Please use this identifier to cite or link to this item: https://ah.lib.nccu.edu.tw/handle/140.119/137673
題名: 基於以太坊區塊鏈的授權同意管理平台
An Ethereum-based Consent Management Platform
作者: 徐胤桓
貢獻者: 陳恭<br>廖峻鋒
徐胤桓
關鍵詞: 以太坊
區塊鏈
FIDO
OAuth 2.0
OIDC
UMA
日期: 2021
上傳時間: 1-Nov-2021
摘要: 在目前全世界數位轉型的趨勢下,資料的價值水漲船高,對於資料的應用方式也成為創新的關鍵之一。全球各地的服務提供者也開始蒐集許多民眾的個資並加以利用,但目前民眾對於個人資料的授權往往處於被動、弱勢的地位,沒有辦法透過良好的工具管理已經授權的個資,也無法得知個資被存取的資訊。\n本論文將實作出一個基於以太坊區塊鏈的授權同意管理平台,將民眾授權個資的證明、個資存取日誌、驗證存取合法性等功能實作在智能合約上。透過區塊鏈透明、非中心化的特性,可以確保民眾所有的授權皆由自身控管,並且可以檢視所有他人存取其個人資料的紀錄。
Under the current trend of digital transformation in the world, the value of data is rising, and data usage has also become one of the keys to innovation. Service providers around the world have also begun to collect and use the personal information of many people. However, at present, the people’s authorization of personal information is often in a passive and weak position. There is no way to manage the authorized personal information through good tools, and it is also impossible to know the information that the personal information has been accessed.\nThis paper will implement a consent management platform based on the Ethereum blockchain, and implement the functions of the proof of authorization of personal information, personal information access logs, and verifying whether the access is legal and other functions on the smart contract. Through the transparent and decentralized characteristics of the blockchain, it can be ensured that all the people`s authorizations are under their own control, and the records of all other people`s access to their personal data can be viewed.
參考文獻: [1] J. I. a. M. J. Hanna, “User Data Privacy: Facebook, Cambridge Analytica, and Privacy Protection,” Computer, 2018.\n[2] 蕭乃沂、陳恭與郭昱瑩, “第五階段電子化政府服務精進:國際趨勢與民眾需求探勘,” 國家發展委員會, 民國106年.\n[3] A. Poikola, K. Kuikkaniemi, and H. Honko, “Mydata: a nordic model for human-centered personal data manage-ment and processing,” Finnish Ministry of Transport and Communications, 2015.\n[4] 蔡柏毅, “你的同意不是我的同意-淺介個資法上的『同意』,” 金融聯合徵信, pp. 74-83, 民國108年.\n[5] Maciej Machulak, Justin Richer, “User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization,” 2018. [線上]. Available: https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html.\n[6] OIDC, “OpenID Connect Core 1.0,” 2014. [線上]. Available: https://openid.net/specs/openid-connect-core-1_0-final.html.\n[7] FIDO Alliance, “Simpler, Stronger Authentication Saving The World`s Password Problem,” [線上]. Available: https://fidoalliance.org/.\n[8] Kantara Initiative, “Kantara Initiative,” [線上]. Available: https://kantarainitiative.org/.\n[9] Kantara Initiative, “Consent Receipt Specification,” [線上]. Available: https://kantarainitiative.org/download/7902/.\n[10] S. Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System,” 2008.\n[11] L. Lamport, R. Shostak and M. Pease, “The Byzantine Generals Problem,” ACM Transactions on Programming Languages and Systems, pp. 382-401, July 1982.\n[12] V. Buterin, “A Next-Generation Smart Contract and Decentralized Application Platform,” 2014.\n[13] Ethereum, “EIP(Ethereum Improvement Proposals),” [線上]. Available: https://eips.ethereum.org/.\n[14] Ethereum, “ERC(Ethereum Request for Comments),” [線上]. Available: https://eips.ethereum.org/erc.\n[15] FIDO Alliance, “What is FIDO,” [線上]. Available: https://fidoalliance.org/what-is-fido/.\n[16] M. Jones, J. Bradley, N. Sakimura, “JSON Web Token (JWT),” 2015. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc7519.\n[17] OAuth 2.0, “The OAuth 2.0 Authorization Framework,” 2012. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc6749.\n[18] M. Jones, Microsoft, D. Hardt, “The OAuth 2.0 Authorization Framework: Bearer Token Usage,” 2012. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc6750.\n[19] M. Jones, Microsoft, J. Bradley, Ping Identity, H. Tschofenig, “Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs),” 2016. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc7800.\n[20] T. Hardjono, “Federated Authorization over Access to Personal Data for Decentralized Identity Management,” IEEE Communications Standards Magazine, pp. 32-38, 2019.\n[21] N. B. Truong, K. Sun, G. M. Lee and Y. Guo, “GDPR-Compliant Personal Data Management: A Blockchain-Based Solution,” IEEE Transactions on Information Forensics and Security, pp. 1746-1761, 2020.\n[22] Nathaniel Aldred, Luke Baal, Graeham Broda, Steven Trumble, Qusay H. Mahmoud, “Design and Implementation of a Blockchain-based Consent Management System,” arxiv, 2019.\n[23] Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos, “OAuth 2.0 authorization using blockchain-based tokens,” arxiv, 2020.\n[24] M. Eisenstadt, M. Ramachandran, N. Chowdhury, A. Third and J. Domingue, “COVID-19 Antibody Test/Vaccination Certification: There`s an App for That,” IEEE Open Journal of Engineering in Medicine and Biology, pp. 148-155, 2020.\n[25] Tharuka Rupasinghe, Frada Burstein, Carsten Rudolph, “Blockchain based Dynamic Patient Consent: A Privacy-Preserving Data Acquisition Architecture for Clinical Data Analytics,” ICIS 2019 DLT, BLOCKCHAIN AND FINTECH, 2019.\n[26] Apple Inc., “App Attest,” [線上]. Available: https://developer.apple.com/documentation/devicecheck/preparing_to_use_the_app_attest_service.\n[27] Apple Inc., “Keychain Services,” [線上]. Available: https://developer.apple.com/documentation/security/keychain_services.\n[28] W. C. Group, “Data Privacy Vocabulary (DPV),” [線上]. Available: https://dpvcg.github.io/dpv/#vocab-personal-data-categories.
描述: 碩士
國立政治大學
資訊科學系
108753110
資料來源: http://thesis.lib.nccu.edu.tw/record/#G0108753110
資料類型: thesis
Appears in Collections:學位論文

Files in This Item:
File Description SizeFormat
311001.pdf3.9 MBAdobe PDF2View/Open
Show full item record

Google ScholarTM

Check

Altmetric

Altmetric


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.