WO2016114420A1 - Système de sécurité pour informations personnelles mettant en œuvre la génération de clé d'accès unidirectionnelle et procédé de sécurité associé - Google Patents

Système de sécurité pour informations personnelles mettant en œuvre la génération de clé d'accès unidirectionnelle et procédé de sécurité associé Download PDF

Info

Publication number
WO2016114420A1
WO2016114420A1 PCT/KR2015/000344 KR2015000344W WO2016114420A1 WO 2016114420 A1 WO2016114420 A1 WO 2016114420A1 KR 2015000344 W KR2015000344 W KR 2015000344W WO 2016114420 A1 WO2016114420 A1 WO 2016114420A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
key
masking
user
provider
Prior art date
Application number
PCT/KR2015/000344
Other languages
English (en)
Korean (ko)
Inventor
이재호
조용상
Original Assignee
한국교육학술정보원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국교육학술정보원 filed Critical 한국교육학술정보원
Priority to PCT/KR2015/000344 priority Critical patent/WO2016114420A1/fr
Publication of WO2016114420A1 publication Critical patent/WO2016114420A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a personal information security system by generating a one-way access key, and more particularly, to a personal information security system that implements irreversible encryption by using a one-way access key and increases security by using a dynamic key. It is about.
  • Personal information is information about a living individual that can recognize the individual through a name, social security number and video. This includes things that can be easily combined with other information, even if that information alone does not identify a particular individual.
  • personal information functions as an essential element for the formation, maintenance and development of society such as e-commerce, customer management, and financial transactions in the face of information society. Furthermore, personal information is also highly regarded as an asset value for profit generation from a company's point of view.
  • encryption technology for personal information protection is recognized as a core technology for the stability and reliability of social and economic activities based on the Internet and the protection of user privacy.
  • Public key cryptography is a representative method of encryption technology for personal information security. Public key cryptography uses the public key used for encryption and the private key used for decryption. Public key cryptography is an example of an asymmetric key scheme in which two keys are different from each other, as opposed to a symmetric key scheme using the same key.
  • the present invention has been made to solve the above-mentioned conventional problems, and provides a user with a personal information security system that can implement irreversible encryption using a one-way access key and increase the security using a dynamic key. Its purpose is to.
  • the present invention is implemented so that the user can determine which of his own data among the analysis data provided as a service using a matching key generated in the authorized authentication center to improve the stability and reliability of a personal information security system
  • the purpose is to provide it to the user.
  • the present invention can not confirm the exclusive use of the information once issued by using a one-way access key, and only temporarily used by using a dynamic key in the process of masking data and generating a matching key, and access of unauthorized persons
  • the purpose is to provide a user with a personal information security system that can effectively block and prevent risks caused by leakage.
  • Personal information security system through the one-way access key generation associated with an example of the present invention for realizing the above-described control, service provider for providing a predetermined service to a plurality of users;
  • a data provider including a database storing a plurality of data corresponding to each of the plurality of users, masking the plurality of data according to a request of the service provider, and issuing a masking key corresponding to the masking;
  • an authorized authentication center managing a key table in which issuance history for the masking key is registered and generating a matching key based on the issuance history registered in the key table, wherein the service provider provides the data provider with the plurality of authentication centers.
  • the data provider When requesting data for providing the service to a first user who is a part of the user, the data provider extracts first data that is at least a part of the plurality of data, and masks the extracted first data to service the service. Is provided to the provider, issuing a first masking key corresponding to the masking of the first data to provide to the authorized authentication center, the service provider generates analytical data associated with the service based on the masked first data And provide the generated analysis data to the first user.
  • the authentication center registers the first masking key in the key table, generates a first matching key for confirming analysis data corresponding to the first user, and converts the first matching key into the first matching key. Can be provided to the user.
  • the first user may identify the analysis data corresponding to the first user among the analysis data provided to the first user by using the first matching key.
  • the encryption of the first data may be unidirectional so that the analysis data provided to the first user cannot be decrypted with the masked first data or the first data.
  • the first matching key provided to the first user may not be decrypted by the first masking key or the masked first data.
  • masking of the extracted first data of the data provider may use a dynamic key that is dynamically changed at each request of the service provider.
  • the generation of the first matching key of the authorized authentication center may use a dynamic key that is dynamically changed at the request of the service provider.
  • the first matching key that is changed and generated at each request of the service provider may be accumulated and managed in the key table.
  • the personal information security system through the one-way access key generation associated with an example of the present invention for realizing the above-described control, the service provider for providing a learning analysis service to a plurality of users;
  • a data provider having a database storing a plurality of data related to learning analysis of each of the plurality of users, masking the plurality of data according to a request of the service provider, and issuing a masking key corresponding to the masking;
  • an authorized authentication center managing a key table in which issuance history for the masking key is registered and generating a matching key based on the issuance history registered in the key table, wherein the service provider provides the data provider with the plurality of authentication centers.
  • the data provider When requesting data for providing the learning analysis service to a first user who is a part of the user, the data provider extracts first data that is at least a part of the plurality of data, and masks the extracted first data. Providing to the service provider and issuing and providing a first masking key corresponding to the masking of the first data to the authorized authentication center, wherein the service provider is associated with the learning analysis service based on the masked first data. Generate analysis data, and generate the first analysis data; Providing the user, the authorized authentication center registers the first masking key in the key table, generates a first matching key for confirming analysis data corresponding to the first user, and generates the first matching key. It may be provided to the first user.
  • a service provider for providing a predetermined service to a plurality of users
  • a data provider including a database storing a plurality of data corresponding to each of the plurality of users, masking the plurality of data according to a request of the service provider, and issuing a masking key corresponding to the masking
  • an authorized authentication center that manages a key table in which issuance history for the masking key is registered and generates a matching key based on the issuance history registered in the key table.
  • the matching key generation step comprises: registering the first masking key in the key table; Generating a first matching key for identifying analysis data corresponding to the first user; And providing the first matching key to the first user.
  • the encryption of the first data may be unidirectional so that the analysis data provided to the first user cannot be decrypted with the masked first data or the first data.
  • the first matching key provided to the first user may not be decrypted by the first masking key or the masked first data.
  • masking of the extracted first data of the data provider may use a dynamic key that is dynamically changed at each request of the service provider.
  • the generation of the first matching key of the authorized authentication center may use a dynamic key that is dynamically changed at the request of the service provider.
  • the personal information security system is a service provider that provides a predetermined service to a plurality of users.
  • a data provider including a database storing a plurality of data corresponding to each of the plurality of users, masking the plurality of data according to a request of the service provider, and issuing a masking key corresponding to the masking;
  • an authorized authentication center for managing a key table in which issuance history for the masking key is registered, and for generating a matching key based on the issuance history registered in the key table.
  • the security method of the personal information security system includes the steps of: the service provider requesting the data provider for data for providing the service to a first user who is part of the plurality of users; Extracting, by the data provider, first data that is at least a portion of the plurality of data; The data provider masking the extracted first data; And the data provider issuing a first masking key corresponding to the masking of the first data, wherein the masked first data is provided to the service provider, and the service provider performs an analyzing step, The first masking key is provided to the accredited authentication center, the accredited authentication center performs a matching key generation step, and the analyzing step generates analysis data related to the service based on the masked first data.
  • the matching key generation step comprises: registering the first masking key in the key table; Generating a first matching key for identifying analysis data corresponding to the first user; And providing the first matching key to the first user.
  • the present invention can provide a user with a personal information security system that implements irreversible encryption using a one-way access key and increases security using a dynamic key.
  • the present invention is implemented so that the user can determine which of his own data among the analysis data provided as a service using a matching key generated in the authorized authentication center to improve the stability and reliability of a personal information security system Can be provided to the user.
  • the present invention can not confirm the exclusive use of the information once issued by using a one-way access key, and only temporarily used by using a dynamic key in the process of masking data and generating a matching key, and access of unauthorized persons It can provide a user with a personal information security system that can effectively block the risk and reduce the risks caused by the leak.
  • FIG. 1 illustrates one embodiment of a personal information security system that may be implemented in accordance with the present invention.
  • FIGS. 2 to 4 are flowcharts related to an example of a security method using a personal information security system of the present invention.
  • a service provider for providing a predetermined service to a plurality of users
  • a data provider including a database storing a plurality of data corresponding to each of the plurality of users, masking the plurality of data according to a request of the service provider, and issuing a masking key corresponding to the masking
  • an authorized authentication center that manages a key table in which issuance history for the masking key is registered and generates a matching key based on the issuance history registered in the key table.
  • the data provider When requesting data for providing the service to a first user who is a part of a plurality of users, the data provider extracts first data that is at least a part of the plurality of data, and masks the extracted first data to mask the extracted first data.
  • Provide to a service provider issue a first masking key corresponding to the masking of the first data, and provide the service to the authorized certification center, wherein the service provider provides analysis data related to the service based on the masked first data. And provide the generated analysis data to the first user.
  • the authentication center registers the first masking key in the key table, generates a first matching key for confirming analysis data corresponding to the first user, and converts the first matching key to the first user.
  • FIG. 1 illustrates one embodiment of a personal information security system that may be implemented in accordance with the present invention.
  • the personal information security system 100 of the present invention may include a service provider 10, a data provider 20, an authorized authentication center 30, and the like.
  • the above configuration is used to encompass individuals, corporations, associations, organizations and the like.
  • the components illustrated in FIG. 1 are not essential, the personal information security system 100 having more or fewer components may be implemented.
  • the components illustrated in FIG. 1 are connected to each other interdependently, and each component may be implemented separately or in combination with each other, as illustrated in FIG. 1.
  • the service provider 10 is an object that provides a predetermined service to the plurality of users 40.
  • the service provider 10 includes an analysis module 12 and provides a service to the user 40 by presenting the analysis data 2 analyzed by the analysis module 12 to the user 40.
  • the analysis module 12 analyzes the data masked by the data provider 20 and uses it for providing a service.
  • a representative example of the service may be a learning analysis service.
  • the service provider 10 analyzes data related to learning analysis of a plurality of users 40 (eg, grades, achievements, etc.) and presents the analyzed data to the user 40 to provide the learning analysis service. Can be provided.
  • the data provider 20 is an object that manages a plurality of data related to a service provided by the service provider 10.
  • the data provider 20 has a database 22, in which a plurality of data are stored and managed.
  • Each of the plurality of data stored in the database 22 includes information related to the services of the plurality of users 40.
  • the database 22 may store data related to the learning analysis of the user 40.
  • At least some of the data stored in the database 22 is transferred to the masking unit 24, and the masking unit 24 performs data masking and issues a masking key corresponding to the masking.
  • the data masked by the masking unit 24 is provided to the service provider 10, and the masking key is provided to the authorized authentication center 30.
  • the authorized authentication center 30 is an object that helps the user 40 to authenticate their data.
  • the authorized certification center 30 manages the key table 32, and the issue history for the masking key is registered in the key table 32.
  • the masking key provided from the data provider 20 is registered in the key table 32 through an encryption process.
  • the authorized authentication center 30 generates a matching key based on the issued history registered in the key table 32, and the matching key is provided to the user 40.
  • the matching key provided to the user 40 is used to determine the data matched to the user 40 among the analysis data 2.
  • the arrow in FIG. 1 shows the encryption direction of data.
  • the encryption of the data proceeds in one direction, and the data once encrypted is not decrypted.
  • irreversible encryption can be implemented and an efficient security system can be constructed.
  • the personal information security system 100 of the present invention is configured to use a dynamic key when a data masking process or a matching key is issued, and can compensate for a weak part of security and reinforce stability.
  • 2 to 4 are flowcharts related to an example of a security method using a personal information security system of the present invention.
  • the service provider 10 requests the data provider 20 for data for providing a service to a first user who is a part of a plurality of users (S100).
  • the data provider 20 extracts first data, which is at least a part of a plurality of data stored in the database 22, and delivers the first data to the masking unit 24, and the masking unit 24.
  • the extracted first data is masked.
  • step S200 may be performed using a dynamic key, and accordingly, new masking may be performed for each request of the service provider 10.
  • the masked first data is provided to the service provider 10, and the service provider 10 performs the analysis step shown in FIG. 3.
  • the service provider 10 generates analysis data 2 related to a service based on the masked first data (S210), and provides the analysis data 2 to the first user (S220). ).
  • the data provider 20 after the data provider 20 masks the first data, the data provider 20 issues a first masking key corresponding to the masking of the first data (S300).
  • the first masking key is provided to the authorized authentication center 30, and the authorized authentication center 30 performs the matching key generation step shown in FIG.
  • the authorized authentication center 30 encrypts the first masking key issued by the data provider 20 and registers it in the key table 32 (S310).
  • the authorized authentication center 30 generates a first matching key based on the issued history registered in the key table 32 (S320), and the first matching key is provided to the first user (S330).
  • step S320 Generation of the first matching key in step S320 is performed after receiving authentication from the first user. If there is no authentication of the first user, the authorized authentication center 30 does not generate the first matching key.
  • step S320 may be performed using a dynamic key, and thus a new matching key may be generated for each request of the service provider 10.
  • the newly generated matching key is accumulated and managed in the key table 32, and may be updated when the cumulative range is exceeded.
  • the first user uses the first matching key to identify the analysis data corresponding to the first user among the analysis data 2 provided from the service provider 10 (S400).
  • a user other than the first user among a plurality of users may not confirm analysis data corresponding to the first user.
  • the analyzing step of the service provider 10 shown in FIG. 3 and the matching key generation step of the authorized authentication center 30 shown in FIG. 4 may occur simultaneously or sequentially.
  • the data provider issues data through dynamic masking
  • the service provider provides a service to the user by using the masked data
  • the user provides a matching key granted by an authorized authentication center. It can be confirmed by matching their information among the analysis data using.
  • the present invention can further enhance the security of personal information through this process.
  • the present invention can also be embodied as computer readable codes on a computer readable recording medium.
  • Computer-readable recording media include all kinds of recording devices that store data that can be read by a computer system. Examples of computer-readable recording media include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage, and the like, and may also be implemented in the form of a carrier wave (for example, transmission over the Internet). Include.
  • the computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.
  • functional programs, codes, and code segments for implementing the present invention can be easily inferred by programmers in the art to which the present invention belongs.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un système de sécurité pour informations personnelles, qui peut mettre en œuvre un cryptage irréversible à l'aide d'une clé d'accès unidirectionnelle, et augmenter la sécurité à l'aide d'une clé dynamique. Selon un mode de réalisation de l'invention, ce système de sécurité pour informations personnelles mettant en œuvre la génération d'une clé d'accès unidirectionnel, peut comprendre : un fournisseur de services destiné à fournir un service prédéterminé à une pluralité d'utilisateurs; un fournisseur de données, qui comprend une base de données dans laquelle est stockée une pluralité d'éléments de données correspondant respectivement à la pluralité d'utilisateurs, masque la pluralité d'éléments de données conformément à une demande du fournisseur de services et émet une clé de masquage correspondant au masquage; et un centre de certification public destiné à gérer une table de clés dans laquelle un historique d'émission de la clé de masquage est enregistré, et à générer une clé de mise en correspondance sur la base de l'historique d'émission enregistré dans la table de clés.
PCT/KR2015/000344 2015-01-13 2015-01-13 Système de sécurité pour informations personnelles mettant en œuvre la génération de clé d'accès unidirectionnelle et procédé de sécurité associé WO2016114420A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/KR2015/000344 WO2016114420A1 (fr) 2015-01-13 2015-01-13 Système de sécurité pour informations personnelles mettant en œuvre la génération de clé d'accès unidirectionnelle et procédé de sécurité associé

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/KR2015/000344 WO2016114420A1 (fr) 2015-01-13 2015-01-13 Système de sécurité pour informations personnelles mettant en œuvre la génération de clé d'accès unidirectionnelle et procédé de sécurité associé

Publications (1)

Publication Number Publication Date
WO2016114420A1 true WO2016114420A1 (fr) 2016-07-21

Family

ID=56405957

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2015/000344 WO2016114420A1 (fr) 2015-01-13 2015-01-13 Système de sécurité pour informations personnelles mettant en œuvre la génération de clé d'accès unidirectionnelle et procédé de sécurité associé

Country Status (1)

Country Link
WO (1) WO2016114420A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495444A (zh) * 2018-09-30 2019-03-19 北京工业职业技术学院 一种加密请求处理方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040105549A1 (en) * 2002-11-15 2004-06-03 Nec Corporation Key mangement system and multicast delivery system using the same
US20080253567A1 (en) * 2001-08-01 2008-10-16 Toshihisa Nakano Encryption communications system
US20090257591A1 (en) * 2002-02-27 2009-10-15 Mithal Ashish K Method and system for facilitating search, selection, preview, purchase evaluation, offering for sale, distribution, and/or sale of digital content and enhancing the security thereof
US20120216034A1 (en) * 2011-02-23 2012-08-23 Xuemin Chen Method and system for securing communication on a home gateway in an ip content streaming system
US20140089658A1 (en) * 2012-09-27 2014-03-27 Yeluri Raghuram Method and system to securely migrate and provision virtual machine images and content

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080253567A1 (en) * 2001-08-01 2008-10-16 Toshihisa Nakano Encryption communications system
US20090257591A1 (en) * 2002-02-27 2009-10-15 Mithal Ashish K Method and system for facilitating search, selection, preview, purchase evaluation, offering for sale, distribution, and/or sale of digital content and enhancing the security thereof
US20040105549A1 (en) * 2002-11-15 2004-06-03 Nec Corporation Key mangement system and multicast delivery system using the same
US20120216034A1 (en) * 2011-02-23 2012-08-23 Xuemin Chen Method and system for securing communication on a home gateway in an ip content streaming system
US20140089658A1 (en) * 2012-09-27 2014-03-27 Yeluri Raghuram Method and system to securely migrate and provision virtual machine images and content

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495444A (zh) * 2018-09-30 2019-03-19 北京工业职业技术学院 一种加密请求处理方法
CN109495444B (zh) * 2018-09-30 2022-02-22 北京工业职业技术学院 一种加密请求处理方法

Similar Documents

Publication Publication Date Title
WO2019124610A1 (fr) Procédé d'authentification utilisant une séparation, puis le stockage distribué et combinaison d'informations personnelles utilisant une chaîne de blocs
WO2021137396A1 (fr) Procédé de service de certificat basé sur une preuve à connaissance nulle utilisant un réseau de chaîne de blocs, serveur de support de certification l'utilisant et terminal utilisateur l'utilisant
WO2014185594A1 (fr) Système et procédé à authentification unique dans un environnement vdi
Menges et al. Towards GDPR-compliant data processing in modern SIEM systems
WO2014069787A1 (fr) Sécurité par le biais d'orchestrateurs de métadonnées
WO2014003516A1 (fr) Procédé et appareil de fourniture de partage de données
WO2018216988A1 (fr) Système d'authentification de sécurité et procédé d'authentification de sécurité destinés à créer une clé de sécurité par combinaison de facteurs d'authentification de multiples utilisateurs
Watzlaf et al. VoIP for telerehabilitation: A risk analysis for privacy, security, and HIPAA compliance
WO2014061897A1 (fr) Procédé pour mettre en œuvre un service de confirmation de connexion et d'autorisation au moyen d'un terminal d'utilisateur mobile
WO2013125783A1 (fr) Appareil et procédé de création de livres électroniques et appareil et procédé de vérification de l'intégrité des livres électroniques
CN108921514B (zh) 一种基于互联网的企业移动办公系统
JP5668549B2 (ja) 秘匿分析処理方法、プログラム及び装置
WO2019125069A1 (fr) Système d'authentification à l'aide d'une séparation, puis d'une combinaison d'informations personnelles à l'aide d'une chaîne de blocs
WO2016114420A1 (fr) Système de sécurité pour informations personnelles mettant en œuvre la génération de clé d'accès unidirectionnelle et procédé de sécurité associé
CN117313158A (zh) 数据处理方法和装置
CN116708016A (zh) 一种敏感数据传输方法、服务器及存储介质
WO2021025403A2 (fr) Procédé de gestion de clé de sécurité et serveur de gestion de clé de sécurité
Wen et al. Blockchain-empowered contact tracing for COVID-19 using crypto-spatiotemporal information
Bhavnani et al. An extensive review of data security infrastructure and legislature
CN107222509A (zh) 一种基于云存储的网络Web服务数据保护方法和装置
WO2015076522A1 (fr) Procédé et système de sécurité internet utilisant un otid
CN112257084A (zh) 基于区块链的个人信息存储与监控方法、系统及存储介质
CN106027535A (zh) 校园网安全认证系统及方法
Alexander et al. E-Governance and Privacy in Pandemic Times
KR101650648B1 (ko) 단방향 접근키 생성을 통한 개인정보 보안 시스템 및 그 보안방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15878066

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15878066

Country of ref document: EP

Kind code of ref document: A1