KR20210136589A - Device, method, system and computer readable storage medium for managing access authority of data using blockchain - Google Patents

Abstract

A data access right managing method is described. An exemplary data access right managing method comprises: an approval step of approving a sharing request of a requestor for data encoded on the basis of a public key of a user and registered in a blockchain network; a data recovery step of obtaining data from the blockchain network in response to the approval step; a first symmetric key generation step of generating a first symmetric key in response to the approval step; a first transaction data generating step of generating first transaction data including encoded data by using the first symmetric key and the public key of the requestor; and a shared data registration step of transmitting the generated first transaction data to the blockchain network.

Description

Device, method, system and computer-readable storage medium for managing data access rights using blockchain {DEVICE, METHOD, SYSTEM AND COMPUTER READABLE STORAGE MEDIUM FOR MANAGING ACCESS AUTHORITY OF DATA USING BLOCKCHAIN}

The present disclosure relates to an apparatus, method, system, and computer-readable storage medium for managing access rights of data using a block chain.

Unless otherwise stated herein, the material described in this section is not prior art to the claims in this application, and should not be admitted as prior art on the grounds that it is recited in this section.

As the use of a computing device having a communication function becomes common, interest in a security technology for preventing hacking of data stored in the computing device is increasing. One of the security technologies that are interested in various countries and various companies is the block chain. Blockchain uses a distributed data storage technique, which does not store data in a single computing device, but stores data in multiple computing devices participating in a network.

Korean Patent Laid-Open No. 10-2019-0081299 discloses a data access control system using a block chain technique. In this prior patent document, when the data owner registers data in the blockchain network, and the requestor requests access to the data, the data owner sends the requester a token transaction with an expiration date to the requester, and sends a re-encryption key. generated and sent to the cloud server. Thereafter, the cloud server acquires data from the blockchain network, re-encrypts it using the re-encryption key, and manages the access rights of the data by transmitting the encrypted data to the requester's device. However, as the server, which is a third device other than the owner and the requester, intervenes in the process of sharing data, there remains a possibility that the data remains visible through the third device.

The present disclosure provides an apparatus, method, system and computer-readable storage medium for managing access rights of data using a block chain to solve the above problems.

In some embodiments of the present disclosure, a method for managing data access rights is described. An exemplary method for managing data access rights includes an approval step of approving a request for sharing of data encoded on the basis of a user's public key and registered in a blockchain network; a data recovery step of obtaining data from the blockchain network in response to the approval step; in response to the approval step, a first symmetric key generation step of generating a first symmetric key; a first transaction data generating step of generating first transaction data including encoded data by using the first symmetric key and the requestor's public key; and a shared data registration step of transmitting the generated first transaction data to the blockchain network.

In some examples, the data access right management method may further include, before the approval step, an asymmetric key acquisition step of accessing the blockchain network to obtain the user's public and private keys. In some examples, the data access right management method may further include a user registration step of registering information about the user in the blockchain network before the approval step. In some examples, the data access right management method may further include a data registration step of registering the data in the blockchain network before the approval step.

In some other embodiments, an apparatus for managing data access rights is described. An exemplary apparatus for managing data access rights may include a communication unit, a coding unit, and a request processing unit. The communication unit may be configured to access the blockchain network, retrieve transaction data stored in the blockchain, and generate and transmit transaction data. The coding unit may be configured to perform symmetric encoding, symmetric decoding, asymmetric encoding, and asymmetric decoding. The request processing unit may be coupled to the communication unit and the coding unit and configured to receive user input. The coding unit is configured to generate a first symmetric key, and to encode data based on the first symmetric key and the user's public key, and the communication unit is configured to register first transaction data including the encoded data in the blockchain network. can be In some examples, when the communication unit receives the requestor's sharing request for the material included in the first transaction data, and the request processing unit receives, from the user, a user input for approving the requester's sharing request, the communication unit is a blockchain network receive the encoded data from, the coding unit obtains the data from the encoded data, generates a second symmetric key, encodes the data using the second symmetric key and the requester's public key, and the communication unit obtains the data from the second symmetric key. The second transaction data including the encoded data may be generated using the key and the requestor's public key, and the generated second transaction data may be transmitted to the blockchain network.

In some other embodiments, a computer-readable storage medium storing a data access rights management program is described. When the data access right management program is executed by the computing device, the approval operation for approving the requestor's sharing request for the data encoded on the basis of the public key of the user and registered in the blockchain network; a data recovery operation to obtain data from the blockchain network in response to the authorization operation; a first symmetric key generation operation of generating a first symmetric key in response to the approval operation; a first transaction data generating operation of generating first transaction data including encoded data by using the first symmetric key and the requestor's public key; and a shared data registration operation of transmitting the generated first transaction data to the blockchain network.

The above brief summary and description of effects are merely exemplary and are not intended to limit the technical matters intended in the present disclosure. In addition to the above-described exemplary embodiments and technical features, additional embodiments and technical features may be understood by referring to the following detailed description and accompanying drawings.

The foregoing and other features of the present disclosure will become sufficiently apparent from the following description with reference to the accompanying drawings. Understanding that these drawings illustrate only a few embodiments in accordance with the present disclosure, and thus should not be considered limiting of their scope, the present disclosure is described in more specific and detail through the use of the accompanying drawings. will be
1 illustrates an example of a blockchain used in at least some embodiments of the present disclosure.
2 depicts a schematic diagram of a system for managing access rights of data in accordance with at least some embodiments of the present disclosure.
3 is a block diagram illustrating an apparatus for managing data access rights according to at least some embodiments of the present disclosure.
4 depicts an example process for performing user registration, in accordance with at least some embodiments of the present disclosure.
5 illustrates an example process for connecting to a blockchain network, in accordance with at least some embodiments of the present disclosure.
6 illustrates an example process for registering a material with a blockchain network, in accordance with at least some embodiments of the present disclosure.
7 illustrates an example process for querying material in a blockchain network, in accordance with at least some embodiments of the present disclosure.
8 illustrates an example process for sharing material with a requestor, in accordance with at least some embodiments of the present disclosure.
9 illustrates a computer program product that may be used to manage access rights to data, in accordance with at least some embodiments of the present disclosure.
10 is an exemplary block diagram of a computing device arranged in accordance with at least some embodiments of the present disclosure.

Hereinafter, embodiments and examples of the present application will be described in detail with reference to the accompanying drawings so that those of ordinary skill in the art to which the present disclosure pertains can easily carry out. However, the present application may be embodied in many different forms and is not limited to the embodiments and examples described herein.

The present disclosure generally relates to a method, an apparatus, a system, a computer-readable storage medium, and a program stored therein for managing access rights of data registered online.

Hereinafter, the term "coding" collectively refers to encoding for encrypting data and decoding for decrypting data. The term "symmetric encoding" or "symmetric decoding" refers to encoding or decoding of data using symmetric encryption techniques. Similarly, the terms "asymmetric encoding" or "asymmetric decoding" refer to encoding or decoding of data using asymmetric encryption techniques. Also, hereinafter, “data” according to the present disclosure refers to data or information required to be stored in a blockchain.

1 illustrates an example of a blockchain 100 used in at least some embodiments of the present disclosure. A blockchain includes one or more blocks, and each block can be implemented in various forms as required. These blockchains are stored in each of a plurality of nodes within the blockchain network, and whenever a new block is created, the generated block is propagated throughout the blockchain network.

As shown in FIG. 1 , the block 110 may include a block hash unit 120 , a block header unit 130 , and a block body unit 140 . The block hash unit 120 includes a block hash value, which corresponds to a unique value for identifying the block 110 . The block hash value is calculated based on data included in the block header unit 130 and the block body unit 140 in the block 110 , as described below. The block header unit 130 includes various values according to the type of block chain technique. For example, the block header unit 130 may include a depth value of a current block, a block hash value of a previous block, a data hash value, a block creation time value, and the like. The depth value of the current block has a value associated with the order number of the current block (n in the case of block 110), the version value of blockchain-related software, the protocol version value, or a combination thereof. The block hash value of the previous block is the block hash value of the block immediately preceding the block in the blockchain. For block 110, the block hash value of block #n-1 (ie, 0xy0...72). The data hash value is determined based on data of one or more transactions stored in the block body unit 140 . The value included in the block header unit 130 is not limited to the above-described example, and may further include a value such as a difficulty setting value (nonce).

The block body 140 may include, for example, one or more transactions such as “transaction n.1”, “transaction n.2”, and the like. The number or size of transactions may be predetermined depending on the implementation. In each transaction, data required according to the implementation of the blockchain may be stored. When a transaction stored in the block body 140 satisfies predetermined conditions such as a predetermined period, a predetermined number of transactions, etc., a data hash value is obtained from values associated with one or more transactions included in the block body 140 . is calculated In some examples, the data hash value may be obtained by calculating a merkle root using a merkle tree structure. Then, based on the various values in the block header unit 130 including the data hash value, the block hash value is calculated, and as a result, the block 110 is generated.

The block 110 generated in this way is transmitted to a node in the blockchain network. On the other hand, the node in the block chain network stores data for the block chain up to the block before the block 110 (ie, block #n-1 in FIG. 1) before the block 110 is received. After the node receives the block 110, it verifies the validity of the received block 110, and if the block 110 is valid, it adds the block 110 to the block chain, and blocks it with other nodes in the block chain. (110) is sent.

2 shows a schematic diagram of a system 200 for managing access rights of data in accordance with at least some embodiments of the present disclosure. An exemplary system 200 according to the present disclosure may include a blockchain network 210 , a user device 220 , and a requestor device 230 . The blockchain network 210 has advantages in terms of operating cost, ease of use, speed, stability, etc. of the system 200 when implemented as a private blockchain in which a predetermined computing device operates as a node, The present disclosure is not limited thereto. Without departing from the technical idea according to the present disclosure, the blockchain network 210 may be implemented in the structure of a public blockchain. Also, in FIG. 1 , the user device 220 and the requestor device 230 are shown as being external to the blockchain network 210 , but the user device 220 and/or the requestor device 230 are connected to the blockchain network ( It is also possible to act as a node of 210). That is, in the following it will be described that the user device 220 and the requestor device 230 generate transaction data to be added to the block chain and transmit it to the block chain network according to some embodiments, while in other embodiments, the user device 220 ) and/or requestor device 230 generates transaction data and creates a block of the blockchain including such transaction data, and it will be appreciated by those skilled in the art that it is also possible to propagate the generated block to other nodes.

In some embodiments, the blockchain network 210 includes one or more nodes 210-1, 210-2, 210-3, 210-4, ... Each of the one or more nodes 210-1, 210-2, 210-3, 210-4, ... may be, for example, a desktop computer, a laptop computer, a smart phone, a tablet computer, a mobile phone, a personal digital assistant (PDA). , a single computing device, such as a special purpose device or a fusion device comprising any of the above functions; Alternatively, it may be a multiple computing configuration including a plurality of computing devices, such as a server farm, a distributed network, or a cloud computing configuration, but is not limited thereto. For example, it is also possible for two or more nodes to be implemented in the form of a virtual node in a single computing device.

In some examples, the user device 220 or the requestor device 230 communicates directly with one of the one or more nodes 210-1, 210-2, 210-3, 210-4, ... to the blockchain network. 210 can be accessed. In some other examples, user device 220 or requestor device 230 is a server (shown) in communication with at least one of one or more nodes 210-1, 210-2, 210-3, 210-4, ... not) to connect to the blockchain network. User device 220 and requestor device 230 may be, for example, desktop computers, laptop computers, smart phones, tablet computers, mobile phones, personal digital assistants (PDAs), special purpose devices, or a fusion comprising any of the above functions. small form factor portable (mobile) electronic devices such as devices, but are not limited thereto.

Each of the one or more nodes 210-1, 210-2, 210-3, 210-4, ... in the blockchain network 210 generates a block, propagates the generated block to other connected nodes, and receives It verifies the block and adds the block. Further, according to an embodiment according to the present disclosure, one or more nodes 210-1, 210-2, 210-3, 210-4, ... or one or more nodes 210-1, 210-2, 210- 3, 210-4, ...), the server, in response to the request of the user device 220 or the requestor device 230, retrieves the data stored in the block in the block chain and returns the data. can

The system 200 according to the present disclosure provides a service capable of registering, searching, and requesting data in the blockchain network 210 . The user device 220 may connect to the blockchain network 210 to use such a service. The service provided through the block chain network 210 may be provided through a web browser, an application application, etc. installed on the user device 220 and the requestor device 230 .

In some embodiments, the user device 220 may register the user with the blockchain network 210 . In some examples, user device 220 may receive, from a user, user registration information, including a user identifier (ID), password, and user information such as, for example, the user's name, address, interests, and the like. In response to receiving such user registration information, the user device 220 may generate an asymmetric key set to be used in the blockchain network 210 , that is, a public key and a private key. The user device 220 may symmetrically encode the private key using the password. The user device 220 may convert the password into a hashed password, that is, a hash code using a hash function. The user device 220 may generate first transaction data including a user ID, a hashed password, a public key, and a symmetrically encoded private key. The user device 220 may transmit the generated first transaction data to the blockchain network 210 , that is, a server or node 210-1, 210-2, 210-3, 210-4, ... . When one of the nodes 210-1, 210-2, 210-3, 210-4, ... receives the first transaction data, it can add a transaction to the block currently being created based on the first transaction data, , then, if the predetermined conditions are satisfied, the block creation can be completed and the created block can be added to the block chain.

Thereafter, the user device 220 may access the blockchain network 210 and log in to the service according to the present disclosure. In some examples, user device 220 may receive a user ID and password from a user. The user device 220 may convert the password into a hashed password using a hash function. The user device 220 may transmit the user ID and the hashed password to the blockchain network 210, and the nodes 210-1, 210-2, 210-3, 210-4, ... in the blockchain network. Either or the server retrieves the user ID and hashed password within the blockchain, and returns the user's public key and symmetrically encoded private key to the user device 220 if the user ID and hashed password are within the blockchain can do. The user device 220 may obtain the user's private key by symmetrically decoding the encoded private key using the password. In this way, the user device 220 may obtain an asymmetric key set by accessing the blockchain network 210 .

In some embodiments, the user device 220 may receive predetermined data from the user and register it in the blockchain network 210 . In some examples, the user device 220 may receive data from the user. The user device 220 may generate a first symmetric key in response to the input of data. In some examples, the first symmetric key may be a value randomly generated using a predetermined function. The user device 220 may symmetrically encode the data using the first symmetric key. The user device 220 may asymmetrically encode the first symmetric key using the user's public key. Thereafter, the user device 220 may generate second transaction data including the symmetrically encoded data and the asymmetrically encoded first symmetric key. In some examples, the second transaction data may further include at least a portion of a name of the material, eg, a serial number of the material, a keyword of the material, information about the material, a user ID, and user information. The user device 220 may transmit the second transaction data to the blockchain network 210, and one of the nodes 210-1, 210-2, 210-3, 210-4, ... Transactions can be added based on data.

In some embodiments, the requestor device 230 may access the blockchain network 210 and display a list of materials registered in the blockchain network 210 . In some examples, the requestor device 230 provides information about each material in the list of materials, eg, the serial number of the material, the name of the material, a keyword of the material, information about the partial content of the material, a user ID, and at least some of the user information. can be displayed. In addition, the requestor device 230 may also display a user interface for selecting each material in the list of materials. Because the data is encoded, the requestor cannot see the content of the data. Accordingly, the requestor may select a particular material to view the content of the particular material, and in response to this selection, the requestor device 230 provides information on the material, such as the requester's ID, the user ID that is the owner of the material, and the serial number of the material. Share request transaction data including a share request including a can be generated and transmitted to the blockchain network 210 .

In some embodiments, the user device 220 may transmit a response to the requestor's sharing request for the material to the blockchain network 210 . The user device 220 may display a share request for the user and a selectable user interface for approving or rejecting the sharing request among one or more sharing requests transmitted to the block chain network 210 . Also, in some examples, the user device 220 may further display a user interface for setting a sharing range in response to the sharing request.

When the user device 220 approves the requester's sharing request by the user's input, the user device 220 may obtain data from the blockchain network 210 . In some examples, the user device 220 may receive the symmetrically encoded material and the asymmetrically encoded first symmetric key from the blockchain network 210 . The user device 220 may obtain the first symmetric key by decoding the asymmetrically encoded first symmetric key using the private key, and may obtain the data by decoding the symmetrically encoded data using the first symmetric key.

The user device 220 may encode the obtained data using the requestor's public key. In some examples, the user device 220 may obtain the requestor's public key from the sharing request in response to approving the requestor's sharing request. In some other examples, the user device 220 may obtain the requestor's public key by requesting the blockchain network 210 . Also, the user device 220 may generate the second symmetric key in response to the approval of the sharing request. The second symmetric key may be a value randomly generated using a predetermined function similar to the first symmetric key. The user device 220 may symmetrically encode the obtained data using the second symmetric key. In some examples in which the sharing range is set, the user device 220 may use the second symmetric key to symmetrically encode the changed data in a state in which a part of the data is disclosed. The user device 220 may asymmetrically encode the second symmetric key using the requestor's public key. The user device 220 may generate third transaction data including information about the requester, such as a requester ID, symmetrically encoded data using the second symmetric key, and the asymmetrically encoded second symmetric key. In some examples, the third transaction data may further include information for identifying the material, such as a serial number of the material, a title of the material, and the like. The user device 220 may transmit the generated third transaction data to the blockchain network 210 . In the above embodiment, an example in which a share request is generated in the requestor device 230 has been described, but the present disclosure is not limited thereto. In some other embodiments, the user device 220 may set the requestor by the user's selection, without receiving a share request from the requestor device 230 , and may generate an approved share request accordingly.

When the user device 220 rejects the sharing request from the requester by the user's input, the user device 220 rejects the information for identifying the data, information about the requester such as the requester ID, and the sharing request. Third transaction data including information indicating the content to be generated may be generated and transmitted to the block chain network 210 .

Then, when the user approves the sharing request, the requestor device 230 uses the second symmetric key included in the third transaction data from the blockchain network 210 to symmetrically-encoded data and asymmetrically-encoded second symmetric data. You can receive the key. The requestor device 230 may obtain the second symmetric key by decoding the asymmetrically encoded second symmetric key using the requestor's private key, and obtain the data by decoding the symmetrically encoded data using the second symmetric key. can do. On the other hand, when the user rejects the sharing request, the requestor device 230 may receive information indicating the content of rejecting the sharing request included in the third transaction data from the block chain network 210, and display it can do.

As described above, according to the present disclosure, by encoding data and registering it in an online blockchain, it is possible to safely store data from attempts to tamper with it without storing it locally. By making the data available for viewing only, it becomes possible for the user to set the scope of the access authority of the data. In addition, since the data is encoded and registered in the blockchain according to the sharing request for the data, it is possible to identify a reliable history of data sharing.

In addition, according to the present disclosure, there is no need to store the public and private keys locally for using the block chain network, so the risk of loss is reduced, and the password is converted into a one-way encrypted hash code with a relatively long length and stored in the block chain network. By doing so, security can be improved.

3 is a block diagram illustrating an apparatus 300 for managing data access rights according to at least some embodiments of the present disclosure. The data access right management device 300 shown in FIG. 3 can manage access rights to the data by registering and sharing the data in the block chain network, for example, like the user device 220 of FIG. 2 , FIG. Like the requestor device 230 of , it is possible to search for data registered in the blockchain network and request sharing of the data. Accordingly, the data access right management device 300 may be, for example, a desktop computer, a laptop computer, a smart phone, a tablet computer, a mobile phone, a personal digital assistant (PDA), a special purpose device, or a fusion device including any of the above functions. It may be a small form factor portable (mobile) electronic device such as, but not limited to.

In some embodiments, the data access right management apparatus 300 is, as shown in FIG. 3 , a request processing unit 310 , an asymmetric coding unit 320 , a symmetric coding unit 330 , a hashing unit 340 and a communication unit ( 350) may be included. The asymmetric coding unit 320 , the symmetric coding unit 330 , and the hashing unit 340 may be collectively referred to as a coding unit. The asymmetric coding unit 320 may include an asymmetric key generator 322 , an asymmetric encoder 324 , and an asymmetric decoder 326 . The symmetric coding unit 330 may include a symmetric key generator 332 , a symmetric encoder 334 , and a symmetric decoder 336 . The communication unit 350 may include a block chain inquiry unit 352 , a transaction data generation unit 354 , and a transaction data transmission unit 356 .

Data access right management device 300 may store one or more programs according to the present disclosure in the internal memory, such one or more programs by the execution of the processor request processing unit 310, asymmetric coding unit 320, symmetric coding unit Operations according to 330 , the hashing unit 340 , and the communication unit 350 may be performed. Although these components 310, 320, 330, 340, and 350 and their subcomponents 322, 324, 326, 332, 334, 336, 352, 354, and 356 are shown as separate components, they do not extend the scope of the disclosed subject matter. It can be separated into additional components or combined or eliminated into fewer components without departing from it. In addition, although the component is illustrated as being implemented by software in FIG. 3 , each function and/or operation of the component may be individually and/or collectively implemented through hardware, software, firmware, or any combination thereof by those skilled in the art. will understand that

The request processing unit 310 is operatively connected to the asymmetric coding unit 320, the symmetric coding unit 330, the hashing unit 350, and the communication unit 350 to receive and transmit various requests and data according to the present disclosure. have. In some embodiments, the request processing unit 310 may receive at least a user identifier (ID) and a password from the user to perform some processing for user registration in the blockchain network. In some embodiments, the request processing unit 310 may receive data from the user and perform some processing for registering the data in the blockchain network according to the present disclosure. In some embodiments, the request processing unit 310 may search for data registered in the blockchain network and perform some processing for requesting specific data. In some embodiments, the request processing unit 310 may perform some processing for approving the data approval request from the requestor and sharing the data.

The asymmetric coding unit 320 may perform various operations related to an asymmetric encryption technique according to the present disclosure. The asymmetric key generating unit 322 may generate a public key and a corresponding private key in response to receiving user registration information with a user identifier (ID) and password as described below. The asymmetric key generator 322 may use, for example, an RSA algorithm. The asymmetric encoder 324 may asymmetrically encode the symmetric key according to the present disclosure using the public key. The asymmetric decoder 324 may asymmetrically decode the symmetric key encoded by the public key using the private key to obtain the symmetric key.

The symmetric coding unit 330 may perform various operations related to a symmetric encryption technique according to the present disclosure. The symmetric key generator 332 may generate a symmetric key in response to receiving data from a user or approving a request for approval of data from a requester, as will be described below. The symmetric key may be a value randomly generated using a predetermined function. Symmetric encoder 334 may symmetrically encode the private key using the password as the symmetric key, as described below. In addition, the symmetric encoder 334 may symmetrically encode data using the symmetric key generated by the symmetric key generator 332 , as will be described below. The symmetric decoder 336 may symmetrically decode the symmetrically encoded private key and data using the symmetric key to obtain the private key and data. Symmetric encoder 334 and symmetric decoder 336 may use, for example, the AES 256 algorithm.

The hashing unit 340 may perform an operation according to the one-way encryption technique according to the present disclosure. The hashing unit 340 may convert the password into a hashed password, that is, a hash code, using a hash function. The hashing unit 340 may use, for example, the SHA 256 algorithm.

The blockchain inquiry unit 352 may inquire data in one or more blocks of the blockchain managed in the blockchain network. The block chain inquiry unit 352 may search for data stored in the block chain through the block chain network and receive the requested data. The transaction data generating unit 354 may generate first to third transaction data and sharing request transaction data according to the present disclosure, and the transaction data transmitting unit may transmit the thus generated transaction data to the blockchain network. According to some embodiments according to the present disclosure, the first transaction data may include a user ID for user registration in the blockchain network, a hashed password, a public key, and a symmetrically encoded private key. The second transaction data may include symmetrically encoded data and asymmetrically encoded first symmetric key for data registration in the blockchain network. In some examples, the second transaction data may further include at least a portion of a name of the material, eg, a serial number of the material, a keyword of the material, information about the material, a user ID, and user information. The third transaction data may include information about the requester, such as a requester ID, symmetrically encoded data using a second symmetric key, and the asymmetrically encoded second symmetric key for sharing data according to an authorization request. In some examples, the third transaction data may further include information for identifying the material, such as a serial number of the material, a title of the material, and the like. The transaction data transmitter 356 may transmit the first to third transaction data to a block chain network, that is, a node in the block chain network or a predetermined server communicating with the node.

Hereinafter, various processes of the data access right management apparatus 300 will be described with reference to FIGS. 4 to 8 . 4 depicts an example process 400 of performing user registration in accordance with at least some embodiments of the present disclosure, FIG. 5 depicts an exemplary process 500 of connecting to a blockchain network, and FIG. 6 is a block diagram Fig. 7 shows an example process 600 for registering data in a chain network, Fig. 7 shows an example process 700 for querying data in a blockchain network, and Fig. 8 shows an example for sharing data with a blockchain requestor A typical process 800 is shown. Each of the processes 400-800 illustrated in FIGS. 4-8 include blocks 410, 420, 430, 440, 450 and/or 460, blocks 510, 520, 530, 540 and/or 550, blocks ( 610, 620, 630, 640, 650 and/or 660, blocks 710, 720, 730, 740 and/or 750, and blocks 810, 820, 830, 840, 850, 860, 870, 880 and/or 890) as illustrated by one or more acts, functions, or acts. On the other hand, the schematic operations illustrated in FIGS. 4 to 8 are provided as examples only, and without departing from the essence of the disclosed embodiment, some of the operations may be optional, may be combined into fewer operations, or additional operations can be expanded to

<Registration of users in the blockchain network>

Referring to FIG. 4 , the process 400 may begin at block 410 of receiving user registration information. In block 410 , the request processing unit 310 may receive user registration information from a user. The user registration information may include a user identifier (ID), a password, and user information such as, for example, the user's name, address, and interests. In some examples, the request processing unit 310 and/or the blockchain inquiry unit 352 may determine whether the user ID and password entered by the user are appropriate. For example, the block chain inquiry unit 352 may determine whether the user ID has already been registered in the block chain network through the communication unit 350, or the request processing unit 310 uses an appropriate algorithm to determine whether the input password is suitable for security (eg, For example, the presence of numbers, letters, and special characters) can be determined. Process 400 may continue from block 410 to block 420 of generating an asymmetric key pair comprising a private key and a public key.

In block 420 , the asymmetric key generator 322 may generate an asymmetric key set to be used in the blockchain network, ie, a public key and a private key of the user, in response to the result of block 410 . Process 400 may continue from block 420 to block 430 of symmetrically encoding the private key.

In block 430 , the symmetric encoder 334 may use the password obtained in block 410 as a symmetric key to symmetrically encode the user's private key generated in block 420 . Process 400 may continue from block 430 to block 440 of converting the password to a hashcode. In block 440, the hashing unit 340 may use a hash function, for example, the SHA 256 algorithm, to convert the password obtained in block 410 into a hashed password, that is, a hash code. Process 400 may continue from block 440 to block 450 of generating first transaction data for user registration.

In block 450 , the transaction data generation unit 354 may generate first transaction data for user registration. The first transaction data includes the user ID input at block 410 , the public key obtained at block 420 , the symmetrically encoded private key obtained at block 430 , and the hashed password obtained at block 440 . can do. Process 400 may continue from block 450 to block 460 sending the first transaction data to the blockchain network. In block 460 , the transaction data transmitter 356 may transmit the first transaction data to a node in the blockchain network or a server communicating with the node. As a result, the transmitted first transaction data is received by a node in the blockchain network, and the node can add the data included in the first transaction data as a new transaction in the block.

<User access to the blockchain network>

Referring to FIG. 5 , process 500 may begin at block 510 in which a user ID and password are input. In block 510, the user may input a user ID and password to access the service provided by the blockchain network, and the request processing unit 310 may receive the user ID and password from the user. Process 500 may continue from block 510 to block 520 of converting the password to a hashcode. In block 510 , the hashing unit may convert the password input in block 510 into a hashed password using a hash function. Process 500 may continue from block 520 to block 530 retrieving the user ID and hashcode from the blockchain network.

In block 530, the blockchain inquiry unit 352 searches whether the user ID received in block 510 and the hashed password obtained in block 520 are registered in the blockchain network. If the user ID and hashed password are registered within the blockchain network, i.e., if the user ID and password entered by the user are valid, then process 500 proceeds to block 530 receiving the encoded private key from block 530 ( 540). In block 540, the blockchain inquiry unit 352 may receive the user's public key and symmetrically encoded private key from the blockchain network. Process 500 may continue to block 550 where the private key is obtained from block 540 . At block 500 , the symmetric decoder 336 may use the password received at block 510 as a symmetric key to decode the symmetrically encoded private key received at block 540 to obtain the private key.

<Registration of data to the blockchain network>

Referring to FIG. 6 , the process 600 may begin at block 610 for receiving a user ID and password for receiving data. In block 610 , the request processing unit 310 may receive data from a user. Process 600 may continue from block 610 to block 620 of generating a first symmetric key. In block 620 , the symmetric key generator 332 may generate a first symmetric key in response to the result of block 610 . The first symmetric key may be a value randomly generated using a predetermined function. Process 600 may continue from block 620 to block 630 of symmetrically encoding the material using the first symmetric key.

At block 630 , the symmetric encoder 334 may symmetrically encode the data received at block 610 using the first symmetric key generated at block 620 . Process 600 may continue from block 630 to block 640 of asymmetrically encoding the first symmetric key using the public key, at block 640 where the asymmetric encoder 324 uses the user's public key. Thus, the first symmetric key generated in block 620 may be asymmetrically encoded. Since data is symmetrically encoded using a symmetric key and a symmetric key having a relatively small size is asymmetrically encoded, the time required for encoding/decoding may be shorter than when data is asymmetrically encoded. In addition, since the data is encoded starting from the public key, a third party without the private key cannot see the contents of the data. Process 600 may continue from block 640 to block 650 of generating second transactional data for the material.

In block 650 , the transaction data generation unit 354 may generate second transaction data for data. The second transaction data includes at least the symmetrically encoded material obtained at block 630 and the asymmetrically encoded first symmetric key obtained at block 640 . In some examples, the second transaction data is at least one of a name of the material, e.g., a serial number of the material, a keyword of the material, information about the material, a user ID, and user information, so as to facilitate retrieval of the material in the future blockchain network. Some may be further included. Process 600 continues from block 650 to block 660 of transmitting the second transaction data to the blockchain network, at block 660, the transaction data transmitting unit 356 sends the second transaction data to the blockchain network. It can be sent to a node in the network or to a server that communicates with the node. As a result, the transmitted second transaction data is received by a node in the blockchain network, and the node can add the data included in the second transaction data as a new transaction in the block.

<Inquiry of data in the blockchain network>

Referring to FIG. 7 , process 700 may begin at block 710 of querying a list of registered materials in the blockchain network. A user such as the requester of the requestor device 230 of FIG. 2 may wish to access the blockchain network to inquire data, and in block 710 , the blockchain inquiry unit 352 may include one or more registered in the blockchain network. A list of materials may be searched, and the request processing unit 310 may cause the data access authority management apparatus 300 to display information of each material in the list. The information of the data may include, for example, a serial number of the data, the name of the data, a keyword of the data, information about a part of the data, a user ID, and at least a part of user information. In addition, the request processing unit 310 may also display a user interface that allows the data access right management apparatus 300 to select each displayed material. Process 700 may continue from block 710 to block 720 selecting a particular material from the list of materials.

In block 720, the user, through a user interface as described in block 710, to obtain a particular material, a specific material from the list of materials shown in block 710, for example, the first material described in FIG. 2 You can select the data included in the transaction data. Process 700 may continue from block 720 to block 730 where the requestor's sharing request for the material is sent to the blockchain network. In block 730, the transaction data generation unit 354 responds to the result of block 720, the user ID of the user (the requestor's ID), the user ID of the registrant of the material and the serial number of the material, the identifier of the material, etc. It is possible to create shared request transaction data including information of the same material. The transaction data transmitter 356 may transmit the sharing request transaction data to the blockchain network. In some examples, the sharing request transaction data is consequently received from a node in the blockchain network, and the node can add the data included in the transaction data in the sharing request as a new transaction in the block, while requesting the registrant of the material to share this is sent In some examples, after block 730 , the registrant of the material approves the sharing request, and registers the third transaction data including the encoded material on the blockchain network, as detailed in FIG. 8 . can do. After the third transaction data is registered, the process 700 may be resumed at block 740 where the private key is obtained by accessing the blockchain network.

At block 740, the user may access the blockchain network using the user ID and password, and obtain a private key. The description of obtaining the private key is omitted because it overlaps with the description of the process 500 of FIG. 5 . Process 700 may continue from block 740 to block 750 of obtaining material included in the third transaction data based on the private key.

In block 750, the blockchain inquiry unit 352 may receive the encoded data included in the third transaction data from the blockchain network. In some examples, the blockchain inquiry unit 352 may obtain the symmetrically encoded data and the asymmetrically encoded second symmetric key with the user's public key from the blockchain network. The asymmetric decoder 326 may obtain a second symmetric key using the user's private key obtained in block 740 , and the symmetric decoder 336 may obtain data using the second symmetric key.

<Sharing data through blockchain network>

Referring to FIG. 8 , the process 800 may start at block 810 in which a private key and a public key are obtained by accessing the blockchain network. A detailed description of the acquisition of the private key and the public key is omitted because it overlaps with the description of the process 500 of FIG. 5 . Process 800 may continue from block 810 to block 820 granting a share request for material from the requestor. In block 820 , the request processing unit 310 may receive a response from the user that approves the requester's request for sharing the data. In some examples, the request processing unit 310 may cause the data access right management device 300 to display a list of sharing requests requesting sharing for the data registered by the user in the block chain network. Also, the request processing unit 310 may display a selectable user interface that can approve or reject each of the displayed sharing requests. In some examples, the request processing unit 310 may receive a user input defining the scope of sharing from the user. When the request processing unit 310 receives an input from the user authorizing the requestor's sharing request, the process 800 may continue from block 820 to block 830 for obtaining the encoded material and the requestor's public key. have.

In block 830 , the blockchain inquiry unit 352 may obtain data corresponding to the request and the requester's public key from the blockchain network in response to the user's approval of the sharing request in block 820 . . In some examples, the blockchain inquiry unit 352 may search for and receive encoded data registered in the blockchain based on the information of the data included in the sharing request, for example, the serial number of the data or the identifier of the data. . The encoded material may include symmetrically encoded material and asymmetrically encoded first symmetric key. In some examples, the blockchain inquiry unit 352 may also receive the requestor's public key from the blockchain network based on the requester ID of the requestor included in the sharing request, and the like. In some other examples, the requestor's public key may have already been included in the sharing request, and the request processing unit 310 may obtain the requestor's public key from the sharing request. Process 800 may continue from block 830 to block 840 of obtaining a first symmetric key and material based on the private key.

In block 840, the asymmetric decoder 326 may use the user's private key to decode the asymmetrically encoded first symmetric key to obtain the first symmetric key. The symmetric decoder 336 may obtain data by decoding the symmetrically encoded data using the first symmetric key. Process 800 may continue from block 840 to block 850 of generating a second symmetric key.

In block 850 , the symmetric key generator 332 may generate a second symmetric key in response to the acquisition of data in block 840 . The second symmetric key may be a value randomly generated using a predetermined function. Process 800 may continue from block 850 to block 860 of symmetrically encoding the material using the second symmetric key. At block 860 , the symmetric encoder 336 may symmetrically encode the data obtained at block 840 using the second symmetric key obtained at block 850 . In some instances where the request processing unit 310 receives user input delimiting the share from a user, the request processing unit 310 may process the material, eg, to produce a material that is in part public, and a symmetric encoder 336 . ) can encode the generated material so that some are made public. Process 800 may continue from block 860 to block 870 asymmetrically encode a second symmetric key using the requestor's public key, at block 870, asymmetric encoder 324 to block 830 The second symmetric key generated in block 840 may be asymmetrically encoded using the requestor's public key obtained in . Since data is symmetrically encoded using a symmetric key and a symmetric key having a relatively small size is asymmetrically encoded, the time required for encoding/decoding may be shorter than when data is asymmetrically encoded. In addition, since the data is encoded starting from the requestor's public key, a third party without the requester's private key cannot see the contents of the data. Process 800 may continue from block 870 to block 880 of generating third transactional data for the sharing of material.

In block 880, the transaction data generation unit 354 may generate third transaction data for data sharing. The third transaction data includes at least the symmetrically encoded material obtained at block 860 and the asymmetrically encoded second symmetric key obtained at block 870 . In some examples, the third transaction data may further include information for identifying the material, such as a serial number of the material, a title of the material, and the like. Process 800 continues from block 880 to block 890 transmitting the third transaction data to the blockchain network, at block 890, the transaction data transmitter 356 sends the third transaction data to the blockchain network. It can be sent to a node in the network or to a server that communicates with the node. The transmitted third transaction data is eventually received by a node in the blockchain network, and the node can add the data included in the third transaction data as a new transaction in the block.

9 illustrates an example computer program product 900 that may be used to manage data access rights in accordance with at least some embodiments of the present disclosure. An exemplary embodiment of an exemplary computer program product is provided using a signal bearing medium 910 . In some embodiments, the signal bearing medium 910 of the one or more computer program products 900 may include a computer readable medium 930 and/or a recordable medium 940 .

Instructions 920 contained in signal bearing medium 910 may be executed by computing devices such as user device 220 , requestor device 230 , and data access right management device 300 . When the instruction 920 is executed, one or more instructions for causing the computing device to approve the requestor's sharing request for material encoded based on the user's public key and registered in the blockchain network; in response to the authorization, one or more instructions for obtaining material from the blockchain network; in response to the authorization, one or more instructions for generating a first symmetric key; one or more instructions for generating first transaction data including encoded material using the first symmetric key and the requestor's public key; and at least one of one or more instructions for transmitting the generated first transaction data to the blockchain network.

10 is a block diagram of an example embodiment of a computing device 1000 arranged in accordance with at least some embodiments of the present disclosure. In one exemplary basic configuration 1002 , computing device 1000 may include one or more processors 1004 and system memory 1006 . A memory bus 1008 may be used to communicate between the processor 1004 and the system memory 1006 .

Depending on the configuration required, the processor 1004 may be of any type including, but not limited to, a microprocessor (μP), a microcontroller (μC), a digital signal processor (DSP), or any combination thereof. The processor 1004 may include one or more levels of cache, such as a level 1 cache 1010 , a level 2 cache 1012 , a processor core 1014 , and a register 1016 . The processor core 1014 may include an arithmetic logic unit (ALU), a floating point unit (FPU), a digital signal processing core (DSP Core), or any combination thereof. Memory controller 1018 may also be used with processor 1004 , or in some implementations memory controller 1018 may be an internal part of processor 1004 .

Depending on the configuration required, system memory 1006 can be of any type including, but not limited to, volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. does not System memory 1006 may include an operating system 1020 , one or more applications 1022 , and program data 1024 . The application 1022 includes the functional blocks described with respect to the user device 220 and the requestor device 230 of FIG. 1 and/or the data access right management device 300 of FIG. 3 and/or the process of FIGS. 4 to 8 and and/or algorithms 1026 arranged to perform functions as described herein, including actions. The program data 1024 may include data 1028 for use with the algorithm 1026 , eg, data corresponding to a static network environment, or the like. In some embodiments, application 1022 may be arranged to operate with program data 1024 on operating system 1020 such that an implementation for determining an optimal transfer environment may be provided as described herein. For example, system 200 may include all or part of computing device 1000 and perform all or part of application 1022 such that an implementation that determines an optimal transmission environment may be provided as described herein. it may be possible to This described basic configuration is illustrated by its components within dashed line 1002 in FIG. 10 .

Computing device 1000 may have additional features or functionality, and additional interfaces, to facilitate communication between basic configuration 1002 and any desired devices and interfaces. For example, bus/interface controller 1030 may be used to facilitate communication between basic configuration 1002 and one or more data storage devices 1032 over storage interface bus 1034 . The data storage device 1032 may be a removable storage device 1036 , a fixed storage device 1038 , or a combination thereof. Magnetic disk devices such as flexible disk drives and hard disk drives (HDDs), compact disk (CD) drives, or digital versatile disk (DVD) drives, to name a few examples of removable and fixed storage devices. such as optical disk drives, solid state drives (SSDs), and tape drives. Exemplary computer storage media includes volatile and nonvolatile removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules, or other data. can do.

System memory 1006 , removable storage 1036 , and non-removable storage 1038 are all examples of computer storage media. Computer storage media may include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical storage device, magnetic cassette, magnetic tape, magnetic disk storage device or other magnetic storage device, or including, but not limited to, any other medium that may be used to store the required information and that may be accessed by the computing device 1000 . Any such computer storage media may be part of computing device 1000 .

The computing device 1000 also provides an interface bus 1042 for facilitating communication from various interface devices (eg, output interfaces, peripheral interfaces, and communication interfaces) to the basic configuration 1002 via the bus/interface controller 1042 . ) may be included. The exemplary output device 1042 may include a graphics processing unit 1048 and an audio processing unit 1050 , which communicate via one or more A/V ports 1052 to various external devices, such as displays or speakers. can be configured. Exemplary peripheral interface 1044 may include serial interface controller 1054 or parallel interface controller 1056 , which may include input devices (eg, keyboard, mouse, pen, It may be configured to communicate with an external device, such as a voice input device, a touch input device, etc.) or other peripheral device (eg, a printer, scanner, etc.). The exemplary communication device 1046 includes a network controller 1060 , which may be arranged to facilitate communication with one or more other computing devices 1062 over network communications via one or more communication ports 1064 .

Computing device 1000 may also be implemented as a personal computer including both laptop computer and non-laptop computer configurations. Additionally, computing device 1000 may be implemented as part of a wireless base station or other wireless system or device.

The above description of the present application is for illustration, and those of ordinary skill in the art to which the present application pertains will understand that it can be easily modified into other specific forms without changing the technical spirit or essential features of the present application. Therefore, it should be understood that the embodiments described above are illustrative in all respects and not restrictive. For example, each component described as a single type may be implemented in a distributed manner, and likewise components described as distributed may also be implemented in a combined form.

Above, the object to be claimed in the present disclosure has been specifically examined. The claimed subject matter in this disclosure is not limited in scope to the specific embodiments described above. For example, in some implementations it may be in the form of hardware used operably on a device or combination of devices, in other implementations it may be implemented in the form of software and/or firmware, and in still other implementations it may be in the form of a signal bearing medium; may include one or more articles, such as storage media. Here, a storage medium such as a CD-ROM, a computer disk, a flash memory, etc. is, for example, instructions that, when executed by a computing device such as a computing system, computing platform, or other system, may cause the processor to execute according to the embodiments described above. can be saved. Such computing devices may include one or more processing units or processors, one or more input/output devices such as a display, keyboard and/or mouse, and one or more memory such as static random access memory, dynamic random access memory, flash memory and/or hard drives. may include.

In the foregoing detailed description, various embodiments of apparatus and/or processes have been described by way of block diagrams, flow diagrams, and/or other examples. Such block diagrams, flow diagrams, and/or other examples will include one or more functions and/or operations, and those skilled in the art will recognize that each function and/or operation within the block diagrams, flow diagrams, and/or other examples may be implemented in hardware, software, firmware, Or it will be understood that they may be implemented individually or collectively by any combination thereof. In one embodiment, some portions of the subject matter described in the present disclosure may be implemented through an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), or other form of integration. In contrast, some aspects of embodiments of the present disclosure include one or more computer programs running on one or more computers (eg, one or more programs running on one or more computer systems), one or more programs running on one or more processors ( writing code for software and/or firmware, which may be equally implemented in whole or in part as, for example, one or more programs running on one or more microprocessors), firmware, or substantially any combination thereof; and/or the design of the circuit is within the skill of those skilled in the art in light of the present disclosure. In addition, those skilled in the art will understand that the mechanisms of the subject matter of this disclosure may be distributed in various forms of program products, and the examples of the subject matter of this disclosure apply irrespective of the particular type of signal bearing medium used to actually perform the distribution. will understand

While specific exemplary techniques have been described and illustrated herein using various methods and systems, those skilled in the art will understand the possibility of various other modifications or equivalents permutations without departing from the claimed subject matter. Additionally, many modifications may be made to adapt a particular situation to the teachings of the claimed subject matter without departing from the central concepts described herein. Accordingly, it is intended that claimed subject matter not be limited to the specific examples disclosed, but that such claimed subject matter may also include all embodiments falling within the scope of the appended claims and their equivalents.

The scope of the present disclosure is indicated by the following claims rather than the above detailed description, and all changes or modifications derived from the meaning and scope of the claims, and their equivalents should be construed as being included in the scope of the present application. do.

Claims (11)

A method for managing data access rights, performed on a user's computing device, comprising:
an approval step of approving the requester's sharing request for the data encoded on the basis of the user's public key and registered in the blockchain network;
a data recovery step of obtaining data from the blockchain network in response to the approval step;
a first symmetric key generation step of generating a first symmetric key in response to the approval step;
a first transaction data generating step of generating first transaction data including the encoded data by using the first symmetric key and the requestor's public key; and
Shared data registration step of transmitting the generated first transaction data to the blockchain network
A method for managing data access rights, including According to claim 1,
Before the approval step, an asymmetric key acquisition step of accessing the block chain network to obtain the user's public key and private key
A method for managing data access rights further comprising a. 3. The method of claim 2,
The asymmetric key acquisition step is
accessing the blockchain network using a user identifier (ID) and password;
in response to the connection, receiving an encoded private key and a public key of the user; and
and obtaining the user's private key from the encoded private key using the password. 3. The method of claim 2,
Before the asymmetric key acquisition step, a user registration step of registering information about the user in the block chain network
Further comprising, the user registration step
receiving user registration information including a user identifier (ID) and a password from the user;
generating the public key and the private key of the user in response to receiving the user registration information;
symmetrically encoding the private key using the password;
converting the password into a hashed password using a hash function;
generating second transaction data including the user ID, the public key, the encoded private key, and the hashed password; and
Transmitting the second transaction data to the blockchain network, data access rights management method comprising the step of. 3. The method of claim 1 or 2,
Before the approval step, a data registration step of registering the data in the blockchain network
Further comprising, the data registration step
receiving the data from the user;
generating a second symmetric key in response to the receiving of the input;
symmetrically encoding the data using the second symmetric key;
asymmetrically encoding the second symmetric key using the user's public key;
generating third transaction data including the symmetrically encoded material and the asymmetrically encoded second symmetric key; and
Data access authority management method comprising the step of transmitting the generated third transaction data to the blockchain network. 3. The method of claim 1 or 2,
The data recovery step is
receiving symmetrically encoded data and asymmetrically encoded first symmetric key from the blockchain network; and
using the user's private key to decode the asymmetrically encoded first symmetric key to obtain a first symmetric key; and
Using the first symmetric key, decoding the symmetrically encoded data to obtain data, data access right management method. 3. The method of claim 1 or 2,
The first transaction data generation step includes:
symmetrically encoding the data obtained in the data recovery step by using the first symmetric key;
asymmetrically encoding the first symmetric key using the requestor's public key; and
and generating the first transaction data including information about the requestor, symmetrically encoded data using the first symmetric key, and the asymmetrically encoded first symmetric key. A data access right management device, comprising:
a communication unit configured to access the blockchain network, retrieve transaction data stored in the blockchain, and generate and transmit transaction data;
a coding unit configured to perform symmetric encoding, symmetric decoding, asymmetric encoding, and asymmetric decoding; and
a request processing unit coupled to the communication unit and the coding unit and configured to receive a user input
including,
The coding unit is configured to generate a first symmetric key, encode data based on the first symmetric key and the user's public key, and the communication unit transmits first transaction data including the encoded data to the blockchain network. configured to register,
When the communication unit receives a request for sharing of the data included in the first transaction data, and the request processing unit receives, from the user, a user input for approving the share request of the requester,
the communication unit receives the encoded data from the blockchain network;
the coding unit obtains data from the encoded data, generates a second symmetric key, and encodes the data using the second symmetric key and the requestor's public key; and
The communication unit generates second transaction data including the encoded data by using the second symmetric key and the requestor's public key and transmits the generated second transaction data to the blockchain network. Access rights management device. 9. The method of claim 8,
When the request processing unit receives a user identifier (ID) and password from the user,
The communication unit connects to the blockchain network using the user ID and the password, and in response to the connection, receives the encoded private key and the public key of the user from the blockchain network,
The coding unit to obtain the user's private key from the encoded private key by using the password, data access rights management device. 10. The method according to claim 8 or 9,
In generating the first transaction data,
The request processing unit receives the data from the user,
the coding unit generates the first symmetric key in response to the reception of the data by the request processing unit; symmetrically encode the data using the first symmetric key; and asymmetrically encode the first symmetric key using the user's public key,
The communication unit will generate the first transaction data including the symmetrically encoded data and the asymmetrically encoded first symmetric key, data access rights management device. A computer-readable storage medium storing a data access right management program, comprising:
When the data access right management program is executed by a computing device,
an approval operation of approving the requestor's sharing request for data encoded based on the user's public key and registered in the blockchain network;
a data recovery operation for obtaining data from the blockchain network in response to the approval operation;
a first symmetric key generation operation of generating a first symmetric key in response to the approval operation;
a first transaction data generating operation of generating first transaction data including the encoded data by using the first symmetric key and the requestor's public key; and
Shared data registration operation for transmitting the generated first transaction data to the blockchain network
A computer-readable storage medium comprising one or more instructions for performing

Images