Nothing Special   »   [go: up one dir, main page]

WO2018008800A1 - Accredited certificate authentication system based on blockchain, and accredited certificate authentication method based on blockchain, using same - Google Patents

Accredited certificate authentication system based on blockchain, and accredited certificate authentication method based on blockchain, using same Download PDF

Info

Publication number
WO2018008800A1
WO2018008800A1 PCT/KR2016/011099 KR2016011099W WO2018008800A1 WO 2018008800 A1 WO2018008800 A1 WO 2018008800A1 KR 2016011099 W KR2016011099 W KR 2016011099W WO 2018008800 A1 WO2018008800 A1 WO 2018008800A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
information
public
blockchain
hash
Prior art date
Application number
PCT/KR2016/011099
Other languages
French (fr)
Korean (ko)
Inventor
어준선
홍재우
송주한
Original Assignee
(주)코인플러그
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)코인플러그 filed Critical (주)코인플러그
Publication of WO2018008800A1 publication Critical patent/WO2018008800A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the blockchain in the case of a public key for a public certificate requiring maintenance, the blockchain is held through a peer-to-peer network (P2P) based distributed database, not a server operated by a CA. Since it is stored and managed in the blockchain of the electronic wallet mounted on the servers, it is possible to block the hacking as much as possible so that a high level of security system can be interlocked and the operation and maintenance of the established certificate authentication system.
  • P2P peer-to-peer network
  • a certificate that is based on a blockchain that can not only perform the certification process of a certificate, but also monitor forgery of information related to the certificate, including the public key for the certificate of the user who issued the certificate.
  • the present invention relates to an authentication system and a method for authenticating a certificate based on a blockchain using the same.
  • an accredited certificate is electronic information issued by a certification authority (CA) for the purpose of verifying the user's identity when using services in various industries, and for preventing the forgery and alteration of documents or the denial of transaction facts. It shows the seal certificate for cyber transaction.
  • CA certification authority
  • These certificates include certificate version, certificate serial number, certificate validity period, issuer, user digital signature verification information, user name, identity verification information, digital signature method.
  • PKI public key infrastructure
  • the public key infrastructure refers to a user authentication system that encrypts transmission and reception data using a public key composed of encryption and decryption keys, and verifies the identity of a trader using a password possessed by an Internet user.
  • the private key used as a key for decrypting the encrypted public key under the public key infrastructure is generated by an authorized certification authority (CA) that is not an individual user but provided to the user, it is not only exposed to the risk of hacking. Due to the soft token-based storage method, the user's private key exists as a file in a standardized storage location, which makes it easy to duplicate and automate the collection of the private key, leading to financial damage and theft of user information. For this reason, the certification authority (CA) that provides the generated private key to the user should build an accredited certificate issuing system in which a highly secure system is interlocked to block the hacking as much as possible. In addition, the operation and maintenance of the established certificate issuance system should be performed. Therefore, there was a problem that a large amount of issuance costs are caused when issuing a conventional public certificate.
  • CA authorized certification authority
  • the accredited certificate is available only when ActiveX is installed in advance for the purpose of additional security when performing the user authentication process through a web browser.
  • ActiveX can be installed only by lowering the security level of the PC so that it can access resources such as files and registry of personal computers (hereinafter referred to as PCs). Due to the ActiveX installed mandatory to lower the user's PC security level, there was also a problem exposed to dangerous environments such as hacking.
  • Each of the problems related to the accredited certificate is based on the blockchain based on the blockchain filed by the present applicant (see Patent Document 2), and the blockchain-based method for issuing the certificate and the method of issuing the certificate. It was solved through the public certificate authentication system and the public certificate authentication method based on the blockchain using the same.
  • the gist is provided with a means for generating the public key for the public certificate and the private key for the public certificate directly from the user terminal operating the user, and the user terminal has a public key for the public certificate and the private key for the public certificate while the network is blocked.
  • the private key for the public certificate is encrypted and stored together with the password and photo image specified by the user, thereby preventing external leakage of each key that may occur even in advance, and maintaining The public key required for the public certificate is operated by the CA.
  • the accredited certificate issuing system based on the conventional blockchain and the method of issuing the accredited certificate based on the blockchain and the blockchain using the accredited certificate authentication system based on the blockchain Based on the accredited certificate authentication method, the issuing cost must be paid initially to store and manage the public key for the accredited certificate in the blockchain holding server.
  • the issuance cost is 0.0001 bitcoin, and as of July 2015, 0.0001 bitcoin is a low cost of about 40 won in Korean Won, which is the cost each time issuing a public certificate based on the blockchain. Therefore, if the number of issuance increases, there is a problem that the issuance cost also increases proportionally.
  • the public certificate issuance system based on the conventional blockchain the public certificate issuance method based on the blockchain using the same, and the public certificate certificate system based on the blockchain, and the public certificate authentication based on the blockchain using the same
  • the method registers and stores the public key for the public certificate on more than 100,000 blockchain holding servers to prevent forgery of the public key for the public certificate when a hacking occurs.
  • the propagation of the transaction information including the public key for the public certificate is promised by the protocol.
  • one node here referred to as a blockchain holding server
  • All blockchains equipped with an electronic wallet with a blockchain necessary to perform Bitcoin payments through pyramid propagation are repeatedly propagated to each of the eight designated nodes for each of the eight nodes receiving the transaction information for the Bitcoin payment. It is completed by propagating to the holding server.
  • the public certificate issuance system based on the conventional blockchain, the public certificate issuance method based on the blockchain using the same, and the public certificate certificate system based on the blockchain and the public certificate based on the blockchain using the same If the request for registration of the public key for the public certificate is flooded in the authentication method, the certificate that is stored and managed on the blockchain holding servers as well as the risk of causing network overload due to excessive traffic of transaction information including the public key for the public certificate. Since transaction information including the public key for anyone can read, there is a problem in that the public key for the user's public certificate is exposed to the outside.
  • Patent Document 1 Korean Patent Office Publication No. 10-0411448 (Registration Date: December 03, 2003)
  • Patent Document 2 Korean Patent Office Patent Application Publication No. 10-2015-0109320 (Application Date: August 03, 2015)
  • an object of the present invention is a public key for a public certificate that requires maintenance, not a server operated by a public certification authority (CA), but not between peer communication networks (P2P) :
  • system-related costs such as the cost of establishing the certification system and the operation and maintenance of the established certification certificate system, and can perform the certification process even if ActiveX is not installed.
  • Another object of the present invention is to prevent the public key of the public certificate for the public certificate of the public certificate of the public certificate of the public certificate of the user to prevent the public key of the public certificate of the public certificate is not exposed in the block chain holding server during the authentication process of the certificate based on the block chain Blockchain based blockchain that not only can carry out the certification process of public certificate based on the certificate, but also can monitor the forgery of public certificate related information including public key of public certificate of the user who has issued the certificate.
  • an authentication certificate authentication system based on the blockchain includes: a user terminal for requesting blockchain-based authentication; A blockchain-based official certificate authentication request server for transmitting a personal information for issuing a public certificate of a corresponding user operating the user terminal according to a blockchain-based official authentication request of the user terminal to relay a request for a blockchain-based official authentication; Based on the personal information for issuing the accredited certificate transmitted from the blockchain-based accredited certificate authentication request server, the validity of the accredited certificate is judged to be valid by determining the validity of the accredited certificate of the user.
  • a blockchain-based official certificate management server for transmitting to the blockchain-based official certificate authentication request server and controlling user authentication to be performed;
  • the electronic wallet with a blockchain that authenticates the bitcoin payment by verifying the transmitted bitcoin payment transaction information and records the transaction information for the bitcoin payment according to the authentication
  • the blockchain has a blockchain holding server recorded forgery monitoring transaction information information including a registered certificate root hash information for registration; characterized in that consisting of.
  • the process of authenticating a blockchain-based accredited certificate using the accredited certificate authentication system based on the blockchain of the present invention comprises the steps of requesting a blockchain-based accredited authentication from a user terminal by accessing a blockchain-based accredited certificate authentication request server; ; In the blockchain-based public certificate authentication request server, extract personal information for issuing a public certificate of a corresponding user operating the user terminal from the user identification information DB for each member according to a blockchain-based public certificate request, and blockchain-based authentication Transmitting to a certificate management server; Determining, at the blockchain-based official certificate management server, the validity of the public certificate of the corresponding user based on the transmitted personal information for issuing the public certificate; In the blockchain-based public certificate management server, if it is determined that the validity of the public certificate is legitimate, the public certificate for the public certificate of the corresponding user is extracted from the public certificate registration information DB, and the blockchain-based public certificate authentication request server is extracted. Transmitting; Receiving the public key for the public certificate and performing user authentication between the user terminals based on the
  • the blockchain in the case of a public key for a public certificate requiring maintenance, the blockchain is held through a peer-to-peer network (P2P) based distributed database, not a server operated by a CA. Since it is stored and managed in the blockchain of the electronic wallet mounted on the servers, it is possible to block the hacking as much as possible so that a high level of security system can be interlocked and the operation and maintenance of the established certificate authentication system. There is no system-related cost such as the cost of maintenance, and even if ActiveX is not installed, the certification process can perform the effect.
  • P2P peer-to-peer network
  • the present invention prevents the public key of the public certificate for the public certificate of the user from being registered in the blockchain holding server during the authentication process of the public certificate based on the blockchain, and does not expose the public key of the public certificate for the public certificate.
  • FIG. 1 is a block diagram showing a system for issuing an accredited certificate based on the blockchain of the present invention
  • FIG. 2 is a block diagram showing the detailed configuration of the user terminal of the configuration constituting the certificate issue system based on the blockchain of the present invention
  • Figure 3 is a block diagram showing the detailed configuration of the blockchain-based authorized certificate issuing request server of the configuration constituting the system for issuing a public certificate based on the blockchain of the present invention
  • Figure 4 is a block diagram showing the detailed configuration of the blockchain-based official certificate management server constituting the public certificate issuance system based on the blockchain of the present invention
  • 5 to 8 is a flow chart illustrating a process for issuing a blockchain-based accredited certificate by using an accredited certificate issuing system based on the blockchain of the present invention
  • FIG. 9 is a block diagram showing a certificate authentication system based on the blockchain of the present invention.
  • FIG. 10 is a block diagram showing the detailed configuration of the blockchain-based public certificate authentication request server of the configuration constituting the public certificate authentication system based on the blockchain of the present invention
  • 11 to 17 are flowcharts illustrating a process of authenticating a blockchain-based accredited certificate using an accredited certificate authentication system based on the blockchain of the present invention.
  • the present invention is largely divided into the issuance part of the public certificate based on the blockchain and the authentication part of the public certificate based on the blockchain.
  • 1 to 8 relate to a system and a method for issuing an accredited certificate based on a blockchain which is an issuing part of an accredited certificate based on a blockchain.
  • the blockchain-based authorized certificate issuing system is largely a user terminal 100, a blockchain-based authorized certificate issuing request server 200, blockchain-based official certificate management server 300 And blockchain holding server 400.
  • the user terminal 100 generates a public key for the public certificate and a private key for the public certificate, and the public certificate for the public key for the public certificate and the identification certificate of the user required for issuing a blockchain-based public certificate among the generated keys.
  • Terminal member for transmitting personal information for issuance is information including a user name, a user's date of birth, a user's telephone number, and a user's e-mail.
  • the detailed configuration of the user terminal 100 to perform the function such as the key generation engine 110 for generating a public key for the public certificate and a private key for the public certificate, for the public authentication for the key generation engine 110
  • Memory 120, encryption engine 130, hash processing engine 140, decryption engine 160 and the key generation engine 110, encryption engine 130, hash processing engine 140, the private key is stored,
  • the control unit 150 controls the decryption engine 160.
  • the key generation engine 110, the encryption engine 130, the hash processing engine 140 and the decryption engine 160 is in the form of an application program when the user terminal 100 is a desktop format such as a personal computer (PC). If the user terminal 100 is a mobile device such as a smart phone capable of accessing the Internet, it is provided and installed in the form of a mobile-only app.
  • the user operating the user terminal 100 may identify the user with the blockchain-based public certificate issue request server 200. First, check the registration process.
  • the DB block 210 is mounted on the blockchain-based authorized certificate issuing request server 200 to be described later, and the identification information of the user who operates the user terminal 100 is mounted on the DB unit 210. Is stored, the user identification information DB 211 for each member is stored, the same user identification information is stored as the personal information for issuance of the public certificate.
  • the user terminal 100 transmits the personal information for issuing the public certificate to the blockchain-based public certificate issuing request server 200 to request the blockchain-based public certificate issuing, and the blockchain-based public certificate issuing request server 200.
  • the user terminal 100 When the user terminal 100 transmits a key generation guide signal from the blockchain-based authorized certificate issuing request server 200, the user terminal 100 operates the key generation engine 110 to generate a public key for the public certificate and a private key for the public certificate. In addition, the user terminal 100 controls to generate a public key for a certificate and a private key for a certificate in a state of blocking the network, thereby preventing external leakage of each key that may occur even in advance.
  • the blockchain-based public certificate issuing request server 200 receives a public key for public certificate and personal information for issuing public certificate from the user terminal 100, and transmits the personal information for public certificate and public certificate for public certificate issuance. It is a member for transmitting to the blockchain-based authorized certificate management server 300 to be described later, the authentication certificate registration request signal for each customer made, including.
  • the blockchain-based public certificate issuing request server 200 is equipped with a hash processing engine 220, hashing the personal information for issuing the public certificate is processed by processing the user identification hash information blockchain-based public authentication Send to the certificate management server (300).
  • the blockchain-based official certificate issuing request server 200 that performs such a function performs a public certification when using services such as a server operated by a bank or a securities company, a server operated by a government agency, and a server operated by a shopping mall performing Internet commerce. This required vendor's server can be applied.
  • the blockchain-based public certificate management server 300 is a public key for personal information and public certificate for issuing a public certificate from among the information included in the request signal for the certificate registration for each customer transmitted from the blockchain-based public certificate issuing request server 200. And accumulate and store them in the certificate registration related information DB (311) sequentially, and the number of sets of personal information for issuing the public certificate and the public key for the public certificate for which the certificate is accumulated is stored in the predetermined route hash generation section.
  • hash processing engine 320 hashing a set of personal information for issuing a public certificate and a public key for a public certificate that are counted as many as a predetermined number of root hash generation sections, in order of storage, the public certificate node hash information.
  • Processing and processing the transaction processing engine 320 for forgery monitoring transaction information including forged authentication certificate root hash information for registration and forgery monitoring transaction ID information that is used as a key value to retrieve the forgery monitoring transaction information It generates and transmits the forgery monitoring transaction information of the generated information.
  • the public certificate registration information DB 311 is managed by the DB unit 310 as an information storage member.
  • the public certificate registration information DB (311) is a hash of the personal information for the issuance of the certificate and the public key for the certificate, as well as the public key for the certificate issued issuing a set of certificates Certificate node hash information is also accumulated and stored sequentially, and certificate certificate root hash identifier information for registration, which is an identifier for identifying certificate root hash information for registration, in which the cumulatively stored public certificate node hash information has a Merkle tree structure. Are also stored cumulatively.
  • the DB unit 310 accumulates and stores the forgery monitoring transaction ID information and the registration certificate root hash identifier information for registration generated together as an identifier each time the transaction processing engine 330 generates forgery monitoring transaction information. Also included is a certificate forgery monitoring information DB (312).
  • the blockchain-based public certificate management server 300 is associated with the public certificate registration if the number of counted personal certificate issuing certificate and the number of public keys for public certificate reaches a predetermined route hash generation period, since then By newly counting a set of personal information for issuing a public certificate and a public key for a public certificate stored in the information DB 311, new customers requesting issuance of a blockchain-based public certificate are also issued a blockchain-based public certificate. Provide to receive.
  • the route hash generation section is a section in which the system administrator binds the transaction information including the certificate information of the customer in the blockchain-based customer certificate registration process to the blockchain holding server to the predetermined number.
  • the number of route hash generation sections may be specified by calculating various cases, such as the number of preset certificate node hash information or the number of certificate certificate node hash information accumulated and stored for a predetermined time.
  • the blockchain-based public certificate management server 300 stores a set of public information for public information and public certificate for issuing a public certificate that is stored and managed in the public certificate registration-related information DB 311 during the blockchain-based public certificate issuance process.
  • the blockchain-based public certificate management server 300 is associated with the forgery monitoring of the public certificate forgery when the number of counted set of personal information for issuing the public certificate and the public key for the public certificate reaches a predetermined route hash generation period. Extract all the forgery monitoring transaction ID information accumulated in the information DB 312, and transmits it to the blockchain holding server 400.
  • the blockchain holding server 400 matches each transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts each matching forgery monitoring transaction information, and extracts each extracted forgery monitoring transaction information. After extracting the public certificate root hash information for registration included in the registered public certificate root hash information for each registration is transmitted to the blockchain-based public certificate management server 300.
  • the blockchain-based public certificate management server 300 receives the public certificate root hash information for each registration, and operates the hash processing engine 320 to accumulate and store them sequentially in the public certificate registration information DB 311.
  • the number of personal information for issuing the public certificate and the number of public keys for the public certificate are divided into the predetermined route hash generation section.
  • the hash processing engine 320 of the blockchain-based official certificate management server 300 processes the hash certificate information by hashing as many as the number belonging to the predetermined predetermined route hash generation section.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 bilaterally prepares the transmitted public certificate root hash information for each registration and the generated public certificate root hash information for each provision in the order of generation. .
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 generates a hash value of each certificate public certificate root hash information and each certificate public certificate root hash information, which are contrasted in order of generation.
  • the operation checks whether the hash values of the computed values are the same from the first generation order to the last generation order.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 recognizes that the forgery of the public certificate related information issued by the users does not occur when both hash values are the same, so that the forgery monitoring is performed. Control so that transaction information can be created.
  • the hash processing engine 320 of the blockchain-based official certificate management server 300 recognizes that the forgery of the relevant certificate issued by the user has occurred if the difference between the two hash values occurs, for monitoring the forgery By controlling the transaction information not to be generated, the post processing is performed according to the forgery occurrence.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 also includes public certificate node index information indicating the storage sequence of public certificate node hash information generated when the public certificate node hash information is generated.
  • the public certificate root hash identifier information for registration which is information for identifying the public certificate root hash information for registration, is also generated.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 the public certificate node hash information, the public certificate node index information, and the public certificate root hash identifier information for registration, the public certificate registration information DB ( In addition to controlling to accumulate and store in 311), the public certificate root hash identifier information for registration is also controlled to accumulate and store in the official certificate forgery monitoring related information DB (312).
  • the transaction processing engine 320 of the blockchain-based authorized certificate issuing request server 200 controls the generated transaction ID information for forgery monitoring to be accumulated and stored in the authorized certificate forgery monitoring related information DB 312, thereby monitoring the forged authentication certificate.
  • the transaction ID information for forgery monitoring and the public certificate root hash identifier information for registration are controlled to be classified and stored as a pair.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 stores a set of public certificate private certificates and public keys for public certificate issuing a certificate of the previously generated public certificate root hash information for registration. It is controlled to be processed into the registered certification certificate root hash information having a Merkle tree structure in a state arranged in a predetermined storage order between the hashed and processed certificate certificate node hash information.
  • the last registered registration from the first registered certification certificate root hash information for registration For example, the number of forgery monitoring transaction information registered in the blockchain holding server 400 in the blockchain-based certificate management server 300 has a structure in which the root certificate information for the certificate is connected like a chain. Forgery of hacking controls the personal information for issuing a certificate and forgery of the public key for the certificate.
  • the audit organization related to the national institution that audits the accredited certificate may check forgery by requesting an audit through the forgery verification request terminal 500 in relation to the accredited certificate of a specific user who issues the accredited certificate of the present invention.
  • the audit organization related to the national agency operates the forgery verification request terminal 500 to request the monitoring of the blockchain-based authorized certificate of a specific user to the blockchain-based authorized certificate issuing request server 200.
  • the blockchain-based public certificate issuing request server 200 extracts the personal information for issuing the public certificate of a specific user who has requested the monitoring of the blockchain-based public certificate from the public certificate registration information DB 311, and then executes the blockchain-based public information. Send to the official certificate management server (300).
  • the blockchain-based public certificate management server 300 matches the personal information for issuing the public certificate of a specific user who has requested the monitoring of the transmitted blockchain-based public certificate with the public certificate registration information DB 311, thereby authenticating the public certificate node of the specific user. Check for the presence of hash information.
  • the blockchain-based public certificate management server 300 operates a hash processing engine 320 when there is no public certificate node hash information of a specific user, and is sequentially stored and stored in the public certificate registration information DB 311. Hashing of public certificate for public certificate and public certificate for public certificate issuing in order of storage, unless there is public certificate node hash information among personal information for public certificate issuance and public key for public certificate. Process with information.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 generates public certificate node index information indicating the storage order of processed public certificate node hash information, and processes the public certificate node.
  • the city information is processed and processed into a registered public certificate root hash information having a Merkle tree structure, and generates a public certificate root hash identifier information for registration, which is information for identifying the processed public certificate root hash information.
  • the blockchain-based authorized certificate management server 300 operates a transaction processing engine 320 to retrieve forgery monitoring transaction information including the registered certificate root hash information for registration and the forgery monitoring transaction information as key values. Generates forgery monitoring transaction ID information used, and transmits the forgery monitoring transaction information to the blockchain holding server (400).
  • the blockchain holding server 400 records the transmitted forgery monitoring transaction information on the blockchain.
  • the hash processing engine 320 of the blockchain-based certificate management server 300 is a certificate for registration, which is an identifier for identifying the certificate certificate root hash information for registration in which the certificate certificate node hash information of a specific user belongs to the Merkle Tree structure. All certificate certificates that form the Merkle Tree structure of the registered certificate root hash information to which the certificate node hash information of a specific user belongs by referring to the certificate root hash identifier information. Generate certificate root hash information.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 refers to the public certificate root hash identifier information for registration, and transmits forgery monitoring transaction information including the public certificate root hash information for registration.
  • the transaction ID information for identifying forgery monitoring is transmitted to the blockchain holding server 400.
  • the blockchain holding server 400 receiving transaction ID information for forgery monitoring may use any one of the blockchain holding servers 400 distributed all over the world, and is designated in advance to increase work efficiency. Can be used.
  • the blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts the matching forgery monitoring transaction information, and extracts the matching forgery monitoring transaction information. After extracting the included public certificate root hash information for registration and transmits it to the blockchain-based public certificate management server (300).
  • the blockchain-based public certificate management server 300 is transmitted to the public certificate root hash information for registration, the hash value of the public certificate root hash information generated for registration and transmitted by operating the hash processing engine 320 generated Calculate each hash value of the prepared public certificate root hash information and verify that the calculated hash values are the same.
  • the hash processing engine 320 of the blockchain-based official certificate management server 300 forgeries the calculated hash value of the public certificate node hash information and the calculated hash value of the prepared public certificate node hash information.
  • the control request so that the message that the personal information and the public key for the certificate is not forgery made of a pair of specific users requested to the verification request terminal 500 is not forged.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 is a case where the calculated hash value of the public certificate node hash information and the calculated hash value of the public certificate node hash information for contrast are not the same. Storing of the relevant certificate node hash information with the same hash value among the certificate certificate node hash information corresponding to the hash value of the registered certificate root hash information for registration and the certificate certificate node hash information of the specific user Check that the sequence numbers are the same.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 has a storage sequence number of the corresponding public certificate node hash information having a different hash value and the public certificate node hash information of a specific user. Control the forgery verification request terminal 500 to be notified that the forgery of the personal information and the public key for the certificate issuing a certificate issued by a pair of specific users.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 receives a hash value that is not the same among the public certificate node hash information corresponding to the hash value of the transmitted public certificate root hash information. If the storage sequence of the corresponding certificate certificate node hash information and the specific certificate node hash information of a specific user are not the same, the personal information for issuing the certificate and the public key for the certificate issued by the forgery verification request terminal 500 Control to be notified that the message is not forged.
  • the user accesses the blockchain-based official certificate issuing request server 200 through the user terminal 100, and then transmits the personal information for issuing the public certificate which is composed of the identification information of the user required for issuing the blockchain-based public certificate.
  • the blockchain-based public certificate issuing request server 200 generates a key generation guide signal for guiding the generation of public key for public certificate and private key for public certificate after verifying the personal information for issuing the public certificate. Transmission to the corresponding user terminal 100 requesting the issuance of the certificate (S110).
  • the user terminal 100 When the user terminal 100 transmits the key generation guide signal, the user terminal 100 operates the key generation engine 110 to control the public key for the public certificate and the private key for the public certificate to be generated, and the private key for the public certificate is a memory 120. ), The public key for the public certificate is transmitted to the blockchain-based public certificate issuing request server 200 (S120).
  • the blockchain-based public certificate issuing request server 200 receives the public key for the public certificate and receives a request for registration of the public certificate for the private certificate and the public certificate for the public certificate. While transmitting to the management server (300) (S130), by operating a hash processing engine 220, the personal information for issuing the certificate is hashed to control to be transmitted in the processed state as a user identification hash information.
  • the blockchain-based official certificate management server 300 operates the hash processing engine 320 to classify the public certificate for public information and the public key for public certificate issued in the official certificate registration request signal sent by the customer into a group.
  • the certificate registration information DB 311 is accumulated and stored sequentially (S140).
  • the blockchain-based official certificate management server 300 checks whether a set of personal information for issuing a public certificate and a public key for a public certificate that have been accumulated and stored have reached a predetermined route hash generation period (S150).
  • the blockchain-based public certificate management server 300 is counted until the number of personal information for issue and the public key for public certificate is not reached as long as the number belonging to the root hash generation period is reached. Perform the count.
  • the blockchain-based public certificate management server 300 accumulates in the public certificate forgery monitoring-related information DB (312) when the number of personal information for issuing a public certificate and the public key for the public certificate reaches a root hash generation section. Extract all stored forgery monitoring transaction ID information, and transmits the extracted forgery monitoring transaction ID information to the blockchain holding server 400 (S160).
  • the blockchain holding server 400 matches each transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts each matching forgery monitoring transaction information, and extracts each extracted forgery monitoring transaction. Extract the certificate of certification root authentication information contained in the information (S170).
  • the blockchain holding server 400 transmits the extracted public certificate root hash information for each registration to the blockchain-based official certificate management server 300 (S180).
  • the blockchain-based public certificate management server 300 operates a hash processing engine 320 after receiving the public certificate root hash information for each registration, and accumulates and stores a set of publicly stored certificates in the certificate registration information DB 311.
  • the number of personal information for certificate issuance and the public key for public certificate is divided into a predetermined route hash generation section, and hashed as many as the number belonging to the predetermined predetermined route hash generation section.
  • the furnace is processed (S190).
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 bilaterally prepares the transmitted public certificate root hash information for each registration and the generated public certificate root hash information for each prepared sequence in order of generation.
  • each hash value of each registered public certificate root hash information and each prepared public certificate certificate root hash information is calculated in order of generation, and both hash values calculated from the first generation order to the last generation order are calculated. Check whether it is the same (S200).
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 is the public certificate registration information DB (311) when the hash value of both calculated from the first generation order to the last generation order is not the same It detects that the personal information for the issuance of the public certificate for the issued certificate and the public key for the public certificate for the forged certificate (S201) consisting of a set of cumulative managements are carried out, and the post-processing is performed according to the forgery occurrence.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 is the number belonging to the predetermined route hash generation section when both hash values calculated from the first generation order to the last generation order are the same.
  • hashing of a set of personal information for issuing a certificate and a public key for a certificate is processed in order of storage, and processed into a certificate certificate node hash information.
  • the hash processing engine 320 of the blockchain-based certificate management server 300 processes the hash certificate of the certificate certificate node hash information into a certificate certificate root hash information for registration in a Merkle tree structure (S210). .
  • the blockchain-based authorized certificate management server 300 operates a transaction processing engine 320 to retrieve forgery monitoring transaction information including the registered certificate root hash information for registration and the forgery monitoring transaction information as key values. Generates forgery monitoring transaction ID information used, and transmits the dual forgery monitoring transaction information to the blockchain holding server (400) (S220).
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 stores the previously generated public certificate root hash information for registration and the public key for issuing the public certificate and the public certificate for the public certificate. It is controlled to be processed into the registered certification certificate root hash information having a Merkle tree structure in a state of being placed in a predetermined storage order among hashed and processed certificate certificate node hashes in order.
  • the blockchain holding server 400 records the transmitted forgery monitoring transaction information on the blockchain to issue a blockchain-based authorized certificate (S230).
  • the blockchain-based public certificate issuance request server 200 checks whether the forgery verification request terminal 500 requests the monitoring of the blockchain-based public certificate of a specific user (S251), and the blockchain-based public certificate of a specific user.
  • the request for monitoring of the blockchain-based public certificate is to extract the personal information for issuing the public certificate of the specific user who is requested to monitor the public certificate from the certificate registration information DB 311, and the blockchain-based public certificate management server 300 To transmit (S252).
  • the blockchain-based official certificate management server 300 matches the personal information for issuing the certificate of the specific user who requested the monitoring of the transmitted blockchain-based public certificate with the certificate registration information DB 311 to authenticate the specific user. Check that the certificate node hash information exists (S253).
  • the blockchain-based official certificate management server 300 directly enters the step S257 of generating a public certificate root hash information for the preparation described below when the public certificate node hash information of a specific user exists.
  • the blockchain-based public certificate management server 300 operates a hash processing engine 320 when there is no public certificate node hash information of a specific user, and accumulates and stores them sequentially in the public certificate registration information DB 311.
  • Authorized certificate node hash information by hashing the private certificate issue personal information and public certificate public key in order of storage, unless there is public certificate node hash information among private information for public certificate issuance and public key for public certificate.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 generates public certificate node index information indicating the storage order of the processed public certificate node hash information, and processed public certificate node.
  • the hash information is processed and processed into the registered public certificate root hash information having the Merkle tree structure, and the public certificate root hash identifier information for registration, which is information for identifying the processed public certificate root hash information, is generated. (S254).
  • the blockchain-based authorized certificate management server 300 operates a transaction processing engine 320 to retrieve forgery monitoring transaction information including the registered certificate root hash information for registration and the forgery monitoring transaction information as key values. Generates forgery monitoring transaction ID information used, and transmits the forgery monitoring transaction information to the blockchain holding server 400 (S255).
  • the blockchain holding server 400 records the transmitted forgery monitoring transaction information in the blockchain (S256).
  • the hash processing engine 320 of the blockchain-based certificate management server 300 is a certificate for registration, which is an identifier for identifying the certificate certificate root hash information for registration in which the certificate certificate node hash information of a specific user belongs to the Merkle Tree structure. All certificate certificates that form the Merkle Tree structure of the registered certificate root hash information to which the certificate node hash information of a specific user belongs by referring to the certificate root hash identifier information. Generate the certificate root hash information (S257).
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 refers to the public certificate root hash identifier information for registration, and transmits forgery monitoring transaction information including the public certificate root hash information for registration. Transmitting forgery monitoring transaction ID information to identify to the blockchain holding server 400 (S258).
  • the blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts the matching forgery monitoring transaction information, and extracts the matching forgery monitoring transaction information. After extracting the included public certificate root hash information for registration and transmits it to the blockchain-based public certificate management server 300 (S259).
  • the blockchain-based public certificate management server 300 receives the public certificate root hash information for registration, and generates a hash value of the public certificate root hash information for registration transmitted by operating the hash processing engine 320.
  • the hash value of the prepared public certificate root hash information is respectively calculated, and it is checked whether the calculated hash values are the same (S260).
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 performs forgery verification when the calculated hash value of the public certificate node hash information is the same as the calculated hash value of the public certificate node hash information.
  • the control unit (S261) to be notified that the personal information for a certificate issued by a pair of specific users requested to the request terminal 500 and the public key for the certificate is not forged.
  • the blockchain-based public certificate management server 300 has a hash value of the public certificate root hash information for registration and the public certificate node hash information of a specific user when the hash value of the public certificate root hash information for contrast is not the same.
  • Hash of the registered certification certificate root hash information transmitted after recognizing the node index information of a specific user from among the certificate certificate node hash information constituting the Merkle tree structure of the registered certification certificate root hash information (S262).
  • the public certificate node hash information corresponding to the value check whether the corresponding public certificate node hash information having the same hash value and the storage order number of the public certificate node hash information of the specific user are the same (S263).
  • the blockchain-based public certificate management server 300 is identified as a forgery verification request terminal 500 when the storage order of the corresponding public certificate node hash information having a different hash value and the public certificate node hash information of a specific user are the same. It controls so that the message that the personal information for the issuance of the certificate and the public key for the certificate, which consists of a pair of users, has been forged, is notified (S264).
  • the hash processing engine 320 of the blockchain-based official certificate management server 300 is composed of a group of personal information for issuing a public certificate and public key information for a public certificate that are cumulatively managed in the public certificate registration information DB 311.
  • Personal certificate for public certificate and public key for issuing a public certificate that consists of a set of certificates corresponding to the public certificate node hash information that forms the Merkle Tree structure of the public certificate node hash information of a specific user. Detect that the forgery is modified (S266) and performs post-processing according to the forgery.
  • Figures 7 to 14 relates to an authentication certificate authentication system and method based on the blockchain.
  • the blockchain-based public certificate authentication system of the present invention includes a user terminal 100, a blockchain-based public certificate authentication request server 600, a blockchain-based public certificate management server 300, The blockchain holding server 400 and the forgery verification request terminal 500.
  • the blockchain-based authorized certificate authentication request server 600 is equipped with a random number generator 630 and an encryption engine 640, and operates the user terminal 100 according to the blockchain-based authorized authentication request of the user terminal 100. It is a server member that relays a request for a blockchain-based accredited certification by transmitting personal information for issuing an accredited certificate of a corresponding user.
  • the blockchain-based public certificate authentication request server 600 includes a DB unit 610.
  • the DB unit 610 stores the identification information of the user who operates the user terminal 100, the user identification for each member storing the personal information for issuing the certificate, consisting of the identification information of the user used when issuing the blockchain-based certificate issuance
  • the information DB 611 is included.
  • the personal information for issuing the public certificate is stored and transmitted in a state processed as a user identification hash information by hashing operation.
  • the blockchain-based official certificate management server 300 judges the validity of the public certificate by determining the validity of the public certificate of the corresponding user based on the personal information for issuing the public certificate transmitted from the blockchain-based public certificate authentication request server 600. If it is determined that the public key for the public certificate of the user is a member for transmitting to the blockchain-based public certificate authentication request server 600.
  • the blockchain-based authorized certificate management server 300 includes a DB unit 310 and a hash processing engine 320.
  • the DB unit 310 has a set of personal information for issuing a public certificate and a public certificate for a public certificate, a public certificate for a public certificate issuing a public certificate, and a public key for a public certificate.
  • the certification certificate root hash identifier information for registration which is an identifier for identifying the certification certificate root hash information for registration, which is classified and stored sequentially and accumulated and stored sequentially, and accumulatively stored in the Merkle Tree structure, is accumulated and stored.
  • the authentication certificate forgery monitoring that accumulates and stores the transaction ID information for the forgery monitoring generated together as an identifier
  • the related information DB 312 is provided.
  • the blockchain-based official certificate management server 300 describes a process of determining the validity of the public certificate of the user based on the personal information for issuing the public certificate issued as follows.
  • the blockchain-based public certificate management server 300 matches the personal information for issuing the public certificate issued from the blockchain-based public certificate authentication request server 600 with the public certificate registration information DB 311 to authenticate the user.
  • the public key for the certificate is extracted, and the hash processing engine 320 is operated to process the extracted public certificate for public certificate and the transmitted personal information for issuing the public certificate for processing into a public certificate node hash information for preparation. .
  • the hash processing engine 320 of the blockchain-based official certificate management server 300 extracts the public certificate node hash information registered when issuing the blockchain-based official certificate among information stored in the public certificate registration information DB 311. do.
  • the hash processing engine 320 of the blockchain-based certificate management server 300 calculates a hash value of the extracted certificate certificate node hash information and a hash value of the prepared certificate certificate node hash information, respectively, Check if the calculated hash values are the same and if it is the same, determine that the validity of the accredited certificate is legal.
  • the user terminal 100 performs a function of controlling to be notified a message that the blockchain-based authentication process is denied.
  • the user can quickly recognize the forgery and respond quickly, thereby preventing the illegal use of the illegal user due to hacking in advance, thereby minimizing the harm of the legitimate user.
  • the certification certificate registration information DB (311) is used to register the certification certificate root hash identifier information, which is an identifier that identifies the certification certificate root hash information registered in the Merkle Tree structure. Extract from.
  • the hash processing engine 320 of the blockchain-based official certificate management server 300 refers to the extracted public certificate root hash identifier information for registration, and the public certificate root for registration to which the public certificate node hash information of the user belongs. Extract all the public certificate node hash information that forms the Merkle tree structure of the hash information from the public certificate registration information DB (311), and the extracted public certificate node hash information of the prepared public certificate node hash information is composed of the Merkle tree structure Process with hash information.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 matches the extracted public certificate root hash identifier information for registration with the public certificate forgery monitoring-related information DB 312 for the forgery monitoring transaction. Extract ID information and transmit it to the blockchain holding server 400.
  • the blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts matching forgery monitoring transaction information, and is included in the extracted forgery monitoring transaction information. After extracting the public certificate root hash information for registration and transmitting it to the blockchain-based public certificate management server (300).
  • the blockchain-based public certificate management server 300 receives the public certificate root hash information for registration, and operates the hash processing engine 320 for the hash value of the public certificate root hash information for registration and generated contrast. Hash values of the public certificate root hash information are respectively calculated, and both hash values of the calculated certificates are verified to be the same, and finally, the validity of the public certificate is judged to be valid.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 has a hash value that is not the same among the hash values of the public certificate root hash information for registration and the public certificate root hash information for each preparation. If present, among the personal information for issuing the certificate or the public key information for the certificate, which is accumulated and managed in the certificate registration information DB 311, the public certificate root hash for the registration to which the user's certificate certificate node hash information belongs. It detects that the personal information for issuing the public certificate and the public key for the public certificate that constitute the pair corresponding to the node hash information of the public certificate which constitutes the Merkle Tree structure of the information are forged, and then proceeds with post-processing according to the forgery.
  • the present invention monitors whether or not forgery of the public certificate registration-related information of customers issued to the blockchain-based certificate management server 300 each time a request for blockchain-based certificate authentication, blockchain due to illegal hacking If forgery certificate registration related information stored and managed by the customer-based certificate management server 300 is forged and provides as quickly as possible to respond to it.
  • the blockchain-based public certificate authentication request server 600 receives the public key for the public certificate, and checks the Internet communication protocol between the user terminals 100.
  • the Internet communication protocol is a communication protocol used to transfer hypertext documents between a web server and a user's Internet browser on the Internet, and is divided into http (Hypertext Transfer Protocol) and https (Hypertext Transfer Protocol over Secure Socket Layer). The difference is whether the document is encrypted when it is delivered. In other words, http is delivered in plain text when delivering documents, and https is encrypted when delivering documents.
  • the blockchain-based authorized certificate management server 300 operates a random number generator 630 when the Internet communication protocol between the user terminal 100 is http. Control to generate a random session key that is a random value.
  • the blockchain-based public certificate management server 300 operates the encryption engine 640 to encrypt the random session key using the public key for the public certificate among the information included in the certificate validation signal, and converts the encrypted random session key into an encrypted random session key. This is transmitted to the user terminal 100.
  • the user terminal 100 operates the decryption engine 160 to decrypt the encrypted random session key transmitted based on the private key stored in the memory 120 to be converted into a random session key, thereby confirming that the user is a legitimate user. Perform user authentication to confirm the user.
  • the decryption process itself may not be performed, thereby proving that the user is a legitimate user.
  • the Internet communication protocol is encrypted and decrypted based on a random session key provided from the user terminal 100 between the user terminal 100 and the blockchain-based authorized certificate authentication request server 600 under the environment of http. Since the communication can be performed, even after the user authentication, the private key for public authentication can be completely blocked, and thus the public authentication can be provided safely based on the blockchain without the risk of hacking.
  • the documents already transmitted through communication between the user terminal 100 and the blockchain-based authorized certificate authentication request server 600 are transmitted in an encrypted state, and are decrypted and output. You only need to do it.
  • the blockchain-based authorized certificate management server 300 controls the random number generator 630 to be generated by operating a random number generator 630 when the Internet communication protocol between the user terminal 100 is https, and the user terminal ( 100) to be transmitted.
  • the user terminal 100 operates the hash processing engine 140 to hash the transmitted random number data to process the random number hash information.
  • the user terminal 100 operates the encryption engine 130, encrypts the random number hash information based on the private key for public authentication stored and managed in the memory 120, and converts the random number hash information into encrypted random hash information. It sends to the chain-based official certificate authentication request server 600.
  • the blockchain-based authorized certificate authentication request server 600 operates the hash processing engine 620 to hash the random number data having the same value as that transmitted to the user terminal 100 to process the random number hash information for preparation. .
  • the blockchain-based public certificate authentication request server 600 operates a decryption engine 650 to decrypt the encrypted random number hash information transmitted based on the public key for the public certificate of the corresponding user and control the data to be converted into random hash information.
  • the user authentication is performed by calculating the hash value of the converted random number hash information and the hash value of the contrast random number hash information, respectively, and confirming that both hash values are the same.
  • the user can destroy the issued blockchain-based public certificate.
  • the blockchain-based public certificate authentication request server 600 if a request for destruction of the blockchain-based public certificate from the user terminal 100, the public certificate node of the user stored in the public certificate registration information DB (311) Change and save the city information into the discarded certificate certificate node hash information, and count the counted hash information of the user who requested the destruction of the blockchain-based certificate certificate to the number belonging to the predetermined route hash generation section.
  • the certificate is repeatedly stored in the registration information DB (311).
  • the blockchain-based public certificate management server 300 includes the number of public information for public information and public key for issuing a set of public certificates including the public certificate node hash information of the user who requested the destruction of the blockchain-based public certificate.
  • a hash processing engine 320 is operated to hash a set of personal information for issuing a public certificate and a public key for a public certificate that are counted as much as a predetermined root hash generation period in order of storage order.
  • the block chain By processing the data into the official certificate node hash information, the block chain based on the Merchant structure that forms the official certificate root hash information for registration included in the forgery monitoring transaction information transmitted and registered to the blockchain holding server 400
  • the user controls his / her blockchain by controlling to include the hash certificate information of the user who requested the destruction of the certificate.
  • the guide can confirm that the certificate was half destroyed.
  • the audit organization related to the national institution that audits the accredited certificate may check forgery by requesting an audit through the forgery verification request terminal 500 in relation to the accredited certificate of a specific user using the accredited certificate of the present invention.
  • the DB unit 610 of the blockchain-based official certificate authentication request server 600 is provided with personal identification information DB 611 for each member for issuance of the public certificate of the user who operates the user terminal 100. Lose.
  • the public certificate registration information information database 311 of the blockchain-based public certificate management server 300 is divided into a public certificate for public certificate issue and a public certificate node public hash information that is hashed. Accumulated and stored sequentially.
  • the forgery verification request terminal 500 requests the monitoring of the blockchain-based public certificate of a specific user to the blockchain-based public certificate authentication request server 600.
  • the blockchain-based public certificate authentication request server 600 extracts the personal information for issuing the public certificate of a specific user who has requested the monitoring of the blockchain-based public certificate from the user identification information DB 611 for each member, and the blockchain-based public certificate.
  • the management server 300 transmits.
  • the blockchain-based public certificate management server 300 matches the personal information for issuing the public certificate of a specific user who has requested the monitoring of the transmitted blockchain-based public certificate with the public certificate registration information DB 311, thereby authenticating the public certificate node of the specific user. Recognize the hash information, and the certification certificate for the specific user whose node hash information is identified in the Merkle Tree structure. Extracted from the registration related information DB 311.
  • the blockchain-based official certificate management server 300 operates the hash processing engine 320 to refer to the extracted public certificate root hash identifier information for registration, for registration in which the public certificate node hash information of a specific user belongs. Extract all public certificate node hash information forming the Merkle Tree structure of the public certificate root hash information from the public certificate registration information DB 311, and prepare the prepared certificate node hash information from the extracted mercury tree structure. Process with the official certificate root hash information.
  • the hash processing engine 320 matches the extracted public certificate root hash identifier information for registration with the public certificate forgery monitoring-related information DB 312 to register the public certificate root Extract the forgery monitoring transaction ID information identifying the forgery monitoring transaction information including the hash information, and transmits it to the blockchain holding server (400).
  • the blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts matching forgery monitoring transaction information, and is included in the extracted forgery monitoring transaction information. After extracting the public certificate root hash information for registration and transmitting it to the blockchain-based public certificate management server (300).
  • the blockchain-based public certificate management server 300 receives the public certificate root hash information for registration, and operates the hash processing engine 320 for the hash value of the public certificate root hash information for registration and generated contrast. By calculating the hash value of the public certificate root hash information, respectively, and confirming that the calculated hash values are the same, in the same case, the personal information for issuing the public certificate which consists of a pair of specific users who requested the forgery verification request terminal 500 And a message notifying that the public key for the public certificate has not been forged.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 may determine that the calculated hash value of the public certificate node hash information is not the same as the calculated hash value of the public certificate node hash information.
  • the public certificate node index information indicating is recognized through the public certificate registration information DB 311.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 has the public certificate node index information of the public certificate node hash information and the public certificate node hash information of a specific user having the same hash value. Verify that the storage order of the public certificate node index information is the same.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 hashes the public certificate node index information of the public certificate node hash information having the same hash value and the public certificate node of the specific user. If the storage order number of the public certificate node index information of the information is the same, the forgery verification request terminal 500 controls to be notified that the message forgery of the personal information and the public key for the public certificate for the certificate issued as a pair of specific users.
  • the blockchain-based public certificate management server 300 has the public certificate node index information of the corresponding public certificate node hash information having the same hash value and the public certificate node index information of the public certificate node hash information of a specific user. If the storage order is not the same, the forgery verification request terminal 500 is controlled so as to be notified that the message that the personal information for the issuance of a certificate consisting of a set and the public key for the certificate is not forged.
  • the blockchain-based public certificate management server 300 is a private certificate node of a specific user from among the personal information for issuing the public certificate and the public key information for the public certificate which consists of a group that is accumulated and managed in the public certificate registration-related information DB 311. Detected that the personal information for issuing the public certificate and the public key for the public certificate for the certificate, which consisted of one pair corresponding to the node hash information of the public certificate which constitutes the Merkle Tree structure of the public certificate root hash information to which the city information belongs, have been forged. Perform post-processing according to the forgery occurrence.
  • the authentication process of the blockchain-based accredited certificate using the accredited certificate authentication system based on the blockchain of the present invention is as follows.
  • the user accesses the blockchain-based official certificate authentication request server 600 through the user terminal 100 and requests a blockchain-based official authentication (S300).
  • the blockchain-based public certificate authentication request server 600 extracts the personal information for issuing the public certificate issued by the user identification hash information from the user identification information DB 611 for each member according to the blockchain-based public certificate request. And, this is transmitted to the blockchain-based official certificate management server 300 (S310).
  • the blockchain-based public certificate management server 300 determines the validity of the public certificate of the user based on the personal information for issuing the public certificate issuance (S320).
  • the blockchain-based public certificate management server 300 is a blockchain-based public certificate.
  • the personal information for issuing the public certificate sent from the certificate authentication request server 600 with the public certificate registration information DB 311, extracting the public key for the public certificate of the corresponding user, and operating a hash processing engine 320.
  • the extracted public key for the public certificate and the personal information for issuing the public certificate issued are hashed and processed into a prepared public certificate node hash information (S321).
  • the hash processing engine 320 of the blockchain-based official certificate management server 300 extracts the public certificate node hash information registered when issuing the blockchain-based official certificate among information stored in the public certificate registration information DB 311.
  • the hash value of the extracted public certificate node hash information and the hash value of the prepared public certificate node hash information are respectively calculated, and the hash values of the calculated both nodes are the same (S322).
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 has a calculated hash value of the public certificate node hash information and the hash value of the prepared public certificate node hash information is not the same. If not, the user terminal 100 controls to be notified a message that the blockchain-based authentication process is denied (S323).
  • the hash processing engine 320 of the blockchain-based official certificate management server 300 issues an official certificate when the calculated hash value of the public certificate node hash information and the calculated hash value of the public certificate node hash information are the same.
  • Extraction of the certification certificate root hash identifier for registration which is an identifier for identifying the certification certificate root hash information for registration belonging to the Merkle Tree structure, is registered in the certificate registration information DB (311). (S324).
  • the hash processing engine 320 of the blockchain-based official certificate management server 300 refers to the extracted public certificate root hash identifier information for registration, and the public certificate root for registration to which the public certificate node hash information of the user belongs. Extract all the public certificate node hash information that forms the Merkle tree structure of the hash information from the public certificate registration information DB (311), and the extracted public certificate node hash information of the prepared public certificate node hash information is composed of the Merkle tree structure Processing is performed with hash information (S325).
  • the hash processing engine 320 of the blockchain-based official certificate management server 300 matches the extracted public certificate root hash identifier information for registration with the public certificate forgery monitoring-related information DB 312 to register the public certificate root for registration.
  • the forgery monitoring transaction ID information for identifying the forgery monitoring transaction information including the hash information is extracted and transmitted to the blockchain holding server 400 (S326).
  • the blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts matching forgery monitoring transaction information, and is included in the extracted forgery monitoring transaction information. After extracting the public certificate root hash information for registration and transmits it to the blockchain-based public certificate management server 300 (S327).
  • the blockchain-based public certificate management server 300 receives the public certificate root hash information for registration, and operates the hash processing engine 320 for the hash value of the public certificate root hash information for registration and generated contrast.
  • the hash value of the public certificate root hash information is respectively calculated, and it is checked whether the calculated hash values are the same (S328).
  • the hash processing engine 320 of the blockchain-based official certificate management server 300 is a certification of the customer consisting of a set of cumulative management in the public certificate registration information DB 311 when the calculated hash values are not the same As a group that corresponds to the public certificate information for certificate issuance and public key information for certificate issuance, which corresponds to the public certificate node hash information that forms the Merkle tree structure of the public certificate root hash information for registration to which the user's public certificate node hash information belongs. It detects that the personal information for the issuance of the accredited certificate and the public key for the accredited certificate are forged (S329) and performs post-processing according to the forgery.
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 may determine that the calculated hash value of the public certificate node hash information is the same as the calculated hash value of the public certificate node hash information. It is judged to be valid.
  • the blockchain-based public certificate management server 300 extracts the public key for the public certificate of the user from the public certificate registration-related information DB 311, and transmits it to the blockchain-based public certificate authentication request server 600 (S330).
  • the blockchain-based public certificate authentication request server 600 receives the public key for the public certificate, and performs user authentication between the user terminals 100 based on the transmitted public certificate public key (S3400). As follows.
  • the blockchain-based official certificate authentication request server 600 checks whether the Internet communication protocol between the user terminal 100 requesting the blockchain-based official authentication is http or https (S340).
  • the blockchain-based official certificate authentication request server 600 controls the random session generator 630 to generate a random session key when the internet communication protocol between the user terminals 100 is http (S350).
  • the blockchain-based public certificate authentication request server 600 operates an encryption engine 640 to encrypt a random session key by using the public key for the public certificate and converts it into an encrypted random session key and transmits it to the user terminal 100 ( S360).
  • the user terminal 100 receives the encrypted random session key, operates the decryption engine 160, and decrypts the encrypted random session key based on the private key for public authentication stored in the memory 120 to be converted into a random session key. By controlling, authentication of the user (S370) is completed.
  • the blockchain-based official certificate authentication request server 600 generates a random value random number data by operating a random number generator 630 when the Internet communication protocol between the corresponding user terminal 100 requesting the blockchain-based official authentication is https. Then, it is transmitted to the user terminal 100 (S380).
  • the user terminal 100 operates the hash processing engine 140 to hash the transmitted random number data to process the random number hash information (S390).
  • the user terminal 100 operates the encryption engine 130, encrypts the random number hash information based on the private key for public authentication stored and managed in the memory 120, and converts it into encrypted random number hash information, which is based on block chain.
  • the certificate is sent to the authentication request server 600 (S400).
  • the blockchain-based authorized certificate authentication request server 600 operates a hash processing engine 620 to hash the random number data having the same value as that transmitted to the user terminal 100 to process the random number hash information for preparation.
  • the decryption engine 650 By operating the decryption engine 650, the encrypted random number hash information relayed on the basis of the public key for the public certificate of the user is decrypted and controlled to be converted into random number hash information, and the hash value of the converted random number hash information. And the hash value of the random number hash information for the comparison are respectively calculated to confirm that both hash values are the same, thereby completing user authentication (S410).
  • the user can destroy the issued blockchain-based public certificate.
  • the blockchain-based public certificate authentication request server 600 checks whether the user terminal 100 requests the destruction of the blockchain-based public certificate (S500), and if the request for the destruction of the blockchain-based public certificate is registered, the public certificate is registered.
  • the public certificate node hash information of the corresponding user stored in the related information DB 311 is changed and stored into the discarded official certificate node hash information (S510).
  • the blockchain-based public certificate authentication request server 600 may count the public certificate node hash information of the user who requested the destruction of the blockchain-based public certificate as many times as the number belonging to the predetermined root hash generation period.
  • the registration related information DB 311 is repeatedly stored (S520).
  • the blockchain-based public certificate management server 300 includes the number of public information for public information and public key for issuing a set of public certificates including the public certificate node hash information of the user who requested the destruction of the blockchain-based public certificate.
  • the hash processing engine 320 stores a set number of personal information for issuing a public certificate and a public key for a public certificate that are counted as many times as a predetermined route hash generation section.
  • the block in the Merchant structure that constitutes the official certificate root hash information for registration contained in the forgery monitoring transaction information transmitted and registered to the blockchain holding server 400 The node-based hash information of the corresponding user who requested the destruction of the chain-based official certificate is also included (S530).
  • an auditing organization for a user or a national institution that audits an accredited certificate may request forgery regarding the forgery verification request terminal 500 through the forgery verification request terminal 500 to check whether the forgery is forged or not.
  • the blockchain-based authorized certificate authentication request server 600 checks whether the forgery verification request terminal 500 requests the monitoring of the blockchain-based authorized certificate of a specific user (S600), and determines the blockchain-based authorized certificate of the specific user.
  • the personal information for issuing the certificate of the specific user who requested the monitoring of the blockchain-based certificate is extracted from the certificate registration information DB 311 and transmitted to the blockchain-based certificate management server 300 ( S610).
  • the blockchain-based public certificate management server 300 matches the personal information for issuing the public certificate of a specific user who has requested the monitoring of the transmitted blockchain-based public certificate with the public certificate registration information DB 311, thereby authenticating the public certificate node of the specific user. Recognize the hash information, and the certification certificate for the specific user whose node hash information is identified in the Merkle Tree structure.
  • the registration related information DB 311 is extracted (S620).
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 refers to the extracted public certificate root hash identifier information for registration, and the public certificate root hash for registration to which the public certificate node hash information of a specific user belongs. Extract all public certificate node hash information forming the Merkle tree structure of information from the public certificate registration related information DB 311, and extract the public certificate node hash of the prepared public certificate node hash information having the extracted mercury tree structure. The information is processed (S630).
  • the hash processing engine 320 of the blockchain-based official certificate management server 300 matches the extracted public certificate root hash identifier information for registration with the public certificate forgery monitoring-related information DB 312, and the root certificate for registration.
  • Forgery monitoring transaction ID information for identifying the forgery monitoring transaction information including the time information is extracted and transmitted to the blockchain holding server 400 (S640).
  • the blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts matching forgery monitoring transaction information, and is included in the extracted forgery monitoring transaction information. After extracting the public certificate root hash information for registration and transmits it to the blockchain-based public certificate management server 300 (S650).
  • the blockchain-based public certificate management server 300 receives the public certificate root hash information for registration, and operates the hash processing engine 320 for the hash value of the public certificate root hash information for registration and generated contrast.
  • the hash value of the public certificate root hash information is respectively calculated, and it is checked whether the calculated hash values are the same (S660).
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 is a forgery verification request terminal when the calculated hash value of the public certificate node hash information and the calculated hash value of the public certificate node hash information are the same. (500) Control so that the message that the personal information for a certificate issued by a pair of specific users and the public key for the certificate is not forged for a request made to (500) (S670).
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 may determine that the calculated hash value of the public certificate node hash information is not the same as the calculated hash value of the public certificate node hash information.
  • the public certificate node index information indicating is recognized through the public certificate registration information DB 311 (S661).
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 has the public certificate node index information of the public certificate node hash information and the public certificate node hash information of a specific user having the same hash value. Check whether the storage order of the public certificate node index information is the same (S662).
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 has the public certificate node index information of the public certificate node hash information having the same hash value and the public certificate node hash information of a specific user. If the storage order of the public certificate node index information of the same is the same, the forgery verification request terminal 500 controls to receive a message indicating that the personal information for issuing a certificate of a specific user and the public key for the public certificate forgery of a specific user have been forged (S663). .
  • the hash processing engine 320 of the blockchain-based public certificate management server 300 may include the public certificate node index information of the public certificate node hash information and the public certificate node hash information of a specific user having a different hash value. If the storage order of the public certificate node index information is not the same, the forgery verification request terminal 500 controls to receive a message indicating that the personal information for issuing a certificate and the public key for public certificate forgery have not been forged (S664).
  • the blockchain-based public certificate management server 300 is a private certificate node of a specific user from among the personal information for issuing the public certificate and the public key information for the public certificate which consists of a group that is accumulated and managed in the public certificate registration-related information DB 311. Detected that the personal information for issuing the public certificate and the public key for the public certificate for which the certificate consists of one pair corresponding to the node hash information of the public certificate which constitutes the Merkle Tree structure of the public certificate root hash information to which the city information belongs (S665) ), And post-treatment according to forgery.
  • 140,220,320,620 hash processing engine 150: control unit
  • 311 DB related information registration information for each customer
  • transaction processing engine 400 blockchain holding server

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to an accredited certificate authentication system based on a blockchain, and an accredited certificate authentication method based on a blockchain, using the system, the system and method including: a user terminal (100) requesting blockchain-based accreditation; a blockchain-based accredited certificate authentication-requesting server (600) which, in response to the blockchain-based accreditation request of the user terminal (100), transmits personal information for issuing an accredited certificate, of a user operating the user terminal (100), thereby relaying the blockchain-based accreditation request; a blockchain-based accredited certificate management server(300) which performs control such that user authentication is performed, by determining, based on the personal information for issuing an accredited certificate transmitted from the blockchain-based accredited certificate authentication-requesting server (600), the validity of an accredited certificate of the user, and, if the validity of the accredited certificate is determined to be legitimate, transmitting a public key for the accredited certificate of the user to the blockchain-based accredited certificate authentication-requesting server (600); and blockchain-retaining servers (400), each having an electronic wallet, provided with a blockchain, which, when transaction information for a bitcoin payment is transmitted, validates the bitcoin payment by verifying the transmitted transaction information for the bitcoin payment, and in which the transaction information for the bitcoin payment is recorded in accordance with the validation, wherein transaction information for monitoring forgery and tampering, including accredited certificate root hash information for registration, is recorded in the blockchain.

Description

블록체인을 기반으로 하는 공인인증서 인증시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 인증방법Authorized certificate authentication system based on blockchain and authorized certificate authentication method based on blockchain using the same
본 발명은 유지관리를 필요로 하는 공인인증서용 공개키의 경우 공인인증기관(CA)이 운영하는 서버가 아닌 동등 계층간 통신망(P2P : peer-to-peer network) 기반 분산 데이터베이스를 통해 블록체인 보유서버들에 탑재된 전자지갑의 블록체인에서 저장관리되기 때문에 해킹이 발생할 경우 이를 최대한 차단할 수 있도록 고도의 보안시스템이 연동 구비되는 공인인증서 인증시스템 구축비용 및 그 구축된 공인인증서 인증시스템의 운영과 유지보수의 비용 등의 시스템 관련비용이 소요되지 않고, 액티브X(ActiveX)가 설치되지 않아도 공인인증과정이 수행가능하며, 블록체인을 기반으로 하는 공인인증서의 인증과정 시 사용자의 공인인증서용 공개키가 블록체인 보유서버에 등록되지 않게 하여 사용자의 공인인증서용 공개키가 노출되지 않으면서도 블록체인을 기반으로 하는 공인인증서의 인증과정을 수행할 수 있을 뿐만 아니라 공인인증서를 발급받은 사용자의 공인인증서용 공개키를 포함하는 공인인증 관련정보의 위변조 여부를 감시할 수 있는 블록체인을 기반으로 하는 공인인증서 인증시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 인증방법에 관한 것이다. In the present invention, in the case of a public key for a public certificate requiring maintenance, the blockchain is held through a peer-to-peer network (P2P) based distributed database, not a server operated by a CA. Since it is stored and managed in the blockchain of the electronic wallet mounted on the servers, it is possible to block the hacking as much as possible so that a high level of security system can be interlocked and the operation and maintenance of the established certificate authentication system. There is no cost related to the system, such as the cost of maintenance, and the certification process can be performed even if ActiveX is not installed, and the public key for the certification certificate of the user during the certification process of the blockchain-based certification certificate is By not registering on the blockchain holding server, the user can use the blockchain without exposing the public key for the public certificate. A certificate that is based on a blockchain that can not only perform the certification process of a certificate, but also monitor forgery of information related to the certificate, including the public key for the certificate of the user who issued the certificate. The present invention relates to an authentication system and a method for authenticating a certificate based on a blockchain using the same.
일반적으로, 공인인증서란 다양한 산업분야의 서비스를 이용 시, 사용자의 신원을 확인하고, 문서의 위조와 변조 또는 거래 사실 부인 방지 등을 목적으로 공인인증기관(CA)이 발행하는 전자적 정보로서, 일종의 사이버 거래용 인감증명서를 나타낸다. 이러한 공인인증서에는 인증서 버전, 인증서 일련번호, 인증서 유효기간, 발급기관, 사용자의 전자서명 검증정보, 사용자 이름, 신원 확인정보, 전자서명 방식 등이 포함되어 있다.Generally, an accredited certificate is electronic information issued by a certification authority (CA) for the purpose of verifying the user's identity when using services in various industries, and for preventing the forgery and alteration of documents or the denial of transaction facts. It shows the seal certificate for cyber transaction. These certificates include certificate version, certificate serial number, certificate validity period, issuer, user digital signature verification information, user name, identity verification information, digital signature method.
이러한 공인인증서는 보안 표준 방식인 공개키 기반 구조(PKI, Public Key Infrastructure)에서 사용(특허문헌 1 참조)된다.This public certificate is used in public key infrastructure (PKI), which is a security standard method (see Patent Document 1).
공개키 기반 구조는 암호화와 복호화 키로 구성된 공개키를 이용하여 송수신 데이터를 암호화하고, 인터넷 사용자가 보유한 암호를 이용하여 거래자 신원을 확인하는 방식의 사용자 인증 시스템을 말한다.The public key infrastructure refers to a user authentication system that encrypts transmission and reception data using a public key composed of encryption and decryption keys, and verifies the identity of a trader using a password possessed by an Internet user.
그런데 공개키 기반 구조 하에서 암호화된 공개키를 복호화시키는 키로 이용되는 개인키가 사용자 개인이 아닌 외부에 해당하는 공인인증기관(CA)에서 생성된 후 사용자에게 제공되기 때문에 해킹의 위험성에 노출될 뿐만 아니라 소프트 토큰 기반 저장방식으로 인해 표준화된 저장 위치에 사용자의 개인키가 파일 형태로 존재함에 따라, 개인키의 파일 복제와 자동화 수집이 용이하여 개인키 유출에 따른 금융 피해 및 사용자 정보 도용이 야기되는 위험성을 내포하고 있고, 이 때문에, 생성된 개인키를 사용자에게 제공하여 주는 공인인증기관(CA)은 해킹이 발생할 경우 이를 최대한 차단할 수 있도록 고도의 보안시스템이 연동 구비되는 공인인증서 발급시스템이 구축되어야하고, 그 구축된 공인인증서 발급시스템의 운영 및 유지보수를 수행해야 하기 때문에, 종래의 공인인증서 발급 시 고액의 발급비용이 야기되는 문제점이 있었다. However, since the private key used as a key for decrypting the encrypted public key under the public key infrastructure is generated by an authorized certification authority (CA) that is not an individual user but provided to the user, it is not only exposed to the risk of hacking. Due to the soft token-based storage method, the user's private key exists as a file in a standardized storage location, which makes it easy to duplicate and automate the collection of the private key, leading to financial damage and theft of user information. For this reason, the certification authority (CA) that provides the generated private key to the user should build an accredited certificate issuing system in which a highly secure system is interlocked to block the hacking as much as possible. In addition, the operation and maintenance of the established certificate issuance system should be performed. Therefore, there was a problem that a large amount of issuance costs are caused when issuing a conventional public certificate.
또한, 공인인증서는 웹브라우저를 통해서 사용자 인증과정을 수행 시 필수적으로 별도의 보안을 목적으로 사전에 액티브X(ActiveX)가 설치되어야만 이용이 가능하다. 그런데, 액티브X는 개인용 컴퓨터(이하, PC라 칭함)의 파일, 레지스트리 등의 자원에 접근할 수 있도록 PC의 보안등급을 낮춰야만 설치가 가능하기 때문에, 공인인증서를 통한 사용자 인증수행과정 시 보안을 위해 필수적으로 설치되는 액티브X로 인해 오히려 사용자의 PC 보안등급이 낮아짐으로써, 해킹과 같은 위험환경에 노출되는 문제점도 있었다.In addition, the accredited certificate is available only when ActiveX is installed in advance for the purpose of additional security when performing the user authentication process through a web browser. However, ActiveX can be installed only by lowering the security level of the PC so that it can access resources such as files and registry of personal computers (hereinafter referred to as PCs). Due to the ActiveX installed mandatory to lower the user's PC security level, there was also a problem exposed to dangerous environments such as hacking.
이러한, 공인인증서와 관련된 각 문제점은 본 출원인에 의해 출원(특허문헌 2 참조)된 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법 및 블록체인을 기반으로 하는 공인인증서 인증시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 인증방법을 통해 해소되었다. Each of the problems related to the accredited certificate is based on the blockchain based on the blockchain filed by the present applicant (see Patent Document 2), and the blockchain-based method for issuing the certificate and the method of issuing the certificate. It was solved through the public certificate authentication system and the public certificate authentication method based on the blockchain using the same.
종래의 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법 및 블록체인을 기반으로 하는 공인인증서 인증시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 인증방법의 요지는 공인인증서용 공개키 및 공인인증서용 개인키의 생성을 사용자 운영하는 사용자단말기에서 직접 생성하는 수단이 구비되고, 사용자단말기는 네트워크가 차단된 상태에서 공인인증서용 공개키 및 공인인증서용 개인키를 생성하고, 그 생성된 키 중 공인인증서용 개인키는 사용자가 지정한 비밀번호 및 사진이미지와 함께 암호화되어 저장관리함으로써, 행여라도 발생할 수 있는 각 키의 외부유출을 사전에 차단하여주고, 유지관리를 필요로 하는 공인인증서용 공개키의 경우 공인인증기관(CA)이 운영하는 서버가 아닌 동등 계층간 통신망(P2P : peer-to-peer network) 기반 분산 데이터베이스를 통해 블록체인 보유서버들에 탑재된 전자지갑의 블록체인에서 저장관리되기 때문에 해킹이 발생할 경우 이를 최대한 차단할 수 있도록 고도의 보안시스템이 연동 구비되는 공인인증서 발급시스템 구축비용 및 그 구축된 공인인증서 발급시스템의 운영 및 유지보수 비용이 발생되지 않아 유지보수비용이 거의 소요되지 않으며, 액티브X(ActiveX)가 설치되지 않아도 공인인증과정이 수행가능한 특징을 제공한다. Of the conventional certificate issuing system based on the blockchain, the method of issuing the certificate based on the blockchain using the same, and the authentication certificate authentication system based on the blockchain and the method of authenticating the certificate based on the blockchain using the same The gist is provided with a means for generating the public key for the public certificate and the private key for the public certificate directly from the user terminal operating the user, and the user terminal has a public key for the public certificate and the private key for the public certificate while the network is blocked. The private key for the public certificate is encrypted and stored together with the password and photo image specified by the user, thereby preventing external leakage of each key that may occur even in advance, and maintaining The public key required for the public certificate is operated by the CA. Because it is stored and managed in the blockchain of electronic wallets mounted on blockchain holding servers through peer-to-peer network (P2P) based distributed database, not servers, so that hacking can be blocked as much as possible. There is little cost of maintenance because there is no cost of constructing an accredited certificate issuing system that is equipped with a high security system and the operation and maintenance cost of the established accredited certificate issuing system, and even if ActiveX is not installed The accreditation process provides features that can be performed.
그런데 이와 같은 이점에도 불구하고, 종래의 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법 및 블록체인을 기반으로 하는 공인인증서 인증시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 인증방법은 공인인증과정 시에 필요한 공인인증서용 공개키를 블록체인 보유서버에서 저장관리하기 위해 초기에 발급비용을 지불해야 한다. However, in spite of these advantages, the accredited certificate issuing system based on the conventional blockchain and the method of issuing the accredited certificate based on the blockchain and the blockchain using the accredited certificate authentication system based on the blockchain Based on the accredited certificate authentication method, the issuing cost must be paid initially to store and manage the public key for the accredited certificate in the blockchain holding server.
이때, 발급비용은 0.0001비트코인이 소요되는데, 2015년 7월 시세로 0.0001비트코인은 대한민국 원화로 40원 정도의 저렴한 비용이나 이는, 블록체인을 기반으로 하는 공인인증서를 발급할 때마다 소요되는 비용이기 때문에 발급건수가 증가하면 그에 따라 발급비용 또한 비례적으로 증가하는 문제점이 있다. At this time, the issuance cost is 0.0001 bitcoin, and as of July 2015, 0.0001 bitcoin is a low cost of about 40 won in Korean Won, which is the cost each time issuing a public certificate based on the blockchain. Therefore, if the number of issuance increases, there is a problem that the issuance cost also increases proportionally.
더욱이, 종래의 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법 및 블록체인을 기반으로 하는 공인인증서 인증시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 인증방법은 해킹 발생 시 공인인증서용 공개키의 위변조가 불가능하도록 십만 개 이상의 블록체인 보유서버에 공인인증서용 공개키를 등록하여 저장관리한다. Moreover, the public certificate issuance system based on the conventional blockchain, the public certificate issuance method based on the blockchain using the same, and the public certificate certificate system based on the blockchain, and the public certificate authentication based on the blockchain using the same The method registers and stores the public key for the public certificate on more than 100,000 blockchain holding servers to prevent forgery of the public key for the public certificate when a hacking occurs.
즉, 공인인증서용 공개키를 포함하는 트랜잭션정보의 전파는 통신규약(protocol)에 의해 약속된 것으로, 트랜잭션정보의 발생 시 1개의 노드(여기서는 블록체인 보유서버를 칭함)가 지정된 8개의 노드로 전파시키며, 그 비트코인 결제용 트랜잭션정보를 전송받은 8개의 노드마다 각각 지정된 8개의 노드로 반복 전파하는 피라미드식 전파를 통해 비트코인 결제를 수행하기 위해 필요한 블록체인을 갖는 전자지갑이 탑재된 모든 블록체인 보유서버에게 전파됨으로써, 완료된다. That is, the propagation of the transaction information including the public key for the public certificate is promised by the protocol. When the transaction information occurs, one node (here referred to as a blockchain holding server) is propagated to eight nodes. All blockchains equipped with an electronic wallet with a blockchain necessary to perform Bitcoin payments through pyramid propagation are repeatedly propagated to each of the eight designated nodes for each of the eight nodes receiving the transaction information for the Bitcoin payment. It is completed by propagating to the holding server.
이 때문에, 종래의 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법 및 블록체인을 기반으로 하는 공인인증서 인증시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 인증방법에서 공인인증서용 공개키의 등록요청이 쇄도할 경우 공인인증서용 공개키를포함하는 트랜잭션정보의 과도한 트래픽 발생으로 인해 네트워크 과부하가 유발되는 위험성 뿐만 아니라 블록체인 보유서버들에 저장관리되는 공인인증서용 공개키를 포함하는 트랜잭션정보는 누구나 열람가능하기 때문에 사용자의 공인인증서용 공개키가 외부에 노출되는 문제점도 있다.For this reason, the public certificate issuance system based on the conventional blockchain, the public certificate issuance method based on the blockchain using the same, and the public certificate certificate system based on the blockchain and the public certificate based on the blockchain using the same If the request for registration of the public key for the public certificate is flooded in the authentication method, the certificate that is stored and managed on the blockchain holding servers as well as the risk of causing network overload due to excessive traffic of transaction information including the public key for the public certificate. Since transaction information including the public key for anyone can read, there is a problem in that the public key for the user's public certificate is exposed to the outside.
[선행기술문헌][Preceding technical literature]
[특허문헌][Patent Documents]
(특허문헌 1) 특허문헌 1 : 대한민국특허청 등록특허공보 10-0411448호(등록일 : 2003년12월03일)(Patent Document 1) Patent Document 1: Korean Patent Office Publication No. 10-0411448 (Registration Date: December 03, 2003)
(특허문헌 2) 특허문헌 2 : 대한민국특허청 특허출원공보 제10-2015-0109320호(출원일 : 2015년08월03일)(Patent Document 2) Patent Document 2: Korean Patent Office Patent Application Publication No. 10-2015-0109320 (Application Date: August 03, 2015)
본 발명은 상기 종래기술의 문제점을 해결하기 위한 것으로, 본 발명의 목적은 유지관리를 필요로 하는 공인인증서용 공개키의 경우 공인인증기관(CA)이 운영하는 서버가 아닌 동등 계층간 통신망(P2P : peer-to-peer network) 기반 분산 데이터베이스를 통해 블록체인 보유서버들에 탑재된 전자지갑의 블록체인에서 저장관리되기 때문에 해킹이 발생할 경우 이를 최대한 차단할 수 있도록 고도의 보안시스템이 연동 구비되는 공인인증서 인증시스템 구축비용 및 그 구축된 공인인증서 인증시스템의 운영과 유지보수의 비용 등의 시스템 관련비용이 소요되지 않고, 액티브X(ActiveX)가 설치되지 않아도 공인인증과정이 수행가능한 블록체인을 기반으로 하는 공인인증서 인증시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 인증방법을 제공하는데 있다. The present invention is to solve the problems of the prior art, an object of the present invention is a public key for a public certificate that requires maintenance, not a server operated by a public certification authority (CA), but not between peer communication networks (P2P) : A certificate that is equipped with a highly secure system that can be blocked in case of hacking because it is stored and managed in the blockchain of the electronic wallet mounted on the blockchain holding servers through a peer-to-peer network based distributed database. It is based on a blockchain that does not incur system-related costs such as the cost of establishing the certification system and the operation and maintenance of the established certification certificate system, and can perform the certification process even if ActiveX is not installed. In providing a certificate authentication system and a method of authenticating a certificate based on a blockchain using the same. .
본 발명의 다른 목적은 블록체인을 기반으로 하는 공인인증서의 인증과정 시 사용자의 공인인증서용 공개키가 블록체인 보유서버에 등록되지 않게 하여 사용자의 공인인증서용 공개키가 노출되지 않으면서도 블록체인을 기반으로 하는 공인인증서의 인증과정을 수행할 수 있을 뿐만 아니라 공인인증서를 발급받은 사용자의 공인인증서용 공개키를 포함하는 공인인증 관련정보의 위변조 여부를 감시할 수 있는 블록체인을 기반으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 인증방법을 제공하는데 있다.Another object of the present invention is to prevent the public key of the public certificate for the public certificate of the public certificate of the public certificate of the public certificate of the user to prevent the public key of the public certificate of the public certificate is not exposed in the block chain holding server during the authentication process of the certificate based on the block chain Blockchain based blockchain that not only can carry out the certification process of public certificate based on the certificate, but also can monitor the forgery of public certificate related information including public key of public certificate of the user who has issued the certificate. To provide an accredited certificate authentication system based on the system and a blockchain based authentication method using the same.
본 발명을 달성하기 위한 기술적 사상으로 본 발명의 블록체인을 기반으로 하는 공인인증서 인증시스템은, 블록체인기반 공인인증을 요청하는 사용자단말기와; 상기 사용자단말기의 블록체인기반 공인인증 요청에 따라 상기 사용자단말기를 운영하는 해당 사용자의 공인인증서 발급용 개인정보를 전송하여 블록체인기반 공인인증의 요청을 중계하는 블록체인기반 공인인증서 인증요청서버와; 상기 블록체인기반 공인인증서 인증요청서버로부터 전송되는 상기 공인인증서 발급용 개인정보를 토대로 해당 사용자의 공인인증서 유효성을 판단하여 공인인증서의 유효성이 적법하다고 판단되면, 해당 사용자의 공인인증서용 공개키를 상기 블록체인기반 공인인증서 인증요청서버로 전송하여, 사용자인증이 수행되도록 제어하는블록체인기반 공인인증서 관리서버와; 비트코인 결제용 트랜잭션정보가 전송 시 그 전송된 비트코인 결제용 트랜잭션정보를 검증을 통해 비트코인 결제를 인증하고, 그 인증에 따라 비트코인 결제용 트랜잭션정보가 기록되는 블록체인이 구비된 전자지갑이 탑재되는 것으로, 상기 블록체인에는 등록용 공인인증서 루트해시정보를 포함하는 위변조 감시용 트랜잭션정보정보가 기록된 블록체인 보유서버들;로 이루어진 것을 특징으로 한다. In accordance with the spirit of the present invention, an authentication certificate authentication system based on the blockchain includes: a user terminal for requesting blockchain-based authentication; A blockchain-based official certificate authentication request server for transmitting a personal information for issuing a public certificate of a corresponding user operating the user terminal according to a blockchain-based official authentication request of the user terminal to relay a request for a blockchain-based official authentication; Based on the personal information for issuing the accredited certificate transmitted from the blockchain-based accredited certificate authentication request server, the validity of the accredited certificate is judged to be valid by determining the validity of the accredited certificate of the user. A blockchain-based official certificate management server for transmitting to the blockchain-based official certificate authentication request server and controlling user authentication to be performed; When the transaction information for bitcoin payment is transmitted, the electronic wallet with a blockchain that authenticates the bitcoin payment by verifying the transmitted bitcoin payment transaction information and records the transaction information for the bitcoin payment according to the authentication To be loaded, the blockchain has a blockchain holding server recorded forgery monitoring transaction information information including a registered certificate root hash information for registration; characterized in that consisting of.
본 발명의 블록체인을 기반으로 하는 공인인증서 인증시스템을 이용하여 블록체인기반 공인인증서의 인증과정은, 사용자단말기에서 블록체인기반 공인인증서 인증요청서버에 접속하여 블록체인기반 공인인증을 요청하는 단계와; 상기 블록체인기반 공인인증서 인증요청서버에서, 블록체인기반 공인인증 요청에 따라 회원별 사용자 식별정보 DB에서 상기 사용자단말기를 운영하는 해당 사용자의 공인인증서 발급용 개인정보를 추출하고, 이를 블록체인기반 공인인증서 관리서버로 전송하는 단계와; 상기 블록체인기반 공인인증서 관리서버에서, 상기 전송되는 공인인증서 발급용 개인정보를 토대로 해당 사용자의 공인인증서 유효성을 판단하는 단계와; 상기 블록체인기반 공인인증서 관리서버에서, 공인인증서의 유효성이 적법하다고 판단되면, 공인인증서 등록관련정보DB에서 해당 사용자의 공인인증서용 공개키를 추출하고 이를, 상기 블록체인기반 공인인증서 인증요청서버로 전송하는 단계와; 상기 블록체인기반 공인인증서 인증요청서버에서, 상기 공인인증서용 공개키를 전송받고, 그 전송된 공인인증서용 공개키를 토대로 상기 사용자단말기 간에 사용자인증을 수행하는 단계;로 이루어진다.The process of authenticating a blockchain-based accredited certificate using the accredited certificate authentication system based on the blockchain of the present invention comprises the steps of requesting a blockchain-based accredited authentication from a user terminal by accessing a blockchain-based accredited certificate authentication request server; ; In the blockchain-based public certificate authentication request server, extract personal information for issuing a public certificate of a corresponding user operating the user terminal from the user identification information DB for each member according to a blockchain-based public certificate request, and blockchain-based authentication Transmitting to a certificate management server; Determining, at the blockchain-based official certificate management server, the validity of the public certificate of the corresponding user based on the transmitted personal information for issuing the public certificate; In the blockchain-based public certificate management server, if it is determined that the validity of the public certificate is legitimate, the public certificate for the public certificate of the corresponding user is extracted from the public certificate registration information DB, and the blockchain-based public certificate authentication request server is extracted. Transmitting; Receiving the public key for the public certificate and performing user authentication between the user terminals based on the transmitted public certificate public key.
본 발명은 유지관리를 필요로 하는 공인인증서용 공개키의 경우 공인인증기관(CA)이 운영하는 서버가 아닌 동등 계층간 통신망(P2P : peer-to-peer network) 기반 분산 데이터베이스를 통해 블록체인 보유서버들에 탑재된 전자지갑의 블록체인에서 저장관리되기 때문에 해킹이 발생할 경우 이를 최대한 차단할 수 있도록 고도의 보안시스템이 연동 구비되는 공인인증서 인증시스템 구축비용 및 그 구축된 공인인증서 인증시스템의 운영과 유지보수의 비용 등의 시스템 관련비용이 소요되지 않고, 액티브X(ActiveX)가 설치되지 않아도 공인인증과정이 수행가능한 효과를 발휘한다. In the present invention, in the case of a public key for a public certificate requiring maintenance, the blockchain is held through a peer-to-peer network (P2P) based distributed database, not a server operated by a CA. Since it is stored and managed in the blockchain of the electronic wallet mounted on the servers, it is possible to block the hacking as much as possible so that a high level of security system can be interlocked and the operation and maintenance of the established certificate authentication system. There is no system-related cost such as the cost of maintenance, and even if ActiveX is not installed, the certification process can perform the effect.
또한, 본 발명은 블록체인을 기반으로 하는 공인인증서의 인증과정 시 사용자의 공인인증서용 공개키가 블록체인 보유서버에 등록되지 않게 하여 사용자의 공인인증서용 공개키가 노출되지 않으면서도 블록체인을 기반으로 하는 공인인증서의 인증과정을 수행할 수 있을 뿐만 아니라 공인인증서를 발급받은 사용자의 공인인증서용 공개키를 포함하는 공인인증 관련정보의 위변조 여부를 감시할 수 있는 효과도 있다.In addition, the present invention prevents the public key of the public certificate for the public certificate of the user from being registered in the blockchain holding server during the authentication process of the public certificate based on the blockchain, and does not expose the public key of the public certificate for the public certificate. In addition to performing the certification process of the accredited certificate, there is an effect of monitoring the forgery of the information related to the accredited certification, including the public key for the accredited certificate of the user who issued the accredited certificate.
도 1은 본 발명의 블록체인을 기반으로 하는 공인인증서 발급시스템을 나타낸 블록구성도, 1 is a block diagram showing a system for issuing an accredited certificate based on the blockchain of the present invention;
도 2는 본 발명의 블록체인을 기반으로 하는 공인인증서 발급시스템을 이루는 구성 중 사용자단말기의 세부구성을 나타낸 블록구성도, 2 is a block diagram showing the detailed configuration of the user terminal of the configuration constituting the certificate issue system based on the blockchain of the present invention,
도 3은 본 발명의 블록체인을 기반으로 하는 공인인증서 발급시스템을 이루는 구성 중 블록체인기반 공인인증서 발급요청서버의 세부구성을 나타낸 블록구성도, Figure 3 is a block diagram showing the detailed configuration of the blockchain-based authorized certificate issuing request server of the configuration constituting the system for issuing a public certificate based on the blockchain of the present invention,
도 4는 본 발명의 블록체인을 기반으로 하는 공인인증서 발급시스템을 이루는 구성 블록체인기반 공인인증서 관리서버의 세부구성을 나타낸 블록구성도, Figure 4 is a block diagram showing the detailed configuration of the blockchain-based official certificate management server constituting the public certificate issuance system based on the blockchain of the present invention,
도 5 내지 도 8은 본 발명의 블록체인을 기반으로 하는 공인인증서 발급시스템을 이용하여 블록체인기반 공인인증서 발급과정을 나타낸 순서도, 5 to 8 is a flow chart illustrating a process for issuing a blockchain-based accredited certificate by using an accredited certificate issuing system based on the blockchain of the present invention;
도 9는 본 발명의 블록체인을 기반으로 하는 공인인증서 인증시스템을 나타낸 블록구성도, Figure 9 is a block diagram showing a certificate authentication system based on the blockchain of the present invention,
도 10은 본 발명의 블록체인을 기반으로 하는 공인인증서 인증시스템을 이루는 구성 중 블록체인기반 공인인증서 인증요청서버의 세부구성을 나타낸 블록구성도, 10 is a block diagram showing the detailed configuration of the blockchain-based public certificate authentication request server of the configuration constituting the public certificate authentication system based on the blockchain of the present invention,
도 11 내지 도 17은 본 발명의 블록체인을 기반으로 하는 공인인증서 인증시스템을 이용하여 블록체인기반 공인인증서의 인증과정을 나타낸 순서도이다.11 to 17 are flowcharts illustrating a process of authenticating a blockchain-based accredited certificate using an accredited certificate authentication system based on the blockchain of the present invention.
이하에서는 본 발명의 실시예의 구성 및 작용에 대하여 첨부한 도면을 참조하면서 상세히 설명하되, 다양한 실시예에서 동일명칭으로 사용되는 구성의 도면부호는 동일한 도면부호를 사용하기로 한다. Hereinafter, with reference to the accompanying drawings with respect to the configuration and operation of the embodiment of the present invention will be described in detail, the reference numerals of the configuration used in the same name in various embodiments will use the same reference numerals.
본 발명은 크게 블록체인을 기반으로 하는 공인인증서의 발급 부분과 블록체인을 기반으로 하는 공인인증서의 인증부분으로 구분되어진다. The present invention is largely divided into the issuance part of the public certificate based on the blockchain and the authentication part of the public certificate based on the blockchain.
여기서, 도 1 내지 도 8은 블록체인을 기반으로 하는 공인인증서의 발급 부분인 블록체인을 기반으로 하는 공인인증서 발급시스템 및 방법에 관한 것이다. 1 to 8 relate to a system and a method for issuing an accredited certificate based on a blockchain which is an issuing part of an accredited certificate based on a blockchain.
도면에 도시된 바와 같이, 본 발명의 블록체인을 기반으로 하는 공인인증서 발급시스템은 크게 사용자단말기(100), 블록체인기반 공인인증서 발급 요청 서버(200), 블록체인기반 공인인증서 관리서버(300) 및 블록체인 보유서버(400)들로 이루어진다.As shown in the figure, the blockchain-based authorized certificate issuing system is largely a user terminal 100, a blockchain-based authorized certificate issuing request server 200, blockchain-based official certificate management server 300 And blockchain holding server 400.
먼저, 사용자단말기(100)는 공인인증서용 공개키 및 공인인증서용 개인키를 생성하고, 그 생성된 키 중 공인인증서용 공개키와 블록체인기반 공인인증서 발급에 필요한 사용자의 식별정보로 이루어진 공인인증서 발급용 개인정보를 전송하는 단말부재이다. 여기서, 공인인증서 발급용 개인정보는, 사용자 성명, 사용자 생년월일, 사용자 전화번호, 사용자 이메일을 포함하는 정보이다. First, the user terminal 100 generates a public key for the public certificate and a private key for the public certificate, and the public certificate for the public key for the public certificate and the identification certificate of the user required for issuing a blockchain-based public certificate among the generated keys. Terminal member for transmitting personal information for issuance. Here, the personal information for issuing the public certificate is information including a user name, a user's date of birth, a user's telephone number, and a user's e-mail.
이와 같은, 기능을 수행하기 위한 사용자단말기(100)의 세부구성은 공인인증서용 공개키 및 공인인증서용 개인키를 생성하는 키생성엔진(110), 키생성엔진(110)에서 생성된 공인인증용 개인키가 저장되는 메모리(120), 암호화엔진(130), 해시처리엔진(140), 복호화엔진(160) 및 상기 키생성엔진(110), 암호화엔진(130), 해시처리엔진(140), 복호화엔진(160)을 동작제어하는 제어부(150)로 이루어진다. The detailed configuration of the user terminal 100 to perform the function, such as the key generation engine 110 for generating a public key for the public certificate and a private key for the public certificate, for the public authentication for the key generation engine 110 Memory 120, encryption engine 130, hash processing engine 140, decryption engine 160 and the key generation engine 110, encryption engine 130, hash processing engine 140, the private key is stored, The control unit 150 controls the decryption engine 160.
여기서, 키생성엔진(110), 암호화엔진(130), 해시처리엔진(140) 및 복호화엔진(160)은 사용자단말기(100)가 개인용컴퓨터(PC)와 같은 데스크탑 형식인 경우에는 응용프로그램 형태로 탑재되고, 사용자단말기(100)가 인터넷 접속이 가능한 스마트폰과 같은 모바일기기인 경우에는 모바일 전용앱 형태로 설치제공되어진다. Here, the key generation engine 110, the encryption engine 130, the hash processing engine 140 and the decryption engine 160 is in the form of an application program when the user terminal 100 is a desktop format such as a personal computer (PC). If the user terminal 100 is a mobile device such as a smart phone capable of accessing the Internet, it is provided and installed in the form of a mobile-only app.
또한, 사용자단말기(100)는 공인인증서용 공개키 및 공인인증서용 개인키를 생성하기 전에 해당 사용자단말기(100)를 운영하는 사용자가 블록체인기반 공인인증서 발급 요청 서버(200)에 사용자의 식별정보를 등록하였는지 먼저 확인하는 과정을 수행한다. In addition, before the user terminal 100 generates the public key for the public certificate and the private key for the public certificate, the user operating the user terminal 100 may identify the user with the blockchain-based public certificate issue request server 200. First, check the registration process.
이를 위해, 후술되는 블록체인기반 공인인증서 발급 요청 서버(200)에는 DB부(210)가 탑재되고, 그 탑재되는 DB부(210)에는, 상기 사용자단말기(100)를 운영하는 사용자의 식별정보가 저장되되, 상기 공인인증서 발급용 개인정보와 동일한 사용자의 식별정보가 저장된 회원별 사용자 식별정보 DB(211)가 포함된다. To this end, the DB block 210 is mounted on the blockchain-based authorized certificate issuing request server 200 to be described later, and the identification information of the user who operates the user terminal 100 is mounted on the DB unit 210. Is stored, the user identification information DB 211 for each member is stored, the same user identification information is stored as the personal information for issuance of the public certificate.
그리고 사용자단말기(100)는, 공인인증서 발급용 개인정보를 블록체인기반 공인인증서 발급 요청 서버(200)로 전송하여 블록체인기반 공인인증서 발급을 요청하고, 블록체인기반 공인인증서 발급 요청 서버(200)는, 전송되는 공인인증서 발급용 개인정보를 회원별 사용자 식별정보 DB(211)와 매칭하여 매칭되는 정보가 존재하면, 공인인증서용 공개키 및 공인인증서용 개인키의 생성을 안내하는 키생성 안내신호를 생성하여 사용자단말기(100)로 전송한다. The user terminal 100 transmits the personal information for issuing the public certificate to the blockchain-based public certificate issuing request server 200 to request the blockchain-based public certificate issuing, and the blockchain-based public certificate issuing request server 200. Is a key generation guide signal for guiding the generation of the public key for the public certificate and the private key for the public certificate, if there is matching information by matching the transmitted personal information for issuing the public certificate issue with the user identification information DB 211 for each member. Create and transmit to the user terminal 100.
사용자단말기(100)는 블록체인기반 공인인증서 발급 요청 서버(200)로부터 키생성 안내신호가 전송되면, 키생성엔진(110)을 운영하여 공인인증서용 공개키 및 공인인증서용 개인키를 생성하는데 이때, 사용자단말기(100)는 네트워크를 차단한 상태에서 공인인증서용 공개키 및 공인인증서용 개인키가 생성되도록 제어함으로써, 행여라도 발생할 수 있는 각 키의 외부유출을 사전에 차단한다. When the user terminal 100 transmits a key generation guide signal from the blockchain-based authorized certificate issuing request server 200, the user terminal 100 operates the key generation engine 110 to generate a public key for the public certificate and a private key for the public certificate. In addition, the user terminal 100 controls to generate a public key for a certificate and a private key for a certificate in a state of blocking the network, thereby preventing external leakage of each key that may occur even in advance.
상기 블록체인기반 공인인증서 발급 요청 서버(200)는 사용자단말기(100)로부터 공인인증서용 공개키 및 공인인증서 발급용 개인정보를 전송받고, 그 전송된 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 포함하여 이루어진 고객별 공인인증서 등록요청신호를 후술되는 블록체인기반 공인인증서 관리서버(300)로 전송하는 부재이다. The blockchain-based public certificate issuing request server 200 receives a public key for public certificate and personal information for issuing public certificate from the user terminal 100, and transmits the personal information for public certificate and public certificate for public certificate issuance. It is a member for transmitting to the blockchain-based authorized certificate management server 300 to be described later, the authentication certificate registration request signal for each customer made, including.
이때, 블록체인기반 공인인증서 발급 요청 서버(200)에는 해시처리엔진(220)이 탑재되어 있어, 공인인증서 발급용 개인정보를 해싱연산하여 사용자 식별해시정보로 가공처리한 상태로 블록체인기반 공인인증서 관리서버(300)로 전송한다. At this time, the blockchain-based public certificate issuing request server 200 is equipped with a hash processing engine 220, hashing the personal information for issuing the public certificate is processed by processing the user identification hash information blockchain-based public authentication Send to the certificate management server (300).
이러한 기능을 수행하는 블록체인기반 공인인증서 발급 요청 서버(200)는 은행이나 증권회사에서 운영하는 서버, 정부기관에서 운영하는 서버 및 인터넷 상거래를 수행하는 쇼핑몰에서 운영하는 서버 등 서비스 이용 시 공인인증 수행이 요구되는 업체의 서버가 적용될 수 있다. The blockchain-based official certificate issuing request server 200 that performs such a function performs a public certification when using services such as a server operated by a bank or a securities company, a server operated by a government agency, and a server operated by a shopping mall performing Internet commerce. This required vendor's server can be applied.
상기 블록체인기반 공인인증서 관리서버(300)는 블록체인기반 공인인증서 발급 요청 서버(200)로부터 전송되는 고객별 공인인증서 등록요청신호에 포함된 정보 중 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 한 조로 구분하여 공인인증서 등록관련정보DB(311)에 순차적으로 누적저장하되, 그 누적저장되는 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키의 개수가 기설정된 루트해시 생성구간에 도달되면 해시처리엔진(320)을 운영하여 기설정된 루트해시 생성구간의 개수만큼 카운팅된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 저장순번대로 해싱하여 공인인증서 노드해시정보들로 가공처리하고, 그 가공처리된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 등록용 공인인증서 루트해시정보로 가공처리하며, 트랜잭션처리엔진(320)을 운영하여 등록용 공인인증서 루트해시정보를 포함하는 위변조 감시용 트랜잭션정보 및 그 위변조 감시용 트랜잭션정보를 검색하는데 키값으로 이용되는 위변조 감시용 트랜잭션 ID정보를 생성하고, 생성된 정보 중 위변조 감시용 트랜잭션정보를 전송하는 부재이다. The blockchain-based public certificate management server 300 is a public key for personal information and public certificate for issuing a public certificate from among the information included in the request signal for the certificate registration for each customer transmitted from the blockchain-based public certificate issuing request server 200. And accumulate and store them in the certificate registration related information DB (311) sequentially, and the number of sets of personal information for issuing the public certificate and the public key for the public certificate for which the certificate is accumulated is stored in the predetermined route hash generation section. Upon reaching the hash processing engine 320, hashing a set of personal information for issuing a public certificate and a public key for a public certificate that are counted as many as a predetermined number of root hash generation sections, in order of storage, the public certificate node hash information. Process and then process the processed certificate certificate node hash information into the registered certificate certificate root hash information composed of Merkle Tree structure. Processing and processing the transaction processing engine 320 for forgery monitoring transaction information, including forged authentication certificate root hash information for registration and forgery monitoring transaction ID information that is used as a key value to retrieve the forgery monitoring transaction information It generates and transmits the forgery monitoring transaction information of the generated information.
이때, 공인인증서 등록관련정보DB(311)는 정보저장부재로 DB부(310)에서 관리되어진다. At this time, the public certificate registration information DB 311 is managed by the DB unit 310 as an information storage member.
또한, 공인인증서 등록관련정보DB(311)에는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키와 더불어, 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 해싱처리된 공인인증서 노드해시정보도 순차적으로 누적저장되고, 순차적으로 누적저장된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보도 누적저장된다. In addition, the public certificate registration information DB (311) is a hash of the personal information for the issuance of the certificate and the public key for the certificate, as well as the public key for the certificate issued issuing a set of certificates Certificate node hash information is also accumulated and stored sequentially, and certificate certificate root hash identifier information for registration, which is an identifier for identifying certificate root hash information for registration, in which the cumulatively stored public certificate node hash information has a Merkle tree structure. Are also stored cumulatively.
또한, DB부(310)에는 트랜잭션 처리엔진(330)에서 위변조 감시용 트랜잭션정보를 생성할 때마다 식별자로서 함께 생성되는 위변조 감시용 트랜잭션 ID정보 및 등록용 공인인증서 루트해시 식별자정보가 누적 저장되는 공인인증서 위변조 감시관련정보 DB(312)도 포함한다. In addition, the DB unit 310 accumulates and stores the forgery monitoring transaction ID information and the registration certificate root hash identifier information for registration generated together as an identifier each time the transaction processing engine 330 generates forgery monitoring transaction information. Also included is a certificate forgery monitoring information DB (312).
또한, 블록체인기반 공인인증서 관리서버(300)는 카운팅된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키의 개수가 기설정된 루트해시 생성구간에 도달되면, 그 이후부터 공인인증서 등록관련정보DB(311)에 저장되는 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 새롭게 카운팅함으로써, 이후에 블록체인기반 공인인증서의 발급을 요청하는 신규 고객들도 블록체인기반의 공인인증서를 발급받을 수 있게 제공한다. In addition, the blockchain-based public certificate management server 300 is associated with the public certificate registration if the number of counted personal certificate issuing certificate and the number of public keys for public certificate reaches a predetermined route hash generation period, since then By newly counting a set of personal information for issuing a public certificate and a public key for a public certificate stored in the information DB 311, new customers requesting issuance of a blockchain-based public certificate are also issued a blockchain-based public certificate. Provide to receive.
여기서, 루트해시 생성구간은 블록체인 기반의 고객 제증명서 등록과정 중 고객의 제증명서 정보를 포함하는 트랙잭션정보를 블록체인 보유서버에 등록 시 시스템 관리자가 기설정된 개수 만큼 묶어주는 구간이다. 이를 통해 기설정된 개수만큼 압축된 고객의 제증명서 정보를 트랜잭션 처리함으로써, 트래픽의 발생을 최소화시켜주고, 이에 따라, 네트워크 과부하도 줄일 수 있도록 제공한다. Here, the route hash generation section is a section in which the system administrator binds the transaction information including the certificate information of the customer in the blockchain-based customer certificate registration process to the blockchain holding server to the predetermined number. Through this, transaction processing of certificate information of a customer compressed by a predetermined number minimizes the generation of traffic, thereby reducing network overload.
이러한 루트해시 생성구간의 개수는 기설정된 제증명서 노드해시정보의 개수이거나 또는 기설정된 시간 동안 누적저장되는 제증명서 노드해시정보의 개수 등 다양한 경우를 산정하여 그 개수를 지정할 수 있다.The number of route hash generation sections may be specified by calculating various cases, such as the number of preset certificate node hash information or the number of certificate certificate node hash information accumulated and stored for a predetermined time.
한편, 블록체인기반 공인인증서 관리서버(300)는 블록체인기반의 공인인증서 발급과정 중 공인인증서 등록관련정보DB(311)에 저장관리되는 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 주기적으로 위변조 감시함으로써, 해킹 등의 불법으로 인해 어느 하나의 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키라도 위변조 되었을 경우 이를 인지하여 위변조에 따른 사후처리를 수행할 있다. Meanwhile, the blockchain-based public certificate management server 300 stores a set of public information for public information and public certificate for issuing a public certificate that is stored and managed in the public certificate registration-related information DB 311 during the blockchain-based public certificate issuance process. By monitoring the forgery periodically, if any one of the personal information for issuing a certificate and the public key for the certificate are forged due to illegality such as hacking, it can recognize and perform post-processing according to the forgery.
*이를 위해, 블록체인기반 공인인증서 관리서버(300)는 카운팅된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키의 개수가 기설정된 루트해시 생성구간에 도달되면, 공인인증서 위변조 감시관련정보 DB(312)에 누적저장된 위변조 감시용 트랜잭션 ID정보를 모두 추출하고, 이를 블록체인 보유서버(400)로 전송한다.* To this end, the blockchain-based public certificate management server 300 is associated with the forgery monitoring of the public certificate forgery when the number of counted set of personal information for issuing the public certificate and the public key for the public certificate reaches a predetermined route hash generation period. Extract all the forgery monitoring transaction ID information accumulated in the information DB 312, and transmits it to the blockchain holding server 400.
블록체인 보유서버(400)는 전송된 각 위변조 감시용 트랜잭션 ID정보를 전자지갑에 구비된 블록체인과 매칭하여, 매칭되는 각 위변조 감시용 트랜잭션정보를 추출하고, 그 추출된 각 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 추출한 후 상기 추출된 각 등록용 공인인증서 루트해시정보를 상기 블록체인기반 공인인증서 관리서버(300)로 전송한다. The blockchain holding server 400 matches each transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts each matching forgery monitoring transaction information, and extracts each extracted forgery monitoring transaction information. After extracting the public certificate root hash information for registration included in the registered public certificate root hash information for each registration is transmitted to the blockchain-based public certificate management server 300.
이후, 블록체인기반 공인인증서 관리서버(300)는 각 등록용 공인인증서 루트해시정보를 전송받고, 해시처리엔진(320)을 운영하여 공인인증서 등록관련정보DB(311)에 순차적으로 누적저장된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키의 개수를 기설정된 루트해시 생성구간으로 구분한다. Thereafter, the blockchain-based public certificate management server 300 receives the public certificate root hash information for each registration, and operates the hash processing engine 320 to accumulate and store them sequentially in the public certificate registration information DB 311. The number of personal information for issuing the public certificate and the number of public keys for the public certificate are divided into the predetermined route hash generation section.
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 그 구분된 기설정된 루트해시 생성구간에 속하는 개수만큼 해싱하여 각 대비용 공인인증서 루트해시정보로 가공처리한다. Subsequently, the hash processing engine 320 of the blockchain-based official certificate management server 300 processes the hash certificate information by hashing as many as the number belonging to the predetermined predetermined route hash generation section.
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 전송된 각 등록용 공인인증서 루트해시정보와 생성된 각 대비용 공인인증서 루트해시정보를 생성순번대로 양자대비한다. Subsequently, the hash processing engine 320 of the blockchain-based public certificate management server 300 bilaterally prepares the transmitted public certificate root hash information for each registration and the generated public certificate root hash information for each provision in the order of generation. .
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 생성순번대로 양자대비되는 각 등록용 공인인증서 루트해시정보와 각 대비용 공인인증서 루트해시정보의 각각 해시값을 연산하여 첫 번째 생성순번부터 마지막 생성순번까지 그 연산된 양쪽의 해시값이 동일한지 확인한다. Subsequently, the hash processing engine 320 of the blockchain-based public certificate management server 300 generates a hash value of each certificate public certificate root hash information and each certificate public certificate root hash information, which are contrasted in order of generation. The operation checks whether the hash values of the computed values are the same from the first generation order to the last generation order.
이를 통해, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 양쪽의 해시값이 모두 동일한 경우에는 사용자들이 발급받은 공인인증서 관련정보의 위변조가 발생하지 않았다고 인지함으로써, 위변조 감시용 트랜잭션정보가 생성될 수 있게 제어한다. Through this, the hash processing engine 320 of the blockchain-based public certificate management server 300 recognizes that the forgery of the public certificate related information issued by the users does not occur when both hash values are the same, so that the forgery monitoring is performed. Control so that transaction information can be created.
또한, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 양쪽의 해시값 중 동일하지 않은 경우가 발생하면 사용자들이 발급받은 공인인증서 관련정보의 위변조가 발생하였다고 인지하여 위변조 감시용 트랜잭션정보가 생성되지 않게 제어함으로써, 위변조 발생에 따른 사후처리를 진행한다. In addition, the hash processing engine 320 of the blockchain-based official certificate management server 300 recognizes that the forgery of the relevant certificate issued by the user has occurred if the difference between the two hash values occurs, for monitoring the forgery By controlling the transaction information not to be generated, the post processing is performed according to the forgery occurrence.
이와 더불어, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보 생성 시 그 생성되는 공인인증서 노드해시정보의 저장순번을 나타내는 공인인증서 노드인덱스정보도 함께 생성하고, 등록용 공인인증서 루트해시정보 생성 시 그 생성되는 등록용 공인인증서 루트해시정보를 식별하는 정보인 등록용 공인인증서 루트해시 식별자정보도 함께 생성한다. In addition, the hash processing engine 320 of the blockchain-based public certificate management server 300 also includes public certificate node index information indicating the storage sequence of public certificate node hash information generated when the public certificate node hash information is generated. In addition, when generating the public certificate root hash information for registration, the public certificate root hash identifier information for registration, which is information for identifying the public certificate root hash information for registration, is also generated.
또한, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보, 공인인증서 노드인덱스정보 및 등록용 공인인증서 루트해시 식별자정보를 공인인증서 등록관련정보DB(311)에 누적저장되도록 제어함과 더불어, 등록용 공인인증서 루트해시 식별자정보는 공인인증서 위변조 감시관련정보 DB(312)에도 누적저장되도록 제어한다. In addition, the hash processing engine 320 of the blockchain-based public certificate management server 300, the public certificate node hash information, the public certificate node index information, and the public certificate root hash identifier information for registration, the public certificate registration information DB ( In addition to controlling to accumulate and store in 311), the public certificate root hash identifier information for registration is also controlled to accumulate and store in the official certificate forgery monitoring related information DB (312).
그리고 블록체인기반 공인인증서 발급 요청 서버(200)의 트랜잭션처리엔진(320)은 생성되는 위변조 감시용 트랜잭션 ID정보가 공인인증서 위변조 감시관련정보 DB(312)에 누적저장되도록 제어함으로써, 공인인증서 위변조 감시관련정보 DB(312)에서 위변조 감시용 트랜잭션 ID정보 및 등록용 공인인증서 루트해시 식별자정보가 한 조로 구분되어 저장관리되도록 제어한다. The transaction processing engine 320 of the blockchain-based authorized certificate issuing request server 200 controls the generated transaction ID information for forgery monitoring to be accumulated and stored in the authorized certificate forgery monitoring related information DB 312, thereby monitoring the forged authentication certificate. In the related information DB 312, the transaction ID information for forgery monitoring and the public certificate root hash identifier information for registration are controlled to be classified and stored as a pair.
한편, 블록체인 보유서버(400)의 블록체인에 저장관리되는 등록용 공인인증서 루트해시정보가 서로 연결되면 될수록 위변조의 용이성 정도는 더욱더 어려워진다. On the other hand, the greater the degree of ease of forgery and alteration becomes, the more publicly authenticated certificate root hash information for registration stored in the blockchain of the blockchain holding server 400 is connected to each other.
이에, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 이전에 생성된 등록용 공인인증서 루트해시정보를 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 저장순번대로 해싱하여 가공처리된 공인인증서 노드해시정보들 사이의 기지정된 저장순번에 배치한 상태에서 머클트리 구조로 이루어진 상기 등록용 공인인증서 루트해시정보로 가공처리되도록 제어한다. Accordingly, the hash processing engine 320 of the blockchain-based public certificate management server 300 stores a set of public certificate private certificates and public keys for public certificate issuing a certificate of the previously generated public certificate root hash information for registration. It is controlled to be processed into the registered certification certificate root hash information having a Merkle tree structure in a state arranged in a predetermined storage order between the hashed and processed certificate certificate node hash information.
이를 통해, 블록체인 보유서버(400)에 저장관리되는 위변조 감시용 트랜잭션정보들에 저장되는 등록용 공인인증서 루트해시정보의 경우 최초 등록된 등록용 공인인증서 루트해시정보부터 마지막에 등록된 등록용 공인인증서 루트해시정보가 상호 체인처럼 연결되는 구조를 갖아 블록체인기반 공인인증서 관리서버(300)에서 블록체인 보유서버(400)에 등록시키는 위변조 감시용 트랜잭션 정보가 많으면 많아질수록 비례적으로 해킹에 따른 불법에 의해 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키의 위변조가 더욱 힘들어지도록 제어한다.Through this, in the case of a registered certificate root hash information for registration stored in the forgery monitoring transaction information stored and managed in the blockchain holding server 400, the last registered registration from the first registered certification certificate root hash information for registration For example, the number of forgery monitoring transaction information registered in the blockchain holding server 400 in the blockchain-based certificate management server 300 has a structure in which the root certificate information for the certificate is connected like a chain. Forgery of hacking controls the personal information for issuing a certificate and forgery of the public key for the certificate.
또한, 공인인증서를 감사하는 국가기관 관련 감사단체에서는 본 발명의 공인인증서를 발급하는 특정 사용자의 공인인증서와 관련하여 위변조 검증 요청 단말기(500)를 통해 감사요청하여 위변조 여부를 확인할 수 있다. In addition, the audit organization related to the national institution that audits the accredited certificate may check forgery by requesting an audit through the forgery verification request terminal 500 in relation to the accredited certificate of a specific user who issues the accredited certificate of the present invention.
이를 위해, 국가기관 관련 감사단체에서는 위변조 검증 요청 단말기(500)를 조작하여 블록체인기반 공인인증서 발급요청서버(200)로 특정 사용자의 블록체인기반 공인인증서의 감시를 요청한다. To this end, the audit organization related to the national agency operates the forgery verification request terminal 500 to request the monitoring of the blockchain-based authorized certificate of a specific user to the blockchain-based authorized certificate issuing request server 200.
이후, 블록체인기반 공인인증서 발급 요청 서버(200)는 블록체인기반 공인인증서의 감시를 요청한 특정 사용자의 공인인증서 발급용 개인정보를 공인인증서 등록관련정보DB(311)에서 추출하고 이를, 블록체인기반 공인인증서 관리서버(300)로 전송한다. Thereafter, the blockchain-based public certificate issuing request server 200 extracts the personal information for issuing the public certificate of a specific user who has requested the monitoring of the blockchain-based public certificate from the public certificate registration information DB 311, and then executes the blockchain-based public information. Send to the official certificate management server (300).
블록체인기반 공인인증서 관리서버(300)는 전송된 블록체인기반 공인인증서의 감시를 요청한 특정 사용자의 공인인증서 발급용 개인정보를 공인인증서 등록관련정보DB(311)와 매칭하여 특정 사용자의 공인인증서 노드해시정보의 존재를 확인한다. The blockchain-based public certificate management server 300 matches the personal information for issuing the public certificate of a specific user who has requested the monitoring of the transmitted blockchain-based public certificate with the public certificate registration information DB 311, thereby authenticating the public certificate node of the specific user. Check for the presence of hash information.
이후, 블록체인기반 공인인증서 관리서버(300)는 특정 사용자의 공인인증서 노드해시정보가 존재하지 않는 경우 해시처리엔진(320)을 운영하여 공인인증서 등록관련정보DB(311)에 순차적으로 누적저장된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키 중 공인인증서 노드해시정보가 존재하지 않는 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 저장순번대로 해싱하여 공인인증서 노드해시정보로 가공처리한다. Thereafter, the blockchain-based public certificate management server 300 operates a hash processing engine 320 when there is no public certificate node hash information of a specific user, and is sequentially stored and stored in the public certificate registration information DB 311. Hashing of public certificate for public certificate and public certificate for public certificate issuing in order of storage, unless there is public certificate node hash information among personal information for public certificate issuance and public key for public certificate. Process with information.
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 가공처리된 공인인증서 노드해시정보의 저장순번을 나타내는 공인인증서 노드인덱스정보를 생성하며, 가공처리된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 등록용 공인인증서 루트해시정보로 가공처리하고, 가공처리된 등록용 공인인증서 루트해시정보를 식별하는 정보인 등록용 공인인증서 루트해시 식별자정보를 생성한다. Subsequently, the hash processing engine 320 of the blockchain-based public certificate management server 300 generates public certificate node index information indicating the storage order of processed public certificate node hash information, and processes the public certificate node. The city information is processed and processed into a registered public certificate root hash information having a Merkle tree structure, and generates a public certificate root hash identifier information for registration, which is information for identifying the processed public certificate root hash information.
이후, 블록체인기반 공인인증서 관리서버(300)는 트랜잭션처리엔진(320)을 운영하여 등록용 공인인증서 루트해시정보를 포함하는 위변조 감시용 트랜잭션정보 및 그 위변조 감시용 트랜잭션정보를 검색하는데 키값으로 이용되는 위변조 감시용 트랜잭션 ID정보를 생성하고, 이중 위변조 감시용 트랜잭션정보를 블록체인 보유서버(400)들로 전송한다. Thereafter, the blockchain-based authorized certificate management server 300 operates a transaction processing engine 320 to retrieve forgery monitoring transaction information including the registered certificate root hash information for registration and the forgery monitoring transaction information as key values. Generates forgery monitoring transaction ID information used, and transmits the forgery monitoring transaction information to the blockchain holding server (400).
블록체인 보유서버(400)들은 전송되는 위변조 감시용 트랜잭션정보를 블록체인에 기록한다. The blockchain holding server 400 records the transmitted forgery monitoring transaction information on the blockchain.
그리고 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 특정 사용자의 공인인증서 노드해시정보가 머클트리 구조로 속한 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보를 참조하여 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 모든 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 대비용 공인인증서 루트해시정보를 생성한다. In addition, the hash processing engine 320 of the blockchain-based certificate management server 300 is a certificate for registration, which is an identifier for identifying the certificate certificate root hash information for registration in which the certificate certificate node hash information of a specific user belongs to the Merkle Tree structure. All certificate certificates that form the Merkle Tree structure of the registered certificate root hash information to which the certificate node hash information of a specific user belongs by referring to the certificate root hash identifier information. Generate certificate root hash information.
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 등록용 공인인증서 루트해시 식별자정보를 참조하여, 등록용 공인인증서 루트해시정보가 포함된 위변조 감시용 트랜잭션정보를 식별하는 위변조 감시용 트랜잭션 ID정보를 블록체인 보유서버(400)로 전송한다. 여기서, 위변조 감시용 트랜잭션 ID정보를 전송받는 블록체인 보유서버(400)는 전 세계에 분포되어 있는 블록체인 보유서버(400)들 중 임의의 하나를 사용할 수 있으며, 업무효율을 높이기 위해 사전에 지정하여 사용할 수 있다. Subsequently, the hash processing engine 320 of the blockchain-based public certificate management server 300 refers to the public certificate root hash identifier information for registration, and transmits forgery monitoring transaction information including the public certificate root hash information for registration. The transaction ID information for identifying forgery monitoring is transmitted to the blockchain holding server 400. Here, the blockchain holding server 400 receiving transaction ID information for forgery monitoring may use any one of the blockchain holding servers 400 distributed all over the world, and is designated in advance to increase work efficiency. Can be used.
이후, 블록체인 보유서버(400)는 전송된 위변조 감시용 트랜잭션 ID정보를 전자지갑에 구비된 블록체인과 매칭하여, 매칭되는 위변조 감시용 트랜잭션정보를 추출하고, 그 추출된 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 추출한 후 이를 블록체인기반 공인인증서 관리서버(300)로 전송한다.Thereafter, the blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts the matching forgery monitoring transaction information, and extracts the matching forgery monitoring transaction information. After extracting the included public certificate root hash information for registration and transmits it to the blockchain-based public certificate management server (300).
이후, 블록체인기반 공인인증서 관리서버(300)는 등록용 공인인증서 루트해시정보가 전송되면, 해시처리엔진(320)을 운영하여 전송된 등록용 공인인증서 루트해시정보의 해시값과 생성된 대비용 공인인증서 루트해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인한다. Then, when the blockchain-based public certificate management server 300 is transmitted to the public certificate root hash information for registration, the hash value of the public certificate root hash information generated for registration and transmitted by operating the hash processing engine 320 generated Calculate each hash value of the prepared public certificate root hash information and verify that the calculated hash values are the same.
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보의 연산된 해시값과 상기 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일한 경우 위변조 검증 요청 단말기(500)로 요청한 특정 사용자의 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되지 않았다는 메시지가 통보되도록 제어한다. Subsequently, the hash processing engine 320 of the blockchain-based official certificate management server 300 forgeries the calculated hash value of the public certificate node hash information and the calculated hash value of the prepared public certificate node hash information. The control request so that the message that the personal information and the public key for the certificate is not forgery made of a pair of specific users requested to the verification request terminal 500 is not forged.
한편, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보의 연산된 해시값과 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일하지 않은 경우 전송된 등록용 공인인증서 루트해시정보의 해시값에 해당하는 공인인증서 노드해시정보들 중 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보와 특정 사용자의 공인인증서 노드해시정보의 저장순번이 동일한지 확인한다. On the other hand, the hash processing engine 320 of the blockchain-based public certificate management server 300 is a case where the calculated hash value of the public certificate node hash information and the calculated hash value of the public certificate node hash information for contrast are not the same. Storing of the relevant certificate node hash information with the same hash value among the certificate certificate node hash information corresponding to the hash value of the registered certificate root hash information for registration and the certificate certificate node hash information of the specific user Check that the sequence numbers are the same.
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보와 특정 사용자의 공인인증서 노드해시정보의 저장순번이 동일한 경우 위변조 검증 요청 단말기(500)로 특정 사용자의 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 메시지가 통보되도록 제어한다. Subsequently, the hash processing engine 320 of the blockchain-based public certificate management server 300 has a storage sequence number of the corresponding public certificate node hash information having a different hash value and the public certificate node hash information of a specific user. Control the forgery verification request terminal 500 to be notified that the forgery of the personal information and the public key for the certificate issuing a certificate issued by a pair of specific users.
또한, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 전송된 등록용 공인인증서 루트해시정보의 해시값에 해당하는 공인인증서 노드해시정보들 중 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보와 특정 사용자의 공인인증서 노드해시정보의 저장순번이 동일하지 않은 경우 위변조 검증 요청 단말기(500)로 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되지 않았다는 메시지가 통보되도록 제어한다. In addition, the hash processing engine 320 of the blockchain-based public certificate management server 300 receives a hash value that is not the same among the public certificate node hash information corresponding to the hash value of the transmitted public certificate root hash information. If the storage sequence of the corresponding certificate certificate node hash information and the specific certificate node hash information of a specific user are not the same, the personal information for issuing the certificate and the public key for the certificate issued by the forgery verification request terminal 500 Control to be notified that the message is not forged.
이와 같은, 본 발명의 블록체인을 기반으로 하는 공인인증서 발급시스템을 이용하여 블록체인기반 공인인증서 발급과정을 설명하면 다음과 같다. As described above, the process of issuing a blockchain-based accredited certificate using the accredited certificate issuing system based on the blockchain of the present invention will be described below.
먼저, 사용자는 사용자단말기(100)를 통해 블록체인기반 공인인증서 발급 요청 서버(200)에 접속한 후 블록체인기반 공인인증서 발급에 필요한 사용자의 식별정보로 이루어진 공인인증서 발급용 개인정보를 전송하여 블록체인기반 공인인증서 발급을 요청(S100)한다. First, the user accesses the blockchain-based official certificate issuing request server 200 through the user terminal 100, and then transmits the personal information for issuing the public certificate which is composed of the identification information of the user required for issuing the blockchain-based public certificate. Request issuance of a chain-based official certificate (S100).
블록체인기반 공인인증서 발급 요청 서버(200)는 전송되는 공인인증서 발급용 개인정보를 확인 후 공인인증서용 공개키 및 공인인증서용 개인키의 생성을 안내하는 키생성 안내신호를 생성하여 이를 블록체인기반 공인인증서 발급을 요청한 해당 사용자단말기(100)로 전송(S110)한다. The blockchain-based public certificate issuing request server 200 generates a key generation guide signal for guiding the generation of public key for public certificate and private key for public certificate after verifying the personal information for issuing the public certificate. Transmission to the corresponding user terminal 100 requesting the issuance of the certificate (S110).
사용자단말기(100)는 키생성 안내신호가 전송되면, 키생성엔진(110)을 운영하여 공인인증서용 공개키 및 공인인증서용 개인키가 생성되도록 제어하고, 이중 공인인증서용 개인키는 메모리(120)에 저장관리하고, 공인인증서용 공개키는 블록체인기반 공인인증서 발급 요청 서버(200)로 전송(S120)한다. When the user terminal 100 transmits the key generation guide signal, the user terminal 100 operates the key generation engine 110 to control the public key for the public certificate and the private key for the public certificate to be generated, and the private key for the public certificate is a memory 120. ), The public key for the public certificate is transmitted to the blockchain-based public certificate issuing request server 200 (S120).
블록체인기반 공인인증서 발급 요청 서버(200)는 공인인증서용 공개키를 전송받고, 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 포함하여 이루어진 고객별 공인인증서 등록요청신호를 블록체인기반 공인인증서 관리서버(300)로 전송(S130)하되, 해시처리엔진(220)을 운영하여 공인인증서 발급용 개인정보는 해싱연산되어 사용자 식별해시정보로 가공처리된 상태로 전송되도록 제어한다. The blockchain-based public certificate issuing request server 200 receives the public key for the public certificate and receives a request for registration of the public certificate for the private certificate and the public certificate for the public certificate. While transmitting to the management server (300) (S130), by operating a hash processing engine 220, the personal information for issuing the certificate is hashed to control to be transmitted in the processed state as a user identification hash information.
블록체인기반 공인인증서 관리서버(300)는 해시처리엔진(320)을 운영하여 전송된 고객별 공인인증서 등록요청신호에 포함된 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 한 조로 구분하여 공인인증서 등록관련정보DB(311)에 순차적으로 누적저장(S140)한다. The blockchain-based official certificate management server 300 operates the hash processing engine 320 to classify the public certificate for public information and the public key for public certificate issued in the official certificate registration request signal sent by the customer into a group. The certificate registration information DB 311 is accumulated and stored sequentially (S140).
이후, 블록체인기반 공인인증서 관리서버(300)는 누적저장되는 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 기설정된 루트해시 생성구간에 도달됐는지 확인(S150)한다. Thereafter, the blockchain-based official certificate management server 300 checks whether a set of personal information for issuing a public certificate and a public key for a public certificate that have been accumulated and stored have reached a predetermined route hash generation period (S150).
먼저, 블록체인기반 공인인증서 관리서버(300)는 카운팅되는 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키의 개수가 루트해시 생성구간에 속하는 개수만큼 에 도달되지 않은 경우 도달될 때까지 카운트를 수행한다. First, the blockchain-based public certificate management server 300 is counted until the number of personal information for issue and the public key for public certificate is not reached as long as the number belonging to the root hash generation period is reached. Perform the count.
그리고 블록체인기반 공인인증서 관리서버(300)는한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키의 개수가 루트해시 생성구간에 도달된 경우 공인인증서 위변조 감시관련정보 DB(312)에 누적저장된 위변조 감시용 트랜잭션 ID정보를 모두 추출하고, 그 추출된 위변조 감시용 트랜잭션 ID정보를 블록체인 보유서버(400)로 전송(S160)한다. The blockchain-based public certificate management server 300 accumulates in the public certificate forgery monitoring-related information DB (312) when the number of personal information for issuing a public certificate and the public key for the public certificate reaches a root hash generation section. Extract all stored forgery monitoring transaction ID information, and transmits the extracted forgery monitoring transaction ID information to the blockchain holding server 400 (S160).
*블록체인 보유서버(400)는 전송된 각 위변조 감시용 트랜잭션 ID정보를 전자지갑에 구비된 블록체인과 매칭하여, 매칭되는 각 위변조 감시용 트랜잭션정보를 추출하고, 그 추출된 각 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 추출(S170)한다. * The blockchain holding server 400 matches each transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts each matching forgery monitoring transaction information, and extracts each extracted forgery monitoring transaction. Extract the certificate of certification root authentication information contained in the information (S170).
이후, 블록체인 보유서버(400)는 추출된 각 등록용 공인인증서 루트해시정보를 블록체인기반 공인인증서 관리서버(300)로 전송(S180)한다.Thereafter, the blockchain holding server 400 transmits the extracted public certificate root hash information for each registration to the blockchain-based official certificate management server 300 (S180).
블록체인기반 공인인증서 관리서버(300)는 각 등록용 공인인증서 루트해시정보를 전송받은 후 해시처리엔진(320)을 운영하여 공인인증서 등록관련정보DB(311)에 순차적으로 누적저장된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키의 개수를 기설정된 루트해시 생성구간으로 구분하고, 그 구분된 기설정된 루트해시 생성구간에 속하는 개수만큼 해싱하여 각 대비용 공인인증서 루트해시정보로 가공처리(S190)한다. The blockchain-based public certificate management server 300 operates a hash processing engine 320 after receiving the public certificate root hash information for each registration, and accumulates and stores a set of publicly stored certificates in the certificate registration information DB 311. The number of personal information for certificate issuance and the public key for public certificate is divided into a predetermined route hash generation section, and hashed as many as the number belonging to the predetermined predetermined route hash generation section. The furnace is processed (S190).
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 전송된 각 등록용 공인인증서 루트해시정보와 생성된 각 대비용 공인인증서 루트해시정보를 생성순번대로 양자대비하고, 생성순번대로 양자대비되는 각 등록용 공인인증서 루트해시정보와 각 대비용 공인인증서 루트해시정보의 각각 해시값을 연산하여 첫 번째 생성순번부터 마지막 생성순번까지 그 연산된 양쪽의 해시값이 동일한지 확인(S200)한다. Subsequently, the hash processing engine 320 of the blockchain-based public certificate management server 300 bilaterally prepares the transmitted public certificate root hash information for each registration and the generated public certificate root hash information for each prepared sequence in order of generation. In addition, each hash value of each registered public certificate root hash information and each prepared public certificate certificate root hash information is calculated in order of generation, and both hash values calculated from the first generation order to the last generation order are calculated. Check whether it is the same (S200).
한편, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 첫 번째 생성순번부터 마지막 생성순번까지 그 연산된 양쪽의 해시값이 동일하지 않은 경우 공인인증서 등록관련정보DB(311)에 누적관리되는 한 조로 이루어진 고객의 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 것을 감지(S201)하고, 위변조 발생에 따른 사후처리를 진행한다. On the other hand, the hash processing engine 320 of the blockchain-based public certificate management server 300 is the public certificate registration information DB (311) when the hash value of both calculated from the first generation order to the last generation order is not the same It detects that the personal information for the issuance of the public certificate for the issued certificate and the public key for the public certificate for the forged certificate (S201) consisting of a set of cumulative managements are carried out, and the post-processing is performed according to the forgery occurrence.
또한, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 첫 번째 생성순번부터 마지막 생성순번까지 그 연산된 양쪽의 해시값이 동일한 경우에는 기설정된 루트해시 생성구간에 속하는 개수만큼 카운팅된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 저장순번대로 해싱하여 공인인증서 노드해시정보로 가공처리한다. In addition, the hash processing engine 320 of the blockchain-based public certificate management server 300 is the number belonging to the predetermined route hash generation section when both hash values calculated from the first generation order to the last generation order are the same. As a result, hashing of a set of personal information for issuing a certificate and a public key for a certificate is processed in order of storage, and processed into a certificate certificate node hash information.
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 해싱처리된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 등록용 공인인증서 루트해시정보로 가공처리(S210)한다. Subsequently, the hash processing engine 320 of the blockchain-based certificate management server 300 processes the hash certificate of the certificate certificate node hash information into a certificate certificate root hash information for registration in a Merkle tree structure (S210). .
이후, 블록체인기반 공인인증서 관리서버(300)는 트랜잭션처리엔진(320)을 운영하여 등록용 공인인증서 루트해시정보를 포함하는 위변조 감시용 트랜잭션정보 및 그 위변조 감시용 트랜잭션정보를 검색하는데 키값으로 이용되는 위변조 감시용 트랜잭션 ID정보를 생성하고, 이중 위변조 감시용 트랜잭션정보를 블록체인 보유서버(400)들로 전송(S220)한다. Thereafter, the blockchain-based authorized certificate management server 300 operates a transaction processing engine 320 to retrieve forgery monitoring transaction information including the registered certificate root hash information for registration and the forgery monitoring transaction information as key values. Generates forgery monitoring transaction ID information used, and transmits the dual forgery monitoring transaction information to the blockchain holding server (400) (S220).
이때, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 이전에 생성된 등록용 공인인증서 루트해시정보를 상기 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 저장순번대로 해싱하여 가공처리된 공인인증서 노드해시정보들 사이의 기지정된 저장순번에 배치한 상태에서 머클트리 구조로 이루어진 상기 등록용 공인인증서 루트해시정보로 가공처리되도록 제어한다.At this time, the hash processing engine 320 of the blockchain-based public certificate management server 300 stores the previously generated public certificate root hash information for registration and the public key for issuing the public certificate and the public certificate for the public certificate. It is controlled to be processed into the registered certification certificate root hash information having a Merkle tree structure in a state of being placed in a predetermined storage order among hashed and processed certificate certificate node hashes in order.
블록체인 보유서버(400)들은, 상기 전송되는 위변조 감시용 트랜잭션정보를 블록체인에 기록하여 블록체인기반 공인인증서 발급을 수행(S230)한다. The blockchain holding server 400 records the transmitted forgery monitoring transaction information on the blockchain to issue a blockchain-based authorized certificate (S230).
한편, 공인인증서를 감사하는 국가기관 관련 감사단체에서 본 발명의 공인인증서를 발급하는 특정 사용자의 공인인증서와 관련하여 위변조 검증 요청 단말기(500)를 통해 감사요청하여 위변조 여부를 확인하는 과정도 포함되어진다. On the other hand, a process for checking forgery by requesting an audit through a forgery verification request terminal 500 in connection with a certified user of a specific user issuing an accredited certificate of the present invention by an auditing organization related to a national institution auditing the accredited certificate is included. Lose.
이를 위해, 블록체인기반 공인인증서 발급 요청 서버(200)는 위변조 검증 요청 단말기(500)에서 특정 사용자의 블록체인기반 공인인증서의 감시를 요청하였는지 확인(S251)하여, 특정 사용자의 블록체인기반 공인인증서의 감시를 요청한 경우 그 블록체인기반 공인인증서의 감시가 요청된 특정 사용자의 공인인증서 발급용 개인정보를 공인인증서 등록관련정보DB(311)에서 추출하고 이를, 블록체인기반 공인인증서 관리서버(300)로 전송(S252)한다. To this end, the blockchain-based public certificate issuance request server 200 checks whether the forgery verification request terminal 500 requests the monitoring of the blockchain-based public certificate of a specific user (S251), and the blockchain-based public certificate of a specific user. When the request for monitoring of the blockchain-based public certificate is to extract the personal information for issuing the public certificate of the specific user who is requested to monitor the public certificate from the certificate registration information DB 311, and the blockchain-based public certificate management server 300 To transmit (S252).
이후, 블록체인기반 공인인증서 관리서버(300)는 전송된 블록체인기반 공인인증서의 감시를 요청한 특정 사용자의 공인인증서 발급용 개인정보를 공인인증서 등록관련정보DB(311)와 매칭하여 특정 사용자의 공인인증서 노드해시정보가 존재하는 확인(S253)한다. Thereafter, the blockchain-based official certificate management server 300 matches the personal information for issuing the certificate of the specific user who requested the monitoring of the transmitted blockchain-based public certificate with the certificate registration information DB 311 to authenticate the specific user. Check that the certificate node hash information exists (S253).
블록체인기반 공인인증서 관리서버(300)는 특정 사용자의 공인인증서 노드해시정보가 존재하는 경우 후술되는 대비용 공인인증서 루트해시정보를 생성하는 S257단계로 바로 진입한다. The blockchain-based official certificate management server 300 directly enters the step S257 of generating a public certificate root hash information for the preparation described below when the public certificate node hash information of a specific user exists.
그리고 블록체인기반 공인인증서 관리서버(300)는 특정 사용자의 공인인증서 노드해시정보가 존재하지 않는 경우 해시처리엔진(320)을 운영하여 공인인증서 등록관련정보DB(311)에 순차적으로 누적저장된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키 중 공인인증서 노드해시정보가 존재하지 않는 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 저장순번대로 해싱하여 공인인증서 노드해시정보로 가공처리한다. The blockchain-based public certificate management server 300 operates a hash processing engine 320 when there is no public certificate node hash information of a specific user, and accumulates and stores them sequentially in the public certificate registration information DB 311. Authorized certificate node hash information by hashing the private certificate issue personal information and public certificate public key in order of storage, unless there is public certificate node hash information among private information for public certificate issuance and public key for public certificate. Process with
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 그 가공처리된 공인인증서 노드해시정보의 저장순번을 나타내는 공인인증서 노드인덱스정보를 생성하며, 가공처리된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 등록용 공인인증서 루트해시정보로 가공처리하고, 그 가공처리된 등록용 공인인증서 루트해시정보를 식별하는 정보인 등록용 공인인증서 루트해시 식별자정보를 생성(S254)한다. Subsequently, the hash processing engine 320 of the blockchain-based public certificate management server 300 generates public certificate node index information indicating the storage order of the processed public certificate node hash information, and processed public certificate node. The hash information is processed and processed into the registered public certificate root hash information having the Merkle tree structure, and the public certificate root hash identifier information for registration, which is information for identifying the processed public certificate root hash information, is generated. (S254).
이후, 블록체인기반 공인인증서 관리서버(300)은 트랜잭션처리엔진(320)을 운영하여 등록용 공인인증서 루트해시정보를 포함하는 위변조 감시용 트랜잭션정보 및 그 위변조 감시용 트랜잭션정보를 검색하는데 키값으로 이용되는 위변조 감시용 트랜잭션 ID정보를 생성하고, 이중 위변조 감시용 트랜잭션정보를 블록체인 보유서버(400)들로 전송(S255)한다. Thereafter, the blockchain-based authorized certificate management server 300 operates a transaction processing engine 320 to retrieve forgery monitoring transaction information including the registered certificate root hash information for registration and the forgery monitoring transaction information as key values. Generates forgery monitoring transaction ID information used, and transmits the forgery monitoring transaction information to the blockchain holding server 400 (S255).
블록체인 보유서버(400)들은 전송되는 위변조 감시용 트랜잭션정보를 블록체인에 기록(S256)한다. The blockchain holding server 400 records the transmitted forgery monitoring transaction information in the blockchain (S256).
그리고 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 특정 사용자의 공인인증서 노드해시정보가 머클트리 구조로 속한 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보를 참조하여 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 모든 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 대비용 공인인증서 루트해시정보를 생성(S257)한다. In addition, the hash processing engine 320 of the blockchain-based certificate management server 300 is a certificate for registration, which is an identifier for identifying the certificate certificate root hash information for registration in which the certificate certificate node hash information of a specific user belongs to the Merkle Tree structure. All certificate certificates that form the Merkle Tree structure of the registered certificate root hash information to which the certificate node hash information of a specific user belongs by referring to the certificate root hash identifier information. Generate the certificate root hash information (S257).
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 등록용 공인인증서 루트해시 식별자정보를 참조하여, 등록용 공인인증서 루트해시정보가 포함된 위변조 감시용 트랜잭션정보를 식별하는 위변조 감시용 트랜잭션 ID정보를 상기 블록체인 보유서버(400)로 전송(S258)한다. Subsequently, the hash processing engine 320 of the blockchain-based public certificate management server 300 refers to the public certificate root hash identifier information for registration, and transmits forgery monitoring transaction information including the public certificate root hash information for registration. Transmitting forgery monitoring transaction ID information to identify to the blockchain holding server 400 (S258).
이후, 블록체인 보유서버(400)는 전송된 위변조 감시용 트랜잭션 ID정보를 전자지갑에 구비된 블록체인과 매칭하여, 매칭되는 위변조 감시용 트랜잭션정보를 추출하고, 그 추출된 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 추출한 후 이를 블록체인기반 공인인증서 관리서버(300)로 전송(S259)한다. Thereafter, the blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts the matching forgery monitoring transaction information, and extracts the matching forgery monitoring transaction information. After extracting the included public certificate root hash information for registration and transmits it to the blockchain-based public certificate management server 300 (S259).
이후, 블록체인기반 공인인증서 관리서버(300)는 등록용 공인인증서 루트해시정보를 전송받고, 해시처리엔진(320)을 운영하여 전송된 등록용 공인인증서 루트해시정보의 해시값과 생성된 대비용 공인인증서 루트해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인(S260)한다. Then, the blockchain-based public certificate management server 300 receives the public certificate root hash information for registration, and generates a hash value of the public certificate root hash information for registration transmitted by operating the hash processing engine 320. The hash value of the prepared public certificate root hash information is respectively calculated, and it is checked whether the calculated hash values are the same (S260).
한편, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보의 연산된 해시값과 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일한 경우 위변조 검증 요청 단말기(500)로 요청한 특정 사용자의 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되지 않았다는 메시지가 통보되도록 제어(S261)한다. Meanwhile, the hash processing engine 320 of the blockchain-based public certificate management server 300 performs forgery verification when the calculated hash value of the public certificate node hash information is the same as the calculated hash value of the public certificate node hash information. The control unit (S261) to be notified that the personal information for a certificate issued by a pair of specific users requested to the request terminal 500 and the public key for the certificate is not forged.
그리고 블록체인기반 공인인증서 관리서버(300)는 등록용 공인인증서 루트해시정보의 해시값과 대비용 공인인증서 루트해시정보의 해시값이 동일하지 않은 경우 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들 중 특정 사용자의 공인인증서 노드인덱스정보를 인지(S262)한 후 전송된 등록용 공인인증서 루트해시정보의 해시값에 해당하는 공인인증서 노드해시정보들 중 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보와 특정 사용자의 공인인증서 노드해시정보의 저장순번이 동일한지 확인(S263)한다. In addition, the blockchain-based public certificate management server 300 has a hash value of the public certificate root hash information for registration and the public certificate node hash information of a specific user when the hash value of the public certificate root hash information for contrast is not the same. Hash of the registered certification certificate root hash information transmitted after recognizing the node index information of a specific user from among the certificate certificate node hash information constituting the Merkle tree structure of the registered certification certificate root hash information (S262). Among the public certificate node hash information corresponding to the value, check whether the corresponding public certificate node hash information having the same hash value and the storage order number of the public certificate node hash information of the specific user are the same (S263).
블록체인기반 공인인증서 관리서버(300)는 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보와 특정 사용자의 공인인증서 노드해시정보의 저장순번이 동일한 경우 위변조 검증 요청 단말기(500)로 특정 사용자의 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 메시지가 통보되도록 제어(S264)한다. The blockchain-based public certificate management server 300 is identified as a forgery verification request terminal 500 when the storage order of the corresponding public certificate node hash information having a different hash value and the public certificate node hash information of a specific user are the same. It controls so that the message that the personal information for the issuance of the certificate and the public key for the certificate, which consists of a pair of users, has been forged, is notified (S264).
또한, 블록체인기반 공인인증서 관리서버(300)는 등록용 공인인증서 루트해시정보의 해시값에 해당하는 공인인증서 노드해시정보들 중 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보와 특정 사용자의 공인인증서 노드해시정보의 저장순번이 동일하지 않은 경우 위변조 검증 요청 단말기(500)로 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되지 않았다는 메시지가 통보되도록 제어(S265)한다. In addition, the blockchain-based public certificate management server 300 and the corresponding public certificate node hash information having a different hash value among the public certificate node hash information corresponding to the hash value of the public certificate root hash information for registration and If the storage order of the public certificate node hash information of a specific user is not the same, a message indicating that the personal information for issuing the certificate and the public key for the public certificate for the public certificate that have not been tampered with the forgery verification request terminal 500 are notified. S265).
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 등록관련정보DB(311)에 누적관리되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키 정보 중 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들에 대응되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 것을 감지(S266)하여 위변조에 따른 사후처리를 수행한다. Subsequently, the hash processing engine 320 of the blockchain-based official certificate management server 300 is composed of a group of personal information for issuing a public certificate and public key information for a public certificate that are cumulatively managed in the public certificate registration information DB 311. Personal certificate for public certificate and public key for issuing a public certificate that consists of a set of certificates corresponding to the public certificate node hash information that forms the Merkle Tree structure of the public certificate node hash information of a specific user. Detect that the forgery is modified (S266) and performs post-processing according to the forgery.
그리고 도 7 내지 도 14는 블록체인을 기반으로 하는 공인인증서 인증시스템 및 방법에 관한 것이다. And Figures 7 to 14 relates to an authentication certificate authentication system and method based on the blockchain.
도면에 도시된 바와 같이, 본 발명의 블록체인을 기반으로 하는 공인인증서 인증시스템은 사용자단말기(100), 블록체인기반 공인인증서 인증요청서버(600), 블록체인기반 공인인증서 관리서버(300), 블록체인 보유서버(400) 및 위변조 검증 요청 단말기(500)로 이루어진다. As shown in the figure, the blockchain-based public certificate authentication system of the present invention includes a user terminal 100, a blockchain-based public certificate authentication request server 600, a blockchain-based public certificate management server 300, The blockchain holding server 400 and the forgery verification request terminal 500.
상기 블록체인기반 공인인증서 인증요청서버(600)는 난수발생기(630) 및 암호화엔진(640)이 탑재된 것으로, 사용자단말기(100)의 블록체인기반 공인인증 요청에 따라 사용자단말기(100)를 운영하는 해당 사용자의 공인인증서 발급용 개인정보를 전송하여 블록체인기반 공인인증의 요청을 중계하는 서버부재이다. The blockchain-based authorized certificate authentication request server 600 is equipped with a random number generator 630 and an encryption engine 640, and operates the user terminal 100 according to the blockchain-based authorized authentication request of the user terminal 100. It is a server member that relays a request for a blockchain-based accredited certification by transmitting personal information for issuing an accredited certificate of a corresponding user.
이를 위해, 블록체인기반 공인인증서 인증요청서버(600)에는 DB부(610)를 포함한다. To this end, the blockchain-based public certificate authentication request server 600 includes a DB unit 610.
이러한 DB부(610)에는 사용자단말기(100)를 운영하는 사용자의 식별정보가 저장되되, 블록체인기반 공인인증서 발급 때 이용된 사용자의 식별정보로 이루어진 공인인증서 발급용 개인정보가 저장된 회원별 사용자 식별정보 DB(611)를 포함한다. 여기서, 공인인증서 발급용 개인정보는 해싱연산에 의해 사용자 식별해시정보로 가공처리된 상태로 저장 및 전송되어진다. The DB unit 610 stores the identification information of the user who operates the user terminal 100, the user identification for each member storing the personal information for issuing the certificate, consisting of the identification information of the user used when issuing the blockchain-based certificate issuance The information DB 611 is included. Here, the personal information for issuing the public certificate is stored and transmitted in a state processed as a user identification hash information by hashing operation.
상기 블록체인기반 공인인증서 관리서버(300)는 블록체인기반 공인인증서 인증요청서버(600)로부터 전송되는 공인인증서 발급용 개인정보를 토대로 해당 사용자의 공인인증서 유효성을 판단하여 공인인증서의 유효성이 적법하다고 판단되면, 해당 사용자의 공인인증서용 공개키를 상기 블록체인기반 공인인증서 인증요청서버(600)로 전송하는 부재이다. The blockchain-based official certificate management server 300 judges the validity of the public certificate by determining the validity of the public certificate of the corresponding user based on the personal information for issuing the public certificate transmitted from the blockchain-based public certificate authentication request server 600. If it is determined that the public key for the public certificate of the user is a member for transmitting to the blockchain-based public certificate authentication request server 600.
이러한 기능을 수행하기 위해, 블록체인기반 공인인증서 관리서버(300)에는 DB부(310) 및 해시처리엔진(320)을 포함한다. In order to perform such a function, the blockchain-based authorized certificate management server 300 includes a DB unit 310 and a hash processing engine 320.
먼저, DB부(310)에는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키, 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 해싱처리된 공인인증서 노드해시정보로 구분되어 순차적으로 누적저장되고, 순차적으로 누적저장된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보가 누적저장되는 공인인증서 등록관련정보DB(311)와 블록체인기반 공인인증서 관리서버(300)에서 위변조 감시용 트랜잭션정보가 생성될 때마다 식별자로서 함께 생성된 위변조 감시용 트랜잭션 ID정보가 누적 저장되는 공인인증서 위변조 감시관련정보 DB(312)가 구비된다. First, the DB unit 310 has a set of personal information for issuing a public certificate and a public certificate for a public certificate, a public certificate for a public certificate issuing a public certificate, and a public key for a public certificate. The certification certificate root hash identifier information for registration, which is an identifier for identifying the certification certificate root hash information for registration, which is classified and stored sequentially and accumulated and stored sequentially, and accumulatively stored in the Merkle Tree structure, is accumulated and stored. Whenever the transaction information for forgery monitoring is generated in the public certificate registration information DB 311 and the blockchain-based public certificate management server 300, the authentication certificate forgery monitoring that accumulates and stores the transaction ID information for the forgery monitoring generated together as an identifier The related information DB 312 is provided.
이를 토대로, 블록체인기반 공인인증서 관리서버(300)는 전송되는 공인인증서 발급용 개인정보를 토대로 해당 사용자의 공인인증서 유효성을 판단하는 과정을 설명하면 다음과 같다. Based on this, the blockchain-based official certificate management server 300 describes a process of determining the validity of the public certificate of the user based on the personal information for issuing the public certificate issued as follows.
먼저, 블록체인기반 공인인증서 관리서버(300)은 블록체인기반 공인인증서 인증요청서버(600)로부터 전송된 공인인증서 발급용 개인정보를 공인인증서 등록관련정보DB(311)와 매칭하여 해당 사용자의 공인인증서용 공개키를 추출하고, 해시처리엔진(320)을 운영하여 그 추출된 공인인증서용 공개키와 상기 전송된 공인인증서 발급용 개인정보를 해싱하여 대비용 공인인증서 노드해시정보로 가공처리한다.First, the blockchain-based public certificate management server 300 matches the personal information for issuing the public certificate issued from the blockchain-based public certificate authentication request server 600 with the public certificate registration information DB 311 to authenticate the user. The public key for the certificate is extracted, and the hash processing engine 320 is operated to process the extracted public certificate for public certificate and the transmitted personal information for issuing the public certificate for processing into a public certificate node hash information for preparation. .
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 등록관련정보DB(311)에 저장된 정보 중 블록체인기반 공인인증서 발급 시 등록된 공인인증서 노드해시정보를 추출한다. Thereafter, the hash processing engine 320 of the blockchain-based official certificate management server 300 extracts the public certificate node hash information registered when issuing the blockchain-based official certificate among information stored in the public certificate registration information DB 311. do.
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 그 추출된 공인인증서 노드해시정보의 해시값과 대비용 공인인증서 노드해시정보의 해시값을 각각 연산하며, 그 연산된 양쪽의 해시값이 동일한지 확인하여, 동일한 경우 공인인증서의 유효성이 적법하다고 판단한다. Thereafter, the hash processing engine 320 of the blockchain-based certificate management server 300 calculates a hash value of the extracted certificate certificate node hash information and a hash value of the prepared certificate certificate node hash information, respectively, Check if the calculated hash values are the same and if it is the same, determine that the validity of the accredited certificate is legal.
만약, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보의 연산된 해시값과 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일하지 않은 경우 사용자단말기(100)로 블록체인기반 공인인증 수행과정이 거부되었다는 메시지가 통보되도록 제어하는 기능을 수행한다. If the hash processing engine 320 of the blockchain-based public certificate management server 300 does not have the same hash value as the hash value of the public certificate node hash information and the hash value of the public certificate node hash information is prepared. The user terminal 100 performs a function of controlling to be notified a message that the blockchain-based authentication process is denied.
이를 통해, 사용자가 위변조 여부를 인지하여 신속하게 대응할 수 있게 함으로써, 해킹에 따른 불법 사용자의 불법 사용을 사전에 차단하여, 적법 사용자의 폐해가 최소화되도록 제공한다. Through this, the user can quickly recognize the forgery and respond quickly, thereby preventing the illegal use of the illegal user due to hacking in advance, thereby minimizing the harm of the legitimate user.
한편, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보의 연산된 해시값과 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일한 경우 추가로 공인인증서 발급 시 등록된 공인인증서 노드해시정보가 머클트리 구조로 속한 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보를 공인인증서 등록관련정보DB(311)에서 추출한다. On the other hand, the hash processing engine 320 of the blockchain-based public certificate management server 300 additionally if the calculated hash value of the public certificate node hash information and the calculated hash value of the public certificate node hash information for comparison are the same. The certification certificate registration information DB (311) is used to register the certification certificate root hash identifier information, which is an identifier that identifies the certification certificate root hash information registered in the Merkle Tree structure. Extract from.
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 추출된 등록용 공인인증서 루트해시 식별자정보를 참조하여 해당 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 모든 공인인증서 노드해시정보를 공인인증서 등록관련정보DB(311)에서 추출하고, 그 추출된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 대비용 공인인증서 루트해시정보로 가공처리한다. Subsequently, the hash processing engine 320 of the blockchain-based official certificate management server 300 refers to the extracted public certificate root hash identifier information for registration, and the public certificate root for registration to which the public certificate node hash information of the user belongs. Extract all the public certificate node hash information that forms the Merkle tree structure of the hash information from the public certificate registration information DB (311), and the extracted public certificate node hash information of the prepared public certificate node hash information is composed of the Merkle tree structure Process with hash information.
이와 더불어, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 추출된 등록용 공인인증서 루트해시 식별자정보를 공인인증서 위변조 감시관련정보 DB(312)와 매칭하여 위변조 감시용 트랜잭션 ID정보를 추출하고 이를, 블록체인 보유서버(400)로 전송한다. In addition, the hash processing engine 320 of the blockchain-based public certificate management server 300 matches the extracted public certificate root hash identifier information for registration with the public certificate forgery monitoring-related information DB 312 for the forgery monitoring transaction. Extract ID information and transmit it to the blockchain holding server 400.
블록체인 보유서버(400)은 전송된 위변조 감시용 트랜잭션 ID정보를 전자지갑에 구비된 블록체인과 매칭하여, 매칭되는 위변조 감시용 트랜잭션정보를 추출하고, 그 추출된 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 추출한 후 이를 블록체인기반 공인인증서 관리서버(300)로 전송한다.The blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts matching forgery monitoring transaction information, and is included in the extracted forgery monitoring transaction information. After extracting the public certificate root hash information for registration and transmitting it to the blockchain-based public certificate management server (300).
블록체인기반 공인인증서 관리서버(300)는 등록용 공인인증서 루트해시정보를 전송받고, 해시처리엔진(320)을 운영하여 전송된 등록용 공인인증서 루트해시정보의 해시값과 생성된 대비용 공인인증서 루트해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인하여, 동일한 경우 최종적으로 공인인증서의 유효성이 적법하다고 판단한다. The blockchain-based public certificate management server 300 receives the public certificate root hash information for registration, and operates the hash processing engine 320 for the hash value of the public certificate root hash information for registration and generated contrast. Hash values of the public certificate root hash information are respectively calculated, and both hash values of the calculated certificates are verified to be the same, and finally, the validity of the public certificate is judged to be valid.
또한, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 등록용 공인인증서 루트해시정보와 각 대비용 공인인증서 루트해시정보의 해시값 중 동일하지 않은 양쪽의 해시값이 존재하는 경우 공인인증서 등록관련정보DB(311)에 누적관리되는 고객의 공인인증서 발급용 개인정보 또는 공인인증서용 공개키 정보 중 해당 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들에 대응되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 것을 감지하여 위변조 발생에 따른 사후처리를 진행한다. In addition, the hash processing engine 320 of the blockchain-based public certificate management server 300 has a hash value that is not the same among the hash values of the public certificate root hash information for registration and the public certificate root hash information for each preparation. If present, among the personal information for issuing the certificate or the public key information for the certificate, which is accumulated and managed in the certificate registration information DB 311, the public certificate root hash for the registration to which the user's certificate certificate node hash information belongs. It detects that the personal information for issuing the public certificate and the public key for the public certificate that constitute the pair corresponding to the node hash information of the public certificate which constitutes the Merkle Tree structure of the information are forged, and then proceeds with post-processing according to the forgery.
이를 통해, 본 발명은 블록체인기반 공인인증을 요청할 때마다 블록체인기반 공인인증서 관리서버(300)에 발급된 고객들의 공인인증서 등록관련정보의 위변조 여부를 감시하기 때문에 해킹에 따른 불법에 의해 블록체인기반 공인인증서 관리서버(300)에서 저장 관리되는 고객의 공인인증서 등록관련정보가 위변조 되었을 경우 최대한 신속하게 인지하여 그에 대응할 수 있게 제공한다. Through this, the present invention monitors whether or not forgery of the public certificate registration-related information of customers issued to the blockchain-based certificate management server 300 each time a request for blockchain-based certificate authentication, blockchain due to illegal hacking If forgery certificate registration related information stored and managed by the customer-based certificate management server 300 is forged and provides as quickly as possible to respond to it.
이후, 블록체인기반 공인인증서 인증요청서버(600)는 공인인증서용 공개키를 전송받고, 상기 사용자단말기(100) 간의 인터넷 통신규약을 확인한다. Thereafter, the blockchain-based public certificate authentication request server 600 receives the public key for the public certificate, and checks the Internet communication protocol between the user terminals 100.
여기서, 인터넷 통신규약이란, 인터넷에서 웹서버와 사용자의 인터넷 브라우저 사이에 하이퍼텍스트 문서를 전송하기 위해 사용되는 통신규약으로, http(Hypertext Transfer Protocol)와 https( Hypertext Transfer Protocol over Secure Socket Layer)로 구분되는데 이 차이점은 문서를 전달할 때 암호화처리가 되어 있는지의 여부이다. 즉, http는 문서를 전달할 때 평문으로 전달하고, https는 문서를 전달할 때 암호화 하여 전달하는 것이 그 차이점이다.Here, the Internet communication protocol is a communication protocol used to transfer hypertext documents between a web server and a user's Internet browser on the Internet, and is divided into http (Hypertext Transfer Protocol) and https (Hypertext Transfer Protocol over Secure Socket Layer). The difference is whether the document is encrypted when it is delivered. In other words, http is delivered in plain text when delivering documents, and https is encrypted when delivering documents.
이 때문에, http의 사용환경인 경우에는 평문으로 문서가 전달되기 때문에 해킹의 위험성이 야기된다. For this reason, in the case of the use environment of http, since the document is transmitted in plain text, the risk of hacking is caused.
이에 해킹의 위험성을 해소함과 더불어 사용자가 적법한 공인인증서 사용자인지 인증하기 위해, 블록체인기반 공인인증서 관리서버(300)는 사용자단말기(100) 간의 인터넷 통신규약이 http인 경우 난수발생기(630)를 운영하여 랜덤값인 랜덤세션키가 생성되도록 제어한다. In order to solve the risk of hacking and to verify that the user is a legitimate authorized certificate user, the blockchain-based authorized certificate management server 300 operates a random number generator 630 when the Internet communication protocol between the user terminal 100 is http. Control to generate a random session key that is a random value.
이후, 블록체인기반 공인인증서 관리서버(300)는 암호화엔진(640)을 운영하여 인증서 유효성확인신호에 포함된 정보 중 공인인증서용 공개키를 이용하여 랜덤세션키를 암호화하여 암호화 랜덤세션키로 변환하고 이를 사용자단말기(100)로 전송한다. After that, the blockchain-based public certificate management server 300 operates the encryption engine 640 to encrypt the random session key using the public key for the public certificate among the information included in the certificate validation signal, and converts the encrypted random session key into an encrypted random session key. This is transmitted to the user terminal 100.
사용자단말기(100)는 복호화엔진(160)을 운영하여, 메모리(120)에 저장된 공인인증용 개인키를 토대로 전송된 암호화 랜덤세션키를 복호화하여 랜덤세션키로 변환되도록 제어함으로써, 적법한 사용자 임을 확인하는 사용자임을 확인하는 사용자 인증을 수행한다. The user terminal 100 operates the decryption engine 160 to decrypt the encrypted random session key transmitted based on the private key stored in the memory 120 to be converted into a random session key, thereby confirming that the user is a legitimate user. Perform user authentication to confirm the user.
즉, 사용자가 보유하고 있는 사용자단말기(100)에 공인인증용 개인키가 없으면, 복호화과정 자체를 수행하지 못하기 때문에 적법한 사용자임을 입증할 수 있다. That is, if there is no private key for public authentication in the user terminal 100 held by the user, the decryption process itself may not be performed, thereby proving that the user is a legitimate user.
이와 더불어, 인터넷 통신규약이 http인 환경하에서 사용자단말기(100)와 상기 블록체인기반 공인인증서 인증요청서버(600) 간에는 상호 간에 전달되는 문서를 사용자단말기(100)로부터 제공된 랜덤세션키를 토대로 암복호화 통신을 수행할 수 있기 때문에, 사용자 인증 이후에도 공인인증용 개인키가 외부로 노출되는 경우를 완벽히 차단하여 해킹의 위험성 없이 안전하게 블록체인을 기반으로 공인인증을 수행할 수 있게 제공할 수 있다. In addition, the Internet communication protocol is encrypted and decrypted based on a random session key provided from the user terminal 100 between the user terminal 100 and the blockchain-based authorized certificate authentication request server 600 under the environment of http. Since the communication can be performed, even after the user authentication, the private key for public authentication can be completely blocked, and thus the public authentication can be provided safely based on the blockchain without the risk of hacking.
그리고 인터넷 통신규약이 https인 경우에는 이미 사용자단말기(100)와 블록체인기반 공인인증서 인증요청서버(600) 간의 통신을 통해 상호 전달되는 문서는 암호화된 상태로 전달되고, 복호화되어 출력되기 때문에 사용자 인증만 수행하면 된다. If the Internet communication protocol is https, the documents already transmitted through communication between the user terminal 100 and the blockchain-based authorized certificate authentication request server 600 are transmitted in an encrypted state, and are decrypted and output. You only need to do it.
이를 위해, 블록체인기반 공인인증서 관리서버(300)는 사용자단말기(100) 간의 인터넷 통신규약이 https인 경우 난수발생기(630)를 운영하여 랜덤값인 난수데이터가 생성되도록 제어하고, 이를 사용자단말기(100)로 전송되도록 제어한다.To this end, the blockchain-based authorized certificate management server 300 controls the random number generator 630 to be generated by operating a random number generator 630 when the Internet communication protocol between the user terminal 100 is https, and the user terminal ( 100) to be transmitted.
사용자단말기(100)는 상기 해시처리엔진(140)을 운영하여, 전송된 난수데이터를 해싱연산하여 난수해시정보로 가공처리한다. The user terminal 100 operates the hash processing engine 140 to hash the transmitted random number data to process the random number hash information.
이후, 사용자단말기(100)는 암호화엔진(130)을 운영하여, 메모리(120)에 저장관리되는 공인인증용 개인키를 토대로 난수해시정보를 암호화하여 암호화 난수해시정보로 변환하고 이를, 블록체인기반 공인인증서 인증요청서버(600)로 전송한다. Thereafter, the user terminal 100 operates the encryption engine 130, encrypts the random number hash information based on the private key for public authentication stored and managed in the memory 120, and converts the random number hash information into encrypted random hash information. It sends to the chain-based official certificate authentication request server 600.
블록체인기반 공인인증서 인증요청서버(600)는 해시처리엔진(620)을 운영하여 사용자단말기(100)로 전송된 것과 동일한 값을 갖는 난수데이터를 해싱연산하여 대비용 난수해시정보로 가공처리한다. The blockchain-based authorized certificate authentication request server 600 operates the hash processing engine 620 to hash the random number data having the same value as that transmitted to the user terminal 100 to process the random number hash information for preparation. .
이후, 블록체인기반 공인인증서 인증요청서버(600)는 복호화엔진(650)을 운영하여 해당 사용자의 공인인증서용 공개키를 토대로 전송된 암호화 난수해시정보를 복호화하여 난수해시정보로 변환되도록 제어하고, 그 변환된 난수해시정보의 해시값과 대비용 난수해시정보의 해시값을 각각 연산하여 양쪽의 해시값이 동일한 것을 확인함으로써, 사용자 인증을 수행한다. Thereafter, the blockchain-based public certificate authentication request server 600 operates a decryption engine 650 to decrypt the encrypted random number hash information transmitted based on the public key for the public certificate of the corresponding user and control the data to be converted into random hash information. The user authentication is performed by calculating the hash value of the converted random number hash information and the hash value of the contrast random number hash information, respectively, and confirming that both hash values are the same.
한편, 사용자는 발급된 블록체인기반 공인인증서를 파기할 수 있다. On the other hand, the user can destroy the issued blockchain-based public certificate.
이를 위해, 블록체인기반 공인인증서 인증요청서버(600)는 사용자단말기(100)로부터 블록체인기반 공인인증서의 파기 요청이 있으면, 공인인증서 등록관련정보DB(311)에 저장된 해당 사용자의 공인인증서 노드해시정보를 파기 공인인증서 노드해시정보로 변경저장하고, 블록체인기반 공인인증서의 파기를 요청한 해당 사용자의 공인인증서 노드해시정보를 기설정된 루트해시 생성구간에 속하는 개수로 카운팅될 수 있도록 상기 공인인증서 등록관련정보DB(311)에 반복저장한다.To this end, the blockchain-based public certificate authentication request server 600, if a request for destruction of the blockchain-based public certificate from the user terminal 100, the public certificate node of the user stored in the public certificate registration information DB (311) Change and save the city information into the discarded certificate certificate node hash information, and count the counted hash information of the user who requested the destruction of the blockchain-based certificate certificate to the number belonging to the predetermined route hash generation section. The certificate is repeatedly stored in the registration information DB (311).
이에, 블록체인기반 공인인증서 관리서버(300)는 블록체인기반 공인인증서의 파기를 요청한 해당 사용자의 공인인증서 노드해시정보가 포함된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키의 개수가 기설정된 루트해시 생성구간에 도달되면, 해시처리엔진(320)을 운영하여 기설정된 루트해시 생성구간만큼 카운팅된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 저장순번대로 해싱하여 공인인증서 노드해시정보로 가공처리함으로써, 블록체인 보유서버(400)들로 전송되어 등록되는 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 이루는 머클리트 구조에 블록체인기반 공인인증서의 파기를 요청한 해당 사용자의 공인인증서 노드해시정보도 포함되도록 제어하여, 사용자가 자신의 블록체인기반의 공인인증서가 파기되었다는 것을 확인할 수 있게 안내한다. Accordingly, the blockchain-based public certificate management server 300 includes the number of public information for public information and public key for issuing a set of public certificates including the public certificate node hash information of the user who requested the destruction of the blockchain-based public certificate. When a predetermined route hash generation period is reached, a hash processing engine 320 is operated to hash a set of personal information for issuing a public certificate and a public key for a public certificate that are counted as much as a predetermined root hash generation period in order of storage order. By processing the data into the official certificate node hash information, the block chain based on the Merchant structure that forms the official certificate root hash information for registration included in the forgery monitoring transaction information transmitted and registered to the blockchain holding server 400 The user controls his / her blockchain by controlling to include the hash certificate information of the user who requested the destruction of the certificate. The guide can confirm that the certificate was half destroyed.
그리고 공인인증서를 감사하는 국가기관 관련 감사단체에서는 본 발명의 공인인증서를 이용하는 특정 사용자의 공인인증서와 관련하여 위변조 검증 요청 단말기(500)를 통해 감사요청하여 위변조 여부를 확인할 수 있다. In addition, the audit organization related to the national institution that audits the accredited certificate may check forgery by requesting an audit through the forgery verification request terminal 500 in relation to the accredited certificate of a specific user using the accredited certificate of the present invention.
이를 위해, 블록체인기반 공인인증서 인증요청서버(600)의 DB부(610)에는 사용자단말기(100)를 운영하는 사용자의 공인인증서 발급용 개인정보가 회원별 사용자 식별정보 DB(611)가 구비되어진다. To this end, the DB unit 610 of the blockchain-based official certificate authentication request server 600 is provided with personal identification information DB 611 for each member for issuance of the public certificate of the user who operates the user terminal 100. Lose.
그리고 블록체인기반 공인인증서 관리서버(300)의 공인인증서 등록관련정보DB(311)에는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 해싱처리된 공인인증서 노드해시정보로 구분되어 순차적으로 누적저장되어진 상태이다. In addition, the public certificate registration information information database 311 of the blockchain-based public certificate management server 300 is divided into a public certificate for public certificate issue and a public certificate node public hash information that is hashed. Accumulated and stored sequentially.
이를 통해, 위변조 검증 요청 단말기(500)는 블록체인기반 공인인증서 인증요청서버(600)로 특정 사용자의 블록체인기반 공인인증서의 감시를 요청한다. Through this, the forgery verification request terminal 500 requests the monitoring of the blockchain-based public certificate of a specific user to the blockchain-based public certificate authentication request server 600.
블록체인기반 공인인증서 인증요청서버(600)는 블록체인기반 공인인증서의 감시를 요청한 특정 사용자의 공인인증서 발급용 개인정보를 회원별 사용자 식별정보DB(611)에서 추출하고 이를, 블록체인기반 공인인증서 관리서버(300)로 전송한다.The blockchain-based public certificate authentication request server 600 extracts the personal information for issuing the public certificate of a specific user who has requested the monitoring of the blockchain-based public certificate from the user identification information DB 611 for each member, and the blockchain-based public certificate. The management server 300 transmits.
블록체인기반 공인인증서 관리서버(300)는 전송된 블록체인기반 공인인증서의 감시를 요청한 특정 사용자의 공인인증서 발급용 개인정보를 공인인증서 등록관련정보DB(311)와 매칭하여 특정 사용자의 공인인증서 노드해시정보를 인지하고, 그 인지된 특정 사용자의 공인인증서 노드해시정보가 머클트리 구조로 속한 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보를 공인인증서 등록관련정보DB(311)에서 추출한다. The blockchain-based public certificate management server 300 matches the personal information for issuing the public certificate of a specific user who has requested the monitoring of the transmitted blockchain-based public certificate with the public certificate registration information DB 311, thereby authenticating the public certificate node of the specific user. Recognize the hash information, and the certification certificate for the specific user whose node hash information is identified in the Merkle Tree structure. Extracted from the registration related information DB 311.
이후, 블록체인기반 공인인증서 관리서버(300)는 해시처리엔진(320)을 운영하여, 추출된 등록용 공인인증서 루트해시 식별자정보를 참조하여 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 모든 공인인증서 노드해시정보를 공인인증서 등록관련정보DB(311)에서 추출하고, 그 추출된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 대비용 공인인증서 루트해시정보로 가공처리한다. Subsequently, the blockchain-based official certificate management server 300 operates the hash processing engine 320 to refer to the extracted public certificate root hash identifier information for registration, for registration in which the public certificate node hash information of a specific user belongs. Extract all public certificate node hash information forming the Merkle Tree structure of the public certificate root hash information from the public certificate registration information DB 311, and prepare the prepared certificate node hash information from the extracted mercury tree structure. Process with the official certificate root hash information.
또한, 블록체인기반 공인인증서 관리서버(300)는 해시처리엔진(320)은 추출된 등록용 공인인증서 루트해시 식별자정보를 공인인증서 위변조 감시관련정보 DB(312)와 매칭하여 등록용 공인인증서 루트해시정보가 포함된 위변조 감시용 트랜잭션정보를 식별하는 위변조 감시용 트랜잭션 ID정보를 추출하고 이를, 블록체인 보유서버(400)로 전송한다. In addition, the blockchain-based public certificate management server 300, the hash processing engine 320 matches the extracted public certificate root hash identifier information for registration with the public certificate forgery monitoring-related information DB 312 to register the public certificate root Extract the forgery monitoring transaction ID information identifying the forgery monitoring transaction information including the hash information, and transmits it to the blockchain holding server (400).
블록체인 보유서버(400)는 전송된 위변조 감시용 트랜잭션 ID정보를 전자지갑에 구비된 블록체인과 매칭하여, 매칭되는 위변조 감시용 트랜잭션정보를 추출하고, 그 추출된 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 추출한 후 이를 블록체인기반 공인인증서 관리서버(300)로 전송한다. The blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts matching forgery monitoring transaction information, and is included in the extracted forgery monitoring transaction information. After extracting the public certificate root hash information for registration and transmitting it to the blockchain-based public certificate management server (300).
블록체인기반 공인인증서 관리서버(300)는 등록용 공인인증서 루트해시정보를 전송받고, 해시처리엔진(320)을 운영하여 전송된 등록용 공인인증서 루트해시정보의 해시값과 생성된 대비용 공인인증서 루트해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인함으로써, 동일한 경우 위변조 검증 요청 단말기(500)로 요청한 특정 사용자의 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되지 않았다는 메시지가 통보되도록 제어한다. The blockchain-based public certificate management server 300 receives the public certificate root hash information for registration, and operates the hash processing engine 320 for the hash value of the public certificate root hash information for registration and generated contrast. By calculating the hash value of the public certificate root hash information, respectively, and confirming that the calculated hash values are the same, in the same case, the personal information for issuing the public certificate which consists of a pair of specific users who requested the forgery verification request terminal 500 And a message notifying that the public key for the public certificate has not been forged.
그리고 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보의 연산된 해시값과 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일하지 않은 경우 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들 중 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 저장순번을 나타내는 공인인증서 노드인덱스정보를 공인인증서 등록관련정보DB(311)를 통해 인지한다. In addition, the hash processing engine 320 of the blockchain-based public certificate management server 300 may determine that the calculated hash value of the public certificate node hash information is not the same as the calculated hash value of the public certificate node hash information. The storage order of the corresponding certificate certificate node hash information having the same hash value among the certificate certificate node hash information forming the Merkle Tree structure of the registered certificate certificate root hash information to which the user certificate certificate node hash information belongs. The public certificate node index information indicating is recognized through the public certificate registration information DB 311.
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일한지 확인한다. Subsequently, the hash processing engine 320 of the blockchain-based public certificate management server 300 has the public certificate node index information of the public certificate node hash information and the public certificate node hash information of a specific user having the same hash value. Verify that the storage order of the public certificate node index information is the same.
이를 통해, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일한 경우 위변조 검증 요청 단말기(500)로 특정 사용자의 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 메시지가 통보되도록 제어한다. Through this, the hash processing engine 320 of the blockchain-based public certificate management server 300 hashes the public certificate node index information of the public certificate node hash information having the same hash value and the public certificate node of the specific user. If the storage order number of the public certificate node index information of the information is the same, the forgery verification request terminal 500 controls to be notified that the message forgery of the personal information and the public key for the public certificate for the certificate issued as a pair of specific users.
이와 더불어, 블록체인기반 공인인증서 관리서버(300)는 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일하지 않은 경우 위변조 검증 요청 단말기(500)로 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되지 않았다는 메시지가 통보되도록 제어한다. In addition, the blockchain-based public certificate management server 300 has the public certificate node index information of the corresponding public certificate node hash information having the same hash value and the public certificate node index information of the public certificate node hash information of a specific user. If the storage order is not the same, the forgery verification request terminal 500 is controlled so as to be notified that the message that the personal information for the issuance of a certificate consisting of a set and the public key for the certificate is not forged.
이후, 블록체인기반 공인인증서 관리서버(300)는 공인인증서 등록관련정보DB(311)에 누적관리되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키 정보 중 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들에 대응되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 것을 감지하여, 위변조 발생에 따른 사후처리를 수행한다. Thereafter, the blockchain-based public certificate management server 300 is a private certificate node of a specific user from among the personal information for issuing the public certificate and the public key information for the public certificate which consists of a group that is accumulated and managed in the public certificate registration-related information DB 311. Detected that the personal information for issuing the public certificate and the public key for the public certificate for the certificate, which consisted of one pair corresponding to the node hash information of the public certificate which constitutes the Merkle Tree structure of the public certificate root hash information to which the city information belongs, have been forged. Perform post-processing according to the forgery occurrence.
본 발명의 블록체인을 기반으로 하는 공인인증서 인증시스템을 이용하여 블록체인기반 공인인증서의 인증과정을 설명하면 다음과 같다. The authentication process of the blockchain-based accredited certificate using the accredited certificate authentication system based on the blockchain of the present invention is as follows.
사용자는 사용자단말기(100)를 통해 블록체인기반 공인인증서 인증요청서버(600)에 접속하여 블록체인기반 공인인증을 요청(S300)한다. The user accesses the blockchain-based official certificate authentication request server 600 through the user terminal 100 and requests a blockchain-based official authentication (S300).
블록체인기반 공인인증서 인증요청서버(600)는 블록체인기반 공인인증 요청에 따라 회원별 사용자 식별정보 DB(611)에서 사용자 식별해시정보로 가공처리된 해당 사용자의 공인인증서 발급용 개인정보를 추출하고, 이를 블록체인기반 공인인증서 관리서버(300)로 전송(S310)한다. The blockchain-based public certificate authentication request server 600 extracts the personal information for issuing the public certificate issued by the user identification hash information from the user identification information DB 611 for each member according to the blockchain-based public certificate request. And, this is transmitted to the blockchain-based official certificate management server 300 (S310).
블록체인기반 공인인증서 관리서버(300)는 전송되는 공인인증서 발급용 개인정보를 토대로 해당 사용자의 공인인증서 유효성을 판단(S320)하는데 먼저, 블록체인기반 공인인증서 관리서버(300)는 블록체인기반 공인인증서 인증요청서버(600)로부터 전송된 공인인증서 발급용 개인정보를 공인인증서 등록관련정보DB(311)와 매칭하여 해당 사용자의 공인인증서용 공개키를 추출하고, 해시처리엔진(320)을 운영하여 그 추출된 공인인증서용 공개키와 상기 전송된 공인인증서 발급용 개인정보를 해싱하여 대비용 공인인증서 노드해시정보로 가공처리(S321)한다. The blockchain-based public certificate management server 300 determines the validity of the public certificate of the user based on the personal information for issuing the public certificate issuance (S320). First, the blockchain-based public certificate management server 300 is a blockchain-based public certificate. By matching the personal information for issuing the public certificate sent from the certificate authentication request server 600 with the public certificate registration information DB 311, extracting the public key for the public certificate of the corresponding user, and operating a hash processing engine 320. The extracted public key for the public certificate and the personal information for issuing the public certificate issued are hashed and processed into a prepared public certificate node hash information (S321).
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 등록관련정보DB(311)에 저장된 정보 중 블록체인기반 공인인증서 발급 시 등록된 공인인증서 노드해시정보를 추출하고, 그 추출된 공인인증서 노드해시정보의 해시값과 대비용 공인인증서 노드해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인(S322)한다. Thereafter, the hash processing engine 320 of the blockchain-based official certificate management server 300 extracts the public certificate node hash information registered when issuing the blockchain-based official certificate among information stored in the public certificate registration information DB 311. The hash value of the extracted public certificate node hash information and the hash value of the prepared public certificate node hash information are respectively calculated, and the hash values of the calculated both nodes are the same (S322).
이를 토대로, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보의 연산된 해시값과 상기 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일하지 않은 경우 사용자단말기(100)로 블록체인기반 공인인증 수행과정이 거부되었다는 메시지가 통보되도록 제어(S323)한다. Based on this, the hash processing engine 320 of the blockchain-based public certificate management server 300 has a calculated hash value of the public certificate node hash information and the hash value of the prepared public certificate node hash information is not the same. If not, the user terminal 100 controls to be notified a message that the blockchain-based authentication process is denied (S323).
그리고 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보의 연산된 해시값과 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일한 경우 공인인증서 발급 시 등록된 상기 공인인증서 노드해시정보가 머클트리 구조로 속한 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보를 공인인증서 등록관련정보DB(311)에서 추출(S324)한다. The hash processing engine 320 of the blockchain-based official certificate management server 300 issues an official certificate when the calculated hash value of the public certificate node hash information and the calculated hash value of the public certificate node hash information are the same. Extraction of the certification certificate root hash identifier for registration, which is an identifier for identifying the certification certificate root hash information for registration belonging to the Merkle Tree structure, is registered in the certificate registration information DB (311). (S324).
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 추출된 등록용 공인인증서 루트해시 식별자정보를 참조하여 해당 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 모든 공인인증서 노드해시정보를 공인인증서 등록관련정보DB(311)에서 추출하고, 그 추출된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 대비용 공인인증서 루트해시정보로 가공처리(S325)한다. Subsequently, the hash processing engine 320 of the blockchain-based official certificate management server 300 refers to the extracted public certificate root hash identifier information for registration, and the public certificate root for registration to which the public certificate node hash information of the user belongs. Extract all the public certificate node hash information that forms the Merkle tree structure of the hash information from the public certificate registration information DB (311), and the extracted public certificate node hash information of the prepared public certificate node hash information is composed of the Merkle tree structure Processing is performed with hash information (S325).
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 추출된 등록용 공인인증서 루트해시 식별자정보를 공인인증서 위변조 감시관련정보 DB(312)와 매칭하여 등록용 공인인증서 루트해시정보가 포함된 위변조 감시용 트랜잭션정보를 식별하는 위변조 감시용 트랜잭션 ID정보를 추출하고 이를, 블록체인 보유서버(400)로 전송(S326)한다. Subsequently, the hash processing engine 320 of the blockchain-based official certificate management server 300 matches the extracted public certificate root hash identifier information for registration with the public certificate forgery monitoring-related information DB 312 to register the public certificate root for registration. The forgery monitoring transaction ID information for identifying the forgery monitoring transaction information including the hash information is extracted and transmitted to the blockchain holding server 400 (S326).
블록체인 보유서버(400)는 전송된 위변조 감시용 트랜잭션 ID정보를 전자지갑에 구비된 블록체인과 매칭하여, 매칭되는 위변조 감시용 트랜잭션정보를 추출하고, 그 추출된 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 추출한 후 이를 블록체인기반 공인인증서 관리서버(300)로 전송(S327)한다. The blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts matching forgery monitoring transaction information, and is included in the extracted forgery monitoring transaction information. After extracting the public certificate root hash information for registration and transmits it to the blockchain-based public certificate management server 300 (S327).
블록체인기반 공인인증서 관리서버(300)는 등록용 공인인증서 루트해시정보를 전송받고, 해시처리엔진(320)을 운영하여 전송된 등록용 공인인증서 루트해시정보의 해시값과 생성된 대비용 공인인증서 루트해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인(S328)한다. The blockchain-based public certificate management server 300 receives the public certificate root hash information for registration, and operates the hash processing engine 320 for the hash value of the public certificate root hash information for registration and generated contrast. The hash value of the public certificate root hash information is respectively calculated, and it is checked whether the calculated hash values are the same (S328).
먼저, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 연산된 양쪽의 해시값이 동일하지 않은 경우 공인인증서 등록관련정보DB(311)에 누적관리되는 한 조로 이루어진 고객의 공인인증서 발급용 개인정보 및 공인인증서용 공개키 정보 중 해당 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들에 대응되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 것을 감지(S329)하여 위변조에 따른 사후처리를 수행한다. First, the hash processing engine 320 of the blockchain-based official certificate management server 300 is a certification of the customer consisting of a set of cumulative management in the public certificate registration information DB 311 when the calculated hash values are not the same As a group that corresponds to the public certificate information for certificate issuance and public key information for certificate issuance, which corresponds to the public certificate node hash information that forms the Merkle tree structure of the public certificate root hash information for registration to which the user's public certificate node hash information belongs. It detects that the personal information for the issuance of the accredited certificate and the public key for the accredited certificate are forged (S329) and performs post-processing according to the forgery.
그리고 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보의 연산된 해시값과 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일한 경우 공인인증서의 유효성이 적법하다고 판단한다. In addition, the hash processing engine 320 of the blockchain-based public certificate management server 300 may determine that the calculated hash value of the public certificate node hash information is the same as the calculated hash value of the public certificate node hash information. It is judged to be valid.
이를 통해, 블록체인기반 공인인증서 관리서버(300)는 공인인증서 등록관련정보DB(311)에서 해당 사용자의 공인인증서용 공개키를 추출하고 이를, 블록체인기반 공인인증서 인증요청서버(600)로 전송(S330)한다. Through this, the blockchain-based public certificate management server 300 extracts the public key for the public certificate of the user from the public certificate registration-related information DB 311, and transmits it to the blockchain-based public certificate authentication request server 600 (S330).
블록체인기반 공인인증서 인증요청서버(600)는 공인인증서용 공개키를 전송받고, 그 전송된 공인인증서용 공개키를 토대로 상기 사용자단말기(100) 간에 사용자인증을 수행(S3400)하는데 그 자세한 과정은 다음과 같다. The blockchain-based public certificate authentication request server 600 receives the public key for the public certificate, and performs user authentication between the user terminals 100 based on the transmitted public certificate public key (S3400). As follows.
먼저, 블록체인기반 공인인증서 인증요청서버(600)는 블록체인기반 공인인증을 요청한 해당 사용자단말기(100) 간의 인터넷 통신규약이 http인지 아니면 https인지 확인(S340)한다. First, the blockchain-based official certificate authentication request server 600 checks whether the Internet communication protocol between the user terminal 100 requesting the blockchain-based official authentication is http or https (S340).
블록체인기반 공인인증서 인증요청서버(600)는 사용자단말기(100) 간의 인터넷 통신규약이 http인 경우 난수발생기(630)를 운영하여 랜덤값인 랜덤세션키가 생성되도록 제어(S350)한다. The blockchain-based official certificate authentication request server 600 controls the random session generator 630 to generate a random session key when the internet communication protocol between the user terminals 100 is http (S350).
블록체인기반 공인인증서 인증요청서버(600)는 암호화엔진(640)을 운영하여 상기 공인인증서용 공개키를 이용하여 랜덤세션키를 암호화하여 암호화 랜덤세션키로 변환하고 이를 사용자단말기(100)로 전송(S360)한다. The blockchain-based public certificate authentication request server 600 operates an encryption engine 640 to encrypt a random session key by using the public key for the public certificate and converts it into an encrypted random session key and transmits it to the user terminal 100 ( S360).
사용자단말기(100)는 암호화 랜덤세션키를 전송받고, 복호화엔진(160)을 운영하여, 메모리(120)에 저장관리되는 공인인증용 개인키를 토대로 암호화 랜덤세션키를 복호화하여 랜덤세션키로 변환되도록 제어함으로써, 사용자의 인증(S370)을 완료한다. The user terminal 100 receives the encrypted random session key, operates the decryption engine 160, and decrypts the encrypted random session key based on the private key for public authentication stored in the memory 120 to be converted into a random session key. By controlling, authentication of the user (S370) is completed.
그리고 블록체인기반 공인인증서 인증요청서버(600)는 블록체인기반 공인인증을 요청한 해당 사용자단말기(100) 간의 인터넷 통신규약이 https인 경우에는 난수발생기(630)를 운영하여 랜덤값인 난수데이터를 생성하고, 이를 사용자단말기(100)로 전송(S380)한다. The blockchain-based official certificate authentication request server 600 generates a random value random number data by operating a random number generator 630 when the Internet communication protocol between the corresponding user terminal 100 requesting the blockchain-based official authentication is https. Then, it is transmitted to the user terminal 100 (S380).
사용자단말기(100)는 해시처리엔진(140)을 운영하여, 전송된 난수데이터를 해싱연산하여 난수해시정보로 가공처리(S390)한다. The user terminal 100 operates the hash processing engine 140 to hash the transmitted random number data to process the random number hash information (S390).
사용자단말기(100)는 암호화엔진(130)을 운영하여, 메모리(120)에 저장관리되는 공인인증용 개인키를 토대로 난수해시정보를 암호화하여 암호화 난수해시정보로 변환하고 이를, 블록체인기반 공인인증서 인증요청서버(600)로 전송(S400)한다.The user terminal 100 operates the encryption engine 130, encrypts the random number hash information based on the private key for public authentication stored and managed in the memory 120, and converts it into encrypted random number hash information, which is based on block chain. The certificate is sent to the authentication request server 600 (S400).
블록체인기반 공인인증서 인증요청서버(600)는 해시처리엔진(620)을 운영하여 사용자단말기(100)로 전송된 것과 동일한 값을 갖는 난수데이터를 해싱연산하여 대비용 난수해시정보로 가공처리하고, 복호화엔진(650)을 운영하여 해당 사용자의 공인인증서용 공개키를 토대로 중계전송된 암호화 난수해시정보를 복호화하여 난수해시정보로 변환되도록 제어하고, 그 변환된 난수해시정보의 해시값과 상기 대비용 난수해시정보의 해시값을 각각 연산하여 양쪽의 해시값이 동일한 것을 확인함으로써, 사용자의 인증(S410)을 완료한다. The blockchain-based authorized certificate authentication request server 600 operates a hash processing engine 620 to hash the random number data having the same value as that transmitted to the user terminal 100 to process the random number hash information for preparation. By operating the decryption engine 650, the encrypted random number hash information relayed on the basis of the public key for the public certificate of the user is decrypted and controlled to be converted into random number hash information, and the hash value of the converted random number hash information. And the hash value of the random number hash information for the comparison are respectively calculated to confirm that both hash values are the same, thereby completing user authentication (S410).
한편, 사용자는 발급된 블록체인기반 공인인증서를 파기할 수 있다. On the other hand, the user can destroy the issued blockchain-based public certificate.
이를 위해, 블록체인기반 공인인증서 인증요청서버(600)는 사용자단말기(100)에서 블록체인기반 공인인증서의 파기를 요청하였는지 확인(S500)하여, 블록체인기반 공인인증서의 파기를 요청한 경우 공인인증서 등록관련정보DB(311)에 저장된 해당 사용자의 공인인증서 노드해시정보를 파기 공인인증서 노드해시정보로 변경저장(S510)한다. To this end, the blockchain-based public certificate authentication request server 600 checks whether the user terminal 100 requests the destruction of the blockchain-based public certificate (S500), and if the request for the destruction of the blockchain-based public certificate is registered, the public certificate is registered. The public certificate node hash information of the corresponding user stored in the related information DB 311 is changed and stored into the discarded official certificate node hash information (S510).
이후, 블록체인기반 공인인증서 인증요청서버(600)는 블록체인기반 공인인증서의 파기를 요청한 해당 사용자의 공인인증서 노드해시정보를 기설정된 루트해시 생성구간에 속하는 개수만큼 카운팅될 수 있도록 공인인증서 등록관련정보DB(311)에 반복저장(S520)한다. Thereafter, the blockchain-based public certificate authentication request server 600 may count the public certificate node hash information of the user who requested the destruction of the blockchain-based public certificate as many times as the number belonging to the predetermined root hash generation period. The registration related information DB 311 is repeatedly stored (S520).
이후, 블록체인기반 공인인증서 관리서버(300)는 블록체인기반 공인인증서의 파기를 요청한 해당 사용자의 공인인증서 노드해시정보가 포함된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키의 개수가 기설정된 루트해시 생성구간에 도달되면, 해시처리엔진(320)을 운영하여 기설정된 루트해시 생성구간의 개수만큼 카운팅된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 저장순번대로 해싱하여 공인인증서 노드해시정보로 가공처리함으로써, 블록체인 보유서버(400)들로 전송되어 등록되는 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 이루는 머클리트 구조에 블록체인기반 공인인증서의 파기를 요청한 해당 사용자의 공인인증서 노드해시정보도 포함(S530)되도록 한다. Thereafter, the blockchain-based public certificate management server 300 includes the number of public information for public information and public key for issuing a set of public certificates including the public certificate node hash information of the user who requested the destruction of the blockchain-based public certificate. When a predetermined route hash generation section is reached, the hash processing engine 320 stores a set number of personal information for issuing a public certificate and a public key for a public certificate that are counted as many times as a predetermined route hash generation section. By hashing as it is processed into a public certificate node hash information, the block in the Merchant structure that constitutes the official certificate root hash information for registration contained in the forgery monitoring transaction information transmitted and registered to the blockchain holding server 400 The node-based hash information of the corresponding user who requested the destruction of the chain-based official certificate is also included (S530).
이를 통해, 사용자가 자신의 블록체인기반의 공인인증서가 파기되었다는 것을 확인할 수 있게 안내한다. This guides the user to confirm that his or her blockchain-based public certificate has been destroyed.
그리고 사용자 개인이나 공인인증서를 감사하는 국가기관 관련 감사단체에서 특정 사용자의 공인인증서와 관련하여 위변조 여부를 위변조 검증 요청 단말기(500)를 통해 감사요청하여 위변조 여부 여부를 확인할 수 있다. In addition, an auditing organization for a user or a national institution that audits an accredited certificate may request forgery regarding the forgery verification request terminal 500 through the forgery verification request terminal 500 to check whether the forgery is forged or not.
즉, 블록체인기반 공인인증서 인증요청서버(600)는 위변조 검증 요청 단말기(500)에서 특정 사용자의 블록체인기반 공인인증서의 감시를 요청하였는지 확인(S600)하여, 특정 사용자의 블록체인기반 공인인증서의 감시를 요청한 경우 블록체인기반 공인인증서의 감시를 요청한 특정 사용자의 공인인증서 발급용 개인정보를 공인인증서 등록관련정보DB(311)에서 추출하고 이를, 블록체인기반 공인인증서 관리서버(300)로 전송(S610)한다. That is, the blockchain-based authorized certificate authentication request server 600 checks whether the forgery verification request terminal 500 requests the monitoring of the blockchain-based authorized certificate of a specific user (S600), and determines the blockchain-based authorized certificate of the specific user. In case of request for monitoring, the personal information for issuing the certificate of the specific user who requested the monitoring of the blockchain-based certificate is extracted from the certificate registration information DB 311 and transmitted to the blockchain-based certificate management server 300 ( S610).
블록체인기반 공인인증서 관리서버(300)는 전송된 블록체인기반 공인인증서의 감시를 요청한 특정 사용자의 공인인증서 발급용 개인정보를 공인인증서 등록관련정보DB(311)와 매칭하여 특정 사용자의 공인인증서 노드해시정보를 인지하고, 그 인지된 특정 사용자의 공인인증서 노드해시정보가 머클트리 구조로 속한 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보를 공인인증서 등록관련정보DB(311)에서 추출(S620)한다. The blockchain-based public certificate management server 300 matches the personal information for issuing the public certificate of a specific user who has requested the monitoring of the transmitted blockchain-based public certificate with the public certificate registration information DB 311, thereby authenticating the public certificate node of the specific user. Recognize the hash information, and the certification certificate for the specific user whose node hash information is identified in the Merkle Tree structure. The registration related information DB 311 is extracted (S620).
블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 추출된 등록용 공인인증서 루트해시 식별자정보를 참조하여 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 모든 공인인증서 노드해시정보를 공인인증서 등록관련정보DB(311)에서 추출하고, 그 추출된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 대비용 공인인증서 루트해시정보로 가공처리(S630)한다. The hash processing engine 320 of the blockchain-based public certificate management server 300 refers to the extracted public certificate root hash identifier information for registration, and the public certificate root hash for registration to which the public certificate node hash information of a specific user belongs. Extract all public certificate node hash information forming the Merkle tree structure of information from the public certificate registration related information DB 311, and extract the public certificate node hash of the prepared public certificate node hash information having the extracted mercury tree structure. The information is processed (S630).
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320) 추출된 등록용 공인인증서 루트해시 식별자정보를 공인인증서 위변조 감시관련정보 DB(312)와 매칭하여 등록용 공인인증서 루트해시정보가 포함된 위변조 감시용 트랜잭션정보를 식별하는 위변조 감시용 트랜잭션 ID정보를 추출하고 이를, 블록체인 보유서버(400)로 전송(S640)한다. After that, the hash processing engine 320 of the blockchain-based official certificate management server 300 matches the extracted public certificate root hash identifier information for registration with the public certificate forgery monitoring-related information DB 312, and the root certificate for registration. Forgery monitoring transaction ID information for identifying the forgery monitoring transaction information including the time information is extracted and transmitted to the blockchain holding server 400 (S640).
블록체인 보유서버(400)는 전송된 위변조 감시용 트랜잭션 ID정보를 전자지갑에 구비된 블록체인과 매칭하여, 매칭되는 위변조 감시용 트랜잭션정보를 추출하고, 그 추출된 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 추출한 후 이를 블록체인기반 공인인증서 관리서버(300)로 전송(S650)한다. The blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts matching forgery monitoring transaction information, and is included in the extracted forgery monitoring transaction information. After extracting the public certificate root hash information for registration and transmits it to the blockchain-based public certificate management server 300 (S650).
블록체인기반 공인인증서 관리서버(300)는 등록용 공인인증서 루트해시정보를 전송받고, 해시처리엔진(320)을 운영하여 전송된 등록용 공인인증서 루트해시정보의 해시값과 생성된 대비용 공인인증서 루트해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인(S660)한다. The blockchain-based public certificate management server 300 receives the public certificate root hash information for registration, and operates the hash processing engine 320 for the hash value of the public certificate root hash information for registration and generated contrast. The hash value of the public certificate root hash information is respectively calculated, and it is checked whether the calculated hash values are the same (S660).
블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보의 연산된 해시값과 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일한 경우 위변조 검증 요청 단말기(500)로 요청한 특정 사용자의 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되지 않았다는 메시지가 통보(S670)되도록 제어한다. The hash processing engine 320 of the blockchain-based public certificate management server 300 is a forgery verification request terminal when the calculated hash value of the public certificate node hash information and the calculated hash value of the public certificate node hash information are the same. (500) Control so that the message that the personal information for a certificate issued by a pair of specific users and the public key for the certificate is not forged for a request made to (500) (S670).
그리고 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 공인인증서 노드해시정보의 연산된 해시값과 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일하지 않은 경우 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들 중 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 저장순번을 나타내는 공인인증서 노드인덱스정보를 공인인증서 등록관련정보DB(311)를 통해 인지(S661)한다. In addition, the hash processing engine 320 of the blockchain-based public certificate management server 300 may determine that the calculated hash value of the public certificate node hash information is not the same as the calculated hash value of the public certificate node hash information. The storage order of the corresponding certificate certificate node hash information having the same hash value among the certificate certificate node hash information forming the Merkle Tree structure of the registered certificate certificate root hash information to which the user certificate certificate node hash information belongs. The public certificate node index information indicating is recognized through the public certificate registration information DB 311 (S661).
이후, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일한지 확인(S662)한다. Subsequently, the hash processing engine 320 of the blockchain-based public certificate management server 300 has the public certificate node index information of the public certificate node hash information and the public certificate node hash information of a specific user having the same hash value. Check whether the storage order of the public certificate node index information is the same (S662).
먼저, 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일한 경우 위변조 검증 요청 단말기(500)로 특정 사용자의 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 메시지가 통보되도록 제어(S663)한다. First, the hash processing engine 320 of the blockchain-based public certificate management server 300 has the public certificate node index information of the public certificate node hash information having the same hash value and the public certificate node hash information of a specific user. If the storage order of the public certificate node index information of the same is the same, the forgery verification request terminal 500 controls to receive a message indicating that the personal information for issuing a certificate of a specific user and the public key for the public certificate forgery of a specific user have been forged (S663). .
그리고 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일하지 않은 경우 위변조 검증 요청 단말기(500)로 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되지 않았다는 메시지가 통보되도록 제어(S664)한다. In addition, the hash processing engine 320 of the blockchain-based public certificate management server 300 may include the public certificate node index information of the public certificate node hash information and the public certificate node hash information of a specific user having a different hash value. If the storage order of the public certificate node index information is not the same, the forgery verification request terminal 500 controls to receive a message indicating that the personal information for issuing a certificate and the public key for public certificate forgery have not been forged (S664).
이후, 블록체인기반 공인인증서 관리서버(300)는 공인인증서 등록관련정보DB(311)에 누적관리되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키 정보 중 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들에 대응되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 것을 감지(S665)하여, 위변조에 따른 사후처리를 수행한다.Thereafter, the blockchain-based public certificate management server 300 is a private certificate node of a specific user from among the personal information for issuing the public certificate and the public key information for the public certificate which consists of a group that is accumulated and managed in the public certificate registration-related information DB 311. Detected that the personal information for issuing the public certificate and the public key for the public certificate for which the certificate consists of one pair corresponding to the node hash information of the public certificate which constitutes the Merkle Tree structure of the public certificate root hash information to which the city information belongs (S665) ), And post-treatment according to forgery.
[부호의 설명][Description of the code]
100 : 사용자단말기 110 : 키생성엔진100: user terminal 110: key generation engine
120 : 메모리 130,640 : 암호화엔진120: memory 130,640: encryption engine
140,220,320,620 : 해시처리엔진 150 : 제어부140,220,320,620: hash processing engine 150: control unit
160,650 : 복호화엔진160,650 Decoding Engine
200 : 블록체인기반 공인인증서 발급 요청 서버200: blockchain-based public certificate issuance request server
210,310,610 : DB부210,310,610: DB
211,611 : 회원별 사용자 식별정보 DB 211,611: User identification information DB for each member
300 : 블록체인기반 공인인증서 관리서버300: Blockchain based certificate management server
311 : 고객별 공인인증서 등록관련정보 DB311: DB related information registration information for each customer
312 : 공인인증서 위변조 감시관련정보 DB312: DB forgery monitoring information DB
330 : 트랜잭션처리엔진 400 : 블록체인 보유서버 330: transaction processing engine 400: blockchain holding server
500 : 위변조 검증요청 단말기 500: forgery verification request terminal
600 : 블록체인기반 공인인증서 인증요청서버600: blockchain-based public certificate authentication request server
630 : 난수발생기630: random number generator

Claims (24)

  1. 블록체인기반 공인인증을 요청하는 사용자단말기(100)와; A user terminal 100 for requesting blockchain-based authorized authentication;
    상기 사용자단말기(100)의 블록체인기반 공인인증 요청에 따라 상기 사용자단말기(100)를 운영하는 해당 사용자의 공인인증서 발급용 개인정보를 전송하여 블록체인기반 공인인증의 요청을 중계하는 블록체인기반 공인인증서 인증요청서버(600)와; In accordance with the blockchain-based authentication request of the user terminal 100, the blockchain-based authentication that relays the request for the authentication of blockchain-based authentication by transmitting personal information for issuing the certificate of the corresponding user operating the user terminal 100. Certificate authentication request server 600;
    상기 블록체인기반 공인인증서 인증요청서버(600)로부터 전송되는 상기 공인인증서 발급용 개인정보를 토대로 해당 사용자의 공인인증서 유효성을 판단하여 공인인증서의 유효성이 적법하다고 판단되면, 해당 사용자의 공인인증서용 공개키를 상기 블록체인기반 공인인증서 인증요청서버(600)로 전송하여, 사용자인증이 수행되도록 제어하는 블록체인기반 공인인증서 관리서버(300)와; Based on the personal information for issuing the accredited certificate transmitted from the blockchain-based accredited certificate authentication request server 600, if the validity of the accredited certificate is judged to be valid by determining the validity of the accredited certificate of the corresponding user, the relevant certificate is disclosed for the public. A blockchain-based public certificate management server 300 for transmitting a key to the blockchain-based public certificate authentication request server 600 to control user authentication to be performed;
    비트코인 결제용 트랜잭션정보가 전송 시 그 전송된 비트코인 결제용 트랜잭션정보를 검증을 통해 비트코인 결제를 인증하고, 그 인증에 따라 비트코인 결제용 트랜잭션정보가 기록되는 블록체인이 구비된 전자지갑이 탑재되는 것으로, 상기 블록체인에는 등록용 공인인증서 루트해시정보를 포함하는 위변조 감시용 트랜잭션정보정보가 기록된 블록체인 보유서버(400)들;로 이루어진 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템.When the transaction information for bitcoin payment is transmitted, the electronic wallet with a blockchain that authenticates the bitcoin payment by verifying the transmitted bitcoin payment transaction information and records the transaction information for the bitcoin payment according to the authentication Onboard, the blockchain is a blockchain based on the blockchain, characterized in that consisting of; blockchain holding server (400) in which the forgery monitoring transaction information information is recorded, including the certification certificate root hash information for registration; Certificate Authentication System.
  2. 제1항에 있어서, The method of claim 1,
    상기 블록체인기반 공인인증서 인증요청서버(600)는 상기 블록체인기반 공인인증서 관리서버(300)로 전송되는 상기 공인인증서 발급용 개인정보를 해싱연산에 의해 사용자 식별해시정보로 가공처리된 상태로 전송되도록 제어하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템.The blockchain-based official certificate authentication request server 600 is processed by the hashing operation of the personal information for issuing the public certificate transmitted to the blockchain-based official certificate management server 300 as a user identification hash information processed state Authorized certificate authentication system based on blockchain, characterized in that the control to be transmitted.
  3. 제1항에 있어서, The method of claim 1,
    상기 블록체인기반 공인인증서 관리서버(300)에는, DB부(310); 및 해시처리엔진(320);을 포함하고, The blockchain-based authorized certificate management server 300, DB unit 310; And a hash processing engine 320;
    상기 DB부(310)에는, 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키, 상기 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 해싱처리된 공인인증서 노드해시정보로 구분되어 순차적으로 누적저장되고, 상기 순차적으로 누적저장된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보가 누적저장되는 공인인증서 등록관련정보DB(311)와; 상기 블록체인기반 공인인증서 관리서버(300)에서 상기 위변조 감시용 트랜잭션정보가 생성될 때마다 식별자로서 함께 생성된 위변조 감시용 트랜잭션 ID정보가 누적 저장되는 공인인증서 위변조 감시관련정보 DB(312);를 포함하며, The DB unit 310, the authentication certificate node hash information hashed by a set of personal information and public certificate for public certificate issuance, a public certificate for public certificate issuance and a public certificate for public certificate consisting of a set The certification certificate root hash identifier information for registration, which is an identifier for identifying the certification certificate root hash information for registration, which is sequentially accumulated and stored, and the certificate certificate node hash information stored in the cumulative structure having a Merkle tree structure is accumulated. A stored certificate registration information DB 311 is stored; Whenever the forgery monitoring transaction information is generated in the blockchain-based authentication certificate management server 300, the authentication certificate forgery monitoring related information DB 312, which accumulates and stores transaction ID information for forgery monitoring generated together as an identifier; Include,
    상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 전송되는 공인인증서 발급용 개인정보를 토대로 해당 사용자의 공인인증서 유효성을 판단하는 과정은, In the blockchain-based public certificate management server 300, the process of determining the validity of the public certificate of the user based on the transmitted personal information for issuing the public certificate,
    상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 블록체인기반 공인인증서 인증요청서버(600)로부터 전송된 공인인증서 발급용 개인정보를 상기 공인인증서 등록관련정보DB(311)와 매칭하여 해당 사용자의 공인인증서용 공개키를 추출하고, 상기 해시처리엔진(320)을 운영하여 그 추출된 공인인증서용 공개키와 상기 전송된 공인인증서 발급용 개인정보를 해싱하여 대비용 공인인증서 노드해시정보로 가공처리하며, In the blockchain-based official certificate management server 300, matching the personal information for issuing the public certificate issued from the blockchain-based official certificate authentication request server 600 with the official certificate registration information DB 311 corresponding user Extract the public key for the public certificate, and operate the hash processing engine 320 to hash the extracted public certificate public key and the transmitted personal information for issuing the public certificate issuance to the public certificate node hash information for preparation. Processing,
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 공인인증서 등록관련정보DB(311)에 저장된 정보 중 블록체인기반 공인인증서 발급 시 등록된 공인인증서 노드해시정보를 추출하고, 그 추출된 공인인증서 노드해시정보의 해시값과 상기 대비용 공인인증서 노드해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인하여, 동일한 경우 공인인증서의 유효성이 적법하다고 판단하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템.In the hash processing engine 320 of the blockchain-based public certificate management server 300, among the information stored in the public certificate registration information DB 311, the public certificate node hash information registered when issuing a blockchain-based public certificate is issued. Extracts the hash value of the extracted public certificate node hash information and the hash value of the prepared public certificate node hash information, respectively, and checks whether the calculated hash values are the same, Certified certificate authentication system based on the blockchain, characterized in that the validity of the legal decision.
  4. 제3항에 있어서, The method of claim 3,
    상기 블록체인기반 공인인증서 관리서버(300)는 상기 공인인증서 노드해시정보의 연산된 해시값과 상기 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일하지 않은 경우 상기 사용자단말기(100)로 블록체인기반 공인인증 수행과정이 거부되었다는 메시지가 통보되도록 제어하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템.The blockchain-based official certificate management server 300 is the user terminal 100 when the calculated hash value of the certificate certificate node hash information and the calculated hash value of the prepared official certificate node hash information is not the same. The blockchain-based accredited certificate authentication system characterized in that the control to be notified that the message that the blockchain-based accredited authentication process has been rejected.
  5. 제3항에 있어서, The method of claim 3,
    상기 공인인증서 등록관련정보DB(311)에는, 상기 순차적으로 누적저장된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보가 누적저장되고, In the official certificate registration information DB 311, the official certificate root hash identifier for registration, which is an identifier for identifying the official certificate root hash information for registration in which the cumulatively stored official certificate node hash information has a Merkle tree structure. Information is accumulated and stored,
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 상기 공인인증서 노드해시정보의 연산된 해시값과 상기 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일한 경우 추가로 공인인증서 발급 시 등록된 상기 공인인증서 노드해시정보가 머클트리 구조로 속한 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보를 상기 공인인증서 등록관련정보DB(311)에서 추출하며, 상기 추출된 등록용 공인인증서 루트해시 식별자정보를 참조하여 해당 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 모든 공인인증서 노드해시정보를 상기 공인인증서 등록관련정보DB(311)에서 추출하고, 그 추출된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 대비용 공인인증서 루트해시정보로 가공처리하며, 상기 추출된 등록용 공인인증서 루트해시 식별자정보를 상기 공인인증서 위변조 감시관련정보 DB(312)와 매칭하여 위변조 감시용 트랜잭션 ID정보를 추출하고 이를, 상기 블록체인 보유서버(400)로 전송하며, The hash processing engine 320 of the blockchain-based public certificate management server 300 adds the calculated hash value of the public certificate node hash information and the calculated hash value of the prepared public certificate node hash information. The certificate certification related information DB for the certification certificate root hash identifier for registration, which is an identifier for identifying the certification certificate root hash information for registration belonging to the Merkle Tree structure, is registered when the certificate issuance is issued. All public certificates extracted from (311) and forming the Merkle Tree structure of the public certificate root hash information for registration to which the public certificate node hash information of the user belongs with reference to the extracted public certificate root hash identifier information extracted for registration. The node hash information is extracted from the public certificate registration information DB 311, and the extracted public certificate node hash information is a Merkle tree structure. Process the prepared official certificate root hash information for the prepared, and match the extracted public certificate root hash identifier information for registration with the official certificate forgery monitoring related information DB 312 to extract the transaction ID information for forgery monitoring This is transmitted to the blockchain holding server 400,
    상기 블록체인 보유서버(400)은 상기 전송된 위변조 감시용 트랜잭션 ID정보를 전자지갑에 구비된 블록체인과 매칭하여, 매칭되는 위변조 감시용 트랜잭션정보를 추출하고, 그 추출된 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 추출한 후 이를 상기 블록체인기반 공인인증서 관리서버(300)로 전송하고, The blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts matching forgery monitoring transaction information, and extracts the matching forgery monitoring transaction information. After extracting the included public certificate root hash information for registration and transmits it to the blockchain-based public certificate management server 300,
    상기 블록체인기반 공인인증서 관리서버(300)는 상기 등록용 공인인증서 루트해시정보를 전송받고, 상기 해시처리엔진(320)을 운영하여 상기 전송된 등록용 공인인증서 루트해시정보의 해시값과 상기 생성된 대비용 공인인증서 루트해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인하여, 동일한 경우 공인인증서의 유효성이 적법하다고 판단하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템.The blockchain-based public certificate management server 300 receives the public certificate root hash information for registration, operates the hash processing engine 320 and the hash value of the public certificate root hash information transmitted. Computing the hash value of the generated public certificate root hash information prepared for each, and checks whether the calculated hash value is the same, and if the same block chain characterized in that the validity of the public certificate is determined to be legitimate Based on the accredited certificate certification system.
  6. 제5항에 있어서, The method of claim 5,
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 상기 등록용 공인인증서 루트해시정보와 상기 각 대비용 공인인증서 루트해시정보의 해시값 중 동일하지 않은 양쪽의 해시값이 존재하는 경우 상기 공인인증서 등록관련정보DB(311)에 누적관리되는 고객의 공인인증서 발급용 개인정보 또는 공인인증서용 공개키 정보 중 해당 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들에 대응되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 것을 감지하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템.The hash processing engine 320 of the blockchain-based official certificate management server 300 has a hash value that is not the same among the hash values of the public certificate root hash information for the registration and the public certificate root hash information for each preparation. If present, the certification certificate root for registration belonging to the public certificate information of the certificate or the public key information for the public certificate issued by the customer cumulatively managed in the public certificate registration related information DB (311) belonging to the public certificate node hash information of the user The block chain based on the block chain, which detects that the personal information for issuing the public certificate and the public key for the public certificate for which the public certificate for the certificate is composed of the pair corresponding to the node hash information of the hash information of the hash information are forged. Accredited Certificate Certification System.
  7. 제1항에 있어서, The method of claim 1,
    상기 사용자단말기(100)에는, 복호화엔진(160); 및 공인인증용 개인키가 저장된 메모리(120);를 포함하고, The user terminal 100, the decryption engine 160; And a memory 120 in which a private key for public authentication is stored.
    상기 블록체인기반 공인인증서 인증요청서버(600)에는, 난수발생기(630); 및 암호화엔진(640);을 포함하며, The blockchain-based authorized certificate authentication request server 600, a random number generator (630); And an encryption engine 640;
    상기 블록체인기반 공인인증서 인증요청서버(600)는 상기 블록체인기반 공인인증서 관리서버(300)로부터 공인인증서용 공개키를 전송받고, 상기 사용자단말기(100) 간의 인터넷 통신규약을 확인하며, 그 확인된 인터넷 통신규약이 http인 경우 상기 난수발생기(630)를 운영하여 랜덤값인 랜덤세션키가 생성되도록 제어하며, 상기 암호화엔진(640)을 운영하여 상기 공인인증서용 공개키를 이용하여 상기 랜덤세션키를 암호화하여 암호화 랜덤세션키로 변환하고 이를 상기 사용자단말기(100)로 전송하고, The blockchain-based public certificate authentication request server 600 receives the public key for the public certificate from the blockchain-based public certificate management server 300, and checks the Internet communication protocol between the user terminal 100, and confirms that. If the established Internet communication protocol is http, the random number generator 630 operates to generate a random session key having a random value, and operates the encryption engine 640 to use the public key for the public certificate for the random session. Encrypts the key and converts it into an encrypted random session key and transmits it to the user terminal 100,
    상기 사용자단말기(100)는 상기 복호화엔진(160)을 운영하여, 상기 메모리(120)에 저장된 공인인증용 개인키를 토대로 상기 전송된 암호화 랜덤세션키를 복호화하여 랜덤세션키로 변환되도록 제어함으로써, 사용자 인증을 안전하게 수행하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템.The user terminal 100 operates the decryption engine 160 to control the decryption of the transmitted encrypted random session key based on a private key stored in the memory 120 to be converted into a random session key. Authorized certificate authentication system based on blockchain, characterized in that the authentication is performed safely.
  8. 제7항에 있어서, The method of claim 7, wherein
    상기 사용자단말기(100)에는, 암호화엔진(130); 난수발생기(630); 및 해시처리엔진(140);을 포함하고, The user terminal 100, the encryption engine 130; Random number generator 630; And a hash processing engine 140;
    상기 블록체인기반 공인인증서 인증요청서버(600)에는, 해시처리엔진(620); 및 복호화엔진(650);을 포함하며, The blockchain-based public certificate authentication request server 600 includes a hash processing engine 620; And a decryption engine 650;
    상기 블록체인기반 공인인증서 인증요청서버(600)는 상기 사용자단말기(100) 간의 인터넷 통신규약이 https인 경우 상기 난수발생기(630)를 운영하여 랜덤값인 난수데이터를 생성하고, 이를 상기 사용자단말기(100)로 전송하고, The blockchain-based authorized certificate authentication request server 600 generates random number data having a random value by operating the random number generator 630 when the Internet communication protocol between the user terminal 100 is https, and the user terminal ( 100),
    상기 사용자단말기(100)는 상기 해시처리엔진(140)을 운영하여, 상기 전송된 난수데이터를 해싱연산하여 난수해시정보로 가공처리하며, 상기 암호화엔진(130)을 운영하여, 상기 메모리(120)에 저장관리되는 공인인증용 개인키를 토대로 상기 난수해시정보를 암호화하여 암호화 난수해시정보로 변환하고 이를, 상기 블록체인기반 공인인증서 인증요청서버(600)로 전송하며, The user terminal 100 operates the hash processing engine 140 to hash the transmitted random number data to process the random number hash information, and operates the encryption engine 130 to operate the memory 120. Encrypts the random number hash information based on the private key for public authentication stored in the system and converts the random number hash information into encrypted random number hash information, and transmits it to the blockchain-based authorized certificate authentication request server 600,
    상기 블록체인기반 공인인증서 인증요청서버(600)는 상기 해시처리엔진(620)을 운영하여 상기 사용자단말기(100)로 전송된 것과 동일한 값을 갖는 난수데이터를 해싱연산하여 대비용 난수해시정보로 가공처리하고, 상기 복호화엔진(650)을 운영하여 해당 사용자의 공인인증서용 공개키를 토대로 상기 전송된 암호화 난수해시정보를 복호화하여 난수해시정보로 변환되도록 제어하고, 그 변환된 난수해시정보의 해시값과 상기 대비용 난수해시정보의 해시값을 각각 연산하여 양쪽의 해시값이 동일한 것을 확인함으로써, 사용자의 인증을 수행하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템.The blockchain-based official certificate authentication request server 600 operates the hash processing engine 620 to hash random data having the same value as that transmitted to the user terminal 100 to prepare random number hash information for preparation. Processing and operating the decryption engine 650 to decrypt the transmitted encrypted random number hash information based on the public key for the public certificate of the corresponding user and control it to be converted into random number hash information, and the converted random number hash. Computing the hash value of the information and the hash value of the random number hash information for the prepared by verifying that both hash values are the same, authentication of the authentication system based on the block chain, characterized in that for performing the user authentication.
  9. 제1항에 있어서, The method of claim 1,
    상기 블록체인기반 공인인증서 관리서버(300)에는, 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키, 상기 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 해싱처리된 공인인증서 노드해시정보로 구분되어 순차적으로 누적저장되고, 상기 순차적으로 누적저장된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보가 누적저장되는 공인인증서 등록관련정보DB(311) 및 상기 블록체인기반 공인인증서 관리서버(300)에서 위변조 감시용 트랜잭션정보가 생성될 때마다 식별자로서 함께 생성된 위변조 감시용 트랜잭션 ID정보가 누적 저장되는 공인인증서 위변조 감시관련정보 DB(312);를 갖는 DB부(310); 및 해시처리엔진(320);을 포함하고, In the blockchain-based public certificate management server 300, a public certificate for the public information for public certificate and public certificate for certificate issuance, a public certificate for public certificate for public certificate, and the public certificate for public certificate for public authentication Certificate node hash information, which is divided into certificate node hash information and stored sequentially, and accumulates and stores the certificate certificate hash hash for registration, which is an identifier for identifying the registered certificate root hash information that has a Merkle tree structure. Forgery monitoring transaction ID information generated together as an identifier each time the forgery monitoring transaction information is generated in the public certificate registration information DB (311) and the blockchain-based public certificate management server 300 accumulatively stored at the time identifier information DB unit 310 having a certified certificate forgery monitoring related information DB 312; And a hash processing engine 320;
    상기 블록체인기반 공인인증서 인증요청서버(600)는 상기 사용자단말기(100)로부터 블록체인기반 공인인증서의 파기 요청이 있으면, 상기 공인인증서 등록관련정보DB(311)에 저장된 해당 사용자의 공인인증서 노드해시정보를 파기 공인인증서 노드해시정보로 변경저장하고, 블록체인기반 공인인증서의 파기를 요청한 해당 사용자의 공인인증서 노드해시정보를 기설정된 루트해시 생성구간으로 카운팅될 수 있도록 상기 공인인증서 등록관련정보DB(311)에 반복저장하며, When the blockchain-based authorized certificate authentication request server 600 requests the destruction of the blockchain-based authorized certificate from the user terminal 100, the authorized certificate node solution of the corresponding user stored in the certificate registration information DB 311 Change and save the city information to the official certificate node hash information, and register the public certificate node hash information of the user who requested the destruction of the blockchain-based public certificate to the predetermined route hash generation section. Repeatedly stored in the related information DB (311),
    상기 블록체인기반 공인인증서 관리서버(300)는 블록체인기반 공인인증서의 파기를 요청한 해당 사용자의 공인인증서 노드해시정보가 포함된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키의 개수가 기설정된 루트해시 생성구간에 도달되면, 상기 해시처리엔진(320)을 운영하여 기설정된 루트해시 생성구간만큼 카운팅된 상기 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 저장순번대로 해싱하여 공인인증서 노드해시정보로 가공처리함으로써, 상기 블록체인 보유서버(400)들로 전송되어 등록되는 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 이루는 머클리트 구조에 블록체인기반 공인인증서의 파기를 요청한 해당 사용자의 공인인증서 노드해시정보도 포함되도록 제어하여, 사용자가 자신의 블록체인기반의 공인인증서가 파기되었다는 것을 확인할 수 있게 안내하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템.The blockchain-based public certificate management server 300 has a number of public key for public information and public certificate for issuing a set of public certificates including the public certificate node hash information of the user who requested the destruction of the blockchain-based public certificate. When the predetermined route hash generation section is reached, the hash processing engine 320 operates to store the set of personal information for issuing the public certificate and the public key for the public certificate, which are counted by the predetermined route hash generation section, in the order of storage order. By hashing and processing the certificate into the hash certificate information, the block structure in the Merchant structure that constitutes the authentication certificate root hash information for registration contained in the forgery monitoring transaction information transmitted and registered to the blockchain holding server 400 The user can automatically control node hash information of the user who requested the destruction of the chain-based certificate. Authorized certificate authentication system based on blockchain, characterized by guiding to confirm that the new blockchain-based official certificate has been destroyed.
  10. 제1항에 있어서, The method of claim 1,
    상기 블록체인기반 공인인증서 인증요청서버(600)에는, 상기 사용자단말기(100)를 운영하는 사용자의 공인인증서 발급용 개인정보가 회원별 사용자 식별정보 DB(611)를 갖는 DB부(610);를 포함하고, The blockchain-based official certificate authentication request server 600, DB section 610 having the personal information for issuing the public certificate of the user who operates the user terminal 100 has a user identification information DB 611 for each member; Including,
    상기 블록체인기반 공인인증서 관리서버(300)에는, 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키, 상기 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 해싱처리된 공인인증서 노드해시정보로 구분되어 순차적으로 누적저장되고, 상기 공인인증서 노드해시정보 생성 시 그 생성되는 공인인증서 노드해시정보의 저장순번을 나타내는 공인인증서 노드인덱스정보가 순차적으로 누적저장되며, 상기 순차적으로 누적저장된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보가 누적저장되는 공인인증서 등록관련정보DB(311) 및 상기 블록체인기반 공인인증서 관리서버(300)에서 위변조 감시용 트랜잭션정보가 생성될 때마다 식별자로서 함께 생성된 위변조 감시용 트랜잭션 ID정보가 누적 저장되는 공인인증서 위변조 감시관련정보 DB(312);를 갖는 DB부(310); 및 해시처리엔진(320);을 포함하며, In the blockchain-based public certificate management server 300, a public certificate for the public information for public certificate and public certificate for certificate issuance, a public certificate for public certificate for public certificate, and the public certificate for public certificate for public authentication It is divided into certificate node hash information and stored sequentially, and accumulates and stores the certificate certificate node index information indicating the order of storing the certificate certificate node hash information generated when generating the certificate certificate node hash information. Accredited certificate registration information DB that accumulates and stores the accredited certificate root hash identifier information for registration, which is an identifier that identifies the accredited certificate root hash information that is sequentially accumulated and stored in the certificate certificate node hash information. And forgery monitoring transaction in the blockchain-based authorized certificate management server (300) DB 310 having; boy the forgery monitoring transaction ID information is accumulated stored certificate forgery monitoring information DB (312) that is generated with an identifier every time the generated; And a hash processing engine 320;
    위변조 검증 요청 단말기(500);를 포함하고, A forgery verification request terminal 500;
    상기 위변조 검증 요청 단말기(500)에서, 상기 블록체인기반 공인인증서 인증요청서버(600)로 특정 사용자의 블록체인기반 공인인증서의 감시를 요청하고, In the forgery verification request terminal 500, the blockchain-based authorized certificate authentication request server 600 requests the monitoring of the blockchain-based authorized certificate of a specific user,
    상기 블록체인기반 공인인증서 인증요청서버(600)는 블록체인기반 공인인증서의 감시를 요청한 특정 사용자의 공인인증서 발급용 개인정보를 상기 회원별 사용자 식별정보DB(311)에서 추출하고 이를, 상기 블록체인기반 공인인증서 관리서버(300)로 전송하며, The blockchain-based public certificate authentication request server 600 extracts personal information for issuing a public certificate of a specific user who has requested the monitoring of a blockchain-based public certificate from the user identification information DB 311 for each member, and the blockchain. Based on the certificate management server 300 to transmit,
    상기 블록체인기반 공인인증서 관리서버(300)는 상기 전송된 블록체인기반 공인인증서의 감시를 요청한 특정 사용자의 공인인증서 발급용 개인정보를 상기 공인인증서 등록관련정보DB(611)와 매칭하여 특정 사용자의 공인인증서 노드해시정보를 인지하고, 그 인지된 특정 사용자의 공인인증서 노드해시정보가 머클트리 구조로 속한 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보를 상기 공인인증서 등록관련정보DB(311)에서 추출하고, 해시처리엔진(320)을 운영하여, 상기 추출된 등록용 공인인증서 루트해시 식별자정보를 참조하여 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 모든 공인인증서 노드해시정보를 상기 공인인증서 등록관련정보DB(311)에서 추출하고, 그 추출된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 대비용 공인인증서 루트해시정보로 가공처리하며, 상기 추출된 등록용 공인인증서 루트해시 식별자정보를 공인인증서 위변조 감시관련정보 DB(312)와 매칭하여 등록용 공인인증서 루트해시정보가 포함된 위변조 감시용 트랜잭션정보를 식별하는 위변조 감시용 트랜잭션 ID정보를 추출하고 이를, 상기 블록체인 보유서버(400)로 전송하고, The blockchain-based official certificate management server 300 matches personal information for issuing a certificate of a specific user who has requested the monitoring of the transmitted blockchain-based official certificate with the official certificate registration related information DB 611 of the specific user. Recognition of certification certificate node hash information, and certification certificate root hash identifier information for registration, which is an identifier that identifies the certification certificate root hash information for registration belonging to the Merkle Tree structure. Extracts from the public certificate registration information DB 311, operates the hash processing engine 320, and the public certificate node hash information of a specific user is referred to by referring to the extracted public certificate root hash identifier information. All certificate certificates that form the Merkle Tree structure of the registered certificate certificate root hash information belong to the certificate certificate related information. Extracted from the DB 311, the extracted public certificate node hash information is processed into the prepared public certificate certificate root hash information consisting of the Merkle tree structure, the public certificate certificate for registration registered root hash identifier information The forgery monitoring transaction ID information for identifying the forgery monitoring transaction information including the authentication certificate root hash information for registration is matched with the certificate forgery monitoring related information DB (312), and the blockchain holding server 400 To,
    상기 블록체인 보유서버(400)는 상기 전송된 위변조 감시용 트랜잭션 ID정보를 전자지갑에 구비된 블록체인과 매칭하여, 매칭되는 위변조 감시용 트랜잭션정보를 추출하고, 그 추출된 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 추출한 후 이를 상기 블록체인기반 공인인증서 관리서버(300)로 전송하며, The blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts matching forgery monitoring transaction information, and extracts the matching forgery monitoring transaction information. After extracting the authentication certificate root hash information included in the registration and transmits it to the blockchain-based public certificate management server 300,
    상기 블록체인기반 공인인증서 관리서버(300)는 상기 등록용 공인인증서 루트해시정보를 전송받고, 상기 해시처리엔진(320)을 운영하여 상기 전송된 등록용 공인인증서 루트해시정보의 해시값과 상기 생성된 대비용 공인인증서 루트해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인함으로써, 동일한 경우 상기 위변조 검증 요청 단말기(500)로 요청한 특정 사용자의 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되지 않았다는 메시지가 통보되도록 제어하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템.The blockchain-based public certificate management server 300 receives the public certificate root hash information for registration, operates the hash processing engine 320 and the hash value of the public certificate root hash information transmitted. Computing the hash value of the prepared public certification certificate root hash information, respectively, and checks that the calculated hash value is the same, if the same is made of a pair of specific users requested to the forgery verification request terminal 500 A public certificate authentication system based on a blockchain, characterized in that a control message is notified that personal information for public certificate issuance and public key for public certificate are not forged.
  11. 제10항에 있어서, The method of claim 10,
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)은 상기 공인인증서 노드해시정보의 연산된 해시값과 상기 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일하지 않은 경우 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들 중 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 저장순번을 나타내는 공인인증서 노드인덱스정보를 인지하고, 특정 사용자의 공인인증서 노드해시정보의 저장순번을 나타내는 공인인증서 노드인덱스정보를 상기 공인인증서 등록관련정보DB(311)를 통해 인지한 상태에서 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일한지 확인하여, 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일한 경우 상기 위변조 검증 요청 단말기(500)로 특정 사용자의 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 메시지가 통보되도록 제어하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템.The hash processing engine 320 of the blockchain-based public certificate management server 300 has a calculated hash value of the public certificate node hash information and a hash value of the prepared public certificate node hash information is not the same. In case of storing the certificate certificate node hash information having the same hash value among the certificate certificate node hash information forming the Merkle Tree structure of the registered certificate certificate root hash information to which the user certificate certificate node hash information belongs In the state of recognizing the authentication certificate node index information indicating the sequence number, and the authentication certificate node index information indicating the storage sequence of the authentication certificate node hash information of a specific user through the certification certificate registration information DB 311 is not the same. The corresponding certificate node with the hash value that is not recognized The certificate node of the hash information The index information and the certificate node of the specific user Public certificate of the city information Check that the index number of the node index information is the same, and the certificate of the node certificate information and the certificate of the node hash information and the certificate of the node hash information of the specific certificate node hash information with the same hash value When the storage order of the node index information is the same, the block for controlling the forgery verification request terminal 500 to be notified of a message indicating that the personal information for issuing a group of a specific user and the public key for the public certificate for the public certificate are forged. A certificate based certification system based on chain.
  12. 제11항에 있어서, The method of claim 11,
    상기 블록체인기반 공인인증서 관리서버(300)는 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일하지 않은 경우 상기 위변조 검증 요청 단말기(500)로 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되지 않았다는 메시지가 통보되도록 제어함과 더불어, 상기 공인인증서 등록관련정보DB(311)에 누적관리되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키 정보 중 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들에 대응되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 것을 감지하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증시스템.The blockchain-based public certificate management server 300 stores the public certificate node index information of the corresponding public certificate node hash information having a different hash value and the public certificate node index information of the public certificate node hash information of a specific user. If the sequence number is not the same, the forgery verification request terminal 500 controls the notification that the personal information for issuing a pair of certificates and the public key for the public certificate that the certificate has not been forged, and the public certificate registration information DB Authorization that forms the Merkle Tree structure of the certification certificate root hash information to which the certification certificate node hash information of a specific user belongs among the personal information for issuance of the public certificate and the public key information for the public certificate, which are collectively managed in (311). Personal certificate for issuance of a set of accredited certificates corresponding to the certificate node hash information. And certificate authentication system that the certificate for the public key has been forged based on the block chain which comprises detection.
  13. 사용자단말기(100)에서 블록체인기반 공인인증서 인증요청서버(600)에 접속하여 블록체인기반 공인인증을 요청하는 단계(S300)와; Step S300 of accessing the blockchain-based authorized certificate authentication request server 600 from the user terminal 100 to request blockchain-based official authentication;
    상기 블록체인기반 공인인증서 인증요청서버(600)에서, 블록체인기반 공인인증 요청에 따라 회원별 사용자 식별정보 DB(611)에서 상기 사용자단말기(100)를 운영하는 해당 사용자의 공인인증서 발급용 개인정보를 추출하고, 이를 블록체인기반 공인인증서 관리서버(300)로 전송하는 단계(S310)와; In the blockchain-based public certificate authentication request server 600, the personal information for issuing the public certificate of the corresponding user operating the user terminal 100 in the user identification information DB 611 for each member according to the blockchain-based public authentication request Extracting and transmitting the same to the blockchain-based authorized certificate management server 300 (S310);
    상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 전송되는 공인인증서 발급용 개인정보를 토대로 해당 사용자의 공인인증서 유효성을 판단하는 단계(S320)와; Determining, in the blockchain-based public certificate management server 300, validity of the public certificate of the corresponding user based on the transmitted personal information for issuing the public certificate (S320);
    상기 블록체인기반 공인인증서 관리서버(300)에서, 공인인증서의 유효성이 적법하다고 판단되면, 공인인증서 등록관련정보DB(311)에서 해당 사용자의 공인인증서용 공개키를 추출하고 이를, 상기 블록체인기반 공인인증서 인증요청서버(600)로 전송하는 단계(S330)와; In the blockchain-based public certificate management server 300, if it is determined that the validity of the public certificate is legitimate, the public certificate for the public certificate of the corresponding user is extracted from the public certificate registration information DB 311, and the blockchain-based Transmitting to the public certificate authentication request server 600 (S330);
    상기 블록체인기반 공인인증서 인증요청서버(600)에서, 상기 공인인증서용 공개키를 전송받고, 그 전송된 공인인증서용 공개키를 토대로 상기 사용자단말기(100) 간에 사용자인증을 수행하는 단계(S3400);로 이루어진 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증방법.In the blockchain-based public certificate authentication request server 600, receiving the public key for the public certificate, and performing user authentication between the user terminals 100 based on the transmitted public certificate public key (S3400). Certified method authentication method based on the block chain, characterized in that consisting of.
  14. 제13항에 있어서, The method of claim 13,
    상기 블록체인기반 공인인증서 인증요청서버(600)에서, 블록체인기반 공인인증 요청에 따라 회원별 사용자 식별정보 DB(611)에서 상기 사용자단말기(100)를 운영하는 해당 사용자의 공인인증서 발급용 개인정보를 추출하고, 이를 블록체인기반 공인인증서 관리서버(300)로 전송하는 S310단계에 있어서, In the blockchain-based public certificate authentication request server 600, the personal information for issuing the public certificate of the corresponding user operating the user terminal 100 in the user identification information DB 611 for each member according to the blockchain-based public authentication request In step S310 of extracting and transmitting it to the blockchain-based authorized certificate management server 300,
    상기 블록체인기반 공인인증서 관리서버(300)로 전송되는 상기 공인인증서 발급용 개인정보는 해싱연산에 의해 사용자 식별해시정보로 가공처리된 상태로 전송되는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증방법.The personal information for issuing the public certificate is transmitted to the blockchain-based public certificate management server 300 is processed based on the block chain, characterized in that the processing is processed as a user identification hash information by hashing operation Certificate authentication method.
  15. 제13항에 있어서, The method of claim 13,
    상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 전송되는 공인인증서 발급용 개인정보를 토대로 해당 사용자의 공인인증서 유효성을 판단하는 S320단계는, In the blockchain-based public certificate management server 300, the step S320 of determining the validity of the public certificate of the corresponding user based on the personal information for issuing the public certificate issuing,
    상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 블록체인기반 공인인증서 인증요청서버(600)로부터 전송된 공인인증서 발급용 개인정보를 공인인증서 등록관련정보DB(311)와 매칭하여 해당 사용자의 공인인증서용 공개키를 추출하고, 해시처리엔진(320)을 운영하여 그 추출된 공인인증서용 공개키와 상기 전송된 공인인증서 발급용 개인정보를 해싱하여 대비용 공인인증서 노드해시정보로 가공처리하는 단계(S321)와; In the blockchain-based public certificate management server 300, the personal information for issuing the public certificate issued from the blockchain-based public certificate authentication request server 600 is matched with the public certificate registration information DB 311 of the corresponding user. The public key for public certificate is extracted, and the hash processing engine 320 is operated to hash the extracted public certificate public key and the personal information for issuing the public certificate to be processed and processed into a public certificate node hash information for preparation. Step S321;
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 공인인증서 등록관련정보DB(311)에 저장된 정보 중 블록체인기반 공인인증서 발급 시 등록된 공인인증서 노드해시정보를 추출하고, 그 추출된 공인인증서 노드해시정보의 해시값과 상기 대비용 공인인증서 노드해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인하는 단계(S322); 이후,In the hash processing engine 320 of the blockchain-based public certificate management server 300, among the information stored in the public certificate registration information DB 311, the public certificate node hash information registered when issuing a blockchain-based public certificate is issued. Extracting and calculating the hash value of the extracted public certificate node hash information and the hash value of the prepared public certificate node hash information, respectively, and checking whether the calculated hash values are the same (S322); after,
    상기 공인인증서 노드해시정보의 연산된 해시값과 상기 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일한 경우 상기 블록체인기반 공인인증서 관리서버(300)에서, 공인인증서의 유효성이 적법하다고 판단되면, 공인인증서 등록관련정보DB(311)에서 해당 사용자의 공인인증서용 공개키를 추출하고 이를, 상기 블록체인기반 공인인증서 인증요청서버(600)로 전송하는 S330단계로 진입하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증방법.If the calculated hash value of the public certificate node hash information and the calculated hash value of the prepared public certificate node hash information are the same, in the blockchain-based public certificate management server 300, the validity of the public certificate is legal. If it is determined, extracting the public key for the public certificate of the corresponding user from the public certificate registration information DB (311), and transmits it to the blockchain-based public certificate authentication request server 600, characterized in that entering into step S330 Authentication method for accredited certificates based on blockchain.
  16. 제15항에 있어서, The method of claim 15,
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 공인인증서 등록관련정보DB(311)에서 공인인증서 발급 시 등록된 공인인증서 노드해시정보를 추출하고, 그 추출된 공인인증서 노드해시정보의 해시값과 상기 대비용 공인인증서 노드해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인하는 S322단계에 있어서, In the hash processing engine 320 of the blockchain-based public certificate management server 300, the public certificate node hash information registered when the public certificate is issued from the public certificate registration information DB 311 is extracted, and the extracted In step S322 of calculating a hash value of the public certificate node hash information and a hash value of the prepared public certificate node hash information, respectively, and checking whether the calculated hash values are the same,
    상기 공인인증서 노드해시정보의 연산된 해시값과 상기 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일하지 않은 경우 상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 사용자단말기(100)로 블록체인기반 공인인증 수행과정이 거부되었다는 메시지가 통보되도록 제어하는 단계(S323);를 포함하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증방법.If the calculated hash value of the official certificate node hash information and the calculated hash value of the prepared official certificate node hash information are not the same, in the blockchain-based official certificate management server 300, the user terminal 100 And controlling to be notified that a message indicating that the blockchain-based authentication process has been denied (S323) is included in the blockchain-based authentication certificate authentication method.
  17. 제15항에 있어서, The method of claim 15,
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 공인인증서 등록관련정보DB(311)에서 공인인증서 발급 시 등록된 공인인증서 노드해시정보를 추출하고, 그 추출된 공인인증서 노드해시정보의 해시값과 상기 대비용 공인인증서 노드해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인하는 S322단계에 있어서, In the hash processing engine 320 of the blockchain-based public certificate management server 300, the public certificate node hash information registered when the public certificate is issued from the public certificate registration information DB 311 is extracted, and the extracted In step S322 of calculating a hash value of the public certificate node hash information and a hash value of the prepared public certificate node hash information, respectively, and checking whether the calculated hash values are the same,
    상기 공인인증서 노드해시정보의 연산된 해시값과 상기 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일한 경우 상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 공인인증서 발급 시 등록된 상기 공인인증서 노드해시정보가 머클트리 구조로 속한 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보를 상기 공인인증서 등록관련정보DB(311)에서 추출하는 단계(S324)와; In the hash processing engine 320 of the blockchain-based authorized certificate management server 300 when the calculated hash value of the certificate certificate node hash information and the calculated hash value of the prepared certificate certificate node hash information are the same, The certification certificate registration hash information for the certification certificate root hash identifier for registration, which is an identifier for identifying the certification certificate root hash information for registration belonging to the Merkle Tree structure, is registered when the certificate issuance is issued. Extracting at 311) (S324);
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 추출된 등록용 공인인증서 루트해시 식별자정보를 참조하여 해당 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 모든 공인인증서 노드해시정보를 상기 공인인증서 등록관련정보DB(311)에서 추출하고, 그 추출된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 대비용 공인인증서 루트해시정보로 가공처리하는 단계(S325)와; In the hash processing engine 320 of the blockchain-based public certificate management server 300, the public certificate for registration to which the public certificate node hash information of the user belongs by referring to the extracted public certificate root hash identifier information extracted for registration. Extract all the public certificate node hash information forming the Merkle Tree structure of the root hash information from the public certificate registration information DB 311, and extract the public certificate node hash information from the extracted public certificate node. Processing the certificate route hash information (S325);
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 추출된 등록용 공인인증서 루트해시 식별자정보를 공인인증서 위변조 감시관련정보 DB(312)와 매칭하여 등록용 공인인증서 루트해시정보가 포함된 위변조 감시용 트랜잭션정보를 식별하는 위변조 감시용 트랜잭션 ID정보를 추출하고 이를, 상기 블록체인 보유서버(400)로 전송하는 단계(S326)와; In the hash processing engine 320 of the blockchain-based official certificate management server 300, matching the extracted public certificate root hash identifier information for registration with the public certificate forgery monitoring-related information DB 312 to register the public certificate for registration Extracting forgery monitoring transaction ID information for identifying forgery monitoring transaction information including root hash information and transmitting the same to the blockchain holding server 400 (S326);
    상기 블록체인 보유서버(400)에서, 상기 전송된 위변조 감시용 트랜잭션 ID정보를 전자지갑에 구비된 블록체인과 매칭하여, 매칭되는 위변조 감시용 트랜잭션정보를 추출하고, 그 추출된 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 추출한 후 이를 상기 블록체인기반 공인인증서 관리서버(300)로 전송하는 단계(S327)와; The blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts matching forgery monitoring transaction information, and extracts the extracted forgery monitoring transaction information. Extracting the public certificate root hash information included in the registration and transmitting it to the blockchain-based public certificate management server 300 (S327);
    상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 등록용 공인인증서 루트해시정보를 전송받고, 상기 해시처리엔진(320)을 운영하여 상기 전송된 등록용 공인인증서 루트해시정보의 해시값과 상기 대비용 공인인증서 루트해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인하는 단계(S328);를 더 포함하고, In the blockchain-based public certificate management server 300, receiving the public certificate root hash information for registration, operating the hash processing engine 320, the hash value of the transmitted public certificate root hash information And calculating hash values of the prepared official certificate root hash information and checking whether the calculated hash values are the same (S328).
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 공인인증서 노드해시정보의 연산된 해시값과 상기 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일한 경우 상기 블록체인기반 공인인증서 관리서버(300)에서, 공인인증서의 유효성이 적법하다고 판단되면, 공인인증서 등록관련정보DB(311)에서 해당 사용자의 공인인증서용 공개키를 추출하고 이를, 상기 블록체인기반 공인인증서 인증요청서버(600)로 전송하는 S330단계로 진입하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증방법.In the hash processing engine 320 of the blockchain-based public certificate management server 300, when the calculated hash value of the public certificate node hash information is the same as the calculated hash value of the prepared public certificate node hash information. In the blockchain-based public certificate management server 300, if it is determined that the validity of the public certificate is legitimate, the public certificate for the public certificate of the corresponding user is extracted from the public certificate registration information DB 311, and the blockchain-based Certified certificate authentication method based on the block chain, characterized in that entering into step S330 to transmit to the certificate authentication request server 600.
  18. 제17항에 있어서, The method of claim 17,
    상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 등록용 공인인증서 루트해시정보를 전송받고, 상기 해시처리엔진(320)을 운영하여 상기 전송된 등록용 공인인증서 루트해시정보의 해시값과 상기 생성된 대비용 공인인증서 루트해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인하는 S328단계에 있어서, In the blockchain-based public certificate management server 300, receiving the public certificate root hash information for registration, operating the hash processing engine 320, the hash value of the transmitted public certificate root hash information And in step S328 of calculating the hash values of the generated public certificate root hash information for the prepared comparison and checking whether the calculated hash values are the same.
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 등록용 공인인증서 루트해시정보와 상기 각 대비용 공인인증서 루트해시정보의 해시값 중 동일하지 않은 양쪽의 해시값이 존재하는 경우 상기 공인인증서 등록관련정보DB(311)에 누적관리되는 한 조의 고객의 공인인증서 발급용 개인정보 및 공인인증서용 공개키 정보 중 해당 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들에 대응되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 것을 감지하는 단계(S329);를 포함하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증방법.In the hash processing engine 320 of the blockchain-based public certificate management server 300, both hashes of the hash certificate of the public certificate root hash information for the registration and the public certificate root hash information for each provision are not the same. If there is a value, the registration information belongs to the certification certificate node hash information of the user, among the personal information for the issuance of a set of certificates and public key information for the certificate, which is accumulated and managed in the certificate registration information DB 311. Detecting that the personal information for issuing a public certificate and the public key for the public certificate for which the certificate is composed of a pair corresponding to the public certificate node hash information forming the Merkle Tree structure of the public certificate root hash information are forged (S329); Certified certificate authentication method based on the blockchain, characterized in that.
  19. 제13항에 있어서, The method of claim 13,
    상기 블록체인기반 공인인증서 인증요청서버(600)에서, 상기 공인인증서용 공개키를 전송받고, 그 전송된 공인인증서용 공개키를 토대로 상기 사용자단말기(100) 간에 사용자인증을 수행하는 S3400단계는, In the blockchain-based public certificate authentication request server 600, receiving the public key for the public certificate, and performing the user authentication between the user terminal 100 based on the transmitted public certificate public key, step S3400,
    상기 블록체인기반 공인인증서 인증요청서버(600)에서, 상기 공인인증서용 공개키를 전송받고, 블록체인기반 공인인증을 요청한 해당 사용자단말기(100) 간의 인터넷 통신규약이 http인지 아니면 https인지 확인하는 단계(S340)와; In the blockchain-based public certificate authentication request server 600, receiving the public key for the public certificate, and checking whether the Internet communication protocol between the user terminal 100 requesting the blockchain-based public authentication is http or https. (S340);
    상기 사용자단말기(100)와 상기 블록체인기반 공인인증서 인증요청서버(600) 간의 인터넷 통신규약이 http인 경우 상기 블록체인기반 공인인증서 인증요청서버(600)에서, 난수발생기(630)를 운영하여 랜덤값인 랜덤세션키가 생성되도록 제어하는 단계(S350)와; When the Internet communication protocol between the user terminal 100 and the blockchain-based official certificate authentication request server 600 is http, the blockchain-based official certificate authentication request server 600 operates a random number generator 630 to provide random access. Controlling to generate a random session key as a value (S350);
    상기 블록체인기반 공인인증서 인증요청서버(600)에서, 암호화엔진(640)을 운영하여 상기 공인인증서용 공개키를 이용하여 상기 랜덤세션키를 암호화하여 암호화 랜덤세션키로 변환하고 이를 상기 사용자단말기(100)로 전송하는 단계(S360)와; In the blockchain-based public certificate authentication request server 600, an encryption engine 640 is operated to encrypt the random session key using the public key for the public certificate and convert the random session key into an encrypted random session key, and the user terminal 100 Transmitting (S360);
    상기 사용자단말기(100)에서, 상기 암호화 랜덤세션키를 전송받고, 복호화엔진(160)을 운영하여, 메모리(120)에 저장관리되는 공인인증용 개인키를 토대로 상기 암호화 랜덤세션키를 복호화하여 랜덤세션키로 변환되도록 제어하는 단계(S370);로 이루어진 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증방법.The user terminal 100 receives the encrypted random session key, operates a decryption engine 160, and decrypts the encrypted random session key based on a private key for public authentication stored and managed in the memory 120. Control to be converted to the session key (S370); Authorized certificate authentication method based on the blockchain, characterized in that consisting of.
  20. 제19항에 있어서, The method of claim 19,
    상기 블록체인기반 공인인증서 인증요청서버(600)에서, 상기 공인인증서용 공개키를 전송받고, 블록체인기반 공인인증을 요청한 해당 사용자단말기(100)와 상기 블록체인기반 공인인증서 인증요청서버(600) 간의 인터넷 통신규약이 http인지 아니면 https인지 확인하는 S340단계에 있어서, In the blockchain-based public certificate authentication request server 600, the user terminal 100 and the blockchain-based public certificate authentication request server 600 receiving the public key for the public certificate and requesting a blockchain-based public certification In step S340 to check whether the Internet communication protocol between the http or https,
    상기 사용자단말기(100)와 상기 블록체인기반 공인인증서 인증요청서버(600) 간의 인터넷 통신규약이 https인 경우 상기 블록체인기반 공인인증서 인증요청서버(600)에서, 난수발생기(630)를 운영하여 랜덤값인 난수데이터를 생성하고, 이를 상기 사용자단말기(100)로 전송하는 단계(S380)와; When the Internet communication protocol between the user terminal 100 and the blockchain-based official certificate authentication request server 600 is https, the blockchain-based official certificate authentication request server 600 operates a random number generator 630 to provide random access. Generating random number data which is a value and transmitting the same to the user terminal 100 (S380);
    상기 사용자단말기(100)에서, 해시처리엔진(140)을 운영하여, 상기 전송된 난수데이터를 해싱연산하여 난수해시정보로 가공처리하는 단계(S390)와; In the user terminal 100, operating a hash processing engine 140 to hash the transmitted random number data to process the random number hash information (S390);
    상기 사용자단말기(100)에서, 암호화엔진(130)을 운영하여, 메모리(120)에 저장관리되는 공인인증용 개인키를 토대로 상기 난수해시정보를 암호화하여 암호화 난수해시정보로 변환하고 이를, 상기 블록체인기반 공인인증서 인증요청서버(600)로 전송하는 단계(S400)와; In the user terminal 100, the encryption engine 130 is operated to encrypt the random number hash information on the basis of the authorized private key stored and managed in the memory 120 to convert the encrypted random number hash information, and Transmitting to the blockchain-based official certificate authentication request server 600 (S400);
    상기 블록체인기반 공인인증서 인증요청서버(600)에서, 해시처리엔진(620)을 운영하여 상기 사용자단말기(100)로 전송된 것과 동일한 값을 갖는 난수데이터를 해싱연산하여 대비용 난수해시정보로 가공처리하고, 복호화엔진(650)을 운영하여 해당 사용자의 공인인증서용 공개키를 토대로 상기 전송된 암호화 난수해시정보를 복호화하여 난수해시정보로 변환되도록 제어하고, 그 변환된 난수해시정보의 해시값과 상기 대비용 난수해시정보의 해시값을 각각 연산하여 양쪽의 해시값이 동일한 것을 확인하는 단계(S410);를 포함하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증방법.In the blockchain-based official certificate authentication request server 600, by operating a hash processing engine 620 to hash the random number data having the same value as that sent to the user terminal 100 to prepare a random number hash information for preparation Processing and operating the decryption engine 650 to decrypt the transmitted encrypted random number hash information based on the public key for the public certificate of the corresponding user and control it to be converted into random number hash information, and the converted random number hash information Computing a hash value of the hash value and the random number hash information for the comparison of the step (S410) to confirm that both hash values are the same; Certified certificate authentication method based on a block chain comprising a.
  21. 제13항에 있어서, The method of claim 13,
    상기 사용자단말기(100)에서, 상기 블록체인기반 공인인증서 인증요청서버(600)로 블록체인기반 공인인증서의 파기를 요청하였는지 확인하는 단계(S500)와; Checking, at the user terminal 100, whether the blockchain-based authorized certificate is discarded to the blockchain-based official certificate authentication request server 600 (S500);
    상기 사용자단말기(100)에서, 상기 블록체인기반 공인인증서 인증요청서버(600)로 블록체인기반 공인인증서의 파기를 요청한 경우 상기 블록체인기반 공인인증서 인증요청서버(600)에서, 상기 공인인증서 등록관련정보DB(311)에 저장된 해당 사용자의 공인인증서 노드해시정보를 파기 공인인증서 노드해시정보로 변경저장하는 단계(S510)와; When the user terminal 100 requests the destruction of the blockchain-based official certificate to the blockchain-based official certificate authentication request server 600, the blockchain-based official certificate authentication request server 600 relates to registration of the public certificate. Changing and storing the public certificate node hash information of the corresponding user stored in the information DB 311 into the discard public certificate node hash information (S510);
    상기 블록체인기반 공인인증서 인증요청서버(600)에서, 블록체인기반 공인인증서의 파기를 요청한 해당 사용자의 공인인증서 노드해시정보를 기설정된 루트해시 생성구간에 속하는 개수로 카운팅될 수 있도록 상기 공인인증서 등록관련정보DB(311)에 반복저장하는 단계(S520)와; In the blockchain-based public certificate authentication request server 600, the public certificate node hash information of the corresponding user who requested the destruction of the blockchain-based public certificate is counted as a number belonging to a predetermined route hash generation section. Repeatedly storing the certificate registration information DB 311 (S520);
    상기 블록체인기반 공인인증서 관리서버(300)에서, 블록체인기반 공인인증서의 파기를 요청한 해당 사용자의 공인인증서 노드해시정보가 포함된 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키의 개수가 기설정된 루트해시 생성구간에 도달되면, 해시처리엔진(320)을 운영하여 기설정된 루트해시 생성구간만큼 카운팅된 상기 한 조의 공인인증서 발급용 개인정보 및 공인인증서용 공개키를 저장순번대로 해싱하여 공인인증서 노드해시정보로 가공처리함으로써, 상기 블록체인 보유서버(400)들로 전송되어 등록되는 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 이루는 머클리트 구조에 블록체인기반 공인인증서의 파기를 요청한 해당 사용자의 공인인증서 노드해시정보도 포함되도록 제어하는 단계(S530);를 포함하여, 사용자가 자신의 블록체인기반의 공인인증서가 파기되었다는 것을 확인할 수 있게 안내하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증방법.In the blockchain-based public certificate management server 300, the number of private information and public key for public certificate issuance, including a set of public certificate node hash information including the public certificate node hash of the user who requested the destruction of the blockchain-based public certificate When the preset route hash generation section is reached, the hash processing engine 320 operates the stored private key for issuing the set of public certificate and the public key for the certificate, which are counted by the preset route hash generation section, in the order of storage order. By hashing and processing the certificate into the hash certificate information, the block structure in the Merchant structure that constitutes the authentication certificate root hash information for registration contained in the forgery monitoring transaction information transmitted and registered to the blockchain holding server 400 Controlling to include the hash certificate information of the corresponding user who requested the destruction of the chain-based official certificate (S530); In addition, the authentication method authentication method based on the block chain, characterized in that the user is guided to confirm that the blockchain-based official certificate has been destroyed.
  22. 제13항에 있어서, The method of claim 13,
    위변조 검증 요청 단말기(500)에서, 상기 블록체인기반 공인인증서 인증요청서버(600)로 특정 사용자의 블록체인기반 공인인증서의 감시를 요청하였는지 확인하는 단계(S600)와; Checking in the forgery verification request terminal 500, the blockchain-based authorized certificate authentication request server 600, whether a request for monitoring of a blockchain-based authorized certificate of a specific user is requested (S600);
    상기 위변조 검증 요청 단말기(500)에서, 상기 블록체인기반 공인인증서 인증요청서버(600)로 특정 사용자의 블록체인기반 공인인증서의 감시를 요청한 경우 상기 블록체인기반 공인인증서 인증요청서버(600)에서, 블록체인기반 공인인증서의 감시를 요청한 특정 사용자의 공인인증서 발급용 개인정보를 공인인증서 등록관련정보DB(311)에서 추출하고 이를, 상기 블록체인기반 공인인증서 관리서버(300)로 전송하는 단계(S610)와; In the forgery verification request terminal 500, if the blockchain-based authorized certificate authentication request server 600 requests the monitoring of the blockchain-based authorized certificate of a specific user in the blockchain-based authorized certificate authentication request server 600, Extracting personal information for issuing a certificate of a specific user who has requested the monitoring of a blockchain-based certificate, from the certificate registration information DB 311 and transmitting it to the blockchain-based certificate management server 300 (S610). )Wow;
    상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 전송된 블록체인기반 공인인증서의 감시를 요청한 특정 사용자의 공인인증서 발급용 개인정보를 공인인증서 등록관련정보DB(311)와 매칭하여 특정 사용자의 공인인증서 노드해시정보를 인지하고, 그 인지된 특정 사용자의 공인인증서 노드해시정보가 머클트리 구조로 속한 등록용 공인인증서 루트해시정보를 식별하는 식별자인 등록용 공인인증서 루트해시 식별자정보를 상기 공인인증서 등록관련정보DB(311)에서 추출하는 단계(S620)와; In the blockchain-based official certificate management server 300, by matching the personal information for issuing the certificate of the specific user who requested the monitoring of the transmitted blockchain-based official certificate with the certificate registration information DB (311) of the specific user Recognition of certification certificate node hash information, and certification certificate root hash identifier information for registration, which is an identifier that identifies the certification certificate root hash information for registration belonging to the Merkle Tree structure. Extracting from the public certificate registration information DB 311 (S620);
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 추출된 등록용 공인인증서 루트해시 식별자정보를 참조하여 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 모든 공인인증서 노드해시정보를 상기 공인인증서 등록관련정보DB(311)에서 추출하고, 그 추출된 공인인증서 노드해시정보들이 머클트리 구조로 이루어진 대비용 공인인증서 루트해시정보로 가공처리하는 단계(S630)와; In the hash processing engine 320 of the blockchain-based public certificate management server 300, the public certificate for registration to which the public certificate node hash information of a specific user belongs by referring to the extracted public certificate root hash identifier information extracted for registration. Extract all the public certificate node hash information forming the Merkle Tree structure of the root hash information from the public certificate registration information DB 311, and extract the public certificate node hash information from the extracted public certificate node. Processing the certificate route hash information (S630);
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 추출된 등록용 공인인증서 루트해시 식별자정보를 공인인증서 위변조 감시관련정보 DB(312)와 매칭하여 등록용 공인인증서 루트해시정보가 포함된 위변조 감시용 트랜잭션정보를 식별하는 위변조 감시용 트랜잭션 ID정보를 추출하고 이를, 상기 블록체인 보유서버(400)로 전송하는 단계(S640)와; In the hash processing engine 320 of the blockchain-based official certificate management server 300, matching the extracted public certificate root hash identifier information for registration with the public certificate forgery monitoring-related information DB 312 to register the public certificate for registration Extracting forgery monitoring transaction ID information for identifying forgery monitoring transaction information including root hash information and transmitting the same to the blockchain holding server 400 (S640);
    상기 블록체인 보유서버(400)에서, 상기 전송된 위변조 감시용 트랜잭션 ID정보를 전자지갑에 구비된 블록체인과 매칭하여, 매칭되는 위변조 감시용 트랜잭션정보를 추출하고, 그 추출된 위변조 감시용 트랜잭션정보에 포함된 등록용 공인인증서 루트해시정보를 추출한 후 이를 상기 블록체인기반 공인인증서 관리서버(300)로 전송하는 단계(S650)와; The blockchain holding server 400 matches the transmitted forgery monitoring transaction ID information with the blockchain provided in the electronic wallet, extracts matching forgery monitoring transaction information, and extracts the extracted forgery monitoring transaction information. Extracting the public certificate root hash information included in the registration and transmitting it to the blockchain-based public certificate management server 300 (S650);
    상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 등록용 공인인증서 루트해시정보를 전송받고, 상기 해시처리엔진(320)을 운영하여 상기 전송된 등록용 공인인증서 루트해시정보의 해시값과 상기 대비용 공인인증서 루트해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인하는 단계(S660)와;In the blockchain-based public certificate management server 300, receiving the public certificate root hash information for registration, operating the hash processing engine 320, the hash value of the transmitted public certificate root hash information And calculating hash values of the prepared official certificate root hash information, respectively, and checking whether the calculated hash values are the same (S660);
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 공인인증서 노드해시정보의 연산된 해시값과 상기 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일한 경우 상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 위변조 검증 요청 단말기(500)로 요청한 특정 사용자의 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되지 않았다는 메시지가 통보되도록 제어하는 단계(S670);를 포함하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증방법.In the hash processing engine 320 of the blockchain-based public certificate management server 300, when the calculated hash value of the public certificate node hash information is the same as the calculated hash value of the prepared public certificate node hash information. In the blockchain-based public certificate management server 300, a message indicating that the personal information for issuing a public certificate and the public key for public certificate for which a certificate of a specific user requested to the forgery verification request terminal 500 is not forged is notified. A step (S670); accredited certificate authentication method based on the blockchain comprising a.
  23. 제22항에 있어서, The method of claim 22,
    상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 등록용 공인인증서 루트해시정보를 전송받고, 상기 해시처리엔진(320)을 운영하여 상기 전송된 등록용 공인인증서 루트해시정보의 해시값과 상기 생성된 대비용 공인인증서 루트해시정보의 해시값을 각각 연산하고, 그 연산된 양쪽의 해시값이 동일한지 확인하는 S660단계에 있어서, In the blockchain-based public certificate management server 300, receiving the public certificate root hash information for registration, operating the hash processing engine 320, the hash value of the transmitted public certificate root hash information And in step S660 of calculating a hash value of the generated public certificate root hash information for the prepared contrast and checking whether the calculated hash values are the same,
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 공인인증서 노드해시정보의 연산된 해시값과 상기 대비용 공인인증서 노드해시정보의 연산된 해시값이 동일하지 않은 경우 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들 중 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 저장순번을 나타내는 공인인증서 노드인덱스정보를 인지하는 단계(S661)와; In the hash processing engine 320 of the blockchain-based public certificate management server 300, the calculated hash value of the public certificate node hash information is not the same as the calculated hash value of the prepared public certificate node hash information. If the certificate node hash information of a specific user has the same hash value among the certificate certificate node hash information forming the Merkle Tree structure of the registered certificate certificate root hash information to which the specific certificate node hash information belongs, Recognizing the authorized certificate node index information indicating the storage order (S661);
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일한지 확인하는 단계(S662)와; In the hash processing engine 320 of the blockchain-based public certificate management server 300, public certificate node index information of the corresponding public certificate node hash information having a different hash value and public certificate node hash information of a specific user. Checking whether the storage order numbers of the public certificate node index information are the same (S662);
    동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일한 경우 상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 위변조 검증 요청 단말기(500)로 특정 사용자의 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 메시지가 통보되도록 제어하는 단계(S663);를 포함하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증방법.The blockchain-based public certificate management server when the storage order of the public certificate node index information of the corresponding public certificate node hash information having the same hash value and the public certificate node index information of the public certificate node hash information of the specific user are the same. In step 300, controlling the forgery verification request terminal 500 to be notified of the message that the forged personal information and the public certificate for the public certificate for a certificate composed of a pair of a specific user (S663); Certified certificate authentication method based on the blockchain characterized in that.
  24. 제23항에 있어서, The method of claim 23, wherein
    상기 동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일한지 확인하는 S662단계에 있어서, In step S662 of confirming whether or not the storage order of the public certificate node index information of the public certificate node hash information of the corresponding public certificate node hash information having the same hash value is the same,
    동일하지 않은 해시값을 갖는 해당 공인인증서 노드해시정보의 공인인증서 노드인덱스정보와 특정 사용자의 공인인증서 노드해시정보의 공인인증서 노드인덱스정보의 저장순번이 동일하지 않은 경우 상기 블록체인기반 공인인증서 관리서버(300)에서, 상기 위변조 검증 요청 단말기(500)로 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되지 않았다는 메시지가 통보되도록 제어하는 단계(S664)와; The blockchain-based public certificate if the storage order of the public certificate node index information of the corresponding public certificate node hash information having the same hash value and the public certificate node index information of the public certificate node hash information of the specific user are not the same In step S664, the management server 300, the forgery verification request terminal 500 is controlled so that a message indicating that the personal information for issuing the certificate and the public key for the public certificate for which the public certificate has not been forged is not forged;
    상기 블록체인기반 공인인증서 관리서버(300)의 해시처리엔진(320)에서, 상기 공인인증서 등록관련정보DB(311)에 누적관리되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키 정보 중 특정 사용자의 공인인증서 노드해시정보가 속한 등록용 공인인증서 루트해시정보의 머클트리 구조를 이루는 공인인증서 노드해시정보들에 대응되는 한 조로 이루어진 공인인증서 발급용 개인정보 및 공인인증서용 공개키가 위변조 되었다는 것을 감지하는 단계(S665);를 포함하는 것을 특징으로 하는 블록체인을 기반으로 하는 공인인증서 인증방법.In the hash processing engine 320 of the blockchain-based public certificate management server 300, the public certificate information for personal certificate and public certificate information for issuing a public certificate consisting of a set of cumulatively managed in the public certificate registration information DB 311 Public certificate for personal certificate and public certificate issuance consisting of a group corresponding to the public certificate node hash information that forms the Merkle Tree structure of the public certificate root hash information of the specific user among the public certificate node hash information. Detecting that the key has been forged (S665); Authorized certificate authentication method based on the blockchain comprising a.
PCT/KR2016/011099 2016-07-04 2016-10-05 Accredited certificate authentication system based on blockchain, and accredited certificate authentication method based on blockchain, using same WO2018008800A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020160084132A KR101723405B1 (en) 2016-07-04 2016-07-04 Certificate authentication system and method based on block chain
KR10-2016-0084132 2016-07-04

Publications (1)

Publication Number Publication Date
WO2018008800A1 true WO2018008800A1 (en) 2018-01-11

Family

ID=58583890

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2016/011099 WO2018008800A1 (en) 2016-07-04 2016-10-05 Accredited certificate authentication system based on blockchain, and accredited certificate authentication method based on blockchain, using same

Country Status (2)

Country Link
KR (1) KR101723405B1 (en)
WO (1) WO2018008800A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108875977A (en) * 2018-07-06 2018-11-23 上海财经大学 Multimachine structure Maintenance Management System based on block chain
CN110099067A (en) * 2019-05-14 2019-08-06 山大地纬软件股份有限公司 Alliance's block chain wallet node communicates licensing system and method
FR3082023A1 (en) 2018-06-04 2019-12-06 Worldline A SOFTWARE APPLICATION AND A COMPUTER SERVER TO AUTHENTICATE THE IDENTITY OF A DIGITAL CONTENT CREATOR AND THE INTEGRITY OF THE PUBLIC CREATOR CONTENT
KR20200004229A (en) * 2018-07-03 2020-01-13 주식회사 케이티 Method for protecting personal information in block chain environment and apparatus therefor
CN110740112A (en) * 2018-07-20 2020-01-31 北京京东尚科信息技术有限公司 Authentication method, authentication device and computer-readable storage medium
CN110995752A (en) * 2019-12-18 2020-04-10 广州赛特智能科技有限公司 System, method and medium for tracking commodities based on Ether house and asymmetric encryption algorithm
CN111147258A (en) * 2019-12-26 2020-05-12 山东公链信息科技有限公司 Block chain-based certificate authentication method and system
CN111656328A (en) * 2018-04-02 2020-09-11 索尼公司 Information processing apparatus, information processing method, and program
WO2020189801A1 (en) * 2019-03-15 2020-09-24 라인플러스 주식회사 Method and system for authenticating data generated in block-chain by using signable contract
WO2021010766A1 (en) * 2019-07-18 2021-01-21 삼성전자 주식회사 Electronic authentication device and method using blockchain
CN112492006A (en) * 2018-10-31 2021-03-12 创新先进技术有限公司 Node management method and device based on block chain
CN113129518A (en) * 2021-04-28 2021-07-16 北方工业大学 Electric vehicle charging system and resource management method thereof

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201706071D0 (en) 2017-04-18 2017-05-31 Nchain Holdings Ltd Computer-implemented system and method
KR101919590B1 (en) 2017-05-10 2019-02-08 주식회사 코인플러그 METHOD FOR PAYING COST OF IoT DEVICE BASED ON BLOCKCHAIN AND MERKLE TREE STRUCTURE RELATED THERETO, AND SERVER, SERVICE PROVIDING TERMINAL, AND DIGITAL WALLET USING THE SAME
KR101919586B1 (en) 2017-05-10 2018-11-16 주식회사 코인플러그 METHOD FOR PAYING COST OF IoT DEVICE BASED ON BLOCKCHAIN, AND SERVER, SERVICE PROVIDING TERMINAL, AND DIGITAL WALLET USING THE SAME
KR101903620B1 (en) * 2017-06-23 2018-10-02 홍석현 Method for authorizing peer in blockchain based distributed network, and server using the same
CN107231239B (en) * 2017-06-27 2019-06-25 中国联合网络通信集团有限公司 Create generation block method for anti-counterfeit and device
CN107360001B (en) 2017-07-26 2021-12-14 创新先进技术有限公司 Digital certificate management method, device and system
WO2019033394A1 (en) 2017-08-18 2019-02-21 达闼科技成都有限公司 Blockchain system and right management method therefor
US10771459B2 (en) 2017-09-04 2020-09-08 Electronics And Telecommunications Research Institute Terminal apparatus, server apparatus, blockchain and method for FIDO universal authentication using the same
KR102331947B1 (en) 2017-09-28 2021-11-25 주식회사 케이티 System and Method for Managing Original Data in Block-Chain
EP3698529A4 (en) 2017-10-20 2021-04-07 Hewlett Packard Enterprise Development LP Permissions from entities to access information
US11604890B2 (en) 2017-10-20 2023-03-14 Hewlett Packard Enterprise Development Lp Accessing information based on privileges
CN111492389A (en) 2017-10-20 2020-08-04 慧与发展有限责任合伙企业 Authentication and payment for services using blockchains
US11463241B2 (en) 2017-10-20 2022-10-04 Hewlett Packard Enterprise Development Lp Transmitting or receiving blockchain information
KR102048773B1 (en) * 2017-11-27 2019-11-26 김용대 System for preventing forgery and falsification of data
KR102053630B1 (en) * 2018-03-13 2020-01-22 주식회사 웨이투빗 Method for processing transactions using blockchain, and transaction management server using the same
KR101918446B1 (en) * 2018-03-16 2019-01-29 윤경민 Double-secured Block-chain Certification System and its method
GB2583686B (en) * 2018-04-09 2022-03-30 Mitsubishi Electric Corp Authentication federation system and authentication program
CN109003043A (en) * 2018-06-27 2018-12-14 中国银行股份有限公司 A kind of history information management system based on block chain
KR102020000B1 (en) * 2018-10-31 2019-09-09 주식회사 스위클 Personal information providing system using one time private key based on block chain of proof of use and method thereof
KR102219751B1 (en) * 2019-01-21 2021-02-24 주식회사 머니브레인 Method for authenticating a normalized pattern based on a block chain with a merkle tree structure and apparatus thereof
KR102115309B1 (en) * 2019-04-24 2020-05-26 엘에스웨어(주) System and method for management of painting work analysis information based on blockchain
KR102291579B1 (en) * 2019-09-06 2021-08-19 홍익대학교세종캠퍼스산학협력단 System and method for public key infrastructure based on block chain
CN112383611B (en) * 2020-11-11 2022-12-09 上海保险交易所股份有限公司 File evidence storing method and system based on block chain and server
CN112507296B (en) * 2020-11-12 2024-04-05 迅鳐成都科技有限公司 User login verification method and system based on blockchain
CN113342900B (en) * 2021-08-02 2021-10-29 成都天府市民云服务有限公司 Block chain-based personal information authorization method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100870202B1 (en) * 2007-11-22 2008-12-09 주식회사 오엘콥스 Method and system of issuing accredited certificate using encrypted image
KR20110029032A (en) * 2009-09-14 2011-03-22 사단법인 금융결제원 Method for processing issue public certificate of attestation, terminal and recording medium
JP2013020312A (en) * 2011-07-08 2013-01-31 Nomura Research Institute Ltd Authentication system and authentication method
KR20140128139A (en) * 2013-04-26 2014-11-05 주식회사 텔스카 User authentication system and method using smart media

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010008063A (en) 2000-11-06 2001-02-05 황보열 public-key infrastructure based certificate of authentication, methods of issuing and using the same certificate of authentication, and system for issuing the same certificate of authentication, using compact disc
KR20120053929A (en) * 2010-11-18 2012-05-29 이혜지 The agent system for digital signature using sign private key with double encryption and method thereof features to store in web storage
KR101690070B1 (en) 2015-09-16 2016-12-27 신순주 Multi functional waterproofing using bentotex or bentosheet

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100870202B1 (en) * 2007-11-22 2008-12-09 주식회사 오엘콥스 Method and system of issuing accredited certificate using encrypted image
KR20110029032A (en) * 2009-09-14 2011-03-22 사단법인 금융결제원 Method for processing issue public certificate of attestation, terminal and recording medium
JP2013020312A (en) * 2011-07-08 2013-01-31 Nomura Research Institute Ltd Authentication system and authentication method
KR20140128139A (en) * 2013-04-26 2014-11-05 주식회사 텔스카 User authentication system and method using smart media

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Bitcoin Technology, Using in Certificate Issuance", BLOTER.NET, 19 September 2014 (2014-09-19), Retrieved from the Internet <URL:http://www.bloter.net/archives/207040> *

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111656328A (en) * 2018-04-02 2020-09-11 索尼公司 Information processing apparatus, information processing method, and program
FR3082023A1 (en) 2018-06-04 2019-12-06 Worldline A SOFTWARE APPLICATION AND A COMPUTER SERVER TO AUTHENTICATE THE IDENTITY OF A DIGITAL CONTENT CREATOR AND THE INTEGRITY OF THE PUBLIC CREATOR CONTENT
WO2019233951A1 (en) 2018-06-04 2019-12-12 Worldline A software application and a computer server for authenticating the identity of a digital content creator and the integrity of the creator's published content
KR102289414B1 (en) 2018-07-03 2021-08-12 주식회사 케이티 Method for protecting personal information in block chain environment and apparatus therefor
KR20200004229A (en) * 2018-07-03 2020-01-13 주식회사 케이티 Method for protecting personal information in block chain environment and apparatus therefor
CN108875977A (en) * 2018-07-06 2018-11-23 上海财经大学 Multimachine structure Maintenance Management System based on block chain
CN108875977B (en) * 2018-07-06 2021-06-29 上海财经大学 Multi-mechanism maintenance management system based on block chain
CN110740112A (en) * 2018-07-20 2020-01-31 北京京东尚科信息技术有限公司 Authentication method, authentication device and computer-readable storage medium
CN110740112B (en) * 2018-07-20 2023-05-12 北京京东尚科信息技术有限公司 Authentication method, apparatus and computer readable storage medium
CN112492006A (en) * 2018-10-31 2021-03-12 创新先进技术有限公司 Node management method and device based on block chain
CN112492006B (en) * 2018-10-31 2023-12-05 创新先进技术有限公司 Node management method and device based on block chain
KR20210096287A (en) * 2019-03-15 2021-08-04 라인플러스 주식회사 Method and system for authenticating data generated on a blockchain using a signable contract
KR102572834B1 (en) 2019-03-15 2023-08-30 라인플러스 주식회사 Method and system for authenticating data generated in a blockchain using a signable contract
WO2020189801A1 (en) * 2019-03-15 2020-09-24 라인플러스 주식회사 Method and system for authenticating data generated in block-chain by using signable contract
CN110099067A (en) * 2019-05-14 2019-08-06 山大地纬软件股份有限公司 Alliance's block chain wallet node communicates licensing system and method
CN110099067B (en) * 2019-05-14 2022-02-25 山大地纬软件股份有限公司 Alliance block chain wallet node communication permission system and method
WO2021010766A1 (en) * 2019-07-18 2021-01-21 삼성전자 주식회사 Electronic authentication device and method using blockchain
US12113912B2 (en) 2019-07-18 2024-10-08 Samsung Electronics Co., Ltd. Electronic authentication device and method using blockchain
CN110995752A (en) * 2019-12-18 2020-04-10 广州赛特智能科技有限公司 System, method and medium for tracking commodities based on Ether house and asymmetric encryption algorithm
CN110995752B (en) * 2019-12-18 2021-10-26 广州赛特智能科技有限公司 System, method and medium for tracking commodities based on Ether house and asymmetric encryption algorithm
CN111147258A (en) * 2019-12-26 2020-05-12 山东公链信息科技有限公司 Block chain-based certificate authentication method and system
CN113129518A (en) * 2021-04-28 2021-07-16 北方工业大学 Electric vehicle charging system and resource management method thereof

Also Published As

Publication number Publication date
KR101723405B1 (en) 2017-04-06

Similar Documents

Publication Publication Date Title
WO2018008800A1 (en) Accredited certificate authentication system based on blockchain, and accredited certificate authentication method based on blockchain, using same
WO2017171165A1 (en) System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same
WO2017022917A1 (en) Certificate issuing system based on block chain
WO2017104899A1 (en) Block chain-based certificate authentication system and authentication method using same
WO2017065389A1 (en) Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same
WO2020235782A1 (en) Method for authenticating personal identify in distributed environment
WO2018208105A1 (en) Blockchain-based method for making payment for internet of things device, and server, service providing terminal, and user electronic wallet using same
WO2018194379A1 (en) Method for approving use of card by using token id on basis of blockchain and merkle tree structure associated therewith, and server using same
WO2018208106A1 (en) Method for making payment for internet of things device by means of blockchain database and merkle tree structure interworking therewith, and server, service providing terminal and electronic user wallet using same
WO2020189926A1 (en) Method and server for managing user identity by using blockchain network, and method and terminal for user authentication using blockchain network-based user identity
WO2021075867A1 (en) Method for storing and recovering key for blockchain-based system, and device therefor
WO2023163509A1 (en) System for controlling controller-based network connection and method related to same
WO2019093573A1 (en) Electronic signature authentication system on the basis of biometric information and electronic signature authentication method thereof
WO2020189927A1 (en) Method and server for managing identity of user by using blockchain network, and method and terminal for authenticating user by using user identity on basis of blockchain network
WO2020062642A1 (en) Blockchain-based method, device, and equipment for electronic contract signing, and storage medium
WO2013085281A1 (en) Method and device for security in clouding computing service
WO2015093734A1 (en) System and method for authentication using quick response code
WO2014175538A1 (en) Apparatus for providing puf-based hardware otp and method for authenticating 2-factor using same
WO2017119548A1 (en) Security-reinforced user authentication method
WO2020050424A1 (en) BLOCK CHAIN-BASED SYSTEM AND METHOD FOR MULTIPLE SECURITY AUTHENTICATION BETWEEN MOBILE TERMINAL AND IoT DEVICE
WO2021071116A1 (en) Simple authentication method and system using web storage of browser
WO2019039865A1 (en) Authentication terminal, authentication device and authentication method and system using authentication terminal and authentication device
WO2020141782A1 (en) Method and server for managing identity of user by using blockchain network, and method and terminal for authenticating user by using user identity based on blockchain network
WO2023163514A1 (en) Controller-based network access control system and method therefor
WO2020189800A1 (en) Method and system for authenticating data generated in blockchain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16908242

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 30.04.2019)

122 Ep: pct application non-entry in european phase

Ref document number: 16908242

Country of ref document: EP

Kind code of ref document: A1