WO2021090975A1 - Method for generating temporary anonymous certificate - Google Patents

Method for generating temporary anonymous certificate Download PDF

Info

Publication number
WO2021090975A1
WO2021090975A1 PCT/KR2019/014955 KR2019014955W WO2021090975A1 WO 2021090975 A1 WO2021090975 A1 WO 2021090975A1 KR 2019014955 W KR2019014955 W KR 2019014955W WO 2021090975 A1 WO2021090975 A1 WO 2021090975A1
Authority
WO
WIPO (PCT)
Prior art keywords
value
encryption
program module
user terminal
work program
Prior art date
Application number
PCT/KR2019/014955
Other languages
French (fr)
Korean (ko)
Inventor
문기봉
강준구
한하원
Original Assignee
한국스마트인증 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국스마트인증 주식회사 filed Critical 한국스마트인증 주식회사
Priority to PCT/KR2019/014955 priority Critical patent/WO2021090975A1/en
Publication of WO2021090975A1 publication Critical patent/WO2021090975A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a method of generating a temporary anonymous certificate to ensure that the result of the user's work is not forged while ensuring the anonymity of the user in an activity or work where anonymity is to be guaranteed online.
  • An object of the present invention is to provide a method of generating a temporary anonymous certificate that can guarantee anonymity while certifying the integrity of the result of an activity or work performed online.
  • the pre-processing method for generating a temporary anonymous certificate according to the present invention is performed in an environment including a block chain including an account module and a work program module, a user terminal, and a certification authority server (CA).
  • a block chain including an account module and a work program module, a user terminal, and a certification authority server (CA).
  • CA certification authority server
  • the pre-processing method includes: a first step of generating, by a user terminal, a public key and a private key; A second step of generating, by a user terminal, a first validation value (Sign_1) by digitally signing an ID (V_ID) of a work program module with the secret key; A third step of generating, by the user terminal, the first encryption value E_1 by encrypting the ID of the work program module and the first validation value with a CA Public Key of the certification authority; A fourth step of transmitting, by the user terminal, a first account ID (A_ID) and a first encryption value (E_1) to an account module; A fifth step of generating, by the account module, a second encryption value (E_2), which is a value obtained by homogeneously encrypting the second account ID (AA_ID); A sixth step of generating, by the account module, a second validation value (Sign_2) by electronically signing the first encryption value (E_1); A seventh step of generating, by the account module,
  • the second encryption value may be a value calculated by performing a one-way function operation on a value obtained by homomorphic encryption of the first identification ID, the random value generated by the account module, and the random value generated by the user terminal.
  • the work program module includes a work program module ID (V_ID), a work identification ID (Ballot Stamp), a tag value, a work result (voting), a fourth validation value (Sign_4), and an ID of a temporary anonymous certificate.
  • the work program module includes step 15-1 of verifying the fourth validation value Sign_4 and the tag value and storing the work result if successful
  • the third encryption value may be a value calculated by performing a one-way function operation on the second encryption value E_2 and the work program module ID.
  • 1 is a flow chart of a pre-processing process for issuing a temporary anonymous certificate.
  • Fig. 2 is a flow chart of a modified embodiment of Fig. 1;
  • 3 is a flowchart of issuing a temporary anonymous certificate and storing a result of the operation.
  • Fig. 4 is a block diagram of an electronic computing device embodying the present invention.
  • Encryption/decryption may be applied to the information (data) transmission/reception process performed in this specification as needed, and expressions describing the information (data) transmission process in this specification and claims are all encrypted/ It should be interpreted as including the case of decryption.
  • expressions in the form of "transmitted from A to B (transmitted)" or “received from A by B” include those transmitted (transmitted) or received with another medium in the middle, and directly from A to B It does not just express what is transmitted (delivered) or received.
  • the order of each step is to be understood without limitation, unless the preceding step must be performed logically and temporally prior to the subsequent step.
  • module refers to a logical combination of general-purpose hardware and software that performs the function.
  • the present invention is performed by an electronic computing device such as a computer capable of electronic calculation, and the mathematical calculation and calculation of each step of the present invention described below are suitable for the known coding method and/or the present invention to perform the corresponding calculation or calculation. It can be implemented as a computer operation by a coding designed in a way.
  • the implementation of the present invention can be performed by various electronic computing devices.
  • An example of an electronic computing device that performs each step of the present invention is shown in FIG. 4.
  • the electronic processing unit 1309 includes a processor (e.g., a central processing unit (CPU) 1310), a memory 1320, a wired or wireless communication unit 1330, and at least one input unit. 1340, and at least one output unit 1350, but the included components are not limited to the listed components.
  • a processor e.g., a central processing unit (CPU) 1310
  • the memory 1320 includes a central processing unit 1320, a wired or wireless communication unit 1330, and at least one input unit. 1340, and at least one output unit 1350, but the included components are not limited to the listed components.
  • the structure shown in FIG. 13 is provided simplified for illustration purposes only.
  • the structure of the electronic computing device 1309 may be changed in an appropriate manner by a person skilled in the art according to the claims to be described later.
  • each component of the electronic computing device 109 may also be changed in an appropriate manner by a person skilled in the art according to the claims to be described later. Therefore, the structure of the apparatus shown in FIG. 4 is merely exemplary and should not be construed as limiting the scope of the present invention.
  • the processor 1300 may control the operation of the electronic computing device 1309.
  • the processor 1310 may be operated to control and interact with various components installed in the electronic computing device 1309 as shown in FIG. 4.
  • the memory 1320 may store program instructions or data executed by the processor 1300.
  • the process (step) described herein may be stored in the memory 1320 in the form of program instructions for execution of the processor 1300.
  • the communication unit 1330 may allow the electronic computing device 1309 to transmit data to at least one external device or receive data from at least one external device through a communication network.
  • the input unit 1340 may enable the electronic computing device 1309 to receive various types of inputs such as audio/video input, user input, and data input.
  • the input unit 1340 is, for example, at least one camera 1342 (that is, "image acquisition unity"), a touch panel 1344, and a microphone (not shown) in order to accept various types of input. ), a sensor 1346, a keyboard, a mouse, and at least one button or switch (not shown).
  • image acquisition unit as used herein may refer to the camera 1342, but is not limited thereto.
  • the output unit 1350 may display information on the display screen 1352 so that the user can see it.
  • the display screen 1352 may be configured to accept at least one input, such as a user tapping or pressing the screen 1352 through a variety of known mechanisms.
  • the output unit 1350 may further include a light source 1354.
  • the electronic computing device 1309 is shown as a single device, but may also consist of multiple separate devices that can be connected and interact with each other while in use.
  • value is defined in a broad sense including not only scalar values, but also vectors, matrices, tensors, and polynomials.
  • HE(**) refers to a value obtained by isomorphically encoding a value in parentheses.
  • the terms "electronic signature value” or “electronic signature” are used for convenience of explanation, but any value (validity verification value) that can determine whether information is forged or altered can be used as a validity verification value.
  • any method other than the usual electronic signature can be used to generate the validation value.
  • the method according to the present invention is performed in an environment including a user terminal 10, an account module 20, a work program module 30, and a certification authority server 40.
  • the certification authority server 40 is used to obtain a temporary anonymous certificate required when performing an operation online.
  • the account module 20 and the work program module 30 may be components included in the blockchain.
  • the temporary anonymous certificate according to the present invention is defined as a digital certificate that is valid only once or within a predetermined number or time for a job that requires verification of the result of a job by means of a certificate, and cannot identify information related to the user's identity.
  • the user terminal 10 generates a temporary anonymous certificate and a public key and a private key to be used (step 100).
  • the user terminal 10 digitally signs the work program module ID (V_ID) with the generated secret key to generate a first digital signature value (Sign_1) (step 101).
  • the user terminal 10 generates a first encryption value E_1 by encrypting the work program module ID and the first digital signature value Sign_1 with the public key of the certification authority server (step 102).
  • the user terminal 10 transmits a first identification ID (A_ID) and a first encryption value (E_1) uniquely assigned to each user in the account module to the account module 20 to request a second identification ID (AA_ID). Do (step 103).
  • the account module 20 generates a second encryption value E_2, which is an isomorphic encryption value HE(AA_ID) of the second identification ID AA_ID (step 109).
  • the second encryption value E_2 HE(AA_ID) may be calculated by performing a one-way function operation on a value including the first identification ID A_ID.
  • the above value may include a random value and/or an isomorphic encryption value of a random value.
  • the second encryption value E_2 may be calculated to have the following relationship, for example.
  • Re is a random value generated by the user terminal, and Ra may be a random value generated by the account module.
  • the account module 20 digitally signs the first encryption value E_1 to generate a second digital signature value Sign_2 (step 110).
  • the account module 20 generates a permission value in step 111.
  • the permission value includes a first encryption value E_1 and a second digital signature value Sign_2.
  • the account module 20 generates a third digital signature value Sign_3 by performing an electronic signature on the second encryption value E_2 and the permission value (step 112).
  • the account module 20 transmits the second encryption value E_2, the permission value, and the third digital signature value Sign_3 to the user terminal 10 (step 113).
  • FIG. 2 shows a pre-processing process in the case where the user terminal 10 does not have the homomorphic encryption value HE(Re) of the random value Re.
  • step 103 in order to receive a request for a second identification ID (AA_ID) from the user terminal 10 and generate the isomorphic encryption value (HE(AA_ID) of the second identification ID, the HE(Re) value as described above. If this is necessary, but if it does not have the value, it requests the user terminal 10 to reset the random value Re (step 104).
  • the user terminal 10 generates a random value Re and performs homomorphic encryption on the random value (step 105).
  • the user terminal 10 transmits the isomorphic encryption value HE(Re) of a random value to the account module 20 (step 106), and the account module 20 generates another random value Ra (step 107).
  • the account module stores the first identification ID (A_ID), the random value (Ra), and the isomorphic encryption value (HE(Re)) of the random value received from the user terminal (step 108), and The second encryption value E_2 is generated through the same relationship (step 109).
  • the subsequent process is the same as steps 110 to 113 of FIG. 1.
  • Working online can be, for example, an electronic voting where anonymity must be guaranteed.
  • the user terminal 10 first transmits a work program module ID (V_ID) to the work program module 30, a public key of a certificate, a second encryption value (E_2), a permission value, and a third digital signature value (Sign_3).
  • V_ID work program module ID
  • E_2 public key of a certificate
  • E_2 second encryption value
  • Sign_3 third digital signature value
  • the work program module 30 verifies the second encryption value E_2 and the permission value (step 301), and if the verification is successful, generates a temporary anonymous certificate ID (TAC_ID) (step 302).
  • TAC_ID temporary anonymous certificate ID
  • the work program module 30 transmits the temporary anonymous certificate ID, the work program module ID (V_ID), the permission value, and the public key of the TAC to the certification authority server 40 to request a temporary anonymous certificate (step 303). ).
  • the certification authority server 40 verifies the permission value with the certificate of the account module (step 304).
  • the certification authority server 40 decodes the permission value to obtain a work program module ID (V_ID) and a first digital signature value (Sign_1) (step 305).
  • the certification authority server 40 verifies the work program module ID (V_ID) (step 306).
  • V_ID The verification of the work program module ID is performed by comparing the V_ID received in step 303 with the V_ID obtained through decoding the permission value in step 305, and whether they are the same.
  • V_ID work program module ID
  • TAC generated certificate
  • the job program module 30 generates a third encryption value (E_3) that is set to a value obtained by homomorphic encryption of the job identification ID (BallotStamp), and calculates a random value and a third encryption value (E_3) by a first equation.
  • One value is generated as the fourth encrypted value E_4, which is an isomorphic encrypted value of the tag value (tag) (step 309).
  • the third encryption value E_3 may be calculated by performing a one-way function operation on a value including the second encryption value E_2, and isomorphic encryption of a random value and/or a random value to the value to ensure randomness. May contain values.
  • the third encryption value may be calculated by the following relationship.
  • the first equation may be, for example, an equation that multiplies the first random value r1 and the third encryption value E_3 and then adds the second random value r2.
  • the first equation may include an XOR operation. In that case, the following relationship is established.
  • the work program module 30 stores a temporary anonymous certificate ID (TAC_ID) and a random value used to generate the third encryption value E_3 (step 310).
  • TAC_ID temporary anonymous certificate ID
  • E_3 random value used to generate the third encryption value E_3
  • the work program module 30 transmits the third encryption value E_3, the fourth encryption value E_4, and the temporary anonymous certificate TAC to the user terminal 10 (step 312).
  • the user terminal 10 decrypts the third and fourth encryption values E_3 and E_4 to obtain and store a job identification ID (BallotStamp) and a tag value (steps 313 and 314).
  • the user terminal 10 digitally signs a job identification ID (BallotStamp), a tag value, and a job result (for example, a voting result) using a secret key of a temporary anonymous certificate (TAC) to obtain a fourth digital signature value. (Sign_4) is generated (step 315).
  • the user terminal 10 includes a work program module ID (V_ID), a work identification ID (BallotStamp), a tag value, a work result, a fourth digital signature value (Sign_4), a temporary anonymous certificate ID (TAC_ID), and , Transmits a temporary anonymous certificate (TAC) to the work program module 30 (step 316).
  • V_ID work program module ID
  • BallotStamp work identification ID
  • Sign_4 fourth digital signature value
  • TAC_ID temporary anonymous certificate ID
  • TAC temporary anonymous certificate
  • the job program module 30 verifies the tag value received in step 317 and the fourth digital signature value (Sign_4), and if successful, a job identification ID (BallotStamp), a tag value, a job result, and a random value. And, the fourth digital signature value (Sign_4) and a temporary anonymous certificate are stored, otherwise, the storage of the work result is rejected.
  • step 316 If the tag value received in step 316 is the same as the value calculated by the first equation for the random value and the third encryption value E_3, it is determined that the verification has been successful, otherwise it is determined that the verification has failed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A preprocessing method for generating a temporary anonymous certificate according to the present invention: generates, by a user terminal, a public key and a private key; generates, by the user terminal, a first validity verification value by digitally signing an ID of a work program module via the private key; generates, by the user terminal, a first encryption value by encrypting the ID of the work program module and the first validity verification value via the public key of a certificate authority; transmits, by the user terminal, a first account ID and the first encryption value to an account module; generates, by the account module, a second encryption value that is a value obtained by homogeneously encrypting a second account ID; generates, by the account module, a second validity verification value by digitally signing the first encryption value; generates, by the account module, a permission value including the first encryption value and the second validity verification value; generates, by the account module, a third validity verification value by digitally signing the second encryption value and the permission value; and transmits, by the account module, the second encryption value, the permission value, and the third validity verification value to the user terminal.

Description

임시 익명 인증서 생성 방법How to generate a temporary anonymous certificate
본 발명은, 온라인에서 익명성이 보장되어야 하는 활동이나 작업에서 사용자의 익명성을 보장하면서도 사용자의 작업 결과가 위변조되지 않았음을 보증하기 위한 임시 익명 인증서를 생성하는 방법에 대한 것이다.The present invention relates to a method of generating a temporary anonymous certificate to ensure that the result of the user's work is not forged while ensuring the anonymity of the user in an activity or work where anonymity is to be guaranteed online.
온라인의 발달과 더불어 오프라인에서 하던 많은 활동이나 작업들이 온라인으로 옮겨 오고 있는 실정이다. 예를 들어, 온라인상에서 금융 거래를 하거나, 상품 구매를 하거나, 전자 투표와 같은 의사 표시를 하는 등 온라인에서의 활동이나 작업들이 늘어나고 있는 추세이다.With the development of online, many activities and tasks that were done offline are moving to online. For example, online activities and tasks are increasing, such as making financial transactions online, purchasing products, or expressing intentions such as electronic voting.
통상의 온라인 활동이나 작업은 사용자의 신원확인과 부인 방지를 위한 조치가 필요한 경우가 많다. 예를 들어 온라인상의 금융 거래에서 정당한 사용자인지 확인하고, 온라인상의 금융 거래 내역을 차후에 사용자가 부인하지 못하도록 해야 하는 조치가 필요하다. 이러한 조치를 위해서 온라인상의 거래, 활동, 작업 등에 디지털 인증서가 도입되어 사용되고 있다. 대표적인 것이 공인인증서인데, 이 공인인증서는 사용자의 비밀키와 공개키를 포함하고 있어서, 온라인으로 전송하는 거래, 활동, 작업의 내역을 암호화하여 상대방에게 전송할 수 있고, 관련 내역이 위변조되지 않았음을 상대방이 증명할 수 있는 전자서명을 가능하게 한다.Normal online activities or tasks often require measures to verify the identity of the user and prevent non-repudiation. For example, in online financial transactions, it is necessary to check whether the user is a legitimate user, and to prevent users from denying the details of online financial transactions in the future. For these measures, digital certificates have been introduced and used for online transactions, activities, and work. The representative one is the public certificate, which contains the user's private key and public key, so that the details of transactions, activities, and operations transmitted online can be encrypted and transmitted to the other party, and the related details have not been forged. It enables an electronic signature that the other party can prove.
그런데 온라인상의 활동이나 작업에서 사용자의 신원이 노출되지 않아야 하는 경우가 있다. 대표적인 예로, 익명성이 보장되어야 하는 전자 투표와 같은 의사표시활동이 온라인에서 진행되는 경우에, 투표 결과가 위변조되지 않았음을 증명하기 위해 종래 기술에 의한 인증서를 도입하면 투표자의 신원이 노출되는 등의 한계가 있어서 적용하기 어려웠다.However, there are cases where the identity of the user should not be exposed in online activities or tasks. As a representative example, in the case where anonymity is required, such as electronic voting, which is performed online, the voter's identity is exposed when a certificate according to the prior art is introduced to prove that the voting result has not been forged. It was difficult to apply because of the limitations of
본 발명은 온라인상에서 수행되는 활동이나 작업의 결과의 무결성을 증명할 수 있으면서도 익명성을 보장할 수 있는 임시 익명 인증서를 생성하는 방법을 제공하는 것을 목적으로 한다.An object of the present invention is to provide a method of generating a temporary anonymous certificate that can guarantee anonymity while certifying the integrity of the result of an activity or work performed online.
본 발명에 의한 임시 익명 인증서를 생성하기 위한 사전 처리 방법은, 어카운트 모듈 및 작업 프로그램 모듈이 포함된 블록 체인과, 사용자 단말기와, 인증 기관 서버(CA)를 포함하는 환경에서 수행된다.The pre-processing method for generating a temporary anonymous certificate according to the present invention is performed in an environment including a block chain including an account module and a work program module, a user terminal, and a certification authority server (CA).
상기 사전 처리 방법은, 사용자 단말기가, 공개키 및 비밀키를 생성하는 제1 단계와; 사용자 단말기가, 작업 프로그램 모듈의 ID(V_ID)를 상기 비밀키로 전자서명하여 제1 유효성 검증값(Sign_1)을 생성하는 제2 단계와; 사용자 단말기가, 작업 프로그램 모듈의 ID와 제1 유효성 검증값을 인증 기관의 공개키(CA Public Key)로 암호화하여 제1 암호화값(E_1)을 생성하는 제3 단계와; 사용자 단말기가, 제1 어카운트 ID(A_ID)와, 제1 암호화값(E_1)을 어카운트 모듈로 전송하는 제4 단계와; 어카운트 모듈이, 제2 어카운트 ID(AA_ID)를 동형 암호화한 값인 제2 암호화값(E_2)을 생성하는 제5 단계와; 어카운트 모듈이, 제1 암호화값(E_1)을 전자 서명하여 제2 유효성 검증값(Sign_2)을 생성하는 제6 단계와; 어카운트 모듈이, 제1 암호화값(E_1) 및 제2 유효성 검증값(Sign_2)을 포함하는 허가값(permission)을 생성하는 제7 단계와; 어카운트 모듈이, 제2 암호화값(E_2)과 허가값을 전자 서명하여 제3 유효성 검증값(Sign_3)을 생성하는 제8 단계와; 어카운트 모듈이, 제2 암호화값(E_2)과, 허가값과, 제3 유효성 검증값(Sign_3)을 사용자 단말기로 전송하는 제9 단계를 포함한다.The pre-processing method includes: a first step of generating, by a user terminal, a public key and a private key; A second step of generating, by a user terminal, a first validation value (Sign_1) by digitally signing an ID (V_ID) of a work program module with the secret key; A third step of generating, by the user terminal, the first encryption value E_1 by encrypting the ID of the work program module and the first validation value with a CA Public Key of the certification authority; A fourth step of transmitting, by the user terminal, a first account ID (A_ID) and a first encryption value (E_1) to an account module; A fifth step of generating, by the account module, a second encryption value (E_2), which is a value obtained by homogeneously encrypting the second account ID (AA_ID); A sixth step of generating, by the account module, a second validation value (Sign_2) by electronically signing the first encryption value (E_1); A seventh step of generating, by the account module, a permission value including a first encryption value E_1 and a second validation value Sign_2; An eighth step of generating, by the account module, a third validation value (Sign_3) by electronically signing the second encryption value (E_2) and the permission value; The account module includes a ninth step of transmitting the second encryption value E_2, the permission value, and the third validity verification value Sign_3 to the user terminal.
제2 암호화값은, 제1 신원 확인 ID와, 어카운트 모듈이 생성한 랜덤값과, 사용자 단말기가 생성한 랜덤값을 동형 암호화한 값에 단방향 함수 연산을 수행하여 산출된 값일 수 있다.The second encryption value may be a value calculated by performing a one-way function operation on a value obtained by homomorphic encryption of the first identification ID, the random value generated by the account module, and the random value generated by the user terminal.
상기 사전 처리 방법이 수행된 후에 사용자 단말기가 수행한 작업 결과를 작업 프로그램 모듈에 저장하는 방법은, 작업 프로그램 모듈이, 작업 프로그램 모듈의 ID와, 공개키와, 제2 암호화값(E_2)과, 허가값과, 제3 유효성 검증값(Sign_3)을, 사용자 단말기로부터 수신하는 제1-1 단계와; 작업 프로그램 모듈이, 제2 암호화값(E_2)과, 허가값을 검증하는 제2-1 단계와; 작업 프로그램 모듈이, 임시 익명 인증서의 ID를 생성하는 제3-1 단계와; 작업 프로그램 모듈이, 임시 익명 인증서의 ID와, 작업 프로그램 모듈 ID와, 허가값과, 공개키를, 인증 기관 서버로 전송하는 제4-1 단계와; 인증 기관 서버가, 어카운트 모듈의 인증서로 허가값을 검증하는 제5-1 단계와; 인증 기관 서버가, 허가값을 복호화하여, 작업 프로그램 모듈의 ID와(V_ID), 제1 유효성 검증값(Sign_1)을 획득하는 제6-1 단계와; 인증 기관 서버가, 임시 익명 인증서를 생성하는 제7-1 단계와; 작업 프로그램 모듈이, 임시 익명 인증서를, 인증 기관 서버로부터 수신하는 제8-1 단계와; 작업 프로그램 모듈이, 작업 식별 ID를 동형 암호화한 값인 제3 암호화값(E_3)을 생성하는 제9-1 단계와; 작업 프로그램 모듈이, 랜덤값을 제3 암호화값(E_3)과 제1 수식에 의해 연산한 값을, 태그값(tag)을 동형 암호화한 제4 암호화값(E_4)으로 산출하는 제10-1 단계와; 작업 프로그램 모듈이, 제3 암호화값(E_3)과, 제4 암호화값(E_4)과, 임시 익명 인증서를, 사용자 단말기로 전송하는 제11-1 단계와; 사용자 단말기가, 제3 암호화값(E_3)과 제4 암호화값(E_4)을 복호화하여, 작업 식별 ID와, 태그값을 획득하는 제12-1 단계와; 사용자 단말기가, 작업 식별 ID와, 태그값과, 작업 결과를 임시 익명 인증서의 비밀키로 전자서명하여 제4 유효성 검증값(Sign_4)을 생성하는 제13-1 단계와; 작업 프로그램 모듈이, 작업 프로그램 모듈 ID(V_ID)와, 작업 식별 ID(Ballot Stamp)와, 태그값과, 작업 결과(voting)와, 제4 유효성 검증값(Sign_4)과, 임시 익명 인증서의 ID와, 임시 익명 인증서를, 사용자 단말기로부터 수신하는 제14-1 단계와; 작업 프로그램 모듈이, 제4 유효성 검증값(Sign_4)과 태그값을 검증하여 성공하면 작업 결과를 저장하고, 그렇지 않으면 작업 결과를 저장하지 않는 제15-1 단계를 포함한다.The method of storing the work result performed by the user terminal in the work program module after the pre-processing method is performed, the work program module, the ID of the work program module, a public key, a second encryption value (E_2), A step 1-1 of receiving the permission value and the third validity verification value (Sign_3) from the user terminal; A second step of verifying, by the work program module, the second encryption value E_2 and the permission value; A step 3-1 of generating, by the work program module, an ID of a temporary anonymous certificate; A step 4-1 of transmitting, by the work program module, the ID of the temporary anonymous certificate, the work program module ID, the permission value, and the public key to the certification authority server; A step 5-1 of the certification authority server verifying the permission value with the certificate of the account module; A step 6-1 of decoding the authorization value, by the certification authority server, to obtain an ID of the work program module (V_ID) and a first validation value (Sign_1); A step 7-1 of generating, by the certification authority server, a temporary anonymous certificate; Step 8-1, wherein the work program module receives the temporary anonymous certificate from the certification authority server; A 9-1 step of generating, by the work program module, a third encryption value (E_3), which is a value obtained by homogeneously encrypting the job identification ID; Step 10-1, wherein the work program module calculates the random value calculated by the third encryption value E_3 and the first formula as the fourth encryption value E_4 obtained by homomorphic encryption of the tag value. Wow; A step 11-1 of transmitting, by the work program module, a third encryption value (E_3), a fourth encryption value (E_4), and a temporary anonymous certificate to the user terminal; A step 12-1 of decrypting, by the user terminal, the third encryption value E_3 and the fourth encryption value E_4 to obtain a job identification ID and a tag value; A step 13-1 of digitally signing, by the user terminal, a job identification ID, a tag value, and a job result with a secret key of a temporary anonymous certificate to generate a fourth validation value (Sign_4); The work program module includes a work program module ID (V_ID), a work identification ID (Ballot Stamp), a tag value, a work result (voting), a fourth validation value (Sign_4), and an ID of a temporary anonymous certificate. , Step 14-1 of receiving a temporary anonymous certificate from the user terminal; The work program module includes step 15-1 of verifying the fourth validation value Sign_4 and the tag value and storing the work result if successful, and not storing the work result otherwise.
제3 암호화값은, 제2 암호화값(E_2)과 작업 프로그램 모듈 ID에 대해 단방향 함수 연산을 수행하여 산출한 값일 수 있다.The third encryption value may be a value calculated by performing a one-way function operation on the second encryption value E_2 and the work program module ID.
본 발명과 같이 임시 익명 인증서를 사용하여 온라인상의 활동이나 작업 결과의 무결성을 확인하고 저장하게 하면 작업 프로그램 모듈에 위변조된 작업 결과를 저장할 수 없게 된다.If the integrity of the online activity or work result is verified and stored using a temporary anonymous certificate as in the present invention, it is impossible to store the forged work result in the work program module.
도 1은 임시 익명 인증서 발급을 위한 사전 처리 과정의 흐름도.1 is a flow chart of a pre-processing process for issuing a temporary anonymous certificate.
도 2는 도 1의 변형 실시예의 흐름도.Fig. 2 is a flow chart of a modified embodiment of Fig. 1;
도 3은 임시 익명 인증서 발급 및 작업 결과 저장의 흐름도.3 is a flowchart of issuing a temporary anonymous certificate and storing a result of the operation.
도 4는 본 발명을 실시하는 전자적 연산 장치의 블록도.Fig. 4 is a block diagram of an electronic computing device embodying the present invention.
이하에서는 첨부 도면을 참조하여 본 발명에 대해서 자세하게 설명한다.Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.
본 명세서에서 수행되는 정보(데이터) 전송/수신 과정은 필요에 따라서 암호화/복호화가 적용될 수 있으며, 본 명세서 및 특허청구범위에서 정보(데이터) 전송 과정을 설명하는 표현은 별도로 언급되지 않더라도 모두 암호화/복호화하는 경우도 포함하는 것으로 해석되어야 한다. 본 명세서에서 "A로부터 B로 전송(전달)" 또는 "A가 B로부터 수신"과 같은 형태의 표현은 중간에 다른 매개체가 포함되어 전송(전달) 또는 수신되는 것도 포함하며, A로부터 B까지 직접 전송(전달) 또는 수신되는 것 만을 표현하는 것은 아니다. 본 발명의 설명에 있어서 각 단계의 순서는 선행 단계가 논리적 및 시간적으로 반드시 후행 단계에 앞서서 수행되어야 하는 경우가 아니라면 각 단계의 순서는 비제한적으로 이해되어야 한다. 즉 위와 같은 예외적인 경우를 제외하고는 후행 단계로 설명된 과정이 선행 단계로 설명된 과정보다 앞서서 수행되더라도 발명의 본질에는 영향이 없으며 권리범위 역시 단계의 순서에 관계없이 정의되어야 한다. 그리고 본 명세서에서 “A 또는 B”은 A와 B 중 어느 하나를 선택적으로 가리키는 것뿐만 아니라 A와 B 모두를 포함하는 것도 의미하는 것으로 정의된다. 또한, 본 명세서에서 "포함"이라는 용어는 포함하는 것으로 나열된 요소 이외에 추가로 다른 구성요소를 더 포함하는 것도 포괄하는 의미를 가진다.Encryption/decryption may be applied to the information (data) transmission/reception process performed in this specification as needed, and expressions describing the information (data) transmission process in this specification and claims are all encrypted/ It should be interpreted as including the case of decryption. In this specification, expressions in the form of "transmitted from A to B (transmitted)" or "received from A by B" include those transmitted (transmitted) or received with another medium in the middle, and directly from A to B It does not just express what is transmitted (delivered) or received. In the description of the present invention, the order of each step is to be understood without limitation, unless the preceding step must be performed logically and temporally prior to the subsequent step. That is, except for the above exceptional cases, even if a process described as a subsequent step is performed prior to a process described as a preceding step, the essence of the invention is not affected, and the scope of rights should be defined regardless of the order of the steps. And in the present specification, "A or B" is defined to mean not only selectively indicating any one of A and B, but also including both A and B. In addition, in the present specification, the term "comprising" has the meaning of encompassing a further including other elements in addition to the elements listed as including.
본 명세서에서 "모듈"이라 함은 범용적인 하드웨어와 그 기능을 수행하는 소프트웨어의 논리적 결합을 의미한다. In this specification, the term "module" refers to a logical combination of general-purpose hardware and software that performs the function.
본 명세서에서는 본 발명의 설명에 필요한 필수적인 구성요소만을 설명하며, 본 발명의 본질과 관계가 없는 구성요소는 언급하지 아니한다. 그리고 언급되는 구성요소만을 포함하는 배타적인 의미로 해석되어서는 아니되며 필수적이지 않은 특정 구성요소를 배제하거나 다른 구성요소도 포함할 수 있는 비배타적인 의미로 해석되어야 한다.In the present specification, only essential components necessary for the description of the present invention are described, and components not related to the essence of the present invention are not mentioned. In addition, it should not be interpreted as an exclusive meaning including only the mentioned components, but should be interpreted as a non-exclusive meaning that may exclude certain non-essential components or include other components.
본 발명은 전자적 연산이 가능한 컴퓨터 등의 전자적 연산 장치에 의해서 수행되며, 후술하는 본 발명의 각 단계의 수학적 연산 및 산출은 해당 연산 또는 산출을 하기 위해 공지되어 있는 코딩 방법 및/또는 본 발명에 적합하게 고안된 코딩에 의해서 컴퓨터 연산으로 구현될 수 있다.The present invention is performed by an electronic computing device such as a computer capable of electronic calculation, and the mathematical calculation and calculation of each step of the present invention described below are suitable for the known coding method and/or the present invention to perform the corresponding calculation or calculation. It can be implemented as a computer operation by a coding designed in a way.
본 발명의 수행은 다양한 전자적 연산 장치에 의해서 수행될 수 있다. 본 발명의 각 단계를 수행하는 전자적 연산 장치의 일례가 도 4에 도시되어 있다. 도 4에 도시된 바와 같이 전자적 연산 장치(1309)는 프로세서(예를 들어 중앙 처리 유니트(CPU) 1310)와, 메모리(1320)와, 유선 또는 무선 통신 유니트(1330)와, 적어도 하나의 입력 유니트(1340), 및 적어도 하나의 출력 유니트(1350)를 포함하지만, 포함하는 구성요소는 열거된 구성요소에 제한되지 않는다. 도 13에 도시된 구조는 단지 설명의 목적으로 단순화되어 제공되는 것이라는 점이 이해되어야 한다. 전자적 연산 장치(1309)의 구조는 후술하는 특허청구범위에 따라서 당업자에 의해 적절한 방식으로 변경될 수 있다. 또한, 전자적 연산 장치(109)의 각 구성요소 역시 후술하는 특허청구범위에 따라서 당업자에 의해 적절한 방식으로 변경될 수 있다. 그러므로, 도 4에 도시된 장치의 구조는 단지 예시적이며 본 발명의 권리범위를 제한하는 것으로 해석되어서는 아니된다.The implementation of the present invention can be performed by various electronic computing devices. An example of an electronic computing device that performs each step of the present invention is shown in FIG. 4. As shown in FIG. 4, the electronic processing unit 1309 includes a processor (e.g., a central processing unit (CPU) 1310), a memory 1320, a wired or wireless communication unit 1330, and at least one input unit. 1340, and at least one output unit 1350, but the included components are not limited to the listed components. It should be understood that the structure shown in FIG. 13 is provided simplified for illustration purposes only. The structure of the electronic computing device 1309 may be changed in an appropriate manner by a person skilled in the art according to the claims to be described later. In addition, each component of the electronic computing device 109 may also be changed in an appropriate manner by a person skilled in the art according to the claims to be described later. Therefore, the structure of the apparatus shown in FIG. 4 is merely exemplary and should not be construed as limiting the scope of the present invention.
프로세서(1300)는 전자적 연산 장치(1309)의 작동을 제어할 수 있다. 더 자세하게는 프로세서(1310)는 도 4에 도시된 바와 같은 전자적 연산 장치(1309)에 설치된 여러 구성요소를 제어하고 상호작용하도록 작동될 수 있다. 예를 들어, 메모리(1320)는 프로세서(1300)에 의해 실행되는 프로그램 명령이나 데이터를 저장할 수 있다. 본 명세서에서 설명하는 프로세스(단계)는 프로세서(1300)의 실행을 위해 메모리(1320)에 프로그램 명령어의 형태로 저장될 수 있다. 통신 유니트(1330)는 전자적 연산 장치(1309)가 통신 네트워크를 통해서 적어도 하나의 외부 장치로 데이터를 전송하거나 적어도 하나의 외부 장치로부터 데이터를 수신하도록 할 수 있다. 입력 유니트(1340)는 전자적 연산 장치(1309)가 오디오/비디오 입력, 사용자 입력, 데이터 입력 등의 다양한 형태의 입력을 수신하도록 할 수 있다. 이러한 목적을 위해 입력 유니트(1340)는 다양한 형태의 입력을 받아들이기 위해서 예를 들어, 적어도 하나의 카메라(1342, 즉 "이미지 획득 유니티")와, 터치 패널(1344)과, 마이크로폰(도시되지 않음), 센서(1346), 키보드, 마우스, 적어도 하나의 버튼이나 스위치(도시되지 않음) 등과 같은 다양한 입력 장치를 포함할 수 있다. 본 명세서에서 사용되는 "이미지 획득 유니트"라는 용어는 카메라(1342)를 가리킬 수 있지만 그것에 제한되는 것은 아니다. 출력 유니트(1350)는, 사용자가 볼 수 있도록 디스플레이 스크린(1352)에 정보를 표시할 수 있다. 디스플레이 스크린(1352)은 공지되어 있는 다양한 메커니즘을 통해서 사용자 태핑(tapping)이나 스크린(1352)을 누르는 것과 같은 적어도 하나의 입력을 받아들이도록 구성될 수 있다. 출력 유니트(1350)는, 광원(1354)을 더 포함할 수 있다. 전자적 연산 장치(1309)는, 단일 장치로 도시되어 있지만, 사용되는 동안 서로 연결되고 상호작용할 수 있는 다중의 분리된 장치로 구성될 수 도 있다.The processor 1300 may control the operation of the electronic computing device 1309. In more detail, the processor 1310 may be operated to control and interact with various components installed in the electronic computing device 1309 as shown in FIG. 4. For example, the memory 1320 may store program instructions or data executed by the processor 1300. The process (step) described herein may be stored in the memory 1320 in the form of program instructions for execution of the processor 1300. The communication unit 1330 may allow the electronic computing device 1309 to transmit data to at least one external device or receive data from at least one external device through a communication network. The input unit 1340 may enable the electronic computing device 1309 to receive various types of inputs such as audio/video input, user input, and data input. For this purpose, the input unit 1340 is, for example, at least one camera 1342 (that is, "image acquisition unity"), a touch panel 1344, and a microphone (not shown) in order to accept various types of input. ), a sensor 1346, a keyboard, a mouse, and at least one button or switch (not shown). The term "image acquisition unit" as used herein may refer to the camera 1342, but is not limited thereto. The output unit 1350 may display information on the display screen 1352 so that the user can see it. The display screen 1352 may be configured to accept at least one input, such as a user tapping or pressing the screen 1352 through a variety of known mechanisms. The output unit 1350 may further include a light source 1354. The electronic computing device 1309 is shown as a single device, but may also consist of multiple separate devices that can be connected and interact with each other while in use.
그리고 본 명세서에서 "값"이라 함은 스칼라값 뿐만 아니라 벡터 및 행렬, 텐서, 다항식도 포함하는 광의의 개념으로 정의된다.In the present specification, the term "value" is defined in a broad sense including not only scalar values, but also vectors, matrices, tensors, and polynomials.
본 명세서에서 HE(**)은 괄호 안의 값을 동형 암호화한 값을 의미한다.In the present specification, HE(**) refers to a value obtained by isomorphically encoding a value in parentheses.
본 명세서에서는 설명의 편의를 위해 "전자 서명값" 또는 "전자 서명"이라는 용어를 사용하지만, 정보의 위변조 여부를 판단할 수 있는 값(유효성 검증값)이라면 어느 것이든 유효성 검증값으로 사용할 수 있으며, 통상의 전자 서명 이외에도 어느 방식이든 유효성 검증값의 생성에 사용할 수 있는 것으로 이해되어야 한다.In this specification, the terms "electronic signature value" or "electronic signature" are used for convenience of explanation, but any value (validity verification value) that can determine whether information is forged or altered can be used as a validity verification value. In addition, it should be understood that any method other than the usual electronic signature can be used to generate the validation value.
본 발명에 의한 방법은, 사용자 단말기(10)와, 어카운트 모듈(20)과, 작업 프로그램 모듈(30)과, 인증기관 서버(40)를 포함하는 환경에서 수행된다. 인증기관 서버(40)는 온라인에서 작업을 수행할 때에 필요한 임시 익명 인증서를 발급받을 때에 사용된다. 어카운트 모듈(20)과 작업 프로그램 모듈(30)은 블록체인에 포함되는 구성요소일 수 있다.The method according to the present invention is performed in an environment including a user terminal 10, an account module 20, a work program module 30, and a certification authority server 40. The certification authority server 40 is used to obtain a temporary anonymous certificate required when performing an operation online. The account module 20 and the work program module 30 may be components included in the blockchain.
도 1에는 본 발명에 의한 임시 익명 인증서(Temporary Anonymous Certificate; TAC)의 발급을 위한 사전 처리 방법의 흐름도가 도시되어 있다. 본 발명에 의한 임시 익명 인증서는, 인증서에 의한 작업 결과 검증이 필요한 작업에 대해서 1회 또는 미리 정해진 횟수 또는 시간 내에서만 유효하며, 사용자의 신원에 관련된 정보를 식별할 수 없는 디지털 인증서로 정의된다.1 is a flowchart of a pre-processing method for issuing a temporary anonymous certificate (TAC) according to the present invention. The temporary anonymous certificate according to the present invention is defined as a digital certificate that is valid only once or within a predetermined number or time for a job that requires verification of the result of a job by means of a certificate, and cannot identify information related to the user's identity.
사용자 단말기(10)는 임시 익명 인증서와 사용될 공개키와 비밀키를 생성한다(단계 100). 사용자 단말기(10)는 생성한 비밀키로 작업 프로그램 모듈 ID(V_ID)를 전자서명하여 제1 전자서명값(Sign_1)을 생성한다(단계 101).The user terminal 10 generates a temporary anonymous certificate and a public key and a private key to be used (step 100). The user terminal 10 digitally signs the work program module ID (V_ID) with the generated secret key to generate a first digital signature value (Sign_1) (step 101).
사용자 단말기(10)는 인증 기관 서버의 공개키로 작업 프로그램 모듈 ID와 제1 전자서명값(Sign_1)을 암호화하여 제1 암호화값(E_1)을 생성한다(단계 102).The user terminal 10 generates a first encryption value E_1 by encrypting the work program module ID and the first digital signature value Sign_1 with the public key of the certification authority server (step 102).
사용자 단말기(10)는 어카운트 모듈에서 사용자별로 고유하게 부여되는 제1 신원 확인 ID(A_ID)와 제1 암호화값(E_1)을 어카운트 모듈(20)로 전송하여 제2 신원 확인 ID(AA_ID)를 요청한다(단계 103).The user terminal 10 transmits a first identification ID (A_ID) and a first encryption value (E_1) uniquely assigned to each user in the account module to the account module 20 to request a second identification ID (AA_ID). Do (step 103).
어카운트 모듈(20)은 제2 신원 확인 ID(AA_ID)의 동형 암호화값(HE(AA_ID))인 제2 암호화값(E_2)을 생성한다(단계 109). 제2 암호화값(E_2 = HE(AA_ID))은 제1 신원 확인 ID(A_ID)을 포함하는 값에 단방향 함수 연산을 수행하여 산출될 수 있다. 제2 신원 확인 ID(AA_ID)의 무작위성 담보를 위해서 위 값에는 랜덤값 및/또는 랜덤값의 동형 암호화값이 포함될 수 있다.The account module 20 generates a second encryption value E_2, which is an isomorphic encryption value HE(AA_ID) of the second identification ID AA_ID (step 109). The second encryption value E_2 = HE(AA_ID) may be calculated by performing a one-way function operation on a value including the first identification ID A_ID. In order to ensure the randomness of the second identification ID (AA_ID), the above value may include a random value and/or an isomorphic encryption value of a random value.
제2 암호화값(E_2)은 예를 들어 다음과 같은 관계를 가지도록 산출될 수 있다.The second encryption value E_2 may be calculated to have the following relationship, for example.
HE(AA_ID) = Hash[A_ID, Ra, HE(Re)] = HE[Hash(A_ID, Ra, Re)]HE(AA_ID) = Hash[A_ID, Ra, HE(Re)] = HE[Hash(A_ID, Ra, Re)]
Re는 사용자 단말기측에서 생성한 랜덤값이고, Ra는 어카운트 모듈이 생성한 랜덤값이 될 수 있다.Re is a random value generated by the user terminal, and Ra may be a random value generated by the account module.
어카운트 모듈(20)은 제1 암호화값(E_1)에 대해 전자서명을 하여 제2 전자서명값(Sign_2)을 생성한다(단계 110).The account module 20 digitally signs the first encryption value E_1 to generate a second digital signature value Sign_2 (step 110).
어카운트 모듈(20)은 단계(111)에서 허가값(permission)을 생성한다. 허가값은, 제1 암호화값(E_1)과, 제2 전자서명값(Sign_2)을 포함한다.The account module 20 generates a permission value in step 111. The permission value includes a first encryption value E_1 and a second digital signature value Sign_2.
어카운트 모듈(20)은, 제2 암호화값(E_2)과 허가값에 대해서 전자서명을 수행하여 제3 전자서명값(Sign_3)을 생성한다(단계 112).The account module 20 generates a third digital signature value Sign_3 by performing an electronic signature on the second encryption value E_2 and the permission value (step 112).
어카운트 모듈(20)은 제2 암호화값(E_2)과, 허가값과, 제3 전자서명값(Sign_3)을 사용자 단말기(10)로 전송한다(단계 113).The account module 20 transmits the second encryption value E_2, the permission value, and the third digital signature value Sign_3 to the user terminal 10 (step 113).
도 2에는 사용자 단말기(10)에 랜덤값(Re)의 동형암호화값(HE(Re))이 없는 경우의 사전 처리 과정이 도시되어 있다.FIG. 2 shows a pre-processing process in the case where the user terminal 10 does not have the homomorphic encryption value HE(Re) of the random value Re.
단계(103)에서 사용자 단말기(10)로부터 제2 신원 확인 ID(AA_ID)의 요청을 받고 제2 신원 확인 ID의 동형 암호화값(HE(AA_ID)을 생성하기 위해서는 전술한 바와 같이 HE(Re)값이 필요한데, 만약 그 값을 갖고 있지 않다면 사용자 단말기(10)에 랜덤값(Re)의 리셋을 요청한다(단계 104).In step 103, in order to receive a request for a second identification ID (AA_ID) from the user terminal 10 and generate the isomorphic encryption value (HE(AA_ID) of the second identification ID, the HE(Re) value as described above. If this is necessary, but if it does not have the value, it requests the user terminal 10 to reset the random value Re (step 104).
사용자 단말기(10)는, 랜덤값(Re)을 생성하고 그 랜덤값에 대해 동형 암호화를 수행한다(단계 105).The user terminal 10 generates a random value Re and performs homomorphic encryption on the random value (step 105).
사용자 단말기(10)는 랜덤값의 동형 암호화값(HE(Re))을 어카운트 모듈(20)로 전송하고(단계 106), 어카운트 모듈(20)은 또 다른 랜덤값(Ra)을 생성한다(단계 107).The user terminal 10 transmits the isomorphic encryption value HE(Re) of a random value to the account module 20 (step 106), and the account module 20 generates another random value Ra (step 107).
이어서 어카운트 모듈은 제1 신원 확인 ID(A_ID)와, 랜덤값(Ra)과, 사용자 단말기로부터 수신한 랜덤값의 동형암호화값(HE(Re))을 저장하고(단계 108), 전술한 예시와 같은 관계를 통해서 제2 암호화값(E_2)을 생성한다(단계 109). 그 이후의 과정은 도 1의 단계(110) 내지 단계(113)과 동일하다.Subsequently, the account module stores the first identification ID (A_ID), the random value (Ra), and the isomorphic encryption value (HE(Re)) of the random value received from the user terminal (step 108), and The second encryption value E_2 is generated through the same relationship (step 109). The subsequent process is the same as steps 110 to 113 of FIG. 1.
도 1 또는 도 2와 같은 과정이 완료된 후에, 사용자가 온라인에서 소정의 작업을 하는 경우에 그 작업 결과의 무결성을 검증하고 저장하는 방법에 대해서 도 3을 참조하여 설명한다. 온라인상의 작업은 예를 들어 익명성이 보장되어야 하는 전자 투표가 될 수 있다.After the process of FIG. 1 or 2 is completed, a method of verifying and storing the integrity of the work result when the user performs a predetermined work online will be described with reference to FIG. 3. Working online can be, for example, an electronic voting where anonymity must be guaranteed.
도 3의 과정에 앞서서 사용자 단말기(10)와 작업 프로그램 모듈(30)간에는 익명 통신 채널이 개통되어 있다고 가정한다.Prior to the process of FIG. 3, it is assumed that an anonymous communication channel is opened between the user terminal 10 and the work program module 30.
사용자 단말기(10)는 먼저 작업 프로그램 모듈(30)에 작업 프로그램 모듈 ID(V_ID)와, 인증서의 공개키와, 제2 암호화값(E_2)과, 허가값과, 제3 전자서명값(Sign_3)을 전송하여 작업 식별 ID(BallotStamp)의 동형 암호화값(HE(BallotStamp)을 요청한다(단계 300).The user terminal 10 first transmits a work program module ID (V_ID) to the work program module 30, a public key of a certificate, a second encryption value (E_2), a permission value, and a third digital signature value (Sign_3). By transmitting the job identification ID (BallotStamp) to request the homomorphic encryption value (HE (BallotStamp)) (step 300).
작업 프로그램 모듈(30)은, 제2 암호화값(E_2)과 허가값을 검증하고(단계 301), 검증에 성공하면 임시 익명 인증서 ID(TAC_ID)를 생성한다(단계 302).The work program module 30 verifies the second encryption value E_2 and the permission value (step 301), and if the verification is successful, generates a temporary anonymous certificate ID (TAC_ID) (step 302).
작업 프로그램 모듈(30)은, 임시 익명 인증서 ID와, 작업 프로그램 모듈 ID(V_ID)와, 허가값과, TAC의 공개키를 인증기관 서버(40)로 전송하여 임시 익명 인증서를 요청한다(단계 303).The work program module 30 transmits the temporary anonymous certificate ID, the work program module ID (V_ID), the permission value, and the public key of the TAC to the certification authority server 40 to request a temporary anonymous certificate (step 303). ).
인증기관 서버(40)는, 어카운트 모듈의 인증서로 허가값을 검증한다(단계 304).The certification authority server 40 verifies the permission value with the certificate of the account module (step 304).
인증기관 서버(40)는 허가값을 복호화하여, 작업 프로그램 모듈 ID(V_ID)와, 제1 전자서명값(Sign_1)을 획득한다(단계 305).The certification authority server 40 decodes the permission value to obtain a work program module ID (V_ID) and a first digital signature value (Sign_1) (step 305).
인증기관 서버(40)는, 작업 프로그램 모듈 ID(V_ID)를 검증한다(단계 306).The certification authority server 40 verifies the work program module ID (V_ID) (step 306).
작업 프로그램 모듈 ID(V_ID) 검증은, 단계(303)에서 수신한 V_ID와 단계(305)에서 허가값 복호화를 통해 획득한 V_ID를 비교해서 양자가 같은지를 통해서 수행된다.The verification of the work program module ID (V_ID) is performed by comparing the V_ID received in step 303 with the V_ID obtained through decoding the permission value in step 305, and whether they are the same.
작업 프로그램 모듈 ID(V_ID) 검증에 성공하면 인증기관 서버(40)는 인증서를 생성하고(단계 307), 생성된 인증서(TAC)를 작업 프로그램 모듈(40)로 전송한다(단계 308).If verification of the work program module ID (V_ID) is successful, the certification authority server 40 generates a certificate (step 307), and transmits the generated certificate (TAC) to the work program module 40 (step 308).
작업 프로그램 모듈(30)은, 작업 식별 ID(BallotStamp)를 동형 암호화한 값으로 설정되는 제3 암호화값(E_3)을 생성하고, 랜덤값과 제3 암호화값(E_3)을 제1 수식에 의해 연산한 값을 태그값(tag)의 동형 암호화값인 제4 암호화값(E_4)으로 생성한다(단계 309).The job program module 30 generates a third encryption value (E_3) that is set to a value obtained by homomorphic encryption of the job identification ID (BallotStamp), and calculates a random value and a third encryption value (E_3) by a first equation. One value is generated as the fourth encrypted value E_4, which is an isomorphic encrypted value of the tag value (tag) (step 309).
제3 암호화값(E_3)는, 제2 암호화값(E_2)을 포함하는 값에 단방향 함수 연산을 수행하여 산출될 수 있으며, 무작위성을 담보하기 위해 상기 값에 랜덤값 및/또는 랜덤값의 동형 암호화값을 포함할 수 있다. 예를 들어 제3 암호화값은 다음과 같은 관계에 의해서 산출될 수 있다.The third encryption value E_3 may be calculated by performing a one-way function operation on a value including the second encryption value E_2, and isomorphic encryption of a random value and/or a random value to the value to ensure randomness. May contain values. For example, the third encryption value may be calculated by the following relationship.
E_3 = HE(BallotStamp) = Hash[HE(AA_ID), V_ID] = HE[Hash(AA_ID, V_ID)]E_3 = HE(BallotStamp) = Hash[HE(AA_ID), V_ID] = HE[Hash(AA_ID, V_ID)]
제1 수식은 예를 들어, 제1 랜덤값(r1)과 제3 암호화값(E_3)을 곱한 후 제2 랜덤값(r2)을 더하는 수식이 될 수 있다.The first equation may be, for example, an equation that multiplies the first random value r1 and the third encryption value E_3 and then adds the second random value r2.
그러면 다음과 같은 관계가 성립한다.Then the following relationship is established.
r1*E_3+r2 = HE(r1*BallotStamp+r2) = HE(tag) = E_4r1*E_3+r2 = HE(r1*BallotStamp+r2) = HE(tag) = E_4
제1 수식은 XOR 연산이 포함될 수 있다. 그러한 경우 다음과 같은 관계가 성립한다.The first equation may include an XOR operation. In that case, the following relationship is established.
XOR(r1, E_3) = HE(XOR(r1, BallotStamp)XOR(r1, E_3) = HE(XOR(r1, BallotStamp)
작업 프로그램 모듈(30)은, 임시 익명 인증서 ID(TAC_ID)와, 제3 암호화값(E_3)을 생성하는데 사용한 랜덤값을 저장한다(단계 310).The work program module 30 stores a temporary anonymous certificate ID (TAC_ID) and a random value used to generate the third encryption value E_3 (step 310).
작업 프로그램 모듈(30)은, 제3 암호화값(E_3)과, 제4 암호화값(E_4)과, 임시 익명 인증서(TAC)를 사용자 단말기(10)로 전송한다(단계 312).The work program module 30 transmits the third encryption value E_3, the fourth encryption value E_4, and the temporary anonymous certificate TAC to the user terminal 10 (step 312).
사용자 단말기(10)는, 제3 및 제4 암호화값(E_3, E_4)을 복호화하여 작업 식별 ID(BallotStamp)와, 태그값을 획득하여 저장한다(단계 313 및 314).The user terminal 10 decrypts the third and fourth encryption values E_3 and E_4 to obtain and store a job identification ID (BallotStamp) and a tag value (steps 313 and 314).
사용자 단말기(10)는, 작업 식별 ID(BallotStamp)와, 태그값과, 작업 결과(예를 들어 투표 결과)에 대해서 임시 익명 인증서(TAC)의 비밀키를 사용하여 전자서명하여 제4 전자서명값(Sign_4)을 생성한다(단계 315).The user terminal 10 digitally signs a job identification ID (BallotStamp), a tag value, and a job result (for example, a voting result) using a secret key of a temporary anonymous certificate (TAC) to obtain a fourth digital signature value. (Sign_4) is generated (step 315).
사용자 단말기(10)은, 작업 프로그램 모듈 ID(V_ID)와, 작업 식별 ID(BallotStamp)와, 태그값과, 작업 결과와, 제4 전자서명값(Sign_4)과, 임시 익명 인증서 ID(TAC_ID)와, 임시 익명 인증서(TAC)를 작업 프로그램 모듈(30)로 전송한다(단계 316).The user terminal 10 includes a work program module ID (V_ID), a work identification ID (BallotStamp), a tag value, a work result, a fourth digital signature value (Sign_4), a temporary anonymous certificate ID (TAC_ID), and , Transmits a temporary anonymous certificate (TAC) to the work program module 30 (step 316).
작업 프로그램 모듈(30)은, 단계(317)에서 수신한 태그값과, 제4 전자서명값(Sign_4)을 검증하여 성공하면 작업 식별 ID(BallotStamp)와, 태그값과, 작업 결과와, 랜덤값과, 제4 전자서명값(Sign_4)과, 임시 익명 인증서를 저장하고, 그렇지 않으면 작업 결과 저장을 거절한다.The job program module 30 verifies the tag value received in step 317 and the fourth digital signature value (Sign_4), and if successful, a job identification ID (BallotStamp), a tag value, a job result, and a random value. And, the fourth digital signature value (Sign_4) and a temporary anonymous certificate are stored, otherwise, the storage of the work result is rejected.
단계(316)에서 수신한 태그값이 랜덤값과 제3 암호화값(E_3)을 제1 수식에 의해서 연산한 값과 동일하면 검증에 성공한 것으로, 그렇지 않으면 검증에 실패한 것으로 판단한다.If the tag value received in step 316 is the same as the value calculated by the first equation for the random value and the third encryption value E_3, it is determined that the verification has been successful, otherwise it is determined that the verification has failed.
본 발명과 같이 임시 익명 인증서를 사용하여 온라인상의 활동이나 작업 결과의 무결성을 확인하고 저장하게 하면 작업 프로그램 모듈에 위변조된 작업 결과를 저장할 수 없게 된다. 작업 프로그램 모듈(30)이 작업 결과를 위변조하기 위해서는, 어카운트 모듈(20)로부터 허가값과 제3 전자서명값(Sign_3)을 받아야 하기 때문에 작업 프로그램 모듈(30)의 자의적인 위변조가 불가능해지는 효과가 있다.If the integrity of the online activity or work result is verified and stored using a temporary anonymous certificate as in the present invention, it is impossible to store the forged work result in the work program module. In order for the work program module 30 to falsify the work result, it is necessary to receive a permission value and a third digital signature value (Sign_3) from the account module 20, so that the work program module 30 has an effect that it is impossible to forge the work result. have.
이상 첨부 도면을 참고하여 본 발명에 대해서 설명하였지만 본 발명의 권리범위는 후술하는 특허청구범위에 의해 결정되며 전술한 실시예 및/또는 도면에 제한되는 것으로 해석되어서는 아니된다. 그리고 특허청구범위에 기재된 발명의, 당업자에게 자명한 개량, 변경 및 수정도 본 발명의 권리범위에 포함된다는 점이 명백하게 이해되어야 한다.Although the present invention has been described with reference to the accompanying drawings, the scope of the present invention is determined by the claims to be described later and should not be construed as being limited to the above-described embodiments and/or drawings. And it should be clearly understood that the improvements, changes and modifications of the invention described in the claims, which are obvious to those skilled in the art, are included in the scope of the present invention.

Claims (4)

  1. 어카운트 모듈 및 작업 프로그램 모듈이 포함된 블록 체인과, 사용자 단말기와, 인증 기관 서버(CA)를 포함하는 환경에서 사용자의 임시 익명 인증서를 생성하기 위한 사전 처리 방법에 있어서,In the preprocessing method for generating a temporary anonymous certificate of a user in an environment including a block chain including an account module and a work program module, a user terminal, and a certification authority server (CA),
    사용자 단말기가, 공개키 및 비밀키를 생성하는 제1 단계와,A first step of the user terminal generating a public key and a private key,
    사용자 단말기가, 작업 프로그램 모듈의 ID(V_ID)를 상기 비밀키로 전자서명하여 제1 유효성 검증값(Sign_1)을 생성하는 제2 단계와,A second step of generating, by the user terminal, a first validation value (Sign_1) by digitally signing the ID (V_ID) of the work program module with the secret key,
    사용자 단말기가, 작업 프로그램 모듈의 ID와 제1 유효성 검증값을 인증 기관의 공개키(CA Public Key)로 암호화하여 제1 암호화값(E_1)을 생성하는 제3 단계와,A third step of generating, by the user terminal, the first encryption value E_1 by encrypting the ID of the work program module and the first validation value with the CA Public Key of the certification authority;
    사용자 단말기가, 제1 어카운트 ID(A_ID)와, 제1 암호화값(E_1)을 어카운트 모듈로 전송하는 제4 단계와,A fourth step in which the user terminal transmits the first account ID (A_ID) and the first encryption value (E_1) to the account module,
    어카운트 모듈이, 제2 어카운트 ID(AA_ID)를 동형 암호화한 값인 제2 암호화값(E_2)을 생성하는 제5 단계와,A fifth step of generating, by the account module, a second encryption value (E_2), which is a value obtained by homogeneously encrypting the second account ID (AA_ID);
    어카운트 모듈이, 제1 암호화값(E_1)을 전자 서명하여 제2 유효성 검증값(Sign_2)을 생성하는 제6 단계와,A sixth step of generating, by the account module, a second validation value (Sign_2) by electronically signing the first encryption value (E_1),
    어카운트 모듈이, 제1 암호화값(E_1) 및 제2 유효성 검증값(Sign_2)을 포함하는 허가값(permission)을 생성하는 제7 단계와,A seventh step of generating, by the account module, a permission value including a first encryption value E_1 and a second validation value Sign_2, and
    어카운트 모듈이, 제2 암호화값(E_2)과 허가값을 전자 서명하여 제3 유효성 검증값(Sign_3)을 생성하는 제8 단계와,An eighth step of generating, by the account module, a third validation value (Sign_3) by electronically signing the second encryption value (E_2) and the permission value;
    어카운트 모듈이, 제2 암호화값(E_2)과, 허가값과, 제3 유효성 검증값(Sign_3)을 사용자 단말기로 전송하는 제9 단계를 포함하는,The account module comprises a ninth step of transmitting a second encryption value (E_2), a permission value, and a third validation value (Sign_3) to the user terminal,
    임시 익명 인증서 생성을 위한 사전 처리 방법.Pre-processing method for generating temporary anonymous certificates.
  2. 청구항 1에 있어서,The method according to claim 1,
    제2 암호화값은, 제1 신원 확인 ID와, 어카운트 모듈이 생성한 랜덤값과, 사용자 단말기가 생성한 랜덤값을 동형 암호화한 값에 단방향 함수 연산을 수행하여 산출된 값인,The second encryption value is a value calculated by performing a one-way function operation on a homomorphic encryption value of the first identification ID, the random value generated by the account module, and the random value generated by the user terminal,
    임시 익명 인증서 생성을 위한 사전 처리 방법.Pre-processing method for generating temporary anonymous certificates.
  3. 청구항 1 또는 청구항 2 중의 사전 처리 방법이 수행된 후에 사용자 단말기가 수행한 작업 결과를 작업 프로그램 모듈에 저장하는 방법에 있어서,In a method of storing a work result performed by a user terminal in a work program module after the pre-processing method of claim 1 or 2 is performed,
    작업 프로그램 모듈이, 작업 프로그램 모듈의 ID와, 공개키와, 제2 암호화값(E_2)과, 허가값과, 제3 유효성 검증값(Sign_3)을, 사용자 단말기로부터 수신하는 제1-1 단계와,Step 1-1 of the work program module receiving the ID of the work program module, the public key, the second encryption value (E_2), the permission value, and the third validation value (Sign_3) from the user terminal; ,
    작업 프로그램 모듈이, 제2 암호화값(E_2)과, 허가값을 검증하는 제2-1 단계와,The work program module, step 2-1 of verifying the second encryption value (E_2) and the permission value,
    작업 프로그램 모듈이, 임시 익명 인증서의 ID를 생성하는 제3-1 단계와,Step 3-1 of the work program module generating the ID of the temporary anonymous certificate,
    작업 프로그램 모듈이, 임시 익명 인증서의 ID와, 작업 프로그램 모듈 ID와, 허가값과, 공개키를, 인증 기관 서버로 전송하는 제4-1 단계와,Step 4-1, in which the work program module transmits the ID of the temporary anonymous certificate, the work program module ID, the permission value, and the public key to the certification authority server,
    인증 기관 서버가, 어카운트 모듈의 인증서로 허가값을 검증하는 제5-1 단계와,Step 5-1, in which the certification authority server verifies the permission value with the certificate of the account module,
    인증 기관 서버가, 허가값을 복호화하여, 작업 프로그램 모듈의 ID와(V_ID), 제1 유효성 검증값(Sign_1)을 획득하는 제6-1 단계와,Step 6-1 of the certification authority server decrypting the permission value to obtain the ID of the work program module (V_ID) and the first validation value (Sign_1),
    인증 기관 서버가, 임시 익명 인증서를 생성하는 제7-1 단계와,Step 7-1, in which the certification authority server generates a temporary anonymous certificate,
    작업 프로그램 모듈이, 임시 익명 인증서를, 인증 기관 서버로부터 수신하는 제8-1 단계와,Step 8-1 in which the work program module receives the temporary anonymous certificate from the certification authority server,
    작업 프로그램 모듈이, 작업 식별 ID를 동형 암호화한 값인 제3 암호화값(E_3)을 생성하는 제9-1 단계와,Step 9-1, wherein the work program module generates a third encrypted value (E_3), which is a value obtained by homogeneously encrypting the work identification ID;
    작업 프로그램 모듈이, 랜덤값을 제3 암호화값(E_3)과 제1 수식에 의해 연산한 값을, 태그값(tag)을 동형 암호화한 제4 암호화값(E_4)으로 산출하는 제10-1 단계와,Step 10-1, wherein the work program module calculates the random value calculated by the third encryption value E_3 and the first formula as the fourth encryption value E_4 obtained by homomorphic encryption of the tag value. Wow,
    작업 프로그램 모듈이, 제3 암호화값(E_3)과, 제4 암호화값(E_4)과, 임시 익명 인증서를, 사용자 단말기로 전송하는 제11-1 단계와,Step 11-1 of the work program module transmitting a third encryption value (E_3), a fourth encryption value (E_4), and a temporary anonymous certificate to the user terminal;
    사용자 단말기가, 제3 암호화값(E_3)과 제4 암호화값(E_4)을 복호화하여, 작업 식별 ID와, 태그값을 획득하는 제12-1 단계와,Step 12-1 of the user terminal decrypting the third encryption value E_3 and the fourth encryption value E_4 to obtain a job identification ID and a tag value,
    사용자 단말기가, 작업 식별 ID와, 태그값과, 작업 결과를 임시 익명 인증서의 비밀키로 전자서명하여 제4 유효성 검증값(Sign_4)을 생성하는 제13-1 단계와,Step 13-1 in which the user terminal digitally signs a job identification ID, a tag value, and a job result with a secret key of a temporary anonymous certificate to generate a fourth validation value (Sign_4);
    작업 프로그램 모듈이, 작업 프로그램 모듈 ID(V_ID)와, 작업 식별 ID(Ballot Stamp)와, 태그값과, 작업 결과(voting)와, 제4 유효성 검증값(Sign_4)과, 임시 익명 인증서의 ID와, 임시 익명 인증서를, 사용자 단말기로부터 수신하는 제14-1 단계와,The work program module includes a work program module ID (V_ID), a work identification ID (Ballot Stamp), a tag value, a work result (voting), a fourth validation value (Sign_4), and an ID of a temporary anonymous certificate. Step 14-1 of receiving a temporary anonymous certificate from the user terminal,
    작업 프로그램 모듈이, 제4 유효성 검증값(Sign_4)과 태그값을 검증하여 성공하면 작업 결과를 저장하고, 그렇지 않으면 작업 결과를 저장하지 않는 제15-1 단계를 포함하는,The work program module includes step 15-1 of verifying the fourth validation value (Sign_4) and the tag value, and storing the work result if successful, and not storing the work result otherwise,
    작업 결과 저장 방법.How to save work results.
  4. 청구항 3에 있어서,The method of claim 3,
    제3 암호화값은, 제2 암호화값(E_2)과 작업 프로그램 모듈 ID에 대해 단방향 함수 연산을 수행하여 산출한 값인,The third encryption value is a value calculated by performing a one-way function operation on the second encryption value E_2 and the work program module ID,
    작업 결과 저장 방법.How to save work results.
PCT/KR2019/014955 2019-11-06 2019-11-06 Method for generating temporary anonymous certificate WO2021090975A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/KR2019/014955 WO2021090975A1 (en) 2019-11-06 2019-11-06 Method for generating temporary anonymous certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/KR2019/014955 WO2021090975A1 (en) 2019-11-06 2019-11-06 Method for generating temporary anonymous certificate

Publications (1)

Publication Number Publication Date
WO2021090975A1 true WO2021090975A1 (en) 2021-05-14

Family

ID=75849771

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2019/014955 WO2021090975A1 (en) 2019-11-06 2019-11-06 Method for generating temporary anonymous certificate

Country Status (1)

Country Link
WO (1) WO2021090975A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114900313A (en) * 2022-04-18 2022-08-12 中国科学院大学 Anonymous work certificate generation and verification method capable of protecting privacy

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020029926A (en) * 1999-08-16 2002-04-20 보우트히어 인크. Method, article and apparatus for registering registrants, such as voter registrants
KR101045804B1 (en) * 2010-07-05 2011-07-04 한국기초과학지원연구원 Fast verification method for identity-based aggregate signatures and system thereof
KR20120053929A (en) * 2010-11-18 2012-05-29 이혜지 The agent system for digital signature using sign private key with double encryption and method thereof features to store in web storage
KR101833323B1 (en) * 2018-01-12 2018-02-28 한국스마트인증 주식회사 Method for Confirming Statement by Use of Block Chain Which Guarantees Anonymity and Prevents Sybil Attack
KR102056612B1 (en) * 2018-06-12 2019-12-17 한국스마트인증 주식회사 Method for Generating Temporary Anonymous Certificate

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020029926A (en) * 1999-08-16 2002-04-20 보우트히어 인크. Method, article and apparatus for registering registrants, such as voter registrants
KR101045804B1 (en) * 2010-07-05 2011-07-04 한국기초과학지원연구원 Fast verification method for identity-based aggregate signatures and system thereof
KR20120053929A (en) * 2010-11-18 2012-05-29 이혜지 The agent system for digital signature using sign private key with double encryption and method thereof features to store in web storage
KR101833323B1 (en) * 2018-01-12 2018-02-28 한국스마트인증 주식회사 Method for Confirming Statement by Use of Block Chain Which Guarantees Anonymity and Prevents Sybil Attack
KR102056612B1 (en) * 2018-06-12 2019-12-17 한국스마트인증 주식회사 Method for Generating Temporary Anonymous Certificate

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114900313A (en) * 2022-04-18 2022-08-12 中国科学院大学 Anonymous work certificate generation and verification method capable of protecting privacy

Similar Documents

Publication Publication Date Title
US11283797B2 (en) Authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment
WO2018030707A1 (en) Authentication system and method, and user equipment, authentication server, and service server for performing same method
JP5195831B2 (en) Transaction proving device in network environment
WO2019074326A1 (en) Method and apparatus for secure offline payment
JP4067614B2 (en) Transaction proving apparatus and method in network environment
WO2019139200A1 (en) Method for intention expression identification using block chain, by which anonymity can be guaranteed and sybil attack can be prevented
WO2020050390A1 (en) Right holder terminal, user terminal, right holder program, user program, content utilization system, and content utilization method
CN109727044A (en) Brand transaction methods, device, equipment and medium based on block chain
CN109361508A (en) Data transmission method, electronic equipment and computer readable storage medium
WO2020117020A1 (en) Method for generating pki key based on biometric information and device for generating key by using same method
TWI661331B (en) System and method for identity verification and privacy protection in public blockchain
CN109815659A (en) Safety certifying method, device, electronic equipment and storage medium based on WEB project
CN114760071B (en) Zero-knowledge proof based cross-domain digital certificate management method, system and medium
CN109361512A (en) Data transmission method
WO2020032351A1 (en) Method for establishing anonymous digital identity
CN115150071A (en) Identity authentication method, device, equipment and storage medium
WO2023009229A1 (en) End to end verification of an election run over a public network
CN115150072A (en) Cloud network issuing authentication method, equipment, device and storage medium
CN115396087B (en) Identity authentication method, device, equipment and medium based on temporary identity certificate
WO2021090975A1 (en) Method for generating temporary anonymous certificate
CN116975810A (en) Identity verification method, device, electronic equipment and computer readable storage medium
CN109889342A (en) Interface testing method for authenticating, device, electronic equipment and storage medium
Kumar et al. VOTEETH: An E-voting system using blockchain
KR102056612B1 (en) Method for Generating Temporary Anonymous Certificate
WO2019164139A1 (en) Electronic payment system and method and program using biometric authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19951271

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19951271

Country of ref document: EP

Kind code of ref document: A1