TWI776590B - System, method and computer readable medium for authenticaion and transfer traceability of digital documents - Google Patents

System, method and computer readable medium for authenticaion and transfer traceability of digital documents Download PDF

Info

Publication number
TWI776590B
TWI776590B TW110125664A TW110125664A TWI776590B TW I776590 B TWI776590 B TW I776590B TW 110125664 A TW110125664 A TW 110125664A TW 110125664 A TW110125664 A TW 110125664A TW I776590 B TWI776590 B TW I776590B
Authority
TW
Taiwan
Prior art keywords
file
document
blockchain
token
digital
Prior art date
Application number
TW110125664A
Other languages
Chinese (zh)
Other versions
TW202303425A (en
Inventor
張明哲
張明信
李駿偉
楊文君
張華洋
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW110125664A priority Critical patent/TWI776590B/en
Application granted granted Critical
Publication of TWI776590B publication Critical patent/TWI776590B/en
Publication of TW202303425A publication Critical patent/TW202303425A/en

Links

Images

Abstract

The present invention provides a system, method and computer readable medium for the authentication and transfer traceability of the original digital document. It mainly uses the smart contract of non-replaceable tokens to transform the digital document into a unique, indivisible and non-copyable digital asset, and uses a distributed file system to permanently store the original files of digital documents, and then integrate the user's public key certificate data to confirm the relationship between the digital document and its owner and transfer record, so it can be open, transparent, high-security, and high-efficiency. The easy-to-use solution realizes the original authentication mechanism and transfer traceability of digital documents.

Description

數位文件之驗證與移轉追溯之系統、方法及電腦可讀媒介 System, method and computer readable medium for verification and transfer traceability of digital documents

本發明係關於區塊鏈技術,特別是關於數位文件之驗證與移轉追溯之系統、方法及電腦可讀媒介。 The present invention relates to block chain technology, in particular to systems, methods and computer-readable media for verification and transfer traceability of digital files.

在資訊流通愈加電子化的環境下,許多文件的交易與保存皆以數位化方式進行。然而,相較於紙本文件可對正本執行實質的鑑定作業以達成真偽驗證,數位文件因其可輕易複製、移轉等性質,針對數位文件之唯一性的保存、驗證、其擁有者的認定、及其擁有者移轉紀錄的追溯等作業相對地困難。舉例來說,當財產權證書採用數位文件之形式時,對於此財產權證書的正本驗證、合法擁有者之認定等作業相較以紙本文件紀錄的方式將更為困難。 In an environment where information flows more and more electronically, many documents are traded and stored digitally. However, compared with paper documents, a substantial authentication operation can be performed on the original to achieve authenticity verification. Because of the nature of digital documents, which can be easily copied and transferred, the preservation and verification of the uniqueness of digital documents, and the identification of their owners It is relatively difficult to identify and trace the owner's transfer records. For example, when the property right certificate is in the form of a digital file, it will be more difficult to verify the original of the property right certificate and identify the legal owner than to record it in a paper file.

因此,如何提供公開透明、高安全性、高效率且易於使用之解決方案,以改善電子文件在唯一性之可信度、移轉紀錄追溯等問題,係本領域亟需解決的問題之一。 Therefore, how to provide an open, transparent, high-security, high-efficiency, and easy-to-use solution to improve the reliability of the uniqueness of electronic documents and the traceability of transfer records is one of the urgent problems to be solved in the art.

為解決上述之問題,本發明提供一種數位文件之驗證與移轉追溯之系統,包括:身分驗證元件,係用於透過身分驗證智慧合約元件在區塊鏈中維護使用者之註冊資料,其中,該註冊資料包括該使用者之公開金鑰憑證資料及區塊鏈位址,而該公開金鑰憑證資料係包括雜湊值、公開金鑰、有效日期及憑證狀態;文件移轉元件,係用於根據該使用者之該註冊資料執行該數位文件之正本維護作業;文件代幣合約元件,係用於根據該正本維護作業在該區塊鏈中維護該數位文件的文件代幣;以及分散式檔案存儲元件,係用於保存該數位文件之原始檔案及該文件代幣的索引值。 In order to solve the above-mentioned problems, the present invention provides a system for verification and transfer traceability of digital documents, including: an identity verification component, which is used to maintain the user's registration data in the blockchain through the identity verification smart contract component, wherein, The registration data includes the user's public key certificate data and blockchain address, and the public key certificate data includes hash value, public key, expiry date and certificate status; file transfer element, used for Execute the original maintenance operation of the digital file according to the registration data of the user; the file token contract element, which is a file token used to maintain the digital file in the blockchain according to the original maintenance operation; and a distributed file The storage element is used to save the original file of the digital file and the index value of the file token.

在上述之系統中,該身分驗證元件維護該註冊資料之方式包括註冊作業,該註冊作業之執行方式係包括:令該身分驗證元件接收該使用者之該註冊資料,其中,該註冊資料復包括利用該公開金鑰憑證資料之私密金鑰將該公開金鑰憑證資料及該區塊鏈位址加密的數位簽章;令該身分驗證元件利用該公開金鑰憑證資料之該公開金鑰解密該數位簽章;以及令該身分驗證元件將該數位簽章之解密內容與該公開金鑰憑證資料及該區塊鏈位址比對,以當該比對之結果為相符的情況下,令該身分驗證元件將該註冊資料透過該身分驗證智慧合約元件儲存於該區塊鏈。 In the above-mentioned system, the way of maintaining the registration data by the identity verification component includes a registration operation, and the execution method of the registration operation includes: causing the identity verification component to receive the registration data of the user, wherein the registration data further includes A digital signature encrypted with the public key certificate data and the blockchain address using the private key of the public key certificate data; enabling the authentication element to decrypt the public key certificate data using the public key of the public key certificate data a digital signature; and causing the authentication element to compare the decrypted content of the digital signature with the public key certificate data and the blockchain address, and if the result of the comparison is a match, cause the The identity verification component stores the registration data in the blockchain through the identity verification smart contract component.

在上述之系統中,該身分驗證元件維護該註冊資料之方式包括驗證作業,該驗證作業之執行方式係包括:令該身分驗證元件接收該區塊鏈位址;以及令該身分驗證元件依據該區塊鏈位址透過該身分驗證智慧合約元件查找該區塊鏈中對應的該註冊資料,以令該身分驗證元件回傳該註冊資料的內容。 In the above-mentioned system, the way that the identity verification element maintains the registration data includes a verification operation, and the execution method of the verification operation includes: causing the identity verification element to receive the blockchain address; and making the identity verification element according to the The blockchain address searches the corresponding registration data in the blockchain through the identity verification smart contract component, so that the identity verification component returns the content of the registration data.

在上述之系統中,該正本維護作業包括該數位文件之創建作業,該創建作業之執行方式係包括:令該文件移轉元件接收該數位文件之該原始檔案及該區塊鏈位址;令該文件移轉元件呼叫該身分驗證元件透過該身分驗 證智慧合約元件基於該區塊鏈位址查詢該區塊鏈中的該註冊資料,以確認該區塊鏈位址與該註冊資料所紀錄者相符;令該文件移轉元件將該原始檔案儲存至分散式檔案存儲元件;以及令該文件移轉元件呼叫該文件代幣合約元件於該區塊鏈中產製該數位文件之該文件代幣,以令該文件移轉元件於該分散式檔案存儲元件紀錄該文件代幣之該索引值,其中,該索引值係該數位文件之雜湊值。 In the above system, the original maintenance operation includes the creation operation of the digital file, and the execution method of the creation operation includes: causing the file transfer element to receive the original file and the blockchain address of the digital file; the document transfer element calls the authentication element to pass the authentication The certificate smart contract component queries the registration data in the blockchain based on the blockchain address to confirm that the blockchain address is consistent with the registered data; instruct the file transfer component to store the original file to a distributed file storage element; and causing the file transfer element to call the file token contract element to generate the file token of the digital file in the blockchain, so that the file transfer element is stored in the distributed file storage The element records the index value of the document token, wherein the index value is the hash value of the digital document.

在上述之系統中,該文件代幣係包括代幣本體資訊及元數據詮釋資料,且該代幣本體資訊係包括該數位文件之識別碼及代表該區塊鏈位址的擁有者資訊,而該元數據詮釋資料係包括該數位文件之創建時間、雜湊值、加密存儲位址、及該文件代幣的交易時間。 In the above system, the document token includes token ontology information and metadata metadata, and the token ontology information includes the identification code of the digital document and the owner information representing the blockchain address, and The metadata metadata includes the creation time of the digital file, the hash value, the encrypted storage address, and the transaction time of the file token.

在上述之系統中,該正本維護作業包括該數位文件之該文件代幣的移轉作業,該移轉作業之執行方式係包括:令該文件移轉元件接收該使用者輸入之該數位文件之該識別碼及接收者區塊鏈位址;令該文件移轉元件透過該身分驗證元件呼叫該身分驗證智慧合約元件查找該區塊鏈中的該註冊資料以驗證該接收者區塊鏈位址為已註冊之各該區塊鏈位址的其中一者;令該文件移轉元件使用該使用者之該區塊鏈位址計算解密金鑰,將該加密存儲位址解密以獲得存儲位址;以及令該文件移轉元件依據該接收者區塊鏈位址呼叫該文件代幣合約元件更新該文件代幣,包括:將該擁有者資訊由該區塊鏈位址更新為該接收者區塊鏈位址;依據該接收者區塊鏈位址計算接收者加密金鑰,並將該加密存儲位址更新為以該接收者加密金鑰加密該存儲位址的結果;以及更新該交易時間。 In the above-mentioned system, the original maintenance operation includes a transfer operation of the document token of the digital document, and the execution method of the transfer operation includes: enabling the document transfer element to receive the digital document input by the user. the identifier and the recipient blockchain address; make the document transfer element call the authentication smart contract element through the authentication element to look up the registration data in the blockchain to verify the recipient blockchain address is one of the registered blockchain addresses; causing the file transfer element to calculate a decryption key using the user's blockchain address, decrypt the encrypted storage address to obtain the storage address ; and causing the file transfer element to call the file token contract element to update the file token according to the recipient blockchain address, including: updating the owner information from the blockchain address to the recipient area block chain address; calculate the receiver encryption key according to the receiver block chain address, and update the encrypted storage address to the result of encrypting the storage address with the receiver encryption key; and update the transaction time .

在上述之系統中,復包括:文件履歷智慧合約元件,係用於根據該文件移轉元件執行該移轉作業之結果存證該文件代幣的移轉紀錄。 In the above-mentioned system, it further includes: a document history smart contract element, which is used for storing the transfer record of the document token according to the result of executing the transfer operation by the document transfer element.

在上述之系統中,復包括:正本驗證與追溯元件,係用於進行特定文件之正本驗證與移轉紀錄追溯,該特定文件之正本驗證與移轉紀錄追溯 的執行方式係包括:令該正本驗證與追溯元件計算該特定文件之待驗證雜湊值;在令該文件移轉元件確認該待驗證雜湊值與該分散式檔案存儲元件所保存之該索引值相符的情況下,令該文件代幣合約元件取回該數位文件之該文件代幣;以及在該特定文件之該待驗證雜湊值與該文件代幣之該雜湊值相符的情況下,令該正本驗證與追溯元件判定該特定文件為該數位文件的合法正本,以令該正本驗證與追溯元件呼叫該文件履歷智慧合約元件輸出該文件代幣的該移轉紀錄。 In the above system, it includes: the original verification and traceability component, which is used for the verification of the original of a specific document and the traceability of the transfer record, the original verification and the traceability of the transfer record of the specific document The execution method includes: causing the original verification and traceability component to calculate the hash value to be verified of the specific file; and then causing the document transfer component to confirm that the hash value to be verified is consistent with the index value stored in the distributed file storage component in the case of the document token contract element to retrieve the document token of the digital document; and if the hash value to be verified for that particular document matches the hash value of the document token, cause the original The verification and traceability component determines that the specific document is the legal original of the digital document, so that the original verification and traceability component calls the document history smart contract component to output the transfer record of the document token.

在上述之系統中,復包括:解密下載元件,係用於自該分散式檔案存儲元件下載該數位文件之該原始檔案,該下載該數位文件之該原始檔案之方式係包括:令該解密下載元件接收該數位文件之該識別碼及計算簽署申請資料,其中,該簽署申請資料係將該識別碼以該使用者之該公開金鑰憑證資料的私密金鑰簽署者;令該文件代幣合約元件依據該識別碼取得該區塊鏈中的該文件代幣;令該身分驗證元件透過該身分驗證智慧合約元件依據該文件代幣所紀錄該擁有者資訊向該區塊鏈取得該註冊資料中之該公開金鑰,進而使用該公開金鑰解密該簽署申請資料;在該簽署申請資料成功解密的情況下,令該身分驗證元件以該區塊鏈位址計算解密金鑰,進而使用該解密金鑰將該加密存儲位址解密以獲得存儲位址;以及令該解密下載元件使用該存儲位址向該分散式檔案存儲元件下載該數位文件之該原始檔案。 In the above-mentioned system, it further includes: a decryption download element for downloading the original file of the digital file from the distributed file storage element, and the method for downloading the original file of the digital file includes: making the decryption download The component receives the identification code of the digital document and calculates the signing application data, wherein the signing application data is a signer of the identification code with the private key of the public key certificate data of the user; make the document token contract The component obtains the document token in the blockchain according to the identification code; the identity verification component obtains the registration information from the blockchain through the identity verification smart contract component according to the owner information recorded in the document token the public key, and then use the public key to decrypt the signing application data; if the signing application data is successfully decrypted, make the identity verification element calculate the decryption key with the blockchain address, and then use the decryption The key decrypts the encrypted storage address to obtain a storage address; and causes the decryption download element to download the original file of the digital file to the distributed file storage element using the storage address.

本發明復提供一種數位文件之驗證與移轉追溯之方法,包括:令身分驗證元件透過身分驗證智慧合約元件在區塊鏈中維護使用者之註冊資料,其中,該註冊資料包括該使用者之公開金鑰憑證資料及區塊鏈位址,而該公開金鑰憑證資料係包括雜湊值、公開金鑰、有效日期及憑證狀態;令文件移轉元件根據該使用者之該註冊資料執行該數位文件之正本維護作業;令文件代 幣合約元件根據該正本維護作業在該區塊鏈中維護該數位文件的文件代幣;以及令分散式檔案存儲元件保存該數位文件之原始檔案及該文件代幣的索引值。 The present invention further provides a method for verification and transfer traceability of digital documents, including: enabling an identity verification component to maintain a user's registration data in the blockchain through an identity verification smart contract component, wherein the registration data includes the user's registration data. public key certificate data and blockchain address, and the public key certificate data includes hash value, public key, expiry date and certificate status; make the file transfer component execute the bit based on the registration data of the user Maintenance of the original of the document; The currency contract element maintains the file token of the digital file in the blockchain according to the original maintenance operation; and the distributed file storage element stores the original file of the digital file and the index value of the file token.

在上述之方法中,當維護該註冊資料之方式為註冊作業時,該令身分驗證元件透過身分驗證智慧合約元件在區塊鏈中維護使用者之註冊資料之步驟係包括以下子步驟:令該身分驗證元件接收該使用者之該註冊資料,其中,該註冊資料復包括利用該公開金鑰憑證資料之私密金鑰將該公開金鑰憑證資料及該區塊鏈位址加密的數位簽章;令該身分驗證元件利用該公開金鑰憑證資料之該公開金鑰解密該數位簽章;以及令該身分驗證元件將該數位簽章之解密內容與該公開金鑰憑證資料及該區塊鏈位址比對,以當該比對之結果為相符的情況下,令該身分驗證元件將該註冊資料透過該身分驗證智慧合約元件儲存於該區塊鏈。 In the above-mentioned method, when the way of maintaining the registration data is a registration operation, the step of enabling the identity verification element to maintain the user's registration information in the blockchain through the identity verification smart contract element includes the following sub-steps: The identity verification element receives the registration data of the user, wherein the registration data further includes a digital signature encrypted with the public key certificate data and the blockchain address using the private key of the public key certificate data; causing the authentication element to decrypt the digital signature using the public key of the public key certificate data; and causing the authentication element to combine the decrypted content of the digital signature with the public key certificate data and the blockchain bit Address comparison, so that when the result of the comparison is consistent, the identity verification component stores the registration data in the blockchain through the identity verification smart contract component.

在上述之方法中,當維護該註冊資料之方式為驗證作業時,該令身分驗證元件透過身分驗證智慧合約元件在區塊鏈中維護使用者之註冊資料之步驟係包括以下子步驟:令該身分驗證元件接收該區塊鏈位址;以及令該身分驗證元件依據該區塊鏈位址透過該身分驗證智慧合約元件查找該區塊鏈中對應的該註冊資料,以令該身分驗證元件回傳該註冊資料的內容。 In the above-mentioned method, when the way of maintaining the registration data is the verification operation, the step of making the identity verification component maintain the user's registration data in the blockchain through the identity verification smart contract component includes the following sub-steps: The identity verification element receives the block chain address; and makes the identity verification element search the corresponding registration data in the block chain through the identity verification smart contract element according to the block chain address, so that the identity verification element returns Upload the content of the registration information.

在上述之方法中,當該正本維護作業為該數位文件之創建作業時,該令文件移轉元件根據該使用者之該身分驗證智慧合約元件執行該數位文件之正本維護作業之步驟係包括以下子步驟:令該文件移轉元件接收該數位文件之該原始檔案及該區塊鏈位址;令該文件移轉元件呼叫該身分驗證元件透過該身分驗證智慧合約元件基於該區塊鏈位址查詢該區塊鏈中的該註冊資料,以確認該區塊鏈位址與該註冊資料所紀錄者相符;令該文件移轉元件將該原始檔案儲存至分散式檔案存儲元件;以及令該文件移轉元件呼叫該文件代幣合約元件於該區塊鏈中產製該數位文件之該文件代幣,以令該文件移轉元件於該分散 式檔案存儲元件紀錄該文件代幣之該索引值,其中,該索引值係該數位文件之雜湊值。 In the above-mentioned method, when the original maintenance operation is the creation operation of the digital file, the step of making the file transfer element execute the original maintenance operation of the digital file according to the user's identity verification smart contract element includes the following steps: Sub-steps: make the file transfer element receive the original file and the blockchain address of the digital file; make the file transfer element call the authentication element through the authentication smart contract element based on the blockchain address query the registration data in the blockchain to confirm that the blockchain address matches that recorded in the registration data; cause the file transfer element to store the original file to the distributed file storage element; and make the file The transfer element calls the file token contract element to generate the file token of the digital file in the blockchain, so that the file transfer element is in the decentralized The file storage element records the index value of the file token, wherein the index value is a hash value of the digital file.

在上述之方法中,該文件代幣係包括代幣本體資訊及元數據詮釋資料,且該代幣本體資訊係包括該數位文件之識別碼及代表該區塊鏈位址的擁有者資訊,而該元數據詮釋資料係包括該數位文件之創建時間、雜湊值、加密存儲位址、及該文件代幣的交易時間。 In the above method, the document token includes token ontology information and metadata metadata, and the token ontology information includes an identifier of the digital document and owner information representing the blockchain address, and The metadata metadata includes the creation time of the digital file, the hash value, the encrypted storage address, and the transaction time of the file token.

在上述之方法中,當該正本維護作業係該數位文件之該文件代幣的移轉作業時,該令文件移轉元件根據該使用者之該身分驗證智慧合約元件執行該數位文件之正本維護作業之步驟係包括以下子步驟:令該文件移轉元件接收該使用者輸入之該數位文件之該識別碼及接收者區塊鏈位址;令該文件移轉元件透過該身分驗證元件呼叫該身分驗證智慧合約元件查找該區塊鏈中的該註冊資料以驗證該接收者區塊鏈位址為已註冊之各該區塊鏈位址的其中一者;令該文件移轉元件使用該使用者之該區塊鏈位址計算解密金鑰,將該加密存儲位址解密以獲得存儲位址;以及令該文件移轉元件依據該接收者區塊鏈位址呼叫該文件代幣合約元件更新該文件代幣,包括:將該擁有者資訊由該區塊鏈位址更新為該接收者區塊鏈位址;依據該接收者區塊鏈位址計算接收者加密金鑰,並將該加密存儲位址更新為以該接收者加密金鑰加密該存儲位址的結果;以及更新該交易時間。 In the above method, when the original maintenance operation is the transfer operation of the document token of the digital document, the document transfer component executes the original maintenance of the digital document according to the identity verification smart contract component of the user The steps of the operation include the following sub-steps: causing the document transfer element to receive the identification code and recipient blockchain address of the digital document input by the user; making the document transfer element call the document transfer element through the identity verification element The identity verification smart contract element looks up the registration data in the blockchain to verify that the recipient blockchain address is one of the registered blockchain addresses; causes the file transfer element to use the usage Calculate the decryption key from the blockchain address of the recipient, decrypt the encrypted storage address to obtain the storage address; and make the file transfer element call the file token contract element to update according to the recipient blockchain address The file token includes: updating the owner information from the blockchain address to the recipient's blockchain address; calculating the recipient's encryption key according to the recipient's blockchain address, and encrypting the encryption key updating the storage address as a result of encrypting the storage address with the recipient encryption key; and updating the transaction time.

在上述之方法中,復包括:令文件履歷智慧合約元件根據該文件移轉元件執行該移轉作業之結果存證該文件代幣的移轉紀錄。 In the above-mentioned method, the method further comprises: making the document history smart contract component store the transfer record of the document token according to the result of the document transfer component performing the transfer operation.

在上述之方法中,復包括:令正本驗證與追溯元件進行特定文件之正本驗證與移轉紀錄追溯,係包括以下子步驟:令該正本驗證與追溯元件計算該特定文件之待驗證雜湊值;在令該文件移轉元件確認該待驗證雜湊值與該分散式檔案存儲元件所保存之該索引值相符的情況下,令該文件代幣合約元 件取回該數位文件之該文件代幣;以及在該特定文件之該待驗證雜湊值與該文件代幣之該雜湊值相符的情況下,令該正本驗證與追溯元件判定該特定文件為該數位文件的合法正本,以令該正本驗證與追溯元件呼叫該文件履歷智慧合約元件輸出該文件代幣的該移轉紀錄。 In the above-mentioned method, it further includes: enabling the original verification and traceability component to perform the original verification and transfer record traceability of a specific document, which includes the following sub-steps: enabling the original verification and traceability component to calculate the hash value to be verified for the specific document; Having the file transfer element confirm that the hash value to be verified matches the index value stored by the distributed file storage element, make the file token contract element to retrieve the document token of the digital document; and, if the hash value to be verified for the particular document matches the hash value of the document token, cause the original verification and traceability element to determine that the particular document is the The legal original of the digital document, so that the original verification and traceability component calls the document history smart contract component to output the transfer record of the document token.

在上述之方法中,復包括:令解密下載元件自該分散式檔案存儲元件下載該數位文件之該原始檔案,係包括以下子步驟:令該解密下載元件接收該數位文件之該識別碼及計算簽署申請資料,其中,該簽署申請資料係將該識別碼以該使用者之該公開金鑰憑證資料的私密金鑰簽署者;令該文件代幣合約元件依據該識別碼取得該區塊鏈中的該文件代幣;令該身分驗證元件透過該身分驗證智慧合約元件依據該文件代幣所紀錄該擁有者資訊向該區塊鏈取得該註冊資料中之該公開金鑰,進而使用該公開金鑰解密該簽署申請資料;在該簽署申請資料成功解密的情況下,令該身分驗證元件以該區塊鏈位址計算解密金鑰,進而使用該解密金鑰將該加密存儲位址解密以獲得存儲位址;以及令該解密下載元件使用該存儲位址向該分散式檔案存儲元件下載該數位文件之該原始檔案。 In the above-mentioned method, it further comprises: causing the decryption download element to download the original file of the digital file from the distributed file storage element, which includes the following sub-steps: making the decryption download element receive the identification code of the digital file and calculate Signing the application data, wherein the signing application data is the signer of the identification code with the private key of the public key certificate data of the user; make the document token contract element obtain the data in the blockchain according to the identification code the document token; make the identity verification component obtain the public key in the registration data from the blockchain through the identity verification smart contract component according to the owner information recorded in the document token, and then use the public key key to decrypt the signing application data; in the case that the signing application data is successfully decrypted, make the identity verification element calculate the decryption key with the blockchain address, and then use the decryption key to decrypt the encrypted storage address to obtain a storage address; and causing the decryption download element to download the original file of the digital file to the distributed file storage element using the storage address.

本發明又提供一種電腦可讀媒介,應用於計算裝置或電腦中,係儲存有指令,以執行上述之數位文件之驗證與移轉追溯之方法。 The present invention further provides a computer-readable medium, which is applied to a computing device or a computer, and stores an instruction to execute the above-mentioned method for verifying and transferring a digital file.

綜上所述,本發明之數位文件正本之驗證與移轉追溯之系統、方法及電腦可讀媒介主要係利用非替換式代幣的智慧合約將數位文件轉變成獨一、不可分割或複製的數位資產,並採用分散式檔案系統永久儲存數位文件之原始檔案,再整合使用者的公開金鑰憑證資料來確認數位文件與其擁有者及移轉紀錄間的關係,故能以公開透明、高安全性、高效率且易於使用的方案實現數位文件之正本驗證機制及移轉追溯。 To sum up, the system, method and computer-readable medium for the verification and transfer traceability of the original digital document of the present invention mainly utilize the smart contract of non-replaceable tokens to convert the digital document into a unique, indivisible or duplicated digital document. Digital assets, and use a decentralized file system to permanently store the original files of digital files, and then integrate the user's public key certificate data to confirm the relationship between digital files and their owners and transfer records, so it can be open, transparent and highly secure. A flexible, efficient and easy-to-use solution to realize the original verification mechanism and transfer traceability of digital documents.

100:身分驗證元件 100: Authentication element

200:文件移轉元件 200: File transfer element

300:數位文件 300: digital file

400:文件代幣合約元件 400: Document Token Contract Element

500:正本驗證與追溯元件 500: Original Verification and Traceability Elements

600:區塊鏈 600: Blockchain

700:分散式檔案存儲元件 700: Decentralized Archive Storage Element

800:解密下載元件 800: Decrypt download components

900:文件履歷智慧合約元件 900: Document History Smart Contract Element

1000:身分驗證智慧合約元件 1000: Identity Verification Smart Contract Components

S201~S207:步驟 S201~S207: Steps

S301~S306:步驟 S301~S306: Steps

S401~S406:步驟 S401~S406: Steps

S501~S507:步驟 S501~S507: Steps

S601~S607:步驟 S601~S607: Steps

圖1係揭示本發明之系統的架構圖; FIG. 1 is a schematic diagram showing the system of the present invention;

圖2A及2B係揭示本發明之方法的局部步驟流程圖; 2A and 2B are partial step flow diagrams showing the method of the present invention;

圖3係揭示本發明之方法的局部步驟流程圖; FIG. 3 is a flowchart showing partial steps of the method of the present invention;

圖4係揭示本發明之方法的局部步驟流程圖; 4 is a flowchart showing partial steps of the method of the present invention;

圖5係揭示本發明之方法的局部步驟流程圖;以及 FIG. 5 is a flowchart showing partial steps of the method of the present invention; and

圖6係揭示本發明之方法的局部步驟流程圖。 FIG. 6 is a flowchart showing partial steps of the method of the present invention.

以下藉由特定的實施例說明本案之實施方式,熟習此項技藝之人士可由本文所揭示之內容輕易地瞭解本案之其他優點及功效。本說明書所附圖式所繪示之結構、比例、大小等均僅用於配合說明書所揭示之內容,以供熟悉此技藝之人士之瞭解與閱讀,非用於限定本案可實施之限定條件,故任何修飾、改變或調整,在不影響本案所能產生之功效及所能達成之目的下,均應仍落在本案所揭示之技術內容得能涵蓋之範圍內。 The following specific examples illustrate the implementation of the present application, and those skilled in the art can easily understand other advantages and effects of the present application from the content disclosed herein. The structures, proportions, sizes, etc. shown in the drawings attached in this specification are only used to cooperate with the contents disclosed in the specification for the understanding and reading of those who are familiar with the art, and are not used to limit the conditions that can be implemented in this case. Therefore, any modification, change or adjustment should still fall within the scope that the technical content disclosed in this case can cover without affecting the effect that this case can produce and the purpose that can be achieved.

圖1係關於本案之數位文件正本之驗證與移轉追溯之系統架構圖。主要用於說明將使用者U產製之數位文件300透過區塊鏈600及分散式檔案存儲元件700進行保存、移轉、及驗證等作業的實作元件及其彼此的關係。 Figure 1 is a system architecture diagram of the verification and transfer traceability of the original digital documents in this case. It is mainly used to describe the implementation elements and their relationship with each other for saving, transferring, and verifying the digital files 300 produced by the user U through the blockchain 600 and the distributed file storage element 700 .

在本實施例中,身分驗證元件100係藉由應用程式介面(Application Programming Interface,API)引導使用者U之身分註冊與驗證相關的應用。在一些實施例中,身分驗證元件100提供的應用包括:使用者註冊、存取 區塊鏈600、利用身分驗證智慧合約元件1000存取使用者註冊資料等。在此,身分驗證智慧合約元件1000係區塊鏈600中負責動態維護使用者註冊資料的智慧合約(例如,一段程式碼),其可視為身分驗證元件100的延伸部件,係與身分驗證元件100協同運作以執行相關應用。 In this embodiment, the identity verification component 100 guides the user U's identity registration and verification-related applications through an application programming interface (API). In some embodiments, the applications provided by the identity verification component 100 include: user registration, access Block chain 600, using identity verification smart contract component 1000 to access user registration information, etc. Here, the identity verification smart contract element 1000 is a smart contract (eg, a piece of code) in the blockchain 600 that is responsible for dynamically maintaining user registration information, which can be regarded as an extension of the identity verification element 100 and is related to the identity verification element 100 Work together to execute related applications.

舉例來說,身分驗證元件100提供的使用者註冊應用例如包括以下流程:使用者U可藉由身分驗證元件100提供的API要求進行身分註冊;使用者U向身分驗證元件100提交使用者U的公開金鑰憑證資料(例如,包含身份資訊之自然人憑證,其具備對應的公開金鑰及私密金鑰)、區塊鏈位址(例如,作為使用者U存取區塊鏈600的帳號位址)、及數位簽章(利用公開金鑰憑證資料的私密金鑰將前述二者加密的簽章資料)等註冊資料;以及在身分驗證元件100將所述數位簽章驗證通過的情況下,將所述公開金鑰憑證資料及所述區塊鏈位址及其他相關資料(如後續將詳述者)利用身分驗證智慧合約元件1000紀錄在區塊鏈600中。額外地,所述身分驗證智慧合約元件1000亦可在後續流程中用於查詢使用者U的身分相關資訊。 For example, the user registration application provided by the identity verification component 100 includes, for example, the following process: User U can request identity registration through the API provided by the identity verification component 100 ; Public key certificate data (for example, a natural person certificate containing identity information, which has corresponding public key and private key), blockchain address (for example, as the account address of the user U to access the blockchain 600 ), and digital signature (signature data encrypted with the private key of the public key certificate data) and other registration data; and when the identity verification component 100 passes the verification of the digital signature, the The public key certificate data and the blockchain address and other related data (as will be described in detail later) are recorded in the blockchain 600 using the identity verification smart contract element 1000 . In addition, the identity verification smart contract component 1000 can also be used to query the identity-related information of the user U in the subsequent process.

在一些實施例中,身分驗證元件100還在區塊鏈600中(例如,透過身分驗證智慧合約元件1000)維護有憑證廢止清冊,並經設置以定期檢查使用者U的公開金鑰憑證資料,並於所述公開金鑰憑證資料廢止時利用身分驗證智慧合約元件1000更新區塊鏈600中所儲存公開金鑰憑證資料的憑證狀態值。 In some embodiments, the identity verification element 100 also maintains a certificate revocation list in the blockchain 600 (eg, through the identity verification smart contract element 1000 ), and is configured to periodically check the public key certificate data of the user U, And when the public key certificate data is expired, the identity verification smart contract component 1000 is used to update the certificate state value of the public key certificate data stored in the blockchain 600 .

在本實施例中,文件移轉元件200係藉由API引導使用者U執行數位文件300的創建、存儲、移轉等正本維護作業。在一些實施例中,文件移轉元件200提供的應用包括:存取分散式檔案存儲元件700、存取區塊鏈600、連接身分驗證元件100、呼叫文件代幣合約元件400等。 In this embodiment, the file transfer component 200 guides the user U to perform original maintenance operations such as creation, storage, and transfer of the digital file 300 through the API. In some embodiments, the applications provided by the file transfer element 200 include: accessing the distributed file storage element 700, accessing the blockchain 600, connecting the authentication element 100, calling the file token contract element 400, and the like.

舉例來說,當使用者U創建一新的數位文件300時,首先透過文件移轉元件200呼叫身分驗證元件100對(例如,透過身分驗證智慧合約元件1000)使用者U進行真實身份的驗證,並在將數位文件300儲存至分散式檔案存儲元件700同時呼叫文件代幣合約元件400在區塊鏈600中創建此數位文件300的文件代幣。 For example, when the user U creates a new digital file 300, it first calls the identity verification component 100 through the file transfer component 200 to verify the real identity of the user U (for example, through the identity verification smart contract component 1000). And while the digital file 300 is stored in the distributed file storage element 700, the file token contract element 400 is called to create a file token of the digital file 300 in the blockchain 600.

舉另一例來說,當進行數位文件300之移轉(例如,將數位文件300交易給新的使用者U)時,亦須通過文件移轉元件200呼叫身分驗證元件100對(例如,透過身分驗證智慧合約元件1000)新的使用者U進行真實身份的驗證,並呼叫文件代幣合約元件400執行區塊鏈600中數位文件300之文件代幣的內容變更、交易及相關移轉紀錄的存證等作業。 For another example, when the digital file 300 is transferred (for example, the digital file 300 is traded to a new user U), the pair of authentication elements 100 must also be called through the file transfer element 200 (for example, through the identity verification element 100). Verification of the smart contract element 1000) The new user U performs real identity verification, and calls the file token contract element 400 to execute the content change of the file token of the digital file 300 in the blockchain 600, and the storage of transactions and related transfer records. certificate, etc.

在一些實施例中,分散式檔案存儲元件700係以星際檔案系統(Inter Planetary File System,IPFS)實現以用於永久保存數位文件300的原始檔案,然而,分散式檔案存儲元件700亦可為任意的存儲用系統、設備、資料庫等,在本文中並不特別限定。 In some embodiments, the distributed file storage element 700 is implemented by the Inter Planetary File System (IPFS) for permanently storing the original files of the digital file 300 , however, the distributed file storage element 700 can also be any The storage system, equipment, database, etc., are not particularly limited in this document.

在其他實施例中,文件履歷智慧合約元件900類似於身分驗證智慧合約元件1000,同為區塊鏈600中的智慧合約(例如,一段程式碼),係用於對應使用者U透過文件移轉元件200執行之數位文件300的移轉作業而動態地在區塊鏈600中進行紀錄存證,其存證的移轉紀錄內容包括但不限於:數位文件300的創建時間、文件代幣交易時間、文件代幣之交易前後擁有者的區塊鏈位址等事項。另外,此移轉紀錄可供使用者U於後續透過正本驗證與追溯元件500查詢時輸出。 In other embodiments, the document history smart contract element 900 is similar to the identity verification smart contract element 1000, and is also a smart contract (eg, a piece of code) in the blockchain 600, which is used for corresponding user U to transfer files through a file The transfer operation of the digital file 300 executed by the component 200 dynamically records the certificate in the blockchain 600, and the transfer record content of the certificate includes but is not limited to: the creation time of the digital file 300 and the transaction time of the file token. , the blockchain address of the owner before and after the transaction of the file token, etc. In addition, the transfer record can be output by the user U in subsequent inquiries through the original verification and traceability component 500 .

在本實施例中,文件代幣合約元件400係區塊鏈600中的另一種智慧合約,係用於管理數位文件300對應之文件代幣的創建、交易、變更、移轉紀錄之存證等應用。在一些實施例中,所述數位文件300的文件代幣之內容主要包 括代幣本體資訊和元數據(metadata)詮釋資料二部分,其中,代幣本體資訊係紀錄數位文件300唯一的識別碼及擁有者資訊等資料;而元數據詮釋資料係以例如JSON的資料交換格式紀錄數位文件300之創建時間、正本雜湊值、副本雜湊值、用於存儲正本之加密的IPFS位址、用於存儲副本之加密的IPFS位址、文件代幣交易時間等資料。 In this embodiment, the file token contract element 400 is another smart contract in the blockchain 600 , which is used to manage the creation, transaction, change, and transfer records of the file token corresponding to the digital file 300 , etc. application. In some embodiments, the content of the file token of the digital file 300 mainly includes It includes two parts: token ontology information and metadata (metadata) metadata. Among them, the token ontology information records the unique identification code and owner information of the digital file 300; and the metadata metadata is exchanged with data such as JSON The format records the creation time of the digital file 300, the original hash value, the copy hash value, the encrypted IPFS address for storing the original, the encrypted IPFS address for storing the copy, and the transaction time of the file token.

在一些實施例中,文件代幣合約元件400管理的文件代幣係非替換式代幣(non-fungible token)的智慧合約,如乙太坊(Ethereum)區塊鏈的ERC-721標準代幣,因此,每個數位文件300可視為獨一、不可分割或複製的數位資產來進行處理。 In some embodiments, the file tokens managed by the file token contract element 400 are smart contracts for non-fungible tokens, such as ERC-721 standard tokens of the Ethereum blockchain. , therefore, each digital file 300 can be treated as a unique, indivisible or duplicate digital asset.

在本實施例中,正本驗證與追溯元件500係藉由API引導使用者U針對特定數位文件300進行正本驗證或移轉紀錄之追溯等應用。 In this embodiment, the original verification and traceability component 500 uses the API to guide the user U to perform applications such as original verification or transfer record traceability for a specific digital file 300 .

舉一例來說,當使用者U欲驗證特定文件之合法性時,可透過正本驗證與追溯元件500提供的API(亦稱為,正本驗證與追溯元件500的用戶端)輸入此特定文件的雜湊值,此時正本驗證與追溯元件500將此雜湊值與區塊鏈600中所儲存各數位文件300之文件代幣(例如,透過文件移轉元件200呼叫文件代幣合約元件400查詢相關之文件代幣)進行比對,並將相符的文件代幣之內容(包含前述之代幣本體資訊和元數據詮釋資料)回傳,進而確認此特定文件之合法性(即,屬於分散式檔案存儲元件700所保存數位文件300中之任一者)。 For example, when the user U wants to verify the legitimacy of a specific document, he can input the hash of the specific document through the API provided by the original verification and traceability component 500 (also known as the client side of the original verification and traceability component 500 ). At this time, the original verification and traceability component 500 associates this hash value with the file token of each digital file 300 stored in the blockchain 600 (for example, by calling the file token contract component 400 through the file transfer component 200 to query the related file Tokens) to compare and return the content of the matching document tokens (including the aforementioned token ontology information and metadata metadata) to confirm the legitimacy of this particular document (that is, it belongs to a distributed file storage element) 700 any of the stored digital files 300).

舉另一例來說,當使用者U欲調查某一特定文件(假定為已知數位文件300中的任一者)的移轉紀錄時,同樣可透過正本驗證與追溯元件500提供的API輸入此特定文件的雜湊值或文件代幣的識別碼,此時正本驗證與追溯元件500將依據此雜湊值或識別碼自區塊鏈600中找出對應數位文件300的文件代幣, 並呼叫文件履歷智慧合約元件900將文件代幣所紀錄數位文件300自創建到最近期間發生的交易紀錄回傳。 For another example, when the user U wants to investigate the transfer record of a specific file (assumed to be any one of the known digital files 300 ), he can also input this data through the API provided by the original verification and traceability component 500 . The hash value of a specific file or the identification code of the file token. At this time, the original verification and traceability component 500 will find the file token corresponding to the digital file 300 from the blockchain 600 according to the hash value or identification code. And call the file history smart contract component 900 to return the transaction records that occurred in the digital file 300 recorded by the file token from the creation to the most recent period.

在本實施例中,解密下載元件800係一種線上服務,其用於供使用者U(以經確認為數位文件300之擁有者為前提)使用(經授權的)解密金鑰及數位文件300之文件代幣所紀錄用於存儲正本或副本之加密的IPFS位址向分散式檔案存儲元件700存取並下載對應的數位文件300。 In the present embodiment, the decryption download element 800 is an online service for the user U (provided that he is confirmed as the owner of the digital file 300 ) to use the (authorized) decryption key and the data of the digital file 300 The encrypted IPFS address recorded by the file token for storing the original or the copy accesses and downloads the corresponding digital file 300 to the distributed file storage element 700 .

圖2A、2B係揭露身分驗證元件100執行使用者U之身份註冊及驗證的步驟流程圖。詳言之,圖2A係關於身份註冊的步驟流程、圖2B係關於身份驗證的步驟流程。此外,圖2A及2B所示步驟流程可順序地執行,亦可在不同時間依照使用者U需求(例如,在使用者U使用本發明之系統中其他元件的服務時)分別執行,在本發明中並不特別限定。 2A and 2B are flowcharts showing the steps of performing the identity registration and verification of the user U by the identity verification element 100 . To be more specific, FIG. 2A is a flow of steps related to identity registration, and FIG. 2B is a flow of steps related to identity verification. In addition, the steps shown in FIGS. 2A and 2B can be executed sequentially, and can also be executed separately at different times according to the needs of the user U (for example, when the user U uses the services of other components in the system of the present invention). is not particularly limited.

首先參考圖2A,身份註冊之執行係開始於使用者U操作身分驗證元件100之API提交註冊要求時。此時,身分驗證元件100係於步驟S201處接收使用者U上傳之公開金鑰憑證資料(例如,包含身份資訊之自然人憑證)、區塊鏈位址(例如,作為使用者U存取區塊鏈600的帳號位址)、及數位簽章(利用公開金鑰憑證資料之私密金鑰將前述二者加密的簽章資料)等註冊資料。接著,身分驗證元件100係於步驟S202處將數位簽章解密(例如,使用公開金鑰憑證資料的公開金鑰)並與公開金鑰憑證資料及區塊鏈位址比對,並在步驟S203處確認比對無誤下,於步驟S204處將所述公開金鑰憑證資料的雜湊值、公開金鑰、有效日期、憑證狀態等資訊及所述區塊鏈位址利用身分驗證智慧合約元件1000儲存至區塊鏈600中,藉以完成使用者U的身份註冊。 Referring first to FIG. 2A , the execution of the identity registration starts when the user U operates the API of the identity verification element 100 to submit a registration request. At this time, the identity verification component 100 receives the public key certificate data (for example, a natural person certificate containing identity information) uploaded by the user U at step S201 , the blockchain address (for example, as the user U accesses the block) Chain 600 account address), and digital signature (signature data encrypted with the private key of the public key certificate data) and other registration data. Next, the identity verification element 100 decrypts the digital signature (eg, using the public key of the public key certificate data) at step S202 and compares it with the public key certificate data and the blockchain address, and at step S203 After confirming that the comparison is correct, in step S204, the hash value, public key, valid date, certificate status and other information of the public key certificate data and the blockchain address are stored using the identity verification smart contract component 1000 into the blockchain 600, so as to complete the identity registration of the user U.

接著參考圖2B,身份驗證之執行可在圖2A的步驟S204後接續執行,或是因應本發明之系統的其他元件之作業需求執行。此時,身分驗證元件100或文件代幣合約元件400(當身分驗證的要求是由其他元件發起的情況下)係於步驟S205處接收使用者U所輸入欲查詢的區塊鏈位址,以開始處理身份驗證的要求。接著,身分驗證元件100或文件代幣合約元件400係於步驟S206處呼叫區塊鏈600中的身分驗證智慧合約元件1000依據輸入的區塊鏈位址查詢相關的註冊資料(例如,前述使用者U之公開金鑰憑證資料的相關內容)。最後,身分驗證智慧合約元件1000係於步驟S207將查詢到的註冊資料(即,驗證結果)回傳至身分驗證元件100,並完成身份驗證的作業。 Next, referring to FIG. 2B , the execution of the identity verification can be performed continuously after step S204 in FIG. 2A , or according to the operational requirements of other elements of the system of the present invention. At this time, the identity verification component 100 or the document token contract component 400 (when the identity verification request is initiated by other components) receives the blockchain address to be queried input by the user U at step S205, to Start processing authentication requirements. Next, the identity verification component 100 or the document token contract component 400 calls the identity verification smart contract component 1000 in the blockchain 600 to query the relevant registration data (for example, the aforementioned user U's public key certificate data related content). Finally, the identity verification smart contract component 1000 returns the queried registration data (ie, the verification result) to the identity verification component 100 in step S207, and completes the identity verification operation.

圖3係揭露文件移轉元件200執行數位文件300之創建的步驟流程。 FIG. 3 shows a flow of steps for the file transfer element 200 to execute the creation of the digital file 300 .

在步驟S301處,使用者U係透過文件移轉元件200的API輸入數位文件300的原始檔案及使用者U的區塊鏈位址。基於接收到的區塊鏈位址,文件移轉元件200係於步驟S302透過呼叫身分驗證元件100進行使用者U的身份驗證(如上述圖2B所示的步驟,透過身分驗證元件100或文件代幣合約元件400呼叫身分驗證智慧合約元件1000查找區塊鏈600中的註冊資料)。接著,在步驟S303確認身份驗證成功下(例如,確認所接收區塊鏈位址與區塊鏈600所紀錄者相符的情況),文件移轉元件200係執行步驟S304以將數位文件300(包括其原始檔案)儲存至分散式檔案存儲元件700。同時,針對新創建的數位文件300,文件移轉元件200將於步驟S305呼叫文件代幣合約元件400為此數位文件300在區塊鏈600中創建對應的文件代幣,並在步驟S306將文件代幣的內容(以數位文件300的正本雜湊值 及/或副本雜湊值作為索引)紀錄至分散式檔案存儲元件700,以完成數位文件300的創建。 At step S301 , the user U inputs the original file of the digital file 300 and the blockchain address of the user U through the API of the file transfer element 200 . Based on the received blockchain address, the file transfer element 200 performs the identity verification of the user U by calling the identity verification element 100 in step S302 (as in the step shown in FIG. 2B above, through the identity verification element 100 or the file proxy The currency contract component 400 calls the identity verification smart contract component 1000 to look up the registration data in the blockchain 600). Next, after confirming that the identity verification is successful in step S303 (for example, confirming that the received blockchain address is consistent with the one recorded in the blockchain 600), the file transfer component 200 executes step S304 to transfer the digital file 300 (including its original file) is stored to the distributed file storage element 700 . At the same time, for the newly created digital file 300, the file transfer component 200 will call the file token contract component 400 in step S305 to create a corresponding file token in the blockchain 600 for the digital file 300, and in step S306, transfer the file The content of the token (the original hash value of the digital file 300 and/or copy hash value as an index) to the distributed file storage element 700 to complete the creation of the digital file 300 .

如前述,文件代幣合約元件400所創建數位文件300的文件代幣之內容主要包括代幣本體資訊和元數據(metadata)詮釋資料二部分,其中,代幣本體資訊係紀錄數位文件300唯一的識別碼及擁有者資訊等資料,擁有者資訊在本實施例中係指使用者U於註冊時使用的區塊鏈位址;而元數據詮釋資料係以例如JSON的資料交換格式紀錄數位文件300之創建時間、正本雜湊值、副本雜湊值、用於存儲正本之加密的IPFS位址、用於存儲副本之加密的IPFS位址、文件代幣交易時間等資料。在一些實施例中,用於存儲數位文件300之正本或副本的IPFS位址係使用由擁有者資訊(區塊鏈位址)導出的加解密金鑰進行加密,而所述加解密金鑰的計算方法係採用SHA雜湊演算法:SHA(SHA(Address)+Key 1)得出,此時,將擁有者資訊帶入Address欄位,並使用代表系統的固定金鑰值Key 1一同進行SHA雜湊演算即可得出加解密金鑰。在其他實施例中,上述數位文件300之正本雜湊值及/或副本雜湊值係以不同於上述SHA雜湊演算法的其他雜湊演算法計算之,並且所述正本雜湊值及/或副本雜湊值係作為在分散式檔案存儲元件700查詢數位文件300對應之文件代幣的索引值,以供後續進行特定數位文件300之正本驗證與移轉紀錄追溯時於區塊鏈600查找文件代幣的搜尋依據。 As mentioned above, the content of the file token of the digital file 300 created by the file token contract component 400 mainly includes two parts: the token ontology information and the metadata (metadata) metadata. Data such as identification code and owner information, in this embodiment, the owner information refers to the blockchain address used by the user U during registration; and the metadata metadata records the digital file 300 in a data exchange format such as JSON The creation time, the original hash value, the copy hash value, the encrypted IPFS address used to store the original copy, the encrypted IPFS address used to store the copy, and the transaction time of the file token. In some embodiments, the IPFS address used to store the original or copy of the digital file 300 is encrypted using an encryption/decryption key derived from owner information (blockchain address), and the encryption/decryption key's The calculation method adopts the SHA hash algorithm: SHA(SHA(Address)+ Key 1 ). At this time, the owner information is brought into the Address field, and the fixed key value Key 1 representing the system is used to perform SHA hash together. The encryption and decryption keys can be obtained by calculus. In other embodiments, the original hash value and/or the copy hash value of the above-mentioned digital file 300 is calculated by other hash algorithms different from the above-mentioned SHA hash algorithm, and the original hash value and/or the copy hash value is It is used as the index value of the file token corresponding to the digital file 300 when the distributed file storage element 700 is queried, for the subsequent verification of the original of the specific digital file 300 and the traceability of the transfer record in the blockchain 600. The search basis for the file token .

圖4係揭露文件移轉元件200執行數位文件300之移轉(交易)的步驟流程。 FIG. 4 discloses a flow of steps for the file transfer component 200 to perform transfer (transaction) of the digital file 300 .

首先,文件移轉元件200係於步驟S401處接收使用者U(及,數位文件300當前的擁有者)提出的交易請求。此時,在欲執行數位文件300之移轉的使用者U(即,數位文件300的擁有者)的身份已被驗證(例如,依照圖2B所示的步驟 流程,透過身分驗證元件100或文件代幣合約元件400呼叫身分驗證智慧合約元件1000以確認使用者U所輸入自身之區塊鏈位址為正確)、並透過文件代幣合約元件400比對區塊鏈600中所儲存之文件代幣以確認所述使用者U確實為數位文件300的擁有者下,使用者U(擁有者)可透過文件移轉元件200之API輸入數位文件300之文件代幣的交易對象(接收者,即除數位文件300之擁有者以外的任意使用者U)的區塊鏈位址,並指派欲交易之數位文件300的識別碼(如文件代幣所記錄代幣本體資訊之內容),藉以啟動交易請求的處理。 First, the file transfer component 200 receives a transaction request from the user U (and the current owner of the digital file 300 ) at step S401 . At this point, the identity of the user U (ie, the owner of the digital file 300 ) who wants to perform the transfer of the digital file 300 has been verified (eg, according to the steps shown in FIG. 2B ) The process is to call the identity verification smart contract component 1000 through the identity verification component 100 or the document token contract component 400 to confirm that the blockchain address entered by the user U is correct), and compare the area through the document token contract component 400 The file token stored in the block chain 600 confirms that the user U is indeed the owner of the digital file 300, the user U (the owner) can input the file code of the digital file 300 through the API of the file transfer element 200 The blockchain address of the transaction object of the currency (receiver, that is, any user U other than the owner of the digital file 300), and assigns the identification code of the digital file 300 to be traded (such as the token recorded in the file token). content of the ontology information) to initiate the processing of the transaction request.

接著,文件移轉元件200係於步驟S402處透過身分驗證元件100或文件代幣合約元件400呼叫身分驗證智慧合約元件1000查找區塊鏈600中的註冊資料以驗證交易對象(接收者)的身份(如同圖2B所示的步驟流程,確認接收者的區塊鏈位址係真實註冊者),並在步驟S403處確認交易對象身份驗證通過下,開始數位文件300的交易。 Next, the document transfer component 200 calls the identity verification smart contract component 1000 through the identity verification component 100 or the document token contract component 400 at step S402 to search the registration data in the blockchain 600 to verify the identity of the transaction object (receiver) (Similar to the step flow shown in FIG. 2B , confirming that the recipient's blockchain address is the real registrant), and confirming that the transaction object's identity verification is passed at step S403, the transaction of the digital file 300 is started.

然後,文件移轉元件200係於步驟S404使用數位文件300之擁有者的區塊鏈位址計算解密金鑰(例如,上述之SHA雜湊演算法),並使用此解密金鑰將數位文件300之文件代幣所記錄加密的正本或副本IPFS位址解密(即,獲得原始的正本或副本IPFS位址)。 Then, the file transfer element 200 calculates a decryption key (eg, the above-mentioned SHA hash algorithm) using the blockchain address of the owner of the digital file 300 in step S404, and uses the decryption key to transfer the digital file 300 to the Decrypt the encrypted original or copy IPFS address recorded by the file token (ie, obtain the original original or copy IPFS address).

再而,文件移轉元件200係於步驟S405呼叫文件代幣合約元件400更新區塊鏈600中數位文件300對應之文件代幣的內容,包括:使用交易對象(接收者)的區塊鏈位址計算新的加密金鑰(同樣使用上述之SHA雜湊演算法),將解密獲得的正本或副本IPFS位址重新加密並記錄至文件代幣中;將文件代幣的擁有者資訊變更為交易對象(接收者)的區塊鏈位址;以及紀錄文件代幣的交易時間等。 Furthermore, the file transfer component 200 calls the file token contract component 400 in step S405 to update the content of the file token corresponding to the digital file 300 in the blockchain 600, including: using the blockchain token of the transaction object (receiver). address to calculate a new encryption key (also using the above-mentioned SHA hash algorithm), re-encrypt the original or copy IPFS address obtained by decryption and record it in the file token; change the owner information of the file token to the transaction object (receiver) blockchain address; and record transaction time of file tokens, etc.

最後,文件移轉元件200係於步驟S406呼叫文件履歷智慧合約元件900將此數位文件300之文件代幣的移轉紀錄更新(例如,紀錄步驟S405處對文件代幣的更新內容)並記錄於區塊鏈600中。 Finally, the file transfer component 200 calls the file history smart contract component 900 in step S406 to update the transfer record of the file token of the digital file 300 (for example, record the updated content of the file token at step S405 ) and record it in Blockchain 600.

圖5係揭露解密下載元件800執行數位文件300之下載的步驟流程。此時,能解密下載數位文件300的使用者U必須為真實的擁有者,故以下步驟流程將解釋使用者U提出下載申請到完成下載的流程。 FIG. 5 shows a flow of steps for the decryption and download component 800 to perform the download of the digital file 300 . At this time, the user U who can decrypt and download the digital file 300 must be the real owner, so the following steps will explain the process from the user U submitting the download application to the completion of the download.

首先於步驟S501,解密下載元件800的用戶端(例如,API)可將使用者U所提交數位文件300的識別碼(如文件代幣的擁有者紀錄所紀錄者)組成申請資料。 First in step S501 , the client (eg, API) of the decrypted download element 800 can combine the identification code of the digital file 300 submitted by the user U (such as the one recorded in the owner record of the file token) into application data.

接著,解密下載元件800的用戶端係於步驟S502使用使用者U之公開金鑰憑證資料對應的私密金鑰簽署所述申請資料,並以數位文件300的識別碼、簽署後的申請資料向解密下載元件800的伺服端提出下載數位文件300的申請程序。 Next, the client of the decrypted download element 800 signs the application data with the private key corresponding to the public key certificate data of the user U in step S502, and uses the identification code of the digital file 300 and the signed application data to decrypt the application data. The server of the download element 800 proposes an application procedure for downloading the digital file 300 .

然後,解密下載元件800的伺服端係於步驟S503根據使用者U提交的識別碼透過文件代幣合約元件400查找並取回區塊鏈600中對應的文件代幣。 Then, the server of the decryption download element 800 searches for and retrieves the corresponding file token in the blockchain 600 through the file token contract element 400 according to the identification code submitted by the user U in step S503 .

而解密下載元件800係進一步於步驟S504呼叫身分驗證元件100利用身分驗證智慧合約元件1000查找(利用文件代幣所記錄的擁有者資訊)區塊鏈600所紀錄使用者U之公開金鑰憑證資料對應的公開金鑰進行簽署後申請資料的解密及驗證,進而確認此使用者U係數位文件300真實的擁有者。 The decryption download element 800 further calls the identity verification element 100 in step S504 to use the identity verification smart contract element 1000 to search (using the owner information recorded in the file token) the public key certificate data of the user U recorded in the blockchain 600 The corresponding public key is used to decrypt and verify the application data after signing, so as to confirm the real owner of the user U-factor bit file 300 .

接著,當步驟S505判斷申請資料驗證通過(即,成功使用公開金鑰將簽署後申請資料解密)下,身分驗證元件100可在步驟S506使用所取得文件代幣所紀錄擁有者(使用者U)的區塊鏈位址計算解密金鑰(例如,使用上述之SHA雜湊 演算法),並使用此解密金鑰將文件代幣中所紀錄的正本或副本IPFS位址解密並回傳給解密下載元件800。 Next, when it is determined in step S505 that the verification of the application data is passed (that is, the signed application data is successfully decrypted by using the public key), the identity verification component 100 can use the obtained document token to record the owner (user U) in step S506 Compute the decryption key (e.g. using the SHA hash described above) Algorithm), and use this decryption key to decrypt the original or copy IPFS address recorded in the file token and return it to the decryption download element 800.

最後於步驟S507,解密下載元件800可將所取得數位文件300之正本或副本IPFS位址向分散式檔案存儲元件700執行數位文件300之下載,以致能使用者U取得數位文件300的原始檔案內容。 Finally, in step S507 , the decryption download element 800 can download the digital file 300 from the IPFS address of the obtained original or copy of the digital file 300 to the distributed file storage element 700 , so that the user U can obtain the original file content of the digital file 300 .

圖6係揭露正本驗證與追溯元件500執行特定數位文件300之正本驗證或移轉紀錄之追溯的實施方式。此時,由於正本驗證與追溯元件500係用於提供一種公開服務,任意使用者U(無論是否事先跟區塊鏈600提出註冊)皆可以其所持有的特定文件向正本驗證與追溯元件500提出驗證合法性或追溯移轉紀錄的請求。 FIG. 6 discloses an embodiment in which the original verification and traceability component 500 performs the original verification of a specific digital document 300 or the traceability of the transfer record. At this time, since the original verification and traceability component 500 is used to provide a public service, any user U (regardless of whether it has registered with the blockchain 600 in advance) can report to the original verification and traceability component 500 with the specific document held by him or her. Make a request to verify legality or retroactively transfer records.

首先,正本驗證與追溯元件500的用戶端(例如,API)係於步驟S601計算使用者U欲進行驗證的特定文件的雜湊值(即,待驗證雜湊值)。此時,計算待驗證雜湊值的方法係相同於文件代幣合約元件400創建文件代幣時建立正本雜湊值或副本雜湊值所使用的雜湊演算法,在此不另外說明。 First, the client (eg, API) of the original verification and traceability component 500 calculates the hash value (ie, the hash value to be verified) of the specific file that the user U wants to verify in step S601 . At this time, the method of calculating the hash value to be verified is the same as the hash algorithm used to establish the original hash value or the duplicate hash value when the file token contract component 400 creates the file token, and is not described herein.

接著,正本驗證與追溯元件500的用戶端係於步驟S602依據此特定文件的待驗證雜湊值向正本驗證與追溯元件500的伺服端提出正本驗證及追溯移轉紀錄的請求,而正本驗證與追溯元件500將以此待驗證雜湊值為索引值呼叫文件移轉元件200向分散式檔案存儲元件700查詢是否有相關數位文件300對應的文件代幣,進而呼叫文件代幣合約元件400向區塊鏈600取回所述對應的文件代幣。 Next, the client of the original verification and traceability component 500 submits a request for the original verification and traceability transfer record to the server of the original verification and traceability component 500 according to the hash value to be verified of the specific document in step S602, and the original verification and traceability are performed. The element 500 will call the file transfer element 200 to the distributed file storage element 700 to inquire whether there is a file token corresponding to the relevant digital file 300 based on the hash value to be verified as the index value, and then call the file token contract element 400 to the blockchain. 600 The corresponding file token is retrieved.

然後,在步驟S603確認文件代幣存在的情況下(即,此特定文件為由分散式檔案存儲元件700所保存數位文件300的其中一者),正本驗證與追溯元 件500係進一步於步驟S604將步驟S601處計算的待驗證雜湊值與文件代幣所紀錄正本或副本之雜湊值進行比對分析,藉以確認此特定文件確實為數位文件300的合法正本(即,未經偽造或不法變更的數位文件300)。 Then, in the case where the existence of the file token is confirmed in step S603 (that is, the specific file is one of the digital files 300 stored by the distributed file storage element 700), the original verification and traceability are performed. The file 500 is further analyzed in step S604 by comparing the hash value to be verified calculated at step S601 with the hash value of the original or copy recorded in the file token, so as to confirm that the specific file is indeed the legal original of the digital file 300 (ie, Digital files that have not been forged or illicitly altered 300).

再而,當步驟S605確認此特定文件之合法性通過下,正本驗證與追溯元件500將進一步於步驟S606呼叫文件履歷智慧合約元件900將此特定文件所對應文件代幣的所有移轉紀錄輸出,並在步驟S607將此特定文件對應之文件代幣本身及其移轉紀錄回傳以供使用者U閱覽。 Furthermore, when step S605 confirms the validity of the specific file, the original verification and traceability component 500 will further call the file history smart contract component 900 in step S606 to output all transfer records of the file token corresponding to the specific file, And in step S607, the file token itself and its transfer record corresponding to the specific file are returned for the user U to read.

以上所述的各元件均可為軟體、硬體或韌體;若為硬體,則可為具有資料處理與運算能力之處理單元、處理器、電腦或伺服器;若為軟體或韌體,則可包括處理單元、處理器、電腦或伺服器可執行之指令。 Each of the above-mentioned components can be software, hardware or firmware; in the case of hardware, it can be a processing unit, processor, computer or server with data processing and computing capabilities; in the case of software or firmware, It may include instructions executable by a processing unit, processor, computer or server.

本發明復揭露一種電腦可讀媒介,係應用於於具有處理器(例如,CPU、GPU等)及/或記憶體的計算裝置或電腦中,且儲存有指令,並可利用此計算裝置或電腦透過處理器及/或記憶體執行此電腦可讀媒介,以於執行此電腦可讀媒介時執行上述之各步驟。 The present invention further discloses a computer-readable medium, which is applied to a computing device or computer having a processor (eg, CPU, GPU, etc.) and/or memory, and stores instructions, and can utilize the computing device or computer The computer-readable medium is executed by a processor and/or a memory, so as to execute the above steps when the computer-readable medium is executed.

綜上所述,本發明之數位文件正本之驗證與移轉追溯之系統、方法及電腦可讀媒介主要係利用非替換式代幣的智慧合約將數位文件轉變成獨一、不可分割或複製的數位資產,並採用分散式檔案系統永久儲存數位文件之原始檔案,再整合使用者的公開金鑰憑證資料來確認數位文件與其擁有者及移轉紀錄間的關係,故能以公開透明、高安全性、高效率且易於使用的方案實現數位文件之正本驗證機制及移轉追溯。 To sum up, the system, method and computer-readable medium for the verification and transfer traceability of the original digital document of the present invention mainly utilize the smart contract of non-replaceable tokens to convert the digital document into a unique, indivisible or duplicated digital document. Digital assets, and use a decentralized file system to permanently store the original files of digital files, and then integrate the user's public key certificate data to confirm the relationship between digital files and their owners and transfer records, so it can be open, transparent and highly secure. A flexible, efficient and easy-to-use solution to realize the original verification mechanism and transfer traceability of digital documents.

上述實施例僅例示性說明本案之功效,而非用於限制本案,任何熟習此項技藝之人士均可在不違背本案之精神及範疇下對上述該些實 施態樣進行修飾與改變。因此本案之權利保護範圍,應如後述之申請專利範圍所列。 The above-mentioned embodiments are only used to illustrate the effect of this case, rather than to limit this case. Modifications and changes are made in the form. Therefore, the scope of protection of the rights in this case should be listed in the scope of the patent application described later.

100:身分驗證元件 100: Authentication element

200:文件移轉元件 200: File transfer element

300:數位文件 300: digital file

400:文件代幣合約元件 400: Document Token Contract Element

500:正本驗證與追溯元件 500: Original Verification and Traceability Elements

600:區塊鏈 600: Blockchain

700:分散式檔案存儲元件 700: Decentralized Archive Storage Element

800:解密下載元件 800: Decrypt download components

900:文件履歷智慧合約元件 900: Document History Smart Contract Element

1000:身分驗證智慧合約元件 1000: Identity Verification Smart Contract Components

Claims (19)

一種數位文件之驗證與移轉追溯之系統,包括:身分驗證元件,係透過身分驗證智慧合約元件在區塊鏈中維護使用者之包括一區塊鏈位址與一具有雜湊值、公開金鑰、有效日期及憑證狀態四者之公開金鑰憑證資料之註冊資料;文件移轉元件,係根據該身分驗證元件透過該身分驗證智慧合約元件在該區塊鏈中維護該使用者之包括該區塊鏈位址與具有該雜湊值、公開金鑰、有效日期及憑證狀態四者之該公開金鑰憑證資料之該註冊資料執行該數位文件之正本維護作業;文件代幣合約元件,係根據該文件移轉元件針對該身分驗證元件透過該身分驗證智慧合約元件在該區塊鏈中維護該使用者之包括該區塊鏈位址與具有該雜湊值、公開金鑰、有效日期及憑證狀態四者之該公開金鑰憑證資料之該註冊資料所執行之該數位文件之該正本維護作業在該區塊鏈中維護該數位文件的文件代幣;以及分散式檔案存儲元件,係保存該數位文件之原始檔案及該文件代幣的索引值。 A system for verification and transfer traceability of digital documents, comprising: an identity verification element, which maintains a user's address in a blockchain through an identity verification smart contract element, including a blockchain address and a public key with a hash value , the registration data of the public key certificate data of the validity date and certificate status; the file transfer element is based on the identity verification element through the identity verification smart contract element to maintain the user's including this area in the blockchain The blockchain address and the registration data of the public key certificate data with the hash value, the public key, the validity date and the certificate status perform the maintenance of the original of the digital file; the document token contract element is based on the The file transfer element maintains the user's including the blockchain address with the hash value, public key, expiry date and certificate status in the blockchain through the authentication smart contract element for the authentication element. The original maintenance operation of the digital file performed by the registration data of the public key certificate data of the user maintains the file token of the digital file in the blockchain; and a distributed file storage element, which stores the digital file. The original file and the index value of the file token. 如請求項1所述之系統,其中,該身分驗證元件維護該註冊資料之方式包括註冊作業,該註冊作業之執行方式係包括:令該身分驗證元件接收該使用者之該註冊資料,其中,該註冊資料復包括利用該公開金鑰憑證資料之私密金鑰將該公開金鑰憑證資料及該區塊鏈位址加密的數位簽章;令該身分驗證元件利用該公開金鑰憑證資料之該公開金鑰解密該數位簽章;以及 令該身分驗證元件將該數位簽章之解密內容與該公開金鑰憑證資料及該區塊鏈位址比對,以當該比對之結果為相符的情況下,令該身分驗證元件將該註冊資料透過該身分驗證智慧合約元件儲存於該區塊鏈。 The system of claim 1, wherein the method of maintaining the registration data by the identity verification element comprises a registration operation, and the execution method of the registration operation comprises: causing the identity verification element to receive the registration information of the user, wherein, The registration data further includes a digital signature encrypted with the public key certificate data and the blockchain address using the private key of the public key certificate data; the public key to decrypt the digital signature; and cause the authentication element to compare the decrypted content of the digital signature with the public key certificate data and the blockchain address, and if the result of the comparison is consistent, cause the authentication element to Registration data is stored on the blockchain through the identity verification smart contract element. 如請求項1所述之系統,其中,該身分驗證元件維護該註冊資料之方式包括驗證作業,該驗證作業之執行方式係包括:令該身分驗證元件接收該區塊鏈位址;以及令該身分驗證元件依據該區塊鏈位址透過該身分驗證智慧合約元件查找該區塊鏈中對應的該註冊資料,以令該身分驗證元件回傳該註冊資料的內容。 The system of claim 1, wherein the manner in which the identity verification element maintains the registration data includes a verification operation, and the verification operation is performed in a manner comprising: causing the identity verification element to receive the blockchain address; and causing the identity verification element to receive the blockchain address; and The identity verification component searches the corresponding registration data in the blockchain through the identity verification smart contract component according to the blockchain address, so that the identity verification component returns the content of the registration data. 如請求項1所述之系統,其中,該正本維護作業包括該數位文件之創建作業,該創建作業之執行方式係包括:令該文件移轉元件接收該數位文件之該原始檔案及該區塊鏈位址;令該文件移轉元件呼叫該身分驗證元件透過該身分驗證智慧合約元件基於該區塊鏈位址查詢該區塊鏈中的該註冊資料,以確認該區塊鏈位址與該註冊資料所紀錄者相符;令該文件移轉元件將該原始檔案儲存至分散式檔案存儲元件;以及令該文件移轉元件呼叫該文件代幣合約元件於該區塊鏈中產製該數位文件之該文件代幣,以令該文件移轉元件於該分散式檔案存儲元件紀錄該文件代幣之該索引值,其中,該索引值係該數位文件之雜湊值。 The system of claim 1, wherein the original maintenance operation includes a creation operation of the digital file, and the execution mode of the creation operation includes: causing the file transfer element to receive the original file and the block of the digital file chain address; make the document transfer element call the authentication element through the authentication smart contract element to query the registration data in the blockchain based on the blockchain address to confirm the blockchain address and the The registration information matches those recorded in the registration data; cause the file transfer element to store the original file in the distributed file storage element; and make the file transfer element call the file token contract element to produce the digital file in the blockchain the file token, so that the file transfer element records the index value of the file token in the distributed file storage element, wherein the index value is a hash value of the digital file. 如請求項1所述之系統,其中,該文件代幣係包括代幣本體資訊及元數據詮釋資料,其中,該代幣本體資訊係包括該數位文件之識別碼及代表該區塊鏈位址的擁有者資訊,而該元數據詮釋資料係包括該數位文件之創建時間、雜湊值、加密存儲位址、及該文件代幣的交易時間。 The system of claim 1, wherein the document token includes token ontology information and metadata metadata, wherein the token ontology information includes an identifier for the digital document and an address representing the blockchain , and the metadata metadata includes the creation time of the digital file, the hash value, the encrypted storage address, and the transaction time of the file token. 如請求項5所述之系統,其中,該正本維護作業包括該數位文件之該文件代幣的移轉作業,該移轉作業之執行方式係包括: 令該文件移轉元件接收該使用者輸入之該數位文件之該識別碼及接收者區塊鏈位址;令該文件移轉元件透過該身分驗證元件呼叫該身分驗證智慧合約元件查找該區塊鏈中的該註冊資料以驗證該接收者區塊鏈位址為已註冊之各該區塊鏈位址的其中一者;令該文件移轉元件使用該使用者之該區塊鏈位址計算解密金鑰,將該加密存儲位址解密以獲得存儲位址;以及令該文件移轉元件依據該接收者區塊鏈位址呼叫該文件代幣合約元件更新該文件代幣,進一步包括:將該擁有者資訊由該區塊鏈位址更新為該接收者區塊鏈位址;依據該接收者區塊鏈位址計算接收者加密金鑰,並將該加密存儲位址更新為以該接收者加密金鑰加密該存儲位址的結果;以及更新該交易時間。 The system of claim 5, wherein the original maintenance operation includes a transfer operation of the document token of the digital file, and the execution method of the transfer operation includes: causing the document transfer component to receive the identification code and recipient blockchain address of the digital document input by the user; to cause the document transfer component to call the identity verification smart contract component through the identity verification component to find the block the registration data in the chain to verify that the recipient blockchain address is one of the registered blockchain addresses; cause the file transfer element to calculate using the user's blockchain address decrypting the key, decrypting the encrypted storage address to obtain the storage address; and causing the file transfer element to call the file token contract element according to the recipient blockchain address to update the file token, further comprising: The owner information is updated from the blockchain address to the recipient's blockchain address; the recipient's encryption key is calculated according to the recipient's blockchain address, and the encrypted storage address is updated to the recipient's blockchain address. the result of encrypting the storage address with the user's encryption key; and updating the transaction time. 如請求項6所述之系統,復包括:文件履歷智慧合約元件,係用於根據該文件移轉元件執行該移轉作業之結果存證該文件代幣的移轉紀錄。 The system according to claim 6, further comprising: a document history smart contract element, which is used for storing the transfer record of the document token according to the result of executing the transfer operation by the document transfer element. 如請求項7所述之系統,復包括:正本驗證與追溯元件,係用於進行特定文件之正本驗證與移轉紀錄追溯,該特定文件之正本驗證與移轉紀錄追溯的執行方式係包括:令該正本驗證與追溯元件計算該特定文件之待驗證雜湊值;在令該文件移轉元件確認該待驗證雜湊值與該分散式檔案存儲元件所保存之該索引值相符的情況下,令該文件代幣合約元件取回該數位文件之該文件代幣;以及在該特定文件之該待驗證雜湊值與該文件代幣之該雜湊值相符的情況下,令該正本驗證與追溯元件判定該特定文件為該數位文件的合法正本,以令該正 本驗證與追溯元件呼叫該文件履歷智慧合約元件輸出該文件代幣的該移轉紀錄。 The system as described in claim 7 further includes: an original verification and traceability component, which is used to perform the original verification and transfer record traceability of a specific document, and the execution methods for the original verification and transfer record traceability of the specific document include: Let the original verification and traceback element calculate the hash value to be verified for the specific document; in the case where the document transfer element confirms that the hash value to be verified matches the index value stored in the distributed file storage element, make the The document token contract element retrieves the document token of the digital document; and in the event that the hash value to be verified for the particular document matches the hash value of the document token, causes the original verification and traceability element to determine the the specified document is the legal original of the digital document so that the original The verification and traceability component calls the document history smart contract component to output the transfer record of the document token. 如請求項5所述之系統,復包括:解密下載元件,係用於自該分散式檔案存儲元件下載該數位文件之該原始檔案,該下載該數位文件之該原始檔案之方式係包括:令該解密下載元件接收該數位文件之該識別碼及計算簽署申請資料,其中,該簽署申請資料係將該識別碼以該使用者之該公開金鑰憑證資料的私密金鑰簽署者;令該文件代幣合約元件依據該識別碼取得該區塊鏈中的該文件代幣;令該身分驗證元件透過該身分驗證智慧合約元件依據該文件代幣所紀錄該擁有者資訊向該區塊鏈取得該註冊資料中之該公開金鑰,進而使用該公開金鑰解密該簽署申請資料;在該簽署申請資料成功解密的情況下,令該身分驗證元件以該區塊鏈位址計算解密金鑰,進而使用該解密金鑰將該加密存儲位址解密以獲得存儲位址;以及令該解密下載元件使用該存儲位址向該分散式檔案存儲元件下載該數位文件之該原始檔案。 The system of claim 5, further comprising: a decryption download element for downloading the original file of the digital file from the distributed file storage element, the method of downloading the original file of the digital file comprising: making The decryption download element receives the identification code of the digital document and calculates the signature application data, wherein the signature application data is signed by the identification code with the private key of the public key certificate data of the user; make the document The token contract element obtains the document token in the blockchain according to the identification code; causes the identity verification element to obtain the document token from the blockchain through the identity verification smart contract element according to the owner information recorded in the document token the public key in the registration data, and then use the public key to decrypt the signing application data; in the case of successful decryption of the signing application data, make the identity verification element calculate the decryption key with the blockchain address, and then decrypting the encrypted storage address using the decryption key to obtain a storage address; and instructing the decryption download element to download the original file of the digital file to the distributed file storage element using the storage address. 一種數位文件之驗證與移轉追溯之方法,包括:令身分驗證元件透過身分驗證智慧合約元件在區塊鏈中維護使用者之包括一區塊鏈位址與一具有雜湊值、公開金鑰、有效日期及憑證狀態四者之公開金鑰憑證資料之註冊資料;令文件移轉元件根據該身分驗證元件透過該身分驗證智慧合約元件在該區塊鏈中維護該使用者之包括該區塊鏈位址與具有該雜湊值、公開金鑰、有效日期 及憑證狀態四者之該公開金鑰憑證資料之該註冊資料執行該數位文件之正本維護作業;令文件代幣合約元件根據該文件移轉元件針對該身分驗證元件透過該身分驗證智慧合約元件在該區塊鏈中維護該使用者之包括該區塊鏈位址與具有該雜湊值、公開金鑰、有效日期及憑證狀態四者之該公開金鑰憑證資料之該註冊資料所執行之該數位文件之該正本維護作業在該區塊鏈中維護該數位文件的文件代幣;以及令分散式檔案存儲元件保存該數位文件之原始檔案及該文件代幣的索引值。 A method for verification and transfer traceability of digital documents, comprising: enabling an identity verification element to maintain a user's address in a blockchain through an identity verification smart contract element and a block chain address and a hash value, a public key, The registration data of the public key certificate data of the validity date and certificate status; make the file transfer component maintain the user's including the blockchain according to the identity verification component through the identity verification smart contract component address with the hash value, public key, expiry date and the registration data of the public key certificate data of the certificate status four perform the original maintenance operation of the digital document; make the document token contract element transfer the element according to the document to the identity verification element through the identity verification smart contract element in The digit executed by the registration data of the user including the blockchain address and the public key certificate data with the hash value, public key, expiry date and certificate status is maintained in the blockchain The original maintenance operation of the file maintains the file token of the digital file in the blockchain; and causes the distributed file storage element to store the original file of the digital file and the index value of the file token. 如請求項10所述之方法,其中,當維護該註冊資料之方式為註冊作業時,該令身分驗證元件透過身分驗證智慧合約元件在區塊鏈中維護使用者之註冊資料之步驟係包括以下子步驟:令該身分驗證元件接收該使用者之該註冊資料,其中,該註冊資料復包括利用該公開金鑰憑證資料之私密金鑰將該公開金鑰憑證資料及該區塊鏈位址加密的數位簽章;令該身分驗證元件利用該公開金鑰憑證資料之該公開金鑰解密該數位簽章;以及令該身分驗證元件將該數位簽章之解密內容與該公開金鑰憑證資料及該區塊鏈位址比對,以當該比對之結果為相符的情況下,令該身分驗證元件將該註冊資料透過該身分驗證智慧合約元件儲存於該區塊鏈。 The method of claim 10, wherein when the method of maintaining the registration data is a registration operation, the step of enabling the identity verification element to maintain the user's registration information in the blockchain through the identity verification smart contract element comprises the following steps: Sub-step: make the authentication element receive the registration data of the user, wherein the registration data further includes encrypting the public key certificate data and the blockchain address with the private key of the public key certificate data the digital signature; causing the authentication element to decrypt the digital signature using the public key of the public key certificate data; and causing the authentication element to combine the decrypted contents of the digital signature with the public key certificate data and The block chain address is compared, and when the result of the comparison is consistent, the identity verification element is made to store the registration data in the block chain through the identity verification smart contract element. 如請求項10所述之方法,其中,當維護該註冊資料之方式為驗證作業時,該令身分驗證元件透過身分驗證智慧合約元件在區塊鏈中維護使用者之註冊資料之步驟係包括以下子步驟:令該身分驗證元件接收該區塊鏈位址;以及 令該身分驗證元件依據該區塊鏈位址透過該身分驗證智慧合約元件查找該區塊鏈中對應的該註冊資料,以令該身分驗證元件回傳該註冊資料的內容。 The method of claim 10, wherein when the method of maintaining the registration data is a verification operation, the step of enabling the identity verification element to maintain the user's registration information in the blockchain through the identity verification smart contract element comprises the following steps: sub-step: causing the authentication element to receive the blockchain address; and The identity verification component searches the corresponding registration data in the blockchain through the identity verification smart contract component according to the blockchain address, so that the identity verification component returns the content of the registration data. 如請求項10所述之方法,其中,當該正本維護作業為該數位文件之創建作業時,該令文件移轉元件根據該使用者之該身分驗證智慧合約元件執行該數位文件之正本維護作業之步驟係包括以下子步驟:令該文件移轉元件接收該數位文件之該原始檔案及該區塊鏈位址;令該文件移轉元件呼叫該身分驗證元件透過該身分驗證智慧合約元件基於該區塊鏈位址查詢該區塊鏈中的該註冊資料,以確認該區塊鏈位址與該註冊資料所紀錄者相符;令該文件移轉元件將該原始檔案儲存至分散式檔案存儲元件;以及令該文件移轉元件呼叫該文件代幣合約元件於該區塊鏈中產製該數位文件之該文件代幣,以令該文件移轉元件於該分散式檔案存儲元件紀錄該文件代幣之該索引值,其中,該索引值係該數位文件之雜湊值。 The method of claim 10, wherein when the original maintenance operation is a creation operation of the digital document, the document transfer component executes the original maintenance operation of the digital document according to the identity verification smart contract component of the user The steps include the following sub-steps: causing the document transfer element to receive the original file and the blockchain address of the digital document; causing the document transfer element to call the identity verification element through the identity verification smart contract element based on the The blockchain address queries the registration data in the blockchain to confirm that the blockchain address is consistent with that recorded in the registration data; instruct the file transfer element to store the original file to the distributed file storage element ; and cause the file transfer element to call the file token contract element to generate the file token of the digital file in the blockchain, so that the file transfer element records the file token in the distributed file storage element the index value, wherein the index value is the hash value of the digital file. 如請求項10所述之方法,其中,該文件代幣係包括代幣本體資訊及元數據詮釋資料,其中,該代幣本體資訊係包括該數位文件之識別碼及代表該區塊鏈位址的擁有者資訊,而該元數據詮釋資料係包括該數位文件之創建時間、雜湊值、加密存儲位址、及該文件代幣的交易時間。 The method of claim 10, wherein the document token includes token ontology information and metadata metadata, wherein the token ontology information includes an identifier for the digital document and an address representing the blockchain , and the metadata metadata includes the creation time of the digital file, the hash value, the encrypted storage address, and the transaction time of the file token. 如請求項14所述之方法,其中,當該正本維護作業係該數位文件之該文件代幣的移轉作業時,該令文件移轉元件根據該使用者之該身分驗證智慧合約元件執行該數位文件之正本維護作業之步驟係包括以下子步驟:令該文件移轉元件接收該使用者輸入之該數位文件之該識別碼及接收者區塊鏈位址; 令該文件移轉元件透過該身分驗證元件呼叫該身分驗證智慧合約元件查找該區塊鏈中的該註冊資料以驗證該接收者區塊鏈位址為已註冊之各該區塊鏈位址的其中一者;令該文件移轉元件使用該使用者之該區塊鏈位址計算解密金鑰,將該加密存儲位址解密以獲得存儲位址;以及令該文件移轉元件依據該接收者區塊鏈位址呼叫該文件代幣合約元件更新該文件代幣,進一步包括:將該擁有者資訊由該區塊鏈位址更新為該接收者區塊鏈位址;依據該接收者區塊鏈位址計算接收者加密金鑰,並將該加密存儲位址更新為以該接收者加密金鑰加密該存儲位址的結果;以及更新該交易時間。 The method of claim 14, wherein when the original maintenance operation is a transfer operation of the document token of the digital document, the instructing document transfer component executes the authentication smart contract component according to the identity of the user The step of maintaining the original of the digital file includes the following sub-steps: enabling the file transfer element to receive the identification code and the recipient's blockchain address of the digital file input by the user; causing the document transfer component to call the identity verification smart contract component through the identity verification component to look up the registration data in the blockchain to verify that the recipient blockchain address is the one of the registered blockchain addresses one of: having the file transfer element compute a decryption key using the user's blockchain address, decrypt the encrypted storage address to obtain a storage address; and make the file transfer element rely on the recipient The blockchain address calls the file token contract element to update the file token, further comprising: updating the owner information from the blockchain address to the recipient blockchain address; according to the recipient block The chain address calculates the recipient encryption key and updates the encrypted storage address to the result of encrypting the storage address with the recipient encryption key; and updates the transaction time. 如請求項15所述之方法,復包括:令文件履歷智慧合約元件根據該文件移轉元件執行該移轉作業之結果存證該文件代幣的移轉紀錄。 The method according to claim 15, further comprising: causing the document history smart contract component to record the transfer record of the document token according to the result of the document transfer component performing the transfer operation. 如請求項16所述之方法,復包括:令正本驗證與追溯元件進行特定文件之正本驗證與移轉紀錄追溯,係包括以下子步驟:令該正本驗證與追溯元件計算該特定文件之待驗證雜湊值;在令該文件移轉元件確認該待驗證雜湊值與該分散式檔案存儲元件所保存之該索引值相符的情況下,令該文件代幣合約元件取回該數位文件之該文件代幣;以及在該特定文件之該待驗證雜湊值與該文件代幣之該雜湊值相符的情況下,令該正本驗證與追溯元件判定該特定文件為該數位文件的合法正本,以令該正本驗證與追溯元件呼叫該文件履歷智慧合約元件輸出該文件代幣的該移轉紀錄。 The method described in claim 16, further comprising: causing the original verification and traceability component to perform the original verification and transfer record traceability of a specific document, including the following sub-steps: causing the original verification and traceability component to calculate the pending verification of the specific document Hash value; in the case of having the file transfer element confirm that the hash value to be verified matches the index value stored in the distributed file storage element, make the file token contract element retrieve the file code of the digital file and, if the hash value to be verified of the particular document matches the hash value of the document token, cause the original verification and traceability component to determine that the particular document is the legal original of the digital document, so that the original The verification and traceability component calls the document history smart contract component to output the transfer record of the document token. 如請求項14所述之方法,復包括:令解密下載元件自該分散式檔案存儲元件下載該數位文件之該原始檔案,係包括以下子步驟:令該解密下載元件接收該數位文件之該識別碼及計算簽署申請資料,其中,該簽署申請資料係將該識別碼以該使用者之該公開金鑰憑證資料的私密金鑰簽署者;令該文件代幣合約元件依據該識別碼取得該區塊鏈中的該文件代幣;令該身分驗證元件透過該身分驗證智慧合約元件依據該文件代幣所紀錄該擁有者資訊向該區塊鏈取得該註冊資料中之該公開金鑰,進而使用該公開金鑰解密該簽署申請資料;在該簽署申請資料成功解密的情況下,令該身分驗證元件以該區塊鏈位址計算解密金鑰,進而使用該解密金鑰將該加密存儲位址解密以獲得存儲位址;以及令該解密下載元件使用該存儲位址向該分散式檔案存儲元件下載該數位文件之該原始檔案。 The method of claim 14, further comprising: causing the decryption download element to download the original file of the digital file from the distributed file storage element, comprising the following sub-steps: causing the decryption download element to receive the identification of the digital file code and calculate the signing application data, wherein the signing application data is the signer of the identification code with the private key of the public key certificate data of the user; make the document token contract element obtain the area according to the identification code The document token in the blockchain; make the identity verification component obtain the public key in the registration data from the blockchain through the identity verification smart contract component according to the owner information recorded in the document token, and then use The public key decrypts the signing application data; in the case that the signing application data is successfully decrypted, make the identity verification element calculate the decryption key with the blockchain address, and then use the decryption key to store the encrypted storage address decrypting to obtain a storage address; and causing the decrypted download element to download the original file of the digital file to the distributed file storage element using the storage address. 一種電腦可讀媒介,應用於計算裝置或電腦中,係儲存有指令,以執行如請求項10至18任一項所述之數位文件之驗證與移轉追溯之方法。 A computer-readable medium used in a computing device or a computer and storing instructions for executing the method for verifying and transferring a digital file as described in any one of claims 10 to 18.
TW110125664A 2021-07-13 2021-07-13 System, method and computer readable medium for authenticaion and transfer traceability of digital documents TWI776590B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110125664A TWI776590B (en) 2021-07-13 2021-07-13 System, method and computer readable medium for authenticaion and transfer traceability of digital documents

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110125664A TWI776590B (en) 2021-07-13 2021-07-13 System, method and computer readable medium for authenticaion and transfer traceability of digital documents

Publications (2)

Publication Number Publication Date
TWI776590B true TWI776590B (en) 2022-09-01
TW202303425A TW202303425A (en) 2023-01-16

Family

ID=84957946

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110125664A TWI776590B (en) 2021-07-13 2021-07-13 System, method and computer readable medium for authenticaion and transfer traceability of digital documents

Country Status (1)

Country Link
TW (1) TWI776590B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111415254A (en) * 2020-03-05 2020-07-14 贵州造梦天地信息科技有限公司 IP derivative digital assets method and system based on block link certification
US20210097508A1 (en) * 2019-10-01 2021-04-01 Sean Papanikolas System and method for creating, tracking, and transfering non-fungible tokens in the ethereum blockchain
CN112634037A (en) * 2020-12-22 2021-04-09 无锡井通网络科技有限公司 Electronic license management system based on block chain digital identity and non-homogeneous certificate
TW202118257A (en) * 2019-10-30 2021-05-01 天宿智能科技股份有限公司 Asset rights management system based on blockchain and method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210097508A1 (en) * 2019-10-01 2021-04-01 Sean Papanikolas System and method for creating, tracking, and transfering non-fungible tokens in the ethereum blockchain
TW202118257A (en) * 2019-10-30 2021-05-01 天宿智能科技股份有限公司 Asset rights management system based on blockchain and method thereof
CN111415254A (en) * 2020-03-05 2020-07-14 贵州造梦天地信息科技有限公司 IP derivative digital assets method and system based on block link certification
CN112634037A (en) * 2020-12-22 2021-04-09 无锡井通网络科技有限公司 Electronic license management system based on block chain digital identity and non-homogeneous certificate

Also Published As

Publication number Publication date
TW202303425A (en) 2023-01-16

Similar Documents

Publication Publication Date Title
US11544701B2 (en) Rapid and secure off-ledger cryptocurrency transactions through cryptographic binding of a private key to a possession token
US11159526B2 (en) System and method for decentralized-identifier authentication
US10917246B2 (en) System and method for blockchain-based cross-entity authentication
CN111144881B (en) Selective access to asset transfer data
US20210075589A1 (en) System and method for blockchain-based cross-entity authentication
CN116112274B (en) Blockchain, management group rights and integration of access in an enterprise environment
KR102051288B1 (en) Methods and systems for verifying the integrity of digital assets using distributed hash tables and peer-to-peer distributed ledgers
CN110785760B (en) Method and system for registering digital documents
US11238543B2 (en) Payroll based blockchain identity
CN108076057B (en) Data security system and method based on block chain
US10592642B2 (en) Systems and methods for decentralized content distribution
CN111800268A (en) Zero knowledge proof for block chain endorsements
CN111475836B (en) File management method and device based on alliance block chain
CN112789642A (en) Association of identities in a distributed database
US11335109B2 (en) Computing device for document authentication and a method to operate the same
US20230208638A1 (en) Future asset reclamation via blockchain
CN113302612B (en) Computer implementation method, system and device for cross-chain and cross-network data transmission
TWI776590B (en) System, method and computer readable medium for authenticaion and transfer traceability of digital documents
CN113342802A (en) Method and device for storing block chain data
TWM585941U (en) Account data processing system
US20230117628A1 (en) Secure signing method, device and system
TW202347353A (en) Generating and maintaining digital tokens on a blockchain using physical device identifiers
CN116028981A (en) Block chain-based data processing method and related equipment

Legal Events

Date Code Title Description
GD4A Issue of patent certificate for granted invention patent