WO2022203445A1 - Dispositif électronique de gestion de données sécurisées par l'intermédiaire d'un réseau décentralisé et procédé de fonctionnement dudit dispositif - Google Patents

Dispositif électronique de gestion de données sécurisées par l'intermédiaire d'un réseau décentralisé et procédé de fonctionnement dudit dispositif Download PDF

Info

Publication number
WO2022203445A1
WO2022203445A1 PCT/KR2022/004215 KR2022004215W WO2022203445A1 WO 2022203445 A1 WO2022203445 A1 WO 2022203445A1 KR 2022004215 W KR2022004215 W KR 2022004215W WO 2022203445 A1 WO2022203445 A1 WO 2022203445A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
electronic device
transaction
processor
encryption key
Prior art date
Application number
PCT/KR2022/004215
Other languages
English (en)
Korean (ko)
Inventor
하승민
장우석
조진수
Original Assignee
삼성전자 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 삼성전자 주식회사 filed Critical 삼성전자 주식회사
Publication of WO2022203445A1 publication Critical patent/WO2022203445A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • Embodiments disclosed in this document relate to an electronic device for managing security data through a decentralized network and an operating method thereof.
  • Blockchain technology is a decentralization of data and information by sharing the ledger by multiple nodes and recording blocks created through the calculation process of nodes on the ledger based on various consensus mechanisms. technology that makes it possible
  • the ledger is updated based on various consensus mechanisms, and since the ledger is shared by multiple nodes, data once written to the ledger cannot be forged or tampered with. Also, since multiple nodes keep the ledger, all transactions recorded on the ledger are open to anyone.
  • a user may use a method of recording the root seed on paper or in an electronic document.
  • the user can encrypt the root seed using the public key of the wallet and store it through an electronic device or a decentralized network.
  • An electronic device includes a communication module, a processor, and a memory for storing instructions, wherein when the instructions are executed by the processor, the electronic device performs a first operation based on first data generating tag information, generating a first encryption key based on second data, encrypting security data using the first encryption key, the encrypted security data, and a first hash value of the first encryption key and generating a transaction including the first tag information, and transmitting the transaction to a blockchain network through the communication module.
  • the method of operating an electronic device includes an operation of generating first tag information based on first data, an operation of generating a first encryption key based on second data, and the first An operation of encrypting security data using an encryption key, an operation of generating a transaction including the encrypted security data, a first hash value of the first encryption key, and the first tag information, and a communication module of the electronic device It may include the operation of transmitting the transaction to the blockchain network through
  • security data may be managed through a decentralized network.
  • FIG. 1 is a block diagram of an electronic device in a network environment, according to various embodiments of the present disclosure.
  • FIG. 2 is a block diagram illustrating an electronic device and a decentralized network according to an embodiment of the present disclosure.
  • 3A, 3B, 3C, 3D, and 3E are diagrams illustrating an operation in which an electronic device generates a transaction including encrypted security data according to an embodiment of the present disclosure.
  • 4A, 4B, 4C, 4D, and 4E are diagrams illustrating an operation of an electronic device decrypting encrypted security data included in a transaction according to an embodiment of the present disclosure.
  • FIG. 5 is a flowchart illustrating an operation in which an electronic device generates a transaction including encrypted security data according to an embodiment of the present disclosure.
  • FIG. 6 is a flowchart illustrating an operation of an electronic device decrypting encrypted security data included in a transaction according to an embodiment of the present disclosure.
  • FIGS. 7A, 7B, 7C, 7D, 7E, and 7F are diagrams illustrating a user interface (UI) displayed when an electronic device generates a transaction according to an embodiment of the present disclosure
  • 8A, 8B, and 8C are diagrams illustrating a UI displayed by an electronic device when decrypting encrypted security data according to an embodiment of the present disclosure
  • FIG. 1 is a block diagram of an electronic device 101 in a network environment 100 according to various embodiments of the present disclosure.
  • an electronic device 101 communicates with an electronic device 102 through a first network 198 (eg, a short-range wireless communication network) or a second network 199 . It may communicate with the electronic device 104 or the server 108 through (eg, a long-distance wireless communication network). According to an embodiment, the electronic device 101 may communicate with the electronic device 104 through the server 108 .
  • a first network 198 eg, a short-range wireless communication network
  • a second network 199 e.g., a second network 199
  • the electronic device 101 may communicate with the electronic device 104 through the server 108 .
  • the electronic device 101 includes a processor 120 , a memory 130 , an input module 150 , a sound output module 155 , a display module 160 , an audio module 170 , and a sensor module ( 176), interface 177, connection terminal 178, haptic module 179, camera module 180, power management module 188, battery 189, communication module 190, subscriber identification module 196 , or an antenna module 197 .
  • at least one of these components eg, the connection terminal 178
  • some of these components are integrated into one component (eg, display module 160 ). can be
  • the processor 120 for example, executes software (eg, a program 140) to execute at least one other component (eg, a hardware or software component) of the electronic device 101 connected to the processor 120. It can control and perform various data processing or operations. According to an embodiment, as at least part of data processing or operation, the processor 120 stores a command or data received from another component (eg, the sensor module 176 or the communication module 190 ) into the volatile memory 132 . may be stored in , process commands or data stored in the volatile memory 132 , and store the result data in the non-volatile memory 134 .
  • software eg, a program 140
  • the processor 120 stores a command or data received from another component (eg, the sensor module 176 or the communication module 190 ) into the volatile memory 132 .
  • the processor 120 stores a command or data received from another component (eg, the sensor module 176 or the communication module 190 ) into the volatile memory 132 .
  • the processor 120 is a main processor 121 (eg, a central processing unit or an application processor) or a secondary processor 123 (eg, a graphic processing unit, a neural network processing unit) a neural processing unit (NPU), an image signal processor, a sensor hub processor, or a communication processor).
  • a main processor 121 eg, a central processing unit or an application processor
  • a secondary processor 123 eg, a graphic processing unit, a neural network processing unit
  • NPU neural processing unit
  • an image signal processor e.g., a sensor hub processor, or a communication processor.
  • the secondary processor 123 may, for example, act on behalf of the main processor 121 while the main processor 121 is in an inactive (eg, sleep) state, or when the main processor 121 is active (eg, executing an application). ), together with the main processor 121, at least one of the components of the electronic device 101 (eg, the display module 160, the sensor module 176, or the communication module 190) It is possible to control at least some of the related functions or states.
  • the auxiliary processor 123 eg, image signal processor or communication processor
  • the auxiliary processor 123 may include a hardware structure specialized for processing an artificial intelligence model.
  • Artificial intelligence models can be created through machine learning. Such learning may be performed, for example, in the electronic device 101 itself on which artificial intelligence is performed, or may be performed through a separate server (eg, the server 108).
  • the learning algorithm may include, for example, supervised learning, unsupervised learning, semi-supervised learning, or reinforcement learning, but in the above example not limited
  • the artificial intelligence model may include a plurality of artificial neural network layers.
  • Artificial neural networks include deep neural networks (DNNs), convolutional neural networks (CNNs), recurrent neural networks (RNNs), restricted boltzmann machines (RBMs), deep belief networks (DBNs), bidirectional recurrent deep neural networks (BRDNNs), It may be one of deep Q-networks or a combination of two or more of the above, but is not limited to the above example.
  • the artificial intelligence model may include, in addition to, or alternatively, a software structure in addition to the hardware structure.
  • the memory 130 may store various data used by at least one component (eg, the processor 120 or the sensor module 176 ) of the electronic device 101 .
  • the data may include, for example, input data or output data for software (eg, the program 140 ) and instructions related thereto.
  • the memory 130 may include a volatile memory 132 or a non-volatile memory 134 .
  • the program 140 may be stored as software in the memory 130 , and may include, for example, an operating system 142 , middleware 144 , or an application 146 .
  • the input module 150 may receive a command or data to be used by a component (eg, the processor 120 ) of the electronic device 101 from the outside (eg, a user) of the electronic device 101 .
  • the input module 150 may include, for example, a microphone, a mouse, a keyboard, a key (eg, a button), or a digital pen (eg, a stylus pen).
  • the sound output module 155 may output a sound signal to the outside of the electronic device 101 .
  • the sound output module 155 may include, for example, a speaker or a receiver.
  • the speaker can be used for general purposes such as multimedia playback or recording playback.
  • the receiver can be used to receive incoming calls. According to an embodiment, the receiver may be implemented separately from or as a part of the speaker.
  • the display module 160 may visually provide information to the outside (eg, a user) of the electronic device 101 .
  • the display module 160 may include, for example, a control circuit for controlling a display, a hologram device, or a projector and a corresponding device.
  • the display module 160 may include a touch sensor configured to sense a touch or a pressure sensor configured to measure the intensity of a force generated by the touch.
  • the audio module 170 may convert a sound into an electric signal or, conversely, convert an electric signal into a sound. According to an embodiment, the audio module 170 acquires a sound through the input module 150 , or an external electronic device (eg, a sound output module 155 ) connected directly or wirelessly with the electronic device 101 .
  • the electronic device 102) eg, a speaker or headphones
  • the electronic device 102 may output a sound.
  • the sensor module 176 detects an operating state (eg, power or temperature) of the electronic device 101 or an external environmental state (eg, a user state), and generates an electrical signal or data value corresponding to the sensed state. can do.
  • the sensor module 176 may include, for example, a gesture sensor, a gyro sensor, a barometric pressure sensor, a magnetic sensor, an acceleration sensor, a grip sensor, a proximity sensor, a color sensor, an IR (infrared) sensor, a biometric sensor, It may include a temperature sensor, a humidity sensor, or an illuminance sensor.
  • the interface 177 may support one or more specified protocols that may be used by the electronic device 101 to directly or wirelessly connect with an external electronic device (eg, the electronic device 102 ).
  • the interface 177 may include, for example, a high definition multimedia interface (HDMI), a universal serial bus (USB) interface, an SD card interface, or an audio interface.
  • the connection terminal 178 may include a connector through which the electronic device 101 can be physically connected to an external electronic device (eg, the electronic device 102 ).
  • the connection terminal 178 may include, for example, an HDMI connector, a USB connector, an SD card connector, or an audio connector (eg, a headphone connector).
  • the haptic module 179 may convert an electrical signal into a mechanical stimulus (eg, vibration or movement) or an electrical stimulus that the user can perceive through tactile or kinesthetic sense.
  • the haptic module 179 may include, for example, a motor, a piezoelectric element, or an electrical stimulation device.
  • the camera module 180 may capture still images and moving images. According to an embodiment, the camera module 180 may include one or more lenses, image sensors, image signal processors, or flashes.
  • the power management module 188 may manage power supplied to the electronic device 101 .
  • the power management module 188 may be implemented as, for example, at least a part of a power management integrated circuit (PMIC).
  • PMIC power management integrated circuit
  • the battery 189 may supply power to at least one component of the electronic device 101 .
  • the battery 189 may include, for example, a non-rechargeable primary cell, a rechargeable secondary cell, or a fuel cell.
  • the communication module 190 is a direct (eg, wired) communication channel or a wireless communication channel between the electronic device 101 and an external electronic device (eg, the electronic device 102, the electronic device 104, or the server 108). It can support establishment and communication performance through the established communication channel.
  • the communication module 190 may include one or more communication processors that operate independently of the processor 120 (eg, an application processor) and support direct (eg, wired) communication or wireless communication.
  • the communication module 190 is a wireless communication module 192 (eg, a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module 194 (eg, : It may include a local area network (LAN) communication module, or a power line communication module).
  • a wireless communication module 192 eg, a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module
  • GNSS global navigation satellite system
  • wired communication module 194 eg, : It may include a local area network (LAN) communication module, or a power line communication module.
  • a corresponding communication module among these communication modules is a first network 198 (eg, a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)) or a second network 199 (eg, legacy It may communicate with the external electronic device 104 through a cellular network, a 5G network, a next-generation communication network, the Internet, or a computer network (eg, a telecommunication network such as a LAN or a WAN).
  • a first network 198 eg, a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)
  • a second network 199 eg, legacy It may communicate with the external electronic device 104 through a cellular network, a 5G network, a next-generation communication network, the Internet, or a computer network (eg, a telecommunication network such as a LAN or a WAN).
  • a telecommunication network
  • the wireless communication module 192 uses subscriber information (eg, International Mobile Subscriber Identifier (IMSI)) stored in the subscriber identification module 196 within a communication network such as the first network 198 or the second network 199 .
  • subscriber information eg, International Mobile Subscriber Identifier (IMSI)
  • IMSI International Mobile Subscriber Identifier
  • the electronic device 101 may be identified or authenticated.
  • the wireless communication module 192 may support a 5G network after a 4G network and a next-generation communication technology, for example, a new radio access technology (NR).
  • NR access technology includes high-speed transmission of high-capacity data (eMBB (enhanced mobile broadband)), minimization of terminal power and access to multiple terminals (mMTC (massive machine type communications)), or high reliability and low latency (URLLC (ultra-reliable and low-latency) -latency communications)).
  • eMBB enhanced mobile broadband
  • mMTC massive machine type communications
  • URLLC ultra-reliable and low-latency
  • the wireless communication module 192 may support a high frequency band (eg, mmWave band) to achieve a high data rate, for example.
  • a high frequency band eg, mmWave band
  • the wireless communication module 192 uses various techniques for securing performance in a high-frequency band, for example, beamforming, massive multiple-input and multiple-output (MIMO), all-dimensional multiplexing. It may support technologies such as full dimensional MIMO (FD-MIMO), an array antenna, analog beam-forming, or a large scale antenna.
  • the wireless communication module 192 may support various requirements defined in the electronic device 101 , an external electronic device (eg, the electronic device 104 ), or a network system (eg, the second network 199 ).
  • the wireless communication module 192 includes a peak data rate (eg, 20 Gbps or more) for realizing eMBB, loss coverage (eg, 164 dB or less) for realizing mMTC, or U-plane latency for realizing URLLC ( Example: Downlink (DL) and uplink (UL) each 0.5 ms or less, or round trip 1 ms or less) can be supported.
  • a peak data rate eg, 20 Gbps or more
  • loss coverage eg, 164 dB or less
  • U-plane latency for realizing URLLC
  • the antenna module 197 may transmit or receive a signal or power to the outside (eg, an external electronic device).
  • the antenna module 197 may include an antenna including a conductor formed on a substrate (eg, a PCB) or a radiator formed of a conductive pattern.
  • the antenna module 197 may include a plurality of antennas (eg, an array antenna). In this case, at least one antenna suitable for a communication method used in a communication network such as the first network 198 or the second network 199 is connected from the plurality of antennas by, for example, the communication module 190 . can be selected. A signal or power may be transmitted or received between the communication module 190 and an external electronic device through the selected at least one antenna.
  • other components eg, a radio frequency integrated circuit (RFIC)
  • RFIC radio frequency integrated circuit
  • the antenna module 197 may form a mmWave antenna module.
  • the mmWave antenna module comprises a printed circuit board, an RFIC disposed on or adjacent to a first side (eg, bottom side) of the printed circuit board and capable of supporting a designated high frequency band (eg, mmWave band); and a plurality of antennas (eg, an array antenna) disposed on or adjacent to a second side (eg, top or side) of the printed circuit board and capable of transmitting or receiving signals of the designated high frequency band. can do.
  • peripheral devices eg, a bus, general purpose input and output (GPIO), serial peripheral interface (SPI), or mobile industry processor interface (MIPI)
  • signal eg commands or data
  • the command or data may be transmitted or received between the electronic device 101 and the external electronic device 104 through the server 108 connected to the second network 199 .
  • Each of the external electronic devices 102 or 104 may be the same as or different from the electronic device 101 .
  • all or part of the operations executed by the electronic device 101 may be executed by one or more external electronic devices 102 , 104 , or 108 .
  • the electronic device 101 may perform the function or service itself instead of executing the function or service itself.
  • one or more external electronic devices may be requested to perform at least a part of the function or the service.
  • One or more external electronic devices that have received the request may execute at least a part of the requested function or service, or an additional function or service related to the request, and transmit a result of the execution to the electronic device 101 .
  • the electronic device 101 may process the result as it is or additionally and provide it as at least a part of a response to the request.
  • cloud computing, distributed computing, mobile edge computing (MEC), or client-server computing technology may be used.
  • the electronic device 101 may provide an ultra-low latency service using, for example, distributed computing or mobile edge computing.
  • the external electronic device 104 may include an Internet of things (IoT) device.
  • the server 108 may be an intelligent server using machine learning and/or neural networks.
  • the external electronic device 104 or the server 108 may be included in the second network 199 .
  • the electronic device 101 may be applied to an intelligent service (eg, smart home, smart city, smart car, or health care) based on 5G communication technology and IoT-related technology.
  • FIG. 2 is a block diagram illustrating the electronic device 101 and the decentralized network 250 according to an embodiment of the present disclosure.
  • the decentralized network 250 may include a plurality of nodes 251 and 253 , a ledger 260 , and a virtual machine 270 .
  • the decentralized network 250 may be a peer-to-peer (P2P) network with a plurality of nodes 251 and 253 .
  • P2P peer-to-peer
  • a plurality of nodes 251 and 253 use a consensus mechanism (eg, proof of stake (PoS), proof of work (PoW)) used in the decentralized network 250. It may be an electronic device capable of performing an operation for In an embodiment, some nodes among all nodes 251 and 253 participating in the decentralized network 250 may not participate in the consensus mechanism.
  • a consensus mechanism eg, proof of stake (PoS), proof of work (PoW)
  • PoS proof of stake
  • PoW proof of work
  • the plurality of nodes 251 and 253 may be electronic devices that are portable by a user.
  • the plurality of nodes 251 and 253 include a portable communication device (eg, a smartphone), a computer device, a notebook computer, a netbook, a laptop, a tablet PC, a portable multimedia device, a portable medical device, or a wearable device. can do.
  • the ledger 260 may have a data structure in which a plurality of blocks are connected to each other.
  • each of the plurality of blocks includes information (eg, a hash value) of the previous block, so that the plurality of blocks may have a data structure connected to each other.
  • each of the multiple blocks may include multiple transactions.
  • the transaction may be a message signed by a specified type of account (eg, an externally owned account (EOA)).
  • EOA externally owned account
  • the transaction includes an attribute value (eg, nonce), processing cost (eg, gasPrice, gasLimit), destination account, remittance amount, payload (or data), signature (eg, elliptic curve digital signature algorithm (ECDSA)) )), or a combination thereof.
  • the ledger 260 may be shared among the nodes 251 and 253 . In an embodiment, some of the nodes 251 and 253 may store only a part of the ledger 260 .
  • the smart contract 261 may include program code executable through the virtual machine 270 .
  • the smart contract 261 may be a type of transaction.
  • the smart contract 261 may be a program that manages encrypted security data and provides a service for identifying a transaction including encrypted security data at the request of the electronic device 101 .
  • the smart contract 261 may be a transaction sent by the service provider 210 to the decentralized network 250 .
  • the virtual machine 270 (eg, an ethereum virtual machine (EVM)) is a state change in the decentralized network 250 (eg, update of the ledger 260), the smart contract 261 .
  • the latest state of virtual machine 270 may be shared by multiple nodes 251 , 253 .
  • the electronic device 101 may correspond to the electronic device 101 of FIG. 1 .
  • the electronic device 201 may operate as a node of the decentralized network 250 .
  • the electronic device 201 may operate as a participant (eg, an externally owned account) of the decentralized network 250 .
  • the electronic device 101 may include a processor 120 , a memory 130 , and a communication module 190 .
  • the processor 120 may correspond to the processor 120 of FIG. 1 .
  • the memory 130 may correspond to the memory 130 of FIG. 1 .
  • the communication module 190 may correspond to the communication module 190 of FIG. 1 .
  • the processor 120 may generate a transaction.
  • the processor 120 may generate a transaction related to secure data (eg, password, root seed, user secret key, public key, or user wallet, or health information of the decentralized network 250 ).
  • the security data may include data requested by the user (eg, address book, photo) to be backed up.
  • the root seed may be a user secret key, a public key, or data from which a user wallet can be derived of the decentralized network 250 .
  • the processor 120 may encrypt the security data and generate a transaction including the encrypted security data. In an embodiment, the processor 120 may encrypt the security data using the encryption key and generate a transaction including the encrypted security data.
  • the encryption key may be a key based on a two-way encryption algorithm capable of encrypting data and decrypting encrypted data. In one embodiment, the encryption key may be a symmetric key. In an embodiment, the encryption key may be a public key or a private key among a pair of keys.
  • the bidirectional encryption algorithm may include data encryption standard (DES), advanced encryption standard (AES), Rivest Shamir Adleman (RSA), elliptic curve digital signature algorithm (ECDSA), or a combination thereof.
  • the encryption key may be derived from reference data.
  • the reference data may include user's biometric information (eg, fingerprint, iris, vein), user's password, a set of keywords designated by the user, or a combination thereof.
  • the reference data may include a photo, a video, a document, or a combination thereof.
  • the processor 120 may use a K-bit bit sequence extracted from reference data as an encryption key. In an embodiment, the processor 120 may use a hash value of a K-bit bit sequence extracted from reference data as an encryption key. For example, when using AES-128, the processor 120 may extract a 128-bit bit sequence from the reference data, and use the extracted 128-bit bit sequence as an encryption key.
  • the processor 120 may use a K-bit bit sequence extracted from reference data as a secret key, and use a public key derived from the private key as an encryption key.
  • the processor 120 may use a hash value of a K-bit bit sequence extracted from reference data as a secret key, and use a public key derived from the private key as an encryption key. For example, when using ECDSA, the processor 120 may extract a 256-bit bit sequence from the reference data, and use the extracted 256-bit bit sequence as an encryption key.
  • the processor 120 may extract a bit sequence based on one piece of reference data.
  • the processor 120 may extract a K-bit bit sequence from one picture.
  • the processor 120 may extract a bit sequence of K bits by dividing M pixels included in one picture into K groups and extracting one bit from each of the K groups.
  • each bit is a value of pixels included in each of the K groups (eg, R (red) value, G (green) value, B (blue) value, luminance value, transparency, or a combination thereof) can correspond to the average of them.
  • each bit may correspond to a value (eg, an R value, a G value, a B value, a luminance value, transparency, or a combination thereof) of a selected pixel among pixels included in each of the K groups.
  • M and K may be natural numbers.
  • the processor 120 may extract a K-bit bit sequence from one image.
  • the processor 120 may extract a bit sequence of K bits by selecting K frames from among a plurality of frames included in one image and extracting one bit from each of the selected K frames. have.
  • each bit may correspond to an average of values (eg, R value, G value, B value, luminance value, transparency, or a combination thereof) of pixels included in each of the K frames.
  • the processor 120 may divide a plurality of frames included in one image into K groups, and extract one bit from each of the K groups.
  • each bit may correspond to an average of values (eg, R value, G value, B value, luminance value, transparency, or a combination thereof) of frames included in each of the K groups.
  • the processor 120 may extract a bit sequence based on two or more reference data.
  • the processor 120 may extract the K-bit bit sequence by determining the number of bits to be extracted from each of the two or more photos and extracting the determined number of bit sequences from each of the two or more photos. For example, the processor 120 may extract an equal number of bit sequences from two or more pictures or may extract a different number of bit sequences.
  • the processor 120 may extract a K-bit bit sequence by determining the number of bits to be extracted from each of the two or more images and extracting the determined number of bit sequences from each of the two or more images. For example, the processor 120 may extract an equal number of bit sequences or a different number of bit sequences from two or more images.
  • the processor 120 may extract a bit sequence based on reference data based on one biological tissue.
  • the processor 120 may extract a K-bit bit sequence using one biological tissue (eg, left thumb, right iris).
  • the processor 120 may extract a bit sequence based on reference data based on two or more biological tissues. For example, the processor 120 may extract a bit sequence of K bits by determining the number of bits to be extracted from each of the two or more biological tissues and extracting the determined number of bit sequences from each of the two or more biological tissues. have.
  • the two or more biological tissues may be the same type of biological tissues (eg, fingerprints of different fingers).
  • the two or more biological tissues may be different types of biological tissues (eg, a fingerprint and an iris of a finger).
  • the processor 120 when the processor 120 extracts a specific bit value from biometric information (eg, fingerprint, iris, vein) or reference data, the processor 120 generates noise (eg, change of biometric information, resolution of a picture).
  • noise eg, change of biometric information, resolution of a picture.
  • An algorithm eg, a fuzzy extractor that can extract a constant K-bit value can be used even if there is a change in , compression of a picture).
  • the processor 120 may generate a transaction including data related to the encryption key. In an embodiment, the processor 120 may generate a transaction including a hash value of the encryption key. In another embodiment, when the encryption key is a public key, the processor 120 may generate a transaction including the encryption key.
  • the processor 120 may generate a transaction including tag information.
  • the tag information may be information for searching for a transaction in the ledger 260 .
  • the processor 120 may generate tag information based on user-specific data. In an embodiment, the processor 120 may generate tag information by concatenating user-specific data. In an embodiment, the processor 120 may generate tag information by hashing user-specific data. In an embodiment, the user-specific data may include the user's name, phone number, birthday, keyword, or a combination thereof. In another embodiment, the processor 120 may identify tag information corresponding to user-specific data from among a plurality of tag information.
  • the processor 120 may generate tag information based on reference data. In an embodiment, the processor 120 may generate tag information based on a bit sequence extracted from reference data. In an embodiment, the reference data used to generate the tag information may be the same as the reference data used to generate the encryption key. In an embodiment, the reference data used to generate the tag information may be different from the reference data used to generate the encryption key.
  • the processor 120 may transmit the generated transaction to the nodes 251 and 253 of the decentralized network 250 through the communication module 190 .
  • the transaction sent to the nodes 251 and 253 of the decentralized network 250 may be recorded in the ledger 260 .
  • the transaction transmitted to the nodes 251 and 253 may include encrypted security data.
  • the transaction transmitted to the nodes 251 and 253 may include an encryption key or a hash value of the encryption key.
  • the transaction transmitted to the nodes 251 and 253 may include tag information.
  • tag information may not be included in the transaction transmitted to the nodes 251 and 253 .
  • the electronic device 101 may use the encryption key or a hash value of the encryption key as tag information of the transaction.
  • the electronic device 101 may use the address of the transaction as tag information.
  • the processor 120 may identify a specified transaction from a plurality of transactions included in the ledger 260 of the decentralized network 250 . In an embodiment, the processor 120 may identify a specified transaction from a plurality of transactions based on the tag information. In an embodiment, the processor 120 may identify a specified transaction from a plurality of transactions based on the encryption key, the hash value of the encryption key, the address of the transaction, or a combination thereof. In another embodiment, the processor 120 may identify a specified transaction in the ledger stored in the memory 130 .
  • the processor 120 may obtain cryptographic security data in a specified transaction. In an embodiment, the processor 120 may obtain a hash value of the encryption key in a specified transaction.
  • the processor 120 may identify reference data. In an embodiment, the processor 120 may derive another encryption key based on the identified reference data. In an embodiment, the processor 120 may generate a hash value of another encryption key. In an embodiment, if the hash value of the other encryption key is the same as the hash value included in the transaction, the processor 120 may decrypt the encrypted security data based on the other encryption key.
  • the processor 120 may obtain the public key in a specified transaction. In an embodiment, the processor 120 may derive a private key and a public key based on the identified reference data. In an embodiment, if the public key of the derived private key is the same as the public key included in the transaction, the processor 120 may decrypt the encrypted security data based on the private key.
  • FIGS. 3A, 3B, 3C, 3D and 3E an operation in which the electronic device 101 generates a transaction including encrypted security data according to an embodiment of the present disclosure will be described with reference to FIGS. 3A, 3B, 3C, 3D and 3E, and FIG.
  • An operation of the electronic device 101 decrypting encrypted security data included in a transaction will be described with reference to FIGS. 4A, 4B, 4C, 4D, and 4E , according to an embodiment of the present disclosure.
  • FIG. 3A is a diagram illustrating an operation in which the electronic device 101 generates a transaction including encrypted security data according to an embodiment of the present disclosure.
  • FIG. 3A may be described with reference to FIG. 2 .
  • the processor 120 may identify the reference data 310 . In an embodiment, the processor 120 may identify the reference data 310 based on a user's input.
  • the processor 120 may derive the encryption key 320 using the reference data 310 . In an embodiment, the processor 120 may extract a specified number of bit sequences from the reference data 310 and use the extracted bit sequence as the encryption key 320 . In an embodiment, the processor 120 may extract a specified number of bit sequences from the reference data 310 , and use a hash value of the extracted bit sequence as the encryption key 320 . In one embodiment, the processor 120 extracts a specified number of bit sequences from the reference data 310 , uses a hash value of the extracted bit sequence as a public key, and uses the private key of the public key as the encryption key 320 . Available.
  • the processor 120 may generate a hash value 330 of the encryption key 320 .
  • the processor 120 may identify the secure data 340 . In an embodiment, the processor 120 may identify the security data 340 based on a user's input. In one embodiment, the security data 340 may include a password, a root seed, a secret key, health information, or a combination thereof. In another embodiment, the security data 340 may include data requested by the user (eg, address book, photo) to be backed up.
  • the processor 120 may encrypt the security data 340 using the encryption key 320 . In an embodiment, the processor 120 may encrypt the security data 340 using a bidirectional encryption algorithm. In an embodiment, the processor 120 may generate the encrypted security data 350 using the encryption key 320 .
  • the processor 120 may generate the transaction 360 including the hash value 330 of the encryption key 320 and the encryption security data 350 .
  • the processor 120 may transmit the transaction 360 to the nodes 251 and 253 of the decentralized network 250 using the communication module 190 .
  • nodes 251 and 253 may write transaction 360 to ledger 260 based on a consensus algorithm.
  • FIG. 3B is a diagram illustrating an operation in which the electronic device 101 generates a transaction including encrypted security data according to an embodiment of the present disclosure.
  • FIG. 3B may be described with reference to FIG. 2 .
  • tag information 370 may be further included in the transaction 360 .
  • the electronic device 101 may identify the tag information 370 based on the reference data 310 .
  • the encryption key 320 and the tag information 370 may be generated from the same reference data 310 . In another embodiment, the encryption key 320 and the tag information 370 may be generated from different reference data 310 .
  • the encryption key 320 and the tag information 370 are generated from the same reference data 310 , the encryption key 320 and the tag information 370 are in different parts of the reference data 310 .
  • the processor 120 may generate the transaction 360 including the hash value 330 of the encryption key 320 , the encryption security data 350 , and the tag information 370 .
  • the processor 120 may transmit the transaction 360 to the nodes 251 and 253 of the decentralized network 250 using the communication module 190 .
  • nodes 251 and 253 may write transaction 360 to ledger 260 based on a consensus algorithm.
  • FIG. 3C is a diagram illustrating an operation in which the electronic device 101 generates a transaction including encrypted security data according to an embodiment of the present disclosure.
  • FIG. 3C may be described with reference to FIG. 2 .
  • tag information 370 may be generated based on user specific data 380 .
  • the processor 120 may generate the tag information 370 based on the user specific data 380 . In an embodiment, the processor 120 may generate the tag information 370 by concatenating the user specific data 380 . In an embodiment, the processor 120 may generate the tag information 370 by hashing the user specific data 380 . In an embodiment, the user-specific data 380 may include the user's name, phone number, birthday, keyword, or a combination thereof. In another embodiment, the processor 120 may identify the tag information 370 corresponding to the user-specific data 380 from among the plurality of tag information.
  • the processor 120 may generate the transaction 360 including the hash value 330 of the encryption key 320 , the encryption security data 350 , and the tag information 370 .
  • the processor 120 may transmit the transaction 360 to the nodes 251 and 253 of the decentralized network 250 using the communication module 190 .
  • nodes 251 and 253 may write transaction 360 to ledger 260 based on a consensus algorithm.
  • FIG. 3D is a diagram illustrating an operation in which the electronic device 101 generates a transaction including encrypted security data according to an embodiment of the present disclosure.
  • FIG. 3D may be described with reference to FIG. 2 .
  • the electronic device 101 may generate a plurality of transactions 361 , 362 , and 363 .
  • the processor 120 may identify N pieces of reference data 311 , 312 , and 313 . In an embodiment, the processor 120 may identify the N pieces of reference data 311 , 312 , and 313 based on a user input. In an embodiment, N may be a natural number of 2 or more.
  • the processor 120 may derive N encryption keys 321 , 322 , 323 using each of the N reference data 311 , 312 , and 313 .
  • the processor 120 may generate hash values 331 , 332 , and 333 of each of the N encryption keys 321 , 322 , and 323 .
  • the processor 120 may identify the secure data 340 . In an embodiment, the processor 120 may identify the security data 340 based on a user's input.
  • the processor 120 may divide the security data 340 into N pieces of partial security data 341 , 342 , and 343 .
  • the processor 120 may encrypt each of the N pieces of partial security data 341 , 342 , and 343 using the N encryption keys 321 , 322 , and 323 . In an embodiment, the processor 120 may encrypt each of the N pieces of partial security data 341 , 342 , and 343 using a bidirectional encryption algorithm. In an embodiment, the processor 120 may generate each of the N encryption security data 351 , 352 , 353 using the N encryption keys 321 , 322 , and 323 .
  • the processor 120 may generate N transactions 361 , 362 , 363 .
  • the processor 120 may generate a first transaction 361 including the first hash value 331 of the first encryption key 321 and the first encryption security data 351 .
  • the processor 120 may generate a second transaction 362 including the second hash value 332 of the second encryption key 322 and the second encryption security data 352 .
  • the processor 120 may generate an N-th transaction 363 including the N-th hash value 333 of the N-th encryption key 323 and the N-th encryption security data 353 .
  • the processor 120 may transmit N transactions 361 , 362 , 363 to the nodes 251 , 253 of the decentralized network 250 using the communication module 190 .
  • the nodes 251 and 253 may record N transactions 361 , 362 , and 363 in the ledger 260 based on a consensus algorithm.
  • FIG. 3E is a diagram illustrating an operation in which the electronic device 101 generates a transaction including encrypted security data according to an embodiment of the present disclosure.
  • FIG. 3E may be described with reference to FIG. 2 .
  • information on a transaction may be included in a next generated transaction.
  • the processor 120 when generating the x-th transaction, may include identification information (eg, txid) of the x-1 th transaction in the x-th transaction.
  • the first transaction may not include identification information of other transactions.
  • the last transaction may include tag information 370 together with identification information of the previous transaction.
  • x may be an integer of 1 or more and N or less.
  • the processor 120 when generating the N-th transaction 363 (ie, the last transaction), the processor 120 generates the N-th transaction identification information (eg, txid) and the tag information 370 . may be included in transaction 363 .
  • the first transaction 361 ie, the first transaction
  • the processor 120 generates a second transaction 362 including identification information (eg, txid) of the first transaction 361, and generates identification information (eg, txid) of the N-1th transaction.
  • An N-th transaction 363 including it may be generated.
  • N encryption keys 321 , 322 , 323 it is illustrated as deriving N encryption keys 321 , 322 , 323 using N reference data 311 , 312 , 313 , but this is only an example.
  • the processor 120 may derive the N encryption keys 321 , 322 , and 323 using one reference data.
  • the processor 120 derives one encryption key by using one reference data, and encrypts the N partial security data (341, 342, 343) using the derived one encryption key.
  • the N transactions 361 , 362 , and 363 may include the same hash value.
  • the processor 120 may further include tag information in each of the N transactions 361 , 362 , and 363 .
  • tag information of each of the N transactions 361 , 362 , and 363 may be obtained from corresponding N reference data 311 , 312 , and 313 .
  • tag information of each of the N transactions 361 , 362 , and 363 may be obtained from one corresponding reference data.
  • tag information of each of the N transactions 361 , 362 , and 363 may be obtained from corresponding N pieces of user-specific data.
  • the tag information of each of the N transactions 361 , 362 , and 363 may be obtained from a corresponding piece of user-specific data.
  • FIG. 4A is a diagram illustrating an operation in which the electronic device 101 decrypts encrypted security data included in a transaction according to an embodiment of the present disclosure.
  • FIG. 4A may be described with reference to FIG. 2 .
  • the processor 120 may identify the transaction 410 . In an embodiment, the processor 120 may identify the transaction 410 from a plurality of transactions included in the ledger 260 of the decentralized network 250 .
  • the processor 120 identifies the reference data 450 based on the user's input, derives the encryption key 440 from the identified reference data 450, and A hash value 430 may be identified. In one embodiment, the processor 120 may identify the transaction 410 including the hash value 420 corresponding to the identified hash value 430 .
  • the processor 120 may identify the cryptographically secure data 460 from the identified transaction 410 .
  • the processor 120 may decrypt the encrypted security data 460 using the encryption key 440 derived from the reference data 450 . In an embodiment, the processor 120 may decrypt the encrypted security data 460 using a two-way encryption algorithm. In an embodiment, the processor 120 may obtain the secure data 470 using the encryption key 440 .
  • FIG. 4B is a diagram illustrating an operation in which the electronic device 101 decrypts encrypted security data included in a transaction according to an embodiment of the present disclosure.
  • FIG. 4B may be described with reference to FIG. 2 .
  • transaction 410 may be identified based on tag information 480 .
  • the electronic device 101 may identify the tag information 480 based on the reference data 450 .
  • the electronic device 101 may identify the transaction 410 from a plurality of transactions included in the ledger 260 of the decentralized network 250 based on the tag information 480 . In an embodiment, the electronic device 101 may identify a transaction 410 including the tag information 480 among a plurality of transactions.
  • the processor 120 may derive the encryption key 440 from the reference data 450 and identify the hash value 430 of the derived encryption key 440 . In an embodiment, the processor 120 may identify whether the hash value 420 included in the transaction 410 corresponds to the identified hash value 430 .
  • the processor 120 identifies the cryptographically secure data 460 from the identified transaction 410 if the hash value 420 included in the transaction 410 corresponds to the identified hash value 430 .
  • the processor 120 may decrypt the encrypted security data 460 using the encryption key 440 derived from the reference data 450 .
  • FIG. 4C is a diagram illustrating an operation in which the electronic device 101 decrypts encrypted security data included in a transaction according to an embodiment of the present disclosure.
  • FIG. 4C may be described with reference to FIG. 2 .
  • tag information 480 may be generated based on user specific data 485 .
  • the processor 120 may generate the tag information 480 based on the user specific data 485 . In an embodiment, the processor 120 may generate the tag information 480 by concatenating the user specific data 485 . In an embodiment, the processor 120 may generate the tag information 480 by hashing the user-specific data 485 . In an embodiment, the user-specific data 485 may include the user's name, phone number, birthday, keyword, or a combination thereof. In another embodiment, the processor 120 may identify the tag information 480 corresponding to the user-specific data 485 from among the plurality of tag information.
  • the electronic device 101 may identify the transaction 410 from a plurality of transactions included in the ledger 260 of the decentralized network 250 based on the tag information 480 .
  • the processor 120 may derive the encryption key 440 from the reference data 450 and identify the hash value 430 of the derived encryption key 440 . In an embodiment, the processor 120 may identify whether the hash value 420 included in the transaction 410 corresponds to the identified hash value 430 .
  • the processor 120 identifies the cryptographically secure data 460 from the identified transaction 410 if the hash value 420 included in the transaction 410 corresponds to the identified hash value 430 .
  • the processor 120 may decrypt the encrypted security data 460 using the encryption key 440 derived from the reference data 450 .
  • FIG. 4D is a diagram illustrating an operation in which the electronic device 101 decrypts encrypted security data included in a transaction according to an embodiment of the present disclosure.
  • FIG. 4D may be described with reference to FIG. 2 .
  • the electronic device 101 may obtain security data 470 from a plurality of transactions 411 , 412 , and 413 .
  • the processor 120 may identify N transactions 411 , 412 , 413 .
  • the processor 120 may identify the N pieces of reference data 451 , 452 , and 453 based on a user input. In an embodiment, the processor 120 may derive N encryption keys 441 , 442 , 443 from each of the identified N reference data 451 , 452 , and 453 . In an embodiment, the processor 120 may identify hash values 431 , 432 , and 433 of each of the derived N encryption keys 441 , 442 , 443 . In one embodiment, the processor 120 performs N transactions 411 , 412 , including N hash values 421 , 422 , 423 corresponding to each of the identified N hash values 431 , 432 , 433 , 413) can be identified.
  • the processor 120 may identify N cryptographic security data 461 , 462 , 463 from the identified N transactions 411 , 412 , 413 .
  • the processor 120 may decrypt the N pieces of encrypted security data 461 , 462 , and 463 using the N encryption keys 441 , 442 , and 443 . In an embodiment, the processor 120 may decrypt the second encrypted security data 461 using the first encryption key 441 . In an embodiment, the processor 120 may decrypt the second encrypted security data 462 using the second encryption key 442 . In an embodiment, the processor 120 may decrypt the N-th encrypted security data 463 using the N-th encryption key 443 .
  • the processor 120 may acquire the security data 470 based on the N pieces of partial security data 471 , 472 , and 473 . In an embodiment, the processor 120 may acquire the security data 470 by concatenating the N pieces of partial security data 471 , 472 , and 473 .
  • FIG. 4E is a diagram illustrating an operation in which the electronic device 101 decrypts encrypted security data included in a transaction according to an embodiment of the present disclosure.
  • FIG. 4E may be described with reference to FIG. 2 .
  • information on a transaction may be included in a next generated transaction.
  • the processor 120 may identify the y-th transaction based on identification information (eg, txid) of the y-th transaction included in the y+1th transaction. In this case, the last transaction may be identified based on the tag information 480 . In an embodiment, y may be an integer of 1 or more and N-1 or less. In an embodiment, the processor 120 may identify the transaction using the smart contract 261 . In one embodiment, the smart contract 261 may be a program that provides a service for identifying a transaction including encrypted security data.
  • the processor 120 may identify the N-th transaction 413 based on the tag information 480 . For example, when identifying the first transaction 411 (ie, the first transaction), the processor 120, the identification information (eg, txid) of the first transaction 411 identified in the second transaction 412 Based on , the first transaction 411 may be identified. For example, the processor 120 identifies the N-1 th transaction using identification information (eg, txid) of the N-1 th transaction included in the N th transaction 413 , and the second transaction 412 . The first transaction 411 may be identified using identification information (eg, txid) of the first transaction 411 included in the .
  • the N number of encryption keys 441 , 442 , and 443 are derived using the N reference data 451 , 452 , and 453 , but this is only an example.
  • the processor 120 may derive the N encryption keys 441 , 442 , and 443 using one piece of reference data.
  • the processor 120 derives one encryption key using one reference data, and decrypts the N encryption security data 481 , 482 , 483 using the derived one encryption key.
  • the same hash value may be included in the N transactions 411 , 412 , and 413 .
  • each of the N transactions 411 , 412 , and 413 may further include tag information.
  • the tag information of each of the N transactions 411 , 412 , and 413 may be obtained from the corresponding N reference data 451 , 452 , and 453 .
  • the tag information of each of the N transactions 411 , 412 , and 413 may be obtained from one corresponding reference data.
  • the tag information of each of the N transactions 411 , 412 , and 413 may be obtained from corresponding N pieces of user-specific data.
  • the tag information of each of the N transactions 411 , 412 , and 413 may be obtained from corresponding one user-specific data.
  • FIG. 5 is a flowchart illustrating an operation in which the electronic device 101 generates a transaction including encrypted security data according to an embodiment of the present disclosure.
  • FIG. 5 may be described with reference to FIGS. 1 and 2 .
  • the service provider 210 may transmit the smart contract 261 to the decentralized network 250 .
  • the service provider 210 may send the smart contract 261 to the nodes 251 , 253 of the decentralized network 250 .
  • the smart contract 261 may be a program that manages encrypted security data and provides a service for identifying a transaction including encrypted security data at the request of the electronic device 101 .
  • the electronic device 101 may acquire user-specific data.
  • the processor 120 may acquire user-specific data based on a user's input.
  • the user-specific data may include the user's name, phone number, birthday, keyword, or a combination thereof.
  • the electronic device 101 may request authentication from the server 108 using the communication module 190 . In an embodiment, the electronic device 101 may request user authentication from the server 108 using user specific data. In an embodiment, in operation 515 , the server 108 may transmit an authentication result to the electronic device 101 . In another embodiment, operations 511 and 515 may be omitted.
  • the electronic device 101 may select security data.
  • the electronic device 101 may select the security data 340 based on a user's input.
  • the security data 340 may include a password, a root seed, a secret key, health information, or a combination thereof.
  • the security data 340 may include data requested by the user (eg, address book, photo) to be backed up.
  • the electronic device 101 may identify an encryption key based on reference data.
  • the reference data may include user's biometric information (eg, fingerprint, iris, vein), user's password, a set of keywords designated by the user, or a combination thereof.
  • the reference data may include a photo, a video, a document, or a combination thereof.
  • the processor 120 may identify a predetermined number of bit sequences extracted from the reference data as the encryption key. In an embodiment, the processor 120 may identify the hash value of the bit sequence extracted from the reference data as the encryption key. In an embodiment, the processor 120 may identify a hash value of a bit sequence extracted from reference data as a public key, and identify a private key of the public key as an encryption key.
  • the electronic device 101 may encrypt security data.
  • the electronic device 101 may encrypt security data using an encryption key.
  • the electronic device 101 may encrypt security data using a two-way encryption algorithm.
  • the electronic device 101 may generate a transaction.
  • the electronic device 101 may generate a transaction including encrypted security data.
  • the electronic device 101 may generate a transaction including encryption security data and a hash value of the encryption key.
  • the electronic device 101 may generate a transaction including encryption security data, a hash value of an encryption key, and tag information.
  • the tag information may be generated based on user specific data.
  • the electronic device 101 may transmit a transaction to the decentralized network 250 using the communication module 190 .
  • the decentralized network 250 may write a transaction to a block of the ledger 260 .
  • the nodes 251 and 253 of the decentralized network 250 may record a transaction in a block of the ledger 260 .
  • 6 is a flowchart illustrating an operation in which the electronic device 101 decrypts encrypted security data included in a transaction according to an embodiment of the present disclosure. 6 may be described with reference to FIGS. 1 and 2 .
  • the electronic device 101 may acquire user specific data.
  • the processor 120 may acquire user-specific data based on a user's input.
  • the user-specific data may include the user's name, phone number, birthday, keyword, or a combination thereof.
  • the electronic device 101 may request authentication from the server 108 using the communication module 190 . In an embodiment, the electronic device 101 may request user authentication from the server 108 using user specific data. In an embodiment, in operation 615 , the server 108 may transmit an authentication result to the electronic device 101 . In another embodiment, operations 611 and 615 may be omitted.
  • the electronic device 101 may request the decentralized network 250 to identify a transaction based on user-specific data.
  • the electronic device 101 may request the decentralized network 250 to identify a transaction including tag information among a plurality of transactions of the ledger 260 .
  • the electronic device 101 may request identification of a transaction using the smart contract 261 .
  • the smart contract 261 may be a program that provides a service for identifying a transaction including encrypted security data.
  • the tag information may be generated based on user specific data.
  • the decentralized network 250 may transmit the identification result to the electronic device 101 .
  • the identification result may include the identified transaction.
  • the identification result may include a hash value and encryption security data included in the identified transaction.
  • the electronic device 101 may identify reference data.
  • the reference data may include user's biometric information (eg, fingerprint, iris, vein), user's password, a set of keywords designated by the user, or a combination thereof.
  • the reference data may include a photo, a video, a document, or a combination thereof.
  • the electronic device 101 may identify whether the reference data-based hash value is the same as the hash value of the transaction.
  • the reference data-based hash value may be a hash value of an encryption key derived from reference data.
  • operation 640 if the reference data-based hash value is the same as the hash value of the transaction, operation 650 may be performed. In an embodiment, in operation 640, if the reference data-based hash value is not the same as the hash value of the transaction, operation 630 may be performed.
  • the electronic device 101 may decrypt encrypted security data included in the transaction based on the reference data. In an embodiment, the electronic device 101 may decrypt encrypted security data included in a transaction based on an encryption key derived from reference data.
  • 7A, 7B, 7C, 7D, 7E, and 7F are diagrams illustrating a user interface (UI) displayed by the electronic device 101 when a transaction is generated, according to an embodiment of the present disclosure.
  • UI user interface
  • 7A, 7B, 7C, 7D, 7E, and 7F may be described with reference to FIGS. 1 and 2 .
  • the electronic device 101 may display the UI 901 on the display module 160 in response to the execution of the application 146 .
  • the application 146 may be an application capable of transmitting and receiving data to and from the decentralized network 250 .
  • the UI 901 may include an item 910 for setting.
  • the electronic device 101 may display a pop-up window 920 on the UI 901 .
  • the pop-up window 920 may include an item 925 related to blockchain key backup and an item related to app settings.
  • the electronic device 101 may display the UI 902 .
  • the UI 902 may include an area 930 for inputting user specific data.
  • the area 930 may include at least one field 931 and 933 for inputting user-specific data and an item 935 for confirming input.
  • the field 931 may be a field for inputting a user's phone number.
  • the field 933 may be a field for inputting the user's date of birth.
  • information input to the one or more fields 931 and 933 may be used for user authentication.
  • information input to the one or more fields 931 and 933 may be utilized to generate tag information.
  • the electronic device 101 may display the UI 903 .
  • the UI 903 may include selectable security data 941 and 943 .
  • the security data 941 , 943 may be mnemonic codes 942 , 944 from which a root seed may be derived.
  • the electronic device 101 may display the UI 904 in response to the user selecting the item 945 for selecting the security data 941 .
  • the UI 904 may notify the user that user authentication is performed.
  • the electronic device 101 in response to the user selecting the item 950 requesting user authentication, the electronic device 101 may perform user authentication.
  • user authentication may be performed using server 108 .
  • server 108 may be a server of a carrier.
  • the electronic device 101 may display the UI 905 .
  • the UI 905 may be a screen that requests the user to select reference data to be used for encrypting the security data 941 .
  • the UI 905 may include items for selecting at least one type of reference data.
  • the UI 905 may be a screen that requests the user to select at least one of a picture, a fingerprint, an iris, and a password.
  • the electronic device 101 in response to the user selecting an item of reference data, the electronic device 101 encrypts the security data 941 , generates a transaction including the encrypted security data, and sends the generated transaction to the decentralized network. 250 .
  • the electronic device 101 may transmit information on the item of reference data selected by the user to the server 108 .
  • 8A, 8B, and 8C are diagrams illustrating a UI displayed by the electronic device 101 when decrypting encrypted security data according to an embodiment of the present disclosure. 8A, 8B, and 8C may be described with reference to FIGS. 1 and 2 .
  • the electronic device 101 may display the UI 1001 on the display module 160 in response to the execution of the application 146 .
  • the application 146 may be an application capable of transmitting and receiving data to and from the decentralized network 250 .
  • the UI 1001 may include an item 1010 requesting recovery of security data.
  • the electronic device 101 may display the UI 1002 .
  • the UI 1002 may include an area 1020 for inputting user specific data.
  • the area 1020 may include at least one field 1021 and 1022 for inputting user-specific data and an item 1025 for confirming input.
  • the field 1021 may be a field for inputting a user's phone number.
  • the field 1022 may be a field for inputting the user's date of birth.
  • information input to the one or more fields 1021 and 1022 may be used for user authentication.
  • information input to the one or more fields 1021 and 1022 may be utilized to generate tag information.
  • the electronic device 101 may perform user authentication.
  • user authentication may be performed using server 108 .
  • server 108 may be a server of a carrier.
  • the server 108 may transmit information on the item of reference data selected by the user to the electronic device 101 .
  • the electronic device 101 may display the UI 1003 .
  • a guide 1030 indicating information on an item of reference data selected by a user and a UI 1035 requesting input of reference data may be displayed on the UI 1003 .
  • the electronic device 101 includes a communication module 190 , a processor 120 , and a memory 130 for storing instructions, and the instructions are executed by the processor 120 .
  • first tag information eg, tag information 370
  • second data eg, reference data
  • first encryption key eg, encryption key 320
  • encrypt the security data 340 using the first encryption key the encrypted security data 350
  • Generates a transaction 360 including a first hash value (eg, hash value 330) of the first encryption key and the first tag information and transmits the transaction 360 through the communication module 190 It may be configured to transmit to a blockchain network (eg, decentralized network 250 ).
  • the electronic device 101 when the instructions are executed by the processor 120 , the electronic device 101 includes the tag information (eg, tag information 480 ) from the blockchain network in the transaction (eg: identify a transaction 410), obtain the encrypted secure data 460 and the first hash value (eg, hash value 420) included in the transaction, and obtain the second data (eg, reference data) (450)), generate a second encryption key (eg, encryption key 440), identify a second hash value (eg, hash value 430) of the second encryption key, and Based on the hash value and the second hash value being the same, it may be configured to decrypt the encrypted security data using the second encryption key.
  • tag information eg, tag information 480
  • the electronic device 101 includes the tag information (eg, tag information 480 ) from the blockchain network in the transaction (eg: identify a transaction 410), obtain the encrypted secure data 460 and the first hash value (eg, hash value 420) included in the transaction, and obtain the second data (eg,
  • the electronic device 101 when the instructions are executed by the processor 120 , the electronic device 101 converts the security data into a first number of partial security data (eg, partial security data 341 , 342 , 343 ). )), encrypting the first number of partial security data into a first number of encrypted partial security data (eg, encrypted security data 351, 352, 353), and a first number of transactions ( Example: generate transactions 361 , 362 , 363 ) and send the first number of transactions to the blockchain network via the communication module 190 , each of the first number of transactions It may include different encrypted partial security data among the first number of encrypted partial security data.
  • a first number of partial security data eg, partial security data 341 , 342 , 343 ).
  • the electronic device 101 when the instructions are executed by the processor 120 , the electronic device 101 uses a first number of first encryption keys (eg, encryption keys 321 , 322 , 323)), and configured to encrypt each of the first number of partial security data into a first number of encrypted partial security data using a different first encryption key among the first number of first encryption keys can be a first number of first encryption keys (eg, encryption keys 321 , 322 , 323)), and configured to encrypt each of the first number of partial security data into a first number of encrypted partial security data using a different first encryption key among the first number of first encryption keys can be
  • a first number of first encryption keys eg, encryption keys 321 , 322 , 323
  • the electronic device 101 when the instructions are executed by the processor 120 , the electronic device 101 applies a different first number of second data (eg, reference data 311 , 312 , 313 ) to each of the second data. and generate the first number of first encryption keys based on the
  • At least one transaction of the first number of transactions may include an address of another one of the first number of transactions.
  • a first transaction among the first number of transactions may include the tag information and the address of the other transaction.
  • the electronic device 101 when the instructions are executed by the processor 120, the electronic device 101 includes the tag information (eg, tag information 480) from the block chain network in the first transaction ( Example: identify an Nth transaction 413), and identify the other transaction based on the address of the other transaction (eg, second transaction 412) included in the first transaction.
  • tag information eg, tag information 480
  • the second data may be obtained by biometric information or a photo of a user of the electronic device.
  • the electronic device 101 when the instructions are executed by the processor 120 , when the second data is a picture, the electronic device 101 divides the pixels of the picture into a second number of sets, and and generate the first encryption key based on bits extracted from each of the second number of sets.
  • the operating method of the electronic device 101 includes generating first tag information (eg, tag information 370 ) based on first data (eg, user specific data 380 ). operation, generating a first encryption key (eg, encryption key 320) based on second data (eg, reference data 310), encrypting security data 340 using the first encryption key generating a transaction 360 including the encrypted secure data 350, a first hash value (eg, hash value 330) of the first encryption key, and the first tag information; and It may include transmitting the transaction to a block chain network (eg, a decentralized network 250 ) through the communication module 190 of the electronic device 101 .
  • a block chain network eg, a decentralized network 250
  • the operation method includes an operation of identifying the transaction (eg, transaction 410) including the tag information (eg, tag information 480) from the blockchain network, An operation of obtaining the encrypted security data 460 and the first hash value (eg, hash value 420), and a second encryption key (eg, reference data 450) based on the second data (eg, reference data 450) : generating an encryption key 440), identifying a second hash value (eg, hash value 430) of the second encryption key, and the first hash value and the second hash value are the same Decrypting the encrypted security data using the second encryption key based on
  • the method includes an operation of dividing the security data into a first number of partial security data (eg, partial security data 341 , 342 , 343 ), the first number of partial security data an operation of encrypting them into a first number of encrypted partial security data (eg, encrypted security data 351 , 352 , 353 ), and a first number of transactions (eg, transactions 361 , 362 , 363 ).
  • a first number of partial security data eg, partial security data 341 , 342 , 343
  • the first number of partial security data an operation of encrypting them into a first number of encrypted partial security data (eg, encrypted security data 351 , 352 , 353 ), and a first number of transactions (eg, transactions 361 , 362 , 363 ).
  • the operation of encrypting the first number of encrypted partial security data includes a first number of first encryption keys (eg, encryption keys 321 , 322 , 323 ) based on the second data. generating, and encrypting each of the first number of partial security data into a first number of encrypted partial security data using a different first encryption key among the first number of first encryption keys can do.
  • first encryption keys eg, encryption keys 321 , 322 , 323
  • it may be configured to generate the first number of first encryption keys based on a different first number of second data (eg, reference data 311 , 312 , 313 ), respectively.
  • At least one transaction of the first number of transactions may include an address of another one of the first number of transactions.
  • a first transaction among the first number of transactions may include the tag information and the address of the other transaction.
  • the operation method includes: identifying the first transaction (eg, N-th transaction 413) including the tag information (eg, tag information 480) from the blockchain network; and and identifying the other transaction based on the address of the other transaction (eg, the second transaction 412 ) included in the first transaction.
  • the second data may be obtained by biometric information or a photo of a user of the electronic device.
  • the generating of the first encryption key includes, when the second data is a picture, dividing pixels of the picture into a second number of sets, and each of the second number of sets and generating the first encryption key based on the bit extracted from .
  • the electronic device may be a device of various types.
  • the electronic device may include, for example, a portable communication device (eg, a smart phone), a computer device, a portable multimedia device, a portable medical device, a camera, a wearable device, or a home appliance device.
  • a portable communication device eg, a smart phone
  • a computer device e.g., a laptop, a desktop, a tablet, or a portable multimedia device
  • portable medical device e.g., a portable medical device
  • camera e.g., a camera
  • a wearable device e.g., a smart watch
  • a home appliance device e.g., a smart bracelet
  • first, second, or first or second may simply be used to distinguish an element from other elements in question, and may refer elements to other aspects (e.g., importance or order) is not limited. It is said that one (eg, first) component is “coupled” or “connected” to another (eg, second) component, with or without the terms “functionally” or “communicatively”. When referenced, it means that one component can be connected to the other component directly (eg by wire), wirelessly, or through a third component.
  • module used in various embodiments of the present document may include a unit implemented in hardware, software, or firmware, for example, and interchangeably with terms such as logic, logic block, component, or circuit.
  • a module may be an integrally formed part or a minimum unit or a part of the part that performs one or more functions.
  • the module may be implemented in the form of an application-specific integrated circuit (ASIC).
  • ASIC application-specific integrated circuit
  • one or more instructions stored in a storage medium may be implemented as software (eg, the program 140) including
  • the processor eg, the processor 120
  • the device eg, the electronic device 101
  • the one or more instructions may include code generated by a compiler or code executable by an interpreter.
  • the device-readable storage medium may be provided in the form of a non-transitory storage medium.
  • 'non-transitory' only means that the storage medium is a tangible device and does not contain a signal (eg, electromagnetic wave), and this term is used in cases where data is semi-permanently stored in the storage medium and It does not distinguish between temporary storage cases.
  • a signal eg, electromagnetic wave
  • the method according to various embodiments disclosed in this document may be provided by being included in a computer program product.
  • Computer program products may be traded between sellers and buyers as commodities.
  • the computer program product is distributed in the form of a device-readable storage medium (eg compact disc read only memory (CD-ROM)), or via an application store (eg Play StoreTM) or on two user devices ( It can be distributed (eg downloaded or uploaded) directly, online between smartphones (eg: smartphones).
  • a portion of the computer program product may be temporarily stored or temporarily created in a machine-readable storage medium such as a memory of a server of a manufacturer, a server of an application store, or a relay server.
  • each component (eg, module or program) of the above-described components may include a singular or a plurality of entities, and some of the plurality of entities may be separately disposed in other components.
  • one or more components or operations among the above-described corresponding components may be omitted, or one or more other components or operations may be added.
  • a plurality of components eg, a module or a program
  • the integrated component may perform one or more functions of each component of the plurality of components identically or similarly to those performed by the corresponding component among the plurality of components prior to the integration. .
  • operations performed by a module, program, or other component are executed sequentially, in parallel, repeatedly, or heuristically, or one or more of the operations are executed in a different order, omitted, or , or one or more other operations may be added.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Est divulgué un dispositif électronique comprenant : un module de communication ; un processeur ; et une mémoire conçue pour stocker des instructions. Lorsqu'elles sont exécutées par le processeur, les instructions permettent au dispositif électronique de : générer des premières informations de balise sur la base de premières données ; générer une première clé de chiffrement sur la base de secondes données ; chiffrer des données sécurisées à l'aide de la première clé de chiffrement ; générer une transaction contenant les données sécurisées chiffrées, une première valeur de hachage de la première clé de chiffrement, ainsi que les premières informations de balise ; et transmettre la transaction à un réseau de chaînes de blocs par l'intermédiaire du module de communication. Divers autres modes de réalisation sont possibles, tels qu'identifiés dans la description.
PCT/KR2022/004215 2021-03-25 2022-03-25 Dispositif électronique de gestion de données sécurisées par l'intermédiaire d'un réseau décentralisé et procédé de fonctionnement dudit dispositif WO2022203445A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2021-0038762 2021-03-25
KR1020210038762A KR20220133533A (ko) 2021-03-25 2021-03-25 보안 데이터를 탈중앙화 네트워크를 통해 관리하는 전자 장치 및 이의 동작 방법

Publications (1)

Publication Number Publication Date
WO2022203445A1 true WO2022203445A1 (fr) 2022-09-29

Family

ID=83397796

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2022/004215 WO2022203445A1 (fr) 2021-03-25 2022-03-25 Dispositif électronique de gestion de données sécurisées par l'intermédiaire d'un réseau décentralisé et procédé de fonctionnement dudit dispositif

Country Status (2)

Country Link
KR (1) KR20220133533A (fr)
WO (1) WO2022203445A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20200092368A (ko) * 2017-11-27 2020-08-03 노크 노크 랩스, 인코포레이티드 트랜잭션 확인 및 암호화폐를 위한 보안 키 저장소의 확장
US20200252203A1 (en) * 2015-09-11 2020-08-06 Aware, Inc. Biometric verification of a blockchain database transaction contributor
KR20210003066A (ko) * 2018-12-07 2021-01-11 주식회사 코인플러그 생체 정보 기반의 pki 키 생성 방법 및 이를 이용한 키 생성 장치
KR20210009791A (ko) * 2019-07-18 2021-01-27 삼성전자주식회사 블록 체인을 이용한 전자 인증 장치 및 그 방법

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200252203A1 (en) * 2015-09-11 2020-08-06 Aware, Inc. Biometric verification of a blockchain database transaction contributor
KR20200092368A (ko) * 2017-11-27 2020-08-03 노크 노크 랩스, 인코포레이티드 트랜잭션 확인 및 암호화폐를 위한 보안 키 저장소의 확장
KR20210003066A (ko) * 2018-12-07 2021-01-11 주식회사 코인플러그 생체 정보 기반의 pki 키 생성 방법 및 이를 이용한 키 생성 장치
KR20210009791A (ko) * 2019-07-18 2021-01-27 삼성전자주식회사 블록 체인을 이용한 전자 인증 장치 및 그 방법

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LEE, SEONG-WHAN ; LI, STAN Z: "SAT 2015 18th International Conference, Austin, TX, USA, September 24-27, 2015", vol. 10701 Chap.55, 8 December 2017, SPRINGER , Berlin, Heidelberg , ISBN: 3540745491, article KAGA YOSUKE; FUJIO MASAKAZU; NAGANUMA KEN; TAKAHASHI KENTA; MURAKAMI TAKAO; OHKI TETSUSHI; NISHIGAKI MASAKATSU: "A Secure and Practical Signature Scheme for Blockchain Based on Biometrics", pages: 877 - 891, XP047456337, 032548, DOI: 10.1007/978-3-319-72359-4_55 *

Also Published As

Publication number Publication date
KR20220133533A (ko) 2022-10-05

Similar Documents

Publication Publication Date Title
WO2021071157A1 (fr) Dispositif électronique et procédé de gestion d'adresse de chaîne de blocs au moyen dudit dispositif
WO2021075867A1 (fr) Procédé de stockage et de récupération de clés pour système basé sur des chaînes de blocs et dispositif associé
WO2021025482A1 (fr) Dispositif électronique et procédé pour générer un certificat d'attestation sur la base d'une clé fusionnée
WO2021040325A1 (fr) Dispositif électronique indiquant des informations de compte de chaîne de blocs et son procédé de fonctionnement
WO2022060149A1 (fr) Dispositif électronique de gestion de droit à l'aide d'un réseau décentralisé et son procédé de fonctionnement
WO2021015568A1 (fr) Dispositif électronique et procédé de protection d'informations personnelles à l'aide d'un commutateur sécurisé
WO2020231177A1 (fr) Dispositif électronique et procédé de réception d'un message de poussée mémorisé dans une chaîne de blocs
WO2021241849A1 (fr) Dispositif électronique pour la réalisation d'un service informatique périphérique et procédé de fonctionnement de dispositif électronique
WO2022114857A1 (fr) Dispositif électronique qui partage des données en utilisant un réseau de chaîne de blocs, et son procédé de fonctionnement
EP4070259A1 (fr) Dispositif électronique pour fournir des informations de transaction et procédé de fonctionnement associé
WO2023085588A1 (fr) Dispositif électronique et procédé de commande de véhicule sur la base d'une authentification de conducteur
WO2023038466A1 (fr) Dispositif électronique pour générer une transaction dans un réseau à chaîne de blocs, et son procédé de fonctionnement
WO2022203445A1 (fr) Dispositif électronique de gestion de données sécurisées par l'intermédiaire d'un réseau décentralisé et procédé de fonctionnement dudit dispositif
WO2019107946A1 (fr) Dispositif électronique et procédé de traitement de paiement à distance
WO2022182102A1 (fr) Procédé de mise en œuvre d'une authentification d'utilisateur et dispositif de mise en œuvre associé
WO2020222418A1 (fr) Procédé d'authentification d'utilisateur et dispositif électronique complémentaire
WO2023063694A1 (fr) Dispositif électronique comprenant un registre partiel dans un réseau de chaînes de blocs, et son procédé de fonctionnement
WO2022098015A1 (fr) Dispositif électronique pour générer une transaction comprenant des données internes et procédé de fonctionnement associé
WO2023096181A1 (fr) Dispositif électronique ayant un registre partiel dans un réseau de chaînes de blocs, et son procédé de fonctionnement
WO2024167374A1 (fr) Dispositif électronique de communication sans fil et son procédé de fonctionnement
WO2022139219A1 (fr) Procédé de fourniture d'objet chiffré et dispositif électronique prenant en charge ledit procédé
WO2024091022A1 (fr) Procédé de connexion de dispositifs à l'aide d'informations biométriques et dispositif électronique associé
WO2023195620A1 (fr) Procédé de fonctionnement de dispositifs électroniques pour l'initialisation de mot de passe de bios et dispositifs électroniques similaires
WO2023106594A1 (fr) Dispositif électronique comprenant une pluralité d'environnements d'exécution et son procédé de fonctionnement
WO2023068609A1 (fr) Dispositif électronique pour transmettre une transaction à l'aide d'un dispositif externe et son procédé de fonctionnement

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22776145

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22776145

Country of ref document: EP

Kind code of ref document: A1