Digital asset and certificate management system, user terminal, and digital asset and certificate management method
The digital asset and certificate management system addresses privacy and authenticity issues by storing identity data off-chain and linking it with blockchain assets using DIDs, enhancing privacy and automating asset transfers.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Patents
- Current Assignee / Owner
- SCSK CORP
- Filing Date
- 2026-02-09
- Publication Date
- 2026-06-25
AI Technical Summary
Existing blockchain systems face challenges in balancing the need for tamper-resistant data storage with privacy protection, as on-chain data transparency risks personal information leakage, while off-chain storage lacks authenticity and interoperability.
A digital asset and certificate management system that stores user identity data off-chain and associates it with digital assets on the blockchain using a Decentralized Identifier (DID), ensuring privacy protection and unique asset ownership through a certificate issuing server and digital asset issuing server.
This approach reduces the risk of personal information leakage while uniquely identifying asset owners, allowing selective disclosure of personal information and automating asset transfer processes.
Smart Images

Figure 0007880508000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to a digital asset / certificate management system, a user terminal, and a digital asset / certificate management method.
Background Art
[0002] Patent Document 1 describes a personal information management system. This personal information management system describes a blockchain server in which a blockchain including a transaction and a transaction ID for identifying the transaction is stored for each block.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] While a blockchain (on-chain) is excellent in tamper resistance and transparency, since all records are made public, there is a problem that directly recording personal information or sensitive identities has a high risk of privacy infringement. On the other hand, a conventional storage (off-chain) is easy to protect privacy with access control, but has problems such as being centralized and difficult to prove the authenticity of data and inter-company cooperation.
[0005] An object of the present invention is to provide a digital asset / certificate management system, a user terminal, and a digital asset / certificate management method capable of linking digital assets on a blockchain (on-chain) and off-chain personal information.
Means for Solving the Problems
[0006] The digital asset and certificate management system disclosed herein comprises a certificate issuing server and a digital asset issuing server, wherein the certificate issuing server includes a certificate information generation unit that, upon receiving a user information issuance request from a user terminal, issues certificate information based on user information associated with the user in a user information storage unit and stores it in an off-chain area of the user terminal, and the digital asset issuing server includes a digital asset issuing unit that issues digital assets in response to a request from the user terminal and stores them in a blockchain, and the certificate information and the digital assets are associated with a DID (Decentralized Identifier) which is a combination of a wallet address generated based on an authentication process performed on the user terminal and a blockchain ID based on the blockchain.
[0007] Furthermore, the digital asset and certificate management method of this disclosure, in a digital asset and certificate management method executed by a digital asset and certificate management system, comprises a certificate information generation step in which, when the certificate issuing server receives a user information issuance request from a user terminal, the user information storage unit issues certificate information based on the user information associated with the user and stores it in the off-chain area of the user terminal, and a digital asset issuance step in which the digital asset issuing server issues a digital asset in response to a request from the user terminal and stores it in the blockchain, wherein the certificate information and the digital asset are associated with a DID which is a combination of a wallet address generated based on an authentication process performed on the user terminal and a blockchain ID based on the blockchain.
[0008] This configuration allows the system to store user identity data in off-chain storage, record digital assets on the blockchain, and associate identity data and digital assets with the same DID (Digital Identity). This reduces the risk of personal information leaks while uniquely identifying the owner of the digital assets.
[0009] Furthermore, the user terminal of this disclosure is a user terminal that accesses a digital asset and certificate management system, and further comprises an attribute selection unit that selects attribute information to be disclosed from the certificate information, and a disclosure data generation unit that generates disclosure data containing only the selected attribute information, wherein the disclosure data generation unit affixes an electronic signature to the disclosure data with the user's private key and transmits the disclosure data to the digital asset issuance server, and when the digital asset issuance server determines that the disclosure data is legitimate, the digital asset on the blockchain is identified using the DID contained in the disclosure data. [Effects of the Invention]
[0010] According to this disclosure, linking certificate information with digital assets makes it possible to uniquely identify the owner of a digital asset while reducing the risk of personal information leakage. [Brief explanation of the drawing]
[0011] [Figure 1] Figure 1 is a conceptual diagram showing the overall configuration of the digital asset and certificate management system according to this embodiment. [Figure 2] Figure 2 is a block diagram showing the functional configuration of the user terminal 100. [Figure 3] Figure 3 is a block diagram showing the functional configuration of the Web server 200. [Figure 4] Figure 4 is a block diagram showing the functional configuration of the enterprise server 400. [Figure 5] Figure 5 shows the overall operation sequence of the digital asset and certificate management system according to this embodiment. [Figure 6] Figure 6 is a flowchart of the SNS authentication process. [Figure 7] Figure 7 is a flowchart of the wallet generation process. [Figure 8] Figure 8 is a flowchart of the digital asset issuance request process. [Figure 9]Figure 9 is a flowchart of the process for issuing identification cards. [Figure 10] Figure 10 is a flowchart of the digital asset and identity verification process. [Modes for carrying out the invention]
[0012] Embodiments of the present invention will be described in detail below with reference to the drawings. In the following description, identical or similar components will be denoted by the same reference numerals, and redundant descriptions may be omitted.
[0013] The digital asset and certificate management system according to this embodiment is a system that utilizes blockchain technology to comprehensively manage users' digital assets and certificate information. This system is characterized by its ability to uniquely identify the owner of digital assets while protecting privacy, by securely managing the user's identity information off-chain and associating it with digital assets on the blockchain using the same DID (Decentralized Identifier).
[0014] Figure 1 is a conceptual diagram showing the overall configuration of the digital asset and certificate management system according to this embodiment. The system consists of a user terminal 100, off-chain 100a (corresponding to storage), a web server 200 as a certificate issuance server, a blockchain 300, a corporate server 400 as a digital asset issuance server, and a VDR (Verifiable Data Registry) 500.
[0015] The user terminal 100 is a terminal device operated by the user, and is implemented as an information processing device such as a smartphone, tablet, or personal computer. The user terminal 100 receives various operation inputs from the user, communicates with the web server 200 and the corporate server 400, and executes various processes related to the management of digital assets and identification cards. The detailed configuration of the user terminal 100 will be explained in Figure 2 below.
[0016] The Web server 200 is a server device that functions as a certificate issuing server, and performs user authentication processing, generation of wallet addresses, and issuance of identity data. The Web server 200 is connected to the user terminal 100 via a network such as the Internet, and executes various processes in response to requests from the user. Physically, the Web server 200 is configured as a computer system including one or more CPUs, a RAM and a ROM which are main storage devices, an auxiliary storage device such as a hard disk or a semiconductor memory, and a communication module such as a network card. The detailed configuration of the Web server 200 will be described in FIG. 3 which will be described later.
[0017] The blockchain 300 is a data storage infrastructure configured by distributed ledger technology and has tamper resistance. In this embodiment, the blockchain 300 assumes an Ethereum-based blockchain, but other blockchain infrastructures (for example, Hyperledger Fabric, Polygon, Binance Smart Chain, etc.) may be adopted. On the blockchain 300, wallet addresses, NFT wallets, digital assets, and DIDs are stored.
[0018] The enterprise server 400 is a server device that functions as a digital asset issuing server, issues digital assets in response to requests from users, and stores them in the blockchain 300 in association with DIDs. The enterprise server 400 is connected to the user terminal 100 and the blockchain 300 via a network such as the Internet, and executes various processes related to the issuance, verification, and control of digital assets. Physically, the enterprise server 400 is configured as a computer system including one or more CPUs, a RAM and a ROM which are main storage devices, an auxiliary storage device such as a hard disk or a semiconductor memory, and a communication module such as a network card, similar to the Web server 200. The detailed configuration of the enterprise server 400 will be described in FIG. 4 which will be described later.
[0019] Off-chain 100a is a storage area accessible only to the user terminal 100, and is implemented as, for example, an encrypted storage area within the user terminal 100, or as cloud storage managed by the user (e.g., Google Drive, Dropbox, etc.). Off-chain 100a stores the identity verification data described later.
[0020] VDR500 is a registry that manages verification information, such as public keys, used to verify verifiable credentials. VDR500 stores the public keys published by the web server 200 and is referenced by the corporate server 400 when verifying the signature of identity document data.
[0021] Next, the detailed configuration of each device constituting this system will be described. Figure 2 is a block diagram showing the functional configuration of the user terminal 100. The user terminal 100 includes an operation unit 101, a wallet generation instruction unit 102, a digital asset issuance request unit 103, an identity card issuance request unit 104, and a digital asset / identity card presentation unit 105.
[0022] The operation unit 101 is an interface that receives various operation inputs from the user and is composed of input devices such as a touch panel, keyboard, and mouse. The operation unit 101 accepts user operations for wallet connection, digital asset issuance request, identity document issuance request, and presentation of identity documents and digital assets.
[0023] The wallet generation instruction unit 102 is the part that, upon detecting that the user has pressed the wallet connection button, sends a signal to the web server 200 instructing it to start the wallet generation process. The wallet generation instruction unit 102 communicates with the web server 200 via the communication module of the user terminal 100.
[0024] The digital asset issuance request unit 103 is the part that sends a digital asset issuance request to the corporate server 400 when a user, while authenticated via SNS, presses the digital asset issuance button on the service screen provided by the corporate server 400. The digital asset issuance request unit 103 generates issuance request data including the user's wallet address information and sends it to the corporate server 400.
[0025] The Identity Card Issuance Request Unit 104 sends an identity card issuance request to the Web server 200 when the user, after being authenticated via SNS, presses the Identity Card Issuance button on the screen provided by the Web server 200. The Identity Card Issuance Request Unit 104 generates issuance request data that includes the user's identity verification information (for example, a scanned image or digital data of an identification document such as a driver's license or My Number Card) and sends it to the Web server 200.
[0026] The Digital Asset / Identity Card Presentation Unit 105 generates disclosure data containing only the selected attribute information when the user, after being authenticated via SNS, selects identity card data and attribute information to be disclosed (e.g., name, address, age, etc.) on the verification screen provided by the corporate server 400 and presses the verification button. The Digital Asset / Identity Card Presentation Unit 105 retrieves identity card data from off-chain 100a, extracts only the selected attribute information, and generates disclosure data. The Digital Asset / Identity Card Presentation Unit 105 signs the generated disclosure data with the user's private key and sends it to the corporate server 400.
[0027] Figure 3 is a block diagram showing the functional configuration of the Web server 200. The Web server 200 comprises an address generation unit 201, a wallet generation unit 202, and an identity certificate issuance unit 203. The Web server 200 functions as a certificate issuance server, performing user authentication processing and issuing identity certificate data.
[0028] The address generation unit 201 functions as a wallet address acquisition unit that obtains a wallet address based on the authentication process performed by the user. When the user presses the wallet connection button on the user terminal 100, the address generation unit 201 displays a screen on the user terminal 100 that allows the user to select an external authentication provider (for example, Google, Apple, X (formerly Twitter), or other SNS authentication services). When the user selects an external authentication provider and performs a sign-in operation on the authentication screen of that external authentication provider, the external authentication provider issues an authentication token. The address generation unit 201 receives the authentication token from the external authentication provider and verifies the authentication token. If the authentication token verification is successful, the address generation unit 201 obtains user information (user identifier and authentication token) from the external authentication provider.
[0029] The user terminal 100 performs a process to recover the private key using an external service called Web3Auth based on the acquired user information. Specifically, the user terminal 100 uses authentication token information obtained from the external authentication provider to deterministically generate a seed value used for generating the private key by combining the user identifier and authentication provider-specific information.
[0030] Web3Auth is a service that provides distributed private key fragments (key shares) based on the user's authentication result. User terminal 100 sends user information to Web3Auth and receives private key fragment information generated by Web3Auth.
[0031] Here, the entity that generates the wallet address will be explained in detail. In this embodiment, the wallet address is generated by the user terminal 100. Specifically, the user terminal 100 takes user information (user identifier and authentication token) obtained from an external authentication provider as input and generates a private key using the above fragment information and seed value, etc. The address generation unit 201 temporarily stores the wallet address received from the user terminal 100 in a storage unit (not shown) in association with the user information.
[0032] When a user presses the wallet generation button while SNS authentication is complete, the wallet generation unit 202 starts the wallet generation process using the wallet address generated by the user terminal 100. The wallet generation unit 202 sends an instruction to the blockchain 300 to generate an NFT (Non-Fungible Token) associated with the user on the blockchain 300. When the smart contract on the blockchain 300 receives the instruction from the wallet generation unit 202, it generates an NFT token associated with the user. In this embodiment, the NFT token is a token that records the user's wallet address as its owner and functions as a parent token for managing multiple wallets owned by that user.
[0033] Specifically, the wallet generation unit 202 issues a parent token in response to a wallet generation request from the user terminal 100 and generates a dependent wallet associated with that parent token. The wallet generation unit 202 then records the wallet address of the dependent wallet in the parent token's metadata.
[0034] The address of a dependent wallet is not randomly generated, but is calculated from information that identifies the parent token (contract address, chain ID, token ID). This means that when a parent token is issued, the address of its paired dependent wallet is uniquely determined, establishing a one-to-one relationship. When a dependent wallet receives a request to manipulate its digital assets, it programmatically refers to the "owner of the parent token" and only allows execution if the request comes from the legitimate owner. This relationship between the parent token and the dependent wallet is described in ERC-6551 (Token Bound Accounts).
[0035] This enables an architecture where NFTs themselves function as wallet accounts, rather than simply using user wallets for DID integration, thereby integrating identity and asset management.
[0036] The wallet generation unit 202 sends an instruction to blockchain 300 to generate a wallet linked to the user's NFT token issued on blockchain 300. Upon receiving the instruction from the wallet generation unit 202, the smart contract on blockchain 300 generates a wallet linked to the NFT token and records the wallet address of that wallet as metadata for the NFT token. Upon receiving notification from blockchain 300 that the wallet generation is complete, the wallet generation unit 202 sends the generated NFT token information and wallet information to the user terminal 100 and displays it on the screen of the user terminal 100.
[0037] The ID issuance unit 203, upon receiving an ID issuance request from a user, functions as a certificate information generation unit that issues certificate information, including the DID, based on user information associated with the user in the user information storage unit (not shown). The ID issuance unit 203 extracts ID data from identity verification information (e.g., scanned images or digital data of an ID such as a driver's license or My Number card) while the user is authenticated via SNS. The ID issuance unit 203 generates a dataset containing the extracted ID data (e.g., attribute information such as name, address, date of birth, and gender).
[0038] The identity card issuing unit 203 obtains the DID included in the request data transmitted from the user terminal 100. In this embodiment, the DID is generated by combining the wallet address and the blockchain ID. The blockchain ID is an identifier that identifies the blockchain on which the digital asset or identity card data is recorded, and is a string such as "ethereum" or "polygon".
[0039] The user terminal 100 obtains the blockchain ID from blockchain 300 and generates a DID by combining the wallet address and the blockchain ID. Specifically, the DID is expressed in the format of the blockchain ID and wallet address concatenated with a colon (:) following the prefix "did:". For example, if the blockchain ID is "ethereum" and the wallet address is "0x1234...abcd", the DID will be "did:ethereum:0x1234...abcd". The user terminal 100 stores the generated DID in blockchain 300.
[0040] Here, the entity that generates the DID will be explained in detail. In this embodiment, the DID is generated by the user terminal 100. This is because the DID adheres to the principle that, based on the idea of decentralized identity, the user should manage it autonomously. The user terminal 100 refers to the network identifier (chain ID, etc.) of the blockchain 300 to which it is currently connected. The user terminal 100 generates the DID by combining a pre-generated wallet address and the blockchain ID. The generated DID functions as a decentralized identifier that uniquely identifies the user and is embedded in both the digital assets on blockchain 300 and the identity data on off-chain 100a. The user terminal 100 transmits the generated DID to the identity issuance unit 203 and performs the process of embedding the DID in the identity data and digital assets.
[0041] The identity card issuing unit 203 generates identity card data by including the generated DID in the identity card data. The identity card issuing unit 203 digitally signs the identity card data using the private key held by the web server 200. The identity card issuing unit 203 uploads the signed identity card data to off-chain 100a, which is accessible only to the user. The identity card issuing unit 203 notifies the user terminal 100 that the upload of the identity card data is complete.
[0042] The identity card data generated by the identity card issuing unit 203 is in the format of Verifiable Credentials (VC). VC is verifiable credentials based on a tripartite model of Issuer, Holder, and Verifier. In this embodiment, the Issuer is the Web server 200, the Holder is the user, and the Verifier is the corporate server 400. The identity card data includes the Issuer's identifier, the Holder's DID, identity card data (attribute information such as name, address, and date of birth), issuance date and time, expiration date, and the Issuer's digital signature.
[0043] Figure 4 is a block diagram showing the functional configuration of the enterprise server 400. The enterprise server 400 comprises a digital asset issuance unit 401, a disclosure data verification unit 402, and a digital asset control unit 403. The enterprise server 400 functions as a digital asset issuance server, issuing digital assets in response to user requests and storing them in the blockchain 300 in association with the DID.
[0044] When the digital asset issuance unit 401 receives a digital asset issuance request from a user, it obtains the DID included in the issuance request. The digital asset issuance unit 401 issues a digital asset with the generated DID embedded as metadata. The digital asset can take the form of, for example, an electronic ticket, membership, coupon, points, or digital art. The digital asset issuance unit 401 sends the issued digital asset to a smart contract on the blockchain 300 and has it recorded on the blockchain 300. When the digital asset issuance unit 401 receives a notification from the blockchain 300 that the digital asset registration is complete, it notifies the user terminal 100 that the registration is complete.
[0045] When the Disclosure Data Verification Unit 402 receives the disclosure data of the user's identification document, it verifies the signature of the disclosure data. The Disclosure Data Verification Unit 402 uses the user's DID included in the disclosure data to verify the signature and confirm that the data sender is the legitimate owner. Next, it queries the VDR 500 to obtain the public key of the Web server 200. The Disclosure Data Verification Unit 402 uses the obtained public key to verify the electronic signature of the disclosure data and determines whether the signature is legitimate or not.
[0046] When the Digital Asset Control Unit 403 receives verification results from the Disclosure Data Verification Unit 402, it connects to the Blockchain 300 to verify the identity and validity of the digital asset. The Digital Asset Control Unit 403 identifies the digital asset on the Blockchain 300 using the user's DID. The Digital Asset Control Unit 403 determines whether the DID included in the metadata of the identified digital asset matches the DID included in the disclosure data. If they match, the Digital Asset Control Unit 403 determines that the digital asset belongs to the user.
[0047] The digital asset control unit 403 checks the status information of the digital asset, such as its expiration date and used flag, and determines whether the digital asset is valid. If the digital asset is valid, the digital asset control unit 403 sends an instruction to the smart contract on blockchain 300 to transfer or consume the value of the digital asset. Upon receiving the instruction from the digital asset control unit 403, the smart contract automatically executes a process to transfer ownership of the digital asset or to update the digital asset to a used state.
[0048] Next, the overall operation flow of the system in this embodiment will be described in detail with reference to Figure 5. Figure 5 is a diagram showing the overall operation sequence of the digital asset and certificate management system according to this embodiment. The operation of this system is broadly composed of four phases: the initial setup phase, the digital asset issuance phase, the identity certificate issuance phase, and the digital asset utilization phase.
[0049] In the initial setup phase, the user performs SNS authentication using the user terminal 100 (S11) and generates a wallet address. Specifically, the user operates the control panel 101 of the user terminal 100, presses the wallet connection button, selects an external authentication provider, and performs the sign-in operation on the authentication screen of the external authentication provider.
[0050] The user terminal 100 receives an authentication token from an external authentication provider, verifies the authentication token, and if the verification is successful, requests the Web3Auth service to provide user information (user identifier and authentication token) necessary for restoring the private key. The user terminal 100 restores the private key from the user information, calculates a public key from the private key, and calculates a wallet address from the public key. The user terminal 100 displays the wallet address on the screen (S12). Subsequently, the address generation unit 201 performs instruction processing to execute a digital asset issuance request, an identity document issuance request, and digital asset / identity document presentation, respectively, on the user terminal 100.
[0051] In the initial setup phase, the user further performs the wallet generation process. With SNS authentication completed, the user operates the operation unit 101 of the user terminal 100 and presses the wallet generation button (S13). The wallet generation unit 202 of the web server 200 sends an instruction to the blockchain 300 to generate an NFT associated with the user on the blockchain 300 (S14).
[0052] A smart contract on blockchain 300 generates an NFT token associated with the user, generates a wallet associated with the NFT token, and generates a wallet controlled by the said NFT token. When the wallet generation unit 202 receives notification from blockchain 300 that wallet generation is complete, it sends the generated NFT token information and wallet information to the user terminal 100.
[0053] In the digital asset issuance phase, the user requests the issuance of a digital asset using the user terminal 100. The user, having already authenticated via SNS, presses the digital asset issuance button on the service screen provided by the corporate server 400 (S15). At this time, the user terminal 100 sends a digital asset issuance request that includes its own DID. The digital asset issuance unit 401 of the corporate server 400 obtains the DID from the received issuance request and issues the digital asset with the DID embedded as metadata (S16). For example, in response to the press of the digital asset issuance button on the user terminal 100, the digital asset issuance unit 401 reads the DID of the user terminal 100 that was sent and assigns it to the digital asset. The DID and wallet address are sent to the user terminal 100 in S12 and stored in the user terminal 100.
[0054] The digital asset issuance unit 401 sends the issued digital assets to a smart contract on the blockchain 300 and records them on the blockchain 300. When the digital asset issuance unit 401 receives a notification from the blockchain 300 that the digital asset registration is complete, it notifies the user terminal 100 that the registration is complete.
[0055] In the identity document issuance phase, the user requests the issuance of an identity document using the user terminal 100 (S17). The user, having already authenticated via SNS, performs an operation on the screen provided by the web server 200 to extract identity document data from the identity verification information. The identity document issuance unit 203 of the web server 200 obtains the DID included in the issuance request sent from the user terminal 100, and issues identity document data by combining the identity document data and the DID. For example, in response to the user terminal 100 pressing the identity document issuance button, the identity document issuance unit 203 refers to the DID sent from the user terminal 100, adds it to the identity document, and creates identity document data. The wallet address is stored in the user terminal 100.
[0056] Then, the identity card issuing unit 203 uses the private key of the web server 200 to digitally sign the identity card data and uploads the signed identity card data to an off-chain 100a accessible only to the user (S18). The identity card issuing unit 203 notifies the user terminal 100 that the upload of the identity card data is complete.
[0057] The above constitutes the preliminary preparation, after which the presentation of digital assets and identification documents is carried out. In the digital asset utilization phase, the user presents digital assets and identification documents using the user terminal 100 (S19). With SNS authentication completed, the user selects the identification document data and attribute information to be disclosed on the verification screen provided by the corporate server 400, and presses the verification button.
[0058] When the enterprise server 400 receives instructions in accordance with the verification button, it requests disclosure of data from the user terminal 100 (S20).
[0059] The digital asset / identity card presentation unit 105 of the user terminal 100 retrieves identity card data from off-chain 100a, extracts only the attribute information selected by the user to generate disclosure data (S21), electronically signs the disclosure data with the user's private key, and transmits the signed disclosure data to the corporate server 400.
[0060] The disclosure data verification unit 402 of the enterprise server 400 verifies the received disclosure data. The disclosure data verification unit 402 queries the VDR 500 to obtain the public key of the web server 200, uses the obtained public key to verify the electronic signature of the disclosure data, and determines whether the signature is legitimate or not (S22).
[0061] When the digital asset control unit 403 of the enterprise server 400 receives verification results from the disclosure data verification unit 402, it connects to the blockchain 300 to verify the identity and validity of the digital asset. Based on the digital asset ID provided by the user, the digital asset control unit 403 identifies the digital asset on the blockchain 300 and determines whether the DID contained in the metadata of the identified digital asset matches the DID contained in the disclosure data. The digital asset ID is identification information used to identify a digital asset. For example, in the case of a concert ticket, it would correspond to a ticket ID.
[0062] If a match is found, the digital asset control unit 403 determines that the digital asset belongs to the user, checks the status information of the digital asset such as its expiration date and used flag, and determines whether the digital asset is valid. If the digital asset is valid, the digital asset control unit 403 sends an instruction to the smart contract on the blockchain 300 to transfer or consume the value of the digital asset (S23). The smart contract automatically executes the process of transferring ownership of the digital asset or updating the digital asset to a used state (S24). The digital asset control unit 403 notifies the user terminal 100 that the process is complete.
[0063] Next, the processing flow of each phase in this system will be explained in detail with reference to the diagram. Figure 6 is a flowchart of the SNS authentication process. The user operates the operation unit 101 of the user terminal 100 and presses the wallet connection button (S101). The user selects the external authentication provider to use (e.g., Google, Apple, X, etc.) on the external authentication provider selection screen displayed on the user terminal 100 (S102). The user performs a sign-in operation on the authentication screen of the selected external authentication provider (S103). The sign-in operation is performed, for example, by entering a user ID and password, or by biometric authentication (fingerprint authentication, facial recognition, etc.).
[0064] When authentication processing is performed, the address generation unit 201 of the web server 200 receives an authentication token from the external authentication provider or the user terminal 100 and performs a process to verify the validity of the authentication token (S104). Verification of the authentication token is performed, for example, by verifying the signature contained in the authentication token using the public key of the external authentication provider. If the verification of the authentication token is successful, the address generation unit 201 obtains user information (user identifier and authentication token) from the external authentication provider and identifies the user as a user of this system. If the verification of the authentication token fails, the address generation unit 201 sends an error message to the user terminal 100 and terminates processing.
[0065] Furthermore, the user terminal 100 executes a process to generate a private key based on the acquired authentication token information. Specifically, it sends it to the Web3Auth network. Each node of Web3Auth verifies the token, and if its legitimacy is confirmed, it returns a fragment (share) of the private key to the user terminal 100. The user terminal 100 uses the collected share to reconstruct the private key and derives the public key and wallet address based on that private key.
[0066] The address generation unit 201 receives and obtains the wallet address derived at the user terminal 100 from the user terminal 100 (S105). The address generation unit 201 temporarily stores the wallet address in a storage unit, associating it with the user information. The address generation unit 201 sends a notification of completion of wallet address registration to the user terminal 100, which is displayed on the screen of the user terminal 100. This completes the SNS authentication process.
[0067] Figure 7 is a flowchart of the wallet generation process in the initial setup phase. The user, having already authenticated via SNS, operates the operation unit 101 of the user terminal 100 and presses the wallet generation button (S201). The wallet generation unit 202 of the web server 200 sends an instruction to the blockchain 300 to generate an NFT associated with the user on the blockchain 300 (S202). Upon receiving the instruction from the wallet generation unit 202, the smart contract on the blockchain 300 generates an NFT token associated with the user.
[0068] The wallet generation unit 202 sends an instruction to blockchain 300 to generate a wallet linked to the user's NFT token issued on blockchain 300 (S203). Upon receiving the instruction from the wallet generation unit 202, the smart contract on blockchain 300 generates a wallet linked to the NFT token and records the correspondence between the NFT token and the generated wallet address. Specifically, the smart contract generates a unique wallet address based on the NFT token's token ID, contract address, etc.
[0069] When the wallet generation unit 202 receives a notification from the blockchain 300 that wallet generation is complete, it sends the generated NFT token information and wallet information to the user terminal 100 (S204). The wallet generation unit 202 sends notification data to the user terminal 100, which includes the NFT token ID, wallet address, and a wallet generation completion message. The user terminal 100 displays the received notification data on its screen and notifies the user that wallet generation is complete. This completes the wallet generation process.
[0070] Figure 8 is a flowchart of the digital asset issuance request processing in the digital asset issuance phase. The user, while authenticated via SNS, presses the digital asset issuance button on the service screen provided by the corporate server 400 (S301). The digital asset issuance unit 401 of the corporate server 400 obtains the DID from the user's wallet address. At this time, the user terminal 100 sends an issuance request including its own DID. The digital asset issuance unit 401 of the corporate server 400 obtains the user's wallet address and DID from the received issuance request (S302). In this embodiment, the DID is managed on the user terminal 100 side and is provided to the digital asset issuance unit 401 each time an issuance request is made or through the authentication session.
[0071] The digital asset issuance unit 401 issues digital assets on the blockchain 300 with the DID embedded as metadata (S303). The digital asset issuance unit 401 generates metadata as the data structure of the digital asset, including the type of digital asset (e.g., electronic ticket, membership, coupon, etc.), the content of the digital asset (e.g., event name, expiration date, usage conditions, etc.), and the DID. The digital asset issuance unit 401 sends the digital asset containing the generated metadata to a smart contract on the blockchain 300, which then records it on the blockchain 300. The smart contract records the digital asset received from the digital asset issuance unit 401 on the blockchain 300 and registers the user's wallet address as the owner of the digital asset.
[0072] When the digital asset issuance unit 401 receives a notification from the blockchain 300 that the registration of the digital asset is complete, it notifies the user terminal 100 of the registration completion (S304). The digital asset issuance unit 401 sends notification data to the user terminal 100, which includes the token ID of the digital asset, the contents of the digital asset, and a registration completion message. The user terminal 100 displays the received notification data on its screen and notifies the user that the issuance of the digital asset is complete. This completes the digital asset issuance request process.
[0073] Figure 9 is a flowchart of the identity document issuance process in the identity document issuance phase. The user, having already authenticated via SNS, performs an operation on the screen provided by the Web server 200 to extract identity document data from personal verification information (for example, scanned images or digital data of an identity document such as a driver's license or My Number card) (S401). The user terminal 100 sends the personal verification information selected by the user to the Web server 200.
[0074] The identity certificate issuance unit 203 of the web server 200 obtains the DID from the received user request data (S402). In this embodiment, the DID is held in the user terminal 100 and is transmitted to the identity certificate issuance unit 203 in response to an identity certificate issuance request (including a wallet address) from the user terminal 100. The identity certificate issuance unit 203 reads and identifies the DID corresponding to the transmitted wallet address.
[0075] The ID issuance unit 203 uses the private key of the Web server 200 to issue ID data by combining the ID data and DID (S403). The ID issuance unit 203 generates a dataset containing the ID data (e.g., attribute information such as name, address, date of birth, gender, etc.) and the DID. The ID issuance unit 203 applies an electronic signature to the generated dataset using the private key held by the Web server 200. The ID issuance unit 203 generates signed ID data.
[0076] The identity card issuing unit 203 uploads the identity card data to the off-chain 100a, which is accessible only to the user (S404). The identity card issuing unit 203 requests access permission to the off-chain 100a from the user terminal 100 and obtains access permission from the user terminal 100. The identity card issuing unit 203 connects to the off-chain 100a using the obtained access permission and uploads the signed identity card data. The identity card issuing unit 203 notifies the user terminal 100 that the upload of the identity card data is complete. This completes the identity card issuance process.
[0077] Figure 10 is a flowchart of the digital asset and identity document presentation process in the digital asset utilization phase. The user, having already authenticated via SNS, selects identity document data and attribute information to be disclosed (e.g., name, address, age, etc.) on the verification screen provided by the corporate server 400, and presses the verification button. The digital asset and identity document presentation unit 105 of the user terminal 100 acquires the attribute information selected by the user (S501). The identity document data is stored off-chain 100a, and the digital asset and identity document presentation unit 105 retrieves the identity document data and attribute information from off-chain 100a.
[0078] The digital asset / identity card presentation unit 105 generates and signs only the disclosure data required by the user (S502). The digital asset / identity card presentation unit 105 retrieves identity data (VC) from off-chain 100a and extracts only the attribute information selected by the user to generate disclosure data (including DID). The digital asset / identity card presentation unit 105 electronically signs the generated disclosure data using the user's private key. The digital asset / identity card presentation unit 105 transmits the signed disclosure data to the corporate server 400.
[0079] The disclosure data verification unit 402 of the enterprise server 400 verifies the received disclosure data and transmits it to the blockchain 300. Transmission means that after verification, the verification results are passed to the digital asset control unit 403, and the digital asset control unit 403 communicates with the blockchain 300.
[0080] The disclosure data verification unit 402 queries the VDR500 to obtain the public key of the web server 200. The disclosure data verification unit 402 uses the obtained public key to verify the electronic signature of the disclosure data and determines whether the signature is legitimate or not.
[0081] The Digital Asset Control Unit 403 transfers or consumes the value of the digital asset if the signature is valid. Upon receiving the verification result from the Disclosure Data Verification Unit 402, the Digital Asset Control Unit 403 connects to the Blockchain 300 to verify the identity and validity of the digital asset, and based on the verification result, sends an instruction to transfer or consume the value of the digital asset to a smart contract on the Blockchain 300 (S503). The Digital Asset Control Unit 403 identifies the digital asset on the Blockchain 300 using the user's DID. The Digital Asset Control Unit 403 determines whether the DID included in the metadata of the identified digital asset matches the DID included in the disclosure data. If they match, the Digital Asset Control Unit 403 determines that the digital asset belongs to the user. The Digital Asset Control Unit 403 checks the status information of the digital asset, such as its expiration date and used flag, and determines whether the digital asset is valid.
[0082] If the digital asset is valid, the digital asset control unit 403 sends an instruction to the smart contract on the blockchain 300 to transfer or consume the value of the digital asset. Upon receiving the instruction from the digital asset control unit 403, the smart contract automatically executes a process to transfer ownership of the digital asset or to update the digital asset to a used state (S504). The digital asset control unit 403 notifies the user terminal 100 that the process is complete. This completes the digital asset and identity card presentation process.
[0083] Next, the technical effects of this embodiment will be described. The digital asset and certificate management system according to this embodiment achieves the following technical effects by associating digital assets on the blockchain and off-chain identity data with the same DID.
[0084] Firstly, this system can uniquely identify the owner of digital assets while protecting user privacy. In conventional blockchain systems, it was necessary to record the user's personal information on the blockchain in order to identify the owner of digital assets. However, while blockchain is tamper-proof, the recorded information is viewable from all nodes, so recording personal information on the blockchain carries the risk of privacy infringement. In this embodiment, by storing the user's identity data off-chain 100a and recording only the DID on the blockchain 300, the risk of personal information leakage can be reduced while uniquely identifying the owner of digital assets.
[0085] Secondly, this system allows users to selectively control the attribute information they disclose. In conventional systems, when verifying identity, it was necessary to present all the information listed on the identification document. In this embodiment, users can select the attribute information they want to disclose and generate disclosure data that includes only the selected attribute information. This allows users to disclose only the minimum necessary personal information, thereby enhancing privacy protection.
[0086] Thirdly, this system can automatically perform the transfer or consumption of value of digital assets. In this embodiment, once the enterprise server 400 successfully verifies the disclosed data, a smart contract on the blockchain 300 automatically performs the processing of the transfer or consumption of value of digital assets. This reduces manual processing and improves the efficiency and accuracy of processing.
[0087] Next, we will describe in more detail specific examples of use in this embodiment. Below, we will describe three specific examples of use: event admission management using electronic tickets, purchase of goods requiring age verification, and use of discount services for local residents.
[0088] As a first use case, we will describe event admission management using electronic tickets. When a user purchases tickets for a concert or sporting event, they access a ticket sales website provided by the corporate server 400. The user performs SNS authentication using the user terminal 100 and generates a wallet address. The user selects a ticket on the ticket sales website and presses the purchase button. The digital asset issuance unit 401 of the corporate server 400 obtains the DID from the user's wallet address and issues an electronic ticket with the DID embedded as metadata. The electronic ticket includes the event name, date and time, seat number, and DID. The digital asset issuance unit 401 records the issued electronic ticket on the blockchain 300 and registers the user's wallet address as the owner of the electronic ticket.
[0089] On the day of the event, the user presents their electronic ticket and identification at the entrance gate of the event venue using the user terminal 100. The user operates the operation unit 101 of the user terminal 100 to select the identification data and attribute information to be disclosed (e.g., name, age, etc.) and presses the verification button. The digital asset / identification presentation unit 105 of the user terminal 100 retrieves the identification data from off-chain 100a, extracts only the attribute information selected by the user to generate disclosure data, electronically signs the disclosure data with the user's private key, and transmits the signed disclosure data to the verification terminal installed at the entrance gate.
[0090] The verification terminal is connected to the corporate server 400, and the corporate server 400's disclosure data verification unit 402 performs the verification of the disclosure data. The disclosure data verification unit 402 queries the VDR 500 to obtain the public key of the web server 200, uses the obtained public key to verify the electronic signature of the disclosure data, and determines whether the signature is legitimate or not.
[0091] When the Digital Asset Control Unit 403 receives verification results from the Disclosure Data Verification Unit 402, it connects to the Blockchain 300 to verify the identity and validity of the electronic ticket. The Digital Asset Control Unit 403 identifies the electronic ticket on the Blockchain 300 using the user's DID and determines whether the DID contained in the metadata of the identified electronic ticket matches the DID contained in the disclosure data. If they match, the Digital Asset Control Unit 403 determines that the electronic ticket belongs to the person concerned, checks the status information of the electronic ticket such as its expiration date and used flag, and determines whether the electronic ticket is valid. If the electronic ticket is valid, the Digital Asset Control Unit 403 sends an instruction to the smart contract on the Blockchain 300 to update the electronic ticket to a used state. The smart contract automatically executes the process of updating the electronic ticket to a used state. The Digital Asset Control Unit 403 notifies the verification terminal of the completion of the process, and the verification terminal opens the entrance gate. As a result, the user can enter the event venue.
[0092] As a second use case, we will explain the purchase of products that require age verification. When a user purchases products that require age verification, such as alcohol or tobacco, they access a sales terminal installed in the store. The user performs SNS authentication using user terminal 100 and generates a wallet address. The user selects the product on the sales terminal and presses the purchase button. The sales terminal displays a screen requesting age verification from the user.
[0093] The user operates the operation unit 101 of the user terminal 100 to select identity document data and attribute information to be disclosed (for example, age only), and presses the verification button. The digital asset / identity document presentation unit 105 of the user terminal 100 retrieves identity document data from off-chain 100a, extracts the attribute information (age only) selected by the user to generate disclosure data, electronically signs the disclosure data with the user's private key, and transmits the signed disclosure data to the sales terminal.
[0094] The sales terminal is connected to the corporate server 400, and the corporate server 400's disclosure data verification unit 402 performs the verification of the disclosure data. The disclosure data verification unit 402 verifies the electronic signature of the disclosure data in the same manner as in the first use example described above, extracts the DID contained in the disclosure data, and confirms the consistency of the DID. If the disclosure data is determined to be legitimate, the disclosure data verification unit 402 extracts the age information contained in the disclosure data and determines whether the user is an adult. If the user is an adult, the disclosure data verification unit 402 transmits the verification result to the digital asset control unit 403.
[0095] When the Digital Asset Control Unit 403 receives verification results from the Disclosure Data Verification Unit 402, it connects to the Blockchain 300 to verify the identity and validity of the digital asset (e.g., a token indicating purchase rights). The Digital Asset Control Unit 403 verifies the identity and validity of the digital asset in the same manner as in the first use example described above, and if the digital asset is valid, it sends an instruction to the smart contract on the Blockchain 300 to update the digital asset to a used state. The smart contract automatically executes the process of updating the digital asset to a used state. The Digital Asset Control Unit 403 notifies the sales terminal of the completion of the process, and the sales terminal authorizes the sale of the product. This allows the user to purchase products that require age verification.
[0096] In this use case, the user only needs to disclose their age information and is not required to disclose other personal information such as their name or address. This protects the user's privacy. Furthermore, since the store only needs to obtain the user's age information and not other personal information, it can meet the requirements for appropriate management and restriction of use of personal information as stipulated by the Personal Information Protection Act.
[0097] As a third use case, we will explain the use of a discount service for local residents. When a user enters a facility such as a museum or art gallery, they access a verification terminal installed at the facility's entrance gate. The user performs SNS authentication using user terminal 100 and generates a wallet address. The user selects to use the discount service for local residents on the verification terminal. The verification terminal displays a screen requesting the user to verify their place of residence.
[0098] The user operates the operation unit 101 of the user terminal 100 to select identity document data and attribute information to be disclosed (for example, place of residence only), and presses the verification button. The digital asset / identity document presentation unit 105 of the user terminal 100 retrieves identity document data from off-chain 100a, extracts the attribute information (place of residence only) selected by the user to generate disclosure data, electronically signs the disclosure data with the user's private key, and transmits the signed disclosure data to the verification terminal.
[0099] The verification terminal is connected to the corporate server 400, and the corporate server 400's disclosure data verification unit 402 performs the verification of the disclosure data. The disclosure data verification unit 402 verifies the electronic signature of the disclosure data in the same manner as in the first use example described above, extracts the DID contained in the disclosure data, and confirms the consistency of the DID. If the disclosure data is determined to be legitimate, the disclosure data verification unit 402 extracts the place of residence information contained in the disclosure data and determines whether the user is a local resident or not. If the user is a local resident, the disclosure data verification unit 402 transmits the verification result to the digital asset control unit 403.
[0100] When the Digital Asset Control Unit 403 receives verification results from the Disclosure Data Verification Unit 402, it connects to the Blockchain 300 to verify the identity and validity of the digital asset (e.g., a discount coupon). The Digital Asset Control Unit 403 verifies the identity and validity of the digital asset in the same manner as in the first use example described above, and if the digital asset is valid, it sends an instruction to the smart contract on the Blockchain 300 to update the digital asset to a used state. The smart contract automatically executes the process of updating the digital asset to a used state. The Digital Asset Control Unit 403 notifies the verification terminal of the completion of the process, and the verification terminal allows entry at the discounted rate. This allows the user to enter the facility using the discount service for local residents.
[0101] In this use case, the user only needs to disclose their place of residence and is not required to disclose other personal information such as their name or age. This protects the user's privacy. Furthermore, since the facility only needs to obtain the user's place of residence and not other personal information, it can meet the requirements for appropriate management and restriction of use of personal information as stipulated by the Personal Information Protection Act.
[0102] Next, the effects and benefits of the digital asset and certificate management system, user terminal 100, and digital asset and certificate management method of this embodiment will be described.
[0103] In the digital asset and certificate management system of this embodiment, when the Web server 200 receives a user information issuance request from the user terminal 100, the user information storage unit issues certificate information (identity data) based on the user information associated with that user and stores it in the off-chain 100a on the user terminal 100. In addition, the corporate server 400 issues digital assets in response to a request from the user terminal 100 and stores them in the blockchain 300. The identity data and digital assets are associated with a DID (Decentralized Identifier) which is a combination of a wallet address generated based on the SNS authentication process performed on the user terminal 100 and a blockchain ID based on the blockchain 300. As a result, this system stores the user's identity data in the off-chain 100a, records the digital assets on the blockchain 300, and associates the identity data and digital assets with the same DID, thereby reducing the risk of leakage of personal information while uniquely identifying the owner of the digital assets.
[0104] Furthermore, in a digital asset and certificate management system, the web server 200 may issue a parent token in response to a user information issuance request from a user terminal 100, generate a dependent wallet associated with the parent token, and record the wallet address of the dependent wallet as metadata for the parent token.
[0105] This allows for an architecture where the NFT itself functions as a wallet account, rather than simply using a user wallet for DID integration, thereby integrating identity and asset management.
[0106] Furthermore, in the digital asset and certificate management system, the identity certificate issuance unit 203 of the web server 200 may store identity certificate data with a DID assigned to it in an off-chain 100a accessible only to the user terminal 100. This allows the system to protect user privacy while enabling users to manage their identity certificate data autonomously.
[0107] Furthermore, in the digital asset and certificate management system, the digital asset issuance unit 401 of the corporate server 400 may assign a DID to the digital asset and store it in the blockchain 300. This allows the system to associate digital assets and identity document data with the same DID, and to uniquely identify the owner of the digital asset.
[0108] Furthermore, in the digital asset and certificate management system, the user terminal 100 generates a seed value for generating a private key based on authentication token information obtained from an external authentication provider (e.g., Google, Apple, X, etc.), and also receives fragment information from Web3Auth based on user information and generates a private key based on these. Alternatively, a DID may be generated using the wallet address. This makes it possible to enhance the security of access to the wallet address by utilizing the authentication functions of the external authentication provider (e.g., two-factor authentication, biometric authentication, etc.).
[0109] Furthermore, in the digital asset and certificate management system, the disclosure data verification unit 402 of the corporate server 400 may verify the disclosure data electronically signed on the user terminal 100, and the digital asset control unit 403 may, if the verification by the disclosure data verification unit 402 is successful, send an instruction to the smart contract on the blockchain 300 to transfer or consume the value of the digital asset. This allows the system to reduce manual processing and improve the efficiency and accuracy of processing.
[0110] Furthermore, in the digital asset and certificate management system, the digital asset control unit 403 may identify the digital asset on blockchain 300 using the DID included in the disclosure data, determine whether the DID included in the metadata of the identified digital asset matches the DID included in the disclosure data, and determine if the digital asset belongs to the person concerned if they match. This allows the system to uniquely identify the owner of a digital asset and prevent impersonation.
[0111] Furthermore, the digital asset and certificate management system may have a disclosure data verification unit 402 that determines whether the attribute information (e.g., age, place of residence, etc.) included in the disclosure data meets predetermined conditions, and if the conditions are met, it may instruct the digital asset control unit 403 to execute the preferential treatment. The digital asset control unit 403 may also send an instruction to a smart contract on the blockchain 300 to refund tokens equivalent to the discount difference to the user's wallet address, or an instruction to grant an NFT indicating the exclusive benefit to the user's wallet address. This allows the system to automatically execute preferential treatment according to the user's attributes and to provide flexible services to the user.
[0112] Furthermore, the digital asset and certificate management system may use one of the following as an off-chain 100a accessible only to the user: encrypted storage within the user terminal 100, cloud storage managed by the user (e.g., Google Drive, Dropbox, etc.), a distributed storage system (e.g., IPFS, Filecoin, etc.), or a secure element within the user terminal 100 (e.g., TPM, TEE, etc.). This allows the system to flexibly select the off-chain 100a according to the user's needs, ensuring security and availability.
[0113] Furthermore, in the digital asset and certificate management system, the user terminal 100 includes a digital asset and certificate presentation unit 105 that functions as an attribute selection unit for selecting attribute information to be disclosed from the certificate data, and a disclosure data generation unit for generating disclosure data that includes only the selected attribute information.
[0114] The digital asset / identity card presentation unit 105, which functions as a disclosure data generation unit, electronically signs the disclosure data with the user's private key and transmits the disclosure data to the corporate server 400.
[0115] On the enterprise server 400, the disclosure data verification unit 402 verifies the disclosure data, and if it is determined that the identity document data is legitimate, the DID contained in the disclosure data is used to identify the digital asset on blockchain 300. As a result, this system allows users to disclose only the minimum necessary personal information, enabling them to use digital assets securely while protecting their privacy.
[0116] As described above, the digital asset and certificate management system according to this embodiment is an innovative system that uniquely identifies the owner of a digital asset while protecting privacy by combining blockchain technology and off-chain technology. This system can be applied to the management of various types of digital assets, such as electronic tickets, membership rights, coupons, digital art, in-game items, and real estate ownership certificates, and can be used in various usage scenarios, such as purchasing products that require age verification, providing discount services for local residents, using membership services, and financial and high-value asset transactions. With this system, users can use digital assets safely while protecting their privacy, and companies can manage digital assets efficiently.
[0117] It should be noted that the present invention is not limited to the embodiments described above, and various modifications are possible based on the technical concept of the present invention. For example, the numerical values, configurations, shapes, materials, protocols, algorithms, etc., listed in the embodiments described above are merely examples, and different numerical values, configurations, shapes, materials, protocols, algorithms, etc., may be used as needed. Furthermore, each component in the embodiments described above can be combined without departing from the technical concept of the present invention. Moreover, each modification described in the embodiments described above can be implemented in combination with each other.
[0118] The digital asset and certificate management system, user terminal, and digital asset and certificate management method described herein have the following configuration. Note 1 In a digital asset and certificate management system comprising a certificate issuance server and a digital asset issuance server, The aforementioned certificate issuing server, A certificate information generation unit, upon receiving a user information issuance request from a user terminal, issues certificate information based on the user information associated with the user in the user information storage unit and stores it in the off-chain area of the user terminal. Equipped with, The aforementioned digital asset issuance server is: A digital asset issuance unit that issues digital assets in response to requests from the user terminal and stores them on the blockchain, Equipped with, The aforementioned certificate information and the aforementioned digital asset are associated with a DID (Decentralized Identifier) which is a combination of a wallet address generated based on an authentication process performed on the user terminal and a blockchain ID based on the blockchain. Digital asset and certificate management system. Note 2 The aforementioned certificate issuing server, In response to a wallet generation request from the user terminal, a parent token is issued, a dependent wallet linked to the parent token is generated, and the wallet address of the dependent wallet is recorded in the metadata of the parent token. The digital asset and certificate management system described in Appendix 1. Note 3 The certificate information generation unit, The storage accessible only to the user terminal is designated as the off-chain area, and the certificate information to which the DID is assigned is stored there. The digital asset and certificate management system described in Appendix 1 or 2. Note 4 In the aforementioned digital asset issuance server, the digital asset issuance unit is: The aforementioned digital asset is assigned the aforementioned DID and stored in the aforementioned blockchain. A digital asset and certificate management system as described in any one of the appendices 1 to 3. Note 5 The aforementioned certificate issuing server, A wallet address generation unit generates a seed value for generating a private key based on authentication token information obtained from an external authentication provider, and obtains the wallet address generated using the seed value. Furthermore, Using the aforementioned wallet address, the DID is generated. A digital asset and certificate management system as described in any one of the appendices 1 to 4. Note 6 The aforementioned digital asset issuance server is: A disclosure data verification unit that verifies the electronically signed disclosure data on the user terminal, If the verification by the disclosure data verification unit is successful, the digital asset control unit transmits an instruction to the smart contract on the blockchain to transfer or consume the value of the digital asset, Furthermore, A digital asset and certificate management system as described in any one of the appendices 1 through 5. Appendix 7 The digital asset control unit, The digital assets on the blockchain are identified using the DID included in the disclosed data. Determine whether the DID included in the metadata of the identified digital asset matches the DID included in the disclosed data. If they match, it is determined that the digital assets belong to the person concerned. The digital asset and certificate management system described in Appendix 6. Note 8 The aforementioned disclosure data verification unit, Determine whether the attribute information included in the disclosed data satisfies predetermined conditions. If the conditions are met, the digital asset control unit is instructed to execute the preferential treatment. The digital asset and certificate management system described in Appendix 6 or 7. Note 9 The storage accessible only to the aforementioned user is: This is one of the following: an encrypted storage area within the user terminal, cloud storage managed by the user, a distributed storage system, or a secure element within the user terminal. The digital asset and certificate management system described in Appendix 3. Note 10 A user terminal that accesses the digital asset and certificate management system described in any one of the appendices 1 to 9, An attribute selection unit that selects attribute information to be disclosed from the aforementioned certificate information, A disclosure data generation unit that generates disclosure data containing only selected attribute information, Furthermore, The aforementioned disclosure data generation unit, The aforementioned disclosed data is electronically signed using the user's private key. The disclosure data is transmitted to the aforementioned digital asset issuance server. When the digital asset issuance server determines that the disclosed data is legitimate, the DID contained in the disclosed data is used to identify the digital asset on the blockchain. User terminal. Note 11 In the digital asset and certificate management methods implemented by the digital asset and certificate management system, When the certificate issuing server receives a user information issuance request from a user terminal, the user information storage unit issues certificate information based on the user information associated with the user and stores it in the off-chain area of the user terminal (certificate information generation step), The digital asset issuance step involves the digital asset issuance server issuing a digital asset in response to a request from the user terminal and storing it in the blockchain, Equipped with, The aforementioned certificate information and the aforementioned digital asset are associated with a DID (Decentralized Identifier) which is a combination of a wallet address generated based on an authentication process performed on the user terminal and a blockchain ID based on the blockchain. Digital asset and certificate management methods. [Explanation of Symbols]
[0119] 100...User terminal, 100a...Off-chain, 101...Operation unit, 102...Wallet generation instruction unit, 103...Digital asset issuance request unit, 104...Identity card issuance request unit, 105...Digital asset / identity card presentation unit, 200...Web server (certificate issuance server), 201...Address generation unit (wallet address generation unit), 202...Wallet generation unit, 203...Identity card issuance unit (certificate information generation unit), 300...Blockchain, 400...Corporate server (digital asset issuance server), 401...Digital asset issuance unit, 402...Disclosure data verification unit, 403...Digital asset control unit, 500...VDR (Verifiable Data Registry).
Claims
1. In a digital asset and certificate management system comprising a certificate issuance server and a digital asset issuance server, The aforementioned certificate issuing server, A certificate information generation unit, upon receiving a user information issuance request from a user terminal, issues certificate information based on the user information associated with the user of the user terminal stored in the user information storage unit, and stores it in the off-chain area of the user terminal. Equipped with, The aforementioned digital asset issuance server is: A digital asset issuance unit that issues digital assets in response to a request from the user terminal and records them on the blockchain, Equipped with, The aforementioned certificate information and the aforementioned digital asset are associated with a Decentralized Identifier (DID) which is a combination of a wallet address generated based on an authentication process performed on the user terminal and a blockchain ID based on the blockchain. Digital asset and certificate management system.
2. The aforementioned certificate issuing server, In response to a wallet generation request from the user terminal, a parent token is issued, a dependent wallet linked to the parent token is generated, and the wallet address of the dependent wallet is recorded in the metadata of the parent token. The digital asset and certificate management system according to claim 1.
3. The certificate information generation unit, The storage accessible only to the user terminal is designated as the off-chain area, and the certificate information to which the DID is assigned is stored there. The digital asset and certificate management system according to claim 1 or 2.
4. In the aforementioned digital asset issuance server, the digital asset issuance unit is: The DID is assigned to the aforementioned digital asset and stored in the blockchain. The digital asset and certificate management system according to claim 1 or 2.
5. The aforementioned certificate issuing server, A wallet address generation unit generates a seed value for generating a private key based on authentication token information obtained from an external authentication provider, and obtains the wallet address generated using the seed value. Furthermore, Using the aforementioned wallet address, the DID is generated. The digital asset and certificate management system according to claim 1 or 2.
6. The aforementioned digital asset issuance server is: A disclosure data verification unit that verifies the electronically signed disclosure data on the user terminal, If the verification by the disclosure data verification unit is successful, the digital asset control unit transmits an instruction to the smart contract on the blockchain to transfer or consume the value of the digital asset, Furthermore, The digital asset and certificate management system according to claim 1 or 2.
7. The digital asset control unit, The digital assets on the blockchain are identified using the DID included in the disclosed data. Determine whether the DID included in the metadata of the identified digital asset matches the DID included in the disclosed data. If they match, it is determined that the digital assets belong to the person concerned. The digital asset and certificate management system according to claim 6.
8. The aforementioned disclosure data verification unit, Determine whether the attribute information included in the disclosed data satisfies predetermined conditions. If the conditions are met, the digital asset control unit is instructed to execute the preferential treatment. The digital asset and certificate management system according to claim 6 or 7.
9. The storage accessible only to the aforementioned user is: This is one of the following: an encrypted storage area within the user terminal, cloud storage managed by the user, a distributed storage system, or a secure element within the user terminal. The digital asset and certificate management system according to claim 3.
10. A user terminal for accessing the digital asset and certificate management system described in claim 1 or 2, An attribute selection unit that selects attribute information to be disclosed from the aforementioned certificate information, A disclosure data generation unit that generates disclosure data containing only selected attribute information, Furthermore, The aforementioned disclosure data generation unit, The aforementioned disclosed data is electronically signed using the user's private key. The disclosure data is transmitted to the aforementioned digital asset issuance server. When the digital asset issuance server determines that the disclosed data is legitimate, the DID contained in the disclosed data is used to identify the digital asset on the blockchain. User terminal.
11. In the digital asset and certificate management methods implemented by the digital asset and certificate management system, When a certificate issuing server receives a user information issuance request from a user terminal, it issues certificate information based on the user information associated with the user of the user terminal stored in the user information storage unit, and stores it in the off-chain area of the user terminal (certificate information generation step). A digital asset issuance step in which a digital asset issuance server issues a digital asset in response to a request from the user terminal and stores it on the blockchain, Equipped with, The aforementioned certificate information and the aforementioned digital asset are associated with a Decentralized Identifier (DID) which is a combination of a wallet address generated based on an authentication process performed on the user terminal and a blockchain ID based on the blockchain. Methods for managing digital assets and certificates.