generating a key file list corresponding to the key ID transmitted from the user's certificate list stored in the DB; The S / G transmits the generated key file list to the program upon success, determining whether to generate the key file list, repeating the step of selecting a certificate if not generated, and using the password of the selected certificate if it is generated. Inputting, extracting a private key by decrypting a key file of the selected certificate with the input password, ① extracting a private key by decrypting a subordinate key file from a list of key files transmitted by the extracted private key Determining whether the key ID of the extracted private key is the same as the key ID of the selected security mail, and if not, repeat the previous step ①. In the same case, the encryption is performed by decrypting the encrypted encryption key included in the selected security mail with the extracted private key, and decrypting the encrypted mail contents included in the selected security mail with the extracted encryption key. It can also improve the security of the mail service, including the mail viewing procedure.

In addition, after the user registers, the user executes a web (or dedicated) program on the computer and logs in to his or her email account, selects and uploads a secure cloud service through the program, and uploads a file to be shared with other users. Selecting the step, the other user's e-mail account to be shared to S / G by sending a request for a certificate file of yourself and other users, S / G to check whether the user and other users to share And inquiring the validity of the certificate (if discarded) to the certification authority if registered, the result of the registration of the user and other users to be shared with the user, the result of the certificate validity, and the certificate files if the certificate is valid. In the case of an unregistered or invalid certificate, the security cloud can not be processed or notified. In one case, a step of notifying transmission start, generating an encryption key if valid, encrypting the selected file with the generated encryption key, encrypting the encryption key with each of the transmitted certificate files (public key), and then e-mailing another user to share with the user. Repeatedly generating an encrypted encryption key corresponding to an account, a key ID of a certificate file, and header information of three pairs of an email account, and generating a security file including an encrypted file in the generated information, generated security A secure cloud upload procedure performed by uploading a file to a service principal; A user running a web (or dedicated) program on a computer and logging in to his or her email account, selecting a security file uploaded through the program, selecting his certificate through the program, Comparing the key ID of the header information corresponding to the user's e-mail account with the key ID included in the selected certificate among the header information included in the security file, and if the user enters a password of the selected certificate through the program, Step, extracting the private key by decrypting the key file of the selected certificate with the input password, extracting the encryption key by decrypting the encrypted encryption key included in the security file with the extracted private key, encryption with the extracted encryption key Decrypting the encrypted file, if it does not match during the comparison. Requesting a key file list by transmitting a key ID of header information corresponding to a user's e-mail account and a key ID of the selected certificate among the header information included in the selected security file to the S / G. Generating a key file list corresponding to the key ID transmitted from the certificate list of the user stored in the DB, transmitting the generated result and the generated key file list to the program by the S / G, generating the key file list Determining whether or not, repeating the certificate selection step if not generated, if the user inputs the password of the selected certificate, and extracting the private key by decrypting the key file of the selected certificate with the input password , ② the key to decrypt the file during the primary sub-list of transport the extracted key file private key steps to extract the private key extraction To perform the key ID of inki those included in the selected Secure Email step to equality judgments and key ID associated with your e-mail account, repeat if not the same prewar steps ② and if the same select the key extracted Personal Security files Including the decryption of the encrypted encryption key to extract the encryption key, the security cloud viewing procedure performed by the decrypted encrypted file included in the selected security file with the extracted encryption key; You can also improve the security of your cloud services.

In addition, after the user goes through the registration process, the e-Notification authority sends the user's e-mail account to the S / G to request the user's certificate file, authentication if the S / G is registered and confirmed the user Asking the authority for the validity of the certificate (revocation), S / G sending the certificate file to the e-notice authority if the result of the user registration and the certificate validity and the certificate are valid, unregistered or invalid. In case of uncertified certificate, notifying the processing of secure electronic notification or generating a bill if valid, generating an encryption key, encrypting the invoice to be transmitted with the generated encryption key, encrypting the encryption key with the transmitted certificate file (public key), and encrypting Generating a security claim including an encrypted encryption key, an encrypted bill, and a key ID of the certificate file; Secure e-bill invoice transmission step performed by sending to the subject; A user running a web (or dedicated) program on a computer and logging in to his or her email account, selecting a security bill received through the program, selecting his certificate through the program, Comparing the key ID included in the security bill with the key ID included in the selected certificate; if there is a match, inputting the password of the selected certificate by the user through the program; and using the input password, the key file of the selected certificate. Extracting the private key by decrypting the data; decrypting the encrypted encryption key included in the security bill with the extracted private key; extracting the encryption key; decrypting the invoice encrypted with the extracted encryption key; matching in the comparison process If not, the program and the key ID contained in the selected security bill and Requesting a key file list by transmitting the key ID of the selected certificate to S / G, generating a key file list corresponding to the key ID transmitted from the certificate list of the user stored in the DB by S / G, and generating a result And if the S / G transmits the generated key file list to the program, determining whether the key file list is generated, and if not generated, repeating the certificate selection step and responding with the password of the selected certificate. Inputting, decrypting a key file of the selected certificate with the input password, extracting a private key , and ③ extracting a private key by decrypting a next lower key file from a list of key files transmitted with the extracted private key If, not the key ID of the extracted private key identical to the steps of determination are the same as the key ID of the selected security bill, repeatedly before last step And extracting the encryption key by decrypting the encrypted encryption key included in the selected security mail with the extracted private key, and decrypting the encrypted bill included in the selected security bill with the extracted encryption key. It may also enhance the security of e-notice services, including billing procedures.

In addition, after the user has registered, the user executes a dedicated program on the computer and logs in to his or her e-mail account, selects a security message service and selects a recipient through the program, and the program selects the recipient's e-mail. Requesting the recipient's certificate file by sending the account or mobile number to S / G, and checking the validity of the certificate (if discarded) with the certification authority if S / G checks whether the recipient is registered. S / G transmits the certificate file to the program if the result of the recipient registration and certificate validity is valid and the certificate is valid.In the case of an unregistered or invalid certificate, the S / G informs the user that the security message cannot be processed or starts the service if valid. Informing, if valid, the program calls the service entity to the receiver Requesting, calling the receiver by the service subject, activating the receiver's dedicated program in response to the call, selecting whether the receiver is to be received, or if rejecting, ending the procedure and proceeding with the receiver's dedicated program Sending the user's email account or mobile phone number to the S / G to request the user's certificate file, and if the S / G confirms the user's registration and is registered, the validity of the certificate to the certification authority (if discarded) S / G sends the certificate file to the program if the result of the user's registration and certificate validity and the certificate is valid.In case of an unregistered or invalid certificate, it informs the user that the security message cannot be processed or is valid. If the service notifies the user, if valid, the user and the recipient each have their own certificate Security message transmission and reception procedure performed by inputting a password, and a dedicated program of a user and a receiver creates an SSL or TLS encrypted communication channel, encrypts and transmits a message to each other, and decrypts a received message. It can also improve security.

In addition, after the user has registered, the user executes a dedicated program on the computer and logs in to his or her e-mail account, selects a security message service and selects a recipient through the program, and the program selects the recipient's e-mail. Requesting the recipient's certificate file by sending the account or mobile number to S / G, and checking the validity of the certificate (if discarded) with the certification authority if S / G checks whether the recipient is registered. S / G transmits the certificate file to the program if the result of the recipient registration and certificate validity is valid and the certificate is valid.In the case of an unregistered or invalid certificate, the S / G informs the user that the security message cannot be processed or starts the service if valid. Informing, the program, if valid, notifies the service subject of the recipient's call. Requesting, calling the receiver by the service subject, activating the receiver's dedicated program in response to the call, selecting whether the receiver is to be received, or if rejecting, ending the procedure and proceeding with the receiver's dedicated program Sending the user's email account or mobile phone number to the S / G to request the user's certificate file, and if the S / G confirms the user's registration and is registered, the validity of the certificate to the certification authority (if discarded) S / G sends the certificate file to the program if the result of the user's registration and certificate validity and the certificate is valid.In case of an unregistered or invalid certificate, it informs the user that the security message cannot be processed or is valid. If the service notifies the user, if valid, the user and the recipient each have their own certificate A secure voice call transmission / reception procedure performed by inputting a password, and a dedicated program of a user and a receiver creates an SSL or TLS encrypted communication channel, encrypts and transmits voice information to each other, and decrypts the received voice information. This can improve the security of the voice call service.

Electronic certificate-based security service providing system according to an embodiment of the present invention, a user having a computer and a mobile phone; An online service entity providing an email service to a user; And S / G for registering a user registration information including an e-mail account, a certificate file (public key), and a mobile phone number, and a key file of the revoked certificate.

In this case, the S / G is to provide the user with the recipient's certificate file so that the user can create a secure mail and send it to the recipient, and to provide the user with a list of revoked certificate key files so that the user can read the received secure mail. Can be.

In addition, the S / G provides the user with a certificate file of the user and other users to be shared so that the user can upload the security file to the cloud server of the service subject, and the key of the revoked certificate to view the uploaded security file. It may be to provide a list of files to the user.

In addition, the S / G provides the user's certificate file to the agency so that the electronic notification authority can generate and send the security bill to the user, and the user can view the key file list of the revoked certificate so that the user can view the received security bill. It may be to provide to.

In addition, the S / G may be to provide a certificate file to the user and the recipient so that the user can send and receive security messages.

The S / G may also provide a certificate file to the user and the receiver so that the user can transmit and receive secure voice information.

An electronic certificate-based security service providing method according to an embodiment of the present invention includes a service server connected to a network to provide an online service, and a security server connected to a network and storing a certificate file and a user identification information including a public key. And a first terminal for accessing a network by a user or a shared user and a first security means driven by the first terminal, the method comprising: (A) a first terminal by a user to the first terminal; Driving the security means, designating the data to be shared with the user to be shared, and inputting a transmission command; (B) the first security means transmitting the identification information of the shared user to the security server and requesting a certificate file of the shared user; (C) the security server extracting the requested certificate file and checking the validity, and if it is valid, transmitting the extracted certificate file to the first terminal; (D) When the first terminal receives the certificate file, the first security means generates a first encryption key to encrypt the data to be shared, and then encrypts the first encryption key with the received certificate file to generate a second encryption key. Generating an encryption key and generating secure shared data including a key ID of the received certificate file, encrypted shared data and a second encryption key, wherein the secure shared data is stored in the service server; It may be shared with a sharing user.

At this time, when the shared user requests to view the secure shared data using the first terminal and selects his own certificate, (E) the first security means includes the key ID included in the secure shared data and the Comparing the key IDs of the certificates selected by the shared user to determine whether they match, and requesting the shared user to input a password if they match; (F) extracting a private key by decrypting a key file of a certificate by a password inputted by a shared user by the first security means; (G) extracting a first encryption key by decrypting a second encryption key of secure shared data with the private key extracted in step (F); And (H) decrypting, by the first security means, the encrypted shared data included in the secure shared data with the first encryption key.

In addition, the system further comprises a second terminal for backing up the certificate of the certificate file stored in the security server, and a second security means for driving in the second terminal, after the certificate of the user or shared user is renewed or reissued If the first terminal is connected to the security server, before the step (A), if the first security means requests a certificate file from the security server, the security server requests registration of a new certificate file. Making; The first security means for requesting registration of a new certificate file comprises: transmitting a certificate file accessed from a first terminal to the security server, and storing the new certificate in the second terminal; Requesting the user to input a password of the backed up certificate stored in the second terminal by the second security means; If the password of the backup certificate stored in the second terminal is input by the user, the second security means decrypts the private key of the backed up certificate, encrypts the decrypted private key with the public key of the new certificate, and then enters the key. Generating a file and transmitting the generated key file to the security server; And receiving, by the security server, the key file and storing the key file as a certificate list together with the certificate file.

Also, if the key ID included in the secure shared data and the key ID of the certificate selected by the shared user in step (E) do not match, instead of steps (F) and (G), (E-1) Transmitting, by the first security means, a key ID included in the secure shared data and a key ID of a certificate selected by the user to the security server; (E-2) The security server determines whether a key file corresponding to the key ID transmitted in the step (E-1) exists in the certificate list of the shared user stored in the security server. Generating and transmitting to the first security means the key file list generation failure signal to the first security means if not present; (E-3) When the first security means receives the key file list generation failure signal, the first security means receives the certificate again and transmits the certificate to the security server to feed back to step (E-2), and the first security means sends the key. Receiving a file list, inputting a password of the selected certificate from a user; (E-4) extracting the private key by decrypting the key file of the selected certificate with the password inputted in step (E-3); (E-5) extracting the private key by decrypting the next lower key file in the key file list by the private key extracted in the step (E-4); And (E-6) when the first security means determines whether the key ID of the private key extracted in step (E-5) is the same as the key ID of the security shared data, and if it is not the same (E-5). And extracting the first encryption key by decrypting the second encryption key included in the secure shared data with the extracted private key if the same is the same. It may be to access the data to be shared.

In addition, in the step (B) it may be to further request the user's certificate file.

In order to achieve the above object, the present invention

A user accessing a web site provided by a service principal through a computer to apply for a security service, registering a user's e-mail account, certificate file (public key), and mobile phone number with the security gateway in the security service application process. A security service application and certificate registration procedure comprising: storing a certificate (private key, public key) with a user's mobile phone at the same time as registering user information;

After the registration process, the user renews or reissues an existing certificate stored in the computer, the user executes a web (or dedicated) program on the computer to access the security service, and the program sends the certificate file (public key) to the Security Gateway. ) Requesting, the user registering a new certificate file to the Security Gateway through the program, the user saves the new certificate stored in the computer to the mobile phone through the program, the existing certificate password through the user mobile phone Decrypting the key file of the certificate, encrypting the decrypted key file with the public key of the new certificate, and registering the resulting key file in the Security Gateway;

Certificate-based security service providing method characterized in that it comprises a

Users with computers and mobile phones;

An online service entity providing an email service to a user;

A security gateway that registers user registration information including an e-mail account, a certificate file (public key), a mobile phone number, and a key file of a revoked certificate and provides the same to a user;

Certificate-based security service system, characterized in that consisting of.

And it provides a security service, such as secure mail, cloud, electronic notification, messages, voice calls (VoIP) using the system.

As described above, the present invention not only solves the security problems occurring in the wired and wireless Internet, but also easily connects to the portal infrastructure, and has been proven to be stable as a social security infrastructure. By utilizing the certificate, it can be spread to the popular security service in our society in a short time while minimizing the cost burden of the online service subject and the security service user.

In more detail, regardless of the renewal or revocation of the electronic certificate, it is possible to decrypt the encrypted data with only the private key of the user. Therefore, various security services can be developed and distributed based on this.

Second, my information (data, etc.) has the effect of providing a social system that gives me control. Just as you protect your property through a seal seal (a social system called a seal system) offline, you can create a social system that protects your information through your certificate (private key), the most powerful security method online.

Third, we present the world's first solution to the security problem, the biggest challenge of cloud computing, which is expected to grow significantly in the future. The security cloud provided by the present invention blocks the contents of data even if hacked. Cloud computing server administrators will not be able to access customer data, which will be a catalyst for spreading cloud computing.

Fourth, the security electronic notification (EBPP: Electronic Bill Presentment and Payment) method proposed by the present invention has the effect of greatly activating the EBPP including the smart phone electronic notification. More than 20 years have passed since the concept of EBPP emerged, but its application to industry is almost zero. This is because existing e-bills are treated as spam. The annual EBPP targets hundreds of millions of cases, including national and local taxes, four utility bills, and Jiro utility bills.

Fifthly, it is effective to fundamentally solve the spam mail problem. In other words, if the security mail is generalized, the e-mail cannot be sent without securing the public key of the other party, so the spam mail targeting the unspecified majority will disappear. This is because an online service subject not registered in advance cannot obtain a public key.

Sixth, the secure message / voice call (VoIP) method provided by the present invention has the effect of relieving hacking and eavesdropping and activating service use. The present invention will greatly enhance the security of a smartphone that is very vulnerable to illegal apps and WiFi hacking.

Finally, since the certificate can be used as a means of identity authentication to replace the social security number in all online services, the present invention has the effect of facilitating the activation of certificates, such as certificate login in the portal.

1 is a block diagram illustrating a security service application and certificate registration procedure of a preferred embodiment of the present invention.
2 is a table illustrating a result of performing the certificate registration step several times as it relates to an example of user registration information of a preferred embodiment of the present invention.
3 is a flowchart illustrating a key file registration procedure in a preferred embodiment of the present invention.
4 is a flowchart illustrating a secure mail transmission procedure in a preferred embodiment of the present invention.
5 is a flowchart illustrating a security mail reading procedure according to a preferred embodiment of the present invention.
6 is a detailed flowchart of a step of generating a key file list by receiving a security mail key ID and a certificate key ID during the security mail reading procedure.
7 is an example key file list of a preferred embodiment of the present invention.
8 is a flowchart illustrating a secure cloud upload procedure according to a preferred embodiment of the present invention.
9 is a flowchart illustrating a security cloud viewing procedure of a preferred embodiment of the present invention.
10 is a flowchart illustrating a security e-mail bill transmission procedure of a preferred embodiment of the present invention.
11 is a flowchart illustrating a security e-mail bill viewing procedure of a preferred embodiment of the present invention.
12 is a flowchart illustrating a security message transmission and reception procedure of a preferred embodiment of the present invention.
13 is a flowchart illustrating a secure voice call transmission and reception procedure according to a preferred embodiment of the present invention.
FIG. 14 is a diagram illustrating a specific example of generating a security file of FIG. 8 (S807).

Before describing the present invention, some technical terms will be briefly defined.

Public Key Cryptography-An asymmetric cryptography method using two cryptographic keys (public key and private key) with mathematical associations. The private key corresponding to one public key is unique. Security services using public key cryptography include encryption and digital signatures. Encryption is used to encrypt and transmit session keys in communication protocols such as SSL, and digital signatures are used for non-repudiation of transactions, such as Internet banking.

Digital Certificate (Public Certificate)-A public key cryptography requires a means of verifying the authenticity of the public key holder. An electronic certificate is a standard that provides a means to technically verify the authenticity of a public key holder. More technically, the electronic certificate is generated in the form of a file. More specifically, the electronic certificate is composed of a certificate file including a public key and a key file including a private key. The key file is a file generated by encrypting a private key with a certificate password, and the certificate file is a file including a public key signed with the private key of the authority that issued the certificate. In particular, the certificate file is public information.

KeyID-Every certificate contains a unique identification value, which is contained in both the certificate file and the key file. The key ID included in the same certificate and the key ID of the certificate file are the same. According to an embodiment of the present invention, the key ID is used as unique identification information of the public key and the private key.

Accredited Certificate-A type of electronic certificate that refers to a certificate issued by a government to civilians. It is mainly used for online financial transactions, electronic payments, and electronic tax invoices.

Public key infrastructure-To use public key cryptography, management of distribution and validity period of public key is required. The public key infrastructure is collectively referred to as technical specification and system for this.

* Certificate Authority-An organization that issues certificates that include public keys, manages the validity period of issued certificates, and informs certificate service providers (eg banks) of the validity period. An accredited certification body is a kind of certification authority that manages accredited certificates.

Certificate Renewal / Reissue / Revocation-If the certificate has expired or if the certificate is lost, the certificate can be revoked and the existing certificate can be renewed with a new certificate or a new certificate can be issued. The revoked certificate will be managed by the certification authority. The certification authority will notify the validity of the certificate if it is requested by the certificate service provider.

Security Gateway (hereinafter referred to as S / G)-Registers and manages certificate files (public key), e-mail accounts, mobile phone numbers, etc. and refers to security service providers that provide certificate files when requested by users.

Computers-Electronic devices with proprietary CPUs, operating systems, memory, and peripherals (HDD, SDD, NAND flash memory, etc.), including PCs, laptops, smart pads, and smartphones.

Mobile Phones-Personally portable phones, including feature phones and smartphones.

Dedicated Program-Refers to an application program for security services installed and operated on a computer.

Web program-means a web browser.

In this case, the dedicated program and the web program may be referred to as security means.

Online service subject (hereinafter referred to as service subject)-Refers to companies, financial institutions, and public institutions that provide online services such as portals. In particular, it is assumed that the online service subject basically provides an email service. The role of the existing online service principal is very important because targeting existing email users as the target of the service provided by the present invention is an effective and most realistic way to spread the service.

Security Service-Refers to a new concept of service provided by linking Email, Cloud, E-mail, Text Message, Voice Call Service and Security Gateway.

In this case, the data transmitted and received during the e-mail, cloud, electronic notice, text message, voice call may be referred to as shared data.

Security service user (hereinafter referred to as a user)-It is assumed that a customer using the security service possesses his computer and a mobile phone.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram illustrating a security service application and certificate registration procedure of a preferred embodiment of the present invention. The block diagram is largely divided into the S / G 10, the user 20, and the service principal 30. The S / G 10 further includes a security service server 11 that handles security services, a certificate file, and an e-mail. It is assumed that the DB (database 12 is configured to receive and manage an account, a mobile phone number, etc., and that the user 20 has his or her computer 21 and the mobile phone 22. The online service subject 30 It refers to companies, financial institutions, and public institutions that provide online services such as portals.

In this case, the S / G 10 may be referred to as a security server, the e-mail account, mobile phone number, etc. may be referred to as user identification information, the computer may be referred to as the first terminal, the mobile phone may be referred to as the second terminal, The online service subject may be referred to as a service server.

In the service execution procedure performed between the components described in FIG. 1, the user 20 accesses a web site provided by the service principal 30 through the computer 21 to apply for a security service (S101). Registering the email account, certificate file (public key), mobile phone number of the user 20 in the S / G (10) in the service application process (S102), the certificate stored in the computer 21 at the same time as the registration (certificate file And the key file) are stored in the mobile phone 22 (S103).

2 is a table illustrating a result of performing the certificate registration step several times as it relates to an example of user registration information of a preferred embodiment of the present invention. That is, the table shows the user's email account, mobile phone number, and certificate list. The first row of the table is the email account of the user 20, the second row is the mobile phone number, and the following is a list of certificates. The first column of the certificate list is the row number, the second column is the management number of the registered certificate, the third column is whether the certificate is revoked (1 is revoked, 0 is not revoked), and the fourth column is the certificate file. The fifth column represents the key file, and the sixth column represents the control number of the associated certificate.

3 is a flowchart illustrating a key file registration procedure in a preferred embodiment of the present invention. In the key file registration procedure, the user 20 receives or renews an existing certificate stored in the computer 21 (S301), and the user 20 executes a web (or dedicated) program to access a security service. Step S302, the program requesting a certificate file (public key) from the S / G (10) (S303), the S / G (10) checks the validity (disclosure) of the requested certificate file (S304), if it is not valid, the S / G 10 requests the user 20 to register the new certificate file (S305), and the user 20 sends the new certificate file to the S / G 10 through the program. Step (S306), the user 20 stores the new certificate stored in the computer 21 through the program (S307), the user 20 through the mobile phone 22 Decrypt the key file of the existing certificate with the existing certificate password, and use the decrypted key file as the public key of the new certificate. In operation S308, the encryption and registration of the resultant key file in the S / G 10 is performed.

The key file registration procedure will be described in detail with reference to FIG. 2. To do this, a more detailed description of the associated certificate is required. The association certificate refers to a new certificate used when registering the key file of the revoked existing certificate as the S / G 10 in the mobile phone 22 of the user 20. For example, in FIG. 2, the associated certificate of certificate 2009-001 is specified as certificate 2010-001, which is generated after certificate 2009-001 is renewed or reissued, and then certificate 2010-001. The decrypted key file (private key of certificate 2009-001) registered in the S / G 10 and stored in the mobile phone 22 of the user 20 and previously stored in the mobile phone 22 is the certificate. It is encrypted with the public key of 2010-001 and registered in the S / G 10. That is, the key file of the certificate 2009-001 stored in the mobile phone 22 is decrypted with the password of the certificate 2009-001 to extract the private key, and then the extracted private key is encrypted with the public key of the certificate 2010-001 and the result is S / G. Shows that the key file registration procedure to register in (10) has been performed.

4 is a flowchart illustrating a secure mail transmission procedure in a preferred embodiment of the present invention. In the secure mail transmission procedure, the user 20 executes a web (or dedicated) program on the computer 21 and logs in to his or her email account (S401). Selecting step (S402), the step of requesting the recipient's certificate file by sending the recipient's e-mail account specified in the mail created by the program (S403) (S403), S / G 10 registers the recipient Check whether the certificate is valid (if discarded) to the certification authority if the registration (S404), S / G (10) is the recipient registration and the result of the certificate validity and the certificate is valid if the certificate file Transmitting the program to the program (S405), in the case of an unregistered or invalid certificate, notifying the processing of the secure mail or notifying the start of the transmission if it is valid (S406), and generating an encryption key if it is valid. And encrypting the mail content with the generated encryption key, encrypting the encryption key with the transmitted certificate file (public key), and generating a secure mail including the encrypted encryption key, the encrypted mail content, and the key ID of the certificate file. In operation S407, the generated secure mail is transmitted to the recipient via the service principal 30 (S408).

A preferred example of the encryption method used for encrypting the mail content is a symmetric key cipher (Symmetric Cipher or Block Cipher). Symmetric key cryptography is optimal for the present invention because it is suitable for encrypting large amounts of data at high speed. However, stream ciphers are more appropriate for messages and voice calls.

5 is a flowchart illustrating a security mail reading procedure according to a preferred embodiment of the present invention. In the secure mail viewing procedure, the user 20 executes a web (or dedicated) program on the computer 21 and logs in to his or her email account (S501), selecting the secure mail received through the program. (S502), selecting the own certificate through the program (S503), comparing the key ID included in the selected certificate with the key ID included in the security mail (S504), if the match The user 20 inputs the password of the selected certificate through a program (S505), extracting a private key by decrypting the key file of the selected certificate with the input password (S506), and secure mail with the extracted private key. Extracting the encryption key by decrypting the encrypted encryption key included in the operation (S507), decrypting the contents of the mail encrypted with the extracted encryption key (S508), the same in the comparison process If not, the program transmits the key ID included in the selected security mail and the key ID of the selected certificate to the S / G (10) to request a list of key files (S509), the S / G (10) Generating a key file list corresponding to the key ID transmitted from the certificate list of the user 20 stored in the DB (12) (S510), S / G (10) to generate the result and the list of key files generated upon success Step S511, determining whether to generate a key file list (S512), if not generated, repeats the certificate selection step (S503) and generates a password of the selected certificate if the user 20 Step (S513), the step of extracting the private key by decrypting the key file of the selected certificate with the input password (S514), by decoding the next lower key file in the list of key files transmitted to the extracted private key Extracting the private key (S515), extraction Determining whether the key ID of the private key is the same as the key ID of the selected security mail (S516), if it is not the same, repeats S515 and if it is the same, encrypts the encrypted encryption key included in the selected security mail with the extracted private key. Decryption to extract the encryption key (S517), and decrypted the encrypted mail content included in the selected secure mail with the extracted encryption key (S518). Key file list generation during the above procedure will be described in more detail with reference to FIG. 6 and below.

6 is a detailed flowchart of a step of generating a key file list by receiving a security mail key ID and a certificate key ID during the security mail reading procedure, in a key file list generation process according to an exemplary embodiment of the present invention. In the process of generating a key file list, assigning an email account of the user 20 to a variable Account, a secure mail key ID to a variable KeyIDm, a certificate key ID to a variable KeyIDc, and 1 to a variable I (S601), to Account. Requesting the corresponding certificate list (see FIG. 2) to the S / G 10 DB 12 (S602), and retrieving the certificate management number of the certificate having KeyIDc as the key ID from the certificate list (S603). In the case where the search fails, informing the certificate non-registration and ending (S604), when the search is successful, the key file list (see FIG. 7) records the IDID in the second column and the KeyIDc in the second column, and the searched certificate management number in the variable M. Assigning I + 1 to variable I for the row number to which the retrieved certificate management number belongs to variable N (S605), assigning N-1 to variable N (S606), and determining whether the variable N is greater than zero. In step S607, if it is not large, it is determined that the security mail is not valid. And terminating (S608), if large, determining whether the associated certificate management number of row N is equal to M and the key ID of the row N certificate is equal to KeyIDm (S609); Recording the key file of the N row in the second row, the row of the N file certificate in the second row, and transmitting the key file list and ending (S610), if one or more of the two questions in step S609 are not the same, Determining whether the associated certificate management number is the same as M (S611), if not, repeat step S606, and if the same, the certificate management number of the first row of the key file list, the first row of N, the first row of N, and the second row of N of the key file In step S612, the process of repeating the step S606, assigning the certificate management number of the N rows to the variable M, I + 1 to the variable I (S613).

7 is a key file list example of a preferred embodiment of the present invention, assuming that the user registration information of FIG. 2, the key of the security mail encrypted with the key ID of the certificate of management number 2011-002 and the public key of the certificate of management number 2009-001 It relates to a list of key files generated under the assumption that the ID is transmitted to the S / G 10. Assuming the illustrated key file list, the sub-key file referred to in step S515 during the security mail reading procedure is described. The sub-key file corresponds to the key file of 2 rows and 2 columns and the 3 rows and 2 columns of the key file list. The file is repeated in key file order of 4 rows and 2 columns. That is, if step S515 first arrives, the next subkey file corresponds to the key file in the second row and second column of the key file list, and if the comparison step of Step S516, which is the next step, is not the same, the step S515 is repeatedly performed. The key file corresponds to a key file of three rows and two columns in the key file list.

8 is a flowchart illustrating a secure cloud upload procedure according to a preferred embodiment of the present invention. In the secure cloud upload procedure, a user 20 executes a web (or dedicated) program on the computer 21 and logs in to his or her email account (S801), and selects and uploads a secure cloud service through the program. Selecting a file and another user to share (S802), by sending the e-mail account of the other user 20 to be shared by the program to the S / G (10) to the recently registered of the user 20 himself and the other user Requesting a certificate file (S803), the S / G (10) checks whether the user 20 and the other users to share and if the registration is registered validity of the recently registered certificate to the certification authority (deprecated or not) Step S804, the S / G 10 registers the user 20 and other users to share, and the result of the validity of the certificate and the validity of the certificate if the certificate is valid. On Sending step (S805), in the case of an unregistered or invalid certificate to inform the security cloud processing can not be notified or notified if the transmission start (S806), if valid, generates an encryption key and encrypts the selected file with the generated encryption key and An encryption key encrypted with the recently registered certificate file (public key) of the user 20 after encrypting the encryption key with the recently registered certificate files (public key) of the transmitted user and another user to share, Encryption keys encrypted with recently registered certificate files (public key) of other users to share, recently registered certificate files of other users (public key) of other users to share Generate header information consisting of a key ID, email accounts of other users to share with the user 20, and generate a security file including the encrypted file in the generated header information Is performed in step (S807), step (S808) to upload the generated security file to the service entity (30).

FIG. 14 is a diagram illustrating a specific example of generating a security file of FIG. 8 (S807). Referring to FIG. 14, it is assumed that user 20 is A, and that other users to be shared are B and C. The encryption key is encrypted with A's certificate file to generate A's encrypted encryption key (A10), and A's certificate file key ID (A20) and A's e-mail account (A30) make A's header information. Similarly, the encryption key is encrypted with B's certificate file to generate B's encrypted encryption key (B10), and B's certificate file key ID (B20) and B's e-mail account (B30) make B's header information. Similarly, the encryption key is encrypted with C's certificate file to generate C's encrypted encryption key (C10), and C's certificate file key ID (C20) and C's email account (C30) make C's header information. The file selected by the encryption key is encrypted to generate an encrypted file D10, the header information A10, A20, A30 of A, the header information B10, B20, B30 of B, and the header information C10, C20 of C. C30), the encrypted file (D10) is combined to create a security file.

9 is a flowchart illustrating a security cloud viewing procedure of a preferred embodiment of the present invention. In the security cloud viewing procedure, the user 20 executes a web (or dedicated) program on the computer 21 and logs in to his or her email account (S901), selecting a security file uploaded through the program. (S902), selecting the own certificate through the program (S903), the program in the key ID of the header information corresponding to the e-mail account of the user 20 of the header information included in the security file and the selected certificate Comparing the included key ID (S904), if a match, the user 20 inputs the password of the selected certificate through the program (S905), by decrypting the key file of the selected certificate with the input password Extracting a private key (S906), extracting an encryption key by decrypting an encrypted encryption key included in the security file with the extracted private key (S907), and extracting the encrypted password Decrypting the encrypted file (S908), if the program does not match, the key ID of the header information corresponding to the e-mail account of the user 20 of the header information included in the selected security file and the program Requesting a key file list by transmitting the key ID of the selected certificate to the S / G (10) (S909), the key transmitted from the certificate list of the user 20 stored in the DB (12) S / G (10) Step (S910) of generating a key file list corresponding to the ID, the step of the S / G 10 transmits the generated result and the key file list generated upon success (S911), whether or not to generate a key file list Step (S912), if not generated, repeats the certificate selection step (S903) and if the user enters the password of the selected certificate (S913), and if it corresponds (S913), the key of the selected certificate as the input password Decrypt the file Extracting a private key (S914), extracting a private key by decrypting the next lower key file in the key file list transmitted to the extracted private key (S915), the key ID of the extracted private key to the selected security mail Determining whether the header ID is the same as the key ID of the header information corresponding to the e-mail account of the user 20 among the included header information (S916), and if the same is not the same (S915), repeats the selected security with the extracted private key. Decrypting the encrypted encryption key included in the file to extract the encryption key (S917), and decrypting the encrypted file included in the selected security file with the extracted encryption key (S918).

10 is a flowchart illustrating a security e-mail bill transmission procedure of a preferred embodiment of the present invention. In the secure electronic bill invoice transmission procedure, the electronic notification organization 40 sends the user's 20 e-mail account to the S / G 10 to request a recently registered certificate file of the user 20 (S1001). (S1002), S / G (10) checks whether the user 20 is registered and inquires the validity of the recently registered certificate to the certification authority (S1002), S / G ( 10) if the registration result and the validity of the certificate and the certificate is valid, transmitting the recently registered certificate file to the electronic notification authority 40 (S1003), in the case of an unregistered or invalid certificate, secure electronic notification After notifying of processing or generating a bill if it is valid (S1004), generating an encryption key, encrypting the bill to be transmitted with the generated encryption key and encrypting the encryption key with the recently registered certificate file (public key) transmitted Encrypted encryption key, In step S1005, a security bill is generated, including the encrypted bill, the key ID of the recently registered certificate file, and the generated security bill is transmitted to the service principal 30 (S1006).

11 is a flowchart illustrating a security e-mail bill viewing procedure of a preferred embodiment of the present invention. In the secure e-mail bill viewing procedure, the user 20 executes a web (or dedicated) program on the computer 21 and logs in to his or her e-mail account (S1101), and selects the security bill received through the program. In step S1102, selecting the own certificate through the program (S1103), comparing the key ID included in the security bill with the key ID included in the selected certificate (S1104) If the user 20 inputs the password of the selected certificate through the program (S1105), decrypting the key file of the selected certificate with the input password to extract the private key (S1106), with the extracted private key Extracting the encryption key by decrypting the encrypted encryption key included in the security bill (S1107), decrypting the invoice encrypted with the extracted encryption key (S1108), and If it does not match in the comparison process (S1104), the program transmits the key ID included in the selected security bill and the key ID of the selected certificate to the S / G (10) to request a key file list (S1109), In step S1110, the S / G 10 generates a key file list corresponding to the transmitted key ID from the certificate list of the stored user 20. Step S1111, determining whether to generate a key file list (S1112), if not generated, repeats the certificate selection step (S1103) and, if corresponding, sends the password of the selected certificate to the user (20). ) (S1113), decrypting the key file of the selected certificate with the input password to extract the private key (S1114), and decrypts the next lower key file from the list of key files transmitted with the extracted private key Private key Extracting (S1115), determining whether the key ID of the extracted private key is the same as the key ID of the selected security bill (S1116), and if not the same (S1115) is repeated, if the same with the extracted private key And extracting the encryption key by decrypting the encrypted encryption key included in the selected security bill (S1117), and decrypting the encrypted bill included in the selected security bill with the extracted encryption key (S1118).

12 is a flowchart illustrating a security message transmission and reception procedure of a preferred embodiment of the present invention. For reference, in the security message transmission and reception procedure, the user 20 becomes a sender for sending a security message. In the secure message transmission and reception procedure, the user 20 executes a dedicated program in the computer 21 and logs in to his or her email account (S1201), and selects the secure message service through the program and selects the recipient 50. In step S1202, the program transmits an email account or a mobile phone number of the receiver 50 to the S / G 10 and requests a recently registered certificate file of the receiver 50 (S1203). When the G 10 checks whether or not the recipient 50 is registered and inquiries are registered, inquiring the validity of the recently registered certificate of the recipient (whether it is discarded) from the certification authority (S1204), S / G 10 When the result of the registration of the recipient 50 and the validity of the certificate and the certificate is valid, transmitting the recently registered certificate file to the program (S1205). In the case of an unregistered or invalid certificate, security message processing is impossibleStep (S1206), the program requesting the service principal (30) to call the receiver 50 (S1207), and the service principal (30) calls the receiver (50). Step S1208, in response to the call, the exclusive program of the receiver 50 is activated (S1209), the receiver 50 selects whether to receive the reception (S1210). The dedicated program of the receiver 50 transmits an email account or a mobile phone number of the user 20 to the S / G 10 to request a certificate file of the user 20 (S1211), and the S / G 10 Checking whether or not the user 20 is registered and inquiring the validity of the certificate (if discarded) to the certification authority, if the registration (S1212), the S / G (10) is registered or the certificate validity of the user 20 If the result for the certificate and the certificate is valid, In step S1213, in the case of an unregistered or invalid certificate, a step of notifying the security message processing or notifying the start of a service if valid (S1214), and if valid, the user 20 and the receiver 50 each have their own certificate. In step S1215, a dedicated program of the user 20 and the receiver 50 generates an SSL or TLS encrypted communication channel, encrypts and transmits a message to each other, and decrypts the received message (S1216). do.

13 is a flowchart illustrating a secure voice call transmission and reception procedure according to a preferred embodiment of the present invention. For reference, in the secure voice call transmission / reception procedure, the user 20 becomes a caller who makes a call. In the secure voice call transmission / reception procedure, the user 20 executes a dedicated program in the computer 21 and logs in to his or her email account (S1301), and selects the secure voice call service through the program and the receiver 50. Selecting a step (S1302), the program transmits the email account or mobile phone number of the recipient 50 to the S / G (10) to request a recently registered certificate file of the recipient 50 (S1303), S / G 10 checks whether or not the recipient 50 is registered, and if registered, inquires the certification authority of the validity (discarded status) of the recently registered certificate of the receiver 50 (S1304), S / G 10 transmits the recently registered certificate file of the recipient 50 to the program if the result of the registration of the recipient 50 and the certificate validity and the certificate is valid (S1305), unregistered or valid For uncertified certificates Informing (S1306) of inadmissible call processing or informing of service start if valid, in step S1307, if the program requests the service principal 30 to call the receiver 50, the service principal 30 receives the receiver. Calling (50) (S1308), activating a dedicated program of the receiver 50 in response to the call (S1309), selecting, by the receiver 50 (S1310), or rejecting the procedure. When the termination and the reception proceeds, the dedicated program of the receiver 50 sends the user's 20 e-mail account or mobile phone number to the S / G 10 to request a recently registered certificate file of the user 20 ( S1311), the S / G 10 confirms whether or not the user 20 is registered and inquires the validity (revocation) of a certificate recently registered to the certification authority (S1312), S / G ( 10) prints the result of the registration of the user 20 and the validity of the certificate. If the certificate is valid, transmitting the user's recently registered certificate file to the program (S1313), in the case of an unregistered or invalid certificate, notifying the processing of the secure voice call or notifying the start of the service (S1314), valid If the user 20 and the receiver 50 input their own certificate password (S1315), the dedicated program of the user 20 generates an encryption key used for voice information encryption and the encryption key S / G When the receiver 50 encrypts the recently registered certificate file (public key) of the recipient 50 and transmits it to the recipient 50, the dedicated program of the recipient 50 is recently transferred to the recipient 50. The encryption key encrypted with the registered certificate file (public key) is decrypted with the private key corresponding to the recently registered certificate file (public key) of the receiver 50 to be used for encrypting the voice information. It extracts the encryption key, the encryption key the user 20 and the receiver 50 is used for the audio information is encrypted shared. Dedicated programs of the user 20 and the receiver 50 create an SSL or TLS encrypted communication channel using the shared encryption key, encrypt and transmit voice information to each other, and decode the received voice information (S1316). Is performed.

An electronic certificate-based security service providing method according to an embodiment of the present invention includes a service server connected to a network to provide an online service, and a security server connected to a network and storing a certificate file and a user identification information including a public key. And a first terminal for accessing a network by a user or a shared user and a first security means driven by the first terminal, the method comprising: (A) a first terminal by a user to the first terminal; Driving the security means, designating the data to be shared with the user to be shared, and inputting a transmission command; (B) the first security means transmitting the identification information of the shared user to the security server and requesting a certificate file of the shared user; (C) the security server extracting the requested certificate file and checking the validity, and if it is valid, transmitting the extracted certificate file to the first terminal; (D) When the first terminal receives the certificate file, the first security means generates a first encryption key to encrypt the data to be shared, and then encrypts the first encryption key with the received certificate file to generate a second encryption key. Generating an encryption key and generating secure shared data including a key ID of the received certificate file, encrypted shared data and a second encryption key, wherein the secure shared data is stored in the service server; It may be shared with a sharing user.

At this time, when the shared user requests to view the secure shared data using the first terminal and selects his own certificate, (E) the first security means includes the key ID included in the secure shared data and the Comparing the key IDs of the certificates selected by the shared user to determine whether they match, and requesting the shared user to input a password if they match; (F) extracting a private key by decrypting a key file of a certificate by a password inputted by a shared user by the first security means; (G) extracting a first encryption key by decrypting a second encryption key of secure shared data with the private key extracted in step (F); And (H) decrypting, by the first security means, the encrypted shared data included in the secure shared data with the first encryption key.

In addition, the system further comprises a second terminal for backing up the certificate of the certificate file stored in the security server, and a second security means for driving in the second terminal, after the certificate of the user or shared user is renewed or reissued If the first terminal is connected to the security server, before the step (A), if the first security means requests a certificate file from the security server, the security server requests registration of a new certificate file. Making; The first security means for requesting registration of a new certificate file comprises: transmitting a certificate file accessed from a first terminal to the security server, and storing the new certificate in the second terminal; Requesting the user to input a password of the backed up certificate stored in the second terminal by the second security means; If the password of the backup certificate stored in the second terminal is input by the user, the second security means decrypts the private key of the backed up certificate, encrypts the decrypted private key with the public key of the new certificate, and then enters the key. Generating a file and transmitting the generated key file to the security server; And receiving, by the security server, the key file and storing the key file as a certificate list together with the certificate file.

Also, if the key ID included in the secure shared data and the key ID of the certificate selected by the shared user in step (E) do not match, instead of steps (F) and (G), (E-1) Transmitting, by the first security means, a key ID included in the secure shared data and a key ID of a certificate selected by the user to the security server; (E-2) The security server determines whether a key file corresponding to the key ID transmitted in the step (E-1) exists in the certificate list of the shared user stored in the security server. Generating and transmitting to the first security means the key file list generation failure signal to the first security means if not present; (E-3) When the first security means receives the key file list generation failure signal, the first security means receives the certificate again and transmits the certificate to the security server to feed back to step (E-2), and the first security means sends the key. Receiving a file list, inputting a password of the selected certificate from a user; (E-4) extracting the private key by decrypting the key file of the selected certificate with the password inputted in step (E-3); (E-5) extracting the private key by decrypting the next lower key file in the key file list by the private key extracted in the step (E-4); And (E-6) when the first security means determines whether the key ID of the private key extracted in step (E-5) is the same as the key ID of the security shared data, and if it is not the same (E-5). And extracting the first encryption key by decrypting the second encryption key included in the secure shared data with the extracted private key if the same is the same. It may be to access the data to be shared.

In addition, in the step (B) it may be to further request the user's certificate file.

The present invention has been described above with reference to the accompanying drawings, but the present invention is not limited thereto, and various changes, modifications, and equivalents may be used. Therefore, the present invention can be applied by appropriately modifying the above embodiments, it will be natural that such applications also fall within the scope of the present invention based on the technical idea described in the claims.

As of the end of June 2011, the present invention has been issued a total of 25.2 million cases, because 98% of the economically active population is using the accredited certificate that can be applied to the industry immediately.

In particular, since existing portal operators as well as cloud operators can solve their "security issues" through the present invention, the industrial applicability of the present invention is very realistic.

In addition, the EBPP method proposed by the present invention will activate the market for hundreds of millions of e-bills annually, including national and local taxes, four major utilities, and Jiro utility bills.

10-Security Gateway (S / G)
11-Security Service Server 12-DB (Database)
20-(Security Service) User
21-Computer 22-Mobile Phone
30-(online) service principal
40-Electronic Notification Agency
50-recipient

Claims (17)

A user accessing a web site provided by a service principal through a computer to apply for a security service, registering a user's e-mail account, certificate file (public key), and mobile phone number with S / G during the security service application process; A security service application and certificate registration procedure comprising storing a certificate (private key, public key) with a user's mobile phone at the same time as registering the user information;
After the registration process, the user renews or reissues an existing certificate stored in the computer, the user executes a web (or dedicated) program on the computer to access a security service, and the program sends the certificate file to the S / G. Key), S / G checks the validity (revocation) of the requested certificate file, if it is not valid, S / G requests the user to register a new certificate file, and the user requests a new certificate file. Registering the S / G through the program, the user storing the new certificate stored in the computer through the program in the mobile phone, decrypting the key file of the existing certificate with the existing certificate password through the user mobile phone, and decrypting the decrypted key. Key file consisting of encrypting the file with the public key of the new certificate and registering the resulting key file with the S / G Registration;
Certificate-based security service key operating method, characterized in that comprises a. The method of claim 1, wherein after the user has registered
In the method of providing a certificate-based secure mail service,
The user running a web (or dedicated) program on the computer and logging in to his or her email account, creating a mail and selecting a secure mail service through the program, and receiving the recipient's email account as specified in the Requesting the recipient's certificate file by sending it to S / G, checking whether the recipient is registered with the recipient, and inquiring the validity of the certificate (if discarded) to the certification authority if the S / G is registered, Sending the certificate file to the program if the result of the registration of the recipient and the validity of the certificate is valid, and if the certificate is not valid or not, if the certificate is valid or not, the start of transmission. Generate the key, encrypt the e-mail contents with the generated encryption key, and send the certificate file (public Encrypting the encryption key with a key) and generating a secure mail including an encrypted encryption key, encrypted mail contents, and a key ID of the certificate file, and transmitting the generated secure mail to a recipient via a service subject. Secure mail transmission procedure performed with;
A user running a web (or dedicated) program on a computer and logging in to his or her email account, selecting a secure mail received through the program, selecting his or her certificate through the program, Comparing the key ID included in the secure mail with the key ID included in the selected certificate; if there is a match, inputting the password of the selected certificate by the user through the program; and using the input password, the key file of the selected certificate. Extracting the private key by decrypting the data; extracting the encryption key by decrypting the encrypted encryption key included in the secure mail with the extracted private key; decrypting the contents of the mail encrypted with the extracted encryption key; If it does not match, the program stores the key ID included in the selected secure mail and the Requesting a key file list by transmitting the key ID of the selected certificate to the S / G, generating a key file list corresponding to the key ID transmitted from the user's certificate list stored in the DB; The S / G transmits the generated key file list to the program upon success, determining whether to generate the key file list, repeating the step of selecting a certificate if not generated, and using the password of the selected certificate if it is generated. Inputting, extracting a private key by decrypting a key file of the selected certificate with the input password, ① extracting a private key by decrypting a subordinate key file from a list of key files transmitted by the extracted private key Determining whether the key ID of the extracted private key is the same as the key ID of the selected security mail, and if not, repeat the previous step ①. In the same case, the encryption is performed by decrypting the encrypted encryption key included in the selected security mail with the extracted private key, and decrypting the encrypted mail contents included in the selected security mail with the extracted encryption key. Mail viewing process;
Certificate-based secure mail service method comprising the The method of claim 1, wherein after the user has registered
In the method for providing a certificate-based security cloud service,
A user running a web (or dedicated) program on a computer and logging in with his or her email account, selecting a secure cloud service through the program, selecting a file to upload and another user to share, and sharing the program with the program. Sending other users 'email accounts to S / G and requesting their own and other users' certificate files, checking whether the S / G is registered with the user and other users to be shared, and registering the certificate with the certification authority if registered. Inquiring the validity (discontinued) of the certificate, whether or not the S / G is registered with the user and other users to be shared, and the result of the certificate validity, and if the certificate is valid, transferring the certificate files to the program, unregistered or invalid. In the case of a certificate, a step of notifying the security cloud processing or, if valid, informing transmission start, and valid In one case, an encryption key corresponding to the e-mail account of another user to be shared with the user after generating an encryption key, encrypting the selected file with the generated encryption key, encrypting the encryption key with each of the transmitted certificate files (public key). Generating a security file including an encrypted file in the generated information and repeatedly generating the header information consisting of the key ID of the certificate file and the e-mail account, and uploading the generated security file to the service principal. Secure cloud upload procedure performed by;
A user running a web (or dedicated) program on a computer and logging in to his or her email account, selecting a security file uploaded through the program, selecting his certificate through the program, Comparing the key ID of the header information corresponding to the user's e-mail account with the key ID included in the selected certificate among the header information included in the security file, and if the user enters a password of the selected certificate through the program, Step, extracting the private key by decrypting the key file of the selected certificate with the input password, extracting the encryption key by decrypting the encrypted encryption key included in the security file with the extracted private key, encryption with the extracted encryption key Decrypting the encrypted file, if it does not match during the comparison. Requesting a key file list by transmitting a key ID of header information corresponding to a user's e-mail account and a key ID of the selected certificate among the header information included in the selected security file to the S / G. Generating a key file list corresponding to the key ID transmitted from the certificate list of the user stored in the DB, transmitting the generated result and the generated key file list to the program by the S / G, generating the key file list Determining whether or not, repeating the certificate selection step if not generated, if the user inputs the password of the selected certificate, and extracting the private key by decrypting the key file of the selected certificate with the input password , ② the key to decrypt the file during the primary sub-list of transport the extracted key file private key steps to extract the private key extraction To perform the key ID of inki those included in the selected Secure Email step to equality judgments and key ID associated with your e-mail account, repeat if not the same prewar steps ② and if the same select the key extracted Personal Security files Extracting an encryption key by decrypting an encrypted encryption key included; decrypting an encrypted file included in the selected security file with the extracted encryption key;
Certificate-based security cloud service method characterized in that it comprises a The method of claim 1, wherein after the user has registered
In the method for providing a certificate-based secure electronic notification service,
Requesting the user's certificate file by sending the user's e-mail account to the S / G, and checking the validity of the certificate with the certification authority if the S / G is registered. Inquiry step, S / G, if the result of the user registration and certificate validity and the certificate is valid, and transmits the certificate file to the e-Notification authority, if the unregistered or invalid certificate, the security electronic notification processing is impossible Informing or generating a claim if valid, generating an encryption key, encrypting the invoice to be sent with the generated encryption key, encrypting the encryption key with the transmitted certificate file (public key), and then encrypting the encryption key, encrypted bill, the certificate Generating the security bill including the key ID of the file, and transmitting the generated security bill to the service principal. Electronic invoices sent no notice procedure;
A user running a web (or dedicated) program on a computer and logging in to his or her email account, selecting a security bill received through the program, selecting his certificate through the program, Comparing the key ID included in the security bill with the key ID included in the selected certificate; if there is a match, inputting the password of the selected certificate by the user through the program; and using the input password, the key file of the selected certificate. Extracting the private key by decrypting the data; decrypting the encrypted encryption key included in the security bill with the extracted private key; extracting the encryption key; decrypting the invoice encrypted with the extracted encryption key; matching in the comparison process If not, the program and the key ID contained in the selected security bill and Requesting a key file list by transmitting the key ID of the selected certificate to S / G, generating a key file list corresponding to the key ID transmitted from the certificate list of the user stored in the DB by S / G, and generating a result And if the S / G transmits the generated key file list to the program, determining whether the key file list is generated, and if not generated, repeating the certificate selection step and responding with the password of the selected certificate. Inputting, decrypting a key file of the selected certificate with the input password, extracting a private key , and ③ extracting a private key by decrypting a next lower key file from a list of key files transmitted with the extracted private key If, not the key ID of the extracted private key identical to the steps of determination are the same as the key ID of the selected security bill, repeatedly before last step ③ And extracting the encryption key by decrypting the encrypted encryption key included in the selected security mail with the extracted private key, and decrypting the encrypted bill included in the selected security bill with the extracted encryption key. Billing process;
Certificate-based security electronic notification service method characterized in that it comprises a The method of claim 1, wherein after the user has registered
In the method for providing a certificate-based security message service,
A user runs a dedicated program on a computer and logs in to his or her email account, selects a secure message service and selects a recipient through the program, and the program sends the recipient's email account or mobile phone number to the S / G. Requesting the recipient's certificate file, checking whether the recipient is registered, and inquiring the validity of the certificate (if discarded) to the certification authority, if the S / G is registered, and Transmitting the certificate file to the program if the result of the certificate validity and the certificate is valid, informing the user that the security message cannot be processed in the case of an unregistered or invalid certificate or starting the service if valid, and if the program is the service principal Requesting the call of the receiver to the receiver; Calling, activating, by the recipient's dedicated program in response to the call, selecting whether the recipient is to receive or not, and if rejecting, exiting the procedure and proceeding with the reception, the recipient's dedicated program sends the user's e-mail account or mobile phone number. Requesting a user's certificate file by sending it to S / G, checking whether the user is registered, and inquiring the validity of the certificate (if discarded) to the certification authority if S / G is registered, If the result of the user registration and certificate validity and the certificate is valid, sending the certificate file to the program.In the case of an unregistered or invalid certificate, notifying the processing of security messages, or notifying the start of the service if valid, The steps, user and number of users and recipients respectively entering their own certificate passwords. A secure message transmission / reception procedure performed by a dedicated program of a believer to create an SSL or TLS encrypted communication channel, encrypt and transmit a message to each other, and decrypt a received message;
Certificate-based security message service method comprising the The method of claim 1, wherein after the user has registered
In the method for providing a certificate-based secure voice call service,
A user runs a dedicated program on a computer and logs in to his or her email account, selects a secure message service and selects a recipient through the program, and the program sends the recipient's email account or mobile phone number to the S / G. Requesting the recipient's certificate file, checking whether the recipient is registered, and inquiring the validity of the certificate (if discarded) to the certification authority, if the S / G is registered, and Transmitting the certificate file to the program if the result of the certificate validity and the certificate is valid, informing the user that the security message cannot be processed in the case of an unregistered or invalid certificate or starting the service if valid, and if the program is the service principal Requesting the call of the receiver to the receiver; Calling, activating, by the recipient's dedicated program in response to the call, selecting whether the recipient is to receive or not, and if rejecting, exiting the procedure and proceeding with the reception, the recipient's dedicated program sends the user's e-mail account or mobile phone number. Requesting a user's certificate file by sending it to S / G, checking whether the user is registered, and inquiring the validity of the certificate (if discarded) to the certification authority if S / G is registered, If the result of the user registration and certificate validity and the certificate is valid, sending the certificate file to the program.In the case of an unregistered or invalid certificate, notifying the processing of security messages, or notifying the start of the service if valid, The steps, user and number of users and recipients respectively entering their own certificate passwords. A secure voice call transmission / reception procedure performed by a dedicated program of a believer to create an SSL or TLS encrypted communication channel, encrypt and transmit voice information to each other, and decrypt the received voice information;
Certificate-based secure voice call service method comprising the In the certificate-based security service system,
Users with computers and mobile phones;
An online service entity providing an email service to a user;
S / G for registering user registration information including e-mail account, certificate file (public key), mobile phone number and key file of revoked certificate;
Certificate-based security service key operating system, characterized in that consisting of. The method of claim 7, wherein the S / G
Certificate-based security, characterized by providing the recipient's certificate file to the user so that the user can create and send a secure mail to the recipient, and provide the user with a list of revoked certificate key files to view the received secure mail. Mail system. The method of claim 7, wherein the S / G
To provide users with certificate files of users and other users to share, and to provide users with a list of revoked certificate key files so that users can upload security files to the service server's cloud server. Certificate-based security cloud system, characterized in that. The method of claim 7, wherein the S / G
Providing a user's certificate file to the authority so that the electronic notification authority can generate and send the security bill to the user, and provide the user with a list of the key files of the revoked certificate so that the user can view the received security bill. Certificate-based secure electronic notification system. The method of claim 7, wherein the S / G
Certificate-based security message system, characterized in that the user provides the certificate file to the user and the recipient to send and receive security messages. The method of claim 7, wherein the S / G
Certificate-based secure voice call system, characterized in that the user provides the certificate file to the user and the recipient to send and receive secure voice information. A service server connected to the network to provide online services;
A security server connected to a network and storing a certificate file including a public key and user identification information, a first terminal for accessing a network by a user or a shared user, and a first security means driven by the first terminal; In using system to do
(A) a step in which the first security means is driven to a first terminal by a user, a data to be shared and a shared user are designated, and a transmission command is input;
(B) the first security means transmitting the identification information of the shared user to the security server and requesting a certificate file of the shared user;
(C) the security server extracting the requested certificate file and checking the validity, and if it is valid, transmitting the extracted certificate file to the first terminal; And
(D) When the first terminal receives the certificate file, the first security means generates a first encryption key to encrypt the data to be shared, and then encrypts the first encryption key with the received certificate file to generate a second encryption key. Generating an encryption key and generating secure shared data including a key ID of the received certificate file, encrypted shared object data, and a second encryption key;
Including;
The secured shared data is stored in the service server and shared with the shared user, the electronic certificate-based security service providing method. The method of claim 13,
When the shared user requests to view the secure shared data using the first terminal and selects his certificate,
(E) the first security means compares the key ID included in the secure shared data with the key ID of the certificate selected by the shared user, determines whether to match, and requests the shared user to enter a password if the match is successful; Making;
(F) extracting a private key by decrypting a key file of a certificate by a password inputted by a shared user by the first security means;
(G) extracting a first encryption key by decrypting a second encryption key of secure shared data with the private key extracted in step (F); And
(H) decrypting, by the first security means, the encrypted shared object data included in secure shared data with the first encryption key;
Including that the shared user to access the data to be shared
How to provide electronic certificate based security service.
15. The method of claim 14,
The system further includes a second terminal to which the certificate of the certificate file stored in the security server is backed up, and a second security means driven by the second terminal,
If the first terminal is connected to the security server after the user or shared user's certificate is renewed or reissued, before step (A),
Requesting registration of a new certificate file by the security server when the first security means requests a certificate file from the security server;
The first security means for requesting registration of a new certificate file comprises: transmitting a certificate file accessed from a first terminal to the security server, and storing the new certificate in the second terminal;
Requesting the user to input a password of the backed up certificate stored in the second terminal by the second security means;
If the password of the backup certificate stored in the second terminal is input by the user, the second security means decrypts the private key of the backed up certificate, encrypts the decrypted private key with the public key of the new certificate, and then enters the key. Generating a file and transmitting the generated key file to the security server; And
Receiving, by the security server, the key file and storing the key file together with a certificate file;
To include more
How to provide electronic certificate based security service.
16. The method of claim 15,
If the key ID included in the secure shared data in step (E) and the key ID of the certificate selected by the shared user do not match, instead of the steps (F) and (G),
(E-1) transmitting, by the first security means, a key ID included in the secure shared data and a key ID of a certificate selected by the user to the security server;
(E-2) The security server determines whether a key file corresponding to the key ID transmitted in the step (E-1) exists in the certificate list of the shared user stored in the security server. Generating and transmitting to the first security means the key file list generation failure signal to the first security means if not present;
(E-3) When the first security means receives the key file list generation failure signal, the first security means receives the certificate again and transmits the certificate to the security server to feed back to step (E-2), and the first security means sends the key. Receiving a file list, inputting a password of the selected certificate from a user;
(E-4) extracting the private key by decrypting the key file of the selected certificate with the password inputted in step (E-3);
(E-5) extracting the private key by decrypting the next lower key file in the key file list by the private key extracted in the step (E-4); And
(E-6) the first security means determines whether the key ID of the private key extracted in step (E-5) is the same as the key ID of the security shared data, and if it is not the same, step (E-5). Extracting a first encryption key by decrypting a second encryption key included in the secure shared data with the extracted private key;
After performing the step (H)
The sharing user accesses the data to be shared
How to provide electronic certificate based security service.
17. The method according to any one of claims 13 to 16,
In step (B), the user's certificate file is additionally requested.
How to provide electronic certificate based security service.
KR1020110084242A 2011-08-23 2011-08-23 Method for providing security service based on digital certificate and system for providing security service based on digital certificate KR20130021774A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110084242A KR20130021774A (en) 2011-08-23 2011-08-23 Method for providing security service based on digital certificate and system for providing security service based on digital certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110084242A KR20130021774A (en) 2011-08-23 2011-08-23 Method for providing security service based on digital certificate and system for providing security service based on digital certificate

Publications (1)

Publication Number Publication Date
KR20130021774A true KR20130021774A (en) 2013-03-06

Family

ID=48174568

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110084242A KR20130021774A (en) 2011-08-23 2011-08-23 Method for providing security service based on digital certificate and system for providing security service based on digital certificate

Country Status (1)

Country Link
KR (1) KR20130021774A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014174491A1 (en) * 2013-04-26 2014-10-30 Visa International Service Association Providing digital certificates
KR20160113264A (en) * 2014-03-27 2016-09-28 인텔 코포레이션 Method and apparatus for cloud-assisted cryptography
US9544768B2 (en) 2015-03-20 2017-01-10 Hyundai Motor Company Method and apparatus for performing secure Bluetooth communication
KR20180041840A (en) * 2016-10-17 2018-04-25 권오준 System and Method for Secure Communication, Guard System and Client Terminal Therefor
CN109067546A (en) * 2018-09-19 2018-12-21 杭州数梦工场科技有限公司 A kind of method, apparatus, equipment and computer storage medium managing safety certificate

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014174491A1 (en) * 2013-04-26 2014-10-30 Visa International Service Association Providing digital certificates
US9660814B2 (en) 2013-04-26 2017-05-23 Visa International Service Association Providing digital certificates
KR20160113264A (en) * 2014-03-27 2016-09-28 인텔 코포레이션 Method and apparatus for cloud-assisted cryptography
US9544768B2 (en) 2015-03-20 2017-01-10 Hyundai Motor Company Method and apparatus for performing secure Bluetooth communication
KR20180041840A (en) * 2016-10-17 2018-04-25 권오준 System and Method for Secure Communication, Guard System and Client Terminal Therefor
CN109067546A (en) * 2018-09-19 2018-12-21 杭州数梦工场科技有限公司 A kind of method, apparatus, equipment and computer storage medium managing safety certificate

Similar Documents

Publication Publication Date Title
US10594498B2 (en) Method and service-providing server for secure transmission of user-authenticating information
CN111431713B (en) Private key storage method and device and related equipment
CN103020825B (en) A kind of secure payment authentication method based on software client
CN110188550B (en) Block chain data verification method and device
CN110417750A (en) File based on block chain technology is read and method, terminal device and the storage medium of storage
KR20160024185A (en) Management system and method of crytocurrency using secure element
CN113067699B (en) Data sharing method and device based on quantum key and computer equipment
WO2019001061A1 (en) Payment verification method and system, and mobile device and security authentication device
US11956248B2 (en) System and method for message recipient verification
CN102625294A (en) Method for managing mobile service by taking universal serial bus (USB) as virtual subscriber identity module (SIM) card
WO2012072022A1 (en) Remote payment method
KR20130021774A (en) Method for providing security service based on digital certificate and system for providing security service based on digital certificate
CN109510820A (en) A kind of block chain cryptographic methods that decentralization can customize
CN103916834A (en) Short message encryption method and system allowing user to have exclusive secret key
KR102191111B1 (en) System and method of providing anonymity message service using block chain
JP2019050535A (en) Information processing apparatus, program, and information processing method
CN104143142A (en) Payment system with mobile payment unit and security payment method
JP5485452B1 (en) Key management system, key management method, user terminal, key generation management device, and program
CN104484801A (en) Net bar safety payment method
CN103929722A (en) Short message encryption method and system
KR20190099984A (en) System for managing private key
KR102211033B1 (en) Agency service system for accredited certification procedures
CN111539032B (en) Electronic signature application system resistant to quantum computing disruption and implementation method thereof
Mallick et al. Security aspects of social media applications
CN109361680A (en) End-to-end data encryption system

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination