KR20230112215A - Server and method for proving electronic dodument management and provision service for certifying the corporation - Google Patents

Abstract

A server and method for providing electronic document management and provision services for corporate authentication are provided. The method of providing electronic document management and provision services for corporate authentication according to various embodiments of the present invention is a method performed by a computing device. The method includes the steps of: storing an electronic document containing electronic signature information of a corporation and electronic signature information of a user authorized by the corporation; and, based on the result of performing personal authentication on the user to be authenticated, providing an electronic document including electronic signature information of a corporation which has delegated authority to the user to be authenticated among the stored electronic documents.

Description

Electronic document management and provision service provision server and method for corporate certification

Various embodiments of the present invention relate to an electronic document management and providing service providing server and method for corporate authentication.

A joint certificate (public certificate) is a kind of digital identification (certificate) and digital seal proof created by adding owner information to a public key (electronic signature verification information) required for verification of an electronic signature.

Joint certificates are written for Unix-based servers, including tools such as OpenSSL's ssl-ca or SUSE Linux's gensslcert. In non-face-to-face online e-commerce, a digital signature is required for contract writing and identity verification with the other party, and at the same time, the identity of the person who created the electronic signature is verified with a public certificate.

Such a joint certificate has the form of being issued and used by a certified certification authority designated in accordance with the provisions of Article 4 of the Digital Signature Act. More specifically, designated accredited certification authorities standardize and provide standards for mutual interworking for certificate validity verification from the user's screen interface. Therefore, certificates issued by a designated accredited certification authority are not serviced through different interworking specifications, but it is sufficient to comply with one standardized interworking standard.

Conventionally, only accredited certificates issued by six nationally recognized accredited certification authorities were recognized for self-certification or contracts, but to remove these restrictions, the term was changed to a joint certificate, and various private certificates (e.g. Kakao certificate, Naver certificate, Pass certificate, etc.) have been improved to be used.

On the other hand, such a private certificate can still only be issued to individuals, and corporations cannot issue a relatively simplified private certificate, and there is a limitation that only a joint certificate can still be issued.

Accordingly, there is a problem in that a corporation cannot use various convenience services that can be provided by performing private authentication through a private certificate, and must perform corporate tasks individually only with a joint certificate.

In addition, in the case of a corporation, there is a practical difficulty in that a number of tasks must be processed with only one joint certificate because the work must be performed using only one joint certificate.

Korean Patent Publication No. 10-2016-0025534 (2016.03.08)

An object to be solved by the present invention is to generate an electronic document including an electronic signature generated by performing corporate authentication for a corporation through a joint certificate of the corporation and an electronic signature generated by performing personal authentication through a personal certificate of a user to whom authority is delegated from the corporation, that is, by generating an electronic document as an electronic seal and providing the electronic document as necessary, a platform can be built that can replace the joint certificate of a corporation by using the electronic document and the personal certificate of a user delegated authority from the corporation (e.g., a user's joint certificate or private certificate), Through this, an electronic document management and provision service providing server and method for corporate authentication capable of creating an environment in which corporate business can be performed using a user's personal certificate is provided.

The problems to be solved by the present invention are not limited to the problems mentioned above, and other problems not mentioned will be clearly understood by those skilled in the art from the description below.

In order to solve the above problems, a method for managing and providing services for corporations according to an embodiment of the present invention is a method performed by a computing device, which may include storing an electronic document including digital signature information of a corporation and digital signature information of a user authorized by the corporation, and providing an electronic document including electronic signature information of a corporation that has delegated authority to the person to be authenticated from among the stored electronic documents based on a result of performing personal authentication for the person to be authenticated.

In various embodiments, the storing of the electronic document may include generating joint certificate signature information of the first corporation by performing corporate authentication of the first corporation through a joint certificate of the first corporation, generating personal certificate signature information of the first user by performing personal authentication of the first user through a personal certificate of the first user to whom authority is delegated from the first corporation, and matching the generated joint certificate signature information of the first corporation with the generated personal certificate signature information of the first user to obtain the first electronic document. It may include creating and storing steps.

In various embodiments, the providing of the electronic document may include obtaining, from an authentication requester, a corporate authentication request including personal certificate signature information of the authentication target, which is generated as a result of performing personal authentication on the authentication target, and providing the electronic document including the authentication target's personal certificate signature information among the stored electronic documents to the authentication requester in response to the corporate authentication request.

In various embodiments, the step of storing the electronic document may further include, in response to providing the electronic document including the personal certificate signature information of the authentication subject to the authentication requester, matching and recording a history of performing personal authentication on the authentication subject with the electronic document including the personal certificate signature information of the certification subject.

In various embodiments, the method may further include receiving a request from an authentication requester to verify whether the authentication target is a person to whom authority has been delegated from a specific corporation, in response to the verification request, selecting an electronic document including personal certificate signature information of the authentication target from among the stored electronic documents, and determining whether the authentication target is a person to whom authority is delegated from the specific corporation based on joint certificate signature information of the corporation included in the selected electronic document.

In various embodiments, the stored electronic document includes constraint information, wherein the constraint information includes user information, the number of possible authentications, an authentication purpose, and an authentication validity period, and providing the electronic document may include determining whether or not to provide the electronic document including digital signature information of a corporation that has delegated authority to the person to be authenticated based on the constraint information.

In various embodiments, the storing of the electronic document may include requesting renewal of the stored electronic document when the number of possible authentication is less than or equal to a predetermined number or the valid period of authentication is less than or equal to a predetermined period based on constraint condition information of the stored electronic document, and automatically discarding the stored electronic document when the number of possible times of authentication becomes 0 or the valid period of authentication expires.

In various embodiments, the step of storing the electronic document may include issuing document identification information for at least one electronic document among the stored electronic documents, wherein the document identification information includes at least one of a unique identification number, a barcode, and a QR code, wherein at least one electronic document to which the document identification information is issued is determined according to a storage method of the electronic document, and recording and storing the issued document identification information on the at least one electronic document.

In various embodiments, the method may further include receiving a request for verification of the first electronic document from an authentication requester, and determining authenticity of the first electronic document by using document identification information included in the first electronic document in response to receiving the request for verification of the first electronic document.

An electronic document management and provision service providing server for corporate authentication according to another embodiment of the present invention for solving the above problems includes a processor, a network interface, a memory, and a computer program loaded into the memory and executed by the processor, wherein the computer program includes an instruction for storing an electronic document including electronic signature information of a corporation and electronic signature information of a user authorized by the corporation, and a result of performing personal authentication for the authentication target person, giving authority to the person to be authenticated among the stored electronic documents. It may include an instruction for providing an electronic document including electronic signature information of a corporation entrusted with.

Other specific details of the invention are included in the detailed description and drawings.

According to various embodiments of the present invention, by generating an electronic document including an electronic signature generated by performing corporate authentication on a corporation through a joint certificate of the corporation and an electronic signature generated by performing personal authentication through a personal certificate of a user to whom authority is delegated from the corporation, that is, by generating an electronic document as an electronic seal and providing the electronic document as necessary, a platform can be built that can replace the joint certificate of the corporation by using the personal certificate of the user delegated authority from the corporation and the electronic document. There is an advantage in that it is possible to create an environment in which corporate business can be performed by using a joint certificate or a private certificate).

The effects of the present invention are not limited to the effects mentioned above, and other effects not mentioned will be clearly understood by those skilled in the art from the description below.

1 is a diagram illustrating an electronic document management and provision service providing system for corporate authentication according to an embodiment of the present invention.
2 is a hardware configuration diagram of an electronic document management and providing service providing server for corporate authentication according to another embodiment of the present invention.
3 is a flowchart of a method for managing electronic documents and providing services for corporate authentication according to another embodiment of the present invention.
4 is a flowchart illustrating a method of generating and storing an electronic document, in various embodiments.
5 is a flowchart illustrating a method of verifying whether a person to be authenticated is a person to whom authority has been delegated from a specific corporation, in various embodiments.
6 is a flowchart illustrating a method of determining authenticity of a specific electronic document, in various embodiments.

Advantages and features of the present invention, and methods of achieving them, will become clear with reference to the detailed description of the following embodiments taken in conjunction with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but may be implemented in a variety of different forms, and only these embodiments are provided to complete the disclosure of the present invention and to fully inform those skilled in the art of the scope of the present invention to which the present invention belongs, and the present invention is only defined by the scope of the claims.

Terminology used herein is for describing the embodiments and is not intended to limit the present invention. In this specification, singular forms also include plural forms unless specifically stated otherwise in a phrase. As used herein, "comprises" and/or "comprising" does not exclude the presence or addition of one or more other elements other than the recited elements. Like reference numerals throughout the specification refer to like elements, and “and/or” includes each and every combination of one or more of the recited elements. Although "first", "second", etc. are used to describe various components, these components are not limited by these terms, of course. These terms are only used to distinguish one component from another. Accordingly, it goes without saying that the first element mentioned below may also be the second element within the technical spirit of the present invention.

Unless otherwise defined, all terms (including technical and scientific terms) used in this specification may be used with meanings commonly understood by those skilled in the art to which the present invention belongs. In addition, terms defined in commonly used dictionaries are not interpreted ideally or excessively unless explicitly specifically defined.

The term "unit" or "module" used in the specification means a hardware component such as software, FPGA or ASIC, and "unit" or "module" performs certain roles. However, "unit" or "module" is not meant to be limited to software or hardware. A “unit” or “module” may be configured to reside in an addressable storage medium and may be configured to reproduce one or more processors. Thus, as an example, “unit” or “module” includes software components, object-oriented software components, components such as class components and task components, processes, functions, properties, procedures, subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables. Functionality provided within components and “units” or “modules” may be combined into fewer components and “units” or “modules” or further separated into additional components and “units” or “modules”.

The spatially relative terms "below", "beneath", "lower", "above", "upper", etc. may be used to easily describe the relationship between one component and other components as shown in the figures. Spatially relative terms should be understood as including different orientations of elements in use or operation in addition to the orientations shown in the drawings. For example, when flipping components shown in the drawings, components described as “below” or “beneath” other components may be placed “above” the other components. Thus, the exemplary term “below” may include directions of both below and above. Components may also be oriented in other orientations, and thus spatially relative terms may be interpreted according to orientation.

In this specification, a computer means any kind of hardware device including at least one processor, and may be understood as encompassing a software configuration operating in a corresponding hardware device according to an embodiment. For example, a computer may be understood as including a smartphone, a tablet PC, a desktop computer, a laptop computer, and user clients and applications running on each device, but is not limited thereto.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

Although each step described in this specification is described as being performed by a computer, the subject of each step is not limited thereto, and at least a part of each step may be performed in different devices according to embodiments.

An electronic document management and provision service provision method for corporate authentication according to various embodiments of the present invention aims to create an electronic document that can serve as a user seal online and provide the electronic document as necessary, thereby constructing a platform that can replace the joint certificate of the corporation using the personal certificate of a user authorized by the corporation and the electronic document, thereby creating an environment in which corporate business can be performed using the user's personal certificate.

Offline, in general, all external documents issued by corporations are affixed with the seal of the corporation for the purpose of proving that they were issued by corporations. Here, the corporate seal is a unique seal representing the corporation, and each corporation is equipped with one corporate seal and used.

However, since only one corporate seal is used, it is difficult to seal all external documents or handle corporate affairs with only one corporate seal.

A used seal is a seal used in place of a corporate seal, and in order to prove that it is a substitute for a corporate seal, when a used seal is used, a seal of use must be submitted.

A registered seal is a document that proves that a specific personal seal replaces a corporate seal. It is a document that proves that a corporate seal and a seal to be used as a corporate seal are sealed together, and a seal certificate is attached, so that the used seal is a seal that has the same value as the corporate seal.

On the other hand, since it is impossible to directly seal with a corporate seal online, a corporation uses a certificate issued by a certification authority certified by the state for the purpose of proving its identity (e.g., a joint certificate). By performing corporate authentication, the digital signature is obtained.

At this time, in the case of an individual, as well as a joint certificate, a private certificate from a private certificate authority (e.g., a private certificate authority extracts connecting information (CI) from a mobile phone to confirm an individual's identity and uses it to confirm an individual's identity). However, in the case of a corporation, there is a problem in that a private certificate cannot be issued because it is impossible to extract the CI value from a mobile phone under the name of the corporation.

Accordingly, in the case of a corporation, a user (e.g., a representative of the corporation) who has been delegated authority from the corporation can directly visit an authorized certification authority and be assigned a virtual CI value face-to-face to obtain only a joint certificate. Since all online tasks of the corporation must be handled with only one joint certificate, it is difficult to smoothly process the electronic signature.

Therefore, the electronic document management and provision service provision method for corporate authentication according to various embodiments of the present invention creates an electronic document capable of serving as a user seal online, and personal authentication through the electronic document and the user's personal certificate creates an environment that replaces corporate authentication through a joint certificate of the corporation. Hereinafter, with reference to FIGS. 1 to 6, a method for managing electronic documents and providing services for corporate authentication according to various embodiments of the present invention will be described in more detail.

1 is a diagram illustrating an electronic document management and provision service providing system for corporate authentication according to an embodiment of the present invention.

Referring to FIG. 1, an electronic document management and provision service providing system for corporate authentication according to an embodiment of the present invention may include an electronic document management and provision service providing server 100 (hereinafter referred to as “server 100”), a user terminal 200, and an external server 300.

Here, the electronic document management and provision service provision system for corporate authentication shown in FIG. 1 is according to an embodiment, and its components are not limited to the embodiment shown in FIG. 1, and can be added, changed, or deleted as necessary.

In one embodiment, the server 100 may provide an electronic document management and provision service for corporate authentication. For example, the server 100 creates, stores, and manages an electronic document including electronic signature information of a specific corporation and electronic signature information of a user who has been delegated authority from the specific corporation, and serves as a user seal account as necessary. By providing an electronic document corresponding to the user's electronic signature information, the server 100 can assist the user to perform corporate authentication of the corporation using his or her personal certificate (e.g., joint certificate or private certificate).

In addition, the server 100 may determine whether a specific user is a person to whom authority has been delegated from a specific corporation by using the electronic document generated and stored as described above. However, the types of electronic document management and provision services for corporate authentication provided by the server 100 are not limited thereto.

In various embodiments, the server 100 may be connected to a user terminal 200 (eg, a terminal of an authentication requester or a terminal of an authentication subject) through the network 400, and may provide an electronic document management and provision service for corporate authentication, including a service for creating, storing, and managing an electronic document as a user seal and a service for performing corporate authentication using an electronic document. For example, the server 100 may provide an application providing electronic document management and provision services for corporate authentication to the user terminal 200, and the user may use various services provided by the server 100 as the user downloads, installs, and executes the application provided by the server 100 through the user terminal 200.

Here, the user terminal 200 includes an operating system (os) capable of driving applications, and in order to output a user interface (UI) (e.g., a graphical user interface (GUI)) output as the application is executed, at least a part of the user terminal 200 may be a smartphone (Smartphone) provided with a display, but the user terminal 200 is not limited thereto, and as a wireless communication device that ensures portability and mobility, navigation, PCS (Personal Communication System) ), GSM (Global System for Mobile communications), PDC (Personal Digital Cellular), PHS (Personal Handyphone System), PDA (Personal Digital Assistant), IMT (International Mobile Telecommunication)-2000, CDMA (Code Division Multiple Access)-2000, W-CDMA (W-Code Division Multiple Access), Wibro (Wireless Broadband Internet) terminal, smartpad, tablet PC (Tablet PC), etc. It may include a handheld-based wireless communication device of, but is not limited thereto.

Also, here, the network 400 may refer to a connection structure capable of exchanging information between nodes such as a plurality of terminals and servers. For example, the network 400 includes a local area network (LAN), a wide area network (WAN), a world wide web (WWW), a wired and wireless data communication network, a telephone network, and a wired and wireless television communication network.

In addition, here, the wireless data communication network includes 3G, 4G, 5G, 3rd Generation Partnership Project (3GPP), 5th Generation Partnership Project (5GPP), Long Term Evolution (LTE), World Interoperability for Microwave Access (WIMAX), Wi-Fi, Internet, Local Area Network (LAN), Wireless Local Area Network (LAN), Wide Area Network (WAN), Personal Area Network (PAN), Radio Frequency (RF), Bluetooth (Bluetooth) network, Near-Field Communication (NFC) network, satellite broadcasting network, analog broadcasting network, digital multimedia broadcasting (DMB) network, etc. are included, but are not limited thereto.

In one embodiment, the external server 300 may be connected to the server 100 through the network 400, and may store and manage various information and data (e.g., electronic documents) generated as the server 100 provides an electronic document management and provision service for corporate authentication, or store and manage various information and data necessary for the server 100 to provide an electronic document management and provision service for corporation authentication. For example, the external server 300 may be a storage server provided separately outside the server 100, but is not limited thereto. Hereinafter, with reference to FIG. 2, the hardware configuration of the server 100 that provides electronic document management and provision services for corporate authentication will be described.

2 is a hardware configuration diagram of an electronic document management and providing service providing server for corporate authentication according to another embodiment of the present invention.

Referring to FIG. 2 , in various embodiments, the server 100 may include one or more processors 110, a memory 120 that loads a computer program 151 executed by the processor 110, a bus 130, a communication interface 140, and a storage 150 that stores the computer program 151. Here, in FIG. 2, only components related to the embodiment of the present invention are shown. Therefore, those skilled in the art to which the present invention pertains can know that other general-purpose components may be further included in addition to the components shown in FIG. 2 .

The processor 110 controls the overall operation of each component of the server 100. The processor 110 may include a Central Processing Unit (CPU), a Micro Processor Unit (MPU), a Micro Controller Unit (MCU), a Graphic Processing Unit (GPU), or any type of processor well known in the art.

Also, the processor 110 may perform an operation for at least one application or program for executing a method according to embodiments of the present invention, and the server 100 may include one or more processors.

In various embodiments, the processor 110 may further include a RAM (Random Access Memory, not shown) and a ROM (ROM: Read-Only Memory, not shown) that temporarily and/or permanently store signals (or data) processed inside the processor 110. In addition, the processor 110 may be implemented in the form of a system on chip (SoC) including at least one of a graphics processing unit, RAM, and ROM.

Memory 120 stores various data, commands and/or information. Memory 120 may load computer program 151 from storage 150 to execute methods/operations according to various embodiments of the present invention. When the computer program 151 is loaded into the memory 120, the processor 110 may perform the method/operation by executing one or more instructions constituting the computer program 151. The memory 120 may be implemented as a volatile memory such as RAM, but the technical scope of the present disclosure is not limited thereto.

The bus 130 provides a communication function between components of the server 100 . The bus 130 may be implemented in various types of buses such as an address bus, a data bus, and a control bus.

The communication interface 140 supports wired and wireless Internet communication of the server 100 . Also, the communication interface 140 may support various communication methods other than internet communication. To this end, the communication interface 140 may include a communication module well known in the art. In some embodiments, communication interface 140 may be omitted.

The storage 150 may non-temporarily store the computer program 151 . When a process for managing electronic documents and providing services for corporate authentication is performed through the server 100, the storage 150 may store various types of information necessary to provide a process for managing electronic documents and providing services for corporate authentication.

The storage 150 may include a non-volatile memory such as read only memory (ROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), flash memory, etc., a hard disk, a removable disk, or any type of computer-readable recording medium well known in the art to which the present invention pertains.

Computer program 151 may include one or more instructions that when loaded into memory 120 cause processor 110 to perform methods/operations in accordance with various embodiments of the invention. That is, the processor 110 may perform the method/operation according to various embodiments of the present disclosure by executing the one or more instructions.

In one embodiment, the computer program 151 may include one or more instructions for performing an electronic document management and provision service providing method for corporate authentication, which includes storing an electronic document including electronic signature information of a corporation and electronic signature information of a user who has been authorized by the corporation, and providing an electronic document including electronic signature information of a corporation that has delegated authority to a person to be authenticated, based on a result of performing individual authentication for the person to be authenticated, among stored electronic documents.

Steps of a method or algorithm described in connection with an embodiment of the present invention may be implemented directly in hardware, implemented in a software module executed by hardware, or implemented by a combination thereof. A software module may reside in random access memory (RAM), read only memory (ROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), flash memory, a hard disk, a removable disk, a CD-ROM, or any other form of computer-readable recording medium well known in the art.

Components of the present invention may be implemented as a program (or application) to be executed in combination with a computer, which is hardware, and stored in a medium. Components of the present invention may be implemented as software programming or software elements, and similarly, an embodiment may be implemented in a programming or scripting language such as C, C++, Java, assembler, etc., including various algorithms implemented as data structures, processes, routines, or combinations of other programming constructs. Functional aspects may be implemented in an algorithm running on one or more processors. Hereinafter, with reference to FIGS. 3 to 6 , a method for managing electronic documents and providing services for corporate authentication provided by the server 100 will be described.

3 is a flowchart of a method for managing electronic documents and providing services for corporate authentication according to another embodiment of the present invention.

Referring to FIG. 3 , in step S110 , the server 100 may create and store an electronic document as an electronic personal seal that can be used online. For example, the server 100 may generate and store an electronic document including digital signature information of a corporation generated by performing corporate authentication for a specific corporation and electronic signature information of a user generated by performing personal authentication of a user delegated authority from a specific corporation. Hereinafter, a method of generating and storing an electronic document will be described in detail with reference to FIG. 4 .

4 is a flowchart illustrating a method of generating and storing an electronic document, in various embodiments.

Referring to FIG. 4 , in step S210 , the server 100 may generate joint certificate signature information for the first corporation by performing corporate authentication on the first corporation using the joint certificate of the first corporation.

Here, the server 100 may generate a private key corresponding to the first corporation according to a key generation algorithm and generate joint certificate signature information of the first corporation using the private key according to a signature generation algorithm. However, various techniques are known in relation to a method of generating joint certificate signature information of a corporation as corporate authentication is performed for a corporation using a joint certificate, and since these various known technologies can be selectively applied, the present specification does not specifically limit the method of generating joint certificate signature information of a corporation performed by the server 100.

In step S220, the server 100 may generate personal certificate signature information for the first user by performing personal authentication (private authentication) on the first user using the personal certificate (e.g., the user's joint certificate or private certificate) of the first user to whom authority is delegated from the first corporation.

Here, the server 100 may generate a private key corresponding to the first user according to a key generation algorithm and generate personal certificate signature information of the first user using the private key according to the key generation algorithm, similar to the method of generating the corporate joint certificate signature information. However, as the personal authentication of the user is performed using the personal certificate, the method of generating the user's personal certificate signature information may also selectively apply various known technologies as described above. In this specification, the user's personal certificate signature performed by the server 100 is performed. There is no specific limitation on how to generate the information.

In step S230, the server 100 may generate and store a first electronic document by using the joint certificate signature information of the first corporation generated through step S210 and the personal certificate signature information of the first user generated through step S220.

Here, the first electronic document may be created and stored in the form of a combination of the encrypted joint certificate signature information of the first legal entity and the encrypted personal certificate signature information of the first user, that is, in the form of encrypted data according to an encryption method (e.g., an asymmetric encryption method).

In various embodiments, the server 100 may issue document identification information for each of a plurality of electronic documents generated according to the above method. For example, in the process of generating and storing an electronic document, the server 100 may issue document identification information corresponding to the electronic document (eg, a unique identification number, barcode, QR code, etc.) corresponding to the electronic document, and may record and store the issued document identification information on the electronic document.

Here, the server 100 may issue document identification information for all electronic documents, but is not limited thereto, and may selectively issue document identification information only for electronic documents stored in a form that can be easily forged or altered among a plurality of electronic documents. That is, the server 100 may determine a target to which document identification information is to be issued based on the storage form of each of a plurality of electronic documents, and issue document identification information only for the electronic document corresponding to the determined target.

In general, when an electronic document is stored in an encrypted data form, no major problem occurs. However, when stored in a form such as a PDF document, there is a problem that the electronic document may be forged or altered and used by a user who is provided with the electronic document.

Considering this point, the server 100 issues document identification information for an electronic document generated and stored in the form of a PDF document, which is a form that can be relatively easily forged or altered, among a plurality of electronic documents, and records and stores the issued document identification information on the PDF document, thereby preventing forgery or alteration and verifying the forged or altered electronic document.

In various embodiments, the server 100 may set constraint conditions for each of a plurality of electronic documents generated according to the above method, and record and store constraint condition information including the set constraint conditions on the electronic document.

Here, the constraint condition may refer to a condition previously set by a user in the process of generating and storing an electronic document in order to set a range of use of the electronic document. For example, the constraints of an electronic document may include, but are not limited to, at least one of the information of a user who can use the electronic document (e.g., information about a user who has been delegated authority by a specific corporation, the user's name, resident registration number, corporate name, address, business registration number, etc. of the corporation that has delegated authority to the user), the number of times that authentication can be performed, the purpose of authentication, and the validity period of authentication.

In various embodiments, the server 100 may manage a plurality of electronic documents based on constraint condition information set for each of a plurality of pre-stored electronic documents.

For example, the server 100 may request a user corresponding to at least one electronic document to renew the electronic document for at least one electronic document in which the number of possible authentication is equal to or less than a preset number (eg, 5 times or less) or the validity period of authentication is equal to or less than a predetermined period (eg, 1 month), so that the electronic document is continuously updated before expiration, thereby preventing a situation in which the electronic document is no longer usable as it expires.

In addition, the server 100 may automatically discard (eg, delete a stored electronic document) the at least one electronic document that is no longer available for at least one electronic document that is no longer usable (eg, an electronic document that has expired because the number of possible authentication is 0 or an authentication validity period has elapsed) among a plurality of electronic documents, and may provide a user corresponding to the at least one electronic document with guide information notifying that the at least one electronic document is discarded.

Again, referring to FIG. 3 , in step S120, the server 100 may obtain a corporate authentication request including personal certificate signature information of the authentication subject from the authentication requester.

First, the authentication requester can perform personal authentication using the personal certificate of the authentication target to the user terminal 200 of the authentication target, for the purpose of obtaining joint certificate signature information of a corporation that has delegated authority to the authentication target. Provide a personal authentication process.

Thereafter, the authentication target may perform the personal authentication process provided by the authentication requester through his/her user terminal 200, that is, perform personal authentication through the authentication target's personal certificate.

Thereafter, the authentication requester may obtain personal certificate signature information of the authentication target, which is generated as the authentication target performs a personal authentication process, and may transmit a corporate authentication request including the obtained personal certificate signature information to the server 100 .

Here, the corporate authentication request may mean requesting the provision of an electronic document including joint certificate signature information of a corporation that has delegated authority to the authentication target based on the authentication target's personal certificate signature information included in the corporate authentication request, but is not limited thereto.

In addition, although here, the server 100 has been described as receiving personal certificate signature information of the authentication subject directly from the authentication requester, but is not limited thereto, and when a request for corporate authentication corresponding to a specific authentication target is received from the authentication requester, the personal authentication process may be performed by directly connecting to the specific authentication target, and thus the personal certificate signature information of the specific authentication target may be obtained.

For example, when the server 100 obtains a corporate authentication request for a corporation that has delegated authority to a specific authentication target from an authentication requester, the server 100 can provide a personal authentication process by being directly connected to the user terminal 200 of the specific authentication target through the network 400, and can directly obtain personal certificate signature information of a specific authentication target, which is generated as the specific authentication target performs a personal authentication process through its own user terminal 200.

In step S130, the server 100 selects an electronic document including the personal certificate signature information of the object of authentication from among a plurality of pre-stored electronic documents based on the personal certificate signature information of the object of authentication obtained through step S120, and provides the selected electronic document to the authentication requester.

In various embodiments, the server 100 provides the selected electronic document to the authentication requester, but may determine whether to provide the corresponding electronic document to the authentication requestor based on constraint information included in the selected electronic document.

For example, the server 100 may provide the corresponding electronic document to an authentication requester when the number of possible authentications included in constraint information of the selected electronic document is not 0 or the validity period of authentication has not expired, and may not provide the corresponding electronic document to the requester of authentication when the number of times of possible authentication is 0 or the validity period of authentication has expired.

In addition, the server 100 compares the authentication purpose included in the constraint information of the selected electronic document with the corporate authentication purpose input from the authentication requester, and provides the corresponding electronic document to the authentication requester only when they are identical to each other, and may not provide the corresponding electronic document to the authentication requester when they are not identical.

In various embodiments, when there are a plurality of electronic documents including personal certificate signature information of a specific authentication target (e.g., when a specific authentication target generates a plurality of electronic documents for different authentication purposes), the server 100 may select only an electronic document that is the same as the purpose of corporate authentication input from the authentication requester from among the plurality of electronic documents corresponding to the authentication target and provide the same to the authentication requester.

In various embodiments, the server 100 provides the selected electronic document to the authentication requester regardless of constraint information included in the selected electronic document, but also provides constraint information of the corresponding electronic document together with the electronic document, so that the authentication requester directly checks the electronic document and constraint information to directly review whether the authority of the authentication subject is valid.

In various embodiments, the server 100 performs personal authentication through a personal authentication process in response to providing the electronic document including the personal certificate signature information of the authentication subject to the authentication requester according to the above process, and records the history of requesting the electronic document based on this (eg, the history of the authentication subject performing personal authentication through its own personal certificate, the history of the authentication requester requesting corporate authentication using the personal certificate signature information of the authentication subject, the history of providing the electronic document in response to the corporate authentication request, etc.) It can be recorded by matching it with an electronic document containing the person's personal certificate signature information.

Through this, if a dispute arises between the certification subject and the certification requester in the future, it can be used as data proving that the provision of the electronic document according to the certification of the corporation was a legitimately performed certification (signature) based on the authority delegated from the corporation.

In various embodiments, the server 100 not only provides an electronic document to an authentication requester requiring corporate authentication, but also verifies whether a specific authentication target is a person to whom authority has been delegated from a specific corporation using a pre-stored electronic document. Hereinafter, it will be described with reference to FIG. 5 .

5 is a flowchart illustrating a method of verifying whether a person to be authenticated is a person to whom authority has been delegated from a specific corporation, in various embodiments.

Referring to FIG. 5 , in step S310 , the server 100 may receive a request from an authentication requester to verify whether a specific authentication target is a person to whom authority has been delegated from a specific corporation.

First, the authentication requester uses the personal certificate of the authentication target to the user terminal 200 of the authentication target for the purpose of determining whether the authentication target is a person to whom a legitimate authority has been delegated from a specific corporation. It can provide a personal authentication process capable of performing personal authentication.

Thereafter, the specific authentication target may perform the personal authentication process provided from the authentication requester through his/her user terminal 200, that is, perform personal authentication through the personal certificate of the authentication target.

Thereafter, the authentication requester may obtain personal certificate signature information of the authentication target, which is generated as the authentication target performs a personal authentication process, and may transmit a verification request for a specific authentication target including the obtained personal certificate signature information to the server 100.

Here, the verification request for a specific authentication subject is based on the personal certificate signature information of the specific certification subject included in the verification request for the specific certification subject, and the person to whom authority has been delegated from a specific corporation. It may mean a request to confirm whether or not it is correct, but is not limited thereto.

In addition, although the server 100 is described here as receiving personal certificate signature information of a specific authentication target directly from the authentication requester, the present invention is not limited thereto, and when a verification request for a specific authentication target is requested from the authentication requester, the personal authentication process may be performed by directly connecting to the specific authentication target, and thus the personal certificate signature information of the specific authentication target may be obtained.

For example, when the server 100 obtains a verification request for a specific authentication target from an authentication requester, the server 100 may provide a personal authentication process by being directly connected to the user terminal 200 of the specific authentication target through the network 400, and may directly obtain personal certificate signature information of a specific authentication target, which is generated as the specific authentication target performs a personal authentication process through its own user terminal 200.

In step S320, the server 100 may select an electronic document including personal certificate signature information of a specific authentication target from among a plurality of pre-stored electronic documents based on the personal certificate signature information of the specific authentication target obtained through step S310.

In step S330, the server 100 may obtain information on a corporation that has delegated authority to a specific authentication target based on the joint certificate signature information of the corporation included in the electronic document selected in step S320. The information on the corporation obtained from the electronic document may be compared with information on a specific corporation input from the authentication requester (a corporation to be confirmed whether the authority has been delegated to a specific authentication target), and based on the comparison result, it may be determined whether the specific authentication target is a person to whom authority has been delegated from the specific corporation.

At this time, the server 100 may correct the determination result based on constraint condition information included in the electronic document. For example, when the information on a corporation obtained from an electronic document and the information on a specific corporation input from an authentication requester match, the server 100 determines that a specific authentication target is a person to whom legitimate authority has been delegated from a specific corporation, but if the number of possible authentication of the electronic document is determined to be 0 or the certification validity period has expired, the determination result may be corrected as a determination result that the specific authentication target has not been legitimately authorized by a specific corporation.

Thereafter, the server 100 may provide a result of determining whether a specific authentication target is a person to whom authority has been delegated from a specific corporation to the authentication requester.

In various embodiments, the server 100 may determine authenticity (whether forged or tampered with) of an electronic document corresponding to a specific authentication target as well as verifying a specific authentication target. Hereinafter, it will be described with reference to FIG. 6 .

6 is a flowchart illustrating a method of determining authenticity of a specific electronic document, in various embodiments.

Referring to FIG. 6 , in step S410, the server 100 may receive a request for verification of the first electronic document from the authentication requester. For example, the server 100 may provide a UI to the authentication requester terminal 201, and request verification (e.g., determination of authenticity) of the first electronic document through the UI and upload the first electronic document in the form of a PDF document. However, it is not limited thereto.

In step S420, the server 100 may determine authenticity of the first electronic document using document identification information included in the first electronic document provided (uploaded) from the authentication requester through step S410. For example, the server 100 may extract document identification information for the first electronic document from the first electronic document uploaded by the authentication requester, and in the process of issuing document identification information for a plurality of electronic documents, compare the previously stored document identification information issuance history with the document identification information for the first electronic document to determine authenticity of the first electronic document.

That is, the electronic document management and provision service provision method for corporate authentication according to various embodiments of the present invention generates, stores, and provides an electronic document capable of performing a role such as a personal seal on-line, thereby performing corporate authentication of a corporation that has delegated authority to a user only through personal authentication through a user's personal certificate. It is possible to build a platform that can more easily determine the authenticity of

The above-described electronic document management and service provision method for corporate authentication has been described with reference to the flow chart shown in the drawings. For a brief description, the method for managing and providing electronic document management and provision services for corporate authentication has been illustrated and described as a series of blocks, but the present invention is not limited to the order of the blocks, and some blocks are shown in this specification. It can be performed in a different order or concurrently. In addition, new blocks not described in the present specification and drawings may be added, or some blocks may be deleted or changed.

In the above, the embodiments of the present invention have been described with reference to the accompanying drawings, but those skilled in the art to which the present invention pertains may be embodied in other specific forms without changing the technical spirit or essential features of the present invention. It will be appreciated. Therefore, it should be understood that the embodiments described above are illustrative in all respects and not restrictive.

100: Electronic document management and provision service providing server
200: user terminal
300: external server
400: Network

Claims (10)

In a method performed by a computing device,
storing an electronic document including electronic signature information of a corporation and electronic signature information of a user authorized by the corporation; and
Based on a result of performing personal authentication for the person to be authenticated, providing an electronic document including electronic signature information of a corporation that has delegated authority to the person to be authenticated among the stored electronic documents.
Method of providing electronic document management and provision service for corporate authentication. According to claim 1,
Storing the electronic document,
generating joint certificate signature information of the first legal entity by performing corporate authentication for the first legal entity through a joint certificate of the first legal entity;
generating personal certificate signature information of the first user by performing personal authentication on the first user through the personal certificate of the first user to whom authority is delegated from the first corporation; and
Creating and storing a first electronic document by matching the generated joint certificate signature information of the first corporation with the generated personal certificate signature information of the first user,
Method of providing electronic document management and provision service for corporate authentication. According to claim 2,
Providing the electronic document,
obtaining, from the authentication requester, a corporate authentication request including personal certificate signature information of the authentication target, which is generated by performing personal authentication on the authentication target; and
In response to the corporate authentication request, providing an electronic document including personal certificate signature information of the authentication target among the stored electronic documents to the authentication requester.
Method of providing electronic document management and provision service for corporate authentication. According to claim 3,
Storing the electronic document,
In response to providing the electronic document including the personal certificate signature information of the authentication target to the authentication requester, matching and recording a history of performing personal authentication on the authentication target with an electronic document including personal certificate signature information of the authentication target Further comprising,
Method of providing electronic document management and provision service for corporate authentication. According to claim 2,
Receiving a request from an authentication requester to verify whether the authentication target is a person to whom authority has been delegated from a specific corporation;
selecting an electronic document including personal certificate signature information of the person to be authenticated from among the stored electronic documents in response to being requested for verification; and
Further comprising determining whether the authentication target is a person to whom authority has been delegated from the specific corporation based on joint certificate signature information of the corporation included in the selected electronic document.
Method of providing electronic document management and provision service for corporate authentication. According to claim 1,
The stored electronic document includes constraint information - the constraint information includes the user's information, the number of possible authentications, the purpose of authentication, and the effective period of authentication,
Providing the electronic document,
Based on the constraint condition information, determining whether to provide an electronic document including digital signature information of a corporation that has delegated authority to the person to be authenticated,
Method of providing electronic document management and provision service for corporate authentication. According to claim 6,
Storing the electronic document,
Based on constraint condition information of the stored electronic document, requesting renewal of the stored electronic document when the number of possible authentication is less than or equal to a predetermined number or the validity period of authentication is less than or equal to a predetermined period of time, and automatically discarding the stored electronic document when the number of possible authentication becomes 0 or the validity period of authentication expires.
Method of providing electronic document management and provision service for corporate authentication. According to claim 1,
Storing the electronic document,
Issuing document identification information for at least one electronic document among the stored electronic documents, wherein the document identification information includes at least one of a unique identification number, a barcode, and a QR code, wherein at least one electronic document to which the document identification information is issued is determined according to a storage method of the electronic document; and
Recording and storing the issued document identification information on the at least one electronic document,
Method of providing electronic document management and provision service for corporate authentication. According to claim 8,
receiving a request for verification of the first electronic document from an authentication requester;
In response to being requested to verify the first electronic document, determining whether the first electronic document is authentic or not using document identification information included in the first electronic document,
Method of providing electronic document management and provision service for corporate authentication. processor;
network interface;
Memory; and
A computer program loaded into the memory and executed by the processor,
The computer program,
instructions for storing an electronic document including electronic signature information of a corporation and electronic signature information of a user authorized by the corporation; and
Including instructions for providing an electronic document including electronic signature information of a corporation that has delegated authority to the authentication target among the stored electronic documents based on a result of performing personal authentication on the authentication target,
Server providing electronic document management and provision service for corporate authentication.