KR20220088391A - Management computers for security management of things, security management systems and methods using them - Google Patents

Abstract

The present invention relates to a management computer for security management of things and a security management method using the same. In the present invention, the user of the use group communicates with the object to be controlled in the use group with a thing, and manages the security of the object to be controlled in the system to control or use the object to be controlled, and at least one hardware processor and computer program A management computer having a stored memory, wherein the at least one hardware processor controls execution of a program stored in the memory, and performs identity authentication of the user based on user identification information provided by the related parties of the user, It is characterized in that by analyzing the communication data between the thing and the related thing of the thing, the identification of the thing is performed, and whether the control or use of the control target of the thing is determined according to the result of the identification of both the user and the thing A management computer and a security management method using the same are presented for security management of objects.

Description

Management computers for security management of things, a security management system using the same, and a method therefor

The present invention relates to a management computer for security management of things, a security management system, and a method therefor. In more detail, for a series of rights such as connection between objects that can be interconnected through the Internet network or wireless communication means, and actions after connection, it is set according to the status of the identity authentication of the object and the identity authentication of the user who uses the object. As such, it relates to a system and method for enhancing security regarding control or use of things in a network that can be formed between things.

A network of things and things is formed through the Internet of Things network, wired and wireless Internet network, local area wireless communication network, and mobile communication network, and as a result, a network is also formed among users who use the things. Ultimately, a network between people and things can be formed.

When a specific thing is used in another thing in such a thing and thing, person and person or person and thing network, an unwanted use state of the specific thing may occur. For example, it is a problem that can be explained as a security vulnerability in the Internet of Things.

In the conventional security in the Internet of Things, when a control terminal and a user of the control terminal want to access and control a specific object to be controlled, it is common that the user or the control terminal needs to know the connection information of the object to be controlled in order to access it.

However, the security of such an Internet of Things system may be ineffective if the access information of the controlled object is hacked, and even when it is necessary to impose restrictions on the authority of the user or the control terminal to perform an action on the controlled object. And there may be a problem that the permission cannot be restricted.

For example, in the IoT system, since a communication network between devices is formed, harm due to hacking or incorrect access may be serious. One of the biggest problems in IoT systems is security. In order to solve the security problem of these IoT systems, many studies and their results have been published.

Republic of Korea Patent Publication No. 10-2016-0075158 (published date: June 29, 2016) discloses an invention of a device access control system for security of IoT terminals and an operating method thereof.

In the patented invention, since things constituting the Internet of Things (IoT) are connected to and communicated with the Internet, a state that is very vulnerable to security is treated with a hardware-centric method to secure the function of an accessed object when an unauthorized object approaches. It relates to a device access control system and an operating method for IoT terminal security that allow this pause or form an invisible state to maintain security, and is provided with one or more sensor devices and connected Check the authentication status and access level of the access terminal, designate an access logical address and a connection physical address that can access the sensor device. one or more operating terminals for recording in and designating the access level of the access terminal as the default level; an IoT communication network that connects to an operating terminal and provides a wired and wireless communication path including the Internet; one or more access terminals that connect to the operating terminal through the object communication network, access the sensor device permitted to access according to the authenticated level, detect information detected by the connected sensor device, and receive transmission; and a management terminal for controlling and monitoring to access the IoT communication network and assign and set authentication status and access level to allow the access terminal to access the operating terminal, and to store it in the allocated area of the operating terminal; It is an invention that includes

In the disclosed invention, when it is determined that the accessed access terminal is hacking, the sensor device is initialized, the unique ID of the access terminal is recorded in the out-of-bounds record, and the access terminal of the access terminal is blocked by designating the access level of the access terminal as the default level. It is an invention of the configuration.

However, the disclosed invention relates to processing when it is determined that the access terminal is hacked, and before determining hacking, it is authenticated in advance whether the access terminal is the same device as the device to which access is allowed, and the identity is not authenticated. In this case, there is no fundamental method to block access or restrict usage rights regardless of whether it is hacked or not.

In addition, as authenticating a relationship between devices or users, the invention of peer-based authentication of Republic of Korea Patent Publication No. 10-2016-0077102 (published date: July 01, 2016) is disclosed.

The disclosed invention provides a method of verifying the identity of a first user of a first user device, the method comprising: receiving a request to verify the identity of the first user; a second of the first user or the first user device and the second user device based on a first list of user interactions associated with the first user device and a second list of user interactions associated with a second user device determining whether there is a relationship between a user or the second user device; and ascertaining the identity of the first user based on determining that there is a relationship between the first user or the first user device and the second user or the second user device; wherein the first list of interactions includes an entry for interaction with the second user device, and wherein the determining comprises: an entry for interaction with the second user device in the first list of user interactions. determining whether corresponds to an entry for an interaction with the first user device in the second list of user interactions, sending a first query to the first user device; send a second query to a second user device, and based on a response to the first query and a response to the second query, the first user or the first user device and the second user or the second user device It is the invention of the composition that determines whether there is a relationship between the two.

The disclosed invention transmits a query to the first user device in the process of confirming the identity of the first user device or the first user, and receives a response, and determines the first user device by receiving a response. There is a problem that cannot be achieved.

Therefore, if there is a user who wants to perform an action using the object being used for a specific object in the network between the user and the object, the hardware or programmatic security method applied to the conventional object to be controlled or the user and the object to be controlled In order to fundamentally eliminate the problem of the security method that is performed only with the relationship with the user of the object or control object, the user who registered the object or the right to use the object to be used as the ownership or right to use the object is not registered with non-related persons or people. The approval process is performed by the related thing, and the identity authentication between the user who wants to control or use the thing and the thing used is performed, but the user performs the identity authentication by the related people, and the thing is the identity authentication by the related things An invention related to the security of a thing is desired, which sets to limit the control or use authority of the specific thing according to the identity authentication information of the user and the thing.

Republic of Korea Patent Publication No. 10-2016-0075158 (published date: June 29, 2016) Republic of Korea Patent Publication No. 10-2016-0077102 (published on July 01, 2016)

The present invention is to solve the problems of the prior art, and the object of the present invention is to approve and process the registration matters related to the object by the user who has registered as ownership or right to use the object to be used by non-related persons or non-related objects and perform identity authentication between the user who wants to control or use the object and the object to be used, but the user performs identity authentication by related persons, the object performs identity authentication by related objects, and the user and To provide a security management computer of a thing, a security management system, and a method for setting the control or use authority of the specific thing to be limited according to the identity authentication information of the thing.

As a technical solution means for achieving the object of the present invention, as a first aspect of the present invention, a system in which a user of a use group communicates with a controlled object of a use target group with a thing to control or use a controlled object A management computer including at least one hardware processor and a memory in which a computer program is stored, managing the security of the object to be controlled, wherein the at least one hardware processor controls execution of a program stored in the memory, wherein the user The identity authentication of the user is performed based on the user identification information provided by the A management computer for security management of a thing is provided, characterized in that it determines whether to control or use the control target of the thing according to the result of .

In addition, as a second aspect of the present invention, there is provided a method for managing the security of the control target object in a system for controlling or using the control target object by communicating with the control target object of the usage target group as a thing of the usage group, wherein the management computer performing the identity authentication of the user based on user identification information provided by the related parties of the user, and the management computer analyzes the communication data between the object and the related object to perform the identity authentication of the object and determining, by the management computer, whether to control or use the object to be controlled by the object according to the result of identity authentication for both the user and the object.

According to the present invention, based on the identity authentication status of the user who wants to use a specific thing in the network between things and the network between people and things, and the identity authentication status of the thing used by the user, restrictions are set on the right to use the specific thing, There is an effect of efficiently securing network security between things or network security between people and things.

1 is a schematic configuration diagram of an embodiment of a security system for things of the present invention.
2 is a schematic configuration diagram of an embodiment of a management computer, which is a main part of the security system of a thing according to the present invention.
3 is a schematic configuration diagram of an embodiment of a data storage computer, which is a main part of the security system of a thing according to the present invention.
4 is a schematic configuration diagram of an embodiment of a user identity authentication section, which is a main part of the security system of a thing according to the present invention.
5 is a schematic configuration diagram of an embodiment of a user authentication management computer, which is a main part of the user identity authentication section of the present invention.
6 is a schematic configuration diagram of an embodiment of a data analysis computer, which is a main part of the user identity authentication section of the present invention.
7 is a schematic configuration diagram of an embodiment of a data storage computer, which is a main part of the user identity authentication section of the present invention.
8 is a schematic configuration diagram of an embodiment of an analysis data storage computer, which is the main part of the user identity authentication section of the present invention.
9 is a schematic configuration diagram of an embodiment of the object identity authentication section, which is a main part of the security system for objects of the present invention.
10 is a schematic configuration diagram of an embodiment of the user-object identity authentication section, which is the main part of the security system for things of the present invention.
11 is a schematic configuration diagram of an embodiment of the identity authentication system by non-related persons included in the user-object identity authentication section of the security system for things of the present invention.
12 is a schematic configuration diagram of an embodiment of an authentication management computer, which is a main part of the identity authentication system by a non-related person in the security system of a thing according to the present invention.
13 is a schematic configuration diagram of an embodiment of an authentication target information management module, which is a main part of the authentication management computer of FIG. 12 .
14 is a schematic configuration diagram of an embodiment of an authenticator information management module, which is a main part of the authentication management computer of FIG. 12 .
15 is a schematic configuration diagram of an embodiment of an authentication information management module, which is a main part of the authentication management computer of FIG. 12 .
16 is a schematic configuration diagram of an embodiment of a participant information storage module, which is a main part of the data storage computer of FIG. 11 .
17 is a flowchart for explaining an embodiment of a method for securing a thing according to the present invention.
18 is a flowchart for explaining another embodiment of the method for securing a thing according to the present invention.
19 is a flowchart for explaining another embodiment of the method of securing a thing according to the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

Terms used in the description of the embodiments of the present invention will be defined. Various computers and terminals used in the present invention may consist of hardware itself, or a computer program or web program that utilizes the hardware resources. For example, the management computer, user authentication management computer, thing authentication management computer, user thing authentication management computer or data analysis computer of the present invention may consist of each configuration of hardware included in the computer, and stored in the storage means of the computer. Each component of the web program or computer program may be configured to be executed by utilizing hardware resources (at least one processor) of a central processing unit (CPU) including instructions and algorithms stored in registers of the computer.

In addition, terms used or usable in the description of the embodiment of the present invention, such as '~ part', '~ module', '~ means' or ~ unit', may be used with the same meaning of the same configuration, and corresponding These are terms that can be appropriately substituted and used according to the action of the components. The above terms may be a hardware configuration of a computer or terminals, and may represent each component of a web program or computer program that is stored in the storage means of the computer and terminal and executed under the control of a central processing unit (CPU) or processor.

In addition, the '~ section' used in the description of the present invention can be viewed as a configuration of a system that includes at least one computer and achieves a set purpose.

In the embodiment of the present invention, the above terms are mainly used as terms representing each component of a web program or a computer program.

Of course, other terms or expressions not defined herein are not bound by the terms or expressions, and have a greater meaning in the action or function of the components represented.

1 is a schematic configuration diagram of an embodiment of a security system for things of the present invention.

As shown in FIG. 1, the security system of a thing of the present invention manages information about things and users who want to control or use a specific thing using the thing, and performs identity authentication of the thing and the user. a management computer 1000 that manages security including regulation of use rights of specific things; A data storage computer 2000 that is communicatively connected to the management computer 1000 and receives, stores, and manages users, things, or user-thing connection information, security-related identity authentication information, and authority setting information from the management computer 1000; ; a use object group 3000 including at least one piece of object information comprising objects 3100 to be controlled or used and users 3200 who use the objects and information on users of the objects; At least one other thing information including users 4200 who want to control or use the things 3100 of the target group 3000 by using other things 4100 and users who use the other things a use group 4000 including information; When the management computer 1000 is connected to communication and the use group 4000 wants to control or use the object 3100 of the use target group 3000, the identity authentication of the user 4200 of the use group 4000 is A user identity authentication section 5100 for performing the identity authentication section 5200 for performing the identity authentication of other objects 4100, a specific object 3100 of the target group 3000 and the owner or an identity authentication system 5000 including a user-object identity authentication section 5300 for performing identity authentication of a user 3200 as a licensee; The management computer 1000 , the use target group 3000 , and the use group 4000 are communicatively connected and the control or use state of the thing 3100 of the use target group 3000 in the use group 4000 . It is a configuration including a cloud computing system 6000 for sharing and storing information.

At least one computer included in the management computer 1000, the object identity authentication section 5100, the user identity authentication section 5200, and the user-thing identity authentication section 5300 of the identity authentication system 5000 is a communication means It may include at least one hardware processor and a memory for storing a computer program or a web program, and may consist of at least one server computer capable of executing a computer program or a web program.

The data storage computer 2000 may be configured as a database management system (DBMS).

When the objects 3100 and 4100 used or owned by users of the target group 3000 and the users of the usage group 4000 are portable terminals, the portable terminal is provided with a communication means and includes at least one hardware It may be composed of a terminal such as a smartphone, a tablet computer, a personal computer (PC), a notebook computer, which can execute a computer program or a web program, including a processor and a memory for storing a computer program or a web program.

A user interface program managed and operated by the management computer 1000 may be output or executed in the terminals.

The detailed configuration of the object identity authentication section 5100, the user identity authentication section 5200, and the user-object identity authentication section 5300 of the identity authentication system 5000 will be described later.

2 is a schematic configuration diagram of an embodiment of a management computer, which is a main part of the security system of a thing according to the present invention.

As shown in Fig. 2, the management computer 1000 of the present invention may be a hardware component of the management computer as described above, and is a component of a computer program or web program executed by utilizing the hardware resources of the management computer. can be Here, the components of the program will be described.

In an embodiment of the present invention, by accessing the management computer 1000 and using the user information of the user group registered as a user of the object to be controlled or used as a user and other objects to control or use the object to be controlled or used, a user information management module 1100 for receiving, storing, and managing user information of a user group registered as a user; a thing information management module 1200 that receives, stores, and manages information on things to be controlled or used by users of the usage group and information on other things used by users of the usage group; a user-thing information management module 1300 for receiving, storing, and managing status information of a user who has registered with a thing in relation to a user who has registered as an owner or user right to the thing; a user identity authentication management module 1400 for receiving, storing, and managing identity authentication information of the users of the target group and the use group transmitted by performing the user identity authentication section 5100 of the identity authentication system 5000; a thing identity authentication management module 1500 for receiving, storing, and managing the identity authentication information of the objects of the use target group and the use group transmitted by performing the object identity authentication section 5200 of the identity authentication system 5000; Receive and store the user-thing identity authentication information for approving the ownership or right of use of the user registered in the object of the use target group transmitted by performing in the user-object identity authentication section 5300 of the identity authentication system 5000 and a user-object identity authentication management module 1600 for making and managing; An authentication information management module for managing the user's identity authentication, object authentication, or user information registration approval information on the basis of the identity authentication information of the user, thing, or user-thing transmitted from the identity authentication system 5000 (1700) and; A configuration comprising a permission setting information management module 1800 that sets, stores, and manages the control or use rights for things set in the objects of the target group or according to the identity authentication status of the users and things in the management computer to be.

3 is a schematic configuration diagram of an embodiment of a data storage computer, which is a main part of the security system of a thing according to the present invention.

As shown in FIG. 3 , the data storage computer 2000 of the present invention connects to the management computer 1000 and controls the use target group or information of users registered as users of the objects to be used and the information of the use group. a user information storage module 2100 for storing information of users who have registered as users of things; a thing information storage module 2200 for storing information on things to be controlled or used by users of the usage group and information on things used by users of the usage group; a user-thing information storage module 2300 for storing state information of a user who has registered with a thing in relation to a user who has registered as an owner or a right holder of the thing; an authentication request information storage module 2400 for storing information requesting authentication or approval in relation to the user or thing of the target group, the users and things of the usage group, and user registration to the thing of the target group; an identity authentication request information storage module 2500 for storing information on which an identity authentication request is made to the identity authentication system based on the authentication or approval request information; an identity authentication information storage module 2600 for storing information on whether a user, a thing, or a user-thing sameness authentication is performed and transmitted by the identity authentication system 5000; An authentication information storage module that stores approval information of user authentication, object authentication, or user information registration in a thing based on the identity authentication information of the user, thing, or user-thing transmitted from the identity authentication system 5000 (2700) and; A configuration comprising a permission setting information storage module 2800 for storing permission information set in the object of the use target group or set according to the identity authentication status of the user and the object for the control or use right of the object in the management computer to be.

4 is a schematic configuration diagram of an embodiment of a user identity authentication section, which is a main part of the security system of a thing according to the present invention.

As shown in FIG. 4, the user identity authentication section 5100 of the present invention receives and manages the user authentication request, receives and manages the information and access agreement to the information and information of the relevant persons and the group information of the persons concerned with the authentication requester, and creates the user a user authentication management computer 5110 that manages authentication information and identity confirmation information; A big data database is formed by analyzing information collected through the Internet social network 5170, etc. of information such as words used during daily conversations and conversations between acquaintances, and the user authentication request from the user authentication management computer 5110 a data analysis computer 5120 that receives the communication history information of the related person group according to the information, performs identity verification, and transmits the information to the user authentication management computer 5110; Data for storing data including user information of user authentication managed by the user authentication management computer 5110, related person group information, communication history information of the related person group, and identity confirmation information transmitted from the data analysis computer 5120 a storage computer 5130; Information and data analysis computer analyzed by the data analysis computer 5120 on the big data database collected and analyzed by the data analysis computer 5120 and the communication details of the related person group received from the user authentication management computer 5110 Analysis data storage computer 5140 including various data analysis of 5120 and statistics based thereon; A web program or computer program that is provided and output or executed by the user terminal 5150 used by the user who is the authentication requester who is connected to communication with the user authentication management computer 5110) and requests user authentication and receives user authentication approval information a user authentication interface including each component of; The user authentication management computer 5110 is connected to communication and related persons such as acquaintances who are related to the user authentication requestor provide information such as relationship information and communication details with the user authentication requester to the user authentication management computer 5110 At least one related terminal 5160 includes each component of a web program or computer program that is provided and output or executed, and includes an identity confirmation interface.

The user authentication management computer 5110 may include at least one server computer having a communication means and capable of executing a computer program or a web program.

The data analysis computer 5120 may include at least one server computer having a communication means and capable of executing an artificial intelligence (AI) related computer program or web program.

Also, the term data analysis computer is not limited thereto. It goes without saying that various terms that perform a corresponding function can be used in place of various terms in an embodiment of the present invention. For example, it can be used interchangeably with terms such as artificial intelligence computer.

The data storage computer 5130 and the analysis data storage computer 5140 may be configured as a database management system (DBMS).

The user terminal 5150 and the related party terminal 5160 are provided with a communication means, and may be composed of terminals such as smartphones, tablet computers, personal computers (PCs), notebook computers in which application programs or web programs can be executed. . The application or web program provided by the user terminal 5150 may be configured as a user authentication interface for requesting user authentication approval to the user authentication management computer 5110, and the related terminal 5160 is provided and The existing application program or web program may be configured as an identity confirmation interface that provides the user authentication management computer 5110 with relationship information and communication details with the requestor of the user authentication.

The Internet social network 5170 is configured to include various social network services (SNS) and Internet media.

The configuration of the user identity authentication system 5100 of the identity authentication system 5000 of the present invention is that when the user terminal 5150 requests user authentication, the user authentication management computer 5110 is an acquaintance of the user who is the authentication requester, etc. Receives information of related persons and communication information of related persons from the user, and based on this, the user authentication management computer 5110 transmits relationship information and communication history information with the user to the related persons in order to confirm whether the user is the same person to the related persons terminal The request is made to (5160) and received, and the received communication history information of related persons is transmitted to the data analysis computer 5120 to request identity confirmation, and the data analysis computer 5120 receives relation information and communication details of related persons. The information is analyzed, collected from the Internet social relational networks 5170, and the identity is determined by determining the consistency with the relationship attribute data that can infer the identity of each relationship group extracted from the big data database generated and stored by itself. It transmits authentication information to the user authentication management computer 5110, and the user authentication management computer 5110 transmits user authentication approval information to the user terminal 5150 based on the received identity confirmation information. is the composition

When the communication history information is voice information, the information may be analyzed using a voice recognition technology, or the corresponding information may be analyzed using a voice matching method, voice text conversion technique, or the like.

The relationship information between the related persons and the user may include, for example, family members, relatives, friends, work colleagues, school classmates, social members, and acquaintances for hobby.

In addition, the communication history information of the related persons or group of related persons is, for example, a mobile phone text message (SMS, MMS, etc.), a chat message in a chatting application program running on a mobile phone, and a text message on a social network service (SNS). It includes various types of communication information performed using a mobile phone, including communications, e-mail letters, and Internet voice calls on mobile phones.

In the embodiment of the user identity authentication section 5100 of the present invention, the function of the data analysis computer 5120 is performed by the user authentication management computer 5110, and the data analysis computer 5120 may be omitted. .

5 is a schematic configuration diagram of an embodiment of a user authentication management computer, which is a main part of the user identity authentication section of the present invention.

As shown in Fig. 5, the user authentication management computer 5110 of the present invention may be a hardware component or may be composed of a computer program or web program executed by utilizing hardware resources. Here, the user authentication management computer 5110 will be described as a component of a computer program or a web program (user authentication management means).

The user identity authentication management means receives the user's personal information and at least one password information entered into the user terminal 5150 by the user who wants to perform user authentication, stores it in the data storage computer 5130, and manages the user an information management module 5111; The user's mobile phone together with the user's name and face photo input into the user terminal 5150, or personal information including the name and mobile phone number, and consent information on the use of information of related persons such as acquaintances of the user , an authentication request information management module 5112 that receives, stores, and manages personal authentication authentication request data including prior consent information in providing information of related persons stored in terminals in use, such as personal computers (PCs), and the like; ; a related person group management module 5113 that receives, stores, and manages related person information including mobile phone numbers, e-mail addresses, SNS addresses, etc. of related persons transmitted from the user terminal 5150; When the user authentication management computer 5110 transmits a request message to confirm whether the user is the same person to the related people using the information of the related people, and determines that the related people input from the related person terminal 5160 are the same person, a related person identification data management module 5114 for receiving, storing, and managing related person identification data including relation information and evidence data between a related person and a user based thereon; The identity confirmation request information management module 5115 that the related person identification data management module 5114 transmits the related person identification data received from the related person terminal 5160 to the data analysis computer 5120 to request and manage the user's identity verification )class; an authentication information management module 5116 that receives, stores, and manages user identity confirmation information transmitted from the data analysis computer 5120; a related person identification data security management module 5117 that encrypts and decrypts related person information data and personal information received from the related person terminal 5160 and manages; a related person benefit information management module 5118 for storing and managing benefit information including points given to related persons who have agreed to a request for confirmation of whether the user is the same while providing the related person information; It is configured to include an anti-corruption information management module 5119 for filtering, granting penalty points, etc. to fraudulent actors when the user or related persons provide false information for illegal purposes.

The related person group management module 5113 may create and manage related groups by grouping the related people of the user into categories such as family, relatives, friends, work, school, friendship, and hobbies, for example.

The security of information data and personal information of related persons in the related person identification data security management module 5117 is encrypted and stored to protect the communication details and its contents, and is decrypted when the communication details and its contents are to be analyzed. After analysis and processing, it can be encrypted and stored again. In addition, analysis processing is possible without decryption of communication details and contents encrypted by homomorphic encryption technology or the like.

In addition, the anti-corruption information management module 5119, for example, in spite of the relationship between the user and the person concerned, to prevent the case in which personal authentication is performed by a person other than the user rather than the user's authentication for an illegal purpose. You can use a method to verify the name through a bank account opened in the user's name or to verify the validity of the user's mobile phone name through password verification.

The motive of illegal use of the identity authentication system of the present invention can be blocked by taking measures such as giving a strong penalty to an illegal user or deducting a reliability score index.

In addition, the authentication request information management module 5112, the name and face photo, or name and mobile phone number, and the user's mobile phone, an authentication requestor data management module for receiving, storing, and managing data related to information of related persons, such as acquaintances, who know the user, stored in an electronic device capable of communicating with external communication media including tablet computers, notebook computers, and personal computers; It is a configuration including a related person information data management module that stores and manages related person information among the related person information and data such as the related person's mobile phone number, e-mail address, and various social network service access addresses.

If the face picture or mobile phone number input from the user terminal 5150 managed by the authentication requestor data management module is different from that previously managed, the user authentication management computer 5110 stores the change history and can manage

In addition, the authentication information management module 5116 receives, stores, and manages the identity confirmation information derived by analyzing the information provided that the related persons are the same person for the user transmitted from the data analysis computer 5120. an identity verification information management module; a user authentication approval information management module for generating user authentication approval information based on the identity confirmation information, transmitting it to the user terminal 5150 of the user authentication requester, and managing; It is a configuration that includes a user authentication reliability information management module that stores and manages reliability granting and reliability upgrade information to those who have received user authentication approval.

The reliability of the person who has received user authentication approval managed by the user authentication reliability information management module can be given a reliability index score of, for example, 80 points when the user authentication is approved for the first time. When the data is further analyzed and authenticated by the computer 5120, a reliability index score may be additionally given according to a predetermined criterion. A predetermined criterion for adding the index score of reliability can be determined in proportion to, for example, the number of related persons who participated in the identification check, the total number of related persons groups, the total period during which messages are transmitted and received, etc. It can be set based on a numerical value that is proportional or inversely proportional.

In addition, when the user terminal 5150 requests user authentication, an input field may be configured to input the password together with a name and face picture, or a name and a mobile phone number, on the application screen of the user terminal 5150 . In this case, the input order of the items to be entered into the input box may be entered arbitrarily, but if the input order for each item is consistently set, a procedure for checking whether illegal use is performed may be performed according to a change in the input order.

6 is a schematic configuration diagram of an embodiment of a data analysis computer, which is a main part of the embodiments of the user identity authentication section of the present invention.

As shown in Fig. 6, the data analysis computer 5120 of the present invention may have a hardware configuration, and may be a computer program or web program (identity verification analysis management means) executed by utilizing hardware resources. Here, the components of the program will be described. The identity verification analysis management means includes: an analysis-related data collection management module 5121 for collecting and managing data such as words, vocabulary, sentences, expressions, etc. used in the relationship in the relationship group of the user who is the authentication requester; an analysis-related big data management module 5122 that manages the data collected by the analysis-related data collection and management module 5121 as big data and manages the update of big data; a related person identification data analysis management module 5123 which analyzes and manages data for each relationship of a relationship group based on information such as related persons of the user transmitted from the user authentication management computer 5110; an identity verification performance management module 5124 that determines whether the analyzed data and big data are consistent with each other and determines whether they are identical; With the rapid development of data analysis technology such as an error determination method when an error occurs in the operation of the data analysis computer 5120, the method when the operation of the data analysis computer 5120 must be manually set, and artificial intelligence It is a configuration including an analysis error information management module 5125 that manages a method of solving the problems caused by the error.

In the analysis error information management module 5125, for example, the determination of artificial intelligence operation errors, manual setting of operation, and problem solving due to strong artificial intelligence are, respectively, the collective intelligence convergence system (Applicant's registered patent No. 10-1804960) h) can be used to control it.

The identity verification performance management module 5124 includes: a personal authentication means analysis management module that analyzes and manages communication details between a person who has been authenticated by various existing means, such as user authentication-related public certificates, mobile phone verification, and the like; a standard setting information management module for setting and managing a standard of how many or more persons should be confirmed by each related person group; Communication history characteristic statistics to generate and manage statistics by analyzing the characteristics of communication details in the personal authentication method analysis management module and the communication details between the person who has been authenticated and the related person according to the standards set in the standard setting information management module management module; an average data management module for each group of related persons, which calculates and manages average data of all members or authenticated users of transmission and reception items for each group of related persons; It can be implemented with a configuration including an identity determination information management module that compares and analyzes similarities and differences with the average data for a user's authentication request to determine whether or not to be identical and manages the result.

In the standard setting information management module, for example, the group of related persons is divided into family, friends and workplace, the number of family members is at least 3 people, the number of friends is at least 7 people, and the number of office workers is at least 10 people. can be set.

In addition, in the communication history characteristic statistics management module, for example, the characteristics of transmission and reception include the number of related persons per group of related persons, total transmission and reception period, transmission/reception period, number of transmission/reception, reaction time between transmission and reception, title, subject, word, vocabulary , sentences, honorifics, abbreviations, whether emoticons are used, usage, punctuation marks, whether abbreviations or short words are used, singularities in content, etc. Mathematical main values such as the average, standard deviation, maximum value, and minimum value of each item related to the transmission/reception characteristics may be calculated, or a frequently used expression may be stored in the analysis data storage computer 5140 .

In the average data management module for each group of related persons, for example, in order to calculate average data of transmission/reception items for each group of related persons, it can be prepared as shown in Table 1 below.

division family friend rectal number of people involved 3 people 7 people 10 people Total period of sending and receiving 350 days 70 days 280 days transmission/reception cycle 5 days 12 days 2 days number of sending and receiving 2 times/week 1 time/week 3 times/week Total sending and receiving time 15 minutes 90 minutes 3 minutes topic meal promise work word rice Place report sentence Eat meal meet have a drink

In the determination of identity in the identity determination information management module, for example, when the numerical value of a specific item, such as the number of related persons, is less than the average, it may be determined by strengthening the criteria of other items than the average. For example, the transmission/reception period may be longer, the transmission/reception period may be further reduced, the number of transmission/reception is required more, the response time between transmission/reception may be further shortened, or the degree of matching of subjects, words, and sentences may be increased. In addition, when the numerical value of a specific item, such as the number of related persons, is greater than the average, the criteria for other items may be relaxed compared to the average to determine the equality. In the data analysis computer 5120 , the system operator may Representative words, vocabularies, sentences, Data such as expressions are updated and accumulated, and the artificial intelligence computer accesses various social network services (SNS) and Internet media to collect expressions used in specific relationships, and converts these data into big data by the analysis data storage computer ( 5140) can be stored and managed.

7 is a schematic configuration diagram of an embodiment of a data storage computer, which is a main part of the embodiments of the user identity authentication section of the present invention.

As shown in FIG. 7, the data storage means included in the data storage computer 5130 of the present invention stores personal information and at least one password of a person who wants to receive user authentication received from the user authentication management computer 5110. an authentication requestor information storage module 5131 for storing; an authentication request information storage module 5132 for storing the user's name and face picture received by the user authentication management computer 5110, or name and mobile phone number, and information of related persons; a related person group information storage module 5133 for grouping related persons provided by the user and storing related person group data; a related person identification data storage module 5134 for storing communication details data for each relationship group of the related person group received by the user authentication management computer 5110; an identity confirmation information storage module 5135 for storing the determined identity confirmation information by judging the consistency between the analysis result of the communication history data for each relationship group and the big data; It is configured to include a related person benefit information storage module 5136 for storing benefit information granted to related persons who have provided communication details with the user to the user authentication management computer 5110 .

8 is a schematic configuration diagram of an embodiment of an analysis data storage computer, which is the main part of the user identity authentication section of the present invention.

As shown in Fig. 8, the analysis data storage means included in the analysis data storage computer 5140 of the present invention is collected data for storing the user identity confirmation data collected by the data analysis computer 5120 through various routes. a storage module 5141; a big data storage module 5142 for storing the collected identity verification related data as big data and managing updates; a relationship confirmation data storage module 5143 for storing the analyzed relationship confirmation data; an identity confirmation information storage module 5144 for storing identity confirmation information regarding whether the user determined by analysis by the data analysis computer 5120 is the same; Analysis and statistics in which the data analysis computer 5120 stores statistical information derived by analyzing the analysis information of information of related persons of those for whom user authentication is approved and the characteristics of transmission and reception of communication details between persons for whom user authentication is approved and related persons It is a configuration including an information storage module (5145).

The data storage means and the analysis data storage means are not limited to the above embodiment. In addition, it may be configured to store the execution results of the user authentication management computer 5110 and data analysis computer 5120.

In the embodiment of the present invention, in the case of verification of the identity of a corporation (company) other than the individual requesting the certification, for example, considering that the corporation does not have a risk of personal information leakage and the method of verifying the identity of the corporation is well established in the existing system, for example It can be applied by setting a different standard, such as using a corporate address instead of a photo, or by relaxing the method of verifying identity compared to the case of an individual.

For example, if the requestor for certification is a corporation (company), the related party group can be set as at least one employee, customer, and customer. Confirmation through registration number inquiry or confirmation method through business registration number can be used.

9 is a schematic configuration diagram of an embodiment of the object identity authentication section, which is a main part of the security system for objects of the present invention.

As shown in FIG. 9, the object identity authentication section 5200 of the present invention receives a request for identity authentication regarding an object to be authenticated 5250 corresponding to a specific object 4100 in the authentication group 4000. For example, an object authentication management computer 5210 that performs and manages identity authentication of the specific object based on information on objects around which an Internet of Things hub and a network are formed, or control or use information on objects information stored on its own; Extracting history information of objects including the objects 5260 and self-stored objects, communication data or control and use information, around which the Internet of Things hub and the network are formed, and the object 5250 to be authenticated By extracting identification information, it is analyzed whether the identification information of the object to be authenticated 5250 is included in the history information of the objects, and surrounding objects 5260 including the analyzed identification information of the object to be authenticated 5250 are analyzed. ) and a data analysis computer 5220 that analyzes the relation data of the object to be authenticated 5250 to generate identity authentication information of the object to be authenticated 5250; Identification information of the object to be authenticated 5250 managed by the object authentication management computer 5210, unique information and communication data of objects around which a network is formed, and the object to be authenticated 5250 transmitted from the data analysis computer 5220 ) and a data storage computer 5230 for storing data including identity authentication information; The data analysis computer 5220 analyzes the big data database generated by collecting and analyzing by the data analysis computer 5220 and the control or use history and communication details of the object to be authenticated received from the object authentication management computer 5210 Analysis data storage computer 5240 including various data analysis and statistics based on the information and data analysis computer 5220; The object authentication management computer 5210) communicates with the object to request authentication of the object to be authenticated and to receive authentication information of the object to be authenticated so that the objects to be controlled can be controlled or used according to the set control or use conditions. a user interface including each component of a web program or a computer program that the terminal used by the user is provided and outputs or executes; A network is formed by communication connection with the object authentication management computer 5210, control or use is provided to the object authentication object 5250, and communication details with the object authentication object 5250, control or use details It is a configuration including at least one thing 5260 that is transmitted and stored in the thing authentication management computer 5210 .

The object authentication management computer 5210 may include at least one server computer having a communication means and capable of executing a computer program or a web program.

The data analysis computer 5220 may include at least one server computer having a communication means and capable of executing an artificial intelligence (AI) related computer program or web program.

Also, the term data analysis computer is not limited thereto. It goes without saying that various terms that perform a corresponding function can be used in place of various terms in an embodiment of the present invention. For example, it can be used interchangeably with terms such as artificial intelligence computer.

The data storage computer 5230 and the analysis data storage computer 5240 may be configured as a database management system (DBMS).

The object to be authenticated 5250 is, for example, provided with a communication means, and may be composed of a terminal such as a smartphone, a tablet computer, a personal computer (PC), a notebook computer in which an application program or a web program can be executed. The application or web program included in the object to be authenticated 4100 may be configured as an object authentication interface for requesting authentication of the object to be authenticated to the object authentication management computer 5210 .

The configuration of the object identity authentication section 5200 of the identity authentication system 5000 of the present invention is that when the authentication object 5250 requests authentication, the object authentication management computer 5210 performs the authentication object 5250 and By inquiring communication data between the objects 5260 in which the communication network is formed in the vicinity, the communication data of the inquired objects 5260 and the identification information of the object 5250 to be authenticated are transmitted to the data analysis computer 5220 to be authenticated Requests identity authentication of things, and the data analysis computer 5220 extracts communication data including identification information of the object to be authenticated 5250 from among the communication data of the things 5260, and in the communication data In the access control with the authentication target object 5250, based on the number of communication data excluding communication data including an access error message or a connection failure message or the number of the corresponding control target object, whether the authentication target object 5250 is identical or not The decision is made and the information is transmitted to the object authentication management computer 5210, and the object authentication management computer 5210 generates access permission information of the object to be authenticated 5250 based on the identity authentication information to generate the authentication target. It is provided to a thing or the things, and the object to be authenticated is configured to control the operation by communicating with a thing for which access is permitted.

10 is a schematic configuration diagram of an embodiment of the user-object identity authentication section, which is the main part of the security system for things of the present invention.

As shown in FIG. 10 , the user-object identity authentication section 5300 of the present invention is a useful configuration for confirming the relationship setting between the object 3100 and the user 3200 of the target group 3000 .

In the object 3100 of the target group 3000, for example, in the case of a product, production-related information such as hardware production information, a software installer when software is installed, an installation date and a program version are registered. The user 3200 who has acquired the ownership of the thing 3100 registers the thing 3100 by inputting user information as an owner and related information such as a registration date and time, for example, in a memory device. When the user 3200 acquires the right to use rather than the ownership of the thing 3100 , information related to the right of use, such as the user, period of use, location, and fee, is registered in connection with the information of the user 3200 .

When information on the thing 3100 and the user 3200 of the thing is registered in the management computer 1000 , the management computer 1000 transmits the thing and the user information to the identity authentication system 5000 , and the thing 3100 ), the object identity authentication information is secured using the object identity authentication section 5200, and for the user 3200, the user identity authentication information can be secured using the user identity authentication section 5100.

Here, with respect to the user's ownership information or usage right information registered in the thing 3100, the user-thing identity authentication section 5300 of FIG. 10 authenticates the identity to approve the user's ownership or right to use the thing.

As shown in FIG. 10 , the user-object identity authentication section 5300 of the present invention corresponds to the authentication target object 5370 information corresponding to the object 3100 of the use target group 3000 and the user 3200. A user-object authentication management computer ( 5310) and; The user-object authentication management computer ( a data analysis computer 5320 provided to 5310); Data that stores and manages information on the object to be authenticated (5370) and unrelated object (5380) of the object to be authenticated, information about users and non-related persons of the user, and data on whether or not to approve the ownership or right of use of the user registered in the object for authentication a storage computer 5330; an analysis data storage computer 5340 for storing the data analyzed and collected by the data analysis computer 5320; a user terminal 5350 used by users who have registered ownership or use right information in the object to be authenticated 5370; at least one unrelated terminal 5360 used by unrelated persons not related to the user of the user terminal 5350; an object to be authenticated 5370 of whether the user has registered ownership or use right information; It is configured to include at least one non-related object 5380 that is not related to the object to be authenticated 5370 and supports decision-making on whether to approve the ownership or use right information registered in the object to be authenticated 5370 .

An embodiment in which a decision is made based on evaluation information by a non-related person of the user with respect to the approval of the ownership or use right of the user registered in the object to be authenticated 5370 in the user-object identity authentication section 5300 to explain

The user-things authentication management computer 5310 receives and stores the ownership or usage right information registered in the authentication target object 5370 and the user information as the party, and the identity authentication is performed in the user identity authentication section 5100. The related person group or related person information of the user is brought and transmitted together with the user information to the data analysis computer 5320 to request the provision of non-related person information. The data analysis computer 5320 extracts the non-related information obtained by removing the related information of the user from the member information stored in the data storage computer 5330 or the analysis data storage computer 5340, and the user-thing authentication management computer (5310). In addition, the data analysis computer 5320 selects a predetermined number of unrelated persons by executing a self-configured or artificial intelligence program from among the extracted unrelated persons, and transmits the selected unrelated person information to the user-thing authentication management computer 5310 can be provided to

The user-thing authentication management computer 5310 provides the thing information provided by the data analysis computer 5320 and user information as the ownership or use right registered in the thing to the non-related terminals 5360 of the non-related persons, Ask for support in decision-making. Here, the object information or user information may include identity authentication information of a thing and identity authentication information of a user.

11 is a schematic configuration diagram of an embodiment of an authentication system by a non-related person for approval processing of a user's ownership or use right registered to a thing in the user-object identity authentication section of the present invention.

11 may be a configuration included in the embodiment of FIG. 10 described above, or may be configured by adding non-overlapping components to the embodiment of FIG. 10 .

11, the non-related person authentication system of the present invention receives authentication target information, receives information on a selected authenticator among non-related persons who are not related to the user of the authentication target, and the selected authenticator an authentication management computer 100 for receiving confirmation information of an authentication target from the parties, authenticating an authentication target based on the confirmation information, and managing authentication information; Information on the user, including the object to be authenticated, in the relationship between the authentication requestor who provides authentication target information and requests for authentication and the authentication requester, information on related persons related to the user, and non-related persons not related to the user Participant information storage unit 210 that stores and manages information of an authenticator selected for fact confirmation or identity confirmation of the authentication target among them, indicating a specific relationship between a person and a person who determines a person related to the user A relational data storage unit 220 for storing and managing information, a non-related person information storage unit 230 for storing and managing information of non-related persons not related to the user based on the user's information, provided by the authentication requester The authentication target information storage unit 240 that stores and manages the information of the object to be authenticated that has requested authentication, and stores the authentication information of the authentication target generated based on the fact confirmation or identity confirmation information performed by the selected authenticators, a data storage computer 200 including an authentication information storage unit 250 for managing, and communication-connected with the authentication management computer 100; At least one user terminal ( 5350) and; at least one non-related terminal 5360 used by non-related persons in the non-related person information stored in the data storage computer 200; It is connected to communication with the authentication management computer 100 and receives the authentication subject information to perform fact confirmation or identity confirmation on the authentication object to provide confirmation data to the authentication management computer 100, and to At least one authenticator terminal 500 used by non-related authenticators who selects an authenticator in the non-related person information storage unit 230 of the data storage computer 200 and provides the authenticator information to the authentication management computer 100 )Wow; The authentication management computer 100, the user terminal 5350, and the non-related terminals 5360 may be communicatively connected, and data to the users of the authentication management computer 100 and the user terminal and non-related persons are provided. A storage space is provided, and a predetermined number of non-related persons are randomly selected by executing a program in the data storage computer 200 or self-stored non-related persons information in relation to non-related persons not related to the user. an authenticator information management computer 600 comprising a cloud system, etc. which stores and provides to the authentication management computer 100; an authenticator information storage unit 700 that is included in the authenticator information management computer 600 or is connected to communication and stores non-related person information or selected authenticator information; The authentication management computer 100 is connected in communication with the authentication management computer 100, and determines the correspondence with relation data indicating a specific relationship between the authentication requester and the other party analyzed in the communication details to extract related person information. It is configured to include at least one social networking medium 800 that provides relation data, which is information indicating a specific relationship between people.

12 is a schematic configuration diagram of an embodiment of the authentication management computer, which is the main part of the authentication system by a non-related person according to the present invention.

As shown in Fig. 12, the authentication management computer 100 of the present invention, preferably, a web program or a component of a computer program executed in the authentication management computer 100, transmits authentication target information through the authentication management computer. Various information of the authentication requester provided by the authentication requestor who is providing and making the authentication request, and various information of the other party provided by the other party if the authentication target is a target (hereinafter referred to as 'authentication requester and counterpart' or 'authentication requester') a user information management module 110 for receiving, storing, and managing (referred to as 'user'); a related person information management module 120 for storing and managing related person information including the user's acquaintances extracted from the user's communication history information; By analyzing the communication details of the user with the related person, relationship data representing a specific relationship between person and person is stored, and by accessing the social networking medium 800, relationship data representing a specific relationship between person and person is collected and data is stored. a relational data management module 130 for updating and managing self-retained relational data stored in the computer 200; Relationship data analysis module 140 that analyzes, stores, and manages relationship data with related people analyzed from the user's communication details as related people of the user, only those who meet the criteria set by determining the consistency between the relationship data and the self-owned relationship data class; Non-related information that stores and manages information of users excluding users and related persons related to the authentication request from the information of existing users who have signed up for membership to utilize the authentication management computer 100 as non-related persons related to the authentication request management module 150 and; The authentication target information management module 160 that classifies and manages the authentication target provided by the authentication requester into a corresponding category in the set category information, and performs security management such as encryption processing when the authentication target is a target requiring security class; The authenticator information management computer 600 or the non-related terminal 5360 used by the non-related persons, the authenticator information management computer 600, and the non-related terminal 5360 used by the non-related persons are selected and transmitted an authenticator information management module 170 that stores and manages information of authenticators who will participate in the authentication operation of the authentication target among non-related persons related to the authentication target and information of self-selected authenticators; An authentication performance information management module ( 180) and; It is a configuration including an authentication information management module 190 that generates, stores, and manages authentication information for performing authentication of the authentication target according to a rule set based on the authentication performance information.

13 is a schematic configuration diagram of an embodiment of an authentication target information management module, which is a main part of the authentication management computer of FIG. 12 .

In the authentication subject information management module 160 of the present invention, the authentication subject processed in the authentication system by non-related persons of the present invention is an action subject including people and people, people and organizations (including companies), and between organizations and organizations. and the other party's facts representing information about acts or events that may occur, including, for example, conversations, promises, agreements, contracts, etc. It may include categories of various contents that require identity authentication including documents, books, images, images, various works, transaction details, etc., created with the relationship of transactions in mind. However, in the embodiment of the present invention, it is preferable to describe the configuration for authentication of the ownership or use right registered by the user on the object.

As shown in FIG. 13, the authentication subject information management module 160 of the present invention analyzes the received authentication subject information, classifies it into a corresponding category among the set category types, stores it, and manages the authentication subject category management module 161. class; If the received authentication target information is classified as personal information, confidential information, and sensitive information requiring security, homomorphic encryption technology ( Homomorphic Encryption), or Zero-Knowledge Proof technology that does not expose any information other than true/false when the prover proves that the object is true to the verifier about the object. It is a configuration including an authentication target security management module 162 for security management of the corresponding authentication target.

14 is a schematic configuration diagram of an authenticator information management module, which is a main part of the authentication management computer of FIG. 12 .

As shown in FIG. 14, the authenticator information management module 170 of the present invention provides the authenticator information management computer 600 or the unrelated person in order for the authentication management computer 100 to perform authentication of an object of authentication. an authenticator selection information management module 171 for receiving and managing authenticator information transmitted from the terminal 5360 and selected from among non-related persons; a candidate authenticator information management module 172 for allowing the authentication management computer 100 to manage selected authenticators as candidate authenticators among non-related persons of the user related to the authentication target; It has a configuration including an authenticator update information management module 173 that updates and manages information of selected authenticators related to an authentication target in units of a predetermined period.

According to the above configuration, the selection of the authenticator participating in the authentication target authentication task of the authentication requester is performed by the authenticator information management computer, which is a distributed non-related terminal or cloud system, and the selected non-related person in terms of efficiency and stability is given a predetermined It may be configured to be updated on a period-by-period basis. If the renewal period is set too long, there is a risk that information of selected non-related persons may be exposed to hacking. For example, it is preferable to set from 1 to 7 days.

The authentication management computer 100 selects an authenticator to participate in the authentication of the authentication object in a state in which the non-relational information of the user related to the authentication object is stored in the data storage computer 200, the authentication management computer 100 itself In this case, in order to prevent the risk of hacking or book manipulation regarding the authentication management computer 100 or the authenticators, the selection of the authenticator of the authentication target is performed by each individual non-related terminal 5360 or The self-program which operates in the authenticator information management computer 600 which consists of a cloud system and operates a cloud virtual space is operated, and the authenticators can be selected from among non-related persons related to the user of the authentication target at a set ratio.

The selection of an authenticator in the authenticator information management computer 600, which may be configured as the individual non-related terminal 5360 or a cloud system, is the authentication that the authentication management computer 100 is stored in the data storage computer 200 Authenticate among the non-related persons at a rate set or self-learned by a program running on the individual non-related terminal 5360 or the authenticator information management computer 600 itself by utilizing the target user-related non-related person information You can select a person.

The individual unrelated terminal 5360 or the program running on the authenticator information management computer 600 itself may be configured as a program capable of self-learning including, for example, an artificial intelligence (AI) algorithm. Therefore, when the authenticator is selected, it is possible to minimize the continuous selection of the person selected as the authenticator, so that non-related persons can be configured to be provided with an opportunity to be evenly selected as the authenticator. Therefore, since the authentication work is not concentrated on specific non-related persons and the opportunity to participate in the authentication work is distributed to all non-related persons involved, the objectivity and reliability of the authentication can be improved, and the system can be operated stably.

In addition, in order to compensate for the fact that an error may occur in the selection of an authenticator by a program running in the individual unrelated terminal 5360 or the authenticator information management computer 600 itself, the authentication management computer 100 Also, the same program as the program running in the individual non-related terminal 5360 or the authenticator information management computer 600 itself is driven, so that an authenticator can be selected from among non-related persons and stored as a candidate authenticator.

15 is a schematic configuration diagram of an embodiment of an authentication information management module, which is a main part of the authentication management computer of FIG. 12 .

As shown in Fig. 15, the authentication information management module 190 of the present invention performs the authentication information management module 180 based on the confirmation information on the authentication target performed by the selected authenticators. an authentication result management module 191 for generating and storing a book of authentication results of an authentication target, and storing and sharing the book in a terminal not related to the authenticators or in a cloud space of the authenticators; It is a configuration including a book sharing management module 192 for storing and sharing the book of authentication results in non-related terminals of non-related persons other than the authenticator or in the cloud space of non-related persons.

In the authentication information management module 190, the authentication task of the authentication target by the selected authenticators is quickly performed, the result book is shared with the authenticators, and then even non-related persons who do not participate in the authentication By sharing the ledger at a certain point in time, it acts to increase the efficiency of the authentication operation while performing authentication and overall sharing of the ledger as a result.

16 is a schematic configuration diagram of an embodiment of the participant information storage unit of the data storage computer, which is the main part of FIG. 11 .

As shown in FIG. 16 , the participant information storage unit 210 of the present invention provides authentication in the case of authenticating the identity of, for example, video content, for which an authentication target requests authentication in consideration of a relationship with another person in the future. In the case where the requestor information and the authentication target are for authenticating a factual relationship, such as a contract act, personal information, phone number information, etc. a user information storage module 211 for managing to store and provide to the authentication management computer 100; The authentication management computer 100 stores the information of related persons extracted on the basis of the correspondence between the relation data obtained through the agreement to use the communication details and communication details of the authentication requester and the other party and the relation data possessed by itself, and the authentication management In selecting the authenticators to participate in the authentication operation from among the unrelated persons stored in the computer 100, the non-related terminal 5360 and the authenticator information management computer 600, the related information and a related person information storage module 212 that manages to exclude overlapping non-related persons; The authenticator information management computer 600, the authenticator information to participate in the authentication task of the authentication target selected by the individual non-affiliated terminal 5360, and the candidate authenticator information selected as a candidate authenticator by the authentication management computer 100 is stored and an authenticator information storage module 213 provided by the request of the authentication management computer 100 .

Hereinafter, implementation of the authentication system by a non-related person of the present invention will be described in more detail with reference to FIGS. 11 to 16 .

Existing user information about the authentication requester and the other party stored in the participant information setting unit 210 of the data storage computer 200 is accumulated and stored, and is accumulated and accumulated by the operator's input in the relation data storage unit 220 . Relational data that has been updated with relationship data representing a specific relationship of a person collected by accessing the social networking medium 800 from the authentication management computer 100 to the relationship data indicating the relationship between the person , it is preferable to assume that the information of non-related persons for the authentication requesters stored in the participant information storage unit 210 is stored, respectively.

Accessing the authentication management computer 100 from the user terminal 5350, accessing here means accessing a website related to the operation of an authentication system by a non-related person managed by the authentication management computer 100, or the authentication It may mean access to the authentication management computer 100 by executing an application program related to the authentication system by a non-related person provided and managed by the management computer 100 .

When the authentication target is a counterpart, the user terminal includes the authentication target information input from the authentication requester, the authentication requestor information and the authentication requester's communication history information, the authentication requester's counterpart information and the counterpart's communication history information, and the authentication In the case that the information on consent to use of communication history information from the requester and the other party, or the subject of authentication requires authentication with a relationship such as a transaction with another person in mind, the authentication target information input from the authentication requester, the authentication requester information, and The authentication management computer 100 receives the communication history information of the authentication requester and the consent information to use the communication history information and stores it in the participant information storage unit 210 of the data storage computer 200 .

The authentication management computer 100 analyzes the communication details of the user including the authentication requester and the other party to extract the user's relationship data including words, expressions, vocabulary, etc. indicating a specific relationship between people, and the authentication management computer (100) determines the consistency between the relationship data of the user analyzed in the communication history and the relationship data possessed by the data storage computer 200, and the relationship data of the user analyzed in the communication history indicating the consistency of the set numerical value Those who have communicated with the user by using are set as related persons and stored in the participant information storage unit 210 of the data storage computer 200 . The authentication management computer 100 is the authenticator information management computer 600 and the individual non-related terminal 5360, the authenticator information management computer 600 or the individual non-related terminal 5360 authentication of the object of authentication Request the selection of non-related persons to participate in the work. The authenticator information management computer 600 and/or the individual non-related terminal 5360 receives a selection request of an authenticator composed of non-related persons, and stores it in the participant information storage unit 210 of the data storage computer 200 . Among the stored participant information, the number or ratio set by the self-program provided in the authenticator information management computer 600 and/or the individual unrelated terminal 5360 in the non-related information excluding the related persons of the user to be authenticated. to select authenticators as authentication workers. The authentication management computer 100 receives the authenticator information transmitted from the authenticator information management computer 600 and/or the individual unrelated terminals 5360, It is stored in the non-related person information storage unit 230 of the storage computer 200 as authenticator information regarding the user's authentication target.

The authentication management computer 100 provides the authentication target information and user information to the authenticator terminal 500 used by the authenticators based on the authenticator information stored in the non-related person information storage unit 230, and provides an authentication target send a confirmation request. Authenticators using the authenticator terminal 500 read the authentication target information and user information, and when it is determined that the set rules are met, for example, the correspondence between the authentication target information and the contents confirmed by other authenticators , consistency, and identities are compared, and when the content confirmed between the authenticators is identical or identical, the authentication target confirmation information is transmitted to the authentication management computer 100 . In addition, some of the authenticators may determine that the authentication target information and user information do not conform to established regulations. In this case, the authentication target non-confirmation information may be transmitted to the authentication management computer 100 .

Here, the authentication operation by the authenticators may be performed manually by the authenticator, but for efficiency improvement, the authentication operation may be configured to be performed automatically by an automatic program operated in the authenticator terminal or virtual cloud computer. . With this configuration, the authentication operation can be automatically performed by the program 24 hours a day, 365 days a year through a virtual cloud computer, etc. regardless of whether the authenticator terminal is operating.

The authentication management computer 100 receives the confirmation information and non-confirmation information of the authentication object transmitted from the authenticator terminal 500, and according to a set rule, for example, the confirmation information of the authentication object of the authenticators is 80 % or more, the authentication target is authenticated, an authentication ledger associated with user information is created and stored in the authentication information storage unit 250 of the data storage computer 200, and the authentication information of the authentication target is transmitted to the user terminal or cloud It can be stored in the user virtual space of the system, the authenticator information management computer (600). In addition, the authentication book may be stored in the terminal 5360 of the non-affiliated authenticators or may be stored in the user virtual space of the authenticator information management computer 600 . It may be stored in the virtual space of each non-related person provided to the authenticator of the authenticator information management computer 600 . In addition, the virtual space of each non-related person provided to the authenticator of the authenticator information management computer 600 or storing the authentication book in the non-related terminal 5360 of the non-related persons who did not participate in the authentication task of the object of authentication at a certain point in time can be stored in

In addition, when an error or obstacle occurs in the selection of an authenticator to participate in the authentication operation among non-related persons in the authenticator information management computer 600 and/or the individual unrelated terminal 5360, the authentication management computer 100 ) may be configured to receive authentication confirmation information and authentication non-confirmation information of the authentication target by a candidate authenticator selected in ) to perform authentication of the authentication target.

In an embodiment of the present invention, authenticator information selected from non-related persons related to the authentication target of the authentication requestors is the authenticator information provided in the participant information storage unit 210 of the data storage computer 200 for each authentication requester. It may be stored in the storage module 213, and when a specific authentication requestor requests authentication of an authentication target, it may be configured to perform an authentication operation using the stored authenticator information of the authentication requester. In this case, the authenticator information of the authentication requestors may be configured to be updated every set period or an arbitrary period, for example, every 1 to 7 days. If the renewal period is set for a long time, it may be exposed to the risk of hacking by non-related people or system tracers. Therefore, it may interfere with rapid authentication. Therefore, it is advisable to set the optimal renewal period in consideration of this point. The renewal period may be uniformly applied to all authentication requestors, or may be determined differently based on the authentication request history of each authentication requester.

In an embodiment of the present invention, the authenticator information management computer 600 and individual non-related terminals 5360 for selecting an authenticator to participate in the authentication operation from the information of non-related persons, and the authentication management computer 100 for selecting a candidate authenticator , it may be configured to select an authenticator or a candidate authenticator using an artificial intelligence (AI) program for selecting an authenticator. In this case, the program for selecting a certifier may select a certifier according to a preset number of certifiers or a set ratio among all non-related persons. For example, there are 100,000 unrelated persons who can be selected as certifiers. When the number of authenticators is set to 100, the program for selecting an authenticator may be configured to select 100 authenticators from among non-related persons by applying a probability of being selected as an authenticator to all non-related persons as 0.1%. Since the same probability is applied to all non-related persons in the selection of the authenticator, a specific non-related person is not repeatedly selected as the authenticator, so that the certification work is not concentrated on a specific non-related person, and all non-related persons have an opportunity to participate in the certification work can be dispersed. Accordingly, objectivity and reliability of the selection of the authenticator can be secured.

In the embodiment of the present invention, it has been described that non-related persons as the target of selecting an authenticator to participate in the authentication work are composed of the user including the authentication requester and/or the other party, and non-related persons excluding the related persons of the user, but the present invention is limited thereto. it is not The authentication management computer 100 may select and store non-related persons according to a rule arbitrarily set in the participant information of the system, and may be used for selecting an authenticator.

An embodiment of the authentication system of the present invention is an individual and an individual, an individual and a group (including a company), a promise, a contract, a legal act, a conversation, a book creation, a document creation, a transaction, etc. occurring between the group and the group. Various actions with the other party Through fact-checking and identification of various contents, such as documents, books, factual acts, videos, work results, and transaction details, created by individuals or groups with consideration for relationships such as transactions with others, events and events By performing authentication by involving a large number of non-related persons who are not specified in the certification requester, the notarization work performed by an existing specific law firm can be replaced by a notarization by the public called non-related persons by the authentication system of the present invention. can

When the user 3200 is registered as the owner or right of use in the specific object 3100 of the target group 3000, the user 3200 uses the user identity authentication section 5100 to verify the identity of the user 3200. The authentication is performed, the identity authentication of the corresponding thing 3200 is performed using the thing identity authentication section 5200 with respect to the specific thing 3100, and the user - the non-related person of the thing identity authentication section 5300 By using the authentication system by By determining whether or not, the relationship between the user and the object can be made clear.

In addition, when the user 3200 is registered as the owner or right to use a specific thing 3100 of the target group 3000, the thing ( 3100), it is possible to decide whether to approve the ownership or use right of the registered user.

When registration of the ownership or use right of the user 3200 in the thing 3100 is approved by a non-related person or non-related things, the approval history information may be distributed and stored in non-related terminals or non-related things.

In this case, the management computer 1000 of the present invention receives approval information of registration of the user's ownership or use right to the thing in the user-object identity authentication section 5300, and can set control or use rights for the thing. have. As an example of permission setting, the permission allowed for each action of access, reading, writing (writing) and editing (modification) of the thing is set, but the identity of the thing 4100 and the user 4200 of the use group 4000 is According to the authentication status, the allowed authority may be set separately.

Table 2 below shows an example of control or use right using a thing in the usage group 4000 when control or use right is set for the thing 3100 of the usage target group 3000 of the present invention.

In the example of Table 2, an example in which the use group connects to the use target group through the Internet network is given as the use target group as user 1 and thing 1 and the use group as user 2 and thing 2 as the user group.

Regulatory Type scope of authority apply example One
Access Disallow access to the Internet network or Thing 1 itself Unconfirmed identity authentication of Thing 2 and User 2 Attempts by criminals such as hackers
(Registered for attention) 2


read Access to Thing 1 is possible, but information on Thing 1 is not allowed You can access Thing 1 and download open programs, but it is not allowed to read unique information related to the identity of Thing 1, internal information, security information, etc. public
-If the identity verification of Thing 2 is not confirmed, but you want to download a program, etc. released from Thing 1. 3


writing It is possible to read the information of Thing 1, but it is not possible to provide new information to Thing 1, add, write, exchange, etc. It is possible to read various information of object 1, but it is not allowed to write or add additional information to object 1. public
-When the identity authentication of Thing 2 is confirmed When accessing Thing 1 to read various information of Thing 1 or to download an open program 4


edit It is possible to write, but it is not permitted to change, modify, or delete the existing content. Only additional information can be written in Thing 1 (Changing the contents of information set in Thing 1 is not allowed) General public, user 2
-When identity authentication of thing 2 is confirmed 5


no regulation All actions such as access to object 1, reading, writing, editing, etc. are allowed It is also possible to edit and edit the existing information stored in Thing 1. Manager, Owner, Thing Maker, Maintainer
-Identity authentication of 2 things
If it is confirmed, if you want to update the operating program or version of Thing 1 by accessing Thing 1

In Table 2 above, the information of the thing 1 is the self-specific information of the thing 1 (ID-related identity information, internal security information, hardware or software information, etc.) or content information that the thing 1 outputs externally (data output to the screen of the terminal information, text, voice, video, etc.). Tables 3 and 4 below are for explaining an implementation example of a security system through identity authentication between a user and a thing according to the present invention. Here, user 1 of the target group of the present invention is a driver, and object 1 is an autonomous vehicle driven by user 1 as an example.

Target group
internet network User group User 1 thing 1 thing 2 User 2 go operator self-driving car Smartphone public me PC map management company all PC hacker

procedure Authority regulation or grant note in case of Transmitting accident information on a specific road acquired by the public with their smartphone from Thing 2 to Thing 1 Authorization of editorial control in 4 of the types of regulation in my case The map management company transmits the latest updated map information from Thing 2 to Thing 1. Granted permission to all 5 of the regulation types in the case of A hacker planning a crime sends malicious app information to Thing 1 through Thing 2. Control of authority with No. 1 or No. 2 among the types of regulation

In Tables 3 and 4 above, in the example of A, when user 2 (general public) in the user group transmits accident information on a specific road to object 2 (smartphone) to object 1 (autonomous vehicle) in the target group, the object The permission setting that disallows editing is applied to 2 (smartphone). Also, in my example, when user 2 (map management company) in the user group transmits the latest map information updated to thing 2 (PC) to thing 1 (autonomous vehicle) in the target group, thing 2 (PC) Permission settings that allow all permissions are applied. Also, in the case of C, when user 2 (hacker) of the user group transmits malicious app information to thing 1 (autonomous vehicle) of the target group as thing 2 (PC), access or read the thing 2 (PC) In the case of C of Tables 3 and 4 above, user 2 (hacker) in the user group uses object 2 (PC) for illegal purposes and object 1 (autonomous vehicle) in the target group It is a situation in which it is trying to connect to and send a malicious app to install. In this case, the thing 1 detects an attempt to access the thing 2 through a wired/wireless communication network including the Internet network. Thing 1 acquires the information of Thing 2 and User 2 that attempted to access and inquires about identity authentication information stored by itself, or transmits information of Thing 2 and User 2 to the management computer 1000 to inquire about identity authentication do.

Table 5 below shows examples of control or use rights of thing 1 according to the result of identity authentication of thing 1 of the target group or thing 2 inquired by the management computer and its user 2.

division thing 2 User 2 authorization Etc Authenticate all identity O O Regulatory Types 1-5 Any Type 5 can be limited to specific things and specific users registered in thing 1 in advance Only one identity verification O X Regulatory Types 1-4 X O No identity verification X X Regulatory Type 1-2 In the case of objects or users registered as subjects of prior attention, access control by applying regulation type 1-2

As shown in Table 5 above, when user 2 of the usage group wants to control or use thing 1 of the usage group through thing 2, if the identity authentication is confirmed for both thing 2 and user 2, control on thing 1 or Grant all rights (access, read, write, and edit) of the permission setting item of use. In addition, if only one of the thing 2 and user 2 is confirmed to be identical, access permission and read permission among the control or use permission setting items for thing 1 are applied. In addition, if both the object 2 and the user 2 cannot confirm the same authentication, the access denied or read permission among the control or use rights setting items for the object 1 is applied. In addition, when the thing 2 and the user 2 are registered as objects of interest in the thing 1 or the management computer in advance, it may be applied to disallow access to the thing 1 itself. An embodiment of the present invention includes a thing in a target group and By authenticating or approving the user's relationship (owner or user) setting through a non-related person or non-related thing, the authenticity of the target group is clearly established, and the object of the user group and the user's related thing and the identity by the related person Control items for control or use rights according to authentication status are set. When the user group wants to control or use the object of the target group, the identity and authenticity of the object are clearly established by confirming the identity of the object of the use group and the user.

As an aspect of controlling or using objects in the use group in the use group, according to whether the identity authentication of the objects in the use group and the user is confirmed, by applying the regulation of the control or use authority set in the use group, the user and Through identity authentication of things, for example, the security of networks connected to the Internet of Things and communication networks can be strengthened.

17 is a flowchart for explaining an embodiment of a method for securing a thing according to the present invention.

As shown in FIG. 17 , in the method of securing a thing of the present invention, the management computer registers the thing of a use target group with user information, ownership status information or usage right status information, and control of the thing as the owner or right of use of the thing. or receiving and storing use permission setting information together with the thing information (S100); Receiving, by the management computer, an access request to the thing including user information and other thing information input by a user of the usage group for controlling or using the thing in the target group using another thing (S110) )Wow; sending, by the management computer, the user information and other thing information to a communication-connected identity authentication system to request identity authentication of the user and other things in the use group (S120); receiving, by the management computer, information on whether the user's identity has been authenticated and whether the other things have been authenticated, transmitted from the identity authentication system (S130); The management computer compares the information on whether the user's identity is authenticated and whether the identity of the other thing is authenticated with the control or use right setting information of the thing provided by the use target group, and information on whether the user and other things are authenticated and extracting information of a state in which control or use permission setting information of the thing is matched (S140); controlling, by the management computer, the control or use of a thing of the target group using the other thing of the user of the usage group with the extracted matching state information (S150); a step (S160) of storing, by the management computer, control or use information of things in the target group for use by users and other things in the usage group and distributed storage to things in the target group and other things in the usage group (S160) is a configuration that

18 is a flowchart for explaining another embodiment of the method of securing a thing according to the present invention.

As shown in FIG. 18, the method of securing a thing of the present invention includes the steps of (S200) of attempting to access a specific thing of a target group to control or use a specific thing of a target group with another thing used by a user of the usage group; sending the object of the target group for access to other objects of the use group and user information of the object to the identity authentication system to make a request for identity authentication (S210); a step (S220) of inquiring whether the stored identity authentication information exists based on the transmitted user and other object information by the identity authentication system; When the identity authentication system finds that the identity authentication information of the user of the user group and other things exists, the identity authentication information is transmitted to the object of the target group, and if the identity authentication information does not exist, the user a step (S230) of performing identity authentication of the other things in the user identity authentication section and transmitting the same to the objects of the target group using the object identity authentication section (S230); Compare the information on whether the user of the user group is authenticated for the sameness and whether the other objects have been authenticated by the object of the target group transmitted from the identity authentication system with the set control or use right information by the object of the target group for use and extracting information in a state in which the information on whether the user and other things are identically authenticated and the information on the control or use conditions of the thing are matched (S240); Based on the information of the matching state from which the objects of the target group are extracted, the user of the usage group uses the other things to control or allow or disallow control of the things of the target group for use (S250) )Wow; It is a configuration including a step (S260) of storing control or use information of objects of the use group by the objects of the use group by users and other objects of the use group, and distributing and storing them in third-party objects of the use group.

19 is a flowchart for explaining another embodiment of the method for securing a thing according to the present invention.

As shown in Fig. 19, the security method of a thing according to the present invention includes the steps of: receiving and registering user information as an owner or a right holder of a thing in a target group being input to the thing (S300); receiving, by a management computer, registration information on a thing including user information as an owner or a right holder of the thing in the target group (S310); The management computer transmits, by the management computer, the object of the target group and the user information registered as the owner or licensee to the user-object identity authentication section of the identity authentication system to request authentication of the registration of ownership or use right of the user registered in the object ( S320) and; The user-thing identity authentication section selects non-related persons not related to the user or non-related things that are not related to the thing based on the user information or thing information, requesting consent or immovable authentication information for user registration to a thing including the consent of (S330); transmitting, by the identity authentication system, the authentication information collected from the non-related persons or non-related entities to the management computer (S340); a step (S350) of approving and storing the ownership or use right of the user registered in the object when the consent is greater than or equal to a value set based on the authentication information received by the management computer (S350); The management computer sets the control or use authority information of the thing for which the registration of the user information is approved so that the management computer is linked with the identity authentication status of the user and other things in the usage group, stores it in connection with the thing of the target group, and stores the usage target It is a configuration including the step (S360) of distributing and storing the group of things, the non-related terminals of the non-related people, and the non-related things.

The embodiments of the present invention described above are only a part of various embodiments of the present invention.

In an environment in which the objects and users of the use group of the present invention and the objects and users of the use group form a network through a wired/wireless communication network including the Internet network, the users of the use group use the objects and the objects of the use group according to the present invention In a system that wants to access and control or use the object, approval is performed by non-related persons of the user or non-related objects of the object with respect to the registration of the user's ownership or use right to the object of the target group. Stores control or use permission setting information, and when a user of the use group attempts to access a thing of the target group using a thing, the identity authentication system supports the identity authentication system for the user and thing of the usage group It goes without saying that various embodiments included in the technical idea for regulating the control or use rights of objects of the use target group by the objects of the use group according to the status of the identity authentication fall within the protection scope of the present invention.

1000: management computer
2000: data storage computer
3000: target group
3100: object
3200: user
4000: user group
4100: object
4200: user
5000: identity verification system
5100: User identity authentication section
5200: object identity authentication section
5300: User-Thing Identity Verification Section
6000: cloud computing system

Claims (6)

A management computer that manages the security of the controlled object in a system in which a user of the use group controls or uses the object to be controlled by communication access to the object to be controlled in the object group,
Perform identity verification of the user based on the user identification information provided by the related parties of the user;
Analyze the communication data between the thing and the related thing to perform identity authentication of the thing,
A management computer for security management of a thing, characterized in that it determines whether to control or use the control target of the thing according to a result of the identity authentication with respect to the user and the thing. The method according to claim 1,
The management computer for security management of things, characterized in that the related persons of the user are those related to the user including the acquaintances analyzed in the communication details of the user. The method according to claim 1,
A management computer for security management of things, characterized in that the user's ownership or usage right information is registered in the thing of the target group. The method according to claim 1,
The information of the related thing of the thing is a management computer for security management of a thing, characterized in that the information is extracted through a communication history between the thing and a surrounding thing on which a communication network is formed. The method according to claim 1,
A management computer for security management of a thing, wherein authority setting for control or use of the control target object is performed based on the identity authentication state of the object of the use group and the user. A method of managing the security of the control target object in a system for controlling or using the control target object by communicating with the control target object of the usage target group as a thing of the usage group,
performing identity authentication of the user based on the user identification information provided by the relevant persons of the user;
performing identity authentication of the thing by analyzing the communication data between the thing and the related thing;
and determining whether to control or use the object to be controlled by the object according to a result of identity authentication with respect to the user and the object.

Images