WO2023136393A1 - Self-sovereign identity-based authentication service management system - Google Patents

Self-sovereign identity-based authentication service management system Download PDF

Info

Publication number
WO2023136393A1
WO2023136393A1 PCT/KR2022/002255 KR2022002255W WO2023136393A1 WO 2023136393 A1 WO2023136393 A1 WO 2023136393A1 KR 2022002255 W KR2022002255 W KR 2022002255W WO 2023136393 A1 WO2023136393 A1 WO 2023136393A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication service
self
identity
service management
authentication
Prior art date
Application number
PCT/KR2022/002255
Other languages
French (fr)
Korean (ko)
Inventor
이형호
Original Assignee
(주)가민정보시스템
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)가민정보시스템 filed Critical (주)가민정보시스템
Publication of WO2023136393A1 publication Critical patent/WO2023136393A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present invention relates to authentication service management technology, and more particularly, to process identity verification without accessing a decentralized identity (DID) network based on Self-sovereign Identity (SSI). It is about a self-sovereign identity-based authentication service management system.
  • DID decentralized identity
  • SSI Self-sovereign Identity
  • the issuer checks and issues the authentication information requested by the user, registers it in the blockchain network, and searches and verifies the authentication information submitted and requested by the user in the registered blockchain network. process will go through.
  • the present invention provides a secure authentication service management system that provides decentralization and security based on Self-sovereign Identity (SSI), but can conveniently verify identity without access to a blockchain.
  • SSI Self-sovereign Identity
  • the present invention provides a self-sovereign identity-based authentication service management system that can increase the processing speed of decentralized identity verification inquiry and verification by recommending an optimal search algorithm.
  • a self-sovereign identity-based authentication service management system is provided.
  • an Omit platform that provides authentication services to users, an electronic ID management unit that manages authentication services according to user requests, an authentication service provider that stores and manages simple authentication information, and a blockchain-based It may include a centralized identity verification network.
  • a self-sovereign identity-based authentication service management method and a computer program executing the same are provided.
  • It may include receiving a user's request through the ORMIT platform according to an embodiment of the present invention, executing the request, and transmitting a result of the request to the ORMIT platform and delivering it to the user.
  • SSI Self-sovereign Identity
  • FIGS. 1 and 2 are diagrams for briefly explaining a self-sovereign identity-based authentication service management system according to an embodiment of the present invention.
  • 3 to 7 are flowcharts for explaining a self-sovereign identity-based authentication service management method according to an embodiment of the present invention.
  • FIGS. 1 and 2 are diagrams for briefly explaining a self-sovereign identity-based authentication service management system according to an embodiment of the present invention.
  • the self-sovereign identity-based authentication service management system 10 includes an Omit platform 100, an electronic ID management unit 200, an authentication service provider 300, an algorithm recommendation unit 400, and a A centralized identity authentication network 500 may be included.
  • the Omit platform (100, OMIC Flatform) may provide authentication services to authenticated users.
  • the Omit platform 100 is a user platform provided to users so that they can request authentication services through computers, tablets, laptops, mobile phones, and the like.
  • the user may request authentication services such as authentication information inquiry, registration, and revocation through the Omit platform 100.
  • the electronic ID management unit 200 may manage an authentication service according to a user's request through the Omit platform 100 .
  • the electronic ID management unit 200 can manage any authentication service among inquiry, registration, cancellation, and verification of user authentication information through the authentication service provider 300 and the decentralized identity certification network 500 of the blockchain. .
  • the authentication service providing unit 300 may provide authentication service using stored simple authentication information without accessing the decentralized identification network 500 and searching for authentication information.
  • the authentication service provider 300 may store and manage simple authentication information among authentication information registered in the decentralized identification network 500 to provide authentication services.
  • the simple authentication information stored in the authentication service provider 300 includes a proof type and a proof code. Any one or more of issue date, issue time, and discard information may be included.
  • the decentralized identification network 500 having corresponding authentication information can be quickly found by using simple authentication information included in the authentication service provider 300 without going through the decentralized identification network 500 .
  • the algorithm recommendation unit 400 recommends an optimal search algorithm using a content-based algorithm of content-based artificial intelligence based on simple authentication information such as proof code, issue date, and issue time managed by the authentication service provider 300.
  • the algorithm recommendation unit 400 may recommend an artificial intelligence (AI) algorithm that searches for the shortest path.
  • AI artificial intelligence
  • the decentralized identity verification network 500 allows individuals to manage and utilize their identities with sovereignty using minimum reliable information and methods. Decentralized identity verification can be performed based on a blockchain that is difficult to falsify or falsify information.
  • 3 to 7 are flowcharts for explaining a self-sovereign identity-based authentication service management method according to an embodiment of the present invention.
  • the self-sovereign identity-based authentication service management system 10 may receive a user's request through the ORMIT platform 100.
  • step S320 the self-sovereign identity-based authentication service management system 10 may perform the authentication service according to the user's request.
  • step S330 the self-sovereign identity-based authentication service management system 10 may transmit the execution result according to the request to the ORMIT platform and deliver it to the user.
  • FIGS. 4 to 7 are diagrams for explaining methods of performing a request of step S320 of FIG. 3 .
  • the electronic ID management unit 200 receives a request for issuing authentication information transmitted by the Omit platform 100 in step S410.
  • step S420 the electronic ID management unit 200 may retrieve the simplified authentication information requested for issuance from the authentication service provider 300.
  • step S430 the electronic ID management unit 200 may check discard information in the simple authentication information.
  • step S440 the electronic ID management unit 200 may provide pre-issued simple authentication information.
  • step S450 the electronic ID management unit 200 requests the decentralized identity authentication network 500 to issue new authentication information, and the decentralized identity authentication network 500 registers and issues the new authentication information. .
  • step S460 the electronic ID manager 200 generates and registers simple authentication information of the new authentication information with the authentication service provider 300.
  • step S470 the electronic ID management unit 200 may transmit the authentication information issuance process result to the Omit platform 100 and deliver it to the user.
  • the electronic ID management unit 200 receives the authentication information discard request transmitted by the Omit platform 100 in step S510.
  • step S520 the electronic ID management unit 200 may search the authentication service provider 300 for the simplified authentication information requested for issuance and check discard information.
  • step S530 If there is discarded information, since the electronic ID management unit 200 has already discarded authentication information in step S530, it can transmit the discarded information to the Omit platform 100 and deliver the discarded result to the user.
  • the electronic ID management unit 200 may store the revocation information in simple authentication information of the authentication service provider 300 in step S540. In addition, the electronic ID management unit 200 may register discarded information in the decentralized identification network 500 .
  • step S550 the electronic ID management unit 200 may transmit the discard information processing result to the Omit platform 100 and deliver it to the user.
  • the electronic ID management unit 200 receives an authentication information search request transmitted from the Omit platform 100 in step S610.
  • step S620 the electronic ID manager 200 may retrieve simple authentication information from the authentication service provider 300.
  • step S630 the electronic ID management unit 200 may transmit the search result of the authentication service provider 300 to the Omit platform 100 and deliver it to the user.
  • the electronic ID management unit 200 may receive an authentication information verification request transmitted from the Omit platform 100 in step S710.
  • step S720 the electronic ID management unit 200 searches the authentication service provider 300 for the simplified authentication information requested for issuance and checks discard information.
  • step S730 If there is discarded information, since the electronic ID management unit 200 has already discarded authentication information in step S730, it can transmit the already discarded result to the Omit platform 100 and deliver it to the user.
  • step S740 the electronic ID management unit 200 may request to retrieve authentication information from the decentralized identification network 500.
  • the decentralized identification network 500 can quickly search registered authentication information using a recommendation search artificial intelligence algorithm.
  • the electronic ID management unit 200 may request verification of the searched authentication information.
  • the electronic ID management unit 200 may receive the verification result of the decentralized identification network 500 and transmit the verification result to the Omit platform 100 to deliver the verification result to the user.
  • the above self-sovereign identity-based authentication service management method may be implemented as computer readable code on a computer readable medium.
  • the computer-readable recording medium may be, for example, a removable recording medium (CD, DVD, Blu-ray disc, USB storage device, removable hard disk) or a fixed recording medium (ROM, RAM, computer-equipped hard disk).
  • ROM, RAM, computer-equipped hard disk can
  • the computer program recorded on the computer-readable recording medium may be transmitted to another computing device through a network such as the Internet, installed in the other computing device, and thus used in the other computing device.
  • the present invention has industrial applicability as it proves identity without accessing a Decentralized Identifier (DID) network based on Self-sovereign Identity (SSI).
  • DID Decentralized Identifier
  • SSI Self-sovereign Identity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to an authentication service management technology and, more specifically, to a self-sovereign identity (SSI)-based authentication service management system that processes identity verification on the basis of the SSI without accessing a decentralized identifier (DID) network. According to one embodiment of the present invention, it is possible to conveniently verify identity on the basis of the SSI without accessing a blockchain while maintaining security.

Description

자기 주권 신원 기반 인증 서비스 관리 시스템Self-sovereign identity-based authentication service management system
본 발명은 인증 서비스 관리 기술에 관한 것으로, 더욱 상세하게는 자기 주권 신원(Self-sovereign Identity, SSI) 기반에서 탈중앙화 신원증명(Decentralized Identifier, DID) 네트워크에 접속하지 않고 신원증명에 대한 처리를 하는 자기 주권 신원 기반 인증 서비스 관리 시스템에 대한 것이다.The present invention relates to authentication service management technology, and more particularly, to process identity verification without accessing a decentralized identity (DID) network based on Self-sovereign Identity (SSI). It is about a self-sovereign identity-based authentication service management system.
탈중앙화 신원증명(Decentralized Identifier) 방식은 사용자가 발급 요청한 인증 정보를 발급자가 확인 및 발급하여 블록체인 네트워크에 등록하고, 사용자가 제출 및 검증 요청한 인증 정보를 등록한 블록체인 네트워크에서 조회하여 검증 처리하는 인증 처리 과정을 거치게 된다.In the Decentralized Identifier method, the issuer checks and issues the authentication information requested by the user, registers it in the blockchain network, and searches and verifies the authentication information submitted and requested by the user in the registered blockchain network. process will go through.
다양한 블록체인 네트워크가 발달함에 따라 이종의 블록체인 네트워크 환경을 사용하는 사용자도 증가하고 있다. 이종의 블록체인 네트워크 환경에서도 하나의 블록체인 네트워크에 등록된 사용자의 인증 정보를 확인하거나 검증을 할 수 없으므로 많은 불편함을 초래하고 있다. 많은 이종의 블록체인 네트워크 환경에서도 사용자의 인증 정보를 요청에 따라 확인하고 검증할 수 있는 기술을 필요로 하고 있다.As various blockchain networks develop, users using heterogeneous blockchain network environments are also increasing. Even in a heterogeneous blockchain network environment, authentication information of users registered in one blockchain network cannot be confirmed or verified, which causes a lot of inconvenience. Even in many heterogeneous blockchain network environments, a technology that can check and verify user authentication information upon request is required.
본 발명은 자기 주권 신원(Self-sovereign Identity, SSI) 기반으로 탈중앙화와 보안성을 제공하지만 블록체인에 접속하지 않고 편리하게 신원증명을 할 수 있는 안전한 인증 서비스 관리 시스템을 제공한다. The present invention provides a secure authentication service management system that provides decentralization and security based on Self-sovereign Identity (SSI), but can conveniently verify identity without access to a blockchain.
또한 본 발명은 최적의 검색 알고리즘 추천으로 탈중앙화 신원증명 조회, 검증에 처리속도를 높일 수 있는 자기 주권 신원 기반 인증 서비스 관리 시스템을 제공한다.In addition, the present invention provides a self-sovereign identity-based authentication service management system that can increase the processing speed of decentralized identity verification inquiry and verification by recommending an optimal search algorithm.
본 발명의 일 측면에 따르면, 자기 주권 신원 기반 인증 서비스 관리 시스템을 제공한다.According to one aspect of the present invention, a self-sovereign identity-based authentication service management system is provided.
본 발명의 일 실시 예에 따른 사용자에게 인증 서비스를 제공하는 오밋 플랫폼, 사용자의 요청에 따른 인증 서비스를 관리하는 전자아이디 관리부, 간략 인증 정보를 저장하고 관리하는 인증서비스 제공부 및 블록체인 기반의 탈중앙화 신원증명 네트워크를 포함할 수 있다.According to an embodiment of the present invention, an Omit platform that provides authentication services to users, an electronic ID management unit that manages authentication services according to user requests, an authentication service provider that stores and manages simple authentication information, and a blockchain-based It may include a centralized identity verification network.
본 발명의 다른 일 측면에 따르면, 자기 주권 신원 기반 인증 서비스 관리 방법 및 이를 실행하는 컴퓨터 프로그램을 제공한다.According to another aspect of the present invention, a self-sovereign identity-based authentication service management method and a computer program executing the same are provided.
본 발명의 일 실시 예에 따른 오밋 플랫폼을 통해 사용자의 요청을 수신하는 단계, 요청을 수행하는 단계 및 요청에 따른 결과를 오밋 플랫폼으로 전송하여 사용자에게 전달하는 단계를 포함할 수 있다.It may include receiving a user's request through the ORMIT platform according to an embodiment of the present invention, executing the request, and transmitting a result of the request to the ORMIT platform and delivering it to the user.
본 발명의 일 실시 예에 따르면, 자기 주권 신원(Self-sovereign Identity, SSI) 기반에서 블록체인에 접속하지 않고 보안성은 유지하면서 편리하게 신원증명을 할 수 있다.According to an embodiment of the present invention, it is possible to conveniently verify identity while maintaining security without accessing a blockchain based on Self-sovereign Identity (SSI).
또한 본 발명의 일 실시 예에 따르면, 최적의 검색 알고리즘을 추천하여 탈중앙화 신원증명 조회, 검증 처리속도를 증대 시킬 수 있다.In addition, according to an embodiment of the present invention, it is possible to increase decentralized identification inquiry and verification processing speed by recommending an optimal search algorithm.
도 1 내지 도 2는 본 발명의 일 실시 예에 따른 자기 주권 신원 기반 인증 서비스 관리 시스템을 간략하게 설명하기 위한 도면들.1 and 2 are diagrams for briefly explaining a self-sovereign identity-based authentication service management system according to an embodiment of the present invention.
도 3 내지 도 7은 본 발명의 일 실시 예에 따른 자기 주권 신원 기반 인증 서비스 관리 방법을 설명하기 위한 순서도들.3 to 7 are flowcharts for explaining a self-sovereign identity-based authentication service management method according to an embodiment of the present invention.
본 발명은 다양한 변경을 가할 수 있고 여러 가지 실시 예를 가질 수 있는 바, 특정 실시 예들을 도면에 예시하고 이를 상세한 설명을 통해 상세히 설명하고자 한다. 그러나, 이는 본 발명을 특정한 실시 형태에 대해 한정하려는 것이 아니며, 본 발명의 사상 및 기술 범위에 포함되는 모든 변경, 균등물 내지 대체물을 포함하는 것으로 이해되어야 한다. 본 발명을 설명함에 있어서, 관련된 공지 기술에 대한 구체적인 설명이 본 발명의 요지를 불필요하게 흐릴 수 있다고 판단되는 경우 그 상세한 설명을 생략한다. 또한, 본 명세서 및 청구항에서 사용되는 단수 표현은, 달리 언급하지 않는 한 일반적으로 "하나 이상"을 의미하는 것으로 해석되어야 한다.Since the present invention can make various changes and have various embodiments, specific embodiments are illustrated in the drawings and will be described in detail through detailed description. However, this is not intended to limit the present invention to specific embodiments, and should be understood to include all modifications, equivalents, and substitutes included in the spirit and scope of the present invention. In describing the present invention, if it is determined that a detailed description of related known technologies may unnecessarily obscure the subject matter of the present invention, the detailed description will be omitted. Also, as used in this specification and claims, the terms "a" and "an" are generally to be construed to mean "one or more" unless stated otherwise.
이하, 본 발명의 바람직한 실시 예를 첨부도면을 참조하여 상세히 설명하기로 하며, 첨부 도면을 참조하여 설명함에 있어, 동일하거나 대응하는 구성 요소는 동일한 도면번호를 부여하고 이에 대한 중복되는 설명은 생략하기로 한다.Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. do it with
도 1내지 도 2는 본 발명의 일 실시 예에 따른 자기 주권 신원 기반 인증 서비스 관리 시스템을 간략하게 설명하기 위한 도면들이다.1 and 2 are diagrams for briefly explaining a self-sovereign identity-based authentication service management system according to an embodiment of the present invention.
도 1내지 도 2를 참조하면, 자기 주권 신원 기반 인증 서비스 관리 시스템 (10)은 오밋 플랫폼(100), 전자아이디 관리부(200), 인증서비스 제공부(300), 알고리즘 추천부(400) 및 탈중앙화 신원증명 네트워크(500)를 포함할 수 있다.1 and 2, the self-sovereign identity-based authentication service management system 10 includes an Omit platform 100, an electronic ID management unit 200, an authentication service provider 300, an algorithm recommendation unit 400, and a A centralized identity authentication network 500 may be included.
오밋 플랫폼(100, OMIC Flatform)은 인증된 사용자에게 인증 서비스를 제공할 수 있다. 오밋 플랫폼(100)은 컴퓨터, 태블릿, 노트북, 핸드폰 등을 통해 인증 서비스를 요청할 수 있도록 사용자에게 제공되는 사용자 플랫폼이다. 사용자는 오밋 플랫폼(100)을 통해 인증 정보 조회, 등록, 폐기 등의 인증 서비스를 요청할 수 있다.The Omit platform (100, OMIC Flatform) may provide authentication services to authenticated users. The Omit platform 100 is a user platform provided to users so that they can request authentication services through computers, tablets, laptops, mobile phones, and the like. The user may request authentication services such as authentication information inquiry, registration, and revocation through the Omit platform 100.
전자아이디 관리부(200)는 오밋 플랫폼(100)을 통한 사용자의 요청에 따른 인증 서비스를 관리할 수 있다. The electronic ID management unit 200 may manage an authentication service according to a user's request through the Omit platform 100 .
전자아이디 관리부(200)는 인증서비스 제공부(300) 및 블록체인의 탈중앙화 신원증명 네트워크(500)를 통해 사용자 인증 정보의 조회, 등록, 폐기 및 검증 중 어느 하나의 인증 서비스를 관리할 수 있다.The electronic ID management unit 200 can manage any authentication service among inquiry, registration, cancellation, and verification of user authentication information through the authentication service provider 300 and the decentralized identity certification network 500 of the blockchain. .
인증서비스 제공부(300)는 탈중앙화 신원증명 네트워크(500)에 접속하여 인증 정보를 조회하지 않아도 저장된 간략 인증 정보를 이용해 인증 서비스를 제공할 수 있다. The authentication service providing unit 300 may provide authentication service using stored simple authentication information without accessing the decentralized identification network 500 and searching for authentication information.
인증서비스 제공부(300)는 인증 서비스를 제공하기 위해 탈중앙화 신원증명 네트워크(500)에 등록된 인증 정보 중에 간략 인증 정보를 저장하고 관리할 수 있다. 예를 들면 인증서비스 제공부(300)에 저장된 간략 인증 정보는 증명타입, 증명코드. 발급일, 발급시간, 폐기 정보 중 어느 하나 이상을 포함할 수 있다.The authentication service provider 300 may store and manage simple authentication information among authentication information registered in the decentralized identification network 500 to provide authentication services. For example, the simple authentication information stored in the authentication service provider 300 includes a proof type and a proof code. Any one or more of issue date, issue time, and discard information may be included.
본 발명은 탈중앙화 신원증명 네트워크(500)를 통하지 않고도 인증서비스 제공부(300)에 포함된 간략 인증 정보를 이용해 해당 인증 정보가 있는 탈중앙화 신원증명 네트워크(500)를 빠르게 찾을 수 있다.According to the present invention, the decentralized identification network 500 having corresponding authentication information can be quickly found by using simple authentication information included in the authentication service provider 300 without going through the decentralized identification network 500 .
알고리즘 추천부(400)는 인증서비스 제공부(300)에서 관리되는 증명코드, 발급일, 발급 시간 등의 간략 인증 정보를 기반으로 내용기반 인공지능의 내용기반 알고리즘을 사용하여 최적의 검색 알고리즘을 추천할 수 있다. 예를 들면 알고리즘 추천부(400)는 최단 경로를 탐색해주는 AI(인공 지능)알고리즘을 추천할 수 있다. 알고리즘 추천부(400)가 추천한 최적의 검색 알고리즘을 이용해 탈중앙화 신원증명 조회, 검증, 폐기 등에 관한 처리 속도를 높일 수 있다.The algorithm recommendation unit 400 recommends an optimal search algorithm using a content-based algorithm of content-based artificial intelligence based on simple authentication information such as proof code, issue date, and issue time managed by the authentication service provider 300. can For example, the algorithm recommendation unit 400 may recommend an artificial intelligence (AI) algorithm that searches for the shortest path. Using the optimal search algorithm recommended by the algorithm recommendation unit 400, processing speed for decentralized identity verification, verification, and discard can be increased.
탈중앙화 신원증명 네트워크(500)는 신뢰할 만한 최소의 정보와 방법을 이용해 개인이 주권을 가지고 자신의 신원을 관리 및 활용할 수 있다. 탈중앙화 신원증명은 정보의 위 변조가 어려운 블록체인 기반으로 수행될 수 있다.The decentralized identity verification network 500 allows individuals to manage and utilize their identities with sovereignty using minimum reliable information and methods. Decentralized identity verification can be performed based on a blockchain that is difficult to falsify or falsify information.
도 3 내지 도 7은 본 발명의 일 실시 예에 따른 자기 주권 신원 기반 인증 서비스 관리 방법을 설명하기 위한 순서도들이다.3 to 7 are flowcharts for explaining a self-sovereign identity-based authentication service management method according to an embodiment of the present invention.
도 3을 참조하면, 단계 S310에서 자기 주권 신원 기반 인증 서비스 관리 시스템(10)은 오밋 플랫폼(100)을 통해 사용자의 요청을 수신할 수 있다.Referring to FIG. 3 , in step S310, the self-sovereign identity-based authentication service management system 10 may receive a user's request through the ORMIT platform 100.
단계 S320에서 자기 주권 신원 기반 인증 서비스 관리 시스템(10)은 사용자의 요청에 따라 인증 서비스를 수행할 수 있다.In step S320, the self-sovereign identity-based authentication service management system 10 may perform the authentication service according to the user's request.
단계 S330에서 자기 주권 신원 기반 인증 서비스 관리 시스템(10)은 요청에 따른 수행 결과를 오밋 플랫폼으로 전송하여 사용자에게 전달할 수 있다. In step S330, the self-sovereign identity-based authentication service management system 10 may transmit the execution result according to the request to the ORMIT platform and deliver it to the user.
자세히 설명하면, 도 4 내지 도 7은 도 3의 단계S320의 요청에 따른 수행 방법들을 설명하기 위한 도면들이다.In detail, FIGS. 4 to 7 are diagrams for explaining methods of performing a request of step S320 of FIG. 3 .
도 4을 참조하면, 전자아이디 관리부(200)는 단계 S410에서 오밋 플랫폼(100)이 전송하는 인증 정보 발급 요청을 수신한다.Referring to FIG. 4 , the electronic ID management unit 200 receives a request for issuing authentication information transmitted by the Omit platform 100 in step S410.
단계 S420에서 전자아이디 관리부(200)는 발급 요청된 간략 인증 정보를 인증서비스 제공부(300)에서 검색할 수 있습니다. In step S420, the electronic ID management unit 200 may retrieve the simplified authentication information requested for issuance from the authentication service provider 300.
간략 인증 정보가 있는 경우 단계 S430에서 전자아이디 관리부(200)는 간략 인증 정보에서 폐기 정보를 확인할 수 있다.If there is simple authentication information, in step S430, the electronic ID management unit 200 may check discard information in the simple authentication information.
폐기 정보가 없다면 단계 S440에서 전자아이디 관리부(200)는 기 발급된 간략 인증 정보를 제공할 수 있다.If there is no revocation information, in step S440, the electronic ID management unit 200 may provide pre-issued simple authentication information.
간략 인증 정보가 없는 경우 단계 S450에서 전자아이디 관리부(200)는 탈중앙화 신원증명 네트워크(500)에 신규 인증 정보 발급을 요청하고, 탈중앙화 신원증명 네트워크(500)는 신규 인증 정보를 등록하여 발급한다.If there is no simple authentication information, in step S450, the electronic ID management unit 200 requests the decentralized identity authentication network 500 to issue new authentication information, and the decentralized identity authentication network 500 registers and issues the new authentication information. .
단계 S460에서 전자아이디 관리부(200)는 신규 인증 정보의 간략 인증 정보를 인증서비스 제공부(300)에 생성하여 등록한다.In step S460, the electronic ID manager 200 generates and registers simple authentication information of the new authentication information with the authentication service provider 300.
단계 S470에서 전자아이디 관리부(200)는 인증 정보 발급 처리 결과를 오밋 플랫폼(100)으로 전송하여 사용자에게 전달할 수 있다.In step S470, the electronic ID management unit 200 may transmit the authentication information issuance process result to the Omit platform 100 and deliver it to the user.
도 5를 참조하면, 전자아이디 관리부(200)는 단계 S510에서 오밋 플랫폼(100)이 전송하는 인증 정보 폐기 요청을 수신한다.Referring to FIG. 5 , the electronic ID management unit 200 receives the authentication information discard request transmitted by the Omit platform 100 in step S510.
단계 S520에서 전자아이디 관리부(200)는 발급 요청된 간략 인증 정보를 인증서비스 제공부(300)에서 검색하여 폐기 정보를 확인할 수 있다.In step S520, the electronic ID management unit 200 may search the authentication service provider 300 for the simplified authentication information requested for issuance and check discard information.
폐기 정보가 있다면, 단계 S530에서 전자아이디 관리부(200)는 이미 폐기된 인증 정보이므로 오밋 플랫폼(100)으로 전송하여 사용자에게 이미 폐기된 결과를 전달할 수 있다.If there is discarded information, since the electronic ID management unit 200 has already discarded authentication information in step S530, it can transmit the discarded information to the Omit platform 100 and deliver the discarded result to the user.
폐기 정보가 없다면, 단계 S540에서 전자아이디 관리부(200)는 폐기 정보를 인증서비스 제공부(300)의 간략 인증 정보에 저장할 수 있다. 또한 전자아이디 관리부(200)는 폐기 정보를 탈중앙화 신원증명 네트워크(500)에 등록할 수 있다.If there is no revocation information, the electronic ID management unit 200 may store the revocation information in simple authentication information of the authentication service provider 300 in step S540. In addition, the electronic ID management unit 200 may register discarded information in the decentralized identification network 500 .
단계 S550에서 전자아이디 관리부(200)는 폐기 정보 처리 결과는 오밋 플랫폼(100)으로 전송하여 사용자에게 전달할 수 있다.In step S550, the electronic ID management unit 200 may transmit the discard information processing result to the Omit platform 100 and deliver it to the user.
도 6을 참조하면, 전자아이디 관리부(200)는 단계 S610에서 오밋 플랫폼(100)이 전송하는 인증 정보 조회 요청을 수신한다.Referring to FIG. 6 , the electronic ID management unit 200 receives an authentication information search request transmitted from the Omit platform 100 in step S610.
단계 S620에서 전자아이디 관리부(200)는 인증서비스 제공부(300)에서 간략 인증 정보를 검색할 수 있다.In step S620, the electronic ID manager 200 may retrieve simple authentication information from the authentication service provider 300.
단계 S630에서 전자아이디 관리부(200)는 인증서비스 제공부(300)의 검색 결과를 오밋 플랫폼(100)으로 전송하여 사용자에게 전달할 수 있다.In step S630, the electronic ID management unit 200 may transmit the search result of the authentication service provider 300 to the Omit platform 100 and deliver it to the user.
도 7을 참조하면, 전자아이디 관리부(200)는 단계 S710에서 오밋 플랫폼(100)이 전송하는 인증 정보 검증 요청을 수신할 수 있다.Referring to FIG. 7 , the electronic ID management unit 200 may receive an authentication information verification request transmitted from the Omit platform 100 in step S710.
단계 S720에서 전자아이디 관리부(200)는 발급 요청된 간략 인증 정보를 인증서비스 제공부(300)에서 검색하여 폐기 정보를 확인할 수 있다.In step S720, the electronic ID management unit 200 searches the authentication service provider 300 for the simplified authentication information requested for issuance and checks discard information.
폐기 정보가 있다면, 단계 S730에서 전자아이디 관리부(200)는 이미 폐기된 인증 정보이므로 오밋 플랫폼(100)에 이미 폐기된 결과를 전송하여 사용자에게 전달할 수 있다.If there is discarded information, since the electronic ID management unit 200 has already discarded authentication information in step S730, it can transmit the already discarded result to the Omit platform 100 and deliver it to the user.
폐기 정보가 없다면, 단계 S740에서 전자아이디 관리부(200)는 탈중앙화 신원증명 네트워크(500)에서 인증 정보를 검색하도록 요청할 수 있다. 이 때 탈중앙화 신원증명 네트워크(500)는 추천 검색 인공 지능 알고리즘을 이용해 등록된 인증 정보를 신속하게 검색할 수 있다.If there is no revocation information, in step S740, the electronic ID management unit 200 may request to retrieve authentication information from the decentralized identification network 500. At this time, the decentralized identification network 500 can quickly search registered authentication information using a recommendation search artificial intelligence algorithm.
단계 S750에서 전자아이디 관리부(200)는 검색된 인증 정보에 대한 검증을 수행하도록 요청할 수 있다. 전자아이디 관리부(200)는 탈중앙화 신원증명 네트워크(500)의 검증 결과를 수신하고 오밋 플랫폼(100)으로 전송하여 사용자에게 검증 결과는 전달할 수 있다.In step S750, the electronic ID management unit 200 may request verification of the searched authentication information. The electronic ID management unit 200 may receive the verification result of the decentralized identification network 500 and transmit the verification result to the Omit platform 100 to deliver the verification result to the user.
상술한 자기 주권 신원 기반 인증 서비스 관리 방법은 컴퓨터가 읽을 수 있는 매체 상에 컴퓨터가 읽을 수 있는 코드로 구현될 수 있다. 상기 컴퓨터로 읽을 수 있는 기록 매체는, 예를 들어 이동형 기록 매체(CD, DVD, 블루레이 디스크, USB 저장 장치, 이동식 하드 디스크)이거나, 고정식 기록 매체(ROM, RAM, 컴퓨터 구비형 하드 디스크)일 수 있다. 상기 컴퓨터로 읽을 수 있는 기록 매체에 기록된 상기 컴퓨터 프로그램은 인터넷 등의 네트워크를 통하여 다른 컴퓨팅 장치에 전송되어 상기 다른 컴퓨팅 장치에 설치될 수 있고, 이로써 상기 다른 컴퓨팅 장치에서 사용될 수 있다.The above self-sovereign identity-based authentication service management method may be implemented as computer readable code on a computer readable medium. The computer-readable recording medium may be, for example, a removable recording medium (CD, DVD, Blu-ray disc, USB storage device, removable hard disk) or a fixed recording medium (ROM, RAM, computer-equipped hard disk). can The computer program recorded on the computer-readable recording medium may be transmitted to another computing device through a network such as the Internet, installed in the other computing device, and thus used in the other computing device.
이상에서, 본 발명의 실시 예를 구성하는 모든 구성 요소들이 하나로 결합되거나 결합되어 동작하는 것으로 설명되었다고 해서, 본 발명이 반드시 이러한 실시 예에 한정되는 것은 아니다. 즉, 본 발명의 목적 범위안에서라면, 그 모든 구성요소들이 하나 이상으로 선택적으로 결합하여 동작할 수도 있다.In the above, even though all the components constituting the embodiment of the present invention have been described as being combined or operated as one, the present invention is not necessarily limited to these embodiments. That is, within the scope of the object of the present invention, all of the components may be selectively combined with one or more to operate.
도면에서 동작들이 특정한 순서로 도시되어 있지만, 반드시 동작들이 도시된 특정한 순서로 또는 순차적 순서로 실행되어야만 하거나 또는 모든 도시 된 동작들이 실행되어야만 원하는 결과를 얻을 수 있는 것으로 이해되어서는 안 된다. 특정 상황에서는, 멀티태스킹 및 병렬 처리가 유리할 수도 있다. 더욱이, 위에 설명한 실시 예 들에서 다양한 구성들의 분리는 그러한 분리가 반드시 필요한 것으로 이해되어서는 안 되고, 설명된 프로그램 컴포넌트들 및 시스템들은 일반적으로 단일 소프트웨어 제품으로 함께 통합되거나 다수의 소프트웨어 제품으로 패키지 될 수 있음을 이해하여야 한다.Although actions are shown in a particular order in the drawings, it should not be understood that the actions must be performed in the specific order shown or in a sequential order, or that all shown actions must be performed to obtain a desired result. In certain circumstances, multitasking and parallel processing may be advantageous. Moreover, the separation of the various components in the embodiments described above should not be construed as requiring such separation, and the described program components and systems may generally be integrated together into a single software product or packaged into multiple software products. It should be understood that there is
이제까지 본 발명에 대하여 그 실시 예들을 중심으로 살펴보았다. 본 발명이 속하는 기술 분야에서 통상의 지식을 가진 자는 본 발명이 본 발명의 본질적인 특성에서 벗어나지 않는 범위에서 변형된 형태로 구현될 수 있음을 이해할 수 있을 것이다. 그러므로 개시된 실시 예들은 한정적인 관점이 아니라 설명적인 관점에서 고려되어야 한다. 본 발명의 범위는 전술한 설명이 아니라 특허청구범위에 나타나 있으며, 그와 동등한 범위 내에 있는 모든 차이점은 본 발명에 포함된 것으로 해석되어야 할 것이다.So far, the present invention has been looked at mainly by its embodiments. Those of ordinary skill in the art to which the present invention pertains will understand that the present invention can be implemented in a modified form without departing from the essential characteristics of the present invention. Therefore, the disclosed embodiments should be considered from a descriptive point of view rather than a limiting point of view. The scope of the present invention is shown in the claims rather than the foregoing description, and all differences within the equivalent scope will be construed as being included in the present invention.
발명의 실시를 위한 형태는 위의 발명의 실시를 위한 최선의 형태에서 함께 기술되었다.Modes for carrying out the invention have been described together in the best mode for carrying out the invention above.
본 발명은 자기 주권 신원(Self-sovereign Identity, SSI) 기반에서 탈중앙화 신원증명(Decentralized Identifier, DID) 네트워크에 접속하지 않고 신원증명하는 것으로 산업상의 이용가능성이 있다.The present invention has industrial applicability as it proves identity without accessing a Decentralized Identifier (DID) network based on Self-sovereign Identity (SSI).

Claims (5)

  1. 자기 주권 신원 기반 인증 서비스 관리 시스템에 있어서, In the self-sovereign identity-based authentication service management system,
    사용자에게 인증 서비스를 제공하는 오밋 플랫폼;Omit platform that provides authentication services to users;
    상기 사용자의 요청에 따른 인증 서비스를 관리하는 전자아이디 관리부;an electronic ID management unit that manages an authentication service according to the user's request;
    간략 인증 정보를 저장하고 관리하는 인증서비스 제공부; 및An authentication service provider that stores and manages simple authentication information; and
    블록체인 기반의 탈중앙화 신원증명 네트워크를 포함하는 자기 주권 신원 기반 인증 서비스 관리 시스템.A self-sovereign identity-based authentication service management system that includes a blockchain-based decentralized identity certification network.
  2. 제1항에 있어서,According to claim 1,
    상기 전자아이디 관리부는The electronic ID management unit
    사용자 인증 정보의 조회, 등록, 폐기 및 검증 중 어느 하나 이상을 포함하는 인증 서비스를 관리하는 자기 주권 신원 기반 인증 서비스 관리 시스템.A self-sovereign identity-based authentication service management system that manages authentication services including any one or more of inquiry, registration, revocation, and verification of user authentication information.
  3. 자기 주권 신원 기반 인증 서비스 관리 시스템이 수행하는 방법에 있어서, In the method performed by the self-sovereign identity-based authentication service management system,
    오밋 플랫폼을 통해 사용자의 요청을 수신하는 단계;Receiving a user's request through the Omit platform;
    상기 요청을 수행하는 단계 및performing the request; and
    상기 요청에 따른 결과를 오밋 플랫폼으로 전송하여 사용자에게 전달하는 단계를 포함하는 자기 주권 신원 기반 인증 서비스 관리 방법.A self-sovereign identity-based authentication service management method comprising the step of transmitting a result of the request to the Omit platform and delivering it to the user.
  4. 제3항에 있어서,According to claim 3,
    상기 요청을 수행하는 단계는 The steps to make the request are
    인증 정보의 조회, 등록, 폐기 및 검증 중 어느 하나 이상의 인증 서비스를 포함하는 자기 주권 신원 기반 인증 서비스 관리 방법.A self-sovereign identity-based authentication service management method comprising at least one authentication service of inquiry, registration, revocation, and verification of authentication information.
  5. 제3항 및 제4항의 자기 주권 신원 기반 인증 서비스 관리 방법 중 어느 하나를 실행하고 컴퓨터가 판독 가능한 기록매체에 기록된 컴퓨터 프로그램.A computer program that executes any one of the self-sovereign identity-based authentication service management methods of claims 3 and 4 and is recorded on a computer-readable recording medium.
PCT/KR2022/002255 2022-01-12 2022-02-16 Self-sovereign identity-based authentication service management system WO2023136393A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2022-0004724 2022-01-12
KR1020220004724A KR20230108953A (en) 2022-01-12 2022-01-12 System and method for authentication service management based self-sovereign identity

Publications (1)

Publication Number Publication Date
WO2023136393A1 true WO2023136393A1 (en) 2023-07-20

Family

ID=87279205

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2022/002255 WO2023136393A1 (en) 2022-01-12 2022-02-16 Self-sovereign identity-based authentication service management system

Country Status (2)

Country Link
KR (1) KR20230108953A (en)
WO (1) WO2023136393A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019152119A1 (en) * 2018-02-01 2019-08-08 Intel Corporation Distributed self sovereign identities for network function virtualization
US20200195436A1 (en) * 2016-02-15 2020-06-18 Sal Khan System and method, which using blockchain and mobile devices, provides the validated and authenticated identity of an individual to a valid and authenticated requestor
KR20200101490A (en) * 2019-01-29 2020-08-28 (주)티비스톰 Method and platform for performing transaction for data managed with blockchain
KR20200115724A (en) * 2019-03-15 2020-10-08 홍상선 Method for user authentication having enhanced reliability and security
KR102302097B1 (en) * 2021-01-06 2021-09-15 이화여자대학교 산학협력단 System and method for providing decentralized identity service for corporation based on block chain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102090025B1 (en) 2019-05-29 2020-03-17 (주)가민정보시스템 Blockchain network system for Internetworking in Heterogeneous Platforms and Method for Generating Block Chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200195436A1 (en) * 2016-02-15 2020-06-18 Sal Khan System and method, which using blockchain and mobile devices, provides the validated and authenticated identity of an individual to a valid and authenticated requestor
WO2019152119A1 (en) * 2018-02-01 2019-08-08 Intel Corporation Distributed self sovereign identities for network function virtualization
KR20200101490A (en) * 2019-01-29 2020-08-28 (주)티비스톰 Method and platform for performing transaction for data managed with blockchain
KR20200115724A (en) * 2019-03-15 2020-10-08 홍상선 Method for user authentication having enhanced reliability and security
KR102302097B1 (en) * 2021-01-06 2021-09-15 이화여자대학교 산학협력단 System and method for providing decentralized identity service for corporation based on block chain

Also Published As

Publication number Publication date
KR20230108953A (en) 2023-07-19

Similar Documents

Publication Publication Date Title
WO2020149586A1 (en) Method and device for providing service in which single service is provided by determining whether plurality of users are in agreement
WO2011062364A2 (en) User authentication system, user authentication apparatus, smart card, and user authentication method for ubiquitous authentication management
CN101331496A (en) System and method for associating security information with information objects in a data processing system
CN101331495A (en) Reference monitor system and method for enforcing information flow policies
WO2014069787A1 (en) Security through metadata orchestrators
WO2012144849A2 (en) Access authentication method for multiple devices and platforms
WO2014185594A1 (en) Single sign-on system and method in vdi environment
US11258771B2 (en) Systems and methods for sending user data from a trusted party to a third party using a distributed registry
WO2018216988A1 (en) Security authentication system and security authentication method for creating security key by combining authentication factors of multiple users
WO2013024986A2 (en) Network identifier position determining system and method for same
WO2018160039A1 (en) Automatic authentication processing method and system using dividing function
WO2022045419A1 (en) Blockchain-network-based driver license authentication service method using decentralized id, and user terminal for performing driver license authentication service
WO2018016678A1 (en) System and method for managing user information acquired on basis of iot in cloud environment
WO2010068057A1 (en) Apparatus for managing identity data and method thereof
WO2024090845A1 (en) Method for authenticating ownership of blockchain wallet without signature function, and system using same
WO2023136393A1 (en) Self-sovereign identity-based authentication service management system
AU2020364879B2 (en) Blockchain data search method
WO2012169752A2 (en) Authentication system and method for device attempting connection
WO2020153580A1 (en) Method for processing transaction using external node on blockchain and apparatus for performing method
WO2018216991A1 (en) Security authentication method for creating security key by combining authentication factors of multiple users
WO2021025403A2 (en) Security key management method and security key management server
WO2016108478A1 (en) Method for managing data access, computer program therefor, and recording medium thereof
WO2013151369A1 (en) Method and system for providing game service using virtual ip in pc gaming center
WO2013151371A1 (en) System and method for determining service registration ip of pc room
CN109409059A (en) A kind of block chain right management method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22920726

Country of ref document: EP

Kind code of ref document: A1