KR102689322B1 - Method and system for certifying balance of digital asset - Google Patents

Abstract

A balance verification method and system is provided to prove the balance held by users who own digital assets distributed in the blockchain network. The method of proving the balance of a digital asset is that the encryption key issuing server that issues the encryption key for the transaction of digital assets responds to the request of the user who has subscribed to the encryption key issuing server, and when the private key is lost, the lost private key is returned. Generating a seed key used for restoration; Generating a private key and public key unique to the user based on the seed key; Applying an encryption algorithm to the seed key to generate a secret key and providing it to the user, and applying a one-way encryption algorithm to the generated secret key to generate and store a hidden secret key; And when withdrawal of digital assets is requested, authenticating the user, inferring the seed key to restore the user's private key, and performing withdrawal of digital assets from the blockchain network using the public key and restored private key. Includes steps. In particular, this method further includes a balance proof step of authenticating the secret key entered by the user, confirming the balance of the user's digital assets in the blockchain network using the public key and restored private key, and providing the balance to the user. . By the present invention, damage caused by leakage of private keys can be fundamentally prevented, and digital assets can be provided as collateral.

Description

{Method and system for certifying balance of digital asset}

The present invention relates to blockchain technology, and in particular, to a method and system for proving the balance of digital assets that enable users to prove the balance of digital assets distributed in a blockchain network and provide proven digital assets as collateral.

Blockchain is a distributed computing technology-based system in which small-scale data called 'blocks' are stored in a distributed data storage environment based on chain-type links created based on the P2P method, and cannot be arbitrarily modified by anyone. It is a technology to prevent data forgery and falsification. This is fundamentally a form of distributed data storage technology. It is a change list in which continuously changing data is recorded in all participating nodes, and is designed to prevent arbitrary manipulation by operators of distributed nodes.

Blockchain technology is used in most cryptocurrency transactions, including Bitcoin, and since the cryptocurrency transaction process is used in a decentralized electronic ledger, a server is operated on each computer of many users running blockchain software, allowing the central bank to operate. Free trade between individuals may be possible without Using blockchain technology, you can encourage participation in the blockchain network through technology that allows you to send money to others based on cryptocurrency.

Blockchain technology has the following advantages:

First of all, blockchain has the advantage of being able to prevent people who may be slightly fraudulent or try to receive money with incorrect information through encryption. Additionally, by utilizing blockchain technology, a decentralized transaction ecosystem can be created without government involvement. In other words, using blockchain technology, legitimate financial transactions can be performed without the risk of tax collection or account tracking, thereby ensuring user confidentiality.

Republic of Korea Patent No. 10-1673073 (October 31, 2016) relates to a cryptocurrency trading method using the blockchain structure. In addition to the exchange's general wallet, an exchange web wallet is additionally built on the Bitcoin exchange server and members can use the exchange. We are launching a technology to improve security by storing Bitcoin from the exchange's general wallet address built into the server to the exchange's web wallet address.

In particular, cryptocurrency, one of the various uses of blockchain technology, has already established itself as a market enough to create a market capitalization of 367 trillion won and the number of cryptocurrency traders of 900 million as of April 2018, and the types of cryptocurrency ( Issuers) also reached 1,594 as of April 2018, and the size has continued to increase since then. Currently, there are more than 10,000 cryptocurrency exchanges around the world, and it is understood that about 40% of the total trading volume is traded in the top 10 large exchanges.

However, compared to this enormous transaction total and volume, the security level of the exchange is weak. As such, the weak security level of exchanges causes several problems. In other words, the blockchain technology itself is safe because it cannot be hacked, but transactions for cryptocurrency distributed on the blockchain are carried out through exchanges, and the security level of these exchanges is problematic. For example, a shocking amount of cryptocurrencies such as Mt. Gox (KRW 458.5 billion in February 2014), Coincheck (KRW 580 billion in January 2018), and Ubit (KRW 17 billion in December 2017) were stored in user accounts (wallets) or exchanges. There is a case of fraud from . Countermeasures against such damage are insufficient, and as a result, damage from hacking is expected to continue. The government has expressed concern over this situation and has recommended that exchanges store more than 70% of their assets in OFF-LINE servers or wallets (cold storage, cold wallet) that are not connected to the Internet (or internal network), and this is expected to become mandatory in the future. It is predicted. However, currently commercialized offline cryptocurrency storage authenticates P2P transactions only with the approval of the device itself, and as there is no additional authentication method, there is a fatal disadvantage that if the device is lost, a third party who received the device can proceed with the transaction.

Additionally, in order to trade cryptocurrency, users must know the private key, but if the private key is lost or forgotten, the problem of not being able to access digital assets may occur. As it became known that a Bitcoin billionaire holding 1 trillion won worth of Bitcoin drowned on the beach in Costa Rica the previous day, the possibility of Bitcoin floating in the air increased. As a result, there is interest in what will happen to Bitcoin if the Bitcoin owner suddenly dies. This is escalating.

For example, after the sudden death of Gerald Cotton, who founded Canada's largest cryptocurrency exchange, in 2019, the distribution of approximately $139 million in Bitcoin became impossible because his private key was unknown, and in 2013, James Howells of the UK It is reported that the lost laptop hard drive contained 7,900 bitcoins, worth approximately $299 million. Recently, Mircia Popescu (41), who founded a cryptocurrency exchange called 'MPX' in the United States in 2012, recently drowned, rendering about $1 billion worth of Bitcoin he owned untradable. The value of Bitcoin that has been lost because it cannot be traded is currently estimated to be worth 34 trillion won. Of course, a lot of damage occurs when the private key is exposed to others.

Therefore, there is an urgent need for technology to fundamentally prevent private keys from being exposed to others or stolen through hacking.

In addition, by proving the balance of digital assets stored in the blockchain, digital assets can be provided as collateral, and technology can guarantee the collateral function by preventing digital assets provided as collateral from being withdrawn within the collateral period. It is desperately needed.

Republic of Korea Patent No. 10-1673073 (2016.10.31)

The purpose of the present invention is to provide a technology that can fundamentally prevent damage caused by leakage of private keys by not storing private keys when issuing public and private keys required for digital asset transactions to users.

In addition, by proving the balance of digital assets stored in the blockchain to a third party, digital assets can be provided as collateral, and the collateral function of digital assets is implemented by preventing digital assets provided as collateral from being withdrawn within the collateral period. It provides a method of proving the balance of digital assets that can be guaranteed.

One aspect of the present invention to achieve the above objectives relates to a method of providing a balance verification service to prove the balance held by a user who owns digital assets distributed in a blockchain network. The method for proving the balance of digital assets according to the present invention is to provide a private key in response to a request from a user who has subscribed to the encryption key issuing server at an encryption key issuing server that issues an encryption key for trading digital assets. Generating a seed key used to restore a lost private key when lost; Generating, at the encryption key issuing server, a private key unique to the user based on the seed key and a public key representing the user's account for storing the digital asset in the blockchain network; In the encryption key issuing server, an encryption algorithm is applied to the seed key to generate a secret key and provided to the user along with the public key, and a one-way encryption algorithm is applied to the generated secret key to create a hidden secret key ( Generating and storing a concealed secret key; And when withdrawal of digital assets is requested, the encryption key issuing server encrypts the secret key entered by the user and authenticates it by comparing it with the hidden secret key, and when the entered secret key is authenticated, the seed key is inferred and the user's It includes restoring the private key and performing withdrawal of digital assets from the blockchain network using the public key and the restored private key. In particular, when the user requests proof of the balance of the digital asset, the encryption key issuing server authenticates the secret key entered by the user, and uses the public key of the authenticated user to digitalize the user's digital assets in the blockchain network. It further includes a balance proof step in which the balance of the asset is checked and provided to the user. Additionally, the method may include a KYC (know your customer) authentication step in which the encryption key issuing server authenticates the owner's identity information through an identity certificate issued by a certification authority, and the balance verification step may include the user's request. In response, the encryption key issuing server generates and provides to the user a digital balance certificate containing the user's identity information and the balance of the digital assets of the user whose identity information has been authenticated. In particular, the digital balance certificate can be provided to a third party as collateral to prove the user's digital assets, and in the method, when the digital balance certificate is provided as collateral to a third party, the encryption key issuing server serves as collateral. It further includes the step of prohibiting the digital asset from being transferred from the user's account to another account based on the collateral value and collateral conditions of the digital asset provided as, thereby ensuring the collateral value of the digital asset according to the collateral condition. Preferably, the seed key is generated using at least one of the user's IP address, the MAC address of the device used by the user to access the encryption key issuing server, browser version, access time, and email address, and the identity certificate is It is issued using at least one of the user's resident registration number, photo, biometric information, and mobile phone information. Furthermore, the KYC authentication step is configured to increase the security level by using a one time password (OTP) when trading the digital asset, and the step of performing the withdrawal of the digital asset is where the user Generates an encrypted secret key by one-way encrypting the secret key entered when requesting withdrawal of assets. Compares the generated encrypted secret key with the stored hidden secret key, and if the encrypted secret key matches the hidden secret key, a seed is generated. Restoring the user's private key by inferring the key, generating a withdrawal script containing the public key of the digital asset's withdrawal destination, signing the generated withdrawal script with the user's restored private key, and encrypting the signed withdrawal script. This includes transmitting it to the blockchain network, and receiving the withdrawal result from the blockchain network and providing it to the user.

Another aspect of the present invention to achieve the above objectives relates to a balance verification system for proving the balance held by a user who owns digital assets distributed in a blockchain network. The digital asset balance verification system according to the present invention includes an encryption key issuing server that issues an encryption key for trading digital assets, and the encryption key issuing server responds to a request from a user who has subscribed to the encryption key issuing server. Thus, when the private key is lost, an operation of generating a seed key used to restore the lost private key; An operation of generating a private key unique to the user based on the seed key and a public key representing the user's account for storing the digital asset in the blockchain network; By applying an encryption algorithm to the seed key, a secret key is generated and provided to the user along with the public key, and a one-way encryption algorithm is applied to the generated secret key to generate a concealed secret key. The action of saving; And when withdrawal of digital assets is requested, the secret key entered by the user is encrypted and authenticated by comparing it with the hidden secret key. When the entered secret key is authenticated, the seed key is inferred to restore the user's private key and made public. It is configured to perform an operation to withdraw digital assets from the blockchain network using the key and the restored private key. In particular, when the user requests proof of the balance of the digital asset, the encryption key issuing server authenticates the secret key entered by the user and uses the public key of the authenticated user to determine the balance of the user's digital asset in the blockchain network. It is configured to further perform a balance proof operation provided to the user by confirming. In addition, the encryption key issuing server is configured to further perform a KYC (know your customer) authentication operation in which the encryption key issuing server authenticates the owner's identity information through an identity certificate issued by a certification authority, and the balance verification operation. In response to the user's request, the encryption key issuing server generates a digital balance certificate containing the user's identity information and the balance of the user's digital assets whose identity information has been authenticated and provides the user with the same. Furthermore, the digital balance certificate may be provided to a third party as collateral to prove the user's digital assets, and the encryption key issuing server may provide the digital balance certificate as collateral when the digital balance certificate is provided to a third party as collateral. Based on the collateral value and collateral conditions of the provided digital asset, the digital asset is prohibited from being transferred from the user's account to another account, and an operation is further performed to guarantee the collateral value of the digital asset according to the collateral condition. In addition, the seed key is generated using at least one of the user's IP address, the MAC address of the device used by the user to access the encryption key issuing server, browser version, access time, and email address, and the identity certificate is the user's It may be issued using at least one of resident registration number, photo, biometric information, and mobile phone information. In addition, the encryption key issuing server is configured to increase the level of security by using a one time password (OTP) when performing the KYC authentication operation and when trading the digital asset. In particular, the operation of performing the withdrawal of the digital asset involves generating an encrypted secret key by one-way encrypting the secret key entered by the user while requesting the withdrawal of the digital asset, and storing the generated encrypted secret key in the stored secret secret. Compare with the key, and if the encrypted secret key matches the hidden secret key, infer the seed key to restore the user's private key, generate a withdrawal script containing the public key of the digital asset withdrawal destination, and withdraw the generated This includes signing the script with the user's restored private key, encrypting the signed withdrawal script and sending it to the blockchain network, and receiving the withdrawal result from the blockchain network and providing it to the user.

According to the present invention, when issuing public and private keys required for digital asset transactions to users, it is possible to fundamentally prevent damage caused by leakage of private keys by not storing the private keys.

In addition, the balance of digital assets stored in the blockchain can be proven to a third party, and if collateral is established, the disposal of digital assets is prohibited during the collateral period, allowing digital assets to be provided as collateral.

1 is a flowchart schematically showing a method for proving the balance of digital assets using an encryption key issuing server according to one aspect of the present invention.
Figure 2a is a schematic diagram explaining the process by which an individual stores digital assets according to the prior art, and Figure 2b is a diagram schematically showing a scenario in which a method for proving the balance of digital assets using an encryption key issuing server according to the present invention is performed. am.
Figure 3 is an operation timing diagram explaining the operations performed in the encryption key issuing server when a user signs up for the encryption key issuing server used in the present invention.
Figure 4 is an operation timing diagram explaining the process of depositing digital assets into an account created by a user signing up for an encryption key issuing server used in the present invention.
Figure 5 is an operation timing diagram explaining the process of withdrawing digital assets from the account of a user who has subscribed to the encryption key issuing server used in the present invention.
Figure 6 is an operation timing diagram explaining the process of proving the balance in the method for proving the balance of digital assets according to the present invention.
FIG. 7 is an operation timing diagram illustrating the transaction suspension process to guarantee the collateral value when the asset whose balance is proven in FIG. 6 is provided as collateral.
Figure 8 is a flowchart showing in detail the process of creating and withdrawing an account at the encryption key issuing server in the method of proving the balance of digital assets using the encryption key issuing server according to the present invention.
Figure 9 is a block diagram schematically showing a digital asset balance verification system using an encryption key issuing server according to another aspect of the present invention.

In order to fully understand the present invention, its operational advantages, and the objectives achieved by practicing the present invention, reference should be made to the accompanying drawings illustrating preferred embodiments of the present invention and the contents described in the accompanying drawings.

Hereinafter, the present invention will be described in detail by explaining preferred embodiments of the present invention with reference to the accompanying drawings. However, the present invention may be implemented in many different forms and is not limited to the described embodiments. In order to clearly explain the present invention, parts not relevant to the description are omitted, and like reference numerals in the drawings indicate like members.

1 is a flowchart schematically showing a method for proving the balance of digital assets using an encryption key issuing server according to one aspect of the present invention.

Referring to FIG. 1, in response to a user's request to subscribe to the balance proof service provided by the encryption key issuing server, a seed key used to restore the lost private key when the user's private key is lost key) (S110). In this specification, a seed key may be generated using a mnemonic code word. Associative code words are a method of creating seeds from English words listed in order. By using associative codes, you can easily restore your virtual currency wallet. Seed values and pass statements are generated from the associative code.

Then, the user's private key and public key are generated based on the seed key (S130). The public key can be used as a unique address pointing to the user's account in the blockchain network, and is similar to the account number used in legacy banks. On the other hand, the private key is an encryption key needed for the user to withdraw digital assets stored in his or her public key, and is unique information that should never be leaked to the outside.

Then, an encryption algorithm is applied to the seed key to generate a secret key and provided to the user along with the public key (S150). In the present invention, the reason why the encryption key issuing server provides a secret key rather than a private key to the user is to prevent the private key from being leaked to the outside under any circumstances. Furthermore, the encryption key issuing server according to the present invention neither stores the private key provided to the user nor the secret key encrypting the private key. Rather, the encryption key issuing server stores the concealed secret key generated by applying the one-way encryption algorithm to the encrypted secret key again (S150).

Because the encryption key issuing server does not store the user's private key or secret key, the user's private key can be safely protected without being leaked even if the encryption key issuing server is hacked. In other words, what a hacker who succeeds in hacking the encryption key issuing server can obtain is neither a private key nor a secret key, but a hidden secret key. Since the hidden secret key is encrypted by a one-way encryption algorithm, the secret key can be inferred from the hidden secret key. It is impossible. Even the operator of the encryption key issuing server cannot infer the user's secret key or private key from the stored hidden secret key. Therefore, the highest level of security can be implemented to protect the user's private key.

When a registered user requests a withdrawal from his or her account, the user requests the withdrawal while entering his or her private key. Then, the encryption key issuing server applies a one-way encryption algorithm to the secret key entered by the user to generate an encrypted secret key. Then, the generated encrypted secret key is compared with the stored hidden secret key to check whether the user has entered a valid secret key. Once the secret key is authenticated, the encryption key issuing server creates a withdrawal script and transmits it to the blockchain network to perform a withdrawal operation (S170). In other words, the encryption key issuing server generates and provides public and private keys to the user during the registration process, and creates a withdrawal script according to the individual's request during the withdrawal process and transmits it to the blockchain network.

When a user requests proof of digital asset balance, the encryption key issuing server encrypts the secret key entered by the user and then authenticates the result by comparing it with the stored hidden secret key. Then, the user's private key is restored based on the private key entered by the user, and the digital asset balance remaining in the corresponding public key is confirmed in the blockchain network using the restored private key and the public key entered by the user. When the asset is confirmed from the blockchain network, the encryption key issuing server generates a digital balance certificate and provides it to the user (S190).

To briefly summarize the process of generating an encryption key in the present invention, a private key and a public key are generated based on the seed key. In addition, a secret key can be generated by applying an encryption algorithm to the seed key, and the secret key generated in this way is provided to the user.

As described above, the user's private key and secret key are not stored in the encryption key issuing server, but only the hidden secret key, which is the result of applying a one-way encryption algorithm to the secret key. Since it is impossible to infer the secret key from the hidden secret key, the hidden secret key can only be used in a comparison operation to determine whether the secret key entered by the user is valid. In other words, the user can be determined to be authenticated only when the encrypted secret key generated by applying a one-way encryption algorithm to the secret key entered by the user is the same as the stored hidden secret key.

If the secret key entered by the user is valid (that is, if the result of applying the one-way encryption algorithm to the secret key entered by the user is the same as the stored hidden secret key), the seed key can be obtained from the secret key. And, the user's private key can be restored from the seed key obtained in this way.

In this way, the encryption key issuing server according to the present invention can safely protect the user's private key because it stores the hidden secret key rather than the private key and secret key.

The encryption/decryption technology used to generate the encryption key in the present invention includes all encryption/decryption technologies conventionally known in the art. For example, blockchain networks can be broadly divided into UTXO (Unspent Transaction Output)-based blockchain and account-based blockchain. In the former case, UTXOs and usage qualification verification methods are recorded, and a common qualification verification method used in these networks is to submit a verifiable electronic signature with a public key that matches the UTXO information. Bitcoin is one of the representative UTXO-based blockchains. Additionally, in the case of an account-based blockchain, the account represents the entity that makes up the blockchain and records its state, and each time the user uses the account, he or she creates a verifiable electronic signature with the account public key. This technology is easy to implement smart contracts because it can record the state, and Ethereum can be said to be a representative account-based blockchain. In the case of UTXO-based blockchains, transactions are always recorded by including a public key, so a 256-bit electronic signature and a 256-bit public key are required. On the other hand, in the case of account-based blockchain, 256 bits are saved because the public key is included in the electronic signature and sent together.

Figure 2a is a schematic diagram explaining the process by which an individual stores digital assets according to the prior art.

Referring to Figure 2a, conventionally, when an individual pays cash to an exchange, the exchange provides the individual with digital assets corresponding to the value of the received cash, and in this process issues a digital asset storage certificate to the individual. The record of providing digital assets to the user's account at the exchange is recorded in the blockchain network.

However, the digital asset storage certificate may have been issued maliciously and arbitrarily by the exchange, regardless of the facts. Therefore, the digital asset storage certificate cannot serve as a certificate that objectively proves the user's balance.

In addition, as mentioned above, due to the low security level of the exchange itself, an individual's valuable digital assets may be stolen through hacking, and when trading multiple digital assets using multiple exchanges, the individual must All account information for each asset must be identified and maintained.

Figure 2b is a diagram schematically showing a scenario in which the method for proving the balance of digital assets using an encryption key issuing server according to the present invention is performed.

As shown in Figure 2b, an individual who wants to own a digital asset requests the encryption key issuing server to issue his or her private key and public key, and stores the digital asset in the issued public key. In this case, as described above, the encryption key issuing server provides the user not with a private key but with a secret key that encrypts the private key. Records of money sent from the exchange to the user's public key are recorded in the blockchain network.

When a user requests balance proof from the encryption key issuing server, the encryption key issuing server authenticates the user using the secret key entered by the user, as will be described later. If the user's authentication is successful, the encryption key issuing server uses the public key entered by the user to check the user's balance on the blockchain network.

When the record of the balance stored in the public key is searched from the blockchain network, the encryption key issuing server generates a digital balance certificate and provides it to the user. At this time, as will be described later, a digital balance certificate is issued along with proof of the user's identity, and the user can prove his or her balance by presenting the certificate to a third party.

In other words, the encryption key issuing server can authenticate the digital assets of users registered with the encryption key issuing server at any time, and through this authentication, users can objectively prove to third parties how much digital assets they own. .

Figure 3 is an operation timing diagram explaining the operations performed in the encryption key issuing server when a user signs up for the encryption key issuing server used in the present invention.

The part indicated by the dotted line in Figure 3 represents the process by which an individual pays cash in a transaction and purchases digital assets according to a conventional method.

When an individual signs up for an encryption key issuing server, he or she can provide information that identifies his or her identity. However, it is not necessary to enter identity information to sign up for the encryption key issuing server according to the present invention. Identity information is only used when an individual provides a digital balance certificate to a third party to indicate that the balance is his/her own.

When a public key issuance is requested, the encryption key issuing server generates a seed key used to restore the lost private key when the private key is lost, and based on this seed key, the user's unique private key and the blockchain network A public key representing the user's account for storing the digital assets is generated. However, the encryption key issuing server according to the present invention does not provide the private key to the user in order to improve the security level. This is because if the private key is delivered to the user, it may be lost or leaked. Therefore, the encryption key issuing server does not provide a private key, but a secret key generated by applying an encryption algorithm to the seed key. Additionally, in order to prevent the risk of the secret key being leaked, the encryption key issuing server stores the hidden secret key generated by applying a one-way encryption algorithm to the secret key. In addition, leakage is prevented by storing only the hidden secret key and deleting the private key and secret key from the encryption key issuing server.

In this way, the user's private key was not provided to the user in the first place, the secret key is also not stored in the encryption key issuing server, and the user's secret key cannot be inferred from the hidden secret key stored in the encryption key issuing server. Private keys can be safely protected.

Figure 4 is an operation timing diagram explaining the process of depositing digital assets into an account created by a user signing up for an encryption key issuing server used in the present invention.

Referring to Figure 4, the user requests the exchange to deposit digital assets with the public key issued by the encryption key issuing server. Then, the exchange creates a deposit script to deposit digital assets using the public key received from the user and the user's private key and transmits it to the blockchain network.

Upon receiving the deposit script, the blockchain network records the transfer of digital assets to the individual's public key according to the deposit script. Then, a notification is sent to the individual whether the deposit was successful.

In this specification, a script refers to a type of command according to a mutually agreed upon protocol that requests various operations performed in a blockchain network. A script to transfer digital assets from account A to account B may include two processes: a withdrawal from account A and a deposit to account B. Therefore, in this specification, the terms transfer script, withdrawal script, and deposit script may be used interchangeably.

Figure 5 is an operation timing diagram explaining the process of withdrawing digital assets from the account of a user who has subscribed to the encryption key issuing server used in the present invention.

First, in order to withdraw digital assets from the user's account (public key), the digital assets to be withdrawn must be deposited in the user's account, as described in FIG. 4.

Users who wish to withdraw money send their secret key to the encryption key issuing server and request withdrawal.

Then, the encryption key issuing server applies a one-way encryption algorithm to the received secret key to generate an encrypted secret key, and compares the generated secret key with the stored hidden secret key to authenticate the user. If the two secret keys match, you can see that the withdrawal request is from an authenticated user.

When the user is authenticated, the seed key is inferred from the received secret key, and the user's private key is restored based on the seed key obtained in this way. Then, a withdrawal script is created using the public key provided by the user and the restored private key and transmitted to the blockchain network.

The blockchain network withdraws the requested digital assets from the user's account according to the received withdrawal script. Withdrawed digital assets can also be transferred to the destination account recorded in the withdrawal script.

When a withdrawal is made, the blockchain network notifies the encryption key issuing server that the withdrawal was successful, and the encryption key issuing server notifies the user of the successful withdrawal based on these results.

As described above, the information required to withdraw money from a user's account is a secret key, not the user's private key, so there is no risk of the private key being exposed in the process of requesting a withdrawal.

Figure 6 is an operation timing diagram explaining the process of proving the balance in the method for proving the balance of digital assets according to the present invention.

As described above, in order to prove to a third party how much balance is in whose account, the identity information of the user registered with the encryption key issuing server may be required. Accordingly, the individual proves his or her identity by entering the identity information authenticated by the certification authority into the encryption key issuing server. This process can be called KYC (know your customer) authentication.

Once the user's KYC authentication is completed, the user enters his or her private key and requests proof of balance. The security of the private key is improved because the information needed to prove the balance is also a secret key, not the user's private key.

When the secret key is input, the encryption key issuing server compares the result of applying the one-way encryption algorithm to the input secret key with the stored hidden secret key.

When the two secret keys match, the encryption key issuing server searches the balance on the blockchain network using the public key entered by the user as described above.

When the encryption key issuing server confirms the balance of digital assets stored in the public key entered by the user, it issues a digital balance certificate including authenticated identity information. The digital balance certificate can serve as an objective proof that someone holds how much digital assets.

The individual can then prove his or her balance by providing the received digital balance certificate to a third party.

In this process, of course, communication between the encryption key issuing server and the blockchain network can be encrypted by an encryption algorithm such as SHA-256.

FIG. 7 is an operation timing diagram illustrating the transaction suspension process to guarantee the collateral value when the asset whose balance is proven in FIG. 6 is provided as collateral.

If the balance is proven by a digital balance certificate, the data can be provided as collateral to others. When establishing collateral, collateral conditions such as the value of digital assets provided as collateral, collateral period, and other collateral need to be disclosed. Through collateral conditions, it is possible to establish a security right with a specific event as a suspension condition. For example, collateral conditions can be set, such as changing the value of the digital asset provided as a security right to reflect changes in the value of the digital asset based on the date of establishment of the security right. In other words, if the collateral value increases by 0.5 times, the actual value of the collateral can be guaranteed by doubling the value of the digital asset provided as collateral. These security conditions cannot be added in conventional security rights, and this is possible because it is a blockchain network where all conditions are transparently recorded and cannot be forged or altered.

When digital assets are provided as collateral, the withdrawal of those assets must be prohibited to protect secured creditors. Therefore, the encryption key issuing server first stores the transaction suspension period and collateral conditions, and rejects transaction requests corresponding to the transaction suspension period. Additionally, the encryption key issuing server issues a transaction suspension confirmation.

Then, the user proves that he or she cannot arbitrarily withdraw digital assets from his or her account within the collateral period by providing a transaction suspension confirmation to a third party. The transaction suspension confirmation can be stored only on the encryption key issuing server or on the blockchain network. The effectiveness of the mortgage can be further ensured if the transaction suspension is recorded in the blockchain network, but the protocol of the blockchain network must support the establishment of mortgage and transaction suspension.

If necessary, the third party requests verification of the transaction suspension confirmation from the encryption key issuing server. In response to this request, the encryption key issuing server can confirm the authenticity of the transaction suspension confirmation and notify the third party. Once the authenticity of the transaction suspension confirmation is confirmed, the third party can acknowledge the collateral value to the individual.

Figure 8 is a flowchart detailing the process of creating and withdrawing an encryption key issuing server account in the method of proving the balance of digital assets using an encryption key issuing server according to one aspect of the present invention. Figure 8(a) shows the process of issuing an encryption key, and Figure 9(b) shows the process of withdrawing digital assets from the generated public key.

First, an association code can be entered according to BIP-39. BIP39 (Bitcoin Improvement Proposal 39) refers to an industry standard for describing mnomonic code words. Associative code words are a method of creating seeds from English words listed in order. Using associative codes, you can easily restore your virtual currency wallet.

Seed values and pass statements are generated from the associative code. Once these steps are passed, the value and index of the digital asset are encoded and stored. The stored address is one that can be commonly recognized by the general public, and errors in information are determined through checksum.

Once the value and index are encoded, the one-way encryption algorithm is applied once again to generate the hidden secret key. As such, in the present invention, a one-way encryption algorithm is once again applied to the secret key generated by encrypting the seed key rather than the private key to generate and store the hidden secret key, so the private key can be safely protected from external attacks. Hacking becomes impossible.

Once encoding is completed, the generated secret key and personal identity information are mapped and managed, and OTP (one time password) can be used in this process.

Additionally, the process of withdrawing digital assets from a public key provided to an individual is illustrated in (b) of FIG. 9.

When a withdrawal is requested, it is necessary to determine which owner the public key belongs to. During this process, KYC authentication is performed using email and text message. As mentioned above, OTP can be used to increase the level of security when verifying the subscriber's identity.

Once a user is authenticated, the private key needed for that transaction must be restored. For this purpose, the seed key is inferred from the secret key received from the user, and the user's private key is restored from the inferred seed key. The decryption technology used in the decryption process of inferring the seed key from the secret key corresponds to the technology used in the encryption process of generating the secret key from the seed key.

Once the private key is obtained through this process, the private key is used to withdraw digital assets from the account represented by the public key. As described above, digital assets thus withdrawn can be transferred to another account.

Figure 9 is a block diagram schematically showing a digital asset balance verification system using an encryption key issuing server according to another aspect of the present invention.

Referring to FIG. 9, the digital asset balance proof system 900 using an encryption key issuing server is operated in a blockchain network 990, a blockchain network consisting of a chain of blocks for distributed storage of transaction information. An exchange 910 that includes at least one exchange account of the owner and manages the trading and distribution of digital assets, and users 920, 930 accessing the exchange 910 and the blockchain network 990, and digital assets. It includes an encryption key issuing server 950 that issues encryption keys for transactions to users.

The encryption key issuing server 950 responds to a request from a user who has subscribed to the encryption key issuing server, generates a seed key used to restore the lost private key when the private key is lost, and generates a seed key for the user based on the seed key. An operation of generating a private key unique to the user and a public key representing the account of the user (920, 930) for storing digital assets in the blockchain network (990), applying an encryption algorithm to the seed key to generate a secret key to the user An operation of generating and storing a hidden secret key by providing it to (920, 930) and applying a one-way encryption algorithm to the generated secret key, and when withdrawal of digital assets is requested, the secret key entered by the user (920, 930) It is encrypted and authenticated by comparing it with the hidden secret key. When the entered secret key is authenticated, the seed key is inferred to restore the user's private key, and the public key and restored private key are used to digitally register the key in the blockchain network (990). It is configured to perform an operation to perform a withdrawal of assets.

In particular, when the user requests proof of the balance of digital assets, the encryption key issuing server 950 authenticates the secret key entered by the user and uses the public key of the authenticated user 920, 930 to create a blockchain network ( 990), the balance proof operation provided by checking the balance of the user's digital assets can also be performed.

In the present invention, the process of authenticating the owner's identity information through a certificate issued by a certification authority can be called the KYC (know your customer) authentication step, and this customer verification process involves the task of identifying and verifying the customer's identity. It means procedure. This is especially frequently discussed in financial business procedures such as banking, insurance, and export finance, and in anti-money laundering (AML) regulations.

The purpose of the customer verification process is primarily to prevent banks from being misused as criminal elements, such as money laundering activities. In addition, through the customer verification process, it is possible to prevent digital assets from being used for crimes by abusing the anonymity of the blockchain network, and has the advantage of safely protecting digital assets that have been operated outside the institutional system by incorporating them into the institutional system. It happens.

A variety of identity information may be used for customer verification procedures. For example, various information such as email/mobile phone identity verification, account verification, supporting documents, residential address and contact information can be used, and passport information, etc. can be used after authentication by an accredited certification agency. In this way, both the advantages of blockchain technology and the realization of transactions can be realized through the KYC authentication step.

When the customer's identity information is authenticated, the encryption key issuing server 950 issues a public key and a private key to the owner whose identity information has been authenticated. As described above, a seed key can be used in this process, and the seed key can also be used to generate a secret key.

In addition, as described above, the encryption key issuing server 950 according to the present invention stores neither the private key nor the secret key, and improves the security level by storing only the hidden secret key that encrypts the secret key again. As described above, the encryption key issuing server 950 can decrypt the seed key from the secret key entered by the user and restore the user's private key from the decrypted seed key.

When a user requests withdrawal of digital assets or proof of balance, the encryption key issuing server (950) creates a withdrawal script using the public key and restored private key entered by the user, and sends the written script to the blockchain network (990). send to

In the present invention, the encryption key issuing server differs from the conventional digital asset exchange in the following aspects.

First, because the encryption key issuing server manages the KYC-verified owner's account, transactions can be performed using the owner's real name. Therefore, there is an advantage in that digital asset transactions become transparent.

Second, the account stored on the encryption key issuing server can also be accessed through the owner's identity information. Previously, in order to trade digital assets, you had to know the account information and private key for each exchange, and if either one was lost or forgotten, the corresponding digital asset could not be accessed forever, leading to the loss of valuable digital assets. However, by using the encryption key issuing server according to the present invention, the owner only needs to remember account information for his/her encryption key issuing server, and the account can be accessed using not only a complex password but also the user's own identity information. there is. In this case, technologies such as OTP can be used to enhance security.

Third, because the security sensor encrypts the secret key and generates and stores the hidden secret key, it can fundamentally prevent the leakage of the secret key. This can also be understood as replacing the private key with a double secret key.

Fourth, since the encryption key issuing server according to the present invention manages all stored information through its own security solution, hacking is impossible, and the loss, theft, copying, or hacking of the private key is impossible.

Lastly, the encryption key issuing server according to the present invention can prove the balance of digital assets held along with personal identity information, so digital assets can be provided as collateral, and digital assets can be provided as collateral according to collateral conditions. Since withdrawals can be prevented, the value of the collateral can be maintained.

The present invention has been described with reference to the embodiments shown in the drawings, but these are merely exemplary, and those skilled in the art will understand that various modifications and other equivalent embodiments are possible therefrom.

Additionally, the method according to the present invention can be implemented as computer-readable code on a computer-readable recording medium. Computer-readable recording media may include all types of recording devices that store data that can be read by a computer system. Examples of computer-readable recording media include ROM, RAM, CD-ROM, magnetic tape, floppy disk, and optical data storage devices, and can also be implemented in the form of a carrier wave (e.g., transmitted via the Internet). Includes. Additionally, the computer-readable recording medium may store computer-readable code that can be executed in a distributed manner by a distributed computer system connected to a network.

In the terms used in this specification, singular expressions should be understood to include plural expressions, unless clearly interpreted differently from the context, and terms such as “including” refer to the described features, numbers, steps, operations, and components. , it means the existence of parts or a combination thereof, but should be understood as not excluding the possibility of the presence or addition of one or more other features, numbers, step operation components, parts, or combinations thereof. In addition, terms such as "... unit", "... unit", "module", and "block" used in the specification refer to a unit that processes at least one function or operation, which is hardware, software, or hardware. and software.

Accordingly, the present embodiment and the drawings attached to this specification only clearly show a part of the technical idea included in the present invention, and those skilled in the art can easily understand the technical idea included in the specification and drawings of the present invention. It will be obvious that all inferable modifications and specific embodiments are included in the scope of the present invention.

The present invention can be applied to blockchain technology, and especially to the field of digital asset trading, which safely stores digital assets despite the security level of the exchange and enables property verification using digital assets.

910: Exchange 920, 930: User
950: Encryption key issuing server 990: Blockchain network

Claims (14)

As a method of providing a balance verification service to prove the balance held by a user who owns digital assets distributed in a blockchain network,
In the encryption key issuing server that issues encryption keys for trading digital assets, in response to a request from a user who has joined the encryption key issuing server, the device is used to restore the lost private key when the private key is lost. Generating a seed key;
Generating, at the encryption key issuing server, a private key unique to the user based on the seed key and a public key representing the user's account for storing the digital asset in the blockchain network;
In the encryption key issuing server, an encryption algorithm is applied to the seed key to generate a secret key and provided to the user along with the public key, and a one-way encryption algorithm is applied to the generated secret key to create a hidden secret key ( Generating and storing a concealed secret key; and
When withdrawal of digital assets is requested, the encryption key issuing server encrypts the secret key entered by the user and authenticates it by comparing it with the hidden secret key. When the entered secret key is authenticated, the seed key is inferred and the user's personal information is verified. Recovering the key and performing withdrawal of digital assets from the blockchain network using the public key and the restored private key,
When a user requests proof of the balance of the digital asset, the encryption key issuing server authenticates the secret key entered by the user, and uses the public key of the authenticated user to verify the balance of the user's digital asset in the blockchain network. A method of proving the balance of a digital asset, characterized in that it further includes a balance proof step of confirming and providing it to the user. delete According to paragraph 1,
The method is:
It includes a KYC (know your customer) authentication step in which the encryption key issuing server authenticates the owner's identity information through an identity certificate issued by a certification authority,
The balance verification step is,
In response to the user's request, the encryption key issuing server generates a digital balance certificate containing the user's identity information and the balance of the user's digital assets whose identity information is authenticated, and provides the user to the user. , A method of proving the balance of digital assets. According to paragraph 3,
The digital balance certificate can be provided to a third party as collateral to prove the user's digital assets,
The method is:
When the digital balance certificate is provided as collateral to a third party, the encryption key issuing server ensures that the digital assets are transferred from the user's account to another account based on the collateral value and collateral conditions of the digital assets provided as collateral. A method for proving the balance of a digital asset, further comprising the step of guaranteeing the collateral value of the digital asset according to the collateral conditions. According to paragraph 3,
The seed key is generated using at least one of the user's IP address, the MAC address of the device used by the user to access the encryption key issuing server, browser version, access time, and email address,
A method for proving the balance of digital assets, characterized in that the identity certificate is issued using at least one of the user's resident registration number, photo, biometric information, and mobile phone information. According to paragraph 3,
The KYC authentication step is,
A method for proving the balance of digital assets, characterized in that it is configured to increase the level of security by using a one time password (OTP) when trading the digital assets. According to paragraph 1,
The step of performing the withdrawal of the digital asset is,
Generating an encrypted secret key by one-way encrypting the secret key entered by the user when requesting withdrawal of digital assets,
Comparing the generated encrypted secret key with the stored hidden secret key, and if the encrypted secret key matches the hidden secret key, inferring the seed key to restore the user's private key;
Generating a withdrawal script containing the public key of the digital asset withdrawal destination, signing the generated withdrawal script with the user's restored private key, encrypting the signed withdrawal script and transmitting it to the blockchain network, and
A method for proving the balance of digital assets, comprising receiving a withdrawal result from the blockchain network and providing it to the user. It is a balance proof system to prove the balance held by users who own digital assets distributed in the blockchain network,
It includes an encryption key issuing server that issues encryption keys for trading digital assets,
The encryption key issuing server is,
In response to a request from a user who has subscribed to the encryption key issuing server, generating a seed key used to restore the lost private key when the private key is lost;
An operation of generating a private key unique to the user based on the seed key and a public key representing the user's account for storing the digital asset in the blockchain network;
By applying an encryption algorithm to the seed key, a secret key is generated and provided to the user along with the public key, and a one-way encryption algorithm is applied to the generated secret key to generate a concealed secret key. The action of saving; and
When withdrawal of digital assets is requested, the secret key entered by the user is encrypted and authenticated by comparing it with the hidden secret key. When the entered secret key is authenticated, the seed key is inferred to restore the user's private key, and the public key is And configured to perform an operation to withdraw digital assets from the blockchain network using the restored private key,
The encryption key issuing server is,
When a user requests proof of the balance of the digital asset, the private key entered by the user is authenticated, and the balance of the user's digital asset is confirmed in the blockchain network using the authenticated user's public key, and the balance is provided to the user. A balance verification system for digital assets, characterized in that it is configured to further perform verification operations. delete According to clause 8,
The encryption key issuing server is,
The encryption key issuing server is configured to further perform a KYC (know your customer) authentication operation to authenticate the owner's identity information through an identity certificate issued by a certification authority,
The balance proof operation is,
In response to the user's request, the encryption key issuing server generates a digital balance certificate containing the user's identity information and the balance of the user's digital assets whose identity information is authenticated, and provides the user to the user. , a balance proof system for digital assets. According to clause 10,
The digital balance certificate can be provided to a third party as collateral to prove the user's digital assets,
The encryption key issuing server is,
When the digital balance certificate is provided as collateral to a third party, the digital assets are prohibited from being transferred from the user's account to another account based on the collateral value and collateral conditions of the digital assets provided as collateral, and the collateral conditions are Accordingly, a balance proof system for digital assets, characterized in that it is configured to further perform an operation to guarantee the collateral value of the digital assets. According to clause 10,
The seed key is generated using at least one of the user's IP address, the MAC address of the device used by the user to access the encryption key issuing server, browser version, access time, and email address,
A digital asset balance verification system, characterized in that the identity certificate is issued using at least one of the user's resident registration number, photo, biometric information, and mobile phone information. According to clause 10,
The encryption key issuing server is,
A balance verification system for digital assets, characterized in that it is configured to increase the level of security by using a one-time password (OTP) when performing the KYC authentication operation when trading the digital assets. According to clause 8,
The operation of performing the withdrawal of the digital asset is,
Generating an encrypted secret key by one-way encrypting the secret key entered by the user when requesting withdrawal of digital assets,
Comparing the generated encrypted secret key with the stored hidden secret key, and if the encrypted secret key matches the hidden secret key, inferring the seed key to restore the user's private key;
Generating a withdrawal script containing the public key of the digital asset withdrawal destination, signing the generated withdrawal script with the user's restored private key, encrypting the signed withdrawal script and transmitting it to the blockchain network, and
A balance proof system for digital assets, comprising receiving a withdrawal result from the blockchain network and providing it to the user.