Large-scale simultaneous digital signature service system based on hash function and method thereof

US 10,091,004 B2
Filed: 02/26/2016
Issued: 10/02/2018
Est. Priority Date: 11/17/2015
Status: Active Grant

First Claim

Patent Images

1. A system for a simultaneous digital signature service based on a hash function, comprising:

a plurality of digital signature target terminals;

a plurality of digital signature service provision servers for providing a simultaneous digital signature service based on distributed processing of a hash chain of a hash tree in response to a request to generate a digital signature from each of the digital signature target terminals;

a digital signature service configuration server for constructing the hash tree having a hierarchical structure that is preset in order to perform parallel distributed processing for generating a digital signature according to a digital signature service performance right based on unique authentication information provided by each of the digital signature service provision servers; and

a digital signature service relay server for enabling access to any one digital signature service provision server, selected from among currently available digital signature service provision servers, in response to a request for accessing the digital signature service from each of the digital signature target terminals,wherein when one of the digital signature service provision servers is newly registered by the digital signature service configuration server,the newly registered digital signature service provision server transmits a message that requests issue of a unique authentication token for digital signature service interworking authorization to the digital signature service configuration server, using unique authentication information;

the digital signature service configuration server compares the unique authentication information, transmitted from the newly registered digital signature service provision server, with previously stored unique authentication information, generates and encrypts both the unique authentication token for the unique authentication information and information about digital signature service interworking if the newly registered digital signature service provision server has the digital signature service performance right, and transmits the encrypted token and the encrypted information to the newly registered digital signature service provision server;

the newly registered digital signature service provision server decrypts the encrypted unique authentication token and the encrypted information about digital signature service interworking, which are transmitted from the digital signature service configuration server, and transmits a message that requests approval of the digital signature service interworking authorization using the unique authentication token according to a list of digital signature service provision servers to be accessed, which is included in the decrypted information about digital signature service interworking; and

each of the digital signature service provision servers to be accessed decrypts the unique authentication token, transmitted from the newly registered digital signature service provision server, by interworking with the digital signature service configuration server, and transmits a result of the approval of the digital signature service interworking authorization to the newly registered digital signature service provision server when decrypting is successfully performed, andwherein the information about digital signature service interworking includes a list of the digital signature service provision servers to be accessed, a position of a hash subtree to be processed, and information about a service right;

when the digital signature service provision server performs the simultaneous digital signature service depending on a specific server administrator, the unique authentication information includes at least one of unique identification information of the server administrator, selected from among an ID and password of the server administrator, biometric information of the server administrator, and authentication information generated by a private key based on a One-Time Password (OTP) and a Public key Infrastructure (PKI); and

when the digital signature service provision server performs the simultaneous digital signature service depending on specific server hardware, the unique authentication information includes at least one of unique identification information of a device, selected from among a name of the device, a password of the device, a serial number of the device, a kind of the device, a manufacturer of the device, a Media Access Control (MAC) address of the device, a unique Internet Protocol (IP) address of the device, a model and version of the device, a secret key of the device, and authentication information of the device, generated by a private key based on a PKI.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are a system and method of a large-scale simultaneous digital signature service based on a hash function. According to the system and method, the main agent that requires the generation of a digital signature does not itself generate the digital signature, and digital signatures may be simultaneously and stably generated for large-scale data such as multiple electronic documents and digital data, using a hash function and a hash tree, which are known as a simple and secure method, to guarantee the integrity of the data in a digital signature-based structure based on multiple servers.

Citations

13 Claims

1. A system for a simultaneous digital signature service based on a hash function, comprising:
- a plurality of digital signature target terminals;
  
  a plurality of digital signature service provision servers for providing a simultaneous digital signature service based on distributed processing of a hash chain of a hash tree in response to a request to generate a digital signature from each of the digital signature target terminals;
  
  a digital signature service configuration server for constructing the hash tree having a hierarchical structure that is preset in order to perform parallel distributed processing for generating a digital signature according to a digital signature service performance right based on unique authentication information provided by each of the digital signature service provision servers; and
  
  a digital signature service relay server for enabling access to any one digital signature service provision server, selected from among currently available digital signature service provision servers, in response to a request for accessing the digital signature service from each of the digital signature target terminals,wherein when one of the digital signature service provision servers is newly registered by the digital signature service configuration server,the newly registered digital signature service provision server transmits a message that requests issue of a unique authentication token for digital signature service interworking authorization to the digital signature service configuration server, using unique authentication information;
  
  the digital signature service configuration server compares the unique authentication information, transmitted from the newly registered digital signature service provision server, with previously stored unique authentication information, generates and encrypts both the unique authentication token for the unique authentication information and information about digital signature service interworking if the newly registered digital signature service provision server has the digital signature service performance right, and transmits the encrypted token and the encrypted information to the newly registered digital signature service provision server;
  
  the newly registered digital signature service provision server decrypts the encrypted unique authentication token and the encrypted information about digital signature service interworking, which are transmitted from the digital signature service configuration server, and transmits a message that requests approval of the digital signature service interworking authorization using the unique authentication token according to a list of digital signature service provision servers to be accessed, which is included in the decrypted information about digital signature service interworking; and
  
  each of the digital signature service provision servers to be accessed decrypts the unique authentication token, transmitted from the newly registered digital signature service provision server, by interworking with the digital signature service configuration server, and transmits a result of the approval of the digital signature service interworking authorization to the newly registered digital signature service provision server when decrypting is successfully performed, andwherein the information about digital signature service interworking includes a list of the digital signature service provision servers to be accessed, a position of a hash subtree to be processed, and information about a service right;
  
  when the digital signature service provision server performs the simultaneous digital signature service depending on a specific server administrator, the unique authentication information includes at least one of unique identification information of the server administrator, selected from among an ID and password of the server administrator, biometric information of the server administrator, and authentication information generated by a private key based on a One-Time Password (OTP) and a Public key Infrastructure (PKI); and
  
  when the digital signature service provision server performs the simultaneous digital signature service depending on specific server hardware, the unique authentication information includes at least one of unique identification information of a device, selected from among a name of the device, a password of the device, a serial number of the device, a kind of the device, a manufacturer of the device, a Media Access Control (MAC) address of the device, a unique Internet Protocol (IP) address of the device, a model and version of the device, a secret key of the device, and authentication information of the device, generated by a private key based on a PKI.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein:
    - each of the digital signature target terminals transmits a request message for accessing the digital signature service to the digital signature service relay server;
      
      the digital signature service relay server receives the request message for accessing the digital signature service from each of the digital signature target terminals, generates information for accessing any one digital signature service provision server, selected from among the currently available digital signature service provision servers, and transmits the information for accessing the digital signature service provision server to a corresponding digital signature target terminal; and
      
      the corresponding digital signature target terminal accesses the corresponding digital signature service provision server using the information for accessing the digital signature service provision server, transmitted from the digital signature service relay server.
  - 3. The system of claim 2, wherein the information for accessing the digital signature service provision server includes at least one of a unique IP address of the digital signature service provision server, a kind of a network protocol, and a kind of a messaging protocol.
  - 4. The system of claim 1, further comprising an authentication server that generates and encrypts a unique authentication token and transmits the unique authentication token to a corresponding digital signature target terminal, when entity authentication information, received from each of the digital signature target terminals, is identical to previously stored entity authentication information,wherein:
    - each of the digital signature service provision servers decrypts the unique authentication token, transmitted from each of the digital signature target terminals, by interworking with the authentication server, and transmits a result of approval of authentication to a corresponding digital signature target terminal when decrypting is successfully performed;
      
      the corresponding digital signature target terminal transmits a hash value of digital signature target data, which is generated by a predetermined hash function, along with entity identification information to a digital signature service provision server, which is selected by the digital signature service relay server; and
      
      the digital signature service provision server, selected by the digital signature service relay server, generates a new hash value by combining the hash value of the digital signature target data with the entity identification information, which are transmitted from the corresponding digital signature target terminal, generates a unique digital signature based on a hash chain of the constructed hash tree, using the generated new hash value, and transmits the unique digital signature to the corresponding digital signature target terminal.
  - 5. The system of claim 4, wherein:
    - when each of the digital signature target terminals is a user terminal with which a specific user requests a digital signature, the entity authentication information includes at least one of unique identification information of the user, selected from among a membership ID and password of the user, a Social Security number, a phone number, biometric information, a One-Time Password (OTP), a Public Key Infrastructure (PKI), and authentication certificate information; and
      
      when each of the digital signature target terminals is an electronic device capable of data communication, the entity authentication information includes at least one of unique identification information of the device, selected from among a name of the device, a password of the device, a serial number of the device, a kind of the device, a manufacturer of the device, a Media Access Control (MAC) address of the device, a unique Internet Protocol (IP) address of the device, a model and version of the device, a secret key of the device, and authentication information of the device, generated through a private key based on a PKI.
  - 6. The system of claim 4, wherein each of the digital signature service provision servers temporarily stores the generated new hash value in a memory queue, and then reads the new hash value, temporarily stored in the memory queue, at predetermined time intervals, to be used for construction of the hash tree;
    - andcomputes a value of a root node of the constructed hash tree by interworking with a digital signature service provision server, linked with the hash chain of the constructed hash tree, and then generates the unique digital signature through the value.

7. A method of performing a simultaneous digital signature service based on a hash function, using a system including a plurality of digital signature target terminals, a plurality of digital signature service provision servers, a digital signature service configuration server and a digital signature service relay server, the method comprising:
- (a) constructing, by the digital signature service configuration server, a hash tree having a hierarchical structure that is preset in order to perform parallel distributed processing for generating a digital signature according to a digital signature service performance right based on unique authentication information provided by each of the digital signature service provision servers;
  
  (b) relaying, by the digital signature service relay server, a connection in order to enable access to any one digital signature service provision server, selected from among currently available digital signature service provision servers, in response to a request for accessing a digital signature service from each of the digital signature target terminals; and
  
  (c) providing, by the digital signature service provision server selected in step (b), a simultaneous digital signature service based on distributed processing of a hash chain of the hash tree constructed in step (a) in response to a request to generate a digital signature from each of the digital signature target terminals,wherein when one of the digital signature service provision servers is newly registered through the digital signature service configuration server, step (a) comprises;
  
  transmitting, by the newly registered digital signature service provision server, a message that requests issue of a unique authentication token for digital signature service interworking authorization to the digital signature service configuration server, using unique authentication information;
  
  by the digital signature service configuration server, comparing the unique authentication information, transmitted from the newly registered digital signature service provision server, with previously stored unique authentication information, generating and encrypting both the unique authentication token for the unique authentication information and information about digital signature service interworking if the newly registered digital signature service provision server has the digital signature service performance right, and transmitting the encrypted token and the encrypted information to the newly registered digital signature service provision server;
  
  by the newly registered digital signature service provision server, decrypting the encrypted unique authentication token and the encrypted information about digital signature service interworking, which are transmitted from the digital signature service configuration server, and transmitting a message that requests approval of the digital signature service interworking authorization using the unique authentication token according to a list of digital signature service provision servers to be accessed, which is included in the decrypted information about digital signature service interworking; and
  
  by each of the digital signature service provision servers to be accessed, decrypting the unique authentication token, transmitted from the newly registered digital signature service provision server, by interworking with the digital signature service configuration server, and transmitting a result of the approval of the digital signature service interworking authorization to the newly registered digital signature service provision server when decrypting is successfully performed, andwherein the information about digital signature service interworking includes a list of the digital signature service provision servers to be accessed, a position of a hash subtree to be processed, and information about a service right;
  
  when the digital signature service provision server performs the simultaneous digital signature service depending on a specific server administrator, the unique authentication information includes at least one of unique identification information of the server administrator, selected from among an ID and password of the server administrator, biometric information of the server administrator, and authentication information generated by a private key based on a One-Time Password (OTP) and a Public key Infrastructure (PKI); and
  
  when the digital signature service provision server performs the simultaneous digital signature service depending on specific server hardware, the unique authentication information includes at least one of unique identification information of a device, selected from among a name of the device, a password of the device, a serial number of the device, a kind of the device, a manufacturer of the device, a Media Access Control (MAC) address of the device, a unique Internet Protocol (IP) address of the device, a model and version of the device, a secret key of the device, and authentication information of the device, generated by a private key based on a PKI.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein step (b) comprises:
    - (b-1) transmitting, by each of the digital signature target terminals, a request message for accessing a digital signature service to the digital signature service relay server; and
      
      (b-2) by the digital signature service relay server, receiving the request message for accessing the digital signature service, transmitted at step (b-1), generating information for accessing any one digital signature service provision server, selected from among the currently available digital signature service provision servers, and transmitting the information for accessing the digital signature service provision server to a corresponding digital signature target terminal,wherein the corresponding digital signature target terminal accesses the corresponding digital signature service provision server using the information for accessing the digital signature service provision server, transmitted in step (b-2).
  - 9. The method of claim 8, wherein in step (b-2), the information for accessing the digital signature service provision server includes at least one of a unique IP address of the digital signature service provision server, a kind of a network protocol, and a kind of a messaging protocol.
  - 10. The method of claim 7, wherein step (c) comprises:
    - (c-1) requesting, by each of the digital signature target terminals, approval of entity authentication by transmitting entity authentication information to a separate authentication server;
      
      (c-2) by the authentication server, generating and encrypting a unique authentication token and transmitting the unique authentication token to a corresponding digital signature target terminal, when the entity authentication information transmitted at step (c-1) is identical to previously stored entity authentication information;
      
      (c-3) requesting, by each of the digital signature target terminals, approval of entity authentication by transmitting the unique authentication token transmitted in step (c-2) to the digital signature service provision server;
      
      (c-4) by the digital signature service provision server, decrypting the unique authentication token transmitted in step (c-3) by interworking with the authentication server, and transmitting a result of approval of the authentication to a corresponding digital signature target terminal when decrypting is successfully performed;
      
      (c-5) requesting, by the corresponding digital signature target terminal, a digital signature by transmitting a hash value of digital signature target data, which is generated by a predetermined hash function, along with entity identification information to the digital signature service provision server, which is selected by the digital signature service relay server; and
      
      (c-6) by the digital signature service provision server selected by the digital signature service relay server, generating a new hash value by combining the hash value of the digital signature target data with the entity identification information, which are transmitted in step (c-5), generating a unique digital signature based on a hash chain of the constructed hash tree by using the generated new hash value, and transmitting the unique digital signature to the corresponding digital signature target terminal.
  - 11. The method of claim 10, wherein:
    - when each of the digital signature target terminals is a user terminal with which a specific user requests a digital signature, the entity authentication information includes at least one of unique identification information of the user, selected from among a membership ID and password of the user, a Social Security number, a phone number, biometric information, a One-Time Password (OTP), a Public Key Infrastructure (PKI), and authentication certificate information; and
      
      when each of the digital signature target terminals is an electronic device capable of data communication, the entity authentication information includes at least one of unique identification information of the device, selected from among a name of the device, a password of the device, a serial number of the device, a kind of the device, a manufacturer of the device, a Media Access Control (MAC) address of the device, a unique Internet Protocol (IP) address of the device, a model and version of the device, a secret key of the device, and authentication information of the device generated through a private key based on a PKI.
  - 12. The method of claim 10, wherein, in step (c-6), each of the digital signature service provision servers temporarily stores the generated new hash value in a memory queue, and then reads the generated new hash value, temporarily stored in the memory queue, at predetermined time intervals, to be used for construction of the hash tree;
    - andcomputes a value of a root node of the constructed hash tree by interworking with a digital signature service provision server, linked with the hash chain of the constructed hash tree, and then generates the unique digital signature through the value.
  - 13. A computer-readable recording medium in which a program for implementing the method of claim 7 is recorded.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MarkAny, Inc.
Original Assignee
MarkAny, Inc.
Inventors
Ryu, Ho-il, Choi, Ji-sung, Lee, Dong-uk
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US15/054,976
Publication Number

US 20170141924A1
Time in Patent Office

949 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 63/123   received data contents, e.g...

H04L 9/3228   One-time or temporary data,...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Large-scale simultaneous digital signature service system based on hash function and method thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Large-scale simultaneous digital signature service system based on hash function and method thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links