English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文筆數/總筆數 : 111321/142230 (78%)
造訪人次 : 48409456      線上人數 : 537
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    政大機構典藏 > 資訊學院 > 資訊科學系 > 學位論文 >  Item 140.119/137673
    請使用永久網址來引用或連結此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/137673


    題名: 基於以太坊區塊鏈的授權同意管理平台
    An Ethereum-based Consent Management Platform
    作者: 徐胤桓
    貢獻者: 陳恭
    廖峻鋒

    徐胤桓
    關鍵詞: 以太坊
    區塊鏈
    FIDO
    OAuth 2.0
    OIDC
    UMA
    日期: 2021
    上傳時間: 2021-11-01 11:59:35 (UTC+8)
    摘要: 在目前全世界數位轉型的趨勢下,資料的價值水漲船高,對於資料的應用方式也成為創新的關鍵之一。全球各地的服務提供者也開始蒐集許多民眾的個資並加以利用,但目前民眾對於個人資料的授權往往處於被動、弱勢的地位,沒有辦法透過良好的工具管理已經授權的個資,也無法得知個資被存取的資訊。
    本論文將實作出一個基於以太坊區塊鏈的授權同意管理平台,將民眾授權個資的證明、個資存取日誌、驗證存取合法性等功能實作在智能合約上。透過區塊鏈透明、非中心化的特性,可以確保民眾所有的授權皆由自身控管,並且可以檢視所有他人存取其個人資料的紀錄。
    Under the current trend of digital transformation in the world, the value of data is rising, and data usage has also become one of the keys to innovation. Service providers around the world have also begun to collect and use the personal information of many people. However, at present, the people’s authorization of personal information is often in a passive and weak position. There is no way to manage the authorized personal information through good tools, and it is also impossible to know the information that the personal information has been accessed.
    This paper will implement a consent management platform based on the Ethereum blockchain, and implement the functions of the proof of authorization of personal information, personal information access logs, and verifying whether the access is legal and other functions on the smart contract. Through the transparent and decentralized characteristics of the blockchain, it can be ensured that all the people`s authorizations are under their own control, and the records of all other people`s access to their personal data can be viewed.
    參考文獻: [1] J. I. a. M. J. Hanna, “User Data Privacy: Facebook, Cambridge Analytica, and Privacy Protection,” Computer, 2018.
    [2] 蕭乃沂、陳恭與郭昱瑩, “第五階段電子化政府服務精進:國際趨勢與民眾需求探勘,” 國家發展委員會, 民國106年.
    [3] A. Poikola, K. Kuikkaniemi, and H. Honko, “Mydata: a nordic model for human-centered personal data manage-ment and processing,” Finnish Ministry of Transport and Communications, 2015.
    [4] 蔡柏毅, “你的同意不是我的同意-淺介個資法上的『同意』,” 金融聯合徵信, pp. 74-83, 民國108年.
    [5] Maciej Machulak, Justin Richer, “User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization,” 2018. [線上]. Available: https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html.
    [6] OIDC, “OpenID Connect Core 1.0,” 2014. [線上]. Available: https://openid.net/specs/openid-connect-core-1_0-final.html.
    [7] FIDO Alliance, “Simpler, Stronger Authentication Saving The World`s Password Problem,” [線上]. Available: https://fidoalliance.org/.
    [8] Kantara Initiative, “Kantara Initiative,” [線上]. Available: https://kantarainitiative.org/.
    [9] Kantara Initiative, “Consent Receipt Specification,” [線上]. Available: https://kantarainitiative.org/download/7902/.
    [10] S. Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System,” 2008.
    [11] L. Lamport, R. Shostak and M. Pease, “The Byzantine Generals Problem,” ACM Transactions on Programming Languages and Systems, pp. 382-401, July 1982.
    [12] V. Buterin, “A Next-Generation Smart Contract and Decentralized Application Platform,” 2014.
    [13] Ethereum, “EIP(Ethereum Improvement Proposals),” [線上]. Available: https://eips.ethereum.org/.
    [14] Ethereum, “ERC(Ethereum Request for Comments),” [線上]. Available: https://eips.ethereum.org/erc.
    [15] FIDO Alliance, “What is FIDO,” [線上]. Available: https://fidoalliance.org/what-is-fido/.
    [16] M. Jones, J. Bradley, N. Sakimura, “JSON Web Token (JWT),” 2015. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc7519.
    [17] OAuth 2.0, “The OAuth 2.0 Authorization Framework,” 2012. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc6749.
    [18] M. Jones, Microsoft, D. Hardt, “The OAuth 2.0 Authorization Framework: Bearer Token Usage,” 2012. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc6750.
    [19] M. Jones, Microsoft, J. Bradley, Ping Identity, H. Tschofenig, “Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs),” 2016. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc7800.
    [20] T. Hardjono, “Federated Authorization over Access to Personal Data for Decentralized Identity Management,” IEEE Communications Standards Magazine, pp. 32-38, 2019.
    [21] N. B. Truong, K. Sun, G. M. Lee and Y. Guo, “GDPR-Compliant Personal Data Management: A Blockchain-Based Solution,” IEEE Transactions on Information Forensics and Security, pp. 1746-1761, 2020.
    [22] Nathaniel Aldred, Luke Baal, Graeham Broda, Steven Trumble, Qusay H. Mahmoud, “Design and Implementation of a Blockchain-based Consent Management System,” arxiv, 2019.
    [23] Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos, “OAuth 2.0 authorization using blockchain-based tokens,” arxiv, 2020.
    [24] M. Eisenstadt, M. Ramachandran, N. Chowdhury, A. Third and J. Domingue, “COVID-19 Antibody Test/Vaccination Certification: There`s an App for That,” IEEE Open Journal of Engineering in Medicine and Biology, pp. 148-155, 2020.
    [25] Tharuka Rupasinghe, Frada Burstein, Carsten Rudolph, “Blockchain based Dynamic Patient Consent: A Privacy-Preserving Data Acquisition Architecture for Clinical Data Analytics,” ICIS 2019 DLT, BLOCKCHAIN AND FINTECH, 2019.
    [26] Apple Inc., “App Attest,” [線上]. Available: https://developer.apple.com/documentation/devicecheck/preparing_to_use_the_app_attest_service.
    [27] Apple Inc., “Keychain Services,” [線上]. Available: https://developer.apple.com/documentation/security/keychain_services.
    [28] W. C. Group, “Data Privacy Vocabulary (DPV),” [線上]. Available: https://dpvcg.github.io/dpv/#vocab-personal-data-categories.
    描述: 碩士
    國立政治大學
    資訊科學系
    108753110
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G0108753110
    資料類型: thesis
    DOI: 10.6814/NCCU202101655
    顯示於類別:[資訊科學系] 學位論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    311001.pdf3899KbAdobe PDF20檢視/開啟


    在政大典藏中所有的資料項目都受到原著作權保護.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋