基於以太坊區塊鏈的授權同意管理平台

徐胤桓

Please use this identifier to cite or link to this item: https://ah.lib.nccu.edu.tw/handle/140.119/137673

DC Field	Value	Language
dc.contributor.advisor	陳恭<br>廖峻鋒	zh_TW
dc.contributor.author	徐胤桓	zh_TW
dc.creator	徐胤桓	zh_TW
dc.date	2021	en_US
dc.date.accessioned	2021-11-01T03:59:35Z	-
dc.date.available	2021-11-01T03:59:35Z	-
dc.date.issued	2021-11-01T03:59:35Z	-
dc.identifier	G0108753110	en_US
dc.identifier.uri	http://nccur.lib.nccu.edu.tw/handle/140.119/137673	-
dc.description	碩士	zh_TW
dc.description	國立政治大學	zh_TW
dc.description	資訊科學系	zh_TW
dc.description	108753110	zh_TW
dc.description.abstract	在目前全世界數位轉型的趨勢下，資料的價值水漲船高，對於資料的應用方式也成為創新的關鍵之一。全球各地的服務提供者也開始蒐集許多民眾的個資並加以利用，但目前民眾對於個人資料的授權往往處於被動、弱勢的地位，沒有辦法透過良好的工具管理已經授權的個資，也無法得知個資被存取的資訊。\n本論文將實作出一個基於以太坊區塊鏈的授權同意管理平台，將民眾授權個資的證明、個資存取日誌、驗證存取合法性等功能實作在智能合約上。透過區塊鏈透明、非中心化的特性，可以確保民眾所有的授權皆由自身控管，並且可以檢視所有他人存取其個人資料的紀錄。	zh_TW
dc.description.abstract	Under the current trend of digital transformation in the world, the value of data is rising, and data usage has also become one of the keys to innovation. Service providers around the world have also begun to collect and use the personal information of many people. However, at present, the people’s authorization of personal information is often in a passive and weak position. There is no way to manage the authorized personal information through good tools, and it is also impossible to know the information that the personal information has been accessed.\nThis paper will implement a consent management platform based on the Ethereum blockchain, and implement the functions of the proof of authorization of personal information, personal information access logs, and verifying whether the access is legal and other functions on the smart contract. Through the transparent and decentralized characteristics of the blockchain, it can be ensured that all the people`s authorizations are under their own control, and the records of all other people`s access to their personal data can be viewed.	en_US
dc.description.tableofcontents	第1章緒論 1\n1.1 研究背景與動機 1\n1.2 研究問題與目的 2\n1.3 研究貢獻 4\n第2章技術背景與相關研究 6\n2.1 背景技術 6\n2.1.1 區塊鏈 6\n2.1.1.1 以太坊 8\n2.1.1.2 DApp（Decentralize App） 11\n2.1.2 FIDO 13\n2.1.3 JWT 16\n2.1.4 OAuth 2.0 17\n2.1.4.1 OpenID Connect 21\n2.1.4.2 Proof-Of-Possession 22\n2.1.4.3 UMA 2.0 24\n2.2 相關研究 25\n第3章系統設計 27\n3.1 本平台使用的名詞解釋 27\n3.2 系統架構 28\n3.3 系統主流程 38\n第4章系統實作 43\n4.1 END-USER於CMP APP註冊流程 43\n4.1.1 End-User 註冊頁面 44\n4.1.2 End-User註冊API與email驗證頁面 45\n4.1.3 End-User Attestation 46\n4.1.4 CMP Server驗證Attestation 49\n4.1.5 CMP App以太坊私鑰產生、儲存及存取 51\n4.2 END-USER於CMP APP登入流程 52\n4.2.1 End-User 登入頁面 53\n4.2.2 CMP Server產生FIDO Challenge 54\n4.2.3 CMP App產生FIDO Assertion並進行以太坊簽章 54\n4.2.4 FIDO Smart Contract驗證FIDO Assertion 55\n4.3 END-USER獲得SP的知情同意書 56\n4.3.1 SP新增知情同意書與欲存取之資料種類暨RS 57\n4.3.2 End-User掃描QR Code及瀏覽同意書頁面 59\n4.3.3 End-User檢視待同意清單及知情同意書頁面 60\n4.3.4 End-User選擇授權之資料集頁面 62\n4.4 END-USER同意授權之流程 63\n4.5 SP提取ACCESS TOKEN之流程 64\n4.6 SP存取END-USER個資之流程 67\n4.7 END-USER查詢／修改／終止授權內容頁面 68\n第5章研究討論 72\n第6章結論與未來研究 74\n參考文獻 75	zh_TW
dc.format.extent	3992815 bytes	-
dc.format.mimetype	application/pdf	-
dc.source.uri	http://thesis.lib.nccu.edu.tw/record/#G0108753110	en_US
dc.subject	以太坊	zh_TW
dc.subject	區塊鏈	zh_TW
dc.subject	FIDO	en_US
dc.subject	OAuth 2.0	en_US
dc.subject	OIDC	en_US
dc.subject	UMA	en_US
dc.title	基於以太坊區塊鏈的授權同意管理平台	zh_TW
dc.title	An Ethereum-based Consent Management Platform	en_US
dc.type	thesis	en_US
dc.relation.reference	[1] J. I. a. M. J. Hanna, “User Data Privacy: Facebook, Cambridge Analytica, and Privacy Protection,” Computer, 2018.\n[2] 蕭乃沂、陳恭與郭昱瑩, “第五階段電子化政府服務精進：國際趨勢與民眾需求探勘,” 國家發展委員會, 民國106年.\n[3] A. Poikola, K. Kuikkaniemi, and H. Honko, “Mydata: a nordic model for human-centered personal data manage-ment and processing,” Finnish Ministry of Transport and Communications, 2015.\n[4] 蔡柏毅, “你的同意不是我的同意－淺介個資法上的『同意』,” 金融聯合徵信, pp. 74-83, 民國108年.\n[5] Maciej Machulak, Justin Richer, “User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization,” 2018. [線上]. Available: https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html.\n[6] OIDC, “OpenID Connect Core 1.0,” 2014. [線上]. Available: https://openid.net/specs/openid-connect-core-1_0-final.html.\n[7] FIDO Alliance, “Simpler, Stronger Authentication Saving The World`s Password Problem,” [線上]. Available: https://fidoalliance.org/.\n[8] Kantara Initiative, “Kantara Initiative,” [線上]. Available: https://kantarainitiative.org/.\n[9] Kantara Initiative, “Consent Receipt Specification,” [線上]. Available: https://kantarainitiative.org/download/7902/.\n[10] S. Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System,” 2008.\n[11] L. Lamport, R. Shostak and M. Pease, “The Byzantine Generals Problem,” ACM Transactions on Programming Languages and Systems, pp. 382-401, July 1982.\n[12] V. Buterin, “A Next-Generation Smart Contract and Decentralized Application Platform,” 2014.\n[13] Ethereum, “EIP（Ethereum Improvement Proposals）,” [線上]. Available: https://eips.ethereum.org/.\n[14] Ethereum, “ERC（Ethereum Request for Comments）,” [線上]. Available: https://eips.ethereum.org/erc.\n[15] FIDO Alliance, “What is FIDO,” [線上]. Available: https://fidoalliance.org/what-is-fido/.\n[16] M. Jones, J. Bradley, N. Sakimura, “JSON Web Token (JWT),” 2015. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc7519.\n[17] OAuth 2.0, “The OAuth 2.0 Authorization Framework,” 2012. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc6749.\n[18] M. Jones, Microsoft, D. Hardt, “The OAuth 2.0 Authorization Framework: Bearer Token Usage,” 2012. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc6750.\n[19] M. Jones, Microsoft, J. Bradley, Ping Identity, H. Tschofenig, “Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs),” 2016. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc7800.\n[20] T. Hardjono, “Federated Authorization over Access to Personal Data for Decentralized Identity Management,” IEEE Communications Standards Magazine, pp. 32-38, 2019.\n[21] N. B. Truong, K. Sun, G. M. Lee and Y. Guo, “GDPR-Compliant Personal Data Management: A Blockchain-Based Solution,” IEEE Transactions on Information Forensics and Security, pp. 1746-1761, 2020.\n[22] Nathaniel Aldred, Luke Baal, Graeham Broda, Steven Trumble, Qusay H. Mahmoud, “Design and Implementation of a Blockchain-based Consent Management System,” arxiv, 2019.\n[23] Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos, “OAuth 2.0 authorization using blockchain-based tokens,” arxiv, 2020.\n[24] M. Eisenstadt, M. Ramachandran, N. Chowdhury, A. Third and J. Domingue, “COVID-19 Antibody Test/Vaccination Certification: There`s an App for That,” IEEE Open Journal of Engineering in Medicine and Biology, pp. 148-155, 2020.\n[25] Tharuka Rupasinghe, Frada Burstein, Carsten Rudolph, “Blockchain based Dynamic Patient Consent: A Privacy-Preserving Data Acquisition Architecture for Clinical Data Analytics,” ICIS 2019 DLT, BLOCKCHAIN AND FINTECH, 2019.\n[26] Apple Inc., “App Attest,” [線上]. Available: https://developer.apple.com/documentation/devicecheck/preparing_to_use_the_app_attest_service.\n[27] Apple Inc., “Keychain Services,” [線上]. Available: https://developer.apple.com/documentation/security/keychain_services.\n[28] W. C. Group, “Data Privacy Vocabulary (DPV),” [線上]. Available: https://dpvcg.github.io/dpv/#vocab-personal-data-categories.	zh_TW
dc.identifier.doi	10.6814/NCCU202101655	en_US
item.fulltext	With Fulltext	-
item.openairetype	thesis	-
item.cerifentitytype	Publications	-
item.openairecristype	http://purl.org/coar/resource_type/c_46ec	-
item.grantfulltext	embargo_20261020	-
Appears in Collections:	學位論文

Files in This Item:

File	Description	Size	Format
311001.pdf		3.9 MB	Adobe PDF2	View/Open

Show simple item record

Google Scholar^TM

Check

Files in This Item:

Google Scholar^TM

Altmetric

Altmetric

Files in This Item:

Google ScholarTM

Altmetric

Altmetric

Google Scholar^TM