KR20240050180A - System and method for trading based on blockchain technologies - Google Patents

Abstract

A prescription authentication VC indicating that the consumer has the right to purchase the product subject to management is issued to the consumer's electronic device, a VP is generated on the electronic device of the consumer regarding whether the consumer has the right to purchase the product subject to management, and the seller A VP is transmitted to the electronic device of the seller regarding the purchase authority of the product subject to management, and the identifier of the product distribution management agency stored in the first blockchain network is transmitted from the electronic device of the seller to the electronic device of the seller regarding the authority to purchase the product subject to management. Verify that the prescription certification VC was issued by a legitimate product distribution management agency based on the digital signature of the product distribution management agency included in the VP, and obtain at least part of the prescription information in the prescription certification VC based on the verification results. It is related to a system and method for a consumer to purchase a management target product, and performing a transaction process to purchase the management target product.

Description

System and method for purchasing managed products based on blockchain technology {SYSTEM AND METHOD FOR TRADING BASED ON BLOCKCHAIN TECHNOLOGIES}

Embodiments of this application relate to technology for purchasing products subject to management from sellers based on blockchain technology in order to transparently manage the identity and purchase history of consumers.

Medical products, including pharmaceuticals, may directly affect human life or health, so the distribution or final consumption process needs to be supervised by a competent management agency. In particular, psychotropic medical products, narcotics, or addictive medicines are subject to significant damage from misuse or abuse, so the production process, distribution process, and prescription process need to be accurately and transparently confirmed and managed. However, various medical-related products, including medicines subject to such special management, are managed independently from each other during each distribution or prescription process, and the management results are independently reported to a supervisory or management agency, such as the Ministry of Food and Drug Safety. It becomes. As a result, if an error occurs during the distribution process, it is difficult to confirm later, and it is also difficult to track illegal distribution.

Additionally, in the case of addictive drugs whose quantity is limited, it is difficult to confirm the total amount ultimately prescribed to each individual within a given period of time. Therefore, there is a need to develop a system that provides a purchasing service that allows all distribution or prescription processes to be automatically verified or tracked.

Patent Registration Publication No. 10-2287965 (published on August 3, 2021)

In order to solve the above-mentioned problems, we would like to provide a system and method that allows the purchase of management target products only for consumers who are certified to purchase the management target products and transparently manages purchase history.

According to one aspect of the present application, a method for a consumer to purchase a managed product performed by the system is operated by a blockchain-based purchasing system including a first blockchain network with a distributed ledger, wherein the system is operated by the consumer. communicates with the electronic device of, the seller's electronic device, and the medical institution's electronic device, and the first blockchain network may store the consumer's identifier, the system's identifier, and the medical institution's identifier.

At this time, the method includes the steps of issuing, in the system, a prescription authentication VC indicating that the consumer has the right to purchase a management target product to the consumer's electronic device; Generating a VP on whether the consumer has the right to purchase the product subject to management on the consumer's electronic device, and transmitting the VP on whether the consumer has the right to purchase the product subject to management to the electronic device of the seller? The VP regarding the purchase authority of the product subject to management may include some or all of the information included in the consumer's identity authentication VC and prescription authentication VC.

At this time, legitimate product distribution is based on the identifier of the product distribution management agency stored in the first blockchain network on the seller's electronic device and the digital signature of the product distribution management agency included in the VP regarding purchase authority for the product subject to management. Verifying that it is a prescription certification VC issued by a management institution, obtaining at least part of the prescription information in the prescription certification VC based on the verification results, and performing a transaction process to purchase a product subject to management? The transaction process may include a series of preset operations between the seller's electronic device and the consumer's electronic device for transaction of a product subject to management.

In one embodiment, the step of issuing, in the system, a prescription authentication VC indicating that the consumer has the right to purchase a management target product to the consumer's electronic device, includes prescription information about the consumer from the medical institution's electronic device, and the consumer's identity. Step of requesting issuance of prescription certification VC by digitally signing the authentication VC and the medical institution's authorized prescribing organization VC with the medical institution identifier? The prescription information may include information related to prescriptions in which the consumer is the subject of the prescription and the product subject to management is a prescription product, and in response to the request for issuance of the prescription certification VC, the VC included in the authorized prescription agency in the system Verifying whether the request for issuance of a prescription authentication VC is a digital signature by a medical institution that is an authorized prescribing institution based on the digital signature of the medical institution and the identifier of the medical institution stored in the first blockchain network, and the request for issuance of the prescription certification VC is an authorized prescription If it is verified that it is a digital signature by a medical institution, the system may include issuing a prescription authentication VC that digitally signs the prescription information and at least some data included in the consumer's identity authentication VC.

In one embodiment, the method includes issuing, in the system, an authorized seller VC indicating that the seller has the authority to sell the management subject product to the seller's electronic device, determining whether the seller has the authority to purchase the management subject product. Before transmitting the VP for the product to the seller's electronic device, a VP on whether the seller has the sales authority is created on the seller's electronic device, and a VP on whether the seller has the sales authority for the management target product is generated on the consumer's electronic device. Steps to transfer VP? The VP on whether the product subject to management is authorized to purchase includes some or all of the information included in the seller's identity authentication VC and prescription authentication VC, and the product stored in the first blockchain network on the consumer's electronic device. Verifying that the VC is an authorized seller issued by a legitimate product distribution management agency based on the identifier of the distribution management agency and the digital signature of the product distribution management agency included in the VP regarding whether or not the product is authorized to sell the product subject to management; It can be included.

At this time, if it is verified that it is an authorized seller VC issued by the legitimate product distribution management agency, a VP on whether the consumer has the right to purchase the product subject to management is generated on the consumer's electronic device, or the VP is generated on the seller's electronic device. VP can be sent regarding the purchase authority of the management target product.

In one embodiment, the step of issuing, in the system, an authorized seller VC indicating that the seller has the authority to sell the product subject to management to the seller's electronic device is to obtain the seller's identity authentication VC from the seller's electronic device. Requesting issuance of an authorized seller VC by digitally signing with the seller's identifier, in response to the request for issuance of an authorized seller VC, the digital signature of the seller and the first blockchain included in the identity authentication VC of the seller in the system Verifying whether the request for issuance of the authorized seller VC was transmitted from a legitimate seller based on the identifier of the seller stored in the network; if it is verified that the request is sent from the legitimate seller, the information of the authorized seller DB and the seller authentication VC in the system It may include comparing information and, if there is information matching the seller authentication VC in the authorized seller DB, issuing the authorized seller VC to the electronic device of the seller who requested issuance of the authorized seller VC.

In one embodiment, the step of obtaining at least some of the prescription information in the prescription authentication VC based on the verification result and performing a transaction process for purchasing the product to be managed includes, the period of taking the product to be managed for the consumer. , calculating the total dose allowed for purchase based on the number of daily doses, the dose per time, and performing a transaction process to purchase the product to be managed as the total dose.

In one embodiment, performing a transaction process to purchase the entire dose of the managed product comprises: generating a consumer's purchase order for the transaction process and transmitting it to a transaction system; wherein the consumer's purchase order is Generated on the consumer's electronic device or the seller's electronic device; Generating the seller's sales order for the transaction process on the seller's electronic device and transmitting it to the transaction system, and processing a transaction transaction based on the consumer's purchase order and the seller's purchase order in the transaction system. Includes, and the transaction system is configured to process a plurality of transactions for asset trading, and a second blockchain network including a plurality of computing devices. The second blockchain network is connected to the consumer's electronic device and the seller's electronic device included in the plurality of computing devices, and a blockchain is stored in the consumer's electronic device and the seller's electronic device; It includes an exchange server and a distributed storage in communication with the blockchain network, wherein the method registers a product to be managed for sale on the electronic device of the seller, thereby registering an asset share associated with the product to be managed through an asset share smart contract. It may further include issuing a token and issuing the currency token through a currency token smart contract in accordance with depositing fiat currency on the consumer's electronic device.

In one embodiment, the step of creating a consumer's purchase order for the transaction process includes designating an asset equity token associated with the managed product as a payment target on the seller's electronic device or the consumer's electronic device and Creating the consumer's purchase order by specifying the entire dose as the payment quantity, and creating the seller's sales order for the transaction process includes specifying the currency token as a payment method on the seller's electronic device; A sales order for the seller can be created by specifying the number of currency tokens corresponding to the payment object and payment quantity as the payment amount.

In one embodiment, the step of issuing an asset equity token associated with the product to be managed includes registering the product to be managed as an asset in a transaction system on the seller's electronic device and receiving a request for depositing an asset equity token. Cryptographically signing an asset share token deposit request with the seller's private key and transmitting it to the asset share smart contract, trading the asset share token associated with the managed product registered in response to the asset share token deposit transaction in the asset share smart contract. It may include moving to a smart contract, generating a deposit event log of the asset equity token in the transaction smart contract, and storing it in a blockchain in the second blockchain network.

In one embodiment, the step of issuing the currency token includes, when a currency token deposit request occurs by depositing fiat currency on the consumer's electronic device, cryptographically signing the currency token deposit request with the consumer's private key to obtain the currency token. Transferring to a contract, moving the currency token to the transaction smart contract in response to a currency token deposit transaction in the currency token smart contract, generating a deposit event log of the currency token in the transaction smart contract, and 2 It may include the step of storing on the blockchain within the blockchain network.

In one embodiment, the step of processing a transaction based on the consumer's purchase order and the seller's purchase order in the trading system includes sending the seller's sales order, which is cryptographically signed with the seller's private key, on the seller's electronic device to the exchange server. and transmitting to the distributed storage the consumer's purchase order, which is cryptographically signed with the consumer's private key on the consumer's electronic device, to the exchange server and the distributed storage, a purchase order that is the consumer's transaction request in the exchange server, and the seller's transaction. Processing a transaction corresponding to a requesting sales order and storing a cryptographically signed transaction corresponding to the transaction request in the distributed storage; and matching the consumer's purchase order and the seller's sell order, so that a quantity of the currency token equivalent to the payment amount is transferred from the consumer's exchange account to the seller's exchange account and the payment quantity is transferred from the seller's exchange account. Creating the transaction transaction such that a quantity of the asset equity token is transferred from the seller's exchange account to the consumer's exchange account, cryptographically signing the transaction transaction with the private key of the exchange server and storing it in the distributed storage. Steps may be included.

A computer-readable recording medium according to another aspect of the present application may record a program for performing a method for a consumer to purchase a management target product according to the above-described embodiments.

The purchasing system according to one aspect of the present application can transparently manage the consumer's identity and purchase history. In particular, the purchasing system allows the purchase of products subject to management only to consumers with certified valid purchase authority and can track transaction history, ultimately making it possible to strictly manage consumers' purchases of products subject to management.

The effects of the present invention are not limited to the effects mentioned above, and other effects not mentioned will be clearly understood by those skilled in the art from the description of the claims.

In order to more clearly explain the technical solutions of the embodiments of the present invention or the prior art, drawings necessary in the description of the embodiments are briefly introduced below. It should be understood that the drawings below are for illustrative purposes only and not for limiting purposes of the present specification. Additionally, for clarity of explanation, some elements may be shown in the drawings below with various modifications, such as exaggeration or omission.
Figure 1 is a schematic diagram of a system 1 for purchasing products subject to management based on blockchain technology, according to one aspect of the present application.
Figure 2 is a schematic diagram of a blockchain-based authentication system, according to one aspect of the present application.
3A and 3B are block diagrams of the identity authentication system 100 and the product distribution management system 200 according to an embodiment of the present application.
4A to 4C are block diagrams of a medical institution's electronic device 300, a consumer's electronic device 400, and a seller's electronic device 500 according to an embodiment of the present application.
Figure 5 is a signal flow diagram of a method by which the identity authentication system 100 issues a consumer identity certificate to the consumer's electronic device 400 according to an embodiment of the present application.
Figure 6 is a signal flow diagram of a method by which the product distribution management system 200 issues a prescription authority certificate to the electronic device 300 of a medical institution, according to an embodiment of the present application.
Figure 7 is a signal flow diagram of a method of registering a medical staff member with prescribing authority in the product distribution management system 200 according to an embodiment of the present application.
Figure 8 is a signal flow diagram of a method for issuing a prescription certificate according to an embodiment of the present application.
Figure 9 is a signal flow diagram of a method by which the product distribution management system 200 issues a sales authorization certificate to the seller's electronic device 500, according to an embodiment of the present application.
Figure 10 is a signal flow diagram of a method of purchasing cannabis medicine according to another aspect of the present application.
11A and 11B are schematic diagrams of a blockchain-based transaction system, according to one aspect of the present application.
Figure 12 is a diagram to explain the structure of a blockchain network according to various embodiments.
Figure 13 is a block diagram of an exchange server according to an embodiment of the present application.
FIG. 14 is a diagram illustrating an example of a sequence of transaction transactions occurring in a transaction system according to an embodiment of the present application and a settlement procedure performed upon occurrence of a withdrawal request.
Figure 15 is a diagram for explaining a transaction history storage method that ensures immutability and transparency of transaction history stored in distributed storage according to an embodiment of the present application.
Figure 16 is a signal flow diagram of a deposit method to a transaction system according to various embodiments of the present application.
Figure 17 is a signal flow diagram of an asset trading method according to various embodiments of the present application.
18 is a signal flow diagram of a withdrawal method from a trading system according to various embodiments of the present application.

Hereinafter, embodiments of the present application will be examined in detail with reference to the drawings.

However, this disclosure is not intended to limit the disclosure to specific embodiments, and should be understood to include various modifications, equivalents, and/or alternatives to the embodiments of the disclosure. . In connection with the description of the drawings, similar reference numbers may be used for similar components.

In this specification, expressions such as “have,” “may have,” “includes,” or “may include” refer to the relevant features (e.g., numerical values, functions, operations, steps, parts, elements, and/or components). It refers to the presence of components such as etc.) and does not exclude the presence or addition of additional features.

When a component is said to be “connected” or “connected” to another component, it is understood that it may be directly connected or connected to the other component, but that other components may exist in between. It should be. On the other hand, when it is mentioned that a component is “directly connected” or “directly connected” to another component, it should be understood that there are no other components in between.

Expressions such as “first,” “second,” “first,” or “second” used in various embodiments may modify various elements regardless of order and/or importance, and limit the elements. I never do that. The above expressions can be used to distinguish one component from another. For example, the first component and the second component may represent different components, regardless of order or importance.

The expression “configured to” used in this specification means, for example, “suitable for,” “having the capacity to,” depending on the surrounding circumstances. ),” “designed to,” “adapted to,” “made to,” or “capable of.” . The term “configured (or set) to” may not necessarily mean “specifically designed to” in terms of hardware. Instead, in some circumstances, the expression “a device configured to” may mean that the device is “able to” work with other devices or components. For example, the phrase “processor configured (or set) to perform A, B, and C” refers to a processor dedicated to performing those operations (e.g., an embedded processor), or executing one or more software programs stored on a memory device. By doing so, it may mean a general-purpose processor (eg, CPU or application processor) capable of performing the corresponding operations.

In this specification, products subject to management may be drugs, medical-related products, or foodstuffs containing narcotics, psychotropic ingredients, cannabis ingredients, or a combination of two or more thereof. Hereinafter, for clarity of explanation, embodiments of the present application will be described in detail with examples using cannabis drugs as examples of products subject to management.

Figure 1 is a schematic diagram of a system 1 for purchasing products subject to management based on blockchain technology, according to one aspect of the present application.

Referring to Figure 1, the system for purchasing products subject to management based on the blockchain technology (1, hereinafter referred to as purchasing system) only provides the above information to consumers who have been confirmed to have the authority to purchase the product subject to management through a blockchain-based digital certificate. It includes at least some components of a blockchain-based authentication system (hereinafter referred to as authentication system 10), which is configured to allow the purchase of managed products and track the consumer's purchase history.

Additionally, the purchase system 1 may be linked to a payment system for purchasing by consumers whose purchasing authority has been verified. In certain embodiments, the purchase system 1 uses a specific token corresponding to currency to pay for the purchase amount of the product to be managed on the blockchain network 1100 for the purchase of cannabis medicine by a consumer whose purchase authority has been verified. It may include at least some components of a blockchain-based transaction system (hereinafter referred to as transaction system 1010), which is configured to process and generate purchase history. Additionally, in some embodiments, the authentication system 10 and the transaction system 1010 may be configured to use the same blockchain network 600.

The blockchain-based purchasing system 1 according to embodiments may be entirely hardware, or may be partially hardware and partially software. For example, a system may collectively refer to hardware equipped with data processing capabilities and operating software for running it. As used herein, terms such as “unit,” “module,” “device,” or “system” are intended to refer to a combination of hardware and software driven by the hardware. For example, the hardware may be a computing device capable of processing data, including a central processing unit (CPU), a graphics processing unit (GPU), or another processor. Additionally, software may refer to a running process, object, executable, thread of execution, program, etc.

Issuance of prescription certificate and confirmation of issued certificate

The purchasing system 1 is configured to perform an operation that allows only consumers whose valid purchasing authority has been verified by the components of the authentication system 10 to purchase cannabis medicine.

2 is a schematic diagram of a blockchain-based authentication system, according to one aspect of the present application.

In this specification, the guarantee by an authorized organization that a potential consumer purchasing a product subject to management needs to use the product subject to management is not limited to those skilled in the art as prescribing a product subject to management, and is merely an explanation. It will be clear that this is to be understood as an example. It will be clearly understood that other aspects other than prescribing the subject product to those skilled in the art may be implemented to ensure the need for use of the subject product.

The authentication system 10 may perform the issuance and verification process of a digital certificate related to product prescription, which will be described below.

A certificate certifying the right to use cannabis medicine (hereinafter referred to as “purchase authority certificate”) may include a prescription certificate medically guaranteeing the use of cannabis medicine. A purchase authority certificate, such as the above prescription certificate, is in the form of a digital certificate. may be issued.

The digital certificate may include data associated with cannabis medicine and its use. The data may include personal sensitive information. The personal sensitive information may include the individual's medical condition and diagnosis information related to the prescription.

An identity certification agency may be an institution or organization that manages identity information about individuals and medical institutions. Identity certification agencies can manage identity information about individuals that allows them to identify specific individuals. An identity certification authority may issue a certificate (hereinafter referred to as an identity certificate) for at least one item of identity information. Identity authentication agencies can manage basic information (identity information) about medical institutions that can identify specific medical institutions. An identity certification authority may issue a certificate (hereinafter referred to as a medical institution certificate) for at least one item of basic information of a medical institution. Identity certification agencies can perform authentication of medical institutions and identity authentication of consumers necessary for prescribing cannabis drugs. An identity certification agency is an agency operated by the state and can be understood as a trust agency.

A product distribution management agency may be an agency or organization that manages matters related to the distribution of cannabis drugs. The product distribution management agency may monitor the process of producing, importing, distributing, selling, prescribing, and other usage patterns of cannabis drugs, and create, store, track, and manage records thereof. In certain embodiments, the product distribution management agency may be understood as a trust agency as an agency operated by the state or administration.

Prescription of cannabis medicines may also be performed by accredited medical institutions. The product distribution management agency may select a medical institution that can prescribe cannabis drugs among multiple medical institutions as an accredited prescribing medical institution, or may manage a list of selected accredited prescribing medical institutions.

In order to issue a prescription certificate for the prescription of cannabis medicine to a consumer, identity certification agencies, product distribution management agencies, and medical institutions may cooperate with each other. The prescription certificate may be issued by a product distribution management agency. The identity certification agency may provide the product distribution management agency with the basic information of the medical institution required to issue a prescription certificate.

In various embodiments, the identity authentication agency and the product distribution management agency may be integrated and implemented as a single agency. For example, a product distribution management agency can independently store basic identity information about individuals or medical institutions and issue identity certificates.

A seller may sell cannabis medicine online or offline to customers who access the seller's website or visit the store.

The purchase (or sale) of cannabis medicines may also be conducted by an authorized seller. The product distribution management agency may select a seller who can sell cannabis drugs among multiple sellers as an authorized seller, or may manage a list of selected authorized sellers.

The identity certification agency, product distribution management agency, medical institution, consumer, and seller are implemented as entities in software combined with hardware in the systems below, and may each perform various operations to achieve the purpose of this application. there is.

Referring to FIG. 2, the authentication system 10 includes an identity authentication system 100, a product distribution management system 200, a medical institution electronic device 300, a consumer electronic device 400, and a seller's electronic device 500. It can be included. The identity authentication system 100 and the product distribution management system 200 may include a plurality of authentication servers, but a system 10 consisting of one authentication server is disclosed below.

The identity authentication system 100 is a system operated by an identity authentication agency. The product distribution management system 200 is a system operated by a product distribution management agency. The medical institution electronic device 300 is an electronic device (e.g., PC, tablet, server device) owned by a medical institution that prescribes cannabis drugs. The consumer's electronic device 400 is a personal electronic device (e.g., smartphone, tablet, personal PC) for which cannabis medicine is prescribed. The seller's electronic device 500 is an electronic device (e.g., PC, tablet, server device) owned by another person, company, etc. that verifies whether a specific individual has valid purchasing authority, that is, whether he or she is subject to a valid prescription. The structure and operation of the server device and electronic devices will be described later through FIGS. 3 and 4.

The identity authentication system 100 can issue an identity certificate (hereinafter, “consumer identity certificate”) for an individual consumer, and transmit the issued consumer identity certificate to the consumer's electronic device 400. The identity authentication system 100 can issue a medical institution certificate for the medical institution, and the issued certificate can be transmitted to the medical institution electronic device 300. The consumer's electronic device 400 may store the received identity certificate. The medical institution electronic device 300 may store the received medical institution certificate.

Additionally, the identity authentication system 100 may issue an identity certificate (hereinafter, “seller identity certificate”) for the seller, and may transmit the issued seller identity certificate to the seller’s electronic device 500. The seller's electronic device 500 may store the received identity certificate.

In various embodiments, a medical institution certificate may be understood as a confirmation that identifies a specific medical institution. A medical institution certificate may be a confirmation of the medical institution itself or an identity certificate of a representative of the medical institution.

Additionally, in some embodiments, the medical institution certificate may include a certificate of a medical staff member working at the medical institution. The medical staff certificate may include a medical staff identification number (eg, registration number, or report number).

The product distribution management system 200 may issue a prescribing institution certificate certifying that a specific medical institution has the authority to prescribe cannabis drugs and transmit the issued certificate to the medical institution electronic device 300. The medical institution electronic device 300 may store the received prescribing institution certificate.

When the product distribution management system 200 issues a prescribing institution certificate, the product distribution management system 200 may receive the medical institution certificate from the identity authentication system 100 or the medical institution electronic device 300. The product distribution management system 200 can identify whether the medical institution is a specific medical institution based on the medical institution certificate and issue the prescribing institution certificate to the medical institution that satisfies preset prescribing institution conditions. The product distribution management system 200 may apply the information in the medical institution certificate to preset prescribing institution conditions and identify the medical institution as a medical institution with prescribing authority if the information in the medical institution certificate satisfies the prescribing institution conditions.

Additionally, the product distribution management system 200 can identify whether a seller is a specific seller based on the seller certificate and issue a sales authority certificate to the seller who satisfies preset seller conditions. The product distribution management system 200 may apply the information in the seller certificate to preset seller conditions and identify the seller as a seller with sales authority if the information in the seller certificate satisfies the seller conditions.

The medical institution electronic device 300 may identify a user who is a consumer. For example, the medical institution electronic device 300 may receive a consumer identity certificate stored in the consumer's electronic device 300 and identify the individual who is the owner of the consumer's electronic device 300 based on the received consumer identity certificate. there is.

Additionally, the medical institution electronic device 300 may generate prescription information including information related to the prescription of the cannabis drug after the prescription for the cannabis drug is completed. The prescription information includes, for example, one or more of the following: prescription time, prescribing medical institution, health condition of the consumer to whom the prescription is prescribed, information related to the cannabis drug to be taken, period of taking, number of doses, dosage, side effects, and other dosage information. It may also contain factual information. The dosage quantity may include the unit dosage quantity per time, the number of dosages per day, etc.

The cannabis medicine-related information may include, for example, information describing the cannabis medicine to be applied to the consumer, including one or more of the name, manufacturer, clinical information, identification information, and distribution information of the cannabis medicine.

Additionally, the medical institution electronic device 300 may transmit the consumer's personal information and prescription information to the product distribution management system 200 so that the product distribution management system 200 issues a prescription certificate for a specific consumer.

The consumer's electronic device 400 may receive a purchase authorization certificate (e.g., prescription certificate) issued by the product distribution management system 200 and store it.

The consumer's electronic device 400 may transmit at least some of the information included in the prescription certificate to the seller's electronic device 500 or another entity's electronic device that requests authentication that the authority to purchase cannabis medicine is valid.

The seller's electronic device 500 receives the prescription certificate stored in the consumer's electronic device 400, analyzes the received prescription certificate, confirms whether the consumer has the authority to purchase cannabis medicine, and provides the cannabis medicine to the confirmed consumer. can also be sold.

The seller's electronic device 500 may also identify a user who is a consumer. For example, the seller's electronic device 500, like the medical institution electronic device 300, receives the consumer identity certificate stored in the consumer's electronic device 300, and based on the received consumer identity certificate, the consumer's electronic device 300 ) can identify the individual who owns it.

Additionally, in some embodiments, the seller's electronic device 500 automatically obtains the cannabis drug information by recognizing an identification image (e.g., barcode, QR code) attached to the cannabis drug, or uses the seller's user input. You can also obtain it directly.

The seller's electronic device 500 may be implemented with hardware that is the same as or different from the consumer's electronic device 400. For example, the seller's electronic device 500 may be implemented with the same hardware as the consumer's electronic device 400, such as a smartphone, or may be implemented with different hardware, such as a POS terminal.

The certificate disclosed herein may be digitally signed by the issuer. A digital signature is a means of proving the identity of the issuer. For example, an issuer can digitally sign a certificate using an identifier for that corresponds to its digital identity. The recipient of the certificate can verify the identity of the issuer of the certificate through the digital signature. Each entity included in the authentication system 10 (identity authentication system 100, product distribution management system 200, medical institution's electronic device 300, consumer's electronic device 400, seller's electronic device 500) ) may have their own identifier, and a digitally signed certificate may be issued using the identifier.

In various embodiments, digital signatures may consist of various algorithms. A key generation algorithm, a signing algorithm, and a signature verifying algorithm can be used. In one example, the RSA algorithm may be utilized.

The identity authentication system 100 can digitally sign an identity certificate and a medical institution certificate with its own identifier. The product distribution management system 200 can digitally sign the prescription certificate with its own identifier. Recipients who receive an identity certificate or prescription certificate can verify the issuer through a digital signature and trust the contents of the certificate.

For example, in the case of a key generation algorithm, the identity authentication system 100 or the product distribution management system 200 can sign a certificate with its own secret key. The certificate recipient can decrypt the prescription certificate with a public key owned by the identity authentication system 100 or the product distribution management system 200.

The certificate disclosed in this document may be designed to be verifiable by a third party. In other words, certificates issued and distributed on the system 10 can be verified by anyone other than a specific trust agency (e.g., identity certification agency, product distribution management agency).

For example, in the case of a key generation algorithm, the public key may not be stored in a specific central authority, but in a decentralized P2P network such as a federated identity management system of multiple trusted institutions or a distributed ledger. there is. As a result, the certificate can be verified using the public key stored in a place accessible to anyone.

For example, a recipient who has received a prescription certificate digitally signed by the product distribution management system 200 may authenticate the prescription through the digital signature of a public product distribution management agency, even if the prescription certificate is not authenticated through the product distribution management agency. You can directly confirm that the certificate was issued by a product distribution management agency, and you can trust the contents of the prescription certificate.

In various embodiments, the consumer's electronic device 400 may generate a certificate that processes part of the contents of the prescription certificate. The consumer's electronic device 400 may transmit the processed certificate to the seller's electronic device 500. The purpose of processing is to protect privacy by ensuring that all contents contained in the prescription certificate are not transmitted to a third party and only essential contents are included. For example, in cases where you only need to prove the validity of the prescription and the cannabis medicine to be prescribed, information such as “for what reason the prescription was received” and “from which medical institution the prescription was received” is excluded, and “prescription facts” , a certificate containing “cannabis drug information” may be transmitted to the seller’s electronic device 500.

The authentication system 10 may be operated based on a blockchain network 600. The blockchain network 600 of the authentication system 10 may include at least one blockchain network among known public blockchains. The key value for the digital signature of each subject (100, 200, 300, and 400) may be stored in the blockchain network 600. For example, the identifier of each subject (100, 200, 300, 400) may be an account or address value of the blockchain network 600.

By utilizing the blockchain network 600, the authentication system 10 can function as a regional system wider than a local region or as a global system beyond a national unit. In particular, since certificate issuance and verification can be performed based on the blockchain network 600, which is a global platform, prescription certificate issuance and verification can be performed without being restricted by trust agencies in each country or authentication systems that differ in each country.

In one embodiment, the identity authentication system 100, the product distribution management system 200, the medical institution electronic device 300, the consumer electronic device 400, and the seller's electronic device 500 are connected to the blockchain network 600 and At least one application that performs communication and allows access to an account on the blockchain network 600 may be stored. The at least one application may include a wallet application of the blockchain network 600.

In one embodiment, a certificate issued and distributed by the authentication system 10 may have specifications of a verifiable credential (VC) designed according to preset standard protocols. The standard protocol may be, for example, the W3C standard protocol, but is not limited thereto. At least one of the subjects 100, 200, 300, 400, and 500 of the system 100 may be an issuer of a VC.

In one example, the processed certificate may have a Verifiable Presentation (VP) specification designed according to W3C standard protocols. A VP may be composed of some of the claims included in one VC and may be composed of multiple VCs. Additionally, a VP may contain VCs signed by different issuers. Subjects 100, 200, 300, 400, and 500 of the authentication system 10 may create or issue a VP containing only necessary information from one or more VCs.

The digital signature or digital identifier used under the blockchain network 600 may be implemented as Decentralized Identifiers (DID) according to the W3C standard protocol, but is not limited thereto.

In various embodiments, the VC may include an identifier of the issuer and an identifier of the issuer. For example, when a VC for the owner of the consumer's electronic device 400 is issued by the identity authentication system 100, the VC includes the identifier information (first identifier) of the identity authentication system 100 and the consumer's electronic device ( 400) of identifier information (second identifier). This may include the meaning that the VC was issued as a second identifier by a first identifier.

Additionally, the consumer's electronic device 400 may generate a VP by signing the VC with its second identifier. Accordingly, the VP may include information that the owner of the second identifier currently owns the VC issued to the second identifier by the first identifier. Accordingly, a third party (eg, a seller) who has received a VP containing some information of the VC can confirm that authentication information has been received from the rightful owner of the VC and can trust the authentication information. For example, the seller who received the VP can confirm that it has received the VP created by the rightful owner of the VC by checking whether the second identifier of the person who created the VP in the processed certificate matches the second identifier included in the VC. and the information stored in the VP can be trusted.

Each subject (100, 200, 300, 400, and 500) of the authentication system 10 may use the blockchain network 600 to verify mutual certificates. In some embodiments, blockchain network 600 may store ID registries 610 and 620.

Each subject (100, 200, 300, 400, 500) of the authentication system 10 accesses the DID registry 610, 620 of the blockchain network 600 to verify mutual certificates, and the registry You can have the authority to view IDs stored in .

ID registries 610 and 620 may store identifiers (eg, DIDs) of subjects of the authentication system 10. The identifier may be the public key of the subject of the authentication system 10. For example, the ID registry (610, 620) contains the DID of the identity authentication system (100), the product distribution management system (200), the medical institution electronic device (300), the consumer's electronic device (400), and the seller's electronic device (500). can be stored as a public key.

In certain embodiments, the blockchain network 600 of the authentication system 10 may include the blockchain network 600 of the transaction system 100.

Hereinafter, the authentication system 10 based on the blockchain network 600 will be described as an example. However, it is not limited to this and other publicly trusted networks may be employed.

In one embodiment, the blockchain network 600 may include a first ID registry 610 and a second ID registry 620. The first ID registry 610 can be understood as a storage space managed by the identity authentication system 100 and the product distribution management system 200. Data stored in the first ID registry 610 can be entered, modified, or deleted by the trust organizations 100 and 200. Accordingly, the medical institution's electronic device 300, the consumer's electronic device 400, and the seller's electronic device 500 can view the data stored in the first ID registry 610, but the data stored in the first ID registry 610 cannot be modified or deleted, and new data cannot be added to the first ID registry 610. On the other hand, data stored in the second ID registry 620 can be entered, modified, and deleted by each subject (100, 200, 300, 400, and 500). Therefore, information provided by the trust institutions 100 and 200 can be stored in the blockchain network 600, and subjects who view it can trust the information.

Figures 3a and 3b are block diagrams of the identity authentication system 100 and the product distribution management system 200 according to an embodiment of the present application.

In various embodiments, the identity authentication system 100 and the product distribution management system 200 may be integrated. The identity authentication system 100 and the product distribution management system 200 are shown as an example as one server device, but may be composed of a plurality of server devices.

In one embodiment, the identity authentication system 100 may include a processor 110, a memory 120, and a communication circuit 130. The processor 110 can control the overall operation of the identity authentication system 100. The identity authentication system 100 can transmit and receive data with other subjects 200, 300, 400, and 500 of the system 10 through the communication circuit 130.

In one embodiment, memory 120 may include consumer DB 122 containing identity information about individuals to whom identity certificates are to be issued. An individual subject to identification may be treated as a database object in DB 122. Consumer DB 122 may include data of the items shown in Table 1 for each individual. A consumer identity certificate may be issued for the individual based on the consumer DB 122.

item One Digital identity identifier (e.g. DID) 2 name 3 birth date 4 phone number 5 Personal identification number (e.g. resident registration number, driver's license number, other ID number) 6 push notification token

Additionally, the memory 120 may include a medical institution DB 124 for medical institutions to which medical institution certificates are to be issued. The medical institution DB 124 may include data of the items shown in Table 2 for each medical institution. A medical institution certificate for a medical institution may be issued based on the medical institution DB 124.

item One Digital identity identifier (e.g. DID) 2 Medical institution name 3 Medical institution address 4 Telephone number of medical institution (or telephone number of medical professional) 5 Medical institution identification number (e.g. institution registration number, etc.)

Additionally, the memory 120 may include a seller DB 126 for sellers to whom seller certificates are to be issued. The seller DB 126 may include data of the items shown in Table 3 for each seller. A seller certificate for the seller may be issued based on the seller DB 126.

item One Digital identity identifier (e.g. DID) 2 name 3 birth date 4 Seller phone number 5 Address or website 6 Seller identification number (corporate/store registration number, personal identification number, etc.)

In one embodiment, the processor 110 may include a consumer certificate issuance module 112, a medical institution certificate issuance module 114, and a seller certificate issuance module 116. The processor 110 may execute instructions stored in the memory 120 to drive the consumer certificate issuance module 112, the medical institution certificate issuance module 114, and the seller certificate issuance module 116, respectively. Operations performed by the consumer certificate issuance module 112, the medical institution certificate issuance module 114, and the seller certificate issuance module 116 may be understood as operations performed by the processor 110. Other operations described as being performed by the identity authentication system 100 may be understood as operations performed by the processor 110.

The consumer certificate issuing module 112 may issue a consumer identity certificate using the consumer DB 122 stored in the memory 120. For example, a consumer identity certificate containing at least part of the data included in the consumer DB 122 may be generated. The generated consumer identity certificate can be digitally signed with the digital identity identifier of the identity authentication system 100. The consumer identity certificate may include an identifier of the individual to whom the consumer identity certificate is issued.

The medical institution certificate issuing module 114 may issue a medical institution certificate using the medical institution DB 124 stored in the memory 120. For example, a medical institution certificate containing at least part of the data included in the medical institution DB 124 may be generated. The generated medical institution certificate can be digitally signed with the digital identity identifier of the identity authentication system 100. The medical institution certificate may include an identifier of the medical institution to which the certificate is issued.

The seller certificate issuing module 116 may issue a seller certificate using the seller DB 126 stored in the memory 120. For example, a seller certificate containing at least part of the data included in the seller DB 126 may be generated. The generated seller certificate can be digitally signed with the digital identity identifier of the identity authentication system 100. The seller certificate may include the identifier of the seller to whom the certificate is issued.

In one embodiment, the identity authentication system 100 may include a wallet for the identity authentication system 100 to communicate with the blockchain network 600. The wallet may include an account in the identity authentication system 100 on the blockchain network 600. For example, the identity authentication system 100 may store its private key in the memory 120. When the identity authentication system 100 issues various certificates, it can perform signatures with its own private key.

In various embodiments, the wallet may include a DID agent. The DID agent can receive a DID on the blockchain network 600, search the DID, and change the DID. The consumer certificate issuance module 112 may store the DID of the individual who issued the certificate and the certificate issuance fact in the first registry 610. The medical institution certificate issuance module 114 may store the DID of the person who issued the certificate and the certificate issuance fact in the first registry 610. The seller certificate issuance module 116 may store the DID of the person who issued the certificate and the certificate issuance fact in the first registry 610.

In certain embodiments, an account (or wallet) of the identity authentication system 100 may be mapped to an account into which tokens are deposited/withdrawn in the transaction system 1010. Additionally, when a new user exchange account is established, the transaction system 1010 may notify the identity authentication system 100 of the newly created user exchange account. The purchase system 1 may use a single account provided for each user for token deposit/withdrawal and identity authentication.

In one embodiment, the product distribution management system 200 may include a processor 210, a memory 220, and a communication circuit 230. The processor 210 can control the overall operation of the product distribution management system 200. The product distribution management system 200 can transmit and receive data with other subjects 100, 300, 400, and 500 of the system 10 through the communication circuit 230.

In one embodiment, the memory 220 may include a product DB 222 containing information about available cannabis drugs. The product DB 222 may include the types of items shown in Table 4. Information about hemp to be described later may include at least one data included in Table 4. Additionally, the product DB 222 may be periodically updated according to new information. As the product DB 222 is updated, the medical institution electronic device 300, the consumer electronic device 400 storing the prescription certificate, or the device receiving the prescription certificate

Necessary actions may be performed on the consumer's electronic device 400 storing the prescription certificate. The action may include, for example, a notification action and a prescription certificate renewal action.

item One designation 2 manufacturing company 3 Product type (cannabis, narcotics, psychotropic drugs, etc.) 4 How to take (1 dose, number of times per day) 5 Providing Cause (Prescribing Cause) 6 Clinical information (side effects) 7 Distribution information (serial number, distribution date (manufacturing date, import date, delivery date), distribution method, distribution unit)

The distribution unit may also be a sales unit. The sales unit may be expressed as a unit distribution means such as a bottle, or a unit quantity such as weight. Products are given serial numbers for each distribution unit, so the same product can be identified by distribution unit. For example, a serial number may be assigned to each container.

In one embodiment, the memory 220 may include a certified prescribing institution DB 224 that includes information about a certified prescribing medical institution that has the authority to prescribe cannabis drugs. The authorized prescribing agency DB (2224) may include data of the items shown in Table 5. There may be multiple prescribing medical staff, each of whom can create a prescription guaranteeing the use of cannabis medicine, for one medical institution. Based on the authorized prescription agency DB 224, the product distribution management system 200 can determine whether to issue a prescription certificate.

item One Medical institution identification number 2 medical staff in charge of prescribing 3 Telephone number of the prescribing physician 4 Prescribing provider identifier digital identity (e.g. DID) 5 Prescribing Authorization Status 6 Healthcare Institution Identifier Digital Identity (e.g. DID)

In one embodiment, the memory 220 may include a prescription history DB 225 that includes information on prescriptions for cannabis drugs. The prescription history DB stores prescription history including prescription information. The prescription history DB 225 may include data of the items shown in Table 6.

item One Consumer's identifier ID 2 Type of product prescribed (cannabis) 3 Prescription product (cannabis) serial number 4 Prescribing medical institution identifier ID 5 Consumer Digital Identifier (DID) 6 Prescription content (consumer's digital identifier, prescription time, prescription details)

The prescription certificate issuing module 212 may issue a prescription certificate using the product DB 222, the authorized prescription agency DB 224, and the prescription history DB 225 stored in the memory 220. For example, a prescription certificate containing at least part of the data included in the product DB 222, the authorized prescription agency DB 224, and the prescription history DB 225 can be generated. The generated prescription certificate can be digitally signed with the digital identity identifier of the product distribution management system 200.

In one embodiment, the product distribution management system 200 may include a wallet for the product distribution management system 200 and the blockchain network 600 to communicate. The wallet may include an account in the product distribution management system 200 on the blockchain network 600. For example, the product distribution management system 200 may store its private key in the memory 220. When the product distribution management system 200 issues a certificate, it can sign with its own private key.

In various embodiments, the wallet may include a DID agent. The DID agent can receive a DID on the blockchain network 600, search the DID, and change the DID. The prescription certificate issuance module 212 may store the individual's DID, the medical institution's DID, and the certificate issuance fact included in the prescription certificate in the first registry 610.

4A to 4C are block diagrams of a medical institution's electronic device 300, a consumer's electronic device 400, and a seller's electronic device 500 according to an embodiment of the present application.

In one embodiment, the medical institution electronic device 300 may include a processor 310, a memory 320, a communication circuit 330, a camera 340, an input device 350, and an output device 360. The processor 310 can control the overall operation of the medical institution electronic device 300. The medical institution electronic device 300 can transmit and receive data with other subjects 100, 200, 400, and 500 of the system 10 through the communication circuit 330.

In one embodiment, the memory 320 may store the first application 322. The medical institution electronic device 300 may execute the first application 322 and output an execution screen of the first application 322 through the output device 360 .

The first application 322 may be understood as an application for operating the identity authentication function and prescription reporting function of a medical institution in order to receive the authentication service provided by the authentication system 10. The first application 322 may include functions necessary to use the prescription authentication service, such as a function to request issuance of a medical institution certificate and a prescription certificate, and a consumer recognition function. The first application 322 may store the identifier (eg, DID) of the medical institution.

In one embodiment, the memory 320 may store a medical institution certificate 324, a prescribing authority certificate 326, and a list of medical staff with prescribing authority 328. The medical institution certificate 324 may be issued by the identity authentication system 100. The prescribing authority certificate 326 may be issued by the product distribution management system 300. The list of medical staff with prescribing authority 328 may be composed of medical staff with prescribing authority among medical staff working within a medical institution.

In various embodiments, the medical institution electronic device 300 may image the consumer through the camera 340. For example, the medical institution electronic device 300 may identify an individual consumer through the camera 340.

In one embodiment, the consumer's electronic device 400 may include a processor 410, a memory 420, a communication circuit 430, a camera 440, an input device 450, and an output device 460. there is. Since the consumer electronic device 400 is similar to the medical institution electronic device 300, the description will focus on the differences.

In one embodiment, the memory 420 may store the second application 422. The consumer's electronic device 400 may execute the second application 422 and output an execution screen of the second application 422 through the output device 460 .

The second application 422 can be understood as an application for operating the identity authentication function and authentication-based purchase function provided to consumers on the authentication system 10.

In one embodiment, memory 420 may store consumer identity certificate 424 and prescription certificate 426. The consumer identity certificate 424 may be issued by the identity authentication system 100. The prescription certificate 426 may be issued by the product distribution management system 300.

The consumer identity certificate 424 and prescription certificate 426 are stored in the consumer's electronic device 400 and are not stored in the identity authentication system 100, product distribution management system 200, and medical institution electronic device 300. . Once the owner of the consumer's electronic device 400 has been issued a certificate, he or she can independently prove his or her identity or prescription using the certificate stored in his or her electronic device 400 without communication with another trust agency. You can. Additionally, the consumer's electronic device 400 can generate a certificate containing only necessary information and share it with a third party by issuing a processed certificate. This can strengthen individual sovereignty over data.

In one embodiment, the seller's electronic device 500 may include a processor 510, a memory 520, a communication circuit 530, a camera 540, an input device 550, and an output device 560. there is. Since the seller's electronic device 500 is similar to the medical institution's electronic device 300 and the consumer's electronic device 400, the description will focus on the differences.

In one embodiment, the memory 520 may store the third application 522. The seller's electronic device 500 may execute the third application 522 and output the execution screen of the third application 522 through the output device 560.

The third application 522 can be understood as an application for operating the seller's own identity authentication function, authentication-based sales function, etc. on the authentication system 10. In certain embodiments, the third application 522 in the seller's electronic device 500 may perform a function of authenticating the consumer's identity obtained from the consumer's electronic device 400.

In one embodiment, the memory 520 may store a seller identity certificate 524 and a seller authority certificate 526. The seller identity certificate 524 may be issued by the identity authentication system 100. The sales authority certificate 526 may be issued by the product distribution management system 200.

The seller identity certificate 524 and the sales authority certificate 526 are stored in the seller's electronic device 500, and are not stored in the identity authentication system 100, the product distribution management system 200, and the medical institution electronic device 300. No. Once the owner of the seller's electronic device 500 has been issued a certificate, he or she can independently prove his or her identity or sales authority using the certificate stored in his or her electronic device 500 without communication with another trust agency. there is. Additionally, the seller's electronic device 500 can generate a certificate containing only necessary information and share it with a third party by issuing a processed certificate.

In various embodiments, the memory 322 of the medical institution electronic device 300, the memory 422 of the consumer electronic device 400, and the memory 522 of the seller's electronic device 500 include a secure element ( SE) (not shown) may be included. For example, the secure element may be restricted from direct communication with external devices 100, 200, 400, and 500. The first application 322, the second application 422, and the third application 522 may relay data transmission and reception between the security element and the external devices (100, 200, 400, and 500). In another example, the external devices 100, 200, and 400 may communicate with the security element through short-range wireless communication through the communication circuit 330.

The identifier of the electronic device 300, 400, or 500 may be stored in the security element. The medical institution certificate 324 and the prescription authority certificate 326 may be stored in the secure element. Consumer identity certificate 424 and prescription certificate 426 may be stored in the secure element. Seller identity certificate 524 and seller authority certificate 526 may be stored in the secure element.

Hereinafter, the case where the certificate issued on the authentication system 10 is a verifiable credential (hereinafter referred to as VC) according to the W3C standard protocol will be described as an example. In addition, the case where the certificate generated by processing from VC is a verifiable presentation (hereinafter referred to as VP) designed according to W3C standard protocols will be explained as an example.

Figure 5 is a signal flow diagram of a method by which the identity authentication system 100 issues a consumer identity certificate to the consumer's electronic device 400 according to an embodiment of the present application.

Referring to FIG. 5, the consumer's electronic device 400 may request the identity authentication system 100 to issue an identity authentication VC (the consumer identity certificate described above) (S4010).

In the operation S4010, the consumer's electronic device 400 may drive the second application 422 and transmit the issuance request to the identity authentication system 100. In operation S4010, the consumer's electronic device 400 may transmit its DID (hereinafter referred to as consumer DID). The identity authentication system 100 can confirm the received consumer DID through the consumer DB 122 and the blockchain network 600.

Additionally, the identity authentication system 100 may transmit an identity verification request to the consumer's electronic device 400 (S4020). The identity verification request may be performed before issuing the identity authentication VC to identify whether the owner of the consumer's electronic device 400 is a specific individual to whom the identity authentication VC will be issued.

The identity authentication system 100 can obtain the consumer's personal information (S4030). For example, the identity authentication system 100 may obtain the personal information of the owner of the consumer's electronic device 400 as the consumer's personal information from a third-party service that provides an identity authentication service. The above personal information may include name, gender, date of birth, mobile phone number, nationality, and personal identification number (e.g., data in Table 1). The identity authentication system 100 can compare the acquired personal information with data stored in the consumer DB 122 and check whether the two match. Through this, the identity authentication system 100 can confirm whether the request for issuance of identity authentication VC is made by a legitimate user. The confirmation result of this operation (S4030) may be stored in the identity authentication system 100.

The identity authentication system 100 may issue an identity authentication VC to the consumer's electronic device 400 (S4040). The identity authentication system 100 can issue an identity authentication VC containing the personal DID and personal information received from the consumer's electronic device 400. The identity authentication VC can be digitally signed with an identifier for digital identity, which is the identifier of the identity authentication system 100. For example, the identifier may be the secret key (DID) of the account of the blockchain network 600 of the identity authentication system 100.

The identity authentication system 100 and the consumer's electronic device 400 may form a communication channel for mutual data transmission (S4050). The identity authentication system 100 may transmit the identity authentication VC to the consumer's electronic device 400 through the communication channel (S4060). The consumer's electronic device 400 may store the received identity authentication VC in the memory 420 . The identity authentication VC may be referred to as consumer identity certificate 424 in FIG. 2B.

In one example, the communication channel may be an encrypted secret communication channel between DIDs. For example, the communication channel may be a DIDComm communication channel. Hereinafter, the communication channel formed to distribute VC can be understood as an encrypted secret communication channel between DIDs. The identity authentication VC may be transmitted to the second application 422 of the electronic device 400 of the consumer who owns the DID to which the VC is issued through the DIDComm communication channel. For example, the identity authentication system 100 may use a web socket connected to the second application 422. Alternatively, if there is no web socket, the identity authentication system 100 may use a message queue after sending a push notification to the second application 422.

The identity authentication system 100 may store updated personal information in the consumer DB 122 for the user who issued the identity authentication VC in the consumer DB 122 (S4070). For example, the identity authentication system 100 may store the DID obtained in operation S4010 and the personal information obtained in operation S4030 in the consumer DB 122. Therefore, the DID and the personal information can be mapped to each other and stored. Additionally, whether or not an identity authentication VC is issued can be recorded in the consumer DB 122.

In some embodiments, the identity authentication system 100 may receive and store a push notification token from the second application 422 of the consumer's electronic device 400 (S4080). The identity authentication system 100 can send a push notification to the consumer's electronic device 400 through the push notification token and the second application 422.

Additionally, in some embodiments, the push notification token stored in the consumer's electronic device 400 may be updated in the identity authentication system 100 every time the second application 422 is run (S4090).

In various embodiments, the identity authentication system 100 may record the fact of issuing an identity authentication VC for a user DID in the first registry 610 of the blockchain network 600. Therefore, the fact that the identity authentication VC was issued by the identity authentication agency for the relevant DID can be verified.

The consumer identity certificate issuance method of FIG. 5 can be similarly applied to the method of issuing a medical institution certificate to the medical institution electronic device 300.

The medical institution electronic device 300 may request a request to issue a medical institution certification VC (the above-described medical institution certificate) (e.g., operation S4010). The medical institution's electronic device 300 may run the first application 322 and transmit the request to the identity authentication system 100. At this time, the medical institution electronic device 300 may transmit basic information about the medical institution and the medical institution's DID stored in the first application 322 to the identity authentication system 100.

The identity authentication system 100 can compare information stored in the medical institution DB 124 based on the received basic information. Through this, the identity authentication system 100 can confirm whether the request for issuance of a medical institution authentication VC is made by a legitimate user. If the information stored in the medical institution DB 124 matches the received basic information, the identity authentication system 100 may issue a medical institution authentication VC including the identifier DID of the medical institution and the identifier of the identity authentication institution.

The identity authentication system 100 and the medical institution electronic device 300 may form a communication channel for mutual data transmission (e.g., operation 4050). The identity authentication system 100 may transmit the medical institution authentication VC to the medical institution electronic device 300 through the communication channel. The medical institution electronic device 200 may store the received medical institution authentication VC in the memory 320 . The medical institution certification VC may be referred to as the medical institution certificate 324 in FIG. 4A. The identity authentication system 100 may map and store basic information about the medical institution that issued the medical institution authentication VC and the medical institution DID in the medical institution DB 124 (e.g. operation S4070). Additionally, the medical institution authentication VC may be stored in the medical institution DB 124. You can record whether it was issued or not.

In various embodiments, the identity authentication system 100 may record the issuance of a medical institution authentication VC for the medical institution DID in the first registry 610 of the blockchain network 600. Therefore, the fact that the medical institution certification VC was issued by the identity certification agency for the relevant DID can be verified.

The consumer identity certificate issuance method of FIG. 5 can be similarly applied to the method of issuing a seller certificate to the seller's electronic device 500.

The seller's electronic device 500 may request a request to issue a seller authentication VC (the seller certificate described above) (e.g., operation S4010). The seller's electronic device 500 may run the first application 322 and transmit the request to the identity authentication system 100. At this time, the seller's electronic device 500 may transmit basic information about the seller and the seller's DID stored in the first application 322 to the identity authentication system 100.

The identity authentication system 100 can compare information stored in the seller DB 126 based on the received basic information. Through this, the identity authentication system 100 can confirm whether the request for issuance of seller authentication VC is made by a legitimate user. The identity authentication system 100 may issue a seller authentication VC including the seller's identifier DID and the identity authentication authority's identifier when the information stored in the seller DB 126 matches the received basic information.

The identity authentication system 100 and the seller's electronic device 500 may form a communication channel for mutual data transmission (e.g., operation S4050). The identity authentication system 100 may transmit the seller authentication VC to the seller's electronic device 500 through the communication channel. The seller electronic device 200 may store the received seller authentication VC in the memory 520. The seller authentication VC may be referred to as seller certificate 524 in FIG. 4C. The identity authentication system 100 may map and store basic information about the seller who issued the seller authentication VC and the seller DID in the seller DB 126 (e.g. operation S4070). Additionally, the seller authentication VC may be stored in the seller DB 126. You can record whether it was issued or not.

In various embodiments, the identity authentication system 100 may record the issuance of a seller authentication VC for the seller DID in the first registry 610 of the blockchain network 600. Therefore, the fact that the Seller Certification VC issued the DID can be verified by the identity certification agency.

Operations S4080 to S4090 of FIG. 5 are a combination of the identity authentication system 100 and the first application 322 of the medical institution electronic device 300, or the third application of the identity authentication system 100 and the seller's electronic device 500. The same can be performed through a combination of (522). Through this, the identity authentication system 100 can transmit a push notification to the medical institution's electronic device 300 and the seller's electronic device 500.

Figure 6 is a signal flow diagram of a method by which the product distribution management system 200 issues a prescription authority certificate to the electronic device 300 of a medical institution, according to an embodiment of the present application.

A certificate of prescribing authority is issued to an authorized prescribing agency. The above-mentioned authorized prescribing institution may be understood as a medical institution officially licensed to prescribe cannabis drugs. The list of authorized prescribing agencies may be designated in advance and stored in the authorized prescribing agency DB (224) of the product distribution management system (200). An accredited prescribing institution can prove that it is a medical institution capable of prescribing cannabis drugs with a certificate of prescribing authority.

The medical institution electronic device 300 may transmit a request for issuance of an authorized prescribing institution VC, including a medical institution certification VC (e.g., the medical institution certificate 324 in FIG. 3), to the product distribution management system 200 (S5010). The request may include a medical institution certification VC (e.g., medical institution certificate 324 in FIG. 3). In various embodiments, the medical institution electronic device 300 can sign the medical institution authentication VC with the medical institution DID and transmit the digitally signed medical institution authentication VC to the product distribution management system 200. The product distribution management system 200 can confirm whether the medical institution authentication VC was transmitted from a person with legitimate authority to own the VC by checking whether the digital signature matches the medical institution DID stored in the medical institution authentication VC. If another medical institution makes an unfair request to issue an authorized prescribing institution VC with the medical institution certification VC, the medical institution certification VC received in operation S5010 does not include the signature by the medical institution DID stored in the VC, so the product distribution management system (200) may reject the VC issuance request.

Before applying for a certified prescribing institution VC, the medical institution electronic device 300 can obtain a medical institution certification VC using the method described above with reference to FIG. 13 . The medical institution electronic device 300 can perform identity authentication by submitting the medical institution authentication VC to the product distribution management system 200. For example, a representative (individual) of a medical institution may download the first application 322 to the medical institution's electronic device 300 and then generate the medical institution's own DID. The DID generated locally by the representative through the first application 322 of the medical institution electronic device 300 may be stored and registered in the second registry 620 of the blockchain network 600. In various embodiments, the medical institution DID may be replaced with the personal DID of the representative of the medical institution. In this case, the medical institution electronic device 300 transmits the generated DID to the identity authentication system 100, and the identity authentication VC for the individual representative may be treated as the medical institution authentication VC.

The product distribution management system 200 can verify the received medical institution certification VC (S5020). The product distribution management system 200 can verify the digital signature of the identity authentication system 100 of the medical institution authentication VC. The product distribution management system 200 can confirm the owner of the DID initiated through the blockchain network 600. For example, the product distribution management system 200 can check whether the DID that signed the medical institution authentication VC is the DID of the trusted institution registered in the first registry 610 of the blockchain network 600.

The product distribution management system 200 can compare the information of the authorized prescription agency DB 224 and the information of the medical institution certification VC (S5020). If there is information matching the medical institution certification VC in the certified prescribing institution DB 224, the product distribution management system 200 can confirm that the medical institution that applied for the VC is a medical institution of a pre-designated certified prescribing institution. The product distribution management system 200 can issue an authorized prescription agency VC (S5030). The authorized prescribing agency VC may include the identifier of the product distribution management agency and the identifier of the medical institution.

The product distribution management system 200 and the medical institution electronic device 300 may form a communication channel for mutual data transmission (S5040). The product distribution management system 200 can transmit the authorized prescribing agency VC to the medical institution electronic device 300 through the communication channel (S5050). The medical institution electronic device 300 may store the received authorized prescribing institution VC in the memory 320 . The authorized prescribing agency VC may be referred to as the prescribing authority certificate 326 in FIG. 3.

In one example, the communication channel of operation S5040 may be an encrypted communication channel. For example, the communication channel may be a DIDComm communication channel. The authorized prescribing agency VC may be transmitted to the first application 322 of the medical institution electronic device 300 that owns the DID to which the VC is issued through the DIDComm communication channel. For example, the product distribution management system 200 may use a web socket connected to the first application 322. Alternatively, if there is no web socket, the product distribution management system 200 may use a message queue after sending a push notification to the first application 322.

The product distribution management system 200 can store the VC issuance history in the authorized prescription agency DB 224 (S5060). In various embodiments, the product distribution management system 200 may record the issuance of a certified prescribing agency VC for a medical institution DID in the first registry 610 of the blockchain network 600. Therefore, it can be verified that the DID in question was issued by VC, an authorized prescribing agency, by the product distribution management agency.

The product distribution management system 200 may receive and store a push notification token from the first application 322 of the medical institution electronic device 300 (S5070). The product distribution management system 200 may send a push notification to the medical institution electronic device 300 through the push notification token and the first application 322.

The push notification token stored in the medical institution electronic device 300 may be updated in the product distribution management system 200 every time the first application 322 is run (S5090).

In various embodiments, the medical institution authentication VC may be replaced with the identity authentication VC of the individual representative of the medical institution. Information about the individual representative may be stored in the authorized prescribing agency DB 224 of the product distribution management system 200 (e.g. Table 2). Individual representatives can submit an identity verification VC issued with their DID and receive a VC from an authorized prescribing agency.

Figure 7 is a signal flow diagram of a method of registering a medical staff member with prescribing authority in the product distribution management system 200 according to an embodiment of the present application.

The medical institution electronic device 300 can manage a list of practitioners in charge of prescribing cannabis drugs (i.e., medical staff with prescribing authority) among the medical personnel of the medical institution. The medical institution electronic device 300 may store information about the practitioners in the list 328 of medical staff with prescribing authority. If a change occurs in the practitioner, the medical institution electronic device 300 may immediately update the change information in the list of medical staff with prescribing authority 328.

The medical institution electronic device 300 may transmit a list of medical staff with prescribing authority to the product distribution management system 200 (S6010). The product distribution management system 200 can update the authorized prescription agency DB 224. The list of medical staff with prescribing authority can be mapped to medical institutions and stored.

A medical professional with prescribing authority can download the first application 322 to the electronic device 300-1 (hereinafter referred to as the medical professional electronic device 300-1) and create a DID. The medical electronic device 300-1 can register the locally generated DID in the blockchain network 600. The medical personnel electronic device 300-1 may receive an identity authentication VC for the medical personnel from the identity authentication server 100. In order to receive the authentication service of the authentication system 10, the first application 322 may be installed on the medical personnel electronic device 300-1. The medical personnel electronic device 300-1 may have the same block diagram as the medical institution electronic device 300 of FIG. 3.

The medical personnel electronic device 300-1 may transmit the identity authentication VC to the product distribution management system 200 (S6030). The product distribution management system 200 can verify the digital signature of the identity authentication system 100 of the identity authentication VC. The product distribution management system 200 can compare the practitioner information of the authorized prescription agency DB 224 and the information of the identity authentication VC. If there is information matching the identity authentication VC in the authorized prescribing agency DB 224, the product distribution management system 200 can confirm that the medical professional who applied for the VC is a medical professional certified in advance as a medical professional with prescribing authority (S6040). The product distribution management system 200 can issue a certified prescribing agency VC for a specific medical person (S6050). At this time, the authorized prescribing agency VC may include the DID of the medical institution and the DID of the medical professional.

The product distribution management system 200 and the medical personnel electronic device 300-1 may form a communication channel for mutual data communication (S6060). The product distribution management system 200 can transmit the authorized prescribing agency VC to the medical personnel electronic device 300-1 through the communication channel. The medical professional electronic device 300-1 may store the received authorized prescribing agency VC in memory (e.g., memory 320 in FIG. 3). The authorized prescribing agency VC may be referred to as the prescribing authority certificate 326 in FIG. 3.

The product distribution management system 200 can store the VC issuance history in the authorized prescription agency DB 224 (S6080). In various embodiments, the product distribution management system 200 may record the issuance of an authorized prescribing agency VC for a medical personnel DID in the first registry 610 of the blockchain network 600. Therefore, it can be verified that the DID in question was issued by VC, an authorized prescribing agency, by the product distribution management agency.

According to various embodiments, when a specific prescribing authority medical staff member is deleted from the list of prescribing authority medical staff members, the medical institution electronic device 300 may transmit a request for renewal of deletion of the prescribing authority medical staff member to the product distribution management system 200 (S6090). The product distribution management system 200 may delete the practitioner from the authorized prescribing agency DB 224 and delete the DID of the deleted practitioner from the first registry 610 of the blockchain network 600 (S6095). . Afterwards, the authorized prescribing agency VC issued for the deleted practitioner's DID will no longer be usable. Therefore, it becomes impossible to issue a prescription certificate through the medical professional's electronic device (300-1).

Figure 8 is a signal flow diagram of a method for issuing a prescription certificate according to an embodiment of the present application.

The prescription certificate includes prescription information recording the contents of the prescription. The prescription certificate may be used as a certificate of purchase authority for the consumer prescribed the cannabis medicine recorded in the prescription.

In various embodiments, the medical institution electronic device 300 and the medical personnel electronic device 300-1 may be entities that can request issuance of a prescription certificate after vaccination. Although an example of the medical institution electronic device 300 performing a prescription certificate issuance request is shown in FIG. 7, the same procedure may be applied to the medical personnel electronic device 300-1.

The medical institution's electronic device 300 may receive the identity authentication VC from the consumer's electronic device 400 owned by the consumer (S7010). The identity authentication VC may include a digital signature of the individual's DID. The medical institution electronic device 300 can identify the consumer through the digital signature and identity authentication VC.

The medical institution electronic device 300 may generate prescription information (S7020). The prescription information may include the consumer to whom the prescription is to be applied and prescription details. In some embodiments, the prescription information may include the consumer's identity verification VC.

The prescription contents may include information about the cannabis medicine prescribed to the consumer and dosage information. The maximum quantity of cannabis medicine required by the consumer is calculated based on the dosage information. In some embodiments, the dosage information may include information about cannabis medications (e.g., data in Table 4).

When the prescription is completed, the medical institution's electronic device 300 can transmit the prescription information, the consumer's identity authentication VC, and the medical institution's authorized prescribing agency VC to the product distribution management system 200 and request the issuance of a prescription authentication VC (S7030). .

At this time, the medical institution's electronic device 300 can digitally sign the prescription information, identity authentication VC, and authorized prescription institution VC with the medical institution's own user DID. That is, the request for issuance of a prescription certificate may include prescription information, the consumer's identity authentication VC, the medical institution's authorized prescribing institution VC, and the medical institution's digital signature.

The product distribution management system 200 can verify the received information, that is, the request for issuance of prescription certification VC. The product distribution management system 200 can verify the received digital signatures of the authorized prescribing agency VC and medical institution electronic device 300 (S7040). In other words, it can be verified whether the digital signature was issued by an authorized prescribing agency.

In the step (S7040), a request for issuance of a prescription certification VC based on the digital signature of the medical institution included in the VC of the certified prescribing institution and the identifier of the medical institution stored in the blockchain network 600 is requested by a digital signature by the medical institution that is the certified prescribing institution. It is verified whether it is Prescription authority is determined according to the verification in the above step (S7040). If the digital signature by the authorized prescribing agency is verified in the above step (S7040), it is determined that there is prescription authority. On the other hand, if verification fails, it is judged that the request was made by a medical institution without prescription authority.

In various embodiments, the product distribution management system 200 may check whether the prescribed cannabis drug is the correct cannabis drug subject to distribution management by comparing the cannabis drug in the received prescription information with the product DB 222.

Additionally, the product distribution management system 200 can check whether the received identity authentication VC is valid. If it is determined that the information needs to be supplemented, the product distribution management system 200 may transmit a request for supplementation to the medical institution's electronic device 300.

When verification of the received information is completed, the product distribution management system 200 may issue a prescription authentication VC (S7050). The product distribution management system 200 may transmit the issued prescription authentication VC to the consumer's electronic device 400. The consumer's electronic device 400 may also store the prescription authentication VC. Prescription authentication VC may be referred to as prescription certificate 426.

The user of the consumer electronic device 400 can check detailed information about the prescription through the second application 422. The prescription certificate 426 may include the type of cannabis medicine prescribed, dosage information, prescription date, prescription time, information on the medical institution that performed the prescription, information on the medical practitioner in charge, etc.

The product distribution management system 200 may store the corresponding prescription history in the prescription history DB 225.

Figure 9 is a signal flow diagram of a method by which the product distribution management system 200 issues a sales authorization certificate to the seller's electronic device 500, according to an embodiment of the present application.

A sales authorization certificate is issued to authorized sellers. The authorized seller may be understood as a person or store officially licensed to sell controlled products such as cannabis drugs. The list of authorized sellers may be designated in advance and stored in the authorized seller DB 226 of the product distribution management system 200. Authorized sellers can prove that they are authorized to sell cannabis drugs with a sales authorization certificate.

The seller's electronic device 500 may transmit a request for issuance of an authorized seller authentication VC, including the seller authentication VC (e.g., the seller certificate 524) of FIG. 4C, to the product distribution management system 200 ( S8010).

In various embodiments, the seller's electronic device 500 may sign the seller authentication VC with the seller DID and transmit the digitally signed seller authentication VC to the product distribution management system 200. The request may include a seller authentication VC (e.g., seller certificate 524 in Figure 4C). The seller's electronic device 500 may request issuance of an authorized seller VC by digitally signing the seller's identity verification VC with the seller's identifier.

Authorized Seller VC is a sales authority certificate that proves that the entity holding it has the legitimate authority to sell cannabis drugs.

The product distribution management system 200 checks whether the seller's digital signature matches the seller's DID stored in the seller's authentication VC, thereby confirming whether the seller's authentication VC was transmitted from a person with legitimate authority to own the VC. . If another seller requests the issuance of an unfair authorized seller VC, which is an unfair sales authority certificate, with the seller authentication VC, the seller authentication VC received in operation S8010 does not include the signature by the seller DID, so product distribution management The system 200 may reject the request for issuance of an authorized seller VC.

Before applying for an authorized seller VC, the seller's electronic device 500 can receive a seller authentication VC using the method described above with reference to FIG. 5 . Then, the seller's electronic device 500 can perform identity authentication by submitting the seller authentication VC to the product distribution management system 200. For example, the seller's representative (individual) may download the third application 522 to the seller's electronic device 500 and then generate the seller's own DID. The DID generated locally by the representative through the third application 522 of the seller's electronic device 500 may be stored and registered in the second registry 620 of the blockchain network 600. In various embodiments, the seller DID may be replaced with the personal DID of the seller's representative. In this case, the seller's electronic device 500 transmits the generated DID to the identity authentication system 100, and the identity authentication VC for the individual representative may be treated as the seller authentication VC.

The product distribution management system 200 can verify the received seller authentication VC (S8020). The product distribution management system 200 may verify the digital signature of the identity authentication system 100 of the seller authentication VC in order to verify the received seller authentication VC. The product distribution management system 200 can confirm the owner of the DID initiated through the blockchain network 600. For example, the product distribution management system 200 can check whether the DID that signed the seller authentication VC is the DID of the trust institution registered in the first registry 610 of the blockchain network 600.

The product distribution management system 200 can compare the information of the authorized seller DB 226 and the information of the seller authentication VC (S8020). If there is information matching the seller authentication VC in the authorized seller DB 226, the product distribution management system 200 can confirm that the seller who requested issuance of the VC in step S8010 is a pre-designated authorized seller. The matching information may be, for example, a seller's identifier.

The product distribution management system 200 may issue an authorized seller VC to a seller who is a pre-designated authorized seller (S8030). The authorized seller VC may include the identifier of the product distribution management agency and the identifier of the seller.

The product distribution management system 200 and the seller's electronic device 500 may form a communication channel for mutual data transmission (S8040). The product distribution management system 200 may transmit the authorized seller VC to the seller's electronic device 500 through the communication channel (S8050). The seller's electronic device 500 may store the received authorized seller VC in the memory 520. The authorized seller VC may be referred to as the selling authority certificate 526 in FIG. 4C.

In one example, the communication channel of operation S8040 may be an encrypted communication channel. For example, the communication channel may be a DIDComm communication channel. The authorized seller VC may be transmitted to the third application 522 of the electronic device 500 of the seller who owns the DID to which the VC is issued through the DIDComm communication channel. For example, the product distribution management system 200 may use a web socket connected to the third application 522. Alternatively, if there is no web socket, the product distribution management system 200 may use a message queue after sending a push notification to the third application 522.

The product distribution management system 200 may store the authorized seller VC issuance history in the authorized seller DB 226 (S8060).

In various embodiments, the product distribution management system 200 may record the issuance of a certified prescribing agency VC for a medical institution DID in the first registry 610 of the blockchain network 600. Therefore, it can be verified that the DID in question was issued by VC, an authorized prescribing agency, by the product distribution management agency.

The product distribution management system 200 may receive and store a push notification token from the third application 522 of the seller's electronic device 500 (S8070). The product distribution management system 200 can send a push notification to the seller's electronic device 500 through a push notification token and a third application 522.

The push notification token stored in the seller's electronic device 500 may be updated in the product distribution management system 200 every time the third application 522 is run (S8090).

In various embodiments, the seller authentication VC may be replaced with the identity authentication VC of the seller's representative. Information about the individual representative may be stored in the authorized seller DB 226 of the product distribution management system 200 (e.g. Table 3). Individual representatives can submit an identity verification VC issued with their DID and receive an authorized seller VC.

Prescription certificates and sales authorization certificates issued by the certification system 10 are used to distribute cannabis drugs only to consumers who have already been authorized to purchase from authorized sellers.

Purchase of products subject to management (cannabis)

Figure 10 is a signal flow diagram of a method of purchasing cannabis medicine according to another aspect of the present application.

A consumer who has received a prescription in advance holds a prescription certificate 426 in his or her electronic device 400. This has been described above with reference to FIG. 8, etc., and detailed description will be omitted.

Through the second application 422 of the consumer's electronic device 400, it is possible to authenticate whether or not a cannabis drug is prescribed to a subject requesting authentication.

Figure 10 shows an example of authenticating whether a cannabis drug is prescribed between a consumer and a seller. A subject possessing an electronic device 500 on which a third application 522 that provides a prescription authentication function is installed can perform the authentication.

A purchase authority authentication request may occur between the consumer's electronic device 400 and the seller's electronic device 500 to determine whether the user has the authority to purchase cannabis medicine (S9010). In some embodiments, the purchase authority authentication request may be implemented through a scan operation. For example, the consumer's electronic device 400 runs the second application 422 to output a screen requesting purchase authority authentication, and the seller's electronic device 500 runs the third application 522 to verify the purchase authority. The seller's electronic device 500 scans the screen of the electronic device 400 to generate a purchase authority authentication request, or the seller's electronic device 500 runs the third application 522 to output a screen to obtain a purchase authority authentication request and the consumer The electronic device 400 may execute the second application 422 and scan the screen of the seller's electronic device 500 to generate a purchase authority authentication request.

When an authentication request is generated, the consumer's electronic device 400 and the seller's electronic device 500 may form a communication channel (S9020).

The consumer's electronic device 400 may generate a VP regarding whether the consumer has the right to purchase the management target product (S9030). The consumer's electronic device 400 may generate a VP regarding whether to prescribe a cannabis medicine (S9030). Since the prescription certificate 426 contains a variety of information associated with the cannabis drug product already permitted for purchase, the consumer's electronic device 400 may issue a processed prescription certificate containing only some of the information contained in the prescription certificate 426, or Alternatively, the entire prescription certificate 426 may be issued. The processed prescription certificate may also be referred to as a VP as described above.

In various embodiments, the consumer's electronic device 400 may issue a VP containing only some information selected from among the information included in the consumer's identity authentication VC and prescription authentication VC (S9050).

In various embodiments, the consumer's electronic device 400 may issue a VP that includes only whether a cannabis drug is prescribed among the consumer's identity authentication VC and prescription authentication VC. For example, the consumer's electronic device 400 may issue a VP containing only information on whether cannabis medicine is prescribed (S9050). The consumer's electronic device 400 may digitally sign at least part of the information of the prescription authentication VC stored in the consumer's electronic device 400 with the consumer's identifier. Specifically, the consumer's electronic device 400 may generate a VP that includes information on whether a cannabis drug is prescribed and the consumer's digital signature. The VP may include the digital signature of the product distribution management agency included in the prescription authentication VC, the consumer's identifier information included in the prescription authentication VC, and the consumer's digital signature.

Depending on the type of authentication request, information included in the VP may vary. Here, the type of authentication request is based on the information the seller requires for verification (eg, digital signatures of subjects associated with the lung). When a VP is composed of VCs issued by multiple entities, the VP may include all digital signatures of the multiple entities.

The consumer's electronic device 400 may request whether a cannabis drug is prescribed, or may transmit the corresponding VP to a subject requesting both the consumer's identity information and whether a cannabis drug is prescribed (S9055). For example, the consumer's electronic device 400 may transmit a VP regarding whether a cannabis drug is prescribed to the seller's electronic device 500 (S9055).

The seller's electronic device 500 may verify the VP received in step S9055 (S9060).

In step S9060, the seller's electronic device 500 may display a standby screen while verifying the received certificate. The seller's electronic device 500 stores the identifier of the product distribution management agency stored in the first ID registry 610 of the blockchain network 600 and the digital signature of the product distribution management agency included in the VP received in the step (S9055). Based on this, it can be verified that it is a prescription certification VC issued by a legitimate product distribution management agency. The seller's electronic device 500 can verify that the prescription authentication VC is issued to the consumer based on the consumer's digital signature and the consumer's identifier information included in the prescription authentication VC.

If verification is successful, the seller's electronic device 500 can obtain data on whether the cannabis drug included in the VP is prescribed. Additionally, in some embodiments, the VP may include some or all of the prescription information included in the prescription authentication VC. Then, the seller's electronic device 500 may obtain some or all of the prescription information.

Since the VP is digitally signed by the product distribution management agency, the consumer's purchasing authority is verified, and the seller's electronic device 500 can trust the validity of the consumer's purchasing authority. Additionally, sellers can trust the data contained in VP. In this way, the exposure of personal information can be minimized by using zero-knowledge proof, which only authenticates information about whether cannabis drugs are prescribed, the target of purchase, or the size of the purchase.

If verification is successful in step S9060, the transaction process between the seller and the consumer may proceed. The transaction process may consist of a series of preset operations between the seller's electronic device 500 and the consumer's electronic device 400 for cannabis drug trading.

For example, a seller may sell cannabis medicine to a consumer in the quantity according to the prescription included in the prescription certificate. Consumers can also purchase cannabis medicine in the quantity according to the prescription (S9080).

In some embodiments, the seller's electronic device 500 may transmit a request for verification of the validity of the VP regarding whether the cannabis drug is prescribed to the product distribution management system 200 (S9070).

The product distribution management system 200 performs a verification operation to check whether a purchase history based on the same prescription certificate among the purchase history of the same consumer already exists in the transaction history DB 227 (S9075).

In the above step (S9075), the verification operation may be performed by searching for purchase history matching the VP's data on whether cannabis drugs are prescribed. The verification operation of step S9075 may be implemented in a different manner from the verification operation using a digital signature in steps S9040 and S9060.

For example, if a purchase history matching the prescription content (eg, prescription time), consumer identifier, and prescribing medical institution identifier is searched, the product distribution management system 200 determines verification failure. Verification failure refers to a purchase attempt based on an invalid prescription certificate where the prescription certificate has already been utilized for the purchase of cannabis medication from the same seller or a different seller.

The product distribution management system 200 transmits the verification result of the validity of the VP regarding whether cannabis medicine is prescribed to the seller's electronic device 500 (S9075). The seller's electronic device 500 may sell a quantity of cannabis medicine to the consumer according to the prescription only if the verification of steps S9075 and S9060 are successful.

In certain embodiments, after forming a communication channel (S9020) and before transmitting a VP regarding whether to prescribe a cannabis drug to the seller's electronic device 500, the seller's electronic device 500 may send a message indicating whether the seller has sales authority. A VP may be additionally created regarding whether or not (S9030).

A seller who has received sales authorization in advance holds a sales authorization certificate 526 in his or her electronic device 500. This has been described above with reference to FIG. 9 and the like, and detailed description will be omitted.

The creation of the VP for the selling authority is performed at the request of a consumer who wants to check whether the VP for his or her purchasing authority is shared with a non-authorized seller, or is performed in parallel with the creation of the VP for the purchasing authority. It could be.

The VP regarding the right to purchase the product subject to management may include some or all of the information included in the consumer's identity authentication VC and prescription authentication VC. Since the selling authority certificate 526 contains various information related to the authorized seller, the seller's electronic device 500 issues a processed selling authority certificate containing only some of the information included in the selling authority certificate 526, or All certificates 526 may be issued. The processed sales authority certificate may also be referred to as VP as described above.

In various embodiments, the seller's electronic device 500 may issue a VP containing only some information selected from among the information included in the seller's identity authentication VC and the authorized seller VC (S9030). For example, the seller's electronic device 500 may issue a VP containing only information on whether or not to sell (S9030). The seller's electronic device 500 may digitally sign at least part of the information of the authorized seller VC stored in the seller's electronic device 500 using the seller's identifier. Specifically, the seller's electronic device 500 may generate a VP that includes information on whether the seller has sales authority and the seller's digital signature. The VP may include the digital signature of the product distribution management agency included in the authorized seller VC, the seller's identifier information included in the authorized seller VC, and the seller's digital signature.

The seller's electronic device 500 may additionally transmit the corresponding VP to a subject requesting whether or not the seller has authority to sell, or requesting both the seller's identity information and whether or not the seller has authority to sell (S9035).

For example, the seller's electronic device 500 may additionally transmit a VP regarding whether it has the authority to sell cannabis drugs to the consumer's electronic device 400 (S9035). The consumer's electronic device 400 may further verify the received VP (S9040).

The verification of step S9040 is implemented in a similar manner to the verification operation of step S9060. In step S9040, the consumer's electronic device 400 may display a standby screen while verifying the received certificate. The consumer's electronic device 400 performs legitimate product distribution management based on the identifier of the product distribution management agency stored in the first ID registry 610 of the blockchain network 600 and the digital signature of the product distribution management agency included in the VP. You can verify that it is an authorized seller VC issued by an organization. The consumer's electronic device 400 can verify that it is an authorized seller VC issued to the seller based on the seller's digital signature and the seller's identifier information included in the authorized seller VC.

Once verification is completed, the consumer's electronic device 400 can obtain data on whether or not the cannabis drug contained in the VP is authorized to be sold. Since the VP is digitally signed by the product distribution management agency, the seller's sales authority is verified, and the consumer's electronic device 400 can transmit its prescription certificate only to sellers whose sales authority is trusted. Additionally, consumers can trust the data contained in VP. In this way, exposure of personal information can be minimized by using zero-knowledge proof, which only authenticates information about whether or not the person is authorized to sell cannabis drugs.

Then, the operation of generating a VP regarding whether a cannabis medicine is prescribed in the step (S9050) may be performed after the verification operation of the step (S9040). Or, in the step (S9050), the VP of the step (S9050) is generated in parallel with the VP creation operation of the step (S9040), and then the VP transmission operation of whether the cannabis medicine is prescribed in the step (S9055) is It may also be performed after the verification operation of step S9040.

For a consumer whose purchase authority has been verified through the step (S9060), the seller's electronic device 500 and the consumer's electronic device 400 perform a transaction operation of cannabis medicine, exchanging the purchase amount for the cannabis medicine. It may also be performed (S9080).

In certain embodiments, in step S9080, a transaction operation between the consumer's electronic device 400 and the seller's electronic device 500 may be performed through the transaction system 1010. In this case, the payment method for cannabis medicine may be a blockchain-based currency token of the transaction system 1010. Additionally, delivery of cannabis medicine may be implemented as a transfer of asset equity tokens corresponding to the cannabis medicine. Trading in cannabis medicines could then be implemented by exchanging asset equity tokens and currency tokens. The delivery details of these cannabis medicines are recorded in the transaction system 10 as a transaction history and can be tracked in the cannabis distribution management system 200.

This will be described in more detail with reference to the transaction system 1010 below.

Blockchain-based transaction system

11A and 11B are schematic diagrams of a blockchain-based transaction system, according to one aspect of the present application. FIG. 11B is a diagram for explaining the transaction system of FIG. 11A according to various embodiments. Figure 12 is a diagram to explain the structure of a blockchain network according to various embodiments. Figure 13 is a block diagram of an exchange server according to an embodiment of the present application.

Referring to FIG. 11A, a trading system 1010 that provides an asset trading service according to an embodiment may include a blockchain network 1100, an exchange server 1200, and distributed storage 1300. .

In certain embodiments, the blockchain network 1100 may be the blockchain network 1100 of the authentication system 10. In this case, the blockchain network 1100 may record certificate issuance and distribution (i.e. transaction) history of cannabis drugs.

The trading system 1010 can provide asset trading services to users through a decentralized application (Dapp) 70. For example, a user can run the DApp 1070 on the user's terminal (e.g., electronic device such as PC, smartphone, etc.) and use the asset trading service.

Asset trading services can be referred to as services that provide exchange transactions for assets such as real estate, works of art, and other products that can be distributed through payment methods. For example, trading system 1010 may provide exchange trading services for assets by tokenizing assets, issuing and managing the tokens.

In various embodiments, transaction services provided by the transaction system 1010 may be extended to exchange transactions between different types of tokens. For example, an exchange transaction service between different tokens issued through different smart contracts can be provided by the transaction system 1010 according to the present invention.

In various embodiments, the transaction system 1010 disclosed in this document can be extended and applied to exchange services for goods other than assets by those skilled in the art. For example, the trading system 1010 may provide interchange trading services between different cryptocurrencies themselves. Exchange transactions between different tokens can likewise be applied to exchange transactions between different cryptocurrencies. In another example, the trading system 1010 may tokenize bond rights, such as bonds, securities, patent rights, and trademark rights, and provide exchange trading services for these rights by issuing and managing the tokens.

In one embodiment, the transaction system 1010 may issue tokens corresponding to assets. Assets such as cannabis drugs can be tokenized and traded by the trading system 1010. Hereinafter, tokenized assets may be referred to as asset share tokens. For example, a user can register an asset they wish to sell and receive asset equity tokens corresponding to the asset.

Additionally, the transaction system 1010 may issue tokens corresponding to the currency used in the transaction service. Hereinafter, the token may be referred to as a currency token.

In some embodiments, the currency token may be a fiat pegged token (dFIAT). The off-chain system of the transaction system 1010 can manage fiat reserves in conjunction with the existing banking system and process the issuance/redemption of dFIAT by linking with the blockchain using a securely stored private key. A public ledger of dFIAT's distribution to all blockchain accounts is maintained transparently and securely on the blockchain. Additionally, all blockchain transactions such as dFIAT issuance, redemption (burn), and dFIAT transfer between blockchain accounts are transparent, secure, and immutable because the transactions occur on the blockchain. Because all activity in the trading system 1010 is transparent and traceable, the total token supply of dFIAT circulating on the blockchain is also always public information. For full redemption, the total supply of dFIAT tokens on the blockchain is always managed to be less than or equal to the bank's fiat reserves linked to the token's backing storage.

As a result, the user can deposit won into the transaction system 1010 and receive a currency token corresponding to the deposited won amount. Users can purchase asset equity tokens using currency tokens. In particular, if a bank holding fiat deposited through the transaction system 1010 allows public access to the current fiat deposit in a trustworthy manner (e.g., distributed ledger), blockchain users can use the dFIAT without fear. can be transferred.

Trading system 1010 may support asset exchange transactions. For example, a user can purchase an asset equity token using a currency token, thereby purchasing part or all of the asset corresponding to the asset equity token. Users can sell some or all of the assets they own by purchasing currency tokens using asset stake tokens.

The purchasing system 1 may use asset equity tokens issued in the trading system 10 to exchange cannabis medicines associated with the asset equity tokens. Additionally, the purchase system 1 may use the currency token issued by the transaction system 10 as electronic money to pay for the purchase amount of cannabis medicine equivalent to the purchase amount. That is, the purchasing system 1 may enable a consumer to purchase a product managed by a seller corresponding to an asset equity token through the exchange of an asset equity token and a currency token.

In one embodiment, the transaction system 1010 may use the account of the blockchain network 1100 itself as a user account of the transaction system 1010. Therefore, the user account of the transaction system 1010 can be created independently on the client side without intervention from the transaction server 1200. In existing centralized transaction systems, users sign up and log in (sign-up/sign-in), and related information is stored in a centralized database. Accordingly, related information, including the user's account, is controlled and managed by a centralized server. However, in a decentralized trading system, a user's account can be completely controlled by the user.

Referring to FIG. 11B, the transaction system 1010 according to an embodiment may provide at least one smart contract implementing a transaction service through the blockchain network 1100. The smart contract can be implemented to provide transaction services, and the implemented smart contract can be distributed to the blockchain network 1100.

For example, the trading system 1010 may include an asset stake smart contract 1001 that creates shared assets, a currency token smart contract 1002 that manages currency tokens, an exchange smart contract 1003 for asset trading, and one of The above smart contracts can be provided. For example, if the transaction system 1010 is implemented based on the Ethereum network, the smart contract may be implemented to be compatible with ERC 20 tokens and ERC 223 tokens.

The asset share smart contract 1001 is a balance ledger of the asset share token account of the asset share smart contract 1001, the movement of the asset share token (e.g., asset share token deposit and withdrawal to the exchange smart contract 1003), and the initial asset. Functions for issuing equity tokens can be provided.

The currency token smart contract 1002 is a balance ledger of the currency token account of the currency token smart contract 1002, movement of currency tokens (e.g., deposit and withdrawal of currency tokens to the exchange smart contract 1003), issuance of currency tokens, and A function for redemption can be provided.

In various embodiments, the currency token issued by the currency token smart contract 1002 may be implemented to correspond to the currency of the country in which the transaction system 1010 operates. For example, dKRW tokens corresponding to the won issued in Korea may be issued in proportion to the balance of the bank account of a bank operating in Korea. A separate server (e.g., dKRW server in FIG. 13) performs intermediary operations between the bank and the blockchain network 1100, for example, checking whether won is deposited from the bank, checking the balance of the bank account, and sending the currency token to the smart contract 1002. You can perform operations such as transferring deposit transactions.

In certain embodiments, the currency token smart contract 1002 can perform the following functions: the balance ledger of the currency token account in the currency token smart contract 1002, the movement of currency tokens (e.g., deposits and withdrawals of currency tokens to the exchange smart contract 1003); Functions for issuance and redemption of currency tokens can be provided.

The exchange smart contract 1003 can transfer asset share tokens from the asset share smart contract 1001 for trading, and can transfer currency tokens from the currency token smart contract 1002. Additionally, the exchange smart contract 1003 can provide a withdrawal function for asset equity tokens and currency tokens.

In various embodiments, users of an asset trading service may deposit asset equity tokens or currency tokens and perform asset exchange transactions within the limits of the deposited tokens. Asset equity tokens and currency tokens can be deposited into the exchange smart contract (1003), and the deposit history is recorded in the blockchain network (1100). Deposit history for the exchange smart contract 1003 may be provided to the exchange server 1200. For example, the exchange smart contract 1003 can generate log data about deposits and record them in the blockchain 1055. The exchange server 1200 may refer to the recorded log data. As a result, synchronization can be achieved between the balance of tokens on the exchange smart contract 1003 and the exchange account on the exchange server 1200. The exchange server 1200 can process the user's transaction-related requests based on the balance of tokens deposited in the exchange account. When a withdrawal request is made, the exchange server 1200 can withdraw the amount of tokens for which the withdrawal request was made from the exchange account. Details of the withdrawal process are described later with reference to FIG. 14.

All transactions made in the transaction system 1010 may be cryptographically signed by the private key of the transaction party's blockchain network 1100 account (e.g., Ethereum account). In certain embodiments, the cryptographic signature may be a digital signature of authentication system 10. Then, the private key may be an identifier that is a means of digital signature. In some embodiments, the identifier of the network 600 and the identifier of the network 1100 may have different values for the same subject. For example, a seller may have different authentication system 10 identifiers and transaction system 1010 identifiers. To explain these embodiments more clearly, the identifier of the transaction system 1010 is referred to as a private key and the digital signature of the transaction system 1010 is referred to as a cryptographic signature so that the two identifiers and their digital signatures can be distinguished.

Through cryptographic signatures, transactions generated by the owner of a specific blockchain network 1100 account can be identified. For example, an account in the blockchain network 1100 may be referred to as a public key and a general key generated by an already public encryption algorithm (e.g., secp256k elliptic curve encryption algorithm). Hereinafter, transactions signed by a specific account may be referred to as transactions mapped to the specific account.

When a user requests a specific transaction, a transaction encrypted by the user's private key and corresponding to the requested transaction may be generated. Transaction system 1010 may process and record the transaction.

In one embodiment, some of the transactions occurring in the transaction system 1010 may be processed on the blockchain through the blockchain network 1100, and the remaining portion may be processed on the blockchain through the exchange server 1200. Can be processed off block chain. If all transactions are processed on the blockchain, excessive transaction fees may occur and processing delays may occur. Therefore, the transaction system 1010 disclosed in this document can reduce fees and perform faster processing by processing some transactions outside the blockchain.

Referring to FIG. 12, the blockchain network 1100 may be referred to as a peer-to-peer network including a plurality of computing devices 50 (peers or nodes) connected to each other through a network. The plurality of computing devices 50 may have one public ledger. The blockchain network 1100 may be referred to as a distributed network in that one public ledger is created by each of a plurality of computing devices 50. The single public ledger may be referred to as a blockchain 1055. Blockchain network 1100 can process transactions and record them in blockchain 1055. For example, blockchain network 1100 processes transactions defined in asset stake smart contract 1001, currency token smart contract 1002, and exchange smart contract 1003 and sends them to blockchain 1055. It can be recorded.

Referring to FIG. 13, the exchange server 1200 according to one embodiment may include a processor 1210, a memory 1220, and a communication interface 1230. The processor 1210 can control the overall operation of the exchange server 1200. Processor 1210 may include a transaction processing module 215. For example, the processor 1210 may drive the transaction processing module 1215 by executing instructions stored in the memory 1220. Operations performed by the transaction processing module 1215 may be understood as operations performed by the processor 1210. The exchange server 1200 can communicate with the blockchain network 1100 and the distributed storage 1300 through the communication interface 1230. The processor 1210 of the exchange server 1200 may process the generated transaction and transmit the transaction or the processing result of the transaction to the distributed storage 1300 through the communication interface 1230. Distributed storage 1300 may store received transactions.

As described above, transactions processed by the blockchain network 1100 may be stored in the blockchain 1055, and transactions processed by the exchange server 1200 may be stored in the distributed storage 1300. Transactions stored in the blockchain network 1100 or distributed storage 1300 may have immutability and transparency.

Distributed storage 1300 can guarantee immutability and transparency for stored data. Distributed storage 1300 may be referred to, for example, as IPFS (InterPlanetary File System). Immutability for data published in IPFS can be guaranteed by the merkle directed acyclic graph (DAG) structure. Anyone can access the stored data through the address value (e.g. hash address value) of the stored data. Users can check and monitor all transaction history stored in the distributed storage 1300. Specific details related to this will be described later with reference to FIG. 16.

The trading system 1010 can guarantee transparency and immutability for transactions processed by the exchange server 1200 by storing all transaction history in the distributed storage 1300.

FIG. 14 is a diagram illustrating an example of a sequence of transaction transactions occurring in a transaction system according to an embodiment of the present application and a settlement procedure performed upon occurrence of a withdrawal request.

The transaction system 1010 according to one embodiment may provide various transactions. For example, transactions include buy order, sell order or sale order, trade buy, trade sell, cancel buy order, cancel sell order ( It may include one or more of the following transactions: cancel sell order, deposit, withdrawal request, cancel withdrawal request, and withdrawal confirmation. However, the above-described transactions are exemplary, and some of the transactions may be integrated and implemented as one transaction, or one transaction may be implemented separately into several transactions.

All transactions can occur sequentially. All transactions that occurred sequentially may be processed by the blockchain network 1100 or the exchange server 1200 and stored in the blockchain 1055 and/or distributed storage 1300.

Referring to (1) of FIG. 14, for example, asset equity token deposit transaction of user A (e.g., seller), deposit transaction of currency token of user B (e.g., consumer), purchase order transaction of user B, user A The sales order transaction, the exchange transaction of User A and User B, the cancellation request transaction of User C, the withdrawal request transaction of User A, and the withdrawal confirmation transaction of User A occurred sequentially. The transaction system 1010 may process the transactions sequentially.

Purchase Order and Sales Order Transactions

In one embodiment, purchase orders and sell orders may be created by users. Cryptographically signed purchase order transactions and sell order transactions may be processed by the exchange server 1200 and published in the distributed storage 1300.

transaction transaction

In one embodiment, the exchange server 1200 may collect and match users' buy orders and sell orders. Matched buy orders and sell orders can result in valid trading transactions. The exchange server 1200 can cryptographically sign the transaction and transmit it to the distributed storage 1300.

For example, the transaction may be an exchange of an asset equity token and a currency token. In (1) of Figure 2, the exchange server 1200 matches User A's sell order transaction and User B's purchase order transaction to generate a trade transaction to move asset equity tokens and currency tokens. . The exchange server 1200 may cryptographically sign the transaction data with the private key of the exchange server 1200 and store the transaction in the distributed storage 1300. Since these transactions take place outside of the blockchain, neither User A nor User B need to incur blockchain transaction fees.

Purchase Order Cancellation and Sales Order Cancellation Transactions

In one embodiment, a user can cancel open purchase orders and sell orders through cancel purchase order and cancel sell order. The cryptographically signed purchase order cancellation transaction or sales order cancellation transaction may be processed by the exchange server 1200 and posted to the distributed storage 1300.

deposit transaction

In one embodiment, a user may deposit the user's currency tokens or asset equity tokens for asset trading. For example, when a user requests a deposit of a currency token or asset equity token through the DApp 1070, the trading system 1010 may receive a message containing the deposit transaction.

For example, a user can deposit an asset equity token issued through the asset equity smart contract 1001 into the exchange smart contract 1003. Alternatively, the user can deposit the currency token issued through the currency token smart contract 1002 into the exchange smart contract 1003. Each time a token is transferred, the exchange smart contract 1003 can create a deposit event log. The exchange server 1200 can monitor all deposit transactions. Deposit transactions can be performed through smart contracts. Therefore, deposit transactions can be performed through the blockchain network 1100 and recorded in the blockchain 1055. At this time, a transaction fee is incurred. Details related to the deposit transaction will be described later with reference to FIG. 16.

In various embodiments, exchange server 1200 may hold native currency for transaction fees. The exchange server 1200 can pay transaction fees with its native currency. The exchange server 1200 can receive compensation for the fee paid from the currency token held by the user. Users can perform deposit transactions made through the blockchain network 1100 even if they do not own the native currency of the blockchain network 1100.

Withdrawal request transaction

In one embodiment, a user may request a withdrawal of currency tokens or asset equity tokens from an exchange account. For example, when a user requests withdrawal of a currency token or asset equity token through the DApp 1070, the transaction system 1010 may receive a message containing a withdrawal request transaction. Once a withdrawal request is received, the exchange account may be locked.

For example, a user may request withdrawal of tokens on the exchange smart contract 1003. Users can request a withdrawal by specifying the amount of currency tokens or asset equity tokens, and the transaction fee required for the withdrawal.

When a withdrawal request transaction occurs, an account balance settlement procedure may be executed. The withdrawal request transaction may be cryptographically signed and stored in the distributed storage 1300. Referring to (1) of FIG. 14, when user A's withdrawal request transaction occurs, the account balance settlement procedure between user A and the exchange server 1200 may be initiated.

Withdrawal confirmation transaction

The account balance settlement procedure may be performed between the exchange server 1200 and the user to agree and confirm the current token balance of the user's exchange account. The exchange server 1200 may perform settlement and generate a withdrawal confirmation transaction for the current balance calculated as a result of the settlement. The withdrawal confirmation transaction may be processed by the blockchain network 1100.

In one embodiment, the exchange server 1200 may perform a settlement procedure and generate a settlement data file. The generated settlement data file may be stored in the distributed storage 1300. The exchange server 1200 may record the address value of the settlement data file on the distributed storage 1300 in the blockchain 1055.

Referring to (2) of FIG. 14, when a withdrawal request transaction 1025 occurs, the exchange server 1200 can perform a settlement procedure. The settlement data file 1033 generated according to the withdrawal request transaction 1025 may be stored in the distributed storage 1300.

For example, the settlement data file 1031 of the distributed storage 1300 may be referred to as being created in response to the occurrence of a withdrawal request transaction 1021. The exchange server 1200 refers to the previous settlement data file 1031, transactions that occurred after the withdrawal request transaction 1021, the exchange account balance at the time of the withdrawal confirmation transaction 1023, etc., and refers to the settlement data file ( 1033) can be created and stored in the distributed storage 1300. The address value where the settlement data file 1033 is stored may be recorded in the blockchain 1055.

For example, the settlement data files 1031 and 1033 may include withdrawal request data including the type and number of tokens for which withdrawal is requested, a transaction fee, and a withdrawal request ID. In addition, the settlement data files (1031, 1033) include the balance of currency tokens or asset equity tokens in the current exchange account, the user's currently open buy/sell orders, all transactions after the most recent account balance settlement procedure, and the most recent account balance settlement. It may include the current balance, an address in the distributed storage 1300 of recent account balance settlement data, and a cryptographic signature of the exchange server 1200.

In one embodiment, the exchange server 1200 may perform an account balance settlement procedure and request confirmation and consent from the user regarding the final account balance. The exchange server 1200 may display the balance of the exchange account as a result of settlement through the DApp 1070 and receive a confirmation input from the user in response to the display. At this time, a cryptographically signed withdrawal confirmation transaction may be generated. The blockchain network 1100 can process the withdrawal confirmation transaction and record it in the blockchain 1055.

In various embodiments, a user may validate mental results by directly referencing the blockchain network 1100 and distributed storage 1300. Alternatively, the procedure for confirming settlement data may be provided by a 3rd party.

In various embodiments, the exchange server 1200 may pay a fee for a withdrawal confirmation transaction in its native currency. The exchange server 1200 can receive compensation for the fee paid from the currency token held by the user. Users can perform withdrawal confirmation transactions made through the blockchain network 1100 even if they do not own the native currency of the blockchain network 1100.

Withdrawal request cancellation transaction

In various embodiments, a user may cancel a withdrawal request before the account balance settlement process is complete. When the withdrawal request is canceled, the exchange server 1200 may process the withdrawal cancellation request transaction and store it in the distributed storage 1300.

Figure 15 is a diagram for explaining a transaction history storage method that ensures immutability and transparency of transaction history stored in distributed storage according to an embodiment of the present application.

Referring to FIG. 15, transactions occurring in the transaction system 1010 can be stored in the distributed storage 1300, and several transactions stored in the distributed storage 1300 are grouped at predetermined intervals and stored in the distributed storage 1300. It can be. Group files 1301 and 1303 may include multiple transactions that occurred over a certain period of time. The group files 1301 and 1303 may store a list of address values (eg, a hash value list) of a plurality of transactions included in each group file 1301 and 1303.

The group files 1301 and 1303 stored in the distributed storage 1300 may have a unique hash value calculated by a certain hash algorithm (eg, SHA-1). The hash values of the group files 1301 and 1303 may be referred to as unique values corresponding to data included in the group files 301 and 303. Accordingly, if some of the data included in the group files 1301 and 1303 are altered, the hash values for the group files 301 and 303 may also be different.

In one embodiment, immutability of the transaction history stored in the distributed storage 1300 can be achieved by chaining each group file (1301, 1303) using the hash value of each group file (1301, 1303).

For example, the address in the distributed storage 1300 where each group file 1301 and 1303 is stored can be expressed as a hash value. Group files 1301 and 1303 may each have a hash value of the preceding group file. Accordingly, group files 1301 and 1303 can be chained through hash links. For example, the group file 1303 points to the group file 1301 by having the hash value of the group file 1301, and can form a chain with the group file 1301. Accordingly, the group files 1301 and 1303 of the distributed storage 1300 may form a structure similar to the blocks of the blockchain 1055.

If a specific group file is altered and has a different hash value, the hash value of subsequent group files of the modified specific group file can no longer represent a valid address value. Therefore, the above tampered group file and its subsequent group files can no longer form a chain. If the group files 301 and 303 stored in the distributed storage 1300 do not form a chain, the user may recognize that the data in the distributed storage 1300 has been forged or altered.

In one embodiment, immutability of transaction history stored in distributed storage 1300 may be achieved by storing hash values of group files 1301 and 1303 in blockchain 1055 of blockchain network 1100.

For example, hash values of group files 1301 and 1303 may be stored in the blockchain 1055. When the hash values of the group files 301 and 303 are stored in the blockchain network 1100, anyone can access the blockchain network 1100 and check the hash values. For example, the user can verify whether the group files (1301, 1303) have been manipulated by comparing the hash values stored in the blockchain (1055) with the hash values of the group files (1301, 1303) stored in the distributed storage (1300). there is. If the data included in the group files 1301 and 1303 has been manipulated, the hash value stored in the blockchain 1055 can no longer represent a valid address value. The distributed storage 1300 can guarantee the immutability of data stored in the distributed storage 1300 through the hash value recorded in the blockchain 1055.

In various embodiments, a user or a third party can confirm all transactions occurring in the distributed transaction system 1010 by accessing a specific address in the distributed storage 1300 indicated by the hash value recorded in the blockchain 1055. Accordingly, transparency can be provided regarding transaction histories stored in the distributed storage 1300.

In various embodiments, a user or a third party can access the distributed storage 1300 using the hash value recorded in the blockchain 1055 and reconstruct the history of all transactions that have previously occurred. Accordingly, even if the exchange server 1200 is damaged by hacking, the entire transaction history can be reconstructed, so the transaction system 1010 can have higher safety compared to existing centralized transaction systems.

Figure 16 is a signal flow diagram of a deposit method to a transaction system according to various embodiments of the present application. Figure 17 is a signal flow diagram of an asset trading method according to various embodiments of the present application. 18 is a signal flow diagram of a withdrawal method from a trading system according to various embodiments of the present application. Hereinafter, with reference to FIGS. 16 to 18, the deposit procedure, transaction procedure, and withdrawal procedure performed in the transaction system 1010 will be described as a sequence diagram.

In various embodiments, a user installs the DApp 1070 that provides an asset trading service on a client terminal 1075 (e.g., an electronic device including a PC, smartphone, tablet PC, etc.) and uses the asset trading service. Asset exchange transactions can be performed. In certain embodiments, the user's terminal 1075 includes one or more of the medical institution's electronic device 300, the consumer's electronic device 400, and the seller's electronic device 500. Depending on the user, the client terminal 1075 may perform the operations of the medical institution's electronic device 300, the consumer's electronic device 400, and the seller's electronic device 500, respectively.

Deposit Procedure

Referring to FIG. 16, when an asset share token deposit request occurs (S1401), the client terminal 1075 sends an asset share token deposit transaction cryptographically signed by the user's private key to the asset share smart contract of the blockchain network 1100. It can be transmitted to (1001) (S1403). For example, a user may request to deposit an asset equity token through the DApp 1070. Asset share tokens may be issued by the asset share smart contract 1001 of the blockchain network 1100 according to the user's asset registration. In certain embodiments, the asset stake token may be issued by the asset stake smart contract 1001 of the blockchain network 110 upon the seller registering the cannabis drug to be sold. When the seller's electronic device 500 registers cannabis medicine as an asset, a request to deposit an asset equity token occurs (S1401). Then, a deposit transaction for the asset share corresponding to the registered cannabis drug is transmitted (S1403). The deposit transaction is digitally signed with the seller's private key.

The asset share smart contract 1001 may move the asset share token to the transaction smart contract 1003 in response to the asset share token deposit transaction (S1405). The transaction smart contract 1003 may generate a deposit event log of the asset equity token and store it in the blockchain 1055 (S1407). Asset equity tokens issued in this way can also be used as ownership shares of the cannabis medicine. The transfer of asset equity tokens is a transfer of ownership of cannabis medicine. Asset equity tokens and cannabis medicine are related through an ownership stake relationship.

When a currency token deposit request occurs (S1409), the client terminal 1075 may transmit a currency token deposit transaction cryptographically signed by the user's private key to the currency token smart contract 1002 of the blockchain network 1100. (S1411). For example, a user may request a currency token deposit through the DApp 1070. Currency tokens may be issued by the currency token smart contract 1002 according to the user's won deposit. In certain embodiments, currency tokens may be issued by the currency token smart contract 1002 of the blockchain network 1100 upon the consumer depositing Korean Won for payment into the DApp 1070. When the consumer's electronic device 400 deposits won in the DApp 1070, a currency token deposit request occurs (S1409). Then, a deposit transaction for the currency token corresponding to the deposit amount is transmitted (S1411). The deposit transaction may be digitally signed with the consumer's private key.

The currency token smart contract 1002 may move the currency token to the transaction smart contract 1003 in response to the currency token deposit transaction (S1413). The transaction smart contract 1003 can generate a deposit event log of the currency token and store it in the blockchain 1055 (S1415).

Balance information of currency tokens and asset equity tokens deposited in the transaction smart contract 1003 may be synchronized between the blockchain network 1100 and the exchange server 1200 (S1417). For example, the exchange server 1200 may refer to the deposit event log recorded in the blockchain 1055 at predetermined intervals or whenever a deposit transaction occurs. The exchange server 1200 may update the balance of the exchange account according to the deposit event log and process transactions based on the updated balance. For example, the exchange server 1200 may include exchange account data including information about the balance of the exchange account. The exchange server 1200 may update the exchange account data according to the deposit event log.

transaction process

Referring to FIG. 17, the client terminal 1075 may transmit a transaction request cryptographically signed by the user's private key to the exchange server 1200 and the distributed storage 1300 (S1501, S1503). For example, a transaction request may be referenced as a message containing a purchase order transaction, a sell order transaction, a withdrawal request transaction, or a withdrawal request cancellation transaction.

The exchange server 1200 may process the transaction corresponding to the transaction request (S1505). Distributed storage 1300 may store a cryptographically signed transaction corresponding to a transaction request (S1507).

The exchange server 1200 may generate a trade transaction as the user's buy order and sell order are matched. This process was described above with reference to FIG. 14 . At this time, the exchange server 1200 may cryptographically sign the generated transaction with the private key of the exchange server 1200 and transmit it to the distributed storage 1300. Distributed storage 1300 may store the received transaction transaction (S1507).

The distributed storage 1300 may create a group file containing a plurality of transactions at predetermined intervals (S1509). Distributed storage 1300 can transmit the address value of the group file to the blockchain network 1100 (S1511). The blockchain network 1100 can record the address value of the group file received in the blockchain 1055 (S1517). Alternatively, the distributed storage 1300 may transmit the address value of the group file to the exchange server 1200 (S1513). The exchange server 1200 may transmit the address value of the received group file to the blockchain network 1100 (S1517). Operation S1511 and operations S1513 to S1515 may be performed alternatively.

The above-described operations (S1501) to (S1511) may be performed repeatedly. Asset transactions may be performed in the transaction system 1010 according to operations S1501 to S1511 that are repeatedly performed.

Withdrawal Procedure

Referring to FIG. 18, when a withdrawal request for a currency token or asset equity token occurs, the client terminal 1075 may transmit a withdrawal request cryptographically signed by a private key to the exchange server 1200 (S1601). The exchange server 1200 receives a withdrawal request from a specific user corresponding to the private key. The exchange server 1200 may perform a settlement procedure for the specific user in response to receiving a withdrawal request (S1603 to S1613).

The exchange server 1200 may obtain the transaction history of the specific user from the distributed storage 1300 (S1603). For example, the transaction history may be referenced as a list of transactions that have occurred since a specific user's previous withdrawal request. As described above through (2) of FIG. 14, the exchange server 1200 obtains a specific user's previous settlement data file, data on transactions that occurred after the previous withdrawal request transaction, etc. from the distributed storage 1300. And, a settlement data file (e.g., settlement data files 1031 and 1033 in FIG. 14) can be created (S1605). The exchange server 1200 can transmit the generated settlement data file to the distributed storage 1300 (S1607), and the distributed storage 1300 can store the settlement data file (S1609).

When the settlement procedure is completed, the exchange server 1200 may transmit the settlement result to the client terminal 1075 (S1611). The settlement result may include information contained in the settlement data file. The client terminal 1075 may transmit confirmation of the received settlement result to the exchange server 1200 (S1613). When the exchange server 1200 receives confirmation of the settlement result, it can transmit a withdrawal confirmation transaction cryptographically signed with the private key of the specific user to the blockchain network 1100 (S1615). The blockchain network 1100 can process the withdrawal confirmation transaction and record it in the blockchain 1055 (S1617).

In the transaction system 1010, transactions other than deposit request transactions and withdrawal confirmation transactions are processed by the exchange server 1200, thereby reducing the fees paid to the blockchain network 1100. Transactions processed by the exchange server 1200 are stored in the distributed storage 1300, and the address value in the distributed storage 1300 where the transactions are stored may be recorded in the blockchain network 1100. Therefore, all transaction history can be reconstructed through the blockchain 1055 and distributed storage 1300 and monitored by the user.

Referring again to FIG. 10, due to the exchange of the asset equity token and currency token according to FIG. 18, a cannabis drug transaction is performed between the consumer and the seller of FIG. 10 (S9080).

A seller who has previously registered cannabis medicine as an asset in the trading system 1010 holds an asset equity token related to the cannabis medicine registered in the exchange account of the blockchain network 1100. And the consumer who deposited won in advance into the transaction system 1010 holds a currency token corresponding to the deposited amount in the exchange account of the blockchain network 1100. This has been described above with reference to FIG. 16, etc., and detailed description will be omitted.

If it is verified in step S9080 that the consumer's electronic device 400 has a prescription certificate, the seller's electronic device 500 and the consumer's electronic device 400 place a sales order and purchase in the transaction system 1010. You can also initiate the trading process by sending an order.

In some embodiments, a consumer's buy order for a cannabis drug transaction in transaction system 1010 may be generated based on the contents of a prescription for which a prescription certificate has been issued. The purchase order includes payment object and payment quantity.

The purchase order may be created by the seller's electronic device 500 or the consumer's electronic device 400. The consumer's electronic device 400 may obtain prescription information from a prescription certificate owned by the consumer. The seller's electronic device 500 may obtain at least part of the prescription information in the process of verifying the prescription certificate.

As described above, the prescription information may include information related to prescription contents in which the consumer is the subject of the prescription and the product to be managed is a prescription product. For example, since the prescription information includes the period of administration, the number of administrations in a unit period (e.g., per day), the dose per time, etc., the seller's electronic device 500 records the entire dosage of the cannabis medicine during the period of administration. It can be obtained.

The seller's electronic device 500 or the consumer's electronic device 400 registers the cannabis drug as an asset, designates the issued asset equity token as the payment target, and specifies the number of asset equity tokens equivalent to the total dose as the payment quantity. The purchase order may be created.

The seller's electronic device 500 may generate a sales order based on at least part of the prescription information (S9080). The sales order may be a request for payment of a payment amount. The sales order includes payment amount and payment method.

In some embodiments, the seller's electronic device 500 may generate a sales order based on the purchase order.

The seller's electronic device 500 may create a sales order including a payment amount and payment method corresponding to the payment object and payment quantity (S9080). The payment method is the currency token. The number of currency tokens to be paid by the consumer corresponds to the payment amount. The payment amount corresponds to the payment object and payment quantity. That is, the number of currency tokens corresponding to the payment object and payment quantity is designated as the payment amount.

In various embodiments, the seller's electronic device 500 may generate both a purchase order request and a sales order request for a specific transaction.

The transaction system 1010 may process transaction transactions based on purchase requests and sales requests received from the seller's electronic device 500 or the consumer's electronic device 400.

In certain embodiments, the transaction request of FIG. 17 may include a sales order from the seller and a purchase order from the consumer. The seller's electronic device 500 transmits the seller's sales order, which is cryptographically signed with the seller's private key, to the exchange server 1200 and the distributed storage 1300, and the consumer's electronic device 400 transmits the seller's sales order, which is cryptographically signed with the consumer's private key. The consumer's purchase order may be transmitted to the exchange server 1200 and the distributed storage 1300 (S1501, S1503). The exchange server 1200 can process transactions corresponding to a purchase order, which is a transaction request from a consumer, and a sell order, which is a transaction request from a seller (S1505). Distributed storage 1300 may store a cryptographically signed transaction corresponding to the transaction request (S1507).

The exchange server 1200 may generate a trade transaction as the user's buy order and sell order are matched (S1505). By matching the consumer's purchase order and the seller's sell order, a quantity of the currency token equal to the payment amount is transferred from the consumer's exchange account to the seller's exchange account and from the seller's exchange account to the payment quantity. Create the transaction transaction that causes the quantity of the asset equity tokens to be transferred from the seller's exchange account to the consumer's exchange account (S1505). This process was described above with reference to FIG. 14 . At this time, the exchange server 1200 may cryptographically sign the generated transaction with the private key of the exchange server 1200 and transmit it to the distributed storage 1300. Distributed storage 1300 may store the received transaction transaction (S1507). The processing of these transaction transactions has been described above with reference to FIG. 17, and detailed description will be omitted.

In the above transaction, the consumer is prevented from interfering with the contents of the purchase order, thereby preventing the distribution of cannabis drugs exceeding the size of the prescribed cannabis drug.

When the transaction in step S9080 is completed, the seller's electronic device 500 may perform an operation to deliver the cannabis medicine to the consumer. Additionally, the seller's electronic device 500 creates a transaction history after payment of the payment amount is completed (S9085). The seller's electronic device 500 transmits the transaction history to the product distribution management system 200 (S9090). The product distribution management system 200 updates the transaction history DB 227 with the received transaction history (S9095).

The transaction history may include at least some of the prescription information (e.g., information referring to the cannabis drug (i.e., the prescribed cannabis drug) (e.g., type or name), the dosage of the cannabis drug, and the payment amount corresponding to the dosage of the cannabis drug. and payment method), as well as payment details. The payment details may include the buyer's personal information, the seller's personal information, payment time, etc. In addition, the payment details are the account address (or wallet address) in the blockchain network 1100 of the consumer who transmitted the currency token of the transaction system 1010 to the transaction counterparty and received the asset equity token corresponding to the transmitted currency token. , and the account address (or wallet address) in the blockchain network 1100 of the seller who transmitted the asset equity token for the cannabis drug to the transaction counterparty and received the currency token corresponding to the transmitted asset equity token. It may be possible.

Additionally, in some embodiments, the transaction history may include a VP (or prescription certificate) received from the consumer's electronic device 400 in step S9050, and a VP (or prescription certificate) transmitted to the consumer's electronic device 400 in step S9030. or a sales authorization certificate) may be further included.

The product distribution management system 200 can check transaction history in the transaction history DB 227.

Additionally, in some embodiments, the product distribution management system 200 records the issuance history of currency tokens or asset equity tokens of the transaction system 1010 based on the account address of the seller or the account address of the consumer included in the transaction history. You can also check .

Additionally, the consumer's electronic device 400 may request the product distribution management system 200 to check the consumer's purchase history. The inquiry of the purchase history may also be implemented as a inquiry of the transaction history. The purchase history inquiry request may include information related to the consumer. In some embodiments, the purchase history inquiry request may include the consumer's identifier information or the consumer's digital signature. Then, the product distribution management system 200 searches the transaction history showing the purchase history of the consumer using information related to the consumer in the purchase history inquiry request, such as identifier information, and sends the search results to the consumer's electronic device 400. You can also send it.

Additionally, the seller's electronic device 500 may request the product distribution management system 200 to check the seller's own sales history. The search for the sales history may also be implemented as a search for the transaction history. The request to check the sales history may include information related to the seller. In some embodiments, the request to check the sales history may include the seller's identifier information or the seller's digital signature. Then, the product distribution management system 200 may search the purchase history of the seller using information related to the seller in the seller history inquiry request, such as identifier information, and transmit the search results to the seller's electronic device 500.

In alternative embodiments, the transaction of step S9080 is not limited to the transaction system 1010. The step (S9080) may be performed by a third-party transaction system according to various payment methods. That is, the payment method is not limited to the aforementioned blockchain-based cryptocurrency, and may be, for example, cash, credit card, debit card, or other payment method. Here, payment of the amount using a debit or credit card is implemented through a card terminal (e.g., IC terminal), or an NFC-based electronic payment method previously linked to the card (e.g., Google Pay, Samsung Pay, Apple Pay). etc.) includes those implemented through. Additionally, payment of the payment amount using cash includes transfer from a bank account.

Additionally, the product distribution management system 200 may cancel the issuance of a certificate before the issuance of the certificate according to the issuance request is completed. For example, the product distribution management system 200 may cancel the issuance of a prescription certificate for the consumer's electronic device 400. Alternatively, the product distribution management system 200 may cancel the issuance of a sales authorization certificate for the seller's electronic device 500. Alternatively, the product distribution management system 200 may cancel the issuance of a prescription authority certificate for the electronic device 300 of a medical institution.

The product distribution management system 200 may generate a cancellation request transaction for the issuance of a certificate subject to cancellation. Then, the cancellation request transaction may be processed by the product distribution management system 200 and the processing result may be posted on the blockchain network 600. Since the cancellation of issuance of a certificate subject to cancellation in the authentication system 10 is similar to the purchase order cancellation and sales order cancellation transaction or withdrawal request cancellation transaction of the transaction system 1010, detailed descriptions are omitted.

In this way, the purchasing system 1 can transparently manage the consumer's identity and purchase history. In particular, the purchasing system 1 allows the purchase of management target products only by consumers with certified valid purchasing authority and can track transaction history, ultimately making it possible to strictly manage consumers' purchases of management target products.

It will be apparent to those skilled in the art that the system 1 may include other components not described herein. For example, it may further include a data input device, an output device such as display and/or printing, a network, a network interface, and a protocol.

When implementing embodiments of the present invention using hardware, application specific integrated circuits (ASICs) or digital signal processors (DSPs), digital signal processing devices (DSPDs), and programmable PLDs (PLDs) configured to perform the embodiments of the present application. logic devices), field programmable gate arrays (FPGAs), etc. may be included in the components of the present application.

The operations of the system and method for purchasing management target products based on blockchain technology according to the embodiments of the present application described above may be at least partially implemented as a computer program and recorded on a computer-readable recording medium. . For example, implemented with a program product comprised of a computer-readable medium containing program code, which can be executed by a processor to perform any or all steps, operations, or processes described.

The computer-readable recording medium includes all types of recording devices that store data that can be read by a computer. Examples of computer-readable recording media include ROM, RAM, CD-ROM, magnetic tape, floppy disk, and optical data storage devices. Additionally, computer-readable recording media may be distributed across computer systems connected to a network, and computer-readable codes may be stored and executed in a distributed manner. Additionally, functional programs, codes, and code segments for implementing this embodiment can be easily understood by those skilled in the art to which this embodiment belongs.

The present invention examined above has been described with reference to the embodiments shown in the drawings, but these are merely illustrative examples, and those skilled in the art will understand that various modifications and modifications of the embodiments are possible therefrom. However, such modifications should be considered within the technical protection scope of the present invention. Therefore, the true technical protection scope of the present invention should be determined by the technical spirit of the attached patent claims.

Claims (11)

In the method performed by the system, a consumer purchases a product subject to management,
The system is operated by a blockchain-based purchasing system that includes a first blockchain network with a distributed ledger, and the system communicates with the consumer's electronic device, the seller's electronic device, and the medical institution's electronic device,
The first blockchain network stores the consumer's identifier, the system's identifier, and the medical institution's identifier,
The method is,
issuing, in the system, a prescription authentication VC indicating that the consumer has the right to purchase a product subject to management to the consumer's electronic device;
Creating a VP on whether the consumer has the right to purchase the management target product on the consumer's electronic device, and transmitting the VP on whether the consumer has the purchase authority for the management target product to the seller's electronic device - purchase of the management target product The VP for authorization includes some or all of the information included in the consumer's identity authentication VC and prescription authentication VC;
A legitimate product distribution management agency based on the identifier of the product distribution management agency stored in the first blockchain network on the seller's electronic device and the digital signature of the product distribution management agency included in the VP regarding whether or not the product is authorized to purchase the product subject to management. Verifying that it is a prescription certification VC issued by; and
Obtaining at least some of the prescription information in the prescription authentication VC based on the verification result, and performing a transaction process for purchasing a management target product - the transaction process includes the seller's electronic device for transaction of the management target product Consisting of a preset series of operations between the consumer's electronic device and the consumer's electronic device;
method. The method of claim 1,
In the system, the step of issuing a prescription authentication VC indicating that the consumer has the right to purchase a product subject to management to the consumer's electronic device is,
A step of requesting issuance of a prescription authentication VC by digitally signing the prescription information for the consumer, the consumer's identity authentication VC, and the medical institution's authorized prescribing agency VC from the medical institution's electronic device with the medical institution identifier - The prescription information is provided to the consumer and is the subject of the prescription. Contains information related to prescriptions where the controlled product is a prescription product;
In response to the request for issuance of the prescription authentication VC, the system requests the issuance of the prescription authentication VC based on the digital signature of the medical institution included in the VC of the certified prescription institution and the identifier of the medical institution stored in the first blockchain network. Verifying whether the digital signature is from a medical institution;
When it is verified that the request for issuance of the prescription authentication VC is a digital signature by a medical institution that is an authorized prescribing institution, the system issues a prescription authentication VC that digitally signs the prescription information and at least some data included in the consumer's identity authentication VC. Characterized by comprising the steps:
method. The method of claim 1, wherein the method comprises:
issuing, in the system, an authorized seller VC indicating that the seller has the authority to sell the management target product to the seller's electronic device;
Before transmitting the VP regarding the purchase authority for the management target product to the seller's electronic device, the seller's electronic device generates a VP regarding the seller's sales authority, and transmits the VP to the consumer's electronic device. A step of transmitting a VP regarding whether the product is authorized to be sold - The VP regarding whether the product is authorized to be purchased includes some or all of the information included in the seller's identity authentication VC and prescription authentication VC ; and
A legitimate product distribution management agency based on the identifier of the product distribution management agency stored in the first blockchain network on the consumer's electronic device and the digital signature of the product distribution management agency included in the VP regarding whether or not the product is authorized to sell the product subject to management. It further includes; verifying that it is an authorized seller VC issued by,
If it is verified that it is an authorized seller VC issued by the legitimate product distribution management agency, a VP on whether the consumer has the right to purchase the product subject to management is created on the consumer's electronic device, or the seller's electronic device is used to Characterized by transmitting a VP regarding whether the product is authorized to be purchased,
method According to claim 3,
In the system, the step of issuing an authorized seller VC indicating that the seller has the authority to sell the product subject to management to the seller's electronic device is,
Requesting issuance of an authorized seller VC by digitally signing the seller's identity authentication VC with the seller's identifier on the seller's electronic device;
In response to the request for issuance of the authorized seller VC, the system requests issuance of the authorized seller VC based on the seller's digital signature included in the seller's identity authentication VC and the seller's identifier stored in the first blockchain network. Verifying whether the transmission is from a legitimate seller;
Comparing the information of the authorized seller DB and the information of the seller authentication VC in the system when it is verified that the transmission is from a legitimate seller; and
Characterized in that it includes the step of issuing the authorized seller VC to the electronic device of the seller who requested issuance of the authorized seller VC when there is information matching the seller authentication VC in the authorized seller DB.
method. The method of claim 1,
The step of obtaining at least some of the prescription information in the prescription authentication VC based on the verification result and performing a transaction process to purchase the product to be managed,
Calculating the total dosage permitted for purchase based on the period of administration, number of daily dosages, and dosage per time of the product subject to management for the consumer; and
Characterized in that it comprises the step of performing a transaction process to purchase the entire dose of the product to be administered,
method. The method of claim 5, wherein the step of performing a transaction process to purchase the entire dose of the management target product includes,
Generating a consumer's purchase order for the transaction process and transmitting it to a transaction system - the consumer's purchase order is generated on the consumer's electronic device or the seller's electronic device;
generating the seller's sales order for the transaction process on the seller's electronic device and transmitting it to the transaction system; and
Processing, in the trading system, a trading transaction based on the consumer's purchase order and the seller's purchase order,
The trading system is configured to process multiple transactions for asset trading,
A second blockchain network including a plurality of computing devices - the second blockchain network is connected to the consumer's electronic device and the seller's electronic device included in the plurality of computing devices, and the consumer's electronic device and the seller's electronic device are connected to the consumer's electronic device and the seller's electronic device. Blockchain stored on device;
an exchange server that communicates with the blockchain network; and
Includes distributed storage,
The method is,
issuing an asset share token associated with the managed product through an asset share smart contract in accordance with registering the managed product to be sold on the seller's electronic device; and
Characterized in that it further comprises the step of issuing the currency token through a currency token smart contract in response to depositing fiat currency on the consumer's electronic device.
method. The method of claim 6,
The step of creating a consumer purchase order for the transaction process is,
Designating an asset equity token associated with the managed product on the seller's electronic device or the consumer's electronic device as the payment object and designating the entire dosage of the managed product as the payment quantity to create the consumer's purchase order,
The step of creating a sales order for the seller for the transaction process is:
Characterized in generating a sales order for the seller by designating the currency token as a payment method in the seller's electronic device and specifying the number of currency tokens corresponding to the payment object and payment quantity as the payment amount,
method. The method of claim 6, wherein the step of issuing an asset equity token associated with the product to be managed comprises:
When a management target product is registered as an asset in the transaction system on the seller's electronic device and a request for asset equity token deposit occurs, cryptographically signing the asset equity token deposit request with the seller's private key and transmitting it to the asset equity smart contract;
moving an asset share token associated with the registered managed product to a transaction smart contract in response to an asset share token deposit transaction in the asset share smart contract; and
Characterized in that it includes the step of generating a deposit event log of the asset equity token in the transaction smart contract and storing it in a blockchain within the second blockchain network.
method. The method of claim 6, wherein issuing the currency token comprises:
When a currency token deposit request occurs by depositing fiat currency on the consumer's electronic device, cryptographically signing the currency token deposit request with the consumer's private key and transmitting it to the currency token contract;
moving the currency token to the transaction smart contract in response to a currency token deposit transaction in the currency token smart contract;
Characterized in that it includes the step of generating a deposit event log of the currency token in the transaction smart contract and storing it in a blockchain within the second blockchain network.
method. The method of claim 7, wherein processing a transaction based on the consumer's purchase order and the seller's purchase order in the transaction system comprises:
Transmit the seller's sales order, which is cryptographically signed with the seller's private key from the seller's electronic device, to the exchange server and distributed storage, and transmit the consumer's purchase order, which is cryptographically signed with the consumer's private key from the consumer's electronic device, to the exchange server and the distributed storage. sending to storage;
Processing transactions corresponding to a purchase order, which is a transaction request from a consumer, and a sell order, which is a transaction request from a seller, at an exchange server, and storing a cryptographically signed transaction corresponding to the transaction request in the distributed storage; and
By matching the consumer's purchase order and the seller's sell order, a quantity of the currency token equal to the payment amount is transferred from the consumer's exchange account to the seller's exchange account and from the seller's exchange account to the payment quantity. Creating the trading transaction that causes the quantity of the asset equity tokens to be transferred from the seller's exchange account to the consumer's exchange account, cryptographically signing the trading transaction with the private key of the exchange server and storing it in the distributed storage. Characterized in that it includes,
method. A computer-readable recording medium on which a program for performing a method for a consumer to purchase a management target product according to any one of claims 1 to 10 is recorded.

Images