WO2022149816A1 - System and method for providing blockchain-based corporate did service - Google Patents

System and method for providing blockchain-based corporate did service Download PDF

Info

Publication number
WO2022149816A1
WO2022149816A1 PCT/KR2022/000038 KR2022000038W WO2022149816A1 WO 2022149816 A1 WO2022149816 A1 WO 2022149816A1 KR 2022000038 W KR2022000038 W KR 2022000038W WO 2022149816 A1 WO2022149816 A1 WO 2022149816A1
Authority
WO
WIPO (PCT)
Prior art keywords
corporate
personal
terminal
issuer server
charge
Prior art date
Application number
PCT/KR2022/000038
Other languages
French (fr)
Korean (ko)
Inventor
채상미
박민정
김종현
이명준
Original Assignee
이화여자대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 이화여자대학교 산학협력단 filed Critical 이화여자대학교 산학협력단
Publication of WO2022149816A1 publication Critical patent/WO2022149816A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/26Government or public services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators

Definitions

  • the present invention relates to a corporate DID (Decentralized Identity) service providing system, and in particular, to a blockchain-based corporate DID service providing system and method that provides an electronic corporate authentication means through decentralized, decentralized identification based on blockchain technology. it's about
  • a corporate seal card is required to prove that it is a corporation in order to issue a corporate seal certificate and a certified copy of corporation registration.
  • the above corporate seal card is a physical card, introduced for the purpose of convenient business processing, and has an advantage in that electronic registration and unmanned document issuance are possible. As such, if the person in charge of the company abuses it without the approval of the representative of the corporation, there is a risk that it can be abused by issuing corporate documents.
  • the corporate seal card has a limitation that the company representative cannot substantially handle all the procedures such as issuance and submission of documents necessary for business operation, such as accredited certificates and corporate seal cards. However, it is not free from low security and safety problems caused by employee abuse and hacking.
  • the electronic signature was developed for the use of electronic contracts and e-commerce transactions, and the purpose is to provide integrity and non-repudiation functions so that it is impossible to change or delete the contents of the signed document and to deny the fact of the signature.
  • the verification key uses the public key method. It is impossible to verify whether the sender's public key is correct, and there is a possibility that a problem may occur if a hacker deceives himself as the sender and sends it.
  • the present invention has been devised to solve the above problems, and the present invention provides a corporate DID, a new concept authentication means based on a decentralized identity (DID) technology that can replace the existing corporate seal card. There is a task to do.
  • DID decentralized identity
  • the blockchain-based corporate DID service providing system uses a blockchain network that stores the issued DID, and a first personal DID that certifies the identity of the person in charge of the company.
  • a person in charge terminal requesting issuance of the corporate DID of the company to which the person in charge belongs, a representative terminal that approves the use of the corporate DID using a second personal DID that certifies the identity of the corporate representative in response to the request for issuance of the corporate DID; and , in response to a corporate DID issuance request approved for use by the representative terminal, a corporate DID is issued by combining the first and second personal DIDs with corporate-related data, and the issued corporate DID is registered in the blockchain network and the person in charge It may include a DID issuer server distributed to the terminal.
  • the terminal in charge requests issuance of the first personal DID to the DID issuer server, a personal DID management unit receiving the issued first personal DID, and the DID issuer server to request issuance of the corporate DID, and the corporation
  • a corporate DID management unit that receives related data and submits it to the DID issuer server, receives the issued corporate DID, a corporate DID submitter that submits the distributed corporate DID to the service provider server according to the purpose of use, and the first personal DID and a storage for storing the corporate DID.
  • the representative terminal requests issuance of the second personal DID from the DID issuer server, a personal DID management unit receiving the issued second personal DID, and a corporate representative authority to receive approval for use of the corporate DID issuance request. and a storage for storing the use approval unit provided to the DID issuer server and the second personal DID.
  • the DID issuer server includes an issuance reception unit that receives a request for issuance of a DID from the person in charge terminal and the representative terminal, an identity verification unit that verifies the identity of the person in charge of the company and the company representative using the first and second personal DIDs, and identity verification Approval request unit that requests approval of use from the representative terminal of the company representative for the requested corporate DID issuance, and a DID generator that generates and registers corporate DIDs for corporate DID issuance requests that have been verified and approved for use in the blockchain network and a DID distribution unit distributing the generated DID to a terminal in charge or a representative terminal.
  • the DID generating unit may generate corporate-related data by processing the corporate seal image file and purpose of use provided from the terminal in charge, and reflect the corporation-related data in the DID document of the corporation DID.
  • the corporation-related data may include data obtained by hashing the corporate seal image file through a predetermined hash function.
  • the DID issuer server when a usage history including a usage period occurs for the corporate DID, hashes the usage history, adds it to the DID document of the corporate DID, registers it in the blockchain network, and when the usage period elapses, the It may further include a DID management unit that discards the corporate DID and registers it in the blockchain network.
  • a corporate DID service providing method using a block chain network is a corporate DID service providing method using a block chain network storing the issued DID, , requesting, by the person in charge terminal, to the DID issuer server for issuance of a corporate DID of the company to which the person in charge belongs by using the first personal DID that proves the identity of the person in charge of the company; replying to the representative terminal for approval of use in response to the corporate DID issuance request requested by the company; requesting the DID issuer server for permission to use the issuing the DID, and registering the corporate DID issued by the DID issuer server to the block chain network and distributing the issued corporate DID to the terminal in charge.
  • the terminal in charge Before the step in which the person in charge terminal requests the DID issuer server to issue a corporate DID of the company to which the person in charge belongs using the first personal DID that proves the identity of the person in charge of the company, the terminal in charge sends the first personal DID to the DID issuer server 1 requesting the issuance of a personal DID, the DID issuer server issuing a first personal DID for the person in charge of the company and registering the first personal DID in the blockchain network, and the DID issuer server sends the registered first personal DID to the person in charge It may include distributing to the terminal, and storing the distributed first personal DID in a storage by the terminal in charge.
  • the representative terminal Before the representative terminal requests the DID issuer server to approve the use of the corporate DID using a second personal DID that proves the identity of the corporate representative in response to the corporate DID issuance request, the representative terminal requesting the DID issuer server to issue the second personal DID, the DID issuer server issuing a second personal DID for the company representative and registering it in the blockchain network, the DID issuer server registering
  • the method may include distributing the distributed second personal DID to the representative terminal, and storing the distributed second personal DID by the representative terminal in a storage.
  • the step of issuing, by the DID issuer server, a corporate DID by combining the first and second personal DIDs with corporate-related data in response to a corporate DID issuance request approved for use by the representative terminal comprises: the terminal in charge of the DID issuer server providing a corporate seal image file and purpose of use to the server, generating corporate related data by processing the corporate seal image file and purpose of use provided by the DID issuer server; and, by the DID issuer server, reflecting the corporation-related data in the DID document of the corporation DID.
  • the corporation-related data may include data obtained by hashing the corporate seal image file through a predetermined hash function.
  • the DID issuer server After the DID issuer server registers the issued corporate DID in the block chain network and distributes it to the terminal in charge, when the DID issuer server generates usage details including the period of use for the corporate DID, the usage details are hashed and registering in the blockchain network by adding it to the DID document of the corporate DID; and discarding the corporate DID when the DID issuer server elapses the period of use and registering in the blockchain network. have.
  • self-sovereign identity security and data ownership, which is the purpose of the development of DID, which is being developed mainly for individuals, can be extended to corporations, and currently, electronic contracts, electronic registration, electronic financial transactions, etc. It has the effect of solving various problems such as the existence of accompanying security vulnerabilities, low trust between transaction parties, inability to guarantee the safety of transactions, abuse of personal information, and complicated and cumbersome document procedures required to conduct electronic transactions.
  • FIG. 1 is a diagram schematically showing the overall structure of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • FIG. 2 is a diagram showing the structure of a terminal in charge of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • FIG. 3 is a diagram showing the structure of a DID issuer server of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • FIG. 4 is a diagram illustrating a method of providing a corporate DID service by a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • FIG. 5 is a diagram illustrating a personal DID or corporate DID issuance procedure applied to a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • each function implemented in the system of the present invention may be configured as a module unit program, and may be recorded in one physical memory, or may be recorded while being distributed between two or more memories and recording media.
  • a term indicating a 'blockchain-based corporate DID service providing system' may be abbreviated as 'corporate DID service providing system' or 'system'.
  • ' ⁇ terminal' is a concept indicating a predetermined computing device that accesses the system and requests a service, or an application program itself running in the predetermined computing device.
  • FIG. 1 is a diagram schematically showing the overall structure of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • the blockchain-based corporate DID service providing system uses a blockchain network 100 that stores the issued DID, and a first personal DID that certifies the identity of the person in charge of the company.
  • a first personal DID that certifies the identity of the person in charge of the company.
  • a second personal DID that proves the identity of the corporate representative in response to the request for issuance of the corporate DID
  • a corporate DID is issued by combining the first and second personal DIDs and corporate-related data, and the issued corporate DID is applied to the blockchain network 100
  • It may include a DID issuer server 400 for registering and distributing to the terminal 200 in charge.
  • the blockchain network 100 includes a plurality of distributed ledgers for identity verification, and participants in the blockchain network 100 use a distributed ledger through a smart contract according to a predetermined consensus procedure. information can be recorded or retrieved.
  • the issued corporate DID and DID document are distributed and stored in a plurality of blocks, and the DID document for the corporate DID provided from the terminal 200 in charge according to the request of the service provider server 600 is provided.
  • the service provider server 600 identifies the purpose of the corresponding company and corporate DID, and confirms the authority to provide the requested service.
  • the person in charge terminal 200 is a terminal device or application program used by an employee belonging to the corresponding company, and an employee who has the authority to manage and use a certified copy of the corporate register, a corporate seal seal, and a user registration certificate is a corporate transaction through the system of the present invention.
  • a corporate DID can be applied for, issued, and provided to the service provider as a means of proof of corporate identity for contract and other procedures.
  • the person in charge of the company is issued a personal DID that can prove that he or she is the person in charge with the authority of the job through the system using the person in charge terminal 200, and the representative of the company using the personal DID
  • the company upon completion of approval, the company will request issuance of a corporate DID using his/her personal DID and the representative's personal DID.
  • the corporate person in charge provides the corporate DID to the service provider server 600 for performing the intended task to perform the identity verification procedure. and can carry out the task.
  • the representative terminal 300 is a terminal device or application program used by a representative who possesses and manages a corporate seal, such as the representative director of the company, and replaces the corporate seal by the person in charge of the company for tasks requiring the sealing of the corporate seal, such as a corporate contract.
  • a corporate seal such as the representative director of the company
  • the use of corporate DID may be approved.
  • the company representative is issued a personal DID that can prove that he is a representative through the system using his/her representative terminal 300, and after that, when an approval for issuance of the corporate DID is requested from the person in charge terminal 200, By using their personal DID to verify identity and to process approval for issuance requests, the company person in charge can be issued a corporate DID.
  • PCS Personal Communication System
  • GSM Global System for Mobile communications
  • PDC Personal Digital Cellular
  • PHS Personal Handyphone System
  • PDA Personal Digital Assistant
  • IMT International Mobile Telecommunication
  • CDMA Code Division Multiple Access
  • W-CDMA Wide-Code Division Multiple Access
  • Wibro Wireless Broadband Internet
  • smartphone All kinds of handheld-based mobile terminal devices such as (smartphone), smart pad (smartpad), tablet PC (Tablet PC), etc., computing devices such as stationary PCs and notebooks may be used.
  • the DID issuer server 400 may issue and register a personal DID for identification in the block chain network 100 according to the request of the registered manager terminal 200 and the representative terminal 300 of each registered company, and also the authority In accordance with the request of the terminal 200 in charge of having a representative terminal 300 having an obligation to manage, use, etc. the corporate seal may request approval for use.
  • the DID issuer server 400 may be operated by a separate company or institution, or may be independently operated by a company that wants to use the corporate DID service.
  • the DID issuer server 400 of the present invention may be mounted on a server itself operated by an institution or company that intends to introduce the system of the present invention, or may provide a service in connection with a corporate server.
  • the DID issuer server 400 generates a corporate DID for a use request normally approved by the representative terminal 300 and registers it in the block chain network 100, and distributes the corporate DID to the requested person in charge terminal 200.
  • the DID issuer server 400 is a separate company or institution in order to verify the ownership of the DID submitted by the requester when the DID issuance request of the person in charge terminal 200 and the representative terminal 300 is requested. You can also request authentication for DID ownership from a server operated by others.
  • the DID issuer server 400 includes a high-performance microprocessor and large capacity to quickly respond without errors and delays to personal DID and corporate DID issuance requests, use approvals, etc. of a plurality of the person in charge terminal 200 and the representative terminal 300 .
  • a server device equipped with memory and storage may be used.
  • the personal DID stored in the blockchain network is stored using the authentication value generated by the user's private key.
  • the public key included in the DID document it is possible to verify the user, that is, the company representative or the company representative.
  • the service provider server 600 is a server device that provides various corporate business services performed by a corporation through a corporate seal or corporate seal card. It can be performed through the corporate DID provided by the system of the present invention.
  • This service provider server 600 refers to the DID document identified through the corporate DID from the blockchain network when the person in charge terminal 200 requests a predetermined corporate business process through the corporate DID, and the DID ownership of the corporation DID, purpose of use and scope, and provide the requested service through the corporate DID whose identity has been verified through the identity verification process.
  • the blockchain-based corporate DID service providing system provides a number of necessary documents such as a corporate registration certificate and corporate seal stamp required to perform business such as corporate contracts in each company.
  • the corporate person in charge can receive a one-time corporate DID according to the purpose through his/her terminal and perform related tasks, thereby solving various problems such as complex document processing, misuse of corporate documents and security vulnerabilities, and stabilizing corporate transactions. And there is an effect that can handle the work.
  • each component constituting the person in charge terminal 200 and the person in charge terminal 200 may be composed of a computer program executable by a known microprocessor, and is recorded on a readable and writable recording medium and mounted on the terminal device.
  • FIG. 2 is a diagram showing a terminal 200 in charge of a blockchain-based corporate DID service providing system according to an embodiment of the present invention requests the DID issuer server 400 to issue the first personal DID, and the issued first personal DID Requests issuance of corporate DID to the personal DID management unit 210 receiving the distribution, DID issuer server 400, receives corporate-related data, submits it to the DID issuer server 400, and receives corporate DID distribution It may include a management unit 220, a corporate DID submission unit 230 for submitting the distributed corporate DID to the service provider server 600 according to the purpose of use, and a storage 240 for storing the first personal DID and corporate DID. have.
  • the personal DID management unit 210 may provide various management functions for the first personal DID, which is the DID issued to the person in charge of the company.
  • the personal DID management unit 210 may request the issuance of the first personal DID for identification as a person belonging to the corresponding company, the DID issuer server 400, a server operated by the company, or the like, and the issued first individual
  • the DID may be stored in the storage 240 and, later, when the person in charge of the company wants to prove his/her identity, the stored first personal DID may be submitted to perform an identity verification procedure.
  • the corporate DID management unit 220 may provide a function related to the corporate DID.
  • a first personal DID may be issued, and a corporate DID for business processing may be generated and distributed based on this.
  • the person in charge of the company holding the first personal DID may request issuance of the corporate DID through the person in charge terminal 200 when a business requiring a corporate seal, such as a corporate contract, is performed, and the corporate DID management unit 220 is stored in the storage 240 .
  • the first personal DID may be submitted to the DID issuer server 400 and an application for the corporate DID may be issued.
  • the corporate DID management unit 220 may receive information such as the purpose of use of the corporate DID, the submitting institution (company), the corporate representative name and date, and the like, from the person in charge of the corporation.
  • the DID issuer server 400 may identify a corporate representative in response to a corporate DID issuance application and request approval for corporate DID issuance from the representative terminal.
  • the corporate DID management unit 220 may store the distributed corporate DID in the storage 240 .
  • the corporate DID submission unit 230 may submit the corporate DID stored in the storage 240 to the service provider server 600 according to the execution of the corporate person in charge.
  • the corporate DID submission unit 230 may register information such as a submission destination and usage history of the corporate DID in the blockchain network.
  • the storage 240 may store a personal DID and a corporate DID that are currently in effect. Of these, in general, as a corporate DID has a period of use, a corporate DID whose use period has elapsed may be automatically discarded.
  • the person in charge terminal 200 may be stored in a Trusted Execution Environment (TEE) area within the terminal so that the person in charge of the company can manage his/her personal information including personal DID, Accordingly, the storage 240 may exist in the TEE area.
  • TEE Trusted Execution Environment
  • the aforementioned TEE stores personal information including DID on a processor in which a secure normal area and a secure area in which a general application is executed are separated, and information exchange with the general area is controlled and There are features that support security software to run safely.
  • an architecture-based processor of ARM Corporation is widely used, and when an ARM processor is installed in the terminal in charge 200 , personal information is stored in TrustZone for TEE support. can be recorded and managed.
  • TPM Trusted Platform Module
  • the representative terminal used by the representative who performs approval for the corporate DID request may also include a component for using the system.
  • the representative terminal requests the issuance of the second personal DID from the DID issuer server and the personal DID management unit that receives the issued personal DID, and the corporate DID issuance request request from the person in charge terminal 200 with the authority of the company representative. It may include a usage approval unit that receives the usage approval input and provides it to the DID issuer server 400, and a storage for storing the second personal DID.
  • FIG. 3 is a diagram showing the structure of a DID issuer server of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • the DID issuer server 400 of the blockchain-based corporate DID service providing system receives a DID issuance request from the person in charge terminal 200 and the representative terminal 300. 410), an identity verification unit 420 that performs identity verification using the first and second personal DIDs, and an approval request unit that requests approval of use from the representative terminal of the company representative in response to a request for issuance of the verified corporate DID ( 430), a DID generating unit 440 that generates a corporate DID for a corporate DID issuance request that is verified and approved for use and registers it in the blockchain network 100, and uses the generated DID to the person in charge terminal 200 or the representative terminal 300 ), when the usage history including the period of use for the DID distribution unit 450 and the corporate DID occurs, the usage history is hashed and added to the DID document of the corporate DID, registered in the blockchain network 100, and allowed to use time It may include a DID management unit 460 that discards the corporate DID and
  • the issuance reception unit 410 may receive the first personal DID according to the request of the person in charge terminal 200 to receive the issuance request for the corporate DID.
  • a person in charge of a company who wants to use the corporate DID for business may submit the first personal DID stored in the person in charge terminal 200 to the DID issuer server 400 and apply for issuance of the corporate DID, and the issuance reception unit 410 is the first individual You can input DID and various information necessary for issuing corporate DID.
  • the identity verification unit 420 may perform an identity verification procedure for the submitted first personal DID in response to the corporate DID issuance request.
  • the identity verification unit 420 may request identification for the first personal DID by obtaining a DID document from the blockchain network 100 through the first personal DID and confirming the public key.
  • the person in charge terminal 200 generates a public key authentication value using the private key and provides it to the identity verification unit 420 , and the identity verification unit 420 checks the authentication value using the public key, so that the identity will be verified.
  • the identity verification unit 420 may verify the identity of the second personal DID, that is, the company representative, according to the same procedure as above.
  • the approval request unit 430 may request approval for use of the corporate DID request from the representative terminal 300 of the company representative of the identified company, and the corporate representative whose identity is verified through the second personal DID. It is possible to confirm the issuance of the corporate DID by receiving a reply from the representative terminal 300 of the use approval.
  • the DID generator 440 may generate a corporate DID in response to a corporate DID request for which the corporate DID issuance is confirmed according to the approval of use of the representative terminal 300 .
  • the DID generating unit 440 according to an embodiment of the present invention generates the corporate DID of the corresponding company, the first and second personal DIDs with the verified identity, the image file for the actual corporate seal, and the terminal 200 in charge. ), a unique index can be created by combining information including the purpose of use, period of use, etc. of the corporate seal input by It is possible to create a corporate DID and its DID document by reflecting it in the DID document.
  • a hash function may be used in a given method according to the characteristics of the platform of the applied blockchain network 100, and it is not limited to the method applied to a specific platform.
  • the DID distribution unit 450 may distribute the generated corporate DID to the terminal 200 in charge, and record and register the corporate DID and DID document in the blockchain network 100 .
  • the DID generator 440 generates a transaction by executing a smart contract for registration of corporate DID, and the blockchain network 100 determines the legitimacy of the transaction through a known consensus algorithm, and distributes and stores it in the distributed ledger.
  • the person in charge terminal 200 may use the corporate DID for business operation, and when using the corporate DID, the service providing server may proceed normally according to whether or not it meets the predetermined purpose of use in the identity verification procedure or the like. That is, the corporate DID according to the embodiment of the present invention has the effect of sealing the corporate seal only when it meets a preset purpose of use.
  • DID management unit 460 after distribution of the corporate DID, when a business using the corporate DID by the person in charge terminal 200 occurs, identification of the service provider server that handles the business, the DID document reference, etc. When procedures such as reference are in progress, the details After tracking, the distributed ledger related to the corporate DID can be updated, or the details of the corporate DID can be additionally recorded.
  • the DID management unit 460 hashes the usage history, including the usage period, for the corporate DID, generates a transaction for the block chain network 100, and adds it to the DID document of the corporate DID. can be registered in
  • the DID management unit 460 discards the corporate DID so that the corporate DID cannot be used any more when the permitted time has elapsed. can do. This is to secure the transparency of transaction details by preserving all transaction details related to corporate DID.
  • FIG. 4 is a diagram illustrating a method of providing a corporate DID service by a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • the corporate DID service providing method by the blockchain-based corporate DID service providing system is a corporate DID service providing method using the blockchain network 100 that stores the issued DID.
  • the step (S100) of the person in charge terminal 200 requesting the DID issuer server 400 to issue a corporate DID of the company to which the person in charge belongs by using the first personal DID that proves the identity of the person in charge of the company (S100), the DID issuer server Step (400) requesting approval for use of the corporate DID issued by the first personal DID requested by the identity-verified first personal DID to the representative terminal 300 (S200), the representative terminal 300 responds to the corporate DID issuance request
  • a step of replying to the DID issuer server the approval for use of the corporate DID (S300) the DID issuer server issues the corporate DID approved for use from the representative terminal 300
  • step (S100) in which the terminal in charge requests the DID issuer server to issue a corporate DID of the company to which the person in charge belongs by using the first personal DID that proves the identity of the person in charge of the company, the company in agreement with the system of the present invention
  • the company manager In order to perform a business that requires a corporate seal by using the first personal DID for identification verification, the company manager, such as executives and employees of You can request the issuance of a corporate DID.
  • the first personal DID may be issued directly from the corporate server operated by the company to which the first personal DID belongs, or may be issued from the DID issuer server through the personal DID issuance service of the DID issuer server of the present invention.
  • step (S200) of the DID issuer server requesting approval for use to the representative terminal for the corporate DID issuance request requested by the first personal DID whose identity has been verified.
  • the representative terminal requests the DID issuer server to approve the use of the corporate DID using the second personal DID that proves the identity of the corporate representative (S300), If the corporate representative approves upon request, the representative terminal submits the stored second personal DID to the DID issuer server and approves the issuance of the corporate DID.
  • the second personal DID may be issued by the same procedure, except that the subject is different from the first personal DID described above.
  • step (S400) of the DID issuer server issuing a corporate DID by combining the first and second personal DIDs with corporate-related data in response to a corporate DID issuance request approved for use from the representative terminal, After creating a unique index by combining the first and second personal DIDs certified by the company, information including the purpose and period of use of the corporate DID, and the image file for the actual corporate seal, hashing the result of the combination, By creating a corporate DID that includes a unique index in the DID document and registering it in the blockchain network, a corporate DID for the request is issued.
  • step (S500) of the DID issuer server registering the issued corporate DID in the block chain network and distributing the corporate DID to the terminal in charge
  • the DID issuer server transmits the corporate DID issued in step S400 to the terminal in charge of the requesting distribution procedure.
  • the terminal in charge may use the corporate DID stored therein to replace the corporate seal according to the purpose of use to process tasks such as corporate contracts.
  • step S500 if it is submitted to the service provider server according to the purpose of use of the corporate DID or the period of use has elapsed, the DID issuer server additionally records the usage history in the DID document of the corporate DID of the blockchain network, and discards the corporate DID. can do.
  • FIG. 5 is a diagram illustrating a personal DID or corporate DID issuance procedure applied to a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • the following description exemplifies how DID is used for identity verification in the DID issuer server of the present invention. Some of the methods may be changed.
  • the decentralized identity authentication technology premised by the system of the present invention is an electronic identity authentication technology that stores personal information in the user's terminal and selects and submits only the necessary information for personal information authentication.
  • This has the feature of enabling self-sovereign identity verification that allows individuals to verify their identity without going through a centralized institution by using the blockchain network to directly manage their data.
  • the DID issuer server 400 in the form of, for example, 'did:sov:abcdef' (a).
  • the DID issuer server 400 can identify and obtain a DID document from 'did:sov:abcdef' registered in the blockchain network 100 (b).
  • the DID issuer server 400 refers to a database operated by itself for 'did:sov:abcdef' and checks whether the issue was issued by the company (c).
  • the authentication value generated by the private key is provided from the terminal in charge 200, and the DID issuer server 400 is the corresponding
  • the terminal in charge 200 is the owner of the personal DID (d).
  • Blockchain network 200 Person in charge terminal
  • DID distribution unit 450 DID distribution unit 460: DID management unit

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Data Mining & Analysis (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Educational Administration (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Primary Health Care (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Power Engineering (AREA)

Abstract

The present invention provides a system for providing a corporate decentralized identity (DID) service. More specifically, the present invention relates to a system and a method for providing a blockchain-based corporate DID service, the system and the method providing an electronic corporate authentication means through the distributed DID on the basis of a blockchain technology. According to one embodiment of the present invention, the self-sovereign identity (SSI), which is the conventional development purpose of DID, having been mainly developed for individuals, and data ownership can be extended up to the corporation, and, currently, various problems such as the presence of security vulnerabilities accompanying electronic contracts, electronic registrations, electronic financial transactions and the like, low trust between transaction parties, the inability to guarantee transaction safety, the abuse of personal information, and complicated and cumbersome paperwork required to perform the electronic transaction can be solved.

Description

블록체인 기반 법인DID 서비스 제공 시스템 및 방법Blockchain-based corporate DID service providing system and method
본 발명은 법인DID(Decentralized Identity) 서비스 제공 시스템에 관한 것으로, 특히 블록체인 기술에 기반하여 분산화된 탈중앙화 신원증명을 통해 전자화된 법인 인증수단을 제공하는 블록체인 기반 법인DID 서비스 제공 시스템 및 방법에 관한 것이다.The present invention relates to a corporate DID (Decentralized Identity) service providing system, and in particular, to a blockchain-based corporate DID service providing system and method that provides an electronic corporate authentication means through decentralized, decentralized identification based on blockchain technology. it's about
일반적으로, 법인은 기업에서 처리해야 하는 여러 업무에 대하여 법인인감 증명이 필요한 상황이 종종 발생하곤 한다.In general, a corporation often needs to prove its corporate seal for various tasks that the corporation has to handle.
특히, 법인이 정부기관과의 계약 체결 또는 은행 등 금융기관을 대상으로 하는 업무를 처리하기 위해서는 법인등기부등본, 법인인감도장, 사용자등록증, 대리인 체결 시 위임장(대리인, 위임인의 법인 인감도장, 인감증명서 필요) 등 상당한 구비서류를 요구함에 따라, 편의성이 저하되고 계약의 신뢰성 및 안정성이 결여되는 원인이 된다. In particular, in order for a corporation to conclude a contract with a government institution or process a business for a financial institution such as a bank, a certified copy of the corporate register, corporate seal seal, user registration certificate, power of attorney when signing an agent (representative, proxy’s corporate seal seal, seal certificate) Required), etc., require considerable required documents, which reduces convenience and causes a lack of reliability and stability of the contract.
전술한 구비서류 중, 법인인감증명서 및 법인등기부등본 등을 발급하기 위해서는 법인임을 증명하기 위한 법인인감카드가 요구된다. 상기의 법인인감카드는 물리카드로서 업무 처리의 편의성을 목적으로 도입되었으며, 전자등기 및 무인 서류발급기 등의 이용이 가능하다는 점에서 장점이 있으나, 실질적으로 법인인감카드를 관리 및 보유하는 자, 일례로서 기업의 업무 담당자가 법인의 대표 승낙없이 악용할 경우, 법인 서류를 발급하여 악용 가능하다는 위험 존재한다.Among the required documents, a corporate seal card is required to prove that it is a corporation in order to issue a corporate seal certificate and a certified copy of corporation registration. The above corporate seal card is a physical card, introduced for the purpose of convenient business processing, and has an advantage in that electronic registration and unmanned document issuance are possible. As such, if the person in charge of the company abuses it without the approval of the representative of the corporation, there is a risk that it can be abused by issuing corporate documents.
또한, 법인의 금융 업무 처리에 반드시 요구되는 공인인증서, 개인용 컴퓨터, USB 장치 등에 쉽게 복사 및 저장이 가능함에 따라 악용 가능성이 수반되며, 해킹에 따른 유출 혹은 분실의 위험이 상시 존재한다고 할 수 있다.In addition, as it can be easily copied and stored on public certificates, personal computers, USB devices, etc. required for corporate financial business processing, there is a possibility of misuse, and there is always a risk of leakage or loss due to hacking.
이러한 법인인감카드는 공인인증서, 법인인감카드 등 업무 진행에 필요한 서류 발급 및 제출 등의 절차를 실질적으로 기업 대표가 모두 처리할 수 없다는 한계가 있으며, 결국 전자기반 거래의 가능을 통한 편의성 증진의 취지로 개발되었으나 직원의 악용 가능성, 해킹 등에 따른 낮은 보안성과 안전성 문제에서 자유롭지 않다.The corporate seal card has a limitation that the company representative cannot substantially handle all the procedures such as issuance and submission of documents necessary for business operation, such as accredited certificates and corporate seal cards. However, it is not free from low security and safety problems caused by employee abuse and hacking.
한편, 공지의 공인인증서는 신뢰할 수 있는 승인기관(CA)을 통하여 발급되고, 발급기관 내 신원정보를 일괄 저장한다는 점에서 개인의 자기 주권과 보안성이 보장되지 않는 한계가 있다.On the other hand, publicly-known public certificates are issued through a trusted approval authority (CA), and individual self-sovereignty and security are not guaranteed in that the identity information in the issuing authority is collectively stored.
또한, 전자서명은 전자계약 및 전자상거래 이용 등을 위하여 개발되었으며, 서명된 문서의 내용을 변경하거나 삭제하는 것과, 서명 사실을 부인하는 것 등이 불가능하도록 무결성 및 부인 방지 기능을 제공하는 것이 목적이나, 검증하는 키가 공개된 공개키 방식을 이용함에 따라, 서명의 검증은 누구나 가능하다는 문제가 있다. 이는 송신자의 공개키가 맞는지 확인이 불가하며, 이에 따라 해커가 자신을 송신자로 속여서 전송하는 경우 문제가 발생할 가능성이 있다.In addition, the electronic signature was developed for the use of electronic contracts and e-commerce transactions, and the purpose is to provide integrity and non-repudiation functions so that it is impossible to change or delete the contents of the signed document and to deny the fact of the signature. , there is a problem that anyone can verify the signature as the verification key uses the public key method. It is impossible to verify whether the sender's public key is correct, and there is a possibility that a problem may occur if a hacker deceives himself as the sender and sends it.
따라서, 현재까지 법인에서 전자계약 체결 요건인 전자서명을 포함하여 각종 법인 증명 기술, 체결된 계약의 신뢰성 및 무결성 등을 담보하기 위한 효율적인 수단이 없는 실정이라 할 수 있다.Therefore, it can be said that there is no effective means for securing the reliability and integrity of various legal entity authentication technologies, including the electronic signature, which is a requirement for electronic contract conclusion, in corporations to date.
[선행기술문헌][Prior art literature]
한국등록특허공보 제10-2131206호(공고일자: 2020.08.05.)Korean Patent Publication No. 10-2131206 (Announcement Date: 2020.08.05.)
본 발명은 전술한 문제점을 해결하기 위해 안출된 것으로, 본 발명은 기존의 법인인감카드를 대체할 수 있는 탈중앙화 신원증명(Decentralized Identity; DID) 기술에 기반한 새로운 개념의 인증수단인 법인DID를 제공하는 데 과제가 있다. The present invention has been devised to solve the above problems, and the present invention provides a corporate DID, a new concept authentication means based on a decentralized identity (DID) technology that can replace the existing corporate seal card. There is a task to do.
전술한 과제를 해결하기 위해, 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템은, 발급된 DID를 저장하는 블록체인 네트워크, 기업 담당자의 신원을 증명하는 제1 개인DID를 이용하여 기업 담당자가 속한 기업의 법인DID의 발급을 요청하는 담당자 단말, 상기 법인DID의 발급 요청에 응답하여 기업 대표자의 신원을 증명하는 제2 개인DID를 이용하여 상기 법인DID에 대한 사용을 승인하는 대표자 단말 및, 상기 대표자 단말로부터 사용 승인된 법인DID 발급 요청건에 대하여, 상기 제1 및 제2 개인DID와 법인관련 데이터를 조합하여 법인DID를 발급하고, 발급된 법인DID를 상기 블록체인 네트워크에 등록 및 상기 담당자 단말에 배포하는 DID 발행자 서버를 포함할 수 있다.In order to solve the above problems, the blockchain-based corporate DID service providing system according to an embodiment of the present invention uses a blockchain network that stores the issued DID, and a first personal DID that certifies the identity of the person in charge of the company. A person in charge terminal requesting issuance of the corporate DID of the company to which the person in charge belongs, a representative terminal that approves the use of the corporate DID using a second personal DID that certifies the identity of the corporate representative in response to the request for issuance of the corporate DID; and , in response to a corporate DID issuance request approved for use by the representative terminal, a corporate DID is issued by combining the first and second personal DIDs with corporate-related data, and the issued corporate DID is registered in the blockchain network and the person in charge It may include a DID issuer server distributed to the terminal.
상기 담당자 단말은, 상기 DID 발행자 서버에 상기 제1 개인DID의 발급을 요청하고, 발급된 제1 개인DID를 배포받는 개인DID 관리부, 상기 DID 발행자 서버에 상기 법인DID의 발급을 요청하고, 상기 법인관련 데이터를 입력받아 상기 DID 발행자 서버에 제출하고, 발급된 법인DID를 배포받는 법인DID 관리부, 배포된 법인DID를 사용목적에 따라 서비스 제공자 서버에 제출하는 법인DID 제출부 및, 상기 제1 개인DID 및 법인DID를 저장하는 저장소를 포함할 수 있다.The terminal in charge requests issuance of the first personal DID to the DID issuer server, a personal DID management unit receiving the issued first personal DID, and the DID issuer server to request issuance of the corporate DID, and the corporation A corporate DID management unit that receives related data and submits it to the DID issuer server, receives the issued corporate DID, a corporate DID submitter that submits the distributed corporate DID to the service provider server according to the purpose of use, and the first personal DID and a storage for storing the corporate DID.
상기 대표자 단말은, 상기 DID 발행자 서버에 상기 제2 개인DID의 발급을 요청하고, 발급된 제2 개인DID를 배포받는 개인DID 관리부, 기업 대표자 권한으로 상기 법인DID 발급 요청건에 대한 사용 승인을 입력받아 상기 DID 발행자 서버에 제공하는 사용 승인부 및, 상기 제2 개인DID를 저장하는 저장소를 포함할 수 있다.The representative terminal requests issuance of the second personal DID from the DID issuer server, a personal DID management unit receiving the issued second personal DID, and a corporate representative authority to receive approval for use of the corporate DID issuance request. and a storage for storing the use approval unit provided to the DID issuer server and the second personal DID.
상기 DID 발행자 서버는, 상기 담당자 단말 및 대표자 단말로부터 DID 발급을 요청받는 발급 접수부, 상기 제1 및 제2 개인DID를 이용하여 해당 기업 담당자 및 기업 대표자의 신원 검증을 수행하는 신원 검증부, 신원 검증된 법인DID 발급 요청건에 대하여 해당 기업 대표자의 대표자 단말에 사용 승인을 요청하는 승인 요청부, 신원 검증 및 사용 승인된 법인DID 발급 요청건에 대한 법인DID를 생성하여 상기 블록체인 네트워크에 등록하는 DID 생성부 및, 생성된 DID를 담당자 단말 또는 대표자 단말에 배포하는 DID 배포부를 포함할 수 있다.The DID issuer server includes an issuance reception unit that receives a request for issuance of a DID from the person in charge terminal and the representative terminal, an identity verification unit that verifies the identity of the person in charge of the company and the company representative using the first and second personal DIDs, and identity verification Approval request unit that requests approval of use from the representative terminal of the company representative for the requested corporate DID issuance, and a DID generator that generates and registers corporate DIDs for corporate DID issuance requests that have been verified and approved for use in the blockchain network and a DID distribution unit distributing the generated DID to a terminal in charge or a representative terminal.
상기 DID 생성부는, 상기 담당자 단말로부터 제공되는 법인인감 이미지 파일 및 사용목적을 가공하여 법인관련 데이터를 생성하고, 상기 법인관련 데이터를 상기 법인DID의 DID 도큐먼트에 반영할 수 있다.The DID generating unit may generate corporate-related data by processing the corporate seal image file and purpose of use provided from the terminal in charge, and reflect the corporation-related data in the DID document of the corporation DID.
상기 법인관련 데이터는, 상기 법인인감 이미지 파일을 소정의 해시함수를 통해 해싱한 데이터를 포함할 수 있다.The corporation-related data may include data obtained by hashing the corporate seal image file through a predetermined hash function.
상기 DID 발행자 서버는, 상기 법인DID에 대하여 사용기간을 포함하는 사용내역 발생시, 상기 사용내역을 해싱하여 상기 법인DID의 DID 도큐먼트에 추가하여 상기 블록체인 네트워크에 등록하고, 상기 사용기간을 경과하면 상기 법인DID를 폐기하고 상기 블록체인 네트워크에 등록하는 DID 관리부를 더 포함할 수 있다.The DID issuer server, when a usage history including a usage period occurs for the corporate DID, hashes the usage history, adds it to the DID document of the corporate DID, registers it in the blockchain network, and when the usage period elapses, the It may further include a DID management unit that discards the corporate DID and registers it in the blockchain network.
또한, 전술한 과제를 해결하기 위해, 본 발명의 다른 양태의 실시예에 따른 블록체인 네트워크를 이용한 법인DID 서비스 제공 방법은, 발급된 DID를 저장하는 블록체인 네트워크를 이용한 법인DID 서비스 제공 방법에 있어서, 담당자 단말이 기업 담당자의 신원을 증명하는 제1 개인DID를 이용하여 기업 담당자가 속한 기업의 법인DID의 발급을 DID 발행자 서버에 요청하는 단계, 상기 DID 발행자 서버가 신원 검증된 제1 개인DID에 의해 요청된 법인DID 발급 요청에 대하여 대표자 단말에 사용 승인을 회신하는 단계, 상기 대표자 단말이 상기 법인DID의 발급 요청에 응답하여, 기업 대표자의 신원을 증명하는 제2 개인DID를 이용하여 상기 법인DID에 대한 사용 승인을 상기 DID 발행자 서버에 요청하는 단계, 상기 DID 발행자 서버가 상기 대표자 단말로부터 사용 승인된 법인DID 발급 요청건에 대하여, 상기 제1 및 제2 개인DID와 법인관련 데이터를 조합하여 법인DID를 발급하는 단계 및, 상기 DID 발행자 서버가 발급된 법인DID를 상기 블록체인 네트워크에 등록 및 상기 담당자 단말에 배포하는 단계를 포함할 수 있다.In addition, in order to solve the above problem, a corporate DID service providing method using a block chain network according to an embodiment of another aspect of the present invention is a corporate DID service providing method using a block chain network storing the issued DID, , requesting, by the person in charge terminal, to the DID issuer server for issuance of a corporate DID of the company to which the person in charge belongs by using the first personal DID that proves the identity of the person in charge of the company; replying to the representative terminal for approval of use in response to the corporate DID issuance request requested by the company; requesting the DID issuer server for permission to use the issuing the DID, and registering the corporate DID issued by the DID issuer server to the block chain network and distributing the issued corporate DID to the terminal in charge.
상기 담당자 단말이 기업 담당자의 신원을 증명하는 제1 개인DID를 이용하여 기업 담당자가 속한 기업의 법인DID의 발급을 DID 발행자 서버에 요청하는 단계 이전에, 상기 담당자 단말이 상기 DID 발행자 서버에 상기 제1 개인DID의 발급을 요청하는 단계, 상기 DID 발행자 서버가 해당 기업 담당자에 대한 제1 개인DID을 발급 및 상기 블록체인 네트워크에 등록하는 단계, 상기 DID 발행자 서버가 등록된 제1 개인DID를 상기 담당자 단말에 배포하는 단계 및, 상기 담당자 단말이 배포된 제1 개인DID를 저장소에 저장하는 단계를 포함할 수 있다.Before the step in which the person in charge terminal requests the DID issuer server to issue a corporate DID of the company to which the person in charge belongs using the first personal DID that proves the identity of the person in charge of the company, the terminal in charge sends the first personal DID to the DID issuer server 1 requesting the issuance of a personal DID, the DID issuer server issuing a first personal DID for the person in charge of the company and registering the first personal DID in the blockchain network, and the DID issuer server sends the registered first personal DID to the person in charge It may include distributing to the terminal, and storing the distributed first personal DID in a storage by the terminal in charge.
상기 대표자 단말이 상기 법인DID의 발급 요청에 응답하여, 기업 대표자의 신원을 증명하는 제2 개인DID를 이용하여 상기 법인DID에 대한 사용 승인을 상기 DID 발행자 서버에 요청하는 단계 이전에, 상기 대표자 단말이 상기 DID 발행자 서버에 상기 제2 개인DID의 발급을 요청하는 단계, 상기 DID 발행자 서버가 해당 기업 대표자에 대한 제2 개인DID을 발급 및 상기 블록체인 네트워크에 등록하는 단계, 상기 DID 발행자 서버가 등록된 제2 개인DID를 상기 대표자 단말에 배포하는 단계 및, 상기 대표자 단말이 배포된 제2 개인DID를 저장소에 저장하는 단계를 포함할 수 있다.Before the representative terminal requests the DID issuer server to approve the use of the corporate DID using a second personal DID that proves the identity of the corporate representative in response to the corporate DID issuance request, the representative terminal requesting the DID issuer server to issue the second personal DID, the DID issuer server issuing a second personal DID for the company representative and registering it in the blockchain network, the DID issuer server registering The method may include distributing the distributed second personal DID to the representative terminal, and storing the distributed second personal DID by the representative terminal in a storage.
상기 DID 발행자 서버가 상기 대표자 단말로부터 사용 승인된 법인DID 발급 요청건에 대하여, 상기 제1 및 제2 개인DID와 법인관련 데이터를 조합하여 법인DID를 발급하는 단계는, 상기 담당자 단말이 상기 DID 발행자 서버에 법인인감 이미지 파일 및 사용목적을 제공하는 단계, 상기 DID 발행자 서버가 제공된 법인인감 이미지 파일 및 사용목적을 가공하여 법인관련 데이터를 생성하는 단계; 및, 상기 DID 발행자 서버가 상기 법인관련 데이터를 상기 법인DID의 DID 도큐먼트에 반영하는 단계를 포함할 수 있다.The step of issuing, by the DID issuer server, a corporate DID by combining the first and second personal DIDs with corporate-related data in response to a corporate DID issuance request approved for use by the representative terminal, comprises: the terminal in charge of the DID issuer server providing a corporate seal image file and purpose of use to the server, generating corporate related data by processing the corporate seal image file and purpose of use provided by the DID issuer server; and, by the DID issuer server, reflecting the corporation-related data in the DID document of the corporation DID.
상기 법인관련 데이터는, 상기 법인인감 이미지 파일을 소정의 해시함수를 통해 해싱한 데이터를 포함할 수 있다.The corporation-related data may include data obtained by hashing the corporate seal image file through a predetermined hash function.
상기 DID 발행자 서버가 발급된 법인DID를 상기 블록체인 네트워크에 등록 및 상기 담당자 단말에 배포하는 단계 이후, 상기 DID 발행자 서버가 상기 법인DID에 대하여 사용기간을 포함하는 사용내역 발생시, 상기 사용내역을 해싱하고 상기 법인DID의 DID 도큐먼트에 추가하여 상기 블록체인 네트워크에 등록하는 단계 및, 상기 DID 발행자 서버가 상기 사용기간을 경과하면 상기 법인DID를 폐기하고, 상기 블록체인 네트워크에 등록하는 단계를 포함할 수 있다.After the DID issuer server registers the issued corporate DID in the block chain network and distributes it to the terminal in charge, when the DID issuer server generates usage details including the period of use for the corporate DID, the usage details are hashed and registering in the blockchain network by adding it to the DID document of the corporate DID; and discarding the corporate DID when the DID issuer server elapses the period of use and registering in the blockchain network. have.
본 발명의 실시예에 따르면, 종래 개인 위주로 개발중인 DID의 개발 취지인 자기주권형 신원보장(SSI)과 데이터 소유권을 법인까지 확대할 수 있고, 현재, 전자계약, 전자등기 및 전자금융거래 등이 수반하는 보안 취약점 존재, 거래 당사자들 사이에 낮은 신뢰, 거래의 안전성 담보 불가, 개인의 정보악용 및, 전자 거래를 수행하기 위해 필요한 복잡하고 번거로운 서류 절차 등의 다양한 문제점을 해결할 수 있는 효과가 있다.According to an embodiment of the present invention, self-sovereign identity security (SSI) and data ownership, which is the purpose of the development of DID, which is being developed mainly for individuals, can be extended to corporations, and currently, electronic contracts, electronic registration, electronic financial transactions, etc. It has the effect of solving various problems such as the existence of accompanying security vulnerabilities, low trust between transaction parties, inability to guarantee the safety of transactions, abuse of personal information, and complicated and cumbersome document procedures required to conduct electronic transactions.
도 1은 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템의 전체 구조를 개략적으로 나타낸 도면이다.1 is a diagram schematically showing the overall structure of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
도 2는 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템의 담당자 단말의 구조를 나타낸 도면이다.2 is a diagram showing the structure of a terminal in charge of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
도 3은 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템의 DID 발행자 서버의 구조를 나타낸 도면이다.3 is a diagram showing the structure of a DID issuer server of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
도 4는 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템에 의한 법인DID 서비스 제공 방법을 나타낸 도면이다.4 is a diagram illustrating a method of providing a corporate DID service by a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
도 5는 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템에 적용되는 개인DID 또는 법인DID 발급절차를 예시한 도면이다.5 is a diagram illustrating a personal DID or corporate DID issuance procedure applied to a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
설명에 앞서, 명세서 전체에서 어떤 부분이 어떤 구성요소를 "구비" 또는 "포함" 한다고 할 때, 이는 특별히 반대되는 기재가 없는 한, 다른 구성요소를 제외하는 것이 아니라 다른 구성요소를 더 포함할 수 있는 것을 의미한다. 또한, 명세서에 기재된 "...부(Unit)", "...서버(Server)", "...시스템(System)" 등의 용어는 적어도 하나의 기능이나 동작을 처리하는 단위를 의미하며, 이는 하드웨어, 소프트웨어 또는, 하드웨어 및 소프트웨어의 결합으로 구현될 수 있다.Prior to the description, when a part in the entire specification "includes" or "includes" a certain component, it does not exclude other components, but may further include other components unless otherwise stated. means there is In addition, terms such as "...unit", "...server", "...system", etc. described in the specification mean a unit that processes at least one function or operation. and may be implemented by hardware, software, or a combination of hardware and software.
또한, 본 명세서에서 "실시예"라는 용어는 예시, 사례 또는 도해의 역할을 하는 것을 의미하나, 발명의 대상은 그러한 예에 의해 제한되지 않는다. 또한, "포함하는", "구비하는", "갖는" 및 다른 유사한 용어가 사용되고 있으나, 청구범위에서 사용되는 경우 임의의 추가적인 또는 다른 구성요소를 배제하지 않는 개방적인 전환어(Transition word)로서 "포함하는(Comprising)"이라는 용어와 유사한 방식으로 포괄적으로 사용된다.In addition, the term "embodiment" herein means serving as an illustration, example, or illustration, but the subject matter of the invention is not limited by such examples. Also, "comprising", "comprising", "having" and other similar terms are used, but when used in the claims, " as an open-ended transition word that does not exclude any additional or other element. It is used generically in a manner analogous to the term "comprising".
본 명세서에 설명된 다양한 기법은 하드웨어 또는 소프트웨어와 함께 구현될 수 있거나, 적합한 경우에 이들 모두의 조합과 함께 구현될 수 있다. 본 명세서에 사용된 바와 같은 "...부(Unit)", "...서버(Server)", "...시스템(System)" 등의 용어는 마찬가지로 컴퓨터 관련 엔티티(Entity), 즉 하드웨어, 하드웨어 및 소프트웨어의 조합, 소프트웨어 또는 실행 시의 소프트웨어와 등가로 취급할 수 있다. 또한, 본 발명의 시스템에서 구현하는 각 기능은 모듈단위의 프로그램으로 구성될 수 있고, 하나의 물리적 메모리에 기록되거나, 둘 이상의 메모리 및 기록매체 사이에 분산되어 기록될 수 있다.The various techniques described herein may be implemented in conjunction with hardware or software, or a combination of both, where appropriate. As used herein, terms such as "...Unit", "...Server", "...System" and the like likewise refer to computer-related entities, i.e., hardware , a combination of hardware and software, software or software in execution may be treated as equivalent. In addition, each function implemented in the system of the present invention may be configured as a module unit program, and may be recorded in one physical memory, or may be recorded while being distributed between two or more memories and recording media.
이하의 설명에서, 본 발명의 실시예에 따른 '블록체인 기반 법인DID 서비스 제공 시스템'을 가리키는 용어는 '법인DID 서비스 제공 시스템' 또는 '시스템' 등으로 약식 표기될 수 있다.In the following description, a term indicating a 'blockchain-based corporate DID service providing system' according to an embodiment of the present invention may be abbreviated as 'corporate DID service providing system' or 'system'.
또한, 이하의 설명에서, '~ 단말'은 시스템에 접속하여 서비스를 요청하는 소정의 컴퓨팅 장치 또는, 소정의 컴퓨팅 장치에서 구동되는 어플리케이션 프로그램 자체를 가리키는 개념이다.In addition, in the following description, '~ terminal' is a concept indicating a predetermined computing device that accesses the system and requests a service, or an application program itself running in the predetermined computing device.
이하, 도면을 참조하여 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템 및 방법을 상세히 설명한다.Hereinafter, a blockchain-based corporate DID service providing system and method according to an embodiment of the present invention will be described in detail with reference to the drawings.
도 1은 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템의 전체 구조를 개략적으로 나타낸 도면이다.1 is a diagram schematically showing the overall structure of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
도 1을 참조하면, 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템은, 발급된 DID를 저장하는 블록체인 네트워크(100), 기업 담당자의 신원을 증명하는 제1 개인DID를 이용하여 기업 담당자가 속한 기업의 법인DID의 발급을 요청하는 담당자 단말(200), 법인DID의 발급 요청에 응답하여 기업 대표자의 신원을 증명하는 제2 개인DID를 이용하여 상기 법인DID에 대한 사용을 승인하는 대표자 단말(300) 및 대표자 단말로부터 사용 승인된 법인DID 발급 요청건에 대하여, 제1 및 제2 개인DID와 법인관련 데이터를 조합하여 법인DID를 발급하고, 발급된 법인DID를 블록체인 네트워크(100)에 등록 및 담당자 단말(200)에 배포하는 DID 발행자 서버(400)를 포함할 수 있다.Referring to FIG. 1 , the blockchain-based corporate DID service providing system according to an embodiment of the present invention uses a blockchain network 100 that stores the issued DID, and a first personal DID that certifies the identity of the person in charge of the company. Approving the use of the corporate DID by using the person in charge terminal 200 requesting issuance of the corporate DID of the company to which the corporate manager belongs, and a second personal DID that proves the identity of the corporate representative in response to the request for issuance of the corporate DID In response to a request for issuance of corporate DID approved for use from the representative terminal 300 and the representative terminal, a corporate DID is issued by combining the first and second personal DIDs and corporate-related data, and the issued corporate DID is applied to the blockchain network 100 It may include a DID issuer server 400 for registering and distributing to the terminal 200 in charge.
블록체인 네트워크(100)는, 신원증명을 위한 복수의 분산원장(Distributed ledger)을 포함하고, 이러한 블록체인 네트워크(100)의 참여자는 소정의 합의절차에 따라 스마트 컨트랙트(Smart contract)를 통해 분산원장에 정보를 기록하거나 불러올 수 있다.The blockchain network 100 includes a plurality of distributed ledgers for identity verification, and participants in the blockchain network 100 use a distributed ledger through a smart contract according to a predetermined consensus procedure. information can be recorded or retrieved.
특히, 블록체인 네트워크(100)에는 발급된 법인DID 및 DID 도큐먼트가 복수의 블록에 분산 저장되며, 서비스 제공자 서버(600)의 요청에 따라 담당자 단말(200)로부터 제공되는 법인DID에 대한 DID 도큐먼트를 제공함으로써, 서비스 제공자 서버(600)가 해당 기업 및 법인DID의 목적을 식별하고, 권한을 확인하여 요청한 서비스를 제공할 수 있도록 한다.In particular, in the blockchain network 100, the issued corporate DID and DID document are distributed and stored in a plurality of blocks, and the DID document for the corporate DID provided from the terminal 200 in charge according to the request of the service provider server 600 is provided. By providing, the service provider server 600 identifies the purpose of the corresponding company and corporate DID, and confirms the authority to provide the requested service.
담당자 단말(200)은 해당 기업에 소속된 직원이 이용하는 단말장치 또는 어플리케이션 프로그램으로서, 법인등기부 등본, 법인인감도장 및 사용자 등록증 등을 관리, 사용하는 권한을 가진 직원이 본 발명의 시스템을 통해 법인 거래 계약 등의 절차를 진행하기 위한 법인 신원증명수단으로서 법인DID를 신청 및 발급받고 서비스 제공자 측에 제공할 수 있다.The person in charge terminal 200 is a terminal device or application program used by an employee belonging to the corresponding company, and an employee who has the authority to manage and use a certified copy of the corporate register, a corporate seal seal, and a user registration certificate is a corporate transaction through the system of the present invention. A corporate DID can be applied for, issued, and provided to the service provider as a means of proof of corporate identity for contract and other procedures.
이를 위해, 기업 담당자는 자신의 담당자 단말(200)을 이용하여 시스템을 통해 우선적으로 자신이 해당 업무의 권한을 갖는 담당자임을 증명할 수 있는 개인DID를 발급받고, 그 개인DID를 이용하여 해당 기업의 대표자에게 승인을 요청함과 아울러, 승인 완료시 자신의 개인DID 및 대표자의 개인DID를 이용하여 법인DID 발급을 요청하게 된다.To this end, the person in charge of the company is issued a personal DID that can prove that he or she is the person in charge with the authority of the job through the system using the person in charge terminal 200, and the representative of the company using the personal DID In addition to requesting approval from the company, upon completion of approval, the company will request issuance of a corporate DID using his/her personal DID and the representative's personal DID.
여기서, 동일 기업이라 할지라도 일반 직원은 위임장 발급 및 위임장 승인을 위한 대표 호출 권한을 제한되며 해당 업무의 권한을 갖는 기업 담당자인 참여자 만이 시스템에 접근 권한을 가질 수 있다. 이러한 권한은 전술한 개인DID 발급시의 신원증명 절차에서 필터링되며, 권한없는 개인DID로는 이후 법인DID 발급절차의 진행이 불가능하도록 제한될 수 있다.Here, even in the same company, general employees are limited in the authority to call representatives for issuing powers of attorney and approval of powers of attorney, and only the participants who are in charge of the company who have the authority to do the work can have access to the system. Such authority is filtered in the identity verification procedure when issuing the above-described personal DID, and the personal DID without authority may be restricted so that the subsequent corporate DID issuance procedure cannot be performed.
그리고, 담당자 단말(200)에 의해 정상적으로 법인DID가 발급되어 블록체인 네트워크(100)에 등록되면, 기업 담당자는 목적한 업무 수행을 위한 서비스 제공자 서버(600)에 법인DID를 제공하여 신원증명 절차를 수행하고, 해당 업무를 처리할 수 있다. And, when the corporate DID is normally issued by the person in charge terminal 200 and registered in the block chain network 100, the corporate person in charge provides the corporate DID to the service provider server 600 for performing the intended task to perform the identity verification procedure. and can carry out the task.
대표자 단말(300)은 해당 기업의 대표이사 등 법인인감을 소지 및 관리하는 대표자가 이용하는 단말장치 또는 어플리케이션 프로그램으로서, 법인 계약 등 법인인감의 날인이 요구되는 업무에 대하여 기업 담당자에 의한 법인인감을 대체하는 법인DID의 사용을 승인할 수 있다.The representative terminal 300 is a terminal device or application program used by a representative who possesses and manages a corporate seal, such as the representative director of the company, and replaces the corporate seal by the person in charge of the company for tasks requiring the sealing of the corporate seal, such as a corporate contract. The use of corporate DID may be approved.
이를 위해, 기업 대표자는 자신의 대표자 단말(300)을 이용하여 시스템을 통해 자신이 대표자임을 증명할 수 있는 개인DID를 발급받고, 이후 담당자 단말(200)로부터 법인DID의 발급을 위한 승인이 요청되면, 자신의 개인DID를 이용하여 신원 증명을 수행하고, 발급 요청건에 대한 승인을 처리함으로써 기업 담당자가 법인DID를 발급받을 수 있도록 한다.To this end, the company representative is issued a personal DID that can prove that he is a representative through the system using his/her representative terminal 300, and after that, when an approval for issuance of the corporate DID is requested from the person in charge terminal 200, By using their personal DID to verify identity and to process approval for issuance requests, the company person in charge can be issued a corporate DID.
전술한 담당자 단말(200) 및 대표자 단말(300)을 실행하기 위한 하드웨어 장치로는, PCS(Personal Communication System), GSM(Global System for Mobile communications), PDC(Personal Digital Cellular), PHS(Personal Handyphone System), PDA(Personal Digital Assistant), IMT(International Mobile Telecommunication)-2000, CDMA(Code Division Multiple Access)-2000, W-CDMA(W-Code Division Multiple Access), Wibro(Wireless Broadband Internet) 단말, 스마트폰(smartphone), 스마트 패드(smartpad), 타블렛 PC(Tablet PC) 등과 같은 모든 종류의 핸드헬드(Handheld) 기반의 모바일 단말 장치, 거치형PC 및 노트북과 같은 컴퓨팅 장치가 이용될 수 있다.As a hardware device for executing the above-described representative terminal 200 and representative terminal 300, PCS (Personal Communication System), GSM (Global System for Mobile communications), PDC (Personal Digital Cellular), PHS (Personal Handyphone System) ), PDA (Personal Digital Assistant), IMT (International Mobile Telecommunication)-2000, CDMA (Code Division Multiple Access)-2000, W-CDMA (W-Code Division Multiple Access), Wibro (Wireless Broadband Internet) terminal, smartphone All kinds of handheld-based mobile terminal devices such as (smartphone), smart pad (smartpad), tablet PC (Tablet PC), etc., computing devices such as stationary PCs and notebooks may be used.
DID 발행자 서버(400)는 등록된 각 기업의 담당자 단말(200) 및 대표자 단말(300)의 요청에 따라 신원증명을 위한 개인DID를 발급 및 블록체인 네트워크(100)에 등록할 수 있고, 또한 권한을 갖는 담당자 단말(200)의 요청에 따라 법인인감에 대한 관리, 사용 등의 의무를 갖는 대표자 단말(300)에 사용에 대한 승인을 요청할 수 있다.The DID issuer server 400 may issue and register a personal DID for identification in the block chain network 100 according to the request of the registered manager terminal 200 and the representative terminal 300 of each registered company, and also the authority In accordance with the request of the terminal 200 in charge of having a representative terminal 300 having an obligation to manage, use, etc. the corporate seal may request approval for use.
여기서, DID 발행자 서버(400)는 별도의 업체 또는 기관에서 운영되거나, 법인DID 서비스를 이용하고자 하는 기업에 의해 자체적으로 운영될 수 있다. 일례로서, 본 발명의 DID 발행자 서버(400)는 본 발명의 시스템을 도입하고자 하는 기관, 기업 등에서 운영하는 서버 자체에 탑재되거나, 또는 기업 서버와 연계하여 서비스를 제공할 수 있다.Here, the DID issuer server 400 may be operated by a separate company or institution, or may be independently operated by a company that wants to use the corporate DID service. As an example, the DID issuer server 400 of the present invention may be mounted on a server itself operated by an institution or company that intends to introduce the system of the present invention, or may provide a service in connection with a corporate server.
또한, DID 발행자 서버(400)는 대표자 단말(300)에 의해 정상적으로 승인된 사용 요청건에 대하여 법인DID를 생성 및 블록체인 네트워크(100)에 등록하고, 요청한 담당자 단말(200)에 법인DID를 배포할 수 있다.In addition, the DID issuer server 400 generates a corporate DID for a use request normally approved by the representative terminal 300 and registers it in the block chain network 100, and distributes the corporate DID to the requested person in charge terminal 200. can
또한, 본 발명의 실시예에 따르면, DID 발행자 서버(400)는 담당자 단말(200) 및 대표자 단말(300)의 DID 발급 요청시, 그 요청자가 제출한 DID 소유권을 확인하기 위해 별도의 기업 또는 기관 등에서 운영하는 서버에 DID 소유권에 대한 인증을 요청할 수도 있다.In addition, according to an embodiment of the present invention, the DID issuer server 400 is a separate company or institution in order to verify the ownership of the DID submitted by the requester when the DID issuance request of the person in charge terminal 200 and the representative terminal 300 is requested. You can also request authentication for DID ownership from a server operated by others.
이러한 DID 발행자 서버(400)로는 다수의 담당자 단말(200) 및 대표자 단말(300)의 개인DID 및 법인DID 발급 요청, 사용 승인 등에 대하여 오류 및 지연없이 신속하게 응답하기 위해, 고성능의 마이크로프로세서, 대용량 메모리 및 저장소를 탑재한 서버장치가 이용될 수 있다.The DID issuer server 400 includes a high-performance microprocessor and large capacity to quickly respond without errors and delays to personal DID and corporate DID issuance requests, use approvals, etc. of a plurality of the person in charge terminal 200 and the representative terminal 300 . A server device equipped with memory and storage may be used.
이후, DID 발행자 서버(400) 또는 서비스 제공자 서버(600)에서 개인DID의 사용자에 대한 신원 증명시, 사용자가 소지한 비밀키에 의해 생성된 인증값을 이용하여, 블록체인 네트워크에 저장된 개인DID의 DID 도큐먼트에 포함된 공개키를 통해 검증함으로써 사용자, 즉 기업 담당자 또는 기업 대표자에 대한 검증을 수행할 수 있다. After that, when the identity of the user of the personal DID is verified in the DID issuer server 400 or the service provider server 600, the personal DID stored in the blockchain network is stored using the authentication value generated by the user's private key. By verifying through the public key included in the DID document, it is possible to verify the user, that is, the company representative or the company representative.
서비스 제공자 서버(600)는 기업에서 법인인감 또는 법인인감카드를 통해 수행하는 다양한 기업업무 서비스를 제공하는 서버 장치로서, 협약된 기업에서 전자계약, 전자금융거래 및 전자상거래 등을 법인인감카드가 아닌 본 발명의 시스템이 제공하는 법인DID를 통해 수행할 수 있도록 한다. The service provider server 600 is a server device that provides various corporate business services performed by a corporation through a corporate seal or corporate seal card. It can be performed through the corporate DID provided by the system of the present invention.
이러한 서비스 제공자 서버(600)는 담당자 단말(200)이 법인DID를 통해 소정의 법인업무 처리를 요청하면, 블록체인 네트워크로부터 법인DID를 통해 식별되는 DID 도큐먼트를 참조하여 법인DID의 DID 소유권, 사용 목적 및 범위 등을 확인하고, 신원증명절차를 거쳐 신원 증명된 법인DID를 통해 요청된 서비스를 제공할 수 있다.This service provider server 600 refers to the DID document identified through the corporate DID from the blockchain network when the person in charge terminal 200 requests a predetermined corporate business process through the corporate DID, and the DID ownership of the corporation DID, purpose of use and scope, and provide the requested service through the corporate DID whose identity has been verified through the identity verification process.
전술한 구조에 따라, 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템은 각 기업에서 법인 계약 등의 업무를 수행하기 위해 요구되는 법인등기부등본, 법인인감도장 등의 다수의 필요서류를 대체하여 기업 담당자가 자신의 담당자 단말을 통해 목적에 따라 일회성의 법인DID를 발급받아 관련 업무를 수행할 수 있어, 복잡한 서류 절차 처리, 법인 서류 악용 및 보안 취약점 등의 다양한 문제점을 해결하고 안정적인 법인 거래 및 업무를 처리할 수 있는 효과가 있다.According to the above structure, the blockchain-based corporate DID service providing system according to an embodiment of the present invention provides a number of necessary documents such as a corporate registration certificate and corporate seal stamp required to perform business such as corporate contracts in each company. As a substitute, the corporate person in charge can receive a one-time corporate DID according to the purpose through his/her terminal and perform related tasks, thereby solving various problems such as complex document processing, misuse of corporate documents and security vulnerabilities, and stabilizing corporate transactions. And there is an effect that can handle the work.
이하, 도면을 참조하여 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템의 담당자 단말을 상세히 설명한다.Hereinafter, a terminal in charge of a blockchain-based corporate DID service providing system according to an embodiment of the present invention will be described in detail with reference to the drawings.
도 2는 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템의 담당자 단말의 구조를 나타낸 도면이다. 이하의 설명에서 담당자 단말(200) 및 담당자 단말(200)을 구성하는 각 구성부는 공지의 마이크로프로세서에 의해 실행 가능한 컴퓨터 프로그램으로 구성될 수 있고, 읽고 쓰기가 가능한 기록매체에 기록되어 단말장치에 탑재될 수 있다.2 is a diagram showing the structure of a terminal in charge of a blockchain-based corporate DID service providing system according to an embodiment of the present invention. In the following description, each component constituting the person in charge terminal 200 and the person in charge terminal 200 may be composed of a computer program executable by a known microprocessor, and is recorded on a readable and writable recording medium and mounted on the terminal device. can be
도 2는 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템의 담당자 단말(200)은, DID 발행자 서버(400)에 상기 제1 개인DID의 발급을 요청하고, 발급된 제1 개인DID를 배포받는 개인DID 관리부(210), DID 발행자 서버(400)에 법인DID의 발급을 요청하고, 법인관련 데이터를 입력받아 DID 발행자 서버(400)에 제출하고, 발급된 법인DID를 배포받는 법인DID 관리부(220), 배포된 법인DID를 사용목적에 따라 서비스 제공자 서버(600)에게 제출하는 법인DID 제출부(230) 및, 제1 개인DID 및 법인DID를 저장하는 저장소(240)를 포함할 수 있다.2 is a diagram showing a terminal 200 in charge of a blockchain-based corporate DID service providing system according to an embodiment of the present invention requests the DID issuer server 400 to issue the first personal DID, and the issued first personal DID Requests issuance of corporate DID to the personal DID management unit 210 receiving the distribution, DID issuer server 400, receives corporate-related data, submits it to the DID issuer server 400, and receives corporate DID distribution It may include a management unit 220, a corporate DID submission unit 230 for submitting the distributed corporate DID to the service provider server 600 according to the purpose of use, and a storage 240 for storing the first personal DID and corporate DID. have.
개인DID 관리부(210)는, 기업 담당자에게 발급된 DID인 제1 개인DID에 대한 다양한 관리 기능을 제공할 수 있다. 개인DID 관리부(210)는 해당 기업의 소속된 자로서 신원 증명을 위한 제1 개인DID의 발급을 DID 발행자 서버(400) 또는, 기업, 기관에서 운영하는 서버 등에 요청할 수 있고, 발급된 제1 개인DID를 저장소(240)에 저장하고, 추후 기업 담당자가 자신의 신원을 증명하고자 할 때 저장된 제1 개인DID를 제출하여 신원 증명 절차를 수행할 수 있다.The personal DID management unit 210 may provide various management functions for the first personal DID, which is the DID issued to the person in charge of the company. The personal DID management unit 210 may request the issuance of the first personal DID for identification as a person belonging to the corresponding company, the DID issuer server 400, a server operated by the company, or the like, and the issued first individual The DID may be stored in the storage 240 and, later, when the person in charge of the company wants to prove his/her identity, the stored first personal DID may be submitted to perform an identity verification procedure.
법인DID 관리부(220)는 법인DID와 관련된 기능을 제공할 수 있다. 본 발명의 실시예에서 제1 개인DID를 발급받을 수 있고, 이에 기초하여 업무처리를 위한 법인DID를 생성 및 배포 받을 수 있다. 제1 개인DID를 보유한 기업 담당자는 법인 계약 등의 법인인감을 요구하는 업무 진행시 담당자 단말(200)을 통해 법인DID 발급을 요청할 수 있고, 이에 법인DID 관리부(220)는 저장소(240)에 저장된 법인DID가 존재하지 않은 경우, 제1 개인DID를 DID 발행자 서버(400)에 제출함과 아울러, 법인DID의 발급을 신청할 수 있다. 이때, 법인DID 관리부(220)는 기업 담당자로부터 법인DID의 사용목적, 제출기관(업체), 법인 대표자명 및 일자 등의 정보를 입력 받을 수 있다.The corporate DID management unit 220 may provide a function related to the corporate DID. In an embodiment of the present invention, a first personal DID may be issued, and a corporate DID for business processing may be generated and distributed based on this. The person in charge of the company holding the first personal DID may request issuance of the corporate DID through the person in charge terminal 200 when a business requiring a corporate seal, such as a corporate contract, is performed, and the corporate DID management unit 220 is stored in the storage 240 . If the corporate DID does not exist, the first personal DID may be submitted to the DID issuer server 400 and an application for the corporate DID may be issued. In this case, the corporate DID management unit 220 may receive information such as the purpose of use of the corporate DID, the submitting institution (company), the corporate representative name and date, and the like, from the person in charge of the corporation.
이에, DID 발행자 서버(400)는 법인DID 발급 신청건에 대하여, 기업 대표자를 식별하고, 그 대표자 단말에 법인DID 발급에 대한 승인을 요청할 수 있다. Accordingly, the DID issuer server 400 may identify a corporate representative in response to a corporate DID issuance application and request approval for corporate DID issuance from the representative terminal.
이후, 정상적으로 법인DID가 발급되어 배포되면, 법인DID 관리부(220)는 배포되는 법인DID를 저장소(240)에 저장할 수 있다.Thereafter, when the corporate DID is normally issued and distributed, the corporate DID management unit 220 may store the distributed corporate DID in the storage 240 .
법인DID 제출부(230)는, 기업 담당자의 실행에 따라 저장소(240)에 저장된 법인DID를 서비스 제공자 서버(600)에 제출할 수 있다. 이때, 법인DID 제출부(230)는 법인DID의 제출처, 사용내역 등의 정보를 블록체인 네트워크에 등록할 수 있다.The corporate DID submission unit 230 may submit the corporate DID stored in the storage 240 to the service provider server 600 according to the execution of the corporate person in charge. In this case, the corporate DID submission unit 230 may register information such as a submission destination and usage history of the corporate DID in the blockchain network.
저장소(240)는, 현재 효력이 있는 개인DID 및 법인DID를 저장할 수 있다. 이중, 일반적으로 법인DID는 사용기간이 존재함에 따라, 사용기간이 경과된 법인DID는 자동으로 폐기될 수 있다.The storage 240 may store a personal DID and a corporate DID that are currently in effect. Of these, in general, as a corporate DID has a period of use, a corporate DID whose use period has elapsed may be automatically discarded.
또한, 본 발명의 실시예에 따른 담당자 단말(200)은 기업 담당자가 개인DID를 비롯하여 자신의 개인정보를 관리할 수 있도록 단말 내 신뢰 실행 환경(Trusted Execution Environment; TEE) 영역상에 저장할 수 있으며, 이에 따라 상기의 저장소(240)는 TEE 영역내 존재할 수 있다.In addition, the person in charge terminal 200 according to an embodiment of the present invention may be stored in a Trusted Execution Environment (TEE) area within the terminal so that the person in charge of the company can manage his/her personal information including personal DID, Accordingly, the storage 240 may exist in the TEE area.
전술한 TEE는 일반적인 어플리케이션이 실행된 비보안 영역(secure normal area)과 보안 영역(secure area)이 따로 분리된 프로세서상에 DID를 포함하는 개인정보를 저장하는 것으로서, 일반 영역과의 정보 교환이 통제되고 보안 소프트웨어가 안전하게 실행될 수 있도록 지원하는 특징이 있다.The aforementioned TEE stores personal information including DID on a processor in which a secure normal area and a secure area in which a general application is executed are separated, and information exchange with the general area is controlled and There are features that support security software to run safely.
예를 들면, 스마트폰과 같은 모바일 단말기에는 암(ARM)사의 아키텍처 기반 프로세서가 널리 이용되고 있으며, 이에 담당자 단말(200)에 암 프로세서가 탑재된 경우 TEE 지원을 위한 트러스트존(TrustZone)에 개인정보가 기록 및 관리될 수 있다.For example, in a mobile terminal such as a smartphone, an architecture-based processor of ARM Corporation is widely used, and when an ARM processor is installed in the terminal in charge 200 , personal information is stored in TrustZone for TEE support. can be recorded and managed.
또한, 담당자 단말(200)이 모바일 단말이 아닌, x86, x64 기반 데스크탑 또는 노트북 등인 경우, 별도의 보안 모듈인 신뢰 플랫폼 모듈(Trusted Platform Module; TPM)이 탑재될 수 있고, 저장소(240)는 TPM 내 생성되어 개인정보에 이를 통해 기록 및 관리 될 수 있다.In addition, when the person in charge terminal 200 is not a mobile terminal, but an x86, x64-based desktop or laptop computer, a Trusted Platform Module (TPM), which is a separate security module, may be mounted, and the storage 240 is the TPM. It can be created and managed in personal information through this.
이에 따라, 담당자 단말(200)에서 개인정보에 접근하고자 하는 경우, 자체 어플리케이션을 통해서만 제한적으로 접근이 가능하게 된다.Accordingly, when the person in charge terminal 200 wants to access personal information, limited access is possible only through its own application.
한편, 도시되어 있지는 않지만 본 발명의 실시예에 따르면, 전술한 담당자 단말(200)이외에도, 법인DID 요청건에 대한 승인을 수행하는 대표자가 사용하는 대표자 단말 또한 시스템을 이용하기 위한 구성부를 포함할 수 있다. 상세하게는, 대표자 단말은, DID 발행자 서버에 제2 개인DID의 발급을 요청하고 발급된 개인DID를 배포받는 개인DID 관리부, 기업 대표자 권한으로 담당자 단말(200)로부터 요청된 법인DID 발급 요청건에 대한 사용 승인을 입력받아 DID 발행자 서버(400)에 제공하는 사용 승인부 및, 제2 개인DID를 저장하는 저장소를 포함할 수 있다.On the other hand, although not shown, according to an embodiment of the present invention, in addition to the above-described person in charge terminal 200, the representative terminal used by the representative who performs approval for the corporate DID request may also include a component for using the system. . In detail, the representative terminal requests the issuance of the second personal DID from the DID issuer server and the personal DID management unit that receives the issued personal DID, and the corporate DID issuance request request from the person in charge terminal 200 with the authority of the company representative. It may include a usage approval unit that receives the usage approval input and provides it to the DID issuer server 400, and a storage for storing the second personal DID.
이하, 도면을 참조하여 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템의 DID 발행자 서버를 상세히 설명한다.Hereinafter, the DID issuer server of the blockchain-based corporate DID service providing system according to an embodiment of the present invention will be described in detail with reference to the drawings.
도 3은 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템의 DID 발행자 서버의 구조를 나타낸 도면이다.3 is a diagram showing the structure of a DID issuer server of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
도 3을 참조하면, 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템의 DID 발행자 서버(400)는, 담당자 단말(200) 및 대표자 단말(300)로부터 DID 발급을 요청받는 발급 접수부(410), 제1 및 제2 개인DID를 이용하여 신원 검증을 수행하는 신원 검증부(420), 신원 검증된 법인DID 발급 요청건에 대하여 해당 기업 대표자의 대표자 단말에 사용 승인을 요청하는 승인 요청부(430), 신원 검증 및 사용 승인된 법인DID 발급 요청건에 대한 법인DID를 생성하여 블록체인 네트워크(100)에 등록하는 DID 생성부(440), 생성된 DID를 담당자 단말(200) 또는 대표자 단말(300)에 배포하는 DID 배포부(450) 및 법인DID에 대하여 사용기간을 포함하는 사용내역 발생시, 사용내역을 해싱하고 법인DID의 DID 도큐먼트에 추가하여 블록체인 네트워크(100)에 등록하고, 사용 허가시간을 경과하면 법인DID를 폐기하고, 블록체인 네트워크(100)에 등록하는 DID 관리부(460)를 포함할 수 있다.Referring to FIG. 3 , the DID issuer server 400 of the blockchain-based corporate DID service providing system according to the embodiment of the present invention receives a DID issuance request from the person in charge terminal 200 and the representative terminal 300. 410), an identity verification unit 420 that performs identity verification using the first and second personal DIDs, and an approval request unit that requests approval of use from the representative terminal of the company representative in response to a request for issuance of the verified corporate DID ( 430), a DID generating unit 440 that generates a corporate DID for a corporate DID issuance request that is verified and approved for use and registers it in the blockchain network 100, and uses the generated DID to the person in charge terminal 200 or the representative terminal 300 ), when the usage history including the period of use for the DID distribution unit 450 and the corporate DID occurs, the usage history is hashed and added to the DID document of the corporate DID, registered in the blockchain network 100, and allowed to use time It may include a DID management unit 460 that discards the corporate DID and registers it in the block chain network 100 when .
발급 접수부(410)는 담당자 단말(200)의 요청에 따라 제1 개인DID를 제공받아 법인DID에 대한 발급 요청을 접수할 수 있다. 법인DID를 업무에 이용하고자 하는 기업 담당자는 담당자 단말(200)에 저장된 제1 개인DID를 DID 발행자 서버(400)에 제출 및 법인DID 발급을 신청할 수 있고, 이에 발급 접수부(410)는 제1 개인DID와, 법인DID 발급에 필요한 각종 정보를 입력 받을 수 있다. The issuance reception unit 410 may receive the first personal DID according to the request of the person in charge terminal 200 to receive the issuance request for the corporate DID. A person in charge of a company who wants to use the corporate DID for business may submit the first personal DID stored in the person in charge terminal 200 to the DID issuer server 400 and apply for issuance of the corporate DID, and the issuance reception unit 410 is the first individual You can input DID and various information necessary for issuing corporate DID.
신원 검증부(420)는 법인DID 발급 요청건에 대하여, 제출된 제1 개인DID에 대한 신원증명 절차를 수행할 수 있다. 신원 검증부(420)는 제1 개인DID를 통해 블록체인 네트워크(100)로부터 DID 도큐먼트를 획득하여 공개키를 확인함으로써 제1 개인DID에 대한 신원증명을 요청할 수 있다. 또한, 담당자 단말(200)은 비밀키를 이용한 공개키 인증값을 생성하여 신원 검증부(420)에 제공하게 되며, 신원 검증부(420)는 공개키를 이용하여 인증값을 확인함으로써 기업 담당자의 신원을 검증하게 된다.The identity verification unit 420 may perform an identity verification procedure for the submitted first personal DID in response to the corporate DID issuance request. The identity verification unit 420 may request identification for the first personal DID by obtaining a DID document from the blockchain network 100 through the first personal DID and confirming the public key. In addition, the person in charge terminal 200 generates a public key authentication value using the private key and provides it to the identity verification unit 420 , and the identity verification unit 420 checks the authentication value using the public key, so that the identity will be verified.
또한, 신원 검증부(420)는 상기와 동일한 절차에 따라, 제2 개인DID, 즉 기업 대표자에 대한 신원을 검증할 수 있다.Also, the identity verification unit 420 may verify the identity of the second personal DID, that is, the company representative, according to the same procedure as above.
승인 요청부(430)는 법인DID 요청건의 접수시, 식별된 기업의 기업 대표자의 대표자 단말(300)에 법인DID 요청건에 대한 사용 승인을 요청할 수 있고, 제2 개인 DID를 통해 신원증명된 기업 대표자의 대표자 단말(300)로부터 사용 승인을 회신받아 법인DID 발급을 확정할 수 있다.Upon receipt of the corporate DID request, the approval request unit 430 may request approval for use of the corporate DID request from the representative terminal 300 of the company representative of the identified company, and the corporate representative whose identity is verified through the second personal DID. It is possible to confirm the issuance of the corporate DID by receiving a reply from the representative terminal 300 of the use approval.
DID 생성부(440)는 대표자 단말(300)의 사용 승인에 따라 법인DID 발급이 확정된 법인DID 요청건에 대하여 법인DID를 생성할 수 있다. 특히, 본 발명의 실시예에 따른 DID 생성부(440)는 해당 기업의 법인DID를 생성함에 있어서, 신원증명된 제1 및 제2 개인DID와, 실제 법인 인감에 대한 이미지 파일 및 담당자 단말(200)에 의해 입력된 법인인감의 사용목적, 사용기간 등을 포함하는 정보를 결합하고 공지의 암호화 해시함수를 이용하여 해싱(hashing)함으로써 고유의 인덱스(index)를 생성할 수 있고, 생성된 인덱스를 DID 도큐먼트에 반영하여 법인DID 및 그의 DID 도큐먼트를 생성할 수 있다. 여기서, 개인DID 및 법인 DID의 생성시, 적용된 블록체인 네트워크(100)의 플랫폼의 특징에 따라 주어진 방식으로 해시함수 등이 사용될 수 있고, 특정 플랫폼에 적용된 방식에 한정되지는 않는다.The DID generator 440 may generate a corporate DID in response to a corporate DID request for which the corporate DID issuance is confirmed according to the approval of use of the representative terminal 300 . In particular, the DID generating unit 440 according to an embodiment of the present invention generates the corporate DID of the corresponding company, the first and second personal DIDs with the verified identity, the image file for the actual corporate seal, and the terminal 200 in charge. ), a unique index can be created by combining information including the purpose of use, period of use, etc. of the corporate seal input by It is possible to create a corporate DID and its DID document by reflecting it in the DID document. Here, when generating personal DID and corporate DID, a hash function may be used in a given method according to the characteristics of the platform of the applied blockchain network 100, and it is not limited to the method applied to a specific platform.
DID 배포부(450)는 생성된 법인DID를 담당자 단말(200)에 배포함과 아울러, 법인DID 및 DID 도큐먼트를 블록체인 네트워크(100)에 기록 및 등록할 수 있다. 이때, DID 생성부(440)는 법인DID의 등록을 위한 스마트 컨트랙트를 실행하여 트랜잭션을 생성하고, 블록체인 네트워크(100)는 공지의 합의 알고리즘을 통해 트랜잭션의 정당성을 판단하여 분산원장에 분산 및 저장하게 된다.The DID distribution unit 450 may distribute the generated corporate DID to the terminal 200 in charge, and record and register the corporate DID and DID document in the blockchain network 100 . At this time, the DID generator 440 generates a transaction by executing a smart contract for registration of corporate DID, and the blockchain network 100 determines the legitimacy of the transaction through a known consensus algorithm, and distributes and stores it in the distributed ledger. will do
이후, 담당자 단말(200)은 업무진행을 위해 법인DID를 사용할 수 있으며, 법인DID 사용시 서비스 제공 서버는 신원증명 절차 등에서 미리 설정된 사용 목적에 부합하는지 여부에 따라 절차를 정상적으로 진행할 수 있다. 즉, 본 발명의 실시예에 따른 법인DID는 미리 설정된 사용목적에 부합하는 경우에만 법인인감의 날인 효과가 발생하게 된다.Thereafter, the person in charge terminal 200 may use the corporate DID for business operation, and when using the corporate DID, the service providing server may proceed normally according to whether or not it meets the predetermined purpose of use in the identity verification procedure or the like. That is, the corporate DID according to the embodiment of the present invention has the effect of sealing the corporate seal only when it meets a preset purpose of use.
DID 관리부(460)는 법인DID의 배포 이후, 담당자 단말(200)에 의한 법인DID를 이용한 업무 발생시, 해당 업무를 처리하는 서비스 제공자 서버의 신원증명, DID 도큐먼트 참조 등의 절차가 진행되면 그 내역을 추적하고, 이후 그 법인DID 관련 분산원장을 갱신하거나, 법인DID 폐기에 따른 내역을 추가 기록할 수 있다.DID management unit 460 after distribution of the corporate DID, when a business using the corporate DID by the person in charge terminal 200 occurs, identification of the service provider server that handles the business, the DID document reference, etc. When procedures such as reference are in progress, the details After tracking, the distributed ledger related to the corporate DID can be updated, or the details of the corporate DID can be additionally recorded.
즉, DID 관리부(460)는 법인DID에 대하여 사용기간을 포함하는 사용내역 발생시, 사용내역을 해싱하고, 블록체인 네트워크(100)에 대한 트랜잭션을 발생시켜 법인DID의 DID 도큐먼트에 추가함으로써 블록체인 네트워크에 등록할 수 있다.That is, the DID management unit 460 hashes the usage history, including the usage period, for the corporate DID, generates a transaction for the block chain network 100, and adds it to the DID document of the corporate DID. can be registered in
여기서, 법인DID에는 사용목적뿐만 아니라, DID 도큐먼트에 정의된 사용가능 시간, 즉 허가시간이 더 설정되어 있고, DID 관리부(460)는 그 허가시간이 경과하면 더 이상 법인DID를 사용하지 못하도록 폐기 처리 할 수 있다. 이는 법인DID와 관련된 모든 거래 내역을 보존함으로써 거래 내역의 투명성을 확보하기 위함이다. Here, not only the purpose of use, but also the available time defined in the DID document, that is, the permitted time is further set in the corporate DID, and the DID management unit 460 discards the corporate DID so that the corporate DID cannot be used any more when the permitted time has elapsed. can do. This is to secure the transparency of transaction details by preserving all transaction details related to corporate DID.
이하, 도면을 참조하여 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템에 의한 법인DID 서비스 제공 방법을 상세히 설명한다.Hereinafter, a method of providing a corporate DID service by a blockchain-based corporate DID service providing system according to an embodiment of the present invention will be described in detail with reference to the drawings.
도 4는 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템에 의한 법인DID 서비스 제공 방법을 나타낸 도면이다. 4 is a diagram illustrating a method of providing a corporate DID service by a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
도 4를 참조하면, 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템에 의한 법인DID 서비스 제공 방법은, 발급된 DID를 저장하는 블록체인 네트워크(100)를 이용한 법인DID 서비스 제공 방법에 있어서, 담당자 단말(200)이 기업 담당자의 신원을 증명하는 제1 개인DID를 이용하여 기업 담당자가 속한 기업의 법인DID의 발급을 DID 발행자 서버(400)에 요청하는 단계(S100), DID 발행자 서버(400)가 신원 검증된 제1 개인DID에 의해 요청된 법인DID 발급 요청에 대하여 대표자 단말(300)에 사용 승인을 요청하는 단계(S200), 대표자 단말(300)이 법인DID의 발급 요청에 응답하여, 기업 대표자의 신원을 증명하는 제2 개인DID를 이용하여 법인DID에 대한 사용 승인을 DID 발행자 서버에 회신하는 단계(S300), DID 발행자 서버가 대표자 단말(300)로부터 사용 승인된 법인DID 발급 요청건에 대하여, 제1 및 제2 개인DID와 법인관련 데이터를 조합하여 법인DID를 발급하는 단계(S400) 및, DID 발행자 서버(400)가 발급된 법인DID를 블록체인 네트워크(100)에 등록 및 담당자 단말(200)에 배포하는 단계(S500)를 포함할 수 있다.Referring to FIG. 4 , the corporate DID service providing method by the blockchain-based corporate DID service providing system according to the embodiment of the present invention is a corporate DID service providing method using the blockchain network 100 that stores the issued DID. In this case, the step (S100) of the person in charge terminal 200 requesting the DID issuer server 400 to issue a corporate DID of the company to which the person in charge belongs by using the first personal DID that proves the identity of the person in charge of the company (S100), the DID issuer server Step (400) requesting approval for use of the corporate DID issued by the first personal DID requested by the identity-verified first personal DID to the representative terminal 300 (S200), the representative terminal 300 responds to the corporate DID issuance request Thus, using the second personal DID to prove the identity of the corporate representative, a step of replying to the DID issuer server the approval for use of the corporate DID (S300), the DID issuer server issues the corporate DID approved for use from the representative terminal 300 In response to the request, a step of issuing a corporate DID by combining the first and second personal DIDs with corporate-related data (S400), and the DID issuer server 400 registering the issued corporate DID in the blockchain network 100 and It may include the step of distributing to the person in charge terminal 200 (S500).
먼저, 담당자 단말이 기업 담당자의 신원을 증명하는 제1 개인DID를 이용하여 기업 담당자가 속한 기업의 법인DID의 발급을 DID 발행자 서버에 요청하는 단계(S100)로서, 본 발명의 시스템과 협약된 기업에 속한 임직원 등의 기업 담당자가 자신의 신원증명을 위한 제1 개인DID를 이용하여 법인인감이 요구되는 업무를 수행하기 위해, 제1 개인DID가 저장된 자신의 스마트폰 등을 이용하여 DID 발행자 서버에 법인DID의 발급을 요청할 수 있다.First, as a step (S100), in which the terminal in charge requests the DID issuer server to issue a corporate DID of the company to which the person in charge belongs by using the first personal DID that proves the identity of the person in charge of the company, the company in agreement with the system of the present invention In order to perform a business that requires a corporate seal by using the first personal DID for identification verification, the company manager, such as executives and employees of You can request the issuance of a corporate DID.
여기서, 제1 개인DID는 자신이 속한 기업에서 운영하는 기업 서버에서 직접 발급받을 수 있고, 또는 본 발명의 DID 발행자 서버의 개인DID 발행 서비스를 통해 DID 발행자 서버로부터 발급받을 수도 있다.Here, the first personal DID may be issued directly from the corporate server operated by the company to which the first personal DID belongs, or may be issued from the DID issuer server through the personal DID issuance service of the DID issuer server of the present invention.
다음으로, DID 발행자 서버가 신원 검증된 제1 개인DID에 의해 요청된 법인DID 발급 요청에 대하여 대표자 단말에 사용 승인을 요청하는 단계(S200)에서는, 정상적으로 신원 증명된 담당자 단말에 의한 법인DID 요청건에 대하여 해당 기업의 대표자를 식별하고, 그 대표자 단말에 법인DID 발급에 대한 사용 승인을 요청할 수 있다.Next, in the step (S200) of the DID issuer server requesting approval for use to the representative terminal for the corporate DID issuance request requested by the first personal DID whose identity has been verified, You can identify the representative of the corresponding company and request approval for the issuance of the corporate DID from the representative's terminal.
다음으로, 대표자 단말이 법인DID의 발급 요청에 응답하여, 기업 대표자의 신원을 증명하는 제2 개인DID를 이용하여 법인DID에 대한 사용 승인을 DID 발행자 서버에 요청하는 단계(S300)에서는, 사용 승인요청에 따라 기업 대표자가 승인하면 대표자 단말은 저장된 제2 개인DID를 DID 발행자 서버에 제출함과 아울러 법인DID의 발행을 승인한다. Next, in response to the request for issuance of the corporate DID, the representative terminal requests the DID issuer server to approve the use of the corporate DID using the second personal DID that proves the identity of the corporate representative (S300), If the corporate representative approves upon request, the representative terminal submits the stored second personal DID to the DID issuer server and approves the issuance of the corporate DID.
여기서, 제2 개인DID는 전술한 제1 개인DID와 주체만 다를 뿐, 동일한 절차에 의해 발급될 수 있다.Here, the second personal DID may be issued by the same procedure, except that the subject is different from the first personal DID described above.
다음으로, DID 발행자 서버가 대표자 단말로부터 사용 승인된 법인DID 발급 요청건에 대하여, 제1 및 제2 개인DID와 법인관련 데이터를 조합하여 법인DID를 발급하는 단계(S400)에서는, 전술한 단계들에 의해 신원증명된 제1 및 제2 개인DID와, 법인DID 사용목적 및 사용기간 등을 포함하는 정보와, 실제 법인인감에 대한 이미지 파일을 조합하고, 조합결과를 해싱하여 고유 인덱스를 생성한 후, 고유 인덱스를 DID 도큐먼트에 포함하는 법인DID를 생성 및 블록체인 네트워크에 등록함으로써, 요청건에 대한 법인DID를 발급하게 된다.Next, in the step (S400) of the DID issuer server issuing a corporate DID by combining the first and second personal DIDs with corporate-related data in response to a corporate DID issuance request approved for use from the representative terminal, After creating a unique index by combining the first and second personal DIDs certified by the company, information including the purpose and period of use of the corporate DID, and the image file for the actual corporate seal, hashing the result of the combination, By creating a corporate DID that includes a unique index in the DID document and registering it in the blockchain network, a corporate DID for the request is issued.
다음으로, DID 발행자 서버가 발급된 법인DID를 블록체인 네트워크에 등록 및 담당자 단말에 배포하는 단계(S500)에서는, DID 발행자 서버가 S400 단계에서 발급된 법인DID를 발급 요청한 담당자 단말에 전송함으로 배포절차를 수행하게 된다.Next, in the step (S500) of the DID issuer server registering the issued corporate DID in the block chain network and distributing the corporate DID to the terminal in charge, the DID issuer server transmits the corporate DID issued in step S400 to the terminal in charge of the requesting distribution procedure. will perform
이후, 담당자 단말은 내부에 저장되는 법인DID를 이용하여 사용목적에 따라 법인인감을 대체하여 법인 계약과 같은 업무를 처리할 수 있다.Thereafter, the terminal in charge may use the corporate DID stored therein to replace the corporate seal according to the purpose of use to process tasks such as corporate contracts.
또한, S500 단계 이후, 법인DID 사용목적에 따라 서비스 제공자 서버에 제출되거나, 사용기간이 경과되면 DID 발행자 서버는 블록체인 네트워크의 법인DID의 DID 도큐먼트에 그 사용내역을 추가 기록하고, 법인DID를 폐기할 수 있다.In addition, after step S500, if it is submitted to the service provider server according to the purpose of use of the corporate DID or the period of use has elapsed, the DID issuer server additionally records the usage history in the DID document of the corporate DID of the blockchain network, and discards the corporate DID. can do.
이하, 도면을 참조하여 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템에 적용된 DID 발급절차의 예시를 통해 본 발명의 기술적 사상을 상세히 설명한다.Hereinafter, the technical idea of the present invention will be described in detail through an example of a DID issuance procedure applied to a blockchain-based corporate DID service providing system according to an embodiment of the present invention with reference to the drawings.
도 5는 본 발명의 실시예에 따른 블록체인 기반 법인DID 서비스 제공 시스템에 적용되는 개인DID 또는 법인DID 발급절차를 예시한 도면이다. 이하의 설명은 DID를 본 발명의 DID 발행자 서버에서 신원증명을 수행하는 방식을 예시한 것으로, DID발급 및 신원검증의 주체 및 구체적인 절차는 시스템이 도입한 DID 플랫폼에 따라 기업, 기관 서버 등에서 수행하는 방식으로 일부 변경될 수 있다.5 is a diagram illustrating a personal DID or corporate DID issuance procedure applied to a blockchain-based corporate DID service providing system according to an embodiment of the present invention. The following description exemplifies how DID is used for identity verification in the DID issuer server of the present invention. Some of the methods may be changed.
특히, 본 발명의 시스템이 전제하고 있는 탈중앙화 신원증명 기술은 개인정보를 사용자의 단말기에 저장하여 개인정보 인증 시 필요한 정보만 골라서 제출하도록 해주는 전자신원 증명 기술이다. 이는 블록체인 네트워크를 활용하여 개인들이 자신의 데이터를 직접 관리함으로써 중앙화된 기관을 거치지 않고서도 신원 검증이 가능한 자기 주권형 신원인증(Self-Sovereign Identity)이 가능하도록 하는 특징이 있다.In particular, the decentralized identity authentication technology premised by the system of the present invention is an electronic identity authentication technology that stores personal information in the user's terminal and selects and submits only the necessary information for personal information authentication. This has the feature of enabling self-sovereign identity verification that allows individuals to verify their identity without going through a centralized institution by using the blockchain network to directly manage their data.
도 5를 참조하면, 이러한 SSI에 기반하여 본 발명의 실시예에 따른 DID 발급절차에 의하면, 기업 담당자가 자신의 신원을 증명하는 개인DID를 이용하여 법인DID를 발급받는다고 할 때, 담당자 단말(200)에 저장된 개인DID, 일례로서 'did:sov:abcdef' 형식의 DID 발행자 서버(400)에 제출할 수 있다(a). Referring to FIG. 5 , according to the DID issuance procedure according to the embodiment of the present invention based on the SSI, when a corporate DID is issued using a personal DID that proves his/her identity, the person in charge terminal ( 200), it can be submitted to the DID issuer server 400 in the form of, for example, 'did:sov:abcdef' (a).
이를 통해, DID 발행자 서버(400)는 블록체인 네트워크(100)에 등록된 'did:sov:abcdef'으로부터 DID 도큐먼트를 식별 및 획득할 수 있다(b). 아울러, DID 발행자 서버(400)는, 'did:sov:abcdef'에 대하여 자체적으로 운영하는 데이터 베이스를 참조하여 당해 기업에서 발급한 것인지 발급 내역을 확인한다(c).Through this, the DID issuer server 400 can identify and obtain a DID document from 'did:sov:abcdef' registered in the blockchain network 100 (b). In addition, the DID issuer server 400 refers to a database operated by itself for 'did:sov:abcdef' and checks whether the issue was issued by the company (c).
이에 따라, 개인DID의 'abcdef'를 통해 보관중인 DID 발급내역에서 기록이 있음이 확인되면, 담당자 단말(200)로부터 개인키에 의해 생성된 인증값을 제공받고, DID 발행자 서버(400)는 해당 개인DID의 DID 도큐먼트로부터 추출한 공개키를 이용하여 인증값을 검증함으로써 담당자 단말(200)이 개인DID의 주인임을 확인하게 된다(d).Accordingly, when it is confirmed that there is a record in the stored DID issuance history through the 'abcdef' of the personal DID, the authentication value generated by the private key is provided from the terminal in charge 200, and the DID issuer server 400 is the corresponding By verifying the authentication value using the public key extracted from the DID document of the personal DID, it is confirmed that the terminal in charge 200 is the owner of the personal DID (d).
상기한 설명에 많은 사항이 구체적으로 기재되어 있으나 이것은 발명의 범위를 한정하는 것이라기보다 바람직한 실시예의 예시로서 해석되어야 한다. 따라서, 발명은 설명된 실시예에 의하여 정할 것이 아니고 특허청구범위와 특허청구범위에 균등한 것에 의하여 정하여져야 한다.Although many matters are specifically described in the above description, these should be construed as examples of preferred embodiments rather than limiting the scope of the invention. Accordingly, the invention should not be defined by the described embodiments, but should be defined by the claims and equivalents to the claims.
*부호의 설명**Description of symbols*
100 : 블록체인 네트워크 200 : 담당자 단말100: Blockchain network 200: Person in charge terminal
210 : 개인DID 관리부 220 : 법인DID 관리부210: personal DID management unit 220: corporate DID management unit
230 : 법인DID 제출부 240 : 저장소230: corporate DID submission unit 240: storage
300 : 대표자 단말 400 : DID 발행자 서버300: representative terminal 400: DID issuer server
410 : 발급 접속부 420 : 신원 검증부410: issuance connection unit 420: identity verification unit
430 : 승인 요청부 440 : DID 생성부430: approval request unit 440: DID generation unit
450 : DID 배포부 460 : DID 관리부450: DID distribution unit 460: DID management unit
600 : 서비스 제공자 서버600: service provider server

Claims (13)

  1. 발급된 DID를 저장하는 블록체인 네트워크;a blockchain network that stores issued DIDs;
    기업 담당자의 신원을 증명하는 제1 개인DID를 이용하여 기업 담당자가 속한 기업의 법인DID의 발급을 요청하는 담당자 단말;a person in charge terminal that requests issuance of a corporate DID of a company to which the person in charge of the company belongs by using a first personal DID that proves the identity of the person in charge of the company;
    상기 법인DID의 발급 요청에 응답하여 기업 대표자의 신원을 증명하는 제2 개인DID를 이용하여 상기 법인DID에 대한 사용을 승인하는 대표자 단말; 및a representative terminal that approves the use of the corporate DID by using a second personal DID that certifies the identity of the corporate representative in response to a request for issuing the corporate DID; and
    상기 대표자 단말로부터 사용 승인된 법인DID 발급 요청건에 대하여, 상기 제1 및 제2 개인DID와 법인관련 데이터를 조합하여 법인DID를 발급하고, 발급된 법인DID를 상기 블록체인 네트워크에 등록 및 상기 담당자 단말에 배포하는 DID 발행자 서버In response to a corporate DID issuance request approved for use by the representative terminal, a corporate DID is issued by combining the first and second personal DIDs with corporate-related data, and the issued corporate DID is registered in the blockchain network and the terminal in charge DID issuer server that deploys to
    를 포함하는 블록체인 기반 법인DID 서비스 제공 시스템.A blockchain-based corporate DID service provision system that includes
  2. 제 1 항에 있어서,The method of claim 1,
    상기 담당자 단말은,The person in charge terminal,
    상기 DID 발행자 서버에 상기 제1 개인DID의 발급을 요청하고, 발급된 제1 개인DID를 배포받는 개인DID 관리부;a personal DID management unit that requests issuance of the first personal DID from the DID issuer server and receives the issued first personal DID;
    상기 DID 발행자 서버에 상기 법인DID의 발급을 요청하고, 상기 법인관련 데이터를 입력받아 상기 DID 발행자 서버에 제출하고, 발급된 법인DID를 배포받는 법인DID 관리부;a corporate DID management unit that requests issuance of the corporate DID from the DID issuer server, receives the corporate related data, submits it to the DID issuer server, and receives the issued corporate DID;
    배포된 법인DID를 사용목적에 따라 서비스 제공자 서버에 제출하는 법인DID 제출부; 및a corporate DID submission unit that submits the distributed corporate DID to the service provider server according to the purpose of use; and
    상기 제1 개인DID 및 법인DID를 저장하는 저장소Storage for storing the first personal DID and corporate DID
    를 포함하는 블록체인 기반 법인DID 서비스 제공 시스템.A blockchain-based corporate DID service providing system that includes
  3. 제 1 항에 있어서,The method of claim 1,
    상기 대표자 단말은,The representative terminal,
    상기 DID 발행자 서버에 상기 제2 개인DID의 발급을 요청하고, 발급된 제2 개인DID를 배포받는 개인DID 관리부;a personal DID management unit that requests issuance of the second personal DID from the DID issuer server and receives the issued second personal DID;
    기업 대표자 권한으로 상기 법인DID 발급 요청건에 대한 사용 승인을 입력받아 상기 DID 발행자 서버에 제공하는 사용 승인부; 및a use approval unit for receiving the approval for use of the corporate DID issuance request with the authority of a company representative and providing it to the DID issuer server; and
    상기 제2 개인DID를 저장하는 저장소Storage for storing the second personal DID
    를 포함하는 블록체인 기반 법인DID 서비스 제공 시스템.A blockchain-based corporate DID service providing system that includes
  4. 제 1 항에 있어서,The method of claim 1,
    상기 DID 발행자 서버는,The DID issuer server,
    상기 담당자 단말 및 대표자 단말로부터 DID 발급을 요청받는 발급 접수부;an issuance reception unit receiving a request for issuance of the DID from the person in charge terminal and the representative terminal;
    상기 제1 및 제2 개인DID를 이용하여 해당 기업 담당자 및 기업 대표자의 신원 검증을 수행하는 신원 검증부;an identity verification unit for verifying the identity of the corresponding company person in charge and the company representative using the first and second personal DIDs;
    신원 검증된 법인DID 발급 요청건에 대하여 해당 기업 대표자의 대표자 단말에 사용 승인을 요청하는 승인 요청부;an approval requesting unit for requesting approval for use of the corporate DID issuance request for a verified corporate DID from the representative terminal of the company representative;
    신원 검증 및 사용 승인된 법인DID 발급 요청건에 대한 법인DID를 생성하여 상기 블록체인 네트워크에 등록하는 DID 생성부; 및a DID generating unit that generates a corporate DID for a request for identity verification and approval of corporate DID issuance and registers it in the blockchain network; and
    생성된 DID를 담당자 단말 또는 대표자 단말에 배포하는 DID 배포부DID distribution unit that distributes the generated DID to the terminal in charge or the representative terminal
    를 포함하는 블록체인 기반 법인DID 서비스 제공 시스템.A blockchain-based corporate DID service providing system that includes
  5. 제 4 항에 있어서,5. The method of claim 4,
    상기 DID 생성부는,The DID generating unit,
    상기 담당자 단말로부터 제공되는 법인인감 이미지 파일 및 사용목적을 가공하여 법인관련 데이터를 생성하고, 상기 법인관련 데이터를 상기 법인DID의 DID 도큐먼트에 반영하는 블록체인 기반 법인DID 서비스 제공 시스템.A blockchain-based corporate DID service providing system that generates corporate-related data by processing the corporate seal image file and purpose of use provided from the terminal in charge, and reflects the corporation-related data in the DID document of the corporation DID.
  6. 제 5 항에 있어서,6. The method of claim 5,
    상기 법인관련 데이터는,The corporate-related data is
    상기 법인인감 이미지 파일을 소정의 해시함수를 통해 해싱한 데이터를 포함하는 블록체인 기반 법인DID 서비스 제공 시스템.A blockchain-based corporate DID service providing system including data obtained by hashing the corporate seal image file through a predetermined hash function.
  7. 제 4 항에 있어서,5. The method of claim 4,
    상기 DID 발행자 서버는,The DID issuer server,
    상기 법인DID에 대하여 사용기간을 포함하는 사용내역 발생시, 상기 사용내역을 해싱하여 상기 법인DID의 DID 도큐먼트에 추가하여 상기 블록체인 네트워크에 등록하고, 상기 사용기간을 경과하면 상기 법인DID를 폐기하고 상기 블록체인 네트워크에 등록하는 DID 관리부When a usage history including a period of use is generated for the corporate DID, the use history is hashed, added to the DID document of the corporate DID, and registered in the blockchain network. When the period of use has elapsed, the corporate DID is discarded and the DID management unit that registers in the blockchain network
    를 더 포함하는 블록체인 기반 법인DID 서비스 제공 시스템.A blockchain-based corporate DID service providing system that further includes.
  8. 발급된 DID를 저장하는 블록체인 네트워크를 이용한 법인DID 서비스 제공 방법에 있어서,In the method of providing a corporate DID service using a blockchain network that stores the issued DID,
    담당자 단말이 기업 담당자의 신원을 증명하는 제1 개인DID를 이용하여 기업 담당자가 속한 기업의 법인DID의 발급을 DID 발행자 서버에 요청하는 단계;requesting, by the person in charge terminal, the issuance of a corporate DID of the company to which the person in charge of the company belongs, to the DID issuer server using a first personal DID that proves the identity of the person in charge of the company;
    상기 DID 발행자 서버가 신원 검증된 제1 개인DID에 의해 요청된 법인DID 발급 요청에 대하여 대표자 단말에 사용 승인을 회신하는 단계;sending, by the DID issuer server, an approval of use to the representative terminal in response to the corporate DID issuance request requested by the first personal DID whose identity has been verified;
    상기 대표자 단말이 상기 법인DID의 발급 요청에 응답하여, 기업 대표자의 신원을 증명하는 제2 개인DID를 이용하여 상기 법인DID에 대한 사용 승인을 상기 DID 발행자 서버에 요청하는 단계;requesting, by the representative terminal, an approval for use of the corporate DID from the DID issuer server by using a second personal DID that certifies the identity of the corporate representative in response to the request for issuing the corporate DID;
    상기 DID 발행자 서버가 상기 대표자 단말로부터 사용 승인된 법인DID 발급 요청건에 대하여, 상기 제1 및 제2 개인DID와 법인관련 데이터를 조합하여 법인DID를 발급하는 단계; 및issuing, by the DID issuer server, a corporate DID by combining the first and second personal DIDs with corporate-related data in response to a corporate DID issuance request approved for use from the representative terminal; and
    상기 DID 발행자 서버가 발급된 법인DID를 상기 블록체인 네트워크에 등록 및 상기 담당자 단말에 배포하는 단계Registering, by the DID issuer server, the issued corporate DID to the blockchain network and distributing it to the terminal in charge
    를 포함하는 블록체인 기반 법인DID 서비스 제공 방법.A method of providing a blockchain-based corporate DID service, including
  9. 제 8 항에 있어서,9. The method of claim 8,
    상기 담당자 단말이 기업 담당자의 신원을 증명하는 제1 개인DID를 이용하여 기업 담당자가 속한 기업의 법인DID의 발급을 DID 발행자 서버에 요청하는 단계 이전에,Prior to the step of the terminal in charge requesting the issuance of the corporate DID of the company to which the company person belongs by using the first personal DID that proves the identity of the person in charge of the company, the DID issuer server
    상기 담당자 단말이 상기 DID 발행자 서버에 상기 제1 개인DID의 발급을 요청하는 단계;requesting, by the person in charge terminal, to issue the first personal DID to the DID issuer server;
    상기 DID 발행자 서버가 해당 기업 담당자에 대한 제1 개인DID을 발급 및 상기 블록체인 네트워크에 등록하는 단계; issuing, by the DID issuer server, a first personal DID for the person in charge of the company and registering it in the blockchain network;
    상기 DID 발행자 서버가 등록된 제1 개인DID를 상기 담당자 단말에 배포하는 단계; 및distributing, by the DID issuer server, the registered first personal DID to the terminal in charge; and
    상기 담당자 단말이 배포된 제1 개인DID를 저장소에 저장하는 단계Storing, by the person in charge terminal, the distributed first personal DID in a storage
    를 포함하는 블록체인 기반 법인DID 서비스 제공 방법.A method of providing a blockchain-based corporate DID service, including
  10. 제 8 항에 있어서,9. The method of claim 8,
    상기 대표자 단말이 상기 법인DID의 발급 요청에 응답하여, 기업 대표자의 신원을 증명하는 제2 개인DID를 이용하여 상기 법인DID에 대한 사용 승인을 상기 DID 발행자 서버에 요청하는 단계 이전에,Prior to the step of the representative terminal requesting the DID issuer server for approval of use of the corporate DID by using a second personal DID that proves the identity of the corporate representative in response to the request for issuing the corporate DID,
    상기 대표자 단말이 상기 DID 발행자 서버에 상기 제2 개인DID의 발급을 요청하는 단계;requesting, by the representative terminal, to issue the second personal DID to the DID issuer server;
    상기 DID 발행자 서버가 해당 기업 대표자에 대한 제2 개인DID을 발급 및 상기 블록체인 네트워크에 등록하는 단계; issuing, by the DID issuer server, a second personal DID for the corresponding company representative and registering it in the blockchain network;
    상기 DID 발행자 서버가 등록된 제2 개인DID를 상기 대표자 단말에 배포하는 단계; 및distributing, by the DID issuer server, the registered second personal DID to the representative terminal; and
    상기 대표자 단말이 배포된 제2 개인DID를 저장소에 저장하는 단계Storing, by the representative terminal, the distributed second personal DID in a storage
    를 포함하는 블록체인 기반 법인DID 서비스 제공 방법.A method of providing a blockchain-based corporate DID service, including
  11. 제 8 항에 있어서,9. The method of claim 8,
    상기 DID 발행자 서버가 상기 대표자 단말로부터 사용 승인된 법인DID 발급 요청건에 대하여, 상기 제1 및 제2 개인DID와 법인관련 데이터를 조합하여 법인DID를 발급하는 단계는,The step of issuing, by the DID issuer server, a corporate DID by combining the first and second personal DIDs with corporate-related data in response to a corporate DID issuance request approved for use from the representative terminal,
    상기 담당자 단말이 상기 DID 발행자 서버에 법인인감 이미지 파일 및 사용목적을 제공하는 단계;providing, by the person in charge terminal, a corporate seal image file and purpose of use to the DID issuer server;
    상기 DID 발행자 서버가 제공된 법인인감 이미지 파일 및 사용목적을 가공하여 법인관련 데이터를 생성하는 단계; 및generating corporate-related data by processing the corporate seal image file provided by the DID issuer server and the purpose of use; and
    상기 DID 발행자 서버가 상기 법인관련 데이터를 상기 법인DID의 DID 도큐먼트에 반영하는 단계The step of the DID issuer server reflecting the corporation-related data in the DID document of the corporation DID
    를 포함하는 블록체인 기반 법인DID 서비스 제공 방법.A method of providing a blockchain-based corporate DID service, including
  12. 제 11 항에 있어서,12. The method of claim 11,
    상기 법인관련 데이터는,The corporate-related data is
    상기 법인인감 이미지 파일을 소정의 해시함수를 통해 해싱한 데이터를 포함하는 블록체인 기반 법인DID 서비스 제공 방법.A method of providing a blockchain-based corporate DID service including data obtained by hashing the corporate seal image file through a predetermined hash function.
  13. 제 8 항에 있어서,9. The method of claim 8,
    상기 DID 발행자 서버가 발급된 법인DID를 상기 블록체인 네트워크에 등록 및 상기 담당자 단말에 배포하는 단계 이후,After the DID issuer server registers the issued corporate DID in the blockchain network and distributes it to the terminal in charge,
    상기 DID 발행자 서버가 상기 법인DID에 대하여 사용기간을 포함하는 사용내역 발생시, 상기 사용내역을 해싱하고 상기 법인DID의 DID 도큐먼트에 추가하여 상기 블록체인 네트워크에 등록하는 단계; 및when the DID issuer server generates a usage history including a usage period for the corporate DID, hashing the usage history, adding it to the DID document of the corporate DID, and registering it in the blockchain network; and
    상기 DID 발행자 서버가 상기 사용기간을 경과하면 상기 법인DID를 폐기하고, 상기 블록체인 네트워크에 등록하는 단계When the DID issuer server expires the use period, the corporate DID is discarded and registered in the blockchain network.
    를 포함하는 블록체인 기반 법인DID 서비스 제공 방법.A method of providing a blockchain-based corporate DID service, including
PCT/KR2022/000038 2021-01-06 2022-01-04 System and method for providing blockchain-based corporate did service WO2022149816A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020210001511A KR102302097B1 (en) 2021-01-06 2021-01-06 System and method for providing decentralized identity service for corporation based on block chain
KR10-2021-0001511 2021-01-06

Publications (1)

Publication Number Publication Date
WO2022149816A1 true WO2022149816A1 (en) 2022-07-14

Family

ID=77793513

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2022/000038 WO2022149816A1 (en) 2021-01-06 2022-01-04 System and method for providing blockchain-based corporate did service

Country Status (2)

Country Link
KR (1) KR102302097B1 (en)
WO (1) WO2022149816A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102302097B1 (en) * 2021-01-06 2021-09-15 이화여자대학교 산학협력단 System and method for providing decentralized identity service for corporation based on block chain
KR20230108953A (en) * 2022-01-12 2023-07-19 (주)가민정보시스템 System and method for authentication service management based self-sovereign identity

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102139645B1 (en) * 2020-04-13 2020-07-30 주식회사 한국정보보호경영연구소 System for Certificating identity based on Blockchain and Driving method thereof
KR102131206B1 (en) * 2019-08-30 2020-08-05 비씨카드(주) Method, service server and authentication server for providing corporate-related services, supporting the same
KR102166233B1 (en) * 2018-10-11 2020-10-15 주식회사 디지털존 Certificate issuance system based on blockchain technology and control method thereof
KR102173426B1 (en) * 2020-07-08 2020-11-03 주식회사 아이오트러스트 Privacy preserving public key infrastructure based self sign and verification system and method in decentralized identity
KR102197218B1 (en) * 2019-07-31 2021-01-04 주식회사 티이이웨어 System and method for providing distributed id and fido based block chain identification
KR102302097B1 (en) * 2021-01-06 2021-09-15 이화여자대학교 산학협력단 System and method for providing decentralized identity service for corporation based on block chain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102166233B1 (en) * 2018-10-11 2020-10-15 주식회사 디지털존 Certificate issuance system based on blockchain technology and control method thereof
KR102197218B1 (en) * 2019-07-31 2021-01-04 주식회사 티이이웨어 System and method for providing distributed id and fido based block chain identification
KR102131206B1 (en) * 2019-08-30 2020-08-05 비씨카드(주) Method, service server and authentication server for providing corporate-related services, supporting the same
KR102139645B1 (en) * 2020-04-13 2020-07-30 주식회사 한국정보보호경영연구소 System for Certificating identity based on Blockchain and Driving method thereof
KR102173426B1 (en) * 2020-07-08 2020-11-03 주식회사 아이오트러스트 Privacy preserving public key infrastructure based self sign and verification system and method in decentralized identity
KR102302097B1 (en) * 2021-01-06 2021-09-15 이화여자대학교 산학협력단 System and method for providing decentralized identity service for corporation based on block chain

Also Published As

Publication number Publication date
KR102302097B1 (en) 2021-09-15

Similar Documents

Publication Publication Date Title
WO2020192743A1 (en) Permission management method, permission validation method and related apparatuses
WO2018124857A1 (en) Blockchain database-based method and terminal for authenticating user non-face-to-face by utilizing mobile id, and server utilizing method and terminal
Brodersen et al. Blockchain: securing a new health interoperability experience
WO2018070848A1 (en) Method for providing smart contract-based certificate service, and server employing same
WO2018151427A1 (en) Method for superseding log-in of user through pki-based authentication by using smart contact and blockchain database, and server employing same
WO2022149816A1 (en) System and method for providing blockchain-based corporate did service
JP5869052B2 (en) Inclusive verification of platform to data center
US7953977B2 (en) Security and ticketing system control and management
US9769137B2 (en) Extensible mechanism for securing objects using claims
CN116132063A (en) Security token distribution
JP2022552111A (en) Method and device for implementing identity verification on blockchain
CN109150547B (en) System and method for real-name registration of digital assets based on block chain
US11258771B2 (en) Systems and methods for sending user data from a trusted party to a third party using a distributed registry
CN115176247A (en) Delegation using paired decentralized identifiers
WO2018220541A1 (en) Protocol-based system and method for establishing a multi-party contract
CN112968779B (en) Security authentication and authorization control method, control system and program storage medium
WO2019225850A1 (en) Method and apparatus for processing certificate information
CN115022039B (en) Information processing method, apparatus, device and storage medium
WO2022107949A1 (en) Digital id storage and linkage service model
JP2002007344A (en) System and method for authentication for plural services
JP3996022B2 (en) IC card service use permission method and system for multiple service users
Lowry Location-independent information object security
Reece et al. Self-Sovereign Identity in a World of Authentication: Architecture and Domain Usecases
Hariharasudan et al. A Review on Blockchain Based Identity Management System
JP2000163375A (en) Method for managing right of access between plural edi systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22736793

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 23.11.2023)