WO2022169105A1 - Server using hardware security architecture, electronic device for verifying integrity of data transmitted from server, and verification method using same - Google Patents

Abstract

Disclosed embodiments relate to a data sales terminal which generates data using hardware security architecture, a data purchase terminal which verifies the validity and integrity of data received from a data sales terminal, and a method for controlling these terminals. In the disclosed embodiments, a method by which a server generates partial data from entire data and transmits the partial data to an electronic device, which is a method by which a data sales terminal transmits partial data requested by a data purchase terminal, comprises the steps of: receiving, from the data purchase terminal, request data requesting transmission of the partial data among the entire data; verifying the integrity of the entire data included in the request data, and installing an application in a security area of the data sales terminal by using an installation file of the application obtaining the partial data from the entire data; obtaining the partial data from among the entire data by using the application installed in the security area; generating an electronic signature of the application, which is information proving that the partial data, which is a part of the entire data, has been obtained by the application; and transmitting the partial data and the electronic signature of the application to the data purchase terminal. The step of transmitting the partial data may comprise the steps of: identifying whether the partial data outputted from the security area corresponds to the request data; and filtering the partial data on the basis of a result of the identification.

Description

A server using a hardware security architecture, an electronic device for verifying the integrity of data transmitted from the server, and a verification method using the same

The disclosed embodiments relate to a server that generates data using a hardware security architecture, an electronic device that verifies validity and integrity of data received from the server, and a method for controlling the same.

With the development of telecommunications technology, data exchange and trade are becoming free and easy. There is a problem in that the privacy of the data provider is exposed during data exchange and trading. Zero-knowledge proof is widely used as a cryptographic method to utilize data while solving the problem of privacy exposure.

Zero-knowledge proof is a cryptographic technique that proves that the secret input value corresponding to the relationship between input and output values is known without revealing the secret input value for a predefined operation.

In other words, zero-knowledge proof is a cryptographic method that proves that it has a value without revealing its own information. It consists of a verifier that proves that it has A prover uses a zero-knowledge proof algorithm to create a proof value that proves a given function and the relationship between input and output values. Here, the proof value is a numeric value that satisfies a specific expression. The verifier checks whether the relationship between the function, input, and output is correct by applying the proof value to the zero-knowledge proof verification algorithm. Since the proof value does not contain any information about the secret input, zero-knowledge proof has the advantage that the privacy of the prover is not exposed.

However, the zero-knowledge proof has a heavy proof value, requires a lot of computing resources to verify the proof value, and has a slow operation speed. In particular, since zero-knowledge proof has to check the integrity of data by using a hash value and a proof value for the entire data, there is a problem in that it cannot be utilized when sharing partial data to which the condition check is added.

The disclosed embodiments are intended to provide a method in which partial data of the entire data is shared without exposing privacy.

On the other hand, the technical problems to be achieved by the disclosed embodiments are not limited to the technical problems as described above.

A method for a data selling terminal to transmit requested partial data from a data purchasing terminal, disclosed as a technical means for achieving the above-mentioned technical problem, is to receive request data for requesting to transmit the partial data among all data from the data purchasing terminal. verifying the integrity of the entire data included in the request data and building an application in a secure area of the data sales terminal using an application installation file for obtaining partial data from the entire data; obtaining the partial data from among the entire data by using an application built in a secure area; generating an electronic signature of the application that is information proving that the partial data, which is a part of the entire data, has been obtained by the application; and the Transmitting the partial data and the electronic signature of the application to the data purchase terminal, wherein the transmitting of the partial data includes: identifying whether the partial data output from the secure area corresponds to the request data; It may include filtering the partial data based on the identification result.

Also, the filtering of the partial data may include removing data not included in the request data from the partial data.

Also, the filtering of the partial data may include regenerating the partial data corresponding to the requested data using the application based on the identification result.

In addition, the generating of the partial data may include, by using the application, validating the validity of the entire data, generating the partial data from the verified full data, and electronically of the application for the partial data. generating a signature.

In addition, the step of verifying the validity of the entire data may include using the application to identify whether a hash value for the entire data and a hash value included in the electronic signature of the owner of the entire data are the same, so that the entire data It may include a step of verifying the validity of

In addition, the step of generating the electronic signature of the application includes the partial data through the application, based on the electronic signature of the owner of the entire data and the hash value of the partial data and the private key of the application stored in the secure area. generating an electronic signature of the application for

A data sales terminal that generates partial data from the disclosed whole data as a technical means for achieving the above-described technical problem and transmits it to a data purchase terminal includes a communication interface, a memory for storing one or more instructions, and a processor for executing the instructions and, the processor controls the communication interface to receive request data for requesting to transmit the partial data among the entire data from the data purchasing terminal by executing the instructions, and By using an installation file of an application that verifies integrity and obtains partial data from the entire data, an application is built in the security area of the data sales terminal, and the application built in the security area is used to build the application among the entire data. to obtain partial data, generate an electronic signature of the application, which is information proving that the partial data, which is a part of the entire data, has been obtained by the application, and transmit the partial data and the electronic signature of the application to the data purchasing terminal; Controlling the communication interface, the processor may identify whether the partial data output from the security area corresponds to the request data, and filter the partial data based on the identification result.

Also, the processor may remove data not included in the request data from the partial data.

Also, the processor may regenerate partial data corresponding to the requested data using the application, based on the identification result.

Also, the processor may, by using the application, verify validity of the entire data, generate the partial data from the verified full data, and generate an electronic signature of the application for the partial data.

In addition, the processor may verify the validity of the entire data by identifying whether the hash value for the entire data and the hash value included in the electronic signature of the owner of the entire data are the same using the application. .

In addition, the processor, based on the electronic signature of the owner of the entire data and the hash value of the partial data, and the secret key of the application stored in the secure area, the electronic signature of the application for the partial data through the application can create

A method for a data purchasing terminal to acquire partial data from a data sales terminal, disclosed as a technical means for achieving the above-described technical problem, includes: acquiring information about the partial data that is a part of the entire data; a request for requesting the partial data transmitting data to the data sales terminal; receiving from the data sales terminal the partial data generated by an application built in a secure area of the data sales terminal and an electronic signature of the application for the partial data; identifying the validity of the received partial data by verifying the electronic signature of the application, wherein the requested data is an installation file of the application for verifying the integrity of the entire data and obtaining the partial data from the full data Including, the application may be built in the secure area of the data sales terminal through the installation file.

In addition, the step of identifying the validity of the partial data, based on the electronic signature of the application, identifying that the application built by the installation file transmitted by the data purchase terminal generated the partial data from the entire data may include steps.

In addition, the step of identifying the validity of the partial data may include, based on the public key of the owner of the entire data, verifying the validity of the electronic signature of the owner of the entire data used for the electronic signature of the application, and the verification and identifying the validity of the partial data obtained from the entire data by verifying the validity of the entire data based on the electronic signature of the owner of the full data.

In addition, the step of identifying the validity of the partial data may include identifying the integrity of the partial data by verifying the electronic signature of the application based on a public key of the application and a hash value of the partial data. have.

A data purchasing terminal for acquiring partial data from a data sales terminal among all data disclosed as technical means for achieving the above-described technical problem includes a communication interface, a memory for storing one or more instructions, and a processor for executing the instructions, The processor obtains information about the partial data that is a part of the entire data by executing the instructions, transmits request data requesting the partial data to the data sales terminal, and builds in a secure area of the data sales terminal By controlling the communication interface to receive the partial data generated by the applied application and the electronic signature of the application for the partial data from the data sales terminal, and verifying the electronic signature of the application, the validity of the received partial data and the request data includes an installation file of an application that verifies the integrity of the entire data and obtains partial data from the entire data, wherein the application is a security area of the data sales terminal through the installation file It may be built on

In addition, the processor may identify, based on the electronic signature of the application, that the application built by the installation file transmitted by the data purchase terminal has generated the partial data from the entire data.

In addition, the processor, based on the public key of the owner of the entire data, verifies the validity of the electronic signature of the owner of the entire data used for the electronic signature of the application, and the electronic signature of the owner of the verified entire data Based on , by verifying the validity of the entire data, the validity of the partial data obtained from the entire data may be identified.

Also, the processor may identify the integrity of the partial data by verifying the electronic signature of the application based on the public key of the application and the hash value of the partial data.

As a technical means for achieving the above-described technical problem, a computer-readable recording medium may record a program for executing at least one of the embodiments of the disclosed method in a computer.

As a technical means for achieving the above-described technical problem, the application stored in the recording medium may be for executing at least one function among the disclosed method embodiments.

As a technical means for achieving the above-described technical problem, a computer program product may include a computer-readable storage medium in which a program to be executed by a computer is recorded.

1 is a diagram illustrating a method for transmitting and receiving data between a server and an electronic device, according to an embodiment.

FIG. 2 is a diagram for describing a method in which a server transmits partial data among all data uploaded to a block chain to an electronic device, according to an embodiment.

3 is a flowchart of a method for transmitting and receiving data between a server and an electronic device, according to an embodiment.

4 is a flowchart of a method for a server to build an application based on data received from an electronic device, according to an embodiment.

5 is a flowchart of a method for a server to filter data output from a security area, according to an embodiment.

6 is a flowchart of a method for an electronic device to identify validity of partial data received from a server, according to an exemplary embodiment.

7 is a diagram for explaining a method of using partial data by an electronic device, according to an exemplary embodiment.

8 is a block diagram of a server, according to an embodiment.

9 is a block diagram illustrating a software module of a memory included in a server, according to an embodiment.

10 is a block diagram of an electronic device, according to an embodiment.

11 is a block diagram illustrating a software module of a memory included in an electronic device, according to an exemplary embodiment.

This specification clarifies the scope of the present invention, explains the principles of the present invention, and discloses embodiments so that those of ordinary skill in the art to which the present invention pertains can practice the present invention. The disclosed embodiments may be implemented in various forms. The disclosed embodiments may be implemented alone, or at least two or more embodiments may be implemented in combination.

Like reference numerals refer to like elements throughout. This specification does not describe all elements of the embodiments, and general content in the technical field to which the present invention pertains or content that overlaps between embodiments is omitted. The term 'part' as used herein may be a hardware component such as a processor or circuit, and/or a software component executed by a hardware component such as a processor, According to examples, a plurality of 'units' may be implemented as one element (unit, element), or one 'unit' may include a plurality of elements. Hereinafter, the working principle and embodiments of the present invention will be described with reference to the accompanying drawings.

Some embodiments of the present disclosure may be represented by functional block configurations and various processing steps. Some or all of these functional blocks may be implemented in various numbers of hardware and/or software configurations that perform specific functions. For example, the functional blocks of the present disclosure may be implemented by one or more microprocessors, or may be implemented by circuit configurations for a given function. Also, for example, the functional blocks of the present disclosure may be implemented in various programming or scripting languages. The functional blocks may be implemented as an algorithm running on one or more processors. Also, the present disclosure may employ prior art for electronic configuration, signal processing, and/or data processing, and the like. Terms such as “mechanism”, “element”, “means” and “configuration” may be used broadly and are not limited to mechanical and physical components.

Throughout the specification, when a part is "connected" with another part, this includes not only the case of being "directly connected" but also the case of being "electrically connected" with another element interposed therebetween. . Also, when a part "includes" a certain component, it means that other components may be further included, rather than excluding other components, unless otherwise stated.

In addition, the connecting lines or connecting members between the components shown in the drawings only exemplify functional connections and/or physical or circuit connections. In an actual device, a connection between components may be represented by various functional connections, physical connections, or circuit connections that are replaceable or added.

In addition, terms including an ordinal number such as “first” or “second” used herein may be used to describe various components, but the components should not be limited by the terms. The above terms may be used for the purpose of distinguishing one component from another. For example, although the first data and the second data are described in this specification, they are only used to distinguish different data, and thus should not be limited thereto.

On the other hand, the hardware security architecture used in the disclosed embodiments means a hardware-based (CPU/GPU) encrypted memory security area to prevent forgery/falsification of data by external access. Data, specific functions, or entire applications may be stored in a hardware secure architecture. For example, an application may be built on a hardware security architecture, so that only a result value for a requested operation may be transmitted outside of the hardware security architecture. The hardware security architecture is usually named and used, such as trust zone, secure zone, secure memory, TEE (Trusted Execution Environment), and SGX (Software Guard Extensions). Hereinafter, it will be collectively referred to as a secure zone.

The disclosed embodiments may correspond to an embodiment in which the data selling terminal obtains partial data from the entire data based on the requested data received from the data purchasing terminal, and transmits the obtained partial data to the data purchasing terminal.

Hereinafter, for convenience of description, the data purchasing terminal will be described as the electronic device 10 , and the data selling terminal will be described as the server 20 . The data selling terminal and the data purchasing terminal refer to a computing device capable of transmitting and receiving data to and from other devices through a network, and are not limited to a specific terminal type.

Hereinafter, embodiments will be described in detail with reference to the drawings.

1 is a diagram illustrating a method for transmitting and receiving data between a server and an electronic device, according to an embodiment, and FIG. 2 is a diagram illustrating partial data from among all data uploaded to a block chain by a server to an electronic device, according to an embodiment. It is a diagram explaining a method of transmitting.

1 and 2 , the electronic device 10 may request partial data among all data from the server 20 . The server 20 may obtain partial data in response to a request from the electronic device 10 , and transmit the obtained partial data to the electronic device 10 .

In the disclosed embodiment, the electronic device 10 is a computing device such as a mobile device (eg, a smart phone, a tablet PC, etc.) capable of transmitting and receiving data with another device through a network, and a general-purpose computer (PC, Personal Computer). and a server. Here, other devices may include a mobile device, a computing device such as a general-purpose computer, and the server 20 . In addition, the electronic device 10 includes an Internet of Things (ioT) device, various Internet of Things devices, and a home hub device (eg, a router, an interactive artificial intelligence speaker, etc.) connected to the server 20 . can do.

In the disclosed embodiment, the electronic device 10 includes a computing device such as a mobile device (eg, a smart phone, a tablet PC, etc.), a general-purpose computer (PC, Personal Computer), and a server on which an artificial intelligence model is built. may include

In the disclosed embodiment, the server 20 may include a computing device that transmits and receives data to and from other devices, and stores and manages data. That is, an electronic device that transmits/receives data to/from other devices and stores and manages data may correspond to the server 20 of the disclosed embodiments. Also, the server 20 may include at least one server device that provides a cloud service.

In the disclosed embodiment, the electronic device 10 may be a prover in zero-knowledge proof, and the server 20 may be a verifier in zero-knowledge proof. Accordingly, the computing device serving as a prover in zero-knowledge proof may correspond to the electronic device 10 of the disclosed embodiments, and the computing device serving as a verifier in zero-knowledge proof is the server 20 of the disclosed embodiments. ) may be applicable.

According to an embodiment, the server 20 may acquire, process, and encrypt data and store it. For example, the server 20 collects health data (eg, body information, blood pressure information, pulse rate information, blood information, medical image information, exercise information, etc.) of owners of the plurality of electronic devices from the plurality of electronic devices. can be obtained The server 20 may process the obtained data according to predetermined rules (eg, classification by category, classification by time, noise removal, etc.). The server 20 may encrypt the obtained data and store it in the DB 27 or upload it to the block chain. The server 20 may store metadata used to retrieve data together with the data and a hash value for verifying the integrity of the data in the DB 27 or upload it to the block chain.

Referring to FIG. 2 , the server 20 may upload data to the block chain. Blockchain refers to a ledger management technology that cannot be arbitrarily modified and that anyone can view the results of changes by uploading data to be managed with predetermined contents to a chain-type link-based distributed data storage environment.

According to one embodiment, the server 20 may upload the entire data to the blockchain. In addition, the server 20 may additionally upload data in order to update the data uploaded to the block chain.

According to an embodiment, the server 20 may upload metadata for searching at least a part of all data, a hash value for identifying the integrity of all data, and an electronic signature of the owner of all data to the blockchain.

According to an embodiment, the entire data, the electronic signature of the owner of the entire data, and the owner's public key certificate may be disclosed in the blockchain.

In the disclosed embodiment, the electronic device 10 may request the server 20 to transmit partial data that is a part of the data. According to an embodiment, the electronic device 10 searches for necessary partial data using the metadata of the entire data stored/uploaded by the server 20 , and transmits the searched partial data to the server 20 . you can request For example, the electronic device 10 may request the server 20 to transmit blood test related data having a value greater than or equal to a reference value among health checkup record data.

In the disclosed embodiment, the server 20 may obtain partial data from among all data in response to a request received from the electronic device 10 , and transmit the obtained partial data to the electronic device 10 .

According to an embodiment, in response to a request including a predetermined condition received from the electronic device 10 , the server 20 identifies partial data that satisfies the predetermined condition from among all data, and collects the identified partial data. can be obtained The server 20 may transmit the obtained partial data to the electronic device 10 . For example, in response to the requested data received from the electronic device 10 , the server 20 may identify the test related data having a value greater than or equal to a reference value from among the health checkup record data. The server 20 may acquire test-related data having a value greater than or equal to a reference value and transmit it to the electronic device 10 .

According to an embodiment, the server 20 may identify partial data corresponding to the request of the electronic device 10 from among all data encrypted and stored in the DB 27 , and transmit the identified data to the electronic device 10 . have.

According to an embodiment, the server 20 may obtain partial data at the request of the electronic device 10 among all data uploaded to the block chain, and transmit the obtained data to the electronic device 10 .

According to an embodiment, the server 20 may acquire partial data by using an application installed in the security area 28 . The security area 28 means a hardware-based (CPU/GPU) encrypted memory security area to prevent forgery/falsification of data by external access. In the security area 28, a predetermined operation result value may be stored or an application may be built. The application may verify the integrity of the entire data and obtain partial data from the entire data. The application may verify the validity of the entire data by identifying whether the hash value for the entire data is the same as the hash value included in the electronic signature of the owner of the entire data.

According to an embodiment, the server 20 may install the application in the security area 28 based on information about the application received from the electronic device 10 . For example, the server 20 may install the application in the security area 28 by using the installation file of the application included in the request data received from the electronic device 10 . Only the electronic device 10 can access the application installed in the security area 28 , and external personnel/devices including the administrator of the server 20 are restricted from accessing the application. In addition, access of external personnel/devices including the administrator of the server 20 is restricted to the secret key for signing the application installed in the security area 28 . Accordingly, the electronic device 10 may receive data generated by an application that cannot be forged/altered from the server 20 .

According to an embodiment, the server 20 may transmit partial data to the electronic device 10 . The server 20 may transmit the electronic signature of the application together with the partial data to the electronic device 10 . The server 20 may transmit the electronic signature of the application including the zero-knowledge proof value to the electronic device 10 . The electronic signature of the application means information that the partial data is generated by the application built in the secure area. The zero-knowledge proof value means information indicating that the partial data is a part of the whole data. That is, the electronic signature of the application means information proving that the partial data, which is a part of the entire data, has been obtained by the application.

In the disclosed embodiment, the server 20 may filter data output from the application.

According to an embodiment, the server 20 may filter data output from the application so that only predetermined data is transmitted to the electronic device 10 . For example, the server 20 may transmit only partial data, an electronic signature of an application, and a zero-knowledge proof value as a predetermined data type to the electronic device 10 to the electronic device 10 .

As another example, the server 20 may identify data output from the application. The server 20 may identify whether the data output from the application corresponds to the requested data received from the electronic device 10 . Specifically, the server 20 may identify whether the partial data output from the application is data not included in the request data. The server 20 may filter the partial data by removing data not included in the request data from among the partial data output from the application based on the result of identifying that the data output from the application does not correspond to the request data. The server 20 may transmit the filtered partial data to the electronic device 10 . Alternatively, the server 20 may regenerate the partial data using the application based on the result of identifying that the data output from the application does not correspond to the requested data. The server 20 may transmit the partial data regenerated by the application to the electronic device 10 .

In the disclosed embodiment, the electronic device 10 may identify the validity of the partial data received from the server 20 . The electronic device 10 may utilize partial data whose validity is identified.

According to an embodiment, the electronic device 10 verifies the electronic signature of the application received from the server 20 , so that partial data received from the server 20 is constructed by the installation file transmitted by the electronic device 10 . It can be identified that it was created from the entire data by the applied application.

In addition, the electronic device 10 verifies the validity of the electronic signature of the owner of all data used for the electronic signature of the application based on the public key of the owner of the entire data, and based on the electronic signature of the owner of the verified all data , by verifying the validity of the entire data, it is possible to identify the validity of the partial data obtained from the entire data.

Also, the electronic device 10 may identify the integrity of the partial data by verifying the electronic signature of the application based on the public key of the application and the hash value of the partial data. Specifically, the electronic device 10 may identify the integrity of the partial data by verifying a hash value of the partial data included in the electronic signature of the application.

According to an embodiment, the electronic device 10 may verify that the partial data is a part of the entire data by applying the zero-knowledge proof value included in the electronic signature of the application received from the server 20 to the zero-knowledge proof verification algorithm. can

In the disclosed embodiment, the electronic device 10 may utilize partial data received from the server 20 . For example, the electronic device 10 may apply the partial data to a statistical algorithm. As another example, the electronic device 10 may apply the partial data to the artificial intelligence model 19 as training data.

According to the disclosed embodiment, the electronic device 10 may obtain partial data searched for by adding a condition among all data, and may perform zero-knowledge proof.

3 is a flowchart of a method for transmitting and receiving data between a server and an electronic device, according to an embodiment.

Referring to step S310 , the server 20 may receive request data from the electronic device 10 .

According to an embodiment, the electronic device 10 may search for partial data from all data, and transmit the request data to the server 20 by including information about the partial data. For example, the electronic device 10 may search partial data by adding a predetermined condition among all data based on the metadata provided from the server 20 . The electronic device 10 may transmit information about the partial data obtained as a result of the search to the server 20 . Specifically, the electronic device 10 may transmit, to the server 20 , request data for requesting to transmit the test-related data having a value greater than or equal to the reference value among the health checkup record data. Also, the electronic device 10 may search for partial data among all data uploaded to the block chain and transmit request data including owner information of the searched partial data to the server 20 .

According to an embodiment, the electronic device 10 may transmit request data including information about an application installed in the security area 28 of the server 20 to the server 20 . For example, the electronic device 10 may verify the integrity of the entire data and transmit request data including an installation file of an application for obtaining partial data from the entire data to the server 20 .

Referring to step S330 , the server 20 may identify partial data corresponding to the requested data received from the electronic device 10 . For example, the server 20 may search for partial data to which a predetermined condition is added from among all data, based on the request data. Specifically, the server 20 may identify blood test-related data having a value greater than or equal to a reference value from among the health checkup record data.

According to an embodiment, the server 20 may acquire partial data based on information about partial data included in the request data. For example, the server 20 may identify partial data from the DB 27 based on a search result based on metadata and read out the identified partial data. As another example, the server 20 may acquire the partial data based on owner information (eg, an address on a block chain) of the partial data included in the request data.

According to an embodiment, the server 20 may build an application in the security area 28 based on information about the application included in the request data. The server 20 may verify the validity of the entire data using the application. The server 20 may generate partial data from the validated entire data using an application. The server 20 may generate, together with the partial data, an electronic signature of the application, which is information that the partial data was generated by the application built in the secure area. The server 20 may generate an electronic signature of the application including a zero-knowledge proof value indicating that the partial data is a part of the entire data.

Referring to step S350 , the server 20 may transmit the generated partial data to the electronic device 10 .

According to an embodiment, the server 20 may transmit data output from the application built in the security area 28 to the electronic device 10 . For example, the server 20 may transmit partial data output from the application and the electronic signature of the application. The server 20 may transmit the electronic signature of the application including the zero-knowledge proof value to the electronic device 10 .

According to an embodiment, the server 20 may filter data output from the application. For example, the server 20 may identify whether partial data output from the application corresponds to the request data received from the electronic device 10 . In another example, the server 20 sends only the electronic device 10 and predetermined data (eg, partial data, electronic signature of the application, and zero-knowledge proof value) among data output from the application to the electronic device 10 . can be transmitted

Referring to step S370 , the electronic device 10 may utilize the partial data received from the server 20 . For example, the electronic device 10 may apply the partial data to a statistical algorithm. As another example, the electronic device 10 may apply the partial data to the artificial intelligence model 19 as training data.

4 is a flowchart of a method for a server to build an application based on data received from an electronic device, according to an embodiment.

Referring to step S410 , the server 20 may receive request data from the electronic device 10 . Since step S410 is similar to step S310, overlapping contents are omitted.

Referring to step S430 , the server 20 may identify information about the application included in the request data received from the electronic device 10 .

According to an embodiment, the server 20 may identify information about the distributor of the application included in the request data. For example, the server 20 may identify whether the distributor of the application corresponds to the owner of the electronic device 10 based on the request data. Also, the server 20 may identify whether an access right of the electronic device 10 for the application exists.

According to an embodiment, the server 20 may identify information related to the installation of the application included in the request data. For example, the server 20 may identify the installation file of the application included in the request data. As another example, the server 20 may identify the location address (eg, URL) of the installation file of the application included in the request data.

Referring to step S450 , the server 20 may build the application in the secure area 28 .

According to an embodiment, the server 20 may build the application in the secure area 28 based on the information about the distributor of the application. For example, when the distributor of the application included in the request data is the owner of the electronic device 10 , the server 20 may install the application in the secure area 28 . As another example, the server 20 may install the application in the security area 28 when the electronic device 10 has an access right to the application.

According to an embodiment, the server 20 may build the application in the security area 28 of the server 20 based on information related to the installation of the application. For example, the server 20 may build the application in the secure area 28 by executing an installation file included in the request data. As another example, the server 20 may build the application in the secure area 28 by executing the installation file of the application obtained from the location address of the installation file included in the request data.

Referring to step S470, the server 20 may obtain partial data using an application.

According to an embodiment, the server 20 may verify the validity of all data using an application. For example, an application can verify that all data it has access to is the same as data signed by the owner. Specifically, the server 20 may verify the validity of the entire data by identifying whether the hash value of the entire data is the same as the hash value included in the electronic signature of the owner of the entire data using the application. The electronic signature of the owner may be generated based on the hash value of the entire data and the owner's private key, as shown in Equation (1).

Here, data_signed means all data digitally signed by the owner, Sign_O(data_signed) is the electronic signature of the owner of all data, hash(data_signed) is a hash value for all data, and PrivateKey_O is the owner's private key.

In addition, the server 20 may obtain the owner's public key from the owner's public key certificate by using the application, and verify the owner's electronic signature based on the owner's public key and all data. The server 20 may verify the validity of the entire data by verifying the electronic signature of the owner.

According to an embodiment, the server 20 may generate partial data from all data whose validity has been verified. The server 20 may obtain partial data corresponding to the requested data from the entire data. For example, the server 20 may identify partial data satisfying a predetermined condition included in the request data from the entire data. Specifically, the server 20 may identify the test-related data having a value greater than or equal to the reference value from among the health checkup record data, based on the request data. The server 20 may read out the identified partial data from the DB 27 or download it from the block chain.

According to an embodiment, the server 20 may generate an electronic signature of the application. The electronic signature of the application means information that the partial data is generated by the application built in the secure area. For example, as shown in Equation 2, the server 20 may generate the electronic signature of the application based on the electronic signature of the owner of the entire data and the hash value of the partial data and the private key of the application.

Here, Sign_SW is the electronic signature of the application, data_selected is the partial data, Sign_O(data_signed) is the electronic signature of the owner of the entire data, hash(data_selected) is the hash value for the partial data, and PrivateKey_SW is the private key of the application .

According to an embodiment, the server 20 may be applied to a zero-knowledge proof verification algorithm to generate an electronic signature of an application including a zero-knowledge proof value, which is information indicating that partial data is a part of the entire data.

5 is a flowchart of a method for a server to filter data output from a security area, according to an embodiment.

Referring to step S510 , the server 20 may acquire partial data using an application. Since step S510 is similar to step S470, overlapping contents are omitted.

Referring to step S530, the server 20 may identify data output from the application.

Since data is transmitted/received through a secure channel established between the secure area 28 and the electronic device 10 , it cannot be checked whether data not requested by the electronic device 10 is also transmitted. The server 20 may filter data output from the application built in the security area for privacy protection.

According to an embodiment, the server 20 may identify the type of data output from the application. For example, the server 20 may identify partial data, an electronic signature of the application, and a zero-knowledge proof value among data output from the application. Referring to step S550, the server 20 determines that the data output from the application Whether it corresponds to the request data received from the electronic device 10 may be identified.

According to an embodiment, the server 20 may identify whether the data requested from the electronic device 10 and the data output from the application correspond. For example, the server 20 may identify the partial data requested by the electronic device 10 , the electronic signature of the application, and the zero-knowledge proof value.

According to an embodiment, the server 20 may identify whether partial data output from the application corresponds to the request data received from the electronic device 10 . For example, the server 20 may identify whether data not requested from the electronic device 10 is included in the partial data output from the application.

According to an embodiment, when the data requested from the electronic device 10 and the data output from the application do not match, the server 20 may return to step S510 and regenerate the partial data. Referring to step S570, the server 20 may filter data output from the application.

According to an embodiment, the server 20 may filter the remaining data except for data requested from the electronic device 10 among data output from the application. For example, the server 20 may filter the remaining data except for the partial data requested from the electronic device 10 , the electronic signature of the application, and the zero-knowledge proof value. As another example, the server 20 may remove data not requested from the electronic device 10 included in the partial data output from the application from the partial data. Referring to step S590 , the server 20 may transmit the filtered data to the electronic device 10 . For example, the server 20 may transmit only partial data requested from the electronic device 10 , an electronic signature of an application, and a zero-knowledge proof value to the electronic device 10 . As another example, the server 20 may transmit partial data from which data not requested from the electronic device 10 is removed to the electronic device 10 .

6 is a flowchart of a method for an electronic device to identify validity of partial data received from a server, according to an exemplary embodiment.

Referring to step S610 , the electronic device 10 may receive requested data among data output from the application. For example, the electronic device 10 may receive partial data among data output from the application, and an electronic signature of the application. The electronic device 10 may receive the electronic signature of the application including the zero-knowledge proof value from the server 20 .

Referring to step S630 , the electronic device 10 may identify that the partial data is generated by the application.

According to an embodiment, the electronic device 10 verifies the electronic signature of the application received from the server 20 , so that partial data received from the server 20 is constructed by the installation file transmitted by the electronic device 10 . It can be identified that it was created from the entire data by the applied application. For example, the electronic device 10 may verify the electronic signature of the application received from the server 20 using the electronic signature of the owner for partial data, the entire data, and the public key of the application. The electronic device 10 may verify the validity of the electronic signature of the owner of the entire data used for the electronic signature of the application based on the public key of the owner of the entire data. The electronic device 10 may verify the electronic signature of the application by using the electronic signature of the owner of all validated data.

Referring to step S650 , the electronic device 10 may identify the integrity of the partial data received from the server 20 . The electronic device 10 may identify the integrity of the partial data by verifying the electronic signature of the application based on the public key of the application and the hash value of the partial data.

According to an embodiment, the electronic device 10 may identify the integrity of the partial data by verifying a hash value of the partial data included in the electronic signature of the application. For example, the electronic device 10 may compare a hash value obtained by applying the partial data received from the server 20 to a hash function with a hash value of the partial data obtained from the electronic signature of the application. The electronic device 10 may identify the integrity of the partial data received from the server 20 based on a result of identifying that the hash values are identical to each other. Referring to step S670 , the electronic device 10 may verify that the partial data received from the server 20 is a part of the entire data. The electronic device 10 may verify that the partial data is a part of the entire data by applying the zero-knowledge proof value received from the server 20 to the zero-knowledge proof verification algorithm.

According to an embodiment, the information about the application included in the request data may include information about the zero-knowledge proof algorithm. The server 20 may generate a zero-knowledge proof value based on a zero-knowledge proof algorithm included in the request data using an application built in the secure area 28 . The electronic device 10 may receive, from the server 20 , a zero-knowledge proof value that proves the relationship that partial data is obtained from the entire data. The electronic device 10 may verify that partial data is obtained from the entire data by applying the zero-knowledge proof value to the zero-knowledge proof algorithm.

According to an embodiment, the electronic device 10 may verify the validity of all data. The electronic device 10 may obtain the owner's public key from the owner's public key certificate, and verify the owner's electronic signature based on the owner's public key and all data. Also, the electronic device 10 may verify the electronic signature of the owner based on information about the time when the owner performs the electronic signature. The electronic device 10 may verify the validity of the entire data by verifying the electronic signature of the owner, and may utilize partial data of the entire data.

According to an embodiment, the electronic device 10 may identify the validity of the partial data obtained from the entire data. For example, the electronic device 10 may verify the validity of the electronic signature of the owner of all data used for the electronic signature of the application, based on the public key of the owner of the entire data. The electronic device 10 may identify the validity of the partial data obtained from the entire data by verifying the validity of the entire data based on the electronic signature of the owner of the verified entire data.

7 is a diagram for explaining a method of using partial data by an electronic device, according to an exemplary embodiment.

Referring to FIG. 7 , the electronic device 10 may receive partial data from the server 20 . For example, the electronic device 10 may receive, from the server 20 , blood test related data having a value greater than or equal to a reference value among health checkup record data.

In the disclosed embodiment, the electronic device 10 may utilize partial data received from the server 20 .

According to an embodiment, the electronic device 10 may apply partial data to a statistical algorithm. For example, the electronic device 10 may apply the blood test-related data received from the server 20 or more to a statistical algorithm regarding the degree of inflammation according to the level of white blood cells in the blood.

According to an embodiment, the electronic device 10 may apply the partial data to the artificial intelligence model 19 as learning data. The electronic device 10 applies the partial data obtained from the server 20 as learning data to the artificial intelligence model 19 in order to learn the artificial intelligence model 19 for logically reasoning and predicting by judging the given information. can

Inference prediction is a technology for logically reasoning and predicting information by judging information. Knowledge based reasoning, optimization prediction, preference-based planning, recommendation, etc. include

Meanwhile, functions related to artificial intelligence according to the present disclosure are operated through a processor and a memory. The processor may consist of one or a plurality of processors. In this case, the one or more processors may be a general-purpose processor such as a CPU, an AP, a digital signal processor (DSP), or the like, a graphics-only processor such as a GPU, a VPU (Vision Processing Unit), or an artificial intelligence-only processor such as an NPU. One or a plurality of processors control to process input data according to a predefined operation rule or artificial intelligence model stored in the memory. Alternatively, when one or more processors are AI-only processors, the AI-only processor may be designed with a hardware structure specialized for processing a specific AI model. The processor may perform a preprocessing process of converting data applied to the AI model into a form suitable for application to the AI model.

AI models can be created through learning. Here, being made through learning means that a basic artificial intelligence model is learned using a plurality of learning data by a learning algorithm, so that a predefined action rule or artificial intelligence model set to perform a desired characteristic (or purpose) is created means burden. Such learning may be performed in the device itself on which artificial intelligence according to the present disclosure is performed, or may be performed through a separate server and/or system. Examples of the learning algorithm include, but are not limited to, supervised learning, unsupervised learning, semi-supervised learning, or reinforcement learning.

The artificial intelligence model may be composed of a plurality of neural network layers. Each of the plurality of neural network layers has a plurality of weight values, and a neural network operation is performed through an operation between an operation result of a previous layer and a plurality of weights. The plurality of weights of the plurality of neural network layers may be optimized by the learning result of the artificial intelligence model. For example, a plurality of weights may be updated so that a loss value or a cost value obtained from the artificial intelligence model during the learning process is reduced or minimized. The artificial neural network may include a deep neural network (DNN), for example, a Convolutional Neural Network (CNN), a Deep Neural Network (DNN), a Recurrent Neural Network (RNN), a Restricted Boltzmann Machine (RBM), There may be a Deep Belief Network (DBN), a Bidirectional Recurrent Deep Neural Network (BRDNN), or a Deep Q-Networks, but is not limited to the above-described example.

The disclosed artificial intelligence model may be generated by learning a plurality of text data and image data input as learning data according to a predetermined criterion. The artificial intelligence model may generate result data by performing a learned function in response to input data, and may output the result data. In addition, the disclosed artificial intelligence model may include a plurality of artificial intelligence models trained to perform at least one function.

According to an embodiment, the electronic device 10 may apply partial data as training data to the artificial intelligence model 19 built in the electronic device 10 . In order to update the artificial intelligence model built in the server 20 , the electronic device 10 may transmit the learned parameters of the artificial intelligence model 19 to the server 20 .

According to an embodiment, the electronic device 10 may apply partial data to the artificial intelligence model 19 built in the server 20 as learning data. In order to update the artificial intelligence model built in the electronic device 10 , the electronic device 10 may receive the learned parameters of the artificial intelligence model 19 from the server 20 .

8 is a block diagram of a server, according to an embodiment.

Referring to FIG. 8 , the server 20 according to some embodiments may include a communication unit 25 , a memory 26 , a DB 27 , a security area 28 , and a processor 23 .

The communication unit 25 may include one or more components that allow the server 20 to communicate with the electronic device 10 .

The memory 26 may store at least one instruction and at least one program for processing and control of the processor 23 , and may store data input to or output from the server 20 .

The DB 27 may store data received from the electronic device 10 . The DB 27 may encrypt and store data received from a plurality of electronic devices.

The secure area 28 may store data, specific functions, or entire applications in a hardware secure architecture. The secure area 28 verifies the integrity of the entire data, and an application for obtaining partial data from the entire data can be built.

The processor 23 typically controls the overall operation of the server 20 . For example, the processor 23 may control the DB 27 , the security area 28 , the communication unit 25 , and the like in general by executing programs stored in the memory 26 of the server 20 . The processor 23 may perform the operations of the server 20 described with reference to FIGS. 1 to 7 by executing programs.

For example, the processor 23 may identify the partial data requested by the electronic device 10 by executing an instruction stored in the request data identification module 27a. In addition, the processor 23 may identify information about the application from the request data by executing an instruction stored in the request data identification module 27a. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, the processor 23 may control the server 20 to build an application in the secure area 28 by executing an instruction stored in the application installation module 27b. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, the processor 23 may verify the validity of the entire encrypted data by executing the instruction stored in the full data verification module 27c. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, the processor 23 may acquire partial data corresponding to the requested data from the entire data whose validity has been verified by executing the instruction stored in the partial data obtaining module 27d. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, the processor 23 may generate the electronic signature of the application, which is information that the partial data was generated by the application built in the secure area, by executing the instruction stored in the electronic signature generating module 27e. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, the processor 23 may generate a zero-knowledge proof value, which is information indicating that the partial data is a part of the whole data, by executing the instruction stored in the zero-knowledge proof value generating module 27f. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, the processor 23 may identify whether the data output from the application corresponds to the requested data by executing the instruction stored in the output data identification module 27g of the application. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, the processor 23 may filter data that does not correspond to the requested data among data output from the application by executing the instruction stored in the output data filtering module 27h of the application. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

9 is a block diagram illustrating a software module of a memory included in a server, according to an embodiment.

Referring to FIG. 9 , the memory 26 is a software module for the server 20 to perform the embodiments described above with reference to FIGS. 1 to 7 , and includes a request data identification module 27a and an application installation module 27b. , an application output data identification module 27g and an application output data filtering module 27h. In addition, the application installation module 27b may include a full data verification module 27c, a partial data acquisition module 27d, an electronic signature generation module 27e, and a zero-knowledge proof value generation module 27f.

However, the server 20 may acquire partial data and transmit it to the electronic device 10 by more software modules than the software modules shown in FIG. 20 ) may acquire partial data and transmit it to the electronic device 10 .

For example, by executing the instruction stored in the request data identification module 27a by the processor 23 , the server 20 may identify the partial data requested by the electronic device 10 . In addition, since the processor 23 executes the instructions stored in the request data identification module 27a, the server 20 can identify information about the application from the request data. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, the processor 23 executes the instructions stored in the application installation module 27b, so that the server 20 can build the application in the secure area 28 . The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, by executing the instructions stored in the full data verification module 27c by the processor 23 , the server 20 may verify the validity of the entire encrypted data. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, when the processor 23 executes the instruction stored in the partial data acquisition module 27d, the server 20 may acquire partial data corresponding to the requested data from the validated entire data. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, when the processor 23 executes the instruction stored in the electronic signature generating module 27e, the server 20 generates the electronic signature of the application, which is information that the partial data was generated by the application built in the secure area. can create The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, by executing the instruction stored in the zero-knowledge proof value generating module 27f by the processor 23, the server 20 may generate a zero-knowledge proof value that is information indicating that the partial data is a part of the entire data. have. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, when the processor 23 executes the instructions stored in the application output data identification module 27g, the server 20 may identify whether the data output from the application corresponds to the requested data. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, by executing the instruction stored in the output data filtering module 27h of the application by the processor 23, the server 20 may filter data that does not correspond to the requested data among data output from the application. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

10 is a block diagram of an electronic device, according to an embodiment.

Referring to FIG. 10 , the electronic device 10 may include a user input unit 11 , an output unit 12 , a processor 13 , a communication unit 15 , and a memory 17 . However, not all of the components shown in FIG. 10 are essential components of the electronic device 10 . The electronic device 10 may be implemented by more components than those illustrated in FIG. 10 , or the electronic device 10 may be implemented by fewer components than those illustrated in FIG. 10 .

The user input unit 11 means a means for a user to input data for controlling the electronic device 10 . For example, the user input unit 11 includes a touch screen, a key pad, a dome switch, a touch pad (contact capacitive method, pressure resistance film method, infrared sensing method, Surface ultrasonic conduction method, integral tension measurement method, piezo effect method, etc.), a touch screen, a jog wheel, a jog switch, etc. may be used, but are not limited thereto. The user input unit 11 may receive a user input necessary for the electronic device 10 to perform the embodiments described with reference to FIGS. 1 to 7 .

The output unit 12 outputs information processed by the electronic device 10 . The output unit 12 may output information related to the embodiments described with reference to FIGS. 1 to 7 . Also, the output unit 12 may include a display unit 12-1 that displays a result of performing an operation corresponding to a user's input through the user interface.

The processor 13 generally controls the overall operation of the electronic device 10 . For example, the processor 13 executes at least one instruction stored in the memory 17 , so that the user input unit 11 , the output unit 12 , the communication unit 15 , and the memory 17 perform associative learning. ) can be controlled in general.

For example, the processor 13 may search for partial data satisfying a predetermined condition from among all data by executing an instruction stored in the partial data search module 17a. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, the processor 13 may generate request data for requesting partial data satisfying a predetermined condition by executing an instruction stored in the request data generating module 17b. In addition, the processor 13 may generate request data including information about the application. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, the processor 13 may verify the validity of the partial data received from the server 20 by executing the instruction stored in the partial data verification module 17c. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, the processor 13 may apply the partial data to the statistical algorithm by executing the instructions stored in the partial data utilization module 17d. In addition, the processor 13 may apply the partial data to the artificial intelligence model 19 as training data. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

The processor 13 may be at least one general-purpose processor. In addition, the processor 13 may include at least one processor manufactured to perform the function of the artificial intelligence model. The processor 13 may execute a series of instructions so that the artificial intelligence model learns new training data. The processor 13 may perform the function of the artificial intelligence model described above with reference to FIG. 7 by executing the software module stored in the memory 17 .

The communication unit 15 may include one or more components that allow the electronic device 10 to communicate with another device (not shown) and the server 20 . Another device (not shown) may be a computing device such as the electronic device 10, but is not limited thereto.

The memory 17 may store at least one instruction and at least one program for processing and control of the processor 13 , and may store data input to or output from the electronic device 10 . have.

The memory 17 is a memory that temporarily stores data, such as a random access memory (RAM), a static random access memory (SRAM), a flash memory type, a hard disk type, and a multimedia card. Multimedia card micro type, card type memory (such as SD or XD memory), ROM (Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), PROM (Programmable Read-Memory) Only memory), a magnetic memory, a magnetic disk, and an optical disk may include at least one type of storage medium among data storage for non-temporarily storing data.

11 is a block diagram illustrating a software module of a memory included in an electronic device, according to an exemplary embodiment.

Referring to FIG. 11 , the memory 17 is a software module including instructions for the electronic device 10 to perform the embodiment described above with reference to FIGS. 1 to 7 , and includes a partial data search module 17a. , a request data generation module 17b, a partial data verification module 17c, and a partial data utilization module 17d. However, the electronic device 10 may acquire and utilize partial data by using more software modules than the software modules shown in FIG. 11 , and the electronic device 10 may use fewer software modules than the software modules shown in FIG. Data can be acquired and used.

For example, when the processor 13 executes an instruction stored in the partial data search module 17a, the electronic device 10 may search for partial data satisfying a predetermined condition from among all data. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, when the processor 13 executes an instruction stored in the request data generating module 17b, the electronic device 10 may generate request data for requesting partial data satisfying a predetermined condition. Also, the electronic device 10 may generate request data including information about the application. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, by executing the instruction stored in the partial data verification module 17c by the processor 13 , the electronic device 10 may verify the validity of the partial data received from the server 20 . The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

As another example, when the processor 13 executes the instructions stored in the partial data utilization module 17d, the electronic device 10 may apply the partial data to the statistical algorithm. Also, the electronic device 10 may apply the partial data to the artificial intelligence model 19 as learning data. The content overlapping with the embodiment described above with reference to FIGS. 1 to 7 will be omitted.

Meanwhile, according to the embodiment disclosed with reference to FIGS. 1 to 11 , the electronic device 10 may easily obtain partial data to which a condition is added from all data. In addition, since the server 20 transmits only requested data to the electronic device 10 by filtering data output from the application, privacy may be protected.

The disclosed embodiments can be used for services that trade an individual's body data (eg, height, weight, blood pressure, pulse, etc.). For another example, the disclosed embodiment may be used for a service for transacting personal medical data (eg, medical images, disease details, drug prescription history, medical treatment history, etc.).

Some embodiments may also be implemented in the form of a recording medium containing instructions executable by a computer, such as program modules executed by a computer. Computer-readable media can be any available media that can be accessed by a computer and includes both volatile and nonvolatile media, removable and non-removable media. Also, computer-readable media may include computer storage media. Computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data.

Claims (12)

1. A method for a data selling terminal to transmit partial data requested from a data purchasing terminal, the method comprising:

   receiving request data for requesting to transmit the partial data among all data from the data purchasing terminal;

   verifying the integrity of the entire data included in the request data and building an application in a secure area of the data sales terminal by using an application installation file for obtaining partial data from the entire data;

   obtaining the partial data from among the entire data by using an application built in the secure area;

   generating an electronic signature of an application, which is information proving that the partial data, which is a part of the entire data, has been obtained by the application; and

   Transmitting the partial data and the electronic signature of the application to the data purchasing terminal,

   Transmitting the partial data includes:

   identifying whether the partial data output from the security area corresponds to the request data; and

   Including filtering the partial data based on the identification result,

   Way.
2. According to claim 1,

   The step of filtering the partial data is

   removing data not included in the request data from the partial data;

   Way,
3. According to claim 1,

   The step of filtering the partial data is

   based on the identification result, using the application to regenerate partial data corresponding to the requested data;

   Way.
4. According to claim 1,

   The step of generating the partial data includes:

   using the application to verify the validity of the entire data;

   generating the partial data from the verified entire data; and

   generating an electronic signature of the application for the partial data;

   Way.
5. 5. The method of claim 4,

   The step of verifying the validity of the entire data is,

   Using the application, verifying the validity of the entire data by identifying whether the hash value for the entire data and the hash value included in the electronic signature of the owner of the entire data are the same,

   Way.
6. 5. The method of claim 4,

   The step of generating the electronic signature of the application comprises:

   Based on the electronic signature of the owner of the entire data, the hash value of the partial data, and the secret key of the application stored in the secure area, generating an electronic signature of the application for the partial data through the application ,

   Way.
7. In the data sales terminal for generating partial data from the whole data and transmitting it to the data purchase terminal,

   communication interface;

   a memory that stores one or more instructions;

   a processor executing the instructions;

   The processor by executing the instructions,

   controlling the communication interface to receive request data for requesting to transmit the partial data among the entire data from the data purchasing terminal;

   Verifies the integrity of the entire data included in the request data, and builds an application in the security area of the data sales terminal by using the installation file of the application to obtain partial data from the entire data,

   obtaining the partial data from among the entire data by using an application built in the security area;

   generating an electronic signature of the application, which is information proving that the partial data, which is a part of the entire data, has been obtained by the application;

   controlling the communication interface to transmit the partial data and the electronic signature of the application to the data purchasing terminal;

   The processor is

   Identifies whether the partial data output from the security area corresponds to the request data;

   filtering the partial data based on the identification result,

   data sales terminal.
8. 8. The method of claim 7,

   The processor is

   removing data not included in the request data from the partial data;

   data sales terminal,
9. 8. The method of claim 7,

   The processor is

   regenerating partial data corresponding to the requested data using the application based on the identification result;

   data sales terminal.
10. 8. The method of claim 7,

    The processor is

    using the application to verify the validity of the entire data;

    generating the partial data from the verified full data;

    generating an electronic signature of the application for the partial data;

    data sales terminal.
11. 11. The method of claim 10,

    The processor is

    Verifying the validity of the entire data by using the application to identify whether the hash value for the entire data and the hash value included in the electronic signature of the owner of the entire data are the same,

    data sales terminal.
12. 11. The method of claim 10,

    The processor is

    Based on the electronic signature of the owner of the entire data and the hash value of the partial data and the secret key of the application stored in the secure area, generating an electronic signature of the application for the partial data through the application,

    data sales terminal.

Images