WO2018124856A1 - Procédé et terminal d'authentification d'un utilisateur au moyen d'un id mobile grâce à une base de données de chaînes de blocs, et serveur utilisant le procédé et le terminal - Google Patents

Procédé et terminal d'authentification d'un utilisateur au moyen d'un id mobile grâce à une base de données de chaînes de blocs, et serveur utilisant le procédé et le terminal Download PDF

Info

Publication number
WO2018124856A1
WO2018124856A1 PCT/KR2018/000064 KR2018000064W WO2018124856A1 WO 2018124856 A1 WO2018124856 A1 WO 2018124856A1 KR 2018000064 W KR2018000064 W KR 2018000064W WO 2018124856 A1 WO2018124856 A1 WO 2018124856A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
verification means
mobile
information
means value
Prior art date
Application number
PCT/KR2018/000064
Other languages
English (en)
Korean (ko)
Inventor
박종은
현상훈
송주한
이준섭
어준선
홍재우
Original Assignee
주식회사 코인플러그
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 코인플러그 filed Critical 주식회사 코인플러그
Publication of WO2018124856A1 publication Critical patent/WO2018124856A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Definitions

  • the present invention relates to a method for authenticating a user using a mobile ID through a blockchain database, a terminal, and a server using the same. More specifically, a user certificate is registered in a blockchain database and a corresponding blockchain transaction ID is managed. In the state, when a user authentication request transaction is obtained from the user terminal in response to the user authentication request, the user by checking the user certificate registered in the blockchain database using the blockchain transaction ID corresponding to the user's public key or user identification information If the certificate is verified, the verification means value is generated and encoded using the user's public key, and the encoded verification means value is transmitted to the user terminal, so that the user terminal decodes the encoded verification means value into the user's private key to verify the verification value.
  • the present invention relates to a method for authenticating a user using a mobile ID that transmits authentication result information for a user according to whether a confirmed mobile ID is valid, and a terminal and a server using the same.
  • a mobile ID refers to an ID displayed in an app form on a mobile device instead of an ID issued by a paper or plastic card.
  • the ID can be verified through the presentation of an ID stored in the mobile device without the need for a paper or plastic card.
  • the conventional mobile ID has a problem in that it is vulnerable to copying or forgery because it stores information necessary for user authentication, such as a certificate, on the mobile device.
  • the present invention aims to solve all the above-mentioned problems.
  • Another object of the present invention is to provide a method, a terminal, and a server for registering a user certificate in a blockchain of virtual currency so that copying or forgery is impossible.
  • another object of the present invention is to provide a method, a terminal, and a server for authenticating a user through one-time mobile ID information so as to prevent problems caused by user information theft.
  • a public key of the user in a method of authenticating a user using a mobile ID, (a) a public key of the user, user identification information for identifying the user, and a hash of the user information of the user
  • the user certificate including the user information hash value which is a value, is registered in the blockchain database and the corresponding blockchain transaction ID is managed, and the public key of the user or the user identification is identified from the user terminal in response to a user authentication request.
  • the authentication server confirms the user certificate registered in the blockchain database using the blockchain transaction ID corresponding to the user's public key or the user identification information.
  • the authentication server By transmitting or transmitting to the user terminal, thereby enabling the user terminal to (i) decode the encoded verification means value into the user's private key to obtain the verification means value, and (ii) the obtained Displaying a mobile ID including a verification means value and a verification target ID corresponding to the verification means value; And (c) when the information of the mobile ID is obtained from the authentication request terminal, the authentication server obtains the verification means value and the verification target ID from the information of the mobile ID, and obtains the obtained verification target ID.
  • a method for authenticating a user using a mobile ID (a) generating and storing the user's public key and the user's private key, and the user's public key And a user certificate including user identification information for identifying the user and a user information hash value that is a hash value for the user information of the user, is registered in a blockchain database, and the mobile corresponding to the registered user certificate.
  • the user terminal supports or transmits a user authentication request transaction including the public key of the user or the user identification information to an authentication server, thereby transmitting the authentication.
  • Tell the server the public key of the user or Group comprising: support by using the chain block transaction identifier corresponding to the user identification information to identify the said user certificates registered in the database, block chains; (b) if the user certificate for the user is verified and the authentication server generates a verification means value, encodes the generated verification means value into the public key of the user and sends the encoded verification means value, the user The terminal decodes the encoded verification means value into a private key of the user to obtain the verification means value, and includes a verification subject ID that is an ID for the user corresponding to the obtained verification means value and the verification means value.
  • a method for authenticating a user using a mobile ID (a) the user's public key, the user identification information for identifying the user, and the user information of the user
  • the user certificate including the user information hash value which is a hash value
  • the user identification information corresponding to the user authentication request is obtained from a service server. Verifying, by an authentication server, the user certificate registered in the blockchain database using the blockchain transaction ID corresponding to the user identification information; (b) if the user certificate for the user is verified, the authentication server generates a verification means value, encodes the generated verification means value using the user's public key, and encodes the encoded verification means value.
  • (B1) the user terminal to decode the encoded verification means value to the user's private key to obtain the verification means value, or (b2) to the user terminal. Assisting the user to decode the encoded verification means value with the private key of the user to obtain the verification means value and then display a mobile ID including the obtained verification means value; And (c) (c1) the verification means value is obtained from the user terminal by (b1), or (c2) the verification means value of the displayed mobile ID is displayed by the user by (b2).
  • the authentication server compares the obtained verification means value with the generated verification means value to perform authentication on the user, and performed authentication result information. Supporting or transmitting to the service server; There is provided a method comprising a.
  • a method of authenticating a user by using a mobile ID (a) generating and storing the user's public key and the user's private key, and the user's public key And a user certificate including user identification information for identifying the user and a user information hash value that is a hash value for the user information of the user, is registered in a blockchain database, and the mobile corresponding to the registered user certificate.
  • the authentication server for authenticating a user using a mobile ID the public key of the user, the user identification information for identifying the user, and the hash of the user information of the user
  • the user certificate including the user information hash value, which is a value, is registered in the blockchain database and the corresponding blockchain transaction ID is managed, and the public key of the user or the user identification is identified from the user terminal in response to a user authentication request.
  • the verification means value is generated, and the generated verification means value is encoded using the public key of the user, and the encoded verification means value is transmitted or transmitted to the user terminal.
  • the user terminal Thereby allowing the user terminal to (i) decode the encoded verification means value with the private key of the user to obtain the verification means value, and (ii) correspond to the obtained verification means value and the verification means value.
  • Verification target child that is the ID for the user And a process for supporting display of a mobile ID including the digital ID, and obtaining the verification means value and the verification target ID from the information of the mobile ID when the information of the mobile ID is obtained from an authentication requesting terminal.
  • a processor for checking a validity of a mobile ID and for supporting or transmitting the authentication result information for the user according to the validity of the mobile ID to the authentication request terminal;
  • An authentication server comprising a is provided.
  • a user terminal for authenticating a user using a mobile ID the public key of the user and the private key of the user are generated and stored, and the public key of the user, A user certificate including user identification information for identifying a user and a user information hash value that is a hash value for the user information of the user is registered in a blockchain database, and the mobile ID corresponding to the registered user certificate is registered.
  • the user authentication request signal when the user authentication request signal is input, by supporting or transmitting a user authentication request transaction including the public key of the user or the user identification information to an authentication server, Public key or user Performing a process of supporting the verification of the user certificate registered in the blockchain database using the blockchain transaction ID corresponding to the identification information, wherein the user certificate for the user is verified and the authentication server determines the verification means value.
  • a processor configured to display a mobile ID including the obtained verification means value and a verification target ID corresponding to the verification means value; And by allowing the authentication request terminal to obtain information of the mobile ID and transmit the information to the authentication server through the displayed mobile ID, the authentication server (i) the verification means value and the verification object from the information of the mobile ID.
  • a communication unit which checks whether the mobile ID is valid by comparing the verification means values obtained from the ID information, and transmits the authentication result information for the user according to the validity of the checked mobile ID to the authentication request terminal;
  • a user terminal comprising a.
  • the authentication server for authenticating a user using a mobile ID, a public key of the user, user identification information for identifying the user, and a hash of the user information of the user A communication unit which registers a user certificate including a user information hash value as a value in a blockchain database and manages a blockchain transaction ID corresponding thereto, and obtains the user identification information corresponding to a user authentication request from a service server; And a process of checking the user certificate registered in the blockchain database using the blockchain transaction ID corresponding to the user identification information, and if the user certificate for the user is confirmed, generates a verification means value.
  • (b1) By encoding the generated verification means value using the public key of the user, and by supporting or transmitting the encoded verification means value to the user terminal, (b1) allows the user terminal to convert the encoded verification means value Decoding to the user's private key to obtain the verification means value, or (b2) acquiring the verification means to decode the encoded verification means value to the user's private key to obtain the verification means value; Mobile ID including the verification means value And (c1) the verification means value is obtained from the user terminal by (b1), or (c2) the verification means value of the displayed mobile ID is displayed by the user by (b2).
  • An authentication server includes a processor that performs a process of supporting or transmitting to a service server.
  • a user terminal for authenticating a user by using a mobile ID the public key of the user and the private key of the user are generated and stored, and the public key of the user, A user certificate including user identification information for identifying a user and a user information hash value that is a hash value for the user information of the user is registered in a blockchain database, and the mobile ID corresponding to the registered user certificate is registered.
  • the verification means value encoded by the public key of the user from the authentication server-The verification means value using the blockchain transaction ID corresponding to the user identification information according to the user authentication request obtained from the service server
  • the blockchain database Confirming the user certificate registered in the; and, if the user certificate for the user is confirmed, an authentication server generates-obtains; decodes the encoded verification means value into the user's private key to verify the verification means value.
  • (B1) by transmitting the obtained verification means value to an authentication server, thereby verifying the verification means value used by the authentication server to encode the verification means value received from the user terminal and the public key of the user.
  • a processor configured to compare and authenticate the user and transmit the performed authentication result information to the service server, and (b2) display a mobile ID including the obtained verification means value; And allowing the service server to transmit the input of the verification means to the authentication server by causing the verification means value of the displayed mobile ID to be input through the service web by the user. And comparing the verification means value received from the server with the generated verification means value to authenticate the user.
  • a communication unit supporting transmission of the performed authentication result information to the service server; There is provided a user terminal comprising a.
  • a computer readable recording medium for recording a computer program for executing the method of the present invention is further provided.
  • the present invention can register or copy the user certificate in the blockchain of the virtual currency to make it impossible to copy or forgery.
  • the present invention can ensure that the user certificate is secured by using a hash function and encryption technology, and that forgery / modulation is impossible.
  • the present invention authenticates the user through the one-time mobile ID information, thereby preventing the problem of user information theft in advance.
  • FIG. 1 schematically illustrates a system for authenticating a user using a mobile ID according to an embodiment of the present invention.
  • FIG. 2 schematically illustrates a method for issuing a mobile ID in a method for authenticating a user using the mobile ID according to an embodiment of the present invention.
  • FIG. 3 illustrates an example of a mobile ID issued in a method of authenticating a user using a mobile ID according to an embodiment of the present invention.
  • FIG. 4 schematically illustrates a method for authenticating a user using a mobile ID according to an embodiment of the present invention.
  • FIG. 5 schematically illustrates a system for authenticating a user using a mobile ID according to another embodiment of the present invention.
  • FIG. 6 schematically illustrates a method for authenticating a user using a mobile ID according to another embodiment of the present invention.
  • FIG. 7 schematically illustrates a variation of a method for authenticating a user using a mobile ID according to another embodiment of the present invention.
  • the system includes a user terminal 100, an authentication request terminal 110, and an authentication server 200. It may include.
  • the user terminal 100 is a mobile device that displays a mobile ID, and may include a mobile computer, a PDA / EDA, a mobile phone, a smartphone, a tablet, and the like.
  • the user terminal 100 is not limited thereto, and may include all mobile devices such as a portable game machine having a wired / wireless communication function, a digital camera personal navigation, and the like.
  • the user terminal 100 may include a communication unit that supports the transmission and reception of information and a processor that processes the information.
  • the authentication request terminal 110 obtains mobile ID information through communication with a computing device or user terminal 100 that obtains a signal of a reader for obtaining mobile ID information from the mobile ID displayed through the user terminal 100.
  • Computing devices include desktop computers, mobile computers, PDAs / EDAs, smartphones, tablets, and the like.
  • the authentication request terminal 110 is not limited thereto, and may be a computing device that performs general arithmetic processing and may include a server.
  • the authentication server 200 may include a communication unit 210 and a processor 220.
  • the same reference numerals are used for the convenience of description and are not intended to mean that these individual devices are the same.
  • the server may be configured differently to perform the corresponding method or may be performed through the same authentication server 200.
  • the authentication server 200 may be a server corresponding to each node of the blockchain database, or may be a server managing each node of the blockchain database.
  • authentication server 200 is typically a computing device (eg, a device that may include components of a computer processor, memory, storage, input and output devices, other conventional computing devices; electronics such as routers, switches, etc.).
  • NAS network attached storage
  • SAN storage area network
  • computer software ie, instructions that cause a computing device to function in a particular way.
  • the communication unit 210 of the computing device may transmit and receive a request and a response with another computing device to be interlocked.
  • the request and response may be made by the same TCP session, but are not limited thereto.
  • it may be transmitted and received as a UDP datagram.
  • the processor 220 of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, a data bus, and the like.
  • the operating system may further include a software configuration of an application performing a specific purpose.
  • the method for authenticating a user using a mobile ID according to an embodiment of the present invention through the system configured as described above is as follows.
  • a state in which a user is connected to the authentication server 200 through the user terminal 100 to obtain a mobile ID for example, a user executes an application for issuing a mobile ID in the user terminal 100, and receives the mobile ID.
  • the mobile ID information required for the mobile ID is input (S100).
  • the mobile ID may include all commonly used IDs such as a national license, a private certificate, an employee ID, a student ID, as well as a public ID such as a driver's license, a health insurance card, an alien registration card, a civil servant card, a youth card, a disability registration card, and a resident registration card.
  • the user terminal 100 transmits the mobile ID issue request transaction to the authentication server 200 (S101).
  • the mobile ID issuance request transaction includes mobile ID information input by the user, and the mobile ID information may be a picture image of the user and display information for each ID.
  • the mobile ID information may include personal information of the user.
  • the authentication server 200 obtains a mobile ID issuance request transaction including at least user information from the user terminal 100, and confirms the user using the obtained user information and the like (S102).
  • the user verification may use a public key infrastructure (PKI) certificate or user's personal information, but is not limited thereto.
  • PKI public key infrastructure
  • the authentication server 200 may support to transmit or transmit a certificate registration request signal to the user terminal 100 (S103).
  • the user terminal 100 generates a public key and a private key, which are authentication keys, in response to the certificate registration request signal (S104), so that confirmation information for controlling user access to the private key is set by the user.
  • the confirmation information is pass information for accessing the private key and may include a password, biometric information, and the like.
  • setting of confirmation information for access control on the private key may be omitted.
  • setting of verification information for access control on the private key may be performed before generating the authentication key of the user.
  • the user terminal 100 extracts the public key of the user from the authentication key, transmits the certificate registration information including the extracted public key and user identification information to the authentication server 200 (S106), authentication
  • the server 200 generates a user's certificate by referring to the certificate registration information transmitted and obtained from the user terminal 100 (S107). That is, the authentication server 200 generates a user certificate including a user information hash value, which is a hash value generated by applying a hash function to the confirmed user information, in addition to the public key and user identification information obtained from the certificate registration information. .
  • the user identification information is unique information given for each user for user identification, and may include at least one of a push token, a user ID, a social security number, a user terminal ID, an IP address of a user terminal, and a phone number.
  • hash functions for generating hash values include MD4 function, MD5 function, SHA-0 function, SHA-1 function, SHA-224 function, SHA-256 function, SHA-384 function, SHA-512 function, and HAS-160 function. It may include, but is not limited to this will be appreciated by those skilled in the art. For example, Triple SHA256 would be possible.
  • the authentication server 200 registers the generated user certificate in the blockchain database 300 such that copying or forgery / modulation is impossible (S108).
  • the authentication server 200 registers a user certificate in the blockchain database 300 (S108), and the blockchain indicating location information on the blockchain database 300 of the user certificate registered in the blockchain database 300.
  • the transaction ID may be obtained (S109) and managed.
  • the authentication server 200 may issue a mobile ID to the user terminal 100 (S110).
  • the mobile ID may be used by the mobile device, which is the user terminal 100, and may have a mobile ID display area 10 and a mobile ID information area 20.
  • the mobile ID display area 10 relates to user information to be displayed for each ID.
  • the mobile ID display area 10 includes information such as a photographic image, a name, an ID number, and the like.
  • the corresponding information may be stored in the user terminal 100 or in the authentication server 200.
  • the mobile ID information area 20 includes information for authentication of a user, and thus has a changed value every time authentication is performed, thereby preventing a problem due to user information theft.
  • a method of authenticating a user using a mobile ID according to an embodiment of the present invention in a state in which a mobile ID is issued by the above method is as follows.
  • the user terminal 100 transmits a user authentication request transaction including at least a user's public key or user identification information to the authentication server 200 (S201).
  • the authentication server 200 retrieves a blockchain transaction ID corresponding to the user's public key or user identification information of the obtained user authentication request transaction, and refers to the retrieved blockchain transaction ID and registered a user certificate in the blockchain database. Check. That is, a certificate verification transaction is transmitted to the blockchain blockchain database 200 using the blockchain transaction ID corresponding to the user's public key or user identification information (S202), and correspondingly received from the blockchain database 300. The certificate included in the data message is checked (S203). At this time, the authentication server 200 checks whether the confirmed user certificate is valid. If there is no certificate matching the user or the user certificate is invalid due to revocation, the authentication server 200 transmits an error signal corresponding to the authentication failure to the user terminal. Can be.
  • the authentication server 200 may obtain a hash value for the user information by referring to the confirmed user certificate.
  • the authentication server 200 generates a verification means value (S204) and encodes the generated verification means value (S205).
  • the verification means value may include a nonce, a timestamp, and the like.
  • the encoding of the verification means value may be performed using the public key of the user.
  • the authentication server 200 may transmit the encoded verification means value and the verification target ID to the user terminal 100 (S206).
  • the verification target ID may include a user's public key, a user information hash value obtained from the user's certificate, and the like.
  • the authentication server 200 may transmit only the verification means value encoded by the user terminal 100.
  • the user terminal 100 requests the user to input confirmation information.
  • the verification means value may be obtained by allowing access to the private key and decoding the encoded detection means value using the user's private key. There is (S208). However, if the confirmation information input by the user does not match the set information, access to the private key is denied so that the decoding of the encoded detection means value is not performed.
  • the user terminal 100 displays a mobile ID as shown in FIG. 3 (S209). That is, the user terminal 100 displays a mobile ID, which is display information for each photo image and ID card stored in the terminal or obtained through the authentication server.
  • the mobile ID information including the detection means value and the verification target ID obtained by decoding the private key of the user may be displayed.
  • the authentication request terminal 110 obtains mobile ID information from the mobile ID displayed on the user terminal 100 (S210) and transmits it to the authentication server 200. Can be given (S211).
  • the mobile ID information may include at least one or more of bar code, QR code, and NFC tag information
  • the authentication request terminal 110 may be a computing device directly or indirectly coupled to a QR reader, NFC reader.
  • the authentication request terminal 110 may transmit the mobile ID information of the mobile ID to the authentication server by recognizing the QR code through the QR reader.
  • the user terminal 100 receives the mobile terminal ID information by receiving the NFC tag information, which is the mobile ID information of the mobile ID through the NFC reader, or by clicking on the mobile ID information area of the mobile ID. It can also be transmitted by an NFC reader or the like.
  • the authentication server 200 extracts the verification means value and the verification target ID from the mobile ID information obtained from the authentication request terminal 110 (S212), and generates in response to the user certificate verification using the extracted verification target ID. Check the verification means value, and compares the verification means value generated in response to the user certificate verification and the verification means value obtained from the mobile ID information (S213) to check the validity of the mobile ID, the validity of the confirmed mobile ID
  • the authentication result information for the user may be transmitted or transmitted to the authentication request terminal according to whether or not (S214).
  • the authentication server 200 determines whether the mobile ID is valid by checking whether the verification means value generated in response to the user certificate verification and the verification means value obtained from the mobile ID information match.
  • the authentication server 200 is a time interval between the first time and the mobile ID information, that is, the second time at which the verification means value is obtained to support or transmit the time stamp to the user terminal as the verification means value is greater than the set value. In this case, it may be determined that the user authentication request transaction or the verification means value is invalidated, that is, the authentication has failed. Through this, the authentication server 200 may prevent the mobile ID of the user from being used by theft.
  • the authentication request terminal 110 performs authentication by a user using a mobile ID in response to the authentication result information received from the authentication server 200.
  • the user terminal 100 may request the user to input confirmation information (S207).
  • confirmation information input by the user matches the set information
  • access to the private key is allowed and the encoded verification means value is decoded using the user's private key (S208).
  • the confirmation information input by the user does not match the set information, access to the private key is denied so that the decoding of the encoded verification means value is not performed.
  • the user terminal 100 displays a mobile ID as shown in FIG. 3 (S209). That is, the user terminal 100 displays a mobile ID, which is display information for each photo image and ID card stored in the terminal or obtained through the authentication server. Then, the mobile ID information including the verification target ID, which is an ID for the user corresponding to the verification means value and the verification means value obtained by decoding, is displayed.
  • the verification target ID may be a public key of the user.
  • the authentication request terminal 110 obtains mobile ID information from the mobile ID displayed on the user terminal 100 (S210) and transmits it to the authentication server 200. (S211).
  • the authentication server 200 extracts the verification means value and the verification target ID from the mobile ID information obtained from the authentication request terminal 110 (S212), and generates in response to the user certificate verification using the extracted verification target ID. Checking the verification means value, and comparing the verification means value generated in response to the user certificate verification and the verification means value obtained from the mobile ID information to confirm the validity of the mobile ID (S213), The authentication result information for the user according to the validity is transmitted to the authentication request terminal (S214).
  • the authentication server 200 uses the time stamp as the verification means value, the first time that supports or transmits the encoded verification means value to the user terminal and the second time when the verification means value is obtained from the mobile ID information. If the time interval between the predetermined value or more, it can be determined that the authentication failed. Through this, the authentication server 200 may prevent the mobile ID of the user from being used by theft.
  • the authentication request terminal 110 performs authentication by a user using a mobile ID in response to the authentication result information received from the authentication server 200.
  • FIG. 5 schematically illustrates a system for authenticating a user using a mobile ID according to another embodiment of the present invention, the system including a user terminal 100, a service server 111, and an authentication server 200. can do.
  • the user terminal 100 is a mobile device that displays a mobile ID, and may include a mobile computer, a PDA / EDA, a mobile phone, a smartphone, a tablet, and the like.
  • the user terminal 100 is not limited thereto, and may include all mobile devices such as a portable game machine having a wired / wireless communication function, a digital camera personal navigation, and the like.
  • the user terminal 100 may include a communication unit that supports the transmission and reception of information and a processor that processes the information.
  • the service server 111 provides a service to users through a service web and may be a computing device that performs general arithmetic processing.
  • the authentication server 200 may include a communication unit 210 and a processor 220.
  • the same reference numerals are used for the convenience of description and are not intended to mean that these individual devices are the same.
  • the server may be configured differently to perform the corresponding method or may be performed through the same authentication server 200.
  • the authentication server 200 may be a server corresponding to each node of the blockchain database, or may be a server managing each node of the blockchain database.
  • authentication server 200 is typically a computing device (eg, a device that may include components of a computer processor, memory, storage, input and output devices, other conventional computing devices; electronics such as routers, switches, etc.).
  • NAS network attached storage
  • SAN storage area network
  • computer software ie, instructions that cause a computing device to function in a particular way.
  • the communication unit 210 of the computing device may transmit and receive a request and a response with another computing device to be interlocked.
  • the request and response may be made by the same TCP session, but are not limited thereto.
  • it may be transmitted and received as a UDP datagram.
  • the processor 220 of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, a data bus, and the like.
  • the operating system may further include a software configuration of an application performing a specific purpose.
  • the service server 111 providing the service web is inputted by the user.
  • the user identification information is transmitted to the authentication server 200 (S301).
  • the user identification information is unique information given for each user to identify an individual user, and may include a push token, a user ID, a social security number, a user terminal ID, an IP address of a user terminal, a phone number, and the like.
  • the authentication server 200 checks the user identification information obtained from the service server 111, retrieves the registered user information corresponding to the user identification information (S302), and generates a verification means value corresponding to the retrieved user. (S303). That is, the authentication server 200 checks the user certificate registered in the blockchain database using the blockchain transaction ID corresponding to the user identification information, and generates a verification means value corresponding to the user when the user certificate for the user is confirmed. do.
  • the verification means value may include a nonce, a one time password (OTP), a timestamp, and the like.
  • the authentication server 200 encodes the verification means value generated in order to request user authentication using the mobile ID to the user terminal with the user's public key (S304), and the verification means value encoded by the user terminal 100.
  • the user authentication request signal is transmitted (S305).
  • the authentication server 200 may transmit the verification target ID such as the user information hash value corresponding to the user, the user's public key, etc. together with the encoded verification means value.
  • the user terminal 100 requests the user to input confirmation information (S306), and when the confirmation information input by the user matches the set information, the user terminal 100 accesses the private key to encode the detection means value of the user.
  • the verification means value can be obtained by decoding using the private key (S307). However, if the confirmation information input by the user does not match the set information, access to the private key is denied so that the decoding of the encoded detection means value is not performed.
  • the user terminal 100 transmits the verification means value obtained through decoding to the authentication server 200 (S308).
  • the user terminal 100 may transmit a verification target ID such as a public key of the user, a user information hash value, etc. together with the verification means value.
  • the authentication server 200 confirms the verification means value transmitted from the user terminal 100 (S309), and generates the verification means value and user certificate confirmation obtained from the user terminal 100, that is, corresponding to the user identification information. Comparing one verification means value to confirm the validity of the mobile ID (S309), and transmits the authentication result information for the user according to the validity of the confirmed mobile ID to the service server 111 (S310).
  • the authentication server 200 may obtain a verification target ID such as a public key of the user, a hash of the user information, and the like along with the verification means value from the user terminal 100, and match the verification target ID to be transmitted to the user terminal.
  • the verified means value can be checked.
  • the authentication server 200 uses the time stamp as the verification means value
  • the authentication server 200 transmits the encoded verification means value to or from the user terminal during the first time when the verification means value is obtained. If the time interval is equal to or greater than the set value, it may be determined that authentication has failed. Through this, the authentication server 200 may prevent the mobile ID of the user from being used by theft.
  • the service server 111 performs authentication by a user using a mobile ID in response to the authentication result information received from the authentication server 200.
  • the service server 111 providing the service web is inputted by the user.
  • the user identification information is transmitted to the authentication server 200 (S401).
  • the user identification information is unique information given for each user to identify an individual user, and may include a push token, a user ID, a social security number, a user terminal ID, an IP address of a user terminal, a phone number, and the like.
  • the authentication server 200 checks the user identification information obtained from the service server 111, retrieves the registered user information corresponding to the user identification information (S402), and generates a verification means value corresponding to the retrieved user. (S403). That is, the authentication server 200 checks the user certificate registered in the blockchain database using the blockchain transaction ID corresponding to the user identification information, and generates a verification means value corresponding to the user when the user certificate for the user is confirmed. do.
  • the verification means value may include a nonce, a one time password (OTP), a timestamp, and the like.
  • the authentication server 200 encodes the verification means value generated for requesting user authentication using the mobile ID to the user terminal with the user's public key (S404) and converts the verification means value encoded by the user terminal 100.
  • the user authentication request signal is transmitted (S405).
  • the authentication server 200 may transmit the verification target ID such as the user information hash value corresponding to the user, the user's public key, etc. together with the encoded verification means value.
  • the user terminal 100 requests the user to input confirmation information (S406), and when the confirmation information input by the user matches the set information, the user terminal 100 accesses the private key to encode the detection means value of the user.
  • the verification means value can be obtained by decoding using the private key (S407). However, if the confirmation information input by the user does not match the set information, access to the private key is denied so that the decoding of the encoded detection means value is not performed.
  • the user terminal 100 displays the verification means value obtained through decoding so that the user can know.
  • the user terminal 100 may display a verification target ID such as a public key of the user, a user information hash value, etc. together with the verification means value (S408).
  • the service server 111 checks the verification means value input by the user through the service web and confirms.
  • the verification means value is transmitted to the authentication server 200 (S410).
  • the authentication server 200 confirms the verification means value transmitted from the service server 111 (S411), and generates the verification means value and user certificate confirmation, that is, the user identification information obtained from the service server 111
  • the verification means compares the value of the verification means and confirms the validity of the mobile ID, and transmits the authentication result information for the user according to the validity of the confirmed mobile ID to the service server 111 (S412).
  • the authentication server 200 uses the time stamp as the verification means value
  • the authentication server 200 transmits the encoded verification means value to or from the user terminal during the first time when the verification means value is obtained. If the time interval is equal to or greater than the set value, it may be determined that authentication has failed. Through this, the authentication server 200 may prevent the mobile ID of the user from being used by theft.
  • the service server 111 performs authentication by a user using a mobile ID in response to the authentication result information received from the authentication server 200.
  • the embodiments according to the present invention described above may be implemented in the form of program instructions that may be executed by various computer components, and may be recorded in a computer-readable recording medium.
  • the computer-readable recording medium may include program instructions, data files, data structures, etc. alone or in combination.
  • Program instructions recorded on the computer-readable recording medium may be those specially designed and configured for the present invention, or may be known and available to those skilled in the computer software arts.
  • Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs, DVDs, and magneto-optical media such as floptical disks. media), and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like.
  • Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like.
  • the hardware device may be configured to operate as one or more software modules to perform the process according to the invention, and vice versa.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

La présente invention, par rapport à un procédé d'authentification d'un utilisateur au moyen d'un ID mobile, est caractérisée en ce que, dans l'état dans lequel un certificat d'authentification d'utilisateur est enregistré dans une base de données de chaînes de blocs et qu'un ID de transaction lui correspondant est administré, un serveur d'authentification, lorsqu'une transaction de requête d'authentification d'utilisateur est acquise d'un terminal d'utilisateur, confirme le certificat d'authentification d'utilisateur, prend en charge de sorte qu'une valeur de moyen de verification acquise et un ID mobile sont affichés par le terminal d'utilisateur, contrôle que l'ID mobile est valide ou non, et transmet les données de résultats d'authentification d'utilisateur, lesquelles sont conformes avec la validité ou non de l'ID mobile contrôlé, au terminal de requête d'authentification.
PCT/KR2018/000064 2016-12-30 2018-01-02 Procédé et terminal d'authentification d'un utilisateur au moyen d'un id mobile grâce à une base de données de chaînes de blocs, et serveur utilisant le procédé et le terminal WO2018124856A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2016-0183929 2016-12-30
KR1020160183929A KR101829730B1 (ko) 2016-12-30 2016-12-30 블록체인 데이터베이스를 통해 모바일 아이디를 이용하여 사용자를 인증하는 방법, 단말 및 이를 이용한 서버

Publications (1)

Publication Number Publication Date
WO2018124856A1 true WO2018124856A1 (fr) 2018-07-05

Family

ID=61907270

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2018/000064 WO2018124856A1 (fr) 2016-12-30 2018-01-02 Procédé et terminal d'authentification d'un utilisateur au moyen d'un id mobile grâce à une base de données de chaînes de blocs, et serveur utilisant le procédé et le terminal

Country Status (2)

Country Link
KR (1) KR101829730B1 (fr)
WO (1) WO2018124856A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327314A (zh) * 2018-11-08 2019-02-12 阿里巴巴集团控股有限公司 业务数据的访问方法、装置、电子设备和***
US10448251B1 (en) 2019-02-28 2019-10-15 At&T Mobility Ii Llc Blockchain authentication for mobile network access

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI650991B (zh) * 2018-04-12 2019-02-11 中華電信股份有限公司 具nfc安全元件之非集中式資料存證與驗證系統及其方法
US11251956B2 (en) 2018-07-02 2022-02-15 Avaya Inc. Federated blockchain identity model and secure personally identifiable information data transmission model for RCS
KR20200085095A (ko) 2019-01-04 2020-07-14 삼성전자주식회사 블록체인 기반으로 데이터를 관리하는 전자 장치 및 데이터 관리 방법
KR102110349B1 (ko) 2019-08-30 2020-05-14 (주) 와이즈엠글로벌 분산원장을 이용한 디지털신분증의 발급, 관리 및 활용하는 시스템 및 그 방법
KR102515723B1 (ko) * 2021-03-15 2023-03-30 주식회사 엠투벤처스 지연 검증을 이용하는 블록체인 기반의 서비스 시스템 및 방법과 서비스 제공 서버 및 이를 위한 컴퓨터 프로그램
KR102685125B1 (ko) * 2021-07-19 2024-07-12 주식회사 에스원 숙박시설의 비대면 객실 키 관리 방법 및 시스템
KR102640647B1 (ko) * 2021-11-23 2024-02-23 한국정보통신주식회사 무인점포에서 미성년자 감별을 위해 성인인증을 수행하는 전자장치 및 그 동작방법

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110118016A (ko) * 2010-04-22 2011-10-28 주식회사 하나은행 인터넷 금융 거래용 단말 추가 등록 방법
KR20140092172A (ko) * 2013-01-15 2014-07-23 주식회사 네이블커뮤니케이션즈 웹 서비스 푸시 방법 및 이를 수행하는 웹서비스푸시서버 및 웹 서비스 제공 서버
KR20160088510A (ko) * 2015-01-15 2016-07-26 주식회사 피그소프트 모바일 신원확인 시스템 및 이를 이용한 모바일 신원확인 방법
KR101660674B1 (ko) * 2016-02-17 2016-10-11 주식회사 한국심트라 에이치씨이 기능이용 앤에프씨 모바일폰 아이디카드인증 시스템
KR101680260B1 (ko) * 2015-12-14 2016-11-29 주식회사 코인플러그 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110118016A (ko) * 2010-04-22 2011-10-28 주식회사 하나은행 인터넷 금융 거래용 단말 추가 등록 방법
KR20140092172A (ko) * 2013-01-15 2014-07-23 주식회사 네이블커뮤니케이션즈 웹 서비스 푸시 방법 및 이를 수행하는 웹서비스푸시서버 및 웹 서비스 제공 서버
KR20160088510A (ko) * 2015-01-15 2016-07-26 주식회사 피그소프트 모바일 신원확인 시스템 및 이를 이용한 모바일 신원확인 방법
KR101680260B1 (ko) * 2015-12-14 2016-11-29 주식회사 코인플러그 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법
KR101660674B1 (ko) * 2016-02-17 2016-10-11 주식회사 한국심트라 에이치씨이 기능이용 앤에프씨 모바일폰 아이디카드인증 시스템

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327314A (zh) * 2018-11-08 2019-02-12 阿里巴巴集团控股有限公司 业务数据的访问方法、装置、电子设备和***
CN109327314B (zh) * 2018-11-08 2021-07-13 创新先进技术有限公司 业务数据的访问方法、装置、电子设备和***
US10448251B1 (en) 2019-02-28 2019-10-15 At&T Mobility Ii Llc Blockchain authentication for mobile network access

Also Published As

Publication number Publication date
KR101829730B1 (ko) 2018-03-29

Similar Documents

Publication Publication Date Title
WO2018124857A1 (fr) Procédé et terminal d'authentification sur la base d'une base de données de chaînes de blocs d'un utilisateur sans face-à-face au moyen d'un id mobile, et serveur utilisant le procédé et le terminal
WO2018124856A1 (fr) Procédé et terminal d'authentification d'un utilisateur au moyen d'un id mobile grâce à une base de données de chaînes de blocs, et serveur utilisant le procédé et le terminal
WO2018030707A1 (fr) Système et procédé d'authentification, et équipement d'utilisateur, serveur d'authentification, et serveur de service pour exécuter ledit procédé
WO2018194378A1 (fr) Procédé d'approbation de l'utilisation d'une carte à l'aide d'un identifiant de jeton basé sur une chaîne de blocs et serveur l'utilisant
WO2018155822A1 (fr) Procédé pour fournir un service d'enregistrement de compte simplifié et service d'authentification d'utilisateur, et serveur d'authentification l'utilisant
KR101829729B1 (ko) 블록체인 및 이와 연동하는 머클 트리 구조를 통해 모바일 아이디를 이용하여 사용자를 인증하는 방법, 단말 및 이를 이용한 서버
US10929524B2 (en) Method and system for verifying an access request
WO2017111383A1 (fr) Dispositif d'authentification sur la base de données biométriques, serveur de commande relié à celui-ci, et procédé de d'ouverture de session sur la base de données biométriques
KR101829721B1 (ko) 블록체인을 통해 모바일 아이디를 이용하여 사용자를 인증하는 방법, 단말 및 이를 이용한 서버
WO2018194379A1 (fr) Procédé d'approbation de l'utilisation d'une carte à l'aide d'un identificateur de jeton sur la base d'une chaîne de blocs et structure en arbre de merkle associée à celui-ci, et serveur l'utilisant
WO2017057899A1 (fr) Système d'authentification intégré pour authentification grâce à des nombres aléatoires à usage unique
WO2019177298A1 (fr) Procédé et appareil pour gérer une authentification d'utilisateur dans un réseau de chaîne de blocs
WO2017116019A1 (fr) Procédé et serveur d'authentification et de vérification de fichier
KR101858653B1 (ko) 블록체인 데이터베이스 및 이와 연동하는 머클 트리 구조를 통해 모바일 아이디를 이용하여 사용자를 인증하는 방법, 단말 및 이를 이용한 서버
WO2021150032A1 (fr) Procédé permettant de fournir un service d'authentification à l'aide d'une identité décentralisée, et serveur utilisant ledit procédé
WO2015069018A1 (fr) Système d'ouverture de session sécurisée et procédé et appareil pour celui-ci
WO2021256669A1 (fr) Procédé et système de gestion de sécurité d'accès
WO2020117020A1 (fr) Procédé pour générer une clé pki sur la base d'informations biométriques et dispositif pour générer une clé au moyen de ce procédé
WO2017116062A1 (fr) Procédé et serveur d'authentification et de vérification de fichier
WO2018026109A1 (fr) Procédé, serveur et support d'enregistrement lisible par ordinateur pour décider d'une permission d'accès à un portail au moyen d'un réseau
WO2020032351A1 (fr) Procédé permettant d'établir une identité numérique anonyme
WO2018169150A1 (fr) Système et procédé d'authentification d'utilisateur à base d'écran verrouillé
WO2022045419A1 (fr) Procédé de service d'authentification de permis de conduire basé sur un réseau de chaîne de blocs utilisant un id décentralisé, et terminal utilisateur permettant d'effectuer un service d'authentification de permis de conduire
CN114444134A (zh) 一种数据使用授权方法、***及装置
WO2020190099A1 (fr) Dispositif électronique de gestion d'informations personnelles et procédé de fonctionnement de celui-ci

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18734002

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 27/09/2019)

122 Ep: pct application non-entry in european phase

Ref document number: 18734002

Country of ref document: EP

Kind code of ref document: A1