TWI737139B - Personal data protection application system and personal data protection application method - Google Patents

Abstract

The invention provides a personal data protection application system and a personal data protection application method. Through the present invention, the user can create virtual identity data in the main access device through the data provider device, and coordinate the third endorser device to digitally sign the obfuscated data that does not contain privacy in the virtual identity data, and use This interacts with the data requester device. The user of the data requesting device can obtain the obfuscated data confirmed by the third endorsing device through the digital signature, and then obtain the required information. And the obfuscated information does not contain privacy, so as to protect personal privacy information. In addition, the master access device receives the encrypted virtual identity data that contains private personal sensitive data, disassembles it and stores it in a distributed manner, and distributes the comparison table that can be used to restore the data. In this way, the master access The personal privacy information that the administrator of the device cannot obtain, thereby avoiding malicious disclosure by the administrator.

Description

Personal data protection application system and personal data protection application method

The present invention is a data protection application system and data protection application method, especially a personal data protection application system and personal data protection application method.

With the popularization of the Internet and network information devices, the types of services that can be provided through the Internet are becoming more and more diversified. Information service. For example, users can use the Internet, make online shopping, make reservations or rent vehicles/houses, order meals, make friends online, search for jobs online, and so on.

Obtaining and using a variety of services through the Internet is convenient and efficient, but before using various services, online service units often require users to provide relevant personal data and upload relevant documents to confirm their identity or qualifications. Or in accordance with the requirements of laws and regulations and other third-party organizations to collect and aggregate certification documents containing personal information or private information, but the online service organization itself is not the user of this personal sensitive information.

In the process of transmission, storage, and utilization of personal sensitive information, it is easy to expose the relevant privacy information of users to the risk of illegal interception, copying, destruction, tampering and even embezzlement. Especially in recent years, there have been frequent incidents of capital outflow. Although various online service units claim to take good care of the user’s personal and smart information, there is no way to avoid a large amount of data leakage caused by hackers stealing data or management negligence or deliberate stealing. Secondly, the data demander's device will be a huge burden of personnel and financial resources for the preservation of personal data.

In order to solve the problem of privacy or personal information leakage, conventional technologies have proposed many solutions, such as: encrypting personal information and storing it in a centralized database to reduce data loss due to hacker intrusion or system administrators. This leads to the problem of a large number of data outflows. In this way, because the private data has been encrypted and protected, even if the encrypted data is leaked, it cannot be decrypted, which will not lead to the outflow of personal sensitive data. However, the centralized management of data cannot reduce the willingness of hackers to invade the system to steal system decryption keys or encrypted data, nor can it prevent system administrators from maliciously decrypting the data and then leaking the data.

In order to reduce the willingness of hackers to attack the centralized database, there are also methods for encrypting and storing private data on the end user devices of the system. For example, the technology disclosed in Invention Case No. TW I650665, encrypts the data and stores it. On a decentralized management database, such as a blockchain. However, many users still cannot trust to place their private data on other people's devices, or place them in a decentralized database that is public and cannot be deleted, such as a blockchain network.

In order to solve the problem of personal data authorization management and even the free removal of data, there are also methods that combine the decentralized database to control the authorized access of private data, and use the centralized database to encrypt and store the user’s private data. For example, the invention case No. TW I674513. Although this method can be used to strengthen the authority management of private data access by the blockchain technology, and use the characteristics of public and private keys to encrypt and decrypt private data, so as to reduce the risk of personal sensitive data stored in a centralized database. However, the administrator of the information system can still read the original unencrypted data. Therefore, it is difficult to avoid the risk of the leakage of original personal smart data due to the negligence or malicious behavior of the system administrator, and it is also difficult to reduce the risk of hackers invading the system and stealing centralization. The willingness of the database.

Furthermore, the above-mentioned conventional methods of protecting personal data focus on the authorization control, encryption, and data storage methods of personal sensitive data, but they are less focused on the convenience of data exchange, sharing, and submission. In a real application scenario, how to efficiently exchange information and maintain the correctness, real-time and effectiveness of the exchanged information is also a topic of concern to the data demander, especially after the data is encrypted and protected, how to ensure the transmission of encryption and decryption keys , Even after protecting personal data, how to verify the correctness of the decrypted data is an extremely important issue.

Therefore, in the conventional method, a data authorization and data verification method between the user, the data provider, and the data requester is also disclosed, such as the invention case No. TW I650723. However, due to the design of this method, the data provider is also the manager and maintainer of the information system, and it still fails to reduce the risk of a large number of data outflows caused by the negligence or maliciousness of the system management personnel.

Therefore, the conventional technology still has room for improvement in the protection of personal privacy and the authorization and life cycle management of personal sensitive information.

In view of the lack of personal privacy protection and authorization management of personal sensitive information in the aforementioned conventional technologies, how to provide a system that can increase the efficiency of personal sensitive information sharing and verification, while reducing the risk of data leakage and reducing data demand It is extremely important that the Fang device handles the custody risk and processing cost of personal sensitive data, and allows users to manage and know the use of personal data on a single system.

To this end, the present invention provides a personal data protection application system and a personal data protection application method. The personal data protection application system includes a main access device, a data requester device, a data provider device and a third endorser device.

The main access device has a host public key and a host private key corresponding to each other.

The data demander device has a demander public key and a demander private key corresponding to each other, is connected to the main access device, and transmits the demander public key to the main access device.

The data provider device is connected to the main access device, and stores a virtual identity data. The virtual identity data includes a personal sensitive data and an obfuscated data.

The third endorser device has an endorser public key and an endorser private key corresponding to each other, connects the main access device and the data provider device, and receives the requester public key and the data provider device sent by the main access device The virtual identity data sent by the data provider device, and the third endorser device determines whether a data legal command is generated.

When the third endorser device generates the data legal command, the third endorser device generates a digital signature according to the endorser's private key and the virtual identity data, and then adds the digital signature and the virtual identity data to the The obfuscated data is sent to the main access device, and the third endorser device encrypts the personal sensitive data in the virtual identity data with the requester public key of the data requester device to generate a primary encrypted data, and The primary encrypted data is sent to the main access device.

The master access device disassembles the primary encrypted data into plural data blocks, stores the data blocks in the plural database of the master access device, and generates a first data block and database location A comparison table and a comparison table between the second data block and the location of the database. The first data block and database location comparison table and the second data block and database location comparison table jointly record the database locations stored in the data blocks, and the first data block is compared with the database location The content recorded in the table and the second data block and the database location comparison table are different.

The master access device encrypts the first data block and database location comparison table with the host public key and stores it, and the master access device uses the second data block and database location comparison table as the requester The public key is encrypted and transmitted to the data requesting device for storage, and the digital signature and the obfuscated data in the virtual identity data are transmitted to the data requesting device.

The personal data protection application method is executed by the main access device and includes the following steps: Receiving a demander public key sent by a data demander device; Receive a digital signature and an obfuscated data in a virtual identity data sent by a third endorsing party device; wherein the digital signature is generated by the third endorsing party device based on an endorsing party's private key and the virtual identity data Where the virtual identity information is provided by a data provider's device, and contains a personal sensitive information and the obfuscated information; Receive a primary encrypted data sent by the third endorsing device; wherein the primary encrypted data is generated by the third-party endorsing device by encrypting the personal sensitive data in the virtual identity data with the public key of the requesting party of the data requesting device of; Disassemble the primary encrypted data into plural data blocks, store the data blocks in the plural database, and generate a first data block and database location comparison table and a second data block and database location Comparison table; wherein the first data block and database location comparison table and the second data block and database location comparison table jointly record the database locations stored in the data blocks, and the first data block and The database location comparison table and the content recorded in the second data block and the database location comparison table are not the same; Encrypt the first data block and database location comparison table with a host public key of the host access device and store it; Encrypting the comparison table between the second data block and the database location with the public key of the requesting party and sending it to the device of the data requesting party for storage; Send the digital signature and the obfuscated data in the virtual identity data to the data requester device.

The present invention allows a data provider to use the data provider device to create the virtual identity data in the main access device, and coordinate the third endorser device to digitally digitize the privacy-free obfuscated data in the virtual identity data Sign the seal and use it to interact with the data requesting device. A data requester can obtain the obscured data through the data requesting device, and can confirm whether the obscured data has been confirmed by the third endorsing device according to the digital signature, thereby ensuring the correctness of the required information. And because the obfuscated data does not contain private data, this protects the personal private data of the data provider.

In addition, the virtual identity data received by the main access device contains private sensitive personal data that is encrypted, and the main access device further disassembles it and stores it in a distributed manner, and distributes the comparison table that can be used to restore the data. In this way, the administrator of the primary access device cannot obtain the personal privacy information of the data provider, thereby avoiding malicious disclosure by the administrator.

The following describes the technical means adopted by the present invention to achieve the intended purpose of the invention in conjunction with the drawings and preferred embodiments of the present invention.

Referring to FIG. 1, the present invention provides a personal data protection application system and a personal data protection application method. The personal data protection application system includes a main access device I, a data provider device D, a data requester device R, and a third endorser device P.

The main access device I has a host public key and a host private key corresponding to each other.

The data demander device R has a demander public key and a demander private key corresponding to each other, and is connected to the main access device I, and transmits the demander public key to the main access device I.

The data provider device D is connected to the main access device I, and stores a virtual identity data. The virtual identity data includes a person's sensitive data and an obscured data.

The third endorser device P has an endorser public key and an endorser private key corresponding to each other, connects the main access device I and the data provider device D, and receives the requester sent by the main access device I The public key and the virtual identity data sent by the data provider device D, and the third endorser device P determines whether a data legal command is generated.

When the third endorser device P generates the data legal instruction, the third endorser device P generates a digital signature according to the endorser's private key and the virtual identity data, and then combines the digital signature and the virtual identity data The obfuscated data in the data requester device R is sent to the main access device I, and the third endorser device P encrypts the personal sensitive data in the virtual identity data with the requester public key of the data requester device R to generate a primary Encrypt data, and send the primary encrypted data to the main access device I.

The master access device I disassembles the primary encrypted data into plural data blocks, stores the data blocks in the plural database of the master access device I, and generates a first data block and data Database location comparison table and a second data block and database location comparison table. The first data block and database location comparison table and the second data block and database location comparison table jointly record the database locations stored in the data blocks, and the first data block is compared with the database location The content recorded in the table and the second data block and the database location comparison table are different.

The master access device I encrypts the first data block and database location comparison table with the host public key and stores it, and the master access device I uses the second data block and database location comparison table The public key of the requester is encrypted and transmitted to the device R of the data requester for storage, and the digital signature and the obfuscated data in the virtual identity data are transmitted to the device R of the data requester.

The personal data protection application system allows a data provider to use the data provider device D to create the virtual identity data in the primary access device I, and coordinate the third endorser device P to be the non-exclusive virtual identity data The private obfuscated data is digitally signed and used to interact with the data requester device R. A data requester can obtain the obscured data through the data requesting device R, and can confirm whether the obscured data has been confirmed by the third endorsing device P according to the digital signature, thereby ensuring the correctness of the required information . And because the obfuscated data does not contain private data, this protects the personal private data of the data provider.

In addition, the virtual identity data received by the main access device I contains private personal sensitive data that is encrypted, and the main access device I further disassembles it and stores it in a distributed manner, and distributes the comparison table that can be used to restore the data. In this way, the administrator of the main access device 1 cannot obtain the personal privacy data of the data provider, thereby avoiding malicious disclosure by the administrator.

In this preferred embodiment, the functions performed by the personal data protection application system can be divided into two main stages, one of which is a virtual identity establishment and binding stage, and the other is a human sensitive data life cycle management stage. The virtual identity establishment and binding stage mainly lies in the verification of the real identity of the user of the data provider’s device, ensuring that the data provided by the user of the data provider’s device is correct, and avoiding the difference between the virtual identity and the real identity The data does not match the situation. The life cycle management stage of the personal smart data is the main content of the present invention, which mainly lies in the protection and maintenance of the personal smart data.

For example, the virtual identity establishment and binding phase can be divided into five sub-phases:

Sub-phase 1: The user of the data provider device needs to apply for an identity recognition service to an identity authorization and authentication unit A before establishing a virtual identity through the data provider device D. After the application is approved, obtain the A digital certificate issued by the identity authorization and authentication unit A that can identify the real identity, or any document data, hardware device or software data that can be identified. In this preferred embodiment, the digital certificate that can be used to identify the real identity includes a public key ApubKey of the identity authorization and authentication unit A. For example, the identity authorization and authentication unit A can be a public agency, such as a household registration unit, a police consumer unit, etc., and the digital certificate that can identify the real identity can be a natural person certificate, digital ID card, or digital health insurance Cards, etc., and the document data, hardware devices or software data that can be identified are records of personal sensitive information, such as name, gender, age, ID number, criminal record, salary income, or financial proof.

Sub-phase 2: Next, the user of the data provider device D submits an authorization request to an identity authorization module S1 in the main access device I through an application software module D2 of the data provider device D, and After the identity authorization module S1 is successfully authorized, the application software module D2 of the data provider device D can make an identity authentication request to the designated identity authorization and authentication unit A. And the identity authorization and authentication unit A confirms whether the data provider device D passes the identity authentication of the identity authorization unit A according to the identity authentication request made by the application software module D2 of the data provider device D.

Sub-phase 3: After the data provider device D passes the identity authentication of the identity authorization unit A, the data provider device D creates a virtual identity data virID1 in one of the encrypted data block modules D4, corresponding to a private key The key priKey1 is associated with a public key pubKey1, and the aforementioned data is associated with the public key ApubKey of the digital certificate.

Sub-phase 4: The application software module D2 of the data provider device D further transmits the virtual identity data virID1 and the public key pubKey1 to the main access device I through a communication module D1, and stores them in the main memory Take the virtual identity database CD1 of the device I to complete the creation of the virtual identity.

Sub-stage 5: The user of the data provider device D can use the application software module D2 to read the basic data provided by the identity authorization unit A, and obfuscate the data provider device D by default or custom After the module D3 obfuscates the personal smart data according to its preferences, it generates obfuscated data, binds the obfuscated data to the virtual identity data virID1, and simultaneously updates an encrypted data area of the data provider device D Block D4 corresponds to the corresponding data in the virtual identity database CD1.

In addition, the personal sensitive data life cycle management phase includes the following three sub-phases. The first is a virtual data application authorization sub-phase, the second is a contract authorization inspection and destruction sub-phase, and the third is a human sensitive data request And delivery sub-phases. Through the protection of initial data virtualization and obscuration, and the characteristics of delay or even no need to deliver personal sensitive data. It can also greatly improve personal privacy protection and avoid the shortcomings of data outflow. The detailed description of each sub-process is as follows.

Please refer to Figure 2 and Figure 3. The virtual data application authorization sub-phase includes the following steps:

Step S201: After the individual user completes the establishment of the virtual identity VirID, any data requesting device R can be authorized to use the virtual identity and start to interact with the data requesting device, for example, using the public key of the virtual identity to establish in the service Members, log in to services, and even sign documents with their private keys... etc., and the data requester device R can still read the public information on the virtual identity that has been disclosed and obfuscated to provide basic services.

If the data requester device R views the virtual identity, the individual user of the data provider device D is still required to provide additional documents or files containing personal sensitive information. Then the subsequent sub-phases can be started.

Step S202: Execute a human-sensitive data authorization application process; the data requester device R submits a smart data application request to the data provider device D, which includes, for example, the type of personal smart data, suggested obfuscation conditions, and acceptance The guarantee unit of the third endorser device P...etc.

Step S203: Perform an authorization review and demand submission process; when the data provider device D receives the smart data application request, the individual user of the data provider device D can review the requested items and use the data provider A data input device D5 of device D inputs the required personal smart data, and presets or specifies a fuzzification module D3 of the data provider device D through a communication module of the data provider device D D1 also submits the smart information, the obfuscated information, the smart data application request and the personal identification information to the third endorser device P directly or indirectly via the main access device I.

In addition, in the aforementioned step S203, the submitted data may only include the smart data application request, the personal identification information, and the obfuscated information, etc., but not any smart information.

Furthermore, in the aforementioned step S203, the submitted data can also be encrypted with the endorsing party's public key of the third endorsing party device P to protect the sensitive information therein.

Furthermore, in the aforementioned step S203 process, the submitted personal identification information can be information signed with the private key ApriKey, and the third endorsing party device P can then use the identity authorization and authentication unit A’s public funds The key ApubKey is verified and its identity is authenticated.

Step S204: Execute a human-sensitive data production or endorsement process; after receiving the smart data application request submitted by the data provider device D, the third endorser device P first verifies the personal identification information submitted by it, and then verifies its personal identification information. After the legality of the identity and the request, follow-up actions can be taken, or the follow-up procedure can be directly refused.

In this preferred embodiment, the aforementioned identity verification can be accomplished by using the old-known digital signature technology or other evolved methods, such as using the public key ApubKey of the identity authorization and authentication unit A, and the information contained in the identity information. The included digital signature is checked to ensure that the request is issued by the correct and legal user.

After the third endorsing party device P has verified the identity information and authorization request, it decrypts the original smart information based on its own database or through the smart information provided by the individual user, such as: financial proof file, driver's license Image files, or any supporting documents.

In this preferred embodiment, the aforementioned decryption method can be the use of a data encryption and decryption key agreed upon by both parties, or the use of the private key of the third endorser device P for decryption, or other conventional encryption and decryption methods. The present invention is not limited in advance.

After the third endorsing party device P obtains a file containing the personal smart information, it uses the obfuscated information contained in the request submitted by the data provider device D to perform fuzzification processing, and generates a "fuzzy" corresponding to the personal smart data "Fuzzy data block" and endorsement guarantee for the "Fuzzy data block".

In this preferred embodiment, the aforementioned obfuscated information is a set of data messages, which can include one or more sets of rules. According to the rules, the software can transform the sensitive files by range conversion, key message substitution, mask substitution, or data removal. Discriminative... and other methods are used to convert the sensitive information into a set of obscure data that does not contain sensitive information and cannot indirectly identify individuals. And use the endorser's private key of the third endorser device P to sign the data to prove the source and legality of the data.

For example, the aforementioned examples of obfuscated information are: obfuscating birthday dates into age ranges; obfuscating home addresses as residential areas; obfuscating names as nicknames. For example, the obfuscated information will extract the key information from the driver’s license information and convert it into obfuscated data blocks as follows:

Driver's license: car driver's license; age: 20-25 years old; address: Zhongzheng District, Taipei City; effective date: 2020/06; name: Xiaoju; checksum: SflKxwRJSMeKKF2QT4fw;

Blocks that are obscured and cannot be indirectly identified.

The third endorser device P also learns the requester public key of the data requester device R according to the information in the "request for the smart data request", and publicizes the original personal smart data as the requester of the data requester device R After the key is encrypted, a primary encrypted data is generated.

Then, the third endorser device P transmits "the obfuscated data block", "the primary encrypted data" and "the smart data application request" to the main access device I of the data protection unit via the network, and Proceed to follow-up procedures.

Step S205: Execute an access contract creation procedure; the master access device I, after receiving the "request for the smart data application" and other related data, first records one in a decentralized access contract database DD1 Access contract data. In order to prove in the future that the individual user really authorizes the data requesting device R to access the personal sensitive data specified in the access contract.

When the access contract data is created, the master access device I will again use a user-specified data encryption key or the host public key of the master access device I to target the third endorsing device P The provided primary encrypted data is re-encrypted and protected to form primary and secondary encrypted data, and the secondary encrypted data is provided for subsequent process use.

In the preferred embodiment, the above-mentioned access agreement can be detailed for example: the file number that can be accessed, the access period, the public key list of the accessible person, and the anti-tampering check of the accessed file. Code verification, file placement range... etc., but not limited to the above list. The main purpose of the access contract is to facilitate the main access device I to use relevant information in the future to determine whether a human sensitive data request is authorized, and to determine the scope of authorization... and so on.

Step S206: Perform a data archiving and fuzzification status update process; the main access device I disassembles the secondary encrypted data produced by the foregoing process to a preset number of data blocks, as shown in the process of F401 in FIG. 4.

Then, these data blocks are randomly stored in the distributed secondary encrypted database group RD1~RD5, as shown in the flow of F402 in FIG. 4.

And successively record the actual storage location information of each data block and divide it into 2 groups to generate a first data block and database location comparison table Map_I and a second data block and database location comparison table Map_R , As shown in the flow of F403 in Figure 4.

For example, each data block has a block number arranged in sequence, and in the first data block and the database location comparison table Map_I data block, data blocks 01, 03, 05, 07 are recorded respectively ,09, which is the data location of the data block with an odd block number. From the location information of the first data block and database location comparison table Map_I, it can be known that the physical data location of the data block 01 is located in the 0x234 section of the RD2 database. Similarly, the second data block and database location comparison table Map_R respectively records the data locations of the data blocks with even-numbered block numbers.

The main access device I uses its own host public key to encrypt and convert the data of the first data block and the database location comparison table Map_I into a first comparison table encryption information E_Map_I. And using the public key of the requester provided by the data requester device R, the information of the second data block and the database location comparison table Map_R is encrypted and converted into a second comparison table encrypted information E_Map_R, as shown in the flow of F404 in Figure 4 .

And the main access device I updates the E_Map_I, the obfuscated information block corresponding to the virtual user and other related data collected in step S205 in the virtual identity database CD1.

Then, the main access device I sends back information such as the encrypted information E_Map_R of the second comparison table, the obfuscated data block, and the number of the personal smart data access contract established in S205 to the data requesting device R.

In the contract authorization checking and destruction sub-phase, the main access device I will execute a regular access contract checking procedure according to a preset cycle, as shown in FIG. 5 is a flowchart of the regular checking procedure of the access contract.

In step S501, it is first determined whether a valid period of the access contract has expired.

In step S502, if it is found that the access contract has expired, a contract extension notification message is generated to the data provider device D to notify the user of the data provider device D to reconfirm whether to extend the contract again Procedures to update the validity period of the access contract.

In step S503, the master access device I determines whether a contract extension consent instruction or a contract extension rejection instruction generated by the data provider device D is received.

In step S504, when receiving the agreement extension instruction, the master access device 1 extends the validity period of the access contract.

In step S505, when the contract extension refusal instruction is received, it means that the user does not agree to the extension, and the contract termination operation is performed. A contract abolition module S2 of the main access device I is in the decentralized access contract The database DD1 adds information that the access contract has been revoked to revoke the access contract.

In step S506, the master access device I will synchronously notify the data requester device R that the access contract has been abolished, and ask the data requester device R to encrypt the information E_Map_R of the second comparison table with its requester private After the key is decrypted, it is sent to the main access device I for the main access device I to delete the data blocks stored in the distributed database RD1 to RDn based on the decrypted information. The main access device I decrypts the first comparison table encrypted information E_Map_I with the host private key, and deletes the data blocks stored in the distributed database RD1~RDn based on the decrypted information.

In the sub-phase of requesting and delivering personal smart data, if the data requesting device R still needs to obtain the previously authorized personal smart information temporarily stored in the main access device I due to business needs. After the data requester device R generates a smart data access request, it performs the following process.

The data requester device R provides the access contract number, and uses the requester's private key to decrypt the second comparison table encrypted information E_Map_R, and then generates the second data block and database location comparison table Map_R information for the main memory Take device I, as the flow of F601 in FIG. 6.

After receiving the relevant information, the master access device I retrieves the contract data corresponding to the access contract number from the access contract database DD1. After checking the contract authority, if it is determined that the data requesting device R has a valid access contract, the relevant information can be read. Then enter the flow of F602 in FIG. 6, the main access device I executes a cooling waiting period program, and enters a smart data extraction waiting period. On the contrary, if there is no valid contract, the process will be terminated.

After the main access device I executes the cooling and waiting procedure, it first sends a data request prompt to the corresponding data provider device D, as shown in the flow of F603 in FIG. 6. And enter a pre-set waiting period for smart data extraction, for example: 10 days. After the data provider device D receives the data request prompt, it will prompt the user the data requester device R to request data. The user can extend the waiting period after putting forward a reasonable opinion, so that the main access device I suspends giving data. Or the user can also reply to the consent and reduce the preset waiting period in order to speed up the data delivery speed.

After the waiting period of the main access device I has elapsed, for example, 10 days have passed, the main access device I will initiate a data reorganization and protection removal process, as shown in the flow of F604 in FIG. 6.

The data reorganization and protection removal process is as shown in Figure 7. The main access device I will read the encrypted information of the first comparison table encrypted information E_Map_I from the virtual identity database CD1 and use it with the host private key Decrypted into the first data block and database location comparison table Map_I, and combined with the data requesting device R to decrypt the second comparison table encrypted information E_Map_R information with the requesting party's private key, the second data block is generated Compare table Map_R with database location. Then, the primary access device I integrates the first data block and database location comparison table Map_I and the second data block and database location comparison table Map_R into a complete piece of information, including the data blocks The real storage addresses in the distributed database RD1~RDn. Figure 7 shows the flow of F701.

After the main access device I obtains the first data block and database location comparison table Map_I and the second data block and database location comparison table Map_R, the main access device I relies on the location information contained therein , Go to the distributed database group RD1~RDn to retrieve data, and reorganize the secondary encrypted data in order, as shown in the flow of F702 and F703 in Figure 7.

Then use the host private key of the primary access device I to decrypt the secondary encrypted data and restore it to the primary encrypted data, as shown in the flow of F704 in FIG. 7. At this point, the process of data reorganization and protection removal is completed.

Finally, the primary access device I sends the primary encrypted data back to the data requester device R, as shown in F605 in FIG. 6.

The data requester device R can use its own requester private key to decrypt the primary encrypted information and restore the original user's personal sensitive data, as shown in the flow of F606 in FIG. 6.

In summary, compared with the prior art, the present invention can provide a convenient and safe user privacy protection mechanism. The individual user interacts with the data requesting device R by using the virtual identity created in the personal data protection application system, without revealing the real user identity to the data requesting device R, and the personal data protection application system provides The virtual identity data accessed by the data requester device R itself only contains obscured, unrecognizable, and difficult to indirectly identify the real identity obscured data, application data that is not related to personal information, and non-sensitive information. E.g:

Gender: Male; Age: 20~25; Annual Income: 100K~120K; Education Level: Master; Driver's License: Car Driver's License: Work: Technology Industry...

The data requester device R does not need to store personal data in its database as in the traditional way. Conversely, personal obscured information can be obtained through the main access device I, and real-time, correct and critical application information can be obtained for subsequent marketing analysis or service application.

In addition, through this method, the data-requiring device still needs to request relevant certification documents from its users in the future for qualification check or to comply with legal requirements, such as documents required by government agencies to be attached. The present invention also provides a personal smart data authorization application mechanism, which can reduce the time and money burden of individual users to provide documents, and also greatly reduces the risk of personal smart information outflow. After the primary encryption and secondary encryption of the data, only the data requesting device R and the primary access device I are authorized by the mechanism before they can decrypt the true original data. Significantly avoid the risk of data outflow before the data demanding device needs to use the data. The management personnel of the main access device I cannot decrypt the primary encrypted information on the system without the private key of the requester device R of the data requester. Significantly reduce the risk of malicious outflow of information by managers.

And because the data is double-encrypted and stored in distributed database groups RD1~RDn. Even if a hacker invades the main access device I, it is difficult to piece together a complete data sequence and decrypt the data. This will greatly increase the difficulty and reduce the willingness of hackers to attack the system.

In addition, the present invention not only protects personal sensitive data and its privacy, but also greatly reduces the risk and cost of storing personal data by the data requester device R. It also integrates with the identity authorization and authentication unit A and the third endorser device P. It greatly reduces the difficulty of user identity authentication and submission of document information, and greatly reduces the problem of the data requester device R verifying the correctness and legality of personal sensitive data.

The following describes the implementation of the present invention with specific specific embodiments. Those skilled in the art can easily understand the other advantages and effects of the present invention from the content disclosed in this specification. The present invention can also be implemented or applied by other different specific embodiments.

The first embodiment:

The scenario of this implementation form is: the house lessor requires the lessee to provide additional supporting documents, such as: criminal record proof, financial proof documents, and ID card image information to facilitate the signing of the contract. This embodiment illustrates how the present invention strengthens personal privacy, protects personal sensitive information, improves the efficiency of data exchange and the rigor of data verification. The roles of this embodiment are shared: the house lessor who uses the data requester device R, the tenant who uses the data provider device D, the main access device I, the notary who uses the third endorser device P, and The identity authorization and certification unit A's credential management center.

In this embodiment, we assume that the above-mentioned virtual identity establishment and binding phase has been completed before proceeding to this embodiment. For example, the respective preferred identity authorization and authentication unit A has been designated, and at least one set of virtual identities have been established in the main access device I.

When the lessor, the data requester device R, wants to request the lessee, the data provider device D, such as criminal record certificate, financial proof documents, and ID card image information, the lessor only needs to In the software of the data requester device R that you own, enter the required data type, and apply for the authorization of the personal smart data through the software, and forward the request to the tenant through the main access device I through the network The data provider device D of, in addition, the present invention does not limit the way of demand transfer. In this example, the screen of the lessor’s data provider device R displays the QR-Code, which contains personal sensitive data authorization application information, and the lessee’s data provider device D reads the QR-Code to obtain the authorization. Application.

After the lessee U reads the authorization application, the data provider device D can conduct authorization review and demand submission procedures: after reviewing the application, if the lessee agrees to provide the required documents, it will use its own data provider device D’s data input device D5 inputs required documents, such as criminal record certificates, financial proof documents, and image files of identity cards, and converts the aforementioned personal smart data into obfuscated data blocks 1 through the obfuscation module D3. 2, 3 respectively correspond to the aforementioned documents. For example, the obfuscated block 1 converted from the criminal record certificate can be a JSON data. An example of the conversion is shown in Figure 8. The obfuscated information can be JSON data, which is used to guide the software to use which function to convert personal sensitive data, for example:

name: mask; means to use the mask function to replace the name in the original data with *;

birthday: ageRange; means to use the age range function to convert the date information into an age range for application analysis;

idNo: virtualIdNO; it means that the ID number is replaced by the public key position of the virtual identity.

After the data is modeled, the software of the data provider’s device D then integrates the smart data application request, the original document image 1~3, the obfuscated data block 1-3... and other data into the personal smart data authorization request, as shown in the figure 9 and the third endorser device P that transmits the request to the notary public.

The third endorser device P of the notary public enters the production or endorsement process of the personal smart data after receiving the aforementioned authorization request for personal smart data sent by the lessee.

In the production or endorsement process of the personal smart data, the third endorser device P of the notary parses the provider public key of the data provider device D of the lessee in the smart data application request, together with the provided public key The application requests a digital signature, which shall be provided to the identity authorization and verification unit A or use the authentication tool provided by the identity authorization and verification unit A to confirm the identity of the tenant. After the basic identity is confirmed, if the tenant passes the identity verification, the follow-up process will be carried out, otherwise it will be refused to use the follow-up service.

Since the personal sensitive information is provided and prepared by the lessee, the third endorser device P only performs the decryption of the original personal sensitive information and the endorsement guarantee procedure. After the third endorsing party device P of the notary decrypts the criminal record certificate, the financial proof document, the image information of the ID card and the corresponding obfuscated block in this embodiment, the original image file is compared with the obfuscated block Does it match? For example: In obfuscated data block 1, it is recorded that the lessee is 35-40 years old, the name is Huang**, and there is no criminal record... etc., then the notary must compare the original criminal record certification file to confirm and obfuscate the data block After the information posted in 1 matches, the information is endorsed and guaranteed, that is, the notary uses the endorser's private key of the third endorser device P to digitally sign the obfuscated block. Subsequently, the digital signature of the endorsement guarantee and the endorser public key of the third endorser device P are added to the obfuscated data block, so that others can confirm the correctness of the obfuscated data block in the future.

The third endorser device P of the notary public then parses the demander’s public key of the renter’s data requester device R in the smart data application request, and sends personal smart data such as original criminal record certificates, financial proof documents, and The ID card image file and other data are initially encrypted with the public key of the requester device R of the data requester, so as to be transmitted to the main access device I.

Then, the third endorser device P of the notary public returns the primary encrypted personal smart data, the obfuscated data block with the endorsement guarantee signature added, the smart data application request... and other related information back to the main access device I, for the follow-up procedures related to the protection of personal sensitive information.

In this embodiment, after the primary access device I receives the request for sensitive data forwarded by the third endorser device P of the notary, the primary access device I parses the content and decentralizes it. Create an access contract in the database. The access contract records the tenant’s data provider device D authorizing the renter’s data requester device R in the future to access the notary’s third endorser device P temporarily hosted in the main access device I Personal sensitive information processed by primary encryption. As shown in Figure 10, the access contract records a list of files that can be accessed, the data of the people that can be accessed, the public key of the requester device R, the period of time available for access, the file content verification code... Waiting for future house renters to access personal sensitive information for inspection.

After the production of the access contract is completed, the master access device I will use the data encryption key designated by the user again for the personal sensitive data that has been initially encrypted by the third endorser device P of the notary, or use the main storage Take the host public key of the device I and encrypt the personal sensitive data again to form the secondary encrypted data. The purpose of the secondary encryption here is to avoid accidental outflow of data, the malicious person needs to obtain the decryption keys of both parties at the same time to restore the original personal smart data.

The primary access device I disassembles the secondary encrypted data into a preset number of data blocks, and uses the data storage and obfuscation status update procedures to disassemble, and randomly stores the data blocks in the distributed database RD1 ~RDn, and obtain 2 sets of encrypted information E_Map_I of the first lookup table and encrypted information E_Map_R of the second lookup table.

The purpose of executing this procedure is to break up the secondary encrypted information of the lessee’s data provider device D again and store it in the distributed database RD1~RDn. In this way, hackers cannot obtain personal sensitive information by attacking a single server. Even if the hackers have great powers, they can obtain all the information in the distributed database. The hacker also needs to obtain the encrypted information E_Map_I of the first comparison table kept by the main access device I and the encrypted information E_Map_R of the second comparison table kept by the data requesting device R of the house renter separately, and then transfer them Decrypt respectively, and obtain the block data in the distributed database RD1~RDn according to the arrangement order, and then restore the secondary encrypted data. If not through the above method, a hacker or a malicious user can obtain scattered data blocks, which are just a bunch of encrypted data arranged randomly, which will greatly encourage the malicious user and even the system administrator of the main access device I to restore the original The difficulty of personal sensitive information.

The master access device I finally obfuscates the tenant’s obfuscated data block, which also contains the digital signature endorsed by the third endorser device P of the notary for the data, and updates it in the master access device I In the virtual identity database CD1, the encryption information E_Map_I of the first comparison table is synchronously updated in the access contract database DD1. Finally, the access contract number, the encrypted information E_Map_R of the second comparison table, and other required information are respectively returned to the data demander device R of the house renter.

In this embodiment, the house renter can already use the data requester device R to obtain the tenant’s designated non-sensitive information through the virtual identity database of the main access device I, that is, after obfuscation, it does not contain personal information, And the obfuscated data block guaranteed by the notary's endorsement is shown in Figure 11.

Through this virtual identity information, the renter can know the information that he cares about without knowing the key sensitive information, such as age range, criminal record, economic status, etc., and the above information has also been confirmed by a notary. , Even after comparing the original information face-to-face with the lessee, the endorsement guarantee is carried out. Through this initial obfuscation and endorsement guarantee mechanism, tenants can choose a trusted notary for information verification and confirmation, without the need to deliver sensitive personal information to the renter, greatly reducing the leakage of personal sensitive information. Housing renters can also obtain the information they care about, without having to confirm whether the information is correct, or bear the risk of keeping personal data, and increase the willingness of tenants to provide information, and reduce the risk and cost of data exchange.

In this embodiment, the information obtained by the lessor’s data requester device R is obscure. In the event of contract disputes or legal procedures, the lessee’s key sensitive information or identification The real identity of virtual users is necessary. Therefore, through the method of the present invention, the data requester device R of the house renter can start the personal sensitive data request and delivery stage to obtain the key sensitive information of the renter.

In this embodiment, the personal sensitive information request and delivery sub-phase gives the lessee an opportunity to delay the delivery of personal sensitive information to the house lessor. After the expiration of the personal smart data access contract, for example, half a year after the execution of the house rental contract, due to the contract authorization inspection and destruction sub-phase mechanism of the present invention. The renter loses the right to access the renter’s sensitive information, so before a major legal incident occurs, the renter does not need to worry about the abuse of personal data, and after the validity period, there is no need to deliver personal sensitive information to the renter. , Which greatly reduces the chances of personal information leakage and abuse.

The second embodiment:

The situation of the second implementation form is: online sellers are required by government agency laws and regulations, for example, because they need to sell licensed products, they need to collect buyer's specific certification documents on their behalf, such as: financial proof documents, identity documents... etc. , In order to facilitate follow-up audits by government agencies. In order to facilitate the signing of the sale and purchase contract, the online seller needs to collect the buyer's relevant certification documents on behalf of the government agency. How to reduce the buyer's doubts about delivering smart information and increase the probability of a transaction is the problem to be solved by this embodiment. In other words, how to avoid online sellers from recording sensitive information, so that government units that really need personal sensitive information can obtain personal sensitive information, and at the same time reduce buyers' doubts about providing personal information.

The roles of this embodiment share a data referral device F of an online seller, a data requester device R of a government agency, a data provider device D of an online buyer, a main access device I of a data protector, and a financial institution’s The third endorser device P, the identity authorization and authentication unit A of a certain certificate management center.

In this embodiment, we assume that the online buyer uses the data provider device D to perform this method, and other units use API to interface with the main access device I, and this method has been completed before proceeding to this embodiment The stage of virtual identity establishment and binding. For example, the respective preferred identity authorization and authentication unit A has been designated, and at least one set of virtual identities have been established in the main access device I.

When an online seller wants to obtain a financial proof document from an online buyer, the online seller only needs to specify the required data type in the data transfer device F, and issue a personal smart data authorization application through the API. The path is forwarded to the data provider device D of the online buyer via the main access device I. The data provider device D of the online buyer learns the authorization application after receiving the application (APP) push.

After reading the authorization application, the data provider device D of the online buyer conducts authorization review and demand submission procedures: after reviewing the application, the online buyer learns that the real data requester device R is a government agency, If the buyer agrees to provide the required documents to the government agency, the software of the data provider device D will then integrate the sensitive data application request, the preferred authentication unit, the data provider, the obfuscation module D3... and other data into the individual Authorize the request for sensitive data, and forward the request to the third endorser device P of the bank financial institution through the main access device I.

The third endorser device P of the banking financial institution enters the personal smart data production or endorsement process after receiving the aforementioned personal smart data authorization request sent by the data provider device D of the online buyer.

The third endorser device P of the banking financial institution parses the provider public key of the data provider device D of the online buyer in the smart data application request, and provides it with the digital signature of the application request provided therein to the identity authorization Confirm the identity of the data provider device D of the online buyer with the authentication unit A or use the authentication tool provided by the identity authorization and authentication unit A. After the basic identity verification, if the buyer passes the identity verification, the follow-up process will be carried out, otherwise the follow-up service will be refused.

In this embodiment, the third endorser device P of the bank financial institution is provided and prepared by the financial institution because of the personal sensitive information. The third endorser device P of the bank financial institution retrieves the financial proof document of the data provider device D corresponding to the online buyer from its own database, and then converts the aforementioned personal smart data through the obfuscation module D3 Into obscured data blocks. For example, the obfuscated block can be a JSON data. The obfuscated information can be JSON data, which is used to guide the software to use which function to convert personal smart data, such as:

name: mask; means to use the mask function to replace the name in the original data with *;

birthday: ageRange; means to use the age range function to convert the date information into an age range for application analysis;

idNo: virtualIdNO; it means that the ID number is replaced by the public key position of the virtual identity;

And after the data is obscured, the information is endorsed and guaranteed, that is, the third endorsing party device P of the financial institution uses its own endorsing party's private key to digitally sign the obfuscated block and the digital financial proof file. Subsequently, the digital signature guaranteed by the endorsement and its own public key are added to the obfuscated data block so that others can confirm the correctness of the obfuscated data block in the future.

The third endorser device P of the banking financial institution then parses the requester public key of the government agency’s data requester device R in the request for smart data, and transfers personal smart information, such as financial proof documents, to the data requester device R The public key of the requesting party performs preliminary data encryption so as to transmit the data to the main access device I.

The third endorser device P of the bank financial institution returns the primary encrypted personal smart data, the obfuscated data block with the endorsement guarantee signature added, and the smart data application request... and other relevant information back to the main access device I , In order to carry out follow-up procedures related to the protection of personal sensitive information.

In this embodiment, the main access device I, after receiving the smart data application request forwarded by the third endorser device P of the bank financial institution, parses its content, and creates a decentralized database. Access contract. The access contract states that the data provider device D of the online buyer authorizes the data requester device R of a government agency to access in the future the third endorser of the financial institution temporarily hosted in the main access device I The financial proof file of the primary encryption processing of the device P. For example, the access contract records a list of files that can be accessed, the data of the person who can be accessed, the public key of the requester device R, the period of time available for access, the file content verification code... etc. In the future, when the government unit is auditing, it can be checked if it needs to access the financial proof.

After the production of the access contract is completed, the master access device I will re-use the user-specified data encryption key or use the master access device for the personal sensitive data that has been initially encrypted by the third endorser device P of the bank financial institution The host public key of I encrypts personal sensitive data again to form secondary encrypted data. The purpose of the secondary encryption here is to avoid accidental outflow of data, the malicious person needs to obtain the decryption keys of both parties at the same time to restore the original personal smart data.

The primary access device I disassembles the secondary encrypted data into a preset number of data blocks, and uses data storage and obfuscation status update procedures to randomly store the data blocks in the distributed database RD1~RDn , And obtain two sets of encrypted information E_Map_I of the first comparison table and encrypted information E_Map_R of the second comparison table. The purpose of executing this procedure is to break up the secondary encrypted information of the data provider device D of the online buyer again and store it in a distributed database. In this way, hackers cannot obtain personal sensitive information by attacking a single server. Even if the hackers have great abilities, they can obtain all the data of the distributed database RD1~RDn. The hacker also needs to obtain the encrypted information E_Map_I of the first comparison table kept by the primary access device I and the encrypted information E_Map_R of the second comparison table kept by the government agency’s data requester device R respectively, and then decrypt them and follow them. Arrange the order to obtain the data blocks in the distributed database, and restore the secondary encrypted data. If not through the above methods, the scattered data blocks obtained by a hacker or a malicious user are just a bunch of encrypted data arranged randomly, which will greatly increase the malicious user and even the system administrator of the main access device I, and restore the original individual The difficulty of smart information.

The main access device I finally obfuscates the data block of the data provider device D of the online buyer, which also contains the digital signature endorsed by the third endorser device P of the banking financial institution for the block. Update the virtual identity database of the main access device I, and simultaneously update the first comparison table encryption information E_Map_I in the access contract database DD1. Finally, the access contract number, the encrypted information E_Map_R of the second comparison table of the data access map, and other required information are respectively returned to the data transfer device F of the online seller.

In this embodiment, the data referral device F of the online seller only sends out the request for collection of personal sensitive data, and keeps the non-sensitive information required for transactions such as the access contract number, the encrypted information of the second comparison table, E_Map_R, etc., for example : Obtain the obfuscated data block of the lessee through the virtual identity database of the main access device I, which does not contain personal information and is endorsed. Through this virtual identity data, the data referral unit F of the online seller can complete the collection of personal sensitive information on behalf of the government agency to facilitate the completion of the transaction without knowing the status of the key sensitive information and complying with the requirements of laws and regulations.

Through this initial obfuscation and endorsement guarantee mechanism, online buyers can choose trusted banking financial institutions to submit information without having to deliver sensitive personal information to the online seller’s data referral device F. Instead, the personal sensitive information is temporarily encrypted using the public key of the requesting device R of the data requesting device R of the government agency, and temporarily placed on the main access device I for decentralized storage. Significantly reduce the leakage of personal sensitive information. Online sellers can smoothly complete transactions in compliance with laws and regulations, and do not need to confirm whether the data is correct or take the risk of keeping personal data. It also increases the willingness of the lessee to provide data and reduces the risk and cost of data exchange.

In this embodiment, when the data requesting device R of a government agency is required for audit or legal procedures, the method of the present invention can obtain the access contract number from the data referral device F of the online seller. , After the transaction information such as the encrypted information E_Map_R of the second comparison table, the parallel text informs the main access device I to start the personal smart data request and delivery sub-phase.

In this embodiment, the data provider device D of the online buyer does not need to deliver personal sensitive information to the data referral device F of the online seller in the personal sensitive data request and delivery sub-phase, and provides a method to temporarily host the individual The smart data is in the main access device I to facilitate the mechanism of the government agency's data requester device R in the future to obtain it. And after the expiration of the access contract, due to the sub-phase mechanism of the contract authorization inspection and destruction of the present invention, personal sensitive data can be deleted, which greatly reduces the chance of personal data leakage and abuse.

The above are only preferred embodiments of the present invention, and do not limit the present invention in any form. Although the present invention has been disclosed as above in preferred embodiments, it is not intended to limit the present invention. Anyone familiar with the professional technology Personnel, without departing from the scope of the technical solution of the present invention, when the technical content disclosed above can be used to make slight changes or modification into equivalent embodiments with equivalent changes, but any content that does not deviate from the technical solution of the present invention, according to the present invention Any simple modifications, equivalent changes and modifications made to the above embodiments by technical essence still fall within the scope of the technical solutions of the present invention.

I primary access device CD1 Virtual Identity Database DD1 access contract database S1 Identity Authorization Module S2 contract revocation module RD1~RDn database R data requester device D Data provider device D1 communication module D2 Application Software Module D3 fuzzification module D4 Encrypted Data Block Module D5 data input module P Third Endorser Module A Identity authorization and certification unit

Figure 1 is a block diagram of the personal data protection application system of the present invention. Figure 2 is a schematic diagram of the flow of the virtual data application authorization sub-phase of the present invention. Figure 3 is a schematic diagram of the flow of the virtual data application authorization sub-phase of the present invention. Fig. 4 is a flow chart of the data archiving and fuzzification status update procedure of the present invention. Fig. 5 is a flow diagram of the routine checking procedure of the access contract of the present invention. Fig. 6 is a schematic diagram of the process of the sub-phases of requesting and delivering personal smart data of the present invention. Fig. 7 is a flow chart of the data reorganization and protection removal procedure of the present invention. Fig. 8 is a schematic diagram of the fuzzification conversion performed by the fuzzification module of the present invention. Figure 9 is a schematic diagram of the smart data authorization request of the present invention. Figure 10 is a schematic diagram of the smart data access contract of the present invention. FIG. 11 is a schematic diagram of the virtualized personal file of the present invention.

I primary access device CD1 Virtual Identity Database DD1 access contract database S1 Identity Authorization Module S2 contract revocation module RD1~RDn database R data requester device D Data provider device D1 communication module D2 Application Software Module D3 fuzzification module D4 Encrypted Data Block Module D5 data input module P Third Endorser Module A Identity authorization and certification unit

Claims (10)

A personal data protection application system, including: A host access device having a host public key and a host private key corresponding to each other; A data demander device having a demander public key and a demander private key corresponding to each other, and is connected to the main access device, and transmits the demander public key to the main access device; A data provider device is connected to the main access device and stores a virtual identity data. The virtual identity data includes a person's sensitive data and an obfuscated data; A third endorsing party device, having an endorsing party public key and an endorsing party private key corresponding to each other, connecting the main access device and the data provider device, and receiving the requesting party public key and the data provider device sent by the main access device The virtual identity data sent by the data provider device, and the third endorser device determines whether a data legal instruction is generated; Wherein, when the third endorsing party device generates the data legal instruction, the third endorsing party device generates a digital signature according to the endorsing party's private key and the virtual identity data, and combines the digital signature and the virtual identity data The obfuscated data of is sent to the main access device, and the third endorser device encrypts the personal sensitive data in the virtual identity data with the requester public key of the data requester device to generate a primary encrypted data, and Sending the primary encrypted data to the main access device; The master access device disassembles the primary encrypted data into plural data blocks, stores the data blocks in the plural database of the master access device, and generates a first data block and a database Location comparison table and a second data block and database location comparison table; wherein the first data block and database location comparison table and the second data block and database location comparison table jointly record the data blocks The stored database location, and the content recorded in the first data block and database location comparison table and the second data block and database location comparison table are not the same; Wherein the master access device encrypts the first data block and database location comparison table with the host public key and stores it, and the master access device uses the second data block and database location comparison table according to the requirement The public key of the party is encrypted and sent to the data requesting device for storage, and the digital signature and the obfuscated data in the virtual identity data are sent to the data requesting device. The personal data protection application system described in claim 1, wherein the data provider device is connected to the data requester device; When the data provider device receives a smart data application request generated by the data requester device, the data provider device correspondingly updates the obfuscated data in the virtual identity data according to the smart data application request, and the data provides The third party device further transmits the updated obfuscated data to the third endorsing party device for the third endorsing party device to re-determine whether to generate the data legal instruction. The personal data protection application system according to claim 1, wherein when the primary access device receives the primary encrypted data, the primary access device first encrypts the primary encrypted data with the host public key of the primary access device , In order to generate first-level and second-level encrypted data, and then disassemble the second-level encrypted data into these data blocks. The personal data protection application system according to claim 1, wherein each of the data blocks has a block number arranged in sequence, and the first data block and the database location comparison table record the data area whose block number is an odd number Blocks and their stored database locations, and the second data block and database location comparison table records data blocks with even-numbered data blocks and their stored database locations. The personal data protection application system according to claim 1, wherein when the primary access device receives the primary encrypted data, the primary access device further receives an access contract generated by the data provider device, and sends the The access contract is stored in the main access device. The personal data protection application system according to claim 5, wherein the main access device periodically executes an access contract periodic inspection procedure according to a preset cycle to determine whether a valid period of the access contract has expired ； When the master access device determines that the validity period of the access contract has expired, it generates a contract extension notification information, and transmits the contract extension notification information to the data provider device; When the data provider device receives the contract extension notification information, the data provider device determines whether to generate a contract extension agreement or a rejection contract extension instruction; when the agreement extension instruction is generated, the data provider device Send the consent contract extension instruction to the master access device for the master access device to extend the validity period of the access contract according to the consent contract extension instruction. For example, the personal data protection application system according to claim 6, wherein when the denial contract extension instruction is generated, the data provider device transmits the denial contract extension instruction to the main access device for the main access device to follow the refusal The contract extension instruction annuls the deposit and withdrawal contract; When the main access device revokes the access contract, the main access device deletes the encrypted first data block and the database location comparison table, and the main access device sends a message to the data requesting device The comparison table deletion request is for the data device to delete the encrypted second data block and the database location comparison table. The personal data protection application system according to claim 5, wherein the data provider device is connected to the data requester device; When the data requesting device generates a smart data access request, the data requesting device decrypts the encrypted second data block and the database location comparison table with the requesting private key, and then transmits the smart data The access request and the decrypted second data block and database location comparison table to the main access device; When the master access device receives the sensitive data access request, the master access device determines whether the access contract is valid; When the access contract is valid, the master access device enters a smart data retrieval waiting period, and sends a smart data request prompt to the data provider device, and the master access device is after the smart data retrieval waiting period , The main access device decrypts the encrypted first data block and database location comparison table with the host private key, and based on the decrypted first data block and database location comparison table and the decrypted The second data block and the database location comparison table, read and reorganize the data blocks into the primary encrypted data, and the main access device transmits the primary encrypted data to the data requester device; When the data requesting device receives the primary encrypted data, the data requesting device decrypts the primary encrypted data with the private key of the requesting party to obtain the personal sensitive data. A personal data protection application method, executed by a master access device, includes the following steps: Receiving a demander public key sent by a data demander device; Receive a digital signature and an obfuscated data in a virtual identity data sent by a third endorsing party device; wherein the digital signature is generated by the third endorsing party device based on an endorsing party's private key and the virtual identity data Where the virtual identity information is provided by a data provider's device, and contains a personal sensitive information and the obfuscated information; Receive a primary encrypted data sent by the third endorsing device; wherein the primary encrypted data is generated by the third-party endorsing device by encrypting the personal sensitive data in the virtual identity data with the public key of the requesting party of the data requesting device of; Disassemble the primary encrypted data into plural data blocks, store the data blocks in the plural database, and generate a first data block and database location comparison table and a second data block and database location Comparison table; wherein the first data block and database location comparison table and the second data block and database location comparison table jointly record the database locations stored in the data blocks, and the first data block and The database location comparison table and the content recorded in the second data block and the database location comparison table are not the same; Encrypt the first data block and database location comparison table with a host public key of the host access device and store it; Encrypting the comparison table between the second data block and the database location with the public key of the requesting party and sending it to the device of the data requesting party for storage; Send the digital signature and the obfuscated data in the virtual identity data to the data requester device. The personal data protection application method according to claim 9, wherein when the primary encrypted data is received, the primary encrypted data is first encrypted with the host public key of the main access device to generate the primary and secondary encrypted data, Then disassemble the secondary encrypted data into these data blocks.

Images