KR102600260B1 - Document management server, blockchain server, system and control method thereof capable of electronic signature based on did - Google Patents

Abstract

The present invention relates to a system for managing documents based on DID. More specifically, the present invention includes the steps of a first user terminal requesting registration of a document to a document management server, the document management server registering the document, and the blockchain server performing a document registration transaction for the registered document. performing a signature, the document management server requesting a signature from the first and second user terminals, the first and second user terminals performing a signature, and the blockchain server performing a signature completion transaction. It is about a system for managing documents. In addition, the present invention relates to a system that can transmit and receive documents between subjects or manage the disposal of documents after verification is based on the DIDs of various subjects belonging to the system.

Description

Electronic document management server, blockchain server, system and its control method capable of signing documents based on DID {DOCUMENT MANAGEMENT SERVER, BLOCKCHAIN SERVER, SYSTEM AND CONTROL METHOD THEREOF CAPABLE OF ELECTRONIC SIGNATURE BASED ON DID}

The present invention relates to a server, a system, and a control method thereof for managing documents in electronic form by performing an electronic signature based on a DID. More specifically, the present invention relates to a server, a system, and a control method thereof for managing documents in electronic form by performing an electronic signature based on a DID. It concerns technology for managing issuance, distribution, verification, or destruction.

Recently, technologies to replace paper documents with electronic documents are being researched and commercialized. However, documents requiring high reliability are still managed as paper documents due to the problem of forgery and falsification. For example, resident registration certificates, seal certificates, various certificates, medical certificates, etc. are still managed as original documents printed on paper.

Although business between companies is done electronically through email or fax, major documents such as contracts, certificates, or official documents are processed non-electronically, such as by hand or registered mail, which reduces work efficiency and leads to increased economic and social costs.

Additionally, when electronic documents are distributed through email, fax, SNS, or messenger, there are problems such as online fraud due to hacking or phishing, and personal and corporate information being leaked.

Currently, many document issuing organizations provide application, creation, and issuance services for various certification documents online. However, receiving various types of documents from various document issuing agencies and managing and submitting them brings considerable inconvenience. In other words, only the document issuance stage is provided in electronic form, and electronic services that take into account the entire life cycle of electronic documents, such as storage, distribution, and disposal of documents, are not provided.

Accordingly, there is a need to strengthen personal information protection, minimize the risk of personal information leakage, and establish an integrated distribution system for electronic documents that can cover everything from electronic document issuance procedures to distribution.

The problem that the present invention aims to solve is to minimize the possibility of forgery and falsification of electronic documents and to provide a service that can expand the utility of electronic documents by improving their reliability.

Another problem that the present invention aims to solve is to provide an electronic document distribution service that can strengthen the protection of personal information by utilizing blockchain and DID technology.

The technical problems to be achieved in the present invention are not limited to the technical problems mentioned above, and other technical problems not mentioned will be clearly understood by those skilled in the art from the description below. You will be able to.

According to one aspect of the present invention to achieve the above or other objects, the first user terminal requests registration of a document in a document management server; registering the document by a document management server; The blockchain server performing a document registration transaction for the registered document; The document management server requesting signatures from the first and second user terminals; The first and second user terminals performing signatures; and the block chain server performing a signed transaction.

The block chain server further includes a step of storing document data for the document in a distributed storage DB, wherein the step of storing the document data may store the document data by matching a key value corresponding to the document data. .

It may further include the step of the blockchain server returning the key value to the document management server.

The first and second user terminals requesting a transaction for the performed signature from the blockchain server; And it may further include the step of the blockchain server performing a transaction for the signature.

Requesting the first and second user terminals to issue a DID to the blockchain server; And further comprising the step of the blockchain server issuing a DID to each of the first and second user terminals, wherein the step of performing the signature is based on the DIDs issued to the first and second user terminals, respectively. You can sign by doing this.

In the step of performing the signing, each of the first and second user terminals may sign using the private key of the issued DID.

requesting the first user terminal to create a transmission box to the document management server; and a step of the document management server creating a transmission box, wherein the step of requesting registration of the document may request registration of the document in the created transmission box.

According to another aspect of the present invention to achieve the above or other objects, there is provided a first user terminal that requests registration of a document in a document management server; The blockchain server performing a document registration transaction for the registered document; and a document management server that registers the document, wherein the document management server requests signatures from first and second user terminals, the first and second user terminals perform signatures, and the blockchain server An electronic document management system is provided, characterized in that it performs a signature completion transaction.

The blockchain server stores document data for the document in a distributed storage DB, and may store the document data by matching a key value corresponding to the document data.

The blockchain server may reply the key value to the document management server.

The first and second user terminals may request a transaction for the performed signature from the blockchain server, and the blockchain server may perform a transaction for the signature.

The first and second user terminals request the blockchain server to issue a DID, the blockchain server issues a DID to each of the first and second user terminals, and the blockchain server issues the first and second user terminals. The second user terminal can sign based on each issued DID.

The blockchain server allows each of the first and second user terminals to sign using the private key of the issued DID.

When the first user terminal requests the document management server to create a transmission box, the document management server creates a transmission box, and the first user terminal requests registration of the document, the created transmission box is Documents can be registered.

The effects of the document management server and system according to the present invention will be described as follows.

According to at least one of the embodiments of the present invention, there is an advantage of being able to provide services not only for the issuance stage of electronic documents, but also for the distribution and disposal stages.

Additionally, according to at least one of the embodiments of the present invention, there is an advantage that leakage of personal information can be minimized when distributing electronic documents.

Further scope of applicability of the present invention will become apparent from the detailed description below. However, since various changes and modifications within the spirit and scope of the present invention can be clearly understood by those skilled in the art to which the present invention pertains, the specific embodiments described in the detailed description are given only as examples. It must be understood.

Figure 1 is a diagram showing a conceptual diagram of a system 10 according to an embodiment of the present invention.
Figure 2 is a flowchart of the DID issuance procedure on the system 10 according to an embodiment of the present invention.
Figure 3 is a flow chart for issuing identity information on the system 10 according to one embodiment of the present invention.
FIG. 4 is a diagram illustrating a control flowchart in which a user requests the document issuance server 115 to issue a document according to an embodiment of the present invention.
Figure 5 shows a control flowchart for transmitting an electronic document issued according to an embodiment of the present invention.
Figure 6 is a diagram illustrating a control flowchart for checking whether the blockchain server 112 has viewing authority based on the DID ID according to an embodiment of the present invention.
Figure 7 is a control flowchart of a system 10 for discarding issued documents according to an embodiment of the present invention.
Figure 8 is a control flowchart of the blockchain server 112 for discarding a document issued according to an embodiment of the present invention.
Figure 9 is a diagram illustrating a control flowchart for registering and distributing documents requiring signatures between users, according to an embodiment of the present invention.

Hereinafter, embodiments disclosed in the present specification will be described in detail with reference to the attached drawings. However, identical or similar components will be assigned the same reference numbers regardless of reference numerals, and duplicate descriptions thereof will be omitted. The suffixes “module” and “part” for components used in the following description are given or used interchangeably only for the ease of preparing the specification, and do not have distinct meanings or roles in themselves. Additionally, in describing the embodiments disclosed in this specification, if it is determined that detailed descriptions of related known technologies may obscure the gist of the embodiments disclosed in this specification, the detailed descriptions will be omitted. In addition, the attached drawings are only for easy understanding of the embodiments disclosed in this specification, and the technical idea disclosed in this specification is not limited by the attached drawings, and all changes included in the spirit and technical scope of the present invention are not limited. , should be understood to include equivalents or substitutes.

Terms containing ordinal numbers, such as first, second, etc., may be used to describe various components, but the components are not limited by the terms. The above terms are used only for the purpose of distinguishing one component from another.

When a component is said to be "connected" or "connected" to another component, it is understood that it may be directly connected to or connected to the other component, but that other components may exist in between. It should be. On the other hand, when it is mentioned that a component is “directly connected” or “directly connected” to another component, it should be understood that there are no other components in between.

Singular expressions include plural expressions unless the context clearly dictates otherwise.

In this application, terms such as “comprise” or “have” are intended to designate the presence of features, numbers, steps, operations, components, parts, or combinations thereof described in the specification, but are not intended to indicate the presence of one or more other features. It should be understood that this does not exclude in advance the possibility of the existence or addition of elements, numbers, steps, operations, components, parts, or combinations thereof.

DID (Decentered Identity) refers to a decentralized identity verification service that uses blockchain technology to prove an individual's identity through a distributed ledger that cannot be forged or altered and allows the individual to manage their personal information.

Terms used to describe blockchain and DID-related technologies are defined as follows.

- A block is a unit that stores data on a blockchain storage system and is divided into a body and a header. The body contains transaction details, and the header contains encryption codes such as Merkle hash (Merkle root) or nonce (random number related to encryption). Blocks are created every 10 minutes, and transaction records are collected to create a block, verifying reliability, and connecting to previous blocks to form a blockchain. The block that first started here is called the genesis block. In other words, the genesis block refers to the first block in which no blocks have been created before it.

- Transaction refers to a unit of work stored as a block on a blockchain storage system. In the detailed description of the present invention, “a transaction is stored,” “a transaction is made,” or “a transaction is performed” may mean that a specific task is stored in block form on a blockchain system.

- User (holder) refers to a subject who wishes to prove his or her identity. Users can prove their identity by receiving identity information from the issuing agency and submitting it to the user agency (verification agency).

- Issuer refers to an entity that issues or issues identity information when it receives a request for identity verification from a user seeking identity verification. Issuers can sign issued identity information with their own private key and record their public key on the blockchain server.

- User agency (service provider, verifier) refers to the entity that verifies the identity information submitted by the user. For example, after verifying the user's identity information that he or she is a graduate of "OO University," the user organization may be a company that uses this as a basis for hiring.

- The DID ID is information indicating the location of the DID document.

- A DID document refers to information stored in the blockchain when issuing a DID. The DID document includes the ID, public key information related to the ID, authentication information to verify ownership of the ID, and information about services that can interact with the ID. It contains one or more of the following, and DID documents are typically stored on a blockchain.

- Verifiable Credential (VC) refers to a set of at least one user's personal information(s) issued by an Issuer, and VC is stored in a safe place such as a DID agent terminal (user-owned terminal). Saved. For example, it may include the user's resident registration number, gender, age, university attended, department attended, etc.

- VP (Verifiable Presentation) refers to a group (set) in which the user selects only the identity information he or she wishes to submit to the user agency among the identity information stored in the DID agent terminal. At this time, the selected identity information(s) can be signed with the user's private key, and the user agency can verify the identity information(s) with the user's public key recorded on the blockchain server.

1 is a diagram showing a conceptual diagram of a system 10 according to an embodiment of the present invention.

Figure 2 is a flowchart of the DID issuance procedure on the system 10 according to an embodiment of the present invention.

Figure 3 is a flow chart for issuing identity information on the system 10 according to one embodiment of the present invention.

Hereinafter, a specific method for requesting issuance of a document and managing document data of the issued document will be described with reference to FIGS. 1 to 3.

The system 10 according to an embodiment of the present invention includes an identity information issuing server 110, a document management server 111, a blockchain server 112, a user terminal 113, a receiving organization server 114, and a document It may include an issuing server 115 and a distributed storage DB 116. Since the configuration shown in FIG. 1 is not an essential configuration, it will be apparent that certain configurations may be omitted or other configurations may be added.

The identity information issuance server 110 may receive a request for issuance of identity information from the user terminal 113, issue the identity information, and respond.

The identity information issuing server 110 refers to an entity that directly manages the user's identity information. For example, the identity information issuance server 110 may be a school server that manages academic records, a Road Traffic Authority server that manages driver's license information, and a National Health Insurance Corporation server that manages medical insurance information. When a request for issuance of identity information regarding school records, etc. is received from the user terminal 113, the identity information issuance server 110 may check the school records, issue identity information, and reply.

The document management server 111 refers to a server for managing individual processes of various entities so that processes according to an embodiment of the present invention can be performed. The document management server 111 defines protocols for embodiments of the present invention and manages processes to be performed according to the defined protocols.

The user terminal 113 refers to a terminal possessed by a subject who wishes to request the issuance of an electronic document from a document issuing agency and submit it to the receiving agency.

The blockchain server 112 records transactions for processes according to embodiments of the present invention or stores DID-related data. Additionally, when the document issuing server 115 issues a document, a transaction for document issuance may be performed. In other words, a transaction for document issuance may include creating a block containing information related to document issuance.

Document issuance, for example, when requesting a transcript or graduation certificate from a document issuing agency (academic certification system), will refer to a series of issuance-related processes performed by the document issuing agency. In other words, the document data at this time will mean data about an electronic document that has been issued.

Document data according to an embodiment of the present invention refers to data used to form a document in electronic form. These document data include text data related to information to be displayed to the viewer (displayed text) and metadata that is not displayed to the viewer but is related to the document (for example, document creation date information or document issuer information, etc.) It may be included.

Document data may include all of a variety of forms stored in file format, for example, birth certificates, graduation certificates, internship completion certificates or transcripts provided in electronic form, and the format for storing the data. It will also include various formats such as pdf, docx or hwp.

At this time, the method in which the above-described transactions are performed in the blockchain server 112, unlike the method in which they are stored in a general storage, can be distributed and stored across multiple blockchain nodes, and multiple blocks are connected in the form of a chain. It may be saved as . Since the blockchain storage method is already a widely known technology, detailed explanation will be omitted. Hereinafter, it is clear that in one embodiment of the present invention, actions recorded in the blockchain server 112 can be stored in transaction form.

The user terminal 113 refers to a terminal owned by the user of the electronic document. At this time, the user of the electronic document refers to a person who has ownership of the electronic document and has sovereignty over the issuance or distribution of the electronic document.

The receiving organization server 114 refers to a server operated by an entity that requests users to submit various types of electronic documents and receives and verifies the requested electronic documents. For example, the receiving agency server 114 may be a server operated by a company seeking to hire human resources, and the user may be an applicant who wishes to submit documents required for recruiting human resources in the form of electronic documents.

The document issuing server 115 refers to a server that issues documents according to user requests. For example, it may refer to a server that provides academic records certification services that issue graduation certificates.

Referring to Figure 2, in order to use the service of the present invention, the user will be able to install software (application) on his/her user terminal 113 and perform the procedures of the present invention through the software. The procedures performed through the user terminal 113 can be performed through the installed software, and for convenience of explanation, the explanation that they are performed by software will be omitted below.

First, the user terminal 113 may perform an identity authentication procedure for the user (S201). The identity authentication process can refer to a variety of procedures that allow the user to confirm whether or not it is the user. A representative example is a method of replacing the resident registration number (CI) through a credit card authentication process in the user's name or a mobile communication terminal authentication process. You can verify your identity or go through the mobile communication terminal authentication process.

When the identity authentication process is successfully completed, the user terminal 113 can request DID issuance to the blockchain server 112 (S202).

When a DID issuance request is received, the blockchain server 112 can perform the DID issuance procedure (S203). According to the DID issuance procedure, the blockchain server 112 can generate a public key and private key pair corresponding to the user and generate a DID document for the user requesting issuance. And the blockchain server 112 can store the generated public key in the blockchain server 112 and return the remaining private key to the user terminal 113 (S204). At this time, when the blockchain server 112 stores the public key, it can be stored in a form included in the generated user's DID document.

The user terminal 113 may store the private key received in response from the blockchain server 112 (S205).

Similar to the identity authentication (S201) of the user terminal 113, the identity information issuing server 110, receiving agency server 114, and document management server 111 can perform agency authentication (S206, S211, S216). there is. Institutional certification (S206, S211, S216) can refer to various procedures that can confirm whether a specific institution is correct. For example, it may include procedures for verifying the institution's business registration number or verifying the institution's public certificate.

Meanwhile, the above-described organization certification (S206, S211, S216) procedures may be performed as steps on the system 10, but may also be performed in a form in which organization certification is performed by a person outside the system 10.

After agency authentication (S206, S211, S216) is completed, the identity information issuing server 110, receiving agency server 114, and document management server 111 request issuance of a DID (S207, S212, S217) and perform issuance ( The same procedures of S208, S213, S218), private key reply (S209, S214, S219), and private key storage (S210, S215, S220) can be performed.

In the example of Figure 2, the DID issuance procedure (S201 to S205) of the user terminal 113 is performed first, followed by the DID issuance procedure (S206 to S210) of the identity information issuance server 110, and the DID issuance procedure of the receiving organization server 114. (S211 to S215) and the DID issuance procedure (S216 to S220) of the document management server 111 were carried out sequentially, but this order is not related and the process will be carried out separately for each individual subject.

Next, the identity information issuance procedure will be described with reference to FIG. 3.

The user terminal 113 requests the identity information issuing server 110 to issue identity information (VC) (S301). At this time, the user may specify the identity information he or she wishes to issue through the user terminal 113, and the user terminal 113 may request issuance of the identity information specified by the user. For example, the user can specify the issuance of identity information for 'university name', 'name', 'date of birth' or 'student number'.

Subsequently, the user terminal 113 may record information regarding the identity information request to the blockchain server 112 (S302). At this time, the information may be stored in transaction form. The information stored at this time may be signed by the user's private key stored in the user terminal 113. As will be described later, when verification is performed (S303) by the identity information issuing server 110, the stored information is decrypted using the user's public key stored in the blockchain server 112. Accordingly, verification of the issued information may be carried out.

Subsequently, the identity information issuance server 110 may verify whether the request for identity information issuance was made by the user (S303). This is verification to block issuance requested by someone other than the user. To this end, the identity information issuing server 110 can perform verification using the user's public key stored in the blockchain server 112.

Since the 'information about the request for identity information' stored in step S302 was encrypted (signed) using the user's private key, if it is decrypted using the public key of the user, it is verified that the 'information about the request for identity information' was made by the user. You can do it. The identity information issuing server 110 can check whether the data received in step S301 is properly recorded in the blockchain server 112 through step S302.

If verification fails, the identity information issuance server 110 may reject the request for issuance of identity information.

If verification is successful, the identity information issuing server 110 can issue the identity information requested from the user terminal 113 (S304).

For example, the identity information issuing server 110 provides the user's academic information such as 'university name', 'name', 'date of birth', 'student number', 'academic status (graduated, enrolled, etc.)', 'degree name (undergraduate, graduate school, etc.)' etc.)', 'Department name', etc.

The identity information issued at this time may be signed with the private key of the identity information issuing server 110. It will be obvious that the public key of the identity information issuing server 110 can be transmitted to the verification subject through a method such as being recorded in the blockchain server 112. In one embodiment, the identity information issuing server 110 may record (S305) the blockchain server 112 by including its public key in the DID document.

The user terminal 113 may store the issued identity information (S306). And, the user terminal 113 can store and manage this identity information. The storage and management of identity information will be explained in more detail below.

FIG. 4 is a diagram illustrating a control flowchart in which a user requests the document issuance server 115 to issue a document according to an embodiment of the present invention.

The identity information issuance procedure described above may be performed several times through various identity information issuance servers 110. Therefore, a plurality of pieces of identity information may be stored in the user terminal 113. For example, the user terminal 113 can receive and store student status, affiliation, academic status (enrolled, on leave of absence, graduated, etc.), and credit identification information from the academic records management server of the university they attend, and store them in the Road Traffic Authority server. You can receive and store your driver's license registration number and identity information about the type of license.

At this time, each of the individual information may be managed by being included in one piece of identity information, but may also be managed as each individual piece of identity information. For example, when first identity information is issued from a school registration management server, student status, affiliation, academic status, and credits may all be included and managed in the first identity information. This may be managed separately into first to fourth identity information.

The user terminal 113 can select (S401) only the identity information it wishes to prove among a plurality of identity information. This is to minimize exposure of unnecessary personal information by collecting and submitting only the identity information needed at that time.

The identity information selected in this way is signed (encrypted) with the user's private key and is called VP (Verifiable Presentation).

The user terminal 113 submits the VP to the document management server 111 (S402). The submitted VP may be provided with the ID of the DID included.

And the user terminal 113 may request a transaction from the blockchain server 112 regarding information about the document issuance request. That is, the user terminal 113 may request that information about the document issuance request be recorded in the blockchain server 112 (S403).

Next, the document management server 111 requests the user's public key from the blockchain server 112 to verify the VP received from the user (S403). The request for the public key may include the ID of the DID received from the user. And the blockchain server 112 can query the user's public key based on the ID of the received DID and return the public key to the document management server 111.

As described above, the VP is encrypted with the user's private key. This means that it can be decrypted using the user's public key. Therefore, the document management server 111 searches the public key of the user registered in the blockchain server 112 and performs verification by checking whether the VP is decrypted using the searched public key (S406). do. In one embodiment, the document management server 111 searches the user's DID document stored in the blockchain server 112, obtains the user's public key included in the searched DID document, and performs verification (S406 )can do.

If decryption fails, the VP may reject the request for issuance of the document because it was not submitted by a legitimate user.

If decryption is successful, the VP can be considered to have been submitted by a legitimate user, so verification of the VP can be considered completed.

Additionally, the document management server 111 according to an embodiment of the present invention queries and verifies the authenticity of the document issuance request received from the user terminal 113 along with the public key request to the blockchain server 112 in step S404. can do. By checking whether there is document issuance request information recorded in the blockchain server 112 in step S403, the document issuance request itself can be verified (S406).

When verifying the VP (S406), the document management server 111 can sign it with its own private key and record the verification fact in the blockchain server 112.

When verification is completed, the document management server 111 may request the document issuance server 115 to issue a document (S407). In response to the request, the document issuing server 115 issues a document corresponding to the request (S408) and requests a transaction for document issuance from the blockchain server 112 (S409). At this time, document data for the document issued along with the transaction request may be transmitted to the blockchain server 112 together.

The blockchain server 112 can create and record a block for document issuance information through a transaction. At this time, the document issuance information may be configured to include at least one of issuance requester information, issuance date and time information, issuer information, and a key value corresponding to document data. In particular, document issuance information according to an embodiment of the present invention is proposed to include the DID ID of the document issuer (requester).

Meanwhile, in one embodiment of the present invention, it is proposed that the document data itself for the issued document is not stored in block form in the blockchain server 112, but in the distributed storage DB 116. In one embodiment, the distributed storage DB 116 may be composed of distributed nodes in a block chain form, or may be a general storage rather than a block chain form. In other words, the document data itself of the issued document is delivered to the distributed storage DB 116 and is not stored in the blockchain server 112.

Instead of not storing the document data itself, one embodiment of the present invention proposes to include a key value for identifying (indicating) the document data in the document issuance information stored in the block. Additionally, when the document data is stored in the distributed storage DB 116, it may be stored in a form that matches the key value. It is saved in this form in order to view the document data at a later date.

The reason document data is stored separately in the distributed storage DB 116 and not together in the blockchain server 112 is to protect personal information and ensure efficient operation of the blockchain server 112.

Next, the blockchain server 112 returns the key value of the corresponding document to the document issuing server 115 (S412). The document issuing server 115 may then transmit the key value to the document management server 111 (S413). The document management server 111 may store the key value corresponding to the document (S414) and notify the user terminal 113 that document issuance has been completed (S415).

Meanwhile, in steps S412 and S413, the key value corresponding to the document data is transmitted to the document management server 111 through the document issuing server 115, but this is not necessarily limited to this transmission path, and the blockchain server 112 It is obvious that it can be transmitted directly to the management server 111 or transmitted through another transmission path.

The user terminal 113 may request the blockchain server 112 to view a document (S416). The request to view the document may include the key value of the document returned in steps S412 and S413.

The blockchain server 112 that receives the document viewing request (S416) will need to check (S417) whether the requester has legitimate authority. To this end, an embodiment of the present invention proposes confirmation based on the DID ID of the document viewing requester. The control sequence for confirming viewing authority based on the DID ID will be described with reference to the flow chart in FIG. 6.

Figure 6 is a diagram illustrating a control flowchart for checking whether the blockchain server 112 has viewing authority based on the DID ID according to an embodiment of the present invention.

The user terminal 113 may include its DID ID (i.e., the DID ID of the document viewing requester) in the document viewing request (S415) described above. And when the blockchain server 112 receives a document viewing request (S417-1), it checks whether the DID ID of the document issuing entity and the DID ID of the document viewing requester included in the document issuance information stored in step S410 match. Make judgment (S417-2). If it is determined that they match, it will be recognized as having legitimate viewing rights (S417-5).

In other words, if the issuing entity requests viewing, it can be viewed as having appropriate viewing rights without any additional verification.

The remaining steps S417-3 to S417-4 are described below with reference to FIG. 5.

Returning to Figure 4, if it is determined that there is a legitimate viewing right, the blockchain server 112 searches for matching document data in the distributed storage DB 116 based on the key value included in the document viewing request (S418), The searched document data can be returned (S419).

In steps S416 to S419, the user terminal 113 directly exchanges requests and data with the blockchain server 112, but at least one of the steps is relayed by the document management server 111. It might be done.

Meanwhile, the above-mentioned document issuance request (S407) is made in a way that the document management server 111 relays between the document issuance server 115 and the user terminal 113, but is not necessarily limited to this. That is, when the user terminal 113 requests document issuance directly from the document issuing server 115, the document issuing server 115 performs a verification procedure (S406) for the user terminal 113, and based on the verification result, Thus, document issuance (S408) can be achieved. Additionally, the key value transmitted in step S413 may also be transmitted directly from the document issuing server 115 to the user terminal 113, rather than being relayed by the document management server 111.

So far, the control sequence for issuing electronic documents according to an embodiment of the present invention has been described. Hereinafter, with reference to FIG. 5, a control sequence for transmitting an electronic document from a user (electronic document sender) to a receiving organization (electronic document recipient) will be described.

Figure 5 shows a control flowchart for transmitting an electronic document issued according to an embodiment of the present invention.

In the drawing, the user terminal 113 is an electronic document sender who wishes to send the electronic document issued through the process of FIG. 4 to the receiving organization server 114, and the receiving organization server 114 is an electronic document receiving the electronic document. This will be the recipient of the document. For example, the user terminal 113 may be a job applicant, the receiving organization server 114 may be a company server, and the electronic document to be sent may be various certification documents required for job application.

In particular, in one embodiment of the present invention, rather than sending the issued electronic document in a general way (attachment to email or general upload), an inbox is created in the document management server 111, and documents are sent and received through the created inbox. Suggest ways to do this.

In one embodiment of the present invention, an inbox may mean a virtual space for the receiving organization server 114 to store documents registered by multiple users, and the receiving organization individually manages multiple inboxes. You will be able to perform efficient management by applying individual settings to each inbox.

First, the receiving organization server 114 requests the document management server 111 to create an inbox (S501). At this time, the document management server 111 may specify at least one type of document that can be included in the created inbox. Information about the type of document designated in this way will hereinafter be referred to as document type designation information.

For example, when creating an inbox for recruitment, you can specify the type of document such as the job applicant's 'graduation certificate', 'certificate of achievement', and 'copy of resident registration'.

Furthermore, in one embodiment of the present invention, the type of document that must be necessarily included may also be specified. That is, the document type information may include essential document type information. For example, 'graduation certificate' could be designated as a document type that must be included. Conversely, the types of documents that do not necessarily need to be included (documents that are optionally included) may also be specified. Information about documents that must be selectively included is called optional document type information.

Information related to the above-mentioned document types will be collectively referred to as document type information. That is, the document type information may be configured to include at least one of document type designation information, required document type information, and optional document type information.

That is, when requesting the creation of an inbox (S501), the receiving organization server 114 may specify at least one type of document that can be included in the inbox, or may specify the type of document that is necessarily included or optionally included.

Furthermore, in one embodiment of the present invention, it is proposed that management of the inbox is based on the ID of the DID. To this end, in one embodiment of the present invention, the document management server 111 proposes to create an inbox by matching the DID ID of the receiving organization server 114 to the inbox when creating the inbox (S502). This is to efficiently manage inboxes for each recipient organization and improve security reliability through the DID ID. To this end, the receiving organization server 114 may transmit its DID ID together when requesting the creation of an inbox (S501).

In particular, the inbox creation request (S501) may be signed and delivered with the private key of the receiving organization server 114. If the document management server 111 requires verification of the inbox creation request (S501), verification can be performed by querying the blockchain server 112 for the public key of the receiving organization server 114. am.

The user terminal 113 may search the inbox created in the document management server 111 and register the document to be sent to the searched inbox (S504). In the above example, the user may search the inbox of the company to which he or she wishes to apply as a job applicant and register a document in the inbox of the company (S504).

In particular, in one embodiment of the present invention, when searching (or searching) the inbox through the user terminal 113, document type information can be confirmed. By checking the document type information, you will be able to check what types of documents can be registered in the inbox and whether they are essential or optional document types.

The user terminal 113 will be able to register the document in the inbox by checking the types of documents that can be included in the inbox, required document types, and optional document types, and selecting the document to be registered.

Furthermore, if a user's signature is required when registering a document in the inbox, the user terminal 113 may request the user's signature. That is, the user may perform an electronic signature through the user terminal 113, and the user terminal 113 may perform the document registration procedure (S504) based on the signature. For example, if the receiving organization sets that consent to personal information processing is required when registering an inbox, the user terminal 113 can receive an electronic signature from the user and then proceed with the document registration procedure described above.

The document management server 111 may check whether the document type can be included in the inbox, is essentially included, or is optionally included, and registers the document in the inbox (S505).

If the document sent by the user corresponds to a document type that cannot be included in the inbox, the document management server 111 may not register the document in the inbox.

The document management server 111 may record information (referred to as document registration information) that a document has been registered in the inbox to the blockchain server 112 (S506, transaction request). At this time, the document registration information may include the DID ID of the receiving organization. This is because, when the receiving organization server 114 requests the blockchain server 112 to view a document, the request is made to view the document based on the DID ID of the receiving organization server 114 and checks whether the user has permission to view the document.

Additionally, document registration information according to an embodiment of the present invention may include key values of registered documents (generated when issuing the document described above with reference to FIG. 4).

The receiving organization server 114 may request document viewing from the blockchain server 112 based on its DID ID (S507). At this time, you will be able to request it by signing with your private key. This is because the blockchain server 112 verifies whether the receiving organization server 114 has legitimate viewing rights.

To this end, the blockchain server 112 may query the public key of the receiving organization server 114 and verify the viewing authority through the retrieved public key.

When the blockchain server 112 receives a document viewing request (S507), it checks whether the viewing requestor has viewing authority (S416).

The flowchart of FIG. 6 will be described again. When a document viewing request is received (S417-1), the blockchain server 112 checks (S417-2) whether the DID ID of the document issuing entity matches the DID ID of the document viewing requester. Unlike the embodiment of FIG. 4, there is no match in FIG. 5, so the process can proceed to step S417-3.

Next, the blockchain server 112 checks the document registration information (S417-3) and determines whether the DID ID of the inbox included in the document registration information matches the DID ID of the document viewing requester (S417-4) do. If they match, the right to view the document can be recognized (S417-5), and if they do not match, the right to view the document can be denied (S417-6).

Returning to Figure 5, the blockchain server 112 searches document data stored in the distributed storage DB 116 based on the key value included in the document registration information confirmed in step S417-3 (S508). And, the searched document data can be returned to the receiving organization server 114 (S509).

When receiving document data, the receiving organization server 114 may request authenticity verification of the document data from the blockchain server 112 (S510). The blockchain server 112 may perform document authenticity verification in response to the verification request (S511) and return the authenticity verification result (S512). Meanwhile, if the blockchain server 112 independently verifies the authenticity of the document before the document data of S509 is returned, steps S510 to S512 may be omitted.

At this time, as an example, the verification of the authenticity of the document described above may be performed by comparing the hash value of the document stored in the blockchain server 112 with the hash value of the document for which verification has been requested, but is not limited to this verification method. won't

According to steps S501 to S515 described with FIG. 5, an electronic document can be basically transmitted from the user to the receiving organization server. Electronic documents transmitted in this way are free from the risk of forgery and falsification due to the integrity nature of blockchain technology. In other words, the receiving organization can be sure that the electronic document received from the user has not been forged or altered. Additionally, the receiving organization can receive only the types of documents it wants and specify the types of required and optional documents.

Hereinafter, with reference to FIGS. 7 and 8, a control sequence for discarding an issued document will be described.

Figure 7 is a control flowchart of a system 10 for discarding issued documents according to an embodiment of the present invention. Figure 8 is a control flowchart of the blockchain server 112 for discarding a document issued according to an embodiment of the present invention.

When the user terminal 113 requests the blockchain server 112 to discard a document (S701), the blockchain server 112 checks whether it has permission to discard (S702). The control sequence for checking whether disposal authority exists will be described with reference to FIG. 8.

As in the confirmation of document viewing authority (control sequence in FIG. 6 described above), if the issuing entity requests destruction of the document, it may be recognized as having authority. Therefore, in one embodiment of the present invention, it is proposed to include the DID ID of the disposal requester in the document disposal request in step S701.

The blockchain server 112 determines whether the DID ID of the person requesting destruction included in the document destruction request matches the DID ID of the document issuing entity (S702-2), and if so, acknowledges the authority to destroy the document (S702-3) ) You will be able to do it. If there is a discrepancy, the authority to destroy the document may be denied (S702-4).

If the right to destroy the document is acknowledged in step S702, returning to FIG. 7, the blockchain server 112 may transmit a request for document destruction to the distributed storage DB 116 (S703). At this time, the document destruction request may include a key value for the document to be destroyed.

The distributed storage DB 116 performs document destruction by searching document data using the key value of the document included in the document destruction request and then deleting at least one of the searched document data and the corresponding key value (S704). You will be able to.

And the result of discarding the distributed storage DB 116 may be returned to the blockchain server 112 and the user terminal 113 (S705).

In the above-described embodiment, a control method for issuing and distributing documents through the document issuing server 115 has been described.

Below, an embodiment of distributing documents requiring signatures between users (for example, contracts, confirmations, etc.) as electronic documents will be described.

Figure 9 is a diagram illustrating a control flowchart for registering and distributing documents requiring signatures between users, according to an embodiment of the present invention.

The first user terminal 113-1 requests the document management server 111 to create a transmission box (S901). In one embodiment of the present invention, a transmission box may mean a virtual storage space for a user to register documents in order to manage them.

The document management server 111 may create a transmission box in response to the transmission box creation request (S901) (S902) and reply with the creation result (S903). At this time, when at least one transmission box setting information is received from the first user terminal 113-1, a transmission box may be created according to the received at least one transmission box setting information.

The at least one transmission box setting information may include recipient information, information on the type of document being registered, information on the expiration date of the registered document, and information on whether a signature is required.

The first user terminal 113-1 may request document registration to the document management server 111 (S904). At this time, the document may be registered in the created transmission box or inbox.

When the document is registered (S905), the document management server 111 requests signatures from the first and second user terminals 113-1 and 113-2 (S906 and S911). The first and second user terminals 113-1 and 113-2 respectively perform signatures (S908, S912) in response to the signature requests (S906, S911) and reply with signature results (S909, S913), respectively. You can.

When the signature is completed, each of the first and second user terminals 113-1 and 113-2 may request a transaction for the first and second signatures from the blockchain server 112 (S910, S914). This is to record that each signature has been performed.

The signatures (S908, S912) performed by the first and second user terminals (113-1, 113-2) may be made in electronic form. In one embodiment of the present invention, it is proposed to perform the signature based on DID.

To this end, the first and second user terminals 113-1 and 113-2 can sign (encrypt) predetermined information with their own private keys and transmit it to the document management server 111 along with their DID IDs. . The document management server 111 searches the blockchain server 112 for public keys corresponding to the first and second user terminals 113-1 and 113-2 based on the received DID ID, and retrieves the searched public key. Based on this, the validity of the signature can be verified through a method of decoding the predetermined information.

Meanwhile, the above-described signature method is only an example, and the present invention is not limited to this signature example.

In the drawing, a signature between two parties is used as an example, but if signatures are required between multiple parties, it may also be included in the present invention.

When the signature is completed, the document management server 111 may request a transaction to record information (document registration information) about the document registered in the transmission box to the blockchain server 112 (S915). At this time, the document management server 111 may transmit document data for the registered document to the blockchain server 112.

The blockchain server 112 stores the received document registration information in block form, and stores the document data received together in the distributed storage DB 116 (S916). At this time, as described above, document data can be stored in correspondence with the key value.

The blockchain server 112 returns the key value for the registered document to at least one of the document management server 111 and the first and second user terminals 113-1 and 113-2 (S917). The document management server 111 may store the key value of the document (S918) and notify at least one of the first and second user terminals 113-1 that document registration in the transmission box has been completed (S919).

Although the embodiment of the document management server and system according to the present invention has been described above, this is explained as at least one embodiment, and the technical idea, structure, and operation of the present invention are not limited thereby, and the present invention The scope of the technical idea is not limited/restricted by the drawings or the description referring to the drawings. In addition, the concept and embodiments of the invention presented in the present invention can be used by those skilled in the art as a basis for modifying or designing other structures to achieve the same purpose of the present invention. , Equivalent structures modified or changed by those skilled in the art to which the present invention pertains are bound to the technical scope of the present invention described in the claims, and do not depart from the spirit or scope of the invention described in the claims. Various changes, substitutions, and changes are possible within limits.

Claims (14)

In the control method of a DID-based electronic document management system,
A first user terminal transmitting a DID ID and transmission box setting information along with a transmission box creation request to the document management server;
The transmission box creation request is signed and transmitted with the private key of the first user terminal,
The document management server inquiring the public key of the first user terminal to a blockchain server;
Verifying the transmission box creation request based on the public key of the searched first user terminal;
When the verification is completed, the document management server creates a transmission box based on the transmission box setting information;
The document management server matching the created transmission box to the DID ID and storing it;
The transmission box is a virtual storage space where users can register documents to manage them.
The transmission box setting information includes at least one of recipient information, type information of the registered document, and expiration date information of the registered document,
A second user terminal requesting registration of a document in the created transmission box;
registering the document by the document management server;
The blockchain server performing a document registration transaction for the registered document;
The document registration transaction records document registration information, which is information that a document has been registered in the transmission box,
The document registration information includes the DID ID,
The first user terminal requests the document management server to view a document;
determining, by the document management server, whether the DID ID included in the document registration information matches the DID ID included in a request to view the document;
If the determination result matches, providing the first user terminal to view the registered document;
requesting, by the document management server, a signature from the first and second user terminals;
The first and second user terminals performing signatures; and
Characterized in that the block chain server performs a signed transaction,
Control methods for electronic document management systems.
According to claim 1,
Further comprising the step of the blockchain server storing document data for the document in a distributed storage DB,
The step of storing the document data is characterized in that the key value corresponding to the document data is stored in correspondence with the document data.
Control methods for electronic document management systems.
According to claim 2,
Characterized in that the block chain server further comprises the step of replying the key value to the document management server.
Control methods for electronic document management systems.
According to claim 1,
The first and second user terminals requesting a transaction for the performed signature from the blockchain server; and
Characterized in that it further comprises the step of the blockchain server performing a transaction for the signature,
Control methods for electronic document management systems.
According to claim 1,
Requesting the first and second user terminals to issue a DID to the blockchain server; and
Further comprising the step of the blockchain server issuing a DID to each of the first and second user terminals,
The step of performing the signature is,
Characterized in that the first and second user terminals sign based on the respective issued DIDs,
Control methods for electronic document management systems.
The method of claim 5, wherein performing the signature comprises:
Characterized in that each of the first and second user terminals signs using the private key of the issued DID.
Control methods for electronic document management systems.
delete In the DID-based electronic document management system,
a first user terminal that transmits a DID ID and transmission box setting information along with a transmission box creation request to the document management server;
Blockchain server that performs document registration transactions; and
The first user terminal signs and transmits the transmission box creation request with the private key of the first user terminal,
The public key of the first user terminal is searched on the blockchain server, the request for creating an outbox is verified based on the public key of the inquired first user terminal, and when the verification is completed, the outbox setting information is used. Includes a document management server that creates an outbox,
The transmission box is a virtual storage space where users can register documents to manage them.
The transmission box setting information includes at least one of recipient information, type information of the registered document, and expiration date information of the registered document,
The first user terminal requests registration of a document in the created transmission box,
The document management server registers the document,
The blockchain server performs a document registration transaction for the registered document,
The document registration transaction records document registration information, which is information that a document has been registered in the transmission box,
The document registration information includes the DID ID,
When the first user terminal requests to view a document, the document management server determines whether the DID ID included in the document registration information and the DID ID included in the request to view the document match, and matches the DID ID as a result of the determination. In this case, the first user terminal is provided with a view of the registered document,
The document management server requests a signature from the first user terminal and the second user terminal,
The first and second user terminals perform signing,
Characterized in that the blockchain server performs a signed transaction,
Electronic document management system.
According to claim 8,
The blockchain server stores document data for the document in a distributed storage DB, and stores the key value corresponding to the document data in correspondence with the document data.
Electronic document management system.
According to clause 9,
Characterized in that the blockchain server returns the key value to the document management server.
Electronic document management system.
According to claim 8,
The first and second user terminals request a transaction for the performed signature from the blockchain server,
Characterized in that the blockchain server performs a transaction for the signature,
Electronic document management system.
According to claim 8,
The first and second user terminals request DID issuance from the blockchain server,
The blockchain server issues a DID to each of the first and second user terminals,
The blockchain server is characterized in that the first and second user terminals sign based on the respective issued DIDs.
Electronic document management system.
The method of claim 12, wherein the blockchain server,
Characterized in that each of the first and second user terminals signs using the private key of the issued DID.
Electronic document management system.
delete