KR20240013335A - Blockchain-based financial transaction security system - Google Patents

Abstract

The system according to one embodiment creates a transaction to register data to be shared, transmits it to a smart contract on the blockchain, fragments and decrypts the data, and uploads the data fragments and fragment decryption key to at least one data custodian. provider; A smart contract that records data registration details, data access permission details, and data custodian details, and approves access permission to data registered by the data provider; Data that stores and manages data transmitted from a data provider, and when receiving a data request from a given data requestor, checks whether the data requester has permission to access the data through a smart contract and delivers the data fragments and fragment decryption key to the data requester. keeper; and a data requester who obtains data access rights from a smart contract and obtains the original data using data fragments and fragment decryption keys provided by the data custodian.

Description

Blockchain-based financial transaction security system{BLOCKCHAIN-BASED FINANCIAL TRANSACTION SECURITY SYSTEM}

The examples below relate to technology that secures blockchain-based financial transactions.

Blockchain is a technology that uses specific encryption functions to share and update data among all participants without a central administrator, preventing data manipulation and making transactions transparent. Blockchain, also called a public transaction ledger, is a technology that prevents hacking that can occur when transacting with virtual currency.

While existing financial companies store transaction records on a centralized server, blockchain has decentralized features that prevent data falsification by sending transaction details to all users participating in the transaction and comparing them for each transaction. have

Therefore, the development of technology for a blockchain-based financial transaction security system that enhances the security of data in financial transactions is required.

Embodiments seek to provide a blockchain-based financial transaction security system.

Embodiments seek to safely obtain data from the network without the intervention of the data provider when the data requester obtains data access authority.

Embodiments are when a data provider registers data on the network and a data requester obtains data access rights through the network and requests data, and when the data provider does not need to know the data requester. By distributing and storing fragments of encrypted data for safe data transactions, we aim to prevent even the storage operator where the data is stored from obtaining the data, allowing only those who have access to the data to obtain the data.

According to one embodiment, in a blockchain-based financial transaction security system, a transaction to register data to be shared is created and transmitted to a smart contract on the blockchain, the data is fragmented and decrypted, and the data is sent to at least one data holder. Data providers who upload fragments and fragment decryption keys; A smart contract that records data registration details, data access permission details, and data custodian details, and approves access permission to data registered by the data provider; Stores and manages the data transmitted from the data provider, and when receiving a data request from a certain data requestor, verifies whether the data requestor has data access rights through the smart contract and sends the data fragments and fragment decryption key to the data requestor. data custodian; And it may include a data requester who obtains data access rights from the smart contract and obtains the original data using the data fragments and fragment decryption key provided by the data custodian.

In the system, the data registration details include data provider information, data fragment information, and data fragment keeper matching information, the data access authority details include details of who can access what data, and the data keeper The details may include the data custodian's storage endpoint information (server connection information), the capacity of data currently being stored, and the total storage capacity information.

The data provider encrypts the entire data by mixing the entire data bit by bit, divides the entire encrypted data into at least two fragments, and then encrypts each data fragment with a different public key, and the smart contract is executed by the data provider. Upon request, based on data storage server information including capacity information of each data storage server, match fragment data storage servers capable of storing fragment data, provide matching information to the data provider, and store the matching information, The data requestor may form a data permission acquisition request transaction including a public key for data permission authentication and transmit it to the smart contract.

The device according to one embodiment may be combined with hardware and controlled by a computer program stored in a medium to execute any one of the above-described methods.

Embodiments may provide a blockchain-based financial transaction security system.

In embodiments, when a data requestor obtains data access authority, data can be safely obtained from the network without the intervention of a data provider.

Embodiments are when a data provider registers data on the network and a data requester obtains data access rights through the network and requests data, and when the data provider does not need to know the data requester. By distributing and storing fragments of encrypted data for safe data transactions, even the storage operator where the data is stored cannot obtain the data, allowing only those who have access to the data to obtain the data.

1 is a diagram for explaining the configuration of a system according to an embodiment.
Figure 2 is a configuration diagram to explain a data security system for blockchain-based data transaction and storage in a decentralized system environment according to an embodiment.
Figure 3 is a diagram for explaining a data registration and acquisition process according to an embodiment.
Figure 4 is an exemplary diagram of the configuration of a device according to an embodiment.

Hereinafter, embodiments will be described in detail with reference to the attached drawings. However, various changes can be made to the embodiments, so the scope of the patent application is not limited or limited by these embodiments. It should be understood that all changes, equivalents, or substitutes for the embodiments are included in the scope of rights.

Specific structural or functional descriptions of the embodiments are disclosed for illustrative purposes only and may be modified and implemented in various forms. Accordingly, the embodiments are not limited to the specific disclosed form, and the scope of the present specification includes changes, equivalents, or substitutes included in the technical spirit.

Terms such as first or second may be used to describe various components, but these terms should be interpreted only for the purpose of distinguishing one component from another component. For example, a first component may be named a second component, and similarly, the second component may also be named a first component.

When a component is referred to as being “connected” to another component, it should be understood that it may be directly connected or connected to the other component, but that other components may exist in between.

The terms used in the examples are for descriptive purposes only and should not be construed as limiting. Singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, terms such as “comprise” or “have” are intended to designate the presence of features, numbers, steps, operations, components, parts, or combinations thereof described in the specification, but are not intended to indicate the presence of one or more other features. It should be understood that this does not exclude in advance the possibility of the existence or addition of elements, numbers, steps, operations, components, parts, or combinations thereof.

Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as generally understood by a person of ordinary skill in the technical field to which the embodiments belong. Terms defined in commonly used dictionaries should be interpreted as having a meaning consistent with the meaning in the context of the related technology, and unless explicitly defined in the present application, should not be interpreted in an ideal or excessively formal sense. No.

In addition, when describing with reference to the accompanying drawings, identical components will be assigned the same reference numerals regardless of the reference numerals, and overlapping descriptions thereof will be omitted. In describing the embodiments, if it is determined that detailed descriptions of related known technologies may unnecessarily obscure the gist of the embodiments, the detailed descriptions are omitted.

Embodiments may be implemented in various types of products such as personal computers, laptop computers, tablet computers, smart phones, televisions, smart home appliances, intelligent vehicles, kiosks, and wearable devices.

1 is a diagram for explaining the configuration of a system according to an embodiment.

Referring to FIG. 1, the device 100 encrypts the original data before dividing it into data fragments. By this, it is possible to ensure that the data keeper or the person who acquires the data fragments cannot infer even part of the original data.

The device 100 may record a decryption key for decrypting the encrypted original data in a smart contract on the blockchain.

The device 100 can store different data fragments encrypted by a plurality of data keepers so that the data keeper cannot obtain the data.

The device 100 can verify the integrity by recording the original data, data fragments, and hash values of the encrypted data fragments in a smart contract on the blockchain.

The device 100 stores the same data fragments in multiple data custodians so that the data fragments are not lost even if some custodians leave the network.

Figure 2 is a configuration diagram to explain a data security system for blockchain-based data transaction and storage in a decentralized system environment according to an embodiment.

Referring to Figure 2, the blockchain-based financial transaction security system (1) includes a data provider (20), a blockchain (smart contract) (30), a data custodian (storage server) (40), and a data requestor (50). do

The blockchain of the present invention may be a concept that includes various types of blockchain, such as a private blockchain, a public blockchain, or a mixture of private blockchain and public blockchain.

The data provider 20 and the data requester 50 may include one node on the blockchain.

The nodes that function as the data provider 20, smart contract 30, and data requester 50 are tablet PCs, laptops, personal computers, and smart phones. It may be one of a phone, a personal digital assistant (PDA), a smart TV, and a mobile communication terminal.

The data provider 20 owns the data and can register the data it wants to share with the smart contract 30 and upload data fragments and fragment decryption keys to a plurality of data custodians 40.

In this way, by having a plurality of data custodians store different encrypted data fragments, it is possible to prevent the data custodian from obtaining the data.

The data provider 20 can upload and store the same data fragments to multiple data custodians. As a result, data fragments are not lost even if some custodians leave the network, ensuring data availability.

The data custodian 40 stores and manages the data received from the data provider 20, and when receiving a data request, checks whether the data requester 50 has permission to access the data through the smart contract 30 and decrypts the data fragments and fragments. The key can be delivered to the data requester 50.

The data requester 50 obtains data access rights from the smart contract 30 and obtains the original data by requesting data fragments and fragment decryption keys from the data keeper 40.

Smart contracts 30 may exist on the blockchain to provide functionality for data transactions.

The smart contract 30 is a program installed on multiple nodes (servers, computers, etc.) that constitute a blockchain and is source code that is compiled into executable byte code and can be executed on at least one computing device. Once the smart contract 30 is installed on one node, it is propagated to other nodes in the blockchain, so that all nodes have a smart contract.

The smart contract 30 records data registration details, data access authority details, and data custodian details.

Data registration details may include data information, fragment information, and fragment and custodian matching information.

Data access rights details can include details about who can access what data.

Data custodian details may include storage endpoint information (server connection information) of the data custodian 40, the capacity of data currently being stored, and total storage capacity information.

By generating a transaction on the smart contract 30, the data provider 2) registers data, the data requester 50 obtains data access rights, and the data keeper 40 registers its storage. can do.

Figure 3 is a diagram for explaining a data registration and acquisition process according to an embodiment.

In the data registration method according to one embodiment, first, in the data preparation process, the entire data is encrypted and the data is divided into several fragments. At this time, the data fragments can be divided into bits or bytes. We then encrypt each fragment and obtain the hash value of the data for each of the previous steps.

In the data registration process, a transaction for data registration is generated, and at this time, the data hash values obtained in the data preparation process and the decryption key that can decrypt the data encrypted in the data preparation process can be recorded in the smart contract 30.

In the data holder matching process, each data fragment can be matched to each data holder (or data storage group).

The matching method may be directly selected by the data provider 20, may be randomly matched, or may be matched in the order of low data storage capacity or high data storage capacity. At this time, matching information must be recorded in the data registration history of the smart contract 30.

In the data acquisition method according to one embodiment, data rights are acquired through a smart contract 30 in the data rights acquisition process. At this time, the public key for data authority authentication is recorded in the smart contract.

In the data request process, the data requester 50 may request data fragments and decryption keys from the data custodians 50 that store the encrypted data fragments according to the data storage history recorded in the smart contract 30.

Each data keeper 50 verifies the data access authority of the data requester 50 on the smart contract 30, and encrypts the decryption key of the data fragment with the public key for data authority authentication recorded on the smart contract 30. It can be delivered to the data requester 50 along with the encrypted data fragments.

In the original data acquisition process, the data requester 50 decrypts the data fragment decryption key received from each data holder 40 with a secret key for data authority authentication of the data requester 50, and uses this decryption key to encrypt each data fragment. Decrypt the data fragments. The data requester 50 can obtain the original data by combining the decrypted data fragments into one data and decrypting the combined data using the original data decryption key recorded in the smart contract 30.

At this time, the data requester 50 can check whether the original data has been properly obtained by comparing the hash values in each data acquisition step, including the original data, with the hash values recorded in the smart contract 30.

Figure 4 is an exemplary diagram of the configuration of a device according to an embodiment.

Device 100 according to one embodiment includes a processor 101 and memory 102. Device 100 according to one embodiment may be the server or terminal described above. The processor may include at least one device described above with reference to FIGS. 1 to 3 or may perform at least one method described with reference to FIGS. 1 to 3 . The memory 102 may store information related to the above-described method or store a program in which the above-described method is implemented. Memory 102 may be volatile memory or non-volatile memory.

The processor 101 can execute programs and control the device 100. The code of the program executed by the processor 101 may be stored in the memory 102. The device 100 is connected to an external device (eg, a personal computer or a network) through an input/output device (not shown) and can exchange data.

The embodiments described above may be implemented with hardware components, software components, and/or a combination of hardware components and software components. For example, the devices, methods, and components described in the embodiments may include, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, and a field programmable gate (FPGA). It may be implemented using one or more general-purpose or special-purpose computers, such as an array, programmable logic unit (PLU), microprocessor, or any other device capable of executing and responding to instructions. A processing device may execute an operating system (OS) and one or more software applications that run on the operating system. Additionally, a processing device may access, store, manipulate, process, and generate data in response to the execution of software. For ease of understanding, a single processing device may be described as being used; however, those skilled in the art will understand that a processing device includes multiple processing elements and/or multiple types of processing elements. It can be seen that it may include. For example, a processing device may include a plurality of processors or one processor and one controller. Additionally, other processing configurations, such as parallel processors, are possible.

The method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded on a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, etc., singly or in combination. Program instructions recorded on the medium may be specially designed and configured for the embodiment or may be known and available to those skilled in the art of computer software. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical media such as CD-ROMs and DVDs, and magnetic media such as floptical disks. -Includes optical media (magneto-optical media) and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, etc. Examples of program instructions include machine language code, such as that produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter, etc. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

Software may include a computer program, code, instructions, or a combination of one or more of these, which may configure a processing unit to operate as desired, or may be processed independently or collectively. You can command the device. Software and/or data may be used on any type of machine, component, physical device, virtual equipment, computer storage medium or device to be interpreted by or to provide instructions or data to a processing device. , or may be permanently or temporarily embodied in a transmitted signal wave. Software may be distributed over networked computer systems and stored or executed in a distributed manner. Software and data may be stored on one or more computer-readable recording media.

Although the embodiments have been described with limited drawings as described above, those skilled in the art can apply various technical modifications and variations based on the above. For example, the described techniques are performed in a different order than the described method, and/or components of the described system, structure, device, circuit, etc. are combined or combined in a different form than the described method, or other components are used. Alternatively, appropriate results may be achieved even if substituted or substituted by an equivalent.

Therefore, other implementations, other embodiments, and equivalents of the claims also fall within the scope of the following claims.

Claims (3)

In a blockchain-based financial transaction security system,
A data provider that creates a transaction to register data to be shared and sends it to a smart contract on the blockchain, fragments and decrypts the data, and uploads the data fragments and fragment decryption key to at least one data custodian;
A smart contract that records data registration details, data access permission details, and data custodian details, and approves access permission to data registered by the data provider;
Stores and manages the data transmitted from the data provider, and when receiving a data request from a certain data requestor, verifies whether the data requestor has data access rights through the smart contract and sends the data fragments and fragment decryption key to the data requestor. data custodian; and
A data requester who obtains data access rights from the smart contract and obtains the original data using the data fragments and fragment decryption key provided by the data custodian.
containing
Blockchain-based financial transaction security system. According to paragraph 1,
The data registration details include data provider information, data fragment information, and data fragment keeper matching information,
The data access rights details include details of who can access what data, and the data holder details include the data keeper's storage endpoint information (server access information), the amount of data currently stored, and the total storage capacity information. containing
Blockchain-based financial transaction security system. According to paragraph 1,
The data provider encrypts the entire data by mixing the entire data bit by bit, divides the entire encrypted data into at least two fragments, and then encrypts each data fragment with a different public key,
At the request of the data provider, the smart contract matches fragment data storage servers capable of storing fragment data based on data storage server information including capacity information of each data storage server, and provides matching information to the data provider. , save matching information,
The data requestor forms a data permission acquisition request transaction including a public key for data permission authentication and transmits it to the smart contract.
Blockchain-based financial transaction security system.