English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 111300/142217 (78%)
Visitors : 48189743      Online Users : 716
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大機構典藏 > 資訊學院 > 資訊科學系 > 學位論文 >  Item 140.119/137673
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/137673


    Title: 基於以太坊區塊鏈的授權同意管理平台
    An Ethereum-based Consent Management Platform
    Authors: 徐胤桓
    Contributors: 陳恭
    廖峻鋒

    徐胤桓
    Keywords: 以太坊
    區塊鏈
    FIDO
    OAuth 2.0
    OIDC
    UMA
    Date: 2021
    Issue Date: 2021-11-01 11:59:35 (UTC+8)
    Abstract: 在目前全世界數位轉型的趨勢下,資料的價值水漲船高,對於資料的應用方式也成為創新的關鍵之一。全球各地的服務提供者也開始蒐集許多民眾的個資並加以利用,但目前民眾對於個人資料的授權往往處於被動、弱勢的地位,沒有辦法透過良好的工具管理已經授權的個資,也無法得知個資被存取的資訊。
    本論文將實作出一個基於以太坊區塊鏈的授權同意管理平台,將民眾授權個資的證明、個資存取日誌、驗證存取合法性等功能實作在智能合約上。透過區塊鏈透明、非中心化的特性,可以確保民眾所有的授權皆由自身控管,並且可以檢視所有他人存取其個人資料的紀錄。
    Under the current trend of digital transformation in the world, the value of data is rising, and data usage has also become one of the keys to innovation. Service providers around the world have also begun to collect and use the personal information of many people. However, at present, the people’s authorization of personal information is often in a passive and weak position. There is no way to manage the authorized personal information through good tools, and it is also impossible to know the information that the personal information has been accessed.
    This paper will implement a consent management platform based on the Ethereum blockchain, and implement the functions of the proof of authorization of personal information, personal information access logs, and verifying whether the access is legal and other functions on the smart contract. Through the transparent and decentralized characteristics of the blockchain, it can be ensured that all the people`s authorizations are under their own control, and the records of all other people`s access to their personal data can be viewed.
    Reference: [1] J. I. a. M. J. Hanna, “User Data Privacy: Facebook, Cambridge Analytica, and Privacy Protection,” Computer, 2018.
    [2] 蕭乃沂、陳恭與郭昱瑩, “第五階段電子化政府服務精進:國際趨勢與民眾需求探勘,” 國家發展委員會, 民國106年.
    [3] A. Poikola, K. Kuikkaniemi, and H. Honko, “Mydata: a nordic model for human-centered personal data manage-ment and processing,” Finnish Ministry of Transport and Communications, 2015.
    [4] 蔡柏毅, “你的同意不是我的同意-淺介個資法上的『同意』,” 金融聯合徵信, pp. 74-83, 民國108年.
    [5] Maciej Machulak, Justin Richer, “User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization,” 2018. [線上]. Available: https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html.
    [6] OIDC, “OpenID Connect Core 1.0,” 2014. [線上]. Available: https://openid.net/specs/openid-connect-core-1_0-final.html.
    [7] FIDO Alliance, “Simpler, Stronger Authentication Saving The World`s Password Problem,” [線上]. Available: https://fidoalliance.org/.
    [8] Kantara Initiative, “Kantara Initiative,” [線上]. Available: https://kantarainitiative.org/.
    [9] Kantara Initiative, “Consent Receipt Specification,” [線上]. Available: https://kantarainitiative.org/download/7902/.
    [10] S. Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System,” 2008.
    [11] L. Lamport, R. Shostak and M. Pease, “The Byzantine Generals Problem,” ACM Transactions on Programming Languages and Systems, pp. 382-401, July 1982.
    [12] V. Buterin, “A Next-Generation Smart Contract and Decentralized Application Platform,” 2014.
    [13] Ethereum, “EIP(Ethereum Improvement Proposals),” [線上]. Available: https://eips.ethereum.org/.
    [14] Ethereum, “ERC(Ethereum Request for Comments),” [線上]. Available: https://eips.ethereum.org/erc.
    [15] FIDO Alliance, “What is FIDO,” [線上]. Available: https://fidoalliance.org/what-is-fido/.
    [16] M. Jones, J. Bradley, N. Sakimura, “JSON Web Token (JWT),” 2015. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc7519.
    [17] OAuth 2.0, “The OAuth 2.0 Authorization Framework,” 2012. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc6749.
    [18] M. Jones, Microsoft, D. Hardt, “The OAuth 2.0 Authorization Framework: Bearer Token Usage,” 2012. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc6750.
    [19] M. Jones, Microsoft, J. Bradley, Ping Identity, H. Tschofenig, “Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs),” 2016. [線上]. Available: https://datatracker.ietf.org/doc/html/rfc7800.
    [20] T. Hardjono, “Federated Authorization over Access to Personal Data for Decentralized Identity Management,” IEEE Communications Standards Magazine, pp. 32-38, 2019.
    [21] N. B. Truong, K. Sun, G. M. Lee and Y. Guo, “GDPR-Compliant Personal Data Management: A Blockchain-Based Solution,” IEEE Transactions on Information Forensics and Security, pp. 1746-1761, 2020.
    [22] Nathaniel Aldred, Luke Baal, Graeham Broda, Steven Trumble, Qusay H. Mahmoud, “Design and Implementation of a Blockchain-based Consent Management System,” arxiv, 2019.
    [23] Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos, “OAuth 2.0 authorization using blockchain-based tokens,” arxiv, 2020.
    [24] M. Eisenstadt, M. Ramachandran, N. Chowdhury, A. Third and J. Domingue, “COVID-19 Antibody Test/Vaccination Certification: There`s an App for That,” IEEE Open Journal of Engineering in Medicine and Biology, pp. 148-155, 2020.
    [25] Tharuka Rupasinghe, Frada Burstein, Carsten Rudolph, “Blockchain based Dynamic Patient Consent: A Privacy-Preserving Data Acquisition Architecture for Clinical Data Analytics,” ICIS 2019 DLT, BLOCKCHAIN AND FINTECH, 2019.
    [26] Apple Inc., “App Attest,” [線上]. Available: https://developer.apple.com/documentation/devicecheck/preparing_to_use_the_app_attest_service.
    [27] Apple Inc., “Keychain Services,” [線上]. Available: https://developer.apple.com/documentation/security/keychain_services.
    [28] W. C. Group, “Data Privacy Vocabulary (DPV),” [線上]. Available: https://dpvcg.github.io/dpv/#vocab-personal-data-categories.
    Description: 碩士
    國立政治大學
    資訊科學系
    108753110
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0108753110
    Data Type: thesis
    DOI: 10.6814/NCCU202101655
    Appears in Collections:[資訊科學系] 學位論文

    Files in This Item:

    File Description SizeFormat
    311001.pdf3899KbAdobe PDF20View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback