WO2020171273A1 - 공개 원장 기반 크리덴셜 자율적 운영 시스템 및 방법 - Google Patents
공개 원장 기반 크리덴셜 자율적 운영 시스템 및 방법 Download PDFInfo
- Publication number
- WO2020171273A1 WO2020171273A1 PCT/KR2019/002268 KR2019002268W WO2020171273A1 WO 2020171273 A1 WO2020171273 A1 WO 2020171273A1 KR 2019002268 W KR2019002268 W KR 2019002268W WO 2020171273 A1 WO2020171273 A1 WO 2020171273A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- credential
- issuer
- information
- computing device
- authority information
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- the present invention relates to a credential operation system and method, and more particularly, to a credential autonomous operation system and method based on a public ledger.
- 1 is a diagram showing a conventional credential issuance and verification structure.
- the conventional credential issuance and verification structure has a centralized hierarchical structure as illustrated in FIG. 1.
- the root-level issuer has problems such as asymmetric information power and a single point of failure.
- the technical problem to be achieved by the present invention is that a credential issuer without the highest issuer can autonomously issue credentials within the range of attribute values assigned to them to a subordinate object directly under the highest level, and external subjects can verify the legality of the issued credential. It is to provide a decentralized open ledger-based credential autonomous operation system and method.
- An autonomous credential operation method based on a public ledger for solving the above technical problem includes registering credential issuance authority information in a public ledger of a blockchain platform, and in the public ledger. And verifying the credentials issued to the first computing device with reference to the registered credential issuance authority information.
- An autonomous credential operation method based on a public ledger for solving the above technical problem requests creation of credential issuance authority to a smart contract that is distributed on a blockchain platform and generates credential issuance authority information. And issuing a credential to satisfy the credential issuance authority information generated by the smart contract and registered in the public ledger of the blockchain platform, and providing it to the first computing device.
- the credential includes an attribute value for a predetermined attribute item.
- the credential issuance authority information includes an attribute value range assigned to a credential issuer for the predetermined property item and public key information of the credential issuer.
- the credential issued to the first computing device may include information on the credential issuer, an attribute value assigned to the credential issued to the first computing device, and an electronic signature of the credential issuer.
- the credential issuance authority information may further include credential issuer information and credential validity period information.
- a smart contract distributed to the blockchain platform may be executed according to a request of a credential issuer to generate the credential issuance authority information.
- the generated credential issuance authority information may be registered in the public ledger through a distributed agreement by a node included in the blockchain platform.
- the credential issuer may issue a credential by uniquely allocating an attribute value to the predetermined attribute item to the first computing device within a range of attribute values allocated to him.
- the predetermined property item may be one of a device address, a device extended unique identifier (EUI), an IP address, and a universally unique identifier (UUID).
- EUI device extended unique identifier
- UUID universally unique identifier
- An autonomous credential operation system based on a public ledger for solving the above technical problem is a blockchain platform that stores a public ledger in which credential issuance authority information is registered, and registered in the public ledger. And a second computing device that verifies a credential issued to the first computing device with reference to credential issuance authority information.
- An autonomous credential operating system based on a public ledger for solving the above technical problem requests the creation of credential issuance authority to a smart contract that is distributed on a blockchain platform and generates credential issuance authority information. And a credential issuer terminal for issuing a credential to satisfy the credential issuing authority information generated by the smart contract and registered in the public ledger of the blockchain platform and providing it to the first computing device.
- a credential issuer can autonomously issue a credential within a range of an attribute value assigned to a subordinate object of the credential without the highest issuer.
- external entities can also verify the legitimacy of credentials acquired through a communication path that is not reliable.
- 1 is a diagram showing a conventional credential issuance and verification structure.
- FIG. 2 is a configuration diagram of an autonomous credential operating system based on a public ledger according to an embodiment of the present invention.
- FIG. 3 is a diagram conceptually showing autonomous credential management based on a public ledger according to an embodiment of the present invention.
- FIG. 4 is a flowchart illustrating an operation process of a credential autonomous operating system based on a public ledger according to an embodiment of the present invention.
- ... unit and “... module” described in the specification mean a unit that processes at least one function or operation, which may be implemented by hardware or software or a combination of hardware and software.
- FIG. 2 is a configuration diagram of an autonomous credential operating system based on a public ledger according to an embodiment of the present invention.
- a credential autonomous operating system based on a public ledger includes a credential issuer terminal 100, a first computing device 200, a second computing device 300, and a blockchain platform 400. It may include.
- the open ledger-based autonomous credential operation system may include a plurality of credential issuer terminals 100, a first computing device 200, and a second computing device 300, respectively.
- the credential issuer terminal 100, the first computing device 200, the second computing device 300, and the blockchain platform 400 may exchange various types of information and data through the communication network 500.
- Communication network 500 is a local area network (LAN), metropolitan area network (MAN), wide area network (WAN), Internet, 2G, 3G, 4G, 5G mobile communication network, Bluetooth, It can include Wi-Fi, Wibro, satellite communication networks, LPWA (Low Power Wide Area) networks such as LoRa, Sigfox, etc., and the communication method can be wired or wireless, and any communication method can be used. .
- LAN local area network
- MAN metropolitan area network
- WAN wide area network
- Internet 2G, 3G, 4G, 5G mobile communication network
- 2G, 3G, 4G, 5G mobile communication network Bluetooth
- It can include Wi-Fi, Wibro, satellite communication networks, LPWA (Low Power Wide Area) networks such as LoRa, Sigfox, etc.
- LPWA Low Power Wide Area
- the credential issuer terminal 100, the first computing device 200 and the second computing device 300 are notebooks, desktops, laptops, server computers, smart phones, tablet computers, network servers, and gateway devices. And the like may be included, but the present disclosure is not limited thereto and may include all types of devices including a processor and a communication means.
- the credential issuer terminal 100 is a device used by a credential issuer.
- the credential issuer can issue a credential to his subordinate entity device.
- Credentials may include credential issuer information, credential attribute information, and electronic signature of credential issuer.
- Credential attribute information may include one or more attribute items.
- the credential issuer may issue a credential by allocating an attribute value from a range of attribute values allocated to the credential issuer for a predetermined attribute item. For example, if the predetermined attribute item included in the credential is an IP address, and the IP address range assigned to the credential issuer is '192.168.15.1 ⁇ 192.168.15.24', the credential issuer is an IP that falls within the IP address range.
- Credentials can be issued by assigning an address. It can be applied not only to IP addresses but also to data that can be expressed numerically in the form of a numerically inclusive relationship.
- the credential issuer may allocate a unique identifier to the lower entity device within the range allocated to the credential issuer, and issue a credential including a unique identifier assigned to the corresponding device.
- a credential issuer can issue a credential by assigning a device Extended Unique Identifier (EUI) to a LoRa device manufactured by him within the range allocated to him.
- EUI Extended Unique Identifier
- a device address can be assigned during the opening call processing procedure of a LoRa device to issue credentials.
- the first computing device 200 may receive a credential from a credential issuer, and provide it according to a request of the second computing device 300.
- the second computing device 300 may receive and verify the credentials from the first computing device 200.
- the blockchain platform 400 represents a network of a P2P structure composed of a plurality of nodes 410 operating according to a blockchain algorithm.
- node 410 represents a subject that configures a blockchain network and maintains and manages blockchain data based on a blockchain algorithm.
- the node 410 may be implemented as a computing device, but may also be implemented as a virtual machine.
- Each node 410 of the blockchain platform 400 verifies the validity of the transaction in response to a request to process a transaction occurring in the blockchain, records the verified transaction in new block data, and It propagates to each node 410 of 400).
- the transaction may include processing various types of information occurring on the blockchain platform 400.
- Each node 410 of the blockchain platform 400 stores blockchain data, which is a public ledger shared with each other by a predetermined distributed concensus algorithm, and the blockchain data is stored in a plurality of blocks. ) It can be configured in the form of a chain connected to data.
- Credential issuance authority information may be registered in the public ledger stored in the blockchain platform 400 according to the present invention. Credential issuance authority information will be described in more detail later.
- the blockchain platform 400 may provide a so-called “smart contract” function and a “dApp (decentralized application)” function based on a smart contract.
- the smart contract is a program code that is distributed on the blockchain platform 400 and is included in a block of blockchain data and executed. Smart contracts can be executed by external applications or services or other smart contracts.
- Each node 410 of the blockchain platform 400 may be equipped with a virtual machine for executing a smart contract. To this end, it may vary depending on the embodiment, but the smart contract may be compiled into bytecode executable in a virtual machine, distributed to the blockchain platform 400, and stored in the blockchain data. The smart contract's byte code can be executed by replacing it with an Op code in a virtual machine.
- a smart contract that generates credential issuance authority information at the request of the credential issuer may be executed on the blockchain platform 400.
- FIG. 3 is a diagram conceptually showing autonomous credential management based on a public ledger according to an embodiment of the present invention.
- the public ledger 10 is stored in the blockchain platform 400.
- the credential issuance authority information may be stored in the public ledger 10 through a distributed agreement of each node 410 of the blockchain platform 400.
- Credential issuance authority information may include credential issuer information ( ⁇ ), attribute value range assigned to credential issuer ( ⁇ ), credential validity period information ( ⁇ ), and credential issuer's public key information ( ⁇ ). have.
- the smart contract sends the'Company A'credential issuance authority information. Can be generated.
- 'Company A' may request creation of a credential issuance authority while paying a token or cryptocurrency used in the blockchain platform 400.
- ⁇ is'Company A'
- ⁇ is '192.168.15.1 ⁇ 192.168.15.24'
- ⁇ is '2019.01.01 ⁇ 2028.01.01'
- ⁇ is credential issuance authority information including'A company's public key'. It was shown that (11) is registered.
- The'A-1 Credentials' 20 issued to the device (A-1) include the IP address (192.168.15.5) and the credential issuer information (Company A), and use the'Company A'private key A signature (signature_A-1) may be included.
- the device B-1 (corresponding to the second computing device 300 in FIG. 1) belongs to a product family manufactured by Company B. Even if the device B-1 receives the'A-1 credential' 20 from the device A-1 through a communication path where reliability is not secured, the device B-1 is the blockchain platform 400 The legality of the'A-1 credential' 20 can be verified by referring to the public ledger 10 of
- the device (B-1) checks the credential issuer information ( ⁇ ) in the'A-1 credential' (20), and checks the credential issuance authority information (11) of company A registered in the public ledger (10). . And the device (B-1) checks that the IP address included in the'A-1 Credentials' 20 is within the attribute value range ( ⁇ ) assigned to Company A as '192.168.15.5'. In addition, the device B-1 can be verified using the credential valid period information ⁇ . In addition, the device B-1 can check the digital signature (signature_A-1) using the company A's public key information ( ⁇ ).
- the credential issuer is a device manufacturer
- the credential issuer may be a network operator who owns or manages network resources.
- FIG. 4 is a flowchart illustrating an operation process of a credential autonomous operating system based on a public ledger according to an embodiment of the present invention.
- the smart contract can be implemented as a code programmed to automatically generate the corresponding credential issuance authority information according to a predetermined rule when the request for generating the credential issuance permission transmitted from the credential issuer terminal 100 satisfies a predetermined condition. .
- the credential issuance authority information includes information about the credential issuer ( ⁇ ), the range of attribute values assigned to the credential issuer ( ⁇ ), information on the validity period of the credential ( ⁇ ), and the public key information of the credential issuer. ( ⁇ ) may be included.
- the credential issuer terminal 100 may transmit the credential issuer information ⁇ and the credential issuer's public key information ⁇ to the smart contract.
- the attribute value range ( ⁇ ) assigned to the credential issuer and the credential validity period information ( ⁇ ) may be determined according to a predetermined rule in the smart contract.
- the credential issuance authority information generated in step S410 may be registered in the public ledger 10 through a distributed agreement process by the node 410 constituting the blockchain platform 400 (S415).
- the credential issuer may issue a credential by allocating an attribute value from the attribute value range assigned to the credential issuer (S420).
- FIG. 3 it is shown that the credential issuer terminal 100 issues the credential to the first computing device 200, but issuing the credential to the first computing device 200 through another device of the credential issuer It is possible.
- the first computing device 200 may provide the issued credential to the second computing device 300 (S425).
- the second computing device 300 checks the credential issuance authority information registered in the public ledger 10 of the blockchain platform 400 (S430).
- the credential issued to the first computing device 200 may be verified with reference to the credential issuance authority information registered in the public ledger 10 (S435).
- the embodiments described above may be implemented as a hardware component, a software component, and/or a combination of a hardware component and a software component.
- the devices, methods, and components described in the embodiments include, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate (FPGA). array), programmable logic unit (PLU), microprocessor, or any other device capable of executing and responding to instructions, such as one or more general purpose computers or special purpose computers.
- the processing device may execute an operating system (OS) and one or more software applications running on the operating system.
- the processing device may access, store, manipulate, process, and generate data in response to the execution of software.
- OS operating system
- the processing device may access, store, manipulate, process, and generate data in response to the execution of software.
- the processing device is a plurality of processing elements and/or a plurality of types of processing elements. It can be seen that it may include.
- the processing device may include a plurality of processors or one processor and one controller.
- other processing configurations are possible, such as a parallel processor.
- the software may include a computer program, code, instructions, or a combination of one or more of these, configuring the processing unit to behave as desired or processed independently or collectively. You can command the device.
- Software and/or data may be interpreted by a processing device or to provide instructions or data to a processing device, of any type of machine, component, physical device, virtual equipment, computer storage medium or device. , Or may be permanently or temporarily embodyed in a transmitted signal wave.
- the software may be distributed over networked computer systems and stored or executed in a distributed manner. Software and data may be stored on one or more computer-readable recording media.
- the method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium.
- the computer-readable medium may include program instructions, data files, data structures, and the like alone or in combination.
- the program instructions recorded on the medium may be specially designed and configured for the embodiment, or may be known and usable to those skilled in computer software.
- Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical media such as CD-ROMs and DVDs, and magnetic media such as floptical disks.
- Examples of program instructions include not only machine language codes such as those produced by a compiler but also high-level language codes that can be executed by a computer using an interpreter or the like.
- the above-described hardware device may be configured to operate as one or more software modules to perform the operation of the embodiment, and vice versa.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Power Engineering (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims (14)
- 크리덴셜(credential) 발급 권한 정보를 블록체인 플랫폼의 공개 원장에 등록하는 단계, 그리고상기 공개 원장에 등록된 크리덴셜 발급 권한 정보를 참조하여 제1 컴퓨팅 장치에 발급된 크리덴셜을 검증하는 단계를 포함하고,상기 크리덴셜은 미리 정해진 속성 항목에 대한 속성값을 포함하며,상기 크리덴셜 발급 권한 정보는 상기 미리 정해진 속성 항목에 대해 크리덴셜 발급자에게 할당된 속성값 범위와 크리덴셜 발급자의 공개키 정보를 포함하는 공개 원장 기반 자율적 크리덴셜 운영 방법.
- 블록체인 플랫폼에 배포되어 크리덴셜 발급 권한 정보를 생성하는 스마트 컨트랙트에 크리덴셜 발급 권한 생성을 요청하는 단계, 그리고상기 스마트 컨트랙트에 의해 생성되어 상기 블록체인 플랫폼의 공개 원장에 등록된 크리덴셜(credential) 발급 권한 정보를 만족하도록 크리덴셜을 발급하여 제1 컴퓨팅 장치에 제공하는 단계를 포함하고,상기 크리덴셜은 미리 정해진 속성 항목에 대한 속성값을 포함하며,상기 크리덴셜 발급 권한 정보는 상기 미리 정해진 속성 항목에 대해 크리덴셜 발급자에게 할당된 속성값 범위와 크리덴셜 발급자의 공개키 정보를 포함하는 공개 원장 기반 자율적 크리덴셜 운영 방법.
- 제 1 항 또는 제 2 항에서,상기 제1 컴퓨팅 장치에 발급된 크리덴셜은,상기 크리덴셜 발급자 정보, 상기 제1 컴퓨팅 장치에 발급된 크리덴셜에 할당된 속성값 및 상기 크리덴셜 발급자의 전자서명을 포함하는 공개 원장 기반 자율적 크리덴셜 운영 방법.
- 제 3 항에서,상기 크리덴셜 발급 권한 정보는,크리덴셜 발급자 정보 및 크리덴셜 유효 기간 정보를 더 포함하는 공개 원장 기반 자율적 크리덴셜 운영 방법.
- 제 4 항에서,상기 블록체인 플랫폼에 포함된 적어도 하나의 노드에서, 크리덴셜 발급자의 요청에 따라 상기 블록체인 플랫폼에 배포된 스마트 컨트랙트가 실행되어 상기 크리덴셜 발급 권한 정보를 생성하고,상기 생성된 크리덴셜 발급 권한 정보는 상기 블록체인 플랫폼에 포함된 노드에 의한 분산 합의를 통해 상기 공개 원장에 등록되는 공개 원장 기반 자율적 크리덴셜 운영 방법.
- 제 5 항에서,상기 크리덴셜 발급자는 자신에게 할당된 속성값 범위에서 상기 제1 컴퓨팅 장치에 상기 미리 정해진 속성 항목에 고유하게 속성값을 할당하여 크리덴셜을 발급하는 공개 원장 기반 자율적 크리덴셜 운영 방법.
- 제 5 항에서,상기 미리 정해진 속성 항목은,디바이스 주소(Device Address), 디바이스 EUI(Extended Unique Identifier), 아이피 주소(IP Address) 및 UUID(Universally Unique Identifier) 중 하나인 공개 원장 기반 자율적 크리덴셜 운영 방법.
- 크리덴셜 발급 권한 정보가 등록되는 공개 원장을 저장하는 블록체인 플랫폼, 그리고상기 공개 원장에 등록된 크리덴셜 발급 권한 정보를 참조하여 제1 컴퓨팅 장치에 발급된 크리덴셜을 검증하는 제2 컴퓨팅 장치를 포함하고,상기 크리덴셜은 미리 정해진 속성 항목에 대한 속성값을 포함하며,상기 크리덴셜 발급 권한 정보는 상기 미리 정해진 속성 항목에 대해 크리덴셜 발급자에게 할당된 속성값 범위와 크리덴셜 발급자의 공개키 정보를 포함하는 공개 원장 기반 크리덴셜 자율적 운영 시스템.
- 블록체인 플랫폼에 배포되어 크리덴셜 발급 권한 정보를 생성하는 스마트 컨트랙트에 크리덴셜 발급 권한 생성을 요청하고, 상기 스마트 컨트랙트에 의해 생성되어 상기 블록체인 플랫폼의 공개 원장에 등록된 크리덴셜(credential) 발급 권한 정보를 만족하도록 크리덴셜을 발급하여 제1 컴퓨팅 장치에 제공하는 크리덴셜 발급자 단말을 포함하고,상기 크리덴셜은 미리 정해진 속성 항목에 대한 속성값을 포함하며,상기 크리덴셜 발급 권한 정보는 상기 미리 정해진 속성 항목에 대해 크리덴셜 발급자에게 할당된 속성값 범위와 크리덴셜 발급자의 공개키 정보를 포함하는 공개 원장 기반 크리덴셜 자율적 운영 시스템.
- 제 8 항 또는 제 9 항에서,상기 제1 컴퓨팅 장치에 발급된 크리덴셜은,상기 크리덴셜 발급자 정보, 상기 제1 컴퓨팅 장치에 발급된 크리덴셜에 할당된 속성값 및 상기 크리덴셜 발급자의 전자서명을 포함하는 공개 원장 기반 크리덴셜 자율적 운영 시스템.
- 제 10 항에서,상기 크리덴셜 발급 권한 정보는,크리덴셜 발급자 정보 및 크리덴셜 유효 기간 정보를 더 포함하는 공개 원장 기반 크리덴셜 자율적 운영 시스템.
- 제 11 항에서,상기 블록체인 플랫폼에 포함된 적어도 하나의 노드에서, 크리덴셜 발급자의 요청에 따라 상기 블록체인 플랫폼에 배포된 스마트 컨트랙트가 실행되어 상기 크리덴셜 발급 권한 정보를 생성하고,상기 생성된 크리덴셜 발급 권한 정보는 상기 블록체인 플랫폼에 포함된 노드에 의한 분산 합의를 통해 상기 공개 원장에 등록되는 공개 원장 기반 크리덴셜 자율적 운영 시스템.
- 제 12 항에서,상기 크리덴셜 발급자는 자신에게 할당된 속성값 범위에서 상기 제1 컴퓨팅 장치에 속성값을 고유하게 할당하여 크리덴셜을 발급하는 공개 원장 기반 크리덴셜 자율적 운영 시스템.
- 제 12 항에서,상기 미리 정해진 속성 항목은,디바이스 주소(Device Address), 디바이스 EUI(Extended Unique Identifier), 아이피 주소(IP Address) 및 UUID(Universally Unique Identifier) 중 하나인 공개 원장 기반 크리덴셜 자율적 운영 시스템.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/432,732 US12003496B2 (en) | 2019-02-22 | 2019-02-25 | System and method for autonomously operating public ledger-based credential |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020190021389A KR102250081B1 (ko) | 2019-02-22 | 2019-02-22 | 공개 원장 기반 크리덴셜 자율적 운영 시스템 및 방법 |
KR10-2019-0021389 | 2019-02-22 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020171273A1 true WO2020171273A1 (ko) | 2020-08-27 |
Family
ID=72145111
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2019/002268 WO2020171273A1 (ko) | 2019-02-22 | 2019-02-25 | 공개 원장 기반 크리덴셜 자율적 운영 시스템 및 방법 |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR102250081B1 (ko) |
WO (1) | WO2020171273A1 (ko) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102267735B1 (ko) * | 2020-11-18 | 2021-06-22 | 주식회사 케이사인 | 영지식 증명을 이용한 탈중앙화 신원증명 시스템 및 방법 |
KR102426736B1 (ko) * | 2020-12-11 | 2022-08-01 | 충남대학교 산학협력단 | 블록체인 상에서 개인정보보호를 위한 영지식 증명 생성 및 검증 스마트 컨트랙트 생성 시스템과 그 방법 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080162928A1 (en) * | 2006-12-27 | 2008-07-03 | General Instrument Corporation | Method and Apparatus for Distributing Root Certification |
US20140245409A1 (en) * | 2013-02-26 | 2014-08-28 | Rainer Falk | Extension of the Attributes of a Credential Request |
KR101680260B1 (ko) * | 2015-12-14 | 2016-11-29 | 주식회사 코인플러그 | 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법 |
US20180167222A1 (en) * | 2009-04-07 | 2018-06-14 | Secureauth Corporation | Identity-based certificate management |
KR20180089668A (ko) * | 2017-02-01 | 2018-08-09 | 주식회사 데일리인텔리전스 | 블록체인을 인증서 발급기관으로 이용해서 인증서를 관리하는 장치 및 방법 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102008000067C5 (de) * | 2008-01-16 | 2012-10-25 | Bundesdruckerei Gmbh | Verfahren zum Lesen von Attributen aus einem ID-Token |
US9912654B2 (en) * | 2009-11-12 | 2018-03-06 | Microsoft Technology Licensing, Llc | IP security certificate exchange based on certificate attributes |
KR101817152B1 (ko) | 2015-08-11 | 2018-02-21 | 한국전자통신연구원 | 신뢰된 권한 정보 제공 방법, 신뢰된 권한 정보를 포함하는 사용자 크리덴셜 발급 방법 및 사용자 크리덴셜 획득 방법 |
US9985964B2 (en) * | 2016-03-28 | 2018-05-29 | Black Gold Coin, Inc. | Systems and methods for providing block chain-based multifactor personal identity verification |
-
2019
- 2019-02-22 KR KR1020190021389A patent/KR102250081B1/ko active IP Right Grant
- 2019-02-25 WO PCT/KR2019/002268 patent/WO2020171273A1/ko active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080162928A1 (en) * | 2006-12-27 | 2008-07-03 | General Instrument Corporation | Method and Apparatus for Distributing Root Certification |
US20180167222A1 (en) * | 2009-04-07 | 2018-06-14 | Secureauth Corporation | Identity-based certificate management |
US20140245409A1 (en) * | 2013-02-26 | 2014-08-28 | Rainer Falk | Extension of the Attributes of a Credential Request |
KR101680260B1 (ko) * | 2015-12-14 | 2016-11-29 | 주식회사 코인플러그 | 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법 |
KR20180089668A (ko) * | 2017-02-01 | 2018-08-09 | 주식회사 데일리인텔리전스 | 블록체인을 인증서 발급기관으로 이용해서 인증서를 관리하는 장치 및 방법 |
Also Published As
Publication number | Publication date |
---|---|
KR102250081B1 (ko) | 2021-05-10 |
KR20200102852A (ko) | 2020-09-01 |
US20220116377A1 (en) | 2022-04-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11295246B2 (en) | Portable network interfaces for authentication and license enforcement | |
US11469964B2 (en) | Extension resource groups of provider network services | |
US8813225B1 (en) | Provider-arbitrated mandatory access control policies in cloud computing environments | |
US8365294B2 (en) | Hardware platform authentication and multi-platform validation | |
US7926086B1 (en) | Access control mechanism for shareable interface communication access control | |
WO2013062352A1 (ko) | 클라우드 컴퓨팅 서비스에서의 접근제어 방법 및 시스템 | |
US5664098A (en) | Dual decor capability for a host system which runs emulated application programs to enable direct access to host facilities for executing emulated system operations | |
US11563799B2 (en) | Peripheral device enabling virtualized computing service extensions | |
CN105579965A (zh) | 经由提供商定义接口的客户端驻地资源控制 | |
CN107480509A (zh) | 运维安全审计系统登录容器方法、系统、设备及存储介质 | |
US20200159555A1 (en) | Provider network service extensions | |
JP2014507736A (ja) | ソフトウェアライセンスコントロール | |
US11368462B2 (en) | Systems and method for hypertext transfer protocol requestor validation | |
US11520530B2 (en) | Peripheral device for configuring compute instances at client-selected servers | |
WO2020171273A1 (ko) | 공개 원장 기반 크리덴셜 자율적 운영 시스템 및 방법 | |
CN101548263B (zh) | 模拟用户和/或拥有者的不透明管理数据选项的方法和系统 | |
CN111885031B (zh) | 一种基于会话过程的细粒度访问控制方法及系统 | |
WO2017086757A1 (ko) | 보안 터널을 이용하여 타겟 장치의 보안을 제어하는 방법 및 장치 | |
CN100531053C (zh) | 一种设备管理的方法及系统 | |
CN113179285B (zh) | 视频物联网高性能密码服务方法、装置和系统 | |
WO2021061414A1 (en) | Peripheral device for configuring compute instances at client- selected servers | |
WO2021141150A1 (ko) | 블록체인 기반의 무선 네트워크 운영 방법 및 시스템 | |
WO2023080332A1 (ko) | 신뢰실행 환경 및 블록체인 기반 프라이버시 강화 자기주권 신원증명 시스템 및 방법 | |
WO2021137397A1 (ko) | 블록체인 네트워크 기반의 가상 공통 아이디 서비스 방법 및 이를 이용한 서비스 제공 서버 | |
US12003496B2 (en) | System and method for autonomously operating public ledger-based credential |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19916286 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19916286 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25/04/2022) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19916286 Country of ref document: EP Kind code of ref document: A1 |