TWI724667B - System of identity management and authorization and method thereof - Google Patents

System of identity management and authorization and method thereof Download PDF

Info

Publication number
TWI724667B
TWI724667B TW108144195A TW108144195A TWI724667B TW I724667 B TWI724667 B TW I724667B TW 108144195 A TW108144195 A TW 108144195A TW 108144195 A TW108144195 A TW 108144195A TW I724667 B TWI724667 B TW I724667B
Authority
TW
Taiwan
Prior art keywords
business
personal
module
mentioned
contract
Prior art date
Application number
TW108144195A
Other languages
Chinese (zh)
Other versions
TW202123648A (en
Inventor
鄭宇廷
Original Assignee
臺灣銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣銀行股份有限公司 filed Critical 臺灣銀行股份有限公司
Priority to TW108144195A priority Critical patent/TWI724667B/en
Application granted granted Critical
Publication of TWI724667B publication Critical patent/TWI724667B/en
Publication of TW202123648A publication Critical patent/TW202123648A/en

Links

Images

Abstract

The invention provides a system of identity management and authorization and method thereof applied to a blockchain network that executes smart contacts, which includes a manager end, at least one business end and at least one personal end. The manager end communicatively connects to the blockchain network and announces a renewal request. Each of the at least one business end communicatively connects to the blockchain network and provides a business smart contract. Each of the at least one personal end communicatively connects to the blockchain network and updates a personal information encrypted by a personal private key. Each of the at least one personal end then decrypts the business smart contract for signing thereon, and updates the business smart contract encrypted by the personal private key with a permission key attached. The business end gets the personal information through the permission key and handles the business content written in the business smart contract.

Description

身份管理與授權系統及其方法 Identity management and authorization system and method

本發明涉及一種身份管理與授權系統,特別是一種可由主管共同參與之區塊鏈智能合約的身份管理與授權系統。 The invention relates to an identity management and authorization system, in particular to an identity management and authorization system of a blockchain smart contract that can be jointly participated by supervisors.

現今具有各式金融需求的客戶,若到舉凡保險、銀行或各種具有會員制度的任何機構,申辦包括存款或貸款等金融業務時,常需填寫許多個人資料表,或是簽訂各種紙本合約書。因此,除了浪費紙張、手續複雜且合約難以保存外,相關業務人員還須在客戶填妥紙本資料或合約後,再將客戶所提供及授權的資訊,鍵入或掃描至電腦系統中。上述這樣的二次動作,會耗費許多時間及人力在處理不必要的程序上,無形中便提高了人力成本及程序時間。 Nowadays, customers with various financial needs, if they go to insurance, banks, or any institution with a membership system, when applying for financial services including deposits or loans, they often need to fill in many personal data forms or sign various paper contracts. . Therefore, in addition to wasting paper, complicated procedures, and difficult to save contracts, relevant business personnel must also type or scan the information provided and authorized by the customer into the computer system after the customer fills in the paper information or contract. The above-mentioned secondary actions will consume a lot of time and manpower to deal with unnecessary procedures, which invisibly increases manpower costs and program time.

就以銀行機構為例,如果一客戶同時具有10間銀行的帳戶,在申辦相關金融業務時,即須重複填寫上述10間銀行各種不同的申請資料表與合約,相當耗時且費力。 Take a banking institution as an example. If a customer has accounts with 10 banks at the same time, when applying for related financial services, he must repeatedly fill in the various application forms and contracts of the above 10 banks, which is time-consuming and laborious.

同時,因為時下詐騙手法不斷更新,應運而生的「認識你的客戶(Know your customer,KYC)」相關法規政策,即在保護上述這些客 戶授權並儲存在銀行的個人資料(下簡稱個資),例如聯絡電話或密碼等。這些客戶及銀行對於這些個資,都需時常預防地或不定期地更新,才能滿足相關法規要求、降低客戶投資風險以及達到洗錢防制的目的。也就是說,銀行如果沒有充分認識或驗證客戶的資料,便會讓銀行或客戶都暴露在極大的損失風險下,甚至為金融機構或公司造成營業上的困境。 At the same time, because of the constant updating of current fraud tactics, the "Know your customer (KYC)" related laws and policies emerged at the historic moment to protect the above-mentioned customers. Personal data (hereinafter referred to as personal information) authorized by the user and stored in the bank, such as contact number or password. These customers and banks need to update these personal information from time to time, preventively or irregularly, in order to meet the requirements of relevant laws and regulations, reduce customer investment risks, and achieve the purpose of preventing money laundering. In other words, if the bank does not fully understand or verify the customer's information, it will expose the bank or the customer to a great risk of loss, and even cause business difficulties for the financial institution or company.

如上所述,KYC可能進一步要求各銀行用戶,事先採取預防性的資料更新,包括如個人的身份證字號、聯絡方式、信用紀錄、收入證明等資料。而此些資料的收集及個別驗證,本身即已耗費客戶或銀行大量的時間及人力。除此之外,當客戶在10間中某一間銀行有最新的資訊異動時,其他剩餘9間銀行所儲存的KYC資料,即會因為已經變成舊的、尚未更新的KYC資料,而失去參考價值。 As mentioned above, KYC may further require bank users to take preventive information updates in advance, including information such as personal ID number, contact information, credit history, income proof and other information. The collection and individual verification of such information itself has consumed a lot of time and manpower for customers or banks. In addition, when a customer has the latest information change in one of the 10 banks, the KYC data stored by the remaining 9 banks will lose their reference because they have become old and not updated KYC data. value.

此時,剩餘9間銀行又將再次通知客戶更新他的KYC資料,也就是重新更新個資的表格或合約手續,實際上會造成不管是客戶或金融機構不必要且巨大的成本浪費及時間浪費。 At this time, the remaining 9 banks will once again notify the customer to update his KYC information, that is, to update the personal information form or contract procedures, which will actually cause unnecessary and huge waste of costs and time for the customer or financial institution. .

如何解決此種變更次數頻繁且不可避免的資料填寫及後續鍵入電子系統的動作,便是任何金融機構目前所應解決的問題,且急需找出所對應的解決辦法。 How to solve the frequent and unavoidable data filling and subsequent typing in the electronic system is a problem that any financial institution should solve at present, and there is an urgent need to find a corresponding solution.

為解決上述問題,本發明發展出一種建立在區塊鏈(Blockchain)網路概念上的身份管理及授權系統。這種系統可提供客戶(下稱個人端)以數位電子方式輸入個資,再將其對應個資,例如透過非對稱 式加密(Asymmetric cryptography)的方式,以個人端專屬且唯一的個人私鑰對其個資加密。因此,透過這種個資的加密方式,不管個人端是否選擇上傳已經加密的個資到區塊鏈網路上,任何區塊鏈網路中的系統使用者或機構,皆無法辨識或獲得任何已經加密的客戶個資。另外,在當政府端(下稱主管端)為防止詐騙或洗錢,而提出例如KYC個資的更新要求時,個人端即可透過其個人私鑰,解密所屬的個資,以進行個資更新,然後再加密上傳其個資。 In order to solve the above problems, the present invention develops an identity management and authorization system based on the concept of a Blockchain network. This system can provide customers (hereinafter referred to as personal terminals) to input personal information digitally and electronically, and then correspond to the personal information, such as through asymmetric Asymmetric cryptography, which encrypts its personal information with a unique and unique personal private key on the personal end. Therefore, through this encryption method of personal information, regardless of whether the individual chooses to upload the encrypted personal information to the blockchain network, any system user or organization in the blockchain network cannot identify or obtain any information. Encrypted customer information. In addition, when the government end (hereinafter referred to as the competent end) makes a request for updating KYC personal information in order to prevent fraud or money laundering, the personal end can use its personal private key to decrypt the personal information to update the personal information. , And then upload their personal information encrypted.

除此之外,金融機構端(下稱業務端)可研擬一電腦系統化的交易協議,在此稱其為智能合約(Smart contract)。業務端透過這種智能合約,在合約上載明所能對個人端提供的業務內容,並將上述智能合約以程式碼的資料形式,上傳至區塊鏈網路。因此,這種智能合約與傳統紙本合約,或任何電子形式的合約不同,而能在區塊鏈網路中,以數位式且系統自動化的方式執行合約內容。 In addition, the financial institution side (hereinafter referred to as the business side) can develop a computerized transaction agreement, which is called a smart contract here. The business end uses this kind of smart contract to specify the business content that can be provided to the personal end in the contract, and upload the above-mentioned smart contract to the blockchain network in the form of code data. Therefore, this smart contract is different from the traditional paper contract or any electronic contract, and can execute the content of the contract in a digital and system-automated manner in the blockchain network.

當個人端對上述業務端有其所屬意的業務需求,且這樣的業務需求是可由上述業務端所提供及承辦時,即可透過上述區塊鏈網路,與上述業務端簽署智能合約,個人端並以對應的許可鑰加密授權其個資,允許上述業務端使用個人端所屬的個資,以承辦所簽署的合約內容所涉及的業務範圍。 When the personal end has its own business needs for the business end, and such business needs can be provided and undertaken by the business end, they can sign a smart contract with the business end through the blockchain network. The terminal encrypts and authorizes its personal assets with the corresponding license key, allowing the above-mentioned business terminal to use the personal assets of the personal terminal to undertake the business scope involved in the content of the signed contract.

藉由本發明,除可省卻各個人端到各業務端,進行繁複的申請或更新手續之外,主管端還另可透過同樣簡便且有效的區塊鏈網路方式,公佈個人端及業務端需更新所屬個資的要求,而能實質防止洗錢或詐騙等情事發生。 With the present invention, in addition to eliminating the need for complicated application or update procedures from each person to each business end, the supervisor can also announce the personal and business needs through the same simple and effective blockchain network method. Updating the personal information requirements can substantially prevent money laundering or fraud from happening.

具體而言,本發明提供一種身份管理與授權系統,應用在執行智能合約的一區塊鏈網路,上述系統包括一主管端、至少一業務端,以及至少一個人端。 Specifically, the present invention provides an identity management and authorization system, which is applied to a blockchain network that executes smart contracts. The above system includes a supervisor terminal, at least one business terminal, and at least one human terminal.

上述主管端包括一主管區塊鏈模組,以及一主管公佈模組。上述主管區塊鏈模組,包括一主管資料庫,上述主管區塊鏈模組用於通訊連結上述區塊鏈網路,並更新上述區塊鏈網路的所有資料至上述主管資料庫;以及上述主管公佈模組,通過上述主管區塊鏈模組,公佈一更新要求至上述區塊鏈網路上。 The above-mentioned supervisor terminal includes a supervisor block chain module and a supervisor announcement module. The above-mentioned supervisory blockchain module includes a supervisory database, and the above-mentioned supervisory blockchain module is used to communicate with the above-mentioned blockchain network, and update all the data of the above-mentioned blockchain network to the above-mentioned supervisory database; and The above-mentioned supervisor announcement module, through the above-mentioned supervisor blockchain module, announces an update request to the above-mentioned blockchain network.

上述每一該些業務端包括:一業務區塊鏈模組,包括一業務資料庫,上述業務區塊鏈模組用於通訊連結上述區塊鏈網路,並更新上述區塊鏈網路的所有資料至上述業務資料庫;一業務合約模組,透過上述業務區塊鏈模組提供一業務智能合約至上述區塊鏈網路上;以及一業務解密模組。 Each of the above business ends includes: a business blockchain module, including a business database, the business blockchain module is used to communicate with the blockchain network, and update the blockchain network All data to the above-mentioned business database; a business contract module, which provides a business smart contract to the above-mentioned blockchain network through the above-mentioned business blockchain module; and a business decryption module.

上述至少一個人端,位於上述區塊鏈網路上,每一該些個人端包括:一個人區塊鏈模組,包括一個人資料庫,上述個人區塊鏈模組用於通訊連結上述區塊鏈網路,並更新上述區塊鏈網路的所有資料至上述個人資料庫;上述個人管理模組,維護上述個人端的一個資;一個人加密模組,在上傳上述個資至上述區塊鏈網路前,加密上述個資;一個人解密模組,使用一個人私鑰,以解密該個資以及上述業務端透過上述個人區塊鏈模組傳遞給上述個人端之上述業務智能合約;以及一個人合約模組,透過上述個人區塊鏈模組簽署已解密的上述業務智能合約,並提供一許可鑰給上述業務端之上述業務解密模組,以許可上述業務端取得上述個資。 The at least one human terminal is located on the blockchain network, and each of the personal terminals includes: a personal blockchain module, including a personal database, and the personal blockchain module is used to communicate with the blockchain network , And update all the data of the above-mentioned blockchain network to the above-mentioned personal database; the above-mentioned personal management module maintains an asset of the above-mentioned personal terminal; a personal encryption module, before uploading the above-mentioned personal information to the above-mentioned blockchain network, Encrypt the above-mentioned personal information; a person decrypting module, using a person’s private key to decrypt the personal information and the business smart contract that the business terminal transmits to the personal terminal through the personal blockchain module; and a personal contract module through The personal blockchain module signs the decrypted business smart contract, and provides a license key to the business decryption module of the business end to allow the business end to obtain the personal information.

依據一實施例,上述身份管理與授權系統中,上述更新要求係要求上述至少一個人端分別更新所屬的上述個資。 According to an embodiment, in the above-mentioned identity management and authorization system, the above-mentioned update request requires the above-mentioned at least one terminal to update the above-mentioned personal information respectively.

依據另一實施例,上述身份管理與授權系統中,上述業務智能合約,更包括一個資取用合約,上述個資取用合約規定包括上述業務端所能取用之上述個資的一範圍及一取用期限。 According to another embodiment, in the above-mentioned identity management and authorization system, the above-mentioned business smart contract further includes a resource acquisition contract, and the above-mentioned individual resource acquisition contract stipulates that a range of the above-mentioned individual capital that can be used by the business end and 1. Access period.

依據又一實施例,上述身份管理與授權系統中,上述業務端使用上述許可鑰並透過上述個資取用合約取得上述個資的上述範圍與上述取用期限。 According to another embodiment, in the above-mentioned identity management and authorization system, the above-mentioned business end uses the above-mentioned license key and obtains the above-mentioned scope and the above-mentioned access period of the above-mentioned personal assets through the above-mentioned individual asset acquisition contract.

依據又一實施例,上述身份管理與授權系統中,上述個人區塊鏈模組,更新以上述個資加密模組加密的上述個資,並連結至上述區塊鏈網路,確保上述主管資料庫、上述該些業務資料庫以及上述該些個人資料庫內之所有資料含有更新且經加密的上述個資。 According to another embodiment, in the above-mentioned identity management and authorization system, the above-mentioned personal blockchain module updates the above-mentioned personal information encrypted with the above-mentioned personal information encryption module, and connects to the above-mentioned blockchain network to ensure the above-mentioned supervisory data All the data in the database, the above-mentioned business database and the above-mentioned personal database contain the updated and encrypted above-mentioned personal information.

本發明除提供一種身份管理與授權系統,還進一步提供一種身份管理與授權方法,上述方法係使用上述之身份管理與授權系統,並包含以下步驟:上述主管端上傳上述更新要求;上述業務端上傳上述業務智能合約,供上述個人端簽署上述業務智能合約;以及當上述個人端依據上述更新要求更新上述個資後,上述業務端執行上述業務智能合約。 In addition to providing an identity management and authorization system, the present invention further provides an identity management and authorization method. The above method uses the above identity management and authorization system and includes the following steps: the supervisor terminal uploads the update request; the business terminal uploads The business smart contract is for the personal terminal to sign the business smart contract; and when the personal terminal updates the personal information according to the update request, the business terminal executes the business smart contract.

依據一實施例,上述身份管理與授權的方法中,上述更新要求係要求上述至少一個人端分別更新所屬的上述個資。 According to one embodiment, in the above-mentioned identity management and authorization method, the above-mentioned update request requires the above-mentioned at least one terminal to update the above-mentioned personal information respectively.

依據另一實施例,上述身份管理與授權的方法中,上述業務智能合約包括一個資取用合約,上述個資取用合約規定包括上述業務端所能取用之上述個資的一範圍及一取用期限。 According to another embodiment, in the method for identity management and authorization, the business smart contract includes a resource acquisition contract, and the provisions of the individual resource acquisition contract include a range and a range of the individual assets that can be accessed by the business end. Access period.

依據又一實施例,上述身份管理與授權的方法中,上述業務智能合約包括一個資取用合約,其中上述業務端使用上述許可鑰並透過上述個資取用合約取得上述個資的一範圍與一取用期限。 According to another embodiment, in the above method for identity management and authorization, the business smart contract includes a resource access contract, wherein the business end uses the license key and obtains a range of the above personal assets through the individual resource access contract. 1. Access period.

依據又一實施例,上述身份管理與授權的方法中,透過上述個人區塊鏈模組,更新以上述個資加密模組加密的上述個資,並連結至上述區塊鏈網路,以確保上述主管資料庫、上述該些業務資料庫以及上述該些個人資料庫內之所有資料含有更新且經加密的上述個資。 According to another embodiment, in the above-mentioned identity management and authorization method, the above-mentioned personal data encrypted by the above-mentioned personal data encryption module is updated through the above-mentioned personal blockchain module and connected to the above-mentioned blockchain network to ensure All the data in the aforementioned supervisory database, the aforementioned business database, and the aforementioned personal database contain updated and encrypted personal information.

透過上述區塊鏈網路的資料傳送及儲存概念,可以將傳統資料統一集中或儲存至單一資料庫或電腦系統的技術方法,轉為去中心化(Decentralized)系統或稱第三方系統的資料管理及資訊交換方式。上述傳統集中式的資料管理方法,在安全上有很大的考量疑慮,例如資料庫系統可能被入侵或是資料毀損的風險性高等。因此,區塊鏈網路的技術導入,使資料儲存於區塊鏈網路中的多個節點,具有使用端同時多節點的資料輸入、資料多節點位置的備份以及多節點擷取資料等獨特性,故能改善資料的集中式管理無法克服的缺點。 Through the above-mentioned data transmission and storage concepts of the blockchain network, the technical method of centralizing or storing traditional data in a single database or computer system can be transformed into a decentralized system or data management of a third-party system And information exchange methods. The above-mentioned traditional centralized data management methods have great security concerns. For example, the database system may be invaded or the risk of data damage is high. Therefore, the technology introduction of the blockchain network enables data to be stored in multiple nodes in the blockchain network, with unique features such as simultaneous multi-node data input at the user end, data multi-node location backup, and multi-node data retrieval. Therefore, it can improve the shortcomings that cannot be overcome by centralized management of data.

10:身份管理與授權系統 10: Identity management and authorization system

20:區塊鏈網路 20: Blockchain network

30:主管端 30: Supervisor

31:主管區塊鏈模組 31: Supervise the blockchain module

32:主管公佈模組 32: Supervisor announces the module

33:更新要求 33: Update requirements

40:業務端 40: business side

41:業務區塊鏈模組 41: Business Blockchain Module

42:業務合約模組 42: Business Contract Module

43:業務解密模組 43: Business decryption module

44:業務智能合約 44: Business Smart Contract

50:個人端 50: personal end

51:個人區塊鏈模組 51: Personal Blockchain Module

52:個人管理模組 52: Personal Management Module

53:個人加密模組 53: Personal encryption module

54:個人解密模組 54: Personal Decryption Module

55:個人合約模組 55: Personal Contract Module

56:個人私鑰 56: Personal private key

57:個資 57: Personality

58:許可鑰 58: License key

60:身份管理與授權的方法 60: Methods of Identity Management and Authorization

S61-S67:步驟 S61-S67: steps

為讓本發明之上述和其他目的、特徵、優點與實施例能更明顯易懂,所附附圖之說明如下:圖1所繪為身份管理與授權系統的架構示意圖。 In order to make the above and other objectives, features, advantages and embodiments of the present invention more comprehensible, the accompanying drawings are described as follows: Figure 1 is a schematic diagram of the architecture of the identity management and authorization system.

圖2所繪為身份管理與授權系統的業務端與個人端之個資取用示意圖。 Figure 2 depicts a schematic diagram of the business end and personal end of the identity management and authorization system.

圖3所繪為身份管理與授權的方法之步驟流程圖。 Figure 3 is a flowchart of the steps of the identity management and authorization method.

有鑑於上述待克服的問題,本發明提供一種應用在區塊鏈智能合約的身份管理與授權系統,透過上述系統,個人端(例如客戶)可隨時建立,或於必要時一次性更新所需個人資料,並將上述個人資料以專屬對應的個人私鑰進行加密。任何欲查詢或使用上述加密之個人資料者,僅能在持有由對應的個人端所授權的許可鑰,才能查詢或使用上述個人資料,確實達成本發明所主張在安全、匿名及保密上的系統特色。 In view of the above-mentioned problems to be overcome, the present invention provides an identity management and authorization system applied to the blockchain smart contract. Through the above-mentioned system, the personal end (such as the customer) can be established at any time, or the required personal information can be updated at one time when necessary. Data, and encrypt the above-mentioned personal data with the corresponding personal private key. Anyone who wants to inquire or use the above-mentioned encrypted personal data can only inquire or use the above-mentioned personal data with a license key authorized by the corresponding personal terminal, which does indeed achieve the security, anonymity and confidentiality claimed by the invention. System characteristics.

更進一步而言,主管端(例如政府機關)另可發佈KYC或更新個資的要求,以防止社會充斥各種金融亂象,例如洗錢、詐騙、可疑交易以及資助恐怖主義(簡稱資恐)等情事。此時,個人端亦可透過上述區塊鏈網路的系統平台,進行個資的更新及加密保存,迅速完成主管端所要求的公佈內容,以利個人端辦理後續其他業務需求的申請。 Furthermore, the competent end (such as government agencies) can also issue KYC or update personal information requirements to prevent the society from being flooded with various financial chaos, such as money laundering, fraud, suspicious transactions, and financing of terrorism (abbreviated as capital terrorism). . At this time, the personal terminal can also update and encrypt personal information through the above-mentioned blockchain network system platform, and quickly complete the published content required by the supervisor, so that the personal terminal can handle subsequent applications for other business needs.

再者,個人端透過上述系統所上傳的個資,可與各業務端(例如銀行機構、證券機構或保險機構)依其所欲辦理的業務內容,簽訂對應的合約。上述的合約內容會以電腦程式碼寫成一智能合約。在個人端簽署上述智能合約後,需透過專屬的許可鑰加密,且業務端僅在持有上述許可鑰時,才可獲取個人端的個資,以執行相關的業務內容。上述這種智能合約的簽訂,即是在利用區塊鏈中個資的匿名及即時性,免除更新個資的過程中,個資需再填寫、更新或驗證等不必要的繁複手續。因此,這種系統可以快速且準確地達成個人端的業務需求,提高各端因縮減手續時間所創造的經濟利益。 Moreover, the personal information uploaded by the personal terminal through the above system can sign corresponding contracts with various business terminals (such as banking institutions, securities institutions, or insurance institutions) according to the business content they want to handle. The above-mentioned contract content will be written as a smart contract with computer code. After signing the above-mentioned smart contract on the personal side, it needs to be encrypted with a dedicated license key, and the business side can obtain personal information from the personal side only when holding the above-mentioned license key to execute related business content. The signing of the above-mentioned smart contract is to use the anonymity and immediacy of the personal information in the blockchain to avoid unnecessary complicated procedures such as filling in, updating or verifying the personal information during the process of updating the personal information. Therefore, this system can quickly and accurately meet the business needs of the personal end, and increase the economic benefits created by the reduction of the procedure time on each end.

為更清楚說明本發明之實施方式,請參閱圖1,圖1所繪為身份管理與授權系統的架構示意圖。本發明提供一種身份管理與授權系統10,應用在執行智能合約的一區塊鏈網路20,上述系統10包括:一主管端30、至少一業務端40,以及至少一個人端50。 To illustrate the implementation of the present invention more clearly, please refer to FIG. 1, which is a schematic diagram of the architecture of the identity management and authorization system. The present invention provides an identity management and authorization system 10, which is applied to a blockchain network 20 that executes smart contracts. The system 10 includes: a supervisor terminal 30, at least one business terminal 40, and at least one human terminal 50.

關於上述主管端30,進一步敘述如下。仍請參閱圖1,上述主管端30為上述區塊鏈網路20中的一個單位節點,操作權限可授予主管或監管相關業務的政府機關,例如金融監督管理委員會(簡稱金管會)、法務部調查局或聯徵中心等機關。 Regarding the above-mentioned main end 30, further description is as follows. Still referring to Figure 1, the above-mentioned competent terminal 30 is a unit node in the above-mentioned blockchain network 20, and the operation authority can be granted to government agencies that supervise or supervise related businesses, such as the Financial Supervision and Administration Commission (hereinafter referred to as the Financial Regulatory Commission) and the Ministry of Justice Institutions such as the Bureau of Investigation or the Joint Solicitation Center.

仍請參閱圖1,上述主管端30進一步包括一主管區塊鏈模組31,以及一主管公佈模組32。上述主管區塊鏈模組31包括一主管資料庫,上述主管區塊鏈模組31用於通訊連結上述區塊鏈網路20,使上述主管端30成為上述區塊鏈網路20中的一個單位節點,以更新上述區塊鏈網路20中的所有資料至上述主管資料庫。即上述主管端30,透過上述主管區塊鏈模組31,可確保當下所操作的上述系統10,是基於上述區塊鏈網路20中已同步且為最新的所有資料。 Still referring to FIG. 1, the above-mentioned supervisor terminal 30 further includes a supervisor blockchain module 31 and a supervisor publishing module 32. The above-mentioned supervisory blockchain module 31 includes a supervisory database, and the above-mentioned supervisory blockchain module 31 is used to communicate with the above-mentioned blockchain network 20, so that the above-mentioned supervisory terminal 30 becomes one of the above-mentioned blockchain networks 20 The unit node updates all the data in the above-mentioned blockchain network 20 to the above-mentioned supervisory database. That is, the above-mentioned supervisory end 30, through the above-mentioned supervisory blockchain module 31, can ensure that the system 10 currently operated is based on all the synchronized and up-to-date data in the above-mentioned blockchain network 20.

仍請參閱圖1,上述主管公佈模組32,通過上述主管區塊鏈模組31連通至上述區塊鏈網路20,保持所有資料是已同步且為最新的,並公佈一更新要求33至上述區塊鏈網路20上。上述更新要求33的內容,可以進一步包括上述主管端30公佈且要求受有上述主管端30主管或監管的機構單位及其客戶,更新相關資料或其格式,例如填寫上述至少一個人端50的個資,或以主管機關公佈的最新模板,更新上述至少一個人端50的個資等要求。 Still referring to Figure 1, the supervisor announcement module 32 connects to the blockchain network 20 through the supervisor blockchain module 31, keeps all data synchronized and up-to-date, and announces an update request 33 to On the above-mentioned blockchain network 20. The content of the above-mentioned update request 33 may further include that the above-mentioned supervisory terminal 30 announces and requires the institutional units and their customers under the supervision or supervision of the above-mentioned supervisory terminal 30 to update relevant information or its format, such as filling in the personal information of the above-mentioned at least one human terminal 50. , Or use the latest template published by the competent authority to update the above-mentioned personal qualification requirements of at least one person 50.

另外,仍請參閱圖1,如果受有上述主管端30主管或監管的機構單位及其客戶,未根據上述更新要求33更新上述主管端30所要求的資料或其格式,將無法繼續透過上述系統10進行後續的業務操作,甚至有因觸犯相關法律規定或因此受有損害賠償義務等系統操作程序的違反機制。 In addition, please refer to Figure 1. If the institution and its customers under the supervision or supervision of the above-mentioned supervisory terminal 30 do not update the information or the format required by the above-mentioned supervisory terminal 30 according to the above-mentioned update requirement 33, they will not be able to continue to use the above-mentioned system 10 Carrying out follow-up business operations, and even system operation procedures violation mechanisms such as violations of relevant laws and regulations or the obligation to compensate for damages.

仍請參閱圖1,上述更新要求33需再以程式語言編碼,形成上述區塊鏈網路20所能辨識、讀取、計算或執行的語言,儲存至上述主管資料庫,以上傳至上述區塊鏈網路20。其中,上述程式語言包括任何合約導向式語言,例如Solidity、Serpent、Lisp Like Language(LLL)或Viper等語言。 Still referring to Figure 1, the aforementioned update request 33 needs to be coded in a programming language to form a language that can be recognized, read, calculated or executed by the aforementioned blockchain network 20, stored in the aforementioned supervisory database, and uploaded to the aforementioned area Block chain network 20. Among them, the aforementioned programming language includes any contract-oriented language, such as Solidity, Serpent, Lisp Like Language (LLL), or Viper.

關於上述至少一業務端40,進一步敘述如下。仍請參閱圖1,上述每一業務端40,皆為上述區塊鏈網路20中的一個單位節點,操作權限可授予任何具有承辦相關業務能力的機構,例如就金融機構而言,可為銀行單位、證券單位、保險單位、其他經營金融業務的公司單位,或任何具有會員制度的機構單位。上述的金融機構另應受有,並履行其主管或監管機關公佈的相關規範之義務。 Regarding the above-mentioned at least one service terminal 40, it is further described as follows. Still referring to Figure 1, each of the above-mentioned business ends 40 is a unit node in the above-mentioned blockchain network 20, and the operation authority can be granted to any institution that has the ability to undertake related businesses. For example, in the case of a financial institution, it can be Banking units, securities units, insurance units, other corporate units engaged in financial business, or any institutional unit with a membership system. The above-mentioned financial institutions shall also be subject to and fulfill the obligations of relevant regulations promulgated by their competent or supervisory authorities.

仍請參閱圖1,上述每一該些業務端40進一步包括一業務區塊鏈模組41、一業務合約模組42,以及一業務解密模組43。上述業務區塊鏈模組41包括一業務資料庫,上述業務區塊鏈模組41用於通訊連結上述區塊鏈網路20,使上述每一該些業務端40皆成為上述區塊鏈網路20中的一個單位節點,以更新上述區塊鏈網路20中的所有資料至上述業務資料庫。即上述每一該些業務端40,透過上述業務區塊鏈模組41,可確保當下所操作的上述系統10,是基於上述區塊鏈網路20中已同步且為最新的所有資料。 Still referring to FIG. 1, each of the above-mentioned business terminals 40 further includes a business blockchain module 41, a business contract module 42, and a business decryption module 43. The business block chain module 41 includes a business database. The business block chain module 41 is used to communicate with the block chain network 20, so that each of the business ends 40 becomes the block chain network. A unit node in the road 20 to update all the data in the blockchain network 20 to the business database. That is, each of the above-mentioned business terminals 40 can ensure that the current operating system 10 is based on all the synchronized and up-to-date data in the above-mentioned blockchain network 20 through the above-mentioned business blockchain module 41.

仍請參閱圖1,上述業務合約模組42,通過上述業務區塊鏈模組41連通至上述區塊鏈網路20,保持所有資料是已同步且為最新的,並提供一業務智能合約44至上述區塊鏈網路20上。上述業務智能合約44的內容,可以進一步包括上述任一該些業務端40能提供的任何業務內容,例如就金融機構而言,可為存款、轉帳、貸款、跨行匯款、基金投資或跨境匯款等業務內容。 Still referring to Figure 1, the business contract module 42 is connected to the blockchain network 20 through the business blockchain module 41, keeping all data synchronized and up-to-date, and providing a business smart contract 44 To the aforementioned blockchain network 20. The content of the business smart contract 44 can further include any business content that any of the business terminals 40 can provide. For example, for financial institutions, it can be deposits, transfers, loans, cross-bank remittances, fund investments, or cross-border remittances. And other business content.

根據某些實施例,上述業務智能合約44更進一步包括有一個資取用合約,上述個資取用合約規定包括上述業務端40所能取用之上述個資57的一範圍及一取用期限。其中,上述範圍,係明訂包括上述業務端40因承辦已受有上述個人端50授權同意的合約內容時,所能取用上述個人端50的個資範圍,可為全部個資授權或僅部份個資授權。例如在所有上述個人端50所授權的個資範圍中,僅能使用上述個人端50的所得資料或身份證字號等。 According to some embodiments, the business smart contract 44 further includes an asset drawing contract, and the individual asset drawing contract stipulates a range and a drawing period of the asset 57 that the business end 40 can draw. . Among them, the above-mentioned scope clearly includes the scope of the personal information that the above-mentioned personal terminal 50 can use when the above-mentioned business terminal 40 undertakes the contract content that has been authorized and agreed by the above-mentioned personal terminal 50. It can be all personal data authorization or only Part of the personal authorization. For example, in all the personal information authorized by the personal terminal 50, only the information obtained by the personal terminal 50 or the ID number, etc. can be used.

上述取用期限,則明訂包括上述業務端40因承辦上述個人端50授權同意的合約內容時,所能取用上述個人端50的個資之取用期限。例如在洗錢防制法中,金融機構在與客戶間的業務關係終止後,仍應保存客戶的所得資料5年時間;但若簽署有上述個資57的取用期限為1年,即便仍在金融機構保存的5年內,亦無法再取用上述個資57。 The above-mentioned access period clearly includes the access period for the above-mentioned personal terminal 50 when the business terminal 40 undertakes the contract content authorized and agreed by the above-mentioned personal terminal 50. For example, in the Money Laundering Prevention Law, financial institutions should keep the customer’s income data for 5 years after the termination of the business relationship with the customer; however, if the above-mentioned personal capital 57 is signed, the period of access is 1 year, even if it is still The above-mentioned personal assets will no longer be available for use within 5 years of preservation by financial institutions.

仍請參閱圖1,上述業務智能合約44需再透過上述業務合約模組42以任何程式語言編碼,形成上述區塊鏈網路20所能辨識、讀取、計算或執行的語言,儲存至上述業務資料庫,以上傳至上述區塊鏈網路20。 其中,上述程式語言包括任何合約導向式語言,例如Solidity、Serpent、Lisp Like Language(LLL)或Viper等語言。 Still referring to Figure 1, the business smart contract 44 needs to be coded in any programming language through the business contract module 42 to form a language that can be recognized, read, calculated, or executed by the blockchain network 20, and stored in the above The business database is uploaded to the aforementioned blockchain network 20. Among them, the aforementioned programming language includes any contract-oriented language, such as Solidity, Serpent, Lisp Like Language (LLL), or Viper.

上述業務合約模組42可進一步加密上述業務智能合約44後,再上傳上述業務智能合約44至上述區塊鏈網路20。其中,上述加密方式可為上述任何程式語言包括雜湊函數(Hash function)、非對稱式加密,或任何能變更數位資料,將上述數位資料變更為難以讀取的密文內容,而須經解密過程,才能將密文還原為可讀內容的各種方法。上述雜湊函數包括摘要演算法(Message-Digest-Algorithm 5,MD5)或安全雜湊演算法(Secure Hash Algorithm,SHA,例如SHA-1、SHA-224、SHA-256、SHA-384或SHA-512)。上述非對稱式加密包括RSA演算法(Rivest-Shamir-Adleman Algorithm)。 The business contract module 42 may further encrypt the business smart contract 44 and then upload the business smart contract 44 to the blockchain network 20. Among them, the above-mentioned encryption method can be any of the above-mentioned programming languages including hash function, asymmetric encryption, or any digital data that can be changed to change the above-mentioned digital data into hard-to-read ciphertext content, which requires a decryption process , In order to restore the ciphertext to various methods of readable content. The above hash functions include Digest Algorithm (Message-Digest-Algorithm 5, MD5) or Secure Hash Algorithm (SHA, such as SHA-1, SHA-224, SHA-256, SHA-384 or SHA-512) . The aforementioned asymmetric encryption includes the RSA algorithm (Rivest-Shamir-Adleman Algorithm).

仍請參閱圖1,上述業務解密模組43,能用以解密上述業務資料庫內的所有資料,因上述所有資料已由任意使用端加密。 Still referring to FIG. 1, the above-mentioned service decryption module 43 can be used to decrypt all the data in the above-mentioned service database, because all the above-mentioned data has been encrypted by any user.

根據某些實施例,上述個人端50所簽署並加密的上述業務智能合約44,即是透過非對稱式加密的方法加密。其中,上述非對稱式加密能提供任何可連結至上述區塊鏈網路20的上述主管端30、上述每一該些業務端40,以及上述任一該些個人端50(下總稱使用端)一專屬公鑰(Public key)及一專屬私鑰(Private key)。上述業務合約模組42是透過上述業務端和個人端使用其各自的上述專屬公鑰,來加密上述業務智能合約44。 According to some embodiments, the business smart contract 44 signed and encrypted by the personal terminal 50 is encrypted through asymmetric encryption. Among them, the above-mentioned asymmetric encryption can provide any of the above-mentioned supervisor terminal 30, each of the above-mentioned business terminals 40, and any of the above-mentioned personal terminals 50 (hereinafter collectively referred to as the user terminal) that can be connected to the above-mentioned blockchain network 20 A public key and a private key. The business contract module 42 encrypts the business smart contract 44 through the business end and the personal end using their respective exclusive public keys.

根據一些實施例,上述業務智能合約44更包括有一個資取用合約,上述個資取用合約規定包括上述業務端40所能取用之上述個人端50之個資的一範圍及一取用期限。因此,待上述個人端50回傳經非對稱式加 密的上述業務智能合約44後,上述業務解密模組43再透過上述業務端40對應的專屬私鑰,或再輔以上述使用端所提供的上述個人端50之對應公鑰(或稱簽章公鑰),進行上述個人端50之個資的解密,並使用上述個資的上述範圍及上述取用期限。例如,請參閱圖2,圖2所繪為身份管理與授權系統的業務端與個人端之個資取用示意圖,上述業務解密模組43是透過一業務私鑰及如下述個人合約模組55中提到的一許可鑰58,分別解密由上述個人端50所簽署且加密的上述業務智能合約44及其中一個資57,且在上述取用期限內,取用所授權個資的上述範圍,進行上述業務端40所承辦的相關業務。 According to some embodiments, the business smart contract 44 further includes a resource acquisition contract, and the individual resource acquisition contract stipulates that the business terminal 40 can acquire a range and a resource of the personal terminal 50. the term. Therefore, after the above-mentioned personal terminal 50 is sent back by asymmetric addition After the business smart contract 44 is encrypted, the business decryption module 43 then uses the exclusive private key corresponding to the business end 40, or supplemented by the corresponding public key (or signature and seal) of the personal end 50 provided by the user end. Public key), decrypt the personal assets of the personal terminal 50, and use the above-mentioned range of the personal assets and the above-mentioned access period. For example, please refer to Figure 2. Figure 2 is a schematic diagram of the personal data acquisition of the business end and the personal end of the identity management and authorization system. The above-mentioned business decryption module 43 uses a business private key and the following personal contract module 55 A license key 58 mentioned in the above decrypts the business smart contract 44 and one of its assets 57 signed and encrypted by the personal terminal 50, and accesses the above-mentioned scope of the authorized assets within the above-mentioned access period, Perform related services undertaken by the above-mentioned business end 40.

關於上述至少一個人端50,進一步敘述如下。仍請參閱圖1,上述每一個人端50,皆為上述區塊鏈網路20中的一個單位節點,操作權限可授予任何法人或自然人。上述法人或自然人可進一步是具有對上述任一該些業務端40所承辦的業務內容有需求者,例如某直轄市政府之法定代表人、某財團法人、某自然人,或其他如中華民國民法中符合自然人或法人資格者。上述每一法人或自然人另應受有並履行其主管或監管機關公佈的相關規範之義務。 Regarding the aforementioned at least one human terminal 50, further description is as follows. Still referring to Fig. 1, each of the aforementioned human terminals 50 is a unit node in the aforementioned blockchain network 20, and the operation authority can be granted to any legal or natural person. The above-mentioned legal person or natural person may further be a person who has a need for the business content undertaken by any of the above-mentioned business terminals 40, such as the legal representative of a municipal government, a legal entity of a consortium, a natural person, or other persons that meet the requirements of the Civil Law of the People’s Republic of China. Natural person or legal person qualification. Each of the above-mentioned legal persons or natural persons shall also be obliged to have and perform the relevant regulations promulgated by its competent or supervisory authority.

仍請參閱圖1,上述每一該些個人端50進一步包括一個人區塊鏈模組51、一個人管理模組52、一個人加密模組53、一個人解密模組54,以及一個人合約模組55。上述個人區塊鏈模組51包括一個人資料庫,上述個人區塊鏈模組51用於通訊連結上述區塊鏈網路20,使上述每一該些個人端50皆成為上述區塊鏈網路20中的一個單位節點,以更新上述區塊鏈網路20中的所有資料至上述個人資料庫。即上述每一該些個人端50,透過上述 個人區塊鏈模組51,可確保當下所操作的上述系統10,是基於上述區塊鏈網路20中已同步且為最新的所有資料。 Still referring to FIG. 1, each of the personal terminals 50 described above further includes a personal blockchain module 51, a personal management module 52, a personal encryption module 53, a personal decryption module 54, and a personal contract module 55. The personal block chain module 51 includes a personal database, and the personal block chain module 51 is used to communicate with the block chain network 20, so that each of the personal terminals 50 becomes the block chain network. A unit node in 20 to update all the data in the above-mentioned blockchain network 20 to the above-mentioned personal database. That is to say, each of these personal terminals 50, through the above The personal blockchain module 51 can ensure that the above-mentioned system 10 currently operated is based on all the synchronized and up-to-date data in the above-mentioned blockchain network 20.

根據某些實施例,上述個人區塊鏈模組51可進一步在無論有無上述主管端30的上述更新要求33下,主動更新加密一個資57,並連結至上述區塊鏈網路20,使該主管資料庫、該些業務資料庫以及該些個人資料庫內之所有資料能含有更新且經加密的上述個資57。 According to some embodiments, the aforementioned personal blockchain module 51 can further actively update an encrypted asset 57 regardless of the aforementioned update request 33 of the aforementioned supervisor 30, and connect it to the aforementioned blockchain network 20, so that the All the data in the supervisor database, the business database, and the personal database can contain the updated and encrypted personal information 57.

仍請參閱圖1,上述個人管理模組52用以維護上述個人端50所屬的個資57。例如上述個人端50透過上述個人區塊鏈模組51連結至上述區塊鏈網路20,接著再建立、更新或變更上述個資57。上述個資57需再透過上述個人管理模組52以任何程式語言編碼,形成上述區塊鏈網路20所能辨識、讀取、計算或執行的語言,以儲存至上述個人資料庫,再上傳至上述區塊鏈網路20。上述任何程式語言包括雜湊函數(Hash function),例如摘要演算法(Message-Digest-Algorithm 5,MD5)或安全雜湊演算法(Secure Hash Algorithm,SHA,例如SHA-1、SHA-224、SHA-256、SHA-384或SHA-512)等。 Still referring to FIG. 1, the personal management module 52 is used to maintain the personal assets 57 to which the personal terminal 50 belongs. For example, the personal terminal 50 is connected to the blockchain network 20 through the personal blockchain module 51, and then the personal asset 57 is created, updated or changed. The above-mentioned personal information 57 needs to be coded in any programming language through the above-mentioned personal management module 52 to form a language that can be recognized, read, calculated or executed by the above-mentioned blockchain network 20, so as to be stored in the above-mentioned personal database, and then uploaded To the aforementioned blockchain network 20. Any of the above programming languages include hash functions, such as Digest Algorithm (Message-Digest-Algorithm 5, MD5) or Secure Hash Algorithm (SHA, such as SHA-1, SHA-224, SHA-256) , SHA-384 or SHA-512) etc.

仍請參閱圖1,上述個人加密模組53在上述個人端50上傳上述個資57至上述區塊鏈網路20前,需加密上述個資57。上述加密方式可為非對稱式加密,或其他任何能變更數位資料,將上述數位資料變更為難以讀取的密文內容,而須經解密過程,才能將密文還原為可讀內容的各種方法。上述非對稱式加密包括RSA演算法(Rivest-Shamir-Adleman Algorithm)。 Still referring to FIG. 1, the personal encryption module 53 needs to encrypt the personal information 57 before uploading the personal information 57 to the blockchain network 20 on the personal terminal 50. The above encryption method can be asymmetric encryption, or any other method that can change the digital data, change the above digital data into hard-to-read ciphertext content, and must undergo a decryption process to restore the ciphertext to readable content. . The aforementioned asymmetric encryption includes the RSA algorithm (Rivest-Shamir-Adleman Algorithm).

根據某些實施例,上述個人端50透過上述個人加密模組53加密上述個資57時,是透過欲接收上述個資57之使用端的專屬公鑰進行加密。以上述個資57為例,上述個人端50即透過其欲辦理業務的對應上述業務端40之專屬公鑰,對上述個資57進行加密。 According to some embodiments, when the personal terminal 50 encrypts the personal data 57 through the personal encryption module 53, it is encrypted by the exclusive public key of the user who wants to receive the personal data 57. Taking the above-mentioned personal information 57 as an example, the above-mentioned personal terminal 50 encrypts the above-mentioned personal information 57 through the exclusive public key corresponding to the business terminal 40 that it wants to handle.

根據某些實施例,請參閱圖2。上述個人端50透過上述個人加密模組53加密上述個資57時,除以欲接收上述個資57之使用端的專屬公鑰進行加密之外,更進一步是以一種數位簽章(Digital signature)的方式對上述個資57進行非對稱式加密,再透過上述個人區塊鏈模組51上傳加密後的上述個資57至上述區塊鏈網路20。其中,上述非對稱式加密能提供任何可連結至上述區塊鏈網路20的使用端一專屬公鑰及一專屬私鑰。 According to some embodiments, please refer to FIG. 2. When the personal terminal 50 encrypts the personal data 57 through the personal encryption module 53, in addition to the exclusive public key of the user who wants to receive the personal data 57, it is further encrypted with a digital signature. In this way, the aforementioned personal assets 57 are encrypted asymmetrically, and the encrypted personal assets 57 are uploaded to the aforementioned blockchain network 20 through the aforementioned personal blockchain module 51. Among them, the asymmetric encryption can provide a dedicated public key and a dedicated private key for any user end that can be connected to the blockchain network 20.

仍請參閱圖2,例如上述任一個人端50,即具有專屬的一個人公鑰及一個人私鑰56,透過個人專屬且唯一的數位簽章(即上述個人私鑰56)以RSA演算法加密明文(例如上述個資57)。任何連結至上述區塊鏈網路20的使用端,皆可透過上述使用端所屬且對應的公鑰,解密上述加密明文(例如上述個資57)。 Please refer to Figure 2. For example, any of the above-mentioned personal terminals 50 have their own public key and private key 56, and the plaintext is encrypted with the RSA algorithm through a unique and unique digital signature (that is, the above-mentioned personal private key 56). For example, the above-mentioned individual assets 57). Any user connected to the above-mentioned blockchain network 20 can decrypt the encrypted plaintext (for example, the above-mentioned personal data 57) through the corresponding public key of the above-mentioned user.

仍請參閱圖2,以上述個資57為例,由於上述個資57是透過上述個人端50專屬的上述個人私鑰56加密,即上述個人私鑰56只會唯一對應至上述個人端50,因此具有上述提到的數位簽章功用,能用以辨識上述加密明文(上述個資57)是由何使用端所擁有,並直接對應至所簽署的使用端,以達身份確認的功效。 Still referring to Fig. 2, taking the aforementioned personal data 57 as an example, since the aforementioned personal data 57 is encrypted with the aforementioned personal private key 56 exclusive to the aforementioned personal terminal 50, that is, the aforementioned personal private key 56 will only uniquely correspond to the aforementioned personal terminal 50. Therefore, it has the above-mentioned digital signature function, which can be used to identify the user end of the encrypted plaintext (the above-mentioned individual asset 57), and directly correspond to the signed user end to achieve the function of identity verification.

根據某些實施例,請再參閱圖1,在上述個人端50欲以上述個人管理模組52進一步維護上述個人端50所屬的上述個資57時,需先透過 上述個人解密模組54,以上述個人私鑰56進行解密,才能再以上述個人管理模組52編輯上述個資57。 According to some embodiments, please refer to FIG. 1 again. When the personal terminal 50 wants to use the personal management module 52 to further maintain the personal assets 57 to which the personal terminal 50 belongs, it needs to pass through The above-mentioned personal decryption module 54 uses the above-mentioned personal private key 56 for decryption, and then the above-mentioned personal information 57 can be edited by the above-mentioned personal management module 52.

請再參閱圖1,上述個人解密模組54藉由上述個人私鑰56,解密上述業務端40透過上述個人區塊鏈模組51傳遞給上述個人端50之上述業務智能合約44。由於上述業務智能合約44也是透過非對稱式加密方式,並以上述個人端50的上述個人公鑰,加密上述業務智能合約44,因此上述個人端50可透過其專屬的上述個人私鑰56,解密上述業務智能合約44。 Referring to FIG. 1 again, the personal decryption module 54 uses the personal private key 56 to decrypt the business smart contract 44 that the business terminal 40 transmits to the personal terminal 50 through the personal blockchain module 51. Since the business smart contract 44 is also encrypted through asymmetric encryption, and the personal public key of the personal terminal 50 is used to encrypt the business smart contract 44, the personal terminal 50 can decrypt the business smart contract 44 through its exclusive personal private key 56 The above-mentioned business smart contract 44.

仍請參閱圖1,上述個人合約模組55,透過上述個人區塊鏈模組51,簽署已經解密的上述業務智能合約44,並以非對稱式加密方式加密上述業務能合約44且提供一許可鑰58給上述業務端40之上述業務解密模組43,以授權許可上述業務端40所能取得全部或部份之上述個資57。 Still referring to Figure 1, the personal contract module 55, through the personal blockchain module 51, signs the decrypted business smart contract 44, encrypts the business contract 44 by asymmetric encryption and provides a license The key 58 is given to the service decryption module 43 of the service terminal 40 to authorize the service terminal 40 to obtain all or part of the personal assets 57.

根據某些實施例,上述之非對稱式加密方式,係上述個人端50僅透過業務端40對應的專屬公鑰,或再輔以個人私鑰56,加密已同意簽署的上述業務智能合約44,並於上述業務能合約44中,附有上述許可鑰58。上述業務端40透過上述業務端40對應的專屬私鑰,可開啟上述個人端50所同意簽署的上述業務智能合約44。另,上述業務端40再透過上述個人端50所提供的上述許可鑰58,即可取用所對應之全部或部份的上述個資57。 According to some embodiments, the aforementioned asymmetric encryption method is that the personal terminal 50 only uses the exclusive public key corresponding to the business terminal 40, or supplemented by the personal private key 56, to encrypt the business smart contract 44 that has been agreed to be signed. In addition, the above-mentioned license key 58 is attached to the above-mentioned business performance contract 44. The business terminal 40 can open the business smart contract 44 agreed to and signed by the personal terminal 50 through the exclusive private key corresponding to the business terminal 40. In addition, the above-mentioned service terminal 40 can obtain all or part of the corresponding personal information 57 through the above-mentioned license key 58 provided by the above-mentioned personal terminal 50.

另外,請參閱圖3,圖3所繪為身份管理與授權的方法之步驟流程圖。與上述之身份管理與授權系統相對應,本發明再揭露另一種身份 管理與授權方法60,上述身份管理與授權方法60是使用上述身份管理與授權系統10,並包含以下步驟:首先,仍請參閱圖3,如步驟S63,上述主管端30上傳上述更新要求33。上述更新要求33的內容,可以進一步包括上述主管端30公佈且要求受有上述主管端30主管或監管的機構單位及其客戶,更新相關資料或其格式,例如填寫上述至少一個人端50的個資57,或以上述主管端30公佈的最新模板,更新上述至少一個人端50的個資57等要求。 In addition, please refer to FIG. 3, which is a flowchart of the steps of the identity management and authorization method. Corresponding to the aforementioned identity management and authorization system, the present invention reveals another identity Management and authorization method 60. The above-mentioned identity management and authorization method 60 uses the above-mentioned identity management and authorization system 10 and includes the following steps: First, referring to FIG. 3, in step S63, the above-mentioned supervisor 30 uploads the above-mentioned update request 33. The content of the above-mentioned update request 33 may further include that the above-mentioned supervisory terminal 30 announces and requires the institutional units and their customers under the supervision or supervision of the above-mentioned supervisory terminal 30 to update relevant information or its format, such as filling in the personal information of the above-mentioned at least one human terminal 50. 57, or update the personal data 57 requirements of at least one person 50, etc., based on the latest template published by the above-mentioned supervisor terminal 30.

仍請參閱圖3,如步驟S62,上述業務端40上傳上述業務智能合約44,以提供上述個人端50簽署上述業務智能合約44。值得一提的是,上述業務端40在任何時機點,皆可上傳上述業務智能合約44,意即在步驟順序上與步驟S63(上述主管端30上傳上述更新要求33)的時間點,並不相關聯,而無先後順序之分,甚至可同時上傳。 Still referring to FIG. 3, in step S62, the business terminal 40 uploads the business smart contract 44 to provide the personal terminal 50 to sign the business smart contract 44. It is worth mentioning that the business end 40 can upload the business smart contract 44 at any time, which means that the step sequence is different from the time point of step S63 (the supervisor 30 uploads the update request 33). Associated without prioritization, and can even be uploaded at the same time.

根據某些實施例,上述業務智能合約44的內容,可進一步包括上述任一該些業務端40能提供的任何業務內容,例如就金融機構而言,可為存款、轉帳、貸款、跨行匯款、基金投資或跨境匯款等業務內容。 According to some embodiments, the content of the business smart contract 44 may further include any business content that can be provided by any of the business terminals 40, for example, for financial institutions, it may be deposits, transfers, loans, inter-bank remittances, Business content such as fund investment or cross-border remittance.

仍請參閱圖3,如步驟S64,上述個人端50確認是否完成由上述主管端30上傳之更新要求33,若未完成更新,則無法進行後續其他所欲辦理的業務內容,直接將流程導至步驟S67,結束上述身份管理與授權的方法60流程。若完成更新,則流程繼續導至步驟S65。 Still referring to Fig. 3, in step S64, the personal terminal 50 confirms whether the update request 33 uploaded by the supervisor 30 is completed. If the update is not completed, other business content to be processed cannot be carried out, and the process is directly led to Step S67, the process of the above-mentioned method 60 of identity management and authorization is ended. If the update is completed, the flow continues to step S65.

仍請參閱圖3,如步驟S65,上述個人端50若完成更新,則獲取所欲辦理業務對應的上述業務智能合約44,若不同意或未簽署上述業務智能合約44的內容,則無法進行後續其他所欲辦理的業務內容,直接將流 程導至步驟S67,結束上述身份管理與授權的方法60流程。若同意並簽署上述業務智能合約44的內容,則流程繼續導致步驟S66。 Still referring to Figure 3, in step S65, if the personal terminal 50 completes the update, it will obtain the business smart contract 44 corresponding to the business to be handled. If the content of the business smart contract 44 is not agreed or signed, the follow-up will not be possible Other business content you want to handle, directly stream The process leads to step S67, the process of the above-mentioned method 60 of identity management and authorization is ended. If the content of the aforementioned business smart contract 44 is agreed and signed, the process continues to step S66.

根據某些實施例,在步驟S65中,上述個人端50若同意並簽署上述業務智能合約44,上述簽署將進一步透過非對稱式加密方式,以上述個人端50僅透過業務端40對應的專屬公鑰,或再輔以個人私鑰56,加密已同意簽署的上述業務智能合約44,並於上述業務能合約44中,附有上述許可鑰58。 According to some embodiments, in step S65, if the personal terminal 50 agrees to and signs the business smart contract 44, the signing will be further performed through asymmetric encryption, so that the personal terminal 50 only uses the exclusive public address corresponding to the business terminal 40. The key, or supplemented by the personal private key 56, encrypts the above-mentioned business smart contract 44 that has been agreed to be signed, and the above-mentioned license key 58 is attached to the above-mentioned business function contract 44.

仍請參閱圖3,如步驟S66,上述個人端50若同意並簽署上述業務智能合約44,上述業務端40即可根據所授權的上述業務智能合約44,取得上述個人端50的上述個資57,以辦理與上述個人端50相關之業務內容,並將流程導至S67,結束上述身份管理與授權的方法60流程。 Still referring to Fig. 3, in step S66, if the personal terminal 50 agrees and signs the business smart contract 44, the business terminal 40 can obtain the personal information 57 of the personal terminal 50 according to the authorized business smart contract 44. , To handle the business content related to the above-mentioned personal terminal 50, and lead the process to S67, to end the above-mentioned method 60 process of identity management and authorization.

根據某些實施例,上述業務智能合約44還可進一步包括上述個資取用合約,上述個資取用合約規定包括上述業務端40所能取用之上述個資57的一範圍及一取用期限。上述範圍,係明訂包括上述業務端40因承辦已受有上述個人端50授權同意的合約內容時,所能取用上述個人端50的個資範圍,可為全部個資授權或僅部份個資授權。上述取用期限,則明訂包括上述業務端40因承辦已經上述個人端50授權同意的合約內容時,所能取用上述個人端50的個資之取用期限,並將流程導至S67,結束上述身份管理與授權的方法60流程。 According to some embodiments, the business smart contract 44 may further include the above-mentioned individual asset acquisition contract, and the above-mentioned individual asset acquisition contract stipulates that the above-mentioned individual asset 57 can be accessed by the business end 40 within a range and an access the term. The above-mentioned scope clearly includes the scope of personal data of the above-mentioned personal terminal 50 that can be used by the above-mentioned business terminal 40 when it undertakes the contract content authorized and agreed by the above-mentioned personal terminal 50. It can be all personal data authorized or only part of it. Individual capital authorization. The aforementioned access period clearly includes the access period for the personal assets of the aforementioned personal end 50 that the business end 40 can use when it undertakes the contract content authorized and agreed by the aforementioned personal end 50, and the process is directed to S67 to end The above-mentioned method 60 for identity management and authorization is a procedure.

根據某些實施例,因有上述個資取用合約之合約內容規範,上述業務解密模組43透過上述業務私鑰及上述許可鑰58,分別解密由上述個人端50所簽署且加密的上述業務智能合約44及上述個資57,且在上述取 用期限內,取用所授權個資的上述範圍,進行上述業務端40所承辦的相關業務,並將流程導至S67,結束上述身份管理與授權的方法60流程。 According to some embodiments, due to the contract content specification of the above-mentioned resource access contract, the above-mentioned service decryption module 43 uses the above-mentioned service private key and the above-mentioned license key 58 to respectively decrypt the above-mentioned service signed and encrypted by the above-mentioned personal terminal 50 The smart contract 44 and the above-mentioned individual assets 57, and in the above-mentioned Within the time limit, use the above-mentioned range of authorized personal assets to carry out the relevant business undertaken by the above-mentioned business terminal 40, and lead the process to S67 to end the above-mentioned method 60 process of identity management and authorization.

綜合以上身份授權與管理系統以及身份授權與管理的方法,因區塊鏈網路的本身技術,係具有資料能不斷寫入、去中心化(即分散式)、即時同步更新,且資料是以資料歷程紀錄而具可追溯性及不可否認性等特色。再透過相關智能合約的建立及簽署,即能解決客戶須經常性重複更新個資、耗費承辦業務機構的人力等問題。 Combining the above identity authorization and management system and identity authorization and management methods, due to the technology of the blockchain network, data can be written continuously, decentralized (ie decentralized), and updated in real time, and the data is based on The data history is recorded with features such as traceability and non-repudiation. Then through the establishment and signing of related smart contracts, it can solve the problems that customers have to update their personal funds frequently and consume the manpower of the business organization.

另外,上傳至區塊鏈網路的資料,例如客戶的個資,若經非對稱式加密,則加密後的資料歷程便能具有不可更改的特性。相較於傳統銀行機構中的紙本客戶資料,或已統一由中央系統管理的電子客戶資料,而更具有效率且資料保管相對安全的特色。再者,政府機關亦能參與並成為區塊鏈網路中的單位節點,透過區塊鏈網路的即時性,以及智能合約的強制性,有效且全面地達成目的性防制,創造一安全且可靠的智慧金融操作平台。 In addition, if the data uploaded to the blockchain network, such as the customer’s personal information, is asymmetrically encrypted, the encrypted data history can have an unchangeable characteristic. Compared with paper customer data in traditional banking institutions, or electronic customer data that has been unified managed by a central system, it is more efficient and relatively safe for data storage. In addition, government agencies can also participate in and become unit nodes in the blockchain network. Through the real-time nature of the blockchain network and the compulsion of smart contracts, they can effectively and comprehensively achieve targeted prevention and create a security And reliable smart financial operation platform.

本發明在本文中僅以較佳實施例揭露,然任何熟習本技術領域者應能理解的是,上述實施例僅用於描述本發明,並非用以限定本發明所主張之專利權利範圍。舉凡與上述實施例均等或等效之變化或置換,皆應解讀為涵蓋於本發明之精神或範疇內。因此,本發明之保護範圍應以下述之申請專利範圍所界定者為準。 The present invention is only disclosed in the preferred embodiments herein. However, anyone familiar with the technical field should understand that the above-mentioned embodiments are only used to describe the present invention and are not used to limit the scope of the patent rights claimed by the present invention. Any changes or substitutions equivalent or equivalent to the above-mentioned embodiments should be construed as being covered by the spirit or scope of the present invention. Therefore, the protection scope of the present invention shall be defined by the following patent application scope.

10:身份管理與授權系統 10: Identity management and authorization system

20:區塊鏈網路 20: Blockchain network

30:主管端 30: Supervisor

31:主管區塊鏈模組 31: Supervise the blockchain module

32:主管公佈模組 32: Supervisor announces the module

33:更新要求 33: Update requirements

40:業務端 40: business side

41:業務區塊鏈模組 41: Business Blockchain Module

42:業務合約模組 42: Business Contract Module

43:業務解密模組 43: Business decryption module

44:業務智能合約 44: Business Smart Contract

50:個人端 50: personal end

51:個人區塊鏈模組 51: Personal Blockchain Module

52:個人管理模組 52: Personal Management Module

53:個人加密模組 53: Personal encryption module

54:個人解密模組 54: Personal Decryption Module

55:個人合約模組 55: Personal Contract Module

57:個資 57: Personality

58:許可鑰 58: License key

Claims (10)

一種身份管理與授權系統,應用在執行智能合約的一區塊鏈網路,該系統包括:一主管端,包括:一主管區塊鏈模組,包括一主管資料庫,該主管區塊鏈模組用於通訊連結該區塊鏈網路,並更新該區塊鏈網路的所有資料至該主管資料庫;以及一主管公佈模組,通過該主管區塊鏈模組,公佈一更新要求至該區塊鏈網路上;至少一業務端,每一該些業務端包括:一業務區塊鏈模組,包括一業務資料庫,該業務區塊鏈模組用於通訊連結該區塊鏈網路,並更新該區塊鏈網路的所有資料至該業務資料庫;一業務合約模組,透過該業務區塊鏈模組提供一業務智能合約至該區塊鏈網路上;以及一業務解密模組,解密經加密的該業務智能合約,且透過該業務區塊鏈模組接收一許可鑰及經加密之一個資,以該許可鑰解密該個資;以及至少一個人端,位於該區塊鏈網路上,每一該些個人端包括:一個人區塊鏈模組,包括一個人資料庫,該個人區塊鏈模組用於通訊連結該區塊鏈網路,並更新該區塊鏈網路的所有資料至該個人資料庫; 一個人管理模組,維護該個人端的該個資;一個人加密模組,在上傳該個資至該區塊鏈網路前,加密該個資;一個人解密模組,使用一個人私鑰,以解密該個資以及該業務端透過該個人區塊鏈模組傳遞給該個人端之該業務智能合約;以及一個人合約模組,透過該個人區塊鏈模組簽署已解密的該業務智能合約,並提供該許可鑰給該業務端之該業務解密模組,以許可該業務端取得該個資。 An identity management and authorization system is applied to a blockchain network that executes smart contracts. The system includes: a supervisor terminal, including: a supervisor blockchain module, including a supervisor database, the supervisor blockchain module The group is used to communicate with the blockchain network and update all the data of the blockchain network to the supervisor database; and a supervisor announcement module, through which the supervisor blockchain module announces an update request to On the blockchain network; at least one business end, each of the business ends includes: a business block chain module, including a business database, the business block chain module is used to communicate with the block chain network And update all the data of the blockchain network to the business database; a business contract module that provides a business smart contract to the blockchain network through the business blockchain module; and a business decryption The module decrypts the encrypted business smart contract, receives a license key and the encrypted data through the business block chain module, and decrypts the data with the license key; and at least one human terminal located in the block On the chain network, each of these personal terminals includes: a person blockchain module, including a person database, the personal blockchain module is used to communicate with the blockchain network and update the blockchain network All data of to the personal database; One person manages the module and maintains the personal data; one person encrypts the module and encrypts the personal data before uploading the personal data to the blockchain network; one person decrypts the module and uses one person’s private key to decrypt the personal data. Personal information and the business smart contract that the business end transmits to the personal end through the personal blockchain module; and a personal contract module that signs the decrypted business smart contract through the personal blockchain module and provides The license key is given to the service decryption module of the service end to allow the service end to obtain the information. 如請求項1的身份管理與授權系統,其中該更新要求係要求該至少一個人端分別更新所屬的該個資。 For example, the identity management and authorization system of claim 1, wherein the update request requires the at least one terminal to update the personal information to which it belongs. 如請求項1的身份管理與授權系統,其中該業務智能合約,更包括一個資取用合約,該個資取用合約規定包括該業務端所能取用之該個資的一範圍及一取用期限。 For example, the identity management and authorization system of claim 1, in which the business smart contract further includes a resource acquisition contract, and the resource acquisition contract stipulates that it includes a range and a withdrawal of the resource that the business end can use Use time limit. 如請求項3的身份管理與授權系統,其中該業務端使用該許可鑰並透過該個資取用合約取得該個資的該範圍與該取用期限。 For example, the identity management and authorization system of claim 3, in which the business end uses the license key and obtains the scope and the access period of the asset through the asset access contract. 如請求項1的身份管理與授權系統,其中該個人區塊鏈模組,更新以該個資加密模組加密的該個資,並連結至該區塊鏈網路,確保該主管資料庫、該些業務資料庫以及該些個人資料庫內之所有資料含有更新且經加密的該個資。 For example, the identity management and authorization system of claim 1, in which the personal blockchain module updates the information encrypted with the data encryption module, and connects to the blockchain network to ensure that the supervisory database, All the data in the business database and the personal database contains the updated and encrypted data. 一種身份管理與授權的方法,其係使用如請求項1之身份管理與授權系統,該方法包括:該主管端上傳該更新要求; 該業務端上傳該業務智能合約,供該個人端簽署該業務智能合約;以及當該個人端依據該更新要求更新該個資後,該業務端執行該業務智能合約。 A method for identity management and authorization, which uses the identity management and authorization system such as request item 1. The method includes: the supervisor uploads the update request; The business terminal uploads the business smart contract for the personal terminal to sign the business smart contract; and when the personal terminal updates the personal data according to the update request, the business terminal executes the business smart contract. 如請求項6的身份管理與授權的方法,其中該更新要求係要求該至少一個人端分別更新所屬的該個資。 For example, in the method for identity management and authorization of claim 6, wherein the update request is to require the at least one terminal to update the personal information to which it belongs. 如請求項6的身份管理與授權的方法,其中該業務智能合約包括一個資取用合約,該個資取用合約規定包括該業務端所能取用之該個資的一範圍及一取用期限。 For example, the method of identity management and authorization of claim 6, wherein the business smart contract includes a resource acquisition contract, and the provisions of the resource acquisition contract include a range of the asset that can be accessed by the business end and an access the term. 如請求項6的身份管理與授權的方法,其中該業務智能合約包括一個資取用合約,其中該業務端使用該許可鑰並透過該個資取用合約取得該個資的一範圍與一取用期限。 For example, the method for identity management and authorization of claim 6, wherein the business smart contract includes a resource access contract, wherein the business end uses the license key and obtains a range and access to the resource through the resource access contract. Use time limit. 如請求項6的身份管理與授權的方法,其中透過該個人區塊鏈模組,更新以該個資加密模組加密的該個資,並連結至該區塊鏈網路,以確保該主管資料庫、該些業務資料庫以及該些個人資料庫內之所有資料含有更新且經加密的該個資。 For example, the identity management and authorization method of claim 6, wherein the personal blockchain module is used to update the personal information encrypted with the personal encryption module, and link to the blockchain network to ensure that the supervisor All data in the database, the business database, and the personal database contain the updated and encrypted data.
TW108144195A 2019-12-03 2019-12-03 System of identity management and authorization and method thereof TWI724667B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108144195A TWI724667B (en) 2019-12-03 2019-12-03 System of identity management and authorization and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108144195A TWI724667B (en) 2019-12-03 2019-12-03 System of identity management and authorization and method thereof

Publications (2)

Publication Number Publication Date
TWI724667B true TWI724667B (en) 2021-04-11
TW202123648A TW202123648A (en) 2021-06-16

Family

ID=76604919

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108144195A TWI724667B (en) 2019-12-03 2019-12-03 System of identity management and authorization and method thereof

Country Status (1)

Country Link
TW (1) TWI724667B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI790985B (en) * 2021-10-28 2023-01-21 市民永續股份有限公司 Data read authority control system based on block chain and zero-knowledge proof mechanism, and related data service system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI828001B (en) * 2021-11-11 2024-01-01 翁仲和 System for using multiple security levels to verify customer identity and transaction services and method thereof
TWI810106B (en) * 2022-11-03 2023-07-21 國立臺灣科技大學 Dynamic consent management platform and personal information management method thereof

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI629658B (en) * 2017-05-08 2018-07-11 富邦金融控股股份有限公司 Know your customer (kyc) data sharing system based on smart contract on blockchain and method thereof
TWI636415B (en) * 2017-08-22 2018-09-21 台新金融控股股份有限公司 Decentralization know your customer (kyc) system based on blockchain smart contract and method thereof
CN108833398A (en) * 2018-06-08 2018-11-16 浙江超脑时空科技有限公司 A kind of block chain intelligence contract update method, device and equipment
CN110032598A (en) * 2018-12-20 2019-07-19 阿里巴巴集团控股有限公司 Method for updating field and device, electronic equipment
US20190347657A1 (en) * 2017-06-12 2019-11-14 Tencent Technology (Shenzhen) Company Limited Resource transfer method and apparatus, storage medium, and computer device
TWM596924U (en) * 2019-12-03 2020-06-11 臺灣銀行股份有限公司 Device of identity management and authorization

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI629658B (en) * 2017-05-08 2018-07-11 富邦金融控股股份有限公司 Know your customer (kyc) data sharing system based on smart contract on blockchain and method thereof
US20190347657A1 (en) * 2017-06-12 2019-11-14 Tencent Technology (Shenzhen) Company Limited Resource transfer method and apparatus, storage medium, and computer device
TWI636415B (en) * 2017-08-22 2018-09-21 台新金融控股股份有限公司 Decentralization know your customer (kyc) system based on blockchain smart contract and method thereof
CN108833398A (en) * 2018-06-08 2018-11-16 浙江超脑时空科技有限公司 A kind of block chain intelligence contract update method, device and equipment
CN110032598A (en) * 2018-12-20 2019-07-19 阿里巴巴集团控股有限公司 Method for updating field and device, electronic equipment
TWM596924U (en) * 2019-12-03 2020-06-11 臺灣銀行股份有限公司 Device of identity management and authorization

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI790985B (en) * 2021-10-28 2023-01-21 市民永續股份有限公司 Data read authority control system based on block chain and zero-knowledge proof mechanism, and related data service system

Also Published As

Publication number Publication date
TW202123648A (en) 2021-06-16

Similar Documents

Publication Publication Date Title
CN108830601B (en) Smart city information safe use method and system based on block chain
CN108418680B (en) Block chain key recovery method and medium based on secure multi-party computing technology
CN108765240B (en) Block chain-based inter-institution customer verification method, transaction supervision method and device
JP6524347B2 (en) Information sharing system
TWI724667B (en) System of identity management and authorization and method thereof
CN107358440B (en) Method and system for customized tracking of digital currency
CN109447647A (en) A kind of safety payment system based on block chain
CN111324881B (en) Data security sharing system and method fusing Kerberos authentication server and block chain
CN111461712B (en) Transaction privacy protection and hierarchical supervision in blockchain supply chain financial scenarios
JP2006246543A (en) Cryptographic system and method with key escrow function
CA3064583A1 (en) System of hardware and software to prevent disclosure of personally identifiable information
WO2013166518A1 (en) Secure transaction object creation, propagation and invocation
WO2023010932A1 (en) Cloud-edge collaborative multi-mode private data transfer method based on smart contract
TWI644556B (en) Know your customer (kyc) data sharing system with privacy and method thereof
US11334884B2 (en) Encapsulated security tokens for electronic transactions
TWM596924U (en) Device of identity management and authorization
CN112668018B (en) Method and device for government data protocol authorization sharing based on blockchain
CN113094725B (en) Encryption and decryption method and system for bidding documents opened remotely and intensively
JPWO2018088475A1 (en) Electronic authentication method and program
CN111882410A (en) Tax information query method and system based on block chain
WO2019062511A1 (en) Encryption-based data rights verification method and system
CN112991045A (en) Medical health consumption financing method, device, equipment and medium based on block chain
CN115147224A (en) Transaction data sharing method and device based on alliance chain
CN111491024A (en) Block chain-based bank letter method, system, terminal and storage medium
CN117094036A (en) Electronic signature method based on blockchain technology