WO2019221468A1 - Procédé pour la fourniture d'un service de nom de domaine personnel, et procédé et système de contrôle d'accès utilisant un nom de domaine personnel - Google Patents

Procédé pour la fourniture d'un service de nom de domaine personnel, et procédé et système de contrôle d'accès utilisant un nom de domaine personnel Download PDF

Info

Publication number
WO2019221468A1
WO2019221468A1 PCT/KR2019/005733 KR2019005733W WO2019221468A1 WO 2019221468 A1 WO2019221468 A1 WO 2019221468A1 KR 2019005733 W KR2019005733 W KR 2019005733W WO 2019221468 A1 WO2019221468 A1 WO 2019221468A1
Authority
WO
WIPO (PCT)
Prior art keywords
public key
domain name
private
communication terminal
domain
Prior art date
Application number
PCT/KR2019/005733
Other languages
English (en)
Korean (ko)
Inventor
이동훈
한만호
김경국
김상현
이고은
이용범
Original Assignee
주식회사 케이티
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020190054985A external-priority patent/KR102303273B1/ko
Application filed by 주식회사 케이티 filed Critical 주식회사 케이티
Publication of WO2019221468A1 publication Critical patent/WO2019221468A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a personal domain name service method and system for extracting and providing additional information matching a personal domain name using the personal domain description.
  • the domain name service is a service for changing a domain name recorded in English into an IP (Internet Protocol) address in the form of a number and corresponds to a known service currently available on the Internet.
  • IP Internet Protocol
  • a domain name server is established on the network, and the domain name server delivers an IP address to the terminal in response to a domain name query.
  • a technology for using a domain name expressed in another language instead of the domain name set in English has been developed.
  • the following patent document discloses a system for using domain names in a language desired by a user on the Internet.
  • the existing domain name is a simple form of responding only to an IP address, which may cause problems in terms of security. For example, if an IP address is obtained through a domain name, hacking, DDoS attacks, etc. may be attempted with the IP address.
  • the present invention has been proposed to solve such a problem, and registers a personal domain name for an individual only, and provides a personal domain that provides additional information to a terminal of a user who has successfully authenticated by authenticating a user based on the personal domain name and a service code.
  • the purpose is to provide a naming service method.
  • Another object of the present invention is to provide an access control method and system for selectively allowing access to a private network of a communication device based on a private domain name.
  • a method for providing a personal domain service that can obtain additional information, the service server, the domain including the personal domain name and the electronic signature transmitted from the user terminal Receiving a query message; If the electronic signature is successfully verified, acquiring, by the service server, additional information corresponding to the private domain name and at least one public key; And transmitting, by the service server, the additional information to the user terminal as the domain response.
  • the domain query message may include a usage ticket and a destination public key.
  • the service server may obtain the additional information corresponding to the destination public key, the user public key, and the personal domain name.
  • the acquiring of the additional information may include: generating, by the service server, an information request transaction including the personal domain name, the electronic signature, the destination public key, and the usage ticket to a blockchain network; Verifying, by the blockchain network, the electronic signature to extract the user public key from the electronic signature, and verifying whether the usage ticket has a value greater than a ticket used in the past; Checking, by the blockchain network, a block including the private domain name, the destination public key, and the user public key in a blockchain, and extracting additional information from the block if the verification of the use ticket is successful; And receiving, by the service server, the additional information from the blockchain network.
  • the method includes: receiving, by a domain management server, a domain registration request message from the user terminal, the domain registration request message including a personal domain name, additional information, a destination public key, and an electronic signature; Generating, by the domain management server, a domain registration transaction in the blockchain network including the private domain name, the destination public key, the additional information, and the electronic signature; And the blockchain network obtains a user public key by verifying an electronic signature included in the domain registration transaction, and extracts a new block including the user public key, the private domain name, the destination public key, and the additional information.
  • the method may further include generating and storing the blockchain in the blockchain.
  • the storing in the blockchain may include determining whether a block including the private domain name, the destination public key, and the user public key is already stored in the blockchain, if the blockchain network is not stored. A new block can be created and stored in the blockchain.
  • a method of controlling a connection of a private network using a private domain name includes a domain in which a service server includes a private domain name and an electronic signature transmitted from a communication terminal. Receiving a query message; If the electronic signature is successfully verified, acquiring, by the service server, a connection address of a private network corresponding to the private domain name and at least one public key; And sending, by the service server, the access address of the private network to the communication terminal as the domain response.
  • the method may include, after the transmitting, receiving, by the security device included in the private network, a connection request message including a usage ticket from the communication terminal; Verifying, by the security device, whether the usage ticket has a value greater than a usage ticket being stored; And if the security device succeeds in verifying the usage ticket, allowing the private network connection to the communication terminal.
  • the security device may verify a token in the access request message and verify whether the token matches a token issued in a blockchain network.
  • the acquiring of the access address may include verifying whether the public key of the communication terminal is already registered with the public key of the communication terminal that is accessible to the private network, and if the verification is successful, obtain the access address of the private network. have.
  • the acquiring the access address may include: generating, by the service server, an information request transaction including the private domain name, the electronic signature, and the public key of the security device to a blockchain network; Verifying, by the blockchain network, a block including the private domain name and the public key of the communication terminal by obtaining the public key of the communication terminal by verifying the electronic signature; And if the blockchain network checks whether or not the public key of the communication terminal is stored as an administrator public key or an accessible public key in the checked block, and obtains the access address of the private network in the block. It may include the step of transmitting to the service server.
  • a system for controlling a connection of a private network using a private domain name upon receiving a domain query message including a private domain name transmitted from a communication terminal, A service server obtaining a private domain name and a connection address of a private network corresponding to at least one public key and transmitting a connection address to the private network as the domain response to the communication terminal; And a security device that is in charge of security of the private network, verifies the communication terminal connected to the access address, and, if the verification of the communication terminal succeeds, permits private network access to the communication terminal.
  • the present invention has an advantage of providing the user with additional information matching the private domain name when the user inputs his or her personal domain name to verify the electronic signature of the user.
  • the present invention has an advantage of providing a user with a personal domain name that is easier to use, and providing a user-specific service based on the personal domain name.
  • the present invention can provide a personal domain name only for a user regardless of overlapping with an existing public domain name, thereby maximizing convenience in using a private domain name.
  • the present invention also has the effect of selectively allowing a communication device to access a private network using a private domain name, thereby helping to improve the security of the private network.
  • the present invention has the advantage of enhancing the stability of the personal domain name service by performing the verification several times for the personal domain name and the service code.
  • FIG. 1 is a diagram illustrating a configuration of a personal domain name service system according to a first embodiment of the present invention.
  • FIG. 2 is a flowchart illustrating a method of registering a private domain name according to the first embodiment of the present invention.
  • FIG. 3 is a flowchart illustrating a method of providing additional information as a response to a domain query according to the first embodiment of the present invention.
  • FIG. 4 is a diagram illustrating a configuration of a connection control system according to a second embodiment of the present invention.
  • FIG. 5 is a flowchart illustrating a method of sharing a public key between a user terminal and a security device according to a second embodiment of the present invention.
  • FIG. 6 is a flowchart illustrating a method of registering a private domain name according to a second embodiment of the present invention.
  • FIG. 7 is a flowchart illustrating a method of providing a connection address of a private network as a response to a domain query according to a second embodiment of the present invention.
  • FIG. 8 is a flowchart illustrating a method of connecting a user terminal to a private network based on a domain query response according to an embodiment of the present invention.
  • FIG. 9 is a flowchart illustrating a method of registering an access right of another terminal in an administrator terminal according to a third embodiment of the present invention.
  • FIG. 10 is a flowchart illustrating a method for acquiring a connection address of a private network by another terminal allowed to access a private network according to an embodiment of the present invention.
  • FIG. 11 is a flowchart illustrating a method for allowing another terminal access to a private network to access a private network according to an embodiment of the present invention.
  • FIG. 1 is a diagram illustrating a configuration of a personal domain name service system according to a first embodiment of the present invention.
  • the personal domain service system includes a user terminal 100, a domain management server 200, a service server 300, and a DNS server (Domain Name Service Server). 400 and the blockchain network 500.
  • a DNS server Domain Name Service Server
  • the communication network 600 includes a mobile communication network and a wired communication network.
  • the blockchain network 500 may also communicate with the domain management server 200 and the service server 300 through the communication network 600, or may communicate with another communication network.
  • the blockchain network 500 is connected to a plurality of nodes and performs verification of a transaction.
  • each node belonging to the blockchain network 500 performs a verification on this transaction when a transaction occurs.
  • each node included in the blockchain network 500 shares a blockchain in which a transaction is recorded and has a connection structure between blocks.
  • the transaction occurs when a private domain name is registered / deleted / changed or requests additional information.
  • the block may also include one or more public keys, additional information, private domain names, usage tickets, and digital signatures.
  • the use ticket is information generated based on the current year, date, and time, and may be time information in which the current year, date, and time are listed. In particular, a use ticket generated in the future is larger than a use ticket generated in the past. Has
  • each node included in the blockchain network 500 verifies the transaction, and if successful, the private domain name and one or more public keys and The corresponding additional information may be extracted from the blockchain and transmitted to the domain management server 200.
  • the additional information may include various information such as authentication information, IP address, address book, decryption key, encryption key, etc. according to the service type.
  • the user terminal 100 is a communication device owned by a user such as a smartphone, a tablet computer, a personal computer, a server, and the like.
  • the user terminal 100 is installed with a personal domain application 110 for a personal domain service.
  • the private domain application 110 generates a private key and a public key dedicated to the user.
  • a user may register a personal domain name using the personal domain application 110.
  • the personal domain application 110 generates a transaction including the electronic signature, the destination public key, the personal domain name, and additional information through the domain management server 200, and blocks the block including the transaction into the blockchain network 500 You can register at).
  • the personal domain application 110 of the user terminal 100 may obtain additional information based on the personal domain name.
  • the DNS server 400 performs a function of providing an IP address corresponding to the domain name.
  • the DNS server 400 checks the domain name in the domain name query, and if the domain name code is included in the domain name (hereinafter referred to as 'personal domain code'), the domain name query is transmitted to the service server. Forward to 300.
  • the service server 300 is a server for providing a personal domain name service, and when receiving a domain name query including a personal domain name and a service code (for example, a hexadecimal string) from the DNS server 400, the personal domain name,
  • the additional information corresponding to the destination public key and the user public key is obtained from the blockchain network 500, and the obtained additional information is provided to the user terminal 100.
  • the destination public key is a public key distributed by the destination node for which the additional information is used. For example, when the security information of the private network is recorded in the additional information, the destination public key may be the public key of the device included in the private network. have.
  • the service server 300 may verify whether the service code is included in the domain name, and if the verification is successful, may generate a transaction requesting additional information to the blockchain network 500.
  • the domain management server 200 registers, changes, or deletes the personal domain name in the blockchain network 500.
  • the domain management server 200 receives a request for registration of a personal domain name from the personal domain application 110 of the user terminal 100, an electronic signature, a personal domain name, a destination public key, and an addition generated using the user private key are added.
  • an electronic signature e.g., an electronic signature
  • a personal domain name e.g., an electronic signature
  • a personal domain name e.g., a destination public key
  • an addition generated using the user private key are added.
  • By generating a transaction including the information in the blockchain network 500 it is possible to register the personal domain name to the blockchain network 500.
  • domain management server 200 and the service server 300 have been described as being implemented separately from each other, the domain management server 200 and the service server 300 may be implemented as a single server.
  • FIG. 2 is a flowchart illustrating a method of registering a private domain name according to the first embodiment of the present invention.
  • the private domain application 110 generates a private key and a public key dedicated to a user (S201).
  • the domain name is input from the user, and a personal domain name is generated based on the received domain (S203).
  • the personal domain application 110 may add a personal domain code (eg, kt.tin) after the domain name.
  • a personal domain code eg, kt.tin
  • the personal domain application 110 adds a personal domain code 'kt.tin' after 'mycaemra' and then a personal domain of 'mycaemra.kt.tin'. You can create a name.
  • the personal domain application 110 may receive additional information from the user or extract additional information stored in the user terminal 100 to obtain additional information (S205).
  • the additional information may be various data such as an IP address, authentication information, an address book, a decryption key, an encryption key, a public key of a destination, and the like.
  • the personal domain application 110 generates a use ticket based on the current date and time, selects the user ticket as original data of the electronic signature, and electronically signs the user ticket with the user private key (S207).
  • the personal domain application 110 may include one or more of a personal domain name and additional information in addition to the use ticket, select as original text data, and electronically sign the selected original data with the user private key.
  • the personal domain application 110 also verifies the public key of the destination associated with the additional information.
  • the destination public key is a public key distributed by a node using additional information, and the user terminal 100 receives and stores a destination public key in advance, and the personal domain application 110 previously stores the destination.
  • the public key may be extracted from the user terminal 100 and checked.
  • the personal domain application 110 transmits a domain registration request message including the personal domain name, a usage ticket, a destination public key, additional information, and an electronic signature to the domain management server 200 (S209).
  • the domain management server 200 generates a domain registration transaction including the personal domain name, the usage ticket, the destination public key, additional information, and the electronic signature to the blockchain network 500 (S211), and the blockchain network (
  • Each node included in 500 obtains a user's public key by verifying an electronic signature included in the domain registration transaction.
  • each node included in the blockchain network 500 may obtain a user's public key from an electronic signature through an electronic signature verification algorithm.
  • the digital signature verification algorithm may be performed based on a smart contract.
  • each node stores and stores the block including the private domain name, the user public key, and the destination public key in the blockchain.
  • a duplicate check for the personal domain name is performed (S213).
  • it is checked whether a block having all of the user public key, the destination public key, and the private domain name exists.
  • any one of the user public key and the destination public key may be used in the present service. That is, in the present invention, when the user public key or the destination public key is different from each other, the same private domain may be used between users.
  • the blockchain network 500 indicates that the private domain name is duplicated.
  • the domain management server 300 requests the personal domain application 110 to reset the personal domain name.
  • the blockchain network 500 generates a block having the domain registration transaction if a block having all of the user public key, the destination public key, and the private domain name does not exist in the blockchain as a result of the duplicate check.
  • the private domain name and the user public key are stored in the blockchain (S215).
  • the blockchain network 500 notifies the domain management server 200 of the successful transaction (S217).
  • the domain management server 200 notifies the personal domain application 110 of the domain registration success response (S219).
  • the personal domain application 110 may delete additional information stored in the user terminal 100. That is, the personal domain application 110 may delete additional information stored in the user terminal 100 because the additional information is registered in the blockchain network 500 together with the personal domain name and the destination public key.
  • the user can use the personal domain application 110 to modify or delete the personal domain name.
  • the domain management server 200 performs a domain change transaction including an electronic signature signed by the user private key, a destination public key, an existing personal domain name, and a changed personal domain name. To the blockchain network 500.
  • the blockchain network 500 validates the digital signature verification and succeeds (ie, normally obtains the user public key from the digital signature), then the user public key, the destination public key, the existing private domain name, and the changed private domain Using a name, a block for changing an existing personal domain name to a personal domain name included in the domain change transaction is generated, and the block chain is extended by connecting the block and the existing block.
  • the domain management server 200 blocks a domain deletion transaction including the electronic signature, the destination public key, and the personal domain name signed with the user private key.
  • the blockchain network 500 verifies the digital signature and succeeds (ie, normally obtains the user public key from the electronic signature), using the user public key, the destination public key, and the private domain name, the private domain. Create a block to delete the name and connect it to an existing block and store it in the blockchain.
  • FIG. 3 is a flowchart illustrating a method of providing additional information as a response to a domain query according to the first embodiment of the present invention.
  • the personal domain application 110 receives a domain name from a user and generates a personal domain name based on the received domain name (S301).
  • the personal domain application 110 may add a personal domain code indicating the service of the personal domain after the domain name.
  • the personal domain application 110 may check the destination public key associated with the personal domain name in the user terminal 100.
  • the personal domain application 110 generates a user ticket based on the current date and time (S303). Subsequently, the personal domain application 110 electronically signs the usage ticket with the user's private key (S305). According to the embodiment, the personal domain application 110 may include the personal domain name in addition to the use ticket and select the original text data, and electronically sign the selected original data with the user's private key.
  • the personal domain application 110 converts the usage ticket, the destination public key and the electronic signature into a service code having a predetermined format (eg, a string in hexadecimal form) (S307),
  • the domain query message including the private domain name is transmitted to the DNS server 400 (S309).
  • the DNS server 400 checks whether or not a private domain code (eg, kt.tin) is included in the domain query message (S311). Subsequently, if the private domain code is not included in the domain query message, the DNS server 400 determines that the domain name included in the domain query message is a public domain name that is generally used, and thus the IP address corresponding to the domain name. Check and transmit to the user terminal 100. On the other hand, when the DNS server 400 includes a private domain code in the domain query message, the DNS server 400 determines that the queried domain name is a private domain name that is not generally used, and the service server 300 determines the domain query message. Transfer to (S313).
  • a private domain code eg, kt.tin
  • the service server 300 checks the service code and the personal domain name included in the domain query message, and checks whether the service code is recorded in a preset format (S315). That is, the service server 300 checks whether the service code is a preset number of digits in the normal range, and also checks whether the service code is converted into a preset format (eg, hexadecimal). If the service server 300 fails to check the service code, the service server 300 transmits a failure message indicating that it cannot provide a personal domain service to the personal domain application 110 of the user terminal 100. On the other hand, if the service server 300 successfully checks the service code, the service server 300 generates an information request transaction including the service code and the personal domain name to the blockchain network 500 (S317).
  • a preset format eg, hexadecimal
  • each node of the blockchain network 500 restores the service code included in the information request transaction to its original state (S319). That is, each node of the blockchain network 500 restores a use ticket, a destination public key, and a digital signature to a state before being converted into the service code. Restoring the usage ticket, the destination public key and the electronic signature may be performed based on the smart contract.
  • each node of the blockchain network 500 verifies the restored digital signature and extracts a user public key from the electronic signature (S321).
  • the blockchain network 500 may apply a digital signature to a predetermined signature verification algorithm to obtain a user public key from the electronic signature.
  • the nodes of the blockchain network 500 When the nodes of the blockchain network 500 successfully verify the electronic signature and obtain the user public key, the nodes check the restored use ticket (that is, the use ticket included in the information request transaction), and the user public key and the destination public.
  • the most recently stored block including the key and the private domain name is checked in the blockchain, and the value of the usage ticket included in the received information request transaction is compared with the usage ticket included in the most recently stored block.
  • the ticket is verified (S323).
  • the blockchain network 500 determines that the use ticket verification is successful if the use ticket included in the transaction is larger than the use ticket included in the most recently stored block. Otherwise, the blockchain network 500 fails to verify the use ticket. Process. Meanwhile, the blockchain network 500 may determine that data forgery has occurred when the blockchain network 500 fails to verify a use ticket.
  • Each node of the blockchain network 500 transmits the verification failure to the service server 300 when the usage ticket verification fails. Then, the service server 300 notifies the personal domain application 110 of the user terminal 100 that the verification of the personal domain has failed without providing additional information.
  • the blockchain network 500 determines whether the use chain verification is successful. If the use chain verification is successful, the blockchain network 500 generates a block including the information request transaction and connects it to an existing block, thereby storing the generated block in the blockchain (S325). As a result, the latest information of the use ticket is updated in the blockchain.
  • the blockchain network 500 checks the block including the private domain name, the destination public key and the user's public key in the blockchain, and extracts additional information from the block (S327).
  • the blockchain network 500 transmits the transaction processing message including the extracted additional information to the service server 300 (S329).
  • the service server 300 transmits the extracted additional information to the personal domain application 110 of the user terminal 100 as a response to the domain query (S331).
  • the personal domain application 110 transmits the domain query message including the service code and the personal domain name, additional information corresponding to the personal domain name, the user's public key, and the destination public key is used as response information. Can be received.
  • two public keys i.e., a destination public key and a user public key
  • a private domain name and additional information any one of the two public keys is private. It can be stored in the blockchain along with the domain name and additional information.
  • one public key ie, user public key or destination public key
  • additional information corresponding to the private domain name may be extracted from the blockchain network 500 and provided to the user terminal 100.
  • the service server 300 provides the IP address of the communication device 720 included in the private network 700 as additional information to the user terminal 100, the user terminal 100 based on the IP address (700).
  • connection control system includes a user terminal 100, a domain management server 200, Service server 300, DNS server 400, blockchain network 500, and private network 700.
  • FIG. 4 the components having the same reference numerals as the components of FIG. 1 include the functions described with reference to FIGS. 1 to 3.
  • the private network 700 is a network formed in a home or company and includes one or more communication devices 720, in particular a security device 710.
  • the communication device 720 is a communication device that can communicate, and may include, for example, a gateway, a router, an IP camera, an IPTV, an IP-based wall pad, and the like.
  • the security device 710 is included in the private network 700 and performs a function of managing security between the public communication network 600 and the private network 700.
  • the security device 710 analyzes the service code to determine whether the user terminal 100 can access the private network 700. Whether or not to authenticate and selectively allow the user terminal 100 to connect to the private network 700 according to the authentication result.
  • the security device 710 generates a private key and a public key and distributes the public key to the user terminal 100.
  • the security device 710 obtains and stores a user public key.
  • the security device 710 obtains the public key of the manager terminal, sets and stores the public key of the manager terminal as the public key for the manager. In addition to the public key of the manager terminal, the security device 710 stores the public key of another communication terminal allowed to access. The security device 710 records and manages a public key of another communication terminal allowed to access in an access permission list.
  • the security device 710 may be implemented in hardware or software or through a combination of hardware and software. In addition, the security device 710 may be coupled to the communication device 720 through a USB port or the like.
  • the security device 710 may perform short range wireless communication such as Bluetooth communication, Wi-Fi communication, infrared communication, Zigbee communication, or the like.
  • the blockchain network 500 stores, as additional information, information of the security device 710 such as a connection address (ie, security device IP address or communication device IP address) and serial number of the private network 700.
  • information of the security device 710 such as a connection address (ie, security device IP address or communication device IP address) and serial number of the private network 700.
  • the blockchain network 500 may verify the transaction and, if successful, extract the IP address corresponding to the private domain name and the user public key and transmit it to the service server 300. .
  • FIG. 5 is a flowchart illustrating a method of sharing a public key between a user terminal and a security device according to a second embodiment of the present invention.
  • the security device 710 when the security device 710 is installed in the private network 700, the security device 710 obtains an IP address of the communication device 720 included in the private network 700 (S501). .
  • the security device 710 may be a hardware module. In this case, the security device 710 may be combined or integrated with a core device that is responsible for data processing and relaying in the private network 700, such as a gateway or a router. .
  • the personal domain application 110 when the personal domain application 110 is installed in the user terminal 100, the personal domain application 110 generates a private key and a public key dedicated to the user (S503).
  • the user terminal 100 searches for a nearby security device 710 through short-range wireless communication (eg, Wi-Fi communication), and wirelessly connects the searched security device with a Wi-Fi protected setup (WPS) based on ( S505).
  • WPS Wi-Fi protected setup
  • an access password may be set in the security device 710, and when the user terminal 100 transmits the access password to the security device 710 and successfully authenticates the connection, the short-term wireless communication with the security device 710. Can be connected.
  • the personal domain application 110 of the user terminal 100 transmits the user public key to the security device 710 (S507), and the security device 710 stores the user public key (S509).
  • the security device 710 may store the user public key as an administrator public key.
  • the security device 710 generates its own private key and public key (S511). Subsequently, the security device 710 transmits security information including its serial number and the IP address of the communication device 720 included in the private network 700 and its public key to the user terminal 100 (S513). ).
  • the security device 710 may be implemented in a form that can communicate itself, in this case it may transmit its IP address to the user terminal 100. In other words, the security device 710 provides the IP address to the user terminal 100 when its IP address exists, while the IP device does not exist and the specific device of the private network 700. When combined with the, the IP address of the communication device 720 included in the private network 700 may be obtained and transmitted to the user terminal 100.
  • the user terminal 100 stores the security information and the public key of the security device 710 (S515).
  • the user terminal 100 and the security device 710 share a public key between each other, the user terminal 100 obtains the IP address of the communication device 720 included in the private network 700 do.
  • FIG. 6 is a flowchart illustrating a method of registering a private domain name according to a second embodiment of the present invention.
  • the personal domain application 110 receives a domain name from a user and generates a personal domain name by adding a personal domain code to the received domain name (S601). The personal domain application 110 then extracts the public key of the security device 710 as the destination public key associated with the personal domain name.
  • the personal domain application 110 extracts the security information of the private network 700 (ie, the communication device IP address, the serial number of the security device 710, etc.) and the user public key, along with the current time and date.
  • a usage ticket is generated on the basis of the step (S603).
  • the personal domain application 110 sets the generated use ticket as original text data and electronically signs the use ticket set using the original text data with the user private key (S605).
  • the personal domain application 110 may combine one or more of a personal domain name, the security information, and a usage ticket, and set the combined information as original data to digitally sign with the user private key.
  • the personal domain application 110 then sends a domain registration request message to the domain management server 200 including the personal domain name, the usage ticket, the security information, the destination public key (ie, the public device's public key), and the electronic signature. (S607).
  • the domain management server 200 generates the domain registration transaction including the personal domain name, the usage ticket, the security information, the destination public key (ie, the security device's public key), and the electronic signature to the blockchain network 500. (S609). Subsequently, each node included in the blockchain network 500 verifies the digital signature, and extracts a user public key from the digital signature.
  • the blockchain network 500 extracts the user public key, and includes all of the private domain name, the destination public key (ie, the security device's public key), and the user public key. Check whether the block is stored in the blockchain, and performs a duplicate check for the personal domain name (S611).
  • the blockchain network 500 generates a token if a block having all of the user public key, the public key of the security device, and the private domain name does not exist in the blockchain as a result of the duplicate check (S613).
  • the token may be a string of numbers, a string, or a combination of numbers and letters, which are randomly generated according to a preset algorithm (eg, a random number generation algorithm).
  • the token is used to authenticate access to the private network 700 of the user terminal 100.
  • the blockchain network 500 generates a block having the domain registration transaction and the token, and stores the personal domain name in the blockchain by connecting the generated block with an existing block (S615).
  • the blockchain network 500 stores the block in the blockchain by setting the user public key as a public key for the administrator.
  • the user public key is set as an administrator public key and stored in the blockchain.
  • the blockchain network 500 notifies the domain management server 200 of the success of the transaction (S617).
  • the domain management server 200 notifies the personal domain application 110 of the domain registration success response (S619).
  • the personal domain application 110 may delete security information stored in the user terminal 100 when the personal domain name is normally registered. That is, since the private domain application 110 is registered with the private domain name in the blockchain network 500, after storing only the public key of the security device 710, the IP address of the communication device 720, security The serial number of the device 710 may be deleted.
  • FIG. 7 is a flowchart illustrating a method of providing a connection address of a private network as a response to a domain query according to a second embodiment of the present invention.
  • the personal domain application 110 receives a domain name from a user and generates a personal domain name including the received domain name and a personal domain code (eg, kt.tin) (S701). Next, the personal domain application 110 generates a user ticket based on the current date and time (S703). Subsequently, the personal domain application 110 extracts the public key of the security device 710 that is being stored (S705). The public key of the security device 710 is used as the destination public key.
  • a personal domain name including the received domain name and a personal domain code (eg, kt.tin)
  • the personal domain application 110 electronically signs the use ticket with the user's private key (S707). Subsequently, the personal domain application 110 converts the use ticket, the destination public key (ie, the security device's public key), and the electronic signature into a service code having a predetermined format (eg, a string in hexadecimal form) (S709). In operation S711, the domain query message including the converted service code and the personal domain name is transmitted to the DNS server 400.
  • a service code having a predetermined format eg, a string in hexadecimal form
  • the DNS server 400 checks whether the personal domain code (eg, kt.tin) is included in the personal domain name included in the domain query message, and if the private domain code is included, the domain query message is sent. Transfer to the service server 300 (S713, S715).
  • the personal domain code eg, kt.tin
  • the service server 300 checks the service code and the personal domain name included in the domain query message, checks whether the service code has a preset normal range of digits, and also checks the service code in advance. It is checked whether it is converted into a set format (eg, hexadecimal) (S717). If the service server 300 successfully checks the service code, the service server 300 generates an information request transaction including the service code and the personal domain name to the blockchain network 500 (S719).
  • a set format eg, hexadecimal
  • each node of the blockchain network 500 restores the use ticket, the public key of the security device 710, and the electronic signature to the state before being converted into the service code (S721).
  • each node of the blockchain network 500 extracts a user public key from the digital signature by verifying the restored digital signature (S723).
  • Each node included in the blockchain network 500 successfully checks the digital signature and extracts the user's public key, confirms the restored use ticket (that is, the use ticket included in the information request transaction), and checks the user public key,
  • the blockchain network 500 identifies the most recently stored block containing the destination public key (ie, the public key of the security device) and the private domain name.
  • Each node included in the blockchain network 500 verifies the restored use ticket by comparing the restored use ticket with the use ticket included in the most recently stored block (S725). At this time, each node included in the blockchain network 500 determines that the use ticket verification is successful if the use ticket included in the information request transaction is larger than the use ticket included in the most recently stored block. If not, the validation of the ticket is considered to have failed.
  • each node included in the blockchain network 500 includes the user public key, the destination public key (ie, the security device's public key) and the private domain name, wherein the user public key is public for the administrator.
  • the access authority of the user terminal 100 is authenticated by checking whether a block set as a key or set as a public key to which the user public key is allowed to access is stored in the blockchain. That is, nodes of the blockchain network 500 search for whether a device addition transaction or domain registration transaction including the private domain name, the user public key, and the destination public key exists in the blockchain, thereby searching for the user terminal 100. Authenticate your private network access privileges.
  • the blockchain network 500 If both of the access right authentication and the use ticket verification succeed, the blockchain network 500 generates a block including the information request transaction, connects it with an existing block, and stores the generated block in the blockchain (S727). .
  • the blockchain network 500 checks a block in the blockchain including the private domain name, the user's public key and the destination public key (the public device's public key), and the IP of the communication device 720 in the block. Extract the address and token (S729).
  • the blockchain network 500 transmits a transaction processing message including the IP address and the token of the extracted communication device 720 to the service server 300 (S731).
  • the service server 300 transmits the IP address and token of the communication device 720 to the personal domain application 110 of the user terminal 100 in response to the domain query (S733).
  • the personal domain application 110 transmits a domain query message including a service code and a personal domain name
  • the IP corresponding to the private domain name, the user's public key, and the security device 710's public key is transmitted.
  • FIG. 8 is a flowchart illustrating a method of connecting a user terminal to a private network based on a domain query response according to an embodiment of the present invention. The procedure according to FIG. 8 proceeds after the procedure of FIG.
  • the personal domain application 110 checks the communication device IP address and the token of the private network 700 received from the service server 300 (S801), and converts to a predetermined format in step S709 of FIG. 7.
  • the access request message including the service code, the personal domain name, and the token is transmitted to the communication device 720 having the checked IP address (S801 and S803).
  • the security device 710 controlling the connection of the private network 700 converts the service code in the form of a certain format into the original use ticket, the public key (ie, the destination public key) and the electronic signature of the security device 710. After the restoration, the restored digital signature is verified to obtain a user public key from the electronic signature (S805).
  • the security device 710 checks the use ticket and the personal domain name included in the access request message, and uses the most recent use mapped with the personal domain name. Check the ticket in its own mapping table.
  • the security apparatus 710 compares the use ticket confirmed in the mapping table with the use ticket included in the access request message, and verifies the use ticket (S807). At this time, if the usage ticket included in the access request message is larger than the most recent usage ticket mapped with the personal domain name in the mapping table, the security device 710 determines that the usage ticket verification is successful. Treat the ticket as a failure to verify.
  • the security device 710 If the security device 710 fails to verify the usage ticket, the security device 710 transmits a connection not available message to the personal domain application 110 and blocks the access of the communication device 720 to the user terminal 100.
  • the security device 710 If the security device 710 succeeds in verifying the use ticket, it requests the domain management server 200 for token verification included in the access request message (S809). In this case, the security device 710 transmits the token, the user public key, the destination public key (ie, the security device's public key), and the personal domain name to the domain management server 200, and also uses a ticket for successful verification. The personal domain name is mapped and recorded in the mapping table to maintain the freshness of the use ticket.
  • the domain management server 200 transmits the token, the user public key, the destination public key (ie, the public key of the security device), and the private domain name to the blockchain network 500 to request token verification ( S811).
  • Each node of the blockchain network 500 then identifies a block that includes the user public key, a destination public key, and a private domain name, identifies a recently issued token in the block, and The token received from the domain management server 200 is verified whether it matches (S813).
  • the blockchain network 500 transmits the token verification result to the domain management server 200, and the domain management server 200 transmits the token verification result to the security device 710 (S815).
  • the security device 710 transmits a connection not available message to the personal domain application 110, and blocks the connection of the communication device 720 to the user terminal 100.
  • the terminal finally processes the user verification (S817), and transmits a message informing the permission of the access of the communication device to the personal domain application 110 (S819). , The user terminal 100 is allowed to access the communication device 720.
  • the personal domain application 110 may access the communication device 720 having the IP address through the security device 710 and use the service provided by the communication device 720 (S821).
  • the security device 710 requests the domain management server 200 to generate a token (S823).
  • the security device 710 transmits the user's public key, the destination public key (ie, the security device's public key), and the personal domain name to the domain management server 200.
  • the domain management server 200 generates a transaction requesting a token regeneration including the user public key, the destination public key, and the private domain name to the blockchain network 500 (S825), and one of the blockchain networks 500.
  • the above node regenerates the token (S827).
  • the node includes the regenerated token, the user public key, the destination public key (i.e., the security device's public key), and a private domain name, and generates a block indicating that the token has been reissued, and the block is an existing block. Connect to and save it on the blockchain.
  • the domain query message including the personal domain name is generated in the personal domain application 110
  • the regenerated token is obtained in the personal domain application 110.
  • the electronic signature verification may not be performed in the security device 710, but may be performed in the blockchain network 500.
  • the security device 710 transmits the service code received from the personal domain application 110 to the domain management server 200, and the domain management server 200 transmits the service code to the blockchain network 500.
  • the domain management server 200 may receive a user public key, which is a verification result of the electronic signature, from the blockchain network 500 and transmit the received user public key to the security device 710.
  • no token is used, and electronic signature and usage ticket verification may be performed at security device 710.
  • the generation of the token may be omitted in the blockchain network 500, and the security device 710 may selectively connect the private network 700 to the user terminal 100 based on the use ticket and the electronic signature. I can allow it.
  • two public keys that is, a destination public key and a user public key
  • a private domain name and security information can be stored on the blockchain along with private domain name and security information.
  • one public key ie, a user public key or a public key of a security device
  • security information corresponding to a private domain name may be extracted from the blockchain network 500 and provided to the user terminal 100.
  • a ticket or token corresponding to one public key ie, a user public key or a public key of a security device
  • a private domain name is extracted from the blockchain network 500, so that token verification or ticket verification is performed on the blockchain network ( 500).
  • the communication terminal 110 may map another user's public key to a private domain name and store the same in a blockchain to allow another user's communication terminal to access the private network 700.
  • the communication terminal 100 of the user is referred to as the first communication terminal, and the communication terminal of another user will be described as referring to the second communication terminal.
  • FIG. 9 is a flowchart illustrating a method of registering an access right of another terminal in an administrator terminal according to a third embodiment of the present invention.
  • the personal domain application when a personal domain application is installed in the second communication terminal, the personal domain application generates a private key and a public key of the second communication terminal (S901).
  • the personal domain application of the second communication terminal transmits the generated public key of the second communication terminal to the first communication terminal 100 (S903).
  • the second communication terminal may transmit a message including the public key of the second communication terminal and the address of the first communication terminal 100 as the destination to the first communication terminal 100, or short-range wireless communication Through the public key of the second communication terminal may be transmitted to the first communication terminal 100 through.
  • the personal domain application 110 of the first communication terminal 100 proceeds to register the second communication terminal as a terminal accessible to the private network 700.
  • the personal domain application 110 of the first communication terminal 100 receives a personal domain from an administrator and generates a personal domain name by adding a personal domain code behind the personal domain (S905).
  • the personal domain application 110 of the first communication terminal 100 extracts the public key of the security device 710, which is the destination public key (S907), sets the original text data, and sets the original text data to the first communication terminal 100. Digital signature is performed with the private key (S909). In this case, the personal domain application 110 of the first communication terminal 100 may use one or more of the public key or the personal domain name of the security device 710 as the original data. Subsequently, the personal domain application 110 of the first communication terminal 100 receives the access terminal addition request message including the personal domain name, the public key of the security device 710, the public key of the second communication terminal, and the electronic signature. To transmit to the domain management server 200 (S911).
  • the domain management server 200 transmits the device addition transaction including the personal domain name, the public key of the second communication terminal, the destination public key (ie, the public key of the security device), and the electronic signature to the blockchain network 500.
  • the destination public key ie, the public key of the security device
  • the electronic signature to the blockchain network 500.
  • Each node included in the blockchain network 500 verifies the electronic signature included in the device addition transaction, and extracts the public key of the first communication terminal 100 from the electronic signature (S915).
  • each node included in the blockchain network 500 verifies whether the public key (that is, the public key of the first communication terminal) extracted through electronic signature verification is registered in the blockchain as the public key for the administrator. (S917).
  • each node of the blockchain network 500 the public key (that is, the public key of the first communication terminal) extracted from the electronic signature, the private domain name and the destination public key (that is, the public key of the security device)
  • the public key of the first communication terminal 100 is determined by the blockchain and the public key of the first communication terminal 100 is set as the public key for the administrator. Verifies whether it is a public key.
  • the blockchain network 500 authenticates whether the first communication terminal 100 that registers a connection device to the private network 700 is an administrator terminal based on the public key and the private domain name.
  • the blockchain network 500 notifies the domain management server 200 that a device cannot be added unless the public key of the first communication terminal 100 is set as an administrator public key, and domain management.
  • the server 200 notifies the first communication terminal 100 that the addition of an access terminal has failed.
  • each node of the blockchain network 500 generates a token dedicated to the second communication terminal when the public key of the first communication terminal 100 is set as a manager public key.
  • Each node of the blockchain network 500 includes a new block including the device addition transaction and a token of the second communication terminal in which the public key of the second communication terminal is registered as a public key allowed to access the private network.
  • the new block is connected to the existing block and stored in the block chain. Accordingly, the second communication terminal is registered in the blockchain as a device that can access the private network 700.
  • the blockchain network 500 informs the domain management server 200 of the success of the transaction (S921). Then, the domain management server 200 notifies the first communication terminal 100 of the successful addition of the access terminal (S923). Subsequently, the personal domain application 110 of the first communication terminal 100 extracts the public key of the security device 710 and transmits the public key of the security device 710 to the second communication terminal (S925). .
  • the personal domain application 110 of the first communication terminal 100 proceeds to obtain a private network access address (S927). Specifically, the personal domain application 110 of the first communication terminal 100 electronically signs a new use ticket with the private key of the first communication terminal 100, as shown in FIG.
  • the public key and the digital signature of 710 are converted into a service code having a predetermined format.
  • the personal domain application 110 of the first communication terminal 100 transmits the domain query message including the service code and the personal domain name to the DNS server 400.
  • the domain query message is transmitted to the service server 300, and the service server 300 generates an information request transaction to the blockchain network 500, restores the service code to the original state in the blockchain network 500, and digitally signs it. Verify to obtain the public key of the first communication terminal 100, and performs the use ticket verification.
  • the service server 300 succeeds in verifying the usage ticket, a new block including the transaction is generated and stored in the blockchain, and the blockchain network 500 includes the private domain name, the public key of the security device 710, and the like.
  • the IP address of the communication device 720 corresponding to the public key of the first communication terminal 100 (that is, the connection address of the private network) and the token of the first communication terminal 100 are transmitted to the first communication terminal 100. do.
  • the personal domain application 110 of the first communication terminal 100 is the service code, personal domain name, the first communication
  • the device addition request message including the token of the terminal 100 and the public key of the second communication terminal is transmitted to the communication device 720 having the checked IP address (S929).
  • the security device 710 controlling the connection of the private network 700 acquires the device addition request message, and proceeds to the verification step, as in steps S805 to S817 of FIG. 8. Specifically, the security device 710 restores the service code to its original state, and if the verification is successful by performing the use ticket verification, the security device 710 maps the use ticket and the personal domain name to the mapping table and stores the mapping in the connection request message. Request the included token verification to the domain management server 200, and receives the token verification result performed in the blockchain network 500.
  • the security device 710 If any one of the use ticket verification and the token verification fails, the security device 710 notifies the first communication terminal 100 that the device cannot be added. On the contrary, if both the use ticket verification and the token verification succeed, the security device 710 checks whether the public key of the first communication terminal 100 is stored for the administrator, and thus, the first communication terminal 100. It is authenticated whether the user is an administrator (S931).
  • the security device 710 stores the public key of the second communication terminal included in the device addition request message in an access permission list. In operation S933, the device is successfully added to the first communication terminal 100.
  • the public key of the second communication terminal and the public key of another terminal can be registered as identification information of the terminal accessible to the blockchain and the security device 710.
  • FIG. 10 is a flowchart illustrating a method for acquiring a connection address of a private network by another terminal allowed to access a private network according to an embodiment of the present invention. Since FIG. 10 is similar to FIG. 7, in the description of FIG. 10, portions overlapping with FIG. 7 will be compressed and summarized, and the differences will be described mainly.
  • the personal domain application of the second communication terminal generates a personal domain name including a personal domain code based on a domain name input from a user, generates a use ticket based on a current date and time, and generates a first ticket.
  • the public key of the security device 710 received from the communication terminal 100 is extracted (S1001 to S1005).
  • the personal domain application of the second communication terminal sets the use ticket as the original data, electronically signs it with the private key of the second communication terminal, and uses the electronic signature, the use ticket and the public key of the security device 710 as the service code.
  • the domain query message including the service code and the domain name is transmitted to the DNS server 400 (S1011).
  • the DNS server 400 transmits the domain query message to the service server 300 as the domain query message includes the private domain code (S1013 and S1015). Then, the service server checks the service code included in the domain query message, and if successful, generates the information request transaction including the service code and the private domain name to the blockchain network 500 (S1017 and S1019).
  • the nodes of the blockchain network 500 restore the electronic signature included in the service code, the public key of the security device 710 and the use ticket, and then verify the restored electronic signature to publish the second communication terminal.
  • the key is extracted (S1021, S1023).
  • the nodes of the blockchain network 500 check whether there is a block including a device addition transaction or a domain registration transaction having the private domain name, the public key of the security device 710 and the public key of the second communication terminal.
  • the blockchain is searched for whether the private network access authority of the second communication terminal is checked (S1025). According to FIG. 10, a block including a device addition transaction having the private domain name, the public key of the security device 710, and the public key of the second communication terminal is described as being stored in the blockchain.
  • the blockchain network 500 After performing the use ticket verification (S1027), if the blockchain network 500 succeeds in both the access right verification and the use ticket verification, the blockchain network 500 generates a block including the information request transaction and connects the existing block to the existing block.
  • the generated block is stored in the block chain (S1029).
  • the blockchain network 500 may further include the IP address of the communication device 720 and the second communication in a block including the private domain name, the public key of the security device 710, and the public key of the second communication terminal 110.
  • the token of the terminal is extracted (S1031). Subsequently, the blockchain network 500 transmits a transaction processing message including the extracted IP address of the communication device 720 and the token of the second communication terminal to the service server 300 (S1033).
  • the service server 300 transmits the IP address of the communication device 720 and the token of the second communication terminal to the personal domain application of the second communication terminal in response to the domain query (S1035).
  • the second communication terminal registered by the manager terminal 110 transmits a domain query message including a service code and a personal domain name
  • the second communication terminal receives the IP address and token of the security device 710 as response information. do.
  • FIG. 11 is a flowchart illustrating a method for allowing another terminal access to a private network to access a private network according to an embodiment of the present invention.
  • the procedure according to FIG. 11 proceeds after the procedure according to FIG. 10.
  • FIG. 11 is similar to FIG. 8, in the reference description of FIG. 11, portions overlapping with FIG. 8 will be summarized by compression and described based on differences.
  • the personal domain application of the second communication terminal checks the communication device IP address of the private network 700 received from the service server 300 and the token of the second communication terminal (S1101), and the service code,
  • the connection request message including the personal domain name and the token is transmitted to the communication device 720 having the checked IP address (S1103).
  • the security device 710 of the private network 700 receives the access request message, restores the service code to its original state, and verifies the restored electronic signature to extract the public key of the second communication terminal ( S1105).
  • the security device 710 compares the value of the use ticket included in the connection request message with the value of the use ticket stored in the mapping table, and verifies forgery of the use ticket (S1107). Subsequently, the security apparatus 710 verifies whether the second communication terminal is a terminal capable of accessing the private network by checking whether the public key of the second communication terminal extracted through electronic signature verification is recorded in the access permission list. (S1109).
  • the security device 710 transmits a connection disable message to the second communication terminal, and blocks the connection to the second communication terminal.
  • the security device 710 requests the domain management server 200 for token verification included in the access request message (S1111).
  • the security device 710 transmits the token, the public key of the second communication terminal, the public key of the security device 120 and the private domain name to the domain management server 200, and furthermore, a usage ticket that has been successfully verified.
  • the personal domain name is mapped and recorded in the mapping table to maintain the freshness of the use ticket.
  • the domain management server 200 transmits the token, the public key of the second communication terminal, the public key of the security device 710 and the private domain name to the blockchain network 500, and requests token verification ( S1113).
  • the nodes of the blockchain network 500 identify a block including the public key of the second communication terminal, the public key of the security device 710 and the private domain name, and are connected to this block or this block.
  • the latest token recorded in the block is checked, and it is verified whether the latest token identified in the block and the token received from the domain management server 200 match (S1115).
  • the blockchain network 500 transmits the token verification result to the domain management server 200, and the domain management server 200 transmits the token verification result to the security device 710 (S1117).
  • the security device 710 If the security device 710 confirms that the token verification result is unsuccessful, the security device 710 transmits a connection not available message to the second communication terminal. On the other hand, if the security device 710 determines that the token verification result is successful, the user verification finally succeeds. In operation S1119, a message informing access permission of the communication device is transmitted to the second communication terminal in operation S1121, and the second communication terminal is allowed to access the communication device 720.
  • the personal domain application of the second communication terminal can access the communication device 720 having the IP address through the security device 710, and use the service provided by the communication device 720 (S1123).
  • the security device 710 requests the token regeneration to the domain management server 200 (S1125), and the domain management server 200 public key of the second communication terminal 110, security A token regeneration request transaction including the public key of the device 710 and the private domain name is generated to the blockchain network 500 (S1127).
  • the node of the blockchain network 500 regenerates the token, and includes the regenerated token, the public key of the second communication terminal 110, the public key of the security device 710, and a private domain name.
  • a block indicating that the reissue has been generated is generated, and the block is connected to an existing block and stored in the block chain (S1129).
  • the blockchain network 500 stores and manages a module for issuing a token, a module for verifying an electronic signature, a module for verifying a use ticket, a module for managing a public key of another terminal allowed to access a private network, and a connection address for a private network. Module to perform the functions of the above-described blockchain network 500 in the database.
  • the security device 710 has been described as performing the use ticket verification and token verification together, the user verification can be performed by performing only one of the use ticket verification or token verification.
  • the method of the present invention as described above may be implemented as a program and stored in a recording medium (CD-ROM, RAM, ROM, floppy disk, hard disk, magneto-optical disk, etc.) in a computer-readable form. Since this process can be easily implemented by those skilled in the art will not be described in more detail.
  • a recording medium CD-ROM, RAM, ROM, floppy disk, hard disk, magneto-optical disk, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé et un système pour la fourniture d'un service de nom de domaine personnel, le procédé et le système extrayant et fournissant des informations supplémentaires correspondant à un domaine personnel, au moyen d'une technologie de domaine personnel. Un procédé pour la fourniture d'un service de domaine personnel permettant d'acquérir des informations supplémentaires, selon un mode de réalisation de l'invention, comprend les étapes suivantes : la réception, par un serveur de service, d'un message d'interrogation de domaine contenant un nom de domaine personnel et une signature numérique transmise depuis un terminal d'utilisateur ; lorsque la signature numérique est vérifiée avec succès, l'acquisition, par le serveur de service, d'informations supplémentaires correspondant au nom de domaine personnel, et d'au moins une clé publique ; et la transmission, par le serveur de service, des informations supplémentaires en tant qu'un réponse de domaine, au terminal utilisateur.
PCT/KR2019/005733 2018-05-16 2019-05-13 Procédé pour la fourniture d'un service de nom de domaine personnel, et procédé et système de contrôle d'accès utilisant un nom de domaine personnel WO2019221468A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR20180056194 2018-05-16
KR10-2018-0056194 2018-05-16
KR1020190054985A KR102303273B1 (ko) 2018-05-16 2019-05-10 개인 도메인 네임 서비스 방법 및 개인 도메인 네임을 이용한 접속 제어 방법과 시스템
KR10-2019-0054985 2019-05-10

Publications (1)

Publication Number Publication Date
WO2019221468A1 true WO2019221468A1 (fr) 2019-11-21

Family

ID=68540579

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2019/005733 WO2019221468A1 (fr) 2018-05-16 2019-05-13 Procédé pour la fourniture d'un service de nom de domaine personnel, et procédé et système de contrôle d'accès utilisant un nom de domaine personnel

Country Status (1)

Country Link
WO (1) WO2019221468A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111507815A (zh) * 2020-04-20 2020-08-07 腾讯科技(深圳)有限公司 基于区块链的信息获取方法、装置、设备及存储介质
CN113055359A (zh) * 2021-02-25 2021-06-29 国网信息通信产业集团有限公司 基于区块链的IPv6域名数据隐私保护方法及相关设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130173769A1 (en) * 2011-12-30 2013-07-04 Time Warner Cable Inc. System and method for resolving a dns request using metadata
KR101534819B1 (ko) * 2014-05-09 2015-07-27 주식회사에어플러그 무선 단말기로부터 요청된 주소정보를 선택적으로 달리하여 제공하는 방법과 그 방법을 위한 장치
KR101652846B1 (ko) * 2016-01-21 2016-09-02 고려대학교 산학협력단 무인증서 공개키 암호 기반 웹서버 인증 방법
KR20180035473A (ko) * 2016-09-29 2018-04-06 주식회사 케이티 네트워크 접근 제어 시스템 및 방법
KR20180050476A (ko) * 2016-11-04 2018-05-15 주식회사 시큐아이 네트워크 보안 방법 및 그 장치

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130173769A1 (en) * 2011-12-30 2013-07-04 Time Warner Cable Inc. System and method for resolving a dns request using metadata
KR101534819B1 (ko) * 2014-05-09 2015-07-27 주식회사에어플러그 무선 단말기로부터 요청된 주소정보를 선택적으로 달리하여 제공하는 방법과 그 방법을 위한 장치
KR101652846B1 (ko) * 2016-01-21 2016-09-02 고려대학교 산학협력단 무인증서 공개키 암호 기반 웹서버 인증 방법
KR20180035473A (ko) * 2016-09-29 2018-04-06 주식회사 케이티 네트워크 접근 제어 시스템 및 방법
KR20180050476A (ko) * 2016-11-04 2018-05-15 주식회사 시큐아이 네트워크 보안 방법 및 그 장치

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111507815A (zh) * 2020-04-20 2020-08-07 腾讯科技(深圳)有限公司 基于区块链的信息获取方法、装置、设备及存储介质
CN113055359A (zh) * 2021-02-25 2021-06-29 国网信息通信产业集团有限公司 基于区块链的IPv6域名数据隐私保护方法及相关设备
CN113055359B (zh) * 2021-02-25 2023-01-31 国网信息通信产业集团有限公司 基于区块链的IPv6域名数据隐私保护方法及相关设备

Similar Documents

Publication Publication Date Title
WO2014171797A1 (fr) Procédé de sécurité de fichier et appareil associé
WO2013162296A1 (fr) Système d'exploitation de code, appareil à code et procédé de génération de super code
WO2018101727A1 (fr) Procédé et système de prévention de violation d'informations personnelles, dans lesquels une authentification biométrique et une division de phase d'un processus d'authentification sont combinées
WO2019093573A1 (fr) Système d'authentification de signature électronique sur la base d'informations biométriques, et procédé d'authentification de signature électronique associé
WO2014104507A1 (fr) Système et procédé d'ouverture de session sécurisée et appareil correspondant
WO2017111383A1 (fr) Dispositif d'authentification sur la base de données biométriques, serveur de commande relié à celui-ci, et procédé de d'ouverture de session sur la base de données biométriques
WO2014069783A1 (fr) Procédé d'authentification par mot de passe et appareil pour l'exécuter
WO2022102930A1 (fr) Système did utilisant une authentification par pin de sécurité basée sur un navigateur, et procédé de commande associé
WO2013157864A1 (fr) Procédé d'authentification d'utilisateur à l'aide d'une icône combinée à un motif d'entrée, et dispositif d'entrée de mot de passe
WO2020040525A1 (fr) Procédé et appareil d'authentification d'informations biométriques
WO2014185594A1 (fr) Système et procédé à authentification unique dans un environnement vdi
WO2014030889A1 (fr) Procédé et appareil de partage de contenu
WO2019221468A1 (fr) Procédé pour la fourniture d'un service de nom de domaine personnel, et procédé et système de contrôle d'accès utilisant un nom de domaine personnel
WO2014058130A1 (fr) Procédé de commande d'accès à un distributeur de réseau, et système pilote de réseau
WO2020186775A1 (fr) Procédé, appareil et dispositif de fourniture de données de service, et support de stockage lisible par ordinateur
WO2012099330A2 (fr) Système et procédé de délivrance d'une clé d'authentification pour authentifier un utilisateur dans un environnement cpns
WO2017105072A1 (fr) Dispositif d'authentification basé sur des informations biométriques et son procédé de fonctionnement
WO2017111483A1 (fr) Dispositif d'authentification basée sur des données biométriques, serveur de commande et serveur d'application relié à celui-ci, et procédé de commande associé
WO2021072881A1 (fr) Procédé, appareil et dispositif de traitement de demande fondée sur un stockage d'objet, et support de stockage
WO2015199271A1 (fr) Procédé et système de partage de fichiers sur p2p
WO2016021823A1 (fr) Procédé d'authentification d'utilisateur à l'aide d'un numéro de téléphone et d'un appareil nfc ou d'une balise
WO2021080316A1 (fr) Procédé et dispositif permettant d'effectuer une commande d'accès en utilisant un certificat d'authentification sur la base d'informations d'autorité
WO2020022700A1 (fr) Élément de sécurité de traitement et d'authentification de clé numérique et procédé de fonctionnement associé
WO2020122368A1 (fr) Système et procédé de sécurisation et de gestion de données dans un dispositif de stockage au moyen d'un terminal sécurisé
WO2022045691A1 (fr) Procédé de médiation d'une transmission d'actifs virtuels

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19802539

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19802539

Country of ref document: EP

Kind code of ref document: A1