Large-scale simultaneous digital signature service system based on hash function and method thereof
First Claim
Patent Images
1. A system for a simultaneous digital signature service based on a hash function, comprising:
- a plurality of digital signature target terminals;
a plurality of digital signature service provision servers for providing a simultaneous digital signature service based on distributed processing of a hash chain of a hash tree in response to a request to generate a digital signature from each of the digital signature target terminals;
a digital signature service configuration server for constructing the hash tree having a hierarchical structure that is preset in order to perform parallel distributed processing for generating a digital signature according to a digital signature service performance right based on unique authentication information provided by each of the digital signature service provision servers; and
a digital signature service relay server for enabling access to any one digital signature service provision server, selected from among currently available digital signature service provision servers, in response to a request for accessing the digital signature service from each of the digital signature target terminals,wherein when one of the digital signature service provision servers is newly registered by the digital signature service configuration server,the newly registered digital signature service provision server transmits a message that requests issue of a unique authentication token for digital signature service interworking authorization to the digital signature service configuration server, using unique authentication information;
the digital signature service configuration server compares the unique authentication information, transmitted from the newly registered digital signature service provision server, with previously stored unique authentication information, generates and encrypts both the unique authentication token for the unique authentication information and information about digital signature service interworking if the newly registered digital signature service provision server has the digital signature service performance right, and transmits the encrypted token and the encrypted information to the newly registered digital signature service provision server;
the newly registered digital signature service provision server decrypts the encrypted unique authentication token and the encrypted information about digital signature service interworking, which are transmitted from the digital signature service configuration server, and transmits a message that requests approval of the digital signature service interworking authorization using the unique authentication token according to a list of digital signature service provision servers to be accessed, which is included in the decrypted information about digital signature service interworking; and
each of the digital signature service provision servers to be accessed decrypts the unique authentication token, transmitted from the newly registered digital signature service provision server, by interworking with the digital signature service configuration server, and transmits a result of the approval of the digital signature service interworking authorization to the newly registered digital signature service provision server when decrypting is successfully performed, andwherein the information about digital signature service interworking includes a list of the digital signature service provision servers to be accessed, a position of a hash subtree to be processed, and information about a service right;
when the digital signature service provision server performs the simultaneous digital signature service depending on a specific server administrator, the unique authentication information includes at least one of unique identification information of the server administrator, selected from among an ID and password of the server administrator, biometric information of the server administrator, and authentication information generated by a private key based on a One-Time Password (OTP) and a Public key Infrastructure (PKI); and
when the digital signature service provision server performs the simultaneous digital signature service depending on specific server hardware, the unique authentication information includes at least one of unique identification information of a device, selected from among a name of the device, a password of the device, a serial number of the device, a kind of the device, a manufacturer of the device, a Media Access Control (MAC) address of the device, a unique Internet Protocol (IP) address of the device, a model and version of the device, a secret key of the device, and authentication information of the device, generated by a private key based on a PKI.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are a system and method of a large-scale simultaneous digital signature service based on a hash function. According to the system and method, the main agent that requires the generation of a digital signature does not itself generate the digital signature, and digital signatures may be simultaneously and stably generated for large-scale data such as multiple electronic documents and digital data, using a hash function and a hash tree, which are known as a simple and secure method, to guarantee the integrity of the data in a digital signature-based structure based on multiple servers.
-
Citations
13 Claims
-
1. A system for a simultaneous digital signature service based on a hash function, comprising:
-
a plurality of digital signature target terminals; a plurality of digital signature service provision servers for providing a simultaneous digital signature service based on distributed processing of a hash chain of a hash tree in response to a request to generate a digital signature from each of the digital signature target terminals; a digital signature service configuration server for constructing the hash tree having a hierarchical structure that is preset in order to perform parallel distributed processing for generating a digital signature according to a digital signature service performance right based on unique authentication information provided by each of the digital signature service provision servers; and a digital signature service relay server for enabling access to any one digital signature service provision server, selected from among currently available digital signature service provision servers, in response to a request for accessing the digital signature service from each of the digital signature target terminals, wherein when one of the digital signature service provision servers is newly registered by the digital signature service configuration server, the newly registered digital signature service provision server transmits a message that requests issue of a unique authentication token for digital signature service interworking authorization to the digital signature service configuration server, using unique authentication information; the digital signature service configuration server compares the unique authentication information, transmitted from the newly registered digital signature service provision server, with previously stored unique authentication information, generates and encrypts both the unique authentication token for the unique authentication information and information about digital signature service interworking if the newly registered digital signature service provision server has the digital signature service performance right, and transmits the encrypted token and the encrypted information to the newly registered digital signature service provision server; the newly registered digital signature service provision server decrypts the encrypted unique authentication token and the encrypted information about digital signature service interworking, which are transmitted from the digital signature service configuration server, and transmits a message that requests approval of the digital signature service interworking authorization using the unique authentication token according to a list of digital signature service provision servers to be accessed, which is included in the decrypted information about digital signature service interworking; and each of the digital signature service provision servers to be accessed decrypts the unique authentication token, transmitted from the newly registered digital signature service provision server, by interworking with the digital signature service configuration server, and transmits a result of the approval of the digital signature service interworking authorization to the newly registered digital signature service provision server when decrypting is successfully performed, and wherein the information about digital signature service interworking includes a list of the digital signature service provision servers to be accessed, a position of a hash subtree to be processed, and information about a service right; when the digital signature service provision server performs the simultaneous digital signature service depending on a specific server administrator, the unique authentication information includes at least one of unique identification information of the server administrator, selected from among an ID and password of the server administrator, biometric information of the server administrator, and authentication information generated by a private key based on a One-Time Password (OTP) and a Public key Infrastructure (PKI); and when the digital signature service provision server performs the simultaneous digital signature service depending on specific server hardware, the unique authentication information includes at least one of unique identification information of a device, selected from among a name of the device, a password of the device, a serial number of the device, a kind of the device, a manufacturer of the device, a Media Access Control (MAC) address of the device, a unique Internet Protocol (IP) address of the device, a model and version of the device, a secret key of the device, and authentication information of the device, generated by a private key based on a PKI. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of performing a simultaneous digital signature service based on a hash function, using a system including a plurality of digital signature target terminals, a plurality of digital signature service provision servers, a digital signature service configuration server and a digital signature service relay server, the method comprising:
-
(a) constructing, by the digital signature service configuration server, a hash tree having a hierarchical structure that is preset in order to perform parallel distributed processing for generating a digital signature according to a digital signature service performance right based on unique authentication information provided by each of the digital signature service provision servers; (b) relaying, by the digital signature service relay server, a connection in order to enable access to any one digital signature service provision server, selected from among currently available digital signature service provision servers, in response to a request for accessing a digital signature service from each of the digital signature target terminals; and (c) providing, by the digital signature service provision server selected in step (b), a simultaneous digital signature service based on distributed processing of a hash chain of the hash tree constructed in step (a) in response to a request to generate a digital signature from each of the digital signature target terminals, wherein when one of the digital signature service provision servers is newly registered through the digital signature service configuration server, step (a) comprises; transmitting, by the newly registered digital signature service provision server, a message that requests issue of a unique authentication token for digital signature service interworking authorization to the digital signature service configuration server, using unique authentication information; by the digital signature service configuration server, comparing the unique authentication information, transmitted from the newly registered digital signature service provision server, with previously stored unique authentication information, generating and encrypting both the unique authentication token for the unique authentication information and information about digital signature service interworking if the newly registered digital signature service provision server has the digital signature service performance right, and transmitting the encrypted token and the encrypted information to the newly registered digital signature service provision server; by the newly registered digital signature service provision server, decrypting the encrypted unique authentication token and the encrypted information about digital signature service interworking, which are transmitted from the digital signature service configuration server, and transmitting a message that requests approval of the digital signature service interworking authorization using the unique authentication token according to a list of digital signature service provision servers to be accessed, which is included in the decrypted information about digital signature service interworking; and by each of the digital signature service provision servers to be accessed, decrypting the unique authentication token, transmitted from the newly registered digital signature service provision server, by interworking with the digital signature service configuration server, and transmitting a result of the approval of the digital signature service interworking authorization to the newly registered digital signature service provision server when decrypting is successfully performed, and wherein the information about digital signature service interworking includes a list of the digital signature service provision servers to be accessed, a position of a hash subtree to be processed, and information about a service right; when the digital signature service provision server performs the simultaneous digital signature service depending on a specific server administrator, the unique authentication information includes at least one of unique identification information of the server administrator, selected from among an ID and password of the server administrator, biometric information of the server administrator, and authentication information generated by a private key based on a One-Time Password (OTP) and a Public key Infrastructure (PKI); and when the digital signature service provision server performs the simultaneous digital signature service depending on specific server hardware, the unique authentication information includes at least one of unique identification information of a device, selected from among a name of the device, a password of the device, a serial number of the device, a kind of the device, a manufacturer of the device, a Media Access Control (MAC) address of the device, a unique Internet Protocol (IP) address of the device, a model and version of the device, a secret key of the device, and authentication information of the device, generated by a private key based on a PKI. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
Specification