In general, a public certificate is electronic information issued by a certificate authority (CA) for the purpose of confirming an identity of a user, and preventing transaction denials or forgery and falsification of a document upon the use of services in the various industrial fields, representing a kind of certificate of seal impression for a digital transaction. Such a certificate contains a version, a serial number, an effective period, an issuing institution of the certificate, information on verification of an e-signature of a user, a user's name, information on identification confirmation, an e-signature method, etc.
The certificate is used (Reference 1) in a public key infrastructure (PKI) as a standard security method.
The PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke certificates and manage public key encryption.
However, in the PKI, the private key used for decryption is generated and provided by the CA who is just a third party, not the user, therefore it is open to hacking, and as the user's private key exists in a form of a file at a storing location standardized by a soft token-based storing method, it is easy to copy and automatically collect the private key file and this has a risk of financial damages and user information theft caused by a leaked private key. Therefore, the CA who provides the generated private key to the user must have a certificate issuing system with a high security to minimize hacking attempts, which requires operation and maintenance and thus causes a high cost of the issuance.
In addition, the public certificate can be used only when ActiveX controls are installed in advance for the purpose of additional security for the user authentication process through a web browser. However, to install the ActiveX controls on a personal computer (PC), a security level of the PC must be lowered for the ActiveX controls to access resources including files, registry, etc. Due to the lowered security level of the user's PC caused by the Active X controls, the PC becomes vulnerable to the dangerous environment such as hacking.
Each of the problems associated with the public certificate is resolved by the public certificate issuance system based on the blockchain (refer to Patent Document 2), and a method using the same, and by the public certificate authenticating system based on the blockchain and a method using the same, from the applicant.
The conventional public certificate issuance system based on the blockchain and the method using the same, and the conventional public certificate authentication system based on the blockchain and the method using the same disclose a method for directly generating a public key and a private key for the public certificate within a user device operated by a user, the user device generating the public and private keys while the network is disconnected, preventing possible leakage of the keys by storing and managing the private key encrypted together with a photo image and a password selected by the user, where the public key, which requires maintenance, is stored and managed in the blockchain of the digital wallet in the blockchain server by using a distributed database based on peer-to-peer network (P2P), not a server managed by the CA thus an additional cost is minimized which is required for maintenance of the public certificate issuance system with the high security against hacking, and performing authentication even without the ActiveX controls.
Despite these advantages, a conventional accredited certificate issuance system and method based on blockchain, and a conventional accredited certificate authentication system and method based on the blockchain require an initial cost of issuance for storing and managing of the public key for the public certificate need for the authentication of the public certificate.
The initial cost is about 0.0001 bitcoin, and as of July 2015, 0.0001 bitcoin amounts to about mere 4 cents, however, this cost is charged every time the public certificate based on the blockchain is issued, thus this becomes a problem as the cost of the issuance increases in proportion to the increase of the issuance.
Additionally, the conventional accredited certificate issuance system and method and the conventional accredited certificate authentication system and method register, store, and manage the public key in more than 0.1 million blockchain nodes to prevent forgery of the public key.
That is, the broadcast of the transaction information including the public key is defined by a protocol, and if the transaction information including the public key occurs, one node, i.e., a blockchain node, broadcasts initial transaction information including the public key to eight designated nodes, then each of the eight designated nodes that received the information broadcasts again to another eight designated nodes in a pyramidic fashion, and the broadcast is completed when the information is transmitted to all of the blockchain nodes which have the digital wallets containing the blockchain required for bitcoin payment.
Due to these reasons, the conventional accredited certificate issuance system and method and the conventional accredited certificate authentication system and method have a risk of network overload caused by traffic of transaction information including the public keys when requests for registering the public keys rush in, and exposure of the public keys because the transaction information including the public keys stored in the blockchain nodes is open to public.