KR-20260065175-A - System for protecting user privacy in a decentralized identity environment and method thereof

Abstract

The present invention relates to a system and method for protecting user privacy in a decentralized identity verification environment, and may include: a user device that requests the issuance of an identity certificate, performs zero-knowledge proof on the identity certificate, and receives and signs a submission certificate for the zero-knowledge proven identity certificate; an issuer device that verifies identity information and generates a public key for signing the identity certificate in accordance with the request of the user device; a blockchain server that distributes and stores the public key for signing the submission certificate provided by the user device and the public key for signing the identity certificate provided by the issuer device; a certificate management server that issues an identity certificate in accordance with the request of the issuer device and issues a submission certificate in accordance with the request of the user device; a verifier device that receives the submission certificate from the user device and verifies it using a zero-knowledge proof verification key; and a zero-knowledge proof server that issues a proof key required for zero-knowledge proof to the user device and issues a zero-knowledge proof verification key in accordance with the request of the verifier device.

Inventors

• 서창호
• 정수용
• 장재영

Assignees

• 국립공주대학교 산학협력단

Dates

Publication Date

20260508

Application Date

20241101

Claims (9)

1. A user device that requests the issuance of an identity certificate, performs zero-knowledge proof on the identity certificate, and receives and signs a certificate of submission for the zero-knowledge proven identity certificate; An issuer device that verifies identity information and generates a public key for signing an identity certificate in response to a request from the user device; A blockchain server that distributes and stores the public key for signing the submission certificate provided by the user device and the public key for signing the identity certificate provided by the issuer device; A certificate management server that issues an identity certificate upon a request from the issuer device and issues a submission certificate upon a request from the user device; A verifier device that receives a submission certificate from the above-mentioned user device and verifies it using a zero-knowledge proof verification key; and A user privacy protection system in a decentralized identity verification environment comprising a zero-knowledge proof server that issues a proof key required for a zero-knowledge proof to the user device and issues a zero-knowledge proof verification key upon a request from the verifier device.
2. In paragraph 1, The above user device is, A user privacy protection system in a decentralized identity verification environment characterized by requesting the issuance of a submission certificate from the above-mentioned certificate management server, signing the submission certificate using a signing key, and providing the submission certificate signature public key to the above-mentioned blockchain server .
3. In paragraph 1, The above-mentioned issuer device is, A user privacy protection system in a decentralized identity verification environment, characterized by, upon receiving a request for the issuance of an identity certificate from the user device, verifying identity information, obtaining and signing an identity certificate from the certificate management server, issuing the identity certificate to the user device, and providing the identity certificate signature public key to the blockchain server .
4. In paragraph 1, The above zero-knowledge proof server is, In response to a request from the above user device, issue a proof key required for zero-knowledge proof, generate and disclose a Common Reference String, and A user privacy protection system in a decentralized identity verification environment characterized by issuing a verification key required for verifying a zero-knowledge proof in response to a request from the above-mentioned validator device .
5. In paragraph 1, The above verifier device is, A user privacy protection system in a decentralized identity verification environment characterized by receiving a zero-knowledge proven submission certificate from the above user device, and verifying the zero-knowledge proof of the submission certificate by obtaining a verification key from the above zero-knowledge proof server that can verify the zero-knowledge proof proof key provided to the above user device .
6. a) a step of requesting an identity certificate from the user device to the issuer device, and receiving the identity certificate generated by the certificate management server through the issuer device; b) A step of obtaining a proof key from a zero-knowledge proof server on a user device and performing a zero-knowledge proof for an identity certificate; c) a step of obtaining and signing a submission certificate from the certificate management server on the user device; and d) A method for protecting user privacy in a decentralized identity verification environment, comprising the step of receiving a submission certificate from the user device at a verifier device, obtaining a verification key from the zero-knowledge proof server, and verifying the zero-knowledge proof of the submission certificate.
7. In paragraph 6, In step a) above, A method for protecting user privacy in a decentralized identity verification environment, characterized in that the issuer device verifies the user's identity information and requests the issuance of an identity certificate from the certificate management server, signs the issued identity certificate, and transmits the identity certificate signature public key to a blockchain server.
8. In paragraph 6, In step c) above, A method for protecting user privacy in a decentralized identity verification environment, characterized in that the user device receives a submission certificate for the zero-knowledge proven identity certificate from the certificate management server, signs it using a private key, and then transmits the submission certificate signature public key to a blockchain server.
9. In paragraph 6, In step d) above, The above verifier device is, A method for protecting user privacy in a decentralized identity verification environment, characterized by verifying signatures by checking the identity certificate signature public key and the submission certificate signature public key of a blockchain server.

Description

System for protecting user privacy in a decentralized identity environment and method thereof The present invention relates to a system and method for protecting user privacy in a decentralized identity verification environment, and more specifically, to a system and method for protecting user privacy through Zero Knowledge Proof. Generally, unlike existing identity verification methods, a Decentralized Identifier (DID) is not controlled by a central system and allows individuals to have complete control over their own information. More specifically, individual users store their personal information and can proceed with authentication by selecting only the information necessary for authentication. Users' personal information is stored on their personal devices (nodes), and they can receive authentication by submitting this information through DID documents existing on the blockchain. Recently, research is being conducted on methods to combine zero-knowledge proofs with decentralized identity verification. In this regard, Korean registered patent No. 10-2267735 (Decentralized identity verification system and method using zero-knowledge proof, registered June 16, 2021) describes a combination of zero-knowledge proof and a decentralized identity verification system. The above registered patent uses zero-knowledge proof technology to hide user information in a decentralized identity verification system. Specifically, the user performs a zero-knowledge proof in the part of the identity certificate issued by the issuer that generates a submission certificate to be submitted to a verifier. This zero-knowledge proof has the characteristic of allowing user information to be verified without exposing identity information to the verifier. However, due to the lack of a detailed structural description regarding the creation and management of variables used in zero-knowledge proofs, limitations can be anticipated in actual application. FIG. 1 is a block diagram of a user privacy protection system in a decentralized identity verification environment according to a preferred embodiment of the present invention. Figure 2 is a flowchart of the request and issuance process for an identity certificate. Figure 3 is a flowchart of the process of performing zero-knowledge proof for an identity certificate and issuing a submission certificate. Figure 4 is a flowchart of the verification process. To fully understand the structure and effects of the present invention, preferred embodiments of the present invention are described with reference to the attached drawings. However, the present invention is not limited to the embodiments disclosed below, but can be implemented in various forms and various modifications can be made. The description of the embodiments is provided merely to ensure that the disclosure of the present invention is complete and to fully inform those skilled in the art of the scope of the invention. In the attached drawings, components are depicted enlarged from their actual size for convenience of explanation, and the proportions of each component may be exaggerated or reduced. Terms such as 'first' and 'second' may be used to describe various components, but said components should not be limited by said terms. These terms may be used solely for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, 'first component' may be named 'second component,' and similarly, 'second component' may be named 'first component.' Furthermore, singular expressions include plural expressions unless the context clearly indicates otherwise. Unless otherwise defined, terms used in the embodiments of the present invention may be interpreted in the sense commonly known to those skilled in the art. Hereinafter, a user privacy protection system and method in a decentralized identity verification environment according to an embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram of a user privacy protection system in a decentralized identity verification environment according to a preferred embodiment of the present invention. Referring to FIG. 1, the present invention may include a user device (10), a verifier device (20), an issuer device (30), a certificate management server (40), and a zero-knowledge certificate server (50). The components of the present invention listed above can be networked with the blockchain server (60) of the blockchain network. The user device (10), the verifier device (20), and the issuer device (30) may each be a computing device capable of communication, a mobile device, etc. The user device (10) may be an individual requiring identity verification, the issuer device (30) may be an organization that issues documents regarding the identity verification request, and the verifier device (20) may be a place for submitting documents verifying the identity of the user using the user d