KR102432264B1 - Document management server, blockchain server, system and control method thereof through inbox created based on did - Google Patents

Abstract

The present invention relates to a system for managing documents based on DID. More specifically, in the present invention, the receiving institution server requests the document management server to create an inbox, the document management server creates the inbox, the user terminal registers the document in the created inbox, and the block chain server Storing document registration information for a document, the receiving institution server requests the block chain server to view the registered document, and the block chain server returning document data for the registered document to the receiving institution server characterized in that The present invention also relates to a system capable of transmitting and receiving documents between subjects or managing the disposal of documents after verification based on the DID of various subjects belonging to the system is performed.

Description

Document management server, block chain server, system and its control method through inbox created based on DID

The present invention relates to a server, a system, and a control method thereof for managing an electronic document by creating an inbox for receiving a document based on a DID, and more specifically, to issuance, distribution, verification or destruction of the document. It relates to a technology for managing based on the inbox generated based on the DID.

Recently, technologies for replacing paper documents with electronic documents have been researched and commercialized. However, documents requiring high reliability are still managed as paper documents due to forgery problems. For example, a copy of resident registration, a personal seal certificate, various certificates, medical certificates, etc. are still managed as original documents printed on paper.

Although business between companies is done electronically through e-mail or fax, major documents such as contracts, certificates, or official documents are processed non-electronically, such as personal or registered mail, which reduces work efficiency, which leads to an increase in economic and social costs.

In addition, when electronic documents are distributed through e-mail, fax, SNS or messenger, there is a problem that online fraud caused by hacking or phishing and personal and corporate information may be leaked.

Currently, many document issuing organizations provide services for application, creation, and issuance of various certification documents through online or the like. However, it is very inconvenient to receive, manage, and submit various types of documents from various document issuing organizations. In other words, only the document issuance stage is provided in electronic form, and electronic form services considering the entire life cycle of electronic documents such as document storage, distribution, and disposal are not provided.

Accordingly, there is a need to strengthen personal information protection and minimize the risk of personal information leakage, and to establish an integrated electronic document distribution system that enables electronic document issuance to distribution.

The problem to be solved by the present invention is to provide a service that can minimize the possibility of forgery or falsification of an electronic document, thereby expanding the effectiveness of the electronic document by improving the reliability of the electronic document.

Another problem to be solved by the present invention is to provide an electronic document distribution service that can strengthen the protection of personal information by utilizing block chain and DID technology.

The technical problems to be achieved in the present invention are not limited to the technical problems mentioned above, and other technical problems not mentioned will be clearly understood by those of ordinary skill in the art to which the present invention belongs from the description below. will be able

According to an aspect of the present invention in order to achieve the above or other objects, the method comprising: a receiving institution server requesting a document management server to create an inbox; creating, by the document management server, an inbox; registering, by the user terminal, a document in the created inbox; storing, by a block chain server, document registration information for the registered document; requesting, by the receiving institution server, to read the registered document to the block chain server; and returning, by the block chain server, document data for the registered document to the receiving institution server, it provides a control method of an electronic document management system.

The inbox creation request may further include document type information, and the generating of the inbox may include creating an inbox based on the document type information.

The document type information may be configured to include at least one of document type designation information, essential document type information, and optional document type information.

The created inbox may register only the document type specified by the document type designation information.

The generated inbox may necessarily include a document type included in the essential document type information.

transmitting, by the block chain server, document data for the registered document to a distributed storage DB; and the distributed storage DB storing the document data.

The storing of the document data may include storing the key value in correspondence with the document data.

According to another aspect of the present invention in order to achieve the above or other objects, there is provided a DID-based electronic document management system, comprising: a receiving institution server for requesting creation of an inbox from the document management server; a document management server that creates an inbox; a user terminal for registering a document in the created inbox; and a block chain server for storing document registration information for the registered document, wherein the receiving institution server requests the block chain server to view the registered document, and the block chain server sends the receiving institution server to the server An electronic document management system is provided, characterized in that document data for a registered document is returned.

The inbox creation request may further include document type information, and the document management server may generate the inbox based on the document type information.

The document type information may be configured to include at least one of document type designation information, essential document type information, and optional document type information.

The created inbox may register only the document type specified by the document type designation information.

The generated inbox may necessarily include a document type included in the essential document type information.

The block chain server may transmit the document data for the registered document to a distributed storage DB, and the distributed storage DB may store the document data.

The distributed storage DB may store the key value in correspondence with the document data.

The effects of the document management server and system according to the present invention will be described as follows.

According to at least one of the embodiments of the present invention, there is an advantage in that it is possible to provide a service for not only the issuance step of the electronic document but also the distribution and disposal step.

In addition, according to at least one of the embodiments of the present invention, there is an advantage in that leakage of personal information can be minimized in distributing electronic documents.

Further scope of applicability of the present invention will become apparent from the following detailed description. However, since various changes and modifications within the spirit and scope of the present invention can be clearly understood by those skilled in the art to which the present invention pertains, the specific embodiments described in the detailed description are given by way of example only. should be understood

1 is a diagram showing a conceptual diagram of a system 10 according to an embodiment of the present invention.
2 is a flowchart of a DID issuance procedure on the system 10 according to an embodiment of the present invention.
3 is a flowchart for issuance of identity information on system 10 according to an embodiment of the present invention.
FIG. 4 is a diagram illustrating a control flowchart in which a user requests issuance of a document from the document issuing server 115 according to an embodiment of the present invention.
5 shows a control flowchart for transmitting an electronic document issued according to an embodiment of the present invention.
6 is a diagram illustrating a control flowchart for checking whether the block chain server 112 has a reading right based on a DID ID according to an embodiment of the present invention.
7 is a control flowchart of a system 10 for discarding an issued document according to an embodiment of the present invention.
8 is a control flowchart of the block chain server 112 for discarding a document issued according to an embodiment of the present invention.
9 is a diagram illustrating a control flowchart for registering and distributing a document for which a signature is required between users according to an embodiment of the present invention.

Hereinafter, the embodiments disclosed in the present specification will be described in detail with reference to the accompanying drawings, but the same or similar components are assigned the same reference numerals regardless of reference numerals, and redundant description thereof will be omitted. The suffixes "module" and "part" for components used in the following description are given or mixed in consideration of only the ease of writing the specification, and do not have distinct meanings or roles by themselves. In addition, in describing the embodiments disclosed in the present specification, if it is determined that detailed descriptions of related known technologies may obscure the gist of the embodiments disclosed in this specification, the detailed description thereof will be omitted. In addition, the accompanying drawings are only for easy understanding of the embodiments disclosed in this specification, and the technical idea disclosed herein is not limited by the accompanying drawings, and all changes included in the spirit and scope of the present invention , should be understood to include equivalents or substitutes.

Terms including ordinal numbers such as first, second, etc. may be used to describe various elements, but the elements are not limited by the terms. The above terms are used only for the purpose of distinguishing one component from another.

When a component is referred to as being “connected” or “connected” to another component, it is understood that the other component may be directly connected or connected to the other component, but other components may exist in between. it should be On the other hand, when it is said that a certain element is "directly connected" or "directly connected" to another element, it should be understood that the other element does not exist in the middle.

The singular expression includes the plural expression unless the context clearly dictates otherwise.

In the present application, terms such as “comprises” or “have” are intended to designate that a feature, number, step, operation, component, part, or combination thereof described in the specification exists, but one or more other features It is to be understood that this does not preclude the possibility of the presence or addition of numbers, steps, operations, components, parts, or combinations thereof.

DID (Decentralized Identity) refers to a decentralized identity verification service that uses blockchain technology to prove an individual's identity through a distributed ledger that cannot be forged or tampered with and to manage personal information on his own.

The terms for describing blockchain and DID-related technologies are defined as follows.

- A block is a unit that stores data in a block chain storage system, and is divided into a body and a header. The body contains the transaction details, and the header contains cryptographic codes such as merkle hash (merkle root) and nonce (random number related to encryption). Blocks are created in a cycle of about 10 minutes, and by collecting transaction records, creating a block and verifying its reliability, it is linked to the previous block to form a block chain. The block that starts here is called the genesis block. That is, the genesis block refers to the first block in which no blocks have been created before it.

- A transaction is a unit of work stored as a block on the blockchain storage system. In the detailed description of the present invention, "a transaction is stored", "a transaction is made" or "a transaction is performed" may mean that a specific operation is stored in the form of a block on a block chain system.

- A holder means a subject who wants to prove his/her identity. Users can prove their identity by issuing identity information from the issuing organization and submitting it to the user organization (verification organization).

- Issuer means a subject that issues (or issues) identity information upon receiving a request for identity proof from a user who wants identity proof. Issuers can sign the issued identity information with their private key, and record their public key on the blockchain server.

- The user organization (service provider, verifier) means the entity that verifies the identity information submitted by the user. For example, after verifying the identity information that the user is a graduate of "OO University", the company that uses it as the basis for hiring may be the user organization.

- ID of DID is information indicating the location of DID document.

- DID document means information stored in the block chain when DID is issued. It contains one or more of the following, and it is common for DID documents to be stored on a blockchain.

- Verifiable Credential (VC) means a set of at least one user personal information(s) issued by an Issuer, and VC is a secure place such as a DID agent terminal (user-owned terminal). Saved. For example, it may include the user's resident registration number, gender, age, current university, current department, and the like.

- VP (Verifiable Presentation) means a group (set) in which the user selects only the identity information that the user wants to submit to the user organization from among the identity information stored in the DID agent terminal. At this time, the selected identity information(s) may be signed with the user's private key, and the user organization may verify the identity information(s) with the user's public key recorded in the block chain server.

1 is a diagram showing a conceptual diagram of a system 10 according to an embodiment of the present invention.

2 is a flowchart of a DID issuance procedure on the system 10 according to an embodiment of the present invention.

3 is a flowchart for issuance of identity information on system 10 according to an embodiment of the present invention.

Hereinafter, a specific method for requesting issuance of a document and managing document data of the issued document will be described with reference to FIGS. 1 to 3 together.

The system 10 according to an embodiment of the present invention includes an identity information issuing server 110 , a document management server 111 , a block chain server 112 , a user terminal 113 , a receiving institution server 114 , and a document It may include an issuing server 115 and a distributed storage DB 116 . Since the configuration shown in FIG. 1 is not an essential configuration, it will be apparent that any configuration may be omitted or another configuration may be added and implemented.

The identity information issuing server 110 may receive a request for issuance of identity information from the user terminal 113 and issue and reply the identity information.

The identity information issuing server 110 refers to a subject that directly manages the user's identity information. For example, a server of a school that manages academic records, a server of the Road Traffic Authority that manages driver's license information, a server of the Medical Insurance Corporation that manages medical insurance information, etc. may be the identity information issuance server 110 . When a request for issuance of identity information related to academic records is received from the user terminal 113 , the identity information issuance server 110 may check the academic records, issue identity information, and reply.

The document management server 111 refers to a server for managing individual processes of various subjects so that the process according to the embodiment of the present invention can be performed. The document management server 111 defines protocols for embodiments of the present invention, and manages processes to be performed according to the defined protocols.

The user terminal 113 refers to a terminal possessed by a subject that requests the document issuing organization to issue an electronic document and wants to submit it to the receiving organization.

The block chain server 112 records the transaction for the process according to the embodiments of the present invention, or stores DID related data. Also, when the document issuing server 115 issues a document, a transaction for issuing the document may be performed. That is, a transaction for issuing a document may include generating a block containing document issuance related information.

The issuance of documents may refer to, for example, a series of issuance-related processes performed by the document issuing organization when a transcript or graduation certificate is requested from the document issuing organization (registration verification system). That is, in this case, the document data may mean data about an electronic document that has been issued.

Document data according to an embodiment of the present invention means data for forming an electronic document. Such document data includes text data related to information to be displayed to the viewer (displayed text) and metadata related to the document that is not displayed to the viewer (for example, document creation date information or document issuer information, etc.) could include

The document data may include all of various types stored in the form of a file, for example, may include a birth certificate, graduation certificate, internship completion certificate or transcript, etc. provided in electronic form, and the format for storing the data Again, it will include all the various formats such as pdf, docx or hwp.

At this time, the method in which the above-described transactions are performed in the block chain server 112, unlike the method stored in a general storage, may be distributed and stored in a plurality of block chain nodes, and a method in which a plurality of blocks are connected in a chain form can be saved as Since the storage method of the block chain is a well-known technology, a detailed description will be omitted. Hereinafter, it is obvious that the actions recorded in the block chain server 112 in an embodiment of the present invention can be stored in the form of a transaction.

The user terminal 113 refers to a terminal possessed by the subject of the electronic document. In this case, the subject of use of the electronic document means a person who has ownership of the electronic document and has sovereignty over the issuance or distribution of the electronic document.

The receiving institution server 114 refers to a server operated by a subject that requests a user to submit various types of electronic documents and receives and verifies the requested electronic documents. For example, the receiving institution server 114 is a server operated by a company that wants to hire manpower, and the user may be an applicant who wants to submit documents required for hiring manpower in the form of an electronic document.

The document issuing server 115 refers to a server that issues a document according to a user's request. For example, it may mean a server for providing an academic certificate service that issues a graduation certificate.

Referring to FIG. 2 , a user may install software (application) in his/her user terminal 113 in order to use the service of the present invention, and may perform the procedures of the present invention through the corresponding software. Procedures performed through the user terminal 113 may be performed through the installed software, and the description of being performed by software is omitted below for convenience of description.

First, the user terminal 113 may perform a user authentication procedure (S201). The identity verification process can mean various procedures that allow users to check whether they are the person they are. As a representative example, it is a method of substituting resident number (CI) through credit card authentication or mobile communication terminal authentication process in the user's name. You can verify your identity or go through a mobile communication terminal authentication process.

When the identity authentication procedure is successfully completed, the user terminal 113 may request (S202) issuance (issuance) of the DID to the block chain server 112 .

When the DID issuance request is received, the block chain server 112 may perform the DID issuance procedure (S203). According to the DID issuance procedure, the block chain server 112 may generate a public key and a private key pair corresponding to the user and may generate the DID document of the user who requested the issuance. In addition, the block chain server 112 may store the generated public key in the block chain server 112 and return the remaining private key to the user terminal 113 (S204). At this time, when the block chain server 112 stores the public key, it may be stored in a form included in the generated user's DID document.

The user terminal 113 may store the private key returned from the block chain server 112 (S205).

Similar to the identity authentication (S201) of the user terminal 113, the identity information issuing server 110, the receiving institution server 114, and the document management server 111 may perform institution authentication (S206, S211, S216). have. The institution authentication ( S206 , S211 , and S216 ) may refer to various procedures for confirming whether a specific institution is correct. For example, it may include a procedure for verifying an institution's business registration number or for verifying an institution's accredited certificate.

Meanwhile, the above-described institution authentication (S206, S211, S216) procedure may be performed as a step on the system 10, but may also be performed in a form in which the institution authentication is performed by a person outside the system 10.

After the institution authentication (S206, S211, S216) is completed, the identity information issuing server 110, the receiving institution server 114, and the document management server 111 request the issuance of the DID (S207, S212, S217), and perform the issuance ( S208, S213, S218), the private key reply (S209, S214, S219), and the same procedure of storing the private key (S210, S215, S220) may proceed.

In the example of FIG. 2 , the DID issuance procedure (S201 to S205) of the user terminal 113 is first performed, the DID issuance procedure (S206 to S210) of the identity information issuance server 110, and the DID issuance procedure of the receiving institution server 114 (S211 to S215) and the DID issuance procedure (S216 to S220) of the document management server 111 were sequentially performed, but it is independent of this order and will be a procedure performed separately for each individual subject.

Next, an identity information issuance procedure will be described with reference to FIG. 3 .

The user terminal 113 requests the identity information issuing server 110 to issue the identity information VC (S301). In this case, the user may designate the identity information desired to be issued through the user terminal 113 , and the user terminal 113 may request issuance of the identity information specified by the user. For example, the user may designate issuance of identification information for 'university name', 'name', 'date of birth' or 'student number'.

Subsequently, the user terminal 113 may record the information on the request for the identity information to the block chain server 112 in the block chain server (S302). In this case, the form in which the information is stored may be stored in the form of a transaction. In this case, the stored information may be signed by the user's private key stored in the user terminal 113 . As will be described later, when the verification is performed by the identity information issuing server 110 (S303), the stored information is stored in the method of decryption using the user's public key stored in the block chain server 112. Verification of the issued information will be possible.

Subsequently, the identity information issuing server 110 may verify whether the request for identity information issuance is made by the user (S303). This is verification for blocking the issuance requested by someone other than the user. To this end, the identity information issuing server 110 may perform verification using the user's public key stored in the block chain server 112 .

Since the 'information about the request for identity information' stored in step S302 is encrypted (signed) through the user's private key, if it is decrypted using the user's public key, it is verified that the 'information about the identity information request' is made by the user. You can do it. The identity information issuing server 110 may check whether the data received in step S301 is normally recorded in the block chain server 112 through step S302.

If the verification fails, the identity information issuing server 110 may reject the identity information issuance request.

If the verification is successful, the identity information issuing server 110 may issue (S304) the identity information requested by the user terminal 113 .

For example, the identity information issuance server 110 provides the user's academic information such as 'university name', 'name', 'date of birth', 'student number', 'registration status (graduation, enrollment, etc.)', 'degree name (undergraduate, graduate school, etc.) etc.), 'department name', etc.

At this time, the issued identity information may be signed with the private key of the identity information issuing server 110 . It will be apparent that the public key of the identity information issuing server 110 may be transmitted to the verification subject through a method recorded in the block chain server 112 . In one embodiment, the identity information issuing server 110 may record (S305) in the block chain server 112 in such a way that its public key is included in the DID document.

The user terminal 113 may store the issued identity information (S306). And, the user terminal 113 may store and manage such identity information. The storage and management of identity information will be described in more detail below.

FIG. 4 is a diagram illustrating a control flowchart in which a user requests issuance of a document from the document issuing server 115 according to an embodiment of the present invention.

The above-described identity information issuance procedure may be performed several times through various identity information issuance servers 110 . Accordingly, a plurality of pieces of identity information may be stored in the user terminal 113 . For example, the user terminal 113 may receive and store student status, affiliation, academic status (in school, leave of absence, graduation, etc.), credit identification information from the student registration management server of the university the user attends, and store it, and the Road Traffic Authority server You can receive and store driver's license registration number and identification information about the type of license from

At this time, each of the individual information may be managed by being included in one piece of identification information, but may be managed as each individual identification information. For example, when the first identity information is issued from the registration management server, the first identity information may include all student status, affiliation, academic status, and credits and may be managed. The first to fourth identity information may be divided and managed.

The user terminal 113 may select only the identity information that it wants to prove from among the plurality of identity information ( S401 ). This is to minimize the exposure of unnecessary personal information by collecting and submitting only necessary identification information at that time.

Signing (encrypting) the selected identity information with the user's private key is called VP (Verifiable Presentation).

The user terminal 113 submits the VP to the document management server 111 (S402). The submitted VP may be provided with the ID of the DID included.

In addition, the user terminal 113 may request a transaction from the block chain server 112 related to the information on the document issuance request. That is, the user terminal 113 may request to record ( S403 ) information on the document issuance request to the block chain server 112 .

Next, the document management server 111 requests the public key of the user from the block chain server 112 for verification of the VP received from the user (S403). The request for the public key may include the ID of the DID received from the user. In addition, the block chain server 112 may inquire the public key of the user based on the received ID of the DID, and return the public inquiry key to the document management server 111 .

As described above, the VP is encrypted by the user's private key. That is, it means that it can be decrypted by the user's public key. Therefore, the document management server 111 inquires the public key of the user registered in the block chain server 112, checks whether the VP is decrypted using the inquired public key, and performs verification (S406) do. In one embodiment, the document management server 111 inquires the user's DID document stored in the block chain server 112, obtains the user's public key included in the inquired DID document, and performs verification (S406) )can do.

If the decryption fails, the VP may reject the request for issuance of the document because it was not submitted by a legitimate user.

If the decryption is successful, the VP can be considered to have been verified as being submitted by a legitimate user.

Additionally, the document management server 111 according to an embodiment of the present invention queries and verifies the authenticity of the document issuance request received from the user terminal 113 together with the public key request in step S404 to the block chain server 112 . can do. By checking whether there is document issuance request information recorded in the block chain server 112 by step S403, verification of the document issuance request itself can be performed (S406).

When verifying the VP (S406), the document management server 111 may sign the VP with its own private key and record the verification fact in the blockchain server 112.

When the verification is completed, the document management server 111 may request the document issuing server 115 to issue a document ( S407 ). In response to the request, the document issuing server 115 issues a document corresponding to the request (S408), and requests a transaction for issuing the document to the block chain server 112 (S409). In this case, document data for a document issued together with a request for a transaction may be transmitted to the block chain server 112 together.

The block chain server 112 may generate and record a block for document issuance information through a transaction. In this case, the document issuance information may be configured to include at least one of the issuance requester information, the issuance date information or the issuing subject information, and a key value corresponding to the document data. In particular, it is proposed that the document issuance information according to an embodiment of the present invention includes the DID ID of the document issuing subject (requester).

On the other hand, in one embodiment of the present invention, the document data itself for the issued document is not stored in the block form in the block chain server 112, but is proposed to be stored in the distributed storage DB (116). In an embodiment, the distributed storage DB 116 may be composed of distributed nodes in the form of a block chain, or may be a general storage that is not in the form of a block chain. That is, the document data itself of the issued document is transmitted to the distributed storage DB 116 and is not stored in the block chain server 112 .

Instead of storing the document data itself, an embodiment of the present invention proposes to include a key value for identifying (indicating) the document data in the document issuing information stored in the block. In addition, when the corresponding document data is stored in the distributed storage DB 116, it may be stored in a form that matches the corresponding key value. The storage in this form is to read the corresponding document data later.

In this way, the document data is separately stored in the distributed storage DB 116 and not stored together in the block chain server 112 to protect personal information and to efficiently operate the block chain server 112 .

Next, the block chain server 112 returns the key value of the corresponding document to the document issuing server 115 (S412). The document issuing server 115 may then transmit the key value to the document management server 111 ( S413 ). In addition, the document management server 111 may store a key value corresponding to the document (S414) and notify the user terminal 113 that the document issuance is completed (S415).

On the other hand, in steps S412 and S413, the key value corresponding to the document data is transmitted to the document management server 111 via the document issuing server 115, but it is not necessarily limited to such a transmission path, and the block chain server 112 is a document It is self-evident that it may be transmitted directly to the management server 111 or may be transmitted through another transmission path.

The user terminal 113 may request the block chain server 112 to view the document (S416). The document viewing request may include the key value of the document returned in steps S412 and S413.

The block chain server 112 that has received the document viewing request (S416) will need to check (S417) whether the requestor has a legitimate authority. To this end, in one embodiment of the present invention, it is proposed to check the document based on the DID ID of the requestor. A control procedure for checking the reading right based on the DID ID will be described with reference to the flowchart of FIG. 6 .

6 is a diagram illustrating a control flowchart for checking whether the block chain server 112 has a reading right based on a DID ID according to an embodiment of the present invention.

The user terminal 113 may include its own DID ID (ie, the DID ID of the document viewing requester) together in the above-described document viewing request ( S415 ). And when the block chain server 112 receives the document reading request (S417-1), it is determined whether the DID ID of the document issuing entity and the document reading requester's DID ID included in the document issuance information stored in step S410 match. A judgment is made (S417-2). If it is determined that they match, it may be recognized as having a legitimate reading right (S417-5).

In other words, if the issuing subject of the document requests to read it, it can be seen as having the appropriate reading right without any additional verification.

The remaining steps S417-3 to S417-4 will be described with reference to FIG. 5 below.

Returning to FIG. 4 again, if it is determined that there is a legitimate reading right, the block chain server 112 searches for matching document data in the distributed storage DB 116 based on the key value included in the document reading request (S418), The retrieved document data may be returned (S419).

In steps S416 to S419, the user terminal 113 has been described as an example of directly exchanging requests and data with the block chain server 112, but at least one of the steps is relayed by the document management server 111. may be performed.

Meanwhile, the above-described document issuance request ( S407 ) is made in a manner in which the document management server 111 relays between the document issuance server 115 and the user terminal 113 , but it will not necessarily be limited thereto. That is, when the user terminal 113 directly requests issuance of a document from the document issuing server 115, the document issuing server 115 performs a verification procedure S406 for the user terminal 113, and based on the verification result Thus, the document issuance (S408) can be made. In addition, the key value transmitted in step S413 may also be directly transmitted from the document issuing server 115 to the user terminal 113 rather than relayed by the document management server 111 .

So far, a control sequence for issuing an electronic document according to an embodiment of the present invention has been described. Hereinafter, a control sequence for a user (electronic document sender) to transmit an electronic document to a receiving organization (electronic document recipient) will be described with reference to FIG. 5 .

5 shows a control flowchart for transmitting an electronic document issued according to an embodiment of the present invention.

In the drawing, the user terminal 113 is an electronic document sender who wants to send the electronic document issued through the process of FIG. 4 to the receiving institution server 114, and the receiving institution server 114 is an electronic document receiving the electronic document. It will be the recipient of the document. For example, the user terminal 113 may be a job applicant, the receiving institution server 114 may be a corporate server, and the electronic document to be sent may be various authentication documents required for job application.

In particular, in one embodiment of the present invention, instead of sending the issued electronic document in a general manner (either attached to an e-mail or general upload), an inbox is created in the document management server 111, and documents are exchanged and received through the created inbox. suggest a possible way.

In an embodiment of the present invention, the inbox may mean a virtual space for the receiving institution server 114 to store documents registered from multiple users, and the receiving institution manages several inboxes individually, and the receiving institution will be able to perform efficient management by applying individual settings to each inbox.

First, the receiving institution server 114 requests the document management server 111 to create an inbox (S501). In this case, the document management server 111 may designate at least one type of document to be included in the generated inbox. The information on the type of the specified document will be referred to as document type designation information hereinafter.

For example, when creating an inbox for hiring, the types of documents such as 'graduation certificate', 'sexuality certificate', and 'resident registration certificate' of the job applicant can be specified.

Furthermore, in an embodiment of the present invention, the type of document to be included may be specified. That is, the document type information may include essential document type information. For example, 'graduation certificate' may be specified as a type of document that must be included. Conversely, types of documents that are not necessarily included (optionally included documents) may also be specified. Information on documents to be selectively included is referred to as selective document type information.

The information related to the above-described document type will be collectively referred to as document type information. That is, the document type information may be configured to include at least one of document type designation information, essential document type information, and selection document type information.

That is, when the receiving organization server 114 requests creation of the inbox ( S501 ), it may designate at least one document type that can be included in the inbox, or may designate the type of documents that are necessarily included or selectively included.

Furthermore, in one embodiment of the present invention, it is proposed that the management of the inbox is made based on the ID of the DID. To this end, in one embodiment of the present invention, when the document management server 111 creates the inbox ( S502 ), it is proposed to create by matching the DID ID of the receiving institution server 114 to the corresponding inbox. This is to improve the reliability of security through the DID ID while efficiently managing the inbox for each receiving institution. To this end, the receiving institution server 114 may transmit its own DID ID together when requesting creation of the inbox (S501).

In particular, the inbox creation request ( S501 ) may be signed by the private key of the receiving institution server 114 and transmitted. If the document management server 111 requires verification for the inbox creation request (S501), the verification can be performed by inquiring the public key of the receiving institution server 114 to the block chain server 112. to be.

The user terminal 113 may inquire the inbox created in the document management server 111 and register the document to be sent to the inquired inbox (S504). In the above example, the user himself may search the inbox of a company to which he or she wants to apply as a job applicant, and may register a document in the inbox of the corresponding company ( S504 ).

In particular, in an embodiment of the present invention, when the inbox is inquired (or searched for) through the user terminal 113, the document type information may be checked. By checking the document type information, it may be possible to determine what type of document can be registered in the inbox and whether it is a required document type or an optional document type.

The user terminal 113 may check the type of document that can be included in the inbox, the type of the required document and the type of the selected document, select the document to be registered, and register the document in the inbox.

Furthermore, when a user's signature is required when registering a document in the inbox, the user terminal 113 may request the user to sign. That is, the user may perform an electronic signature through the user terminal 113 , and the user terminal 113 may perform a document registration procedure S504 based on the signature. For example, if the receiving institution sets that consent for personal information processing is required when registering the inbox, the user terminal 113 may receive the electronic signature from the user and then proceed with the above-described document registration procedure.

The document management server 111 may check whether a document type that can be included in the inbox, a document type that is essential, or a type that is selectively included, and registers the document in the box ( S505 ).

If the document sent by the user corresponds to a document type that cannot be included in the inbox, the document management server 111 may not register the document in the inbox.

The document management server 111 may record information (referred to as document registration information) that a document is registered in the inbox in the block chain server 112 (S506, transaction request). In this case, the document registration information may include the DID ID of the receiving institution. This is because, when the receiving institution server 114 requests to read the document to the block chain server 112 , it is to check whether there is a request for document reading and permission to read the document based on the DID ID of the receiving institution server 114 .

In addition, the document registration information according to an embodiment of the present invention may include key values of registered documents (generated when issuing the document described above together with FIG. 4 ).

The receiving institution server 114 may request the block chain server 112 to view the document based on its DID ID (S507). At this time, you will be able to request it by signing it with your private key. This is to verify whether the receiving institution server 114 has a legitimate reading right in the block chain server 112 .

To this end, the block chain server 112 may inquire the public key of the receiving institution server 114 and verify the reading authority through the inquired public key.

When the block chain server 112 receives the document reading request (S507), it checks whether the reading requester has the reading right (S416).

The flowchart of FIG. 6 will be described again. When the document reading request is received (S417-1), the block chain server 112 checks whether the DID ID of the document issuing subject and the DID ID of the document reading requester match (S417-2). Unlike the embodiment of FIG. 4 , since they do not match in FIG. 5 , the process may proceed to step S417-3.

Next, the block chain server 112 checks the document registration information (S417-3), and determines whether the DID ID of the inbox included in the document registration information and the DID ID of the document viewing requester match (S417-4) do. If they match, the right to read the document may be recognized (S417-5), and if it does not match, the right to read the document may be rejected (S417-6).

Returning to FIG. 5 again, the block chain server 112 searches for the document data stored in the distributed storage DB 116 based on the key value included in the document registration information checked in step S417-3 (S508). and the retrieved document data may be returned to the receiving institution server 114 (S509).

Upon receiving the document data, the receiving institution server 114 may request the block chain server 112 to verify the authenticity of the document data (S510). The block chain server 112 may perform document authenticity verification in response to the verification request (S511), and return the authenticity verification result (S512). On the other hand, if the block chain server 112 itself verifies the authenticity of the document before the document data of S509 is returned, steps S510 to S512 may be omitted.

At this time, the document authenticity verification described above may be performed by comparing the hash value of the document stored in the block chain server 112 with the hash value of the document requested for verification as an example, but is not limited to this verification method. will not

According to steps S501 to S515 described with reference to FIG. 5 , the electronic document may be basically transmitted from the user to the receiving institution server. Electronic documents delivered in this way are free from the risk of forgery or falsification due to the integrity of blockchain technology. That is, the receiving institution can be sure that the electronic document received from the user has not been forged. In addition, the receiving institution can receive only the types of its own desired documents, and can designate the types of essential documents and optional documents.

Hereinafter, a control sequence for discarding the issued document will be described with reference to FIGS. 7 and 8 .

7 is a control flowchart of a system 10 for discarding an issued document according to an embodiment of the present invention. 8 is a control flowchart of the block chain server 112 for discarding a document issued according to an embodiment of the present invention.

When the user terminal 113 requests the block chain server 112 to discard the document (S701), the block chain server 112 checks whether it has the right to discard (S702). A control procedure for checking whether there is a discard authority will be described with reference to FIG. 8 .

As in the confirmation of the document viewing authority (the control sequence of FIG. 6 described above), when the issuing subject of the document requests the destruction, it may be recognized as having the authority. Accordingly, in one embodiment of the present invention, it is proposed to include the DID ID of the requester for discarding the document discarding request of step S701.

The block chain server 112 determines whether or not the DID ID of the requester for destruction and the DID ID of the subject issuing the document, which are included in the request for destruction of the document, match (S702-2), and if they match, the right to discard the document is recognized (S702-3) ) can be done. If there is a discrepancy, the right to discard the document may be denied (S702-4).

If the right to discard the document is recognized in step S702, it returns to FIG. 7 and the block chain server 112 may transmit a request to discard the document to the distributed storage DB 116 (S703). In this case, the document discard request may include a key value for the document to be discarded.

The distributed storage DB 116 retrieves the document data with the key value of the document included in the document disposal request, and then deletes at least one of the retrieved document data and the corresponding key value (S704) to discard the document. will be able

And the discard result of the distributed storage DB 116 may be returned to the block chain server 112 and the user terminal 113 (S705).

In the above-described embodiment, a control method for issuing and distributing a document through the document issuing server 115 has been described.

Hereinafter, an embodiment in which a document requiring a signature between users (eg, a contract or a confirmation document) is distributed as an electronic document will be described.

9 is a diagram illustrating a control flowchart for registering and distributing a document for which a signature is required between users according to an embodiment of the present invention.

The first user terminal 113 - 1 requests the document management server 111 to create a transmission box ( S901 ). In an embodiment of the present invention, the term "transmitting" may mean a virtual storage space for a user to register a document in order to manage the document.

The document management server 111 may generate a transmission box (S902) in response to the transmission box creation request (S901) and return a result of the creation (S903). At this time, when at least one piece of box setting information is received from the first user terminal 113 - 1 , a transmission box may be generated according to the received at least one piece of box setting information.

The at least one transmission box setting information may include recipient information, type information of a document to be registered, information about an expiration date of a registered document, and information on whether a signature is required.

The first user terminal 113 - 1 may request the document management server 111 to register a document ( S904 ). In this case, the registration of the document may be made in the created transmission box or the inbox.

When the document is registered (S905), the document management server 111 requests signatures from the first and second user terminals 113-1 and 113-2 (S906, S911). The first and second user terminals 113-1 and 113-2 perform signatures (S908 and S912) in response to the signature requests (S906 and S911), respectively, and return the signature results (S909 and S913), respectively. can

Each of the first and second user terminals 113-1 and 113-2 may request (S910, S914) transactions for the first and second signatures from the block chain server 112 when the signature is completed. This is to record each signature performed.

The signatures S908 and S912 performed by the first and second user terminals 113-1 and 113-2 performed above may be made in an electronic form. In one embodiment of the present invention, it is proposed to perform the signature based on the DID.

To this end, the first and second user terminals 113-1 and 113-2 may sign (encrypt) predetermined information with their own private key, and transmit it to the document management server 111 together with their DID ID. . The document management server 111 inquires the public key corresponding to the first and second user terminals 113-1 and 113-2 from the block chain server 112 based on the received DID ID, and the searched public key The validity of the signature may be verified through a method of decrypting the predetermined information based on .

On the other hand, the above-described signature method is only one embodiment, and the present invention is not limited to this signature embodiment.

In the drawings, a signature made between two parties is exemplified, but a case where a signature is required between multiple parties may also be included in the present invention.

When the signature is completed, the document management server 111 may request a transaction to record information (document registration information) on the document registered in the transmission box to the block chain server 112 (S915). In this case, the document management server 111 may transmit the document data for the registered document together to the block chain server 112 .

The block chain server 112 may store the received document registration information in a block form, but the received document data may be stored in the distributed storage DB 116 (S916). In this case, it is possible to store the document data corresponding to the key value as described above.

The block chain server 112 returns a key value for the registered document to at least one of the document management server 111 and the first and second user terminals 113-1 and 113-2 (S917). The document management server 111 may store the key value of the document (S918) and notify at least one of the first and second user terminals 113-1 that the document registration is completed in the transmission box (S919).

Although the embodiments of the document management server and system according to the present invention have been described above, they are described as at least one embodiment, and the technical spirit of the present invention and its configuration and operation are not limited thereby. The scope of the technical idea is not limited / limited by the drawings or the description with reference to the drawings. In addition, the concepts and embodiments of the present invention presented in the present invention can be used by those of ordinary skill in the art as a basis for modifying or designing other structures in order to perform the same purpose of the present invention. , an equivalent structure modified or changed by a person of ordinary skill in the art to which the present invention belongs is bound by the technical scope of the present invention described in the claims, and does not depart from the spirit or scope of the invention described in the claims. Various changes, substitutions and changes are possible within the limits.

Claims (14)

A method for controlling a DID-based electronic document management system, the method comprising:
a step of the receiving institution server requesting the document management server to create an inbox;
creating, by the document management server, an inbox;
registering, by the user terminal, a document in the created inbox;
storing, by a block chain server, document registration information for the registered document;
requesting, by the receiving institution server, to read the registered document to the block chain server; and
characterized in that it comprises the step of the block chain server returning document data for the registered document to the receiving institution server,
Control method of electronic document management system.
The method of claim 1,
The inbox creation request further includes document type information,
The step of creating the inbox, characterized in that the inbox is created based on the document type information,
Control method of electronic document management system.
The method of claim 2, wherein the document type information is configured to include at least one of document type designation information, essential document type information, and optional document type information.
Control method of electronic document management system.
4. The method of claim 3,
The generated inbox, characterized in that only the document type specified by the document type designation information can be registered,
Control method of electronic document management system.
4. The method of claim 3,
The generated inbox, characterized in that the document type included in the essential document type information is necessarily included,
Control method of electronic document management system.
The method of claim 1,
transmitting, by the block chain server, document data for the registered document to a distributed storage DB; and
The distributed storage DB, characterized in that it comprises the step of storing the document data,
Control method of electronic document management system.
7. The method of claim 6,
The storing of the document data is characterized in that the key value and the document data are stored in correspondence with each other.
Control method of electronic document management system.
In the DID-based electronic document management system,
a receiving institution server that requests the document management server to create an inbox;
a document management server that creates an inbox;
a user terminal for registering a document in the created inbox; and
Including a block chain server for storing document registration information for the registered document,
The receiving institution server requests to read the registered document to the block chain server,
characterized in that the block chain server returns the document data for the registered document to the receiving institution server,
Electronic document management system.
9. The method of claim 8,
The inbox creation request further includes document type information,
The document management server, characterized in that the inbox is created based on the document type information,
Electronic document management system.
The method of claim 9, wherein the document type information is configured to include at least one of document type designation information, essential document type information, and optional document type information.
Electronic document management system.
11. The method of claim 10,
The generated inbox, characterized in that only the document type specified by the document type designation information can be registered,
Electronic document management system.
11. The method of claim 10,
The generated inbox, characterized in that the document type included in the essential document type information is necessarily included,
Electronic document management system.
9. The method of claim 8,
The block chain server delivers the document data for the registered document to the distributed storage DB,
characterized in that the distributed storage DB stores the document data,
Electronic document management system.
14. The method of claim 13,
The distributed storage DB is characterized in that the key value and the document data are stored in correspondence,
Electronic document management system.

Images