• Certificate issuance system and method based on blockchain
This patent will be utilized in Metadium's dPKI to replace traditional Certificate Authority (CA) and to store certificates on blockchain. Key element of the PKI system is a CA that assures individual certificates and the public / private key of each individual. CA is an institution that can manage and guarantee transaction records in accordance with the Electronic Signature Act, and can establish and securely manage authentication system. Therefore, CA must be trusted by all users as CA verifies the authenticity of the user's personal information using the private key and proves ownership of the public key provided by the user. In Metadium, trustlessness of the blockchain technology will replace CA. In addition, privacy problem does not occur even if the certificate is stored in the public blockchain as certificate is stored on a blockchain with a hashed value of personal information in the certificate.
• Managing private key in a PUF (Physical Unclonable Function)
This patent addresses on how to generate a private key with high entropy and proceed with authentication in a hardware device while eliminating private key leakage problem. The private key is a random length of bits (e.g. 512 bits in ecdsa256). The private key must be created in a situation where the entropy is as high as possible to guarantee the maximum safety. One of the biggest problems with the widely used PKI systems is that it is difficult for a user to securely store a private key. The role of the private key is to create a signature, which is not a physically memorable value for the user and should not be moved outside the generated terminal. If a private key is generated and managed utilizing PUF, it is possible to prevent a private key from being leaked out to other parties.
• Method to utilize certificate information through biometrics
This patent addresses methods to utilize private key with biometric information of a user. It is impossible to directly input private key in order to allow the operation of the private key to generate the signature in the PKI system. Therefore, user utilizes private key with a pre-generated password to decrypt the encrypted private key. However, passwords are easily leaked and the more passwords the user has to remember, the more problems they can cause. As the use of personal terminals becomes common, accessing services using the biometric authentication information (ex. fingerprint touch ID) without using a password is becoming common. Metadium platform allows access and manage of private key with the use of individual's biometric information.
• Method for providing certificate service based on multiple signatures
From a service perspective, different approaches in accessing certificate must be possible depending on the use of the certificate. Currently, the authorized certificate distinguishes only the conditions under which a specific user can use the authorized certificate. Therefore, the system does not support the use of multiple signature-based certificates, where use of certificate can be possible when two or more parties authorize the use of certificate with the pre-registered public key through a consensus. This patent addresses the multi-signature certificate technology that provides a function of registering several public keys in a certificate, to make various use cases including recovering Meta ID even when a private key is lost.
• Method for providing certificate service based on smart contract
Current certificate has a condition that certificates can be used only in specific cases such as bank, insurance, securities, etc. It does not have the function of conditional-availability of the certificate (ex, proof of third party, limits on use, date and weather conditions). In this patent, smart contract which operates in a decentralized way without administrator's intervention, writes and records the execution conditions of the certificate in code form, and deals with the smart contract based certificate that is automatically executed according to the user's action.
• Method for certifying a user through blockchain and Merkle tree structure
When storing a certificate in a blockchain, it is not safe to store private information because all the data stored in the blockchain is accessible. Though hash value of personal information are encrypted, privacy is not guaranteed as disclosing all original data that generated the hash value is necessary to verify authenticity of the hashed information. For this reason, personal information is processed using the Merkle tree and the root hash (that is the final value of the Merkle tree) is stored in the blockchain. In this case, users can disclose only the desired information to the subject. The authenticity can be verified by using the root hash value on the blockchain. It is also possible to disclose parts of information without disclosing entire information using the hierarchy structure of the Merkle tree. For example, to disclose the city users live in, users can disclose 'Seoul' rather than disclosing the full address.