KR20170087663A - Apparatus for performing on behalf an electronic signature for client terminal and operating method thereof - Google Patents
Apparatus for performing on behalf an electronic signature for client terminal and operating method thereof Download PDFInfo
- Publication number
- KR20170087663A KR20170087663A KR1020160007506A KR20160007506A KR20170087663A KR 20170087663 A KR20170087663 A KR 20170087663A KR 1020160007506 A KR1020160007506 A KR 1020160007506A KR 20160007506 A KR20160007506 A KR 20160007506A KR 20170087663 A KR20170087663 A KR 20170087663A
- Authority
- KR
- South Korea
- Prior art keywords
- key
- private key
- digital signature
- client terminal
- encrypted
- Prior art date
Links
- 238000011017 operating method Methods 0.000 title 1
- 238000000034 method Methods 0.000 claims abstract description 56
- 239000012634 fragment Substances 0.000 claims abstract description 53
- 238000006467 substitution reaction Methods 0.000 claims abstract description 26
- 230000004044 response Effects 0.000 claims description 11
- 239000003795 chemical substances by application Substances 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000011084 recovery Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 2
- 238000000638 solvent extraction Methods 0.000 claims description 2
- 238000012546 transfer Methods 0.000 description 9
- 239000000284 extract Substances 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000014509 gene expression Effects 0.000 description 2
- 125000002066 L-histidyl group Chemical group [H]N1C([H])=NC(C([H])([H])[C@](C(=O)[*])([H])N([H])[H])=C1[H] 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3827—Use of message hashing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Economics (AREA)
- Tourism & Hospitality (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- Primary Health Care (AREA)
- Development Economics (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
An electronic signature proxy device for a client terminal and an operation method thereof are disclosed. An apparatus and method for performing an electronic signature for a client terminal in accordance with the present invention includes the steps of issuing a private key and a public key for an electronic signature to transmit the public key to a content providing server, Dividing the private key into a plurality of key stores, distributing the private key to the plurality of key stores, and, when receiving an electronic signature substitution request from the client terminal, combining the plurality of private key fragments distributed and stored in the plurality of key stores, Generating a digital signature value based on the private key, and transmitting the digital signature value to the content providing server instead of the client terminal, so that the private key is not stored in the client terminal, A predetermined program for generating an electronic signature value on a browser is installed in a plug-in form The user can easily perform digital signature by simply connecting to the digital signature proxy device for the client terminal by using various client terminals at any time and anywhere, .
Description
Embodiments of the present invention are directed to a technique for performing digital signature in response to an electronic signature request of a content providing server accessed through a network.
Recently, with the widespread use of the Internet and the like, the use of electronic payment or online-based banking services is increasing rapidly.
Generally, an electronic payment or an online-based banking service provides a content providing electronic payment or an online-based banking service when a user wants to use an electronic payment or an online-based banking service after issuing a predetermined certificate to a user terminal (Contents Provider) server receives the digital signature value from the terminal through the certificate installed in the terminal and performs the user authentication.
The user authentication method uses a PKI (Public Key Infrastructure) based encryption / decryption technology. More specifically, when a user accesses a content providing server through his / her client terminal and wants to use an electronic payment or an online banking service , The content providing server requests the client terminal to transmit the digital signature value.
At this time, the client terminal receives the digital signature subject data from the contents providing server in response to the transmission request of the digital signature value, encrypts the digital signature subject data with the private key stored in the memory, .
At this time, the hash value generated by applying the original text data such as the electronic payment information, the account information, and the like to the hash function as input is mainly used as the digital signature subject data.
Then, the client terminal transmits the digital signature subject data and the digital signature value to the contents providing server, and at this time, when the digital signature subject data and the digital signature value are received, Decrypting the digital signature value with a public key corresponding to the private key stored in the server, and if it is determined that the decryption result value and the digital signature subject data coincide with each other, an electronic signature is performed by a true user .
Such a user authentication method is widely used in companies providing electronic payment service or online banking service because it can enhance security.
However, such a user authentication method has recently been proposed in that a predetermined program for generating an electronic signature value on a web browser must be mounted in a plug-in form in order for a client terminal to generate an electronic signature value It is difficult to utilize it in a web browser which can not install the plug-in being introduced.
Especially, in a web browser based on HTML (Hyper Text Markup Language) 5, which is recently introduced, it is not possible to install a program in a form of a plug-in in the web browser itself. Therefore, a company providing electronic payment service or online banking service It is difficult to introduce such a PKI-based user authentication system.
In addition, in the conventional PKI-based user authentication system, the private key must be stored on the client terminal. Therefore, it is difficult for the user to proceed with the digital signature using various client terminals. In addition, It has been inconvenient to carry a portable storage device in which a private key is always stored in order to carry out a signature.
Accordingly, it is possible to perform PKI-based user authentication without installing a predetermined program in a plug-in form in the web browser, and at the same time, to support a user to proceed with electronic signature anywhere regardless of the client terminal Research is needed.
An apparatus and method for performing an electronic signature for a client terminal in accordance with the present invention includes the steps of issuing a private key and a public key for an electronic signature to transmit the public key to a content providing server, Dividing the private key into a plurality of key stores, distributing the private key to the plurality of key stores, and, when receiving an electronic signature substitution request from the client terminal, combining the plurality of private key fragments distributed and stored in the plurality of key stores, Generating a digital signature value based on the private key, and transmitting the digital signature value to the content providing server instead of the client terminal, so that the private key is not stored in the client terminal, A predetermined program for generating an electronic signature value on a browser is installed in a plug-in form Jaedoel so you do not have to, and want to help users simply connect the digital signature proxy device performs for the client terminal to take advantage of a variety of client terminals anywhere, anytime, you can easily perform an electronic signature.
An apparatus for performing an electronic signature for a client terminal according to an embodiment of the present invention includes a plurality of private key pieces, wherein the plurality of private key pieces are divided into a plurality of data pieces, A content providing server storing a plurality of key stores and a public key corresponding to the private key requests a digital signature to the client terminal, and an electronic signature agency request based on the private key is received from the client terminal A data receiving unit for receiving digital signature subject data from the contents providing server, extracting the plurality of private key pieces from the plurality of key stores in response to the digital signature substitution request, and combining the plurality of private key pieces A private key restoring unit for restoring the private key, An electronic signature value generation unit for encrypting the self signature subject data to generate an electronic signature value, and an electronic signature transmission unit for transmitting the digital signature subject data and the digital signature value to the contents providing server.
According to another aspect of the present invention, there is provided a method of operating an apparatus for performing an electronic signature for a client terminal, the method comprising: generating a plurality of private key fragments, each of the plurality of private key fragments having a private key divided into a plurality of data fragments, The method comprising the steps of: maintaining a plurality of key stores that are distributed and stored; receiving, from the client terminal, the private key as a basis for requesting a digital signature to a client terminal, the content providing server storing a public key corresponding to the private key; Receiving, from the content providing server, digital signature subject data when the electronic signature subscription request is received, extracting the plurality of private key pieces from the plurality of key stores in response to the digital signature substitution request, Restoring the private key by combining the private key fragments of the private key, On the basis of a step, and transmitting the digital signature target data and the digital signature value to the content providing server that generates an electronic signature value by encrypting the digital signature object data.
An apparatus and method for performing an electronic signature for a client terminal in accordance with the present invention includes the steps of issuing a private key and a public key for an electronic signature to transmit the public key to a content providing server, Dividing the private key into a plurality of key stores, distributing the private key to the plurality of key stores, and, when receiving an electronic signature substitution request from the client terminal, combining the plurality of private key fragments distributed and stored in the plurality of key stores, Generating a digital signature value based on the private key, and transmitting the digital signature value to the content providing server instead of the client terminal, so that the private key is not stored in the client terminal, A predetermined program for generating an electronic signature value on a browser is installed in a plug-in form The user can easily perform digital signature by simply connecting to the digital signature proxy device for the client terminal by using various client terminals at any time and anywhere, .
1 is a system conceptual diagram schematically illustrating an entire system for explaining an electronic signature proxy device for a client terminal according to an embodiment of the present invention.
2 is a block diagram illustrating an apparatus for performing an electronic signature proxy for a client terminal according to an exemplary embodiment of the present invention.
3 is a flowchart illustrating an operation method of an electronic signature proxy device for a client terminal according to an exemplary embodiment of the present invention.
While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. Like reference numerals are used for like elements in describing each drawing.
It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between.
The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprises" or "having" and the like are used to specify that there is a feature, a number, a step, an operation, an element, a component or a combination thereof described in the specification, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.
Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the contextual meaning of the related art and are to be interpreted as either ideal or overly formal in the sense of the present application Do not.
Hereinafter, embodiments according to the present invention will be described in detail with reference to the accompanying drawings.
1 is a system conceptual diagram schematically illustrating an entire system for explaining an electronic signature proxy device for a client terminal according to an embodiment of the present invention.
Referring to FIG. 1, an electronic
Here, the
Hereinafter, with reference to FIG. 1, it is assumed that the
When the
First, in order for the
In this regard, when the first use registration request for performing digital signature substitution is received from the
At this time, the
At this time, when the password is received from the
Then, the
At this time, the digital signature
Here, as a method of dividing the random key into the plurality of random key fragments, a method of simply dividing data constituting the random key into specific data size units may be used, and the random key may be divided into a plurality of partial recoverable A method of dividing into locally repairable codes can be used, and various data dividing methods can be used.
Thereafter, the digital signature
Here, as a method of dividing the encrypted private key into the plurality of private key fragments, a method of simply dividing data constituting the encrypted private key into specific data size units may be used, and the encrypted private key A method of dividing a plurality of partial recoverable codes into a plurality of partial recoverable codes can be used.
Then, the digital signature
After the first use registration for digital signature is completed, the user of the
Here, the digital signature object data includes a hash value generated by applying transfer information such as account information, transfer amount, sender information, recipient information, etc. of the user of the
That is, the
At this time, the
At this time, when the password is received from the
Then, the digital signature
If it is determined that the encryption value and the secret key match with each other, the digital signature
In addition, the digital signature
When the generation of the authentication key for decrypting the encrypted private key is completed, the digital signature
Then, the digital signature
When the generation of the digital signature value is completed, the digital signature
At this time, when the electronic signature subject data and the digital signature value are received from the
As a result, the digital signature
2 is a block diagram illustrating an apparatus for performing an electronic signature proxy for a client terminal according to an exemplary embodiment of the present invention.
Referring to FIG. 2, an electronic signature
A plurality of private key pieces are distributedly stored in the plurality of
Here, the plurality of private key pieces mean that the private key is divided into a plurality of data pieces.
The
The private
The digital
The digital
In this case, according to an embodiment of the present invention, when the digital signature subject data and the digital signature value are received, the
Also, according to an embodiment of the present invention, the plurality of private key pieces may be one in which the encrypted private key generated by encrypting the private key is divided into a plurality of data pieces. At this time, when the digital signature subscription request based on the private key is received from the
According to an embodiment of the present invention, an electronic signature
The
When the password is received from the
The authentication
The private
The
In this case, according to an embodiment of the present invention, the digital signature
The random
According to an embodiment of the present invention, an electronic signature
When the password for decrypting the encrypted private key together with the digital signature substitution request is received from the
The
The random
The decryption authentication
In this case, according to an embodiment of the present invention, when the generation of the authentication key for decrypting the encrypted private key is completed, the private
Then, the digital
2, the digital
3 is a flowchart illustrating an operation method of an electronic signature proxy device for a client terminal according to an exemplary embodiment of the present invention.
In step S310, a plurality of key stores in which a plurality of pieces of private key are distributed are stored.
Here, the plurality of private key pieces mean that the private key is divided into a plurality of data pieces.
In step S320, when a content providing server storing a public key corresponding to the private key requests a digital signature to the client terminal, an electronic signature subscription request based on the private key is received from the client terminal , And receives digital signature subject data from the contents providing server.
In step S330, the plurality of private key fragments are extracted from the plurality of key stores in response to the digital signature substitution request, and the private key is recovered by combining the plurality of private key fragments.
In step S340, the digital signature subject data is encrypted based on the restored private key to generate an electronic signature value.
In step S350, the digital signature subject data and the digital signature value are transmitted to the contents providing server.
According to an embodiment of the present invention, when the digital signature subject data and the digital signature value are received, the content providing server decrypts the digital signature value based on the public key, and then transmits the decrypted digital signature value And the received digital signature data match with each other, authentication of the client terminal can be completed.
Also, according to an embodiment of the present invention, the plurality of private key pieces may be one in which the encrypted private key generated by encrypting the private key is divided into a plurality of data pieces. In this case, in step S320, when the electronic signature subscription request based on the private key is received from the client terminal, the digital signature subject data is received from the contents providing server and the encrypted private key In step S330, the plurality of private key fragments are extracted from the plurality of key stores in response to the digital signature substitution request, and the plurality of private key fragments are combined to extract the plurality of private key fragments In step S340, the encrypted private key is decrypted on the basis of the secret number, and the digital signature subject data is encrypted based on the decrypted private key, Can be generated.
According to an embodiment of the present invention, there is provided a method for operating an electronic signature proxy agent for a client terminal, the method comprising: when receiving an initial use registration request for performing an electronic signature proxy from the client terminal, The method comprising: generating the public key corresponding to the public key and requesting the client terminal for the password to be used for encrypting the private key, receiving the password from the client terminal, Storing the secret key in a secret key storage unit, generating a random key composed of random data, encrypting the random key with the random key to encrypt the private key, Generating an authentication key for encrypting the private key based on the authentication key, Creating the encrypted private key, partitioning the encrypted private key into the plurality of private key fragments, and distributing the plurality of private key fragments to the plurality of key stores, To the content providing server.
According to an embodiment of the present invention, an operation method of an apparatus for performing digital signature for a client terminal includes dividing the random key into a plurality of data pieces to generate a plurality of random key pieces, And distributing key pieces to the plurality of key stores.
In this case, according to an embodiment of the present invention, an operation method of an electronic signature proxy execution device for the client terminal includes: when the password for decrypting the encrypted private key together with the digital signature proxy request is received from the client terminal Generating an encrypted value by performing encryption based on the selected encryption key with respect to the password received from the client terminal, extracting the secret key from the secret key storage unit, The method comprising: completing use authentication for the client terminal when the encrypted value matches the secret key; and when the use authentication for the client terminal is completed, extracting the plurality of random key pieces from the plurality of key stores And then combines the plurality of random key pieces Generating the authentication key to perform the encrypting the recovered random key decrypting the encrypted private key for the step and the encryption value to restore the random key may be further included.
According to an embodiment of the present invention, in step S330, when the generation of the authentication key for decrypting the encrypted private key is completed, After extracting the plurality of private key fragments, the encrypted private key may be recovered by combining the plurality of private key fragments. In step S340, the encrypted private key is decrypted using the authentication key, And encrypts the digital signature subject data based on the generated private key to generate the digital signature value.
The operation of the digital signature proxy device for the client terminal according to the embodiment of the present invention has been described above with reference to FIG. Herein, an operation method of the digital signature proxy execution device for a client terminal according to an embodiment of the present invention will be described with reference to FIGS. 1 and 2 for the operation of the digital signature
The method for operating the digital signature proxy device for a client terminal according to an exemplary embodiment of the present invention may be implemented by a computer program stored in a storage medium for execution through a combination with a computer.
In addition, the method of operating the digital signature proxy device for a client terminal according to an exemplary embodiment of the present invention may be implemented in the form of a program command that can be executed through various computer means and recorded in a computer readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and configured for the present invention or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.
As described above, the present invention has been described with reference to particular embodiments, such as specific elements, and specific embodiments and drawings. However, it should be understood that the present invention is not limited to the above- And various modifications and changes may be made thereto by those skilled in the art to which the present invention pertains.
Accordingly, the spirit of the present invention should not be construed as being limited to the embodiments described, and all of the equivalents or equivalents of the claims, as well as the following claims, belong to the scope of the present invention .
110: Digital signature agent for client terminal
120: client terminal 130: content providing server
210: Digital signature agent for client terminal
201, 202, 203, 204: a plurality of key stores
211: Data receiving unit 212: Private key restoring unit
213: digital signature value generator 214: digital signature transmitter
215: use registration processor 216: secret key generator
217: Authentication key generation unit 218: Private key distribution unit
219: Key processing unit 220: Random key storage unit
221: Password encryption unit 222:
223 random
230: client terminal
240: Content providing server
Claims (16)
When a content providing server storing a public key corresponding to the private key requests an electronic signature to the client terminal, when an electronic signature subscription request based on the private key is received from the client terminal, A data receiving unit for receiving digital signature subject data from the digital signature subject data;
A private key recovery unit for extracting the plurality of private key fragments from the plurality of key stores corresponding to the digital signature substitution request, and restoring the private key by combining the plurality of private key fragments;
An electronic signature value generation unit for generating an electronic signature value by encrypting the digital signature subject data based on the restored private key; And
An electronic signature transmission unit for transmitting the digital signature subject data and the digital signature value to the contents providing server,
And an electronic signature agent for the client terminal.
The content providing server
When the digital signature data and the digital signature value are received, decrypting the digital signature value based on the public key, and if it is determined that the decrypted digital signature value and the received digital signature subject data coincide with each other, And completing the authentication for the client terminal.
The plurality of private key pieces
The encrypted private key generated by encrypting the private key is divided into a plurality of data pieces,
The data receiving unit
When receiving the electronic signature subscription request based on the private key from the client terminal, receiving the digital signature subject data from the contents providing server and receiving a password for decrypting the encrypted private key from the client terminal In addition,
The private key restoring unit
Extracting the plurality of private key fragments from the plurality of key stores corresponding to the digital signature substitution request, combining the plurality of private key fragments to recover the encrypted private key,
The digital signature value generation unit
And decrypting the encrypted private key based on the password and encrypting the digital signature subject data based on the decrypted private key to generate the digital signature value.
The method comprising: generating a public key corresponding to the private key and the private key when the first use registration request for performing an electronic signature substitution is received from the client terminal, A use registration processing unit for requesting a password;
A secret key generation unit for generating a secret key by encrypting the secret key based on a predetermined encryption key and storing the secret key in a secret key storage unit when the password is received from the client terminal;
An authentication key generation unit for generating a random key composed of random data and generating an authentication key for encrypting the private key by performing encryption using the random key for the secret key;
A private key division unit for encrypting the private key based on the authentication key to generate the encrypted private key, and dividing the encrypted private key into the plurality of private key fragments; And
A key processing unit for distributively storing the plurality of private key pieces in the plurality of key stores, and transmitting the public key to the contents providing server,
Further comprising: means for generating a digital signature for the client terminal;
A random key storage unit for dividing the random key into a plurality of data pieces to generate a plurality of random key pieces and distributing the plurality of random key pieces to the plurality of key stores,
Further comprising: means for generating a digital signature for the client terminal;
When receiving the password for decrypting the encrypted private key together with the digital signature substitution request from the client terminal, encrypting the password received from the client terminal based on the selected encryption key, A password encryption unit for generating a password;
A usage authentication unit for extracting the secret key from the secret key storage unit and comparing the encrypted value with the secret key to complete use authentication for the client terminal when the encrypted value matches the secret key;
A random key restoring unit for extracting the plurality of random key fragments from the plurality of key stores and restoring the random key by combining the plurality of random key fragments when the use authentication for the client terminal is completed; And
A decryption authentication key generation unit for generating the authentication key for decrypting the encrypted private key by performing encryption using the recovered random key for the encrypted value,
Further comprising: means for generating a digital signature for the client terminal;
The private key restoring unit
Extracting the plurality of private key fragments from the plurality of key stores in response to the digital signature substitution request when the generation of the authentication key for decrypting the encrypted private key is completed, To recover the encrypted private key,
The digital signature value generation unit
And decrypting the encrypted private key using the authentication key, and encrypting the digital signature subject data based on the decrypted private key to generate the digital signature value.
When a content providing server storing a public key corresponding to the private key requests an electronic signature to the client terminal, when an electronic signature subscription request based on the private key is received from the client terminal, Receiving digital signature subject data from the digital signature subject data;
Extracting the plurality of private key fragments from the plurality of key stores corresponding to the digital signature substitution request, and restoring the private key by combining the plurality of private key fragments;
Encrypting the digital signature subject data based on the restored private key to generate an electronic signature value; And
Transmitting the digital signature subject data and the digital signature value to the contents providing server
The method comprising the steps of:
The content providing server
When the digital signature data and the digital signature value are received, decrypting the digital signature value based on the public key, and if it is determined that the decrypted digital signature value and the received digital signature subject data coincide with each other, And completing the authentication for the client terminal.
The plurality of private key pieces
The encrypted private key generated by encrypting the private key is divided into a plurality of data pieces,
The step of receiving the digital signature subject data
When receiving the electronic signature subscription request based on the private key from the client terminal, receiving the digital signature subject data from the contents providing server and receiving a password for decrypting the encrypted private key from the client terminal In addition,
The step of restoring the private key
Extracting the plurality of private key fragments from the plurality of key stores corresponding to the digital signature substitution request, combining the plurality of private key fragments to recover the encrypted private key,
The step of generating the digital signature value
And decrypting the encrypted private key based on the password and encrypting the digital signature subject data based on the decrypted private key to generate the digital signature value.
The method comprising: generating a public key corresponding to the private key and the private key when the first use registration request for performing an electronic signature substitution is received from the client terminal, Requesting a password;
Storing the secret key in a secret key storage unit after encrypting the secret key based on a predetermined encryption key to generate a secret key when the password is received from the client terminal;
Generating a random key composed of random data and generating an authentication key for encrypting the private key by performing encryption using the random key for the private key;
Encrypting the private key based on the authentication key to generate the encrypted private key, and partitioning the encrypted private key into the plurality of private key fragments; And
Distributing the plurality of pieces of private key to the plurality of key stores, and transmitting the public key to the contents providing server
The method comprising the steps of: receiving an electronic signature;
Dividing the random key into a plurality of data pieces to generate a plurality of random key fragments, and distributing the plurality of random key fragments to the plurality of key stores
The method comprising the steps of: receiving an electronic signature;
When receiving the password for decrypting the encrypted private key together with the digital signature substitution request from the client terminal, encrypting the password received from the client terminal based on the selected encryption key, ;
Extracting the secret key from the secret key storage unit, comparing the encrypted value with the secret key, and completing use authentication for the client terminal if the encrypted value matches the secret key;
Extracting the plurality of random key fragments from the plurality of key stores and reconstructing the random key by combining the plurality of random key fragments when the use authentication for the client terminal is completed; And
Generating the authentication key for decrypting the encrypted private key by performing encryption with the recovered random key for the encrypted value
The method comprising the steps of: receiving an electronic signature;
The step of restoring the private key
Extracting the plurality of private key fragments from the plurality of key stores in response to the digital signature substitution request when the generation of the authentication key for decrypting the encrypted private key is completed, To recover the encrypted private key,
The step of generating the digital signature value
An operation method of an electronic signature proxy execution device for a client terminal for decrypting the encrypted private key using the authentication key and then encrypting the digital signature subject data based on the decrypted private key to generate the digital signature value .
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160007506A KR101776635B1 (en) | 2016-01-21 | 2016-01-21 | Apparatus for performing on behalf an electronic signature for client terminal and operating method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160007506A KR101776635B1 (en) | 2016-01-21 | 2016-01-21 | Apparatus for performing on behalf an electronic signature for client terminal and operating method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170087663A true KR20170087663A (en) | 2017-07-31 |
KR101776635B1 KR101776635B1 (en) | 2017-09-11 |
Family
ID=59418993
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020160007506A KR101776635B1 (en) | 2016-01-21 | 2016-01-21 | Apparatus for performing on behalf an electronic signature for client terminal and operating method thereof |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101776635B1 (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101952641B1 (en) * | 2017-10-13 | 2019-02-27 | 주식회사 오스랩스 | Location based multi-channel login authentication method in a cloud environments |
KR101984254B1 (en) | 2018-09-21 | 2019-05-30 | 김성완 | Node device constituting a block-chain network and an operation method of the node device |
KR20190097998A (en) * | 2018-02-12 | 2019-08-21 | 주식회사 한컴위드 | User authentication apparatus supporting secure storage of private key and operating method thereof |
KR20190098397A (en) * | 2018-02-14 | 2019-08-22 | 주식회사 코드박스 | Management method for private key of virtual money |
KR20190116838A (en) * | 2018-04-05 | 2019-10-15 | 주식회사 케이티 | Security method and system for crypto currency |
KR20190118376A (en) * | 2018-04-10 | 2019-10-18 | (주)키스톤랩 | Method for trading blockchain exchange based real electronic wallet and method for trading the same |
KR20200034565A (en) | 2019-05-23 | 2020-03-31 | 김성완 | Node device constituting a block-chain network and an operation method of the node device |
KR20200118303A (en) * | 2019-04-04 | 2020-10-15 | (주)누리텔레콤 | Private key securing methods of decentralizedly storying keys in owner's device and/or blockchain nodes |
KR102210448B1 (en) * | 2020-04-07 | 2021-02-02 | 블랍스 주식회사 | Method, apparatus and computer program for providing ownership registration and counterfeit judgment service for product using blockchain |
KR20210067493A (en) | 2019-11-29 | 2021-06-08 | 한국정보통신주식회사 | A payment terminal apparatus for providing payment services using a distributed management network of encryption key based on block chains |
KR20210067518A (en) | 2019-11-29 | 2021-06-08 | 한국정보통신주식회사 | A payment terminal apparatus for providing multi van services using a distributed management network of encryption key based on block chains |
KR20210125804A (en) * | 2020-04-09 | 2021-10-19 | 건양대학교산학협력단 | Method for Authenticating Genuineness by Substituting the Autograph of the Work |
CN113904808A (en) * | 2021-09-08 | 2022-01-07 | 北京信安世纪科技股份有限公司 | Private key distribution and decryption method, device, equipment and medium |
KR20220076934A (en) * | 2020-12-01 | 2022-06-08 | 주식회사 엘지유플러스 | Terminal for payment and operaing method of thereof |
CN116996331A (en) * | 2023-09-27 | 2023-11-03 | 腾讯科技(深圳)有限公司 | Block chain-based data processing method, device, equipment and medium |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102087285B1 (en) * | 2018-08-08 | 2020-03-10 | 주식회사 한글과컴퓨터 | Chatbot system server capable of system control based on interactive messaging and operating method thereof |
KR102087287B1 (en) * | 2018-08-20 | 2020-03-10 | 주식회사 한글과컴퓨터 | Chatbot system server capable of executing events based on interactive messaging and operating method thereof |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3793042B2 (en) | 2001-05-14 | 2006-07-05 | 日本電信電話株式会社 | Electronic signature proxy method, apparatus, program, and recording medium |
JP6045018B2 (en) * | 2012-05-07 | 2016-12-14 | 日本電気株式会社 | Electronic signature proxy server, electronic signature proxy system, and electronic signature proxy method |
-
2016
- 2016-01-21 KR KR1020160007506A patent/KR101776635B1/en active IP Right Grant
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101952641B1 (en) * | 2017-10-13 | 2019-02-27 | 주식회사 오스랩스 | Location based multi-channel login authentication method in a cloud environments |
KR20190097998A (en) * | 2018-02-12 | 2019-08-21 | 주식회사 한컴위드 | User authentication apparatus supporting secure storage of private key and operating method thereof |
KR20190098397A (en) * | 2018-02-14 | 2019-08-22 | 주식회사 코드박스 | Management method for private key of virtual money |
KR20190116838A (en) * | 2018-04-05 | 2019-10-15 | 주식회사 케이티 | Security method and system for crypto currency |
KR20190118376A (en) * | 2018-04-10 | 2019-10-18 | (주)키스톤랩 | Method for trading blockchain exchange based real electronic wallet and method for trading the same |
KR101984254B1 (en) | 2018-09-21 | 2019-05-30 | 김성완 | Node device constituting a block-chain network and an operation method of the node device |
WO2020060094A1 (en) * | 2018-09-21 | 2020-03-26 | 김성완 | Node device constituting blockchain network and method for operation of node device |
KR20200118303A (en) * | 2019-04-04 | 2020-10-15 | (주)누리텔레콤 | Private key securing methods of decentralizedly storying keys in owner's device and/or blockchain nodes |
WO2020204444A3 (en) * | 2019-04-04 | 2020-12-17 | (주)누리텔레콤 | Secret key security method of distributing and storing key in blockchain node and/or possession device having wallet app installed therein |
KR20200034565A (en) | 2019-05-23 | 2020-03-31 | 김성완 | Node device constituting a block-chain network and an operation method of the node device |
KR20210067493A (en) | 2019-11-29 | 2021-06-08 | 한국정보통신주식회사 | A payment terminal apparatus for providing payment services using a distributed management network of encryption key based on block chains |
KR20210067518A (en) | 2019-11-29 | 2021-06-08 | 한국정보통신주식회사 | A payment terminal apparatus for providing multi van services using a distributed management network of encryption key based on block chains |
KR102210448B1 (en) * | 2020-04-07 | 2021-02-02 | 블랍스 주식회사 | Method, apparatus and computer program for providing ownership registration and counterfeit judgment service for product using blockchain |
KR20210125804A (en) * | 2020-04-09 | 2021-10-19 | 건양대학교산학협력단 | Method for Authenticating Genuineness by Substituting the Autograph of the Work |
KR20220076934A (en) * | 2020-12-01 | 2022-06-08 | 주식회사 엘지유플러스 | Terminal for payment and operaing method of thereof |
CN113904808A (en) * | 2021-09-08 | 2022-01-07 | 北京信安世纪科技股份有限公司 | Private key distribution and decryption method, device, equipment and medium |
CN116996331A (en) * | 2023-09-27 | 2023-11-03 | 腾讯科技(深圳)有限公司 | Block chain-based data processing method, device, equipment and medium |
CN116996331B (en) * | 2023-09-27 | 2023-12-15 | 腾讯科技(深圳)有限公司 | Block chain-based data processing method, device, equipment and medium |
Also Published As
Publication number | Publication date |
---|---|
KR101776635B1 (en) | 2017-09-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101776635B1 (en) | Apparatus for performing on behalf an electronic signature for client terminal and operating method thereof | |
US10341106B2 (en) | Location aware cryptography | |
CN110417750B (en) | Block chain technology-based file reading and storing method, terminal device and storage medium | |
KR20200002985A (en) | Data sharing methods, clients, servers, computing devices, and storage media | |
CN107306254B (en) | Digital copyright protection method and system based on double-layer encryption | |
CN105580311A (en) | Data security using request-supplied keys | |
CN103457733A (en) | Data sharing method and system under cloud computing environment | |
CN105991563B (en) | Method and device for protecting security of sensitive data and three-party service system | |
CN102281300A (en) | digital rights management license distribution method and system, server and terminal | |
US20200089867A1 (en) | System and method for authentication | |
CN110661814A (en) | Bidding file encryption and decryption method, device, equipment and medium | |
CN109547198A (en) | The method and system of network transmission video file | |
CN111970109B (en) | Data transmission method and system | |
JP2014167675A (en) | Document authority management system, terminal equipment, document authority management method and program | |
CN103414727A (en) | Encryption protection system for input password input box and using method thereof | |
WO2019083379A1 (en) | Data transmission | |
CN106411520B (en) | Method, device and system for processing virtual resource data | |
JP2013115522A (en) | Link access control method, program, and system | |
CN115276978A (en) | Data processing method and related device | |
CN107919958B (en) | Data encryption processing method, device and equipment | |
CN111031352B (en) | Audio and video encryption method, security processing method, device and storage medium | |
KR20190097998A (en) | User authentication apparatus supporting secure storage of private key and operating method thereof | |
KR101797571B1 (en) | Client terminal device for generating digital signature and digital signature generation method of the client terminal device, computer readable recording medium and computer program stored in the storage medium | |
CN116132041A (en) | Key processing method and device, storage medium and electronic equipment | |
CN114095165B (en) | Key updating method, server device, client device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |