Invented by Joo Han Song, Jay Wu Hong, Joon Sun Uhr, Coinplug Inc
The Coinplug Inc invention works as followsA method of issuing authentication information has been provided. The method comprises the following steps: (a), if the identification of a particular user is obtained from a device by a managing client in response to an authentication request and it is determined that the information is registered, the managing client creates a transaction which includes (i) the public key of the specific user and (ii), a hash of the identification or its processed value, to thereby record, or support another device to record, the information on a Blockchain; (b), the managing server acquires a transaction ID transaction representing the location information on
Background for Method of issuing authentication information, and a blockchain-based server utilizing the same
The development of IT has enabled people of any age to use a wide range of Internet-based services, regardless of their location.
In other words… various services can be provided through the Internet in real-time, including financial services like a wire transfer, stock trading, or issuing copies for resident registrations and other certificates, by accessing server operated by government bodies. And ecommerce services, such as purchasing goods, by accessing server operated by sellers of goods.
Digital certificates are used to verify the identity of customers and users in various industries.
A digital certificate contains a version, a serial number, an effective period, the issuing institution of the certificate, information on verification of an e-signature of a user, the name of the user, information on identification confirmation, and the method of electronic signature. A digital certificate may contain a version number, an expiration date, the issuing institution, information about the verification of a user’s esignature, their name, and information on identification.
The digital certificate is used as a standard method of security in a PKI (public key infrastructure).
The public key infrastructure (PKI), is a set roles, policies and procedures that are needed to create digital certificates, distribute them, use them, store and revoke them, as well as manage public key encryption.
It is very easy to collect and copy a private key file, and there are risks of user information and financial damage if the key is leaked.
The CA has incurred a large amount of costs in issuing digital certificates because it must implement an advanced digital certificate system that is connected to a security system which prevents any hacking.
An ActiveX control is required for security when the user authentication process takes place through a browser.
Microsoft created the ActiveX Control that is installed as part of the user authentication process. This technology was used to create reusable object-oriented elements. It is used by applying component object model and object linking embedding (OLE) to make contents downloadable from the World Wide Web (WWW). “Most ActiveX controls are made into plugins for Internet Explorer (IE).
To install ActiveX controls on your PC, you must lower the security level. This allows the ActiveX control to access files, registry entries, etc. The lowered security of the user’s computer caused by the Active X control required for security when the process of authentication of the user through the digital certificates is performed, makes the PC vulnerable to dangerous environments such as hacking.
For these purposes, the South Korean Government is implementing a policy to remove Active X controls.” In 2015, for example, at a New Year’s Press Conference with domestic and foreign journalists and reporters in South Korea, the President of South Korea designated Active X Controls as representative outdated regulations.
Furthermore the digital certificates that require the installation Active X controls necessary for security during public certification process can only be used with the IE provided Microsoft but not any other web browsers such as Chrome Safari and Firefox.
In summary, when users plan to use digital certificates as user authentication for services in a wide variety of industries including financial services and civil services or e-commerce, they can only use them if their web browser supports ActiveX controls. Other web browsers, which do not support ActiveX controls, are restricted from using these services.
Also, since the current authentication procedures only confirm the existence of digital certificates and correctness of passwords the use of digital certificates are vulnerable to theft of the certificates and passwords.
As such, digital certificates currently in use have issues with lowered security, high costs of issuing, and limitations on usage. It is therefore necessary to find a technique that can replace existing digital certificates with a more cost-effective one, but also with heightened security and greater usability.
The present invention aims to solve all problems associated with existing technologies.
The present invention also aims to replace existing digital certificates with a technique that is lower cost, more secure and easier to use.
It is yet another object of this invention to provide an authentication information-issuing system by creating a transacation whose output contains (i) the public key of the user and (ii), a hash of identification information or its processed value, and recording it on the blockchain.
It is yet another objective of the invention to provide a system for issuing authentication information that can guide the generation of both a public and private key, while blocking the connection with a networking.
The present invention also aims to provide a system for issuing authentication information that does not incur any costs in terms of implementation, operation, or maintenance, while being connected to an advanced security system, because the public key, which is required for maintenance, is managed and stored not on a server run by a CA, but rather in an embedded e-wallet in blockchain servers via a distributed database built using a peer-topeer network.
Click here to view the patent on Google Patents.