TW202318239A - Data read authority control system based on block chain and zero-knowledge proof mechanism, and related data service system - Google Patents

Data read authority control system based on block chain and zero-knowledge proof mechanism, and related data service system Download PDF

Info

Publication number
TW202318239A
TW202318239A TW111141051A TW111141051A TW202318239A TW 202318239 A TW202318239 A TW 202318239A TW 111141051 A TW111141051 A TW 111141051A TW 111141051 A TW111141051 A TW 111141051A TW 202318239 A TW202318239 A TW 202318239A
Authority
TW
Taiwan
Prior art keywords
data
blockchain
access
service system
request
Prior art date
Application number
TW111141051A
Other languages
Chinese (zh)
Other versions
TWI790985B (en
Inventor
林庠序
林哲民
Original Assignee
市民永續股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 市民永續股份有限公司 filed Critical 市民永續股份有限公司
Application granted granted Critical
Publication of TWI790985B publication Critical patent/TWI790985B/en
Publication of TW202318239A publication Critical patent/TW202318239A/en

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Lock And Its Accessories (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Alarm Systems (AREA)

Abstract

A data read authority control system is disclosed, including: a block chain system; a data owner device arranged to operably generate a target data, and to operably generate a proof using a proof key; a data source system arranged to operably generate a sensitive data corresponding to the target data; a data service system arranged to operably receive the target data and the proof, and to operably request the block chain system to verify the proof; and a data requester device arranged to operably generate and transmit a sensitive data request corresponding to the target data to the data service system. The block chain system can execute a zero-knowledge proof (ZKP) smart contract to verify the correctness of the proof, and can transfer a read token to the data service system. After acquiring the read token, the data service system transfers read token to the data source system to request the data source system to provide the sensitive data.

Description

基於區塊鏈及零知識證明機制的資料取用權限控管系統、以及相關的資料服務系統Data access authority control system and related data service system based on blockchain and zero-knowledge proof mechanism

本發明涉及一種資料取用權限控管技術,尤指一種基於區塊鏈及零知識證明機制的資料取用權限控管系統、以及相關的資料服務系統。The invention relates to a data access authority control and management technology, in particular to a data access authority control and management system based on a block chain and a zero-knowledge proof mechanism, and a related data service system.

歐盟所制定的一般資料保護規章(General Data Protection Regulation,GDPR),對於個人資料保護和隱私的規範不僅嚴格,而且涉及的範圍很廣。倘若不能滿足GDPR的規定,許多領域的商業活動都將面臨非常重大的衝擊或阻礙。The General Data Protection Regulation (GDPR) formulated by the European Union not only has strict regulations on personal data protection and privacy, but also covers a wide range. Failure to meet the GDPR regulations will have a very significant impact or hindrance on business activities in many areas.

由於傳統的OAuth 2.0資料授權框架無法滿足GDPR的各種要求,所以產業界積極地發展各種更複雜的資料取用權限控管架構來因應。包括UMA 2.0(User-Managed Access 2.0)在內的各種新近發展的資料取用權限控管架構,都是採用集權式授權伺服器(centralized authorization server)來管理個別資料擁有者的資料取用權限。這樣的架構看似可以滿足GDPR的要求,但其實在資料取用權限的控管上並不透明,而且也難以向資料接收方(或其他第三方),證明資料擁有者的相關機敏性資料的真實性。因此,現有的資料取用權限控管架構對於許多商業應用(例如,碳權交易、各種貸款缺額借貸、電動車充電預約與支付等等)而言,並不是非常理想的技術方案。Since the traditional OAuth 2.0 data authorization framework cannot meet the various requirements of GDPR, the industry is actively developing various more complex data access authority control structures to cope. Various newly developed data access authority control frameworks, including UMA 2.0 (User-Managed Access 2.0), use a centralized authorization server (centralized authorization server) to manage the data access authority of individual data owners. Such a structure seems to meet the requirements of GDPR, but it is not transparent in the control of data access rights, and it is also difficult to prove to the data recipient (or other third parties) the authenticity of the relevant sensitive data of the data owner sex. Therefore, the existing data access authority control framework is not an ideal technical solution for many commercial applications (for example, carbon rights trading, various loan shortfall loans, electric vehicle charging reservation and payment, etc.).

有鑑於此,如何讓資料取用權限控管系統既能滿足歐盟GDPR的各種要求,又能使資料擁有者的相關機敏性資料的真實性獲得有效驗證,實為有待解決的問題。In view of this, how to make the data access authority control system not only meet the various requirements of the EU GDPR, but also enable the authenticity of the relevant sensitive data of the data owner to be effectively verified is a problem to be solved.

本說明書提供一種資料取用權限控管系統的實施例,其包含:一區塊鏈系統;一資料擁有者裝置,設置成可接收一目標使用者輸入的資料以產生一目標資料,並可利用一證明金鑰產生一證明值;一資料來源系統,設置成可儲存對應於該目標資料的一機敏性資料;一資料服務系統,設置成可接收該資料擁有者裝置所產生的該目標資料及該證明值,並可要求該區塊鏈系統核驗該證明值;一資料請求者裝置,設置成可產生及傳送對應於該目標資料的一機敏性資料請求給該資料服務系統;其中,該區塊鏈系統設置成可執行一零知識證明智能合約,以利用一驗證金鑰檢核該證明值的正確性,並可在判定該證明值為正確時,傳送一核驗成功通知給該資料服務系統;其中,該區塊鏈系統還設置成可檢核一授權訊標識別資料所對應的一授權訊標的有效性,並可於判定該授權訊標為有效時,產生及移轉一取用訊標給該資料服務系統;其中,該資料服務系統還設置成可在獲取該取用訊標之後,傳送該機敏性資料請求給該資料來源系統,並移轉該取用訊標給該資料來源系統;其中,倘若該資料服務系統移轉給該資料來源系統的該取用訊標為有效,則該資料來源系統可傳送對應於該目標資料的該機敏性資料給該資料服務系統,且該資料服務系統可傳送該機敏性資料給該資料請求者裝置。This specification provides an embodiment of a data access authority control system, which includes: a block chain system; a data owner device, configured to receive data input by a target user to generate a target data, and can use A certification key generates a certification value; a data source system is configured to store a sensitive data corresponding to the target data; a data service system is configured to receive the target data generated by the data owner's device and The proof value, and may require the blockchain system to verify the proof value; a data requester device configured to generate and transmit a sensitive data request corresponding to the target data to the data service system; wherein, the area The block chain system is set to execute a zero-knowledge proof smart contract to use a verification key to check the correctness of the proof value, and when it is determined that the proof value is correct, send a verification success notification to the data service system ; Wherein, the block chain system is also configured to check the validity of an authorization token corresponding to the identification data of an authorization token, and when it is determined that the authorization token is valid, generate and transfer an access signal to the data service system; wherein the data service system is further configured to, after obtaining the access beacon, send the alert data request to the data source system and transfer the access beacon to the data source system; wherein, if the access beacon transferred by the data service system to the source data system is valid, the source data system may transmit the alert data corresponding to the target data to the data service system, and the The data service system may send the alert data to the data requester device.

本說明書另提供一種用於一資料取用權限控管系統中的資料服務系統的實施例。該資料取用權限控管系統包含有一資料擁有者裝置、一資料請求者裝置、一資料來源系統、以及一區塊鏈系統。該資料服務系統包含:一通信電路,設置成可接收該資料擁有者裝置所傳來的一目標資料及一證明值,並可接收該資料請求者裝置所傳來的對應於該目標資料的一機敏性資料請求;一區塊鏈運算電路,設置成可扮演該區塊鏈系統的節點之一,並可要求該區塊鏈系統核驗該證明值,其中,該區塊鏈系統會執行一零知識證明智能合約,以利用一驗證金鑰檢核該證明值的正確性;一資料庫,設置成可儲存該目標資料;以及一網頁伺服器,耦接於該通信電路、該區塊鏈運算電路、及該資料庫,設置成可於該區塊鏈系統判定一授權訊標識別資料所對應的一授權訊標為有效時,透過該通信電路或該區塊鏈運算電路獲取該區塊鏈系統移轉過來的一取用訊標;其中,該通信電路還設置成可在該區塊鏈系統判定該證明值為正確時,接收該區塊鏈系統傳來的一核驗成功通知;其中,該網頁伺服器還設置成可在獲取該取用訊標之後,透過該通信電路傳送該機敏性資料請求給該資料來源系統,並透過該通信電路或該區塊鏈運算電路移轉該取用訊標給該資料來源系統;其中,倘若該資料服務系統移轉給該資料來源系統的該取用訊標為有效,則該網頁伺服器還可透過該通信電路接收該資料來源系統所傳來的對應於該目標資料的一機敏性資料,並可透過該通信電路傳送該機敏性資料給該資料請求者裝置。This specification also provides an embodiment of a data service system used in a data access authority control system. The data access authority control system includes a data owner device, a data requester device, a data source system, and a block chain system. The data service system includes: a communication circuit configured to receive a target data and a certification value transmitted from the data owner's device, and to receive a target data corresponding to the target data transmitted from the data requester's device Sensitivity data request; a block chain operation circuit, set to act as one of the nodes of the block chain system, and can request the block chain system to verify the proof value, wherein, the block chain system will execute a zero The knowledge proof smart contract uses a verification key to check the correctness of the proof value; a database is configured to store the target data; and a web server is coupled to the communication circuit and the block chain calculation The circuit and the database are configured so that when the blockchain system determines that an authorization token corresponding to an authorization token identification data is valid, the blockchain can be obtained through the communication circuit or the blockchain computing circuit. An access beacon transferred by the system; wherein, the communication circuit is also configured to receive a verification success notification from the blockchain system when the blockchain system determines that the proof value is correct; wherein, The web server is also configured to transmit the sensitive data request to the data source system through the communication circuit after obtaining the access beacon, and transfer the access through the communication circuit or the blockchain computing circuit to the source data system; wherein, if the access beacon transferred from the data service system to the source data system is valid, the web server can also receive the A sensitivity data corresponding to the target data, and the sensitivity data may be transmitted to the data requester device through the communication circuit.

上述實施例的優點之一,是利用區塊鏈子系統來取代傳統的集權式授權伺服器,可有效提升去中心化資料授權控管系統在資料取用權限控管上的透明度,進而降低資料來源系統與資料服務系統或資料擁有者之間發生糾紛的可能性。One of the advantages of the above-mentioned embodiment is that the blockchain subsystem is used to replace the traditional centralized authorization server, which can effectively improve the transparency of the decentralized data authorization control system in the control and control of data access rights, thereby reducing the number of data sources. Potential for disputes between the system and the data service system or data owner.

上述實施例的另一優點,是區塊鏈系統可利用零知識證明機制來檢核證明值的正確性,而資料服務系統則可根據區塊鏈系統對於證明值的核驗結果,來驗證目標資料的全部或一部分內容的真實性。Another advantage of the above embodiment is that the blockchain system can use the zero-knowledge proof mechanism to check the correctness of the proof value, and the data service system can verify the target data according to the verification result of the blockchain system for the proof value The authenticity of all or part of the content.

本發明的其他優點將搭配以下的說明和圖式進行更詳細的解說。Other advantages of the present invention will be explained in more detail with the following description and drawings.

以下將配合相關圖式來說明本發明的實施例。在圖式中,相同的標號表示相同或類似的元件或方法流程。Embodiments of the present invention will be described below in conjunction with related figures. In the drawings, the same reference numerals indicate the same or similar elements or method flows.

圖1為本發明一實施例的資料取用權限控管系統100簡化後的功能方塊圖。資料取用權限控管系統100可用來控管個人或企業組織等各種類型的多個資料擁有者的相關資料的取用權限,並可採用零知識證明(zero-knowledge proof,ZKP)機制來驗證資料擁有者所提供的資料的真實性。FIG. 1 is a simplified functional block diagram of a data access authority control and management system 100 according to an embodiment of the present invention. The data access authority control system 100 can be used to control the access authority of relevant data of multiple data owners of various types such as individuals or business organizations, and can adopt a zero-knowledge proof (ZKP) mechanism to verify The authenticity of the data provided by the data owner.

資料取用權限控管系統100包含一或多個資料擁有者裝置(例如,圖1中所繪示的示例性資料擁有者裝置110~120)、一或多個資料請求者裝置(例如,圖1中所繪示的示例性資料請求者裝置130~140)、一或多個資料來源系統(例如,圖1中所繪示的示例性資料來源系統150)、一資料服務系統160、一區塊鏈節點叢集170、以及由區塊鏈節點叢集170搭配其他區塊鏈運算電路所共同形成的一區塊鏈系統180。The data access authority control system 100 includes one or more data owner devices (for example, the exemplary data owner devices 110-120 shown in FIG. 1 ), one or more data requester devices (for example, FIG. 1), one or more data source systems (eg, the exemplary data source system 150 shown in FIG. 1), a data service system 160, a district The block chain node cluster 170 and a block chain system 180 jointly formed by the block chain node cluster 170 and other block chain computing circuits.

資料取用權限控管系統100中的多個資料擁有者裝置110~120,分屬於不同的資料擁有者,且個別的資料擁有者可以是個人、各種類型的企業或公司組織、各種財團法人、各種社團法人、各種非營利機構、各種政府機構等等。Multiple data owner devices 110-120 in the data access authority control system 100 belong to different data owners, and individual data owners can be individuals, various types of enterprises or corporate organizations, various foundations, legal persons, Various corporate legal persons, various non-profit organizations, various government agencies, etc.

資料取用權限控管系統100中的多個資料請求者裝置130~140,分屬於不同的資料請求者,且個別的資料請求者可以是個人、各種類型的企業或公司組織、各種財團法人、各種社團法人、各種非營利機構、各種政府機構等等。Multiple data requester devices 130-140 in the data access authority control system 100 belong to different data requesters, and individual data requesters can be individuals, various types of enterprises or corporate organizations, various foundations, legal persons, Various corporate legal persons, various non-profit organizations, various government agencies, etc.

資料來源系統150是由可提供數位儲存服務的特定服務提供者(例如,各種線上儲存業者、銀行、機融機構、信用卡發卡組織、政府單位等)所運營的系統,用來儲存與個別資料擁有者有關、或是由個別資料擁有者所提供的各類數位資料,例如,各種數位文件、各種程式檔案、和/或各種多媒體資料等等。The data source system 150 is a system operated by a specific service provider that can provide digital storage services (for example, various online storage companies, banks, financial institutions, credit card issuers, government agencies, etc.), and is used to store data related to individual data. Various digital data related to or provided by individual data owners, such as various digital files, various program files, and/or various multimedia data, etc.

資料服務系統160是由可提供各種線上交易服務、借貸媒合服務、圖書租借服務、多媒體租借服務、非同質化代幣(non-fungible token,NFT)交易服務的特定服務提供者(例如,各種網路交易平台、線上圖書租借平台、線上多媒體租借平台、NFT交易平台等)所運營的系統,用來管理個別資料擁有者和/或資料請求者的使用權限、資料瀏覽權限、交易權限等等。The data service system 160 is a specific service provider (for example, various A system operated by an online trading platform, an online book rental platform, an online multimedia rental platform, an NFT trading platform, etc.) to manage the use rights, data browsing rights, transaction rights, etc. of individual data owners and/or data requesters .

另外,區塊鏈系統180通常是由多個不同的實體所共同運營與管理的區塊鏈系統,用來控管資料來源系統150中所儲存的資料的取用權限,並可允許個別的資料擁有者透過相應的資料擁有者裝置動態調整資料授權政策。In addition, the blockchain system 180 is usually a blockchain system jointly operated and managed by a number of different entities, which is used to control the access authority of the data stored in the data source system 150, and can allow individual data The owner dynamically adjusts the data authorization policy through the corresponding data owner device.

在實際應用中,資料來源系統150中所儲存的各類數位資料,可以是由個別的資料擁有者透過相關的裝置(例如,資料擁有者裝置)傳送給資料來源系統150,可以是由具有權限的操作者輸入資料來源系統150,也可以是由資料來源系統150執行預定的電腦程式所產生。In practical applications, various types of digital data stored in the data source system 150 may be transmitted to the data source system 150 by individual data owners through related devices (for example, data owner devices), or may be authorized The operator input to the data source system 150 may also be generated by the data source system 150 executing a predetermined computer program.

個別的資料擁有者可透過相應的資料擁有者裝置,登入資料服務系統160,並建立特定的目標資料(例如,特定的文件、檔案、描述性文字、合約條款、交易條件等等)。另外,個別的資料擁有者還可透過資料擁有者裝置,將針對不同資料請求者的資料授權政策傳送給區塊鏈系統180進行儲存與管理,以避免資料授權政策被竄改。前述的資料授權政策可包含授權對象、授權資料標的、授權內容、授權次數上限、授權時段、授權時限、資料所在地理區域、以及保管資料的資料來源系統150的識別資料(例如,資料來源系統150的運營者部署在區塊鏈系統180中的特定智能合約的位址)等多項參數中的局部或全部參數。Individual data owners can log into the data service system 160 through corresponding data owner devices, and create specific target data (eg, specific documents, files, descriptive text, contract terms, transaction conditions, etc.). In addition, individual data owners can also transmit data authorization policies for different data requesters to the blockchain system 180 through the data owner device for storage and management, so as to prevent data authorization policies from being tampered with. The aforementioned data authorization policy may include authorized object, authorized data subject, authorized content, upper limit of authorized times, authorized period, authorized time limit, geographical area where the data is located, and identification information of the data source system 150 (for example, the data source system 150 Some or all of the parameters such as the address of the specific smart contract deployed by the operator in the blockchain system 180).

資料服務系統160收到資料擁有者裝置傳來的目標資料後,可搭配區塊鏈系統180進行運作,以對目標資料的全部或一部分內容的真實性進行驗證。在運作時,區塊鏈系統180可執行特定的智能合約,以採用零知識證明(ZKP)機制來檢核資料擁有者裝置產生的一證明值(proof)的正確性,以間接驗證目標資料的全部或一部分內容的真實性。實作上,區塊鏈系統180可執行資料來源系統150所部署的特定智能合約,來進行相關的零知識證明運作。After the data service system 160 receives the target data from the device of the data owner, it can work with the blockchain system 180 to verify the authenticity of all or part of the content of the target data. During operation, the blockchain system 180 can execute a specific smart contract to use a zero-knowledge proof (ZKP) mechanism to check the correctness of a proof value (proof) generated by the data owner's device to indirectly verify the authenticity of the target data Authenticity of all or part of the content. In practice, the blockchain system 180 can execute specific smart contracts deployed by the data source system 150 to perform related zero-knowledge proof operations.

另一方面,個別的資料請求者可操控相應的資料請求者裝置,向資料服務系統160申請取用對應於特定資料擁有者的特定資料。此時,資料服務系統160可向區塊鏈系統180申請與特定資料相對應的資料取用訊標(data read token),而區塊鏈系統180則會執行相關的智能合約,以判斷資料服務系統160是否要提供資料取用訊標給資料服務系統160。On the other hand, individual data requesters can control corresponding data requester devices to apply to the data service system 160 for specific data corresponding to specific data owners. At this point, the data service system 160 can apply to the blockchain system 180 for a data read token corresponding to specific data, and the blockchain system 180 will execute the relevant smart contract to determine the data service Whether the system 160 will provide the data access beacon to the data service system 160 .

當資料服務系統160獲取區塊鏈系統180產生的資料取用訊標後,便可傳送相關的資料請求給資料來源系統150,並將資料取用訊標移轉給資料來源系統150。此時,資料來源系統150可利用區塊鏈系統180檢核資料取用訊標的有效性。只有在資料取用訊標的有效性能夠通過區塊鏈系統180驗證的情況下,資料來源系統150才會將特定資料擁有者所對應的特定資料內容,提供給資料服務系統160,並由資料服務系統160提供給相關的資料請求者裝置。After the data service system 160 obtains the data access token generated by the blockchain system 180 , it can send the relevant data request to the data source system 150 and transfer the data access token to the data source system 150 . At this time, the data source system 150 can use the blockchain system 180 to check the validity of the data access beacon. Only when the validity of the data access beacon can be verified by the blockchain system 180, the data source system 150 will provide the specific data content corresponding to the specific data owner to the data service system 160, and the data service System 160 is provided to associated data requester devices.

另外,區塊鏈系統180也可記錄個別資料取用訊標的相關時間資訊,以做為資料服務系統160取用特定資料內容的佐證。In addition, the blockchain system 180 can also record the relevant time information of individual data access beacons as evidence that the data service system 160 accesses specific data content.

在資料取用權限控管系統100中,個別的資料擁有者還可依需要而動態調整儲存在區塊鏈系統180中的資料授權政策。例如,當個別的資料擁有者因各種原因而調整針對資料服務系統160、特定資料請求者、或所有資料請求者的資料授權政策後,可利用相關的資料擁有者裝置將更新後的資料授權政策傳送給區塊鏈系統180進行儲存與管理,以取代原先版本的資料授權政策。In the data access authority control system 100, individual data owners can also dynamically adjust the data authorization policy stored in the blockchain system 180 as needed. For example, when an individual data owner adjusts the data authorization policy for the data service system 160, a specific data requester, or all data requesters due to various reasons, the updated data authorization policy can be updated by using the relevant data owner device It is sent to the blockchain system 180 for storage and management to replace the original version of the data authorization policy.

為了滿足某些商業交易或法律關係管理上的需要,資料取用權限控管系統100的不同參與者之間,可利用傳統方式或數位方式簽署各種合適的協議或合約,以進一步明確彼此之間的法律關係。例如,個別的資料擁有者與運營資料來源系統150的特定服務提供者之間,可共同簽署各種合適的交易合約、貸款合約、投資合約、資料代管協議、線上儲存空間租用合約、服務協議、智慧財產權歸屬協議、資料傳輸協議、隱私保護協議、資料分享協議、和/或個人化廣告播送協議等等。In order to meet the needs of certain commercial transactions or legal relationship management, different participants in the data access authority control system 100 can use traditional or digital methods to sign various appropriate agreements or contracts to further clarify the mutual legal relationship. For example, various appropriate transaction contracts, loan contracts, investment contracts, data hosting agreements, online storage space rental contracts, service agreements, etc. Intellectual property ownership agreement, data transmission agreement, privacy protection agreement, data sharing agreement, and/or personalized advertisement broadcast agreement, etc.

又例如,個別的資料擁有者與運營資料服務系統160的特定服務提供者之間,可共同簽署各種合適的交易媒合協議、投資標的媒合協議、貸款媒合協議、資料授權協議、資料分享協議、資料使用協議、資料查核協議、和/或資料稽核協議等等。As another example, various appropriate transaction matching agreements, investment target matching agreements, loan matching agreements, data authorization agreements, and data sharing agreements can be signed between individual data owners and specific service providers operating the data service system 160. Agreement, Data Use Agreement, Data Audit Agreement, and/or Data Audit Agreement, etc.

又例如,個別的資料擁有者與運營區塊鏈系統180的特定服務提供者之間,可共同簽署各種合適的區塊鏈服務協議。For another example, various appropriate blockchain service agreements can be signed between individual data owners and specific service providers operating the blockchain system 180 .

又例如,個別的資料擁有者與個別的資料請求者之間,可共同簽署各種合適的交易協議、投資協議、貸款協議、資料授權協議、資料分享協議、資料使用協議、資料查核協議、和/或資料稽核協議等等。As another example, various appropriate transaction agreements, investment agreements, loan agreements, data authorization agreements, data sharing agreements, data usage agreements, data inspection agreements, and/or agreements can be signed between individual data owners and individual data requesters. Or data audit protocol and so on.

又例如,個別的資料請求者與運營資料服務系統160的特定服務提供者之間,可共同簽署各種合適的交易媒合協議、投資標的媒合協議、貸款媒合協議、資料索引規範協議、資料查詢協議、資料分享協議、資料使用協議、資料傳輸協議、和/或服務協議等等。For another example, various appropriate transaction matching agreements, investment target matching agreements, loan matching agreements, data index specification agreements, data Query agreement, data sharing agreement, data use agreement, data transmission agreement, and/or service agreement, etc.

如圖1所示,資料擁有者裝置110包含一通信電路111、一區塊鏈運算電路113、一顯示裝置115、以及一控制電路117。資料請求者裝置130包含一通信電路131、一顯示裝置133、以及一控制電路135。資料來源系統150包含一通信電路151、一區塊鏈運算電路153、一資料庫155、以及一資料伺服器157。資料服務系統160包含一通信電路161、一區塊鏈運算電路163、一資料庫165、以及一網頁伺服器167。區塊鏈節點叢集170包含有多個區塊鏈節點(node),例如,圖1中所繪示的示例性區塊鏈節點171~177。As shown in FIG. 1 , the data owner device 110 includes a communication circuit 111 , a blockchain computing circuit 113 , a display device 115 , and a control circuit 117 . The data requester device 130 includes a communication circuit 131 , a display device 133 , and a control circuit 135 . The data source system 150 includes a communication circuit 151 , a blockchain computing circuit 153 , a database 155 , and a data server 157 . The data service system 160 includes a communication circuit 161 , a blockchain computing circuit 163 , a database 165 , and a web server 167 . The blockchain node cluster 170 includes a plurality of blockchain nodes (nodes), for example, the exemplary blockchain nodes 171 - 177 shown in FIG. 1 .

在資料擁有者裝置110中,通信電路111設置成可透過網際網路或其他網路與資料來源系統150、資料服務系統160、和/或區塊鏈系統180進行資料通信。區塊鏈運算電路113耦接於通信電路111,用於扮演區塊鏈系統180的節點之一,並可做為資料擁有者裝置110與區塊鏈系統180之間的溝通橋樑。顯示裝置115用於顯示文字、資料、和/或影像。控制電路117耦接於通信電路111、區塊鏈運算電路113、以及顯示裝置115,並設置成控制前述裝置的運作。In the data owner device 110, the communication circuit 111 is configured to perform data communication with the data source system 150, the data service system 160, and/or the blockchain system 180 through the Internet or other networks. The block chain operation circuit 113 is coupled to the communication circuit 111 , used to act as one of the nodes of the block chain system 180 , and can be used as a communication bridge between the data owner device 110 and the block chain system 180 . The display device 115 is used for displaying text, data, and/or images. The control circuit 117 is coupled to the communication circuit 111, the blockchain operation circuit 113, and the display device 115, and is configured to control the operation of the aforementioned devices.

在資料請求者裝置130中,通信電路131設置成可透過網際網路或其他網路與資料服務系統160進行資料通信。顯示裝置133耦接於通信電路131,用於顯示文字、資料、和/或影像。控制電路135耦接於通信電路131、以及顯示裝置133,並設置成控制前述裝置的運作。In the data requester device 130, the communication circuit 131 is configured to perform data communication with the data service system 160 through the Internet or other networks. The display device 133 is coupled to the communication circuit 131 for displaying text, data, and/or images. The control circuit 135 is coupled to the communication circuit 131 and the display device 133 and is configured to control the operation of the aforementioned devices.

資料取用權限控管系統100中的其他資料擁有者裝置(例如,資料擁有者裝置120),皆可具有與資料擁有者裝置110類似的主要架構,但實作上並不侷限所有資料擁有者裝置都要具有完全相同的電路架構。同樣地,資料取用權限控管系統100中的其他資料請求者裝置(例如,資料請求者裝置140),皆可具有與資料請求者裝置130類似的主要架構,但實作上也不侷限所有資料請求者裝置都要具有完全相同的電路架構。Other data owner devices (for example, the data owner device 120 ) in the data access authority control system 100 may have a main structure similar to that of the data owner device 110, but the implementation is not limited to all data owners The devices must have exactly the same circuit architecture. Similarly, other data requester devices (for example, the data requester device 140) in the data access authority control system 100 may have a main structure similar to that of the data requester device 130, but the implementation is not limited to all The data requester devices must have the exact same circuit architecture.

在資料來源系統150中,通信電路151設置成可透過網際網路或其他網路,與資料服務系統160、區塊鏈系統180、和/或個別資料擁有者裝置進行資料通信。區塊鏈運算電路153耦接於通信電路151,用於扮演區塊鏈系統180的節點之一,並可做為資料來源系統150與區塊鏈系統180之間的溝通橋樑。資料庫155用於儲存分別對應於不同資料擁有者的資料。資料伺服器157耦接於通信電路151、區塊鏈運算電路153、以及資料庫155,並設置成控制前述裝置的運作。In the data source system 150, the communication circuit 151 is configured to perform data communication with the data service system 160, the blockchain system 180, and/or individual data owner devices through the Internet or other networks. The block chain operation circuit 153 is coupled to the communication circuit 151 , used to act as one of the nodes of the block chain system 180 , and can be used as a communication bridge between the data source system 150 and the block chain system 180 . The database 155 is used for storing data respectively corresponding to different data owners. The data server 157 is coupled to the communication circuit 151, the blockchain computing circuit 153, and the database 155, and is configured to control the operation of the aforementioned devices.

在資料服務系統160中,通信電路161設置成可透過網際網路或其他網路,與資料來源系統150、區塊鏈系統180、個別資料擁有者裝置、和/或個別資料請求者裝置進行資料通信。區塊鏈運算電路163耦接於通信電路161,用於扮演區塊鏈系統180的節點之一,並可做為資料服務系統160與區塊鏈系統180之間的溝通橋樑。資料庫165用於儲存資料服務系統160進行各種應用時所需的各種資料。網頁伺服器167耦接於通信電路161、區塊鏈運算電路163、以及資料庫165,並設置成控制前述裝置的運作。In the data service system 160, the communication circuit 161 is configured to communicate with the data source system 150, the blockchain system 180, individual data owner devices, and/or individual data requester devices through the Internet or other networks. communication. The block chain computing circuit 163 is coupled to the communication circuit 161 , used to act as one of the nodes of the block chain system 180 , and can be used as a communication bridge between the data service system 160 and the block chain system 180 . The database 165 is used to store various data required by the data service system 160 for various applications. The web server 167 is coupled to the communication circuit 161, the blockchain computing circuit 163, and the database 165, and is configured to control the operation of the aforementioned devices.

在實際應用中,前述的資料來源系統150可以是提供單一類型服務(例如,網路銀行服務、金融服務、合約文件管理服務、雲端儲存服務、多媒體檔案分享服務、生活紀錄分享服務、社群服務、財務管理服務、健康資訊管理服務等等)的系統,也可以是提供多種複合型服務的系統(例如,雲端儲存服務搭配電子郵件服務、多媒體資料分享服務搭配即時通訊服務、社群服務搭配多媒體串流服務、企業資源規劃(ERP)雲端服務搭配資料庫服務等等)。In practical applications, the aforementioned data source system 150 may provide a single type of service (for example, online banking service, financial service, contract file management service, cloud storage service, multimedia file sharing service, life record sharing service, community service , financial management service, health information management service, etc.), or a system that provides multiple composite services (for example, cloud storage service with email service, multimedia data sharing service with instant messaging service, community service with multimedia streaming services, enterprise resource planning (ERP) cloud services with database services, etc.).

本實施例中的區塊鏈系統180,是由資料擁有者裝置110中的區塊鏈運算電路113、資料來源系統150中的區塊鏈運算電路153、資料服務系統160中的區塊鏈運算電路163、以及區塊鏈節點叢集170中的多個區塊鏈節點171~177所共同組成。The blockchain system 180 in this embodiment is composed of the blockchain computing circuit 113 in the data owner device 110, the blockchain computing circuit 153 in the data source system 150, and the blockchain computing circuit in the data service system 160. The circuit 163 and a plurality of blockchain nodes 171-177 in the blockchain node cluster 170 are jointly formed.

實作上,通信電路111、131、151、與161皆可利用符合相關網路通信、無線通信、或是行動通信規範的各種適當電路來實現,例如網路卡(Network Interface Card,NIC)、無線傳輸(Wi-Fi)電路、或是行動通信電路等等。區塊鏈運算電路113、153、163、與區塊鏈節點171~177,皆可用適合進行區塊鏈的共識決演算法(consensus algorithm)運算的一個或多個處理器模組或電腦系統來實現。顯示裝置115與133皆可利用各種螢幕、投影裝置、電視等能夠顯示文字、資料、圖像、和/或影像的裝置來實現。資料庫155與165皆可利用各種關聯式資料庫或非關聯式資料庫來實現。控制電路117與135皆可利用具有適當運算能力的一個或多個處理器模組、單一電腦系統、或是多個電腦系統的組合來實現。資料伺服器157與網頁伺服器167,皆可以用單一伺服器來實現,也可以用位於相同地理區域、或是位於不同地理區域的多個伺服器組合來實現。In practice, the communication circuits 111, 131, 151, and 161 can be realized by using various appropriate circuits that comply with related network communication, wireless communication, or mobile communication specifications, such as network interface cards (Network Interface Card, NIC), Wireless transmission (Wi-Fi) circuit, or mobile communication circuit, etc. The block chain computing circuits 113, 153, 163, and the block chain nodes 171~177 can all be implemented by one or more processor modules or computer systems suitable for block chain consensus algorithm (consensus algorithm) operations. accomplish. Both the display devices 115 and 133 can be implemented by various screens, projection devices, televisions, and other devices capable of displaying text, data, images, and/or images. Both the databases 155 and 165 can be realized by using various relational databases or non-relational databases. Both the control circuits 117 and 135 can be implemented by one or more processor modules with appropriate computing capabilities, a single computer system, or a combination of multiple computer systems. Both the data server 157 and the web server 167 can be realized by a single server, or can be realized by a combination of multiple servers located in the same geographical area or in different geographical areas.

在某些實施例中,可將區塊鏈運算電路113整合到控制電路117中。同樣地,也可將區塊鏈運算電路153整合到資料伺服器157中,和/或將區塊鏈運算電路163整合到網頁伺服器167中。In some embodiments, the blockchain computing circuit 113 can be integrated into the control circuit 117 . Likewise, the blockchain computing circuit 153 can also be integrated into the data server 157 , and/or the blockchain computing circuit 163 can be integrated into the web server 167 .

請注意,前述的資料擁有者裝置110、資料請求者裝置130、資料來源系統150、以及資料服務系統160,在實際實施時皆可設置供用戶進行操控所需的其他人機介面裝置(例如,顯示器、鍵盤、滑鼠、觸控螢幕、聲控模組等等),但為了簡化圖面內容起見,這些人機介面裝置並未繪示在圖1中。Please note that the aforementioned data owner device 110, data requester device 130, data source system 150, and data service system 160 can be provided with other man-machine interface devices (for example, Display, keyboard, mouse, touch screen, voice control module, etc.), but for the sake of simplification of the content of the figure, these human-machine interface devices are not shown in Figure 1.

在資料擁有者裝置110所對應的資料擁有者是個人的應用環境中,資料擁有者裝置110可以利用具備聯網功能與合適運算能力的終端設備來實現,例如,平板電腦、桌上型電腦、筆記型電腦、行動通信裝置(例如,智慧型手機、穿戴式裝置等)、或是其他類似的裝置。同樣地,在資料請求者裝置130所對應的資料請求者是個人的應用環境中,資料請求者裝置130可以利用具備聯網功能與合適運算能力的終端設備來實現,例如,平板電腦、桌上型電腦、筆記型電腦、行動通信裝置(例如,智慧型手機、穿戴式裝置等)、或是其他類似的裝置。In the application environment where the data owner corresponding to the data owner device 110 is an individual, the data owner device 110 can be realized by using a terminal device with a networking function and suitable computing capability, such as a tablet computer, a desktop computer, a notebook personal computers, mobile communication devices (such as smart phones, wearable devices, etc.), or other similar devices. Similarly, in the application environment where the data requester corresponding to the data requester device 130 is an individual, the data requester device 130 can be realized by using a terminal device with a networking function and suitable computing capabilities, such as a tablet computer, a desktop computer, etc. Computers, laptops, mobile communication devices (eg, smartphones, wearable devices, etc.), or other similar devices.

在資料擁有者裝置110所對應的資料擁有者是各種類型的企業或公司組織、財團法人、社團法人、非營利機構、政府機構的應用環境中,資料擁有者裝置110可以利用具備聯網功能與合適運算能力的終端設備或資訊系統來實現,例如,平板電腦、桌上型電腦、筆記型電腦、行動通信裝置、電腦伺服器、管理資訊系統(MIS)、企業資源規劃(ERP)系統、或是其他類似的設備。同樣地,在資料請求者裝置130所對應的資料請求者是各種類型的企業或公司組織、財團法人、社團法人、非營利機構、政府機構的應用環境中,資料請求者裝置130可以利用具備聯網功能與合適運算能力的終端設備或資訊系統來實現,例如,平板電腦、桌上型電腦、筆記型電腦、行動通信裝置、電腦伺服器、管理資訊系統、企業資源規劃系統、或是其他類似的設備。In the application environment where the data owners corresponding to the data owner device 110 are various types of enterprises or corporate organizations, foundations, corporate legal persons, non-profit organizations, and government agencies, the data owner device 110 can use a network function and a suitable Terminal equipment or information systems with computing power, such as tablet computers, desktop computers, notebook computers, mobile communication devices, computer servers, management information systems (MIS), enterprise resource planning (ERP) systems, or other similar devices. Similarly, in the application environment where the data requesters corresponding to the data requester device 130 are various types of enterprises or corporate organizations, foundations, corporate legal persons, non-profit organizations, and government agencies, the data requester device 130 can utilize functions and suitable computing capabilities of terminal equipment or information systems, such as tablet computers, desktop computers, notebook computers, mobile communication devices, computer servers, management information systems, enterprise resource planning systems, or other similar equipment.

為了方便說明起見,以下將資料擁有者裝置110所對應的特定資料擁有者稱之為資料擁有者D1,將資料擁有者裝置120所對應的特定資料擁有者稱之為資料擁有者D2,將資料請求者裝置130所對應的特定資料請求者稱之為資料請求者R1,並將資料請求者裝置140所對應的特定資料請求者稱之為資料請求者R2。For convenience of description, the specific data owner corresponding to the data owner device 110 is referred to as the data owner D1 below, and the specific data owner corresponding to the data owner device 120 is referred to as the data owner D2. The specific data requester corresponding to the data requester device 130 is called a data requester R1, and the specific data requester corresponding to the data requester device 140 is called a data requester R2.

實作上,前述的資料擁有者裝置110、資料請求者裝置130、資料來源系統150、以及資料服務系統160,也都可以用設置在各種雲端平台上的虛擬機器、或各種計算實體與儲存實體的組合來實現,並由各自的使用者進行遠端操控。In practice, the aforementioned data owner device 110, data requester device 130, data source system 150, and data service system 160 can also be used as virtual machines installed on various cloud platforms, or various computing entities and storage entities Combination to achieve, and remote control by the respective users.

另外,在某些應用環境中,區塊鏈系統180可以用各種公有鏈的架構來實現。在另一些應用環境中,則可用私有鏈或聯盟鏈的架構來實現區塊鏈系統180,以縮短相關運算所需的時間、提升區塊鏈系統180的運作效率。In addition, in some application environments, the blockchain system 180 can be implemented with various public chain architectures. In other application environments, the blockchain system 180 can be implemented with the architecture of a private chain or an alliance chain, so as to shorten the time required for related calculations and improve the operational efficiency of the blockchain system 180 .

以下將搭配圖2至圖6來進一步說明資料取用權限控管系統100進行資料取用權限控管的運作流程。圖2至圖6為本發明一實施例的資料取用權限控管方法簡化後的流程圖。The operation process of the data access authority control system 100 for data access authority control will be further described below with reference to FIG. 2 to FIG. 6 . 2 to 6 are simplified flowcharts of a data access authority control method according to an embodiment of the present invention.

在圖2至圖6的流程圖中,位於一特定裝置所屬欄位中的流程,即代表由該特定裝置所進行的流程。例如,標記在「資料擁有者裝置」欄位中的部分,是由資料擁有者裝置110~120的其中之一所進行的流程;標記在「資料請求者裝置」欄位中的部分,是由資料請求者裝置130~140的其中之一所進行的流程;標記在「資料來源系統」欄位中的部分,是由資料來源系統150所進行的流程;標記在「資料服務系統」欄位中的部分,是由資料服務系統160所進行的流程;標記在「區塊鏈系統」欄位中的部分,則是由區塊鏈系統180所進行的流程。In the flowcharts of FIG. 2 to FIG. 6 , the process in the column of a specific device represents the process performed by the specific device. For example, the part marked in the field of "data owner's device" is the process performed by one of the data owner's devices 110~120; the part marked in the field of "data requester's device" is performed by The process performed by one of the data requester devices 130-140; the part marked in the "data source system" column is the process performed by the data source system 150; marked in the "data service system" column The part in is the process carried out by the data service system 160; the part marked in the column of "block chain system" is the process carried out by the block chain system 180.

如前所述,資料取用權限控管系統100可用來控管個人或企業組織等各種類型的多個資料擁有者的相關資料的取用權限,並可採用零知識證明(ZKP)機制來驗證資料擁有者所提供的資料的真實性。因此,資料取用權限控管系統100可用來實現許多不同情境的應用。例如,資料取用權限控管系統100可用來協助個別使用者進行各種貸款缺額借貸(loan gap lending)活動。As mentioned above, the data access authority control system 100 can be used to control the access authority of relevant data of multiple data owners of various types such as individuals or business organizations, and can use the zero-knowledge proof (ZKP) mechanism to verify The authenticity of the data provided by the data owner. Therefore, the data access authority control system 100 can be used to implement applications in many different scenarios. For example, the data access authority control system 100 can be used to assist individual users to perform various loan gap lending activities.

眾所周知,許多個人或企業在購買房屋、土地、汽車、飛機、或是其他類型的動產或不動產時,會需要向銀行等金融機構申請貸款(例如,房屋貸款、土地貸款、汽車貸款、信用貸款等等)。然而,基於各種不同的因素(例如,政策管制、信用評等限制、或是抵押品不足),銀行等金融機構有可能無法全額核准貸款申請人的申貸金額(loan amount),使得貸款申請人面臨貸款缺額(loan-gap)的情況。As we all know, many individuals or enterprises need to apply for loans from financial institutions such as banks (for example, housing loans, land loans, car loans, credit loans, etc.) wait). However, based on various factors (for example, policy control, credit rating restrictions, or insufficient collateral), financial institutions such as banks may not be able to fully approve the loan amount of the loan applicant, making the loan applicant Facing a loan-gap situation.

在某些貸款情境中,如果貸款申請人沒辦法在金融機構要求的期限之前自行募資填補貸款缺額,甚至可能導致貸款申請被金融機構拒絕的問題。然而,對很多貸款申請人而言,要填補貸款缺額並不是一件容易的事,尤其是在有時間壓力的情況下。在此情況下,便可利用資料取用權限控管系統100協助貸款申請人向其他個人或投資單位(例如,前述的資料請求者)發起(initiate)貸款缺額借貸,以協助貸款申請人處理貸款缺額的問題。In some loan scenarios, if the loan applicant fails to raise funds to fill the loan gap before the deadline required by the financial institution, it may even lead to the rejection of the loan application by the financial institution. However, filling loan gaps is not an easy task for many loan applicants, especially when there is time pressure. In this case, the data access authority control system 100 can be used to assist the loan applicant to initiate (initiate) a shortfall loan to other individuals or investment units (for example, the aforementioned data requester), so as to assist the loan applicant to process the loan shortage problem.

為了方便理解,以下將以資料取用權限控管系統100協助一貸款申請人透過資料服務系統160進行房貸缺額借貸(home-loan-gap lending/housing-loan-gap lending)的應用情境為例,來說明資料取用權限控管系統100的資料取用權限控管運作。To facilitate understanding, the following will take the application scenario where the data access authority control system 100 assists a loan applicant to carry out home-loan-gap lending/housing-loan-gap lending through the data service system 160 as an example, The operation of the data access authority control of the data access authority control system 100 will be described.

一般而言,當個別貸款申請人向銀行等金融機構申請房屋貸款(home loan/housing loan)時,銀行等金融機構會對個別貸款申請人的工作性質、信用狀況、收入狀況、償債能力、和/或其他條件進行徵信,並產生相應的信用評估報告。此外,銀行等金融機構也會對相關貸款標的(亦即,在本例中為貸款申請人要購買的房屋)的狀況及價值進行調查與鑑價,並產生相應的鑑價報告。Generally speaking, when individual loan applicants apply for housing loans (home loan/housing loan) from banks and other financial institutions, banks and other financial institutions will assess individual loan applicants' job nature, credit status, income status, debt repayment ability, and/or other conditions, and generate a corresponding credit evaluation report. In addition, financial institutions such as banks will also investigate and evaluate the condition and value of the relevant loan subject (that is, the house to be purchased by the loan applicant in this example), and generate a corresponding appraisal report.

經過各種評估程序之後,如果銀行等金融機構認為可以貸款給貸款申請人,便可產生並提供相關的貸款合約文件(或貸款合約草案文件)給貸款申請人。當金融機構同意的核貸金額(approved loan amount)低於貸款申請人所需的金額時,便會產生一房貸缺額(home loan gap/housing loan gap)Y。例如,前述的房貸缺額Y有可能是房屋價格(house price)P減去核貸金額L後的金額(亦即,Y=P-L)。又例如,前述的房貸缺額Y有可能是房屋價格P減去貸款申請人自備的頭期款(down payment)D及核貸金額L後的金額(亦即,Y=P-D-L)。又例如,前述的房貸缺額Y有可能是房屋價格P加上預估裝潢費用(estimated decoration fee)C後的總額,再減去貸款申請人自備的頭期款D及核貸金額L後的金額(亦即,Y=P+C-D-L)。有些金融機構還會要求貸款申請人必須在指定期限之內找到填補房貸缺額的方法,否則就可能導致房屋貸款申請被拒絕的問題。After various evaluation procedures, if banks and other financial institutions think that they can lend to the loan applicant, they can generate and provide relevant loan contract documents (or loan contract draft documents) to the loan applicant. When the approved loan amount agreed by the financial institution is lower than the amount required by the loan applicant, a home loan gap (housing loan gap) Y occurs. For example, the aforementioned mortgage shortfall Y may be the amount obtained by subtracting the approved loan amount L from the house price (house price) (that is, Y=P-L). For another example, the aforementioned mortgage shortfall Y may be the housing price P minus the loan applicant's own down payment (down payment) D and approved loan amount L (that is, Y=P-D-L). As another example, the aforementioned mortgage shortfall Y may be the total amount of the house price P plus the estimated decoration fee (estimated decoration fee) C, minus the down payment D prepared by the loan applicant and the approved loan amount L amount (that is, Y=P+C-D-L). Some financial institutions also require loan applicants to find a way to fill the mortgage gap within a specified period, otherwise it may lead to the rejection of the housing loan application.

為了方便說明起見,以下將假設前述的貸款申請人(或稱為借款方,borrower party)是資料擁有者裝置110所對應的資料擁有者D1,並假設前述的金融機構是資料來源系統150的運營單位。另外,以下也假設有可能借款給貸款申請人的投資方(或稱為放款方,lender party),是前述的資料請求者裝置130所對應的資料請求者R1、和/或資料請求者裝置140所對應的資料請求者R2。For convenience of description, it will be assumed that the aforementioned loan applicant (or borrower party) is the data owner D1 corresponding to the data owner device 110 , and that the aforementioned financial institution is the data source system 150 operating unit. In addition, the following also assumes that the investor (or called lender, lender party) that may lend money to the loan applicant is the data requester R1 corresponding to the aforementioned data requester device 130 and/or the data requester device 140 The corresponding data requester R2.

如前所述,當資料擁有者D1向金融機構(亦即,資料來源系統150的運營單位)申請房屋貸款時,資料來源系統150的運營單位可產生與資料擁有者D1相應的信用評估報告,以及與貸款標的(亦即,資料擁有者D1要購買的房屋)相應的鑑價報告。如果資料來源系統150的運營單位評估後認為可以貸款給資料擁有者D1,則還可產生對應於資料擁有者D1的貸款合約文件/貸款合約草案文件。As mentioned above, when the data owner D1 applies for a housing loan from a financial institution (that is, the operating unit of the data source system 150), the operating unit of the data source system 150 can generate a credit evaluation report corresponding to the data owner D1, And an appraisal report corresponding to the loan object (that is, the house to be purchased by the data owner D1). If the operating unit of the data source system 150 considers that the loan can be given to the data owner D1 after evaluation, it can also generate a loan contract file/loan contract draft file corresponding to the data owner D1.

同樣地,當其他貸款申請人(例如,資料擁有者裝置120所對應的資料擁有者D2)向資料來源系統150的運營單位申請房屋貸款時,資料來源系統150的運營單位也可產生相關的信用評估報告、鑑價報告、和/或貸款合約文件/貸款合約草案文件。Similarly, when other loan applicants (for example, the data owner D2 corresponding to the data owner device 120) apply for housing loans from the operating unit of the data source system 150, the operating unit of the data source system 150 can also generate relevant credit Appraisal report, appraisal report, and/or loan contract document/draft loan contract document.

前述與個別貸款申請人有關的信用評估報告、鑑價報告、和/或貸款合約文件/貸款合約草案文件,在某種程度上都是對應於個別貸款申請人的機敏性資料(sensitive data)。由於這些機敏性資料的內容涉及個別貸款申請人的個人資訊或隱私,所以個別貸款申請人在某種角度上也可視為相關機敏性資料的擁有者。The aforementioned credit evaluation report, appraisal report, and/or loan contract document/loan contract draft document related to individual loan applicants are sensitive data corresponding to individual loan applicants to some extent. Since the content of these sensitive data involves the personal information or privacy of individual loan applicants, individual loan applicants can also be regarded as the owner of relevant sensitive data from a certain perspective.

如圖2所示,資料來源系統150的運營單位產生與個別貸款申請人有關的機敏性資料(例如,前述的信用評估報告、鑑價報告、和/或貸款合約文件/貸款合約草案文件)時,可利用資料來源系統150進行流程202。As shown in FIG. 2, when the operating unit of the data source system 150 generates sensitive data related to individual loan applicants (for example, the aforementioned credit evaluation report, appraisal report, and/or loan contract document/loan contract draft document) , the process 202 can be performed by using the data source system 150 .

在流程202中,資料伺服器157的管理者或操作人員,可利用資料庫155儲存分別對應於不同資料擁有者(例如,不同的貸款申請人)的多份機敏性資料。由前述說明可知,儲存於資料庫155中的機敏性資料,可以是前述與個別貸款申請人有關的信用評估報告、鑑價報告、和/或貸款合約文件/貸款合約草案文件。換言之,流程202可以是間歇性進行的運作。在正常情況下,為了確保貸款申請人的權益,資料來源系統150的運營單位不會在沒有取得貸款申請人同意的情況下,將資料庫155中所儲存的前述與貸款申請人有關的機敏性資料提供給第三方。In the process 202 , the manager or operator of the data server 157 can use the database 155 to store multiple sensitive data corresponding to different data owners (eg, different loan applicants). As can be seen from the foregoing description, the sensitivity data stored in the database 155 may be the aforementioned credit evaluation report, appraisal report, and/or loan contract document/loan contract draft document related to an individual loan applicant. In other words, the process 202 may be performed intermittently. Under normal circumstances, in order to ensure the rights and interests of loan applicants, the operating unit of the data source system 150 will not, without the consent of the loan applicant, store the aforesaid information related to the loan applicant stored in the database 155. Information provided to third parties.

在流程204中,資料伺服器157可建立個別資料擁有者與一對相應的證明金鑰(proof key)和驗證金鑰(verification key)之間的對應關係。例如,資料伺服器157可建立資料擁有者D1與一對相應的證明金鑰PK1和驗證金鑰VK1之間的對應關係。同樣地,資料伺服器157也可建立資料擁有者D2與另一對相應的證明金鑰PK2和驗證金鑰VK2之間的對應關係。在實作上,不同資料擁有者所對應的金鑰對會有所不同。In the process 204 , the data server 157 can establish a corresponding relationship between an individual data owner and a corresponding pair of proof key and verification key. For example, the data server 157 can establish a corresponding relationship between the data owner D1 and a pair of corresponding proof key PK1 and verification key VK1 . Similarly, the data server 157 can also establish a corresponding relationship between the data owner D2 and another pair of corresponding proof key PK2 and verification key VK2 . In practice, the key pairs corresponding to different data owners will be different.

如圖2所示,資料來源系統150的管理者或操作人員,可利用資料來源系統150搭配區塊鏈系統180進行流程206至流程210,以在區塊鏈系統180中部署可供資料服務系統160檢核個別資料擁有者裝置產生的證明值(proof)所需的相關智能合約。As shown in Figure 2, the manager or operator of the data source system 150 can use the data source system 150 to cooperate with the block chain system 180 to perform process 206 to process 210, so as to deploy available data service systems in the block chain system 180 160 Check the relevant smart contracts required for the proof value (proof) generated by the device of the individual data owner.

在流程206中,資料伺服器157可在其管理者或操作人員的操控下,依據個別資料擁有者的證明金鑰和驗證金鑰的一配對關係、以及一預定驗證規則(predetermined verification rule),建立一個或多個零知識證明智能合約SC-ZKP。前述的預定驗證規則可以包含一或多個約束項目(constraint)。實作上,資料伺服器157可針對不同的資料擁有者分別建立多個不同的零知識證明智能合約SC-ZKP,或是將不同資料擁有者所對應的金鑰對的配對關係,整合在同一零知識證明智能合約SC-ZKP中。In the process 206, the data server 157 can be controlled by its administrator or operator, according to a pairing relationship between the certification key and the verification key of an individual data owner, and a predetermined verification rule (predetermined verification rule), Establish one or more zero-knowledge proof smart contracts SC-ZKP. The foregoing predetermined verification rules may include one or more constraint items (constraint). In practice, the data server 157 can establish multiple different zero-knowledge proof smart contracts SC-ZKP for different data owners, or integrate the pairing relationship of key pairs corresponding to different data owners in the same A zero-knowledge proof smart contract SC-ZKP.

在本實施例中,資料伺服器157可將資料擁有者D1所對應的證明金鑰PK1和驗證金鑰VK1之間的配對關係、以及一第一預定驗證規則,編輯成一個專用(dedicated)的零知識證明智能合約SC-ZKP。前述的第一預定驗證規則可以包含只有資料擁有者D1以及資料來源系統150的運營單位才知道正確資訊的一或多個約束項目。In this embodiment, the data server 157 can compile the pairing relationship between the certification key PK1 and the verification key VK1 corresponding to the data owner D1, and a first predetermined verification rule into a dedicated Zero-knowledge proof smart contract SC-ZKP. The aforementioned first predetermined verification rule may include one or more constraint items that only the data owner D1 and the operating unit of the data source system 150 know the correct information.

例如,第一預定驗證規則中的約束項目,可以是一房屋價格減去一核貸金額後的差額,會等於一預定缺額。For example, the constraint item in the first pre-determined verification rule may be that the difference between a house price minus a loan amount will be equal to a pre-determined shortfall.

又例如,第一預定驗證規則中的約束項目,可以是將一房屋價格與一第一亂數值共同進行一合適的雜湊演算法運算(hashing algorithm operation)之後的結果,會等於一第一預定雜湊值(first predetermined hash value),其中,該第一亂數值是由資料伺服器157隨機選取、且不會告知資料擁有者D1。For another example, the constraint item in the first predetermined verification rule may be the result of performing a suitable hashing algorithm operation (hashing algorithm operation) on a house price and a first random value, which will be equal to a first predetermined hash value (first predetermined hash value), wherein the first random value is randomly selected by the data server 157 and will not be notified to the data owner D1.

又例如,第一預定驗證規則中的約束項目,可以是將一核貸金額與一第二亂數值共同進行一合適的雜湊演算法運算之後的結果,會等於一第二預定雜湊值(second predetermined hash value),其中,該第二亂數值是由資料伺服器157隨機選取、且不會告知資料擁有者D1。For another example, the constraint item in the first predetermined verification rule may be the result of performing a suitable hash algorithm operation on a loan amount and a second random value, which will be equal to a second predetermined hash value (second predetermined hash value), wherein, the second random value is randomly selected by the data server 157 and will not be notified to the data owner D1.

又例如,第一預定驗證規則中的約束項目,可以是一待驗證密碼會等於資料來源系統150的運營單位分配給資料擁有者D1的一唯一性密碼。For another example, the constraint item in the first predetermined verification rule may be that a password to be verified is equal to a unique password assigned to the data owner D1 by the operating unit of the data source system 150 .

又例如,第一預定驗證規則中的約束項目,可以是一待驗證識別資料會等於資料擁有者D1所對應的一唯一性識別資料(例如,資料擁有者D1的身份證號、統一編號、或是資料來源系統150的運營單位提供給資料擁有者D1的一貸款文件的一文件編號)。For another example, the constraint item in the first predetermined verification rule may be that the identification data to be verified will be equal to a unique identification data corresponding to the data owner D1 (for example, the ID number, unified number, or is a file number of a loan file provided by the operating unit of the data source system 150 to the data owner D1).

又例如,第一預定驗證規則中的約束項目,可以是一房屋價格會等於一第一預定金額。For another example, the constraint item in the first predetermined verification rule may be that a house price will be equal to a first predetermined amount.

又例如,第一預定驗證規則中的約束項目,可以是一核貸金額會等於一第二預定金額。For another example, the constraint item in the first predetermined verification rule may be that a verified loan amount will be equal to a second predetermined amount.

在某些實施例中,第一預定驗證規則可以只包含前述多個不同約束項目的其中之一。在另一些實施例中,第一預定驗證規則可以同時包含前述多個不同約束項目中的複數個項目。In some embodiments, the first predetermined verification rule may only contain one of the aforementioned multiple different constraint items. In some other embodiments, the first predetermined verification rule may simultaneously contain multiple items among the aforementioned multiple different constraint items.

同樣地,資料伺服器157可將資料擁有者D2所對應的證明金鑰PK2和驗證金鑰VK2之間的配對關係、以及一第二預定驗證規則,編輯成另一個不同的零知識證明智能合約SC-ZKP。Similarly, the data server 157 can edit the pairing relationship between the proof key PK2 and the verification key VK2 corresponding to the data owner D2 and a second predetermined verification rule into another different zero-knowledge proof smart contract SC-ZKP.

或者,資料伺服器157也可將對應於資料擁有者D1的證明金鑰PK1和驗證金鑰VK1之間的配對關係及相應的第一驗證規則,以及對應於資料擁有者D2的證明金鑰PK2和驗證金鑰VK2之間的配對關係及相應的第二驗證規則,以適當的形式整合在同一零知識證明智能合約SC-ZKP中。Alternatively, the data server 157 can also share the pairing relationship between the certification key PK1 corresponding to the data owner D1 and the verification key VK1 and the corresponding first verification rule, and the certification key PK2 corresponding to the data owner D2 The pairing relationship with the verification key VK2 and the corresponding second verification rules are integrated in the same zero-knowledge proof smart contract SC-ZKP in an appropriate form.

在流程208中,資料伺服器157可利用通信電路151或區塊鏈運算電路153,使用資料來源系統150所對應的一預定訊標,將產生的一或多個零知識證明智能合約SC-ZKP傳送給區塊鏈系統180,並指示區塊鏈系統180對前述的零知識證明智能合約SC-ZKP進行認證。In the process 208, the data server 157 can use the communication circuit 151 or the block chain operation circuit 153 to use a predetermined signal corresponding to the data source system 150 to generate one or more zero-knowledge proof smart contracts SC-ZKP Send it to the blockchain system 180, and instruct the blockchain system 180 to authenticate the aforementioned zero-knowledge proof smart contract SC-ZKP.

在此情況下,區塊鏈系統180會進行流程210,利用多個節點執行合適的共識決演算法來對接收到的零知識證明智能合約SC-ZKP進行認證。倘若零知識證明智能合約SC-ZKP通過區塊鏈系統180的認證,區塊鏈系統180便會將前述的零知識證明智能合約SC-ZKP以資料區塊的形式儲存在區塊鏈系統180的區塊鏈帳本中,以完成將前述的零知識證明智能合約SC-ZKP部署到區塊鏈系統180中的程序。In this case, the blockchain system 180 will proceed to the process 210, using multiple nodes to execute a suitable consensus decision algorithm to authenticate the received zero-knowledge proof smart contract SC-ZKP. If the zero-knowledge proof smart contract SC-ZKP passes the authentication of the blockchain system 180, the blockchain system 180 will store the aforementioned zero-knowledge proof smart contract SC-ZKP in the form of a data block in the blockchain system 180. In the blockchain ledger, the procedure of deploying the aforementioned zero-knowledge proof smart contract SC-ZKP into the blockchain system 180 is completed.

另一方面,區塊鏈系統180的運營者或具有權限的特定人員可利用合適的編程方式,將後續進行資料取用權限控管所需的相關智能合約部署在區塊鏈系統180中。在實際應用中,前述具有權限的特定人員,可以是由區塊鏈系統180的運營單位、資料來源系統150的運營單位、資料服務系統160的運營單位、相關資料擁有者、和/或相關資料請求者所共同組成的工作群組中的特定人員,或是參與資料取用權限控管系統100運作的特定人員。On the other hand, the operator of the blockchain system 180 or a specific person with authority can use a suitable programming method to deploy relevant smart contracts required for subsequent data access authority control in the blockchain system 180 . In practical applications, the above-mentioned specific personnel with authority may be the operating unit of the blockchain system 180, the operating unit of the data source system 150, the operating unit of the data service system 160, relevant data owners, and/or relevant data Specific personnel in the working group formed by the requester, or specific personnel participating in the operation of the data access authority control system 100 .

例如,區塊鏈系統180的運營者或建構人員可編輯並建立包含訊標管理規則的一智能合約,並利用合適的通信裝置(例如,電腦)將該智能合約以交易信息(transaction message)的形式傳送至區塊鏈系統180,並指示區塊鏈系統180對該智能合約進行認證。For example, the operator or builder of the blockchain system 180 can edit and create a smart contract containing beacon management rules, and use a suitable communication device (such as a computer) to use the smart contract as a transaction message (transaction message) The form is transmitted to the blockchain system 180 and instructs the blockchain system 180 to authenticate the smart contract.

此時,區塊鏈系統180會進行流程212,利用多個節點執行合適的共識決演算法來對包含訊標管理規則的智能合約進行認證。倘若該智能合約通過區塊鏈系統180的認證,區塊鏈系統180便會將該智能合約以資料區塊的形式儲存在區塊鏈系統180的區塊鏈帳本中,以完成將一訊標管理智能合約SC-TM部署到區塊鏈系統180中的程序。在後續的運作階段中,區塊鏈系統180可利用訊標管理智能合約SC-TM來檢核及控管與個別資料擁有者相應的不同訊標的有效性。At this time, the block chain system 180 will proceed to the process 212, using multiple nodes to execute a suitable consensus decision algorithm to authenticate the smart contract including the beacon management rules. If the smart contract passes the authentication of the blockchain system 180, the blockchain system 180 will store the smart contract in the blockchain ledger of the blockchain system 180 in the form of a data block to complete the transfer of a message. The standard management smart contract SC-TM is deployed to the program of the blockchain system 180. In the subsequent operation stage, the blockchain system 180 can use the token management smart contract SC-TM to check and control the validity of different tokens corresponding to individual data owners.

同樣地,區塊鏈系統180的運營者或建構人員可編輯並建立包含資料授權政策管理規則的一智能合約,並利用合適的通信裝置(例如,電腦)將該智能合約以交易信息的形式傳送至區塊鏈系統180,並指示區塊鏈系統180對該智能合約進行認證。Similarly, the operator or builder of the blockchain system 180 can edit and create a smart contract containing data authorization policy management rules, and use a suitable communication device (for example, a computer) to transmit the smart contract in the form of transaction information To the blockchain system 180, and instruct the blockchain system 180 to authenticate the smart contract.

此時,區塊鏈系統180可進行流程214,利用多個節點執行合適的共識決演算法來對包含資料授權政策管理規則的智能合約進行認證。倘若該智能合約通過區塊鏈系統180的認證,區塊鏈系統180便會將該智能合約以資料區塊的形式儲存在區塊鏈系統180的區塊鏈帳本中,以完成將一授權政策智能合約SC-PL部署到區塊鏈系統180中的程序。在後續的運作階段中,區塊鏈系統180可利用授權政策智能合約SC-PL來進行個別資料擁有者所設定的資料授權政策的版本控制。At this time, the block chain system 180 can perform the process 214, using multiple nodes to execute a suitable consensus decision algorithm to authenticate the smart contract including the data authorization policy management rules. If the smart contract passes the authentication of the blockchain system 180, the blockchain system 180 will store the smart contract in the blockchain ledger of the blockchain system 180 in the form of a data block, so as to complete an authorization The procedure for deploying the policy smart contract SC-PL into the blockchain system 180. In the subsequent operation stage, the blockchain system 180 can use the authorization policy smart contract SC-PL to perform version control of the data authorization policy set by individual data owners.

在流程216中,資料伺服器157可透過通信電路151或區塊鏈運算電路153,傳送對應於個別目標使用者(target user)的證明金鑰給相應的資料擁有者裝置。例如,資料伺服器157可透過通信電路151或區塊鏈運算電路153,傳送對應於資料擁有者D1的證明金鑰PK1給相應的資料擁有者裝置110。在此情況下,資料擁有者裝置110可進行流程218,以利用通信電路111接收資料來源系統150提供的證明金鑰PK1。In the process 216 , the data server 157 can transmit the certification key corresponding to an individual target user to the corresponding data owner device through the communication circuit 151 or the block chain operation circuit 153 . For example, the data server 157 can transmit the certification key PK1 corresponding to the data owner D1 to the corresponding data owner device 110 through the communication circuit 151 or the block chain operation circuit 153 . In this case, the data owner device 110 may perform the process 218 to use the communication circuit 111 to receive the certification key PK1 provided by the data source system 150 .

同樣地,資料伺服器157可透過通信電路151或區塊鏈運算電路153,傳送對應於資料擁有者D2的證明金鑰PK2給相應的資料擁有者裝置120。在此情況下,資料擁有者裝置120可進行流程218,以接收資料來源系統150提供的證明金鑰PK2。Similarly, the data server 157 can transmit the certification key PK2 corresponding to the data owner D2 to the corresponding data owner device 120 through the communication circuit 151 or the block chain operation circuit 153 . In this case, the data owner device 120 may perform the process 218 to receive the certification key PK2 provided by the data source system 150 .

實作上,資料來源系統150可在相同的時間點傳送相關的證明金鑰給不同的資料擁有者裝置,也可以在不同的時間點傳送相關的證明金鑰給不同的資料擁有者裝置。In practice, the data source system 150 can transmit the relevant certification keys to different data owner devices at the same time point, or can transmit the relevant certification keys to different data owner devices at different time points.

在某些實施例中,資料伺服器157還可透過通信電路151或區塊鏈運算電路153,傳送對應於個別目標使用者的驗證金鑰的識別資料給相應的資料擁有者裝置。例如,資料伺服器157可透過通信電路151或區塊鏈運算電路153,傳送對應於資料擁有者D1的驗證金鑰VK1的識別資料給相應的資料擁有者裝置110。在此情況下,資料擁有者裝置110可利用通信電路111接收資料來源系統150提供的驗證金鑰VK1的識別資料。同樣地,資料伺服器157可透過通信電路151或區塊鏈運算電路153,傳送對應於資料擁有者D2的驗證金鑰VK2的識別資料給相應的資料擁有者裝置120。在此情況下,資料擁有者裝置120可接收資料來源系統150提供的驗證金鑰VK2的識別資料。In some embodiments, the data server 157 can also transmit the identification data corresponding to the verification key of an individual target user to the corresponding data owner device through the communication circuit 151 or the block chain operation circuit 153 . For example, the data server 157 can transmit the identification data corresponding to the verification key VK1 of the data owner D1 to the corresponding data owner device 110 through the communication circuit 151 or the block chain operation circuit 153 . In this case, the data owner device 110 can use the communication circuit 111 to receive the identification data of the verification key VK1 provided by the data source system 150 . Similarly, the data server 157 can transmit the identification data corresponding to the verification key VK2 of the data owner D2 to the corresponding data owner device 120 through the communication circuit 151 or the block chain operation circuit 153 . In this case, the data owner device 120 may receive the identification data of the verification key VK2 provided by the data source system 150 .

在另一實施例中,資料伺服器157可透過通信電路151或區塊鏈運算電路153,將對應於個別目標使用者的資料擁有者裝置的識別資料、對應於個別目標使用者的驗證金鑰的識別資料、和/或對應於個別目標使用者的識別資料,傳送給資料服務系統160和/或區塊鏈系統180。在此情況下,資料服務系統160的通信電路161、和/或區塊鏈系統180,可接收資料來源系統150提供的前述識別資料。In another embodiment, the data server 157 can use the communication circuit 151 or the block chain operation circuit 153 to transfer the identification data of the data owner device corresponding to the individual target user and the verification key corresponding to the individual target user The identification information of the user, and/or the identification information corresponding to the individual target user, is transmitted to the data service system 160 and/or the block chain system 180. In this case, the communication circuit 161 of the data service system 160 and/or the blockchain system 180 can receive the aforementioned identification data provided by the data source system 150 .

如前所述,資料取用權限控管系統100可協助資料擁有者D1透過資料服務系統160,向其他個人或投資單位發起(initiate)房貸缺額借貸,以請求其他個人或投資單位借貸資金給資料擁有者D1。只要其他個人或投資單位同意借貸足夠資金給資料擁有者D1,便可協助資料擁有者D1解決房貸缺額的問題。As mentioned above, the data access authority control system 100 can assist the data owner D1 to initiate mortgage shortfall loans to other individuals or investment units through the data service system 160, so as to request other individuals or investment units to lend funds to the data Owner D1. As long as other individuals or investment units agree to lend sufficient funds to the data owner D1, they can assist the data owner D1 to solve the problem of housing loan shortfall.

當目標使用者想利用資料服務系統160進行一預定活動時,相應的資料擁有者裝置可進行圖2中的流程220,以要求目標使用者輸入一些相對低機敏性資料(data of relatively low-sensitivity)、以及一或多個待驗證資料(data to be verified),做為該預定活動的相關資料。When the target user wants to use the data service system 160 to perform a predetermined activity, the corresponding data owner device can perform the process 220 in FIG. 2 to require the target user to input some relatively low-sensitivity data (data of relatively low-sensitivity ), and one or more data to be verified (data to be verified), as the relevant data of the predetermined activity.

例如,在本實施例中,當資料擁有者D1想利用資料服務系統160進行一房貸缺額借貸活動時,可操控資料擁有者裝置110登入資料服務系統160,以建立一房貸缺額借貸案件(home-loan-gap/housing-loan-gap lending case),藉此發起一房貸缺額借貸活動(home-loan-gap/housing-loan-gap lending activity)。在此情況下,資料服務系統160的網頁伺服器167可產生並傳送相關的資料填寫頁面給資料擁有者裝置110,而資料擁有者裝置110的通信電路111則可接收網頁伺服器167傳來的資料填寫頁面。For example, in this embodiment, when the data owner D1 wants to use the data service system 160 to carry out a home loan shortfall loan activity, the data owner device 110 can be controlled to log into the data service system 160 to create a home loan shortfall loan case (home- loan-gap/housing-loan-gap lending case) to initiate a home-loan-gap/housing-loan-gap lending activity. In this case, the web server 167 of the data service system 160 can generate and send relevant data filling pages to the data owner device 110, and the communication circuit 111 of the data owner device 110 can receive the information sent by the web server 167. Fill in the information page.

此時,控制電路117可進行流程220,以控制顯示裝置115顯示網頁伺服器167所提供資料填寫頁面,以要求目標使用者(例如,在本實施例中為資料擁有者D1)輸入一些相對低機敏性資料、以及一或多個待驗證資料。At this time, the control circuit 117 can perform the process 220 to control the display device 115 to display the data filling page provided by the web server 167, so as to require the target user (for example, the data owner D1 in this embodiment) to input some relatively low Sensitivity data, and one or more data to be verified.

前述的相對低機敏性資料可以包含使用者暱稱、一借款總額(total borrowing amount)、借款期間、借款利率、利息支付週期、本金攤還周期、和/或其他借貸條件等較不涉及資料擁有者D1的個人隱私的一般性資料。在某些實施例中,前述的相對低機敏性資料也可包含一貸款標的(例如,在本例中為資料擁有者D1要購買的房屋)的基本資料,例如,地理區域、屋齡、樓層等。The aforementioned relatively low-sensitivity information may include user nickname, total borrowing amount, loan period, loan interest rate, interest payment cycle, principal amortization cycle, and/or other loan conditions, etc. General information about the personal privacy of the applicant D1. In some embodiments, the aforementioned relatively low-sensitivity data may also include basic data of a loan target (for example, in this example, the house to be purchased by the data owner D1), such as geographic area, house age, floor wait.

在一實施例中,前述的待驗證資料是一房屋價格。在另一實施例中,前述的待驗證資料是一核貸金額。在另一實施例中,前述的待驗證資料是一房屋價格以及一核貸金額。在另一實施例中,前述的待驗證資料是資料來源系統150的運營單位分配給資料擁有者D1的一唯一性密碼。在另一實施例中,前述的待驗證資料是資料擁有者D1所對應的一唯一性識別資料(例如,資料擁有者D1的身份證號、統一編號、或是資料來源系統150的運營單位提供給資料擁有者D1的一貸款文件的一文件編號)。In one embodiment, the aforementioned data to be verified is a housing price. In another embodiment, the aforementioned data to be verified is a loan amount. In another embodiment, the aforementioned data to be verified are a house price and a loan amount. In another embodiment, the aforementioned data to be verified is a unique password assigned to the data owner D1 by the operating unit of the data source system 150 . In another embodiment, the aforementioned data to be verified is a unique identification data corresponding to the data owner D1 (for example, the ID number of the data owner D1, the unified number, or the information provided by the operating unit of the data source system 150 a document number of a loan document for data owner D1).

在某些實施例中,顯示裝置115要求資料擁有者D1輸入的待驗證資料,可以只包含前述多個不同資料項目的其中之一。在另一些實施例中,顯示裝置115要求資料擁有者D1輸入的待驗證資料,可以同時包含前述多個不同資料項目中的複數個項目。In some embodiments, the data to be verified that the display device 115 requires the data owner D1 to input may only include one of the above-mentioned multiple different data items. In some other embodiments, the data to be verified required by the display device 115 to be input by the data owner D1 may simultaneously include multiple items among the aforementioned multiple different data items.

在實際應用中,資料擁有者D1可透過各種合適的輸入介面(圖中未繪示),將前述的相對低機敏性資料及待驗證資料輸入資料擁有者裝置110。在此情況下,資料擁有者裝置110的控制電路117可進行流程222,以透過相應的輸入介面接收目標使用者(例如,在本實施例中為資料擁有者D1)輸入的相對低機敏性資料及待驗證資料。In practical applications, the data owner D1 can input the aforementioned relatively low-sensitivity data and the data to be verified into the data owner device 110 through various suitable input interfaces (not shown in the figure). In this case, the control circuit 117 of the data owner device 110 can perform the process 222 to receive the relatively low-sensitivity data input by the target user (for example, the data owner D1 in this embodiment) through the corresponding input interface. and pending verification.

在流程224中,控制電路117可依據接收到的相對低機敏性資料,產生一相應的目標資料(target data)。在運作時,控制電路117可將接收到的相對低機敏性資料整理和/或編碼成合適的格式,以產生一相應的目標資料,以做為資料擁有者D1所發起的房貸缺額借貸案件的描述資料。In the process 224 , the control circuit 117 can generate a corresponding target data according to the received relatively low-sensitivity data. During operation, the control circuit 117 can organize and/or encode the received relatively low-sensitivity data into a suitable format, so as to generate a corresponding target data, as a basis for the mortgage default loan case initiated by the data owner D1 Descriptive information.

在某些實施例中,網頁伺服器167所提供資料填寫頁面,也可以額外要求資料擁有者D1輸入一些跟資料擁有者D1的個人資訊有關的相對高機敏性資料(data of relatively high-sensitivity),例如,姓名、職業、年齡、性別、收入水平、婚姻狀況、子女人數、和/或信用等級等資料。In some embodiments, the data filling page provided by the web server 167 may additionally require the data owner D1 to input some relatively high-sensitivity data (data of relatively high-sensitivity) related to the personal information of the data owner D1 , such as name, occupation, age, gender, income level, marital status, number of children, and/or credit rating.

在此情況下,資料擁有者D1可透過各種合適的輸入介面,將前述的相對低機敏性資料、待驗證資料、以及相對高機敏性資料,都輸入資料擁有者裝置110。在本實施例中,控制電路117於流程222中還可透過各種合適的輸入介面接收資料擁有者D1輸入的相對高機敏性資料。此外,控制電路117於流程224中還可將前述的相對高機敏性資料一併納入目標資料中。In this case, the data owner D1 can input the aforementioned relatively low-sensitivity data, data to be verified, and relatively high-sensitivity data into the data owner device 110 through various suitable input interfaces. In this embodiment, the control circuit 117 may also receive the relatively high-sensitivity data input by the data owner D1 through various suitable input interfaces in the process 222 . In addition, in the process 224 , the control circuit 117 may also include the aforementioned relatively high-sensitivity data into the target data.

由前述說明可知,控制電路117於流程224中所產生的目標資料,有可能僅包含對應於資料擁有者D1的相對低機敏性資料,也可能額外包含對應於資料擁有者D1的相對高機敏性資料。It can be seen from the foregoing description that the target data generated by the control circuit 117 in the process 224 may only include relatively low-sensitivity data corresponding to the data owner D1, or additionally include relatively high-sensitivity data corresponding to the data owner D1. material.

在流程226中,控制電路117可利用證明金鑰PK1依據接收到的待驗證資料產生一證明值PF1。實作上,控制電路117可執行由資料來源系統150(或是資料伺服器157)所預先提供的一證明值產生程式(或是根據資料伺服器157所預先設定的一證明值產生規則),以利用證明金鑰PK1依據接收到的待驗證資料產生一證明值PF1。在運作時,控制電路117可利用證明金鑰PK1對資料擁有者D1提供的一或多個待驗證資料,進行各種合適的零知識證明演算法(zero-knowledge proof algorithm)運算,以產生其他裝置無法解析出內容的一相應證明值PF1。在資料取用權限控管系統100中,只有區塊鏈系統180能夠利用相應的零知識證明智能合約SC-ZKP來驗證證明值PF1是否正確。In the process 226, the control circuit 117 can use the proof key PK1 to generate a proof value PF1 according to the received data to be verified. In practice, the control circuit 117 can execute a proof value generation program provided in advance by the data source system 150 (or the data server 157) (or a proof value generation rule preset according to the data server 157), A proof value PF1 is generated by using the proof key PK1 according to the received data to be verified. During operation, the control circuit 117 can use the proof key PK1 to perform various suitable zero-knowledge proof algorithms (zero-knowledge proof algorithm) operations on one or more data to be verified provided by the data owner D1 to generate other devices A corresponding proof value PF1 of the content cannot be parsed out. In the data access authority control system 100, only the blockchain system 180 can use the corresponding zero-knowledge proof smart contract SC-ZKP to verify whether the proof value PF1 is correct.

由前述說明可知,證明值PF1實質上是依據只有資料擁有者D1以及資料來源系統150的運營單位才知道正確資訊的一或多個約束項目來產生。如果資料擁有者D1輸入的待驗證資料都是正確的,那麼控制電路117所產生的證明值PF1,就能被用來證明資料擁有者D1的身分真實性。It can be seen from the foregoing description that the proof value PF1 is essentially generated based on one or more constraint items that only the data owner D1 and the operating unit of the data source system 150 know correct information. If the data to be verified input by the data owner D1 are all correct, then the proof value PF1 generated by the control circuit 117 can be used to prove the authenticity of the identity of the data owner D1.

如圖2所示,當資料擁有者D1要啟用資料取用權限控管系統100的資料權限控管服務時,可利用資料擁有者裝置110進行流程228。在此情況下,區塊鏈系統180會相應進行流程230。As shown in FIG. 2 , when the data owner D1 wants to enable the data access control service of the data access control system 100 , the data owner device 110 can be used to perform a process 228 . In this case, the blockchain system 180 will proceed to the process 230 accordingly.

在流程228中,資料擁有者裝置110的控制電路117會產生一授權服務啟用請求,並利用通信電路111或區塊鏈運算電路113傳送該授權服務啟用請求給區塊鏈系統180。In the process 228 , the control circuit 117 of the data owner device 110 generates an authorization service activation request, and transmits the authorization service activation request to the blockchain system 180 through the communication circuit 111 or the blockchain computing circuit 113 .

在流程230中,區塊鏈系統180會依據該授權服務啟用請求執行前述的訊標管理智能合約SC-TM,以產生與資料擁有者裝置110(或其對應的資料擁有者D1)相對應的一授權訊標(authorization token),並移轉(transfer)該授權訊標給資料擁有者裝置110。在一實施例中,訊標管理智能合約SC-TM還可對該授權訊標設置相應的一或多個有效性查核參數,例如,一適格使用時段(valid time-slots of use)、一有效期限(expiration period)、一適格地理區域(valid geographical region)、一適格擁有者(valid owner)、和/或一適格的來源網路位址(valid source network address)等等。In the process 230, the blockchain system 180 will execute the aforementioned beacon management smart contract SC-TM according to the authorization service activation request to generate a corresponding an authorization token, and transfer the authorization token to the data owner device 110 . In one embodiment, the token management smart contract SC-TM can also set one or more corresponding validity check parameters for the authorization token, for example, a valid time-slots of use, a valid Expiration period, a valid geographic region, a valid owner, and/or a valid source network address, etc.

此時,資料擁有者裝置110的通信電路111或區塊鏈運算電路113可進行圖3中的流程302,以獲取(acquire)由區塊鏈系統180移轉過來的授權訊標,使得資料擁有者裝置110成為該授權訊標的當前擁有者(current owner)。At this time, the communication circuit 111 or the block chain operation circuit 113 of the data owner device 110 can perform the process 302 in FIG. The owner device 110 becomes the current owner of the authorization token.

在流程304中,資料擁有者裝置110的控制電路117可在目標使用者(在本例中為資料擁有者D1)的操控下,將目標使用者同意的資料授權政策進行加密,以產生一相應的資料授權政策密文(encrypted data authorization policy)。例如,控制電路117可依據資料擁有者D1的操控,針對資料服務系統160設定相應的資料授權政策。前述的資料授權政策可包含授權對象(例如,在本例中為資料服務系統160的識別資料)、授權資料標的、授權內容、授權次數上限、授權時段、授權時限、資料所在地理區域、以及保管機敏性資料的資料來源系統150的識別資料(例如,資料來源系統150的運營者部署在區塊鏈系統180中的特定智能合約的位址)等多項參數中的局部或全部參數。In process 304, the control circuit 117 of the data owner device 110 can encrypt the data authorization policy agreed by the target user under the control of the target user (data owner D1 in this example) to generate a corresponding The encrypted data authorization policy. For example, the control circuit 117 can set a corresponding data authorization policy for the data service system 160 according to the control of the data owner D1. The aforementioned data authorization policy may include the authorized object (for example, in this example, the identification data of the data service system 160), the subject of the authorized data, the content of the authorization, the upper limit of the number of authorizations, the period of authorization, the time limit of the authorization, the geographical area where the data is located, and the storage Some or all of the multiple parameters such as the identification information of the data source system 150 (for example, the address of a specific smart contract deployed in the blockchain system 180 by the operator of the data source system 150 ) and other parameters of the sensitive data.

在某些實施例中,控制電路117還可針對其他的資料請求者設定各自對應的資料授權政策。在運作時,控制電路117可利用預定的加密金鑰對個別的資料授權政策進行加密,以產生一相應的資料授權政策密文。In some embodiments, the control circuit 117 can also set corresponding data authorization policies for other data requesters. During operation, the control circuit 117 can use a predetermined encryption key to encrypt individual data authorization policies to generate a corresponding data authorization policy ciphertext.

實作上,控制電路117在加密不同的資料授權政策時,可使用相同的加密金鑰,也可分別使用不同的加密金鑰。In practice, the control circuit 117 may use the same encryption key or use different encryption keys when encrypting different data authorization policies.

在流程306中,控制電路117可利用通信電路111或區塊鏈運算電路113,使用該授權訊標將所產生的一或多個資料授權政策密文傳送給區塊鏈系統180。另外,控制電路117還可在合適的時間點,利用通信電路111或區塊鏈運算電路113,將可用來解密該一或多個資料授權政策密文的一或多個目標金鑰,傳送給區塊鏈系統180或是資料服務系統160。In the process 306 , the control circuit 117 can utilize the communication circuit 111 or the blockchain operation circuit 113 to transmit the generated one or more data authorization policy ciphertexts to the blockchain system 180 by using the authorization token. In addition, the control circuit 117 can also use the communication circuit 111 or the block chain operation circuit 113 to transmit one or more target keys that can be used to decrypt the one or more data authorization policy ciphertexts to The blockchain system 180 or the data service system 160 .

在流程308中,區塊鏈系統180可將資料擁有者裝置110傳來的一或多個資料授權政策密文,記錄在前述的授權政策智能合約SC-PL中,以做為資料擁有者裝置110所對應的一當前資料授權政策(current data authorization policy)。In the process 308, the block chain system 180 can record one or more data authorization policy ciphertexts transmitted from the data owner device 110 in the aforementioned authorization policy smart contract SC-PL, as a data owner device 110 corresponds to a current data authorization policy (current data authorization policy).

由前述說明可知,由資料擁有者裝置110所產生、且包含資料授權政策的資料授權政策密文,會被記錄在區塊鏈系統180中。如此一來,只有具備正確解密金鑰、且有權存取區塊鏈系統180的裝置,才能從區塊鏈系統180中讀取並解密該資料授權政策密文。這樣的做法可大幅降低資料擁有者裝置110所設定的資料授權政策被惡意人士竊取或竄改的可能性。It can be seen from the foregoing description that the data authorization policy ciphertext generated by the data owner device 110 and including the data authorization policy will be recorded in the blockchain system 180 . In this way, only a device that has the correct decryption key and has the right to access the blockchain system 180 can read and decrypt the data authorization policy ciphertext from the blockchain system 180 . Such an approach can greatly reduce the possibility of the data authorization policy set by the data owner device 110 being stolen or tampered with by malicious persons.

在資料取用權限控管系統100中,其他資料擁有者裝置所對應的使用者(例如,對應於資料擁有者裝置120的資料擁有者D2),可比照前述方式使用相關的資料擁有者裝置,將針對資料服務系統160(或是針對資料服務系統160及其他的資料請求者)的資料授權政策進行加密,以產生一或多個相應的資料授權政策密文,並將產生的資料授權政策密文傳送到區塊鏈系統180,由區塊鏈系統180記錄在授權政策智能合約SC-PL中。In the data access authority control system 100, users corresponding to other data owner devices (for example, the data owner D2 corresponding to the data owner device 120) can use the relevant data owner device in the same manner as described above, Encrypt the data authorization policy for the data service system 160 (or for the data service system 160 and other data requesters) to generate one or more corresponding data authorization policy ciphertexts, and encrypt the generated data authorization policies The document is transmitted to the blockchain system 180, and is recorded in the authorization policy smart contract SC-PL by the blockchain system 180.

實作上,區塊鏈系統180可以只建立單一授權政策智能合約SC-PL,並將不同的資料擁有者所產生的多個資料授權政策密文,都記錄在同一授權政策智能合約SC-PL中。In practice, the blockchain system 180 can only establish a single authorization policy smart contract SC-PL, and record multiple data authorization policy ciphertexts generated by different data owners in the same authorization policy smart contract SC-PL middle.

或者,區塊鏈系統180也可以針對不同的資料擁有者分別建立不同的授權政策智能合約SC-PL。例如,區塊鏈系統180可針對資料擁有者D1建立一個專用的授權政策智能合約SC-PL,用以記錄資料擁有者D1所產生的一或多個資料授權政策密文,並為資料擁有者D2建立另一個不同的授權政策智能合約SC-PL,用以記錄資料擁有者D2所產生的一或多個資料授權政策密文。Alternatively, the blockchain system 180 can also establish different authorization policy smart contracts SC-PL for different data owners. For example, the blockchain system 180 can establish a dedicated authorization policy smart contract SC-PL for the data owner D1 to record one or more data authorization policy ciphertexts generated by the data owner D1, and provide D2 establishes another different authorization policy smart contract SC-PL to record one or more data authorization policy ciphertexts generated by the data owner D2.

在流程310中,資料擁有者裝置110的控制電路117可利用通信電路111,傳送前述的目標資料及證明值PF1給資料服務系統160。實作上,控制電路117可利用通信電路111將目標資料跟證明值PF1,同時傳送給資料服務系統160。或者,控制電路117也可利用通信電路111將目標資料跟證明值PF1,分別在不同的時間點傳送資料服務系統160。In the process 310 , the control circuit 117 of the data owner device 110 can use the communication circuit 111 to transmit the aforementioned target data and the proof value PF1 to the data service system 160 . In practice, the control circuit 117 can use the communication circuit 111 to transmit the target data and the proof value PF1 to the data service system 160 at the same time. Alternatively, the control circuit 117 can also use the communication circuit 111 to transmit the target data and the proof value PF1 to the data service system 160 at different time points.

此時,資料服務系統160的通信電路161可進行流程312,以接收資料擁有者裝置110傳來的目標資料及證明值PF1。網頁伺服器167可將通信電路161接收到的目標資料,儲存到資料庫165中。At this time, the communication circuit 161 of the data service system 160 can perform the process 312 to receive the target data and the proof value PF1 transmitted from the data owner device 110 . The web server 167 can store the target data received by the communication circuit 161 into the database 165 .

在某些實施例中,資料擁有者裝置110的控制電路117還可利用通信電路111,傳送對應於資料擁有者D1的驗證金鑰VK1的識別資料給資料服務系統160。在此情況下,資料服務系統160的通信電路161還可接收資料擁有者裝置110傳來的驗證金鑰VK1的識別資料。In some embodiments, the control circuit 117 of the data owner device 110 can also use the communication circuit 111 to transmit the identification data corresponding to the verification key VK1 of the data owner D1 to the data service system 160 . In this case, the communication circuit 161 of the data service system 160 can also receive the identification data of the verification key VK1 transmitted from the data owner device 110 .

實作上,控制電路117可利用通信電路111同時將目標資料及證明值PF1傳送給資料服務系統160。或者,控制電路117也可利用通信電路111將目標資料及證明值PF1,分別在不同的時間點傳送給資料服務系統160。In practice, the control circuit 117 can use the communication circuit 111 to simultaneously transmit the target data and the proof value PF1 to the data service system 160 . Alternatively, the control circuit 117 can also use the communication circuit 111 to transmit the target data and the proof value PF1 to the data service system 160 at different time points.

如圖3所示,在資料服務系統160接收到資料擁有者裝置110傳來的目標資料及證明值PF1之後,可搭配區塊鏈系統180對目標資料的全部或一部分內容的真實性進行驗證。As shown in FIG. 3 , after the data service system 160 receives the target data and the proof value PF1 from the data owner device 110 , it can cooperate with the blockchain system 180 to verify the authenticity of all or part of the content of the target data.

例如,在流程314中,網頁伺服器167可利用通信電路161或區塊鏈運算電路163,傳送資料擁有者裝置110產生的證明值PF1給區塊鏈系統180,並傳送一證明值核驗要求(proof verification request)給區塊鏈系統180,以要求區塊鏈系統180核驗證明值PF1。在某些實施例中,前述的證明值核驗要求可包含對應於資料擁有者裝置110的一識別資料、對應於資料擁有者D1的一識別資料、或是對應於資料擁有者D1的驗證金鑰VK1的一識別資料。For example, in the process 314, the web server 167 can use the communication circuit 161 or the block chain operation circuit 163 to transmit the proof value PF1 generated by the data owner device 110 to the block chain system 180, and send a proof value verification request ( proof verification request) to the blockchain system 180 to require the blockchain system 180 to verify the proof value PF1. In some embodiments, the aforementioned certification value verification request may include an identification data corresponding to the data owner device 110, an identification data corresponding to the data owner D1, or a verification key corresponding to the data owner D1 An identification data of VK1.

在流程316中,區塊鏈系統180可接收資料服務系統160傳來的證明值PF1,以及相關的證明值核驗要求。In the process 316, the blockchain system 180 can receive the proof value PF1 from the data service system 160, and the related proof value verification requirements.

在流程318中,區塊鏈系統180可執行相應的零知識證明智能合約SC-ZKP,來檢核證明值PF1的正確性。例如,區塊鏈系統180可依據資料伺服器157之前傳來的對應於資料擁有者裝置110的識別資料、對應於資料擁有者D1的驗證金鑰VK1的識別資料、和/或對應於資料擁有者D1的一識別資料,來找出相應的零知識證明智能合約SC-ZKP。又例如,區塊鏈系統180可從證明值核驗要求中擷取出對應於資料擁有者裝置110的一識別資料、對應於資料擁有者D1的一識別資料、或是對應於資料擁有者D1的驗證金鑰VK1的一識別資料,並依據擷取出來的識別資料找出相應的零知識證明智能合約SC-ZKP。接著,區塊鏈系統180可執行零知識證明智能合約SC-ZKP,以根據前述的識別資料找出相應的驗證金鑰VK1,並利用驗證金鑰VK1對證明值PF1進行一合適的零知識證明驗證演算法(zero-knowledge proof verification algorithm)運算,以判斷證明值PF1是否滿足前述的第一預定驗證規則,藉此檢核證明值PF1的正確性。In the process 318, the blockchain system 180 can execute the corresponding zero-knowledge proof smart contract SC-ZKP to check the correctness of the proof value PF1. For example, the block chain system 180 can be based on the identification data corresponding to the data owner's device 110 sent by the data server 157, the identification data corresponding to the verification key VK1 of the data owner D1, and/or the identification data corresponding to the data owner's device 110. An identification data of the user D1 to find out the corresponding zero-knowledge proof smart contract SC-ZKP. For another example, the blockchain system 180 can extract an identification data corresponding to the data owner device 110, an identification data corresponding to the data owner D1, or a verification corresponding to the data owner D1 from the certification value verification request. An identification data of the key VK1, and find out the corresponding zero-knowledge proof smart contract SC-ZKP according to the extracted identification data. Next, the blockchain system 180 can execute the zero-knowledge proof smart contract SC-ZKP to find out the corresponding verification key VK1 according to the aforementioned identification information, and use the verification key VK1 to perform a suitable zero-knowledge proof on the proof value PF1 The verification algorithm (zero-knowledge proof verification algorithm) operates to determine whether the proof value PF1 satisfies the aforementioned first predetermined verification rule, thereby checking the correctness of the proof value PF1.

由前述說明可知,證明值PF1實質上是依據只有資料擁有者D1以及資料來源系統150的運營單位才知道正確資訊的一或多個約束項目來產生。因此,區塊鏈系統180可執行零知識證明智能合約SC-ZKP,利用驗證金鑰VK1對證明值PF1進行合適的零知識證明驗證演算法,以判斷證明值PF1是否滿足前述的第一預定驗證規則中的所有約束項目。It can be seen from the foregoing description that the proof value PF1 is essentially generated based on one or more constraint items that only the data owner D1 and the operating unit of the data source system 150 know correct information. Therefore, the blockchain system 180 can execute the zero-knowledge proof smart contract SC-ZKP, and use the verification key VK1 to perform an appropriate zero-knowledge proof verification algorithm on the proof value PF1 to determine whether the proof value PF1 satisfies the aforementioned first predetermined verification All constraint items in the rule.

倘若資料擁有者D1提供給資料擁有者裝置110的所有待驗證資料都是正確的,那麼零知識證明智能合約SC-ZKP所執行的零知識證明驗證演算法,就能得出代表證明值PF1滿足前述的第一預定驗證規則中的所有約束項目的驗證結果。在此情況下,區塊鏈系統180就能在不解析出證明值PF1內容的情況下,判定證明值PF1正確。If all the data to be verified provided by the data owner D1 to the data owner device 110 are correct, then the zero-knowledge proof verification algorithm executed by the zero-knowledge proof smart contract SC-ZKP can obtain a representative proof value PF1 that satisfies Verification results of all constraint items in the aforementioned first predetermined verification rule. In this case, the blockchain system 180 can determine that the proof value PF1 is correct without analyzing the content of the proof value PF1.

反之,倘若資料擁有者裝置110的控制電路117產生證明值PF1時所依據的待驗證資料有錯誤,那麼零知識證明智能合約SC-ZKP所執行的零知識證明驗證演算法,就能得出代表證明值PF1無法滿足前述的第一預定驗證規則中的所有約束項目的驗證結果。在此情況下,區塊鏈系統180就能在不解析出證明值PF1內容的情況下,判定證明值PF1不正確。On the contrary, if the control circuit 117 of the data owner device 110 generates the proof value PF1 based on the data to be verified is wrong, then the zero-knowledge proof verification algorithm executed by the zero-knowledge proof smart contract SC-ZKP can obtain a representative The proof value PF1 cannot satisfy the verification results of all constraint items in the aforementioned first predetermined verification rule. In this case, the blockchain system 180 can determine that the proof value PF1 is incorrect without analyzing the content of the proof value PF1.

如圖3所示,倘若區塊鏈系統180判定證明值PF1不正確,則可進行流程320。反之,倘若區塊鏈系統180判定證明值PF1正確,則可進行流程322。As shown in FIG. 3 , if the blockchain system 180 determines that the proof value PF1 is incorrect, the process 320 can be performed. On the contrary, if the blockchain system 180 determines that the proof value PF1 is correct, the process 322 can be performed.

在流程320中,區塊鏈系統180可傳送一證明值錯誤通知(proof-failed notification)給資料服務系統160。In the process 320 , the blockchain system 180 may send a proof-failed notification to the data service system 160 .

在流程322中,區塊鏈系統180可傳送一核驗成功通知(verification success notification)給資料服務系統160。In the process 322 , the blockchain system 180 may send a verification success notification to the data service system 160 .

在流程324中,資料服務系統160的網頁伺服器167可透過通信電路161或區塊鏈運算電路163,接收區塊鏈系統180傳來的證明值錯誤通知。In the process 324 , the web server 167 of the data service system 160 can receive the proof value error notification from the blockchain system 180 through the communication circuit 161 or the blockchain computing circuit 163 .

在流程326中,網頁伺服器167可透過通信電路161通知資料擁有者裝置110,以便資料擁有者D1能夠得知其提供的待驗證資料沒有通過零知識證明機制的檢核。In the process 326, the web server 167 can notify the data owner device 110 through the communication circuit 161, so that the data owner D1 can know that the data to be verified provided by it has not passed the check of the zero-knowledge proof mechanism.

在流程328中,網頁伺服器167可透過通信電路161或區塊鏈運算電路163,接收區塊鏈系統180傳來的核驗成功通知。當網頁伺服器167收到核驗成功通知時,代表資料擁有者裝置110產生的證明值PF1,通過了區塊鏈系統180所採用的零知識證明(ZKP)機制的驗證。因此,網頁伺服器167可依據區塊鏈系統180的驗證結果,判定建立目標資料的資料擁有者D1的身份真實性通過驗證(亦即,代表資料擁有者D1是真的有向資料來源系統150的運營單位申請房貸的人),並可據此進一步判定目標資料中的借款總額是有事實基礎支撐的資訊。In the process 328 , the web server 167 can receive the verification success notification from the blockchain system 180 through the communication circuit 161 or the blockchain computing circuit 163 . When the web server 167 receives the verification success notification, it means that the proof value PF1 generated by the data owner device 110 has passed the verification of the zero-knowledge proof (ZKP) mechanism adopted by the blockchain system 180 . Therefore, the web server 167 can determine that the authenticity of the identity of the data owner D1 who created the target data has passed the verification based on the verification result of the blockchain system 180 (that is, it means that the data owner D1 is really directed to the data source system 150 The person who applied for a housing loan from the operating unit of the target company), and based on this, it can be further judged that the total loan amount in the target data is information supported by facts.

在此情況下,網頁伺服器167可進行流程330,以標記(mark)目標資料。例如,網頁伺服器167可賦予目標資料一個可供識別的符號、圖案、註記文字、標籤、或醒目標示,以做為目標資料的標記。在實際應用中,網頁伺服器167可在顯示目標資料時,同時顯示前述的標記,以讓瀏覽目標資料的人,得以知悉目標資料的全部或一部分資料的真實性通過了認證。In this case, the web server 167 can perform the process 330 to mark the target data. For example, the web server 167 may assign an identifiable symbol, pattern, annotation, label, or eye-catching mark to the target data as a mark of the target data. In practical applications, the web server 167 may display the above-mentioned mark at the same time when displaying the target data, so that people who browse the target data can know that the authenticity of all or part of the target data has passed the authentication.

又例如,網頁伺服器167可將目標資料分配(assign)到一個特定的資料類別中,以藉此讓瀏覽目標資料的人,得以知悉目標資料的全部或一部分資料的真實性通過了區塊鏈系統180的認證。For another example, the web server 167 can assign the target data to a specific data category, so that people who browse the target data can know the authenticity of all or part of the target data passed through the blockchain. Authentication of the system 180 .

在某些實施例中,網頁伺服器167也可以等接收到區塊鏈系統180傳來的核驗成功通知之後,才將資料擁有者裝置110傳來的目標資料儲存到資料庫165中。在此情況下,可將前述的流程330省略。In some embodiments, the web server 167 may also store the target data sent by the data owner device 110 into the database 165 after receiving the verification success notification from the blockchain system 180 . In this case, the aforementioned process 330 can be omitted.

如前所述,在某些實施例中,前述的第一預定驗證規則也可能包含限定一房屋價格減去一核貸金額後的差額會等於一預定缺額的約束項目。在此情況下,網頁伺服器167在流程314中傳送給區塊鏈系統180的證明值核驗要求,還可包含目標資料中的借款總額。另一方面,當區塊鏈系統180在前述的流程318中執行零知識證明智能合約SC-ZKP時,零知識證明智能合約SC-ZKP還可將網頁伺服器167傳來的借款總額設置成前述約束項目中的預定缺額,並利用驗證金鑰VK1對證明值PF1進行一合適的零知識證明驗證演算法運算,以判斷證明值PF1是否滿足第一預定驗證規則中的所有約束項目。As mentioned above, in some embodiments, the aforementioned first predetermined verification rule may also include a constraint item that the difference between a house price minus a loan amount will be equal to a predetermined shortfall. In this case, the proof value verification request sent by the web server 167 to the blockchain system 180 in the process 314 may also include the total loan amount in the target data. On the other hand, when the blockchain system 180 executes the zero-knowledge proof smart contract SC-ZKP in the aforementioned process 318, the zero-knowledge proof smart contract SC-ZKP can also set the total amount of loans transmitted from the web server 167 to the aforementioned Constrain the predetermined gap in the items, and use the verification key VK1 to perform a suitable zero-knowledge proof verification algorithm operation on the proof value PF1 to determine whether the proof value PF1 satisfies all the constraint items in the first predetermined verification rule.

由前述說明可知,倘若資料擁有者D1所提供的所有待驗證資料都是正確的,那麼零知識證明智能合約SC-ZKP所執行的零知識證明驗證演算法,就能得出代表證明值PF1滿足前述的第一預定驗證規則中的所有約束項目的驗證結果。如此一來,區塊鏈系統180就能在不解析出證明值PF1內容的情況下,判定證明值PF1正確。As can be seen from the above description, if all the data to be verified provided by the data owner D1 are correct, then the zero-knowledge proof verification algorithm executed by the zero-knowledge proof smart contract SC-ZKP can obtain a representative proof value PF1 that satisfies Verification results of all constraint items in the aforementioned first predetermined verification rule. In this way, the blockchain system 180 can determine that the proof value PF1 is correct without analyzing the content of the proof value PF1.

在此情況下,網頁伺服器167便可依據區塊鏈系統180的驗證結果,更加確認資料擁有者D1所建立的目標資料中的借款總額的正確性。In this case, the web server 167 can further confirm the correctness of the loan amount in the target data created by the data owner D1 according to the verification result of the blockchain system 180 .

由前述說明可知,當資料擁有者D1遇到房貸缺額的問題時,可操控資料擁有者裝置110登入資料服務系統160以建立一房貸缺額借貸案件的描述資料(亦即,前述的目標資料),藉此發起一房貸缺額借貸活動。資料服務系統160收到資料擁有者裝置110傳來的目標資料後,可請求區塊鏈系統180核驗由資料擁有者裝置110所產生、且與目標資料對應的證明值PF1,以藉此驗證目標資料的真實性。It can be seen from the foregoing description that when the data owner D1 encounters a problem of a mortgage shortfall, the data owner device 110 can be manipulated to log into the data service system 160 to create a descriptive data (that is, the aforementioned target data) of a mortgage shortfall loan case. Initiate a housing loan gap loan activity. After the data service system 160 receives the target data from the data owner's device 110, it can request the blockchain system 180 to verify the proof value PF1 generated by the data owner's device 110 and corresponding to the target data, so as to verify the target Authenticity of information.

區塊鏈系統180可執行資料來源系統150所部署的零知識證明智能合約SC-ZKP,以利用零知識證明(ZKP)機制來檢核證明值PF1的正確性。資料服務系統160則可根據區塊鏈系統180對於證明值PF1的核驗結果,來驗證目標資料的全部或一部分內容的真實性。The blockchain system 180 can execute the zero-knowledge proof smart contract SC-ZKP deployed by the data source system 150 to check the correctness of the proof value PF1 by using a zero-knowledge proof (ZKP) mechanism. The data service system 160 can verify the authenticity of all or part of the content of the target data according to the verification result of the proof value PF1 by the blockchain system 180 .

在區塊鏈系統180執行零知識證明智能合約SC-ZKP以檢核證明值PF1的運作過程中,資料服務系統160並不需要提供跟資料擁有者D1有關的過多資訊(例如,房屋價格及核貸金額)給區塊鏈系統180。這樣的方式可將區塊鏈系統180檢核證明值PF1所需的資訊量降到最低,以大幅減少資料擁有者D1的相關資料被外洩的可能性。During the operation of the blockchain system 180 executing the zero-knowledge proof smart contract SC-ZKP to check the proof value PF1, the data service system 160 does not need to provide too much information related to the data owner D1 (for example, house price and verification value). loan amount) to the blockchain system 180. Such a method can minimize the amount of information required by the blockchain system 180 to verify the proof value PF1, so as to greatly reduce the possibility of leakage of relevant data of the data owner D1.

另外,在區塊鏈系統180執行零知識證明智能合約SC-ZKP以檢核證明值PF1的運作過程中,區塊鏈系統180不需要與資料擁有者裝置110或資料來源系統150進行互動,所以不會增加資料擁有者裝置110及資料來源系統150的運作負擔。這樣的方式也能有效減少資料擁有者D1或資料來源系統150的運營單位的涉入程度,進而降低資料擁有者D1或資料來源系統150的運營單位外洩敏感資料的風險。In addition, during the operation of the blockchain system 180 executing the zero-knowledge proof smart contract SC-ZKP to check the proof value PF1, the blockchain system 180 does not need to interact with the data owner device 110 or the data source system 150, so The operation burden of the data owner device 110 and the data source system 150 will not be increased. Such a method can also effectively reduce the degree of involvement of the data owner D1 or the operating unit of the data source system 150 , thereby reducing the risk of leakage of sensitive data by the data owner D1 or the operating unit of the data source system 150 .

另一方面,當投資方(或稱為放款方)想知道資料服務系統160上是否有任何借款方所發起的房貸缺額借貸活動時,可操控相應的資料請求者裝置登入資料服務系統160。為方便說明起見,以下假設前述的投資方是資料請求者裝置130所對應的資料請求者R1。On the other hand, when the investor (or called the lender) wants to know whether there is any mortgage shortfall loan activity initiated by the borrower on the data service system 160 , he can control the corresponding data requester's device to log into the data service system 160 . For convenience of description, it is assumed below that the aforementioned investor is the data requester R1 corresponding to the data requester device 130 .

當資料請求者R1想知道資料服務系統160上是否有任何借款方所發起的房貸缺額借貸活動時,可操控相應的資料請求者裝置130登入資料服務系統160。When the data requester R1 wants to know whether there is any shortfall mortgage loan activity initiated by any borrower on the data service system 160 , the corresponding data requester device 130 can be controlled to log into the data service system 160 .

在此情況下,資料請求者裝置130的控制電路135可進行圖4中的流程402,以利用通信電路131傳送一資料瀏覽請求(data browsing request)給資料服務系統160。In this case, the control circuit 135 of the data requester device 130 can perform the process 402 in FIG. 4 to send a data browsing request to the data service system 160 through the communication circuit 131 .

此時,資料服務系統160的網頁伺服器167可進行流程404,以透過通信電路161接收資料請求者裝置130傳來的資料瀏覽請求。At this time, the web server 167 of the data service system 160 can perform the process 404 to receive the data browsing request from the data requester device 130 through the communication circuit 161 .

在流程406中,網頁伺服器167可利用通信電路161傳送包含由資料擁有者D1所建立的前述目標資料在內的一或多個候選資料給資料請求者裝置130。In the process 406 , the web server 167 may use the communication circuit 161 to transmit one or more candidate data including the aforementioned target data created by the data owner D1 to the data requester device 130 .

在流程408中,控制電路135可透過通信電路131接收資料服務系統160傳來的候選資料,並可控制顯示裝置133顯示候選資料。資料請求者R1可以閱覽候選資料的內容,以評估當中是否有值得進一步研究的標的案件。由前述說明可知,資料服務系統160傳給資料請求者裝置130的候選資料中的目標資料,是資料擁有者D1所建立的房貸缺額借貸案件的描述資料。In the process 408, the control circuit 135 can receive the candidate data from the data service system 160 through the communication circuit 131, and can control the display device 133 to display the candidate data. The data requester R1 can browse the content of the candidate data to evaluate whether there is a target case worthy of further research. It can be seen from the foregoing description that the target data among the candidate data sent by the data service system 160 to the data requester device 130 is the descriptive data of the mortgage shortfall loan case created by the data owner D1.

一般情況下,投資方可能需要研究關於標的案件的某些更進一步的資訊或文件,才能決定是否要借款給標的案件所對應的借款方。例如,前述儲存在資料來源系統150的資料庫155中,與個別貸款申請人有關的機敏性資料(例如,信用評估報告、鑑價報告、和/或貸款合約文件/貸款合約草案文件等),就可能是值得投資方在評估相關房貸缺額借貸案件時進一步閱覽與研究的輔助資料。In general, investors may need to study some further information or documents about the target case before deciding whether to lend money to the borrower corresponding to the target case. For example, the aforesaid stored in the database 155 of the data source system 150, sensitive data related to individual loan applicants (for example, credit evaluation reports, appraisal reports, and/or loan contract documents/loan contract draft documents, etc.), It may be an auxiliary material worthy of further reading and research by investors when evaluating relevant housing loan shortfall loan cases.

為了方便說明,以下假設資料請求者R1對於目標資料所對應的房貸缺額借貸案件感到興趣,因此想要取得儲存在資料來源系統150中、與目標資料對應的特定機敏性資料(例如,與資料擁有者D1有關的信用評估報告、鑑價報告、和/或貸款合約文件/貸款合約草案文件)來做進一步閱覽與研究。For the convenience of explanation, it is assumed that the data requester R1 is interested in the shortfall mortgage loan case corresponding to the target data, and thus wants to obtain the specific sensitive data corresponding to the target data stored in the data source system 150 (for example, related to the data owned by the data) Credit evaluation report, appraisal report, and/or loan contract document/loan contract draft document related to or D1) for further reading and research.

在此情況下,資料請求者R1可透過各種合適的輸入介面(圖中未繪示),對資料請求者裝置130下達與目標資料相應的選擇指令。此時,資料請求者裝置130的控制電路135可進行流程410,以產生對應於目標資料的一機敏性資料請求。前述的機敏性資料請求可用來請求與目標資料所對應的房貸缺額借貸案件的某些特定機敏性資料(例如,與資料擁有者D1有關的信用評估報告、鑑價報告、和/或貸款合約文件/貸款合約草案文件)。In this case, the data requester R1 can issue a selection command corresponding to the target data to the data requester device 130 through various suitable input interfaces (not shown in the figure). At this time, the control circuit 135 of the data requester device 130 can perform the process 410 to generate a sensitive data request corresponding to the target data. The aforementioned sensitive information request can be used to request certain specific sensitive information (for example, credit evaluation report, appraisal report, and/or loan contract documents related to the data owner D1) corresponding to the target information. /loan contract draft document).

在流程412中,控制電路135可利用通信電路131傳送該機敏性資料請求給資料服務系統160。In the process 412 , the control circuit 135 can use the communication circuit 131 to transmit the alert data request to the data service system 160 .

在流程414中,網頁伺服器167可透過通信電路161接收資料請求者裝置130傳來的機敏性資料請求。In the process 414 , the web server 167 may receive the sensitive data request from the data requester device 130 through the communication circuit 161 .

在本實施例中,網頁伺服器167在接收到資料請求者裝置130傳來的機敏性資料請求之後,並不會立刻提供相應的機敏性資料給資料請求者裝置130,而是會進一步檢核資料請求者裝置130是否有相應的資料取用資格。因此,網頁伺服器167在接收到資料請求者裝置130傳來的機敏性資料請求之後,可進行流程416。In this embodiment, after the web server 167 receives the sensitive data request from the data requester device 130, it will not immediately provide the corresponding smart data to the data requester device 130, but will further check Whether the data requester device 130 has the corresponding data access qualification. Therefore, after the web server 167 receives the sensitive data request from the data requester device 130 , the process 416 can be performed.

在流程416中,網頁伺服器167可產生對應於目標請求者(例如,在本例中為資料請求者R1)及前述的機敏性資料請求的一資料取用請求(data read request),並可利用通信電路161或區塊鏈運算電路163,傳送資料取用請求給對應於與資料擁有者D1的資料擁有者裝置110。In the process 416, the web server 167 may generate a data access request (data read request) corresponding to the target requester (for example, in this example, the data requester R1) and the aforementioned sensitive data request, and may Using the communication circuit 161 or the block chain operation circuit 163, the data access request is sent to the data owner device 110 corresponding to the data owner D1.

在流程418中,資料擁有者裝置110的控制電路117可透過通信電路111或區塊鏈運算電路113,接收資料服務系統160傳來的資料取用請求。In the process 418 , the control circuit 117 of the data owner device 110 can receive the data access request from the data service system 160 through the communication circuit 111 or the blockchain computing circuit 113 .

在流程420中,控制電路117可透過合適的機制詢問目標使用者(例如,在本例中為資料擁有者D1)是否接受資料服務系統160傳來的資料取用請求。In the process 420 , the control circuit 117 may ask the target user (for example, the data owner D1 in this example) whether to accept the data access request from the data service system 160 through a suitable mechanism.

例如,控制電路117可控制顯示裝置115顯示包含有資料取用請求的相關信息的一詢問畫面,以詢問資料擁有者D1是否接受資料取用請求。又例如,控制電路117可控制資料擁有者裝置110中的聲音產生電路(圖中未繪示)產生一相關的語音提示信息,以詢問資料擁有者D1是否接受資料取用請求。For example, the control circuit 117 can control the display device 115 to display an inquiry screen including relevant information of the data access request, so as to ask the data owner D1 whether to accept the data access request. For another example, the control circuit 117 can control the sound generating circuit (not shown in the figure) in the data owner device 110 to generate a related voice prompt message to ask the data owner D1 whether to accept the data access request.

倘若資料擁有者D1拒絕資料服務系統160傳來的資料取用請求,則資料擁有者裝置110可進行流程422。反之,倘若資料擁有者D1接受資料服務系統160傳來的資料取用請求,則資料擁有者裝置110可進行流程424。If the data owner D1 rejects the data access request from the data service system 160 , the data owner device 110 may proceed to the process 422 . On the contrary, if the data owner D1 accepts the data access request from the data service system 160 , the data owner device 110 can proceed to the process 424 .

在流程422中,控制電路117可利用通信電路111或區塊鏈運算電路113,傳送一拒絕通知給資料服務系統160。In the process 422 , the control circuit 117 can use the communication circuit 111 or the blockchain computing circuit 113 to send a rejection notification to the data service system 160 .

在流程424中,控制電路117可利用通信電路111或區塊鏈運算電路113,傳送資料擁有者裝置110所對應的授權訊標的一識別資料(以下稱之為授權訊標識別資料,authorization token identification data)給資料服務系統160。In the process 424, the control circuit 117 can use the communication circuit 111 or the block chain operation circuit 113 to transmit an identification data of the authorization token corresponding to the data owner device 110 (hereinafter referred to as the authorization token identification data, authorization token identification data) to the data service system 160.

在流程426中,網頁伺服器167可透過通信電路161或區塊鏈運算電路163,接收資料擁有者裝置110傳來的拒絕通知,並利用通信電路161傳送一相應的拒絕訊息給資料請求者裝置130。In the process 426, the web server 167 can receive the rejection notification from the data owner device 110 through the communication circuit 161 or the block chain operation circuit 163, and use the communication circuit 161 to send a corresponding rejection message to the data requester device 130.

在流程428中,控制電路135可透過通信電路131接收資料服務系統160傳來的拒絕訊息,並可控制顯示裝置133顯示該拒絕訊息,以供資料請求者R1得知相關信息。In the process 428, the control circuit 135 can receive the rejection message from the data service system 160 through the communication circuit 131, and can control the display device 133 to display the rejection message for the data requester R1 to know the relevant information.

在流程430中,網頁伺服器167可透過通信電路161或區塊鏈運算電路163,接收資料擁有者裝置110傳來的授權訊標識別資料。In the process 430 , the web server 167 can receive the authorization beacon identification data transmitted from the data owner's device 110 through the communication circuit 161 or the blockchain computing circuit 163 .

由前述說明可知,當網頁伺服器167接收到資料擁有者裝置110傳來的授權訊標識別資料時,代表資料擁有者D1接受資料服務系統160產生的資料取用請求。因此,網頁伺服器167可進行流程432,以產生包含資料擁有者裝置110所對應的授權訊標識別資料的一取用訊標請求(read token request),並可利用通信電路161或區塊鏈運算電路163傳送該取用訊標請求給區塊鏈系統180。前述的取用訊標請求,是用來要求區塊鏈系統180提供與目標資料有關的特定機敏性資料相對應的取用訊標(read token)。It can be seen from the foregoing description that when the web server 167 receives the authorization beacon identification data transmitted from the data owner device 110 , it represents the data owner D1 accepting the data access request generated by the data service system 160 . Therefore, the web server 167 can perform the process 432 to generate a read token request (read token request) including the authorization token identification data corresponding to the data owner device 110, and can utilize the communication circuit 161 or the block chain The computing circuit 163 transmits the access beacon request to the blockchain system 180 . The aforementioned access token request is used to request the blockchain system 180 to provide an access token (read token) corresponding to specific sensitive data related to the target data.

在此情況下,區塊鏈系統180可進行圖5中的流程502,以接收資料服務系統160傳來的取用訊標請求。請注意,區塊鏈系統180在收到資料服務系統160傳來的取用訊標請求之後,並不會立刻提供相應的取用訊標給資料服務系統160,而是會進一步檢核資料服務系統160是否有相應的資料取用權限。In this case, the block chain system 180 can perform the process 502 in FIG. 5 to receive the beacon access request from the data service system 160 . Please note that after receiving the access beacon request from the data service system 160, the blockchain system 180 will not immediately provide the corresponding access beacon to the data service system 160, but will further check the data service Whether the system 160 has corresponding data access authority.

在流程504中,區塊鏈系統180可執行授權政策智能合約SC-PL,以檢核取用訊標請求是否符合預定授權政策。運作時,區塊鏈系統180可依據該取用訊標請求取得一相應的授權訊標識別資料。由於只有資料擁有者裝置110才有權使用該授權訊標識別資料所對應的授權訊標,所以區塊鏈系統180可根據該授權訊標識別資料,從授權政策智能合約SC-PL中找到由資料擁有者裝置110所產生的資料授權政策密文。In the process 504, the blockchain system 180 can execute the authorization policy smart contract SC-PL to check whether the request for obtaining the beacon conforms to the predetermined authorization policy. During operation, the blockchain system 180 can obtain a corresponding authorization token identification data according to the access token request. Since only the data owner device 110 has the right to use the authorization beacon corresponding to the authorization beacon identification data, the blockchain system 180 can find out the authorization policy smart contract SC-PL based on the authorization beacon identification data. The data authorization policy ciphertext generated by the data owner device 110 .

區塊鏈系統180可利用前述的目標金鑰對資料授權政策密文進行解密,以獲取解密後的資料授權政策。接著,區塊鏈系統180可根據解密後的資料授權政策的內容,判斷取用訊標請求是否符合資料擁有者D1所設定的資料授權政策的規定。The blockchain system 180 can use the aforementioned target key to decrypt the ciphertext of the data authorization policy to obtain the decrypted data authorization policy. Next, the block chain system 180 can judge whether the access beacon request complies with the data authorization policy set by the data owner D1 according to the content of the decrypted data authorization policy.

倘若資料服務系統160不屬於解密後的資料授權政策所同意的授權對象、或是取用訊標請求所對應的特定機敏性資料不屬於授權資料標的,則區塊鏈系統180可判定取用訊標請求不符合資料擁有者D1所設定的資料授權政策。在此情況下,區塊鏈系統180可進行流程506。If the data service system 160 does not belong to the authorized object agreed by the decrypted data authorization policy, or the specific sensitive data corresponding to the access signal request does not belong to the authorized data object, the blockchain system 180 can determine that the access signal The mark request does not comply with the data authorization policy set by the data owner D1. In this case, the blockchain system 180 can proceed to process 506 .

反之,倘若資料服務系統160屬於解密後的資料授權政策所同意的授權對象、且取用訊標請求所對應的特定機敏性資料屬於授權資料標的,則區塊鏈系統180可判定取用訊標請求符合資料擁有者D1所設定的資料授權政策。在此情況下,區塊鏈系統180可進行流程510。Conversely, if the data service system 160 belongs to the authorized object agreed by the decrypted data authorization policy, and the specific sensitive data corresponding to the access beacon request belongs to the authorized data object, then the block chain system 180 can determine that the access beacon The request complies with the data authorization policy set by the data owner D1. In this case, the blockchain system 180 can proceed to process 510 .

在流程506中,區塊鏈系統180可產生及傳送一不適格通知給資料服務系統160。此時,網頁伺服器167可進行流程508,以透過通信電路161或區塊鏈運算電路163接收區塊鏈系統180傳來的不適格通知,並據此拒絕資料請求者裝置130提出的機敏性資料請求。In the process 506 , the blockchain system 180 can generate and send an ineligibility notification to the data service system 160 . At this time, the web server 167 can perform the process 508 to receive the ineligibility notification from the blockchain system 180 through the communication circuit 161 or the blockchain computing circuit 163, and accordingly reject the alertness proposed by the data requester device 130. Data request.

在流程510中,區塊鏈系統180可執行訊標管理智能合約SC-TM,以檢核授權訊標識別資料所對應的一授權訊標的有效性。例如,訊標管理智能合約SC-TM可檢核該授權訊標的相關參數,是否與訊標管理智能合約SC-TM先前在流程230中所設置的有效性查核參數相符。In the process 510, the blockchain system 180 can execute the token management smart contract SC-TM to check the validity of an authorization token corresponding to the authorization token identification data. For example, the beacon management smart contract SC-TM can check whether the relevant parameters of the authorized beacon are consistent with the validity checking parameters previously set by the beacon management smart contract SC-TM in the process 230 .

在一實施例中,訊標管理智能合約SC-TM可以在該授權訊標的局部參數不符合前述流程230中所設置的有效性查核參數的情況下,便將該授權訊標判定為無效(inactive)訊標。在另一實施例中,訊標管理智能合約SC-TM會在該授權訊標的全部參數都不符合前述流程230中所設置的有效性查核參數的情況下,才將該授權訊標判定為無效,否則便會將該授權訊標判定為有效(active)訊標。In one embodiment, the token management smart contract SC-TM can determine the authorization token as invalid (inactive) when the local parameters of the authorization token do not meet the validity check parameters set in the aforementioned process 230 ) beacon. In another embodiment, the token management smart contract SC-TM will judge the authorization token as invalid only when all the parameters of the authorization token do not meet the validity check parameters set in the aforementioned process 230 , otherwise the authorized beacon will be determined as an active beacon.

倘若訊標管理智能合約SC-TM判定該授權訊標為無效訊標,則訊標管理智能合約SC-TM會進行流程512。反之,倘若訊標管理智能合約SC-TM判定該授權訊標為有效訊標,則訊標管理智能合約SC-TM會進行流程518。If the token management smart contract SC-TM determines that the authorization token is an invalid token, the token management smart contract SC-TM will proceed to process 512 . On the contrary, if the token management smart contract SC-TM determines that the authorization token is a valid token, the token management smart contract SC-TM will proceed to the process 518 .

在流程512中,訊標管理智能合約SC-TM可產生及傳送一授權訊標無效通知給資料服務系統160。此時,網頁伺服器167可進行流程514,以透過通信電路161或區塊鏈運算電路163接收該授權訊標無效通知。在此情況下,網頁伺服器167可進行流程516,以拒絕資料請求者裝置130提出的機敏性資料請求。In the process 512 , the token management smart contract SC-TM can generate and send an authorization token invalidation notification to the data service system 160 . At this time, the web server 167 can perform the process 514 to receive the authorization token invalidation notification through the communication circuit 161 or the block chain operation circuit 163 . In this case, the web server 167 may perform the process 516 to reject the sensitive data request from the data requester device 130 .

在流程518中,訊標管理智能合約SC-TM可產生及移轉與該授權訊標相應的一取用訊標(read token)給資料服務系統160。在運作時,訊標管理智能合約SC-TM可為該取用訊標設定一相應的有效期限,例如,5天、10天、1個星期、2個星期、1個月等等。訊標管理智能合約SC-TM為該取用訊標所設定的有效期限,會等於或短於該授權訊標的有效期限。實作上,訊標管理智能合約SC-TM可在取用訊標與該授權訊標之間建立適當的資料關聯性、或是有效性關聯性,並可在該授權訊標失效時,連帶註銷(deactivate)該取用訊標。In the process 518 , the token management smart contract SC-TM can generate and transfer a read token corresponding to the authorization token to the data service system 160 . During operation, the beacon management smart contract SC-TM can set a corresponding expiry date for the access token, for example, 5 days, 10 days, 1 week, 2 weeks, 1 month and so on. The validity period set by the token management smart contract SC-TM for the access token will be equal to or shorter than the validity period of the authorization token. In practice, the token management smart contract SC-TM can establish an appropriate data association or validity association between the access token and the authorization token, and can jointly and jointly Deactivate the Access Beacon.

在流程520中,網頁伺服器167可透過通信電路161或區塊鏈運算電路163,獲取由區塊鏈系統180移轉過來的取用訊標。In the process 520 , the web server 167 can obtain the access token transferred from the blockchain system 180 through the communication circuit 161 or the blockchain computing circuit 163 .

在流程522中,網頁伺服器167可利用通信電路161或區塊鏈運算電路163,傳送一機敏性資料請求給資料來源系統150,並移轉該取用訊標給資料來源系統150。前述的機敏性資料請求可用來請求與目標資料所對應的房貸缺額借貸案件的某些特定機敏性資料(例如,與資料擁有者D1有關的信用評估報告、鑑價報告、和/或貸款合約文件/貸款合約草案文件)。實作上,資料服務系統160在流程522中傳送給資料來源系統150的機敏性資料請求,可以跟資料服務系統160在流程414中接收到的機敏性資料請求完全相同,也可以在資料格式或其他不影響其主要功能的面向上有所不同。In the process 522 , the web server 167 can use the communication circuit 161 or the blockchain computing circuit 163 to send a sensitive data request to the data source system 150 , and transfer the access token to the data source system 150 . The aforementioned sensitive information request can be used to request certain specific sensitive information (for example, credit evaluation report, appraisal report, and/or loan contract documents related to the data owner D1) corresponding to the target information. /loan contract draft document). In practice, the sensitive data request sent by the data service system 160 to the data source system 150 in the process 522 may be exactly the same as the sensitive data request received by the data service system 160 in the process 414, or may be in the data format or Other aspects that do not affect its main function are different.

在此情況下,資料來源系統150可進行流程524。In this case, the data source system 150 can perform the process 524 .

在流程524中,資料伺服器157可透過通信電路151或區塊鏈運算電路153,接收資料服務系統160傳來的機敏性資料請求,並獲取由資料服務系統160移轉過來的取用訊標。In the process 524, the data server 157 can receive the sensitive data request from the data service system 160 through the communication circuit 151 or the block chain operation circuit 153, and obtain the access token transferred from the data service system 160 .

請注意,區塊鏈系統180也可以將前述的流程504及流程510的判斷流程的順序對調。換言之,區塊鏈系統180在接收到資料服務系統160傳來的取用訊標請求之後,可以先進行流程510,並於判定授權訊標為有效訊標時,才進行流程504。在此情況下,區塊鏈系統180於流程504中判定取用訊標請求符合授權政策後,可進行前述的流程518。Please note that the block chain system 180 can also reverse the order of the judgment process of the aforementioned process 504 and process 510 . In other words, after the blockchain system 180 receives the beacon access request from the data service system 160, it may first perform the process 510, and only proceed to the process 504 when it determines that the authorized token is a valid beacon. In this case, after the blockchain system 180 determines in the process 504 that the access beacon request complies with the authorization policy, the aforementioned process 518 can be performed.

由圖5的流程圖說明可知,只有在訊標管理智能合約SC-TM判定資料擁有者D1所對應的授權訊標為有效訊標的情況下,訊標管理智能合約SC-TM才會產生與該授權訊標具有關聯性的取用訊標,並移轉該取用訊標給資料服務系統160。From the flow chart in Figure 5, it can be seen that only when the beacon management smart contract SC-TM determines that the authorized token corresponding to the data owner D1 is a valid beacon, the beacon management smart contract SC-TM will generate an authorization token corresponding to the data owner D1. The authorization beacon has an associated access beacon and transfers the access beacon to the data service system 160 .

換言之,倘若區塊鏈系統180因各種原因(例如,資料擁有者D1終止使用資料取用權限控管系統100的服務,或是被停權)而將資料擁有者裝置110所對應的授權訊標註銷(deactivate),則區塊鏈系統180便不會再提供可取用資料擁有者D1的相關機敏性資料的取用訊標給資料服務系統160或其他資料請求者。很明顯地,這樣的機制可避免資料擁有者D1的相關機敏性資料被不當取用的可能性,有助於提升對於資料擁有者D1的機敏性資料的保護程度。In other words, if the blockchain system 180 sends the authorization token corresponding to the data owner's device 110 due to various reasons (for example, the data owner D1 terminates the service of the data access authority control system 100, or is suspended) If deactivated, the blockchain system 180 will no longer provide access beacons to the data service system 160 or other data requesters to access the sensitive data of the data owner D1. Apparently, such a mechanism can avoid the possibility of improper access to the sensitive data of the data owner D1, and help to improve the degree of protection of the sensitive data of the data owner D1.

另外,只有在區塊鏈系統180判定取用訊標請求符合資料擁有者D1所設定的資料授權政策的情況下,訊標管理智能合約SC-TM才會產生與該授權訊標具有關聯性的取用訊標,並移轉該取用訊標給資料服務系統160。因此,即使資料服務系統160所產生的取用訊標請求被不符合資料授權政策的其他惡意裝置攔截,區塊鏈系統180也不會移轉取用訊標給這些惡意裝置。In addition, only when the blockchain system 180 determines that the request for accessing the beacon conforms to the data authorization policy set by the data owner D1, the beacon management smart contract SC-TM will generate a token associated with the authorized beacon. Access the beacon, and transfer the access beacon to the data service system 160 . Therefore, even if the access beacon request generated by the data service system 160 is intercepted by other malicious devices that do not comply with the data authorization policy, the blockchain system 180 will not transfer the access beacon to these malicious devices.

請注意,資料來源系統150在收到資料服務系統160傳來的機敏性資料請求之後,並不會立刻提供相應的機敏性資料給資料服務系統160,而是會請求區塊鏈系統180驗證該取用訊標的有效性(activity),以確認資料服務系統160是否有相應的資料取用權限。Please note that after receiving the sensitive data request from the data service system 160, the data source system 150 will not immediately provide the corresponding sensitive data to the data service system 160, but will request the blockchain system 180 to verify the data. The validity (activity) of the access beacon is used to confirm whether the data service system 160 has the corresponding data access authority.

因此,資料來源系統150可在進行流程524之後,進行圖6中的流程602。Therefore, the data source system 150 may perform the process 602 in FIG. 6 after performing the process 524 .

在流程602中,資料伺服器157可利用通信電路151或區塊鏈運算電路153,移轉該取用訊標給區塊鏈系統180,並要求區塊鏈系統180驗證該取用訊標的有效性。在此情況下,區塊鏈系統180可相應進行流程604。In the process 602, the data server 157 can use the communication circuit 151 or the blockchain operation circuit 153 to transfer the access token to the blockchain system 180, and request the blockchain system 180 to verify the validity of the access token. sex. In this case, the blockchain system 180 may proceed to process 604 accordingly.

在流程604中,區塊鏈系統180可獲取資料來源系統150移轉過來的取用訊標。In the process 604 , the blockchain system 180 can obtain the access token transferred from the data source system 150 .

接著,區塊鏈系統180可進行流程606,執行訊標管理智能合約SC-TM,以驗證取用訊標的有效性。如前所述,訊標管理智能合約SC-TM在前述的流程518中,可為該取用訊標設定一相應的有效期限。因此,在流程606中,訊標管理智能合約SC-TM可查核區塊鏈系統180獲取該取用訊標的時間,是否超過在流程518中所設定的有效期限。Then, the block chain system 180 can perform the process 606 to execute the token management smart contract SC-TM to verify the validity of the token. As mentioned above, the beacon management smart contract SC-TM can set a corresponding validity period for the access token in the aforementioned process 518 . Therefore, in the process 606 , the token management smart contract SC-TM can check whether the time when the blockchain system 180 obtains the access token exceeds the validity period set in the process 518 .

倘若區塊鏈系統180獲取該取用訊標的時間,已超過訊標管理智能合約SC-TM在流程518中所設定的有效期限,則訊標管理智能合約SC-TM可將該取用訊標判定為無效(inactive)訊標,並進行流程608。If the time for the blockchain system 180 to obtain the access token has exceeded the validity period set by the beacon management smart contract SC-TM in process 518, the beacon management smart contract SC-TM can use the access token It is determined as an invalid (inactive) beacon, and go to process 608 .

反之,倘若區塊鏈系統180獲取該取用訊標的時間,尚未超過訊標管理智能合約SC-TM在流程518中所設定的有效期限,則訊標管理智能合約SC-TM可將該取用訊標判定為有效(active)訊標,並進行流程614。Conversely, if the time when the blockchain system 180 obtains the access token has not exceeded the validity period set by the beacon management smart contract SC-TM in process 518, the beacon management smart contract SC-TM can use the access token The beacon is determined to be an active beacon, and the process 614 is performed.

在另一實施例中,區塊鏈系統180在執行訊標管理智能合約SC-TM以驗證取用訊標的有效性時,會檢核取用訊標在移轉給區塊鏈系統180之前,是否是由資料服務系統160移轉給資料來源系統150,並且還會檢核資料來源系統150移轉取用訊標給區塊鏈系統180的一時間點,是否超過該有效期限。在本實施例中,只有在區塊鏈系統180獲取該取用訊標的時間尚未超過該有效期限、且取用訊標在移轉給區塊鏈系統180前是由資料服務系統160移轉給資料來源系統150的情況下,訊標管理智能合約SC-TM才會將取用訊標判定為有效訊標,並進行流程614。否則,訊標管理智能合約SC-TM便會將取用訊標判定為無效訊標,並進行流程608。In another embodiment, when the blockchain system 180 executes the token management smart contract SC-TM to verify the validity of the access token, it will check the access token before it is transferred to the blockchain system 180, Whether it is transferred from the data service system 160 to the data source system 150, and also check whether a point in time when the data source system 150 transfers the access token to the blockchain system 180 exceeds the validity period. In this embodiment, only when the block chain system 180 obtains the access token has not exceeded the validity period, and the access signal is transferred to the block chain system 180 by the data service system 160 In the case of the data source system 150 , the beacon management smart contract SC-TM will determine the access beacon as a valid beacon, and proceed to process 614 . Otherwise, the token management smart contract SC-TM will determine the access token as an invalid token, and proceed to process 608 .

在流程608中,訊標管理智能合約SC-TM可產生及傳送一檢核失敗通知給資料來源系統150。此時,資料伺服器157可相應進行流程610,以透過通信電路151或區塊鏈運算電路153接收該檢核失敗通知。接著,資料伺服器157可進行流程612,以拒絕資料服務系統160傳來的機敏性資料請求,並可利用通信電路151或區塊鏈運算電路153傳送一相應的拒絕通知給資料服務系統160。In the process 608 , the beacon management smart contract SC-TM can generate and send a verification failure notification to the data source system 150 . At this time, the data server 157 can correspondingly perform the process 610 to receive the verification failure notification through the communication circuit 151 or the block chain operation circuit 153 . Next, the data server 157 can perform the process 612 to reject the sensitive data request from the data service system 160 , and can use the communication circuit 151 or the block chain operation circuit 153 to send a corresponding rejection notice to the data service system 160 .

在流程614中,訊標管理智能合約SC-TM可產生及傳送一檢核成功通知給資料來源系統150,並可選擇性地註銷(deactivate)該取用訊標。在此情況下,資料伺服器157可相應進行流程616,以透過通信電路151或區塊鏈運算電路153接收該檢核成功通知。In the process 614, the beacon management smart contract SC-TM can generate and send a verification success notification to the data source system 150, and optionally deactivate the access beacon. In this case, the data server 157 can correspondingly perform the process 616 to receive the verification success notification through the communication circuit 151 or the block chain operation circuit 153 .

在流程618中,資料伺服器157可從資料庫155所儲存的多份機敏性資料中,找出對應於目標資料的機敏性資料(例如,與資料擁有者D1有關的信用評估報告、鑑價報告、和/或貸款合約文件/貸款合約草案文件),並可利用通信電路151或區塊鏈運算電路153,傳送對應於目標資料的機敏性資料給資料服務系統160。此時,網頁伺服器167可相應進行流程620,以透過通信電路161或區塊鏈運算電路163接收資料來源系統150傳來的機敏性資料。另外,網頁伺服器167還可利用通信電路151或區塊鏈運算電路153,傳送該機敏性資料給資料請求者裝置130。In the process 618, the data server 157 can find out the sensitive data corresponding to the target data (for example, the credit evaluation report, appraisal report, etc. report, and/or loan contract document/loan contract draft document), and can use the communication circuit 151 or block chain computing circuit 153 to transmit the sensitive data corresponding to the target data to the data service system 160. At this time, the web server 167 can correspondingly perform the process 620 to receive the sensitive data transmitted from the data source system 150 through the communication circuit 161 or the block chain operation circuit 163 . In addition, the web server 167 can also use the communication circuit 151 or the blockchain computing circuit 153 to transmit the sensitive data to the data requester device 130 .

此時,資料請求者裝置130的控制電路135可進行流程622,以透過通信電路131接收資料服務系統160傳來的機敏性資料。At this time, the control circuit 135 of the data requester device 130 can perform the process 622 to receive the alert data from the data service system 160 through the communication circuit 131 .

在流程624中,控制電路135可控制顯示裝置133顯示與目標資料相對應的機敏性資料(例如,與資料擁有者D1有關的信用評估報告、鑑價報告、和/或貸款合約文件/貸款合約草案文件)。如此一來,資料請求者R1便可研究前述的機敏性資料,以評估是否要借款給特定房貸缺額借貸案件的借款方(亦即,在本實施例中為對應於目標資料的資料擁有者D1)。In the process 624, the control circuit 135 can control the display device 133 to display the sensitive data corresponding to the target data (for example, the credit evaluation report, the appraisal report, and/or the loan contract document/loan contract related to the data owner D1 draft document). In this way, the data requester R1 can study the aforesaid sensitivity data to evaluate whether to lend money to the borrower of a specific mortgage shortfall loan case (that is, in this embodiment, the data owner D1 corresponding to the target data ).

當資料請求者R1決定借款給資料擁有者D1之後,資料服務系統160可採用各種已知的合適機制,來協助資料請求者R1及資料擁有者D1實現相關的資訊流和/或金流的處理作業。After the data requester R1 decides to lend money to the data owner D1, the data service system 160 can adopt various known appropriate mechanisms to assist the data requester R1 and the data owner D1 to realize the processing of related information flow and/or cash flow Operation.

在實際應用上,資料服務系統160可採用各種已知的合適機制,來為不同借款方的借款需求及不同投資方的投資需求進行媒合,以協助更多借款方能夠透過資料服務系統160的協助而借得所需的資金。In practical applications, the data service system 160 can adopt various known appropriate mechanisms to match the borrowing needs of different borrowers and the investment needs of different investors, so as to help more borrowers to use the data service system 160 Assistance in obtaining the required funds.

另一方面,如圖6所示,訊標管理智能合約SC-TM在判定該取用訊標為有效訊標後,還可進行流程626,以記錄該取用訊標的一獲取時間(例如,流程604的發生時間)或一驗證時間(例如,流程606或流程614的發生時間)。On the other hand, as shown in FIG. 6 , after the beacon management smart contract SC-TM determines that the access beacon is a valid beacon, it can also proceed to process 626 to record an acquisition time of the access beacon (for example, Occurrence time of process 604) or a verification time (eg, occurrence time of process 606 or process 614).

區塊鏈系統180在流程626中所記錄的該取用訊標的相關時間資訊,可以用來做為資料來源系統150提供資料擁有者D1的相關機敏性資料給資料服務系統160的佐證。The relevant time information of the access beacon recorded by the blockchain system 180 in the process 626 can be used as evidence that the data source system 150 provides the relevant alert data of the data owner D1 to the data service system 160 .

由圖6的流程圖說明可知,只有在訊標管理智能合約SC-TM也判定該取用訊標為有效訊標的情況下,資料來源系統150才會將該機敏性資料請求所對應的機敏性資料提供給資料服務系統160。It can be seen from the flow chart in FIG. 6 that only when the beacon management smart contract SC-TM also determines that the access beacon is a valid beacon, the data source system 150 will request the alert corresponding to the alert data request. The data is provided to the data service system 160 .

換言之,只要該取用訊標無效,資料來源系統150就不會提供資料擁有者D1的相關機敏性資料給資料服務系統160。因此,前述資料來源系統150利用區塊鏈系統180來驗證該取用訊標的有效性的方式,可降低資料擁有者D1的相關機敏性資料被不當取用的可能性,有助於提升對於資料擁有者D1的相關機敏性資料的保護程度。In other words, as long as the access beacon is invalid, the data source system 150 will not provide the relevant sensitive data of the data owner D1 to the data service system 160 . Therefore, the aforementioned data source system 150 uses the block chain system 180 to verify the validity of the access beacon, which can reduce the possibility of improper access to the sensitive data of the data owner D1 and help to improve the security of the data. The degree of protection of sensitive data related to owner D1.

另外,基於區塊鏈系統180的特性,記錄在區塊鏈系統180中的該取用訊標的相關時間資訊很難被竄改,所以可以用來做為資料來源系統150提供資料擁有者D1的相關機敏性料給資料服務系統160的佐證,有助於降低資料來源系統150與資料服務系統160兩方發生爭議難以釐清的可能性。In addition, based on the characteristics of the block chain system 180, the relevant time information of the access beacon recorded in the block chain system 180 is difficult to be tampered with, so it can be used as the data source system 150 to provide the relevant data owner D1. Evidence provided by the smart data to the data service system 160 helps reduce the possibility of disputes between the data source system 150 and the data service system 160 that are difficult to clarify.

再者,理論上資料服務系統160每次提供機敏性資料給資料請求者裝置時,都會在區塊鏈系統180上產生相應的取用訊標的時間紀錄。這樣的機制也有助於避免資料服務系統160未經授權就私自外洩資料擁有者的機敏性資料給無權取用資料者的可能性。Furthermore, theoretically, each time the data service system 160 provides sensitive data to the device of the data requester, it will generate a corresponding time record of accessing the beacon on the blockchain system 180 . Such a mechanism also helps to avoid the possibility that the data service system 160 leaks the sensitive data of the data owner to those who have no right to access the data without authorization.

實作上,資料來源系統150除了可移轉取用訊標給區塊鏈系統180之外,還可將資料服務系統160傳來的機敏性資料請求傳送給區塊鏈系統180,並請求區塊鏈系統180驗證該機敏性資料請求的適格性(validity)。In practice, in addition to transferring the access token to the blockchain system 180, the data source system 150 can also transmit the sensitive data request from the data service system 160 to the blockchain system 180, and request the area The blockchain system 180 verifies the validity of the alert data request.

例如,資料伺服器157可利用通信電路151或區塊鏈運算電路153,傳送機敏性資料請求給區塊鏈系統180,並請求區塊鏈系統180執行授權政策智能合約SC-PL,以檢核該機敏性資料請求是否符合預定授權政策。由於該取用訊標會對應於資料擁有者裝置110才有權使用的授權訊標,所以區塊鏈系統180可從授權政策智能合約SC-PL中找到由資料擁有者裝置110所產生的資料授權政策密文。For example, the data server 157 can use the communication circuit 151 or the block chain operation circuit 153 to transmit a sensitive data request to the block chain system 180, and request the block chain system 180 to execute the authorization policy smart contract SC-PL to verify Whether the sensitive data request complies with the intended authorization policy. Since the access token corresponds to the authorization token that the data owner device 110 is entitled to use, the blockchain system 180 can find the data generated by the data owner device 110 from the authorization policy smart contract SC-PL Authorization policy ciphertext.

區塊鏈系統180可利用前述的目標金鑰對資料授權政策密文進行解密,以獲取解密後的資料授權政策。接著,區塊鏈系統180可根據解密後的資料授權政策的內容,判斷機敏性資料請求是否符合資料擁有者D1所設定的資料授權政策的規定。The blockchain system 180 can use the aforementioned target key to decrypt the ciphertext of the data authorization policy to obtain the decrypted data authorization policy. Next, the blockchain system 180 can judge whether the sensitive data request complies with the data authorization policy set by the data owner D1 according to the content of the decrypted data authorization policy.

倘若機敏性資料請求所對應的特定機敏性資料屬於授權資料標的,則區塊鏈系統180可判定機敏性資料請求為適格(valid)的資料請求。If the specific sensitive data corresponding to the sensitive data request belongs to the subject of authorized data, the blockchain system 180 may determine that the sensitive data request is a valid data request.

反之,倘若機敏性資料請求所對應的特定機敏性資料不屬於授權資料標的,則區塊鏈系統180可判定機敏性資料請求為不適格(invalid)的資料請求。Conversely, if the specific smart data corresponding to the smart data request does not belong to the authorized data subject, the blockchain system 180 may determine that the smart data request is an invalid data request.

在一實施例中,區塊鏈系統180可在進行流程606之前,先依據前述方式檢核該機敏性資料請求是否為適格的資料請求,並且於判定機敏性資料請求為適格的資料請求之後,才進行流程606。在此情況下,倘若區塊鏈系統180判定機敏性資料請求為不適格的資料請求,則可進行流程608。In one embodiment, the blockchain system 180 can first check whether the sensitive data request is a qualified data request according to the aforementioned method before performing the process 606, and after determining that the sensitive data request is a qualified data request, Only then proceed to process 606 . In this case, if the blockchain system 180 determines that the alert data request is an unqualified data request, the process 608 may be performed.

在另一實施例中,區塊鏈系統180可先進行流程606,並於判定取用訊標為有效訊標之後,再依據前述方式檢核該機敏性資料請求是否為適格的資料請求。在此實施例中,區塊鏈系統180只有在判定機敏性資料請求為適格的資料請求的情況下,才會進行流程614。倘若區塊鏈系統180判定機敏性資料請求為不適格的資料請求,則可進行流程608。In another embodiment, the block chain system 180 may perform the process 606 first, and then check whether the alert data request is a qualified data request according to the aforementioned method after determining that the access beacon is a valid beacon. In this embodiment, the block chain system 180 will proceed to the process 614 only if it determines that the alertness data request is a qualified data request. If the blockchain system 180 determines that the alert data request is an unqualified data request, the process 608 can be performed.

如此一來,只有在區塊鏈系統180判定該機敏性資料請求為適格的資料請求、且訊標管理智能合約SC-TM也判定該取用訊標為有效訊標的情況下,資料來源系統150才會將該機敏性資料請求所對應的機敏性資料提供給資料服務系統160。In this way, only when the blockchain system 180 determines that the sensitive data request is a qualified data request, and the beacon management smart contract SC-TM also determines that the access beacon is a valid beacon, the data source system 150 Only then will the alert data corresponding to the alert data request be provided to the data service system 160 .

換言之,只要該機敏性資料請求不適格或該取用訊標無效,資料來源系統150就不會提供資料擁有者D1的相關機敏性資料給資料服務系統160。因此,前述資料來源系統150利用區塊鏈系統180來驗證該機敏性資料請求的適格性、並驗證該取用訊標的有效性的方式,可有效避免資料擁有者D1的相關機敏性資料被不當取用的可能性,有助於大幅提升對於資料擁有者D1的相關機敏性資料的保護程度。In other words, as long as the sensitive data request is not qualified or the access beacon is invalid, the data source system 150 will not provide the relevant sensitive data of the data owner D1 to the data service system 160 . Therefore, the aforementioned data source system 150 uses the blockchain system 180 to verify the eligibility of the sensitive data request and verify the validity of the access beacon, which can effectively prevent the relevant sensitive data of the data owner D1 from being improperly The possibility of access helps to greatly enhance the degree of protection of the relevant sensitive data of the data owner D1.

在某些實施例中,資料服務系統160每次使用的資料取用訊標,最後是由區塊鏈系統180註銷,相當於最後是由區塊鏈系統180回收這些資料取用訊標,而非由資料來源系統150來回收這些資料取用訊標。這樣的架構能夠有效降低資料來源系統150與資料服務系統160兩方之間發生糾紛的可能性。In some embodiments, the data access beacons used by the data service system 160 are finally deregistered by the blockchain system 180, which is equivalent to reclaiming these data access beacons by the blockchain system 180 at last, and These data access beacons are not retrieved by the data source system 150 . Such a structure can effectively reduce the possibility of disputes between the data source system 150 and the data service system 160 .

資料請求者R1可比照前述圖4至圖6的方式,透過資料請求者裝置130向資料服務系統160申請調閱其他資料擁有者(例如,資料擁有者D2)的相關機敏性資料。The data requester R1 can apply to the data service system 160 through the data requester device 130 for accessing relevant sensitive data of other data owners (for example, the data owner D2 ) by referring to the manners of FIGS. 4 to 6 .

在資料取用權限控管系統100中,其他資料請求者裝置(例如,資料請求者R2所對應的資料請求者裝置140),也可比照前述方式透過相應的資料請求者裝置向資料服務系統160申請調閱資料擁有者D1(或其他資料擁有者)的相關機敏性資料。In the data access authority control system 100, other data requester devices (for example, the data requester device 140 corresponding to the data requester R2) can also send data to the data service system 160 through the corresponding data requester device in the aforementioned manner. Apply for access to relevant sensitive data of data owner D1 (or other data owners).

同樣地,資料服務系統160可利用區塊鏈系統180來檢核相關資料請求者裝置的資料取用權限,以避免資料擁有者的機敏性資料被輕易外洩。Similarly, the data service system 160 can use the blockchain system 180 to check the data access authority of the relevant data requester's device, so as to prevent the sensitive data of the data owner from being easily leaked.

在前述資料取用權限控管系統100所進行的資料取用權限控管運作中,資料來源系統150要進行的流程明顯比資料服務系統160少很多,而且在資料來源系統150提供個別資料擁有者的機敏性資料給資料服務系統160之前,相關的資料請求或取用訊標請求還會經過區塊鏈系統180、甚至是相關資料擁有者裝置的檢核。這樣的作法可有效確保資料來源系統150提供個別資料擁有者的機敏性資料給資料服務系統160的正當性。In the data access authority control operation performed by the aforementioned data access authority control system 100, the data source system 150 has significantly fewer processes than the data service system 160, and the data source system 150 provides individual data owners with Before sending sensitive data to the data service system 160, the relevant data request or access beacon request will go through the block chain system 180, and even the related data owner's device will be checked. Such an approach can effectively ensure the legitimacy of the data source system 150 providing the sensitive data of individual data owners to the data service system 160 .

因此,從另一角度而言,採用前述的資料取用權限控管方法,可大幅減輕資料來源系統150的系統運作負擔、以及相關的資料取用權限查核責任。Therefore, from another perspective, adopting the aforementioned data access authority control method can greatly reduce the system operation burden of the data source system 150 and the related data access authority check responsibility.

由前述說明可知,在借款方透過資料服務系統160向投資方發起房貸缺額借貸活動的過程中,資料服務系統160不僅可促進借貸雙方的需求媒合,還能搭配區塊鏈系統180共同有效地控管借款方的機敏性資料的取用權限。很明顯地,資料服務系統160在前述房貸缺額借貸的線上媒合應用中,扮演了非常重要的角色。It can be seen from the above description that during the process of the borrower initiating a home loan shortfall loan activity to the investor through the data service system 160, the data service system 160 can not only promote the demand matching between the borrower and the lender, but also work with the blockchain system 180 to effectively Control access to sensitive data of borrowers. Obviously, the data service system 160 has played a very important role in the aforementioned online matchmaking application for mortgage shortfall loans.

如此一來,在資料來源系統150及資料服務系統160分屬於不同運營者的架構中,由資料服務系統160搭配區塊鏈系統180所進行的資料取用權限控管運作,能夠大幅地降低資料來源系統150的運營者所需承擔的法律責任。這樣的機制有助於促進房貸缺額借貸的線上媒合應用的發展。In this way, in the structure where the data source system 150 and the data service system 160 belong to different operators, the data access authority control operation performed by the data service system 160 in conjunction with the blockchain system 180 can greatly reduce the data access authority. The legal responsibilities of the operator of the source system 150. Such a mechanism will help promote the development of online matching applications for mortgage shortfall loans.

由前述說明可知,由資料擁有者裝置110所產生、且包含資料授權政策的資料授權政策密文的歷史版本,會被記錄在區塊鏈系統180中。具備正確解密金鑰、且有權存取區塊鏈系統180的裝置,可從區塊鏈系統180中讀取並解密由資料擁有者D1所設定的資料授權政策密文的歷史版本。這樣的機制一方面可確保資料擁有者的資料授權政策具有足夠的保密性,另一方面又能提升資料擁有者的資料授權政策對於利害關係人的透明度,是個兩全其美、不會過於偏向任何一方的平衡架構。It can be known from the foregoing description that the historical version of the data authorization policy ciphertext generated by the data owner device 110 and including the data authorization policy will be recorded in the blockchain system 180 . A device with the correct decryption key and the right to access the blockchain system 180 can read and decrypt the historical version of the data authorization policy ciphertext set by the data owner D1 from the blockchain system 180 . On the one hand, such a mechanism can ensure that the data owner's data authorization policy has sufficient confidentiality, and on the other hand, it can enhance the transparency of the data owner's data authorization policy to interested parties. It is the best of both worlds and will not be too biased towards any party Balance architecture.

個別的資料擁有者可透過各自的資料擁有者裝置,動態調整資料服務系統160或其他資料服務提供者的資料取用權限。換言之,個別的資料擁有者都可彈性調整願意授權給資料服務系統160或其他資料服務提供者取用的資料範圍、資料類型、和/或資料內容。Individual data owners can dynamically adjust the data access authority of the data service system 160 or other data service providers through their respective data owner devices. In other words, individual data owners can flexibly adjust the data scope, data type, and/or data content they are willing to authorize to the data service system 160 or other data service providers.

由前述說明可知,資料服務系統160收到資料擁有者裝置110傳來的目標資料後,可請求區塊鏈系統180核驗由資料擁有者裝置110所產生、且與目標資料對應的證明值PF1,以藉此驗證目標資料的真實性。It can be seen from the foregoing description that after receiving the target data from the data owner device 110, the data service system 160 can request the blockchain system 180 to verify the proof value PF1 generated by the data owner device 110 and corresponding to the target data, In order to verify the authenticity of the target data.

區塊鏈系統180可執行資料來源系統150所部署的零知識證明智能合約SC-ZKP,以利用零知識證明(ZKP)機制來檢核證明值PF1的正確性。資料服務系統160則可根據區塊鏈系統180對於證明值PF1的核驗結果,來驗證目標資料的全部或一部分內容的真實性。The blockchain system 180 can execute the zero-knowledge proof smart contract SC-ZKP deployed by the data source system 150 to check the correctness of the proof value PF1 by using a zero-knowledge proof (ZKP) mechanism. The data service system 160 can verify the authenticity of all or part of the content of the target data according to the verification result of the proof value PF1 by the blockchain system 180 .

在區塊鏈系統180執行零知識證明智能合約SC-ZKP以檢核證明值PF1的運作過程中,資料服務系統160並不需要提供跟資料擁有者D1有關的過多資訊給區塊鏈系統180。這樣的方式可將區塊鏈系統180檢核證明值PF1所需的資訊量降到最低,以大幅減少資料擁有者D1的相關資料被外洩的可能性。During the operation of the blockchain system 180 executing the zero-knowledge proof smart contract SC-ZKP to check the proof value PF1, the data service system 160 does not need to provide the blockchain system 180 with too much information related to the data owner D1. Such a method can minimize the amount of information required by the blockchain system 180 to verify the proof value PF1, so as to greatly reduce the possibility of leakage of relevant data of the data owner D1.

另外,在區塊鏈系統180執行零知識證明智能合約SC-ZKP以檢核證明值PF1的運作過程中,區塊鏈系統180不需要與資料擁有者裝置110或資料來源系統150進行互動,所以不會增加資料擁有者裝置110及資料來源系統150的運作負擔。這樣的方式也能有效減少資料擁有者D1或資料來源系統150的運營單位的涉入程度,進而降低資料擁有者D1或資料來源系統150的運營單位外洩資料的風險。In addition, during the operation of the blockchain system 180 executing the zero-knowledge proof smart contract SC-ZKP to check the proof value PF1, the blockchain system 180 does not need to interact with the data owner device 110 or the data source system 150, so The operation burden of the data owner device 110 and the data source system 150 will not be increased. Such a method can also effectively reduce the degree of involvement of the data owner D1 or the operating unit of the data source system 150 , thereby reducing the risk of data leakage by the data owner D1 or the operating unit of the data source system 150 .

有權存取區塊鏈系統180、具備正確解密金鑰的裝置,可對記錄在區塊鏈系統180中的資料授權政策密文進行解密與查核。因此,利用區塊鏈系統180來取代傳統的集權式授權伺服器,可有效提升資料取用權限控管系統100在授權政策管理上的透明度,進而降低資料來源系統150與資料擁有者或資料請求者之間發生糾紛的可能性。A device that has the right to access the blockchain system 180 and has the correct decryption key can decrypt and check the ciphertext of the data authorization policy recorded in the blockchain system 180 . Therefore, using the blockchain system 180 to replace the traditional centralized authorization server can effectively improve the transparency of the authorization policy management of the data access authority control system 100, thereby reducing the number of conflicts between the data source system 150 and the data owner or data request. the possibility of disputes between them.

前述資料取用權限控管系統100的另一優點是能夠滿足歐盟GDPR的各種要求,並且能夠允許資料擁有者隨時依需要而動態調整其資料授權政策,具有更高的授權政策調整彈性。Another advantage of the aforementioned data access authority control system 100 is that it can meet various requirements of EU GDPR, and can allow data owners to dynamically adjust their data authorization policies at any time according to their needs, which has higher authorization policy adjustment flexibility.

另外,個別資料擁有者的資料授權政策是以加密形式儲存在區塊鏈系統180中,且只有具備正確解密金鑰、且有權存取區塊鏈系統180的裝置,才能從區塊鏈系統180中讀取並解密相關的資料授權政策密文。這樣的做法可大幅降低個別資料擁有者所設定的資料授權政策被惡意人士竊取或竄改的風險。In addition, the data authorization policy of individual data owners is stored in the blockchain system 180 in an encrypted form, and only devices with the correct decryption key and the right to access the blockchain system 180 can access the data from the blockchain system. 180 to read and decrypt the relevant data authorization policy ciphertext. Such an approach can greatly reduce the risk of data authorization policies set by individual data owners being stolen or tampered with by malicious persons.

再者,資料服務系統160每次使用的資料取用訊標,最後是由區塊鏈系統180註銷。換言之,這些資料取用訊標最後是由區塊鏈系統180回收,而非由資料來源系統150來回收。這樣的架構能有效降低資料來源系統150與資料服務系統160兩方之間發生糾紛的可能性。Furthermore, the data access beacon used by the data service system 160 each time is finally deregistered by the blockchain system 180 . In other words, these data access beacons are finally recovered by the blockchain system 180 instead of the data source system 150 . Such a framework can effectively reduce the possibility of disputes between the data source system 150 and the data service system 160 .

另一方面,資料取用權限控管系統100採用的資料取用權限控管方法,是利用區塊鏈系統180搭配相關智能合約的架構來自動完成資料取用訊標的申請與移轉程序、授權訊標的有效性驗證程序、機敏性資料請求的適格性驗證程序、以及取用訊標的有效性驗證程序,所以能夠大幅提升資料取用權限控管流程的效率與正確性,並同時大幅減少所需的人力與時間,更能有效避免儲存在區塊鏈系統180中的相關授權政策密文與取用訊標的時間記錄被惡意人士事後竄改的風險。On the other hand, the data access authority control method adopted by the data access authority control system 100 is to use the block chain system 180 with the framework of relevant smart contracts to automatically complete the application, transfer procedures and authorization of data access tokens. The effectiveness verification procedure of the beacon, the eligibility verification procedure of the smart data request, and the validity verification procedure of the access beacon can greatly improve the efficiency and accuracy of the data access authority control process, and at the same time greatly reduce the required It can effectively avoid the risk that the ciphertext of the relevant authorization policy and the time record of accessing the beacon stored in the blockchain system 180 will be tampered with by malicious people afterwards.

實作上,前述資料取用權限控管系統100中的資料擁有者裝置的數量、資料請求者裝置的數量、資料來源系統150的數量、以及資料服務系統160的數量,都可依實際應用環境的需要而增加,並不侷限於前述實施例所繪示的態樣。In practice, the number of data owner devices, the number of data requester devices, the number of data source systems 150, and the number of data service systems 160 in the aforementioned data access authority control system 100 can all be determined according to the actual application environment. The requirements are increased, and are not limited to the aspects shown in the foregoing embodiments.

在某些實施例中,可將前述資料擁有者裝置110中的區塊鏈運算電路113省略,或是將顯示裝置115和/或區塊鏈運算電路113獨立於資料擁有者裝置110之外。In some embodiments, the aforementioned blockchain computing circuit 113 in the data owner device 110 can be omitted, or the display device 115 and/or the blockchain computing circuit 113 can be separated from the data owner device 110 .

另外,在某些實施例中,可將前述資料請求者裝置130中的顯示裝置133獨立於資料請求者裝置130之外。In addition, in some embodiments, the aforementioned display device 133 in the data requester device 130 can be independent from the data requester device 130 .

同樣地,在某些實施例中,可將前述資料來源系統150中的資料庫155和/或區塊鏈運算電路153獨立於資料來源系統150之外。Likewise, in some embodiments, the database 155 and/or the blockchain computing circuit 153 in the aforementioned data source system 150 can be independent from the data source system 150 .

請注意,前述各流程圖中的流程執行順序只是一示範性的實施例,並非侷限本發明的實際實施方式。例如,圖2中的流程212和/或流程214,可以調整到流程210之前進行,或是與流程210同時進行。Please note that the execution sequence of the processes in the foregoing flowcharts is only an exemplary embodiment, and does not limit the actual implementation of the present invention. For example, the process 212 and/or the process 214 in FIG. 2 may be adjusted to be performed before the process 210 or performed simultaneously with the process 210 .

又例如,圖2中的流程214可以調整到流程212之前進行,或是與流程212同時進行。For another example, the process 214 in FIG. 2 can be adjusted to be performed before the process 212 or performed simultaneously with the process 212 .

又例如,圖2中的流程216可以調整到流程206或流程208之前進行,或是與流程206或流程208同時進行。For another example, the process 216 in FIG. 2 can be adjusted to be performed before the process 206 or the process 208, or performed simultaneously with the process 206 or the process 208.

又例如,圖2中的流程220、流程222、及流程224,可以調整到流程218之前進行。For another example, the process 220 , the process 222 , and the process 224 in FIG. 2 can be adjusted to be performed before the process 218 .

又例如,圖2中的流程228及流程230,可以調整到流程218、流程220、流程222、流程224、或流程226之前進行。For another example, the process 228 and the process 230 in FIG. 2 can be adjusted to be performed before the process 218 , the process 220 , the process 222 , the process 224 , or the process 226 .

又例如,圖3中的流程310及流程312,可以調整到流程302、流程304、或流程306之前進行。For another example, the process 310 and the process 312 in FIG. 3 can be adjusted to be performed before the process 302 , the process 304 , or the process 306 .

又例如,圖3中的流程304、流程306、及流程308,可以調整到流程312至流程502之間的任意時間點進行。For another example, the process 304, the process 306, and the process 308 in FIG. 3 can be adjusted to any time point between the process 312 and the process 502.

又例如,在某些實施例中,資料擁有者裝置110的控制電路117,可以在資料擁有者D1操控資料擁有者裝置110登入資料服務系統160之前,就要求資料擁有者D1輸入一或多個待驗證資料,並且等到資料擁有者D1登入資料服務系統160之後,才要求資料擁有者D1輸入一些相對低機敏性資料。換言之,資料擁有者D1可在不同的時間點,將前述的待驗證資料及相對低機敏性資料分別輸入資料擁有者裝置110。在此情況下,流程226可以調整到流程224之前進行。For another example, in some embodiments, the control circuit 117 of the data owner device 110 may require the data owner D1 to input one or more The data is to be verified and the data owner D1 is required to input some relatively low-sensitivity data after the data owner D1 logs into the data service system 160 . In other words, the data owner D1 may input the aforementioned data to be verified and relatively low-sensitivity data into the data owner device 110 at different time points. In this case, the process 226 can be adjusted to be performed before the process 224 .

又例如,在某些實施例中,資料擁有者裝置110可以在流程416之前就將授權訊標識別資料傳送給資料服務系統160。例如,資料擁有者裝置110可在流程310中一併將授權訊標識別資料傳送給資料服務系統160,或是在其他時間點就事先將授權訊標識別資料傳送給資料服務系統160。如此一來,便可將圖4中的流程416至流程430省略。For another example, in some embodiments, the data owner device 110 may transmit the authorization beacon identification data to the data service system 160 before the process 416 . For example, the data owner device 110 may transmit the authorized beacon identification data to the data service system 160 in the process 310, or transmit the authorized beacon identification data to the data service system 160 in advance at other points of time. In this way, the process 416 to the process 430 in FIG. 4 can be omitted.

在說明書及申請專利範圍中使用了某些詞彙來指稱特定的元件,而本領域內的技術人員可能會用不同的名詞來稱呼同樣的元件。本說明書及申請專利範圍並不以名稱的差異來做為區分元件的方式,而是以元件在功能上的差異來做為區分的基準。在說明書及申請專利範圍中所提及的「包含」爲開放式的用語,應解釋成「包含但不限定於」。另外,「耦接」一詞在此包含任何直接及間接的連接手段。因此,若文中描述第一元件耦接於第二元件,則代表第一元件可通過電性連接或無線傳輸、光學傳輸等信號連接方式而直接地連接於第二元件,或通過其它元件或連接手段間接地電性或信號連接至第二元件。Certain terms are used in the description and patent application to refer to specific components, but those skilled in the art may use different terms to refer to the same components. This description and the scope of the patent application do not use the difference in name as a way to distinguish components, but use the difference in function of components as a basis for differentiation. The "comprising" mentioned in the specification and scope of patent application is an open term and should be interpreted as "including but not limited to". In addition, the term "coupled" herein includes any direct and indirect means of connection. Therefore, if it is described in the text that the first element is coupled to the second element, it means that the first element can be directly connected to the second element through electrical connection or signal connection means such as wireless transmission or optical transmission, or through other elements or connections. The means is indirectly electrically or signally connected to the second element.

在說明書中所使用的「和/或」的描述方式,包含所列舉的其中一個項目或多個項目的任意組合。另外,除非說明書中特別指明,否則任何單數格的用語都同時包含複數格的含義。The description of "and/or" used in the specification includes any combination of one or more of the listed items. In addition, unless otherwise specified in the specification, any singular term also includes a plural meaning.

以上僅為本發明的較佳實施例,凡依本發明請求項所做的等效變化與修改,皆應屬本發明的涵蓋範圍。The above are only preferred embodiments of the present invention, and all equivalent changes and modifications made according to the claims of the present invention shall fall within the scope of the present invention.

100:資料取用權限控管系統(data read authority control system)100: Data access authority control system (data read authority control system)

110、120:資料擁有者裝置(data owner device)110, 120: data owner device (data owner device)

111:通信電路(communication circuit)111: Communication circuit (communication circuit)

113:區塊鏈運算電路(block chain computing circuit)113:Block chain computing circuit

115:顯示裝置(display device)115: Display device (display device)

117:控制電路(control circuit)117: Control circuit (control circuit)

130、140:資料請求者裝置(data requester device)130, 140: data requester device (data requester device)

131:通信電路(communication circuit)131: Communication circuit (communication circuit)

133:顯示裝置(display device)133: Display device (display device)

135:控制電路(control circuit)135: Control circuit (control circuit)

150:資料來源系統(data source system)150:Data source system

151:通信電路(communication circuit)151: Communication circuit (communication circuit)

153:區塊鏈運算電路(block chain computing circuit)153:Block chain computing circuit

155:資料庫(database)155: database

157:資料伺服器(data server)157: data server (data server)

160:資料服務系統(data service system)160:Data service system

161:通信電路(communication circuit)161: Communication circuit (communication circuit)

163:區塊鏈運算電路(block chain computing circuit)163:Block chain computing circuit

165:資料庫(database)165: database

167:網頁伺服器(web server)167: Web server (web server)

170:區塊鏈節點叢集(block chain node cluster)170:Block chain node cluster

171~177:區塊鏈節點(block chain node)171~177: block chain node

180:區塊鏈系統(block chain system)180:Block chain system

202~230、302~330、402~432、502~524、602~626:運作流程(operation)202~230, 302~330, 402~432, 502~524, 602~626: operation process (operation)

圖1為本發明一實施例的資料取用權限控管系統簡化後的功能方塊圖。FIG. 1 is a simplified functional block diagram of a data access authority control and management system according to an embodiment of the present invention.

圖2至圖6為本發明一實施例的資料取用權限控管方法簡化後的流程圖。2 to 6 are simplified flowcharts of a data access authority control method according to an embodiment of the present invention.

100:資料取用權限控管系統 100:Data Access Authority Control System

110、120:資料擁有者裝置 110, 120: data owner device

111:通信電路 111: Communication circuit

113:區塊鏈運算電路 113: Blockchain operation circuit

115:顯示裝置 115: display device

117:控制電路 117: control circuit

130、140:資料請求者裝置 130, 140: data requester device

131:通信電路 131: Communication circuit

133:顯示裝置 133: display device

135:控制電路 135: control circuit

150:資料來源系統 150:Data source system

151:通信電路 151: Communication circuit

153:區塊鏈運算電路 153: Blockchain operation circuit

155:資料庫 155: database

157:資料伺服器 157:Data server

160:資料服務系統 160:Data service system

161:通信電路 161: Communication circuit

163:區塊鏈運算電路 163: Blockchain operation circuit

165:資料庫 165: database

167:網頁伺服器 167:Web server

170:區塊鏈節點叢集 170:Blockchain node cluster

171~177:區塊鏈節點 171~177: Blockchain nodes

180:區塊鏈系統 180: Blockchain system

Claims (20)

一種資料取用權限控管系統(100),包含: 一區塊鏈系統(180); 一資料擁有者裝置(110),設置成可接收一目標使用者輸入的資料以產生一目標資料,並可利用一證明金鑰產生一證明值; 一資料來源系統(150),設置成可儲存對應於該目標資料的一機敏性資料; 一資料服務系統(160),設置成可接收該資料擁有者裝置(110)所產生的該目標資料及該證明值,並可要求該區塊鏈系統(180)核驗該證明值; 一資料請求者裝置(130),設置成可產生及傳送對應於該目標資料的一機敏性資料請求給該資料服務系統(160); 其中,該區塊鏈系統(180)設置成可執行一零知識證明智能合約,以利用一驗證金鑰檢核該證明值的正確性,並可在判定該證明值為正確時,傳送一核驗成功通知給該資料服務系統(160); 其中,該區塊鏈系統(180)還設置成可檢核一授權訊標識別資料所對應的一授權訊標的有效性,並可於判定該授權訊標為有效時,產生及移轉一取用訊標給該資料服務系統(160); 其中,該資料服務系統(160)還設置成可在獲取該取用訊標之後,傳送該機敏性資料請求給該資料來源系統(150),並移轉該取用訊標給該資料來源系統(150); 其中,倘若該資料服務系統(160)移轉給該資料來源系統(150)的該取用訊標為有效,則該資料來源系統(150)可傳送對應於該目標資料的該機敏性資料給該資料服務系統(160),且該資料服務系統(160)可傳送該機敏性資料給該資料請求者裝置(130)。 A data access authority control system (100), comprising: A blockchain system (180); A data owner device (110), configured to receive data input by a target user to generate a target data, and generate a certification value using a certification key; a data source system (150) configured to store a sensitivity data corresponding to the target data; A data service system (160), configured to receive the target data and the certification value generated by the data owner's device (110), and request the blockchain system (180) to verify the certification value; a data requester device (130) configured to generate and transmit an alert data request corresponding to the target data to the data service system (160); Wherein, the blockchain system (180) is configured to execute a zero-knowledge proof smart contract to verify the correctness of the proof value by using a verification key, and send a verification key when the proof value is determined to be correct. Successfully notify the data service system (160); Wherein, the block chain system (180) is also configured to check the validity of an authorized token corresponding to the identification data of an authorized token, and can generate and transfer an authorized token when it is determined that the authorized token is valid. beaconing the data service system (160); Wherein, the data service system (160) is further configured to transmit the alert data request to the data source system (150) after obtaining the access beacon, and transfer the access beacon to the data source system (150); Wherein, if the access beacon transferred from the data service system (160) to the data source system (150) is valid, the data source system (150) may send the alert data corresponding to the target data to The data service system (160), and the data service system (160) can transmit the alert data to the data requester device (130). 如請求項1所述的資料取用權限控管系統(100),其中,該資料服務系統(160)還設置成可在接收到該資料請求者裝置(130)傳來的該機敏性資料請求之後,傳送該授權訊標識別資料給該區塊鏈系統(180)。The data access authority control system (100) according to claim 1, wherein the data service system (160) is further configured to receive the sensitive data request from the data requester device (130) Afterwards, sending the authorized beacon identification data to the blockchain system (180). 如請求項2所述的資料取用權限控管系統(100),其中,該資料擁有者裝置(110)所使用的該證明金鑰、以及該區塊鏈系統(180)所使用的該驗證金鑰,都是由該資料來源系統(150)所提供。The data access authority control system (100) as claimed in claim 2, wherein the certification key used by the data owner device (110) and the authentication used by the blockchain system (180) Keys are all provided by the data source system (150). 如請求項2所述的資料取用權限控管系統(100),其中,該資料擁有者裝置(110)還設置成可要求該目標使用者輸入一或多個待驗證資料,並可利用該證明金鑰依據該一或多個待驗證資料產生該證明值。The data access authority control system (100) as described in claim 2, wherein the data owner device (110) is also configured to require the target user to input one or more data to be verified, and can use the The proof key generates the proof value according to the one or more pieces of data to be verified. 如請求項2所述的資料取用權限控管系統(100),其中,該授權訊標是由該區塊鏈系統(180)產生、並移轉給該資料擁有者裝置(110)。The data access authority control system (100) as described in Claim 2, wherein the authorization token is generated by the blockchain system (180) and transferred to the data owner device (110). 如請求項5所述的資料取用權限控管系統(100),其中,該區塊鏈系統(180)還設置成可執行一訊標管理智能合約,以產生並移轉該授權訊標給該資料擁有者裝置(110); 其中,該資料擁有者裝置(110)還設置成可使用該授權訊標將一資料授權政策密文傳送給該區塊鏈系統(180),且該區塊鏈系統(180)還設置成可將該資料授權政策密文記錄在一授權政策智能合約中。 The data access authority control system (100) as described in Claim 5, wherein the blockchain system (180) is also configured to execute a token management smart contract to generate and transfer the authorization token to the data owner device (110); Wherein, the data owner device (110) is also configured to use the authorization beacon to transmit a data authorization policy ciphertext to the blockchain system (180), and the blockchain system (180) is also configured to Record the data authorization policy ciphertext in an authorization policy smart contract. 如請求項2所述的資料取用權限控管系統(100),其中,該區塊鏈系統(180)還設置成可在接收到該資料服務系統(160)傳來的該授權訊標識別資料之後,執行一授權政策智能合約,以檢核該資料服務系統(160)是否符合該目標使用者所設置的一預定授權政策。The data access authority control system (100) as described in claim 2, wherein the blockchain system (180) is further configured to be identifiable upon receiving the authorization signal from the data service system (160) After the data is collected, an authorization policy smart contract is executed to check whether the data service system (160) complies with a predetermined authorization policy set by the target user. 如請求項7所述的資料取用權限控管系統(100),其中,該區塊鏈系統(180)只有在判定該授權訊標為有效、且該資料服務系統(160)是否符合該預定授權政策的情況下,才會產生及移轉該取用訊標給該資料服務系統(160)。The data access authority control system (100) as described in claim item 7, wherein, the blockchain system (180) only determines whether the authorization signal is valid and whether the data service system (160) meets the predetermined The access beacon is generated and transferred to the data service system (160) only in the case of authorization policy. 如請求項2所述的資料取用權限控管系統(100),其中,該資料服務系統(160)還設置成可在接收到該資料請求者裝置(130)傳來的該機敏性資料請求之後,產生及傳送對應於一目標請求者的一資料取用請求給該資料擁有者裝置(110),且只有在該目標使用者接受該資料取用請求的情況下,該資料服務系統(160)才會傳送該授權訊標識別資料給該區塊鏈系統(180)。The data access authority control system (100) as described in claim 2, wherein the data service system (160) is further configured to receive the sensitive data request from the data requester device (130) Afterwards, generate and transmit a data access request corresponding to a target requester to the data owner device (110), and only if the target user accepts the data access request, the data service system (160 ) will transmit the authorized beacon identification data to the blockchain system (180). 如請求項9所述的資料取用權限控管系統(100),其中,該資料擁有者裝置(110)還設置成可詢問該目標使用者是否接受該資料取用請求,並可在該目標使用者接受該資料取用請求時,傳送該授權訊標識別資料給該資料服務系統(160)。The data access authority control system (100) as described in claim item 9, wherein the data owner device (110) is also configured to ask the target user whether to accept the data access request, and can When the user accepts the data access request, the user sends the authorization beacon identification data to the data service system (160). 如請求項2所述的資料取用權限控管系統(100),其中,該資料來源系統(150)還設置成可在獲取該取用訊標之後,移轉該取用訊標給該區塊鏈系統(180); 其中,該區塊鏈系統(180)還設置成可在獲取該取用訊標之後,檢核該取用訊標的有效性,並可於判定該取用訊標為有效時,產生及傳送一檢核成功通知給該資料來源系統(150); 其中,該資料來源系統(150)還設置成可在接收到該檢核成功通知之後,傳送對應於該目標資料的該機敏性資料給該資料服務系統(160)。 The data access authority control system (100) as described in claim 2, wherein the data source system (150) is further configured to transfer the access signal to the area after obtaining the access signal block chain system (180); Wherein, the blockchain system (180) is also configured to check the validity of the access beacon after obtaining the access beacon, and generate and transmit a Notify the data source system of a successful verification (150); Wherein, the data source system (150) is further configured to transmit the alert data corresponding to the target data to the data service system (160) after receiving the verification success notification. 如請求項11所述的資料取用權限控管系統(100),其中,該區塊鏈系統(180)還設置成可在產生該取用訊標時,為該取用訊標設定一相應的有效期限; 其中,該區塊鏈系統(180)在檢核該取用訊標的有效性時,會檢核該取用訊標在移轉給該區塊鏈系統(180)前,是否是由該資料服務系統(160)移轉給該資料來源系統(150),且該區塊鏈系統(180)還會檢核該資料來源系統(150)移轉該取用訊標給該區塊鏈系統(180)的一時間點,是否超過該有效期限。 The data access authority control system (100) as described in claim 11, wherein, the blockchain system (180) is further configured to set a corresponding period of validity; Wherein, when the blockchain system (180) checks the validity of the access token, it will check whether the access token is served by the data before being transferred to the blockchain system (180). The system (160) transfers to the data source system (150), and the blockchain system (180) also checks that the data source system (150) transfers the access token to the blockchain system (180 ) at a point in time, whether it exceeds the validity period. 如請求項11所述的資料取用權限控管系統(100),其中,該區塊鏈系統(180)還設置成可記錄該取用訊標的一獲取時間或一檢核時間。The data access authority control system (100) as described in claim 11, wherein the blockchain system (180) is further configured to record an acquisition time or a verification time of the access beacon. 一種用於一資料取用權限控管系統(100)中的資料服務系統(160),其中,該資料取用權限控管系統(100)包含有一資料擁有者裝置(110)、一資料請求者裝置(130)、一資料來源系統(150)、以及一區塊鏈系統(180),該資料服務系統(160)包含: 一通信電路(161),設置成可接收該資料擁有者裝置(110)所傳來的一目標資料及一證明值,並可接收該資料請求者裝置(130)所傳來的對應於該目標資料的一機敏性資料請求; 一區塊鏈運算電路(163),設置成可扮演該區塊鏈系統(180)的節點之一,並可要求該區塊鏈系統(180)核驗該證明值,其中,該區塊鏈系統(180)會執行一零知識證明智能合約,以利用一驗證金鑰檢核該證明值的正確性; 一資料庫(165),設置成可儲存該目標資料;以及 一網頁伺服器(167),耦接於該通信電路(161)、該區塊鏈運算電路(163)、及該資料庫(165),設置成可於該區塊鏈系統(180)判定一授權訊標識別資料所對應的一授權訊標為有效時,透過該通信電路(161)或該區塊鏈運算電路(163)獲取該區塊鏈系統(180)移轉過來的一取用訊標; 其中,該通信電路(161)還設置成可在該區塊鏈系統(180)判定該證明值為正確時,接收該區塊鏈系統(180)傳來的一核驗成功通知; 其中,該網頁伺服器(167)還設置成可在獲取該取用訊標之後,透過該通信電路(161)傳送該機敏性資料請求給該資料來源系統(150),並透過該通信電路(161)或該區塊鏈運算電路(163)移轉該取用訊標給該資料來源系統(150); 其中,倘若該資料服務系統(160)移轉給該資料來源系統(150)的該取用訊標為有效,則該網頁伺服器(167)還可透過該通信電路(161)接收該資料來源系統(150)所傳來的對應於該目標資料的一機敏性資料,並可透過該通信電路(161)傳送該機敏性資料給該資料請求者裝置(130)。 A data service system (160) used in a data access authority control system (100), wherein the data access authority control system (100) includes a data owner device (110), a data requester A device (130), a data source system (150), and a block chain system (180), the data service system (160) includes: A communication circuit (161), configured to receive a target data and a certification value transmitted from the data owner device (110), and to receive a target data corresponding to the target transmitted from the data requester device (130). Data Sensitivity Data Requests; A block chain operation circuit (163), which is set to act as one of the nodes of the block chain system (180), and can request the block chain system (180) to verify the proof value, wherein, the block chain system (180) A zero-knowledge proof smart contract will be executed to use a verification key to check the correctness of the proof value; a database (165), configured to store the target data; and A web server (167), coupled to the communication circuit (161), the block chain computing circuit (163), and the database (165), configured to determine a When an authorization token corresponding to the authorization token identification data is valid, an access message transferred from the blockchain system (180) is obtained through the communication circuit (161) or the blockchain computing circuit (163) mark; Wherein, the communication circuit (161) is also configured to receive a verification success notification from the blockchain system (180) when the blockchain system (180) determines that the proof value is correct; Wherein, the web server (167) is further configured to transmit the sensitive data request to the data source system (150) through the communication circuit (161) after obtaining the access beacon, and through the communication circuit ( 161) or the blockchain computing circuit (163) transfers the access beacon to the data source system (150); Wherein, if the access token transferred from the data service system (160) to the data source system (150) is valid, the web server (167) can also receive the data source through the communication circuit (161) A sensitivity data corresponding to the target data transmitted from the system (150), and the sensitivity data can be sent to the data requester device (130) through the communication circuit (161). 如請求項14所述的資料服務系統(160),其中,該網頁伺服器(167)還設置成可在該通信電路(161)接收到該資料請求者裝置(130)傳來的該機敏性資料請求之後,傳送該授權訊標識別資料給該區塊鏈系統(180)。The data service system (160) according to claim 14, wherein, the web server (167) is further configured to receive the alert from the data requester device (130) at the communication circuit (161) After the data request, send the authorized beacon identification data to the blockchain system (180). 如請求項15所述的資料服務系統(160),其中,該區塊鏈系統(180)還設置成可在接收到該資料服務系統(160)傳來的該授權訊標識別資料之後,執行一授權政策智能合約,以檢核該資料服務系統(160)是否符合該目標使用者所設置的一預定授權政策。The data service system (160) as described in claim 15, wherein, the blockchain system (180) is further configured to execute the An authorization policy smart contract to check whether the data service system (160) complies with a predetermined authorization policy set by the target user. 如請求項16所述的資料服務系統(160),其中,只有在該區塊鏈系統(180)判定該授權訊標為有效、且該資料服務系統(160)是否符合該預定授權政策的情況下,該網頁伺服器(167)才會透過該通信電路(161)或該區塊鏈運算電路(163),獲取由該區塊鏈系統(180)移轉過來的該取用訊標。The data service system (160) according to claim 16, wherein only when the blockchain system (180) determines that the authorization token is valid and whether the data service system (160) complies with the predetermined authorization policy Only then will the web server (167) obtain the access token transferred from the blockchain system (180) through the communication circuit (161) or the blockchain computing circuit (163). 如請求項15所述的資料服務系統(160),其中,該網頁伺服器(167)還設置成可在該通信電路(161)接收到該資料請求者裝置(130)傳來的該機敏性資料請求之後,產生對應於一目標請求者的一資料取用請求,並透過該通信電路(161)傳送該資料取用請求給該資料擁有者裝置(110),且只有在該目標使用者接受該資料取用請求的情況下,該網頁伺服器(167)才會透過該通信電路(161)或該區塊鏈運算電路(163)傳送該授權訊標識別資料給該區塊鏈系統(180)。The data service system (160) according to claim 15, wherein, the web server (167) is further configured to receive the alert from the data requester device (130) at the communication circuit (161) After the data request, generate a data access request corresponding to a target requester, and send the data access request to the data owner device (110) through the communication circuit (161), and only when the target user accepts In the case of the data access request, the web server (167) will send the authorization beacon identification data to the blockchain system (180) through the communication circuit (161) or the blockchain computing circuit (163). ). 如請求項18所述的資料服務系統(160),其中,該資料擁有者裝置(110)還會詢問該目標使用者是否接受該資料取用請求,且只有在該目標使用者接受該資料取用請求的情況下,該通信電路(161)才會接收該資料擁有者裝置(110)傳來的該授權訊標識別資料。The data service system (160) as described in claim 18, wherein, the data owner device (110) will also ask the target user whether to accept the data access request, and only when the target user accepts the data access request The communication circuit (161) will receive the authorization beacon identification data transmitted from the data owner device (110) only if requested. 如請求項15所述的資料服務系統(160),其中,該資料來源系統(150)還設置成可在獲取該取用訊標之後,移轉該取用訊標給該區塊鏈系統(180); 其中,該區塊鏈系統(180)還設置成可在獲取該取用訊標之後,檢核該取用訊標的有效性,並可於判定該取用訊標為有效時,產生及傳送一檢核成功通知給該資料來源系統(150); 其中,在該資料來源系統(150)接收到該檢核成功通知之後,該通信電路(161)會接收該資料來源系統(150)傳來的對應於該目標資料的該機敏性資料。 The data service system (160) according to claim 15, wherein, the data source system (150) is further configured to transfer the access token to the blockchain system ( 180); Wherein, the blockchain system (180) is also configured to check the validity of the access beacon after obtaining the access beacon, and generate and transmit a Notify the data source system of a successful verification (150); Wherein, after the data source system (150) receives the verification success notification, the communication circuit (161) receives the alert data corresponding to the target data from the data source system (150).
TW111141051A 2021-10-28 2022-10-28 Data read authority control system based on block chain and zero-knowledge proof mechanism, and related data service system TWI790985B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202163272779P 2021-10-28 2021-10-28
US63/272,779 2021-10-28

Publications (2)

Publication Number Publication Date
TWI790985B TWI790985B (en) 2023-01-21
TW202318239A true TW202318239A (en) 2023-05-01

Family

ID=86670365

Family Applications (1)

Application Number Title Priority Date Filing Date
TW111141051A TWI790985B (en) 2021-10-28 2022-10-28 Data read authority control system based on block chain and zero-knowledge proof mechanism, and related data service system

Country Status (1)

Country Link
TW (1) TWI790985B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3061330B1 (en) * 2016-12-28 2019-05-24 Bull Sas SYSTEM AND METHOD FOR CREATING AND MANAGING DECENTRALIZED AUTHORIZATIONS FOR CONNECTED OBJECTS
CA3061638C (en) * 2017-04-28 2022-04-26 Anonos Inc. Systems and methods for enforcing centralized privacy controls in de-centralized systems
TWI650658B (en) * 2017-09-22 2019-02-11 天逸財金科技服務股份有限公司 Method and system for querying data through verification of identity and authorization
CN113169957B (en) * 2019-04-12 2023-03-24 杭州锘崴信息科技有限公司 Personal medical data security sharing and ownership decentralized ownership system
TWI724667B (en) * 2019-12-03 2021-04-11 臺灣銀行股份有限公司 System of identity management and authorization and method thereof
CN112508722B (en) * 2021-01-29 2021-05-25 支付宝(杭州)信息技术有限公司 Policy information verification method and device based on zero knowledge proof

Also Published As

Publication number Publication date
TWI790985B (en) 2023-01-21

Similar Documents

Publication Publication Date Title
US12021992B2 (en) System and method for authenticating user identity
US20240144280A1 (en) Blockchain architecture with record security
US11727400B2 (en) Telecommunication system and method for settling session transactions
US11468176B2 (en) Computer method and graphical user interface for identity management using blockchain
CN111418184B (en) Credible insurance letter based on block chain
US20150356523A1 (en) Decentralized identity verification systems and methods
CN111357026B (en) Credible insurance letter based on block chain
CN111373431A (en) Credible insurance letter based on block chain
US20220172198A1 (en) Real-time blockchain settlement network
CN111417945A (en) Credible insurance letter based on block chain
CN111949335A (en) Method and apparatus for sharing financial data
TWI829219B (en) De-centralized data authorization control system capable of transferring read token from block chain subsystem to data requester device
Mansoor et al. A review of blockchain approaches for kyc
US20230092436A1 (en) Framework for demaraction of digital assets
US20240119520A1 (en) Geolocation-based mesh automatic lending network
TWI790985B (en) Data read authority control system based on block chain and zero-knowledge proof mechanism, and related data service system
KR102199486B1 (en) Authorized authentication agency for content providers
Vimal Mani A view of blockchain technology from the information security radar
TW202240443A (en) De-centralized data authorization control system capable of flexibly adjusting data authorization policy
TW202240444A (en) De-centralized data authorization control system capable of indirectly transferring read token through third-party service subsystem
TW202240442A (en) De-centralized data authorization control system capable of forwarding token request through third-party service subsystem
TWI829215B (en) De-centralized data authorization control system capable of inspecting transfer history of read token to verify activity of read token
KR102182131B1 (en) System and method for facilitating loan service and computer program for the same
TWI829220B (en) De-centralized data authorization control system capable of utilizing smart contract to generate and transfer authorization token
RU2795371C1 (en) Method and system of depersonalized assessment of clients of organizations for carrying out operations between organizations