Search

KR-20260063115-A - APPARATUS FOR USER DELEGATION WITH GUARANTEED ANONYMITY AND METHOD USING THE SAME

KR20260063115AKR 20260063115 AKR20260063115 AKR 20260063115AKR-20260063115-A

Abstract

The present invention relates to a user authority delegation device and a method using the same. According to one embodiment of the present invention, the user authority delegation device comprises a communication unit, a storage unit, and a processor operably connected to the communication unit and the storage unit. The processor receives a user anonymous distributed identifier, an agent anonymous distributed identifier, and a claim from a user terminal device, generates a verifiable credential (VC) based on the user authority delegation device distributed identifier, the user anonymous distributed identifier, the claim, and data of a blockchain, and is configured to generate a verifiable credential for delegation based on the user anonymous distributed identifier and the agent anonymous distributed identifier.

Inventors

  • 이임영
  • 김태훈

Assignees

  • 순천향대학교 산학협력단

Dates

Publication Date
20260507
Application Date
20241030

Claims (11)

  1. Communications Department; Storage unit; and It includes a processor operably connected to the communication unit and the storage unit, and The above processor is, Receive a user anonymous distributed identifier, an agent anonymous distributed identifier, and a claim from a user terminal device, and Generating a verifiable credential (VC) based on the user authorization delegation device distributed identifier, the user anonymous distributed identifier, and the data of the claim and blockchain, and A user authority delegation device configured to generate verifiable credentials for delegation based on a user anonymous distributed identifier and an agent anonymous distributed identifier.
  2. In paragraph 1, The above processor is, Generate public parameters through security parameters, and Generate a public key based on the private key, and A distributed identifier (DID) is generated using the above public key and timestamp, and A user authority delegation device further configured to generate a distributed identifier document (DDO) through the above public key and the above distributed identifier.
  3. In paragraph 2, The above distributed identifier document is, User authorization delegation device signed based on the Elliptic Curve Digital Signature Algorithm (ECDSA).
  4. In paragraph 2, The above processor is, When a request to generate an anonymous distributed identifier is received from the above user terminal device, Perform commitment verification for user commit values and delegate commit values, and Using the data of the above blockchain, verify the registration status of the above distributed identifier document and generate a Merkle root value, and A user authority delegation device further configured to generate the user anonymous distributed identifier through a non-interactive zero-knowledge proof based on the user commit value, the delegate commit value, the Merkle root value, and the public parameter.
  5. In paragraph 1, The above processor is, When a request to revoke agent delegation authority is received from the above user terminal device, Receive the user anonymous distributed identifier, the agent anonymous distributed identifier, and the verifiable credentials for delegation from the user terminal device, and A user authority delegation device further configured to verify verifiable credentials for the above delegation and add them to the revocation list of the above blockchain.
  6. As a user authority delegation method implemented by a processor, A step of receiving a user anonymous distributed identifier, an agent anonymous distributed identifier, and a claim from a user terminal device; A step of generating a verifiable credential (VC) based on a user authorization delegation device distributed identifier, the user anonymous distributed identifier, and the data of the claim and blockchain; A method for delegating user authority, comprising the step of generating verifiable credentials for delegation based on a user anonymous distributed identifier and an agent anonymous distributed identifier.
  7. In paragraph 6, Step of generating public parameters through security parameters; Step to generate a public key based on a private key: A step of generating a distributed identifier (DID) through the above public key and timestamp; and A user authority delegation method further comprising the step of generating a distributed identifier document (DDO) through the public key and the distributed identifier.
  8. In Paragraph 7, When a request for the generation of an anonymous distributed identifier is received from the above user terminal device, A step of performing commitment verification for user commit values and delegate commit values; A step of verifying the registration status of the distributed identifier document and generating a Merkle root value through the data of the blockchain; and A user authority delegation method further comprising the step of generating the user anonymous distributed identifier through a non-interactive zero-knowledge proof based on the user commit value, the delegate commit value, the Merkle root value, and the public parameter.
  9. In paragraph 6, When a request to revoke agent delegation authority is received from the above user terminal device, A step of receiving the user anonymous distributed identifier, the agent anonymous distributed identifier, and the verifiable credentials for delegation from the user terminal device; A method for delegating user authority, further comprising the step of verifying the verifiable credentials for delegation and adding them to the revocation list of the blockchain.
  10. Communications Department; Storage unit; and It includes a processor operably connected to the communication unit and the storage unit, and The above processor is, Receive a credential request from the service provider server, and Generate a verifiable presentation based on sequential aggregate signatures, and Generate a ciphertext based on the above verifiable presentation, agent commit value, agent distributed identifier, agent random value, and public key, and An agent terminal device configured to transmit the generated ciphertext to the service provider server.
  11. A user authority delegation device that generates verifiable credentials based on the authenticity of a claim and generates verifiable credentials for delegation based on the authenticity of an anonymous distributed identifier; and A user authority delegation system comprising: an agent terminal device that receives a verifiable presentation from a user terminal device, generates a reconstructed verifiable presentation in accordance with a request from a service provider server, and generates and provides a ciphertext.

Description

Apparatus for User Delegation with Guaranteed Anonymity and Method Using the Same The present invention relates to a user authority delegation device and a method using the same, and more specifically, to a device and a method using the same that guarantee anonymity and delegate user authority by utilizing sequential aggregate signatures, non-interactive zero-knowledge proof (NIZK) proofs, and Merkle tree methods. In the case of conventional user delegation, the limitations of centralized systems were overcome by utilizing Decentralized Identifiers (DIDs) to enable user-centric data management, selective disclosure, and sovereign security. However, user delegation utilizing distributed identifiers had disadvantages, such as restrictions regarding the legal protection of minors, the loss or damage of devices, and cases where a guardian of an immobile patient needed to obtain a prescription on their behalf. Additionally, current distributed identifiers struggle to support situations where a representative is temporarily or permanently delegated authority or identity information. Accordingly, the field of distributed identifiers is required to meet the complex requirements of the modern service environment in the contexts of legal, medical, and personal data management. FIG. 1 is a block diagram of a user authority delegation system according to an embodiment of the present invention. FIGS. 2 to 6 are flowcharts of a user authority delegation device, a user terminal device, an agent terminal device, a service provider server, and a blockchain according to an embodiment of the present invention. FIG. 7 is a flowchart of a user authority delegation method according to an embodiment of the present invention. Specific structural or functional descriptions of embodiments according to the concept of the present invention disclosed herein are provided merely for the purpose of explaining embodiments according to the concept of the present invention, and embodiments according to the concept of the present invention may be implemented in various forms and are not limited to the embodiments described herein. Embodiments according to the concept of the present invention may be subject to various modifications and may take various forms; therefore, embodiments are illustrated in the drawings and described in detail in this specification. However, this is not intended to limit the embodiments according to the concept of the present invention to specific disclosed forms, and includes modifications, equivalents, or substitutions that fall within the spirit and scope of the present invention. Terms such as "first" or "second" may be used to describe various components, but said components should not be limited by said terms. For the sole purpose of distinguishing one component from another, for example, without departing from the scope of rights according to the concept of the present invention, the first component may be named the second component, and similarly, the second component may be named the first component. When it is stated that one component is "connected" or "connected" to another component, it should be understood that while it may be directly connected or connected to that other component, there may also be other components in between. Conversely, when it is stated that one component is "directly connected" or "directly connected" to another component, it should be understood that there are no other components in between. Expressions describing the relationships between components, such as "between," "exactly between," or "directly adjacent to," should be interpreted in the same way. The terms used herein are used merely to describe specific embodiments and are not intended to limit the invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this specification, terms such as “comprising” or “having” are intended to specify the existence of the described features, numbers, steps, actions, components, parts, or combinations thereof, and should be understood as not precluding the existence or addition of one or more other features, numbers, steps, actions, components, parts, or combinations thereof. Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as generally understood by those skilled in the art to which the present invention pertains. Terms such as those defined in commonly used dictionaries should be interpreted as having a meaning consistent with their meaning in the context of the relevant technology, and should not be interpreted in an ideal or overly formal sense unless explicitly defined in this specification. Hereinafter, embodiments will be described in detail with reference to the attached drawings. However, the scope of the patent application is not limited or restricted by these embodiments. Identical reference numerals in each drawing indicate identical components. FIG. 1 is a block