KR101877335B1 - Method for authenticating a user without a face-to-face contact by using mobile id based on blockchain and merkle tree structure related thereto, and terminal and server using the same - Google Patents

Abstract

A method for performing non-face authentication using a mobile ID, the method comprising the steps of: (a) receiving a public key of a user, user identification information for identifying the user, and a hash value of a user information of the user, Value in the first block chain database, manages the first block-chain transaction ID corresponding to the user certificate, and compares the specific hash value generated by applying the hash function to the user certificate with the specific hash value In a state in which a representative hash value obtained by computing at least one neighboring hash value or a value obtained by processing the representative hash value is registered in the second block chain database and the second block chain transaction ID corresponding to the value is processed, Corresponding to the user's specific mobile ID selection for the user (I) the first block chain transaction ID corresponding to the public key of the user or the user identification information is referred to, and the mobile ID authentication request information including the public key of the user (Ii) receiving data from the second block chain database using the second block chain transaction ID corresponding to the user's public key or the user identification information; Message and stores the merge tree information and leaf node information stored in the first block chain database in association with a value obtained by processing the representative hash value or the representative hash value included in the data message, Searching in the database, and the retrieved merch tree information And confirming the user certificate registered in the first block chain database with reference to leaf node information; (b) when the user certificate for the user is confirmed, the authentication server assists the user terminal to send or transmit the verification means value to the user terminal, thereby allowing the user terminal to sign the verification means value with the private key of the user A step of supporting a non-face authentication request to a service server using a user signature value, an ID to be verified for a user who signed the verification value, and non-face authentication request information including the user information; And (c) if the verification request information for the specific mobile ID including the user signature value and the verification target ID is obtained from the service server, the authentication server transmits, to the authentication server, The validity of the user signature value is verified by using the public key of the user and the verification result of the specific mobile ID according to the validity of the user signature value is transmitted or transmitted to the service server, Supporting the service server to perform non-face authentication for the user by referring to the verification result; And a control unit.

Description

TECHNICAL FIELD [0001] The present invention relates to a method of authenticating a user by using a mobile ID based on a block chain and a mobile ID based on a merged tree structure, a terminal, and a server using the terminal and a server using the same. AND MERKLE TREE STRUCTURE RELATED THERETO, AND TERMINAL AND SERVER USING THE SAME}

The present invention relates to a method for authenticating a user by using a block chain and a mobile ID based on a merge tree structure interlocked with the same, and a terminal and a server using the same, and more particularly, A representative hash value or a representative hash value obtained by calculating at least one neighbor hash value matching a specific hash value and a specific hash value generated by applying a hash function to a user certificate, Value is processed in the second block chain database and the corresponding second block chain transaction ID is managed. In response to the user's specific mobile ID selection for non-face authentication, the user's public Mobile ID authentication request including key or user identification information When the bill is obtained, the user checks the user certificate registered in the first block chain database by referring to the first block chain transaction ID corresponding to the user's public key or the user identification information, The first block chain database and the leaf node information associated with the processed value of the representative hash value or the representative hash value included in the data message obtained from the second block chain database using the second block chain transaction ID, Information from the first block-chain database, verifies the user certificate registered in the first block-chain database by referring to the retrieved merch tree information and the leaf node information, and transmits the verification-value to the user terminal when the user certificate is confirmed. To allow the user terminal to enter the verification means value Non-face authentication is requested to the service server using non-face authentication request information including the user signature value signed by the user's private key, the verification object ID that is the ID of the user who signed the verification means value, and the user information, When the verification request information for a specific mobile ID is obtained from the service server, the validity of the user signature value is verified and the verification result of the specific mobile ID according to the validity of the verified user signature value is transmitted to the service server, Face authentication by referring to a verification result, and a terminal and a server using the same, and a method of authenticating a user by using a mobile ID based on a merged tree structure.

As a result of continuous development of information and communication technology, financial transaction which has been performed through face-to-face authentication has recently been transferred to non-face-to-face financial transaction method using non-face authentication based on wired communication network or wired communication network.

Non-face-to-face financial transactions, on the other hand, are characterized by non-face-to-face authentication, which involves non-face-to-face transactions of all financial transactions including withdrawal and transfer, vulnerability of browsers to provide non-face financial transaction channels, Many security functions such as keyboard hacking security, security card and OTP (One Time Password) are added. However, in the conventional security function, when security information is exposed through memory hacking of a customer terminal or sniffing on a communication network Even if a request to transfer a large amount of funds to an account of a hacker is made by changing a part of the information transmitted and received through the communication network, it involves a difficult problem to detect it. And the like.

JP 2016-508259 A US 2014-0298441 A KR 10-0753285 B1 KR 10-1131929 B1

SUMMARY OF THE INVENTION The present invention has been made to solve all the problems described above.

It is another object of the present invention to provide a method, a terminal and a server for making it impossible to copy or up / modulate using a block ID based mobile ID.

It is another object of the present invention to provide a method, terminal, and server for ensuring security by using a hash function and an encryption technique for a user certificate according to a mobile ID and making it impossible to perform up /

Another object of the present invention is to provide a method, a terminal, and a server that can prevent a problem caused by user information theft due to verification and authentication of a user through a one-time verification means value.

In order to accomplish the above object, a representative structure of the present invention is as follows.

According to an embodiment of the present invention, there is provided a method for performing non-face authentication using a mobile ID, the method comprising the steps of: (a) receiving a user's public key, user identification information for identifying the user, A first block chain transaction ID corresponding to a user certificate including a user information hash value, which is a hash value, in a first block chain database, and managing a first block chain transaction ID corresponding to the user certificate, a specific hash value generated by applying a hash function to the user certificate, A representative hash value obtained by calculating at least one neighboring hash value matched with a specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database and a state in which the second block chain transaction ID is managed In response to the user's specific mobile ID selection for non-facing authentication, When the mobile ID authentication request information including the public key of the user or the user identification information is obtained from the authentication server, (i) the first block chain transaction ID corresponding to the user's public key or the user identification information (Ii) identifying the user certificate registered in the first block chain database using the second block chain transaction ID corresponding to the user's public key or the user identification information, The method comprising: acquiring a data message from a database; extracting merge tree information and leaf node information stored in the first block chain database in association with a value obtained by processing the representative hash value or the representative hash value included in the data message, 1 block chain database, The step of referring to colored meokeul tree information and the leaf node information to confirm the the user certificate registered in the first block chain database; (b) when the user certificate for the user is confirmed, the authentication server assists the user terminal to send or transmit the verification means value to the user terminal, thereby allowing the user terminal to sign the verification means value with the private key of the user A step of supporting a non-face authentication request to a service server using a user signature value, an ID to be verified for a user who signed the verification value, and non-face authentication request information including the user information; And (c) if the verification request information for the specific mobile ID including the user signature value and the verification target ID is obtained from the service server, the authentication server transmits, to the authentication server, The validity of the user signature value is verified by using the public key of the user and the verification result of the specific mobile ID according to the validity of the user signature value is transmitted or transmitted to the service server, Supporting the service server to perform non-face authentication for the user by referring to the verification result; Is provided.

According to an embodiment of the present invention, there is also provided a method for performing non-face authentication using a mobile ID, the method comprising: (a) a verification means value obtained from an authentication server of a user terminal, A user certificate including a key, a user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, into a first block chain database, A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value or a value obtained by processing the representative hash value, In a state in which the second block chain transaction ID is registered in the block chain database and corresponding thereto, i) the public key of the user included in the mobile ID authentication request information acquired from the user terminal in response to the user's specific mobile ID selection for non-face authentication or the first public key corresponding to the user identification information (Ii) the mobile terminal acquires the mobile certificate acquired from the user terminal in response to the user's specific mobile ID selection for non-face authentication by checking the user certificate registered in the first block chain database by referring to the chain transaction ID, Acquiring a data message from the second block chain database using the public key of the user included in the identity authentication request information or the second block chain transaction ID corresponding to the user identification information, The representative hash value or Wherein the first block chain database searches the merge tree information and the leaf node information stored in the first block chain database with respect to a value obtained by processing the first representative hash value and references the retrieved merge tree information and leaf node information A signature verification unit for verifying the user certificate registered in the first block chain database and transmitting the user certificate to the user terminal when the user certificate for the user is verified; Face authentication request using the identity of the user who verified the identity of the user who signed the value and the non-face authentication request information including the user information, the service server determines whether the non-face authentication Obtaining request information; (b) the service server transmits, to the authentication server, verification request information for the specific mobile ID, the verification request information including the user signature value and the verification target ID, The validity of the user signature value is verified by using the public key of the user of the user certificate corresponding to the verification target identity, and the verification result of the specific mobile identity according to the validity of the user signature value, Supporting to transmit to the service server; And (c) if a verification result for the specific mobile ID is obtained from the authentication server, the service server performs non-face authentication for the user with reference to the verification result, and performs the non- Supporting the transmission or transmission to the user terminal; Is provided.

According to another aspect of the present invention, there is provided a method for performing non-face authentication using a mobile ID, the method comprising the steps of: (a) generating and storing a public key of a user and a private key of the user, A user certificate including a public key of the user, a user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, is registered in the first block chain database, And a representative hash value obtained by calculating at least one neighboring hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state of managing the mobile ID corresponding to the registered user certificate, The mobile terminal transmits the mobile ID authentication request information including the user's public key or the user identification information to the authentication server, The authentication server refers to the public key of the user or the first block chain transaction ID corresponding to the user identification information to identify the user certificate registered in the first block chain database, or (ii) Obtains a data message from the second block chain database using a public key of the user or a second block chain transaction ID corresponding to the user identification information and transmits the representative hash value or the representative Related to the processed value of the hash value A first block chain database for storing merge tree information and leaf node information stored in the first block chain database in the first block chain database and referring to the retrieved merge tree information and leaf node information, Supporting to verify a user certificate; And (b) if a verification means value is obtained from the authentication server in response to the verification of the user certificate for the user, the user terminal determines the verification means value as a user signature value signed with the user's private key, Face authentication to the service server using the ID of the user who has signed the means value and the non-face authentication request information including the user information, so as to allow the service server to transmit the user signature value and the verification Requesting the authentication server to verify the specific mobile ID using the verification request information for the specific mobile ID including the target ID, and referring to the verification result of the specific mobile ID received from the authentication server, To perform non-face authentication for the user; Is provided.

According to another embodiment of the present invention, there is provided a method for performing non-face authentication using a mobile ID, the method comprising the steps of: (a) determining a user's public key, user identification information for identifying the user, Which is a hash value of the user certificate, to a first block chain database, manages a first block chain transaction ID corresponding to the first block chain transaction ID, a specific hash value generated by applying a hash function to the user certificate A representative hash value obtained by computing at least one neighboring hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database and the second block chain transaction ID corresponding to the value is registered In response to the user's non-facing authentication information input signal via the service web When the user identification information for the non-face authentication is obtained from the service server, the authentication server supports (i) transmitting or transmitting a selection request signal for the mobile ID to the user terminal corresponding to the user identification information, (ii) if the mobile ID authentication request information corresponding to the user selecting a specific mobile ID is obtained from the user terminal, (1) the first block chain transaction corresponding to the user's public key or the user identification information (2) the second block chain transaction ID corresponding to the user's public key or the user identification information, and (3) checking the user certificate registered in the first block chain database by referring to the first block chain database, Acquires a data message from the chain database, Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the processed value of the representative hash value or the representative hash value included in the first block chain database, Checking the user certificate registered in the first block chain database by referring to the retrieved muckle tree information and leaf node information; (b) supporting the authentication server to send or transmit the verification means value to the user terminal if (i) the user certificate for the user is verified, (ii) When the non-face authentication request information including the user signature value signed by the user's private key, the verification object ID that is the ID of the user who signed the verification means value, and the user information is obtained, Facsimile authentication request information to the service server so as to allow the service server to transmit the non-face authentication request information to the service web terminal; And (c) if verification request information for the specific mobile ID including the user signature value and the verification target ID is obtained from the service server in response to the user's non-facing authentication request signal through the service web, The authentication server checks whether the user signature value is valid by using the public key of the user of the user certificate corresponding to the verification target ID, and if the validity of the user signature value is confirmed, Supporting the service server to transmit or transmit the verification result to the service server, thereby supporting the service server to perform the non-face authentication with respect to the user with reference to the verification result; Is provided.

According to another embodiment of the present invention, there is provided a method for performing non-face authentication using a mobile ID, the method comprising the steps of: (a) receiving, by an authentication server, a user's public key, user identification information for identifying the user, A user certificate including a user information hash value, which is a hash value of the user information of the user, is registered in the first block chain database, and a first block chain transaction ID corresponding to the user certificate is managed, and a hash function is applied to the user certificate A representative hash value obtained by computing one hash value and at least one neighbor hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state in which an ID is being managed, the service server transmits the non- (I) transmitting, to the user terminal corresponding to the user identification information, a request for selection of the mobile ID to the authentication server by transmitting the user identification information for non-face authentication to the authentication server in response to the authentication information input signal, (Ii) when the mobile ID authentication request information corresponding to the user selecting the specific mobile ID is obtained from the user terminal, (1) the mobile ID authentication request information corresponding to the user's public key or the user identification information (2) the second block chain transaction ID corresponding to the user's public key or the user identification information; and (2) From the second block chain database And transmits the merge tree information and the leaf node information stored in the first block chain database in association with a value obtained by processing the representative hash value or the representative hash value included in the data message, Searching for a chain database, supporting the user certificate registered in the first block chain database by referring to the retrieved merge tree information and leaf node information; (b) the user certificate for the user is verified to allow the authentication server to (i) send or transmit the verification means value to the user terminal; (ii) When the non-face authentication request information including the user signature value signed with the private key, the verification object ID as the ID of the user who signed the verification means value, and the user information is obtained and the non-face authentication request information is transmitted, The service server acquiring the non-face authentication request information transmitted from the authentication server, and supporting to transmit or transmit the obtained non-face authentication request information to the service web; (c) if the user transmits the non-facing authentication request signal using the non-facing authentication request information through the service web, the service server checks the user signature value and the verification By supporting or transmitting the verification request information for the specific mobile ID including the target ID to the authentication server by using the public key of the user of the user certificate corresponding to the verification target ID Confirming the validity of the user signature value and supporting transmission or transmission of the verification result for the specific mobile ID according to the validity of the user signature value to the service server; And (d) performing a non-face authentication with respect to the user by referring to the verification result when the verification result for the specific mobile ID is obtained from the authentication server; Is provided.

According to another embodiment of the present invention, there is provided a method for performing non-face authentication using a mobile ID, the method comprising the steps of: (a) generating and storing a public key of a user and a private key of the user; A user certificate including a key, a user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, in a first block chain database, A representative hash value obtained by calculating a specific hash value and at least one neighborhood hash value matched with the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state of managing the mobile ID corresponding to the user certificate, When a selection request signal for the mobile ID from the authentication server is obtained corresponding to the user identification information for the non-face authentication from the service server corresponding to the non-face authentication information input signal of the user, And transmits the mobile ID authentication request information corresponding to the specific mobile ID selection by the user to the authentication server, thereby allowing the authentication server to transmit (i) the first block chain transaction ID corresponding to the user's public key or the user identification information (Ii) using the second block-chain transaction ID corresponding to the user's public key or the user identification information to identify the user certificate registered in the first block chain database, Obtain a data message from the database Wherein the first block chain database stores therein the representative hash value or the representative hash value included in the data message and stores the merge tree information and the leaf node information stored in the first block chain database in the first block chain database Checking the user certificate registered in the first block chain database by referring to the retrieved merge tree information and leaf node information; And (b) if a verification means value is obtained from the authentication server in response to the verification of the user certificate for the user, the user terminal determines the verification means value as a user signature value signed with the user's private key, Face authentication request information including the user ID and the non-face authentication request information including the user information to the authentication server by sending the authentication server to the authentication server, (i) (Ii) the user signature value received from the service server in response to the non-facing authentication request signal of the user via the service web, and the verification request information received from the service server via the service web, The verification request information for the specific mobile ID including the target ID is formed The validity of the user signature value is verified by using the user's public key of the user certificate corresponding to the verification target identity, and (iii) Transmitting a verification result of the mobile ID to the service server so that the service server can perform non-face authentication with respect to the user by referring to the verification result; Is provided.

Also, according to an embodiment of the present invention, there is provided an authentication server for performing non-face authentication using a mobile ID, the authentication server including: a public key of a user; user identification information for identifying the user; A first block chain transaction ID corresponding to a user certificate including a user information hash value, which is a hash value, in a first block chain database, and managing a first block chain transaction ID corresponding to the user certificate, a specific hash value generated by applying a hash function to the user certificate, A representative hash value obtained by calculating at least one neighboring hash value matched with a specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database and a state in which the second block chain transaction ID is managed In response to the user's specific mobile ID selection for non-facing authentication, A communication unit for obtaining mobile ID authentication request information including the user's public key or the user identification information from a user terminal; And (i) checking the user certificate registered in the first block chain database by referring to the public key of the user or the first block chain transaction ID corresponding to the user identification information of the obtained user authentication request transaction (ii) obtaining a data message from the second block chain database using the public key of the user or the second block chain transaction ID corresponding to the user identification information, and wherein the representative hash value Or the leaf node information stored in the first block chain database in association with a value obtained by processing the representative hash value, in the first block chain database, and extracts the retrieved merge tree information and leaf node information The first block chain database A process of confirming the registered user certificate; supporting, when the user certificate for the user is confirmed, to transmit or transmit the verification means value to the user terminal, thereby allowing the user terminal to transmit the verification means value to the user's private Non-face authentication request to the service server using the non-face authentication request information including the user signature value signed with the key, the verification object ID that is the ID of the user who signed the verification value, and the user information And, when the verification request information for the specific mobile identity including the user signature value and the verification target identity is obtained from the service server, using the public key of the user of the user certificate corresponding to the verification target identity The validity of the user signature value And supporting the transmission or transmission of the verification result of the specific mobile ID according to the validity of the identified user signature value to the service server by referring to the verification result, A processor for performing a process for supporting non-face authentication for non-face authentication; Is provided.

According to an embodiment of the present invention, there is provided a service server for performing non-face authentication using a mobile ID, wherein a verification means value obtained by a user terminal from an authentication server, A user certificate including a user identification information for identifying the user and a user information hash value as a hash value of the user information of the user is registered in a first block chain database and a first block chain transaction ID corresponding to the user certificate is registered A representative hash value obtained by computing a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value or a value obtained by processing the representative hash value, Registering in the database and managing the second block chain transaction ID corresponding to the second block chain (I) the public key of the user included in the mobile identity authentication request information acquired from the user terminal in response to the user's specific mobile ID selection for non-face authentication, or (Ii) a step in which the authentication server confirms the user identity registered in the first block chain database by referring to the first block chain transaction ID from the user terminal in response to the user's specific mobile ID selection for non- Obtains a data message from the second block chain database using the public key of the user included in the acquired mobile identity authentication request information or the second block chain transaction ID corresponding to the user identification information, The representative hash value Searches the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the value obtained by processing the representative hash value and outputs the retrieved merge tree information and leaf node information Verifying the user certificate registered in the first block chain database and transmitting the user certificate to the user terminal when the user certificate for the user is confirmed, Face authentication request using the identity of the user who has signed the means value and the non-face authentication request information including the user information, and acquires the non-face authentication request information received from the user terminal ; And transmitting the verification request information for the specific mobile ID, the verification request information including the user signature value and the verification target ID to the authentication server, The validity of the user signature value is verified by using the public key of the user of the user certificate and the verification result of the specific mobile ID according to the validity of the user signature value is transmitted to the service server Process and a verification result for the specific mobile ID from the authentication server is obtained, the non-face authentication is performed for the user with reference to the verification result, and the non-face authentication result is transmitted to the user terminal To perform a process that supports Processors; Is provided.

According to another aspect of the present invention, there is provided a user terminal for performing non-face authentication using a mobile ID, the method comprising: generating and storing a public key of a user and a private key of the user, A user certificate including a key, a user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, in a first block chain database, A representative hash value obtained by calculating a specific hash value and at least one neighborhood hash value matched with the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state of managing the mobile ID corresponding to the user certificate, And transmitting the mobile ID authentication request information including the user's public key or the user identification information to the authentication server when the user selects the specific mobile ID for authentication, the method comprising: (i) The second block chain transaction ID, the first block chain transaction ID corresponding to the user's public key or the user identification information, and (ii) Obtains a data message from the second block chain database using a public key of the first block chain or a second block chain transaction ID corresponding to the user identification information, and processes the representative hash value or the representative hash value included in the data message A first value < RTI ID = 0.0 > The first block chain database searching the merch tree information and the leaf node information stored in the lock chain database and referring to the retrieved merch tree information and leaf node information, A communication unit for supporting confirmation; And if the verification means value is obtained from the authentication server in response to the confirmation of the user certificate for the user, then the verification means value is set to a user signature value signed with the user's private key, Face authentication request to the service server using the identity verification ID, and the non-face authentication request information including the user information, thereby allowing the service server to transmit the user signature value to the specific mobile The verification request for the specific mobile ID is requested to the authentication server using the verification request information for the identity, and the non-face authentication for the user is performed with reference to the verification result for the specific mobile ID received from the authentication server A supporting processor; A user terminal is provided.

According to another embodiment of the present invention, there is provided an authentication server for performing non-face authentication using a mobile ID, the authentication server including a public key of a user, user identification information for identifying the user, A first block chain transaction ID corresponding to a user certificate including a user information hash value, which is a hash value, in a first block chain database, and managing a first block chain transaction ID corresponding to the user certificate, a specific hash value generated by applying a hash function to the user certificate, A representative hash value obtained by calculating at least one neighboring hash value matched with a specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database and a state in which the second block chain transaction ID is managed In response to the user's non-facing authentication information input signal via the service web A communication unit for obtaining the user identification information for the non-face authentication from the service server; And (i) sending or transmitting a selection request signal for the mobile identity to a user terminal corresponding to the user identification information, (ii) receiving, from the user terminal, (1) checking the user certificate registered in the first block chain database by referring to the public key of the user or the first block chain transaction ID corresponding to the user identification information, or (2) obtaining a data message from the second block chain database using the public key of the user or the second block chain transaction ID corresponding to the user identification information, and wherein the representative hash value or In association with the value obtained by processing the representative hash value, The first block chain database and the leaf node information stored in the first block chain database are searched in the first block chain database and the merge tree information and the leaf node information are searched for, (Ii) sending the verification means value from the user terminal to the user terminal; (iii) if the user certificate for the user is verified, When the non-face authentication request information including the user signature value signed with the private key, the verification target ID as the ID of the user who signed the verification means value, and the user information is obtained, By transferring or transmitting to the server, And a server for transmitting the non-face authentication request information to the service web terminal, and a process for transmitting the non-face authentication request information from the service server in response to the non-face authentication request signal of the user via the service web, Verifies the validity of the user signature value using the public key of the user of the user certificate corresponding to the verification target identity, And supports the service server to perform the non-face authentication with respect to the user by referring to the verification result by supporting transmission or transmission of the verification result for the specific mobile ID according to whether the signature value is valid or not to the service server Process to perform the process .; Is provided.

According to another embodiment of the present invention, there is provided a service server for performing non-face authentication using a mobile ID, the service server comprising: a public key of a user, user identification information for identifying the user, A user certificate including a user information hash value, which is a hash value for user information, is registered in a first block chain database, a first block chain transaction ID corresponding to the user certificate is managed, and a hash function is applied to the user certificate A representative hash value obtained by calculating at least one neighboring hash value matching the hash value and the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database and a second block chain transaction ID The non-face authentication information of the user via the service web (I) transmitting a selection request signal for the mobile ID to the user terminal corresponding to the user identification information by transmitting the user identification information for the non-face authentication to the authentication server (Ii) if the mobile ID authentication request information corresponding to the user selecting a specific mobile ID is obtained from the user terminal, (i) the public key of the user or (2) the second block chain transaction ID corresponding to the user's public key or the user identification information is used to identify the user certificate registered in the first block chain database by referring to the first block chain transaction ID From the second block chain database, The first block chain database and the leaf node information stored in the first block chain database in association with a value obtained by processing the representative hash value or the representative hash value included in the data message, A communication unit for referring to the retrieved merge tree information and leaf node information to identify the user certificate registered in the first block chain database; And the user certificate for the user is verified to allow the authentication server to (i) send or transmit the verification means value to the user terminal, (ii) send the verification means value from the user terminal to the user's private key When the non-face authentication request information including the signed user signature value, the verification target ID as an ID for the user who signed the verification means value, and the user information is obtained and the non-face authentication request information is transmitted, Face authentication request information transmitted from the server and supporting the transmission or transmission of the obtained non-face authentication request information to the service web, a process of allowing the user to use the non-face authentication request information through the service web And transmits the non-facing authentication request signal to the non-facing authentication request signal And transmits the verification request information for the specific mobile ID including the user signature value and the verification target ID to the authentication server in response to the request to the authentication server to allow the authentication server to transmit the verification information of the user certificate corresponding to the verification target ID A process of confirming the validity of the user signature value using the public key of the user and supporting transmission or transmission of the verification result of the specific mobile ID according to the validity of the user signature value to the service server And performing a process of performing non-face authentication with respect to the user by referring to the verification result when the verification result for the specific mobile ID is obtained from the authentication server; Is provided.

According to another aspect of the present invention, there is provided a user terminal for performing non-face authentication using a mobile ID, the user terminal generating and storing a public key of the user and a private key of the user, A user certificate including a user identification information for identifying the user and a user information hash value as a hash value of the user information of the user is registered in the first block chain database and a hash function is applied to the user certificate A representative hash value obtained by computing the generated specific hash value and at least one neighbor hash value matching the specific hash value or a value obtained by processing the representative hash value is registered in the second block chain database, In a state of managing the mobile ID corresponding to the service ID, A communication unit for obtaining a selection request signal for the mobile ID from the authentication server corresponding to the user identification information for the non-face authentication from the service server corresponding to the non-face authentication information input signal of the user through the authentication server; And transmitting the mobile ID authentication request information corresponding to the specific mobile ID selection by the user to the authentication server so that the authentication server transmits (i) a first block chain corresponding to the user's public key or the user identification information, (Ii) the second block chain transaction ID corresponding to the public key of the user or the user identification information, to identify the user certificate registered in the first block chain database by referring to the transaction ID, The method comprising: acquiring a data message from a block chain database; correlating the representative hash value or the representative hash value with a value obtained by processing the merge tree information and leaf node information stored in the first block chain database In the first block chain database A process of supporting the user to check the user certificate registered in the first block chain database by referring to the retrieved merge tree information and leaf node information, Wherein the verification means comprises a user signature value obtained by signing the verification means value with the private key of the user, a verification target ID that is an identification of the user who signed the verification means value, (I) the non-face authentication request information is transmitted to the service web through the service server, (ii) the service web server is configured to send the authentication request information to the authentication server, In response to the user's non-facing authentication request signal Wherein when the user signature value received from the service server and the verification request information for the specific mobile ID including the verification target ID are acquired, the verification is performed using the public key of the user of the user certificate corresponding to the verification target identity And (iii) transmitting a verification result for the specific mobile ID according to the validity of the user signature value to the service server, so that the service server refers to the verification result To perform a non-face authentication for the user; A user terminal is provided.

In addition, a computer readable recording medium for recording a computer program for executing the method of the present invention is further provided.

The present invention has the following effects.

The present invention can make copying or up / modulating impossible using a block ID based mobile ID.

Also, according to the present invention, the security of the user certificate according to the mobile ID can be secured using the hash function and the encryption technique, and it is possible to prevent the user certificate from being tampered with.

In addition, since the present invention verifies and authenticates a user through a one-time verification means value, it is possible to prevent problems caused by user information theft.

1 schematically shows a system for performing non-face authentication using a mobile ID according to an embodiment of the present invention,
FIG. 2 is a schematic view illustrating a method of issuing a mobile ID in a method for performing non-face authentication using a mobile ID according to an embodiment of the present invention,
3 and 4 schematically illustrate a process of anchoring a transaction related to a mobile ID to a second block chain database according to an embodiment of the present invention,
5 illustrates an example of a mobile ID issued in a method for performing non-face authentication using a mobile ID according to an embodiment of the present invention,
FIG. 6 schematically shows a method of performing non-face authentication using a mobile ID according to an embodiment of the present invention,
7 schematically shows a modification of a method for performing non-face authentication using a mobile ID according to an embodiment of the present invention,
FIG. 8 schematically shows a method of performing non-face authentication using a mobile ID according to another embodiment of the present invention.

The following detailed description of the invention refers to the accompanying drawings, which illustrate, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different, but need not be mutually exclusive. For example, certain features, structures, and characteristics described herein may be implemented in other embodiments without departing from the spirit and scope of the invention in connection with an embodiment. It is also to be understood that the position or arrangement of the individual components within each disclosed embodiment may be varied without departing from the spirit and scope of the invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is to be limited only by the appended claims, along with the full scope of equivalents to which such claims are entitled, if properly explained. In the drawings, like reference numerals refer to the same or similar functions throughout the several views.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, so that those skilled in the art can easily carry out the present invention.

1 schematically illustrates a system for authenticating a user using a mobile ID according to an embodiment of the present invention. The system includes a user terminal 100, an authentication server 200, and a service server 300 can do.

First, the user terminal 100 is a mobile device that displays a mobile ID, and may include a mobile computer, a PDA / EDA, a mobile phone, a smart phone, a tablet, and the like. The user terminal 100 is not limited to this, and may include all mobile devices such as a portable game machine having a wired / wireless communication function, a digital camera personal navigation, and the like. In addition, the user terminal 100 may include a communication unit for supporting transmission and reception of information and a processor for processing information.

Also, the user terminal 100 may include a mobile ID application 110, which is a user interface provided by the authentication server, and a service application 120, which is a user interface provided by the service server.

Next, the authentication server 200 may include a communication unit 210 and a processor 220. The use of the same reference numerals is for convenience of explanation only and is not intended to mean that these individual devices are the same. In another embodiment of the present invention, a server may be configured differently to perform the corresponding method, or may perform the corresponding method through the same authentication server 200. Also, the authentication server 200 may be a server corresponding to each node of the first block-chain database, or a server that manages each node of the first block-chain database.

Specifically, the authentication server 200 typically includes a computing device (e.g., a computer processor, memory, storage, input and output devices, and other devices capable of including components of a conventional computing device; (E. G., An electronic information storage system such as a network attached storage (NAS) and a storage area network (SAN)) and computer software (i. E. Instructions that cause a computing device to function in a particular manner) Performance. ≪ / RTI >

The communication unit 210 of such a computing device can send and receive requests and responses to and from other interworking computing devices. As an example, such requests and responses can be made by the same TCP session, For example, as a UDP datagram.

The processor 220 of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, and a data bus. It may further include a software configuration of an operating system and an application that performs a specific purpose.

Next, the service server 300 may include a communication unit and a processor, and may provide the corresponding service to the user through non-face authentication for the user. For example, the service server 300 may be a financial server, but is not limited thereto. The service server 300 may include all servers that provide services through non-face authentication.

Specifically, service server 300 typically includes a computing device (e.g., computer processor, memory, storage, input and output devices, and other devices capable of including components of a conventional computing device; (E. G., An electronic information storage system such as a network attached storage (NAS) and a storage area network (SAN)) and computer software (i. E. Instructions that cause a computing device to function in a particular manner) Performance. ≪ / RTI >

A method for performing non-face authentication using a mobile ID according to an exemplary embodiment of the present invention will now be described.

Referring to FIG. 2, a method for issuing a mobile ID in a method for performing non-face authentication using a mobile ID according to an embodiment of the present invention will be described.

In order to allow the user to access the authentication server 200 through the user terminal 100 in order to receive the mobile ID, for example, an application for the user to issue the mobile ID, i.e., the mobile ID application 110, ), And inputs the mobile ID information required for the mobile ID to be issued (S100). At this time, the mobile ID may include all commonly used IDs such as a driver's license, health insurance card, alien registration card, public employee card, .

Then, when the user inputs the mobile ID information and requests the issuance of the mobile ID, the user terminal 100 transmits the mobile ID issuance application transaction to the authentication server 200 (S101). At this time, the mobile ID issue request transaction includes the mobile ID information input by the user, and the mobile ID information may be the photo image of the user and the display information of each ID card. In addition, the mobile ID information may include personal information of the user.

Then, the authentication server 200 obtains a mobile ID issue application transaction including at least user information from the user terminal 100, and confirms the user using the acquired user information or the like (S102). At this time, the user confirmation may use a public key infrastructure (PKI) certificate or use personal information of the user, but the present invention is not limited thereto. For example, it is possible to identify a specific issuer through a public key-based certificate, an authorized certificate, an OPSign certificate, or the like, or to verify the identity of an individual, a bank or an organization such as a resident registration number, passport, corporation registration number, The user can be confirmed through personal information.

When the user is confirmed, the authentication server 200 transmits a certificate registration request signal to the user terminal 100 (S103)

Then, the user terminal 100 generates a public key and a private key, which are authentication keys, in response to the certificate registration request signal (S104), and sets confirmation information for controlling the user access to the private key by the user (S105). At this time, the confirmation information is path information for accessing the private key, and may include a password, biometric information, and the like. Alternatively, the setting of confirmation information for access control on the private key may be omitted. Further, the confirmation information may be set before generating the user's authentication key.

Then, the user terminal 100 extracts the public key of the user among the authentication keys, and transmits the certificate registration information including the extracted public key of the user and the user identification information to the authentication server 200 (S 106) . At this time, the user identification information is unique information given to each user for user identification, and may include a push token, a user ID, a resident registration number, a user terminal ID, an IP address of the user terminal, and a telephone number.

Then, the authentication server 200 generates the user's certificate with reference to the certificate registration information transmitted and obtained from the user terminal 100 (S107). That is, in addition to the public key and the user identification information obtained from the certificate registration information, the authentication server 200 generates a user certificate including a user information hash value, which is a hash value generated by applying a hash function to the identified user information . The hash function for generating the hash value is MD4 function, MD5 function, SHA-0 function, SHA-1 function, SHA-224 function, SHA-256 function, SHA-384 function, SHA-512 function and HAS-160 function But it should be understood that the present invention is not limited thereto. For example, Triple SHA256 would be possible.

Then, the authentication server 200 registers the created user certificate in the first block-chain database, which makes copying or up / modulating impossible.

For example, the authentication server 200 registers the user certificate in the first block-chain database, acquires the first block-chain transaction ID indicating the location information on the first block-chain database of the user certificate registered in the first block-chain database . For reference, the first block chain database may be a block-chain database managed by the authentication server 200.

Then, in order to anchor and register a predetermined hash value in the second block chain database 400 under a predetermined condition, when the triggering condition is satisfied, the authentication server 200 transmits the hash function to the specific hash Value and at least one neighboring hash value matched with the specific hash value to generate a value obtained by processing the representative hash value or the representative hash value which is the merge route (S108).

The authentication server 200 also supports registering or registering the generated value of the representative hash value or the representative hash value in the second block chain database 400 in step S109, (S110) to obtain or obtain a second block chain transaction ID indicating the location information on the second block chain database (400) of the merchant, which is a value obtained by processing the representative hash value or representative hash value registered in the first block chain database (400). At this time, the server 100 may acquire a data message corresponding to the second block chain transaction ID from the second block chain database 400.

At this time, the first and second block chain databases may include at least a part of a private block chain database and a public block chain database, respectively.

Meanwhile, the authentication server 200 may store and manage a specific hash value and at least one neighbor hash value in a predetermined data structure. Here, the data structure may be various, for example, a merkle tree structure.

In other words, the authentication server 200 can support a particular hash value to generate or generate a merkle tree assigned to a particular leaf node, and if the predetermined condition is satisfied, It is possible to register or register a value obtained by processing the representative hash value or the representative hash value, which is the merge root generated by computing the hash value assigned to the leaf node, in the second block chain database 400. [

More specifically, (x1) the authentication server 200 supports (i) a particular hash value and (ii) a hash value assigned to a sibling node of a node to which a particular hash value is assigned, You can support assigning or assigning a hash value for a value to a node's parent node. (x2) If the parent node is the root node of the merge tree, the hash value assigned to the parent node is the representative hash value. (x3). On the other hand, if the parent node is not the root node of the merge tree, the authentication server 200 repeats (x1) to (x3) with the hash value assigned to the parent node as a specific hash value.

The authentication server 200 finally registers the hash value assigned to the root node of the merge tree as a representative hash value in the second block chain database 400 or supports registration. At this time, a value obtained by processing the representative hash value may be registered. For example, a result obtained by performing a hex operation on a representative hash value may be registered.

On the other hand, when the authentication server 200 stores a specific hash value and at least one neighbor hash value in a predetermined first data structure and then stores and manages a second data structure of the same type as the first data structure, The first data structure and the second data structure may be connected in a chain form.

In particular, if the first data structure and the second data structure are merc trees as in the above example, the root value of the first data structure or the hash value of the root value may be assigned to the first leaf node of the second data structure .

In addition, when the second data structure is created, verification of the first data structure is performed, so that data integrity can be further guaranteed. Verification of the second data structure will be described later.

In addition, in the case of the first one of the at least one merch tree connected in a chain form, the first leaf node of the first merch tree may be assigned a hash value or a processed value of predetermined message data composed of text, numbers, or symbols have. For example, a hash value of an input message initially assigned by the authentication server 200 can be allocated when generating a merge tree.

Figures 3 and 4 illustrate an example of a merge tree generated in accordance with an embodiment of the present invention.

FIG. 3 shows a merge tree having four leaf nodes. Since the illustrated merge tree is the first merge tree (tree_id = 0), it can be seen that a hash value (sha256 (coinplug_unique_message)) of a predetermined message data is assigned to the first leaf node h0. If there is a registration request (i.e., a write request related to the mobile ID) for the record data, the authentication server 200 generates the next leaf node of the last leaf node of the currently configured merge tree, And assigns or assigns the processed value. For example, if a new leaf node needs to be created in a state where the value assignment from the merge tree to the h1 node as the second leaf node is completed, a h2 node, which is a next leaf node, is generated to process a specific hash value or a specific hash value One value (sha256 (input2)) can be assigned. In addition, the authentication server 200 may support computing or computing (i) a particular hash value assigned to the h2 node and (ii) a hash value assigned to the h3 node, which is a sibling node of the h2 node. The hash value for the operation value is assigned to the h2 node and the parent node (h23 node) of the h3 node. Since the parent node (h23 node) is not the root node of the merge tree, the authentication server 200 can repeat the above process with the hash value assigned to the h23 node as a specific hash value. That is, the hash value assigned to the h23 node is set as a specific hash value, and the hash value assigned to the h23 node and the hash value assigned to the h01 node are calculated and assigned to the h23 node and the parent node (h0123 node) of the h01 node have. Since the h0123 node is the root node of the merge tree, the authentication server 200 registers the value (hex (h {node_index}) obtained by processing the hash value assigned to the node h0123 in the second block chain database 400 Can support to register

(Ii) a condition that a predetermined time elapses; (iii) a condition in which a block is generated in the first block chain database , and (iv) conditions for service characteristics.

On the other hand, for example, if a plurality of certificate registrations or transactions related to mobile IDs are acquired for the leaf nodes of the merge tree, a merge tree is generated, the root value of the merge tree is registered in the second block chain database 400, .

Also, the authentication server 200 can generate the root value of the aforementioned mu tree at predetermined time intervals (condition (ii) above). In this case, when a predetermined time elapses, the authentication server 100 may generate a merge tree using the input values up to that time and register or register the root value of the merge tree in the second block chain database 400.

In this case, although a predetermined time has elapsed, a value may not be assigned to a sibling node of a node to which a particular hash value of the merge tree is assigned. If a hash value is not assigned to a sibling node of a node to which a specific hash value is allocated even though a predetermined condition is satisfied, the authentication server 200 supports to assign or assign a predetermined hash value to the sibling node, The root value of the muckle tree can be calculated. For example, the authentication server 200 may support copying and assigning or assigning a particular hash value to a sibling node.

The service characteristics include the cost information provided by the issuer that issued the transaction related to the mobile ID, the time zone information in which the mobile ID related transaction registration is registered, the area information in which the mobile ID related transaction registration service is performed, May be at least a part of the company type information. However, the present invention is not limited to the one described here, but includes various condition information in which a generally accepted differential service can be provided.

On the other hand, when a new merge tree generation is started and a predetermined condition is satisfied in a state where there is no mobile ID related transaction, the authentication server 220 determines that the predetermined message data is a merge tree allocated to the first leaf node and the second leaf node And supports the registration or registration of the root value of the merge tree or the processed value in the second block chain database 400. In this case, a merge tree with two leaf nodes may be created.

Meanwhile, as described above, the authentication server 200 stores a specific hash value and at least one neighbor hash value in a predetermined first data structure, and then stores and manages a second data structure of the same type as the first data structure In this case, the first data structure and the second data structure may be connected in a chain form. In particular, if the first data structure and the second data structure are merc trees, the root value of the first data structure or the hash value of the root value may be assigned to the first leaf node of the second data structure.

4 is a diagram illustrating a merge tree generated as a second data structure according to an embodiment of the present invention.

Referring to FIG. 4, it can be seen that the root value (hex (h0123)) of the merge tree (tree_id = 0) of FIG. 3 is assigned to the first leaf node (h4 node) of the new merge tree (sha256 (input4)). The present invention has an advantage of improving data integrity by enabling easy tracking even when data is modulated in the middle by connecting a plurality of data structures generated at the time of occurrence of a transaction.

In response to the user's certificate creation, the authentication server 200 may issue a mobile ID to the user terminal 100 (S111). That is, after the user's certificate is generated, the authentication server 200 may issue the mobile ID to the user terminal 100 in parallel with registering the user's certificate in the first block chain database and the second block chain database.

3, the mobile ID can be used in a mobile device, which is a user terminal 100, and can have a mobile ID display area 10 and a mobile ID information area 20. [

The mobile ID display area 10 is related to user information to be displayed for each ID and includes information such as a photograph image, a name and an ID number, and may be changed according to the display information of the ID card to be implemented by the mobile ID , The corresponding information may be stored in the user terminal 100 or stored in the authentication server 200.

The mobile identity information area 20 includes information for authenticating a user as a user signature value signed by a user's private key and has a changed value every time authentication is performed, . ≪ / RTI >

Referring to FIG. 6, a method of performing non-face authentication using a mobile ID according to an embodiment of the present invention in a state where a mobile ID is issued by the above method will be described below.

The user certificate including the public key of the user, the user identification information for identifying the user, and the user information hash value, which is a hash value of the user information of the user, is registered in the first block chain database by the method of FIG. And processing a representative hash value or a representative hash value by calculating at least one neighbor hash value matching a specific hash value and a specific hash value generated by applying a hash function to the user certificate In the second block chain database 400 and manages the second block chain transaction ID corresponding to the second block chain transaction ID, the user is notified of the non-face authentication through the service application 120 of the user terminal 100 When a face-to-face authentication information input signal is generated (S200), for example, when the user accesses the service through the service application 120 When the non-facing authentication start button is clicked to proceed with the non-facing authentication, the user terminal 100 responds to the mobile ID selection request signal S201 according to the non-facing authentication information input signal through the service application 120, And can support the user to select a specific mobile ID through the app 110. [

When the user selects a specific mobile ID through the mobile ID application 110 of the user terminal 100 in step S202, the user terminal 100 transmits authentication information for the specific mobile ID selected by the user to the authentication server 200 A request transaction may be transmitted (S203). At this time, the authentication request transaction may be the mobile ID authentication request information including the user's public key or the user identification information. Also, the user terminal 100 allows the user to input confirmation information when a specific mobile ID is selected by the user. If the confirmation information input by the user matches the set confirmation information, And may transmit the requested transaction to the authentication server 200.

Then, the authentication server 200 refers to the first block chain transaction ID corresponding to the user's public key or the user identification information included in the mobile ID authentication request information acquired from the user terminal 100, Check the registered user certificate. That is, the certificate confirmation transaction is transmitted to the first block chain database using the first block chain transaction ID corresponding to the public key of the user or the user identification information, and is included in the data message received from the first block chain database You can verify the certificate,

Alternatively, the authentication server 200 may transmit the certificate confirmation transaction to the second block chain database 400 (S204) using the second block chain transaction ID corresponding to the user's public key or the user identification information, The first block chain database 400 and the second block chain database 400. The second block chain database 400 stores the merge tree information and the leaf node information stored in the first block chain database in association with the processed value of the representative hash value or the representative hash value included in the data message, Is retrieved from the first block chain database. Then, the user certificate registered in the first block chain database can be checked with reference to the retrieved mu tree tree information and leaf node information (S205). Here, as an example of the data message, an OP return message of bit coin or the like may be assumed.

At this time, the authentication server 200 checks whether the confirmed user certificate is valid, and if the user does not have a matching certificate or the user certificate is invalid due to disposal or the like, the authentication server 200 transmits an error signal corresponding to the authentication failure to the user terminal .

The authentication server 200 may obtain a user information hash value with reference to the identified user certificate.

After that, the authentication server 200 generates a verification value (S206) and transmits the verification value to the user terminal 100 (S207). At this time, the verification means value may include a nonce, an OTP, a time stamp, and the like. The authentication server 200 may transmit the verification target ID to the user terminal 100 together with the verification means value. At this time, the verification target ID may be the user information hash value obtained from the user certificate indicating the owner information about the generated verification means value. Also, the verification target ID may be a public key of the user.

Then, the mobile ID application 110 of the user terminal 100 can request the user to input confirmation information. If the confirmation information input by the user matches the set information, the mobile ID application 110 permits access to the private key, 200) using the user's private key (S208). However, if the confirmation information input by the user does not match the set information, access to the private key is denied and the user signature value is not generated.

Then, the user terminal 100 transmits the non-face authentication request information to the service server 300 using the non-face authentication request information including the user signature value, the verification object ID that is the ID of the user who signed the verification value, Authentication can be requested. At this time, the verification target ID may be the user information hash value obtained together with the verification means value from the authentication server 200, and if not, the public key of the user may be used as the verification target ID.

That is, the mobile ID application 110 of the user terminal 100 generates non-face authentication request information including the user signature value, the verification target ID, and the user information and transmits the non-face authentication request information to the service application 120 (S209) The application 120 may request non-face authentication to the service server 300 using the non-face authentication request information (S210, S211).

Then, the service server 300 can request the authentication server 200 to verify the specific mobile ID using the user signature value of the non-face authentication request information obtained from the user terminal 100. [

That is, the service server 300 extracts the user signature value and the verification target ID from the non-face authentication request information obtained from the user terminal 100 (S212), and transmits the user signature value and the verification target ID to the specific mobile ID And transmits the verification request information to the authentication server 200 (S213).

In step S214, the authentication server 200 determines whether the user signature value requested for verification is valid by using the user's public key of the user certificate corresponding to the verification target ID, The verification result for the specific mobile ID is transmitted to the service server 300 (S215).

In this case, the verification target ID may be a public key of the user or a user information hash value transmitted to the user terminal 100 by the authentication server 200, and the authentication server 200 may transmit the public key of the user acquired from the service server 300 Or the user's public key included in the user certificate matching with the user information hash value, extracts the verification means value from the user signature value, and the verification means value extracted from the user signature value and the verification means value transmitted to the user terminal It is possible to determine whether the user signature value is valid or not.

The authentication server 200 may further include a first time when the verification means transmits the verification means value to the user terminal or a first time when the verification means transmits the verification means value to the user terminal, If the time interval between the second time points at which the verification request information is acquired is equal to or greater than the set value, it can be determined that the user signature value is invalid. Also, the authentication server 200 may transmit the verification result of the specific mobile ID to the service server 300 as a verification failure due to the invalidation of the user signature value.

Then, the service server 300 performs non-face authentication for the user with reference to the verification result received from the authentication server 200 in step S216, and transmits the non-face authentication result to the service application 120) (S217).

FIG. 7 schematically shows a modified example of a method of performing non-face authentication using a mobile ID according to an embodiment of the present invention. Referring to FIG. 7, an embodiment of the present invention will be described.

The user certificate including the public key of the user, the user identification information for identifying the user, and the user information hash value, which is a hash value of the user information of the user, is registered in the first block chain database by the method of FIG. And processing a representative hash value or a representative hash value by calculating at least one neighbor hash value matching a specific hash value and a specific hash value generated by applying a hash function to the user certificate In the second block chain database 400 and managing the second block chain transaction ID corresponding to the second block chain transaction ID, the mobile application 110 of the user terminal 100 determines whether the user is a specific mobile And the user can select a specific mobile via the mobile ID application 110 of the user terminal 100, Selecting Idi (S300), the user terminal 100 is able to send an authentication request to a transaction for a particular mobile identity selected by the user to the authentication server (200) (S301). At this time, the authentication request transaction may be the mobile ID authentication request information including the user's public key or the user identification information. Also, the user terminal 100 allows the user to input confirmation information when a specific mobile ID is selected by the user. If the confirmation information input by the user matches the set confirmation information, And may transmit the requested transaction to the authentication server 200.

Then, the authentication server 200 refers to the first block chain transaction ID corresponding to the user's public key or the user identification information included in the mobile ID authentication request information acquired from the user terminal 100, Check the registered user certificate.

Alternatively, the authentication server 200 transmits the certificate confirmation transaction to the second block chain database 400 using the public key of the user or the second block chain transaction ID corresponding to the user identification information (S302) When a data message is transmitted from the second block-chain database 400, the sum of the representative hash value or the representative hash value included in the data message is compared with the value obtained by processing the merge tree information and leaf node information Is retrieved from the first block chain database. Then, the user certificate registered in the first block chain database can be checked with reference to the retrieved mu tree tree information and leaf node information (S303).

At this time, the authentication server 200 checks whether the confirmed user certificate is valid, and if the user does not have a matching certificate or the user certificate is invalid due to disposal or the like, the authentication server 200 transmits an error signal corresponding to the authentication failure to the user terminal .

The authentication server 200 may obtain a user information hash value with reference to the identified user certificate.

After that, the authentication server 200 may generate the verification value (S304) and send the verification value to the user terminal 100 (S305). At this time, the verification means value may include a nonce, an OTP, a time stamp, and the like. The authentication server 200 may transmit the verification target ID to the user terminal 100 together with the verification means value. At this time, the verification target ID may be the user information hash value obtained from the user certificate indicating the owner information about the generated verification means value. Also, the verification target ID may be a public key of the user.

Then, the mobile ID application 110 of the user terminal 100 can request the user to input confirmation information. If the confirmation information input by the user matches the set information, the mobile ID application 110 permits access to the private key, 200) using the user's private key (S306). However, if the confirmation information input by the user does not match the set information, access to the private key is denied and the user signature value is not generated.

Then, the user terminal 100 transmits the non-face authentication request information including the user information to the service server 300 using the user signature value, the verification object ID that is the ID of the user who signed the verification means value, You can request face-to-face authentication. At this time, the verification target ID may be the user information hash value obtained together with the verification means value from the authentication server 200, and if not, the public key of the user may be used as the verification target ID.

That is, the mobile ID application 110 of the user terminal 100 generates the non-face authentication request information including the user signature value, the verification object ID, and the user information, and then accesses the service for performing non- The user can select a specific service application from the plurality of service applications for the service (S307). When a specific service application for performing non-face authentication is selected by the user, the mobile ID application 110 of the user terminal 100 transmits non-face authentication request information to the specific service application 120 selected by the user (S308). The service application 120 may request non-face authentication to the service server 300 using the non-face authentication request information (S309, S310).

Then, the service server 300 can request the authentication server 200 to verify the specific mobile ID using the user signature value of the non-face authentication request information obtained from the user terminal 100. [

That is, the service server 300 extracts the user signature value and the verification target ID from the non-facing authentication request information obtained from the user terminal 100 (S311), and transmits the user signature value and the verification target ID to the specific mobile ID And transmits the verification request information to the authentication server 200 (S312).

Then, the authentication server 200 checks whether the user signature value that is requested to be verified is valid by using the public key of the user of the user certificate corresponding to the verification target ID (S313). If the validity of the verified user signature value is valid And transmits the verification result of the specific mobile ID to the service server 300 (S314).

In this case, the verification target ID may be a public key of the user or a user information hash value transmitted to the user terminal 100 by the authentication server 200, and the authentication server 200 may transmit the public key of the user acquired from the service server 300 Or the user's public key included in the user certificate matching with the user information hash value, extracts the verification means value from the user signature value, and the verification means value extracted from the user signature value and the verification means value transmitted to the user terminal It is possible to determine whether the user signature value is valid or not.

The authentication server 200 may further include a first time when the verification means transmits the verification means value to the user terminal or a first time when the verification means transmits the verification means value to the user terminal, If the time interval between the second time points at which the verification request information is acquired is equal to or greater than the set value, it can be determined that the user signature value is invalid. Also, the authentication server 200 may transmit the verification result of the specific mobile ID to the service server 300 as a verification failure due to the invalidation of the user signature value.

Then, the service server 300 performs non-face authentication for the user by referring to the verification result received from the authentication server 200 (S315), and transmits the non-face authentication result to the service application 120) (S316)

FIG. 8 schematically shows a method for performing non-face authentication using a mobile ID according to another embodiment of the present invention. Referring to FIG. 8, another embodiment of the present invention will be described.

The user certificate including the public key of the user, the user identification information for identifying the user, and the user information hash value, which is a hash value of the user information of the user, is registered in the first block chain database by the method of FIG. And processing a representative hash value or a representative hash value by calculating at least one neighbor hash value matching a specific hash value and a specific hash value generated by applying a hash function to a user certificate In the second block chain database 400 and manages the second block chain transaction ID corresponding to the second block chain transaction ID, the user accesses the service server 300 through the service web, Face authentication information input signal is generated (S400). For example, when the user inputs the corresponding service Face authentication for the access to the service server 300, the service server 300 transmits the user identification information for the non-face authentication to the user To the authentication server 200 (S401).

Then, the authentication server 200 transmits a selection request signal for the mobile ID to the user terminal 100 corresponding to the user identification information (S402), and the user terminal 100 transmits the mobile ID In response to the selection request signal, the user can support selection of a specific mobile ID (S403).

When the user selects a specific mobile ID through the user terminal 100 in operation S403, the user terminal 100 transmits an authentication request transaction for a specific mobile ID selected by the user to the authentication server 200 (S404). At this time, the authentication request transaction may be the mobile ID authentication request information including the user's public key or the user identification information. Also, the user terminal 100 allows the user to input confirmation information when a specific mobile ID is selected by the user. If the confirmation information input by the user matches the set confirmation information, And may transmit the requested transaction to the authentication server 200.

Then, the authentication server 200 refers to the first block chain transaction ID corresponding to the user's public key or the user identification information included in the mobile ID authentication request information acquired from the user terminal 100, Check the registered user certificate.

Alternatively, the authentication server 200 transmits the certificate confirmation transaction to the second block chain database 400 using the public key of the user or the second block chain transaction ID corresponding to the user identification information (S405) When a data message is transmitted from the second block-chain database 400, the sum of the representative hash value or the representative hash value included in the data message is compared with the value obtained by processing the merge tree information and leaf node information Is retrieved from the first block chain database. Then, the user certificate registered in the first block chain database can be checked with reference to the retrieved merge tree information and leaf node information (S406).

At this time, the authentication server 200 checks whether the confirmed user certificate is valid, and if the user does not have a matching certificate or the user certificate is invalid due to disposal or the like, the authentication server 200 transmits an error signal corresponding to the authentication failure to the user terminal .

The authentication server 200 may obtain a user information hash value with reference to the identified user certificate.

Thereafter, the authentication server 200 may generate the verification value (S407) and send the verification value to the user terminal 100 (S408). At this time, the verification means value may include a nonce, an OTP, a time stamp, and the like. The authentication server 200 may transmit the verification target ID to the user terminal 100 together with the verification means value. At this time, the verification target ID may be the user information hash value obtained from the user certificate indicating the owner information about the generated verification means value. Also, the verification target ID may be a public key of the user.

If the verification information input by the user matches the set information, the user terminal 100 permits access to the private key, and transmits the verification key to the verification unit 200, which is obtained from the authentication server 200, Value is signed by using the user's private key (S409). However, if the confirmation information input by the user does not match the set information, access to the private key is denied and the user signature value is not generated.

Then, the user terminal 100 transmits to the authentication server 200 the non-face authentication request information including the user signature value, the verification target ID that is the ID of the user who signed the verification means value, and the user information (S410 ). At this time, the verification target ID may be the user information hash value obtained together with the verification means value from the authentication server 200, and if not, the public key of the user may be used as the verification target ID.

Then, the authentication server 200 transmits the non-facing authentication request information transmitted from the user terminal 100 to the service server 300. The service server 300 notifies the non-facing authentication request information through the service web to the user (S411).

In this state, if the user confirms non-confidential authentication request information and requests non-confidential authentication through the service web (S412, S413), the service server 300 transmits the user signature of the non-confidential authentication request information transmitted through the service web The authentication server 200 may request verification of a specific mobile ID.

That is, the service server 300 extracts the user signature value and the verification target ID from the non-facing authentication request information acquired through the service web (S414), and performs verification of the specific mobile ID including the user signature value and the verification target ID And transmits the request information to the authentication server 200 (S415).

Then, the authentication server 200 checks whether the user signature value requested to be verified is valid using the public key of the user of the user certificate corresponding to the verification target ID (S416). If the validity of the verified user signature value is valid The verification result for the specific mobile ID is transmitted to the service server 300 (S417).

In this case, the verification target ID may be a public key of the user or a user information hash value transmitted to the user terminal 100 by the authentication server 200, and the authentication server 200 may transmit the public key of the user acquired from the service server 300 Or the user's public key included in the user certificate matching with the user information hash value, extracts the verification means value from the user signature value, and the verification means value extracted from the user signature value and the verification means value transmitted to the user terminal It is possible to determine whether the user signature value is valid or not.

The authentication server 200 may further include a first time when the verification means transmits the verification means value to the user terminal or a first time when the verification means transmits the verification means value to the user terminal, If the time interval between the second time points at which the verification request information is acquired is equal to or greater than the set value, it can be determined that the user signature value is invalid. Also, the authentication server 200 may transmit the verification result of the specific mobile ID to the service server 300 as a verification failure due to the invalidation of the user signature value.

Then, the service server 300 refers to the verification result received from the authentication server 200 to perform non-face authentication for the user (S418), and transmits the non-face authentication result to the user through the service web (S419).

In addition, the embodiments of the present invention described above can be implemented in the form of program instructions that can be executed through various computer components and recorded in a computer-readable recording medium. The computer-readable recording medium may include program commands, data files, data structures, and the like, alone or in combination. The program instructions recorded on the computer-readable recording medium may be those specially designed and constructed for the present invention or may be those known and used by those skilled in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules for performing the processing according to the present invention, and vice versa.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, Those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims.

Therefore, the spirit of the present invention should not be construed as being limited to the above-described embodiments, and all of the equivalents or equivalents of the claims, as well as the following claims, I will say.

100: user terminal,
110: mobile id app,
120: Service app,
200: authentication server,
210:
220: processor,
300: service server,
400: second block chain database

Claims (35)

A method for performing non-facing authentication using a mobile identity,
(a) registering, in a first block chain database, a user certificate including a public key of a user, user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, A representative hash value or a representative hash value obtained by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, The mobile node registers the processed value in the second block chain database and manages the second block chain transaction ID corresponding to the second block chain transaction ID. A mobile ID display area corresponding to the information, and an authentication server And a mobile ID information area including a user signature value obtained by signing with a user's private key a verification means value whose value is changed at every authentication. The user's public key or the user identification information (I) registering in the first block chain database with reference to the first block chain transaction ID corresponding to the user's public key or the user identification information, (Ii) obtaining a data message from the second block chain database using the second block chain transaction ID corresponding to the user's public key or the user identification information, The representative hash value or the representative hash value Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the processed value, and referring to the retrieved merge tree information and the leaf node information, Confirming the user certificate registered in the one block chain database;
(b) when the user certificate for the user is confirmed, the authentication server assists the user terminal to send or transmit the verification means value to the user terminal, thereby allowing the user terminal to sign the verification means value with the private key of the user A step of supporting a non-face authentication request to a service server using a user signature value, an ID to be verified for a user who signed the verification value, and non-face authentication request information including the user information; And
(c) if the verification request information for the specific mobile ID including the user signature value and the verification target ID is obtained from the service server, the authentication server transmits the verification request information to the user The validity of the user signature value is verified by using the public key of the mobile communication terminal and the verification result of the specific mobile identity according to the validity of the user signature value is transmitted to the service server or transmitted, Supporting the server to perform non-face authentication for the user with reference to the verification result;
, ≪ / RTI &
Before the step (a)
(a01) If a mobile ID issuance application transaction including at least the user information is obtained from the user terminal, the authentication server confirms the user using the user information, requests a certificate registration to the user terminal, ;
(a02) If the public key of the user and the user identification information are obtained from the user terminal in response to the certificate registration request, the authentication server obtains the public key, the user identification information, and the user information hash value And a second block chain database for managing the first block chain transaction ID indicating location information on the first block chain database of the user certificate registered in the first block chain database And issuing or issuing the mobile ID to the user terminal; And
(a03) If the predetermined condition is satisfied, the authentication server calculates a representative hash value by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Registering a value obtained by processing the representative hash value in the second block chain database and managing a second block chain transaction ID corresponding to the value;
≪ / RTI > The method according to claim 1,
In the step (c)
The authentication server includes:
Extracting the verification means value from the user signature value using the public key of the user of the user certificate matching the verification target identity, and comparing the detection means value extracted from the user signature value with the detection value transmitted to the user terminal And determining whether the user signature value is valid or not. 3. The method of claim 2,
Wherein the verification means comprises a nonce or timestamp,
Wherein the verification target ID includes a public key of the user or the user information hash value obtained from the user certificate. The method of claim 3,
If the verification means value is the time stamp,
The authentication server includes:
A first time at which the verification means is supported to transmit or transmit the verification value to the user terminal in the step (b) and a second time at which the verification request information for the specific mobile ID is obtained from the service server in the step (c) Signifies that the user signature value is invalid if the time interval between the user signature value and the user signature value is equal to or greater than a set value. The method according to claim 1,
The user identification information may include at least one of a push token, a user ID, a resident registration number, a user terminal ID, an IP address of the user terminal, and a telephone number. Way. delete The method according to claim 1,
In the step (a03)
The predetermined condition is that,
(i) a condition in which a transaction related to the mobile ID is generated by a predetermined number, (ii) a condition in which a predetermined time elapses, (iii) a condition in which a block is generated in the first block chain database, Gt; a < / RTI > condition. The method according to claim 1,
In the step (a03)
Wherein the authentication server supports to generate or generate a merkle tree in which the particular hash value is assigned to a leaf node,
A value obtained by processing the representative hash value or the hash value generated by calculating a hash value assigned to at least one other leaf node matching the specific hash value, To be registered or registered. 9. The method of claim 8,
If the merge tree is a first tree among at least one merge tree connected in a chain form, the first leaf node of the merge tree is assigned a hash value or a processed value of predetermined message data composed of text, numbers or symbols Lt; / RTI > 9. The method of claim 8,
If the predetermined condition is satisfied,
(x1) the authentication server supports to calculate or calculate a hash value assigned to (i) the specific hash value and (ii) a sibling node of the node to which the specific hash value is assigned, and the hash value To assign or assign to a parent node of the node,
(x2) if the parent node is the root node of the merge tree, support to register or register the hash value assigned to the parent node as the representative hash value in the second block chain database,
(x3) If the parent node is not the root node of the merge tree, the step (x1) to (x2) are repeated by using the hash value assigned to the parent node as the specific hash value. 11. The method of claim 10,
At (x1)
If the hash value is not assigned to the sibling node of the node to which the specific hash value is assigned even though the predetermined condition is satisfied, the authentication server supports to assign or assign a predetermined hash value to the sibling node, x1) to (x3). < / RTI > The method according to claim 1,
When the authentication server stores the specific hash value and the at least one neighbor hash value in a predetermined first data structure and then stores and manages a second data structure of the same type as the first data structure, 1 data structure and the second data structure are connected in a chain form. 13. The method of claim 12,
Wherein a root value of the first data structure or a hash value of the root value is assigned to a first leaf node of the second data structure if the first data structure and the second data structure are merc trees. . A method for performing non-facing authentication using a mobile identity,
(a) a verification means value obtained by the user terminal from an authentication server, the verification means value comprising a public key of the user, user identification information for identifying the user, and a hash value for the user information of the user, Value in the first block chain database, manages the first block-chain transaction ID corresponding to the user certificate, and compares the specific hash value generated by applying the hash function to the user certificate with the specific hash value (I) in a state in which a representative hash value obtained by computing at least one neighboring hash value or a value obtained by processing the representative hash value is registered in a second block chain database and a second block chain transaction ID corresponding to the value is processed, The server implements the user's specific mobile identity for non-presence authentication-the mobile identity And a mobile ID information area including a user signature value obtained by signing with a user's private key a verification means value obtained from an authentication server and whose value is changed at each authentication time - registering in the first block chain database with reference to the public key of the user or the first block chain transaction ID corresponding to the user identification information contained in the mobile ID authentication request information obtained from the user terminal in response to the selection (Ii) the public key of the user included in the mobile ID authentication request information obtained from the user terminal in response to the user's specific mobile ID selection for non-face authentication, or The identification information Acquiring a data message from the second block chain database using a second block-chain transaction ID, and associating a value obtained by processing the representative hash value or the representative hash value included in the data message, Searches the first block chain database for the merge tree information and the leaf node information stored in the second block chain database, identifies the user certificate registered in the first block chain database with reference to the retrieved merge tree information and leaf node information, When the user certificate for the user is confirmed, transmits to the user terminal a user signature value signed with the private key of the user, a verification target ID that is an ID for the user who signed the verification value, Non-facing authentication request information If the face-to-face with the non-requesting authentication, comprising: a service server, and obtaining the non-face-to-face authentication request information received from the user terminal;
(b) transmitting, by the service server, verification request information for the specific mobile ID, the verification request information including the user signature value and the verification target ID to the authentication server, The validity of the user signature value is verified by using the public key of the user of the user certificate corresponding to the target identity, and the verification result of the specific mobile identity according to the validity of the user signature value, To transmit to the base station; And
(c) if the verification result of the specific mobile ID is obtained from the authentication server, the service server performs non-face authentication with respect to the user with reference to the verification result, and transmits the non- Transmitting or transmitting to the terminal;
, ≪ / RTI &
The mobile ID includes:
Wherein the mobile ID information from the user terminal, the mobile ID information may be a photograph image of the user and display information of each ID card, and the mobile ID information may include personal information of the user. The method comprising: confirming the user using the user information when the transaction is obtained; requesting or requesting a certificate registration to the user terminal; supporting the public key of the user and the user Registering, in the first block chain database, the user certificate including the public key of the user, the user identification information, and the user information hash value, Of the user certificate Wherein the first block chain transaction ID is issued to the user terminal by the authentication server that manages the first block chain transaction ID indicating location information on the first block chain database. A method for performing non-facing authentication using a mobile identity,
(a) generating and storing a public key of a user and a private key of the user and storing the public key, the user identification information for identifying the user, and the hash value of the user information of the user, A user certificate including an information hash value is registered in a first block chain database, and a specific hash value generated by applying a hash function to the user certificate and at least one neighborhood hash value matching the specific hash value are calculated The mobile has a mobile ID corresponding to the registered user certificate, and the mobile ID corresponding to the registered user ID is a mobile ID corresponding to the display information of the identification card to be implemented, An ID display area, and an authentication server, And a mobile ID information area including a user signature value obtained by signing a verification means value whose value is changed by a user's private key, The user terminal transmits Mobile ID authentication request information including the public key of the user or the user identification information to the authentication server so that (i) the authentication server makes the public key of the user or the user (Ii) the authentication server refers to the first block chain transaction ID corresponding to the identification information to identify the user certificate registered in the first block chain database; (ii) Using the second block chain transaction ID corresponding to < RTI ID = 0.0 > The first block chain database and the second block chain database, wherein the first block chain database and the second block chain database are associated with a value obtained by processing the representative hash value or the representative hash value included in the data message, Retrieving leaf node information from the first block chain database and referring to the retrieved merge tree information and leaf node information to identify the user certificate registered in the first block chain database; And
(b) if a verification means value is obtained from the authentication server in response to the confirmation of the user certificate for the user, the user terminal further comprises a user signature value signed with the user's private key, Face authentication request to the service server using the ID to be verified for the user who signed the value and the non-face authentication request information including the user information, thereby enabling the service server to transmit the user signature value and the verification object Requesting the authentication server to verify the specific mobile ID using the verification request information for the specific mobile ID including the ID and referring to the verification result of the specific mobile ID received from the authentication server, Supporting non-face-to-face authentication;
, ≪ / RTI &
Before the step (a)
(a01) supporting the user terminal to transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server;
(a02) If a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuing application transaction, the user terminal generates the public key of the user and the private key of the user using the user authentication key, Public key and the user identification information to the authentication server so as to allow the authentication server to transmit a user certificate including the public key of the user, the user identification information, and the user information hash value to the first Registering in a block-chain database, managing a first block-chain transaction ID for the block-chain database, and issuing the mobile ID to the user terminal;
≪ / RTI > 16. The method of claim 15,
The user terminal includes a service application, which is a user interface provided by the service server, and a mobile ID application, which is a user interface provided by the authentication server.
In the step (a), when the user generates a non-facing authentication information input signal through the service application, the user terminal supports the user to select the specific mobile ID through the mobile ID application, And to transmit or transmit the mobile ID authentication request information to the authentication server,
The method of claim 1, wherein, in the step (b), when the verification means value is obtained from the authentication server through the mobile ID application, the user terminal transmits the verification means value through a user ID Face authentication request information including the user identity, the verification target ID, and the user information to the service application, and transmits the non-face authentication request information to the service application using the non-face authentication request information, Requesting or requesting a request. 16. The method of claim 15,
The user terminal includes a service application, which is a user interface provided by the service server, and a mobile ID application, which is a user interface provided by the authentication server.
In step (a), the user terminal supports the user to select the specific mobile ID for non-face authentication through the mobile ID application, transmits the mobile ID authentication request information to the authentication server To-
The method of claim 1, wherein, in the step (b), when the verification means value is obtained from the authentication server through the mobile ID application, the user terminal transmits the verification means value through a user ID Face authentication request information including the value, the verification target ID, and the user information, transmits the non-face authentication request information to a specific service application selected by the user from among a plurality of service applications, Wherein the application supports requesting or requesting non-face authentication to the service server using the non-face authentication request information. delete A method for performing non-facing authentication using a mobile identity,
(a) registering, in a first block chain database, a user certificate including a public key of a user, user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, A representative block hash value or a representative hash value that is calculated by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighborhood hash value matched with the specific hash value, Face authentication information from the service server in response to the user's non-face-to-face authentication information input signal through the service web in a state where the processed value is registered in the second block chain database and the second block chain transaction ID corresponding to the second block- When the user identification information for authentication is obtained, the authentication server sends (i) A mobile ID display area corresponding to display information of an ID card to be implemented, and a verification means value obtained from an authentication server and whose value is changed at every authentication, to a user terminal corresponding to the identification information, (Ii) sending or receiving a selection request signal to the user terminal, the mobile request information signal including a mobile identity information area including a user signature value signed with a private key of the user; (ii) When the mobile ID authentication request information is obtained, the mobile node identifies (1) the user certificate registered in the first block chain database by referring to the first block chain transaction ID corresponding to the user's public key or the user identification information Or (2) the public key of the user Obtains a data message from the second block chain database using the second block chain transaction ID corresponding to the user identification information, and processes the representative hash value or the representative hash value included in the data message And the leaf node information stored in the first block chain database in the first block chain database, and referring to the retrieved merch tree information and the leaf node information, Confirming the registered user certificate;
(b) supporting the authentication server to send or transmit the verification means value to the user terminal if (i) the user certificate for the user is verified, (ii) When the non-face authentication request information including the user signature value signed by the user's private key, the verification object ID that is the ID of the user who signed the verification means value, and the user information is obtained, Facsimile authentication request information to the service server so as to allow the service server to transmit the non-face authentication request information to the service web terminal; And
(c) if verification request information for the specific mobile ID including the user signature value and the verification target ID is obtained from the service server in response to the user's non-facing authentication request signal through the service web, Wherein the server verifies whether the user signature value is valid by using the public key of the user of the user certificate corresponding to the verification target identity and determines whether the user signature value is valid for the specific mobile identity Supporting the service server to transmit or transmit the verification result to the service server, thereby supporting the service server to perform the non-face authentication with respect to the user with reference to the verification result;
, ≪ / RTI &
Before the step (a)
(a01) If a mobile ID issuance application transaction including at least the user information is obtained from the user terminal, the authentication server confirms the user using the user information, requests a certificate registration to the user terminal, ;
(a02) If the public key of the user and the user identification information are obtained from the user terminal in response to the certificate registration request, the authentication server obtains the public key, the user identification information, and the user information hash value And a second block chain database for managing the first block chain transaction ID indicating location information on the first block chain database of the user certificate registered in the first block chain database And issuing or issuing the mobile ID to the user terminal; And
(a03) If the predetermined condition is satisfied, the authentication server calculates a representative hash value by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Registering a value obtained by processing the representative hash value in the second block chain database and managing a second block chain transaction ID corresponding to the value;
≪ / RTI > delete A method for performing non-facing authentication using a mobile identity,
(a) a user certificate including a public key of a user, user identification information for identifying the user, and a user information hash value, which is a hash value for the user information of the user, by the authentication server is registered in the first block chain database A representative hash value obtained by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, In the state where the value obtained by processing the representative hash value is registered in the second block chain database and the second block chain transaction ID corresponding to the value is processed, the service server transmits the non-face authentication information input signal And transmits the user identification information for the non-face authentication to the authentication server (I) to the user terminal corresponding to the user identification information, the mobile ID - the mobile ID is a mobile ID display area corresponding to the identification information of the ID to be implemented, And a mobile identity information area including a user signature value obtained by signing with a user's private key a value of a verification means whose value changes every time the user terminal sends a selection request signal to the user terminal, When the mobile ID authentication request information corresponding to the user selecting a specific mobile ID is obtained, (1) the first block chain transaction ID corresponding to the user's public key or the user identification information is referred to, Confirm the user certificate registered in the chain database Or (2) obtain a data message from the second block chain database using the second block chain transaction ID corresponding to the user's public key or the user identification information, Value or the processed value of the representative hash value, searches the first block chain database for the merge tree information and the leaf node information stored in the first block chain database, and extracts the retrieved merge tree information and the leaf node information To identify the user certificate registered in the first block chain database;
(b) the user certificate for the user is verified to allow the authentication server to (i) send or transmit the verification means value to the user terminal; (ii) When the non-face authentication request information including the user signature value signed with the private key, the verification object ID as the ID of the user who signed the verification means value, and the user information is obtained and the non-face authentication request information is transmitted, The service server acquiring the non-face authentication request information transmitted from the authentication server, and supporting to transmit or transmit the obtained non-face authentication request information to the service web;
(c) if the user transmits the non-facing authentication request signal using the non-facing authentication request information through the service web, the service server checks the user signature value and the verification By supporting or transmitting the verification request information for the specific mobile ID including the target ID to the authentication server by using the public key of the user of the user certificate corresponding to the verification target ID Confirming the validity of the user signature value and supporting transmission or transmission of the verification result for the specific mobile ID according to the validity of the user signature value to the service server; And
(d) performing a non-face authentication for the user with reference to the verification result, when the verification result for the specific mobile ID is obtained from the authentication server;
, ≪ / RTI &
The mobile ID includes:
Wherein the mobile ID information from the user terminal, the mobile ID information may be a photograph image of the user and display information of each ID card, and the mobile ID information may include personal information of the user. The method comprising: confirming the user using the user information when the transaction is obtained; requesting or requesting a certificate registration to the user terminal; supporting the public key of the user and the user Registering, in the first block chain database, the user certificate including the public key of the user, the user identification information, and the user information hash value, Of the user certificate Wherein the first block chain transaction ID is issued to the user terminal by the authentication server that manages the first block chain transaction ID indicating location information on the first block chain database. A method for performing non-facing authentication using a mobile identity,
(a) generating and storing a public key of a user and a private key of the user, storing the public key of the user, user identification information for identifying the user, and hash value of the user information of the user, And a representative hash value calculated by applying a hash function to the user certificate and at least one neighborhood hash value matched with the specific hash value, Value or the processed value of the representative hash value is registered in the second block chain database, and the mobile ID corresponding to the registered user certificate is registered as a mobile ID corresponding to the display information of the ID card to be implemented Domain, and the authentication server, and each time it is authenticated, And a mobile ID information area including a user signature value obtained by signing with a user's private key a value of a verification means to be converted into a service corresponding to the non-face authentication information input signal of the user via the service web When a selection request signal for the mobile ID from the authentication server is obtained corresponding to the user identification information for the non-face authentication from the server, the user terminal transmits the mobile ID authentication corresponding to the specific mobile ID selection by the user Request information to the authentication server so as to allow the authentication server to perform the steps of: (i) referring to the first block chain transaction ID corresponding to the user's public key or the user identification information, To verify the user's certificate, or (ii) Acquiring a data message from the second block chain database using a public key of the user or a second block chain transaction ID corresponding to the user identification information and transmitting the representative hash value or the representative hash value included in the data message Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the machined value and referring to the retrieved merge tree information and the leaf node information, Supporting to confirm the user certificate registered in the chain database; And
(b) if a verification means value is obtained from the authentication server in response to the confirmation of the user certificate for the user, the user terminal further comprises a user signature value signed with the user's private key, Face authentication request information including the user ID and the non-face authentication request information including the user information to the authentication server, thereby allowing the authentication server to send (i) the non-face authentication (Ii) supporting the request information to be transmitted to the service web through the service server, (ii) supporting the user signature value received from the service server in response to the non-facing authentication request signal of the user via the service web, The verification request information for the specific mobile ID including the ID is acquired (Iii) supporting the use of the public key of the user of the user certificate corresponding to the verification target ID to verify validity of the user signature value, and (iii) Transmitting a verification result of the mobile ID to the service server so that the service server can perform non-face authentication with respect to the user by referring to the verification result;
, ≪ / RTI &
Before the step (a)
(a01) supporting the user terminal to transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server;
(a02) If a certificate registration request signal is obtained from the authentication server in response to the mobile ID issuing application transaction, the user terminal generates the public key of the user and the private key of the user using the user authentication key, Public key and the user identification information to the authentication server so as to allow the authentication server to transmit a user certificate including the public key of the user, the user identification information, and the user information hash value to the first Registering in a block-chain database, managing a first block-chain transaction ID for the block-chain database, and issuing the mobile ID to the user terminal;
≪ / RTI > delete 1. An authentication server for performing non-face authentication using a mobile ID,
A user certificate including a public key of the user, user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, is registered in the first block chain database, A representative hash value obtained by computing a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value or a value obtained by processing the representative hash value Is registered in the second block chain database and the second block chain transaction ID corresponding to the second block chain transaction ID is managed, the specific mobile ID of the user for non-face authentication, the mobile ID corresponds to the display information of the ID card to be implemented A mobile ID display area, and an authentication server And a mobile ID information area including a user signature value obtained by signing with a user's private key a value of a verification means whose value is changed at each authentication time. The user's public key or the user identification information A communication unit for acquiring mobile ID authentication request information including the mobile ID authentication request information; And
(I) checking the user certificate registered in the first block chain database by referring to the public key of the user or the first block chain transaction ID corresponding to the user identification information of the obtained user authentication request transaction, (ii) obtaining a data message from the second block chain database using the public key of the user or the second block chain transaction ID corresponding to the user identification information, and wherein the representative hash value or Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the value obtained by processing the representative hash value and referring to the retrieved merge tree information and leaf node information To the first block chain database The method comprising the steps of: checking the user certificate stored in the user terminal; transmitting a verification value to the user terminal when the user certificate for the user is verified, thereby enabling the user terminal to transmit the verification value to the user's private key Non-face authentication request to a service server using non-face authentication request information including a signed user signature value, an ID to be verified for a user who signed the verification value, and non-face authentication request information including the user information, And when the verification request information for the specific mobile ID including the user signature value and the verification target ID is obtained from the service server, The validity of the user signature value And supports the service server to transmit or transmit the verification result for the specific mobile ID according to the validity of the user signature value to the service server so as to allow the service server to transmit the verification result to the user, A processor that performs a process to support non-face authentication;
, ≪ / RTI &
The processor comprising:
A process of confirming the user using the user information and requesting or requesting a certificate registration to the user terminal when a mobile ID issuance application transaction including at least the user information is obtained from the user terminal, When the user's public key and the user identification information are obtained from the user terminal in response to the request, the user certificate including the public key of the user, the user identification information, The mobile terminal managing the first block chain transaction ID indicating location information on the first block chain database of the user certificate registered in the first block chain database, And generating a hash value by applying a hash function to the user certificate and a representative hash value obtained by calculating at least one neighbor hash value matching the specific hash value, Further comprising: registering a value obtained by processing the representative hash value in the second block chain database, and managing a second block chain transaction ID corresponding to the value. delete 1. A service server for performing non-face authentication using a mobile ID,
A verification means value obtained by the user terminal from an authentication server, the verification means value including a user's public key, user identification information for identifying the user, and a user information hash value which is a hash value for the user information of the user A first block chain transaction ID corresponding to the first block chain database, a second block chain transaction ID corresponding to the first block chain transaction ID, a specific hash value generated by applying a hash function to the user certificate, The method comprising: (a) registering a representative hash value obtained by computing a neighborhood hash value or a value obtained by processing the representative hash value in a second block chain database and managing a second block chain transaction ID corresponding to the representative block hash value; The specific mobile ID of the user for face-to-face authentication, Includes a mobile ID display area corresponding to the display information of the ID card and a mobile ID information area including a user signature value obtained from the authentication server and signed by the user's private key, - registering in the first block chain database with reference to the public key of the user or the first block chain transaction ID corresponding to the user identification information contained in the mobile ID authentication request information obtained from the user terminal in response to the selection (Ii) the public key of the user included in the mobile ID authentication request information obtained from the user terminal in response to the user's specific mobile ID selection for non-face authentication, or The identification information Obtains a data message from the second block chain database using a two-block chain transaction ID, and associates the representative hash value or the representative hash value included in the data message with the value processed in the first block chain database Searches the first block chain database for the stored merge tree information and leaf node information, verifies the user certificate registered in the first block chain database by referring to the retrieved merge tree information and leaf node information, And a user ID of the user who signed the verification means value, and a user ID of the user who signed the verification means value, and the user information, which is signed by the user's private key, when the user certificate for the user is confirmed, Include non-facing authentication request information When using a non-face-to-face requesting authentication, a communication unit for obtaining the non-face-to-face authentication request information received from the user terminal; And
The verification request information for the specific mobile identity, the verification request information including the user signature value and the verification target ID, to the authentication server, thereby causing the authentication server to transmit the verification result to the user A process of confirming the validity of the user signature value using the public key of the user of the certificate and supporting the verification result of the specific mobile ID according to the validity of the user signature value to be transmitted to the service server And performing a non-face authentication with respect to the user by referring to the verification result when the verification result for the specific mobile ID is obtained from the authentication server, transmitting the non-face authentication result to the user terminal A process that performs a process that supports book;
, ≪ / RTI &
The mobile ID includes:
Wherein the mobile ID information from the user terminal, the mobile ID information may be a photograph image of the user and display information of each ID card, and the mobile ID information may include personal information of the user. The method comprising: confirming the user using the user information when the transaction is obtained; requesting or requesting a certificate registration to the user terminal; supporting the public key of the user and the user Registering, in the first block chain database, the user certificate including the public key of the user, the user identification information, and the user information hash value, Of the user certificate Is issued to the user terminal by the authentication server managing the first block chain transaction ID indicating location information on the first block chain database. In a user terminal performing non-face authentication using a mobile ID,
And generating and storing the public key of the user and the private key of the user and storing the generated public key and the private key of the user. The public key, the user identification information for identifying the user, and the hash value of the user information, And a representative hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Or the value obtained by processing the representative hash value is registered in the second block chain database, and the mobile ID corresponding to the registered user certificate is registered in the mobile ID display area corresponding to the display information of the identification card to be implemented, , And from the authentication server, And a mobile ID information area including a user signature value obtained by signing a verification means value whose value is changed by a user's private key, (I) transmitting, by the authentication server, the mobile ID authentication request information including the public key of the user or the user identification information to the authentication server, (Ii) supporting the authentication server to verify the user's public key registered in the first block chain database by referring to the first block chain transaction ID, The second block body < RTI ID = 0.0 > Acquiring a data message from the first block chain database and associating the representative hash value or the representative hash value with a value obtained by processing the merge tree information and leaf node information stored in the first block chain database, A communication unit that searches the first block chain database and supports the user certificate registered in the first block chain database by referring to the retrieved merge tree information and leaf node information; And
Wherein when the verification means value is obtained from the authentication server in response to the confirmation of the user certificate for the user, the verification means value is set to a user signature value signed with the user's private key, Face authentication request to the service server by using the non-face authentication request information including the user information and the non-face authentication request information including the user information, thereby allowing the service server to transmit the user signature value and the specific mobile ID To request verification of the specific mobile ID by using the verification request information for the specific mobile ID and to perform non-face authentication for the user by referring to the verification result of the specific mobile ID received from the authentication server Processor;
, ≪ / RTI &
Wherein,
To transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server,
The processor comprising:
Generating a public key of the user and a private key of the user using the user authentication key when the certificate registration request signal is obtained from the authentication server in response to the mobile ID issue application transaction, To the authentication server, the authentication server registers the user certificate including the public key of the user, the user identification information, and the user information hash value in the first block chain database, Managing the first block chain transaction ID for the first block, and issuing the mobile ID to the user terminal. 28. The method of claim 27,
The user terminal includes a service application, which is a user interface provided by the service server, and a mobile ID application, which is a user interface provided by the authentication server.
The processor comprising:
When the user generates a non-face authentication information input signal through the service application, the user can select the specific mobile ID through the mobile ID application, and transmits the mobile ID authentication request information to the authentication server Or transmit,
Wherein the verifying means acquires the verification value from the authentication server via the mobile ID application, and verifies the verification value with the private key of the user through the mobile ID application, the verification target ID, and the user information And transmits the generated non-facing authentication request information to the service application. The service application supports the non-face authentication request to the service server using the non-face authentication request information. . 28. The method of claim 27,
The user terminal includes a service application, which is a user interface provided by the service server, and a mobile ID application, which is a user interface provided by the authentication server.
The processor comprising:
The mobile user application is configured to support the user to select the specific mobile ID for non-face authentication through the mobile ID application, to support sending or transmitting the mobile ID authentication request information to the authentication server,
Wherein the verifying means acquires the verification value from the authentication server via the mobile ID application, and verifies the verification value with the private key of the user through the mobile ID application, the verification target ID, and the user information And transmits the non-face authentication request information to a specific service application selected by the user from among a plurality of service applications, and transmits the non-face authentication request information to the specific service application using the non-face authentication request information To request or request a non-facing authentication to the service server. delete 1. An authentication server for performing non-face authentication using a mobile ID,
A user certificate including a public key of the user, user identification information for identifying the user, and a user information hash value, which is a hash value of the user information of the user, is registered in the first block chain database, A representative hash value obtained by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value or a value obtained by processing the representative hash value Face authentication information input from the service server in response to the user's non-face-to-face authentication information input signal through the service web in the state of registering the second block-chain transaction ID in the second block- A communication unit for obtaining the user identification information; And
(i) the mobile ID to the user terminal corresponding to the user identification information, the mobile ID is a mobile ID display area corresponding to the identification information of the ID to be implemented, and the mobile ID is obtained from the authentication server, (Ii) sending or receiving a selection request signal to the user terminal, the user identification information including a mobile identity information area including a user signature value signed by the user's private key; (ii) (1) the first block chain transaction ID corresponding to the user's public key or the user identification information is registered in the first block chain database Confirms the user certificate, or (2) Obtaining a data message from the second block chain database using the public key or the second block chain transaction ID corresponding to the user identification information, and processing the representative hash value or the representative hash value included in the data message And searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with one value of the first block chain information and referring to the retrieved merge tree information and the leaf node information, (I) supporting, when the user certificate for the user is verified, to send or transmit a verification means value to the user terminal; (ii) As the private key of the user, Face authentication request information including an authenticated user signature value, an ID to be verified for a user who signed the verification value, and the non-face authentication request information including the user information is transmitted to the service server The method comprising the steps of: supporting the service server to transmit the non-face authentication request information to the service web terminal by supporting the non-face authentication request signal to the service web terminal, When the user signature value and the verification request information for the specific mobile ID including the verification target ID are acquired, validity of the user signature value using the public key of the user corresponding to the verification target identity And confirms the identified user signature To the service server by transmitting the verification result of the specific mobile ID according to the validity of the specific mobile ID to the service server, and supporting the service server to perform the non-face authentication on the user by referring to the verification result A processor to perform;
, ≪ / RTI &
The communication unit includes:
Acquiring a mobile ID issuance application transaction including at least the user information from the user terminal,
The processor comprising:
A processor for confirming the user using the user information of the obtained mobile ID issuing application transaction and for requesting or requesting a certificate registration to the user terminal; Registering the user certificate including the public key of the user, the user identification information, and the user information hash value in the first block chain database when the public key and the user identification information are obtained, A process of managing the first block chain transaction ID indicating location information on the first block chain database of the user certificate registered in the database and supporting issuing or issuing the mobile ID to the user terminal, This A representative hash value obtained by computing a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matching the specific hash value or a value obtained by processing the representative hash value, Further comprising a process of registering in the block chain database and managing a second block chain transaction ID corresponding to the second block chain transaction ID. delete 1. A service server for performing non-face authentication using a mobile ID,
The user certificate including the public key of the user, the user identification information for identifying the user, and the user information hash value, which is a hash value for the user information of the user, is registered in the first block chain database by the authentication server, A representative hash value obtained by calculating a hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, Face authentication information in response to the user's non-face-to-face authentication information input signal through the service web in a state in which the processed value of the second block chain transaction ID is registered in the second block- By transmitting the user identification information to the authentication server, (I) to the user terminal corresponding to the user identification information, the mobile ID - the mobile ID is a mobile ID display area corresponding to display information of an ID to be implemented, and a mobile ID display area obtained from the authentication server, A mobile identity information area containing a user signature value signed by the user ' s private key; and (ii) sending a selection request signal from the user terminal to a particular mobile (1) registering in the first block chain database with reference to the first block chain transaction ID corresponding to the user's public key or the user identification information, when the mobile ID authentication request information corresponding to the ID selection is obtained (2) confirming the user certificate Obtains a data message from the second block chain database using the public key of the first block chain or the second block chain transaction ID corresponding to the user identification information and stores the representative hash value or the representative hash value Searching the first block chain database for the merge tree information and the leaf node information stored in the first block chain database in association with the machined value and referring to the retrieved merge tree information and the leaf node information, A communication unit for supporting identification of the user certificate registered in the chain database; And
Wherein the user certificate for the user is verified to allow the authentication server to: (i) send or transmit a verification means value to the user terminal; (ii) verify the verification means value with the user's private key When the non-face authentication request information including a user signature value, an ID to be verified for a user who signed the verification means value, and the user information is obtained and transmits the non-face authentication request information, Face authentication request information transmitted from the non-face authentication request information transmitted from the non-face authentication request information to the service web; and a process of transmitting the non-face authentication request information to the service web, When the non-facing authentication request signal is transmitted, the non-facing authentication request signal And transmits the verification request information for the specific mobile ID including the user signature value and the verification target ID to the authentication server so as to allow the authentication server to transmit the verification information of the user certificate corresponding to the verification target ID A process of confirming the validity of the user signature value using the public key of the user and supporting transmission or transmission of the verification result of the specific mobile ID according to the validity of the user signature value to the service server And performing a process of performing non-face authentication with respect to the user by referring to the verification result when the verification result for the specific mobile ID is obtained from the authentication server;
, ≪ / RTI &
The mobile ID includes:
Wherein the mobile ID information from the user terminal, the mobile ID information may be a photograph image of the user and display information of each ID card, and the mobile ID information may include personal information of the user. The method comprising: confirming the user using the user information when the transaction is obtained; requesting or requesting a certificate registration to the user terminal; supporting the public key of the user and the user Registering, in the first block chain database, the user certificate including the public key of the user, the user identification information, and the user information hash value, Of the user certificate Is issued to the user terminal by the authentication server managing the first block chain transaction ID indicating location information on the first block chain database. In a user terminal performing non-face authentication using a mobile ID,
And generates and stores a public key of the user and a private key of the user and stores the public key, the user identification information for identifying the user, and the user information hash value, which is a hash value for the user information of the user A representative hash value obtained by calculating a specific hash value generated by applying a hash function to the user certificate and at least one neighbor hash value matched with the specific hash value, A value obtained by processing the representative hash value is registered in the second block chain database, the mobile ID corresponding to the registered user certificate, the mobile ID includes a mobile ID display area corresponding to display information of an ID to be implemented, It is obtained from the authentication server and its value changes every authentication And a mobile ID information area including a user signature value obtained by signing the verification means value with the user's private key, the service server corresponding to the non-face authentication information input signal of the user via the service web, A communication unit for obtaining a selection request signal for the mobile ID from the authentication server corresponding to the user identification information for the non-face authentication from the authentication server; And
And transmitting the mobile ID authentication request information corresponding to the specific mobile ID selection by the user to the authentication server so that the authentication server transmits (i) a first block chain transaction corresponding to the user's public key or the user identification information (Ii) the second block chain transaction ID corresponding to the public key of the user or the user identification information, to identify the user certificate registered in the first block chain database by referring to the first block chain database, The method comprising: acquiring a data message from a chain database; extracting merge tree information and leaf node information stored in the first block chain database in association with a value obtained by processing the representative hash value or the representative hash value included in the data message; Sword in the first block chain database A process for supporting verification of the user certificate registered in the first block chain database by referring to the retrieved merge tree information and leaf node information, and a process for confirming the user certificate for the user from the authentication server Wherein when the verification means value is obtained, the verifying means comprises a user signature value signed with the user's private key, a verification target ID that is an identification of the user who signed the verification means value, and the non- (I) supporting the non-face authentication request information to be transmitted to the service web via the service server, (ii) supporting the service web by sending the request information to the service server, In response to the user's non-facing authentication request signal When the user signature value received from the service server and the verification request information for the specific mobile ID including the verification target ID are acquired, the verification is performed using the public key of the user of the user certificate corresponding to the verification target identity And (iii) transmitting a verification result for the specific mobile ID according to the validity of the user signature value to the service server, so that the service server refers to the verification result To perform a non-face authentication for the user;
, ≪ / RTI &
Wherein,
To transmit or transmit a mobile ID issuance application transaction including at least user information to the authentication server,
The processor comprising:
Generating a public key of the user and a private key of the user using the user authentication key when the certificate registration request signal is obtained from the authentication server in response to the mobile ID issue application transaction, To the authentication server, the authentication server registers the user certificate including the public key of the user, the user identification information, and the user information hash value in the first block chain database, Managing the first block chain transaction ID for the first block, and issuing the mobile ID to the user terminal. delete

Images