KR20210116909A - Method for publication and verification of an electronic identification card using personal device - Google Patents

Method for publication and verification of an electronic identification card using personal device Download PDF

Info

Publication number
KR20210116909A
KR20210116909A KR1020200033062A KR20200033062A KR20210116909A KR 20210116909 A KR20210116909 A KR 20210116909A KR 1020200033062 A KR1020200033062 A KR 1020200033062A KR 20200033062 A KR20200033062 A KR 20200033062A KR 20210116909 A KR20210116909 A KR 20210116909A
Authority
KR
South Korea
Prior art keywords
identity certificate
certificate
electronic identity
authority
electronic
Prior art date
Application number
KR1020200033062A
Other languages
Korean (ko)
Inventor
박종현
Original Assignee
박종현
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 박종현 filed Critical 박종현
Priority to KR1020200033062A priority Critical patent/KR20210116909A/en
Publication of KR20210116909A publication Critical patent/KR20210116909A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to a method for issue and verification of an electronic identity certificate using a personal device, and more specifically, to a method comprises the steps of: granting the right to issue an electronic identity certificate to a qualification holder; at the same time, storing a certificate in a terminal of an issuing authority; then requesting, by a requestor, a person having an approval authority to issue the electronic identity certificate; at the same time, enabling the approval authority to review the issuance and issuing or rejecting the electronic identity certificate in accordance with the review result or issuing the electronic identity certificate with limited authority; then, acquiring, by the requestor, the electronic identity certificate; at the same time, storing the certificate in a requestor terminal; then, issuing an authentication code from the requestor terminal; at the same time, submitting the authentication code to an identity user terminal; then, acquiring a verification result by verifying whether the electronic identity certificate of a subject to be verified by an identity user is valid; and finally, determining an identity verification result of the subject to be verified based on the verification result. In accordance with the present invention, an individual identity can be checked without unnecessary exposure of personal information.

Description

개인 단말기를 통한 전자신원증명 발행 및 검증 방법{Method for publication and verification of an electronic identification card using personal device}Method for publication and verification of an electronic identification card using personal device

본 발명은 개인 단말기를 이용하여 전자신원증명 발행 및 검증 방법에 관한 것으로, 신원 사용자(예를 들어 출입 및 열람을 허락하는 보안요원 및 문서담당자)가 권한 요청자(출입 및 열람, 사용을 원하는 자)의 권한 보유 유무(승인 권한을 가진 자가 발급한 증명서)를 확인함에 있어 인증서를 개인 단말기에 보관하며 인증서 전체 또는 인증에 필요한 정보 일부만을 데이터의 확인/검증을 필요로 하는 당사자에게 직접 제공할 수 있는 개인 신원 전자증명 발행 및 인증에 관한 것이다. The present invention relates to a method of issuing and verifying an electronic identity certificate using a personal terminal, wherein an identity user (for example, a security officer who allows access and reading and a person in charge of documents) requests permission (a person who wants access, reading, and use) The certificate is stored in a personal terminal when checking whether the user has the authority of It relates to the issuance and authentication of personal identity electronic certificates.

블록체인 기반 자기주권형 분산신원 (DID, Decentralized Identifiers) 방식은 인증분야에 크게 두가지 특징을 가지고 있다. 자기주권증명(SSD)과 영지식증명(ZKP)이다. SSI는 개인 정보 권한을 본인이 가지고 있고, 인증 또한 타인이 아닌 본인이 하는 개념이다. DID는 SSI를 가능하게 한다. 사용자는 발급자로부터 받은 문서를 보유할 수 있다. 그리고 필요시에 이를 제출할 수 있다. ZKP는 직접적인 정보를 드러내지 않고 진위를 판별하는 개념이다.The blockchain-based self-sovereign decentralized identity (DID) method has two major features in the authentication field. They are self-sovereignty (SSD) and zero-knowledge proof (ZKP). SSI is a concept in which the person has the right to personal information, and authentication is also done by the person, not others. DID enables SSI. Users can retain documents received from issuers. And if necessary, you can submit it. ZKP is a concept that determines authenticity without revealing direct information.

개인 신원 인증에 주로 사용되는 방법으로는 통신사 인증 방법 및 국가가 발행한 신분증(주민등록증, 운전면허증, 여권등)을 활용하는 방법이 주를 이뤘으나 이경우에는 불필요한 개인 정보가 과다하게 노출되고 확인을 하기 위한 까다로운 절차와 시간이 소요되는 단점을 가지고 있다. 또한 기업은 개인정보보호법이 강화되고 있어 개인정보수집 및 관리에 막대한 비용을 지출하고 있는 상황이다. The main methods used for personal identification verification were the method of authentication by the telecommunication company and the method of using identification cards issued by the state (resident registration card, driver's license, passport, etc.), but in this case, unnecessary personal information is excessively exposed and It has the disadvantage of being a difficult procedure and time consuming. In addition, as the Personal Information Protection Act is being strengthened, companies are spending huge amounts of money on personal information collection and management.

본 발명은 블록체인 기반 자기주권형 분산신원(DID) 네트워크 상에서 단위 조직에 있어 자격 보유자에게 승인 권한을 부여하고, 요청자가 그 승인권한을 가진자에게 증명서 발행을 요청하면, 승인권한 보유자는 요청자에게 전자증명서를 발행해주고 그것을 신원사용자가 확인하는 방법에 관한 것이다.The present invention grants approval authority to a qualification holder in a unit organization on a blockchain-based self-sovereign distributed identity (DID) network, and when a requester requests a certificate issuance from a person who has the approval authority, the approval authority holder gives the requester It is about issuing an electronic certificate and verifying it by an identity user.

등록특허공보 10-2019-0065345호 증명서 및 신원 검증 방법 및 장치Registered Patent Publication No. 10-2019-0065345 Certificate and identity verification method and device

개인 신원 검증을 위해 통신사 인증 방법 및 국가가 발행한 신분증(주민등록증, 운전면허증, 여권등)을 활용하는 방법은 불필요한 개인 정보가 과다하게 노출되고 신원 확인을 하기 위한 까다로운 절차, 애매한 판단 기준(사진과 본인 판단이 어려운 경우가 빈번함)과 시간이 소요되는 단점을 가지고 있다. In order to verify personal identity, the method of authentication by a telecommunication company and the method of using a government-issued identification card (resident registration card, driver's license, passport, etc.) exposes unnecessary personal information excessively, a difficult procedure for identification, and ambiguous judgment standards (photo and It is often difficult to judge for yourself) and it takes time.

또한 기업은 개인정보보호법이 강화되고 있어 개인정보수집 및 관리에 막대한 비용을 지출하고 있는 상황이다. In addition, as the Personal Information Protection Act is being strengthened, companies are spending huge amounts of money on personal information collection and management.

이를 해결하기 위해 개인신원증명서 발행 승인자는 요청자의 신원을 보증하여 개인신원증명서를 발행해주고 신원사용자가 블록체인 네트워크 상에서 해당 정보를 확인하면 불필요한 개인정보의 노출 없이도 개인 신원을 확인할 수 있게 된다. To solve this problem, the person who approves the issuance of the personal identity certificate guarantees the identity of the requester and issues a personal identity certificate.

이를 해결하기 위해 개인신원증명서 발행 승인자는 요청자의 신원을 보증하여 개인신원증명서를 발행해주고 신원사용자가 블록체인 네트워크 상에서 해당 정보를 간편하게 확인 할 수 있다. To solve this problem, the personal identity certificate issuance approver guarantees the identity of the requester and issues the personal identity certificate, and the identity user can easily check the information on the blockchain network.

불필요한 개인정보의 노출 없이도 개인 신원을 확인할 수 있게 된다. 기업은 개인정보를 취득하지 않기 때문에 개인정보 노출에 따른 리스크를 떠않지 않아도 된다. Personal identity can be verified without unnecessary disclosure of personal information. Since companies do not acquire personal information, they do not have to take the risk of personal information exposure.

도 1 내지 도 3은 본 발명의 실시 예에 따른 전자신원증명서 검증 방법을 설명하기 위한 도면이다.1 to 3 are diagrams for explaining a method of verifying an electronic identity certificate according to an embodiment of the present invention.

본 발명에 따른 전자신원증명서를 검증하는 방법에 있어서, 전자신원증명서 발행 권한을 부여하는 단계; 단위 조직의 정관, 인사규정, 권한 및 승인 내규등 내부 절차서에 의거하여 전자증명서 관리 시스템 상에 신원증명서를 발행 할 수 있는 권한을 부여 하는 단계를 포함하는 신원증명서 발행권자에게 권한을 부여할 수 있다.A method of verifying an electronic identity certificate according to the present invention, comprising the steps of: granting an electronic identity certificate issuance authority; Authorization can be given to the identity certificate issuer, including the step of granting the authority to issue identity certificates on the electronic certificate management system in accordance with the internal procedures such as the articles of incorporation, personnel regulations, authority and approval bylaws of the unit organization. .

또한, 발행 권한을 증명할 수 있는 인증서를 권한을 부여받은 자의 단말기에 보관하는 단계, 및 신원증명서 발급 요청자가 전자신원증명서 발행권자에게 발급을 요청할 수 있다.In addition, the step of storing a certificate capable of proving the issuance authority in the terminal of the person to whom the authority is granted, and the identity certificate issuance requester may request the issuance of the electronic identity certificate issuance authority.

또한, 전자신원증명서 발급 요청자는 전자신원증명서에 요청자의 신원, 사용권한 (특정 대상에 대한 출입, 열람, 구입 등), 사용 방법, 사용 기한 등의 권한 범위가 포함 되도록 요청 하는 단계, 및 발행 권자가 그 내용을 검토 하고 권한을 부여할 수 있다.In addition, the step of requesting that the electronic identity certificate issuance requester includes the requester's identity, usage rights (access to, reading, purchase, etc. for a specific target), usage method, expiration date, etc. may review the content and grant authority.

또한, 발행 권자가 전자신원인증서 발행 요청자의 신원을 보증하여 전자신원증명서를 발행하는 단계, 및 사용 권한을 조정, 축소하거나 거부할 수 있다.In addition, the issuing authority may adjust, reduce, or reject the step of issuing the electronic identity certificate by guaranteeing the identity of the requestor for issuing the electronic identity certificate, and the right to use.

또한, 발행권자가 전자신원증명서를 발행 하여 요청자가 자신의 단말기에 전자신원인증서를 보관하는 단계, 및 사용 권한이 부여된 전자신원 인증서를 획득할 수 있다.In addition, the issuing authority issues an electronic identity certificate, the requestor stores the electronic identity certificate in his/her terminal, and an electronic identity certificate to which the right to use is granted can be obtained.

또한, 상기 요청자가 발급된 전자신원인증서를 자신의 단말기에 보관하고, 인증코드(QR코드,바코드, 숫자, 이미지, 소리, RFID 등 특정 신호를 포괄 하는 단어로 변경),를 발행하는 단계, 및 이를 신원사용자의 단말기에 제출할 수 있다.In addition, the requester keeps the issued electronic identity certificate in his/her terminal, and issues an authentication code (changed to a word encompassing specific signals such as QR code, barcode, number, image, sound, RFID, etc.), and This can be submitted to the identity user's terminal.

또한, 상기 신원사용자의 단말기에 전송된 인증코드가 유효한지를 검증하는 단계, 및 검증결과를 획득할 수 있다.In addition, verifying whether the authentication code transmitted to the terminal of the identity user is valid, and obtaining a verification result.

또한, 상기 검증 결과에 기초하여 검증할 대상의 신원, 사용권한 결과를 결정할 수 있다.In addition, based on the verification result, it is possible to determine the identity of the subject to be verified and the result of the use right.

100 : 전자증명발행 시스템
110 : 발행권자 단말기
120 : 요청자 단말기
130 : 신원사용자 단말기
140 : 블록체인 기반 자기주권형 분산신원 증명 네트워크
150 : 인증코드
160 : 전자증명 발행 요청
170 : 인증코드 제출 100: Electronic certificate issuance system
110: issuer terminal
120: requester terminal
130: identity user terminal
140: Blockchain-based self-sovereign distributed identity proof network
150: authentication code
160: Request for electronic certificate issuance
170: Submit verification code

Claims (8)

전자신원증명서를 검증하는 방법에 있어서,
전자신원증명서 발행 권한을 부여하는 단계;
단위 조직의 정관, 인사규정, 권한 및 승인 내규등 내부 절차서에 의거하여 전자증명서 관리 시스템 상에 신원증명서를 발행 할 수 있는 권한을 부여 하는 단계를 포함하는 신원증명서 발행권자에게 권한을 부여하는 방법. A method of verifying an electronic identity certificate, comprising:
granting authority to issue an electronic identity certificate;
A method of authorizing an identity certificate issuer, comprising granting the authority to issue an identity certificate on an electronic certificate management system in accordance with internal procedures such as the unit organization's articles of incorporation, personnel regulations, authority and approval bylaws, etc. 제1항에 있어서,
발행 권한을 증명할 수 있는 인증서를 권한을 부여받은 자의 단말기에 보관하는 단계, 및 신원증명서 발급 요청자가 전자신원증명서 발행권자에게 발급을 요청하는 방법.According to claim 1,
A method of storing a certificate proving issuance authority in a terminal of an authorized person, and a method in which an identity certificate issuance requester requests issuance of an electronic identity certificate issuance authority. 제2항에 있어서,
전자신원증명서 발급 요청자는 전자신원증명서에 요청자의 신원, 사용권한 (특정 대상에 대한 출입, 열람, 구입 등), 사용 방법, 사용 기한 등의 권한 범위가 포함 되도록 요청 하는 단계, 및 발행 권자가 그 내용을 검토 하고 권한을 부여하는 방법.3. The method of claim 2,
The requester for issuance of the electronic identity certificate requests the electronic identity certificate to include the scope of authority such as the identity of the requester, the right to use (access to a specific object, reading, purchase, etc.), the method of use, and the period of use, and the issuer How to review content and grant permissions. 제3항에 있어서,
발행 권자가 전자신원인증서 발행 요청자의 신원을 보증하여 전자신원증명서를 발행하는 단계, 및 사용 권한을 조정, 축소하거나 거부 하는 방법. 4. The method of claim 3,
A step in which the issuing authority guarantees the identity of the requestor for the issuance of the electronic identity certificate to issue the electronic identity certificate, and the method of adjusting, reducing or denying the right to use. 제4항에 있어서,
발행권자가 전자신원증명서를 발행 하여 요청자가 자신의 단말기에 전자신원인증서를 보관하는 단계, 및 사용 권한이 부여된 전자신원 인증서를 획득하는 방법. 5. The method of claim 4,
A method of obtaining an electronic identity certificate to which the issuing authority issues an electronic identity certificate, and the requestor stores the electronic identity certificate in his/her terminal, and an electronic identity certificate to which use is granted. 제5항에 있어서,
상기 요청자가 발급된 전자신원인증서를 자신의 단말기에 보관하고, 인증코드(QR코드,바코드, 숫자, 이미지, 소리, RFID 등 특정 신호를 포괄 하는 단어로 변경),를 발행하는 단계, 및 이를 신원사용자의 단말기에 제출하는 방법.6. The method of claim 5,
The requester keeps the issued electronic identity certificate in his/her terminal, and issues an authentication code (changed to a word encompassing specific signals such as QR code, barcode, number, image, sound, RFID, etc.), and How to submit to the user's terminal. 제6항에 있어서,
상기 신원사용자의 단말기에 전송된 인증코드가 유효한지를 검증하는 단계, 및 검증결과를 획득하는 방법.7. The method of claim 6,
verifying whether the authentication code transmitted to the terminal of the identity user is valid; and a method of obtaining a verification result. 제7항에 있어서,
상기 검증 결과에 기초하여 검증할 대상의 신원, 사용권한 결과를 결정하는 방법.8. The method of claim 7,
A method of determining an identity of a subject to be verified and a result of a usage right based on the verification result.
KR1020200033062A 2020-03-18 2020-03-18 Method for publication and verification of an electronic identification card using personal device KR20210116909A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020200033062A KR20210116909A (en) 2020-03-18 2020-03-18 Method for publication and verification of an electronic identification card using personal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020200033062A KR20210116909A (en) 2020-03-18 2020-03-18 Method for publication and verification of an electronic identification card using personal device

Publications (1)

Publication Number Publication Date
KR20210116909A true KR20210116909A (en) 2021-09-28

Family

ID=77923303

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020200033062A KR20210116909A (en) 2020-03-18 2020-03-18 Method for publication and verification of an electronic identification card using personal device

Country Status (1)

Country Link
KR (1) KR20210116909A (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190065345A (en) 2017-10-20 2019-06-11 알리바바 그룹 홀딩 리미티드 CERTIFICATION AND IDENTIFICATION METHOD AND DEVICE

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190065345A (en) 2017-10-20 2019-06-11 알리바바 그룹 홀딩 리미티드 CERTIFICATION AND IDENTIFICATION METHOD AND DEVICE

Similar Documents

Publication Publication Date Title
US11416602B2 (en) Methods and systems for identity creation, verification and management
US7278026B2 (en) Method and system for the generation, management, and use of a unique personal identification token for in person and electronic identification and authentication
US8086867B2 (en) Secure identity and privilege system
EP2053777B1 (en) A certification method, system, and device
US7950577B1 (en) Apparatus, system and method for verifying authorized using an immigration customs visa card
US20020112177A1 (en) Anonymous biometric authentication
JPS6373348A (en) Area access permitting system for ic card for plural services
US20110145147A1 (en) System and method for authorizing transactions
CN103971039B (en) Access control system and method with GPS location verification
US20160283944A1 (en) Method and apparatus for personal virtual authentication and authorization using digital devices and as an alternative for chip card or smart card
US20170352039A1 (en) Counterfeit Prevention and Detection of University and Academic Institutions Documents Using Unique Codes
JPH10157352A (en) Ic card, and personal information administration system using the ic card
JP2000132658A (en) Authentication ic card
KR20210116909A (en) Method for publication and verification of an electronic identification card using personal device
RU2573235C2 (en) System and method for checking authenticity of identity of person accessing data over computer network
JPS61296486A (en) Ic card having plural personal identification information
JPH03154137A (en) Security system for data
JP2020038684A (en) Qualification authentication system using mobile terminal, tool for qualification authentication, and qualification authentication method
Laurinaitis et al. Distance personal identification in the on-line environment: problems of financial institutions in the EU
Mercer et al. Data Object Extensions for Access Control Credentials
Hermans et al. epassport Protocols And Certificate Architecture J
CN114519195A (en) Application of block chain-based network identity credential center in government affairs service field
Bhatt et al. E-authentication framework for secure e-governance services
AU2005294107A1 (en) Authentication system
JP2000182020A (en) Authentication ic card