WO2023136393A1 - Système de gestion de service d'authentification basé sur l'identité autonome - Google Patents
Système de gestion de service d'authentification basé sur l'identité autonome Download PDFInfo
- Publication number
- WO2023136393A1 WO2023136393A1 PCT/KR2022/002255 KR2022002255W WO2023136393A1 WO 2023136393 A1 WO2023136393 A1 WO 2023136393A1 KR 2022002255 W KR2022002255 W KR 2022002255W WO 2023136393 A1 WO2023136393 A1 WO 2023136393A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication service
- self
- identity
- service management
- authentication
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- the present invention relates to authentication service management technology, and more particularly, to process identity verification without accessing a decentralized identity (DID) network based on Self-sovereign Identity (SSI). It is about a self-sovereign identity-based authentication service management system.
- DID decentralized identity
- SSI Self-sovereign Identity
- the issuer checks and issues the authentication information requested by the user, registers it in the blockchain network, and searches and verifies the authentication information submitted and requested by the user in the registered blockchain network. process will go through.
- the present invention provides a secure authentication service management system that provides decentralization and security based on Self-sovereign Identity (SSI), but can conveniently verify identity without access to a blockchain.
- SSI Self-sovereign Identity
- the present invention provides a self-sovereign identity-based authentication service management system that can increase the processing speed of decentralized identity verification inquiry and verification by recommending an optimal search algorithm.
- a self-sovereign identity-based authentication service management system is provided.
- an Omit platform that provides authentication services to users, an electronic ID management unit that manages authentication services according to user requests, an authentication service provider that stores and manages simple authentication information, and a blockchain-based It may include a centralized identity verification network.
- a self-sovereign identity-based authentication service management method and a computer program executing the same are provided.
- It may include receiving a user's request through the ORMIT platform according to an embodiment of the present invention, executing the request, and transmitting a result of the request to the ORMIT platform and delivering it to the user.
- SSI Self-sovereign Identity
- FIGS. 1 and 2 are diagrams for briefly explaining a self-sovereign identity-based authentication service management system according to an embodiment of the present invention.
- 3 to 7 are flowcharts for explaining a self-sovereign identity-based authentication service management method according to an embodiment of the present invention.
- FIGS. 1 and 2 are diagrams for briefly explaining a self-sovereign identity-based authentication service management system according to an embodiment of the present invention.
- the self-sovereign identity-based authentication service management system 10 includes an Omit platform 100, an electronic ID management unit 200, an authentication service provider 300, an algorithm recommendation unit 400, and a A centralized identity authentication network 500 may be included.
- the Omit platform (100, OMIC Flatform) may provide authentication services to authenticated users.
- the Omit platform 100 is a user platform provided to users so that they can request authentication services through computers, tablets, laptops, mobile phones, and the like.
- the user may request authentication services such as authentication information inquiry, registration, and revocation through the Omit platform 100.
- the electronic ID management unit 200 may manage an authentication service according to a user's request through the Omit platform 100 .
- the electronic ID management unit 200 can manage any authentication service among inquiry, registration, cancellation, and verification of user authentication information through the authentication service provider 300 and the decentralized identity certification network 500 of the blockchain. .
- the authentication service providing unit 300 may provide authentication service using stored simple authentication information without accessing the decentralized identification network 500 and searching for authentication information.
- the authentication service provider 300 may store and manage simple authentication information among authentication information registered in the decentralized identification network 500 to provide authentication services.
- the simple authentication information stored in the authentication service provider 300 includes a proof type and a proof code. Any one or more of issue date, issue time, and discard information may be included.
- the decentralized identification network 500 having corresponding authentication information can be quickly found by using simple authentication information included in the authentication service provider 300 without going through the decentralized identification network 500 .
- the algorithm recommendation unit 400 recommends an optimal search algorithm using a content-based algorithm of content-based artificial intelligence based on simple authentication information such as proof code, issue date, and issue time managed by the authentication service provider 300.
- the algorithm recommendation unit 400 may recommend an artificial intelligence (AI) algorithm that searches for the shortest path.
- AI artificial intelligence
- the decentralized identity verification network 500 allows individuals to manage and utilize their identities with sovereignty using minimum reliable information and methods. Decentralized identity verification can be performed based on a blockchain that is difficult to falsify or falsify information.
- 3 to 7 are flowcharts for explaining a self-sovereign identity-based authentication service management method according to an embodiment of the present invention.
- the self-sovereign identity-based authentication service management system 10 may receive a user's request through the ORMIT platform 100.
- step S320 the self-sovereign identity-based authentication service management system 10 may perform the authentication service according to the user's request.
- step S330 the self-sovereign identity-based authentication service management system 10 may transmit the execution result according to the request to the ORMIT platform and deliver it to the user.
- FIGS. 4 to 7 are diagrams for explaining methods of performing a request of step S320 of FIG. 3 .
- the electronic ID management unit 200 receives a request for issuing authentication information transmitted by the Omit platform 100 in step S410.
- step S420 the electronic ID management unit 200 may retrieve the simplified authentication information requested for issuance from the authentication service provider 300.
- step S430 the electronic ID management unit 200 may check discard information in the simple authentication information.
- step S440 the electronic ID management unit 200 may provide pre-issued simple authentication information.
- step S450 the electronic ID management unit 200 requests the decentralized identity authentication network 500 to issue new authentication information, and the decentralized identity authentication network 500 registers and issues the new authentication information. .
- step S460 the electronic ID manager 200 generates and registers simple authentication information of the new authentication information with the authentication service provider 300.
- step S470 the electronic ID management unit 200 may transmit the authentication information issuance process result to the Omit platform 100 and deliver it to the user.
- the electronic ID management unit 200 receives the authentication information discard request transmitted by the Omit platform 100 in step S510.
- step S520 the electronic ID management unit 200 may search the authentication service provider 300 for the simplified authentication information requested for issuance and check discard information.
- step S530 If there is discarded information, since the electronic ID management unit 200 has already discarded authentication information in step S530, it can transmit the discarded information to the Omit platform 100 and deliver the discarded result to the user.
- the electronic ID management unit 200 may store the revocation information in simple authentication information of the authentication service provider 300 in step S540. In addition, the electronic ID management unit 200 may register discarded information in the decentralized identification network 500 .
- step S550 the electronic ID management unit 200 may transmit the discard information processing result to the Omit platform 100 and deliver it to the user.
- the electronic ID management unit 200 receives an authentication information search request transmitted from the Omit platform 100 in step S610.
- step S620 the electronic ID manager 200 may retrieve simple authentication information from the authentication service provider 300.
- step S630 the electronic ID management unit 200 may transmit the search result of the authentication service provider 300 to the Omit platform 100 and deliver it to the user.
- the electronic ID management unit 200 may receive an authentication information verification request transmitted from the Omit platform 100 in step S710.
- step S720 the electronic ID management unit 200 searches the authentication service provider 300 for the simplified authentication information requested for issuance and checks discard information.
- step S730 If there is discarded information, since the electronic ID management unit 200 has already discarded authentication information in step S730, it can transmit the already discarded result to the Omit platform 100 and deliver it to the user.
- step S740 the electronic ID management unit 200 may request to retrieve authentication information from the decentralized identification network 500.
- the decentralized identification network 500 can quickly search registered authentication information using a recommendation search artificial intelligence algorithm.
- the electronic ID management unit 200 may request verification of the searched authentication information.
- the electronic ID management unit 200 may receive the verification result of the decentralized identification network 500 and transmit the verification result to the Omit platform 100 to deliver the verification result to the user.
- the above self-sovereign identity-based authentication service management method may be implemented as computer readable code on a computer readable medium.
- the computer-readable recording medium may be, for example, a removable recording medium (CD, DVD, Blu-ray disc, USB storage device, removable hard disk) or a fixed recording medium (ROM, RAM, computer-equipped hard disk).
- ROM, RAM, computer-equipped hard disk can
- the computer program recorded on the computer-readable recording medium may be transmitted to another computing device through a network such as the Internet, installed in the other computing device, and thus used in the other computing device.
- the present invention has industrial applicability as it proves identity without accessing a Decentralized Identifier (DID) network based on Self-sovereign Identity (SSI).
- DID Decentralized Identifier
- SSI Self-sovereign Identity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
La présente invention porte sur une technologie de gestion de service d'authentification et, plus spécifiquement, sur un système de gestion de service d'authentification basé sur une identité autonome (SSI) qui traite une vérification d'identité sur la base du SSI sans accéder à un réseau d'identifiant décentralisé (DID). Selon un mode de réalisation de la présente invention, il est possible de vérifier de manière pratique l'identité sur la base du SSI sans accéder à une chaîne de blocs tout en maintenant la sécurité.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2022-0004724 | 2022-01-12 | ||
KR1020220004724A KR20230108953A (ko) | 2022-01-12 | 2022-01-12 | 자기 주권 신원 기반 인증 서비스 관리 시스템 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023136393A1 true WO2023136393A1 (fr) | 2023-07-20 |
Family
ID=87279205
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2022/002255 WO2023136393A1 (fr) | 2022-01-12 | 2022-02-16 | Système de gestion de service d'authentification basé sur l'identité autonome |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR20230108953A (fr) |
WO (1) | WO2023136393A1 (fr) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019152119A1 (fr) * | 2018-02-01 | 2019-08-08 | Intel Corporation | Identités autonomes distribuées pour virtualisation de fonction de réseau |
US20200195436A1 (en) * | 2016-02-15 | 2020-06-18 | Sal Khan | System and method, which using blockchain and mobile devices, provides the validated and authenticated identity of an individual to a valid and authenticated requestor |
KR20200101490A (ko) * | 2019-01-29 | 2020-08-28 | (주)티비스톰 | 블록체인으로 관리되는 데이터의 거래 방법 및 그 플랫폼 |
KR20200115724A (ko) * | 2019-03-15 | 2020-10-08 | 홍상선 | 신뢰성 및 보안성이 강화된 사용자 인증 방법 |
KR102302097B1 (ko) * | 2021-01-06 | 2021-09-15 | 이화여자대학교 산학협력단 | 블록체인 기반 법인did 서비스 제공 시스템 및 방법 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102090025B1 (ko) | 2019-05-29 | 2020-03-17 | (주)가민정보시스템 | 이종의 블록체인 플랫폼 간의 연동이 가능한 블록체인 네트워크 시스템 및 이를 이용한 블록체인 생성방법 |
-
2022
- 2022-01-12 KR KR1020220004724A patent/KR20230108953A/ko unknown
- 2022-02-16 WO PCT/KR2022/002255 patent/WO2023136393A1/fr unknown
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200195436A1 (en) * | 2016-02-15 | 2020-06-18 | Sal Khan | System and method, which using blockchain and mobile devices, provides the validated and authenticated identity of an individual to a valid and authenticated requestor |
WO2019152119A1 (fr) * | 2018-02-01 | 2019-08-08 | Intel Corporation | Identités autonomes distribuées pour virtualisation de fonction de réseau |
KR20200101490A (ko) * | 2019-01-29 | 2020-08-28 | (주)티비스톰 | 블록체인으로 관리되는 데이터의 거래 방법 및 그 플랫폼 |
KR20200115724A (ko) * | 2019-03-15 | 2020-10-08 | 홍상선 | 신뢰성 및 보안성이 강화된 사용자 인증 방법 |
KR102302097B1 (ko) * | 2021-01-06 | 2021-09-15 | 이화여자대학교 산학협력단 | 블록체인 기반 법인did 서비스 제공 시스템 및 방법 |
Also Published As
Publication number | Publication date |
---|---|
KR20230108953A (ko) | 2023-07-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020149586A1 (fr) | Procédé et dispositif de fourniture d'un service dans lequel un service unique est fourni en déterminant si une pluralité d'utilisateurs sont en accord | |
WO2011062364A2 (fr) | Système et appareil d'authentification d'utilisateur, carte intelligente et procédé d'authentification d'utilisateur pour une gestion d'authentification universelle | |
CN101331496A (zh) | 用于在数据处理系统中将安全信息与信息对象关联起来的系统和方法 | |
CN101331495A (zh) | 用于实行信息流策略的引用监控机系统和方法 | |
WO2014069787A1 (fr) | Sécurité par le biais d'orchestrateurs de métadonnées | |
WO2012144849A2 (fr) | Procédé d'authentification d'accès pour multiples dispositifs et plateformes | |
WO2014185594A1 (fr) | Système et procédé à authentification unique dans un environnement vdi | |
US11258771B2 (en) | Systems and methods for sending user data from a trusted party to a third party using a distributed registry | |
WO2018216988A1 (fr) | Système d'authentification de sécurité et procédé d'authentification de sécurité destinés à créer une clé de sécurité par combinaison de facteurs d'authentification de multiples utilisateurs | |
WO2013024986A2 (fr) | Système de détermination de position d'identifiant de réseau et procédé associé | |
WO2018160039A1 (fr) | Procédé et système de traitement d'authentification automatique utilisant une fonction de division | |
WO2022045419A1 (fr) | Procédé de service d'authentification de permis de conduire basé sur un réseau de chaîne de blocs utilisant un id décentralisé, et terminal utilisateur permettant d'effectuer un service d'authentification de permis de conduire | |
WO2018016678A1 (fr) | Système et procédé pour gérer des informations d'utilisateur acquises sur la base de l'iot dans un environnement en nuage | |
WO2010068057A1 (fr) | Appareil de gestion de données d'identité et procédé correspondant | |
WO2024090845A1 (fr) | Procédé d'authentification de propriété de portefeuille de chaîne de blocs sans fonction de signature, et système l'utilisant | |
WO2023136393A1 (fr) | Système de gestion de service d'authentification basé sur l'identité autonome | |
AU2020364879B2 (en) | Blockchain data search method | |
WO2012169752A2 (fr) | Système et procédé d'authentification d'un dispositif qui tente d'établir une connexion | |
WO2020153580A1 (fr) | Procédé de traitement de transaction faisant intervenir un nœud externe sur une chaîne de blocs et appareil permettant de mettre en œuvre le procédé | |
WO2018216991A1 (fr) | Procédé d'authentification de sécurité permettant de créer une clé de sécurité en combinant des facteurs d'authentification de multiples utilisateurs | |
WO2021025403A2 (fr) | Procédé de gestion de clé de sécurité et serveur de gestion de clé de sécurité | |
WO2016108478A1 (fr) | Procédé de gestion d'un accès à des données, programme informatique associé, et support d'enregistrement correspondant | |
WO2013151369A1 (fr) | Procédé et système fournissant un service de jeux utilisant une adresse ip virtuelle dans un centre de jeux sur pc | |
WO2013151371A1 (fr) | Système et procédé de détermination d'une adresse ip d'enregistrement de service d'une salle d'ordinateurs personnels (pc) | |
CN109409059A (zh) | 一种区块链权限管理方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22920726 Country of ref document: EP Kind code of ref document: A1 |