KR20230105554A - User's register and login method for cloud-based artificial intelligence system - Google Patents

Abstract

The present invention includes a 100th step in which a user registers in a cloud platform and a 200th step in which the user logs in to the cloud platform, wherein the 100th step is a 101st step in which the user prepares hash value H1, Step 102 of sending registration request information Tx1 including the user's blockchain address Addr_u and the hash value H1 to the first smart contract, wherein the first smart contract transmits the user's blockchain address Addr_u and the hash value H'1 Step 103 of recording in the blockchain, step 104 of the first smart contract transmitting the user's blockchain address Addr_u and hash value H'1 to the management module and all nodes of the blockchain, the management module Step 105 of storing the user's blockchain address Addr_u and hash value H'1 transmitted from the first smart contract in a local database, step 106 of calculating the digital signature S1 and encryption information R2 by the user, the management Step 107, in which the module performs a verification process on the encryption information R'2, upon completion of the verification process on the encryption information R'2, the management module sets user assignment information U_rl, and R'1 and the user assignment Step 108 of storing information U_rl in the local database, step 109 of the management module preparing a user certificate U_cred from R'1 and user assignment information U_rl, the management module preparing the user's block chain address Addr_u and the user Step 110 of transmitting transaction information Tx2 including the certificate U_cred to the first smart contract, wherein the first smart contract stores the user's block chain address Addr_u and the user certificate U'_cred in the block chain, and the management Step 111 of broadcasting the user's blockchain address Addr_u and the user certificate U'_cred to all nodes of the module and blockchain, wherein the user broadcasts the user's blockchain address Addr_u and Step 112 of storing the user certificate U'_cred in a local storage, step 113 of generating a response message including the user certificate U_cred, user assignment information U_rl, and digital signature Su by the management module; It is characterized in that it comprises a step 114 of verifying the response message transmitted from.

Description

User's register and login method for cloud-based artificial intelligence system}

The present invention relates to a user's registration and login method, and more particularly, to a cloud-based artificial intelligence system that can strengthen data integrity and improve security by using blockchain and smart contracts in a cloud-based artificial intelligence system. It relates to a user registration and login method for an intelligent system.

Since artificial intelligence (AI) was introduced in 1956, it has continued to develop. In 2016, AI AlphaGo beat the world Go champion five times in a row. In 2018, Google launched a self-driving taxi service from Waymo, which was spun off from Phoenix, Arizona. And AI could also transform other fields, such as national security, finance, healthcare, criminal justice, transportation, and smart cities.

However, AI can be applied in adversarial cases, such as attacks on self-driving cars. For example, artificial intelligence could misclassify a stop sign image with a small number of pixels altered, causing a car accident. In addition, attacks on multiple robots controlled by artificial intelligence in a central server can cause large-scale catastrophic failures. Therefore, when developing an artificial intelligence system, more effort should be put into the security of the artificial intelligence system.

Recently, a cloud-based artificial intelligence system capable of learning a machine learning model using learning data has been actively introduced.

However, existing cloud-based artificial intelligence systems have a problem in that they are vulnerable to data integrity and protection of personal information.

In addition, existing cloud-based artificial intelligence systems have a problem in that they can adversely affect the security of artificial intelligence services and potentially damage data due to vulnerabilities of cloud computing.

KR 10-1914416 B1

The present invention has been devised to solve the above problems, and an object of the present invention is to integrate an architecture based on blockchain and smart contracts to strengthen the integrity of the machine learning pipeline of a cloud-based artificial intelligence system. It is to provide a user registration and login method for a cloud-based artificial intelligence system.

Another object of the present invention is to provide a user registration and login method for a cloud-based artificial intelligence system that can prevent an attacker from infiltrating the cloud-based artificial intelligence system by impersonating a real user.

Another object of the present invention is to provide a user registration and login method for a cloud-based artificial intelligence system capable of tracking data integrity and preventing data manipulation.

In order to solve the above technical problems, a user registration and login method for a cloud-based artificial intelligence system according to the present invention includes the 100th step of registering a user in a cloud platform and the user logging in to the cloud platform. A 200th step is included, wherein the 100th step is a 101st step in which the user prepares the hash value H1, and the user transmits the registration request information Tx1 including the user's blockchain address Addr_u and the hash value H1 to the first smart device. Step 102 of transmitting to the contract, step 103 of the first smart contract recording the user's block chain address Addr_u and hash value H'1 in the block chain, step 103 of the first smart contract managing the management module and the block chain Step 104 of transmitting the user's blockchain address Addr_u and hash value H'1 to all nodes, wherein the management module transfers the user's blockchain address Addr_u and hash value H'1 transmitted from the first smart contract to the local Step 105 of storing in a database, Step 106 of calculating the digital signature S1 and encryption information R2 by the user, Step 107 of performing a verification process on the encryption information R'2 by the management module, Step 107 of the encryption information R' 2, the management module sets the user assignment information U_rl and stores R'1 and the user assignment information U_rl in the local database, wherein the management module sets the user assignment information U_rl Step 109 of preparing user certificate U_cred from allocation information U_rl, step 110 of the management module transmitting transaction information Tx2 including the user's blockchain address Addr_u and user certificate U_cred to the first smart contract, 1 The smart contract stores the user's block chain address Addr_u and user credential U'_cred in the block chain, and broadcasts the user's block chain address Addr_u and user credential U'_cred to the management module and all nodes in the block chain. Step 111 casting, the user storing the user's blockchain address Addr_u and user credential U'_cred broadcasted by the first smart contract in a local storage step 112, the management module stores the user credential U_cred , a step 113 of generating a response message including user allocation information U_rl and a digital signature Su, and a step 114 of verifying the response message received by the user from the management module, wherein the hash value H'1 is When the first smart contract receives the hash value H1 generated by the user, it is information used instead of the hash value H1 to distinguish it from the hash value H1, and the encryption information R'2 is provided to the user. When the management module receives the encryption information R2 generated by the management module, it is information used instead of the encryption information R2 to distinguish it from the encryption information R2, and the user certificate U'_cred is the information generated by the management module. When the first smart contract receives the user credential U_cred, it is characterized in that it is information used instead of the user credential U_cred to distinguish it from the user credential U_cred.

Further, the step 101 is the step 101-1 in which the user prepares R1 using (Equation Equation) R1=Addr_u||name||H(pass)||email||t and the user ( A 101-2 step of preparing a hash value H1 of R1 using Equation) H1 = H(R1), wherein the name is the user's name, the pass is the user's password, and the H ( pass) is the hash value of the user's password pass, the email is the user's email address, and t is the current timestamp.

In addition, the step 106 is a step 106-1 in which the user generates the digital signature S1 for the hash value H1 using the user's private key SK_u as (Equation Equation) S1 = Sign_SK_u (H1) and 106, in which the user calculates the encrypted information R2 by encrypting the information concatenated with the R1 and the digital signature S1 using the public key PK_idma of the management module as (Equation Equation) R2 = E_PK_idma (R1||S1) - It is characterized in that it includes step 2.

In step 107, the management module decrypts the encrypted information R'2 with the private key SK_idma of the management module in (Equation) D_SK_idma(R'2) → R'1||S'1, Step 107-1 of acquiring R'1 and the digital signature S'1, the management module uses (Equation Equation) H""1=H(R'1), the hash value H" of R'1 In step 107-2 of calculating "1, the management module compares the hash value H""1 calculated in step 107-2 with the hash value H'1 broadcast by the first smart contract. In step 107-3, the management module checks whether the hash values H""1 and H'1 match. When the hash values H""1 and H'1 match, the encryption information R'2 107-4 step of continuing the verification process for , and stopping the verification process for the encryption information R'2 when the hash values H""1 and H'1 do not match, and the management module (Equation Equation) Step 107-5 of inputting the digital signature S'1 and the hash value H""1 to the PKVer_Addr_u function using PKVer_Addr_u(S'1,H""1) → True or False; PKVer_Addr_u(S'1,H""1) is a function that verifies whether the user's blockchain address Addr_u signed the hash value H""1 with the digital signature S'1.

In addition, step 109 is a step 109-1 in which the management module calculates R3 by concatenating R'1 and the user assignment information U_rl using R3=R'1||U_rl (Equation Equation). , a 109-2 step in which the management module calculates the user certificate U_cred, which is the hash value of R3, using (Equation Equation) U_cred = H(R3), and the management module calculates the user certificate U_cred in the local database It is characterized in that it includes a 109-3 step of storing in.

In addition, in step 113, the management module uses (Equation Equation) Su=Sign_SK_idma (U_cred||H(U_rl)) and the secret key SK_idma of the management module, a step 113-1 of generating a digital signature Su and a step 113-2 of the management module transmitting the response message including the user certificate U_cred, user allocation information U_rl, and digital signature Su to the user, respectively. characterized by

In addition, step 114 is a step 114-1 in which the user receives user certificate U""_cred, user assignment information U'_rl, and digital signature S'u from the management module, and the user transmits the information from the management module. Step 114-2 of comparing the received user certificate U""_cred and the user certificate U'_cred transmitted from the first smart contract, if the user's user certificate U""_cred and U'_cred match, Continue the verification process for the response message, and if the user certificates U""_cred and U'_cred do not match, step 114-3 of stopping the verification process for the response message, the user (Equation Equation) PKVer_PK_idma (S'u,U""_cred||H(U'_rl)) → Step 114-4 of verifying the digital signature S'u using True or False, and the user performing step 114-4 If the output value of is true, a step 114-5 of terminating the verification process for the digital signature S'u, wherein the digital signature S'u is (Equation) Sign_SK_idma(U_cred||H(U_rl))' , which is a digital signature generated for (U_cred||H(U_rl))' using the private key SK_idma of the management module, and the PKVer_PK_idma(S'u,U""_cred||H(U'_rl) ) is a function that verifies whether the public key PK_idma of the management module has signed U""_cred||H(U'_rl) with the digital signature S'u, and the user certificate U""_cred is determined by the management module. When the user receives the generated user certificate U_cred, it is information used instead of the user certificate U_cred to distinguish it from the user certificate U_cred, and the user assignment information U'_rl is the user certificate generated by the management module. When the user receives allocation information U_rl, information used instead of the user allocation information U_rl to distinguish from the user allocation information U_rl, and the digital signature S'u is the digital signature Su generated by the management module. is information used instead of the digital signature Su to distinguish it from the digital signature Su when the user receives it.

In addition, the step 200 is a step 201 in which the user prepares the hash value H2 for login, and the user transmits the transaction information Tx3 including the user's blockchain address Addr_u and the hash value H2 to the first smart contract. Step 202, the first smart contract records the user's blockchain address Addr_u and hash value H'2 in the blockchain, and sends the management module and all nodes of the blockchain to the user's blockchain Step 203 of broadcasting the address Addr_u and the hash value H'2 of, wherein the management module stores the address Addr_u and the hash value H'2 of the user's blockchain received from the first smart contract in the local database Step 204, wherein the user calculates the digital signature S2 and encryption information R5; Step 205, wherein the user transmits the encryption information R5 to the management module and requests log-in to the cloud platform through the management module; In step 206, the management module performs a verification process on the encryption information R'5. In step 207, upon completion of the verification process on the encryption information R'5, the management module outputs a notification message Msg indicating 'login succeeded'. Step 208, wherein the management module transmits the notification message Msg, hash value Hm, and digital signature Se to the user to notify that the user has logged in to the cloud platform; In a step 210 of verifying 'e', the hash value H'2 is used to distinguish the hash value H2 from the hash value H2 when the first smart contract receives the hash value H2 generated by the user. Information used instead of the value H2, and the encryption information R'5 is used instead of the encryption information R5 to distinguish it from the encryption information R5 when the management module receives the encryption information R5 generated by the user. information, and the digital signature S'e is information used instead of the digital signature Se to distinguish it from the digital signature Se when the user receives the digital signature Se generated by the management module. to be

In addition, the step 201 is a step 201-1 in which the user prepares the pwd, which is the hash value of the password pass of the user, using (Equation) pwd = H (pass) and the user (Equation) ) R4=email||pwd||U_cred||t using the 201-2nd step of preparing the R4 and the user using (Equation) H2=H(R4), the hash value of the R4 A step 201-3 of preparing H2, wherein the pass is a user's password, the email is a user's e-mail address, the U_cred is a user certificate, t is a current timestamp, and R4 is the user's e-mail address. It is characterized in that it is information concatenated with the user's e-mail address e-mail, the user's password pwd, the user certificate U_cred, and the current timestamp t.

In addition, in step 205, the user generates the digital signature S2 for the hash value H2 by using the user's private key SK_u as (Equation Equation) S2 = Sign_SK_u (H2), and 205-2, in which the user calculates the R5 by encrypting the information concatenated with the R4 and the digital signature S2 using the public key PK_idma of the management module as R5 = E_PK_idma (R4||S2) It is characterized by including steps.

Further, in step 207, the management module decrypts the encrypted information R'5 with the private key SK_idma of the management module in (Equation) D_SK_idma(R'5) → R'4||S'2, Step 207-1 of acquiring 4 and the digital signature S'2, step 207-2 of checking whether user information is registered in the local database by the management module, the user information received from the user by the management module and if steps 207-3, 207-2, and 207-3 of comparing user information stored in the local database and confirming whether they match are true, the management module determines whether the user information R'5 matches the user information stored in the local database. Step 207-4 of continuing the verification process for the information, step 207-5 of the management module checking the user assignment information U_rl in the local database, if the user has access authority, the management module (math Equation) Step 207-6 of calculating the hash value H""2 of R'4 by using H""2 = H(R'4), wherein the management module calculates the hash value calculated by the management module Step 207-7 of comparing the value H""2 and the hash value H'2 broadcast by the first smart contract to determine whether the hash value H""2 and H'2 match, the When the hash values H""2 and H'2 match, the management module continues the verification process for the encryption information R'5, and when the hash values H""2 and H'2 do not match, the encryption information Step 207-8 of stopping the verification process for R'5 and the management module uses (mathematical expression) PKVer_Addr_u(S'2,H""2) → True or False to determine the digital signature S in the PKVer_Addr_u function '2, a step 207-9 of inputting hash value H""2, wherein the user information is information including the user's email address email, the user's password pass, and the user certificate U_cred, and the PKVer_Addr_u (S '2,H""2) is a function that verifies whether the user's blockchain address Addr_u signed the hash value H""2 with the digital signature S'2.

Further, the step 209 is a step 209-1 in which the management module prepares the hash value Hm of the notification message Msg using (mathematical expression) Hm=H(Msg) and the management module (mathematical expression) Se =Sign_SK_idma(Hm), and a step 209-2 of generating the digital signature Se for the hash value Hm using the secret key SK_idma of the management module.

Further, in step 210, the user inputs the digital signature S'e and hash value H'm to the PKVer_PK_idma function using (mathematical expression) PKVer_PK_idma (S'e, H'm) → True or False. Step 210-1 is included, wherein the PKVer_PK_idma(S'e,H'm) is a function verifying whether the public key PK_idma of the management module has signed the hash value H'm with the digital signature S'e; The hash value H'm may be information used instead of the hash value Hm to distinguish the hash value Hm from the hash value Hm when the user receives the hash value Hm generated by the management module.

The user's registration and login method for a cloud-based artificial intelligence system according to the present invention integrates architecture based on blockchain and smart contracts, thereby strengthening the integrity of the machine learning pipeline of the cloud-based artificial intelligence system. There is an effect.

In addition, the user registration and login method for the cloud-based artificial intelligence system according to the present invention has an effect of preventing an attacker from impersonating a real user and infiltrating the cloud-based artificial intelligence system in advance.

In addition, the user's registration and login method for the cloud-based artificial intelligence system according to the present invention has an effect of tracking integrity and preventing data manipulation.

1 is a block diagram of a cloud-based artificial intelligence system according to the present invention.
2 is a flowchart of a user registration and login method for a cloud-based artificial intelligence system according to the present invention.
FIG. 3 is a flowchart of steps S101 to S107 in the step of registering the user to the cloud platform shown in FIG. 2 .
FIG. 4 is a flowchart of steps S108 to S114 in the step of registering the user to the cloud platform shown in FIG. 2 .
FIG. 5 is a flowchart of step S101 in which the user of FIG. 3 prepares hash value H1.
FIG. 6 is a flowchart of step S106 in which the user calculates S1 and R2 shown in FIG. 3 .
FIG. 7 is a flowchart of step S107 in which the user shown in FIG. 3 performs a verification process for R'2.
FIG. 8 is a flowchart of step S109 in which the management module shown in FIG. 4 prepares U_cred from R'1 and U_rl.
FIG. 9 is a flowchart of step S113 in which the management module shown in FIG. 4 generates a response message including U_cred, U_rl, and Su.
FIG. 10 is a flowchart of step S114 in which the user verifies the response message shown in FIG. 4 .
FIG. 11 is a flowchart of steps S201 to S205 in step S200 in which the user of FIG. 2 logs in to the cloud platform.
FIG. 12 is a flowchart of steps S206 to S210 in step S200 in which the user of FIG. 2 logs in to the cloud platform.
FIG. 13 is a flowchart of step S201 in which the user of FIG. 11 prepares hash value H2.
FIG. 14 is a flowchart of step S205 in which the user calculates S2 and R5 shown in FIG. 11 .
FIG. 15 is a flowchart of step S207 in which the management module shown in FIG. 12 performs a verification process for R'5.
FIG. 16 is a flowchart of step S209 in which the management module shown in FIG. 12 transmits Msg, Hm, and Se to the user.
FIG. 17 is a flowchart of step S210 in which the user verifies the digital signature S'e shown in FIG. 12 .

Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings in order to describe in detail enough for those skilled in the art to easily implement the technical idea of the present invention.

However, the following examples are merely examples to aid understanding of the present invention, and the scope of the present invention is not reduced or limited thereby. In addition, the present invention may be embodied in many different forms and is not limited to the embodiments described herein.

First, the notation used in the user's registration and login method for the cloud-based artificial intelligence system according to the present invention will be described.

First, Addr_x is the blockchain address of x.

And, X||Y is the concatenation of X and Y.

And, SK_x and PK_x are the private key and public key of x, respectively.

And, Sign_SK_x(Y) is a function that generates a digital signature for Y using the secret key (SK_x) of x.

And, PKVer_Addr_x(M,N) is a function that verifies whether the block chain address Addr_x of x signed data N with digital signature M. At this time, PKVer_Addr_x(M,N) outputs true if the blockchain address Addrx of x signs data N with digital signature M, and outputs false otherwise.

And, E_PK_x(Y) is a function that asymmetrically encrypts data Y using x's public key PK_x.

And, D_SK_x(Y) is a function that asymmetrically decrypts data Y using the secret key SK_x of x.

And, H(Y) is a function that generates a hash value of data Y.

And, SC_z is a smart contract for module z.

And, JWTVer(O, SK_x) is a function that verifies the access token O using the secret key SK_x of x.

1 is a block diagram of a cloud-based artificial intelligence system according to the present invention.

Referring to Figure 1, the cloud-based artificial intelligence system according to the present invention is composed of a user, a smart contract and a cloud platform.

First, the user calls the cloud API to the cloud platform to use the artificial intelligence service on the client side.

And, the user uploads the machine learning dataset in a secure environment and trains the machine learning system on the cloud platform.

And, the smart contract resides in the blockchain network and serves as a reliable service level contract so that users and cloud platforms can trust each other.

And, the cloud platform provides a number of services to users.

Referring to FIG. 1 , the cloud platform includes a management module, an API gateway, an integrity module, a logging/monitoring unit, and a storage management unit.

First, the management module (IDMA Module, Identity Management and Access Control Module) manages the user registration and login process. At this time, each user is given a role of limiting his or her activity and preventing any action.

In addition, the management module provides a user credential (U_cred, User Credential) to the user. At this time, the user certificate is used as a token for authenticating the user. The user may use the user certificate for user authentication when logging in to the cloud platform.

In addition, the management module cooperates with the smart contract to verify information transmitted and received between the management module and the smart contract.

In addition, the API (Application Programming Interface) gateway processes the API request of the user who wants to use the cloud service. In addition, the API gateway provides a token to the user before the user uses the cloud service.

In addition, the API gateway cooperates with the smart contract to record the user's request for an API token and the value of the API token. Both users and cloud platforms can verify the legitimacy of tokens against smart contracts.

And, the integrity module (IM, Integrity Module) plays a role in maintaining the integrity of the learning model and learning data using the blockchain.

Therefore, users and cloud platforms can respectively check the integrity of learning data for smart contracts.

And, the logging/monitoring unit records data flow and user activity. In addition, the logging/monitoring unit monitors the cloud platform and generates an alarm for malicious behavior.

And, the storage management unit manages the backup data process of the system. Specifically, the storage management unit encrypts and stores the backup data in order to secure confidentiality of the backup data.

On the other hand, the cloud-based artificial intelligence system according to the present invention is configured to further include a local database in which a user can store data and a local database in which a management module can store data.

Next, a user registration and login method for the cloud-based artificial intelligence system according to the present invention will be described.

2 is a flowchart of a user registration and login method for a cloud-based artificial intelligence system according to the present invention.

Referring to FIG. 2 , a user registration and login method for a cloud-based artificial intelligence system according to the present invention includes steps in which a user registers in a cloud platform (S100) and a step in which a user logs in to a cloud platform (S200). composed of

First, a step (S100) of a user registering in a cloud platform will be described.

FIG. 3 is a flowchart of steps S101 to S107 in the step of registering the user to the cloud platform shown in FIG. 2, and FIG. 4 is a flowchart of steps S108 to S114 in the step of registering the user to the cloud platform shown in FIG. am.

Referring to FIGS. 3 and 4, a user prepares a hash value H1 for the user. (S101)

FIG. 5 is a flowchart of step S101 in which the user of FIG. 3 prepares hash value H1.

Referring to FIG. 5, the user prepares R1 by using (Equation Equation) R1=Addr_u||name||H(pass)||email||t. (S101-1)

where Addr_u is the user's blockchain address, name is the user's name, pass is the user's password, H(pass) is the hash value of the pass, email is the user's email address, and t is the current timestamp (Timestamp).

And, R1 is information concatenated with the user's blockchain address Addr_u, the user's name name, H (pass), the user's email address email, and the current timestamp t.

After that, the user calculates the hash value H1 of R1 using (Equation Equation) H1=H(R1). (S101-2)

After that, the user transmits the registration request information Tx1 including the user's blockchain address Addr_u and hash value H1 to the first smart contract. (S102)

Here, the first smart contract (SC_idma) is a smart contract for the management module.

After that, the first smart contract records the user's blockchain address Addr_u and hash value H'1 in the blockchain. (S103)

Here, the hash value H'1 is information used instead of the hash value H1 to distinguish it from the hash value H1 when the first smart contract receives the hash value H1 generated by the user.

After that, the first smart contract transmits the user's blockchain address Addr_u and hash value H'1 to the management module and all nodes of the blockchain. (S104)

Here, all nodes of the blockchain include users. Meanwhile, the reason why the first smart contract transmits the user's blockchain address Addr_u and hash value H'1 to the user is that the user's blockchain address Addr_u and hash value H'1 have been successfully stored in the blockchain. It is to inform.

After that, the management module stores the user's blockchain address Addr_u and hash value H'1 transmitted from the first smart contract in a local database. (S105)

After that, the user calculates the digital signature S1 and encryption information R2. (S106)

FIG. 6 is a flowchart of step S106 in which the user calculates S1 and R2 shown in FIG. 3 .

Referring to FIG. 6, the user generates a digital signature S1 for the hash value H1 using the user's private key SK_u as (Equation Equation) S1 = Sign_SK_u (H1). (S106-1)

After that, the user encrypts the information concatenated with R1 and the digital signature S1 using the public key PK_idma of the management module as (Equation Equation) R2 = E_PK_idma (R1||S1), and calculates the encrypted information R2. ( S106-2)

After that, the management module performs a verification process for the encryption information R'2. (S107)

Here, the encryption information R′2 is information used instead of the encryption information R2 to distinguish it from the encryption information R2 when the management module receives the encryption information R2 generated by the user.

FIG. 7 is a flowchart of step S107 in which the user shown in FIG. 3 performs a verification process for encryption information R'2.

Referring to FIG. 7, the management module decrypts the encrypted information R'2 using the private key SK_idma of the management module in (Equation) D_SK_idma(R'2) → R'1||S'1, and R'1 and digital signature S'1 is acquired. (S107-1)

Here, R'1 is information generated by the management module and used instead of R1 to distinguish it from R1 generated by a user. Further, the digital signature S'1 is information generated by the management module and used instead of the digital signature S1 to distinguish it from the digital signature S1 generated by the user.

After that, the management module calculates the hash value H"1 of R'1 using (Equation Equation) H"1 = H(R'1). (S107-2)

After that, the management module compares the hash value H"1 calculated in step S107-2 and the hash value H'1 broadcast by the first smart contract. (S107-3)

If the hash values H"1 and H'1 match, the management module continues the verification process for the encryption information R'2. However, if the hash values H"1 and H'1 do not match, the management module The verification process for the encryption information R'2 is stopped. (S107-4)

After that, the management module inputs the digital signature S'1 and hash value H"1 to the PKVer_Addr_u function by using (mathematical expression) PKVer_Addr_u(S'1,H"1) → True or False to verify the signature. .(S107-5)

Here, PKVer_Addr_u(S'1,H"1) is a function that verifies whether the user's blockchain address Addr_u signed hash value H"1 with digital signature S'1.

Step S107-5 is used to prove that the sender of the encryption information R'2 for the management module and the sender of the registration request information Tx1 for the first smart contract match. Also, step S107-5 is used to prevent an attacker from impersonating a user.

When the verification process for encryption information R'2 is completed, the management module sets user assignment information U_rl and stores R'1 and user assignment information U_rl in a local database (S108).

At this time, the user assignment information U_rl is composed of the user's role, scope and access information. And, the user allocation information U_rl means the user's authority to prevent the user from acting arbitrarily in the cloud platform.

After that, the management module prepares the user certificate U_cred from R'1 and the user assignment information U_rl. (S109)

FIG. 8 is a flowchart of step S109 in which the management module shown in FIG. 4 prepares U_cred from R'1 and U_rl.

Referring to FIG. 8, the management module calculates R3 using (Equation Equation) R3=R'1||U_rl. (S109-1)

Here, R'1||U_rl is information obtained by concatenating R'1 and user allocation information U_rl.

After that, the management module calculates the hash value U_cred of R3 using (Equation Equation) U_cred = H(R3). (S109-2)

After that, the management module stores the user certificate U_cred in the local database (S109-3).

After that, the management module transmits the transaction information Tx2 including the user's blockchain address Addr_u and the user allocation information U_cred to the first smart contract. (S110)

After that, the first smart contract stores the block chain address Addr_u and user certificate U'_cred transmitted from the management module in the block chain, and sends the user's block chain address Addr_u and user certificate U' to the management module and all nodes of the block chain. _cred is broadcast. (S111)

Here, the user credential U'_cred is information used instead of the user credential U_cred to distinguish it from the user credential U_cred when the first smart contract receives the user credential U_cred generated by the management module.

After that, the user stores the user's blockchain address Addr_u and the user certificate U'_cred broadcasted by the first smart contract in the local storage. (S112)

Then, the management module receives the user's blockchain address Addr_u and the user certificate U'_cred broadcasted by the first smart contract. This means that the user credential U_cred has been successfully saved to the blockchain.

After that, the management module generates a response message including user certificate U_cred, user allocation information U_rl, and digital signature Su. (S113)

FIG. 9 is a flowchart of step S113 in which the management module shown in FIG. 4 generates a response message including U_cred, U_rl, and Su.

Referring to FIG. 9, the management module generates a digital signature Su for U_cred||H(U_rl) using the secret key SK_idma of the management module as (Equation) Su=Sign_SK_idma(U_cred||H(U_rl)) (S113-1)

Here, U_cred||H(U_rl) is information obtained by concatenating the hash value of the user certificate U_cred and the user allocation information U_rl.

After that, the management module transmits a response message including user certificate U_cred, user allocation information U_rl, and digital signature Su to the user respectively (S113-2).

After that, the user verifies the response message transmitted from the management module. (S114)

FIG. 10 is a flowchart of step S114 in which the user verifies the response message shown in FIG. 4 .

Referring to FIG. 10, first, the user receives user certificate U"_cred, user assignment information U'_rl, and digital signature S'u from the management module. (S114-1)

Here, the user credential U"_cred is information used instead of the user credential U_cred to distinguish it from the user credential U_cred when the user receives the user credential U_cred generated by the management module.

Further, the user assignment information U'_rl is information used instead of the user assignment information U_rl to distinguish it from the user assignment information U_rl when the user receives the user assignment information U_rl generated by the management module.

And, the digital signature S'u is information used instead of the digital signature Su to distinguish it from the digital signature Su when the user receives the digital signature Su generated by the management module.

Then, the user compares the user credential U"_cred transmitted from the management module and the user credential U'_cred transmitted from the first smart contract. (S114-2)

After that, the user continues the verification process for the response message when the user credentials U"_cred and U'_cred match, and stops the verification process for the response message when the user credentials U"_cred and U'_cred do not match. .(S114-3)

After that, the user verifies the digital signature S'u using (mathematical expression) PKVer_PK_idma(S'u,U"_cred||H(U'_rl)) → True or False. (S114-4)

Here, S'u is (a mathematical expression) Sign_SK_idma(U_cred||H(U_rl))', which is a digital signature generated for (U_cred||H(U_rl))' using the secret key SK_idma of the management module.

And, PKVer_PK_idma(S'u,U"_cred||H(U'_rl)) is a function that verifies whether public key PK_idma of the management module signed U"_cred||H(U'_rl) with S'u. .

After that, if the output value of step S114-4 is true, the user ends the verification of the digital signature S'u. (S114-5)

If the output value of step S114-4 is true, it can be seen that the actual sender of the user certificate U"_cred is the management module.

Accordingly, the user can use the user certificate U'_cred transmitted from the first smart contract. In addition, the user can log in to the cloud platform using the user credential U'_cred.

After registering on the cloud platform, the user can own the user certificate U_cred stored in the local storage. Accordingly, the user can use the user certificate U_cred when logging in to the cloud platform.

Next, a step (S200) of the user logging in to the cloud platform will be described.

11 is a flowchart of steps S200 to S201 to S205 in which the user shown in FIG. 2 logs in to the cloud platform, and FIG. 12 is a flowchart of steps S200 to S206 to S210 in which the user shown in FIG. 2 logs in to the cloud platform. It is a flow chart for

11 and 12, the user prepares the hash value H2 for login. (S201)

FIG. 13 is a flowchart of step S201 in which the user of FIG. 11 prepares hash value H2.

Referring to FIG. 13, the user prepares pwd, which is the hash value of pass, using (mathematical expression) pwd=H(pass). (S201-1)

Here, pass is the user's password, and pwd is the hash value of the user's password pass.

After that, the user prepares R4 by using (mathematical expression) R4=email||pwd||U_cred||t. (S201-2)

Here, email is the user's email address, U_cred is the user credential, and t is the current timestamp. And, R4 is information concatenated with the user's e-mail address e-mail, the hash value pwd of the user's password, the user credential U_cred, and the current timestamp t.

After that, the user prepares the hash value H2 of R4 using (Equation Equation) H2=H(R4). (S201-3)

After that, the user transmits the transaction information Tx3 including the user's blockchain address Addr_u and hash value H2 to the first smart contract. (S202)

After that, the first smart contract records the user's blockchain address Addr_u and hash value H'2 in the blockchain. And, the first smart contract broadcasts the user's blockchain address Addr_u and hash value H'2 to the management module and all nodes of the blockchain. (S203)

Here, the hash value H'2 is information used instead of H2 to distinguish it from H2 when the first smart contract receives the hash value H2 generated by the user.

After that, the management module stores the user's blockchain address Addr_u and hash value H'2 transmitted from the first smart contract in a local database. (S204)

Here, all nodes of the blockchain include users. On the other hand, the reason why the first smart contract transmits the user's blockchain address Addr_u and hash value H'2 to the user is to inform the user that the user's blockchain address Addr_u and hash value H'2 have been successfully stored in the blockchain. It is to inform.

After that, the user calculates the digital signature S2 and encryption information R5. (S205)

FIG. 14 is a flowchart of step S205 in which the user calculates S2 and R5 shown in FIG. 11 .

Referring to FIG. 14, the user generates a digital signature S2 for the hash value H2 using the user's private key SK_u as (Equation Equation) S2 = Sign_SK_u (H2). (S205-1)

After that, the user encrypts the information concatenated with R4 and the digital signature S2 using the public key PK_idma of the management module as (Equation Equation) R5 = E_PK_idma (R4||S2), and calculates the encrypted information R5. ( S205-2)

After that, the user transmits encryption information R5 to the management module and requests log-in to the cloud platform through the management module (S206).

After that, the management module starts a verification process for the encryption information R'5. (S207)

Here, the encryption information R'5 is encryption information used instead of encryption information R5 to distinguish it from the encryption information R5 when the management module receives the encryption information R5 generated by the user.

FIG. 15 is a flowchart of step S207 in which the management module shown in FIG. 12 performs a verification process for encryption information R'5.

Referring to FIG. 15, the management module decrypts encrypted information R'5 using the secret key SK_idma of the management module in D_SK_idma(R'5) → R'4||S'2, and R'4 and digital signature S' '2 is acquired. (S207-1)

Here, R'4 is information generated by the management module and used instead of R4 to distinguish it from R4 generated by a user.

Further, the digital signature S'2 is information generated by the management module and used instead of the digital signature S2 to distinguish it from the digital signature S2 generated by the user.

After that, the management module checks the following two conditions.

First, the management module checks whether user information is registered in the local database (S207-2).

Here, the user information is information including the user's e-mail address e-mail, the user's password pass, and the user credential U_cred.

After that, the management module compares the user information transmitted from the user with the user information stored in the local database and checks whether they match (S207-3).

If one of the above two conditions is false, the management module rejects the user's login request. However, if both of the above two conditions are true, the management module continues the verification process for the encrypted information R'5. (S207-4)

After that, the management module checks the user assignment information U_rl in the local database. (S207-5)

If the user has access rights, the management module calculates the hash value H"2 of R'4 using (Equation Equation) H"2 = H(R'4). (S207-6)

After that, the management module compares the hash value H"2 calculated by the management module and the hash value H'2 broadcast by the first smart contract, and determines whether the hash value H"2 and H'2 match. Check. (S207-7)

If the hash values H"2 and H'2 match, the management module continues the verification process for the encryption information R'5. If the hash values H"2 and H'2 do not match, the management module continues the verification process for the encryption information R'5. Stop the verification process for R'5. (S207-8)

After that, the management module inputs the digital signature S'2 and hash value H"2 to the PKVer_Addr_u function by using (mathematical expression) PKVer_Addr_u (S'2,H"2) → True or False to verify the signature. Do (S207-9)

Here, PKVer_Addr_u(S'2,H"2) is a function that verifies whether the user's blockchain address Addr_u signed the hash value H"2 with the digital signature S'2.

Step S207-9 is used to prove that the sender of R'5 for the management module and the sender of the transaction information Tx3 for the first smart contract match. In addition, the step S207-9 is used to prevent an attacker from impersonating a user.

When the verification process for the encryption information R'5 is completed, the management module outputs a notification message Msg of 'login successful' (S208).

After that, the management module transmits the notification message Msg, the hash value Hm, and the digital signature Se to the user to notify that the user has successfully logged in to the cloud platform (S209).

FIG. 16 is a flowchart of step S209 in which the management module shown in FIG. 12 transmits Msg, Hm, and Se to the user.

Referring to FIG. 16, the management module prepares the hash value Hm of the notification message Msg using (Equation Equation) Hm=H(Msg). (S209-1)

Thereafter, the management module generates a digital signature Se for the hash value Hm using the secret key SK_idma of the management module as (Equation Equation) Se=Sign_SK_idma (Hm). (S209-2)

After that, the user verifies the digital signature S'e. (S210)

Here, the digital signature S'e is information used instead of the digital signature Se to distinguish the digital signature Se generated by the management module from the digital signature Se when the user receives it.

FIG. 17 is a flowchart of step S210 in which the user verifies the digital signature S'e shown in FIG. 12 .

Referring to FIG. 17, the user inputs the digital signature S'e and the hash value H'm to the PKVer_PK_idma function using (mathematical expression) PKVer_PK_idma (S'e, H'm) → True or False. (S210 -One)

Here, PKVer_PK_idma(S'e,H'm) is a function that verifies whether the public key PK_idma of the management module has signed the hash value H'm with the digital signature S'e.

The hash value H'm is information used instead of the hash value Hm to distinguish the hash value Hm from the hash value Hm when the user receives the hash value Hm generated by the management module.

The user's registration and login method for a cloud-based artificial intelligence system according to the present invention integrates architecture based on blockchain and smart contracts, thereby strengthening the integrity of the machine learning pipeline of the cloud-based artificial intelligence system. There is an effect.

In addition, the user registration and login method for the cloud-based artificial intelligence system according to the present invention has an effect of preventing an attacker from impersonating a real user and infiltrating the cloud-based artificial intelligence system in advance.

In addition, the user's registration and login method for the cloud-based artificial intelligence system according to the present invention has an effect of tracking integrity and preventing data manipulation.

As described above, the main technical idea of the present invention is to provide a user registration and login method for a cloud-based artificial intelligence system according to the present invention, and the above-described embodiment with reference to the drawings is only one embodiment. However, the true scope of the present invention will be based on the claims, but will also extend to equivalent embodiments that may exist in various ways.

Claims (13)

Step 100, in which a user registers with a cloud platform; and
A 200th step of the user logging in to the cloud platform; and
The 100th step is
Step 101, wherein the user prepares hash value H1;
Step 102 of the user transmitting registration request information Tx1 including the user's blockchain address Addr_u and the hash value H1 to a first smart contract;
Step 103, wherein the first smart contract records the user's blockchain address Addr_u and hash value H'1 in the blockchain;
Step 104 of the first smart contract transmitting the user's blockchain address Addr_u and hash value H'1 to a management module and all nodes of the blockchain;
Step 105 of the management module storing the user's blockchain address Addr_u and hash value H'1 received from the first smart contract in a local database;
Step 106, wherein the user calculates digital signature S1 and encryption information R2;
Step 107, wherein the management module performs a verification process on encryption information R'2;
Step 108, when the verification process for the encryption information R'2 is completed, the management module sets user assignment information U_rl and stores R'1 and the user assignment information U_rl in the local database;
Step 109, wherein the management module prepares a user certificate U_cred from the R'1 and user allocation information U_rl;
Step 110, wherein the management module transmits transaction information Tx2 including the user's blockchain address Addr_u and user certificate U_cred to the first smart contract;
The first smart contract stores the user's blockchain address Addr_u and user credential U'_cred in the blockchain, and sends the management module and all nodes of the blockchain to the user's blockchain address Addr_u and user credential U'_cred. Step 111 of broadcasting;
Step 112, by the user, storing the user's blockchain address Addr_u and the user certificate U'_cred broadcasted by the first smart contract in a local storage;
Step 113, wherein the management module generates a response message including the user certificate U_cred, user assignment information U_rl, and digital signature Su; and
A 114 step of verifying the response message received by the user from the management module;
The hash value H'1 is information used instead of the hash value H1 to distinguish it from the hash value H1 when the first smart contract receives the hash value H1 generated by the user,
The encryption information R'2 is information used instead of the encryption information R2 to distinguish it from the encryption information R2 when the management module receives the encryption information R2 generated by the user,
Characterized in that the user credential U'_cred is information used instead of the user credential U_cred to distinguish the user credential U_cred generated by the management module from the user credential U_cred when the first smart contract is transmitted. How users register and log in to the cloud-based artificial intelligence system. According to claim 1,
Step 101 is
Step 101-1, wherein the user prepares R1 by using (Equation Equation) R1=Addr_u||name||H(pass)||email||t; and
A 101-2 step in which the user prepares the hash value H1 of R1 using (Equation Equation) H1 = H(R1);
The name is the user's name, the pass is the user's password, the H (pass) is the hash value of the user's password pass, the email is the user's email address, and the t is the current timestamp A user's registration and login method for a cloud-based artificial intelligence system characterized by According to claim 1,
Step 106 is
a step 106-1 in which the user generates the digital signature S1 for the hash value H1 using the user's private key SK_u as (Equation Equation) S1 = Sign_SK_u (H1); and
106, in which the user calculates the encrypted information R2 by encrypting the information concatenated with the R1 and the digital signature S1 using the public key PK_idma of the management module as (Equation Equation) R2 = E_PK_idma (R1||S1) - Step 2; A user's registration and login method for a cloud-based artificial intelligence system comprising a. According to claim 1,
The 107th step is
The management module decrypts the encrypted information R'2 with the private key SK_idma of the management module in (Equation) D_SK_idma(R'2) → R'1||S'1, and the R'1 and the digital signature S' Step 107-1 of acquiring '1';
a step 107-2 in which the management module calculates the hash value H"1 of R'1 using (Equation Equation) H"1 = H(R'1);
The management module compares the hash value H"1 calculated in step 107-2 with the hash value H'1 broadcast by the first smart contract, and the hash value H"1 and H'1 a 107-3 step of checking whether or not match;
When the hash values H"1 and H'1 match, the management module continues the verification process for the encryption information R'2, and when the hash values H"1 and H'1 do not match, the encryption information R Step 107-4 of stopping the verification process for '2'; and
Step 107-5 in which the management module inputs the digital signature S'1 and hash value H"1 to the PKVer_Addr_u function using (mathematical expression) PKVer_Addr_u(S'1,H"1) → True or False including:
The PKVer_Addr_u(S'1,H"1) is a function for verifying whether the user's blockchain address Addr_u signed the hash value H"1 with the digital signature S'1, cloud-based artificial intelligence, characterized in that How users register and log in to the system. According to claim 1,
The 109th step is
a step 109-1 in which the management module calculates the R3 obtained by concatenating the R'1 and the user allocation information U_rl using (Equation Equation) R3=R'1||U_rl;
a step 109-2 in which the management module calculates the user certificate U_cred, which is the hash value of R3, using (Equation Equation) U_cred = H(R3); and
A 109-3 step of the management module storing the user certificate U_cred in the local database; a user registration and login method for a cloud-based artificial intelligence system, comprising: According to claim 1,
Step 113 is
The management module generates the digital signature Su for the U_cred||H(U_rl) using the secret key SK_idma of the management module as (Equation Equation) Su=Sign_SK_idma (U_cred||H(U_rl)) Step 113-1; and
a step 113-2 in which the management module transmits the response message including the user certificate U_cred, the user allocation information U_rl, and the digital signature Su to the user, respectively; How to register and log in for users. According to claim 1,
The 114th step is
Step 114-1, wherein the user receives user certificate U"_cred, user assignment information U'_rl, and digital signature S'u from the management module;
114-2 step of the user comparing the user certificate U"_cred transmitted from the management module and the user certificate U'_cred transmitted from the first smart contract;
When the user certificates U"_cred and U'_cred match, the verification process for the response message continues, and when the user certificates U"_cred and U'_cred do not match, the verification process for the response message continues. Step 114-3 of stopping;
A step 114-4 in which the user verifies the digital signature S'u using (mathematical expression) PKVer_PK_idma(S'u,U"_cred||H(U'_rl)) → True or False; and
Step 114-5 of the user, if the output value of step 114-4 is true, terminating the verification process for the digital signature S'u;
The digital signature S'u is (mathematical expression) Sign_SK_idma(U_cred||H(U_rl))', which is digitally generated for (U_cred||H(U_rl))' using the secret key SK_idma of the management module. is a signature,
The PKVer_PK_idma(S'u,U"_cred||H(U'_rl)) verifies whether the public key PK_idma of the management module signed U"_cred||H(U'_rl) with the digital signature S'u. is a function that
The user certificate U"_cred is information used instead of the user certificate U_cred to distinguish it from the user certificate U_cred when the user receives the user certificate U_cred generated by the management module;
The user assignment information U'_rl is information used instead of the user assignment information U_rl to distinguish the user assignment information U_rl from the user assignment information U_rl when the user receives the user assignment information U_rl generated by the management module,
The cloud-based digital signature S'u is information used instead of the digital signature Su to distinguish the digital signature Su generated by the management module from the digital signature Su when the user receives the transmission. How to register and log in to the AI system of According to claim 1,
The 200th step is
Step 201, wherein the user prepares hash value H2 for login;
Step 202 of the user transmitting transaction information Tx3 including the user's blockchain address Addr_u and the hash value H2 to the first smart contract;
The first smart contract records the user's block chain address Addr_u and hash value H'2 in the block chain, and sends the management module and all nodes of the block chain the address Addr_u and hash value H of the user's block chain. Step 203 broadcasting '2;
Step 204 of the management module storing the user's block chain address Addr_u and hash value H'2 transmitted from the first smart contract in the local database;
Step 205, wherein the user calculates digital signature S2 and encryption information R5;
a step 206 in which the user transmits the encryption information R5 to the management module and requests log-in to the cloud platform through the management module;
Step 207, wherein the management module performs a verification process on encryption information R'5;
Step 208, when the verification process for the encryption information R'5 is completed, the management module outputs a notification message Msg indicating 'login successful';
Step 209, the management module transmits the notification message Msg, the hash value Hm, and the digital signature Se to the user to notify that the user has logged in to the cloud platform; and
Including; step 210 of the user verifying the digital signature S'e,
The hash value H'2 is information used instead of the hash value H2 to distinguish it from the hash value H2 when the first smart contract receives the hash value H2 generated by the user,
The encryption information R'5 is information used instead of the encryption information R5 to distinguish it from the encryption information R5 when the management module receives the encryption information R5 generated by the user,
The digital signature S'e is cloud-based information used instead of the digital signature Se to distinguish it from the digital signature Se when the user receives the digital signature Se generated by the management module. How to register and log in to the AI system of According to claim 8,
The 201st step is
a step 201-1 in which the user prepares the pwd, which is a hash value of the password pass of the user, by using (mathematical expression) pwd=H(pass); and
a step 201-2 in which the user prepares R4 by using (Equation Equation) R4=email||pwd||U_cred||t; and
A step 201-3 in which the user prepares the hash value H2 of R4 using (Equation Equation) H2 = H(R4);
The pass is the user's password, the email is the user's email address, the U_cred is the user credential, the t is the current timestamp, the R4 is the user's email address email, the user's password pwd, the user credential A user registration and login method for a cloud-based artificial intelligence system, characterized in that the information is concatenated with U_cred and the current timestamp t. According to claim 8,
Step 205 is
a step 205-1 in which the user generates the digital signature S2 for the hash value H2 using the user's private key SK_u as (Equation Equation) S2 = Sign_SK_u (H2); and
205-2, in which the user calculates the R5 by encrypting the information concatenated with the R4 and the digital signature S2 using the public key PK_idma of the management module as R5 = E_PK_idma (R4||S2) A user's registration and login method for a cloud-based artificial intelligence system comprising the steps; According to claim 8,
The 207th step is
The management module decrypts the encrypted information R'5 with the secret key SK_idma of the management module in (Equation) D_SK_idma(R'5) → R'4||S'2, and then R'4 and digital signature S'2 a 207-1st step of acquiring ;
a step 207-2 in which the management module checks whether user information is registered in the local database;
a step 207-3 in which the management module compares the user information received from the user with the user information stored in the local database and determines whether they match;
Step 207-4, if both steps 207-2 and 207-3 are true, the management module continues a verification process for the encryption information R'5;
a step 207-5 in which the management module checks the user allocation information U_rl in the local database;
Step 207-6, in which the management module calculates the hash value H"2 of R'4 using (Equation Equation) H"2 = H(R'4) if the user has access authority ;
The management module compares the hash value H"2 calculated by the management module and the hash value H'2 broadcast by the first smart contract, and the hash value H"2 and H'2 match. Step 207-7 of checking whether or not;
When the hash values H"2 and H'2 match, the management module continues the verification process for the encryption information R'5, and when the hash values H"2 and H'2 do not match, the encryption information R Step 207-8 of stopping the verification process for '5; and
Step 207-9 of the management module inputting the digital signature S'2 and the hash value H"2 to the PKVer_Addr_u function using (mathematical expression) PKVer_Addr_u(S'2,H"2) → True or False; including,
The user information is information including the user's email address email, the user's password pass, and the user certificate U_cred;
The PKVer_Addr_u(S'2,H"2) is a function for verifying whether the user's block chain address Addr_u signed the hash value H"2 with the digital signature S'2, cloud-based artificial intelligence, characterized in that How users register and log in to the system. According to claim 8,
Step 209 is
a step 209-1 in which the management module prepares a hash value Hm of the notification message Msg using (Equation Equation) Hm=H(Msg); and
and a step 209-2 in which the management module generates the digital signature Se for the hash value Hm using the private key SK_idma of the management module as (Equation Equation) Se=Sign_SK_idma(Hm). A user's registration and login method for a cloud-based artificial intelligence system. According to claim 8,
Step 210 is
Step 210-1, in which the user inputs the digital signature S'e and hash value H'm to the PKVer_PK_idma function using (mathematical expression) PKVer_PK_idma (S'e, H'm) → True or False. include,
The PKVer_PK_idma(S'e,H'm) is a function that verifies whether the public key PK_idma of the management module has signed the hash value H'm with the digital signature S'e;
The hash value H'm is cloud-based information used instead of the hash value Hm to distinguish it from the hash value Hm when the user receives the hash value Hm generated by the management module. How to register and log in to the AI system of

Images