DE-112024002794-T5 - IDENTIFICATION INFORMATION MANAGEMENT PROCEDURES, SERVER AND PROGRAM

Abstract

A delivery server (1) issues a decentralized identifier (DID), a private key associated with the DID, and a public key corresponding to the private key, based on a request from a user device (4). The delivery server (1) communicates with the user device (4) to identify the type of user device. The delivery server (1) then stores the private key in a secure area corresponding to the type of user device and registers the DID and the public key in a blockchain-based ledger.

Inventors

• XU XIN

Assignees

• DENSO CORP

Dates

Publication Date

20260507

Application Date

20240625

Priority Date

20230630

Claims (7)

1. Identification information management procedure, comprising: Submitting, upon request from a device, an identifier, a private key associated with the identifier, and a public key corresponding to the private key; Retrieving data from the device specifying its type to identify the device type; Specifying a secure area in which to store the private key, based on the device type; Stored in the secure area; and Registered in a blockchain-based ledger.
2. Identification Information Management Procedures according to Claim 1 , where the identifier is a distributed identifier that includes a string specifying a DID procedure and a DID procedure-specific identifier.
3. Identification Information Management Procedures according to Claim 1 , where the secure area is a storage area that is physically or logically separated from a normal area, and the normal area is a storage area in which data is stored without being encrypted.
4. Identification Information Management Procedures according to Claim 1 , furthermore comprehensively: presenting a message to a user of the device to request the user to obtain the safe area when the device does not have the safe area.
5. Identification Information Management Procedures according to Claim 1 , further comprising: receiving, from the device, a data record including a message, a signature value generated from the message and the private key, and the identifier; obtaining the public key associated with the identifier from the register based on the identifier contained in the data record; verifying the authenticity of the signature value using the public key; and performing processing corresponding to the message if the signature value is valid.
6. A server configured to manage identification information by performing the following actions: Submitting, upon request from a device used by a user, an identifier, a private key associated with the identifier, and a public key corresponding to the private key; Retrieving data from the device specifying its type to identify the device type; Specifying a secure area to store the private key, based on the device type; Sending a signal to the device instructing it to store the private key in the secure area; and Registering the identifier and public key in a blockchain-based ledger.
7. A program containing instructions configured to cause a computer of a device used by a user to: accept a delivery request of an identifier via an input device; send a request signal to a server to request delivery of the identifier based on receiving the delivery request; send data to the server specifying the device type; and receive from the server a private key associated with the identifier and store the private key in a memory area specified by the server.

Description

CROSS-REFERENCE TO RELATED REGISTRATIONS This application is based on Japanese patent application number 2023-107836, filed on June 30, 2023, the disclosure of which is incorporated in its entirety by reference. TECHNICAL AREA The present disclosure relates to a technique for verifying the validity of received data. STATE OF THE ART One method for managing digital identities is DIDs (Decentralized Identifiers), proposed by the World Wide Web Consortium. DIDs is a technology/mechanism that uses a distributed ledger system, such as a blockchain, to distribute and manage digital identities. Patent document 1 discloses a method for authenticating a user attempting to log in to a platform using the DIDs mechanism. Digital signatures generated with a private key are used for user authentication and data verification. LITERATURE ON THE STATE OF THE ART PATENT LITERATURE Patent document 1: JP 2021-111412 A OVERVIEW OF THE INVENTION Current DIDs do not specify the location of the private key within the user device, nor do they include a mechanism to restrict its location. Furthermore, depending on the type of user device, the medium on which the private key is stored may have varying levels of security. This type can be interpreted as a specification, function, or requirement. For this reason, depending on the type of user device, the private key may be stored in a memory area with a low level of security. A low level of security increases the risk of the private key being leaked. If the private key is leaked from the user device, DID-based services may be compromised. The present disclosure was prepared in light of the foregoing circumstances and one of its purposes is to provide a technology capable of reducing the risk of unauthorized use of a service. The identification information management procedure disclosed herein includes: submitting, based on a request from a device, an identifier, a private key associated with the identifier, and a public key corresponding to the private key; obtaining data specifying a device type from the device to identify the device type; specifying a secure area in which to store the private key, based on the device type; storing the private key in the secure area; and registering the identifier and the public key in a blockchain-based ledger. According to the procedure described above, the storage location of the private key is set to an area predefined as a secure area according to the device type. This reduces the risk of the private key being leaked and used illegally. As a result, the risk of unauthorized use of the service can be reduced. A server, included in this disclosure, for managing identification information is configured to, based on a request from a device used by a user: issue an identifier, a private key associated with the identifier, and a public key corresponding to the private key; obtain data from the device specifying the device type in order to identify the device type; specify a secure area in which to store the private key, based on the identified device type; send an instruction signal to the device to store the private key in the secure area; and register the identifier and the public key in a blockchain-based ledger. A program included in the present disclosure includes instructions to cause a computer provided in a device used by a user to: receive a request to provide an identifier via an input device; send a request signal to a server to request the submission of an identifier based on receiving the request to submit the identifier; sending data specifying the device type to the server; receiving a private key associated with the identifier from the server; and storing the private key in a memory area specified by the server. The reference numerals in parentheses described in the claims simply indicate a correspondence to the specific means described in the embodiment that is an example of the present disclosure. That is to say, the technical scope of the present disclosure is not necessarily limited thereto. BRIEF DESCRIPTION OF THE DRAWINGS 1 is a diagram that shows an overall configuration of an ID management system.2 is a diagram that shows a configuration of a user device.3 is a diagram showing the configuration of a delivery server.4 This is a functional block diagram of a delivery server.5 is a functional block diagram of a service server.6 is a flowchart that shows a procedure for outputting and registering a key pair and a DID.7 This is a diagram to explain a DID configuration.8 is a diagram showing an example of a DID document.9 is a diagram showing another example of a DID document.10 This is a flowchart that shows a message validation process.11 This is a diagram to illustrate an example of a service provisioning procedure using a DID. DESCRIPTION OF EXECUTION FORMS An embodiment of the present disclosure is described below with reference to the drawings. The present disclosure is not limited to the following embodiment. The configuration