Disclosure of Invention
The technical problem to be solved by the present disclosure is to provide a family relationship proof service providing method based on a Decentralised Identifier (DID) and an apparatus for implementing the method, which can query financial information of children only by a parent to log in a platform for providing financial information service.
Another technical object to be solved by the present disclosure is to provide a Decentralised Identifier (DID) -based familial relationship-proving service providing method based on a Decentralised Identifier (DID) for proving a convenient authentication function of a legal agent relationship between a parent and a child without performing a separate authentication step for the child in a platform for providing a financial information service, and an apparatus for implementing the method.
Yet another technical object to be solved by the present disclosure is to provide a decorrelation identification service providing method based on a Decorrelation Identifier (DID) that can provide a service for identifying a family relation between a parent and a child without revealing information related to the family relation using a Decorrelation Identifier (DID) technology in a platform for providing a financial information service, and an apparatus for implementing the method.
The technical matters of the present disclosure are not limited to the technical matters mentioned in the foregoing, and other technical matters not mentioned will be further clearly understood by those of ordinary skill in the technical field of the present disclosure from the following description.
In order to solve the technical problems as described above, a family relationship proving service providing method based on a Decentralised Identifier (DID) performed by a computing device according to an embodiment of the present disclosure includes: extracting family relationship information of a user using a certificate certifying a relationship between the user and at least one child of the user, wherein the certificate is a certificate issued by a system of an external institution; a step of generating verifiable credentials (VC: verifiable Credential) containing the extracted family relationship information; and a step of transmitting the generated Verifiable Credential (VC) to the user's terminal and storing in the user's electronic wallet.
As an embodiment, the step of extracting family relationship information of the user may include: a step of transmitting a request for issuing a certificate for proving a family relationship of the user to a system of the external institution; a step of receiving the certificate from a system of the external institution according to the issuing request; a step of screening information for proving that the user is a legal agent of the at least one child from information contained in the received certificate; and generating the family relation information including the screened information.
As an embodiment, the step of generating the Verifiable Credential (VC) may include: a step of issuing the Verifiable Credential (VC) containing the family relationship information using a de-centralized identifier (DID: decentralized identifiers) technique; and a step of storing validity information of the issued Verifiable Credential (VC) into a decentralized data repository.
As an embodiment, the step of storing validity information of the issued Verifiable Credential (VC) into a decentralized data repository may include: a step of storing the validity information, which can be used to identify whether the Verifiable Credential (VC) is counterfeit or not, into a blockchain network.
As an embodiment, the step of transmitting the generated Verifiable Credential (VC) to the user's terminal and storing in the user's electronic wallet may include: and transmitting the certificate to the terminal of the user and storing the certificate in an electronic wallet of the user.
As an example, the Verifiable Credential (VC) may contain information related to the issuing entity, signature information using a personal key (PRIVATE KEY), and the family relationship information.
As an example, information related to a public key (public key) of the personal key pair may be stored in a decentralized data repository.
In order to solve the technical problems as described above, a family relationship proving method based on a Decentralised Identifier (DID) performed with a user terminal according to an embodiment of the present disclosure includes: a step of storing a verifiable credential (VC: verifiable Credential) containing family relationship information into a user's electronic wallet, wherein the Verifiable Credential (VC) is received from a server, and upon receiving a relationship verification request between the user and at least one child of the user from a system of a financial institution, generating a verifiable expression (VP: verifiable Presentation) corresponding to the relationship verification request using the Verifiable Credential (VC); and a step of transmitting the verifiable representation (VP) into a server of the financial institution.
As an embodiment, the step of storing the Verifiable Credential (VC) in the user's e-wallet may include: requesting issuing the Verifiable Credential (VC) to the server for proving a family relationship between the user and the at least one child; a step of receiving the Verifiable Certificate (VC) and a certificate corresponding to the verifiable expression from the server according to the issuing request; and a step of storing the Verifiable Credential (VC) and the certificate in the user's electronic wallet.
As an embodiment, the step of generating the verifiable representation (VP) may comprise: screening out information corresponding to the relationship proof request from information contained in the Verifiable Credential (VC) stored in the electronic wallet after the user's principal authentication is completed; and a step of issuing said verifiable representation (VP) comprising said screened information.
As an embodiment, it may further include: a step of receiving financial information of the at least one child from the system of the financial institution after verification with the verifiable representation (VP) is completed in the system of the financial institution.
As an embodiment, the step of receiving financial information of at least one child; may include: a step of verifying the verifiable representation (VP) in a system of the financial institution using validity information of the Verifiable Credential (VC), wherein the validity information is stored into a decentralized data repository by the server; and a step of requesting, from the system of the financial institution, a service for querying financial information of the at least one child after verification of the verifiable expression (VP) is completed.
To solve the technical problems described above, a computing device according to an embodiment of the present disclosure includes: more than one processor; a communication interface for communicating with an external device; a memory for loading (load) a computer program executed by the processor; and a storage means for storing the computer program; the computer program comprises instructions (instructions) for performing the following actions: extracting family relationship information of a user using a certificate certifying a relationship between the user and at least one child of the user, wherein the certificate is an action of a certificate issued by a system of an external institution; an act of generating a verifiable credential (VC: verifiable Credential) containing the extracted family relationship information; and an act of transmitting the generated Verifiable Credential (VC) to the user's terminal and storing in the user's electronic wallet.
As an embodiment, the act of extracting family relationship information of the user may include: an act of transmitting a request for issuing a certificate for proving a family relationship of the user to a system of the external institution; an act of receiving the certificate from a system of the external institution in accordance with the issue request; an act of screening information contained in the received certificate for information proving that the user is a legal agent for the at least one child; and an act of generating the family relationship information comprising the filtered information.
As an embodiment, the act of generating the Verifiable Credential (VC) may include: an act of issuing the Verifiable Credential (VC) containing the family relationship information using a de-centralized identifier (DID: decentralized identifiers) technique; and an act of storing validity information of the issued Verifiable Credential (VC) into a decentralized data store.
Detailed Description
Next, preferred embodiments of the present disclosure will be described in detail with reference to the accompanying drawings. The advantages and features of the present disclosure and methods of attaining them will become more apparent in the following description of exemplary embodiments taken in conjunction with the accompanying drawings. The technical ideas of the present disclosure are not limited to the following embodiments, but may be implemented in various different forms, and the following embodiments are merely to more fully describe the technical ideas of the present disclosure and to more fully describe the scope of the present disclosure to those having ordinary skill in the art to which the present disclosure pertains, and the technical ideas of the present disclosure should be defined only by the scope of the claims.
Note that, in assigning reference numerals to constituent elements in the respective drawings, the same reference numerals are assigned as much as possible to the same constituent elements even though they are shown in different drawings. In addition, in the course of explaining the present disclosure, when it is determined that a specific explanation of a related known constitution or function may cause the gist of the present disclosure to become unclear, a detailed explanation related thereto will be omitted.
Unless defined otherwise, all terms (including technical and scientific terms) used in this specification have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs. Furthermore, unless explicitly defined otherwise, commonly used terms that have been defined in a dictionary should not be interpreted as having an excessively idealized or exaggerated meaning. The terminology used in the description presented herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. In this specification, unless explicitly mentioned otherwise, singular-type statements also include plural-type meanings.
In addition, in describing the constituent elements of the present disclosure, terms such as first, second, A, B, (a) and (b) may be used. The terms described above are used only to distinguish the components from other components, and the nature or order or sequence of the corresponding components is not limited by the terms. When a component is described as being "connected", "joined" or "connected" to another component, the component may be directly connected or connected to the other component, but it is understood that there may be other components "connected", "joined" or "connected" between the respective components.
The use of "comprising" and/or "including" in this specification does not exclude the presence or addition of one or more other elements, steps, acts and/or components than those mentioned.
Next, several embodiments of the present disclosure will be described in detail with reference to the accompanying drawings.
Fig. 1 is a schematic diagram illustrating a system configuration for providing a Decentralised Identifier (DID) -based familial relationship demonstration service according to an embodiment of the present disclosure. Referring to fig. 1, a system according to an embodiment of the present disclosure may include a computing device 1, a user terminal 10, and a distributed data store 3. The computing device 1 is connected to the user terminal 10 and the external institution system 2 via a network, and the user terminal 10 is connected to the financial institution system 4 via a network.
The external institution system 2 may be a system in which a certificate issuing service is provided by a public institution in order to confirm a family relationship between a person and at least one child. Further, the financial institution system 4 may be a system that provides financial transaction services such as registering financial goods and inquiring transaction details of registered financial goods, such as a bank, a securities company, a credit card company, and an insurance company.
The computing device 1 may be a platform server that provides financial information services to users through an internet website or mobile application. Among them, the financial information service may include an authentication service for proving a family relationship between a user and a child based on a decentralised identifier (DID, decentralized identifiers) technique in order for the user of the user terminal 10 to inquire about financial information of the child.
The user terminal 10 is a terminal of a user using the financial information service provided by the computing device 1, and may be any one of a mobile computing device such as a smart phone, a tablet computer, a notebook computer, and a palm computer, and a stationary computing device such as a personal desktop computer.
The computing device 1 may request a certificate for proving the relationship between the user and at least one child of the user from the external institution system 2 and receive the certificate in the form of a digital file when the user logs in through the user terminal 10. At this time, the certificate may be given different names and different styles according to different countries, for example, korean may be issued by the administrative department of security court family relationship verification system with the names of "family relationship certificate" (based on parents) and "basic certificate" (based on children).
The computing device 1 may extract family relationship information of the user using the certificate received from the external institution system 2 and generate a verifiable credential (VC: verifiable Credential) containing the extracted family relationship information.
The computing device 1 may transmit the generated Verifiable Credential (VC) and the received certificate to the user terminal 10, and the user terminal 10 may store the received Verifiable Credential (VC) and the certificate in the user's electronic wallet. Furthermore, the computing device 1 can verify whether the certificate is falsified or not by storing validity information of the Verifiable Certificate (VC) into the distributed data store 3. At this time, the validity information may be a hash value (hash value) of the Verifiable Credential (VC). The distributed data store 3 may be implemented using a blockchain network.
The user terminal 10 may generate a verifiable expression (VP: verifiable Presentation) corresponding to a relationship proof request by using a Verifiable Credential (VC) transmitted from the computing device 1 and stored in the user's electronic wallet when receiving the relationship proof request between the user and at least one child from the financial institution system 4 in the process of querying financial information of at least one child of the user.
The user terminal 10 may transmit a verifiable expression (VP) to the financial institution system 4, and the financial institution system 4 may read a certificate certifying the family relationship using the verifiable expression (VP) to confirm whether the user is a legal agent or an parent of at least one child.
Thereby, the financial institution system 4 can provide financial information related to the individual children of the user to the user terminal 10.
In addition, in order to open a child's bank account and query the child's financial information, different countries require that the child ages of legal agents that prove parents to be children may not be the same. For example, korean countries require provision of family relation certificates of legal agents when inquiring about financial information of children less than 14 years old.
With the system configuration of the present disclosure as described above, in the platform for providing financial information service, a convenient authentication function for proving that parents are legal agents of children can be provided, so that only the parents need to log in to inquire about financial information of children. In addition, a service for proving a family relationship between parents and children can be provided using a Decentralization Identifier (DID) technique without revealing family relationship-related information.
Fig. 2 is a sequence diagram for explaining a family relationship certification service providing method based on a Decentralised Identifier (DID) performed by a computing device according to an embodiment of the present disclosure.
The Decentralised Identifier (DID) -based family relationship attestation service providing method according to an embodiment of the present disclosure may be performed using a computing device 1 as described in fig. 1. The computing device 1 for performing the method according to the present embodiment may be a computing system 100 as shown in fig. 6. The computing device 1 may be a device such as a Personal Computer (PC) and a server that can execute a computing function and an application development function.
It should be noted that the description about the execution subject of a part of actions included in the method according to the embodiment of the present disclosure may be omitted, and in the case described above, the subject thereof is the computing device 1.
By the embodiments of the present disclosure described in the following, an authentication function for proving family relationship information required when a user inquires about financial information of a child can be provided.
First, in operation S10, the computing device 1 extracts family relationship information of the user using a certificate for proving a relationship between the user and at least one child of the user. At this time, the certificate may be issued by the external institution system 2.
As an example, referring to fig. 3, when the user of the user terminal 10 logs on the platform provided by the computing device 1 in act S11, the computing device 1 may request issuing a certificate for proving the family relationship between the user and at least one child of the user from the external institution system 2 in act S12.
Thereby, in act S13, the computing device 1 can receive the certificate issued by the external institution system 2 according to the issue request, and in act S14, can screen out information for proving that the user is a legal agent of at least one child from the certificate, and generate family relation information containing the screened information.
Next, in act S20, computing device 1 may generate a verifiable credential (VC: verifiable Credential) containing the family relationship information extracted in act S10.
As an example of fig. 3, in act S21, the computing device 1 may capture (scraping) the content of the certificate issued for confirming the relationship between the user and at least one child and generate family relationship information, and issue a Verifiable Credential (VC) containing the family relationship information using a decentralised identifier (DID: decentralized identifiers) technique. At this time, the Verifiable Credential (VC) may include family relationship information and information related to the issuing entity, signature information using a personal key (PRIVATE KEY), and the like.
Further, in act S22, the computing device 1 may store validity information of the Verifiable Credential (VC) into the decentralized data repository 3 in order to identify whether the certificate corresponding to the issued Verifiable Credential (VC) is falsified or not. At this time, the validity information may contain information related to a public key (public key) of a personal key pair contained in the Verifiable Credential (VC).
Next, in act S30, the computing device 1 may transmit the Verifiable Credential (VC) generated in act S20 to the user terminal. At this time, the computer 1 transmits the Verifiable Certificate (VC) and the certificate corresponding thereto to the user terminal 10.
As an example, referring back to fig. 3, when the computing device 1 transmits the Verifiable Credential (VC) and the certificate to the user terminal 10 in act S31, the user terminal 10 may store the received Verifiable Credential (VC) and the certificate in the user' S electronic wallet in act S32.
Thereby, when the user of the user terminal 10 needs to inquire about the financial information of the child, the Verifiable Certificate (VC) stored in the electronic wallet can be provided into the financial institution system 4 as a means for proving the family relationship between the user and the child.
As described above, by the method according to the embodiment of the present disclosure, in the platform providing the financial information service, only the parents need to log in to inquire about the financial information of the children. In addition, a service for proving a family relationship between parents and children can be provided using a Decentralization Identifier (DID) technique without revealing family relationship-related information.
Fig. 4 is a sequence diagram for explaining a family relationship proving method based on a Decentralised Identifier (DID) performed with a user terminal according to another embodiment of the present disclosure.
The Decentralised Identifier (DID) -based family relationship verification method according to embodiments of the present disclosure may be performed with the user terminal 10 as described in fig. 1. The user terminal 10 for performing the method according to the present embodiment may be a computing system 100 as shown in fig. 6. The user terminal 10 may be any one of a mobile computing device such as a smart phone, a tablet computer, a notebook computer, and a palm computer, and a stationary computing device such as a personal desktop computer.
It should be noted that the description about the execution subject of a part of the actions included in the method according to the embodiment of the present disclosure may be omitted, and in the case described above, the subject thereof is the user terminal 10.
By embodiments of the present disclosure described in the following, verifiable Vouchers (VCs) and certificates received from a platform server providing financial information services and stored in an electronic wallet can be utilized to prove that a parent is a legal agent for a child without having to perform a separate authentication step in connection with the child when querying the child's financial information through a financial institution system.
First, in act S100, the user terminal 10 stores a Verifiable Credential (VC) containing family relationship information into an electronic wallet. At this point, the Verifiable Credential (VC) may be received from computing device 1 as shown in fig. 1. At this time, the computing device 1 may be a platform server that provides financial information services including a family relationship proof service.
As an example, referring to fig. 5, in act S110, the user terminal 10 may request to issue a Verifiable Credential (VC) containing family relationship information from the computing device 1 after logging into a platform provided by the computing device 1. Thereby, in act S120, the user terminal 10 may receive the Verifiable Credential (VC) as well as the certificate from the computing device 1. At this time, the Verifiable Certificate (VC) is generated in the computing device 1, and may include family relationship information extracted from the content of the certificate issued by the external institution system 2. In addition, the Verifiable Credential (VC) may contain familial relationship information, information related to the issuing entity, signature information using a personal key (PRIVATE KEY), and the like.
In act S130, the user terminal 10 may store the Verifiable Credential (VC) received from the computing device 1, as well as the certificate, in the user' S electronic wallet. Whereby the user can be authenticated as a legal agent for the child using Verifiable Credentials (VC) stored in the electronic wallet.
Next, in act S200, upon the user terminal 10 receiving a relationship verification request between the user and the child from the financial institution system 4 as shown in fig. 1, a verifiable expression (VP: verifiable Presentation) corresponding to the relationship verification request may be generated using a Verifiable Credential (VC) stored in the electronic wallet.
As an example, referring to fig. 5, in act S210, the user terminal 10 may receive a relationship verification request for confirming a family relationship between the user and at least one child from the financial institution system 4. At this time, in operation S220, the user terminal 10 may perform the authentication of the user 'S own, and after the authentication of the user' S own is normally completed, screen out information corresponding to the relationship verification request from information contained in the Verifiable Certificate (VC) stored in the electronic wallet, and issue a verifiable expression (VP) containing the screened information.
Next, in act S300, the user terminal 10 may transmit the verifiable expression (VP) generated in act S200 to the financial institution system.
As an example, referring back to fig. 5, after the user terminal 10 transmits the verifiable expression (VP) to the financial institution system 4 in act S310, the financial institution system 4 may perform verification of the verifiable expression (VP) using the validity information of the Verifiable Credential (VC) stored in the distributed data store 3 in act S410. At this time, the validity information of the Verifiable Credential (VC) may contain information related to a public key (public key) paired with a personal key contained in the Verifiable Credential (VC) stored in the user's electronic wallet.
Thereby, in act S420, the financial institution system 4 may perform verification on the verifiable expression (VP) received from the user terminal 10. For example, the financial institution system 4 may perform a process of decrypting a verifiable expression (VP) signed by a personal key stored in the electronic wallet of the user terminal 10 using a public key contained in the validity information stored in the distributed data storage 3. Thereby, the financial institution system 4 can confirm whether the verifiable expression (VP) is issued by the user terminal 10, and confirm whether the user is a legal agent of at least one child using information contained in the verifiable expression (VP). At this time, when the verification of the verifiable expression (VP) is completed, the certificate stored in the electronic wallet of the user terminal 10 may also be transferred to the financial institution system 4.
Through the authentication process as described above, the financial institution system 4 may provide financial information of the child to the user terminal 10 in step S430.
As described above, with the method according to the embodiment of the present disclosure, when a user inquires about financial information of children, authentication steps for the respective children need not be performed, and only personal authentication is required to prove a legal agent for the children. Therefore, the financial information of children dispersed in a plurality of financial institutions can be conveniently inquired without complicated steps.
FIG. 6 is a hardware architecture diagram of an exemplary computing system in which methods according to several embodiments of the invention may be implemented. As shown in fig. 6, computing system 100 may include more than one processor 101, a bus 107, a network interface 102, a memory 103 for loading (loading) a computer program 105 executed by processor 101, and a storage 104 for storing computer program 105. However, fig. 6 illustrates only the components related to the embodiment of the present invention. Accordingly, it should be understood by those skilled in the art that other general-purpose components may be included in addition to the components illustrated in fig. 6.
The processor 101 is configured to control overall operation of the various components of the computing system 100. The processor 101 may comprise at least one of a central processing unit (CPU, central Processing Unit), a microprocessor unit (Micro Processor Unit), a micro controller unit (MCU, micro Controller Unit), a graphics processing unit (GPU, graphic Processing Unit) or any form of processor known in the art of the present invention. Further, the processor 101 may perform calculations related to at least one application or program for performing the methods/acts in accordance with various embodiments of the present invention. Computing system 100 may be equipped with more than one processor.
The memory 103 is used to store various data, instructions, and/or information. Memory 103 may be loaded (loaded) with one or more programs 105 from storage 104 in order to perform methods/acts in accordance with various embodiments of the present invention. For example, when the computer program 105 is loaded into the memory 103, logic (or modules) may be implemented on the memory 103. As an example of the memory 103, a Random Access Memory (RAM) may be used, but is not limited thereto.
Bus 107 provides communication functionality between the constituent elements of computing system 100. The Bus 107 may be implemented by various types of buses such as an Address Bus (Address Bus), a Data Bus (Data Bus), and a Control Bus (Control Bus).
The network interface 102 supports wired and wireless internet communications for the computing system 100. The network interface 102 may also support a variety of communication modes other than internet communication. To this end, the network interface 102 may comprise a communication module well known in the art of the present invention.
The storage 104 may permanently store one or more computer programs 105. The storage device 104 may include a nonvolatile memory such as a flash memory, a hard disk, a removable magnetic disk, or any form of computer readable storage medium known in the art to which the invention pertains.
The computer program 105 may include one or more instructions (instructions) for implementing the methods/acts in accordance with various embodiments of the invention. When computer program 105 is loaded into memory 103, processor 101 may perform methods/acts in accordance with various embodiments of the invention by executing the one or more instructions.
As an embodiment, the computer program 105 may include instructions (instructions) for performing the following actions: extracting family relationship information of a user using a certificate certifying a relationship between the user and at least one child of the user, wherein the certificate is an action of a certificate issued by a system of an external institution; an act of generating a verifiable credential (VC: verifiable Credential) containing the extracted family relationship information; and an act of transmitting the generated Verifiable Credential (VC) to the user's terminal and storing in the user's electronic wallet.
As another example, computer program 105 may include instructions (instructions) for performing the following actions: storing a verifiable credential (VC: verifiable Credential) containing familial relationship information into the user's electronic wallet, wherein the Verifiable Credential (VC) is a step of being received from a server; an act of generating a verifiable expression (VP: verifiable Presentation) corresponding to a request for relationship attestation using the Verifiable Credential (VC) upon receipt of the request for relationship attestation between the user and at least one child of the user from a system of a financial institution; and an act of transmitting the verifiable representation (VP) to a server of the financial institution.
In the above, various embodiments of the present invention and effects of the embodiments are described with reference to fig. 1 to 6. The effects of the technical ideas according to the present invention are not limited to the effects mentioned in the above, and other effects not mentioned will be further clearly understood by the ordinary skilled person through the following description.
The technical idea of the present invention described in the above can be implemented by computer-readable codes in a computer-readable medium. The computer readable storage medium may be, for example, a removable storage medium (compact disc (CD), digital Versatile Disc (DVD), blu-ray disc, universal Serial Bus (USB) device, and removable hard disk) or a fixed storage medium (read only memory (ROM), random Access Memory (RAM), and a built-in hard disk of a computer). The computer program recorded in the computer-readable storage medium may be transmitted to and installed in other computing devices through a network such as the internet, so as to be used in the other computing devices.
In the above, although the description has been made in terms of combining all the constituent elements constituting the embodiment of the present invention into one or a combination operation, the technical idea of the present invention is not limited to the embodiment described above. That is, all the components may be selectively combined into one or more actions within the object of the present invention.
Although the acts are illustrated in the figures as a particular sequence, the acts are not necessarily performed in the particular sequence or order illustrated, and not all illustrated acts may be required to achieve the desired results. In certain situations, multitasking or parallel processing may be more advantageous. In particular, the separation of the various components of the embodiments described in the foregoing should not be understood as requiring separation in the manner described, and it should be understood that the described program components and systems can be integrated into a single software product in general or packaged into multiple software products.
While the embodiments of the present invention have been described above with reference to the drawings, those skilled in the art to which the present invention pertains will appreciate that the present invention may be embodied in other specific forms without changing the technical spirit or essential features thereof. The embodiments described in the foregoing are, therefore, to be considered in all respects only as illustrative and not restrictive. The scope of the present invention should be construed by the appended claims, and all technical ideas within the equivalent scope thereof should be construed to be included in the scope of the technical ideas defined by the present invention.