TW201944758A - Non-centralized data certificate and verification system with NFC secure element and method thereof - Google Patents

Non-centralized data certificate and verification system with NFC secure element and method thereof Download PDF

Info

Publication number
TW201944758A
TW201944758A TW107112561A TW107112561A TW201944758A TW 201944758 A TW201944758 A TW 201944758A TW 107112561 A TW107112561 A TW 107112561A TW 107112561 A TW107112561 A TW 107112561A TW 201944758 A TW201944758 A TW 201944758A
Authority
TW
Taiwan
Prior art keywords
data
certificate
verification
hash value
module
Prior art date
Application number
TW107112561A
Other languages
Chinese (zh)
Other versions
TWI650991B (en
Inventor
劉秋宗
張家棟
夏希璿
連子淳
黃昭綺
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW107112561A priority Critical patent/TWI650991B/en
Application granted granted Critical
Publication of TWI650991B publication Critical patent/TWI650991B/en
Publication of TW201944758A publication Critical patent/TW201944758A/en

Links

Abstract

A non-centralized data certificate and verification system with NFC secure element and a method thereof are disclosed. The method comprises: storing certificate data and a feature value by a NFC secure element of a mobile device; performing a hash operation of the certificate data and the feature value to generate a certificate data hash value by a certificate module; recording the certificate data hash value to provide a block record and a position record by a non-centralized blockchain service module, and then storing the block record and the position record into the NFC secure element; and obtaining verification data, the feature value, the block record and the position record by a verification module, and then obtaining the certificate data hash value according the block record and the position record from the non-centralized blockchain service module, performing a hash operation of the verification data and the feature value to generate a verification data hash value, and then comparing the verification data hash value with the certificate data hash value to send a comparing result of the verification data hash value and the certificate data hash value to the mobile device.

Description

具NFC安全元件之非集中式資料存證與驗證系統及其方法    Non-centralized data storage and verification system with NFC security element and method thereof   

本發明係關於一種資料存證與驗證之技術,特別是指一種具近場通訊(Near Field Communication,NFC)安全元件之非集中式資料存證與驗證系統及其方法。 The present invention relates to a technology for data storage and verification, and in particular to a non-centralized data storage and verification system with near field communication (NFC) security elements and a method thereof.

在現有技術有關資料之存證或驗證作業中,通常需以公正第三方儲存資料或相關特徵資訊,並經由公正第三方協助才能對資料進行存證或驗證。 In the prior art for the certification or verification of related data, it is usually necessary to store the data or related characteristic information with an impartial third party, and to assist in the certification or verification of the data with the assistance of an impartial third party.

再者,現有技術另提出一種基於NFC之區塊鏈物流溯源跟蹤防偽方法,其提供可公開認證之區塊鏈後台系統、區塊鏈閘道系統、移動智慧讀寫終端、快取資料庫、NFC(IC)或內置NFC(IC)卡防偽標籤,透過公開金鑰與私密金鑰方法以NFC裝置進行防偽標籤之讀取,並透過公開金鑰與私密金鑰將防偽標籤內含之資料變動流程記錄至區塊鏈,再透過區塊鏈建立物件履歷追蹤。 Furthermore, the prior art also proposes an NFC-based blockchain logistics traceability tracking and anti-counterfeiting method, which provides a publicly certifiable blockchain back-end system, a blockchain gateway system, a mobile smart read-write terminal, a cache database, NFC (IC) or built-in NFC (IC) card anti-counterfeit tag, read the anti-counterfeit tag with NFC device through public key and private key method, and change the data contained in the anti-counterfeit tag with public key and private key The flow is recorded to the blockchain, and the object history is tracked through the blockchain.

然而,上述現有技術需經由公正第三方協助才能對資 料進行存證或驗證,也無法快速且有效地對資料進行完整性記錄、存證與驗證。 However, the above-mentioned existing technologies require the assistance of a fair third party in order to document or verify the data, nor can they quickly and effectively perform complete record, certificate, and verification of the data.

因此,如何解決上述現有技術之缺點,實已成為本領域技術人員之一大課題。 Therefore, how to solve the above-mentioned shortcomings of the prior art has become a major issue for those skilled in the art.

本發明提供一種具NFC(近場通訊)安全元件之非集中式資料存證與驗證系統及方法,其可將具有NFC安全元件之行動裝置結合存證模組、驗證模組、雜湊運算及非集中式區塊鏈服務對資料進行存證與驗證。 The invention provides a non-centralized data storage and verification system and method with an NFC (Near Field Communication) security element, which can combine a mobile device with an NFC security element with a storage module, a verification module, a hash operation and a non- The centralized blockchain service performs certificate and verification of data.

本發明中具NFC安全元件之非集中式資料存證與驗證系統包括:具有NFC安全元件之行動裝置,係儲存存證資料與特徵值;存證模組,係將NFC安全元件所儲存之存證資料與特徵值進行雜湊運算以產生存證資料雜湊值;非集中式區塊鏈服務模組,係記錄來自存證模組之存證資料雜湊值,進而提供存證資料雜湊值之區塊紀錄與位置紀錄,俾透過存證模組將存證資料雜湊值之區塊紀錄與位置紀錄傳送至行動裝置而儲存於NFC安全元件中;以及驗證模組,係取得NFC安全元件所儲存之驗證資料、特徵值、區塊紀錄與位置紀錄,且驗證資料相同或不同於存證資料,其中,驗證模組依據來自NFC安全元件之區塊紀錄與位置紀錄向非集中式區塊鏈服務模組取得存證資料雜湊值,進而將來自NFC安全元件之驗證資料與特徵值進行雜湊運算以產生驗證資料雜湊值,驗證模組再將驗證資料雜湊值與非集中式區塊鏈服務模組所記錄之存證資料雜湊值 進行比對,俾將比對結果傳送至行動裝置。 The non-centralized data storage and verification system with an NFC security element in the present invention includes: a mobile device with an NFC security element, which stores the storage data and characteristic values; and a storage module, which stores the storage of the NFC security element. The hash data of the certificate data and characteristic values are hashed to generate the hash value of the certificate data; the non-centralized blockchain service module records the hash value of the certificate data from the certificate module, and then provides a block of the hash value of the certificate data Records and location records: The block records and location records of the hash value of the certificate data are transmitted to the mobile device through the certificate storage module and stored in the NFC secure element; and the authentication module obtains the authentication stored by the NFC secure element Data, characteristic values, block records and location records, and the verification data is the same or different from the certificate data, where the verification module sends a non-centralized blockchain service module based on the block records and location records from the NFC secure element Obtain the hash value of the certificate data, and then hash the verification data and characteristic values from the NFC secure element to generate a hash value of the verification data. Hash value of data as evidence information and the hash value of the non-centralized services module block chain of the recorded for comparison, to serve than the results transmitted to the mobile device.

本發明中具NFC安全元件之非集中式資料存證與驗證方法包括下列步驟:由行動裝置之NFC安全元件儲存存證資料與特徵值;由存證模組將NFC安全元件所儲存之存證資料與特徵值進行雜湊運算以產生存證資料雜湊值;由非集中式區塊鏈服務模組記錄來自存證模組之存證資料雜湊值,進而提供存證資料雜湊值之區塊紀錄與位置紀錄,俾透過存證模組將存證資料雜湊值之區塊紀錄與位置紀錄傳送至行動裝置而儲存於NFC安全元件中;由驗證模組取得NFC安全元件所儲存之驗證資料、特徵值、區塊紀錄與位置紀錄,且驗證資料相同或不同於存證資料;以及由驗證模組依據來自NFC安全元件之區塊紀錄與位置紀錄向非集中式區塊鏈服務模組取得存證資料雜湊值,進而將來自NFC安全元件之驗證資料與特徵值進行雜湊運算以產生驗證資料雜湊值,驗證模組再將驗證資料雜湊值與非集中式區塊鏈服務模組所記錄之存證資料雜湊值進行比對,俾將比對結果傳送至行動裝置。 The non-centralized data certification and verification method with an NFC security element in the present invention includes the following steps: storing the certification data and characteristic values by the NFC security element of the mobile device; and storing the certificate stored by the NFC security element by the certification module The data and characteristic values are hashed to generate the certificate data hash value; the non-centralized blockchain service module records the hash value of the certificate data from the certificate module, and then provides the block record and the hash value of the certificate data. Location record: The block record and location record of the hash value of the certificate data are transmitted to the mobile device through the certificate storage module and stored in the NFC secure element; the authentication module obtains the authentication data and characteristic values stored by the NFC secure element , Block record and location record, and the verification data is the same or different from the certificate data; and the verification module obtains the certificate data from the non-centralized blockchain service module according to the block record and location record from the NFC secure element Hash value, and then hashing the authentication data and characteristic values from the NFC secure element to generate a hash value of the authentication data, and the authentication module As evidence information hash value chain blocks and decentralized service module to compare the records of, to serve than the results sent to mobile devices.

為讓本發明之上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明。在以下描述內容中將部分闡述本發明之額外特徵及優點,且此等特徵及優點將部分自所述描述內容顯而易見,或可藉由對本發明之實踐習得。本發明之特徵及優點借助於在申請專利範圍中特別指出的元件及組合來認識到並達到。應理解,前文一般描述與以下詳細描述兩者均僅為例示性及解釋性的,且 不欲約束本發明所主張之範圍。 In order to make the above features and advantages of the present invention more comprehensible, embodiments are described below in detail with reference to the accompanying drawings. Additional features and advantages of the present invention will be partially explained in the following description, and these features and advantages will be partially obvious from the description, or may be learned through practice of the present invention. The features and advantages of the invention are realized and achieved by means of elements and combinations specifically pointed out in the scope of the patent application. It should be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not intended to limit the scope of the invention as claimed.

1‧‧‧具NFC安全元件之非集中式資料存證與驗證系統 1‧‧‧ Non-centralized data storage and verification system with NFC security element

10‧‧‧行動裝置 10‧‧‧ mobile device

11‧‧‧資料存證模組 11‧‧‧Data Deposit Module

12‧‧‧NFC安全元件 12‧‧‧NFC Secure Element

13‧‧‧資料驗證模組 13‧‧‧Data Verification Module

20‧‧‧存證作業伺服器 20‧‧‧Certificate server

21‧‧‧存證模組 21‧‧‧Deposit module

30‧‧‧非集中式區塊鏈服務模組 30‧‧‧ Decentralized Blockchain Service Module

31‧‧‧區塊鏈資料記錄單元 31‧‧‧blockchain data recording unit

32‧‧‧區塊鏈核心記錄單元 32‧‧‧ Blockchain Core Recording Unit

33‧‧‧區塊鏈資料取得單元 33‧‧‧Blockchain data acquisition unit

40‧‧‧驗證作業伺服器 40‧‧‧verification server

41‧‧‧驗證模組 41‧‧‧Verification Module

AD‧‧‧位置紀錄 AD‧‧‧Location History

BL‧‧‧區塊紀錄 BL‧‧‧ Block Record

D‧‧‧存證資料 D‧‧‧Documentary Information

D'‧‧‧驗證資料 D'‧‧‧ Verification Information

F‧‧‧特徵值 F‧‧‧ characteristic value

H‧‧‧存證資料雜湊值 H‧‧‧Hash value of certificate data

H'‧‧‧驗證資料雜湊值 H'‧‧‧ hash value of verification data

S1至S9‧‧‧步驟 Steps S1 to S9‧‧‧‧

第1圖係繪示本發明中具NFC安全元件之非集中式資料存證與驗證系統之示意架構圖;以及第2圖係繪示本發明中具NFC安全元件之非集中式資料存證與驗證方法之示意流程圖。 FIG. 1 is a schematic architecture diagram of a non-centralized data storage and verification system with NFC security elements in the present invention; and FIG. 2 is a diagram of a non-centralized data storage and verification system with NFC security elements in the present invention. Schematic flowchart of the verification method.

以下藉由特定的具體實施形態說明本發明之實施方式,熟悉此技術之人士可由本說明書所揭示之內容輕易地了解本發明之其他優點與功效,亦可藉由其他不同的具體實施形態加以施行或應用。 The following describes the embodiments of the present invention with specific specific implementation forms. Those skilled in the art can easily understand other advantages and effects of the present invention from the content disclosed in this description, and can also be implemented by other different specific implementation forms. Or apply.

第1圖係繪示本發明中具NFC(近場通訊)安全元件之非集中式資料存證與驗證系統1之示意架構圖。如圖所示,具NFC安全元件之非集中式資料存證與驗證系統1可包括行動裝置10、存證模組21、非集中式區塊鏈服務模組30與驗證模組41。 FIG. 1 is a schematic architecture diagram of a non-centralized data storage and verification system 1 with an NFC (Near Field Communication) security element in the present invention. As shown in the figure, the non-centralized data storage and verification system 1 with an NFC security element may include a mobile device 10, a storage module 21, a non-centralized blockchain service module 30, and a verification module 41.

行動裝置10可例如為智慧手機、平板電腦或筆記型電腦等,並具有資料存證模組11、NFC安全元件12與資料驗證模組13。資料存證模組11可以儲存存證資料D與特徵值F,且特徵值F可為行動裝置10或NFC安全元件12之特徵值,如識別碼(ID)等可識別上述行動裝置10或NFC安全元件12之碼。存證模組21與驗證模組41可位於同一伺服器或不同伺服器中,例如,本實施例之存證模組21與驗證模組41係分別位於存證作業伺服器20與驗證作業 伺服器40中。而在另一實施例中,存證模組21與驗證模組41可位於相同作業伺服器。 The mobile device 10 may be, for example, a smart phone, a tablet computer, or a notebook computer, and has a data storage module 11, an NFC secure element 12, and a data verification module 13. The data storage module 11 can store the storage data D and the characteristic value F, and the characteristic value F can be the characteristic value of the mobile device 10 or the NFC secure element 12, such as an identification code (ID), which can identify the mobile device 10 or NFC. The size of the secure element 12. The certificate storage module 21 and the verification module 41 may be located on the same server or different servers. For example, the certificate storage module 21 and the verification module 41 in this embodiment are located on the certificate storage server 20 and the verification operation server, respectively.器 40 中。 In the device 40. In another embodiment, the certificate storage module 21 and the verification module 41 may be located on the same operation server.

非集中式區塊鏈服務模組30可為分散式架構並由多台伺服器串接而成,且非集中式區塊鏈服務模組30可具有區塊鏈資料記錄單元31、區塊鏈核心記錄單元32與區塊鏈資料取得單元33。區塊鏈資料記錄單元31可以儲存存證資料雜湊值H之區塊紀錄BL與位置紀錄AD,而區塊鏈核心記錄單元32可以儲存存證資料雜湊值H。 The decentralized blockchain service module 30 can be a decentralized architecture and is formed by a series of servers. The decentralized blockchain service module 30 can have a blockchain data recording unit 31 and a blockchain. The core recording unit 32 and the blockchain data obtaining unit 33. The blockchain data recording unit 31 can store the block record BL and the location record AD of the certificate data hash value H, and the blockchain core recording unit 32 can store the certificate data hash value H.

舉例而言,當行動裝置10(用戶)有存證需求時,資料存證模組11可自NFC安全元件12中取得存證資料D與特徵值F,進而向存證模組21(存證作業伺服器20)請求有關存證資料D與特徵值F之存證作業。而且,存證模組21(存證作業伺服器20)可將NFC安全元件12所儲存之存證資料D與特徵值F依據雜湊函數進行雜湊運算以產生存證資料雜湊值H。同時,非集中式區塊鏈服務模組30可記錄來自存證模組21(存證作業伺服器20)之存證資料雜湊值H,進而提供存證資料雜湊值H之區塊紀錄BL與位置紀錄AD,以供存證模組21(存證作業伺服器20)將存證資料雜湊值H之區塊紀錄BL與位置紀錄AD關聯於NFC安全元件12所儲存之存證資料D,俾透過存證模組21(存證作業伺服器20)將存證資料雜湊值H之區塊紀錄BL與位置紀錄AD傳送至行動裝置10而儲存於NFC安全元件12中。 For example, when the mobile device 10 (user) has a need for certification, the data certification module 11 can obtain the certification data D and the characteristic value F from the NFC secure element 12, and then send it to the certification module 21 (certification). The operation server 20) requests a certificate deposit operation related to the certificate deposit data D and the characteristic value F. Moreover, the certificate storage module 21 (the certificate storage operation server 20) may perform a hash operation on the certificate data D and the feature value F stored in the NFC secure element 12 according to a hash function to generate a certificate data hash value H. At the same time, the decentralized blockchain service module 30 can record the hash value H of the certificate data from the certificate storage module 21 (the certificate operation server 20), and then provide the block record BL and the hash value H of the certificate data Position record AD for the certificate storage module 21 (certificate storage server 20) to associate the block record BL of the hash value H of the certificate storage data with the location record AD to the certificate storage data D stored in the NFC secure element 12, The block record BL and the location record AD of the hash value H of the certificate data are transmitted to the mobile device 10 through the certificate storage module 21 (the certificate storage operation server 20) and stored in the NFC secure element 12.

再者,當行動裝置10(用戶)有驗證需求時,資料驗證模組13可將NFC安全元件12所儲存之驗證資料D'、特 徵值F、區塊紀錄BL與位置紀錄AD傳送至驗證模組41(驗證作業伺服器40),且驗證資料D'可相同或不同於存證資料D。接著,驗證模組41(驗證作業伺服器40)可透過資料驗證模組13取得NFC安全元件12所儲存之驗證資料D'、特徵值F、區塊紀錄BL與位置紀錄AD,進而依據來自NFC安全元件12之區塊紀錄BL與位置紀錄AD向非集中式區塊鏈服務模組30取得存證資料雜湊值H,再將來自NFC安全元件12之驗證資料D'與特徵值F依據雜湊函數進行雜湊運算以產生驗證資料雜湊值H'。 Furthermore, when the mobile device 10 (user) has a verification requirement, the data verification module 13 may transmit the verification data D ′, the feature value F, the block record BL, and the location record AD stored in the NFC secure element 12 to the verification module. Group 41 (the verification operation server 40), and the verification data D 'may be the same or different from the certificate data D. Then, the verification module 41 (the verification operation server 40) can obtain the verification data D ', the characteristic value F, the block record BL, and the position record AD stored by the NFC secure element 12 through the data verification module 13, and then based on the data from the NFC. The block record BL and location record AD of the secure element 12 obtain the hash value H of the certificate data from the decentralized blockchain service module 30, and then the verification data D 'and the characteristic value F from the NFC secure element 12 are based on the hash function. A hash operation is performed to generate a verification data hash value H '.

然後,驗證模組41(驗證作業伺服器40)可將驗證資料雜湊值H'與非集中式區塊鏈服務模組30所記錄之存證資料雜湊值H進行比對,再將驗證資料雜湊值H'與存證資料雜湊值H之比對結果傳送並回覆至行動裝置10(用戶)。例如,若比對結果為驗證資料雜湊值H'與存證資料雜湊值H相同時,則由驗證模組41(驗證作業伺服器40)回覆驗證成功予行動裝置10(用戶);或者,若比對結果為驗證資料雜湊值H'與存證資料雜湊值H不同時,則由驗證模組41(驗證作業伺服器40)回覆驗證失敗予行動裝置10(用戶)。 Then, the verification module 41 (the verification operation server 40) can compare the hash value H 'of the verification data with the hash value H of the certificate data recorded by the decentralized blockchain service module 30, and then hash the verification data. The comparison result between the value H 'and the hash value H of the certificate data is transmitted and returned to the mobile device 10 (user). For example, if the comparison result is that the hash value H 'of the verification data is the same as the hash value H of the certificate data, the verification module 41 (the verification operation server 40) responds to the verification success to the mobile device 10 (user); or, if When the comparison result is that the hash value H 'of the verification data is different from the hash value H of the verification data, the verification module 41 (the verification operation server 40) responds to the verification failure to the mobile device 10 (the user).

第2圖係繪示本發明中具NFC(近場通訊)安全元件之非集中式資料存證與驗證方法之示意流程圖,並參照上述第1圖加以說明。同時,第2圖之主要技術內容如下,其餘技術內容如同上述第1圖所記載,於此不再重覆敘述。 FIG. 2 is a schematic flowchart of a non-centralized data storage and verification method with an NFC (Near Field Communication) security element in the present invention, and is described with reference to the above-mentioned FIG. 1. At the same time, the main technical contents of Figure 2 are as follows, and the remaining technical contents are as described in Figure 1 above, and will not be repeated here.

如第2圖與上述第1圖所示,本發明中具NFC安全元件之非集中式資料存證與驗證方法主要包括:由行動裝置 10之NFC安全元件12儲存存證資料D與特徵值F;由存證模組21將NFC安全元件12所儲存之存證資料D與特徵值F依據雜湊函數進行雜湊運算以產生存證資料雜湊值H;由非集中式區塊鏈服務模組30記錄來自存證模組21之存證資料雜湊值H,進而提供存證資料雜湊值H之區塊紀錄BL與位置紀錄AD,俾透過存證模組21將存證資料雜湊值H之區塊紀錄BL與位置紀錄AD傳送至行動裝置10而儲存於NFC安全元件12中;由驗證模組41取得NFC安全元件12所儲存之驗證資料D'、特徵值F、區塊紀錄BL與位置紀錄AD,且驗證資料D'相同或不同於存證資料D;以及由驗證模組41依據來自NFC安全元件12之區塊紀錄BL與位置紀錄AD向非集中式區塊鏈服務模組30取得存證資料雜湊值H,進而將來自NFC安全元件12之驗證資料D'與特徵值F依據雜湊函數進行雜湊運算以產生驗證資料雜湊值H',驗證模組41再將驗證資料雜湊值H'與非集中式區塊鏈服務模組30所記錄之存證資料雜湊值H進行比對,俾將驗證資料雜湊值H'與存證資料雜湊值H之比對結果傳送並回覆至行動裝置10(用戶)。 As shown in FIG. 2 and FIG. 1 above, the non-centralized data storage and verification method with NFC security element in the present invention mainly includes: storing the storage data D and characteristic value F by the NFC security element 12 of the mobile device 10 ; The certificate storage module 21 stores the certificate data D and the characteristic value F stored in the NFC secure element 12 according to a hash function to generate a hash value H of the certificate data; recorded by the non-centralized blockchain service module 30 Hash value H of the certificate data from the certificate storage module 21, and then provide the block record BL and location record AD of the hash value H of the certificate storage data. 将 Block record of the hash value H of the certificate storage data through the certificate storage module 21. The BL and the location record AD are transmitted to the mobile device 10 and stored in the NFC secure element 12; the verification module 41 obtains the verification data D ', the characteristic value F, the block record BL and the location record AD stored in the NFC secure element 12, And the verification data D 'is the same or different from the certificate data D; and the verification module 41 obtains the certificate data from the decentralized blockchain service module 30 according to the block record BL and the location record AD from the NFC secure element 12 The hash value H will in turn be derived from the NFC secure element 12 The verification data D 'and the characteristic value F are hashed according to a hash function to generate a verification data hash value H'. The verification module 41 then stores the verification data hash value H 'and the records recorded by the non-centralized blockchain service module 30. The hash value H of the verification data is compared, and the comparison result between the hash value H 'of the verification data and the hash value H of the verification data is transmitted and returned to the mobile device 10 (user).

詳言之,在第2圖之步驟S1中,由行動裝置10之NFC安全元件12儲存存證資料D與特徵值F。當行動裝置10(用戶)有存證需求時,由行動裝置10之資料存證模組11自NFC安全元件12中取得存證資料D與特徵值F。此特徵值F可為行動裝置10或NFC安全元件12之特徵值,如識別碼(ID)等。 Specifically, in step S1 of FIG. 2, the NFC secure element 12 of the mobile device 10 stores the certificate data D and the characteristic value F. When the mobile device 10 (user) needs a certificate, the data certificate module 11 of the mobile device 10 obtains the certificate data D and the characteristic value F from the NFC secure element 12. The characteristic value F may be a characteristic value of the mobile device 10 or the NFC secure element 12, such as an identification code (ID).

在第2圖之步驟S2中,由資料存證模組11向存證模組21(存證作業伺服器20)請求有關存證資料D與特徵值F之存證作業。 In step S2 in FIG. 2, the data storage module 11 requests the storage module 21 (the storage server 20) for the storage operation of the storage data D and the characteristic value F.

在第2圖之步驟S3中,由存證模組21(存證作業伺服器20)將存證資料D與特徵值F依據雜湊函數進行雜湊運算以產生存證資料雜湊值H,並由非集中式區塊鏈服務模組30記錄存證資料雜湊值H,進而提供存證資料雜湊值H之區塊紀錄BL與位置紀錄AD。 In step S3 of FIG. 2, the certificate storage module 21 (the certificate storage server 20) performs a hash operation on the certificate data D and the characteristic value F according to a hash function to generate a certificate data hash value H, and The centralized blockchain service module 30 records the hash value H of the certificate data, and then provides the block record BL and the location record AD of the certificate data hash value H.

上述非集中式區塊鏈服務模組30可為分散式架構,並由多台伺服器串接而成。非集中式區塊鏈服務模組30亦可具有區塊鏈資料記錄單元31與區塊鏈核心記錄單元32,區塊鏈資料記錄單元31用以儲存存證資料雜湊值H之區塊紀錄BL與位置紀錄AD,且區塊鏈核心記錄單元32用以儲存存證資料雜湊值H。惟本發明並不以為限。 The above-mentioned non-centralized blockchain service module 30 may have a decentralized architecture and is formed by connecting a plurality of servers in series. The decentralized blockchain service module 30 may also have a blockchain data recording unit 31 and a blockchain core recording unit 32. The blockchain data recording unit 31 is used to store a block record BL of the hash value H of the certificate data And location record AD, and the blockchain core record unit 32 is used to store the hash value H of the certificate data. However, the present invention is not limited to this.

在第2圖之步驟S4中,由存證模組21(存證作業伺服器20)將來自非集中式區塊鏈服務模組30之存證資料雜湊值H之區塊紀錄BL與位置紀錄AD傳送至行動裝置10之資料存證模組11,進而將存證資料雜湊值H之區塊紀錄BL與位置紀錄AD關聯於NFC安全元件12所儲存之存證資料D。 In step S4 of FIG. 2, the block record BL and the position record of the hash value H of the certificate storage data from the non-centralized blockchain service module 30 are stored by the certificate storage module 21 (the storage operation server 20). The AD transmits to the data storage module 11 of the mobile device 10, and further associates the block record BL and the location record AD of the hash value H of the storage data with the storage data D stored in the NFC secure element 12.

在第2圖之步驟S5中,由資料存證模組11將存證資料雜湊值H之區塊紀錄BL與位置紀錄AD儲存於NFC安全元件12中。 In step S5 of FIG. 2, the data storage module 11 stores the block record BL and the location record AD of the hash value H of the storage data in the NFC secure element 12.

在第2圖之步驟S6中,當行動裝置10(用戶)有驗證 需求時,由行動裝置10之資料驗證模組13取得NFC安全元件12所儲存之驗證資料D'、特徵值F、區塊紀錄BL與位置紀錄AD,且驗證資料D'相同或不同於存證資料D。 In step S6 of FIG. 2, when the mobile device 10 (user) has a verification request, the data verification module 13 of the mobile device 10 obtains the verification data D ′, the feature value F, and the block stored in the NFC secure element 12. The record BL is the same as the location record AD, and the verification data D 'is the same or different from the certificate data D.

在第2圖之步驟S7中,由資料驗證模組13將驗證資料D'、特徵值F、區塊紀錄BL與位置紀錄AD傳送至驗證模組41(驗證作業伺服器40)。 In step S7 of FIG. 2, the data verification module 13 transmits the verification data D ′, the feature value F, the block record BL, and the position record AD to the verification module 41 (the verification operation server 40).

在第2圖之步驟S8中,由驗證模組41(驗證作業伺服器40)依據來自NFC安全元件12之區塊紀錄BL與位置紀錄AD向非集中式區塊鏈服務模組30取得存證資料雜湊值H,進而將來自NFC安全元件12之驗證資料D'與特徵值F依據雜湊函數進行雜湊運算以產生驗證資料雜湊值H'。 In step S8 of FIG. 2, the verification module 41 (the verification operation server 40) obtains the certificate from the non-centralized blockchain service module 30 according to the block record BL and the location record AD from the NFC secure element 12. The data hash value H is further used to perform a hash operation on the verification data D ′ and the feature value F from the NFC secure element 12 according to a hash function to generate a verification data hash value H ′.

在第2圖之步驟S9中,由驗證模組41(驗證作業伺服器40)將驗證資料雜湊值H'與非集中式區塊鏈服務模組30所記錄之存證資料雜湊值H進行比對,進而將驗證資料雜湊值H'與存證資料雜湊值H之比對結果傳送並回覆至行動裝置10(用戶)。例如,若比對結果為驗證資料雜湊值H'與存證資料雜湊值H相同時,則由驗證模組41(驗證作業伺服器40)回覆驗證成功予行動裝置10(用戶);或者,若比對結果為驗證資料雜湊值H'與存證資料雜湊值H不同時,則由驗證模組41(驗證作業伺服器40)回覆驗證失敗予行動裝置10(用戶)。 In step S9 of FIG. 2, the verification module 41 (the verification operation server 40) compares the hash value H ′ of the verification data with the hash value H of the certificate data recorded by the non-centralized blockchain service module 30. Yes, the comparison result between the hash value H 'of the verification data and the hash value H of the verification data is transmitted and returned to the mobile device 10 (user). For example, if the comparison result is that the hash value H 'of the verification data is the same as the hash value H of the certificate data, the verification module 41 (the verification operation server 40) responds to the verification success to the mobile device 10 (user); or, if When the comparison result is that the hash value H 'of the verification data is different from the hash value H of the verification data, the verification module 41 (the verification operation server 40) responds to the verification failure to the mobile device 10 (the user).

綜上,本發明具NFC(近場通訊)安全元件之非集中式資料存證與驗證系統及方法可具有下列優點或技術功效: In summary, the non-centralized data storage and verification system and method with NFC (near field communication) security elements of the present invention can have the following advantages or technical effects:

一、本發明將行動裝置之NFC安全元件結合存證模 組、驗證模組、雜湊函數運算與區塊鏈技術(非集中式區塊鏈服務模組),可以快速且有效地達成資料之完整性記錄、存證與驗證。同時,本發明可無須以公正第三方儲存資料或相關特徵資訊,亦可無須經由公正第三方協助才能對資料進行存證或驗證。 1. The present invention combines the NFC security element of a mobile device with a certificate storage module, a verification module, a hash function operation, and a blockchain technology (non-centralized blockchain service module), which can quickly and effectively complete the integrity of the data. Sexual records, documentation and verification. At the same time, the present invention does not need to store data or related characteristic information by an impartial third party, and can also perform certificate or verification of the data without the assistance of an impartial third party.

二、本發明以雜湊函數結合非集中式區塊鏈服務為驗證基礎,當行動裝置(用戶)存在資料存證與驗證需求時,可以透過行動裝置之便利性及安全性直接與存證或驗證模組(伺服器)進行存證或驗證資料之交換。 2. The present invention is based on a hash function combined with a non-centralized blockchain service as the verification basis. When a mobile device (user) has a need for data storage and verification, it can directly communicate with the storage or verification through the convenience and security of the mobile device. The module (server) exchanges certificates or verification data.

三、本發明以行動裝置之NFC安全元件作為資料儲存載具,並將行動裝置或NFC安全元件之特徵值作為驗證資訊之一部分,可藉此綁定行動裝置或NFC安全元件所提供之存證資料之安全性。同時,本發明將使用服務之NFC安全元件直接作為驗證之一部份進行資料安全儲存,故相較於採用伺服器之資料庫進行資料儲存之方式,本發明具有簡化伺服器之資料儲存流程的好處。 3. The present invention uses the NFC secure element of the mobile device as a data storage vehicle, and uses the characteristic value of the mobile device or the NFC secure element as part of the verification information, which can be used to bind the certificate provided by the mobile device or the NFC secure element. Information security. At the same time, the present invention uses the service's NFC security element as a part of authentication to directly store data securely. Therefore, compared with the method of using a server database for data storage, the present invention has a simplified data storage process for the server. benefit.

四、本發明之存證資料雜湊值(區塊紀錄與位置紀錄)分別儲存於NFC安全元件與非集中式區塊鏈服務模組兩者,此存證資料雜湊值(區塊紀錄與位置紀錄)之交換於進行驗證階段實施,故進行資料驗證時無須繁複之資訊交換協定,從而提升資料驗證之速度及便利性。 4. The hash value of the certificate data (block record and location record) of the present invention is stored in both the NFC security element and the decentralized blockchain service module. The hash value of the certificate data (block record and location record) The exchange of) is implemented during the verification phase, so no complicated information exchange agreement is required for data verification, thereby improving the speed and convenience of data verification.

五、本發明以具有不可否認特性之非集中式資料區塊鏈服務模組協助進行資料之儲存、驗證與比對,並透過非集中式區塊鏈服務取代集中化系統驗證,可以有效降低驗 證服務所需之硬體負載平衡之需求。 5. The present invention uses a non-centralized data blockchain service module with undeniable characteristics to assist in data storage, verification, and comparison, and replaces centralized system verification with a non-centralized blockchain service, which can effectively reduce verification. Demand for hardware load balancing required for service.

上述實施形態僅例示性說明本發明之原理、特點及其功效,並非用以限制本發明之可實施範疇,任何熟習此項技藝之人士均可在不違背本發明之精神及範疇下,對上述實施形態進行修飾與改變。任何運用本發明所揭示內容而完成之等效改變及修飾,均仍應為申請專利範圍所涵蓋。因此,本發明之權利保護範圍,應如申請專利範圍所列。 The above-mentioned embodiments merely exemplify the principles, features, and effects of the present invention, and are not intended to limit the implementable scope of the present invention. Anyone who is familiar with this technology can perform the above operations without departing from the spirit and scope of the present invention. Modifications and changes to the implementation form. Any equivalent changes and modifications made by using the disclosure of the present invention should still be covered by the scope of patent application. Therefore, the scope of protection of the rights of the present invention should be as listed in the scope of patent application.

Claims (16)

一種具NFC(近場通訊)安全元件之非集中式資料存證與驗證系統,包括:具有NFC安全元件之行動裝置,係儲存存證資料與特徵值;存證模組,係將該NFC安全元件所儲存之存證資料與特徵值進行雜湊運算以產生存證資料雜湊值;非集中式區塊鏈服務模組,係記錄來自該存證模組之該存證資料雜湊值,進而提供該存證資料雜湊值之區塊紀錄與位置紀錄,俾透過該存證模組將該存證資料雜湊值之區塊紀錄與位置紀錄傳送至該行動裝置而儲存於該NFC安全元件中;以及驗證模組,係取得該NFC安全元件所儲存之驗證資料、特徵值、區塊紀錄與位置紀錄,且該驗證資料相同或不同於該存證資料,其中,該驗證模組依據來自該NFC安全元件之區塊紀錄與位置紀錄向該非集中式區塊鏈服務模組取得該存證資料雜湊值,進而將來自該NFC安全元件之驗證資料與特徵值進行雜湊運算以產生驗證資料雜湊值,該驗證模組再將該驗證資料雜湊值與該非集中式區塊鏈服務模組所記錄之該存證資料雜湊值進行比對,俾將該驗證資料雜湊值與該存證資料雜湊值之比對結果傳送至該行動裝置。     A non-centralized data certification and verification system with an NFC (near field communication) security element includes: a mobile device with an NFC security element that stores certification data and characteristic values; a certification module that secures the NFC The hash data of the certificate data and feature values stored by the component are hashed to generate a hash value of the certificate data; a non-centralized blockchain service module records the hash value of the certificate data from the certificate module, and then provides the The block record and location record of the hash value of the certificate data, the block record and location record of the hash value of the certificate data are transmitted to the mobile device through the certificate storage module and stored in the NFC secure element; and verification The module is to obtain the verification data, characteristic values, block records and location records stored by the NFC secure element, and the verification data is the same or different from the certificate data, wherein the verification module is based on the data from the NFC secure element. The block records and location records obtain the hash value of the certificate data from the non-centralized blockchain service module, and then hash the authentication data and characteristic values from the NFC secure element. To calculate the hash value of the verification data, the verification module then compares the hash value of the verification data with the hash value of the certificate data recorded by the non-centralized blockchain service module, and compares the hash value of the verification data with The comparison result of the hash value of the certificate data is transmitted to the mobile device.     如申請專利範圍第1項所述之系統,其中,該特徵值 為該行動裝置或該NFC安全元件之特徵值,而該存證模組與該驗證模組係位於同一伺服器或不同伺服器中。     The system according to item 1 of the scope of patent application, wherein the characteristic value is the characteristic value of the mobile device or the NFC secure element, and the certificate storage module and the authentication module are located on the same server or different servers in.     如申請專利範圍第1項所述之系統,其中,該行動裝置更具有資料存證模組,當該行動裝置有存證需求時,由該資料存證模組自該NFC安全元件中取得該存證資料與該特徵值,進而向該存證模組請求有關該存證資料與該特徵值之存證作業。     The system described in item 1 of the scope of patent application, wherein the mobile device further has a data storage module, and when the mobile device has a storage requirement, the data storage module obtains the information from the NFC security element. The certificate deposit data and the characteristic value are further requested from the certificate deposit module for the certificate deposit operation regarding the certificate deposit data and the characteristic value.     如申請專利範圍第1項所述之系統,其中,該行動裝置更具有資料驗證模組,當該行動裝置有驗證需求時,由該資料驗證模組將該NFC安全元件所儲存之驗證資料、特徵值、區塊紀錄與位置紀錄傳送至該驗證模組。     The system described in item 1 of the scope of patent application, wherein the mobile device further has a data verification module. When the mobile device has a verification requirement, the data verification module stores the verification data stored in the NFC secure element, The characteristic value, block record and position record are transmitted to the verification module.     如申請專利範圍第1項所述之系統,其中,若該比對結果為該驗證資料雜湊值與該存證資料雜湊值相同時,則由該驗證模組回覆驗證成功予該行動裝置,而若該比對結果為該驗證資料雜湊值與該存證資料雜湊值不同時,則由該驗證模組回覆驗證失敗予該行動裝置。     According to the system described in item 1 of the scope of patent application, if the comparison result is that the hash value of the verification data is the same as the hash value of the certificate data, the verification module responds to the verification successfully to the mobile device, and If the comparison result is that the hash value of the verification data is different from the hash value of the certificate data, the verification module responds to the verification failure to the mobile device.     如申請專利範圍第1項所述之系統,其中,該存證模組更將該存證資料雜湊值之區塊紀錄與位置紀錄關聯於該NFC安全元件所儲存之存證資料。     The system described in item 1 of the scope of patent application, wherein the certificate storage module further associates the block record and location record of the hash value of the certificate storage data with the certificate storage data stored by the NFC secure element.     如申請專利範圍第1項所述之系統,其中,該非集中式區塊鏈服務模組為分散式架構並由多台伺服器串接 而成。     The system described in item 1 of the scope of patent application, wherein the non-centralized blockchain service module has a decentralized architecture and is formed by a series of servers.     如申請專利範圍第1項所述之系統,其中,該非集中式區塊鏈服務模組係具有區塊鏈資料記錄單元與區塊鏈核心記錄單元,該區塊鏈資料記錄單元用以儲存該存證資料雜湊值之區塊紀錄與位置紀錄,且該區塊鏈核心記錄單元用以儲存該存證資料雜湊值。     The system according to item 1 of the scope of patent application, wherein the non-centralized blockchain service module has a blockchain data recording unit and a blockchain core recording unit, and the blockchain data recording unit is used to store the The block record and location record of the hash value of the certificate data, and the core record unit of the blockchain is used to store the hash value of the certificate data.     一種具NFC(近場通訊)安全元件之非集中式資料存證與驗證方法,包括下列步驟:由行動裝置之NFC安全元件儲存存證資料與特徵值;由存證模組將該NFC安全元件所儲存之存證資料與特徵值進行雜湊運算以產生存證資料雜湊值;由非集中式區塊鏈服務模組記錄來自該存證模組之該存證資料雜湊值,進而提供該存證資料雜湊值之區塊紀錄與位置紀錄,俾透過該存證模組將該存證資料雜湊值之區塊紀錄與位置紀錄傳送至該行動裝置而儲存於該NFC安全元件中;由驗證模組取得該NFC安全元件所儲存之驗證資料、特徵值、區塊紀錄與位置紀錄,且該驗證資料相同或不同於該存證資料;以及由該驗證模組依據來自該NFC安全元件之區塊紀錄與位置紀錄向該非集中式區塊鏈服務模組取得該存證資料雜湊值,進而將來自該NFC安全元件之驗證資料與特徵值進行雜湊運算以產生驗證資料雜湊值,該 驗證模組再將該驗證資料雜湊值與該非集中式區塊鏈服務模組所記錄之該存證資料雜湊值進行比對,俾將該驗證資料雜湊值與該存證資料雜湊值之比對結果傳送至該行動裝置。     A non-centralized data certification and verification method with an NFC (Near Field Communication) security element includes the following steps: the NFC security element of the mobile device stores the certification data and characteristic values; the NFC security element is stored by the certification module A hash operation is performed on the stored certificate data and characteristic values to generate a hash value of the certificate data; the decentralized blockchain service module records the hash value of the certificate data from the certificate module to provide the certificate The block record and location record of the data hash value. The block record and location record of the hash value of the certificate data are transmitted to the mobile device through the certificate storage module and stored in the NFC secure element; the verification module Obtain the verification data, characteristic values, block records and location records stored by the NFC secure element, and the verification data is the same or different from the certificate data; and the verification module according to the block records from the NFC secure element And location records to obtain the hash value of the certificate data from the non-centralized blockchain service module, and then hash the verification data and characteristic values from the NFC secure component to produce The hash value of the verification data, the verification module then compares the hash value of the verification data with the hash value of the certificate data recorded by the non-centralized blockchain service module, and then compares the hash value of the verification data with the certificate The result of the data hash comparison is sent to the mobile device.     如申請專利範圍第9項所述之方法,其中,該特徵值為該行動裝置或該NFC安全元件之特徵值,而該存證模組與該驗證模組係位於同一伺服器或不同伺服器中。     The method according to item 9 of the scope of patent application, wherein the characteristic value is the characteristic value of the mobile device or the NFC secure element, and the certificate storage module and the authentication module are located on the same server or different servers in.     如申請專利範圍第9項所述之方法,更包括當該行動裝置有存證需求時,由該行動裝置之資料存證模組自該NFC安全元件中取得該存證資料與該特徵值,進而向該存證模組請求有關該存證資料與該特徵值之存證作業。     According to the method described in item 9 of the scope of patent application, when the mobile device has a certificate requirement, the data certificate module of the mobile device obtains the certificate data and the characteristic value from the NFC secure element. Then, the certificate storage module is requested to perform a certificate storage operation on the certificate data and the characteristic value.     如申請專利範圍第9項所述之方法,更包括當該行動裝置有驗證需求時,由該行動裝置之資料驗證模組將該NFC安全元件所儲存之驗證資料、特徵值、區塊紀錄與位置紀錄傳送至該驗證模組。     The method described in item 9 of the scope of patent application, further includes when the mobile device has a verification requirement, the data verification module of the mobile device stores the verification data, feature values, block records and Location records are sent to the verification module.     如申請專利範圍第9項所述之方法,其中,若該比對結果為該驗證資料雜湊值與該存證資料雜湊值相同時,則由該驗證模組回覆驗證成功予該行動裝置,而若該比對結果為該驗證資料雜湊值與該存證資料雜湊值不同時,則由該驗證模組回覆驗證失敗予該行動裝置。     The method described in item 9 of the scope of patent application, wherein if the comparison result is that the hash value of the verification data is the same as the hash value of the certificate data, the verification module responds to the verification successfully to the mobile device, and If the comparison result is that the hash value of the verification data is different from the hash value of the certificate data, the verification module responds to the verification failure to the mobile device.     如申請專利範圍第9項所述之方法,更包括由該存證 模組將該存證資料雜湊值之區塊紀錄與位置紀錄關聯於該NFC安全元件所儲存之存證資料。     The method described in item 9 of the scope of patent application, further includes associating a block record and a location record of the hash value of the certificate data with the certificate data stored by the certificate storage module.     如申請專利範圍第9項所述之方法,其中,該非集中式區塊鏈服務模組為分散式架構並由多台伺服器串接而成。     The method according to item 9 of the scope of patent application, wherein the non-centralized blockchain service module has a decentralized architecture and is formed by connecting a plurality of servers in series.     如申請專利範圍第9項所述之方法,其中,該非集中式區塊鏈服務模組係具有區塊鏈資料記錄單元與區塊鏈核心記錄單元,該區塊鏈資料記錄單元用以儲存該存證資料雜湊值之區塊紀錄與位置紀錄,且該區塊鏈核心記錄單元用以儲存該存證資料雜湊值。     The method according to item 9 of the scope of patent application, wherein the non-centralized blockchain service module has a blockchain data recording unit and a blockchain core recording unit, and the blockchain data recording unit is used to store the The block record and location record of the hash value of the certificate data, and the core record unit of the blockchain is used to store the hash value of the certificate data.    
TW107112561A 2018-04-12 2018-04-12 Non-centralized data certificate and verification system with nfc secure element and method thereof TWI650991B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW107112561A TWI650991B (en) 2018-04-12 2018-04-12 Non-centralized data certificate and verification system with nfc secure element and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107112561A TWI650991B (en) 2018-04-12 2018-04-12 Non-centralized data certificate and verification system with nfc secure element and method thereof

Publications (2)

Publication Number Publication Date
TWI650991B TWI650991B (en) 2019-02-11
TW201944758A true TW201944758A (en) 2019-11-16

Family

ID=66214023

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107112561A TWI650991B (en) 2018-04-12 2018-04-12 Non-centralized data certificate and verification system with nfc secure element and method thereof

Country Status (1)

Country Link
TW (1) TWI650991B (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160098723A1 (en) * 2014-10-01 2016-04-07 The Filing Cabinet, LLC System and method for block-chain verification of goods
WO2017004527A1 (en) * 2015-07-02 2017-01-05 Nasdaq, Inc. Systems and methods of secure provenance for distributed transaction databases
EP3424179B1 (en) * 2016-03-04 2022-02-16 Ping Identity Corporation Method and system for authenticated login using static or dynamic codes
US10114980B2 (en) * 2016-07-21 2018-10-30 Acronis International Gmbh System and method for verifying data integrity using a blockchain network
KR101829730B1 (en) * 2016-12-30 2018-03-29 주식회사 코인플러그 Method for certifying a user by using mobile id through blockchain database, and terminal and server using the same

Also Published As

Publication number Publication date
TWI650991B (en) 2019-02-11

Similar Documents

Publication Publication Date Title
CN109862041B (en) Digital identity authentication method, equipment, device, system and storage medium
US20210279736A1 (en) Blockchain secure transaction method and device based on biomarker authentication
WO2020088108A1 (en) Blockchain-based data attestation method and apparatus, and electronic device
EP3596680A1 (en) Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication
JP2020511017A (en) System and method for implementing blockchain-based digital certificates
WO2020168772A1 (en) Electronic medical record storing method, system, apparatus, and device, and medium
CN109508564A (en) A kind of digital asset storage system and method based on block chain
JP6543743B1 (en) Management program
TW201032157A (en) Multifactor authentication with changing unique values
JP2020511018A (en) System and method for generating digital marks
CN110969531A (en) Borrowing deposit verification and online checking method and system
WO2023207086A1 (en) Blockchain-based user data transfer method, apparatus and device
CN113610528B (en) Management system, method, equipment and storage medium based on block chain
TW202024975A (en) Information processing method and device, electronic equipment and computer readable storage medium
CN109669955A (en) A kind of digital asset inquiry system and method based on block chain
CN109685664B (en) Digital asset real-name registration system based on asset hosting system association
Gulati et al. Self-sovereign dynamic digital identities based on blockchain technology
EP4011031B1 (en) Secure identity card using unclonable functions
US20210051159A1 (en) Unified authentication system for decentralized identity platforms
US20200334430A1 (en) Self-sovereign identity systems and methods for identification documents
CN112862589A (en) Identity verification method, device and system in financial scene
WO2020161203A1 (en) Identity management on a mobile device
CN107633390B (en) Cloud wallet management method and server
TW201944758A (en) Non-centralized data certificate and verification system with NFC secure element and method thereof
CN109658104A (en) The system and method for assets consistency confirmation on a kind of chain