Please use this identifier to cite or link to this item: https://ah.nccu.edu.tw/handle/140.119/137327


Title: 基於UMA與區塊鏈的分散式個人資料分享平台:以健康存摺為例
Decentralized personal data sharing platform based on User-Managed Access and blockchain: My Health Bank as an example
Authors: 徐嘉陽
Hsu, Chia-Yang
Contributors: 陳恭
Chen, Kung
徐嘉陽
Hsu, Chia-Yang
Keywords: 分散式共享平台
區塊鏈
智能合約
Decentralized sharing platform
Blockchain
Smart contract
Date: 2021
Issue Date: 2021-10-01 10:14:21 (UTC+8)
Abstract: 近年來使用者個資遭濫用情形日益嚴重。許多開發商或組織在未經使用者允許的情況下對其個資進行不當使用,損害使用者權益。2016年歐盟所公布一般資料保護規範(GDPR),目的即在於使個資本人取回資料控制權,創設如資料可攜權(Right to data portability)、被遺忘權(Right to be forgotten)等個資自主權。為平衡資料自由流通與個資自主權,並減少不當蒐集與個資濫用問題,Tim Berners-Lee提出Solid Project分散式網路概念,分開應用程式和資料,允許使用者能夠選擇資料儲存位置,加強使用者個資自主權。
本研究受Solid Project的啟發,以健康存摺為資料分享範例,整合以下架構與標準,建構基於UMA與區塊鏈的分散式個人資料分享平台。基於UMA使用者自主管理存取流程,賦予分享者擁有自主管理資源與定義授權方式的權利,利用區塊鏈不可否認性,使得分享者授權具有可驗證特性,保障分享者與數據請求者權益;在數據驗證方面,將使用者分享的健康存摺數據產生之數據驗證收執聯,用以驗證使用者分享的數據,確保第三方數據請求者取得數據之正確性;而Solid數據保存架構,讓使用者可以自由選擇數據存放位置,建構出一個兼具穩固性(robustness)、資料自主性並保有隱私的數據共享平台,促進資料交易流通並鼓勵資料服務創新。
The misuse of users' personal data has become increasingly serious in recent years. In 2016, the European Union announced the General Data Protection Regulation (GDPR), which aims to enable individuals to take back control of their personal data, creating rights such as the right to data portability, the right to be forgotten, and other personal data autonomy. To balance data interchange and personal data autonomy, and to reduce inappropriate collection and misuse of personal data, Tim Berners-Lee proposed the Solid Project decentralized network concept, which separates applications and data, allowing users to choose where to store their data and enhancing their personal data autonomy.
Inspired by Solid Project, this study uses My Health Bank as a data sharing example and integrates the following architecture and standards to construct a decentralized personal data sharing platform based on UMA and blockchain. Based on the UMA, it gives users the right to manage the resources and define the authorization policy independently, and by the non-repudiation of blockchain to make the authorization of sharers verifiable to protect the rights of resource owner and requesters. The Solid architecture allows users to freely choose the location of data storage. This study constructs a data sharing platform with robust, data autonomy, and privacy to facilitate data transactions and encourage innovation of data service.
Reference: [1] Ikhlaq ur Rehman. (2019). Facebook-Cambridge Analytica data harvesting: What you need to know
[2] Solid Project https://solidproject.org/
[3] 健康存摺 https://myhealthbank.nhi.gov.tw/IHKE0002/IHKE0002S07.aspx
[4] GDPR https://gdpr.eu/what-is-gdpr/
[5] Satoshi Nakamoto. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System.
[6] User-Managed Access(UMA) 2.0 https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-federated-authz-2.0.html
[7] Gavin Wood. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper, 151, 2014.
[8] Vitalik Buterin. Ethereum: A next-generation smart contract and decentralized application platform. https://github.com/ethereum/wiki/ wiki/White-Paper, 2014. Accessed: 2016-08-22.
[9] OAuth 2.0 https://oauth.net/2/
[10] 陳恭博士,(2017)。區塊鏈革命 – 迎向產業新契機。
Description: 碩士
國立政治大學
資訊科學系碩士在職專班
107971005
Source URI: http://thesis.lib.nccu.edu.tw/record/#G0107971005
Data Type: thesis
Appears in Collections:[資訊科學系碩士在職專班] 學位論文

Files in This Item:

File Description SizeFormat
100501.pdf9228KbAdobe PDF0View/Open


All items in 學術集成 are protected by copyright, with all rights reserved.


社群 sharing