WO2023136393A1 - Système de gestion de service d'authentification basé sur l'identité autonome - Google Patents

Système de gestion de service d'authentification basé sur l'identité autonome Download PDF

Info

Publication number
WO2023136393A1
WO2023136393A1 PCT/KR2022/002255 KR2022002255W WO2023136393A1 WO 2023136393 A1 WO2023136393 A1 WO 2023136393A1 KR 2022002255 W KR2022002255 W KR 2022002255W WO 2023136393 A1 WO2023136393 A1 WO 2023136393A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication service
self
identity
service management
authentication
Prior art date
Application number
PCT/KR2022/002255
Other languages
English (en)
Korean (ko)
Inventor
이형호
Original Assignee
(주)가민정보시스템
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)가민정보시스템 filed Critical (주)가민정보시스템
Publication of WO2023136393A1 publication Critical patent/WO2023136393A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present invention relates to authentication service management technology, and more particularly, to process identity verification without accessing a decentralized identity (DID) network based on Self-sovereign Identity (SSI). It is about a self-sovereign identity-based authentication service management system.
  • DID decentralized identity
  • SSI Self-sovereign Identity
  • the issuer checks and issues the authentication information requested by the user, registers it in the blockchain network, and searches and verifies the authentication information submitted and requested by the user in the registered blockchain network. process will go through.
  • the present invention provides a secure authentication service management system that provides decentralization and security based on Self-sovereign Identity (SSI), but can conveniently verify identity without access to a blockchain.
  • SSI Self-sovereign Identity
  • the present invention provides a self-sovereign identity-based authentication service management system that can increase the processing speed of decentralized identity verification inquiry and verification by recommending an optimal search algorithm.
  • a self-sovereign identity-based authentication service management system is provided.
  • an Omit platform that provides authentication services to users, an electronic ID management unit that manages authentication services according to user requests, an authentication service provider that stores and manages simple authentication information, and a blockchain-based It may include a centralized identity verification network.
  • a self-sovereign identity-based authentication service management method and a computer program executing the same are provided.
  • It may include receiving a user's request through the ORMIT platform according to an embodiment of the present invention, executing the request, and transmitting a result of the request to the ORMIT platform and delivering it to the user.
  • SSI Self-sovereign Identity
  • FIGS. 1 and 2 are diagrams for briefly explaining a self-sovereign identity-based authentication service management system according to an embodiment of the present invention.
  • 3 to 7 are flowcharts for explaining a self-sovereign identity-based authentication service management method according to an embodiment of the present invention.
  • FIGS. 1 and 2 are diagrams for briefly explaining a self-sovereign identity-based authentication service management system according to an embodiment of the present invention.
  • the self-sovereign identity-based authentication service management system 10 includes an Omit platform 100, an electronic ID management unit 200, an authentication service provider 300, an algorithm recommendation unit 400, and a A centralized identity authentication network 500 may be included.
  • the Omit platform (100, OMIC Flatform) may provide authentication services to authenticated users.
  • the Omit platform 100 is a user platform provided to users so that they can request authentication services through computers, tablets, laptops, mobile phones, and the like.
  • the user may request authentication services such as authentication information inquiry, registration, and revocation through the Omit platform 100.
  • the electronic ID management unit 200 may manage an authentication service according to a user's request through the Omit platform 100 .
  • the electronic ID management unit 200 can manage any authentication service among inquiry, registration, cancellation, and verification of user authentication information through the authentication service provider 300 and the decentralized identity certification network 500 of the blockchain. .
  • the authentication service providing unit 300 may provide authentication service using stored simple authentication information without accessing the decentralized identification network 500 and searching for authentication information.
  • the authentication service provider 300 may store and manage simple authentication information among authentication information registered in the decentralized identification network 500 to provide authentication services.
  • the simple authentication information stored in the authentication service provider 300 includes a proof type and a proof code. Any one or more of issue date, issue time, and discard information may be included.
  • the decentralized identification network 500 having corresponding authentication information can be quickly found by using simple authentication information included in the authentication service provider 300 without going through the decentralized identification network 500 .
  • the algorithm recommendation unit 400 recommends an optimal search algorithm using a content-based algorithm of content-based artificial intelligence based on simple authentication information such as proof code, issue date, and issue time managed by the authentication service provider 300.
  • the algorithm recommendation unit 400 may recommend an artificial intelligence (AI) algorithm that searches for the shortest path.
  • AI artificial intelligence
  • the decentralized identity verification network 500 allows individuals to manage and utilize their identities with sovereignty using minimum reliable information and methods. Decentralized identity verification can be performed based on a blockchain that is difficult to falsify or falsify information.
  • 3 to 7 are flowcharts for explaining a self-sovereign identity-based authentication service management method according to an embodiment of the present invention.
  • the self-sovereign identity-based authentication service management system 10 may receive a user's request through the ORMIT platform 100.
  • step S320 the self-sovereign identity-based authentication service management system 10 may perform the authentication service according to the user's request.
  • step S330 the self-sovereign identity-based authentication service management system 10 may transmit the execution result according to the request to the ORMIT platform and deliver it to the user.
  • FIGS. 4 to 7 are diagrams for explaining methods of performing a request of step S320 of FIG. 3 .
  • the electronic ID management unit 200 receives a request for issuing authentication information transmitted by the Omit platform 100 in step S410.
  • step S420 the electronic ID management unit 200 may retrieve the simplified authentication information requested for issuance from the authentication service provider 300.
  • step S430 the electronic ID management unit 200 may check discard information in the simple authentication information.
  • step S440 the electronic ID management unit 200 may provide pre-issued simple authentication information.
  • step S450 the electronic ID management unit 200 requests the decentralized identity authentication network 500 to issue new authentication information, and the decentralized identity authentication network 500 registers and issues the new authentication information. .
  • step S460 the electronic ID manager 200 generates and registers simple authentication information of the new authentication information with the authentication service provider 300.
  • step S470 the electronic ID management unit 200 may transmit the authentication information issuance process result to the Omit platform 100 and deliver it to the user.
  • the electronic ID management unit 200 receives the authentication information discard request transmitted by the Omit platform 100 in step S510.
  • step S520 the electronic ID management unit 200 may search the authentication service provider 300 for the simplified authentication information requested for issuance and check discard information.
  • step S530 If there is discarded information, since the electronic ID management unit 200 has already discarded authentication information in step S530, it can transmit the discarded information to the Omit platform 100 and deliver the discarded result to the user.
  • the electronic ID management unit 200 may store the revocation information in simple authentication information of the authentication service provider 300 in step S540. In addition, the electronic ID management unit 200 may register discarded information in the decentralized identification network 500 .
  • step S550 the electronic ID management unit 200 may transmit the discard information processing result to the Omit platform 100 and deliver it to the user.
  • the electronic ID management unit 200 receives an authentication information search request transmitted from the Omit platform 100 in step S610.
  • step S620 the electronic ID manager 200 may retrieve simple authentication information from the authentication service provider 300.
  • step S630 the electronic ID management unit 200 may transmit the search result of the authentication service provider 300 to the Omit platform 100 and deliver it to the user.
  • the electronic ID management unit 200 may receive an authentication information verification request transmitted from the Omit platform 100 in step S710.
  • step S720 the electronic ID management unit 200 searches the authentication service provider 300 for the simplified authentication information requested for issuance and checks discard information.
  • step S730 If there is discarded information, since the electronic ID management unit 200 has already discarded authentication information in step S730, it can transmit the already discarded result to the Omit platform 100 and deliver it to the user.
  • step S740 the electronic ID management unit 200 may request to retrieve authentication information from the decentralized identification network 500.
  • the decentralized identification network 500 can quickly search registered authentication information using a recommendation search artificial intelligence algorithm.
  • the electronic ID management unit 200 may request verification of the searched authentication information.
  • the electronic ID management unit 200 may receive the verification result of the decentralized identification network 500 and transmit the verification result to the Omit platform 100 to deliver the verification result to the user.
  • the above self-sovereign identity-based authentication service management method may be implemented as computer readable code on a computer readable medium.
  • the computer-readable recording medium may be, for example, a removable recording medium (CD, DVD, Blu-ray disc, USB storage device, removable hard disk) or a fixed recording medium (ROM, RAM, computer-equipped hard disk).
  • ROM, RAM, computer-equipped hard disk can
  • the computer program recorded on the computer-readable recording medium may be transmitted to another computing device through a network such as the Internet, installed in the other computing device, and thus used in the other computing device.
  • the present invention has industrial applicability as it proves identity without accessing a Decentralized Identifier (DID) network based on Self-sovereign Identity (SSI).
  • DID Decentralized Identifier
  • SSI Self-sovereign Identity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

La présente invention porte sur une technologie de gestion de service d'authentification et, plus spécifiquement, sur un système de gestion de service d'authentification basé sur une identité autonome (SSI) qui traite une vérification d'identité sur la base du SSI sans accéder à un réseau d'identifiant décentralisé (DID). Selon un mode de réalisation de la présente invention, il est possible de vérifier de manière pratique l'identité sur la base du SSI sans accéder à une chaîne de blocs tout en maintenant la sécurité.
PCT/KR2022/002255 2022-01-12 2022-02-16 Système de gestion de service d'authentification basé sur l'identité autonome WO2023136393A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2022-0004724 2022-01-12
KR1020220004724A KR20230108953A (ko) 2022-01-12 2022-01-12 자기 주권 신원 기반 인증 서비스 관리 시스템

Publications (1)

Publication Number Publication Date
WO2023136393A1 true WO2023136393A1 (fr) 2023-07-20

Family

ID=87279205

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2022/002255 WO2023136393A1 (fr) 2022-01-12 2022-02-16 Système de gestion de service d'authentification basé sur l'identité autonome

Country Status (2)

Country Link
KR (1) KR20230108953A (fr)
WO (1) WO2023136393A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019152119A1 (fr) * 2018-02-01 2019-08-08 Intel Corporation Identités autonomes distribuées pour virtualisation de fonction de réseau
US20200195436A1 (en) * 2016-02-15 2020-06-18 Sal Khan System and method, which using blockchain and mobile devices, provides the validated and authenticated identity of an individual to a valid and authenticated requestor
KR20200101490A (ko) * 2019-01-29 2020-08-28 (주)티비스톰 블록체인으로 관리되는 데이터의 거래 방법 및 그 플랫폼
KR20200115724A (ko) * 2019-03-15 2020-10-08 홍상선 신뢰성 및 보안성이 강화된 사용자 인증 방법
KR102302097B1 (ko) * 2021-01-06 2021-09-15 이화여자대학교 산학협력단 블록체인 기반 법인did 서비스 제공 시스템 및 방법

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102090025B1 (ko) 2019-05-29 2020-03-17 (주)가민정보시스템 이종의 블록체인 플랫폼 간의 연동이 가능한 블록체인 네트워크 시스템 및 이를 이용한 블록체인 생성방법

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200195436A1 (en) * 2016-02-15 2020-06-18 Sal Khan System and method, which using blockchain and mobile devices, provides the validated and authenticated identity of an individual to a valid and authenticated requestor
WO2019152119A1 (fr) * 2018-02-01 2019-08-08 Intel Corporation Identités autonomes distribuées pour virtualisation de fonction de réseau
KR20200101490A (ko) * 2019-01-29 2020-08-28 (주)티비스톰 블록체인으로 관리되는 데이터의 거래 방법 및 그 플랫폼
KR20200115724A (ko) * 2019-03-15 2020-10-08 홍상선 신뢰성 및 보안성이 강화된 사용자 인증 방법
KR102302097B1 (ko) * 2021-01-06 2021-09-15 이화여자대학교 산학협력단 블록체인 기반 법인did 서비스 제공 시스템 및 방법

Also Published As

Publication number Publication date
KR20230108953A (ko) 2023-07-19

Similar Documents

Publication Publication Date Title
WO2020149586A1 (fr) Procédé et dispositif de fourniture d'un service dans lequel un service unique est fourni en déterminant si une pluralité d'utilisateurs sont en accord
WO2011062364A2 (fr) Système et appareil d'authentification d'utilisateur, carte intelligente et procédé d'authentification d'utilisateur pour une gestion d'authentification universelle
CN101331496A (zh) 用于在数据处理系统中将安全信息与信息对象关联起来的系统和方法
CN101331495A (zh) 用于实行信息流策略的引用监控机系统和方法
WO2014069787A1 (fr) Sécurité par le biais d'orchestrateurs de métadonnées
WO2012144849A2 (fr) Procédé d'authentification d'accès pour multiples dispositifs et plateformes
WO2014185594A1 (fr) Système et procédé à authentification unique dans un environnement vdi
US11258771B2 (en) Systems and methods for sending user data from a trusted party to a third party using a distributed registry
WO2018216988A1 (fr) Système d'authentification de sécurité et procédé d'authentification de sécurité destinés à créer une clé de sécurité par combinaison de facteurs d'authentification de multiples utilisateurs
WO2013024986A2 (fr) Système de détermination de position d'identifiant de réseau et procédé associé
WO2018160039A1 (fr) Procédé et système de traitement d'authentification automatique utilisant une fonction de division
WO2022045419A1 (fr) Procédé de service d'authentification de permis de conduire basé sur un réseau de chaîne de blocs utilisant un id décentralisé, et terminal utilisateur permettant d'effectuer un service d'authentification de permis de conduire
WO2018016678A1 (fr) Système et procédé pour gérer des informations d'utilisateur acquises sur la base de l'iot dans un environnement en nuage
WO2010068057A1 (fr) Appareil de gestion de données d'identité et procédé correspondant
WO2024090845A1 (fr) Procédé d'authentification de propriété de portefeuille de chaîne de blocs sans fonction de signature, et système l'utilisant
WO2023136393A1 (fr) Système de gestion de service d'authentification basé sur l'identité autonome
AU2020364879B2 (en) Blockchain data search method
WO2012169752A2 (fr) Système et procédé d'authentification d'un dispositif qui tente d'établir une connexion
WO2020153580A1 (fr) Procédé de traitement de transaction faisant intervenir un nœud externe sur une chaîne de blocs et appareil permettant de mettre en œuvre le procédé
WO2018216991A1 (fr) Procédé d'authentification de sécurité permettant de créer une clé de sécurité en combinant des facteurs d'authentification de multiples utilisateurs
WO2021025403A2 (fr) Procédé de gestion de clé de sécurité et serveur de gestion de clé de sécurité
WO2016108478A1 (fr) Procédé de gestion d'un accès à des données, programme informatique associé, et support d'enregistrement correspondant
WO2013151369A1 (fr) Procédé et système fournissant un service de jeux utilisant une adresse ip virtuelle dans un centre de jeux sur pc
WO2013151371A1 (fr) Système et procédé de détermination d'une adresse ip d'enregistrement de service d'une salle d'ordinateurs personnels (pc)
CN109409059A (zh) 一种区块链权限管理方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22920726

Country of ref document: EP

Kind code of ref document: A1