WO2022149816A1 - Système et procédé pour fournir un service général did basé sur une chaîne de blocs - Google Patents

Système et procédé pour fournir un service général did basé sur une chaîne de blocs Download PDF

Info

Publication number
WO2022149816A1
WO2022149816A1 PCT/KR2022/000038 KR2022000038W WO2022149816A1 WO 2022149816 A1 WO2022149816 A1 WO 2022149816A1 KR 2022000038 W KR2022000038 W KR 2022000038W WO 2022149816 A1 WO2022149816 A1 WO 2022149816A1
Authority
WO
WIPO (PCT)
Prior art keywords
corporate
personal
terminal
issuer server
charge
Prior art date
Application number
PCT/KR2022/000038
Other languages
English (en)
Korean (ko)
Inventor
채상미
박민정
김종현
이명준
Original Assignee
이화여자대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 이화여자대학교 산학협력단 filed Critical 이화여자대학교 산학협력단
Publication of WO2022149816A1 publication Critical patent/WO2022149816A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/26Government or public services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators

Definitions

  • the present invention relates to a corporate DID (Decentralized Identity) service providing system, and in particular, to a blockchain-based corporate DID service providing system and method that provides an electronic corporate authentication means through decentralized, decentralized identification based on blockchain technology. it's about
  • a corporate seal card is required to prove that it is a corporation in order to issue a corporate seal certificate and a certified copy of corporation registration.
  • the above corporate seal card is a physical card, introduced for the purpose of convenient business processing, and has an advantage in that electronic registration and unmanned document issuance are possible. As such, if the person in charge of the company abuses it without the approval of the representative of the corporation, there is a risk that it can be abused by issuing corporate documents.
  • the corporate seal card has a limitation that the company representative cannot substantially handle all the procedures such as issuance and submission of documents necessary for business operation, such as accredited certificates and corporate seal cards. However, it is not free from low security and safety problems caused by employee abuse and hacking.
  • the electronic signature was developed for the use of electronic contracts and e-commerce transactions, and the purpose is to provide integrity and non-repudiation functions so that it is impossible to change or delete the contents of the signed document and to deny the fact of the signature.
  • the verification key uses the public key method. It is impossible to verify whether the sender's public key is correct, and there is a possibility that a problem may occur if a hacker deceives himself as the sender and sends it.
  • the present invention has been devised to solve the above problems, and the present invention provides a corporate DID, a new concept authentication means based on a decentralized identity (DID) technology that can replace the existing corporate seal card. There is a task to do.
  • DID decentralized identity
  • the blockchain-based corporate DID service providing system uses a blockchain network that stores the issued DID, and a first personal DID that certifies the identity of the person in charge of the company.
  • a person in charge terminal requesting issuance of the corporate DID of the company to which the person in charge belongs, a representative terminal that approves the use of the corporate DID using a second personal DID that certifies the identity of the corporate representative in response to the request for issuance of the corporate DID; and , in response to a corporate DID issuance request approved for use by the representative terminal, a corporate DID is issued by combining the first and second personal DIDs with corporate-related data, and the issued corporate DID is registered in the blockchain network and the person in charge It may include a DID issuer server distributed to the terminal.
  • the terminal in charge requests issuance of the first personal DID to the DID issuer server, a personal DID management unit receiving the issued first personal DID, and the DID issuer server to request issuance of the corporate DID, and the corporation
  • a corporate DID management unit that receives related data and submits it to the DID issuer server, receives the issued corporate DID, a corporate DID submitter that submits the distributed corporate DID to the service provider server according to the purpose of use, and the first personal DID and a storage for storing the corporate DID.
  • the representative terminal requests issuance of the second personal DID from the DID issuer server, a personal DID management unit receiving the issued second personal DID, and a corporate representative authority to receive approval for use of the corporate DID issuance request. and a storage for storing the use approval unit provided to the DID issuer server and the second personal DID.
  • the DID issuer server includes an issuance reception unit that receives a request for issuance of a DID from the person in charge terminal and the representative terminal, an identity verification unit that verifies the identity of the person in charge of the company and the company representative using the first and second personal DIDs, and identity verification Approval request unit that requests approval of use from the representative terminal of the company representative for the requested corporate DID issuance, and a DID generator that generates and registers corporate DIDs for corporate DID issuance requests that have been verified and approved for use in the blockchain network and a DID distribution unit distributing the generated DID to a terminal in charge or a representative terminal.
  • the DID generating unit may generate corporate-related data by processing the corporate seal image file and purpose of use provided from the terminal in charge, and reflect the corporation-related data in the DID document of the corporation DID.
  • the corporation-related data may include data obtained by hashing the corporate seal image file through a predetermined hash function.
  • the DID issuer server when a usage history including a usage period occurs for the corporate DID, hashes the usage history, adds it to the DID document of the corporate DID, registers it in the blockchain network, and when the usage period elapses, the It may further include a DID management unit that discards the corporate DID and registers it in the blockchain network.
  • a corporate DID service providing method using a block chain network is a corporate DID service providing method using a block chain network storing the issued DID, , requesting, by the person in charge terminal, to the DID issuer server for issuance of a corporate DID of the company to which the person in charge belongs by using the first personal DID that proves the identity of the person in charge of the company; replying to the representative terminal for approval of use in response to the corporate DID issuance request requested by the company; requesting the DID issuer server for permission to use the issuing the DID, and registering the corporate DID issued by the DID issuer server to the block chain network and distributing the issued corporate DID to the terminal in charge.
  • the terminal in charge Before the step in which the person in charge terminal requests the DID issuer server to issue a corporate DID of the company to which the person in charge belongs using the first personal DID that proves the identity of the person in charge of the company, the terminal in charge sends the first personal DID to the DID issuer server 1 requesting the issuance of a personal DID, the DID issuer server issuing a first personal DID for the person in charge of the company and registering the first personal DID in the blockchain network, and the DID issuer server sends the registered first personal DID to the person in charge It may include distributing to the terminal, and storing the distributed first personal DID in a storage by the terminal in charge.
  • the representative terminal Before the representative terminal requests the DID issuer server to approve the use of the corporate DID using a second personal DID that proves the identity of the corporate representative in response to the corporate DID issuance request, the representative terminal requesting the DID issuer server to issue the second personal DID, the DID issuer server issuing a second personal DID for the company representative and registering it in the blockchain network, the DID issuer server registering
  • the method may include distributing the distributed second personal DID to the representative terminal, and storing the distributed second personal DID by the representative terminal in a storage.
  • the step of issuing, by the DID issuer server, a corporate DID by combining the first and second personal DIDs with corporate-related data in response to a corporate DID issuance request approved for use by the representative terminal comprises: the terminal in charge of the DID issuer server providing a corporate seal image file and purpose of use to the server, generating corporate related data by processing the corporate seal image file and purpose of use provided by the DID issuer server; and, by the DID issuer server, reflecting the corporation-related data in the DID document of the corporation DID.
  • the corporation-related data may include data obtained by hashing the corporate seal image file through a predetermined hash function.
  • the DID issuer server After the DID issuer server registers the issued corporate DID in the block chain network and distributes it to the terminal in charge, when the DID issuer server generates usage details including the period of use for the corporate DID, the usage details are hashed and registering in the blockchain network by adding it to the DID document of the corporate DID; and discarding the corporate DID when the DID issuer server elapses the period of use and registering in the blockchain network. have.
  • self-sovereign identity security and data ownership, which is the purpose of the development of DID, which is being developed mainly for individuals, can be extended to corporations, and currently, electronic contracts, electronic registration, electronic financial transactions, etc. It has the effect of solving various problems such as the existence of accompanying security vulnerabilities, low trust between transaction parties, inability to guarantee the safety of transactions, abuse of personal information, and complicated and cumbersome document procedures required to conduct electronic transactions.
  • FIG. 1 is a diagram schematically showing the overall structure of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • FIG. 2 is a diagram showing the structure of a terminal in charge of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • FIG. 3 is a diagram showing the structure of a DID issuer server of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • FIG. 4 is a diagram illustrating a method of providing a corporate DID service by a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • FIG. 5 is a diagram illustrating a personal DID or corporate DID issuance procedure applied to a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • each function implemented in the system of the present invention may be configured as a module unit program, and may be recorded in one physical memory, or may be recorded while being distributed between two or more memories and recording media.
  • a term indicating a 'blockchain-based corporate DID service providing system' may be abbreviated as 'corporate DID service providing system' or 'system'.
  • ' ⁇ terminal' is a concept indicating a predetermined computing device that accesses the system and requests a service, or an application program itself running in the predetermined computing device.
  • FIG. 1 is a diagram schematically showing the overall structure of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • the blockchain-based corporate DID service providing system uses a blockchain network 100 that stores the issued DID, and a first personal DID that certifies the identity of the person in charge of the company.
  • a first personal DID that certifies the identity of the person in charge of the company.
  • a second personal DID that proves the identity of the corporate representative in response to the request for issuance of the corporate DID
  • a corporate DID is issued by combining the first and second personal DIDs and corporate-related data, and the issued corporate DID is applied to the blockchain network 100
  • It may include a DID issuer server 400 for registering and distributing to the terminal 200 in charge.
  • the blockchain network 100 includes a plurality of distributed ledgers for identity verification, and participants in the blockchain network 100 use a distributed ledger through a smart contract according to a predetermined consensus procedure. information can be recorded or retrieved.
  • the issued corporate DID and DID document are distributed and stored in a plurality of blocks, and the DID document for the corporate DID provided from the terminal 200 in charge according to the request of the service provider server 600 is provided.
  • the service provider server 600 identifies the purpose of the corresponding company and corporate DID, and confirms the authority to provide the requested service.
  • the person in charge terminal 200 is a terminal device or application program used by an employee belonging to the corresponding company, and an employee who has the authority to manage and use a certified copy of the corporate register, a corporate seal seal, and a user registration certificate is a corporate transaction through the system of the present invention.
  • a corporate DID can be applied for, issued, and provided to the service provider as a means of proof of corporate identity for contract and other procedures.
  • the person in charge of the company is issued a personal DID that can prove that he or she is the person in charge with the authority of the job through the system using the person in charge terminal 200, and the representative of the company using the personal DID
  • the company upon completion of approval, the company will request issuance of a corporate DID using his/her personal DID and the representative's personal DID.
  • the corporate person in charge provides the corporate DID to the service provider server 600 for performing the intended task to perform the identity verification procedure. and can carry out the task.
  • the representative terminal 300 is a terminal device or application program used by a representative who possesses and manages a corporate seal, such as the representative director of the company, and replaces the corporate seal by the person in charge of the company for tasks requiring the sealing of the corporate seal, such as a corporate contract.
  • a corporate seal such as the representative director of the company
  • the use of corporate DID may be approved.
  • the company representative is issued a personal DID that can prove that he is a representative through the system using his/her representative terminal 300, and after that, when an approval for issuance of the corporate DID is requested from the person in charge terminal 200, By using their personal DID to verify identity and to process approval for issuance requests, the company person in charge can be issued a corporate DID.
  • PCS Personal Communication System
  • GSM Global System for Mobile communications
  • PDC Personal Digital Cellular
  • PHS Personal Handyphone System
  • PDA Personal Digital Assistant
  • IMT International Mobile Telecommunication
  • CDMA Code Division Multiple Access
  • W-CDMA Wide-Code Division Multiple Access
  • Wibro Wireless Broadband Internet
  • smartphone All kinds of handheld-based mobile terminal devices such as (smartphone), smart pad (smartpad), tablet PC (Tablet PC), etc., computing devices such as stationary PCs and notebooks may be used.
  • the DID issuer server 400 may issue and register a personal DID for identification in the block chain network 100 according to the request of the registered manager terminal 200 and the representative terminal 300 of each registered company, and also the authority In accordance with the request of the terminal 200 in charge of having a representative terminal 300 having an obligation to manage, use, etc. the corporate seal may request approval for use.
  • the DID issuer server 400 may be operated by a separate company or institution, or may be independently operated by a company that wants to use the corporate DID service.
  • the DID issuer server 400 of the present invention may be mounted on a server itself operated by an institution or company that intends to introduce the system of the present invention, or may provide a service in connection with a corporate server.
  • the DID issuer server 400 generates a corporate DID for a use request normally approved by the representative terminal 300 and registers it in the block chain network 100, and distributes the corporate DID to the requested person in charge terminal 200.
  • the DID issuer server 400 is a separate company or institution in order to verify the ownership of the DID submitted by the requester when the DID issuance request of the person in charge terminal 200 and the representative terminal 300 is requested. You can also request authentication for DID ownership from a server operated by others.
  • the DID issuer server 400 includes a high-performance microprocessor and large capacity to quickly respond without errors and delays to personal DID and corporate DID issuance requests, use approvals, etc. of a plurality of the person in charge terminal 200 and the representative terminal 300 .
  • a server device equipped with memory and storage may be used.
  • the personal DID stored in the blockchain network is stored using the authentication value generated by the user's private key.
  • the public key included in the DID document it is possible to verify the user, that is, the company representative or the company representative.
  • the service provider server 600 is a server device that provides various corporate business services performed by a corporation through a corporate seal or corporate seal card. It can be performed through the corporate DID provided by the system of the present invention.
  • This service provider server 600 refers to the DID document identified through the corporate DID from the blockchain network when the person in charge terminal 200 requests a predetermined corporate business process through the corporate DID, and the DID ownership of the corporation DID, purpose of use and scope, and provide the requested service through the corporate DID whose identity has been verified through the identity verification process.
  • the blockchain-based corporate DID service providing system provides a number of necessary documents such as a corporate registration certificate and corporate seal stamp required to perform business such as corporate contracts in each company.
  • the corporate person in charge can receive a one-time corporate DID according to the purpose through his/her terminal and perform related tasks, thereby solving various problems such as complex document processing, misuse of corporate documents and security vulnerabilities, and stabilizing corporate transactions. And there is an effect that can handle the work.
  • each component constituting the person in charge terminal 200 and the person in charge terminal 200 may be composed of a computer program executable by a known microprocessor, and is recorded on a readable and writable recording medium and mounted on the terminal device.
  • FIG. 2 is a diagram showing a terminal 200 in charge of a blockchain-based corporate DID service providing system according to an embodiment of the present invention requests the DID issuer server 400 to issue the first personal DID, and the issued first personal DID Requests issuance of corporate DID to the personal DID management unit 210 receiving the distribution, DID issuer server 400, receives corporate-related data, submits it to the DID issuer server 400, and receives corporate DID distribution It may include a management unit 220, a corporate DID submission unit 230 for submitting the distributed corporate DID to the service provider server 600 according to the purpose of use, and a storage 240 for storing the first personal DID and corporate DID. have.
  • the personal DID management unit 210 may provide various management functions for the first personal DID, which is the DID issued to the person in charge of the company.
  • the personal DID management unit 210 may request the issuance of the first personal DID for identification as a person belonging to the corresponding company, the DID issuer server 400, a server operated by the company, or the like, and the issued first individual
  • the DID may be stored in the storage 240 and, later, when the person in charge of the company wants to prove his/her identity, the stored first personal DID may be submitted to perform an identity verification procedure.
  • the corporate DID management unit 220 may provide a function related to the corporate DID.
  • a first personal DID may be issued, and a corporate DID for business processing may be generated and distributed based on this.
  • the person in charge of the company holding the first personal DID may request issuance of the corporate DID through the person in charge terminal 200 when a business requiring a corporate seal, such as a corporate contract, is performed, and the corporate DID management unit 220 is stored in the storage 240 .
  • the first personal DID may be submitted to the DID issuer server 400 and an application for the corporate DID may be issued.
  • the corporate DID management unit 220 may receive information such as the purpose of use of the corporate DID, the submitting institution (company), the corporate representative name and date, and the like, from the person in charge of the corporation.
  • the DID issuer server 400 may identify a corporate representative in response to a corporate DID issuance application and request approval for corporate DID issuance from the representative terminal.
  • the corporate DID management unit 220 may store the distributed corporate DID in the storage 240 .
  • the corporate DID submission unit 230 may submit the corporate DID stored in the storage 240 to the service provider server 600 according to the execution of the corporate person in charge.
  • the corporate DID submission unit 230 may register information such as a submission destination and usage history of the corporate DID in the blockchain network.
  • the storage 240 may store a personal DID and a corporate DID that are currently in effect. Of these, in general, as a corporate DID has a period of use, a corporate DID whose use period has elapsed may be automatically discarded.
  • the person in charge terminal 200 may be stored in a Trusted Execution Environment (TEE) area within the terminal so that the person in charge of the company can manage his/her personal information including personal DID, Accordingly, the storage 240 may exist in the TEE area.
  • TEE Trusted Execution Environment
  • the aforementioned TEE stores personal information including DID on a processor in which a secure normal area and a secure area in which a general application is executed are separated, and information exchange with the general area is controlled and There are features that support security software to run safely.
  • an architecture-based processor of ARM Corporation is widely used, and when an ARM processor is installed in the terminal in charge 200 , personal information is stored in TrustZone for TEE support. can be recorded and managed.
  • TPM Trusted Platform Module
  • the representative terminal used by the representative who performs approval for the corporate DID request may also include a component for using the system.
  • the representative terminal requests the issuance of the second personal DID from the DID issuer server and the personal DID management unit that receives the issued personal DID, and the corporate DID issuance request request from the person in charge terminal 200 with the authority of the company representative. It may include a usage approval unit that receives the usage approval input and provides it to the DID issuer server 400, and a storage for storing the second personal DID.
  • FIG. 3 is a diagram showing the structure of a DID issuer server of a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • the DID issuer server 400 of the blockchain-based corporate DID service providing system receives a DID issuance request from the person in charge terminal 200 and the representative terminal 300. 410), an identity verification unit 420 that performs identity verification using the first and second personal DIDs, and an approval request unit that requests approval of use from the representative terminal of the company representative in response to a request for issuance of the verified corporate DID ( 430), a DID generating unit 440 that generates a corporate DID for a corporate DID issuance request that is verified and approved for use and registers it in the blockchain network 100, and uses the generated DID to the person in charge terminal 200 or the representative terminal 300 ), when the usage history including the period of use for the DID distribution unit 450 and the corporate DID occurs, the usage history is hashed and added to the DID document of the corporate DID, registered in the blockchain network 100, and allowed to use time It may include a DID management unit 460 that discards the corporate DID and
  • the issuance reception unit 410 may receive the first personal DID according to the request of the person in charge terminal 200 to receive the issuance request for the corporate DID.
  • a person in charge of a company who wants to use the corporate DID for business may submit the first personal DID stored in the person in charge terminal 200 to the DID issuer server 400 and apply for issuance of the corporate DID, and the issuance reception unit 410 is the first individual You can input DID and various information necessary for issuing corporate DID.
  • the identity verification unit 420 may perform an identity verification procedure for the submitted first personal DID in response to the corporate DID issuance request.
  • the identity verification unit 420 may request identification for the first personal DID by obtaining a DID document from the blockchain network 100 through the first personal DID and confirming the public key.
  • the person in charge terminal 200 generates a public key authentication value using the private key and provides it to the identity verification unit 420 , and the identity verification unit 420 checks the authentication value using the public key, so that the identity will be verified.
  • the identity verification unit 420 may verify the identity of the second personal DID, that is, the company representative, according to the same procedure as above.
  • the approval request unit 430 may request approval for use of the corporate DID request from the representative terminal 300 of the company representative of the identified company, and the corporate representative whose identity is verified through the second personal DID. It is possible to confirm the issuance of the corporate DID by receiving a reply from the representative terminal 300 of the use approval.
  • the DID generator 440 may generate a corporate DID in response to a corporate DID request for which the corporate DID issuance is confirmed according to the approval of use of the representative terminal 300 .
  • the DID generating unit 440 according to an embodiment of the present invention generates the corporate DID of the corresponding company, the first and second personal DIDs with the verified identity, the image file for the actual corporate seal, and the terminal 200 in charge. ), a unique index can be created by combining information including the purpose of use, period of use, etc. of the corporate seal input by It is possible to create a corporate DID and its DID document by reflecting it in the DID document.
  • a hash function may be used in a given method according to the characteristics of the platform of the applied blockchain network 100, and it is not limited to the method applied to a specific platform.
  • the DID distribution unit 450 may distribute the generated corporate DID to the terminal 200 in charge, and record and register the corporate DID and DID document in the blockchain network 100 .
  • the DID generator 440 generates a transaction by executing a smart contract for registration of corporate DID, and the blockchain network 100 determines the legitimacy of the transaction through a known consensus algorithm, and distributes and stores it in the distributed ledger.
  • the person in charge terminal 200 may use the corporate DID for business operation, and when using the corporate DID, the service providing server may proceed normally according to whether or not it meets the predetermined purpose of use in the identity verification procedure or the like. That is, the corporate DID according to the embodiment of the present invention has the effect of sealing the corporate seal only when it meets a preset purpose of use.
  • DID management unit 460 after distribution of the corporate DID, when a business using the corporate DID by the person in charge terminal 200 occurs, identification of the service provider server that handles the business, the DID document reference, etc. When procedures such as reference are in progress, the details After tracking, the distributed ledger related to the corporate DID can be updated, or the details of the corporate DID can be additionally recorded.
  • the DID management unit 460 hashes the usage history, including the usage period, for the corporate DID, generates a transaction for the block chain network 100, and adds it to the DID document of the corporate DID. can be registered in
  • the DID management unit 460 discards the corporate DID so that the corporate DID cannot be used any more when the permitted time has elapsed. can do. This is to secure the transparency of transaction details by preserving all transaction details related to corporate DID.
  • FIG. 4 is a diagram illustrating a method of providing a corporate DID service by a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • the corporate DID service providing method by the blockchain-based corporate DID service providing system is a corporate DID service providing method using the blockchain network 100 that stores the issued DID.
  • the step (S100) of the person in charge terminal 200 requesting the DID issuer server 400 to issue a corporate DID of the company to which the person in charge belongs by using the first personal DID that proves the identity of the person in charge of the company (S100), the DID issuer server Step (400) requesting approval for use of the corporate DID issued by the first personal DID requested by the identity-verified first personal DID to the representative terminal 300 (S200), the representative terminal 300 responds to the corporate DID issuance request
  • a step of replying to the DID issuer server the approval for use of the corporate DID (S300) the DID issuer server issues the corporate DID approved for use from the representative terminal 300
  • step (S100) in which the terminal in charge requests the DID issuer server to issue a corporate DID of the company to which the person in charge belongs by using the first personal DID that proves the identity of the person in charge of the company, the company in agreement with the system of the present invention
  • the company manager In order to perform a business that requires a corporate seal by using the first personal DID for identification verification, the company manager, such as executives and employees of You can request the issuance of a corporate DID.
  • the first personal DID may be issued directly from the corporate server operated by the company to which the first personal DID belongs, or may be issued from the DID issuer server through the personal DID issuance service of the DID issuer server of the present invention.
  • step (S200) of the DID issuer server requesting approval for use to the representative terminal for the corporate DID issuance request requested by the first personal DID whose identity has been verified.
  • the representative terminal requests the DID issuer server to approve the use of the corporate DID using the second personal DID that proves the identity of the corporate representative (S300), If the corporate representative approves upon request, the representative terminal submits the stored second personal DID to the DID issuer server and approves the issuance of the corporate DID.
  • the second personal DID may be issued by the same procedure, except that the subject is different from the first personal DID described above.
  • step (S400) of the DID issuer server issuing a corporate DID by combining the first and second personal DIDs with corporate-related data in response to a corporate DID issuance request approved for use from the representative terminal, After creating a unique index by combining the first and second personal DIDs certified by the company, information including the purpose and period of use of the corporate DID, and the image file for the actual corporate seal, hashing the result of the combination, By creating a corporate DID that includes a unique index in the DID document and registering it in the blockchain network, a corporate DID for the request is issued.
  • step (S500) of the DID issuer server registering the issued corporate DID in the block chain network and distributing the corporate DID to the terminal in charge
  • the DID issuer server transmits the corporate DID issued in step S400 to the terminal in charge of the requesting distribution procedure.
  • the terminal in charge may use the corporate DID stored therein to replace the corporate seal according to the purpose of use to process tasks such as corporate contracts.
  • step S500 if it is submitted to the service provider server according to the purpose of use of the corporate DID or the period of use has elapsed, the DID issuer server additionally records the usage history in the DID document of the corporate DID of the blockchain network, and discards the corporate DID. can do.
  • FIG. 5 is a diagram illustrating a personal DID or corporate DID issuance procedure applied to a blockchain-based corporate DID service providing system according to an embodiment of the present invention.
  • the following description exemplifies how DID is used for identity verification in the DID issuer server of the present invention. Some of the methods may be changed.
  • the decentralized identity authentication technology premised by the system of the present invention is an electronic identity authentication technology that stores personal information in the user's terminal and selects and submits only the necessary information for personal information authentication.
  • This has the feature of enabling self-sovereign identity verification that allows individuals to verify their identity without going through a centralized institution by using the blockchain network to directly manage their data.
  • the DID issuer server 400 in the form of, for example, 'did:sov:abcdef' (a).
  • the DID issuer server 400 can identify and obtain a DID document from 'did:sov:abcdef' registered in the blockchain network 100 (b).
  • the DID issuer server 400 refers to a database operated by itself for 'did:sov:abcdef' and checks whether the issue was issued by the company (c).
  • the authentication value generated by the private key is provided from the terminal in charge 200, and the DID issuer server 400 is the corresponding
  • the terminal in charge 200 is the owner of the personal DID (d).
  • Blockchain network 200 Person in charge terminal
  • DID distribution unit 450 DID distribution unit 460: DID management unit

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Data Mining & Analysis (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Educational Administration (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Primary Health Care (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Power Engineering (AREA)

Abstract

La présente invention concerne un système pour fournir un service général d'identité décentralisée (DID). Plus spécifiquement, la présente invention concerne un système et un procédé pour fournir un service général DID basé sur une chaîne de blocs, le système et le procédé fournissant un moyen d'authentification électronique général par l'intermédiaire du DID distribué sur la base d'une technologie de chaîne de blocs. Selon un mode de réalisation de la présente invention, l'identité auto-souveraine (SSI), qui est l'objectif d'évolution classique du DID, ayant été principalement mise au point pour des individus, et la propriété de données peuvent être étendues à la société et, actuellement, divers problèmes, tels que la présence de vulnérabilités de sécurité accompagnant des contrats électroniques, des enregistrements électroniques, des transactions financières électroniques et analogues, une faible confiance entre des parties de transaction, l'incapacité à garantir la sécurité des transactions, l'abus d'informations personnelles, et des écritures compliquées et fastidieuses requises pour effectuer la transaction électronique, peuvent être résolus.
PCT/KR2022/000038 2021-01-06 2022-01-04 Système et procédé pour fournir un service général did basé sur une chaîne de blocs WO2022149816A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020210001511A KR102302097B1 (ko) 2021-01-06 2021-01-06 블록체인 기반 법인did 서비스 제공 시스템 및 방법
KR10-2021-0001511 2021-01-06

Publications (1)

Publication Number Publication Date
WO2022149816A1 true WO2022149816A1 (fr) 2022-07-14

Family

ID=77793513

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2022/000038 WO2022149816A1 (fr) 2021-01-06 2022-01-04 Système et procédé pour fournir un service général did basé sur une chaîne de blocs

Country Status (2)

Country Link
KR (1) KR102302097B1 (fr)
WO (1) WO2022149816A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102302097B1 (ko) * 2021-01-06 2021-09-15 이화여자대학교 산학협력단 블록체인 기반 법인did 서비스 제공 시스템 및 방법
KR20230108953A (ko) * 2022-01-12 2023-07-19 (주)가민정보시스템 자기 주권 신원 기반 인증 서비스 관리 시스템

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102139645B1 (ko) * 2020-04-13 2020-07-30 주식회사 한국정보보호경영연구소 블록체인 기반의 신원증명 시스템 및 그 구동방법
KR102131206B1 (ko) * 2019-08-30 2020-08-05 비씨카드(주) 법인 관련 서비스 제공 방법, 이를 지원하는 방법, 이를 수행하는 서비스 서버 및 인증 서버
KR102166233B1 (ko) * 2018-10-11 2020-10-15 주식회사 디지털존 블록체인 기술을 이용한 전자문서 발급 시스템 및 그것의 제어 방법
KR102173426B1 (ko) * 2020-07-08 2020-11-03 주식회사 아이오트러스트 Did 환경의 프라이버시 보호를 지원하는 공개키 인프라구조 기반 서명 및 검증 시스템과 방법
KR102197218B1 (ko) * 2019-07-31 2021-01-04 주식회사 티이이웨어 분산 id와 fido 기반의 블록체인 신분증을 제공하는 시스템 및 방법
KR102302097B1 (ko) * 2021-01-06 2021-09-15 이화여자대학교 산학협력단 블록체인 기반 법인did 서비스 제공 시스템 및 방법

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102166233B1 (ko) * 2018-10-11 2020-10-15 주식회사 디지털존 블록체인 기술을 이용한 전자문서 발급 시스템 및 그것의 제어 방법
KR102197218B1 (ko) * 2019-07-31 2021-01-04 주식회사 티이이웨어 분산 id와 fido 기반의 블록체인 신분증을 제공하는 시스템 및 방법
KR102131206B1 (ko) * 2019-08-30 2020-08-05 비씨카드(주) 법인 관련 서비스 제공 방법, 이를 지원하는 방법, 이를 수행하는 서비스 서버 및 인증 서버
KR102139645B1 (ko) * 2020-04-13 2020-07-30 주식회사 한국정보보호경영연구소 블록체인 기반의 신원증명 시스템 및 그 구동방법
KR102173426B1 (ko) * 2020-07-08 2020-11-03 주식회사 아이오트러스트 Did 환경의 프라이버시 보호를 지원하는 공개키 인프라구조 기반 서명 및 검증 시스템과 방법
KR102302097B1 (ko) * 2021-01-06 2021-09-15 이화여자대학교 산학협력단 블록체인 기반 법인did 서비스 제공 시스템 및 방법

Also Published As

Publication number Publication date
KR102302097B1 (ko) 2021-09-15

Similar Documents

Publication Publication Date Title
WO2020192743A1 (fr) Procédé de gestion d'autorisation, procédé de validation d'autorisation et appareils associés
WO2018124857A1 (fr) Procédé et terminal d'authentification sur la base d'une base de données de chaînes de blocs d'un utilisateur sans face-à-face au moyen d'un id mobile, et serveur utilisant le procédé et le terminal
Brodersen et al. Blockchain: securing a new health interoperability experience
WO2018070848A1 (fr) Procédé pour assurer un service de certificats basé sur des contrats intelligents, et serveur l'employant
WO2018151427A1 (fr) Procédé de remplacement d'ouverture de session d'utilisateur par l'intermédiaire d'une authentification basée sur pki à l'aide de contrat intelligent et de base de données de chaîne de blocs, et serveur l'utilisant
WO2022149816A1 (fr) Système et procédé pour fournir un service général did basé sur une chaîne de blocs
JP5869052B2 (ja) データセンタへのプラットフォームの内包検証
US7953977B2 (en) Security and ticketing system control and management
US9769137B2 (en) Extensible mechanism for securing objects using claims
WO2020073513A1 (fr) Procédé d'authentification d'utilisateur fondé sur une chaîne de blocs et dispositif terminal
US20240143843A1 (en) Method and Device for Implementing Identity Endorsement On Blockchain
CN116132063A (zh) 安全令牌分发
CN109150547B (zh) 一种基于区块链的数字资产实名登记的系统和方法
US11526955B2 (en) Protocol-based system and method for establishing a multi-party contract
CN115176247A (zh) 使用成对的去中心化标识符的委托
KR20230046291A (ko) 연맹 권한 및 계층적 키 관리를 위한 방법, 장치 및 컴퓨터 판독 가능 매체
CN112968779B (zh) 一种安全认证与授权控制方法、控制系统、程序存储介质
WO2020122095A1 (fr) Procédé de commande, serveur, programme, et structure de données
WO2019225850A1 (fr) Procédé et appareil de traitement d'informations de certificat
CN115022039B (zh) 信息处理方法、装置、设备和存储介质
US20230088787A1 (en) User information management system, user information management method, user agent and program
WO2022107949A1 (fr) Modèle de service de liaison et de stockage d'id numérique
JP2002007344A (ja) 複数のサービスのための認証システムおよび方法
JP3996022B2 (ja) 複数サービス利用者に対するicカードサービス利用許可方法及びシステム
Hariharasudan et al. A Review on Blockchain Based Identity Management System

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22736793

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 23.11.2023)