WO2020189926A1 - Procédé et serveur permettant de gérer une identité d'utilisateur en utilisant un réseau à chaîne de blocs, et procédé et terminal d'authentification d'utilisateur utilisant l'identité d'utilisateur basée sur un réseau à chaîne de blocs - Google Patents

Procédé et serveur permettant de gérer une identité d'utilisateur en utilisant un réseau à chaîne de blocs, et procédé et terminal d'authentification d'utilisateur utilisant l'identité d'utilisateur basée sur un réseau à chaîne de blocs Download PDF

Info

Publication number
WO2020189926A1
WO2020189926A1 PCT/KR2020/003026 KR2020003026W WO2020189926A1 WO 2020189926 A1 WO2020189926 A1 WO 2020189926A1 KR 2020003026 W KR2020003026 W KR 2020003026W WO 2020189926 A1 WO2020189926 A1 WO 2020189926A1
Authority
WO
WIPO (PCT)
Prior art keywords
specific
user
identity
specific user
signature value
Prior art date
Application number
PCT/KR2020/003026
Other languages
English (en)
Korean (ko)
Inventor
어준선
송주한
이주민
Original Assignee
주식회사 코인플러그
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 코인플러그 filed Critical 주식회사 코인플러그
Publication of WO2020189926A1 publication Critical patent/WO2020189926A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present invention relates to a method and a server for managing a user's identity using a blockchain network, and a method and a terminal for authenticating a user using a user identity based on a blockchain network, and more specifically, from a user terminal.
  • a user ID generation transaction including the user ID generation data using the user address of and the first user signature value signed with the user master private key is obtained, the first user signature value is verified and the first user signature value If this is confirmed to be valid, register the user smart contract on the distributed ledger to execute the ID management contract registered on the distributed ledger of the blockchain network to create claims for user identities, and register the user smart contract on the distributed ledger.
  • the user terminal uses the user smart contract registration transaction ID to convert the address of the user smart contract registered in the distributed ledger as the user ID.
  • User self-claim data and user self-claim data including user ID, user-specific value processed with user identities, and a second user signature value signed with user ID and user-specific value with a user private key
  • the user self-claim registration request transaction including the third user signature value signed with the private key is obtained, the third user signature value is verified and the third user signature value is confirmed to be valid, and the user smart contract corresponding to the user ID is opened.
  • the present invention relates to a method and a terminal for authenticating a user by using the based user identity.
  • authentication information such as a personal certificate for user authentication in the prior art is stored in each authentication authority that has been authenticated, and the authentication information in which the user accesses each authentication information stored in a plurality of authentication institutions is stored. It is inconvenient to check the agency every time, and it is difficult for users to easily manage their own authentication information because each certification authority owns the authority for authentication information stored in each certification authority.
  • An object of the present invention is to solve all the above-described problems.
  • Another object of the present invention is to allow the user to own the authority for each user identities for user authentication.
  • Another object of the present invention is to facilitate management of each user identities for user authentication.
  • Another object of the present invention is to allow the user to directly manage access rights to user identities.
  • a claim for creating a claim for the identities of users and certification authorities Smart contracts are registered in a distributed ledger of a blockchain network composed of a plurality of blockchain nodes as user smart contracts and certification authority smart contracts, respectively, corresponding to users and certification authorities, and the user smart contracts and In a state in which the addresses on the distributed ledger for the authentication authority smart contracts are managed by the IDs of the users and the authentication authorities, (i) a specific user ID from a specific user terminal, a specific user specific identity for authentication, And responding to a request for registering a specific user specific identity claim including a specific claim type corresponding to the specific user specific identity, or (ii) the specific user ID from the specific user terminal and the specific user specific identity.
  • the at least one blockchain node verifies the second specific authentication authority signature value, and the second specific authentication authority If the signature value is valid, executing the specific user smart contract so that the specific user specific identity claim is registered in the distributed ledger; And (b) the at least one blockchain node registers a specific user specific identity claim registration transaction ID corresponding to a specific user specific identity claim registration transaction in which the specific user specific identity claim is registered in the distributed ledger.
  • the specific certification authority server By transmitting to the server, the specific certification authority server obtains a specific user specific identity claim ID corresponding to the specific user specific identity claim registered in the distributed ledger using the specific user specific identity claim registration transaction ID, and at least The specific claim signature value signed with the specific user specific identity with the private key of the specific certification authority and the specific user specific identity claim ID are transmitted to the specific user terminal, so that the specific user terminal determines the specific user specific identity claim ID. Making it possible to confirm the claim of the specific user-specific identity registered in the distributed ledger by using the distributed ledger; A method comprising a is provided.
  • a block chain node of a block chain network that manages a user's identity using a block chain network, comprising: a memory storing instructions for managing a user identity; And a processor that manages the user identity according to the instructions stored in the memory.
  • the processor is, (i) Claims smart contracts that generate claims for identities of users and certification authorities, respectively, user smart contracts and certification authority smart contracts in response to users and certification authorities. It is registered in a distributed ledger of a blockchain network composed of a plurality of block chain nodes, and the addresses on the distributed ledger for the user smart contracts and the authentication authority smart contracts are IDs of the users and the authentication authorities.
  • a blockchain node is provided, characterized in that it performs a process that enables the user to confirm the specific identity claim registered in the specific user.
  • a computer-readable recording medium for recording a computer program for executing the method of the present invention is further provided.
  • the user identities are stored by the user, it is possible to easily manage the respective user identities.
  • the present invention enables the user to directly manage access rights to user identities, thereby preventing user information from being exposed regardless of the user's will.
  • FIG. 1 schematically shows a system for managing user identities using a blockchain network according to an embodiment of the present invention
  • FIG. 2A and 2B schematically illustrate a method of generating a user ID, etc. in a method of managing user identity using a block chain network according to an embodiment of the present invention
  • 3A and 3B schematically illustrate a method of registering a user self-claim in a method of managing user identity using a block chain network according to an embodiment of the present invention
  • FIG. 4A and 4B schematically illustrate a method of adding and deleting a user key in a method of managing user identity using a block chain network according to an embodiment of the present invention
  • 5A and 5B schematically illustrate a method of backing up user data in a method of managing user identity using a blockchain network according to an embodiment of the present invention
  • FIG. 6 schematically shows a method of recovering user data in a method of managing user identity using a block chain network according to an embodiment of the present invention.
  • FIG. 7A and 7B schematically illustrate a method of registering a specific identity claim in a method of managing user identity using a block chain network according to an embodiment of the present invention
  • FIG. 8A and 8B schematically illustrate a method of deleting a specific identity claim in a method of managing user identity using a block chain network according to an embodiment of the present invention
  • 9A and 9B schematically illustrate another method of deleting a specific identity claim in a method of managing user identity using a block chain network according to an embodiment of the present invention.
  • FIGS. 10A and 10B schematically illustrate a method of authenticating a user using a user identity based on a blockchain network according to an embodiment of the present invention.
  • the system includes a user terminal 100, an authentication authority server 200, and a block chain node 300. It may include.
  • the user terminal 100 is a subject that manages the user identity, and may include a personal computer (PC), a mobile computer, a PDA/EDA, a mobile phone, a smartphone, a tablet, an IoT device, and the like. Further, the user terminal 100 is not limited thereto, and may include all devices such as a portable game machine, a digital camera, and a personal navigation system having a wired/wireless communication function.
  • the user terminal 100 includes a memory 110 that stores instructions for managing a user identity and a processor 120 that performs an operation for managing a user identity in response to instructions stored in the memory 110. can do. In this case, only one user terminal 100 is illustrated in FIG. 1, but this is for convenience of description, and the user terminal 100 may be formed of a plurality of pieces corresponding to each user.
  • the user terminal 100 is typically a computing device (e.g., a device that may include components of a computer processor, memory, storage, input and output devices, and other existing computing devices; electronic devices such as routers, switches, etc. Communication device; desired system using a combination of electronic information storage systems such as network attached storage (NAS) and storage area networks (SAN)) and computer software (i.e., instructions that make the computing device function in a specific way) It may be to achieve performance.
  • NAS network attached storage
  • SAN storage area networks
  • the processor of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, and a data bus.
  • the computing device may further include an operating system and a software configuration of an application that performs a specific purpose.
  • the authentication authority server 200 authenticates user identities, and authenticates the user identities in response to the instructions stored in the memory 210 and the memory 210 storing instructions for user identity authentication. It may include a processor 220 that performs an operation for.
  • the certification authority server 200 is composed of a plurality of certification bodies corresponding to each certification authority that authenticates the user identity. I can.
  • the certification authority server 200 is typically a computing device (e.g., a device that may include components of a computer processor, memory, storage, input and output devices, and other conventional computing devices; routers, switches, etc.).
  • Electronic communication devices e.g., electronic communication devices; electronic information storage systems such as network attached storage (NAS) and storage area networks (SAN)) and computer software (i.e., instructions that allow the computing device to function in a specific way). It may be to achieve system performance.
  • NAS network attached storage
  • SAN storage area networks
  • the blockchain node 300 stores and manages claims corresponding to user identities or information related to claims, and may be a server constituting a blockchain network, and stores instructions for user identity management. It may include a memory 310 and a processor 320 that performs an operation for user identity management in response to instructions of the memory 310.
  • FIG. 1 shows the block chain nodes 300 as six, this is for convenience of description, and the number of the block chain nodes 300 is not limited thereto.
  • the blockchain node 300 is specifically, the information management server 200 typically includes a computing device (e.g., a computer processor, memory, storage, input device and output device, other components of the existing computing device.
  • a computing device e.g., a computer processor, memory, storage, input device and output device, other components of the existing computing device.
  • the system for managing the user's identity using the blockchain network may further include a service providing server (not shown), and the service providing server may perform user authentication using the user identity, etc.
  • a service desired by the user may be provided.
  • the service providing server may typically achieve a desired system performance by using a combination of a computing device and computer software.
  • a method of managing user identities using a system for managing user identities using a block chain network will be described as follows.
  • a method of generating a user ID, etc. in the method of managing user identity using a block chain network according to an embodiment of the present invention will be described with reference to FIG. 2A.
  • the user terminal (100) In the state in which the user runs the identity management app installed in the user terminal 100 to generate a user private key and a user public key, and generates a user address using the user public key, the user terminal (100), for example, by executing an identity management app installed in the user terminal 100 so that the user ID generation transaction is transmitted to the blockchain network (S1).
  • the user ID generation transaction may include user ID generation data using a user address and a first user signature value in which the user ID generation data is signed with a user master private key.
  • the user master private key may be a user private key.
  • At least one block chain node 300 among a plurality of block chain nodes constituting the block chain network verifies (S2) the first user signature value included in the user ID generation transaction.
  • At least one blockchain node 300 executes a digital signature verification module registered in the distributed ledger on the blockchain network, and refers to the first user signature value and user ID generation data, and the user corresponding to the user master private key You can have them acquire the master public key. That is, at least one blockchain node 300 transmits the first user signature value and user ID generation data to the digital signature verification module registered in the distributed ledger on the blockchain network, and the digital signature verification module is A user master private key corresponding to the user master private key used for signing the first user signature value is obtained by using the user signature value and user ID generation data. In addition, the at least one blockchain node 300 checks whether the first comparison target data and the user ID generation data checked from the first user signature value match using the acquired user master public key Is verified to be valid.
  • the user terminal 100 further includes and transmits the user master public key corresponding to the user master private key in the user ID generation transaction, so that at least one blockchain node 100 uses the user master public key. It is verified whether the first user signature value is valid by checking whether the first comparison target data checked from the first user signature value and the user ID generation data match.
  • At least one blockchain node 300 executes an ID management contract registered in the distributed ledger of the blockchain network to create a claim for user identities. Register the contract on the distributed ledger (S3).
  • At least one blockchain node 300 transmits the user smart contract registration transaction ID corresponding to the user smart contract registration transaction for registering the user smart contract on the distributed ledger to the user terminal 100 (S4).
  • the user terminal 100 checks whether the user smart contract is registered on the distributed ledger by using the user smart contract registration transaction ID (S5), and by agreement of the blockchain nodes 300 constituting the blockchain network, the user
  • the user smart contract address which is the location information of the user smart contract registered
  • the acquired user smart contract address is used as the user ID to the user terminal 100. You will register.
  • the user terminal 100 must directly transmit a user ID generation transaction to the blockchain network, so that the user terminal 100 must pay the transaction fee on the blockchain network.
  • the user terminal 100 may not directly pay the transaction blood, but may allow the user terminal 100 to pay the transaction blood through another device.
  • the user terminal 100 may not pay the transaction blood for the user ID generating transaction, but the proxy server 150 may be allowed to pay the transaction blood.
  • the user terminal 100 transmits a user ID generation transaction to the proxy server 150 (S1-1).
  • the proxy server 150 transmits the first proxy server signature value signed by the proxy server master private key of the proxy server 150 and the user ID generation transaction to the blockchain network (S1-2).
  • the blockchain network (S1-2)
  • at least one blockchain node 300 constituting the blockchain network verifies the first proxy server signature value (S1-3), and if the first proxy server signature value is valid, the first user signature value Is verified (S2).
  • at least one blockchain node 300 has verified the first user verification value, but unlike this, the proxy server 150 may verify the first user verification value.
  • At least one blockchain server 300 transmits the user smart contract registration transaction ID to the proxy server 150 (S4-1), so that the proxy server 150 transmits the user smart contract registration transaction ID to the user terminal 100. It is transmitted to (S4-2).
  • a method of registering a user self claim in a method of managing user identity using a blockchain network according to an embodiment of the present invention will be described with reference to FIG. 3A.
  • a user self-claim to be registered by the user using the user identity management app of the user terminal 100 is generated (S11).
  • the user self-claim may include a user ID, a user specific value obtained by processing the user identities, and a second user signature value in which the user ID and the user specific value are signed with a user private key.
  • the user specific value may be a value obtained by processing each of specific identities for the user.
  • a user self-claim can be created in the format of 1. topic, 2. scheme, 3. owner, 4, signature value, and 5. data.
  • the topic may be a type of claim related to user identities
  • a scheme may be an encryption algorithm to be used
  • an owner may be a subject generating the claim
  • a signature value may be a signature value of the subject
  • data may be the content of the claim.
  • the user identities include feature information for identifying a user, and the feature information may be stored in the user terminal.
  • the user identities may include all characteristic information related to the user such as the user's name, date of birth, gender, nickname, phone number, email address, biometric information, behavioral characteristics, hobbies, physical characteristics, and life patterns, and each The characteristic information of can be classified by claim type, and topics can be added or deleted as needed.
  • the owner may be a user ID generated by the method of FIG. 2A or 2B.
  • the data may be identity information for a claim, and in the user self-claim, it is a user-specific value obtained by processing all the identities of the user, and in the identity claim, it may be a claim type corresponding to at least one specific identity, that is, the type of topic.
  • the data may include a time stamp, but is not limited thereto, and may include various authentication verification data.
  • the authentication confirmation data is not a user's identities and values obtained by processing them, and may include arbitrary data such as nonce for confirming evidence that each user's identities are authenticated.
  • security can be improved by adding a user ID to the data.
  • the user specific value may be a root hash value of a Merkletree in which hash values for each of the user identities are allocated to at least some of each leaf node.
  • the user specific value may be a hash value for one user identity.
  • the user terminal 100 transmits a user self-claim registration request transaction for registering the generated user self-claim to the blockchain network (S12).
  • the user self-claim registration request transaction includes user self-claim data, that is, a user ID, a user-specific value processed with user identities, and a second user signature value that signs the user ID and user-specific value with the user private key. It may include a self-claim and a third user signature value of signing the user self-claim data with the user master private key.
  • At least one block chain node 300 among a plurality of block chain nodes constituting the block chain network verifies the third user signature value (S13).
  • the verification of the third user signature value may be performed in the same manner as described with reference to FIG. 2A, and a detailed method for verifying the signature value will be omitted in the following description.
  • At least one blockchain node 300 verifies the second user signature value included in the user self-claim (S14).
  • At least one blockchain node 300 executes a user smart contract corresponding to the user ID registered in the distributed ledger of the blockchain network to correspond to the user self-claim data.
  • the user self-claim is registered in the distributed ledger (S15), and the user self-claim transaction ID corresponding to the transaction for registering the user self-claim in the distributed ledger is transmitted to the user terminal 100 (S18).
  • the user terminal 100 checks whether the user self-claim has been registered on the distributed ledger by using the user self-claim transaction ID, and the user self-claim is distributed by the agreement of the blockchain nodes 300 constituting the blockchain network.
  • the user self-claim address that is, the user self-claim ID, which is the location information where the user self-claim is registered in the distributed ledger, is obtained.
  • the user terminal 100 transmits a user self claim registration request transaction to the proxy server 150 (S12-1), and the proxy server 150 transmits a user self claim registration request transaction
  • the self-claim registration request transaction is transmitted to the blockchain network (S12-2) with the second proxy server signature value signed with the proxy server master private key.
  • at least one of the plurality of blockchain nodes constituting the blockchain network at least one blockchain node 300 verifies the second proxy server signature value (S13-1), and if the second proxy server signature value is valid, 2
  • the user signature value is verified (S14).
  • at least one block chain node 300 has verified the second user signature value, but unlike this, the proxy server 150 may verify the second user signature value.
  • At least one blockchain node 300 transmits the user self-claim transaction ID to the proxy server 150 (S16-1), and the proxy server 150 transmits the user self-claim transaction ID to the user terminal 100.
  • the user terminal 100 may obtain a user self-claim ID.
  • the user terminal 100 pays the transaction blood
  • the proxy server 150 may pay the transaction blood on behalf of the user terminal 100.
  • a method of adding and deleting a user key in a method of managing user identities using a block chain network according to an embodiment of the present invention will be described with reference to FIG. 4A.
  • a user private key is generated using a user address, and each user key can be added or deleted according to the purpose of use of the key. .
  • a user key addition or deletion request transaction including the user key addition or deletion request data including the user address and key purpose through the user identity management app of the user terminal 100 and the user signature value signed with the user master private key
  • transmitting at least one blockchain node 300 verifies the user signature value (S22).
  • the at least one blockchain node 300 adds a user key according to the key purpose from the user key list on the distributed ledger or deletes the user key registered in the key list (S23). ).
  • At least one blockchain node 300 transmits (S24) a transaction ID for registering a user key addition or deletion request transaction to the distributed ledger to the user terminal 100 (S24).
  • the user terminal 100 checks whether the requested user key has been added or deleted from the distributed ledger using the transaction ID (S25), and receives result information from the distributed ledger of the blockchain network (S26). You can check the result of whether the user key requested in is added or deleted.
  • the user address may be initially registered in the key list for all purposes by default, and different user addresses for the corresponding purpose may be registered in the key list for each purpose according to the addition of the user key.
  • the proxy server proxies the user key addition or deletion request transaction.
  • the proxy server signature value signed with the server master private key is transmitted to the blockchain network (S21-2), and at least one blockchain node 300 among a plurality of blockchain nodes constituting the blockchain network signs the proxy server. If it is determined that the value is valid by verifying the value (S21-3), the user key is added or deleted (S23). In this case, the user signature value included in the user key addition or deletion request transaction may be verified by the proxy server 150 or at least one blockchain node 300 may verify.
  • At least one blockchain node 300 transmits the transaction ID to the proxy server 150 (S24-1), and the proxy server 150 transmits the transaction ID to the user terminal 100 (S24-2). ) So that the user terminal 100 can check the result of adding or deleting the user key using the transaction ID.
  • the proxy server 150 may allow the proxy server 150 to pay the transaction blood on behalf of the user terminal 100.
  • a method of backing up user data in a method of managing user identity using a block chain network according to an embodiment of the present invention will be described with reference to FIG. 5A.
  • User data backup includes user identities and user keys, such as IPFS (InterPlanetary File System), etc., in order to enable the user to recover verified data when the user identity management app installed in the user terminal 100 is deleted or cannot be managed. It can be stored in the same distributed storage system, email, or personal storage space.
  • IPFS InterPlanetary File System
  • the user generates encrypted user data by encrypting user data to be backed up through the user identity app of the user terminal 100, for example, user identities and user keys with a user public key (S31).
  • the user terminal 100 transmits the generated encrypted user data to the distributed storage system to request the registration of encrypted user data (S32), and accordingly, at least one of a plurality of distributed storage servers constituting the distributed storage system
  • the distributed storage server 400 registers the encrypted user data in the distributed storage system (S33).
  • the distributed storage server 400 transmits (S34) the file ID, which is the location information of the encrypted user data registered in the distributed storage system, to the user terminal 100.
  • the user can generate encrypted user data by encrypting user data to be backed up through the user identity app of the user terminal 100 with a user public key, and store the encrypted user data in email, personal storage space, etc.
  • the personal storage space may include a web hard drive, a cloud hard drive, a memory card, a storage space of a user terminal, etc., but is not limited thereto, and may include all storage spaces accessible to a user.
  • the user terminal 100 generates a user self-claim including a user ID and a file ID (S35).
  • the user terminal 100 makes a user self-claim registration request (S36) to the blockchain network, and at least one blockchain node 300 constituting the blockchain network is a file ID
  • the user self-claim for is registered in the distributed ledger (S37).
  • the user terminal 100 can check the registration result by checking the user self-claim ID (S38).
  • the user terminal 100 makes a request for registering user data encrypted with the proxy server 150 (S32-1), and the proxy server 15 requests for registering user data encrypted with a distributed storage system. (S32-2), and accordingly, at least one distributed storage server 400 among a plurality of distributed storage servers constituting the distributed storage system registers encrypted user data in the distributed storage system (S33).
  • the distributed storage server 400 transmits the file ID, which is the location information of the encrypted user data registered in the distributed storage system, to the proxy server 150 (S34-1), and the proxy server 150 sends the file ID to the user. It transmits to the terminal 100 (S34-2).
  • the user can generate encrypted user data by encrypting user data to be backed up through the user identity app of the user terminal 100 with a user public key, and store the encrypted user data in email, personal storage space, etc.
  • the personal storage space may include a web hard drive, a cloud hard drive, a memory card, a storage space of a user terminal, etc., but is not limited thereto, and may include all storage spaces accessible to a user.
  • the user terminal 100 requests the user self-claim registration to the proxy server 150 (S36-1), and the proxy server 150 requests the user self-claim registration to the blockchain network.
  • Do (S36-2) requests the user self-claim registration to the blockchain network.
  • the user terminal 100 pays the transaction blood
  • the proxy server 150 may pay the transaction blood on behalf of the user terminal 100.
  • a method of recovering user data in a method of managing user identity using a block chain network according to an embodiment of the present invention will be described with reference to FIG. 6.
  • the user makes a user self-claim ID confirmation request (S41) to the blockchain network through the user identity management app of the user terminal 100.
  • the user self-claim to be checked may be a user self-claim corresponding to the file ID registered by the method as in FIG. 5A.
  • At least one blockchain server 300 constituting the blockchain network executes the user smart contract to check the user self-claim ID registered in relation to the file ID among the user claims registered in the distributed ledger, and the user terminal The user self-claim ID is transmitted to (100) (S42).
  • the user terminal 100 makes a confirmation request (S43) for the user self-claim to the blockchain network using the verified user self-claim ID, and accordingly, at least one blockchain node 300 constituting the blockchain network. ) Executes the user smart contract and transmits the file ID included in the user self-claim to the user terminal 100 (S44).
  • the user terminal 100 requests encrypted user data corresponding to the file ID to the distributed storage system using the obtained file ID (S45), and at least one distributed storage server 400 of the distributed storage system
  • the encrypted user data corresponding to the ID is checked, and the verified encrypted user data is transmitted to the user terminal 100 (S46).
  • the user can obtain the encrypted user data directly from the e-mail or personal storage space through the user terminal 100.
  • the user terminal 100 decrypts the obtained encrypted user data with a user private key to obtain user data, thereby recovering the user data (S47).
  • the user terminal 100 directly communicates with the distributed storage system and the blockchain network, but, unlike this, communication may be mediated through the proxy server by the method as described above.
  • a method of registering a specific identity claim in a user identity management method using a block chain network according to an embodiment of the present invention will be described with reference to FIG. 7A.
  • a request for a list of certification authorities S51
  • at least one blockchain node 300 transmits a list of certification authorities registered in the distributed ledger to the specific user terminal 100 ( S52).
  • the specific user terminal 100 allows the user to select a specific certification authority to perform authentication for a specific user identity from the certification authority list.
  • the selected specific certification authority server 200 To request information on a specific certification authority (S53).
  • the specific certification authority server 200 transmits its own information, that is, specific certification authority information, to the user terminal 100 in response to an information request from the user terminal 100 (S54).
  • specific authentication The authority server 200 transmits the authentication authority information stored in the server, or transmits the access key for specific authentication authority information registered in the blockchain network or distributed storage system, so that the user terminal 100 receives the access key.
  • the specific certification authority information may include information on the certification authority and information on user identities that can be authenticated, but is not limited thereto.
  • the specific user terminal 100 transmits a specific user specific identity claim registration request to the specific authentication authority server 200 in order to authenticate the specific identity selected by the specific user (S55).
  • the request for registering a specific user specific identity claim may include a specific user ID, a specific user specific identity for authentication among specific user identities, and a specific claim type corresponding to the specific user specific identity.
  • a specific user-specific identity claim registration request may include a specific user ID and a specific claim type corresponding to a specific user specific identity, and in this case, a specific user specific identity corresponding to a specific claim type is a specific certification authority server 200 May be stored in
  • the request for registering a specific user-specific identity claim may include authentication confirmation data, for example, a time stamp, a nonce, and the like.
  • the specific certification authority server 200 verifies the specific user specific identity (S56).
  • verification of a specific identity is performed by the specific certification authority server 200, and authentication may be performed by checking whether the specific user specific identity matches the characteristic information of the specific user. For example, when a specific identity is a phone number, general phone number authentication is performed to check whether the corresponding phone number matches the phone number of a specific user.
  • the specific certification authority server 200 may check a specific user specific identity corresponding to the specific claim type requested for authentication among the identities of the specific user previously stored. At this time, the identities of a specific user previously stored in the specific certification authority server 200 may have already been verified in the specific certification authority server 200, but in the case of not being verified, the identities are verified by the above method. Can be done.
  • the specific authentication authority server 200 generates a specific user specific identity claim (S57).
  • the specific user-specific identity claim is a specific certification authority ID corresponding to the specific certification authority server 200, a specific claim type corresponding to a specific user specific identity, and a specific user ID and specific claim type as the private key of the specific certification authority server. It may include a signed value of the first specific certification authority signed.
  • the specific user-specific identity claim may include authentication verification data, for example, a time stamp, nonce, and the like, and the first specific authentication authority signature value may be signed by adding authentication verification data.
  • a specific user-specific identity claim may be generated in the format of 1. topic, 2. scheme, 3. owner, 4, signature value, and 5. data.
  • the topic may be a type of claim related to user identities
  • a scheme may be an encryption algorithm used
  • an owner may be a subject generating the claim
  • a signature value may be a signature value of the subject
  • data may be authentication verification data.
  • the specific certification authority server 200 transmits a specific user specific identity claim registration request transaction for registering the generated specific user specific identity claim to the blockchain network (S58).
  • the specific user-specific identity claim registration request transaction may include a specific user-specific identity claim and a second specific certification authority signature value in which the specific user-specific identity claim is signed with a master private key of a specific certification authority.
  • At least one blockchain node 300 of the blockchain network verifies the signature value of the second specific authentication authority.
  • at least one blockchain node 300 may verify the signature value of the second specific authentication authority included in the specific user-specific identity claim when the second specific authentication authority signature value is valid.
  • At least one blockchain node 300 executes a specific user smart contract registered in the distributed ledger so that a specific user-specific identity claim is registered in the distributed ledger (S59), and a specific user-specific identity claim is registered in the distributed ledger.
  • a specific user specific identity claim registration transaction ID corresponding to the specific user specific identity claim registration transaction to be performed is transmitted to the specific certification authority server 200 (S60).
  • the specific certification authority server 200 checks whether a specific user specific identity claim has been registered in the distributed ledger by using the specific user specific identity claim registration transaction Aadi (S61), and a block chain node ( 300), when a specific user-specific identity claim is registered in the distributed ledger, a specific user-specific identity claim ID, which is the location information on which a specific user-specific identity claim is registered in the distributed ledger (S62), and a specific user-specific identity
  • the specific claim signature value signed with the private key of a specific certification authority and the obtained specific user specific identity claim ID are transmitted to the user terminal 100 (S63).
  • the specific claim signature value may be signed by further including authentication verification data such as time stamp and nonce.
  • a specific user-specific identity claim approval transaction is transmitted to the blockchain network through a specific user terminal 100 ( S64).
  • the specific user-specific identity claim approval transaction may include a specific user-specific identity approval data and a third-specific user signature value in which the specific user-specific identity approval data is signed with a specific user master private key, and the specific user-specific identity approval data is A specific user-specific identity claim ID and approval information for a specific user-specific identity claim may be included.
  • At least one block chain node 300 of the blockchain network verifies the third specific user signature value and, if the third specific user signature value is valid, executes a specific user smart contract and executes a specific user specific identity claim approval transaction. Be registered in the distributed ledger (S65).
  • At least one block chain node 300 transmits (S66) a specific user specific identity claim approval transaction ID to a specific user terminal 100 for registering a specific user specific identity claim approval transaction on the distributed ledger.
  • the user terminal 100 checks whether a specific user-specific identity claim approval transaction is registered in the distributed ledger by using a specific user-specific identity claim approval transaction ID (S67) (S68).
  • the specific certification authority server 200 transmits a specific user specific identity claim registration request transaction for registering the generated specific user specific identity claim to the proxy server 150 (S58-1),
  • the proxy server 150 transmits a specific user-specific identity claim registration request transaction and a second proxy server signature value signed with the proxy server master private key to the blockchain network (S58-2).
  • at least one blockchain node 300 of the blockchain network verifies the second proxy server signature value, and if the second proxy server signature value is valid, registers a specific user-specific identity claim on the distributed ledger (S59). .
  • At least one blockchain node 300 of the blockchain network transmits a specific user specific identity claim registration transaction ID to the proxy server 150 (S60-1), and the proxy server 150 transmits a specific user specific identity.
  • the claim registration transaction ID is transmitted to the specific certification authority server 200 (S60-2).
  • a specific user-specific identity claim approval transaction is transmitted to the proxy server 150 (S64-1) through a specific user terminal 100, and the proxy server 150 transmits a specific user-specific identity claim approval transaction and the proxy server.
  • the first proxy server signature value signed with the master private key is transmitted (S64-2).
  • at least one blockchain node 300 of the blockchain network verifies the first proxy server signature value, and if the first proxy server signature value is valid, executes a specific user smart contract to distribute a specific user-specific identity claim approval transaction. Be registered in the ledger (S65).
  • at least one block chain node 300 of the blockchain network transmits a specific user-specific identity claim approval transaction ID to the proxy server 150 (S66-1), and the proxy server 150 transmits a specific user-specific identity.
  • the claim approval transaction ID is transmitted to the specific user terminal 100 (S66-2).
  • the proxy server 150 provides the user terminal 100 and the specific authentication authority server 200. Instead, it can be made to pay transaction blood.
  • a specific user specific identity claim previously registered can be updated by the same method. That is, if there is a previous identity claim corresponding to the specific identity to be registered, if there is a registration request for the same specific identity claim, it is registered in the distributed ledger, and the newly registered specific identity claim is transferred to the specific identity of a specific user. Update with the corresponding claim.
  • a predetermined topic may be used to confirm a claim corresponding to a specific identity, and when a new claim is registered for the same topic, it may be recognized that the user identity claim is updated.
  • the present invention is not limited thereto, and a claim may be performed by defining a function of each claim, such as a registration claim, an update claim, and a deletion claim.
  • a method of deleting a specific identity claim in a method of managing user identity using a block chain network according to an embodiment of the present invention will be described with reference to FIG. 8A.
  • the specific user terminal 100 deletes a specific user-specific identity claim to the blockchain network in order to delete a specific user-specific identity claim according to the user's selection.
  • the request transaction is transmitted (S81).
  • the specific user-specific identity claim deletion request transaction includes the specific user-specific identity deletion claim data using the specific user-specific identity claim ID, and the first specific user signature value signed by the specific user-specific identity deletion claim data with a specific user master private key. Can include.
  • At least one blockchain node 300 of the blockchain network verifies the first specific user signature value and, if the first specific user signature value is valid, executes a specific user smart contract to respond to a specific user specific identity claim ID.
  • a transaction for deleting a specific user specific identity claim to delete a specific user specific identity claim to be registered in the distributed ledger (S82) is made.
  • At least one blockchain node 300 of the blockchain network transmits (S83) a transaction ID for deleting a specific user specific identity claim to a specific user terminal 100, and the specific user terminal 100 has a specific user specific identity. Using the claim deletion transaction ID, it is checked whether a specific user-specific identity claim to be deleted has been deleted from the distributed ledger (S84) (S85).
  • the specific user terminal 100 transmits a transaction requesting deletion of a specific user-specific identity claim to the proxy server 150 (S81-1), and the proxy server 150 deletes a specific user-specific identity claim.
  • the request transaction and the proxy server signature value signed with the proxy server master private key are transmitted to the blockchain network (S81-2).
  • At least one blockchain node 300 of the blockchain network verifies the proxy server signature value (S81-3), and if the proxy server signature value is valid, the first specific identity claim included in the transaction requesting deletion of a specific user-specific identity After verifying the user signature value, a transaction for deleting a specific user specific identity claim to delete a specific user specific identity claim is registered in the distributed ledger (S82).
  • At least one block chain node 300 of the blockchain network transmits a specific user specific identity claim deletion transaction ID to the proxy server 150 (S83-1), and the proxy server 150 makes a specific user specific identity claim.
  • the deletion transaction ID is transmitted to the specific user terminal 100 (S83-2).
  • the user terminal 100 pays the transaction blood
  • the proxy server 150 may pay the transaction blood on behalf of the user terminal 100.
  • FIG. 9A Another method of deleting a specific identity claim in the method of managing user identity using a blockchain network according to an embodiment of the present invention will be described with reference to FIG. 9A.
  • the specific certification authority server 200 transmits a specific user-specific identity claim deletion request transaction to the blockchain network in order to delete the specific user-specific identity claim.
  • the transaction requesting deletion of a specific user-specific identity claim is signed by a third specific certification authority that signs the specific user-specific identity deletion claim data and the specific user-specific identity deletion claim data with a specific certification authority master private key using a specific user-specific identity claim ID. May contain values.
  • At least one block chain node 300 of the blockchain network verifies the signature value of the third specific authentication authority, and if the signature value of the third specific authentication authority is valid, executes a specific user smart contract and executes a specific user specific identity claim ID.
  • a specific user-specific identity claim deletion transaction to delete a specific user-specific identity claim corresponding to is registered in the distributed ledger.
  • At least one block chain node 300 of the blockchain network transmits (S92) a transaction ID for deleting a specific user specific identity claim to a specific certification authority server 200, and the specific certification authority server 200 is a specific user
  • a specific identity claim deletion transaction ID which is the ID of the specific user specific identity deletion claim registered in the distributed ledger, is checked (S93) (S94).
  • the specific certification authority server 200 transmits the specific user specific identity deletion claim ID to the specific user terminal 100 (S95).
  • the specific user terminal 100 transmits the specific user specific identity claim deletion approval transaction to the blockchain network (S96).
  • the specific user-specific identity claim deletion approval transaction may include specific user-specific identity claim deletion approval data and a second specific user signature value signed with a specific user master private key, and the specific user-specific identity claim deletion approval data It may include the user-specific identity deletion claim ID and approval information for the specific user-specific identity deletion claim.
  • At least one block chain node 300 of the blockchain network verifies the second specific user signature value and, if the second specific user signature value is valid, executes a specific user smart contract to delete a specific user specific identity claim. It is deleted (S97) from this distributed ledger.
  • At least one block chain node 300 of the blockchain network transmits (S98) the transaction ID for approval to delete a specific user specific identity claim to the specific user terminal 100, and the specific user terminal 100 Using the identity claim deletion approval transaction ID, it is checked whether the specific user-specific identity claim to be deleted has been deleted from the distributed ledger (S99) (S100).
  • a specific certification authority server 200 transmits a request transaction for deleting a specific user-specific identity claim to the proxy server 150 (S91-1), and the proxy server 150 deletes a specific user-specific identity.
  • the request transaction and the proxy server signature value signed with the proxy server master private key are transmitted to the blockchain network (S91-2).
  • At least one blockchain node 300 of the blockchain network verifies the proxy server signature value and, if the proxy server signature value is valid, executes a specific user smart contract to specify a specific user corresponding to a specific user specific identity claim ID.
  • a specific user-specific identity claim deletion transaction to delete an identity claim is registered in the distributed ledger.
  • At least one block chain node 300 of the blockchain network transmits a specific user specific identity claim deletion transaction ID to the proxy server 150 (S92-1), and the proxy server 150 makes a specific user specific identity claim.
  • the deletion transaction ID is transmitted to the specific certification authority server 200 (S92-2).
  • the specific user terminal 100 transmits a specific user-specific identity deletion approval transaction to the proxy server 150 (S96-1), and the proxy server 150 transmits a specific user-specific identity claim deletion approval transaction to the blockchain network. Send to (S96-2).
  • At least one block chain node 300 of the blockchain network transmits a specific user-specific identity claim deletion approval transaction ID to the proxy server 150 (S98-1), and the proxy server 150 is The identity claim deletion approval transaction ID is transmitted to the specific user terminal 100 (S98-2).
  • the proxy server 150 provides the user terminal 100 and the specific authentication authority server 200. Instead, it can be made to pay transaction blood.
  • the achievement level corresponding to each claim can be provided to the subject creating the claim, the owner of the claim, the subject using the claim, etc., and compensation corresponding to the achievement level Can provide.
  • the achievement status and reward payment status can be managed through the blockchain network by a method similar to that described above.
  • each achievement obtained by the subject is registered in the blockchain network in a manner similar to self-claim, and specific rewards desired for compensation among achievements can be registered and managed in the blockchain network in a manner similar to the identity claim.
  • FIGS. 10A and 10B A method of authenticating a user using a user identity based on a blockchain network according to an embodiment of the present invention will be described with reference to FIGS. 10A and 10B.
  • Smart contracts are registered in the distributed ledger of the blockchain network composed of multiple blockchain nodes as user smart contracts in response to each user, and user smart contracts At least one authentication authority for each user self-claims and user identities including user-specific values where the addresses on the distributed ledger for are managed by user IDs, and user identities corresponding to users are processed.
  • the user requests sign-up to the service providing server 500 through the service using terminal 110 In (S111)
  • the service providing server 500 requests user specific information necessary for sign-up to the service using terminal 110 (S112).
  • the service using terminal 110 can access the service providing server 500 through an application or the web, and the service providing server 500 is a callback URL or URL to request for user specific information.
  • access information to the service providing server 500 may be provided.
  • the service using terminal 110 transmits a request for user specific information from the service providing server 500 to the user terminal 100 (S113).
  • the service using terminal 110 may be the same terminal as the user terminal 100 or different terminals.
  • the user terminal 100 checks the user specific information requested from the service providing server 500 through the user identity management app (S114). At this time, the user terminal 100 checks whether user-specific identity claims of user-specific identities corresponding to the requested user-specific information are registered on the distributed ledger of the blockchain network.
  • the user terminal 100 provides the requested user specific information to the service providing terminal 500 (S115).
  • the user terminal 100 may have a specific user ID, user-specific identities corresponding to specific user-specific information, and , To the service providing server 500, specific user claim information including specific claim signature values signed by each user specific identities with a private key of a specific certification authority may be provided.
  • the service providing server 500 checks the specific user specific identity claim registered in the distributed ledger in response to the claim types of the user specific identities by referring to the specific user ID (S116) (S117), and The information is authenticated (S118).
  • the service providing server 500 may verify a specific user specific identity using a specific user specific identity claim. In other words, it is checked whether a specific certification authority has authenticated a specific claim type corresponding to a specific user specific identity through a specific user specific identity claim obtained from the distributed ledger, and a specific certification authority authenticated by referring to a specific claim signature value. Identify a specific user-specific identity corresponding to the claim.
  • the service providing server 500 executes a digital signature verification module registered in the distributed ledger to obtain a specific certification authority public key corresponding to a specific certification authority private key by referring to a specific claim signature value and a specific user specific identity, or It is possible to obtain a specific certification authority public key corresponding to a specific certification authority private key from a specific certification authority server, and use the specific certification authority public key to check whether the data to be compared and the specific user specific identity matched from the specific claim signature value. By verifying, a specific user-specific identity can be authenticated as valid.
  • the service providing server 500 verifies a specific user specific value and a specific user specific identity, and then checks the certification authority that generated a specific user specific identity claim. If the certification authority is determined to be reliable, the specific user specific identity Can be authenticated as valid.
  • the service providing server 500 allows a specific user to sign up (S119).
  • the service providing server 500 may register a specific user ID as the user ID of the service providing server 500.
  • the user terminal 100 is a specific user ID, a specific user specific identity, a specific user self-claim ID, and a specific user.
  • specific user claim information including a specific value, specific user specific value generation information using a specific user specific identity, and a specific user signature value signed by a specific user specific value with a specific user private key Can give.
  • the service providing server 500 checks the user signature value, and then checks the specific user self claim registered in the distributed ledger by referring to the specific user self claim ID (S116) (S117), and makes the confirmed specific user self claim.
  • the specific user claim information may be authenticated, and authentication (S118) by checking whether the specific user specific identity matches the characteristic information of a specific user, and then sign-up of a specific user may be allowed (S1119).
  • verifying and authenticating whether a specific user specific identity matches the characteristic information of a specific user may be authenticating a specific user specific identity in the service providing server 500 itself. For example, if a specific identity is a phone number, general phone number authentication can be performed to check whether the corresponding phone number matches the phone number of a specific user.
  • the service providing server 500 may register (S120) a specific user specific identity claim for a specific identity authenticated by the method as in FIG. 7A in the distributed ledger of the blockchain network.
  • the service providing server 500 refers to the authenticated specific user-specific identity, the service providing server ID corresponding to the service providing server, at least a specific claim type corresponding to a specific user-specific identity, and a specific user ID and specific claim.
  • the specific user-specific identity claim may include authentication verification data such as a time stamp
  • the first service providing server signature value may be signed by adding authentication verification data such as a time stamp.
  • at least one blockchain node 300 of the blockchain network verifies the second service providing server signature value and, if the second service providing server signature value is valid, executes a specific user smart contract to claim a specific user specific identity claim. You will be registered on the distributed ledger.
  • a specific claim signature value signed by a specific user specific identity with the private key of the service providing server may be transmitted to and stored in the user terminal 100.
  • Smart contracts are registered in the distributed ledger of the blockchain network composed of multiple blockchain nodes as user smart contracts in response to each user, and user smart contracts At least one authentication authority for each user self-claims and user identities including user-specific values where the addresses on the distributed ledger for are managed by user IDs, and user identities corresponding to users are processed.
  • the user requests a service to the service providing server 500 through the service using terminal 110 (S131 ), the service providing server 500 requests a specific user signature value for providing a service to the service using terminal 110 (S132).
  • the service using terminal 110 may access the service providing server 500 through an application or web, and the service providing server 500 may respond to a request for a specific user's signature value with a callback URL or By adding a URL scheme, access information to the service providing server 500 may be provided.
  • the service using terminal 110 transmits a request for a user signature value from the service providing server 500 to the user terminal 100 (S133).
  • the service using terminal 110 may be the same terminal as the user terminal 100 or different terminals.
  • the user terminal 100 generates a specific user signature value through the user identity management app (S134).
  • the user terminal 100 checks data corresponding to a request for a specific user signature value, and may generate a specific user signature value that signs the data with a specific user private key.
  • the data is generated by the service providing server 500 and may be included in the request information for a specific user signature value, data on transaction information, data on information that the user must confirm in order to provide the service, and signature values
  • the nonce data for confirmation may be included, but the present disclosure is not limited thereto, and all data generated by the service providing server 500 in connection with service provision may be included.
  • the data may be generated by the user terminal 100 in response to information requested from the service providing server 500, and data on transaction information required for service use, a specific user identity for login, a password, etc.
  • the data on the nonce for use in verifying the signature value, and the like may be included, but the present invention is not limited thereto, and all data generated by the user terminal 100 in connection with service use may be included.
  • the user terminal 100 transmits a specific user ID, a specific user address, data, and a specific user signature value to the service providing server 500 (S135).
  • the service providing server 500 checks whether the specific user signature value is valid (S136), and if the specific user signature value is valid, checks the comparison target user address registered in the distributed ledger of the blockchain network by referring to the specific user ID. After performing (S137) (S138) and checking whether a specific user address is valid by referring to the comparison target user address (S139), the requested service may be provided to the service requesting terminal 100 (S140).
  • the service providing server 500 refers to the specific user specific identity claim ID, and the distributed ledger of the blockchain network In order to obtain a specific user-specific identity claim, you can verify a specific user-specific identity by referring to the specific user-specific identity claim.
  • the service providing server 500 executes a digital signature verification module registered in the distributed ledger to obtain a specific user public key corresponding to a specific user private key by referring to a specific user signature value and data, or the user terminal 100
  • a specific user public key can be obtained by adding and transmitting a specific user public key corresponding to this specific user private key, and using a specific user public key, it is checked whether the data to be compared and the data to be compared from the specific user signature value match. By doing so, you can check whether a specific user signature value is valid.
  • the embodiments according to the present invention described above may be implemented in the form of program instructions that can be executed through various computer components and recorded in a computer-readable recording medium.
  • the computer-readable recording medium may include program instructions, data files, data structures, etc. alone or in combination.
  • the program instructions recorded in the computer-readable recording medium may be specially designed and configured for the present invention, or may be known and usable to those skilled in the computer software field.
  • Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical recording media such as CD-ROMs and DVDs, magnetic-optical media such as floptical disks. media), and a hardware device specially configured to store and execute program instructions such as ROM, RAM, flash memory, and the like.
  • Examples of the program instructions include not only machine language codes such as those produced by a compiler but also high-level language codes that can be executed by a computer using an interpreter or the like.
  • the hardware device may be configured to operate as one or more software modules to perform processing according to the present invention, and vice versa.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un procédé permettant de gérer l'identité d'un utilisateur à l'aide d'un réseau à chaîne de blocs, au niveau d'une demande d'un terminal utilisateur pour l'enregistrement d'une revendication d'identité d'utilisateur, la demande comprenant un ID d'utilisateur, une identité d'utilisateur, et un type de revendication correspondant à l'identité d'utilisateur, lorsqu'une transaction de demande d'enregistrement de revendication d'identité d'utilisateur comprenant la revendication d'identité d'utilisateur et une valeur de signature d'autorité de certification est reçue en provenance d'un serveur d'autorité de certification en réponse à la demande, un noeud de chaîne de blocs enregistre la revendication d'identité d'utilisateur avec un registre distribué si la valeur de signature d'autorité de certification est valide, en exécutant le contrat intelligent de l'utilisateur, et transmet un ID de transaction d'enregistrement de revendication d'identité d'utilisateur au serveur d'autorité de certification de sorte qu'en utilisant l'ID de transaction d'enregistrement de revendication d'identité d'utilisateur, le serveur d'autorité de certification puisse acquérir un ID de revendication d'identité d'utilisateur correspondant à la revendication d'identité d'utilisateur enregistrée avec le registre distribué et puisse transmettre une valeur de signature de revendication et l'ID de revendication d'identité d'utilisateur au terminal d'utilisateur.
PCT/KR2020/003026 2019-03-15 2020-03-03 Procédé et serveur permettant de gérer une identité d'utilisateur en utilisant un réseau à chaîne de blocs, et procédé et terminal d'authentification d'utilisateur utilisant l'identité d'utilisateur basée sur un réseau à chaîne de blocs WO2020189926A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020190030194A KR102116235B1 (ko) 2019-03-15 2019-03-15 블록체인 네트워크를 이용하여 사용자의 아이덴티티를 관리하는 방법 및 서버, 그리고, 블록체인 네트워크 기반의 사용자 아이덴티티를 이용하여 사용자를 인증하는 방법 및 단말
KR10-2019-0030194 2019-03-15

Publications (1)

Publication Number Publication Date
WO2020189926A1 true WO2020189926A1 (fr) 2020-09-24

Family

ID=70920175

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2020/003026 WO2020189926A1 (fr) 2019-03-15 2020-03-03 Procédé et serveur permettant de gérer une identité d'utilisateur en utilisant un réseau à chaîne de blocs, et procédé et terminal d'authentification d'utilisateur utilisant l'identité d'utilisateur basée sur un réseau à chaîne de blocs

Country Status (2)

Country Link
KR (1) KR102116235B1 (fr)
WO (1) WO2020189926A1 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112328686A (zh) * 2020-11-05 2021-02-05 深圳壹账通智能科技有限公司 一种基于数字证书的区块链节点共享方法及其相关产品
CN113378240A (zh) * 2021-06-23 2021-09-10 浪潮云信息技术股份公司 一种基于区块链的同步调用用户身份认证方法
CN113742709A (zh) * 2021-09-13 2021-12-03 北京字节跳动网络技术有限公司 信息的处理方法、装置、可读介质和电子设备
EP4086832A1 (fr) * 2021-05-04 2022-11-09 Otoplo Ltd Procédé mis en uvre par ordinateur
WO2022237588A1 (fr) * 2021-05-10 2022-11-17 支付宝(杭州)信息技术有限公司 Procédé et appareil de stockage de preuves de données à base de chaîne de blocs, dispositif, et support de stockage
CN115834253A (zh) * 2023-02-15 2023-03-21 布比(北京)网络技术有限公司 身份验证方法、身份验证系统、客户端和服务端

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338795A (zh) * 2021-12-23 2022-04-12 杭州趣链科技有限公司 一种区块链客户端的数据通信方法及装置
CN116881949B (zh) * 2023-09-05 2023-12-22 中国民航信息网络股份有限公司 一种基于区块链的数据处理方法及系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017203093A1 (fr) * 2016-05-25 2017-11-30 Nokia Technologies Oy Procédé, dispositif et système pour utiliser une chaîne de blocs pour définir un cercle de confiance
KR101877335B1 (ko) * 2017-01-02 2018-08-09 주식회사 코인플러그 블록체인 및 이와 연동되는 머클 트리 구조 기반의 모바일 아이디를 이용하여 사용자를 비대면 인증하는 방법, 단말 및 이를 이용한 서버
KR101903620B1 (ko) * 2017-06-23 2018-10-02 홍석현 블록체인 기반 분산 네트워크에서 피어의 신원을 확인하는 방법 및 이를 이용한 서버
KR20180113084A (ko) * 2017-04-05 2018-10-15 삼성에스디에스 주식회사 블록체인 기반 디지털 아이덴티티 관리 방법
KR20180129027A (ko) * 2017-05-24 2018-12-05 라온시큐어(주) 프로그래밍이 가능한 블록체인과 통합 아이디 기반의 사용자 인증 방법 및 시스템

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017203093A1 (fr) * 2016-05-25 2017-11-30 Nokia Technologies Oy Procédé, dispositif et système pour utiliser une chaîne de blocs pour définir un cercle de confiance
KR101877335B1 (ko) * 2017-01-02 2018-08-09 주식회사 코인플러그 블록체인 및 이와 연동되는 머클 트리 구조 기반의 모바일 아이디를 이용하여 사용자를 비대면 인증하는 방법, 단말 및 이를 이용한 서버
KR20180113084A (ko) * 2017-04-05 2018-10-15 삼성에스디에스 주식회사 블록체인 기반 디지털 아이덴티티 관리 방법
KR20180129027A (ko) * 2017-05-24 2018-12-05 라온시큐어(주) 프로그래밍이 가능한 블록체인과 통합 아이디 기반의 사용자 인증 방법 및 시스템
KR101903620B1 (ko) * 2017-06-23 2018-10-02 홍석현 블록체인 기반 분산 네트워크에서 피어의 신원을 확인하는 방법 및 이를 이용한 서버

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHOI, DAE SEEN ET AL.: "Blockchain and Authentication.", THE JOURNAL OF THE KOREAN INSTITUTE OF COMMUNICATION SCIENCES(LNFORMATIOTI & COMMUNICATIONS MAGAZINE), vol. 35, no. 7, June 2018 (2018-06-01), pages 11 - 17 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112328686A (zh) * 2020-11-05 2021-02-05 深圳壹账通智能科技有限公司 一种基于数字证书的区块链节点共享方法及其相关产品
EP4086832A1 (fr) * 2021-05-04 2022-11-09 Otoplo Ltd Procédé mis en uvre par ordinateur
WO2022237588A1 (fr) * 2021-05-10 2022-11-17 支付宝(杭州)信息技术有限公司 Procédé et appareil de stockage de preuves de données à base de chaîne de blocs, dispositif, et support de stockage
CN113378240A (zh) * 2021-06-23 2021-09-10 浪潮云信息技术股份公司 一种基于区块链的同步调用用户身份认证方法
CN113378240B (zh) * 2021-06-23 2023-03-28 浪潮云信息技术股份公司 一种基于区块链的同步调用用户身份认证方法
CN113742709A (zh) * 2021-09-13 2021-12-03 北京字节跳动网络技术有限公司 信息的处理方法、装置、可读介质和电子设备
CN113742709B (zh) * 2021-09-13 2023-09-05 抖音视界有限公司 信息的处理方法、装置、可读介质和电子设备
CN115834253A (zh) * 2023-02-15 2023-03-21 布比(北京)网络技术有限公司 身份验证方法、身份验证系统、客户端和服务端
CN115834253B (zh) * 2023-02-15 2023-04-14 布比(北京)网络技术有限公司 身份验证方法、身份验证系统、客户端和服务端

Also Published As

Publication number Publication date
KR102116235B1 (ko) 2020-05-28

Similar Documents

Publication Publication Date Title
WO2020189926A1 (fr) Procédé et serveur permettant de gérer une identité d'utilisateur en utilisant un réseau à chaîne de blocs, et procédé et terminal d'authentification d'utilisateur utilisant l'identité d'utilisateur basée sur un réseau à chaîne de blocs
WO2020189927A1 (fr) Procédé et serveur de gestion de l'identité d'un utilisateur à l'aide d'un réseau de chaîne de blocs, et procédé et terminal d'authentification d'utilisateur à l'aide d'une identité d'utilisateur sur la base d'un réseau de chaîne de blocs
WO2021002692A1 (fr) Procédé de fourniture de service d'actifs virtuels sur la base d'un identifiant décentralisé et serveur de fourniture de service d'actifs virtuels les utilisant
WO2018151427A1 (fr) Procédé de remplacement d'ouverture de session d'utilisateur par l'intermédiaire d'une authentification basée sur pki à l'aide de contrat intelligent et de base de données de chaîne de blocs, et serveur l'utilisant
WO2020141782A1 (fr) Procédé et serveur de gestion d'identité d'utilisateur à l'aide d'un réseau à chaîne de blocs, et procédé et terminal d'authentification d'utilisateur à l'aide d'une identité d'utilisateur basée sur un réseau à chaîne de blocs
WO2020171538A1 (fr) Dispositif électronique et procédé de fourniture de service de signature numérique de chaîne de blocs utilisant ce dernier
WO2021071157A1 (fr) Dispositif électronique et procédé de gestion d'adresse de chaîne de blocs au moyen dudit dispositif
WO2017104899A1 (fr) Système d'authentification de certificat sur la base d'une chaîne de blocs et procédé d'authentification l'utilisant
WO2018151425A1 (fr) Procédé de prise en main d'une session d'utilisateur par le biais d'une authentification basée sur pki à l'aide d'une base de données blockchain de protocole basé sur utxo, et serveur l'utilisant
WO2018008800A1 (fr) Système d'authentification de certificat accrédité basé sur une chaîne de blocs, et procédé d'authentification de certificat accrédité basé sur une chaîne de blocs, utilisant ce système
WO2020091278A1 (fr) Système et procédé de fourniture d'informations personnelles utilisant une clé privée à usage unique basée sur une chaîne de blocs de preuve d'utilisation
WO2017022917A1 (fr) Système d'émission de certificat basé sur une chaîne de blocs
WO2017171165A1 (fr) Système d'émission de certificat public en fonction d'une chaîne de blocs et procédé d'émission de certificat public en fonction d'une chaîne de blocs utilisant ledit système
WO2018124857A1 (fr) Procédé et terminal d'authentification sur la base d'une base de données de chaînes de blocs d'un utilisateur sans face-à-face au moyen d'un id mobile, et serveur utilisant le procédé et le terminal
WO2018194379A1 (fr) Procédé d'approbation de l'utilisation d'une carte à l'aide d'un identificateur de jeton sur la base d'une chaîne de blocs et structure en arbre de merkle associée à celui-ci, et serveur l'utilisant
WO2018030707A1 (fr) Système et procédé d'authentification, et équipement d'utilisateur, serveur d'authentification, et serveur de service pour exécuter ledit procédé
WO2022102930A1 (fr) Système did utilisant une authentification par pin de sécurité basée sur un navigateur, et procédé de commande associé
WO2021010766A1 (fr) Dispositif et procédé d'authentification électronique faisant appel à une chaîne de blocs
WO2020235782A1 (fr) Procédé d'authentification d'identification personnelle dans un environnement distribué
WO2013065915A1 (fr) Procédé d'interfonctionnement de confiance entre une région de confiance et une région non de confiance, procédé, serveur et terminal pour commander le téléchargement d'applications de confiance, et système de commande les appliquant
WO2020141783A1 (fr) Procédé et serveur de gestion d'identité d'utilisateur à l'aide d'un réseau à chaîne de blocs, et procédé et terminal d'authentification d'utilisateur à l'aide d'une identité d'utilisateur basée sur un réseau à chaîne de blocs
WO2020050424A1 (fr) SYSTÈME ET PROCÉDÉ BASÉS SUR UNE CHAÎNE DE BLOCS POUR UNE AUTHENTIFICATION DE SÉCURITÉ MULTIPLE ENTRE UN TERMINAL MOBILE ET UN DISPOSITIF D'IdO
WO2017119548A1 (fr) Procédé d'authentification d'utilisateur à sécurité renforcée
WO2015069018A1 (fr) Système d'ouverture de session sécurisée et procédé et appareil pour celui-ci
WO2018151426A1 (fr) Procédé de prise en main d'une session d'utilisateur par le biais d'une authentification basée sur pki à l'aide d'une structure arborescente de merkle dans un protocole basé sur utxo et serveur l'utilisant

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20773877

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20773877

Country of ref document: EP

Kind code of ref document: A1