TWI829216B - De-centralized data authorization control system capable of forwarding token request through third-party service subsystem - Google Patents

De-centralized data authorization control system capable of forwarding token request through third-party service subsystem Download PDF

Info

Publication number
TWI829216B
TWI829216B TW111123941A TW111123941A TWI829216B TW I829216 B TWI829216 B TW I829216B TW 111123941 A TW111123941 A TW 111123941A TW 111123941 A TW111123941 A TW 111123941A TW I829216 B TWI829216 B TW I829216B
Authority
TW
Taiwan
Prior art keywords
data
subsystem
beacon
blockchain
party service
Prior art date
Application number
TW111123941A
Other languages
Chinese (zh)
Other versions
TW202240442A (en
Inventor
林庠序
林哲民
Original Assignee
林庠序
林哲民
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 林庠序, 林哲民 filed Critical 林庠序
Priority to TW111123941A priority Critical patent/TWI829216B/en
Publication of TW202240442A publication Critical patent/TW202240442A/en
Application granted granted Critical
Publication of TWI829216B publication Critical patent/TWI829216B/en

Links

Abstract

A de-centralized data authorization control system is disclosed, including: a third-party service subsystem; a data requester device for generating a first token request containing a token identification data; and a block chain subsystem capable of verifying the activity of an authorization token corresponding to the token identification data. If the authorization token is active, the block chain subsystem generates a first read token. After acquiring the first read token, the data requester device transmits a first data request to the third-party service subsystem, and transfers the first read token to the third-party service subsystem. If the first read token is active, the third-party service subsystem finds out a first set of data corresponding to the first data request, and transmits the first set of data to the data requester device. The first token request is first transmitted by the data requester device to the third-party service subsystem, and then forwarded by the third-party service subsystem to the block chain subsystem.

Description

可透過第三方服務子系統轉傳訊標請求的去中心化資料授權控管系統 A decentralized data authorization control system that can forward beacon requests through third-party service subsystems

本發明涉及一種區塊鏈技術,尤指一種可透過第三方服務子系統轉傳訊標請求的去中心化資料授權控管系統。 The present invention relates to a blockchain technology, in particular to a decentralized data authorization control system that can forward beacon requests through a third-party service subsystem.

歐盟所制定的一般資料保護規章(General Data Protection Regulation,GDPR),對於個人資料保護和隱私的規範不僅嚴格,而且涉及的範圍很廣。倘若不能滿足GDPR的規定,許多領域的商業活動都將面臨非常重大的衝擊或阻礙。 The General Data Protection Regulation (GDPR) formulated by the European Union is not only strict in terms of personal data protection and privacy, but also covers a wide range. If GDPR regulations cannot be met, business activities in many fields will face very significant impacts or obstacles.

由於傳統的OAuth 2.0資料授權框架無法滿足GDPR的各種要求,所以產業界積極地發展各種更複雜的資料授權架構來因應。包括UMA 2.0(User-Managed Access 2.0)在內的各種新近發展的資料授權架構,都是採用集權式授權伺服器(centralized authorization server)來管理個別資料擁有者的資料授權政策。這樣的架構看似可以滿足GDPR的要求,但其實在授權政策的管理上並不透明,而且也難以允許資料擁有者隨時依需要而動態調整其資料授權政策。因此,現有的資料授權架構對於許多日趨複雜的商業應用(例如,開放銀行,Open Banking)而言,並不是非常理想的方案。 Since the traditional OAuth 2.0 data authorization framework cannot meet the various requirements of GDPR, the industry is actively developing various more complex data authorization structures to cope with it. Various recently developed data authorization architectures, including UMA 2.0 (User-Managed Access 2.0), use centralized authorization servers to manage the data authorization policies of individual data owners. This structure seems to meet the requirements of GDPR, but in fact the management of authorization policies is not transparent, and it is difficult to allow data owners to dynamically adjust their data authorization policies at any time as needed. Therefore, the existing data authorization architecture is not an ideal solution for many increasingly complex business applications (for example, Open Banking).

有鑑於此,如何讓資料授權控管系統既能滿足歐盟GDPR的各種要求,又能提升在授權政策管理上的透明度,並且允許資料擁有者隨 時依需要而動態調整其資料授權政策,實為有待解決的問題。 In view of this, how can the data authorization control system not only meet the various requirements of the EU GDPR, but also improve the transparency of authorization policy management and allow the data owner to Dynamically adjusting its data authorization policy as needed is a problem that needs to be solved.

本說明書提供一種去中心化資料授權控管系統的實施例,其包含:一資料擁有者裝置,設置成可提供目標資料;一第三方服務子系統,設置成可儲存該目標資料;一資料請求者裝置,設置成可產生與一或多個資料項目相應的一第一資料請求,並產生包含一訊標識別資料的一第一訊標請求;以及一區塊鏈子系統,包含多個區塊鏈節點,設置成可獲取該第一訊標請求所對應的一訊標識別資料,並驗證該訊標識別資料所對應的一授權訊標的有效性,且倘若該授權訊標為有效,則該區塊鏈子系統還設置成可產生與該授權訊標相應的一第一取用訊標;其中,該資料請求者裝置還設置成可在獲取該第一取用訊標後,傳送該第一資料請求給該第三方服務子系統,並移轉該第一取用訊標給該第三方服務子系統;其中,倘若該第一取用訊標為有效,則該第三方服務子系統還會從該目標資料中找出與該第一資料請求相應的一第一組資料,並傳送該第一組資料給該資料請求者裝置;其中,該資料請求者裝置所產生的該第一訊標請求,是先由該資料請求者裝置傳送給該第三方服務子系統,再由該第三方服務子系統轉傳給該區塊鏈子系統。 This specification provides an embodiment of a decentralized data authorization control system, which includes: a data owner device configured to provide target data; a third-party service subsystem configured to store the target data; a data request a device configured to generate a first data request corresponding to one or more data items and generate a first beacon request including a beacon identification data; and a blockchain subsystem including a plurality of blocks The chain node is configured to obtain a beacon identification data corresponding to the first beacon request, and to verify the validity of an authorization beacon corresponding to the beacon identification data, and if the authorization beacon is valid, the The blockchain subsystem is further configured to generate a first access beacon corresponding to the authorization beacon; wherein, the data requester device is further configured to transmit the first access beacon after acquiring the first access beacon. The data request is made to the third-party service subsystem, and the first access beacon is transferred to the third-party service subsystem; if the first access beacon is valid, the third-party service subsystem will also Find a first set of data corresponding to the first data request from the target data, and send the first set of data to the data requester device; wherein, the first beacon generated by the data requester device The request is first sent by the data requester device to the third-party service subsystem, and then forwarded by the third-party service subsystem to the blockchain subsystem.

本說明書另提供一種去中心化資料授權控管系統的實施例,其包含:一第三方服務子系統,設置成可儲存目標資料;一資料請求者裝置,設置成可產生與一或多個資料項目相應的一第一資料請求,並產生包含一訊標識別資料的一第一訊標請求;以及一區塊鏈子系統,包含多個區塊鏈節點,設置成可獲取該第一訊標請求所對應的一訊標識別資料,並驗證該訊標識別資料所對應的一授權訊標的有效性,且倘若該授權訊標為有效,則該區塊鏈子系統還設置成可產生與該授權訊標相應的一第一取用訊標;其中,該資料請求者裝置還設置成可在獲取該第一取用訊標後,傳送該第一資料請求給該第三方服務子系統,並移轉該第一取用訊標給該第三方服務子系統;其中, 倘若該第一取用訊標為有效,則該第三方服務子系統還會從該目標資料中找出與該第一資料請求相應的一第一組資料,並傳送該第一組資料給該資料請求者裝置;其中,該資料請求者裝置所產生的該第一訊標請求,是先由該資料請求者裝置傳送給該第三方服務子系統,再由該第三方服務子系統轉傳給該區塊鏈子系統。 This specification also provides an embodiment of a decentralized data authorization control system, which includes: a third-party service subsystem configured to store target data; a data requester device configured to generate one or more data A first data request corresponding to the project and generating a first beacon request including a beacon identification data; and a blockchain subsystem including a plurality of blockchain nodes configured to obtain the first beacon request A corresponding beacon identification data, and verify the validity of an authorization beacon corresponding to the beacon identification data, and if the authorization beacon is valid, the blockchain subsystem is also configured to generate a message corresponding to the authorization beacon. A first access beacon corresponding to the target; wherein, the data requester device is also configured to transmit the first data request to the third-party service subsystem after obtaining the first access beacon, and transfer The first access beacon is given to the third-party service subsystem; wherein, If the first access beacon is valid, the third-party service subsystem will also find a first set of data corresponding to the first data request from the target data, and send the first set of data to the Data requester device; wherein, the first beacon request generated by the data requester device is first sent by the data requester device to the third-party service subsystem, and then forwarded by the third-party service subsystem to The blockchain subsystem.

上述實施例的優點之一,是利用區塊鏈子系統來取代傳統的集權式授權伺服器,可有效提升去中心化資料授權控管系統在授權政策管理上的透明度,進而降低第三方服務子系統與資料擁有者或資料請求者之間發生糾紛的可能性。 One of the advantages of the above embodiment is that the use of the blockchain subsystem to replace the traditional centralized authorization server can effectively improve the transparency of the authorization policy management of the decentralized data authorization control system, thereby reducing the need for third-party service subsystems. The possibility of disputes with data owners or data requesters.

上述實施例的另一優點,是去中心化資料授權控管系統的架構能夠滿足歐盟GDPR後續階段的各種要求,並且能夠允許資料擁有者隨時依需要而動態調整其資料授權政策。 Another advantage of the above embodiment is that the architecture of the decentralized data authorization control system can meet the various requirements of the subsequent stages of the EU GDPR, and can allow data owners to dynamically adjust their data authorization policies at any time as needed.

本發明的其他優點將搭配以下的說明和圖式進行更詳細的解說。 Other advantages of the present invention will be explained in more detail in conjunction with the following description and drawings.

100:去中心化資料授權控管系統(de-centralized data authorization control system) 100: de-centralized data authorization control system (de-centralized data authorization control system)

110、120:資料擁有者裝置(data owner device) 110, 120: data owner device (data owner device)

111、131、151:通信電路(communication circuit) 111, 131, 151: communication circuit

113、133、153:區塊鏈運算電路(block chain computing circuit) 113, 133, 153: block chain computing circuit

115、135、155:資料庫(database) 115, 135, 155: database

117、137:控制電路(control circuit) 117, 137: control circuit

130~140:資料請求者裝置(data requester device) 130~140: data requester device (data requester device)

150:第三方服務子系統(third-party service subsystem) 150:Third-party service subsystem (third-party service subsystem)

157:資料伺服器(data server) 157:data server

160:區塊鏈節點叢集(block chain node cluster) 160:block chain node cluster

161~167:區塊鏈節點(block chain node) 161~167: block chain node

170:區塊鏈子系統(block chain subsystem) 170:block chain subsystem

362:訊標管理智能合約(token management smart contract) 362: token management smart contract

364:授權政策智能合約(authorization policy smart contract) 364: Authorization policy smart contract

366:資料查詢智能合約(data inquiry smart contract) 366:data inquiry smart contract

202~226、402~418、502~522、602~622、702~730、802~822、902~930、1002~1016:運作流程(operation) 202~226, 402~418, 502~522, 602~622, 702~730, 802~822, 902~930, 1002~1016: operation process

圖1為本發明一實施例的去中心化資料授權控管系統簡化後的功能方塊圖。 Figure 1 is a simplified functional block diagram of a decentralized data authorization control system according to an embodiment of the present invention.

圖2為本發明一實施例的資料授權政策管理方法簡化後的流程圖。 FIG. 2 is a simplified flow chart of a data authorization policy management method according to an embodiment of the present invention.

圖3為圖1中的區塊鏈子系統與其他成員裝置之間簡化後的功能模組關係示意圖。 Figure 3 is a schematic diagram of the simplified functional module relationship between the blockchain subsystem in Figure 1 and other member devices.

圖4為本發明一實施例的檢核區塊鏈子系統中的資料授權政策是否正確的方法簡化後的流程圖。 Figure 4 is a simplified flow chart of a method for checking whether the data authorization policy in the blockchain subsystem is correct according to an embodiment of the present invention.

圖5為本發明一實施例的提供可查詢資料清單的方法簡化後的流程圖。 FIG. 5 is a simplified flow chart of a method for providing a queryable data list according to an embodiment of the present invention.

圖6為本發明一實施例的取用訊標產生方法簡化後的流程圖。 FIG. 6 is a simplified flow chart of a method for generating access signals according to an embodiment of the present invention.

圖7為本發明一實施例的資料請求回應方法簡化後的流程圖。 FIG. 7 is a simplified flow chart of a data request response method according to an embodiment of the present invention.

圖8為本發明另一實施例的取用訊標產生方法簡化後的流程圖。 FIG. 8 is a simplified flow chart of a method for generating access signals according to another embodiment of the present invention.

圖9為本發明另一實施例的資料請求回應方法簡化後的流程圖。 Figure 9 is a simplified flow chart of a data request response method according to another embodiment of the present invention.

圖10為本發明一實施例的動態更新資料授權政策的方法簡化後的流程圖。 Figure 10 is a simplified flow chart of a method for dynamically updating a data authorization policy according to an embodiment of the present invention.

以下將配合相關圖式來說明本發明的實施例。在圖式中,相同的標號表示相同或類似的元件或方法流程。 The embodiments of the present invention will be described below with reference to relevant drawings. In the drawings, the same reference numbers represent the same or similar elements or process flows.

圖1為本發明一實施例的去中心化資料授權控管系統100簡化後的功能方塊圖。去中心化資料授權控管系統100用來控管個人或企業組織等各種類型的多個資料擁有者(data owner),對於其他的個人或是企業組織等不同的資料請求者(data requester)的資料授權範圍與授權項目,並可允許資料擁有者依需要而動態調整其資料授權範圍與授權項目。 Figure 1 is a simplified functional block diagram of a decentralized data authorization and control system 100 according to an embodiment of the present invention. The decentralized data authorization control system 100 is used to control multiple data owners (data owners) of various types such as individuals or business organizations, and for different data requesters (data requesters) such as other individuals or business organizations. Data authorization scope and authorization items, and allows data owners to dynamically adjust their data authorization scope and authorization items as needed.

去中心化資料授權控管系統100包含一或多個資料擁有者裝置(例如,圖1中所繪示的示例性資料擁有者裝置110~120)、一或多個資料請求者裝置(例如,圖1中所繪示的示例性資料請求者裝置130~140)、至少一第三方服務子系統150、一區塊鏈節點叢集160、以及由區塊鏈節點叢集160搭配其他區塊鏈運算電路所共同形成的一區塊鏈子系統170。 The decentralized data authorization control system 100 includes one or more data owner devices (for example, the exemplary data owner devices 110~120 shown in Figure 1), one or more data requester devices (for example, The exemplary data requestor device 130~140) shown in Figure 1, at least one third-party service subsystem 150, a blockchain node cluster 160, and the blockchain node cluster 160 combined with other blockchain computing circuits A blockchain subsystem 170 formed together.

去中心化資料授權控管系統100中的多個資料擁有者裝置110~120,分屬於不同的資料擁有者,且個別的資料擁有者可以是個人、各種類型的企業或公司組織、各種財團法人、各種社團法人、各種非營利機構、各種政府機構等等。 The multiple data owner devices 110~120 in the decentralized data authorization and control system 100 belong to different data owners, and individual data owners can be individuals, various types of enterprises or corporate organizations, and various consortiums. , various corporate entities, various non-profit organizations, various government agencies, etc.

去中心化資料授權控管系統100中的多個資料請求者裝置130~140,分屬於不同的資料請求者,且個別的資料請求者可以是個人、各種類型的企業或公司組織、各種財團法人、各種社團法人、各種非營利機構、各種政府機構等等。 The multiple data requester devices 130~140 in the decentralized data authorization control system 100 belong to different data requesters, and individual data requesters can be individuals, various types of enterprises or corporate organizations, and various consortiums. , various corporate entities, various non-profit organizations, various government agencies, etc.

第三方服務子系統150是由可提供數位儲存服務的特定服務提供商所運營的系統,用來儲存由個別資料擁有者所提供的各類數位資料, 例如,各種數位文件、各種程式檔案、和/或各種多媒體資料等等。 The third-party service subsystem 150 is a system operated by a specific service provider that can provide digital storage services. It is used to store various digital data provided by individual data owners. For example, various digital files, various program files, and/or various multimedia data, etc.

另外,區塊鏈子系統170通常是由多個不同的實體所共同運營與管理的區塊鏈系統,用來控管個別資料請求者裝置對於第三方服務子系統150的資料取用權限,並允許個別的資料擁有者透過相應的資料擁有者裝置動態調整資料授權政策。 In addition, the blockchain subsystem 170 is usually a blockchain system jointly operated and managed by multiple different entities to control the data access permissions of individual data requester devices to the third-party service subsystem 150 and allow Individual data owners dynamically adjust the data authorization policy through the corresponding data owner device.

在實際應用中,個別的資料擁有者可透過相關的資料擁有者裝置,將要保護的各類數位資料傳送(transmit)給第三方服務子系統150進行儲存。另外,個別的資料擁有者還可透過資料擁有者裝置,將針對不同資料請求者的資料授權政策傳送給區塊鏈子系統170進行儲存與管理,以避免資料授權政策被竄改。前述的資料授權政策可包含授權對象、授權資料標的、授權內容、授權次數上限、授權時段、授權時限、資料所在地理區域、以及保管資料的第三方服務提供者的識別資料(例如,第三方服務提供者部屬在區塊鏈子系統170中的特定智能合約的位址)等多項參數中的局部或全部參數。 In practical applications, individual data owners can transmit various types of digital data to be protected to the third-party service subsystem 150 for storage through relevant data owner devices. In addition, individual data owners can also send data authorization policies for different data requesters to the blockchain subsystem 170 for storage and management through the data owner device to prevent the data authorization policies from being tampered with. The aforementioned data authorization policy may include the authorized object, authorized data subject, authorized content, upper limit of authorization times, authorization period, authorization time limit, geographical area where the data is located, and the identification information of the third-party service provider who keeps the data (for example, third-party service provider Provider provides some or all of the multiple parameters such as the address of a specific smart contract deployed in the blockchain subsystem 170).

另一方面,個別的資料請求者可利用相關的資料請求者裝置,向區塊鏈子系統170申請與特定資料擁有者相對應的資料取用訊標(data read token)。當資料請求者想要取得特定資料擁有者的特定資料時,可操控相關的資料請求者裝置使用區塊鏈子系統170提供的資料取用訊標,向第三方服務子系統150提出資料取用請求(data read request)。 On the other hand, individual data requesters can use relevant data requestor devices to apply to the blockchain subsystem 170 for a data read token corresponding to a specific data owner. When a data requester wants to obtain specific data of a specific data owner, the relevant data requester device can be controlled to use the data access beacon provided by the blockchain subsystem 170 to make a data access request to the third-party service subsystem 150 (data read request).

此時,第三方服務子系統150可利用區塊鏈子系統170驗證該資料請求者裝置所提供的資料取用訊標的有效性,以驗證資料請求者的身分。只有在資料取用訊標的有效性能夠通過區塊鏈子系統170驗證的情況下,第三方服務子系統150才會將特定資料擁有者所授權的特定資料內容,分享給該資料請求者裝置。 At this time, the third-party service subsystem 150 can use the blockchain subsystem 170 to verify the validity of the data access beacon provided by the data requester's device to verify the identity of the data requester. Only when the validity of the data access beacon can be verified by the blockchain subsystem 170, the third-party service subsystem 150 will share the specific data content authorized by the specific data owner to the data requester device.

另外,區塊鏈子系統170也可記錄個別資料取用訊標的相關時間資訊,以做為資料請求者裝置向第三方服務子系統150取用相關資料 的佐證。 In addition, the blockchain subsystem 170 can also record relevant time information of individual data retrieval beacons to serve as a data requester device to retrieve relevant data from the third-party service subsystem 150 of evidence.

在去中心化資料授權控管系統100中,個別的資料擁有者還可依需要而動態調整儲存在區塊鏈子系統170中的資料授權政策。例如,當個別的資料擁有者因各種原因而調整針對特定資料請求者或所有資料請求者的資料授權政策後,可利用相關的資料擁有者裝置將更新後的資料授權政策傳送給區塊鏈子系統170進行儲存與管理,以取代原先版本的資料授權政策。 In the decentralized data authorization control system 100, individual data owners can also dynamically adjust the data authorization policy stored in the blockchain subsystem 170 as needed. For example, when an individual data owner adjusts the data authorization policy for a specific data requester or all data requesters for various reasons, the relevant data owner device can be used to transmit the updated data authorization policy to the blockchain subsystem. 170 is stored and managed to replace the previous version of the data authorization policy.

為了滿足某些商業交易或法律關係管理上的需要,去中心化資料授權控管系統100的不同參與者之間,可利用傳統方式或數位方式簽署各種合適的協議或合約,以進一步明確彼此之間的法律關係。例如,個別的資料擁有者與運營第三方服務子系統150的特定服務提供商之間,可共同簽署各種合適的資料代管協議、線上儲存空間租用合約、服務協議、智慧財產權歸屬協議、資料傳輸協議、隱私保護協議、資料分享協議、和/或個人化廣告播送協議等等。 In order to meet the needs of certain commercial transactions or legal relationship management, different participants of the decentralized data authorization and control system 100 can sign various appropriate agreements or contracts using traditional or digital methods to further clarify the relationship between each other. legal relationship between them. For example, individual data owners and specific service providers operating the third-party service subsystem 150 may jointly sign various appropriate data hosting agreements, online storage space rental contracts, service agreements, intellectual property rights ownership agreements, and data transfer agreements. Agreement, privacy protection agreement, data sharing agreement, and/or personalized advertising broadcast agreement, etc.

又例如,個別的資料擁有者與個別的資料請求者之間,可共同簽署各種合適的資料授權協議、資料分享協議、資料使用協議、資料查核協議、和/或資料稽核協議等等。 For another example, individual data owners and individual data requesters can jointly sign various appropriate data authorization agreements, data sharing agreements, data use agreements, data verification agreements, and/or data audit agreements, etc.

又例如,個別的資料請求者與運營第三方服務子系統150的特定服務提供商之間,可共同簽署各種合適的資料索引規範協議、資料查詢協議、資料分享協議、資料使用協議、資料傳輸協議、和/或服務協議等等。 For another example, individual data requesters and specific service providers operating the third-party service subsystem 150 may jointly sign various appropriate data indexing specification agreements, data query agreements, data sharing agreements, data use agreements, and data transmission agreements. , and/or service agreement, etc.

如圖1所示,資料擁有者裝置110包含一通信電路111、一區塊鏈運算電路113、一資料庫115、以及一控制電路117。資料請求者裝置130包含一通信電路131、一區塊鏈運算電路133、一資料庫135、以及一控制電路137。第三方服務子系統150包含一通信電路151、一區塊鏈運算電路153、一資料庫155、以及一資料伺服器157。區塊鏈節點叢集160包含有多個區塊鏈節點(block chain node),例如, 圖1中所繪示的示例性區塊鏈節點161~167。 As shown in FIG. 1 , the data owner device 110 includes a communication circuit 111 , a blockchain operation circuit 113 , a database 115 , and a control circuit 117 . The data requester device 130 includes a communication circuit 131, a blockchain operation circuit 133, a database 135, and a control circuit 137. The third-party service subsystem 150 includes a communication circuit 151, a blockchain computing circuit 153, a database 155, and a data server 157. The blockchain node cluster 160 includes multiple blockchain nodes, for example, Exemplary blockchain nodes 161~167 are illustrated in Figure 1.

在資料擁有者裝置110中,通信電路111設置成可透過網際網路或其他網路與第三方服務子系統150以及區塊鏈子系統170進行資料通信。區塊鏈運算電路113耦接於通信電路111,用於扮演區塊鏈子系統170的節點之一,並可做為資料擁有者裝置110與區塊鏈子系統170之間的溝通橋樑。資料庫115用於儲存要傳送給第三方服務子系統150的資料。控制電路117耦接於通信電路111、區塊鏈運算電路113、以及資料庫115,並設置成控制前述裝置的運作。 In the data owner device 110, the communication circuit 111 is configured to communicate data with the third-party service subsystem 150 and the blockchain subsystem 170 through the Internet or other networks. The blockchain computing circuit 113 is coupled to the communication circuit 111 for acting as one of the nodes of the blockchain subsystem 170 and as a communication bridge between the data owner device 110 and the blockchain subsystem 170 . The database 115 is used to store data to be transmitted to the third-party service subsystem 150 . The control circuit 117 is coupled to the communication circuit 111, the blockchain computing circuit 113, and the database 115, and is configured to control the operation of the aforementioned devices.

在資料請求者裝置130中,通信電路131設置成可透過網際網路或其他網路與第三方服務子系統150以及區塊鏈子系統170進行資料通信。區塊鏈運算電路133耦接於通信電路131,用於扮演區塊鏈子系統170的節點之一,並可做為資料請求者裝置130與區塊鏈子系統170之間的溝通橋樑。資料庫135用於儲存從第三方服務子系統150取得的資料。控制電路137耦接於通信電路131、區塊鏈運算電路133、以及資料庫135,並設置成控制前述裝置的運作。 In the data requester device 130, the communication circuit 131 is configured to communicate data with the third-party service subsystem 150 and the blockchain subsystem 170 through the Internet or other networks. The blockchain computing circuit 133 is coupled to the communication circuit 131 for acting as one of the nodes of the blockchain subsystem 170 and as a communication bridge between the data requester device 130 and the blockchain subsystem 170 . The database 135 is used to store data obtained from the third-party service subsystem 150 . The control circuit 137 is coupled to the communication circuit 131, the blockchain computing circuit 133, and the database 135, and is configured to control the operation of the aforementioned devices.

去中心化資料授權控管系統100中的其他資料擁有者裝置(例如,資料擁有者裝置120),皆可具有與資料擁有者裝置110類似的主要架構,但實作上並不侷限所有資料擁有者裝置都要具有完全相同的電路架構。同樣地,去中心化資料授權控管系統100中的其他資料請求者裝置(例如,資料請求者裝置140),皆可具有與資料請求者裝置130類似的主要架構,但實作上也不侷限所有資料請求者裝置都要具有完全相同的電路架構。 Other data owner devices (for example, the data owner device 120) in the decentralized data authorization control system 100 can have a similar main structure to the data owner device 110, but the implementation is not limited to all data owners. Both devices must have exactly the same circuit architecture. Similarly, other data requestor devices (for example, the data requestor device 140) in the decentralized data authorization control system 100 can have a similar main architecture to the data requestor device 130, but there are no limitations in implementation. All data requestor devices must have exactly the same circuit architecture.

在第三方服務子系統150中,通信電路151設置成可透過網際網路或其他網路,與區塊鏈子系統170、個別資料擁有者裝置、以及個別資料請求者裝置進行資料通信。區塊鏈運算電路153耦接於通信電路151,用於扮演區塊鏈子系統170的節點之一,並可做為第三方服務子系統150與區塊鏈子系統170之間的溝通橋樑。資料庫155用於 儲存不同的資料擁有者所提供的資料。資料伺服器157耦接於通信電路151、區塊鏈運算電路153、以及資料庫155,並設置成控制前述裝置的運作。 In the third-party service subsystem 150, the communication circuit 151 is configured to communicate data with the blockchain subsystem 170, individual data owner devices, and individual data requestor devices through the Internet or other networks. The blockchain computing circuit 153 is coupled to the communication circuit 151 for acting as one of the nodes of the blockchain subsystem 170 and as a communication bridge between the third-party service subsystem 150 and the blockchain subsystem 170 . Database 155 is used for Store data provided by different data owners. The data server 157 is coupled to the communication circuit 151, the blockchain computing circuit 153, and the database 155, and is configured to control the operation of the aforementioned devices.

在實際應用中,前述的第三方服務子系統150可以是提供單一類型服務(例如,雲端儲存服務、多媒體檔案分享服務、生活紀錄分享服務、社群服務、財務管理服務、健康資訊管理服務等等)的系統,也可以是提供多種複合型服務的系統(例如,雲端儲存服務搭配電子郵件服務、多媒體資料分享服務搭配即時通訊服務、社群服務搭配多媒體串流服務、企業資源規劃(ERP)雲端服務搭配資料庫服務等等)。 In practical applications, the aforementioned third-party service subsystem 150 may provide a single type of service (for example, cloud storage service, multimedia file sharing service, life record sharing service, community service, financial management service, health information management service, etc. ), or it can be a system that provides multiple composite services (for example, cloud storage service combined with email service, multimedia data sharing service combined with instant messaging service, community service combined with multimedia streaming service, enterprise resource planning (ERP) cloud services with database services, etc.).

本實施例中的區塊鏈子系統170,是由資料擁有者裝置110中的區塊鏈運算電路113、資料請求者裝置130中的區塊鏈運算電路133、第三方服務子系統150中的區塊鏈運算電路153、以及區塊鏈節點叢集160中的多個區塊鏈節點161~167所共同組成。 The blockchain subsystem 170 in this embodiment is composed of the blockchain computing circuit 113 in the data owner device 110, the blockchain computing circuit 133 in the data requester device 130, and the zone in the third-party service subsystem 150. The block chain operation circuit 153 is composed of a plurality of block chain nodes 161 to 167 in the block chain node cluster 160 .

實作上,通信電路111、131、與151皆可利用符合相關網路通信、無線通信、或是行動通信規範的各種適當電路來實現,例如網路卡(Network Interface Card,NIC)、無線傳輸(Wi-Fi)電路、或是行動通信電路等等。區塊鏈運算電路113、133、153、與區塊鏈節點161~167,皆可用適合進行區塊鏈的共識決演算法(consensus algorithm)運算的一個或多個處理器模組或電腦系統來實現。資料庫115、135、與155皆可利用各種關聯式資料庫或非關聯式資料庫來實現。控制電路117與137皆可利用具有適當運算能力的一個或多個處理器模組、單一電腦系統、或是多個電腦系統的組合來實現。資料伺服器157可以用單一伺服器來實現,也可以用位於相同地理區域、或是位於不同地理區域的多個伺服器組合來實現。 In practice, the communication circuits 111, 131, and 151 can be implemented using various appropriate circuits that comply with relevant network communication, wireless communication, or mobile communication specifications, such as network interface cards (NICs), wireless transmission (Wi-Fi) circuit, or mobile communication circuit, etc. The blockchain computing circuits 113, 133, 153, and the blockchain nodes 161~167 can all be operated by one or more processor modules or computer systems suitable for performing blockchain consensus algorithm operations. Realize. Databases 115, 135, and 155 can be implemented using various relational databases or non-relational databases. Both the control circuits 117 and 137 can be implemented using one or more processor modules with appropriate computing capabilities, a single computer system, or a combination of multiple computer systems. The data server 157 can be implemented by a single server or a combination of multiple servers located in the same geographical area or in different geographical areas.

在某些實施例中,可將區塊鏈運算電路113整合到控制電路117中,和/或將區塊鏈運算電路133整合到控制電路137中。同樣地,也可將 區塊鏈運算電路153整合到資料伺服器157中。 In some embodiments, the blockchain computing circuit 113 may be integrated into the control circuit 117 , and/or the blockchain computing circuit 133 may be integrated into the control circuit 137 . Similarly, one can also The blockchain computing circuit 153 is integrated into the data server 157 .

請注意,前述的資料擁有者裝置110、資料請求者裝置130、以及第三方服務子系統150,在實際實施時皆可設置供用戶進行操控所需的人機介面裝置(例如,顯示器、鍵盤、滑鼠、觸控螢幕、聲控模組等等),但為了簡化圖面內容起見,這些人機介面裝置並未繪示在圖1中。 Please note that the aforementioned data owner device 110, data requester device 130, and third-party service subsystem 150 may be equipped with human-machine interface devices (such as monitors, keyboards, etc.) required for user control during actual implementation. mouse, touch screen, voice control module, etc.), but in order to simplify the drawing content, these human-machine interface devices are not shown in Figure 1.

在資料擁有者裝置110所對應的資料擁有者是個人的應用環境中,資料擁有者裝置110可以利用具備聯網功能與合適運算能力的終端設備來實現,例如,平板電腦、桌上型電腦、筆記型電腦、行動通信裝置(例如,智慧型手機、穿戴式裝置等)、或是其他類似的裝置。同樣地,在資料請求者裝置130所對應的資料請求者是個人的應用環境中,資料請求者裝置130可以利用具備聯網功能與合適運算能力的終端設備來實現,例如,平板電腦、桌上型電腦、筆記型電腦、行動通信裝置(例如,智慧型手機、穿戴式裝置等)、或是其他類似的裝置。 In an application environment where the data owner corresponding to the data owner device 110 is an individual, the data owner device 110 can be implemented using a terminal device with networking capabilities and appropriate computing capabilities, such as a tablet computer, desktop computer, notebook, etc. Computers, mobile communication devices (such as smartphones, wearable devices, etc.), or other similar devices. Similarly, in an application environment where the data requester corresponding to the data requester device 130 is an individual, the data requester device 130 can be implemented using a terminal device with networking capabilities and appropriate computing capabilities, such as a tablet computer, desktop computer, etc. Computers, laptops, mobile communication devices (such as smartphones, wearable devices, etc.), or other similar devices.

在資料擁有者裝置110所對應的資料擁有者是各種類型的企業或公司組織、財團法人、社團法人、非營利機構、政府機構的應用環境中,資料擁有者裝置110可以利用具備聯網功能與合適運算能力的終端設備或資訊系統來實現,例如,平板電腦、桌上型電腦、筆記型電腦、行動通信裝置、電腦伺服器、管理資訊系統(MIS)、企業資源規劃(ERP)系統、或是其他類似的設備。同樣地,在資料請求者裝置130所對應的資料請求者是各種類型的企業或公司組織、財團法人、社團法人、非營利機構、政府機構的應用環境中,資料請求者裝置130可以利用具備聯網功能與合適運算能力的終端設備或資訊系統來實現,例如,平板電腦、桌上型電腦、筆記型電腦、行動通信裝置、電腦伺服器、管理資訊系統、企業資源規劃系統、或是其他類似的設備。 In an application environment where the data owners corresponding to the data owner device 110 are various types of enterprises or corporate organizations, foundations, corporate associations, non-profit institutions, and government agencies, the data owner device 110 can use an appropriate device with networking capabilities. Computing capabilities of terminal equipment or information systems, such as tablet computers, desktop computers, notebook computers, mobile communication devices, computer servers, management information systems (MIS), enterprise resource planning (ERP) systems, or Other similar devices. Similarly, in application environments where the data requesters corresponding to the data requester device 130 are various types of enterprises or corporate organizations, foundations, legal persons, non-profit institutions, and government agencies, the data requester device 130 can use a network-enabled device. Functions and appropriate computing power of the terminal equipment or information system, such as tablet computers, desktop computers, notebook computers, mobile communication devices, computer servers, management information systems, enterprise resource planning systems, or other similar equipment.

為了方便說明起見,以下將資料擁有者裝置110所對應的特定資料擁有者稱之為資料擁有者D1,將資料擁有者裝置120所對應的特定資料擁有者稱之為資料擁有者D2,將資料請求者裝置130所對應的特定資料請求者稱之為資料請求者R1,並將資料請求者裝置140所對應的特定資料請求者稱之為資料請求者R2。 For convenience of explanation, the specific data owner corresponding to the data owner device 110 is called data owner D1 in the following, the specific data owner corresponding to the data owner device 120 is called data owner D2, and the specific data owner corresponding to the data owner device 120 is called data owner D2. The specific data requester corresponding to the data requester device 130 is called data requester R1, and the specific data requester corresponding to the data requester device 140 is called data requester R2.

實作上,前述的資料擁有者裝置110、資料請求者裝置130、以及第三方服務子系統150,也都可以用設置在各種雲端平台上的虛擬機器、或各種計算實體與儲存實體的組合來實現,並由各自的使用者進行遠端操控。 In practice, the aforementioned data owner device 110, data requester device 130, and third-party service subsystem 150 can also be implemented using virtual machines installed on various cloud platforms, or a combination of various computing entities and storage entities. Implementation and remote control by respective users.

另外,在某些應用環境中,區塊鏈子系統170可以用各種公有鏈的架構來實現。在另一些應用環境中,則可用私有鏈或聯盟鏈的架構來實現區塊鏈子系統170,以縮短相關運算所需的時間、提升區塊鏈子系統170的運作效率。 In addition, in some application environments, the blockchain subsystem 170 can be implemented using various public chain architectures. In other application environments, the blockchain subsystem 170 can be implemented using a private chain or consortium chain architecture to shorten the time required for related operations and improve the operational efficiency of the blockchain subsystem 170 .

以下將搭配圖2至圖3來進一步說明去中心化資料授權控管系統100進行資料授權控管的前期運作流程。圖2為本發明一實施例的資料授權政策管理方法簡化後的流程圖。圖3為去中心化資料授權控管系統100中的區塊鏈子系統170與其他成員裝置之間簡化後的功能模組關係示意圖。 The following will further explain the preliminary operation process of the decentralized data authorization control system 100 for data authorization control with reference to Figures 2 to 3. FIG. 2 is a simplified flow chart of a data authorization policy management method according to an embodiment of the present invention. Figure 3 is a schematic diagram of a simplified functional module relationship between the blockchain subsystem 170 and other member devices in the decentralized data authorization control system 100.

在圖2的流程圖中,位於一特定裝置所屬欄位中的流程,即代表由該特定裝置所進行的流程。例如,標記在「資料擁有者裝置」欄位中的部分,是由資料擁有者裝置110~120的其中之一所進行的流程;標記在「第三方服務子系統」欄位中的部分,是由第三方服務子系統150所進行的流程;標記在「區塊鏈子系統」欄位中的部分,則是由區塊鏈子系統170所進行的流程;其餘依此類推。前述的邏輯也適用於後續的其他流程圖中。 In the flowchart of FIG. 2, the process located in the column to which a specific device belongs represents the process performed by the specific device. For example, the part marked in the "Data Owner Device" field is the process performed by one of the data owner devices 110~120; the part marked in the "Third Party Service Subsystem" field is The process performed by the third-party service subsystem 150; the part marked in the "Blockchain Subsystem" field is the process performed by the Blockchain Subsystem 170; the rest can be deduced by analogy. The aforementioned logic also applies to other subsequent flow charts.

為了方便說明起見,以下將以資料擁有者裝置110所對應的資料擁有者D1要使用去中心化資料授權控管系統100的資料權限控管服務 的情境為例,來說明去中心化資料授權控管系統100的前期運作流程。 For the sake of convenience of explanation, below it is assumed that the data owner D1 corresponding to the data owner device 110 wants to use the data permission control service of the decentralized data authorization control system 100 Take the scenario as an example to illustrate the preliminary operation process of the decentralized data authorization control system 100.

如圖2所示,每次資料擁有者D1要將特定資料提供給第三方服務子系統150進行儲存時,可利用資料擁有者裝置110進行流程202。在此情況下,第三方服務子系統150會相應進行流程204。換言之,流程202與流程204可以是間歇性進行的運作。 As shown in FIG. 2 , each time the data owner D1 wants to provide specific data to the third-party service subsystem 150 for storage, the data owner device 110 can be used to perform the process 202 . In this case, the third-party service subsystem 150 will perform the process 204 accordingly. In other words, the process 202 and the process 204 may be performed intermittently.

在流程202中,控制電路117可利用通信電路111將資料擁有者D1所選擇或提供的目標資料,透過各種資料傳輸方式提供給第三方服務子系統150。實作上,前述的目標資料可以是各種數位文件、各種程式檔案、和/或各種多媒體資料等等。 In process 202, the control circuit 117 can use the communication circuit 111 to provide the target data selected or provided by the data owner D1 to the third-party service subsystem 150 through various data transmission methods. In practice, the aforementioned target data can be various digital files, various program files, and/or various multimedia data, etc.

在流程204中,第三方服務子系統150的通信電路151會接收資料擁有者裝置110傳來的目標資料,且資料伺服器157會將接收到的目標資料儲存在資料庫155中。 In process 204 , the communication circuit 151 of the third-party service subsystem 150 receives the target data from the data owner device 110 , and the data server 157 stores the received target data in the database 155 .

另一方面,區塊鏈子系統170的運營者或具有權限的特定人員可利用合適的編程方式,將後續進行資料授權控管所需的相關智能合約部署在區塊鏈子系統170中。在實際應用中,前述具有權限的特定人員,可以是由區塊鏈子系統170的運營單位、第三方服務子系統150的運營單位、相關資料擁有者、和/或相關資料請求者所共同組成的工作群組中的特定人員,或是參與去中心化資料授權控管系統100運作的特定人員。 On the other hand, the operator of the blockchain subsystem 170 or a specific person with authority can use appropriate programming methods to deploy relevant smart contracts required for subsequent data authorization control in the blockchain subsystem 170 . In practical applications, the aforementioned specific persons with authority may be composed of the operating unit of the blockchain subsystem 170, the operating unit of the third-party service subsystem 150, relevant data owners, and/or relevant data requesters. Specific personnel in the work group, or specific personnel involved in the operation of the decentralized data authorization control system 100.

例如,區塊鏈子系統170的運營者或建構人員可編輯並建立包含訊標管理規則的一智能合約,並利用合適的通信裝置(例如,電腦)將該智能合約以交易信息(transaction message)的形式傳送至區塊鏈子系統170,並指示區塊鏈子系統170對該智能合約進行認證。此時,區塊鏈子系統170會進行流程206,利用多個節點執行合適的共識決演算法來對包含訊標管理規則的智能合約進行認證。倘若該智能合約通過區塊鏈子系統170的認證,區塊鏈子系統170便會將該智 能合約以資料區塊的形式儲存在區塊鏈子系統170的區塊鏈帳本中,以完成將一訊標管理智能合約362部署到區塊鏈子系統170中的程序。在後續的運作階段中,區塊鏈子系統170可利用訊標管理智能合約362來檢核及控管與個別資料擁有者相應的不同訊標的有效性。 For example, the operator or builder of the blockchain subsystem 170 can edit and create a smart contract containing token management rules, and use an appropriate communication device (eg, computer) to convert the smart contract into a transaction message. The form is sent to the blockchain subsystem 170 and instructs the blockchain subsystem 170 to authenticate the smart contract. At this time, the blockchain subsystem 170 will perform the process 206, using multiple nodes to execute an appropriate consensus decision algorithm to authenticate the smart contract containing the token management rules. If the smart contract passes the certification of the blockchain subsystem 170, the blockchain subsystem 170 will The energy contract is stored in the blockchain ledger of the blockchain subsystem 170 in the form of a data block to complete the process of deploying a token management smart contract 362 into the blockchain subsystem 170 . In subsequent operational stages, the blockchain subsystem 170 may utilize the beacon management smart contract 362 to check and control the validity of different beacons corresponding to individual data owners.

同樣地,區塊鏈子系統170的運營者或建構人員可編輯並建立包含資料授權政策管理規則的一智能合約,並利用合適的通信裝置(例如,電腦)將該智能合約以交易信息的形式傳送至區塊鏈子系統170,並指示區塊鏈子系統170對該智能合約進行認證。此時,區塊鏈子系統170會進行流程208,利用多個節點執行合適的共識決演算法來對包含資料授權政策管理規則的智能合約進行認證。倘若該智能合約通過區塊鏈子系統170的認證,區塊鏈子系統170便會將該智能合約以資料區塊的形式儲存在區塊鏈子系統170的區塊鏈帳本中,以完成將一授權政策智能合約364部署到區塊鏈子系統170中的程序。在後續的運作階段中,區塊鏈子系統170可利用授權政策智能合約364來進行個別資料擁有者所設定的資料授權政策的版本控制。 Similarly, the operator or constructor of the blockchain subsystem 170 can edit and create a smart contract containing data authorization policy management rules, and use an appropriate communication device (eg, computer) to transmit the smart contract in the form of transaction information. to the blockchain subsystem 170, and instructs the blockchain subsystem 170 to authenticate the smart contract. At this time, the blockchain subsystem 170 will perform the process 208, using multiple nodes to execute an appropriate consensus decision algorithm to authenticate the smart contract containing the data authorization policy management rules. If the smart contract passes the certification of the blockchain subsystem 170, the blockchain subsystem 170 will store the smart contract in the form of a data block in the blockchain ledger of the blockchain subsystem 170 to complete an authorization. The policy smart contract 364 is deployed to the program in the blockchain subsystem 170 . In subsequent operational stages, the blockchain subsystem 170 may utilize the authorization policy smart contract 364 to perform version control of the data authorization policy set by individual data owners.

如圖2所示,第三方服務子系統150的管理者或操作人員,可利用第三方服務子系統150搭配區塊鏈子系統170進行流程210~214,以在區塊鏈子系統170中部署可供第三方服務子系統150檢核及回應其他資料請求者裝置傳來的資料請求所需的相關智能合約。 As shown in Figure 2, managers or operators of the third-party service subsystem 150 can use the third-party service subsystem 150 to cooperate with the blockchain subsystem 170 to perform processes 210~214 to deploy available services in the blockchain subsystem 170. The third-party service subsystem 150 checks and responds to relevant smart contracts required for data requests from other data requestor devices.

在流程210中,第三方服務子系統150的資料伺服器157可在其管理者或操作人員的操控下,依據運營第三方服務子系統150的特定服務提供者(在此稱為第三方服務提供者)與一或多個特定資料請求者共同同意的資料查詢協議,建立一或多個相應的資料查詢智能合約366。實作上,資料伺服器157可針對不同的資料請求者分別建立多個不同的資料查詢智能合約366,或是將多個資料請求者所對應的不同資料查詢協議,都整合在同一資料查詢智能合約366中。 In the process 210, the data server 157 of the third-party service subsystem 150 can be controlled by its administrator or operator according to the specific service provider (herein referred to as the third-party service provider) that operates the third-party service subsystem 150. (or) a data query agreement jointly agreed with one or more specific data requesters to establish one or more corresponding data query smart contracts 366. In practice, the data server 157 can establish multiple different data query smart contracts 366 for different data requesters, or integrate different data query protocols corresponding to multiple data requesters into the same data query smart contract. In contract 366.

例如,資料伺服器157可針對資料請求者裝置130所對應的資料請求 者R1建立一個專用(dedicated)的資料查詢智能合約366,並針對資料請求者裝置140所對應的資料請求者R2建立另一個不同的資料查詢智能合約366。或者,資料伺服器157也可將資料請求者R1所對應的資料查詢協議以及資料請求者R2所對應的資料查詢協議,都整合在同一個資料查詢智能合約366中。 For example, the data server 157 may request data corresponding to the data requester device 130 The user R1 establishes a dedicated data query smart contract 366, and establishes another different data query smart contract 366 for the data requester R2 corresponding to the data requester device 140. Alternatively, the data server 157 can also integrate the data query protocol corresponding to the data requester R1 and the data query protocol corresponding to the data requester R2 into the same data query smart contract 366.

在流程212中,資料伺服器157可利用通信電路151或區塊鏈運算電路153,使用第三方服務提供者所對應的一預定訊標,將產生的一或多個資料查詢智能合約366傳送給區塊鏈子系統170,並指示區塊鏈子系統170對前述的資料查詢智能合約366進行認證。 In the process 212, the data server 157 can use the communication circuit 151 or the blockchain computing circuit 153 to use a predetermined beacon corresponding to the third-party service provider to send the generated one or more data query smart contracts 366 to Blockchain subsystem 170, and instructs the blockchain subsystem 170 to authenticate the aforementioned data query smart contract 366.

在此情況下,區塊鏈子系統170會進行流程214,利用多個節點執行合適的共識決演算法來對接收到的資料查詢智能合約366進行認證。倘若資料查詢智能合約366通過區塊鏈子系統170的認證,區塊鏈子系統170便會將前述的資料查詢智能合約366以資料區塊的形式儲存在區塊鏈子系統170的區塊鏈帳本中,以完成將前述的資料查詢智能合約366部署到區塊鏈子系統170中的程序。在後續的運作階段中,區塊鏈子系統170可利用資料查詢智能合約366來對第三方服務子系統150進行身分驗證,而第三方服務子系統150則可利用資料查詢智能合約366來檢核個別資料請求者想要取用的資料是否屬於協議範圍內的資料。只有在第三方服務子系統150能通過資料查詢智能合約366的身分驗證程序的情況下,區塊鏈子系統170才會允許第三方服務子系統150執行授權政策智能合約364或是讀取授權政策智能合約364的內容。 In this case, the blockchain subsystem 170 will perform the process 214 to use multiple nodes to execute an appropriate consensus decision algorithm to authenticate the received data query smart contract 366. If the data query smart contract 366 passes the certification of the blockchain subsystem 170, the blockchain subsystem 170 will store the aforementioned data query smart contract 366 in the form of a data block in the blockchain ledger of the blockchain subsystem 170. , to complete the process of deploying the aforementioned data query smart contract 366 into the blockchain subsystem 170. In the subsequent operation phase, the blockchain subsystem 170 can use the data query smart contract 366 to authenticate the third-party service subsystem 150, and the third-party service subsystem 150 can use the data query smart contract 366 to verify the individual identity. Whether the data the data requester wants to access falls within the scope of the agreement. Only when the third-party service subsystem 150 can query the identity verification program of the smart contract 366 through data, the blockchain subsystem 170 will allow the third-party service subsystem 150 to execute the authorization policy smart contract 364 or read the authorization policy intelligence. The contents of contract 364.

當前述的資料擁有者D1要啟用去中心化資料授權控管系統100的資料權限控管服務時,可利用資料擁有者裝置110進行流程216。在此情況下,區塊鏈子系統170會相應進行流程218。 When the aforementioned data owner D1 wants to activate the data permission control service of the decentralized data authorization control system 100, the data owner device 110 can be used to perform the process 216. In this case, the blockchain subsystem 170 will proceed with the process 218 accordingly.

在流程216中,資料擁有者裝置110的控制電路117會產生一授權服務啟用請求,並利用通信電路111或區塊鏈運算電路113傳送 (transmit)該授權服務啟用請求給區塊鏈子系統170。 In process 216, the control circuit 117 of the data owner device 110 generates an authorization service activation request and transmits it using the communication circuit 111 or the blockchain operation circuit 113. (transmit) the authorization service enablement request to the blockchain subsystem 170 .

在流程218中,區塊鏈子系統170會依據該授權服務啟用請求執行前述的訊標管理智能合約362,以產生與資料擁有者裝置110(或其對應的資料擁有者D1)相對應的一授權訊標(authorization token),並移轉(transfer)該授權訊標給資料擁有者裝置110。在一實施例中,訊標管理智能合約362還可對該授權訊標設置相應的一或多個有效性查核參數,例如,一適格使用時段(valid time-slots of use)、一有效期限(expiration period)、一適格地理區域(valid geographical region)、一適格擁有者(valid owner)、和/或一適格的來源網路位址(valid source network address)等等。 In process 218, the blockchain subsystem 170 will execute the aforementioned beacon management smart contract 362 according to the authorization service activation request to generate an authorization corresponding to the data owner device 110 (or its corresponding data owner D1). authorization token, and transfer the authorization token to the data owner device 110. In one embodiment, the beacon management smart contract 362 can also set one or more corresponding validity check parameters for the authorization beacon, for example, a valid time-slots of use, a validity period ( expiration period), a valid geographical region, a valid owner, and/or a valid source network address, etc.

此時,資料擁有者裝置110的通信電路111或區塊鏈運算電路113會進行流程220,以獲取(acquire)由區塊鏈子系統170移轉過來的授權訊標,使得資料擁有者裝置110成為該授權訊標的當前擁有者(current owner)。 At this time, the communication circuit 111 or the blockchain operation circuit 113 of the data owner device 110 will perform the process 220 to acquire the authorization token transferred from the blockchain subsystem 170, so that the data owner device 110 becomes The current owner of the authorization beacon.

在流程222中,資料擁有者裝置110的控制電路117可在資料擁有者D1的操控下,將資料擁有者D1與個別資料請求者共同同意的資料授權政策進行加密,以產生一相應的資料授權政策密文(encrypted data authorization policy)。控制電路117可依據資料擁有者D1的操控,分別針對不同資料請求者設定不同的資料授權政策,也可以針對不同的資料請求者設定相同的資料授權政策。在運作時,控制電路117可利用預定的加密金鑰對個別的資料授權政策進行加密,以產生一相應的資料授權政策密文。 In process 222, the control circuit 117 of the data owner device 110 may, under the control of the data owner D1, encrypt the data authorization policy jointly agreed by the data owner D1 and the individual data requester to generate a corresponding data authorization Policy ciphertext (encrypted data authorization policy). The control circuit 117 can set different data authorization policies for different data requesters according to the control of the data owner D1, or can set the same data authorization policy for different data requesters. During operation, the control circuit 117 may encrypt individual data authorization policies using a predetermined encryption key to generate a corresponding data authorization policy ciphertext.

實作上,控制電路117可分別利用不同的加密金鑰來加密不同資料請求者所對應的資料授權政策,以產生分別對應於多個資料請求者的多個資料授權政策密文。或者,控制電路117也可利用同一加密金鑰來加密不同資料請求者所對應的資料授權政策,以產生分別對應於多個資料請求者的多個資料授權政策密文。換言之,控制電路 117在加密不同資料請求者所對應的資料授權政策時,可使用相同的加密金鑰,也可分別使用不同的加密金鑰。 In practice, the control circuit 117 can respectively use different encryption keys to encrypt the data authorization policies corresponding to different data requesters, so as to generate multiple data authorization policy ciphertexts respectively corresponding to multiple data requesters. Alternatively, the control circuit 117 may also use the same encryption key to encrypt data authorization policies corresponding to different data requesters to generate multiple data authorization policy ciphertexts respectively corresponding to multiple data requesters. In other words, the control circuit 117 When encrypting the data authorization policies corresponding to different data requesters, the same encryption key can be used, or different encryption keys can be used.

在流程224中,控制電路117可利用通信電路111或區塊鏈運算電路113,使用該授權訊標將所產生的一或多個資料授權政策密文傳送給區塊鏈子系統170。 In process 224, the control circuit 117 may utilize the communication circuit 111 or the blockchain computing circuit 113 to transmit the generated one or more data authorization policy ciphertexts to the blockchain subsystem 170 using the authorization beacon.

在流程226中,區塊鏈子系統170可將資料擁有者裝置110傳來的一或多個資料授權政策密文,記錄在授權政策智能合約364中,以做為資料擁有者裝置110所對應的一當前資料授權政策(current data authorization policy)。 In process 226 , the blockchain subsystem 170 may record one or more data authorization policy ciphertexts sent from the data owner device 110 in the authorization policy smart contract 364 as the data corresponding to the data owner device 110 . A current data authorization policy.

由前述圖2的流程圖說明可知,由資料擁有者裝置110所產生、且包含資料授權政策的資料授權政策密文,會被記錄在區塊鏈子系統170中。如此一來,只有具備正確解密金鑰、且有權存取區塊鏈子系統170的裝置,才能從區塊鏈子系統170中讀取並解密該資料授權政策密文。這樣的做法可大幅降低資料擁有者裝置110所設定的資料授權政策被惡意人士竊取或竄改的可能性。 As can be seen from the flowchart description of FIG. 2 , the data authorization policy cipher text generated by the data owner device 110 and containing the data authorization policy will be recorded in the blockchain subsystem 170 . In this way, only a device with the correct decryption key and the right to access the blockchain subsystem 170 can read and decrypt the data authorization policy ciphertext from the blockchain subsystem 170 . This approach can significantly reduce the possibility that the data authorization policy set by the data owner device 110 will be stolen or tampered with by malicious parties.

在去中心化資料授權控管系統100中,其他資料擁有者裝置所對應的資料擁有者(例如,對應於資料擁有者裝置120的資料擁有者D2),可比照前述方式使用相關的資料擁有者裝置,將該資料擁有者與個別資料請求者共同同意的資料授權政策進行加密,以產生一或多個相應的資料授權政策密文,並將產生的資料授權政策密文傳送到區塊鏈子系統170,由區塊鏈子系統170記錄在授權政策智能合約364中。 In the decentralized data authorization control system 100, the data owners corresponding to other data owner devices (for example, the data owner D2 corresponding to the data owner device 120) can use the relevant data owners in the aforementioned manner. A device that encrypts the data authorization policy mutually agreed upon by the data owner and the individual data requester to generate one or more corresponding data authorization policy ciphertexts, and transmits the generated data authorization policy ciphertext to the blockchain subsystem 170, recorded in the authorization policy smart contract 364 by the blockchain subsystem 170.

實作上,區塊鏈子系統170可以只建立單一授權政策智能合約364,並將不同的資料擁有者所產生的多個資料授權政策密文,都記錄在同一授權政策智能合約364中。 In practice, the blockchain subsystem 170 can only establish a single authorization policy smart contract 364, and record multiple data authorization policy ciphertexts generated by different data owners in the same authorization policy smart contract 364.

或者,區塊鏈子系統170也可以針對不同的資料擁有者分別建立不同的授權政策智能合約364。例如,區塊鏈子系統170可針對資料擁 有者D1建立一個專用的授權政策智能合約364,用以記錄資料擁有者D1所產生的一或多個資料授權政策密文,並為資料擁有者D2建立另一個不同的授權政策智能合約364,用以記錄資料擁有者D2所產生的一或多個資料授權政策密文。 Alternatively, the blockchain subsystem 170 can also establish different authorization policy smart contracts 364 for different data owners. For example, the blockchain subsystem 170 can target data owners Someone D1 creates a dedicated authorization policy smart contract 364 to record one or more data authorization policy ciphertexts generated by the data owner D1, and creates another different authorization policy smart contract 364 for the data owner D2. Used to record one or more data authorization policy secrets generated by the data owner D2.

請注意,前述圖2中的流程執行順序只是一示範性的實施例,並非侷限本發明的實際實施方式。例如,流程202、流程206、流程208、與流程214的順序可以任意調整。流程210可以調整到流程202之前進行,也可以和流程202同時進行。流程208也可調整到流程224與流程226之間進行。 Please note that the aforementioned process execution sequence in Figure 2 is only an exemplary embodiment and does not limit the actual implementation of the present invention. For example, the order of process 202, process 206, process 208, and process 214 can be adjusted arbitrarily. Process 210 can be adjusted to be performed before process 202, or can be performed simultaneously with process 202. Process 208 can also be adjusted to be performed between process 224 and process 226.

另外,區塊鏈子系統170的運營者或建構人員亦可改用其他方式將前述的資料查詢智能合約366部署到區塊鏈子系統170中,在此情況下,則可將流程210與流程212省略。 In addition, the operator or constructor of the blockchain subsystem 170 can also use other methods to deploy the aforementioned data query smart contract 366 into the blockchain subsystem 170. In this case, the process 210 and the process 212 can be omitted. .

接著,請參考圖4,其所繪示為本發明一實施例的檢核區塊鏈子系統170中的資料授權政策是否正確的方法簡化後的流程圖。 Next, please refer to FIG. 4 , which illustrates a simplified flow chart of a method for checking whether the data authorization policy in the blockchain subsystem 170 is correct according to an embodiment of the present invention.

如前所述,只有具備正確解密金鑰、且有權存取區塊鏈子系統170的裝置,才能從區塊鏈子系統170中讀取並解密資料擁有者裝置110所產生的資料授權政策密文。 As mentioned above, only a device with the correct decryption key and the right to access the blockchain subsystem 170 can read and decrypt the data authorization policy ciphertext generated by the data owner device 110 from the blockchain subsystem 170 .

在某些應用中,較嚴謹的資料請求者可能會需要檢核儲存在區塊鏈子系統170中、由資料擁有者裝置110所產生的資料授權政策密文的內容,是否跟資料請求者與資料擁有者D1所共同同意的版本相符。 In some applications, more serious data requesters may need to check whether the content of the data authorization policy cipher text stored in the blockchain subsystem 170 and generated by the data owner device 110 is consistent with the data requester and the data. The version agreed upon by owner D1 matches.

為了方便說明起見,以下將以資料請求者裝置130所對應的資料請求者R1需要檢核資料擁有者裝置110所產生的資料授權政策的正確性的情境為例,來說明去中心化資料授權控管系統100在圖4中的相關運作流程。 For convenience of explanation, decentralized data authorization will be explained below by taking the scenario where the data requester R1 corresponding to the data requester device 130 needs to check the correctness of the data authorization policy generated by the data owner device 110 as an example. The relevant operation flow of the control system 100 in FIG. 4 .

為了讓資料請求者裝置130能夠檢核資料擁有者裝置110所產生的資料授權政策的正確性,資料擁有者裝置110可在相應的資料擁有者D1的操控下,進行圖4中的流程402。在此情況下,資料請求者裝置 130會相應進行流程404。 In order to allow the data requester device 130 to check the correctness of the data authorization policy generated by the data owner device 110, the data owner device 110 can perform the process 402 in Figure 4 under the control of the corresponding data owner D1. In this case, the data requester device 130 will proceed to process 404 accordingly.

在流程402中,資料擁有者裝置110的控制電路117可透過通信電路111,傳送資料擁有者裝置110所對應的授權訊標的一識別資料(以下稱之為訊標識別資料,token identification data)、以及可用來解密對應於資料請求者R1的資料授權政策密文的一目標金鑰,給資料請求者裝置130。 In process 402, the control circuit 117 of the data owner device 110 may transmit an identification data (hereinafter referred to as token identification data) of the authorization token corresponding to the data owner device 110 through the communication circuit 111, and a target key that can be used to decrypt the data authorization policy ciphertext corresponding to the data requester R1 to the data requester device 130 .

在流程404中,資料請求者裝置130的通信電路131會接收資料擁有者裝置110傳來的訊標識別資料及目標金鑰,且控制電路137可將接收到的訊標識別資料及目標金鑰,儲存在資料庫135或其他合適的儲存電路(圖中未繪示)中。 In process 404, the communication circuit 131 of the data requester device 130 will receive the beacon identification data and the target key transmitted from the data owner device 110, and the control circuit 137 may convert the received beacon identification data and target key , stored in the database 135 or other suitable storage circuits (not shown in the figure).

當資料請求者裝置130所對應的資料請求者R1想要檢核儲存在區塊鏈子系統170中、由資料擁有者裝置110所產生的資料授權政策密文的正確性時,可利用資料請求者裝置130進行流程406。 When the data requester R1 corresponding to the data requester device 130 wants to check the correctness of the data authorization policy cipher text stored in the blockchain subsystem 170 and generated by the data owner device 110, the data requester can be used Device 130 proceeds to process 406.

在流程406中,資料請求者裝置130的控制電路137可產生與前述的訊標識別資料有關的一授權政策查詢請求(authorization policy inquiry request),並透過通信電路131或區塊鏈運算電路133將授權政策查詢請求傳送給區塊鏈子系統170。例如,控制電路137可將訊標識別資料填入授權政策查詢請求的合適欄位中,或是將訊標識別資料做為授權政策查詢請求的附加資訊。 In process 406, the control circuit 137 of the data requester device 130 may generate an authorization policy inquiry request related to the aforementioned beacon identification data, and use the communication circuit 131 or the blockchain computing circuit 133 to The authorization policy query request is transmitted to the blockchain subsystem 170. For example, the control circuit 137 can fill in the token identification data into appropriate fields of the authorization policy query request, or use the token identification data as additional information in the authorization policy query request.

在此情況下,區塊鏈子系統170會進行流程408,以接收資料請求者裝置130傳來的授權政策查詢請求。 In this case, the blockchain subsystem 170 will perform the process 408 to receive the authorization policy query request from the data requester device 130 .

接著,區塊鏈子系統170會進行流程410,執行授權政策智能合約364,以找出該授權政策查詢請求所對應的資料授權政策密文。例如,區塊鏈子系統170可依據該授權政策查詢請求取得一相應的訊標識別資料,再找出利用該訊標識別資料所對應的授權訊標寫入授權政策智能合約364中的資料授權政策密文。 Next, the blockchain subsystem 170 will perform the process 410 to execute the authorization policy smart contract 364 to find out the data authorization policy cipher text corresponding to the authorization policy query request. For example, the blockchain subsystem 170 can obtain a corresponding beacon identification data based on the authorization policy query request, and then find out the data authorization policy written into the authorization policy smart contract 364 using the authorization beacon corresponding to the beacon identification data. cipher text.

由於只有資料擁有者裝置110才有權使用該訊標識別資料所對應的 授權訊標,所以區塊鏈子系統170可根據該訊標識別資料從授權政策智能合約364中找到由資料擁有者裝置110所產生的資料授權政策密文。 Since only the data owner device 110 has the right to use the beacon identification data corresponding to Authorization beacon, so the blockchain subsystem 170 can find the data authorization policy cipher text generated by the data owner device 110 from the authorization policy smart contract 364 based on the beacon identification data.

在流程412中,區塊鏈子系統170會傳送該資料授權政策密文給資料請求者裝置130。 In process 412, the blockchain subsystem 170 transmits the data authorization policy ciphertext to the data requester device 130.

在流程414中,資料請求者裝置130的通信電路131或區塊鏈運算電路133會接收區塊鏈子系統170傳來的資料授權政策密文。 In process 414, the communication circuit 131 or the blockchain computing circuit 133 of the data requester device 130 receives the data authorization policy cipher text from the blockchain subsystem 170.

在流程416中,控制電路137可利用資料擁有者裝置110提供的目標金鑰對資料授權政策密文進行解密,以獲取解密後的資料授權政策。 In process 416, the control circuit 137 may use the target key provided by the data owner device 110 to decrypt the data authorization policy ciphertext to obtain the decrypted data authorization policy.

接著,控制電路137可進行流程418,以檢核解密後的資料授權政策,是否跟資料擁有者裝置110所對應的資料擁有者D1與資料請求者裝置130所對應的資料請求者R1共同同意的一預定版本相符。 Then, the control circuit 137 can perform the process 418 to check whether the decrypted data authorization policy is mutually agreed upon by the data owner D1 corresponding to the data owner device 110 and the data requester R1 corresponding to the data requester device 130 A scheduled version matches.

倘若解密後的資料授權政策跟雙方同意的預定版本不符,資料請求者R1便能透過各種管道向資料擁有者D1反映這項問題,以降低後續雙方產生不必要誤會的可能性。 If the decrypted data authorization policy is inconsistent with the predetermined version agreed by both parties, the data requester R1 can report this problem to the data owner D1 through various channels to reduce the possibility of unnecessary misunderstandings between the two parties in the future.

倘若解密後的資料授權政策跟雙方同意的預定版本相符,資料請求者R1便能確認區塊鏈子系統170上所儲存的資料授權政策密文是正確的。 If the decrypted data authorization policy is consistent with the predetermined version agreed by both parties, the data requester R1 can confirm that the cipher text of the data authorization policy stored on the blockchain subsystem 170 is correct.

在去中心化資料授權控管系統100中,資料請求者R1可比照前述方式使用資料請求者裝置130,來檢核記錄在區塊鏈子系統170中、由其他資料擁有者(例如,資料擁有者D2)所設定、且對應於資料請求者R1的資料授權政策密文的內容是否正確。 In the decentralized data authorization control system 100, the data requester R1 can use the data requester device 130 in the aforementioned manner to verify the information recorded in the blockchain subsystem 170 by other data owners (for example, the data owner D2) Whether the content of the data authorization policy cipher text set and corresponding to the data requester R1 is correct.

同樣地,去中心化資料授權控管系統100中的其他資料請求者(例如,對應於資料請求者裝置140的資料請求者R2),也可比照前述方式使用相關的資料請求者裝置,檢核記錄在區塊鏈子系統170中、由資料擁有者D1(或其他資料擁有者)所設定、且對應於該資料請求者的資料授權政策密文的內容是否正確。 Similarly, other data requesters in the decentralized data authorization control system 100 (for example, the data requestor R2 corresponding to the data requester device 140) can also use the relevant data requestor device to check in the aforementioned manner. Whether the content of the data authorization policy cipher text recorded in the blockchain subsystem 170, set by the data owner D1 (or other data owners), and corresponding to the data requester is correct.

請參考圖5,其所繪示為本發明一實施例的提供可查詢資料清單的方法簡化後的流程圖。 Please refer to FIG. 5 , which illustrates a simplified flow chart of a method for providing a searchable data list according to an embodiment of the present invention.

在許多的應用環境中,資料擁有者會將不同類型或屬性的許多資料儲存在第三方服務子系統150中,但可能不希望第三方服務子系統150將資料擁有者的全部資料都分享給其他資料請求者。 In many application environments, the data owner will store many data of different types or attributes in the third-party service subsystem 150, but may not want the third-party service subsystem 150 to share all the data owner's data with other parties. Data Requester.

為了避免資料請求者向第三方服務子系統150要求的資料項目超出資料擁有者願意授權的範圍,而導致資料請求者的資料請求被第三方服務子系統150拒絕的情況發生,資料請求者可先請求第三方服務子系統150提供一份該資料請求者有權取得的資料清單(以下稱之為可查詢資料清單,accessible data list),以供資料請求者能夠從中挑選想要查詢的資料項目。 In order to prevent the data requestor from requesting data items from the third-party service subsystem 150 that exceeds the scope of the data owner's authorization, resulting in the data requester's data request being rejected by the third-party service subsystem 150, the data requester can first Request the third-party service subsystem 150 to provide a list of data that the data requester is entitled to obtain (hereinafter referred to as an accessible data list), so that the data requester can select the data items he wants to query.

為了方便說明起見,以下將以資料請求者裝置130所對應的資料請求者R1,要求第三方服務子系統150提供一份包含資料擁有者裝置110所對應的資料擁有者D1同意讓資料請求者R1查詢的全部資料類型或資料項目的可查詢資料清單的情境為例,來說明去中心化資料授權控管系統100在圖5中的相關運作流程。 For convenience of explanation, in the following, the data requester R1 corresponding to the data requester device 130 will request the third-party service subsystem 150 to provide a document containing the consent of the data owner D1 corresponding to the data owner device 110 to allow the data requester The scenario of all data types queried by R1 or the queryable data list of data items is taken as an example to illustrate the relevant operation process of the decentralized data authorization control system 100 in Figure 5.

如圖5所示,資料請求者裝置130可在資料請求者R1的控制下進行流程502。 As shown in FIG. 5 , the data requester device 130 may perform process 502 under the control of the data requester R1.

在流程502中,資料請求者裝置130的控制電路137可產生包含資料擁有者裝置110所提供的該訊標識別資料及該目標金鑰的一資料清單請求,並透過通信電路131傳送該資料清單請求給第三方服務子系統150。在此情況下,第三方服務子系統150會相應進行流程504。 In process 502, the control circuit 137 of the data requester device 130 may generate a data list request including the beacon identification data and the target key provided by the data owner device 110, and transmit the data list through the communication circuit 131. Request to third-party service subsystem 150. In this case, the third-party service subsystem 150 will perform process 504 accordingly.

在流程504中,通信電路151會接收資料請求者裝置130傳來的資料清單請求及目標金鑰。資料伺服器157可從該資料清單請求中取得前述的訊標識別資料。 In process 504, the communication circuit 151 receives the data list request and the target key from the data requester device 130. The data server 157 can obtain the aforementioned beacon identification data from the data list request.

在流程506中,第三方服務子系統150的資料伺服器157可產生與前述的訊標識別資料有關的一授權政策查詢請求,並透過通信電路 151或區塊鏈運算電路153將授權政策查詢請求傳送給區塊鏈子系統170。例如,資料伺服器157可將訊標識別資料填入授權政策查詢請求的合適欄位中,或是將訊標識別資料做為授權政策查詢請求的附加資訊。 In process 506, the data server 157 of the third-party service subsystem 150 may generate an authorization policy query request related to the aforementioned beacon identification data, and send it through the communication circuit 151 or the blockchain operation circuit 153 transmits the authorization policy query request to the blockchain subsystem 170. For example, the data server 157 can fill in the token identification data into appropriate fields of the authorization policy query request, or use the token identification data as additional information in the authorization policy query request.

在此情況下,區塊鏈子系統170會進行流程508,以接收第三方服務子系統150傳來的授權政策查詢請求。 In this case, the blockchain subsystem 170 will perform process 508 to receive the authorization policy query request from the third-party service subsystem 150 .

接著,區塊鏈子系統170會進行流程510,執行授權政策智能合約364,以找出該授權政策查詢請求所對應的資料授權政策密文。例如,區塊鏈子系統170可依據該授權政策查詢請求取得一相應的訊標識別資料,再找出利用該訊標識別資料所對應的授權訊標寫入授權政策智能合約364中的資料授權政策密文。 Next, the blockchain subsystem 170 will perform the process 510 to execute the authorization policy smart contract 364 to find out the data authorization policy cipher text corresponding to the authorization policy query request. For example, the blockchain subsystem 170 can obtain a corresponding beacon identification data based on the authorization policy query request, and then find out the data authorization policy written in the authorization policy smart contract 364 using the authorization beacon corresponding to the beacon identification data. cipher text.

由於只有資料擁有者裝置110才有權使用該訊標識別資料所對應的授權訊標,所以區塊鏈子系統170可根據該訊標識別資料從授權政策智能合約364中找到由資料擁有者裝置110所產生的資料授權政策密文。 Since only the data owner device 110 has the right to use the authorization beacon corresponding to the beacon identification data, the blockchain subsystem 170 can find the data owner device 110 from the authorization policy smart contract 364 based on the beacon identification data. The generated data authorization policy secret text.

在流程512中,區塊鏈子系統170會傳送該資料授權政策密文給第三方服務子系統150。 In process 512, the blockchain subsystem 170 will transmit the data authorization policy ciphertext to the third-party service subsystem 150.

在流程514中,第三方服務子系統150的通信電路151或區塊鏈運算電路153會接收區塊鏈子系統170傳來的資料授權政策密文。 In process 514, the communication circuit 151 or the blockchain computing circuit 153 of the third-party service subsystem 150 receives the data authorization policy cipher text from the blockchain subsystem 170.

在流程516中,資料伺服器157可利用資料請求者裝置130提供的目標金鑰對資料授權政策密文進行解密,以獲取解密後的資料授權政策。由前述流程222、流程224、流程226、流程402、以及流程502的說明可知,只有在該目標金鑰是由資料擁有者裝置110提供給資料請求者裝置130的正確解密金鑰的情況下,資料伺服器157才能成功解密資料授權政策密文。這樣的做法可以有效確保資料擁有者D1所設定的資料授權政策的機密性,避免第三方服務子系統150或其他裝置在未經適當授權的情況下取得資料擁有者D1所設定的資料授 權政策。 In process 516, the data server 157 may use the target key provided by the data requester device 130 to decrypt the data authorization policy ciphertext to obtain the decrypted data authorization policy. It can be seen from the description of the aforementioned process 222, process 224, process 226, process 402, and process 502 that only when the target key is the correct decryption key provided by the data owner device 110 to the data requester device 130, Data server 157 can successfully decrypt the data authorization policy cipher text. This approach can effectively ensure the confidentiality of the data authorization policy set by the data owner D1 and prevent the third-party service subsystem 150 or other devices from obtaining the data authorization set by the data owner D1 without appropriate authorization. rights policy.

在流程518中,資料伺服器157可根據解密後的資料授權政策,透過通信電路151或區塊鏈運算電路153請求區塊鏈子系統170執行資料查詢智能合約366,以產生與資料擁有者D1所提供的目標資料的部分內容(亦即,資料擁有者D1同意讓資料請求者R1查詢的資料類型或資料項目)相應的一可查詢資料清單。 In process 518, the data server 157 can request the blockchain subsystem 170 to execute the data query smart contract 366 through the communication circuit 151 or the blockchain computing circuit 153 according to the decrypted data authorization policy to generate data related to the data owner D1. Part of the provided target data (ie, data types or data items that the data owner D1 agrees to be queried by the data requester R1) corresponds to a searchable data list.

在流程520中,資料伺服器157可透過通信電路151傳送前述的可查詢資料清單給資料請求者裝置130。在此情況下,資料請求者裝置130會相應進行流程522,以接收第三方服務子系統150傳來的可查詢資料清單。 In process 520, the data server 157 may transmit the aforementioned queryable data list to the data requester device 130 through the communication circuit 151. In this case, the data requester device 130 will perform the process 522 accordingly to receive the queryable data list from the third-party service subsystem 150 .

如此一來,資料請求者R1便可從該可查詢資料清單中清楚得知資料擁有者D1同意讓資料請求者R1查詢的資料範圍、資料類型、或資料項目的相關資訊。 In this way, the data requester R1 can clearly know the relevant information of the data range, data type, or data items that the data owner D1 agreed to allow the data requester R1 to query from the queryable data list.

同樣地,資料請求者裝置130可比照前述方式向第三方服務子系統150查詢其他資料擁有者(例如,資料擁有者D2)同意讓資料請求者R1查詢的資料範圍、資料類型、資料項目的相關資訊。 Similarly, the data requester device 130 can query the third-party service subsystem 150 in the aforementioned manner for the data range, data type, and data items that other data owners (for example, the data owner D2) agree to allow the data requester R1 to query. information.

在去中心化資料授權控管系統100中,其他資料請求者(例如,對應於資料請求者裝置140的資料請求者R2),也可比照前述方式使用相關的資料請求者裝置,向第三方服務子系統150查詢資料擁有者D1(或其他資料擁有者)同意讓該資料請求者查詢的資料範圍、資料類型、資料項目的相關資訊。 In the decentralized data authorization control system 100, other data requesters (for example, the data requester R2 corresponding to the data requester device 140) can also use the relevant data requester device to provide services to third parties in the aforementioned manner. The subsystem 150 queries the relevant information of the data range, data type, and data items that the data owner D1 (or other data owners) agrees to allow the data requester to query.

如前所述,個別的資料請求者可利用相關的資料請求者裝置,向區塊鏈子系統170申請與特定資料擁有者相對應的資料取用訊標。當資料請求者想要取得特定資料擁有者的特定資料時,可操控對應的資料請求者裝置使用區塊鏈子系統170所提供的資料取用訊標,向第三方服務子系統150提出資料取用請求。 As mentioned above, individual data requesters can use relevant data requestor devices to apply to the blockchain subsystem 170 for data access beacons corresponding to specific data owners. When a data requester wants to obtain specific data of a specific data owner, the corresponding data requester device can be controlled to use the data access beacon provided by the blockchain subsystem 170 to request data access to the third-party service subsystem 150 request.

第三方服務子系統150則可利用區塊鏈子系統170驗證該資料請求者 裝置所提供的資料取用訊標的有效性,以驗證資料請求者的身分。只有在資料取用訊標的有效性能夠通過區塊鏈子系統170驗證的情況下,第三方服務子系統150才會將特定資料擁有者所授權的特定資料內容,分享給該資料請求者裝置。 The third-party service subsystem 150 can use the blockchain subsystem 170 to verify the data requester Validates the data access beacon provided by the device to verify the identity of the data requester. Only when the validity of the data access beacon can be verified by the blockchain subsystem 170, the third-party service subsystem 150 will share the specific data content authorized by the specific data owner to the data requester device.

以下將搭配圖6與圖7來進一步說明資料請求者利用資料請求者裝置向區塊鏈子系統170申請資料取用訊標,並使用該資料取用訊標向第三方服務子系統150提出資料取用請求的運作方式。圖6為本發明一實施例的取用訊標產生方法簡化後的流程圖。圖7為本發明一實施例的資料請求回應方法簡化後的流程圖。 The following will further illustrate with reference to Figures 6 and 7 that the data requestor uses the data requestor device to apply for a data access beacon to the blockchain subsystem 170, and uses the data access beacon to request data access to the third-party service subsystem 150. Use the request method. FIG. 6 is a simplified flow chart of a method for generating access signals according to an embodiment of the present invention. FIG. 7 is a simplified flow chart of a data request response method according to an embodiment of the present invention.

為了方便說明起見,以下將以資料請求者R1利用資料請求者裝置130向區塊鏈子系統170申請資料取用訊標,並使用該資料取用訊標請求第三方服務子系統150提供資料擁有者D1的部分資料的情境為例,來說明去中心化資料授權控管系統100在圖6與圖7中的相關運作流程。 For the convenience of explanation, in the following, the data requester R1 uses the data requester device 130 to apply for a data access beacon to the blockchain subsystem 170, and uses the data access beacon to request the third-party service subsystem 150 to provide data possession. Taking the partial data situation of D1 as an example to illustrate the relevant operation processes of the decentralized data authorization control system 100 in Figures 6 and 7.

如圖6所示,資料請求者裝置130可在資料請求者R1的控制下進行流程602與流程604。 As shown in FIG. 6 , the data requester device 130 can perform processes 602 and 604 under the control of the data requester R1.

在流程602中,資料請求者裝置130的控制電路137可依據資料請求者R1的設定或選擇,產生與一或多個資料項目相應的一第一資料請求(first data request)。例如,控制電路137可將該一或多個資料項目以各種合適的資料格式排列或整理後,以可解譯(interpretable)的形式填入該第一資料請求的適當欄位中、做為該第一資料請求的附件、或是直接做為該第一資料請求。 In process 602, the control circuit 137 of the data requester device 130 may generate a first data request corresponding to one or more data items according to the settings or selections of the data requester R1. For example, the control circuit 137 may arrange or organize the one or more data items in various suitable data formats, and then fill in the appropriate fields of the first data request in an interpretable (interpretable) form, as the An attachment to the first data request, or directly used as the first data request.

在流程604中,控制電路137可產生包含資料擁有者裝置110所對應的訊標識別資料的一第一訊標請求(first token request),並透過通信電路131傳送該第一訊標請求給第三方服務子系統150。在此情況下,第三方服務子系統150會相應進行流程606。 In process 604, the control circuit 137 may generate a first token request (first token request) including token identification data corresponding to the data owner device 110, and transmit the first token request to the first token request through the communication circuit 131. Third-party service subsystem 150. In this case, the third-party service subsystem 150 will perform process 606 accordingly.

在流程606中,通信電路151會接收資料請求者裝置130傳來的第一 訊標請求。 In process 606, the communication circuit 151 receives the first message from the data requester device 130. Beacon request.

在流程608中,資料伺服器157會透過通信電路151或區塊鏈運算電路153,轉傳該第一訊標請求給區塊鏈子系統170。在此情況下,區塊鏈子系統170會相應進行流程610,以接收第三方服務子系統150傳來的第一訊標請求。 In process 608, the data server 157 will forward the first token request to the blockchain subsystem 170 through the communication circuit 151 or the blockchain computing circuit 153. In this case, the blockchain subsystem 170 will perform the process 610 accordingly to receive the first beacon request from the third-party service subsystem 150 .

在流程612中,區塊鏈子系統170會執行訊標管理智能合約362,以獲取該第一訊標請求所對應的一訊標識別資料。 In process 612, the blockchain subsystem 170 executes the beacon management smart contract 362 to obtain a beacon identification data corresponding to the first beacon request.

在流程614中,區塊鏈子系統170還會執行訊標管理智能合約362,以驗證該訊標識別資料所對應的一授權訊標的有效性。例如,訊標管理智能合約362可檢核該授權訊標的相關參數,是否與訊標管理智能合約362先前在流程218中所設置的有效性查核參數相符。 In process 614, the blockchain subsystem 170 will also execute the beacon management smart contract 362 to verify the validity of an authorization beacon corresponding to the beacon identification data. For example, the beacon management smart contract 362 can check whether the relevant parameters of the authorized beacon are consistent with the validity check parameters previously set by the beacon management smart contract 362 in the process 218.

在一實施例中,訊標管理智能合約362可以在該授權訊標的局部參數不符合前述流程218中所設置的有效性查核參數的情況下,便將該授權訊標判定為無效(inactive)訊標。在另一實施例中,訊標管理智能合約362會在該授權訊標的全部參數都不符合前述流程218中所設置的有效性查核參數的情況下,才將該授權訊標判定為無效,否則便會將該授權訊標判定為有效(active)訊標。 In one embodiment, the beacon management smart contract 362 may determine the authorization beacon as an inactive message when some parameters of the authorization beacon do not meet the validity check parameters set in the aforementioned process 218. mark. In another embodiment, the beacon management smart contract 362 will determine the authorization beacon as invalid only when all parameters of the authorization beacon do not meet the validity check parameters set in the aforementioned process 218. Otherwise, The authorization beacon will be determined as an active beacon.

倘若訊標管理智能合約362判定該授權訊標為無效訊標,則訊標管理智能合約362會進行流程616。反之,倘若訊標管理智能合約362判定該授權訊標為有效訊標,則訊標管理智能合約362會進行流程618。 If the beacon management smart contract 362 determines that the authorized beacon is an invalid beacon, the beacon management smart contract 362 will proceed to process 616. On the contrary, if the beacon management smart contract 362 determines that the authorized beacon is a valid beacon, the beacon management smart contract 362 will proceed to process 618.

在流程616中,訊標管理智能合約362會拒絕該第一訊標請求,並可傳送相應的通知信息給第三方服務子系統150。在此情況下,第三方服務子系統150會傳送一相應的失敗通知給資料請求者裝置130。 In process 616, the beacon management smart contract 362 will reject the first beacon request, and may send corresponding notification information to the third-party service subsystem 150. In this case, the third-party service subsystem 150 will send a corresponding failure notification to the data requester device 130 .

在流程618中,訊標管理智能合約362會產生與該授權訊標相應的一第一取用訊標(first read token),並可為該第一取用訊標設定一相應的有效期限,例如,5天、10天、1個星期、2個星期、1個月等等。 訊標管理智能合約362為該第一取用訊標所設定的有效期限,會等於或短於該授權訊標的有效期限。實作上,訊標管理智能合約362可在第一取用訊標與該授權訊標之間建立適當的資料關聯性、或是有效性關聯性,並可在該授權訊標失效時,連帶註銷(deactivate)該第一取用訊標。 In process 618, the token management smart contract 362 will generate a first read token corresponding to the authorization token, and may set a corresponding validity period for the first read token. For example, 5 days, 10 days, 1 week, 2 weeks, 1 month, etc. The validity period set by the beacon management smart contract 362 for the first access beacon will be equal to or shorter than the validity period of the authorized beacon. In practice, the beacon management smart contract 362 can establish appropriate data correlation or validity correlation between the first access beacon and the authorization beacon, and can jointly and severally execute the authorization beacon when the authorization beacon expires. Deactivate the first access beacon.

在流程620中,區塊鏈子系統170可直接或間接移轉(transfer)該第一取用訊標給資料請求者裝置130。例如,區塊鏈子系統170可將該第一取用訊標移轉給第三方服務子系統150,再由第三方服務子系統150移轉給資料請求者裝置130。或者,區塊鏈子系統170亦可將該第一取用訊標直接移轉給資料請求者裝置130。 In process 620 , the blockchain subsystem 170 may directly or indirectly transfer the first access token to the data requestor device 130 . For example, the blockchain subsystem 170 may transfer the first access beacon to the third-party service subsystem 150, and then the third-party service subsystem 150 transfers it to the data requester device 130. Alternatively, the blockchain subsystem 170 may also transfer the first access beacon directly to the data requestor device 130 .

在此情況下,資料請求者裝置130的通信電路131或區塊鏈運算電路133可進行流程622,以獲取由第三方服務子系統150或區塊鏈子系統170移轉過來的該第一取用訊標。 In this case, the communication circuit 131 or the blockchain operation circuit 133 of the data requester device 130 can perform the process 622 to obtain the first access transferred from the third-party service subsystem 150 or the blockchain subsystem 170 beacon.

由圖6的流程圖說明可知,只有在訊標管理智能合約362於前述流程218中移轉給資料擁有者裝置110的授權訊標為有效訊標的情況下,區塊鏈子系統170中的訊標管理智能合約362才會產生與該授權訊標具有關聯性的第一取用訊標,並移轉該第一取用訊標給資料請求者裝置130。 It can be seen from the flowchart description of FIG. 6 that only when the authorization token transferred to the data owner device 110 by the token management smart contract 362 in the aforementioned process 218 is a valid token, the token in the blockchain subsystem 170 The management smart contract 362 will generate a first access beacon associated with the authorization beacon and transfer the first access beacon to the data requester device 130 .

換言之,倘若區塊鏈子系統170因各種原因(例如,資料擁有者D1終止使用去中心化資料授權控管系統100的服務,或是被停權)而將資料擁有者裝置110所對應的授權訊標註銷(deactivate),則區塊鏈子系統170便不會再提供可取用資料擁有者D1的相關資料的取用訊標給其他資料請求者。很明顯地,這樣的機制可避免資料擁有者D1的相關資料被不當取用的可能性,有助於提升對於資料擁有者D1的相關資料的保護程度。 In other words, if the blockchain subsystem 170 changes the authorization information corresponding to the data owner device 110 due to various reasons (for example, the data owner D1 terminates the use of the services of the decentralized data authorization control system 100 or is suspended), If deactivated, the blockchain subsystem 170 will no longer provide access beacons that can access the relevant data of the data owner D1 to other data requesters. Obviously, such a mechanism can avoid the possibility of improper access to the relevant information of the data owner D1, and helps to improve the protection level of the relevant information of the data owner D1.

在資料請求者裝置130獲取了前述的第一取用訊標之後,資料請求者R1便得以在想向第三方服務子系統150請求資料擁有者D1的相關 資料時,利用資料請求者裝置130進行圖7中的流程702。 After the data requester device 130 obtains the aforementioned first access beacon, the data requester R1 can request the third-party service subsystem 150 for the relevant information of the data owner D1. When requesting data, the data requester device 130 is used to perform the process 702 in FIG. 7 .

在流程702中,資料請求者裝置130的控制電路137可將在流程602中產生的第一資料請求,透過通信電路131傳送給第三方服務子系統150,並利用通信電路131或區塊鏈運算電路133將第一取用訊標移轉給第三方服務子系統150。此時,第三方服務子系統150會相應的進行流程704。 In the process 702, the control circuit 137 of the data requester device 130 may transmit the first data request generated in the process 602 to the third-party service subsystem 150 through the communication circuit 131, and utilize the communication circuit 131 or blockchain operation. Circuit 133 transfers the first access beacon to the third-party service subsystem 150 . At this time, the third-party service subsystem 150 will perform process 704 accordingly.

在流程704中,第三方服務子系統150的通信電路151會接收資料請求者裝置130傳來的第一資料請求,且通信電路151或區塊鏈運算電路153會獲取資料請求者裝置130移轉過來的第一取用訊標。 In process 704, the communication circuit 151 of the third-party service subsystem 150 will receive the first data request from the data requester device 130, and the communication circuit 151 or the blockchain operation circuit 153 will obtain the transfer information of the data requester device 130. The first fetch beacon that comes over.

接下來,第三方服務子系統150可利用區塊鏈子系統170來驗證該第一資料請求的適格性(validity),以及驗證該第一取用訊標的有效性(activity)。 Next, the third-party service subsystem 150 may utilize the blockchain subsystem 170 to verify the validity of the first data request and verify the activity of the first access beacon.

例如,資料伺服器157可進行流程706,請求區塊鏈子系統170執行資料查詢智能合約366,以驗證第一資料請求的適格性。實作上,資料查詢智能合約366可檢查第一資料請求所對應的一或多個資料項目,是否都屬於前述在流程518中所產生的該可查詢資料清單的涵蓋範圍之內。 For example, the data server 157 may perform process 706 to request the blockchain subsystem 170 to execute the data query smart contract 366 to verify the eligibility of the first data request. In practice, the data query smart contract 366 can check whether one or more data items corresponding to the first data request are within the scope of the queryable data list generated in the process 518.

倘若第一資料請求所對應的該一或多個資料項目,都在該可查詢資料清單的涵蓋範圍之內,則資料查詢智能合約366會判定第一資料請求為適格(valid)的資料請求,接著,第三方服務子系統150會進行流程708。 If the one or more data items corresponding to the first data request are within the scope of the queryable data list, the data query smart contract 366 will determine that the first data request is a valid data request. Next, the third-party service subsystem 150 will perform process 708.

反之,倘若第一資料請求所對應的部分資料項目超出該可查詢資料清單的涵蓋範圍,則資料查詢智能合約366會判定第一資料請求為不適格(invalid)的資料請求,接著,第三方服務子系統150會進行流程710。 On the contrary, if some of the data items corresponding to the first data request exceed the coverage of the queryable data list, the data query smart contract 366 will determine that the first data request is an invalid data request, and then the third-party service Subsystem 150 proceeds to process 710.

在流程708中,資料伺服器157會透過通信電路151或區塊鏈運算電路153,移轉該第一取用訊標給區塊鏈子系統170。在此情況下,區 塊鏈子系統170會相應進行流程712。 In process 708, the data server 157 will transfer the first access token to the blockchain subsystem 170 through the communication circuit 151 or the blockchain computing circuit 153. In this case, the district The blockchain subsystem 170 will perform the process 712 accordingly.

在流程710中,資料伺服器157會拒絕該第一資料請求,並可傳送一相應的拒絕通知給資料請求者裝置130。 In process 710, the data server 157 rejects the first data request and may send a corresponding rejection notification to the data requester device 130.

在流程712中,區塊鏈子系統170會獲取第三方服務子系統150移轉過來的第一取用訊標。 In process 712, the blockchain subsystem 170 obtains the first access token transferred from the third-party service subsystem 150.

接著,區塊鏈子系統170會進行流程714,執行訊標管理智能合約362,以驗證第一取用訊標的有效性。如前所述,訊標管理智能合約362在前述的流程618中,可為該第一取用訊標設定一相應的有效期限。在流程714中,訊標管理智能合約362可查核區塊鏈子系統170獲取該第一取用訊標的時間,是否超過在流程618中所設定的有效期限。 Next, the blockchain subsystem 170 will perform the process 714 to execute the beacon management smart contract 362 to verify the validity of the first retrieved beacon. As mentioned above, the token management smart contract 362 can set a corresponding validity period for the first access token in the aforementioned process 618. In process 714, the token management smart contract 362 may check whether the time when the blockchain subsystem 170 obtains the first access token exceeds the validity period set in the process 618.

倘若區塊鏈子系統170獲取該第一取用訊標的時間,已超過訊標管理智能合約362在流程618中所設定的有效期限,則訊標管理智能合約362會將該第一取用訊標判定為無效(inactive)訊標,並進行流程716。 If the time when the blockchain subsystem 170 obtains the first access beacon exceeds the validity period set by the beacon management smart contract 362 in the process 618, the beacon management smart contract 362 will retrieve the first access beacon. The signal is determined to be inactive, and process 716 is performed.

反之,倘若區塊鏈子系統170獲取該第一取用訊標的時間,尚未超過訊標管理智能合約362在流程618中所設定的有效期限,則訊標管理智能合約362會將該第一取用訊標判定為有效(active)訊標,並進行流程720。 On the contrary, if the time when the blockchain subsystem 170 obtains the first access beacon has not exceeded the validity period set by the beacon management smart contract 362 in the process 618, the beacon management smart contract 362 will retrieve the first access beacon. The beacon is determined to be an active beacon, and process 720 is performed.

在另一實施例中,區塊鏈子系統170在執行訊標管理智能合約362以驗證第一取用訊標的有效性時,會檢核第一取用訊標在移轉給區塊鏈子系統170前,是否是由資料請求者裝置130移轉給第三方服務子系統150,並且還會檢核第三方服務子系統150移轉第一取用訊標給區塊鏈子系統170的一時間點,是否超過該有效期限。在本實施例中,只有在區塊鏈子系統170獲取該第一取用訊標的時間尚未超過該有效期限、且第一取用訊標在移轉給區塊鏈子系統170前是由資料請求者裝置130移轉給第三方服務子系統150的情況下,訊標管理 智能合約362才會將第一取用訊標判定為有效訊標,並進行流程720。否則,訊標管理智能合約362便會將第一取用訊標判定為無效訊標,並進行流程716。 In another embodiment, when the blockchain subsystem 170 executes the token management smart contract 362 to verify the validity of the first access token, it will check that the first access token is transferred to the blockchain subsystem 170 Before, whether the data requester device 130 transfers it to the third-party service subsystem 150, and also checks the time point when the third-party service subsystem 150 transfers the first access token to the blockchain subsystem 170, Whether the validity period has been exceeded. In this embodiment, only when the time when the blockchain subsystem 170 obtains the first access beacon has not exceeded the validity period, and the first access beacon is obtained by the data requester before being transferred to the blockchain subsystem 170 When the device 130 is transferred to the third-party service subsystem 150, the beacon management Only then will the smart contract 362 determine the first access beacon as a valid beacon and proceed to process 720. Otherwise, the beacon management smart contract 362 will determine the first retrieved beacon as an invalid beacon and proceed to process 716.

在流程716中,訊標管理智能合約362會產生及傳送一驗證失敗通知給第三方服務子系統150。在此情況下,第三方服務子系統150會相應進行流程718,以接收該驗證失敗通知,並傳送一相應的拒絕通知給資料請求者裝置130。 In process 716, the beacon management smart contract 362 generates and sends a verification failure notification to the third-party service subsystem 150. In this case, the third-party service subsystem 150 will perform the process 718 accordingly to receive the verification failure notification and send a corresponding rejection notification to the data requester device 130 .

在流程720中,訊標管理智能合約362會產生及傳送一驗證成功通知給第三方服務子系統150,並註銷(deactivate)該第一取用訊標。在此情況下,第三方服務子系統150會相應進行流程722,以接收該驗證成功通知。 In process 720, the token management smart contract 362 will generate and send a verification success notification to the third-party service subsystem 150, and deactivate the first access token. In this case, the third-party service subsystem 150 will perform process 722 accordingly to receive the verification success notification.

接著,第三方服務子系統150的資料伺服器157會進行流程724,從資料庫155所儲存的目標資料中找出與該第一資料請求相應的一或多個資料項目的內容,以形成一第一組資料。 Next, the data server 157 of the third-party service subsystem 150 will perform the process 724 to find the contents of one or more data items corresponding to the first data request from the target data stored in the database 155 to form a The first set of information.

在流程726中,資料伺服器157會透過通信電路151傳送該第一組資料給資料請求者裝置130。此時,資料請求者裝置130的通信電路131會相應進行流程728,以接收第三方服務子系統150提供的第一組資料。 In process 726, the data server 157 sends the first set of data to the data requester device 130 through the communication circuit 151. At this time, the communication circuit 131 of the data requester device 130 will perform the process 728 accordingly to receive the first set of data provided by the third-party service subsystem 150 .

另一方面,如圖7所示,訊標管理智能合約362在判定該第一取用訊標為有效訊標後,還會進行流程730,以記錄該第一取用訊標的一獲取時間(例如,流程712的發生時間)或一驗證時間(例如,流程714或流程720的發生時間)。 On the other hand, as shown in Figure 7, after determining that the first access beacon is a valid beacon, the beacon management smart contract 362 will also perform process 730 to record an acquisition time of the first access beacon ( For example, the occurrence time of process 712) or a verification time (eg, the occurrence time of process 714 or process 720).

區塊鏈子系統170在流程730中所記錄的該第一取用訊標的相關時間資訊,可以用來做為第三方服務子系統150提供資料擁有者D1的相關資料給資料請求者裝置130的佐證。 The relevant time information of the first access beacon recorded by the blockchain subsystem 170 in the process 730 can be used as evidence that the third-party service subsystem 150 provides the relevant information of the data owner D1 to the data requester device 130 .

由圖7的流程圖說明可知,只有在區塊鏈子系統170中的資料查詢智能合約366判定該第一資料請求為適格的資料請求、且訊標管理智 能合約362也判定該第一取用訊標為有效訊標的情況下,第三方服務子系統150才會將該第一資料請求所對應的第一組資料提供給資料請求者裝置130。 It can be seen from the flowchart description in Figure 7 that only the data query smart contract 366 in the blockchain subsystem 170 determines that the first data request is a qualified data request, and the beacon management smart contract Only when the performance contract 362 also determines that the first access beacon is a valid beacon, the third-party service subsystem 150 will provide the first set of data corresponding to the first data request to the data requester device 130 .

換言之,只要該第一資料請求不適格或該第一取用訊標無效,第三方服務子系統150就不會提供資料擁有者D1的相關資料給資料請求者裝置130。因此,前述第三方服務子系統150利用區塊鏈子系統170來驗證該第一資料請求的適格性、並驗證該第一取用訊標的有效性的方式,可有效避免資料擁有者D1的相關資料被不當取用的可能性,有助於大幅提升對於資料擁有者D1的相關資料的保護程度。 In other words, as long as the first data request is unqualified or the first access beacon is invalid, the third-party service subsystem 150 will not provide relevant data of the data owner D1 to the data requester device 130 . Therefore, the aforementioned third-party service subsystem 150 uses the blockchain subsystem 170 to verify the eligibility of the first data request and the validity of the first access beacon, which can effectively prevent the relevant data of the data owner D1 The possibility of improper access will help to significantly improve the level of protection of data owner D1's related data.

另外,基於區塊鏈子系統170的特性,記錄在區塊鏈子系統170中的該第一取用訊標的相關時間資訊很難被竄改,所以可以用來做為第三方服務子系統150提供資料擁有者D1的相關資料給資料請求者裝置130的佐證,有助於降低第三方服務子系統150與資料請求者裝置130兩方發生爭議難以釐清的可能性。 In addition, based on the characteristics of the blockchain subsystem 170, the relevant time information of the first access token recorded in the blockchain subsystem 170 is difficult to be tampered with, so it can be used to provide data for the third-party service subsystem 150. The relevant information of the person D1 is provided to the data requester device 130 as evidence, which helps to reduce the possibility of disputes between the third-party service subsystem 150 and the data requester device 130 that are difficult to resolve.

請注意,前述圖6與圖7中的流程執行順序只是一示範性的實施例,並非侷限本發明的實際實施方式。例如,圖6中的流程602可調整到流程604到流程702之間的任意時間點進行。又例如,資料請求者裝置130在前述流程702中的兩個動作,可以同時進行,也可以先後進行。又例如,圖7中的流程730可調整到流程712到流程720之間的任意時間點進行。又例如,圖7中的流程724可調整到流程704到流程722之間的任意時間點進行。 Please note that the aforementioned flow execution sequence in FIG. 6 and FIG. 7 is only an exemplary embodiment and does not limit the actual implementation of the present invention. For example, process 602 in Figure 6 can be adjusted to be performed at any time point between process 604 and process 702. For another example, the two actions of the data requester device 130 in the aforementioned process 702 can be performed at the same time or one after another. As another example, process 730 in Figure 7 can be adjusted to be performed at any time point between process 712 and process 720. As another example, process 724 in Figure 7 can be adjusted to be performed at any time point between process 704 and process 722.

在前述的流程604中,資料請求者裝置130亦可改將該第一訊標請求直接傳送給在區塊鏈子系統170。在此情況下,便可將圖6中的流程606與流程608省略。 In the aforementioned process 604, the data requester device 130 may also directly transmit the first beacon request to the blockchain subsystem 170. In this case, the process 606 and the process 608 in FIG. 6 can be omitted.

另外,在可確保資料請求者裝置130會按照的第三方服務子系統150所提供的可查詢資料清單來產生前述的第一資料請求的某些實施例中,則可將圖7中的流程706與流程710省略。 In addition, in some embodiments that can ensure that the data requester device 130 will generate the aforementioned first data request according to the queryable data list provided by the third-party service subsystem 150, the process 706 in Figure 7 can be and process 710 are omitted.

在去中心化資料授權控管系統100中,區塊鏈子系統170移轉給資料請求者裝置130的每個資料取用訊標,都只允許資料請求者裝置130向第三方服務子系統150請求一次資料,且區塊鏈子系統170會記錄每一個資料取用訊標被使用的時間點資訊。因此,在資料請求者裝置130藉由前述圖6與圖7的方式成功取得第三方服務子系統150所提供的第一組資料之後,倘若資料請求者裝置130想要再一次請求第三方服務子系統150提供資料擁有者D1的相關資料,則必需進行圖8與圖9中的運作流程。 In the decentralized data authorization control system 100, each data access beacon transferred by the blockchain subsystem 170 to the data requester device 130 only allows the data requester device 130 to request from the third-party service subsystem 150. One-time data, and the blockchain subsystem 170 will record the time point information when each data access beacon is used. Therefore, after the data requester device 130 successfully obtains the first set of data provided by the third-party service subsystem 150 through the aforementioned methods of FIG. 6 and FIG. 7 , if the data requester device 130 wants to request the third-party service subsystem again, In order for the system 150 to provide relevant data of the data owner D1, the operation processes in Figures 8 and 9 must be performed.

圖8與圖9的運作流程與前述圖6與圖7的運作流程很類似,差別在於前述圖6與圖7的運作流程中提到的第一資料請求、第一訊標請求、第一取用訊標、以及第一組資料,在圖8與圖9的運作流程分別被第二資料請求、第二訊標請求、第二取用訊標、以及第二組資料所取代。 The operation processes of Figures 8 and 9 are very similar to the operation processes of Figures 6 and 7. The difference lies in the first data request, the first beacon request, the first acquisition mentioned in the operation processes of Figures 6 and 7. The use beacon and the first set of data are replaced by the second data request, the second beacon request, the second access beacon and the second set of data in the operation processes of Figures 8 and 9 respectively.

與前述圖6與圖7的情況類似,只有在訊標管理智能合約362於前述流程218中移轉給資料擁有者裝置110的授權訊標為有效訊標的情況下,區塊鏈子系統170中的訊標管理智能合約362才會產生與該授權訊標具有關聯性的第二取用訊標,並移轉該第二取用訊標給資料請求者裝置130。 Similar to the situations of FIG. 6 and FIG. 7 , only when the authorization token transferred by the token management smart contract 362 to the data owner device 110 in the aforementioned process 218 is a valid token, the block chain subsystem 170 The beacon management smart contract 362 will generate a second access beacon associated with the authorization beacon and transfer the second access beacon to the data requester device 130 .

換言之,在該授權訊標的有效期間內,訊標管理智能合約362可針對同一資料請求者或不同資料請求者所提出的多個訊標請求,分別產生與該授權訊標具有關聯性的多個取用訊標,且個別取用訊標的有效期間可以有所不同。 In other words, within the validity period of the authorization beacon, the beacon management smart contract 362 can generate multiple beacon requests related to the authorization beacon for multiple beacon requests made by the same data requester or different data requesters. Access beacons, and the validity period of individual access beacons may vary.

同樣地,只有在區塊鏈子系統170中的資料查詢智能合約366判定該第二資料請求為適格的資料請求、且訊標管理智能合約362也判定該第二取用訊標為有效訊標的情況下,第三方服務子系統150才會將該第二資料請求所對應的第二組資料提供給資料請求者裝置130。 Similarly, only if the data query smart contract 366 in the blockchain subsystem 170 determines that the second data request is a qualified data request, and the token management smart contract 362 also determines that the second access token is a valid token. Only then will the third-party service subsystem 150 provide the second set of data corresponding to the second data request to the data requester device 130 .

基於區塊鏈子系統170的特性,記錄在區塊鏈子系統170中的該第二 取用訊標的相關時間資訊很難被竄改,所以可以用來做為第三方服務子系統150再一次提供資料擁有者D1的相關資料給資料請求者裝置130的佐證。 Based on the characteristics of the blockchain subsystem 170, the second The relevant time information of the access beacon is difficult to tamper with, so it can be used as evidence that the third-party service subsystem 150 once again provides relevant information of the data owner D1 to the data requester device 130.

請注意,由前述說明可知,資料請求者裝置130每次使用的資料取用訊標(例如,前述的第一取用訊標及第二取用訊標),最後是由區塊鏈子系統170註銷,相當於最後是由區塊鏈子系統170回收這些資料取用訊標,而非由第三方服務子系統150來回收這些資料取用訊標。這樣的架構才能有效降低第三方服務提供者與資料請求者兩方之間發生糾紛的可能性。 Please note that from the above description, it can be known that the data access beacon used each time by the data requester device 130 (for example, the aforementioned first access beacon and the second access beacon) is finally used by the blockchain subsystem 170 Deregistration is equivalent to the fact that the blockchain subsystem 170 finally recovers these data access beacons, rather than the third-party service subsystem 150 recovering these data access beacons. Such a structure can effectively reduce the possibility of disputes between third-party service providers and data requesters.

資料請求者R1所對應的資料請求者裝置130可比照前述圖6至圖9的方式,透過第三方服務子系統150向區塊鏈子系統170申請(或是直接向區塊鏈子系統170申請)查詢其他資料擁有者(例如,資料擁有者D2)的相關資料所需的資料取用訊標,並使用該資料取用訊標向第三方服務子系統150請求取用相關的資料。 The data requester device 130 corresponding to the data requester R1 can apply to the blockchain subsystem 170 through the third-party service subsystem 150 (or directly apply to the blockchain subsystem 170) in the manner described in Figures 6 to 9. The data access beacon required for the relevant data of other data owners (for example, data owner D2), and uses the data access beacon to request the third-party service subsystem 150 to access the relevant data.

在去中心化資料授權控管系統100中,其他資料請求者裝置(例如,資料請求者R2所對應的資料請求者裝置140),也可比照前述方式透過第三方服務子系統150向區塊鏈子系統170申請(或是直接向區塊鏈子系統170申請)查詢資料擁有者D1(或其他資料擁有者)的相關資料所需的資料取用訊標,並使用該資料取用訊標向第三方服務子系統150請求取用相關的資料。 In the decentralized data authorization control system 100, other data requester devices (for example, the data requester device 140 corresponding to the data requester R2) can also submit requests to the blockchain subsystem through the third-party service subsystem 150 in the aforementioned manner. The system 170 applies (or applies directly to the blockchain subsystem 170) for the data access beacon required to query the relevant information of the data owner D1 (or other data owners), and uses the data access beacon to request the third party The service subsystem 150 requests the relevant information.

同樣地,第三方服務子系統150都可利用區塊鏈子系統170來檢核相關資料請求者裝置所產生的取用訊標請求的有效性、資料請求的適格性、以及取用訊標的有效性。 Similarly, the third-party service subsystem 150 can use the blockchain subsystem 170 to check the validity of the access beacon request generated by the relevant data requester device, the eligibility of the data request, and the validity of the access beacon. .

請參考圖10,其所繪示為本發明一實施例的動態更新資料授權政策的方法簡化後的流程圖。 Please refer to FIG. 10 , which illustrates a simplified flow chart of a method for dynamically updating a data authorization policy according to an embodiment of the present invention.

如前所述,在去中心化資料授權控管系統100中,個別的資料擁有者可依需要而動態調整儲存在區塊鏈子系統170中的資料授權政策。 另外,個別的資料擁有者與第三方服務提供者也可動態調整雙方之間的資料查詢協議,並修改相應的資料查詢智能合約。 As mentioned above, in the decentralized data authorization control system 100, individual data owners can dynamically adjust the data authorization policy stored in the blockchain subsystem 170 as needed. In addition, individual data owners and third-party service providers can also dynamically adjust the data query agreement between the two parties and modify the corresponding data query smart contract.

為了方便說明起見,以下將以資料擁有者D1利用資料擁有者裝置110動態調整儲存在區塊鏈子系統170中的資料授權政策的情境為例,來說明去中心化資料授權控管系統100在圖10中的相關運作流程。 For the convenience of explanation, the following will take as an example a scenario in which the data owner D1 uses the data owner device 110 to dynamically adjust the data authorization policy stored in the blockchain subsystem 170 to illustrate the decentralized data authorization control system 100. The relevant operation process in Figure 10.

當資料擁有者D1與前述的第三方服務提供者決定修改原先的資料查詢協議時,資料擁有者D1可利用資料擁有者裝置110進行圖10中的流程1002。 When the data owner D1 and the aforementioned third-party service provider decide to modify the original data query agreement, the data owner D1 can use the data owner device 110 to perform the process 1002 in FIG. 10 .

在流程1002中,控制電路117可產生一協議更新通知,並透過通信電路111將該協議更新通知傳送給第三方服務子系統150。此時,第三方服務子系統150的通信電路151會相應進行流程1004,以接收資料擁有者裝置110傳來的協議更新通知。 In process 1002, the control circuit 117 may generate a protocol update notification and transmit the protocol update notification to the third-party service subsystem 150 through the communication circuit 111. At this time, the communication circuit 151 of the third-party service subsystem 150 will perform the process 1004 accordingly to receive the protocol update notification from the data owner device 110 .

接著,第三方服務子系統150的資料伺服器157可在其管理者或操作人員的操控下進行流程1006,以依據第三方服務提供者與某一資料請求者A共同同意的新資料查詢協議,建立一更新後的資料查詢智能合約366。 Then, the data server 157 of the third-party service subsystem 150 can perform the process 1006 under the control of its administrator or operator, in accordance with the new data query agreement jointly agreed between the third-party service provider and a certain data requester A, Create an updated data query smart contract 366.

在流程1008中,資料伺服器157可利用通信電路151或區塊鏈運算電路153,使用第三方服務提供者所對應的一預定訊標,將更新後的資料查詢智能合約366傳送給區塊鏈子系統170,並指示區塊鏈子系統170對更新後的資料查詢智能合約366進行認證。 In process 1008, the data server 157 can use the communication circuit 151 or the blockchain computing circuit 153 to send the updated data query smart contract 366 to the blockchain using a predetermined beacon corresponding to the third-party service provider. system 170, and instructs the blockchain subsystem 170 to authenticate the updated data query smart contract 366.

在此情況下,區塊鏈子系統170會進行流程1010,利用多個節點執行合適的共識決演算法來對更新後的資料查詢智能合約366進行認證。倘若更新後的資料查詢智能合約366通過區塊鏈子系統170的認證,區塊鏈子系統170便會將更新後的資料查詢智能合約366以資料區塊的形式儲存在區塊鏈子系統170的區塊鏈帳本中,以完成將更新後的資料查詢智能合約366部署到區塊鏈子系統170中的程序。在後續的運作階段中,第三方服務子系統150可利用更新後的資料查 詢智能合約366來檢核及判斷個別的資料請求者有權取用的資料的範圍、類型、屬性、或項目。 In this case, the blockchain subsystem 170 will perform the process 1010 to use multiple nodes to execute an appropriate consensus decision algorithm to authenticate the updated data query smart contract 366. If the updated data query smart contract 366 passes the certification of the blockchain subsystem 170, the blockchain subsystem 170 will store the updated data query smart contract 366 in the form of a data block in the block of the blockchain subsystem 170 in the chain ledger to complete the process of deploying the updated data query smart contract 366 into the blockchain subsystem 170. In the subsequent operation phase, the third-party service subsystem 150 can use the updated data to query The smart contract 366 is consulted to check and determine the scope, type, attributes, or items of data that the individual data requester is entitled to access.

另一方面,當資料擁有者D1認為其資料授權政策需要調整時,可利用資料擁有者裝置110進行圖10中的流程1012。 On the other hand, when the data owner D1 believes that its data authorization policy needs to be adjusted, the data owner device 110 can be used to perform the process 1012 in FIG. 10 .

在流程1012中,控制電路117會將資料擁有者D1與相關資料請求者共同同意的新資料授權政策、或是資料擁有者D1自行調整後的新資料授權政策進行加密,以產生更新後的資料授權政策密文。 In process 1012, the control circuit 117 will encrypt the new data authorization policy jointly agreed by the data owner D1 and the relevant data requester, or the new data authorization policy adjusted by the data owner D1, to generate updated data. Authorization policy secret text.

接著,控制電路117可進行流程1014,以利用通信電路111或區塊鏈運算電路113,使用資料擁有者D1所對應的授權訊標將更新後的資料授權政策密文傳送給區塊鏈子系統170。 Then, the control circuit 117 can perform the process 1014 to use the communication circuit 111 or the blockchain computing circuit 113 to use the authorization token corresponding to the data owner D1 to transmit the updated data authorization policy ciphertext to the blockchain subsystem 170 .

此時,區塊鏈子系統170會進行流程1016,以將資料擁有者裝置110傳來的更新後的資料授權政策密文,記錄在授權政策智能合約364中,以替代原先的資料授權政策密文成為資料擁有者裝置110所對應的當前有效的資料授權政策密文。 At this time, the blockchain subsystem 170 will perform the process 1016 to record the updated data authorization policy ciphertext sent from the data owner device 110 in the authorization policy smart contract 364 to replace the original data authorization policy ciphertext. Becomes the currently valid data authorization policy ciphertext corresponding to the data owner device 110 .

由前述說明可知,由資料擁有者裝置110所產生、且包含資料授權政策的資料授權政策密文的歷史版本,會被記錄在區塊鏈子系統170中。具備正確解密金鑰、且有權存取區塊鏈子系統170的裝置,可從區塊鏈子系統170中讀取並解密由資料擁有者D1所設定的資料授權政策密文的歷史版本。這樣的機制一方面可確保資料擁有者的資料授權政策具有足夠的保密性,另一方面又能提升資料擁有者的資料授權政策對於利害關係人的透明度,是個兩全其美、不會過於偏向任何一方的平衡架構。 As can be seen from the foregoing description, the historical version of the data authorization policy ciphertext generated by the data owner device 110 and containing the data authorization policy will be recorded in the blockchain subsystem 170 . A device with the correct decryption key and the right to access the blockchain subsystem 170 can read and decrypt the historical version of the data authorization policy ciphertext set by the data owner D1 from the blockchain subsystem 170 . On the one hand, such a mechanism can ensure that the data owner's data authorization policy has sufficient confidentiality; on the other hand, it can improve the transparency of the data owner's data authorization policy to stakeholders. It is the best of both worlds and will not be too biased towards either party. Balanced architecture.

第三方服務子系統150可比照前述圖10的方式,動態調整其他資料請求者(例如,資料請求者R2)所對應的資料查詢智能合約366的內容,藉此更新個別資料請求者所對應的資料查詢協議。如此一來,第三方服務子系統150便可彈性調整其他資料請求者能夠請求的資料範圍、資料類型、和/或資料內容。 The third-party service subsystem 150 can dynamically adjust the content of the data query smart contract 366 corresponding to other data requesters (for example, data requester R2) in the manner described in Figure 10, thereby updating the data corresponding to individual data requesters. Query protocol. In this way, the third-party service subsystem 150 can flexibly adjust the data range, data type, and/or data content that other data requesters can request.

另一方面,去中心化資料授權控管系統100中的其他資料擁有者(例如,對應於資料擁有者裝置120的資料擁有者D2),則可比照前述圖10的方式使用相關的資料擁有者裝置,以動態調整記錄在授權政策智能合約364中的相關資料授權政策密文,藉此更新該資料擁有者針對特定資料請求者或全部資料請求者所設定的資料授權政策。如此一來,該資料擁有者便可彈性調整授權給第三方服務子系統150向特定資料請求者或全部資料請求者提供資料時的資料範圍、資料類型、和/或資料內容。 On the other hand, other data owners in the decentralized data authorization control system 100 (for example, the data owner D2 corresponding to the data owner device 120) can use the relevant data owners in the manner described in Figure 10. Device to dynamically adjust the relevant data authorization policy cipher text recorded in the authorization policy smart contract 364, thereby updating the data authorization policy set by the data owner for a specific data requester or all data requesters. In this way, the data owner can flexibly adjust the data scope, data type, and/or data content when authorizing the third-party service subsystem 150 to provide data to a specific data requester or all data requesters.

由前述說明可知,有權存取區塊鏈子系統170、具備正確解密金鑰的裝置,可對記錄在區塊鏈子系統170中的資料授權政策密文進行解密與查核。因此,利用區塊鏈子系統170來取代傳統的集權式授權伺服器,可有效提升去中心化資料授權控管系統100在授權政策管理上的透明度,進而降低第三方服務子系統150與資料擁有者或資料請求者之間發生糾紛的可能性。 As can be seen from the foregoing description, a device that has access to the blockchain subsystem 170 and has a correct decryption key can decrypt and verify the data authorization policy ciphertext recorded in the blockchain subsystem 170 . Therefore, using the blockchain subsystem 170 to replace the traditional centralized authorization server can effectively improve the transparency of the authorization policy management of the decentralized data authorization control system 100, thereby reducing the risk of the third-party service subsystem 150 interacting with the data owner. or the possibility of disputes between data requesters.

前述去中心化資料授權控管系統100的另一優點是能夠滿足歐盟GDPR的各種要求,並且能夠允許資料擁有者隨時依需要而動態調整其資料授權政策,具有更高的授權政策調整彈性。 Another advantage of the aforementioned decentralized data authorization control system 100 is that it can meet various requirements of the EU GDPR, and can allow data owners to dynamically adjust their data authorization policies at any time as needed, with higher authorization policy adjustment flexibility.

另外,個別資料擁有者的資料授權政策是以加密形式儲存在區塊鏈子系統170中,且只有具備正確解密金鑰、且有權存取區塊鏈子系統170的裝置,才能從區塊鏈子系統170中讀取並解密相關的資料授權政策密文。這樣的做法可大幅降低個別資料擁有者所設定的資料授權政策被惡意人士竊取或竄改的風險。 In addition, the data authorization policy of the individual data owner is stored in the blockchain subsystem 170 in an encrypted form, and only a device with the correct decryption key and the right to access the blockchain subsystem 170 can access the data from the blockchain subsystem 170. 170 to read and decrypt the relevant data authorization policy ciphertext. This approach can significantly reduce the risk of data authorization policies set by individual data owners being stolen or tampered with by malicious parties.

再者,個別資料請求者裝置每次使用的資料取用訊標(例如,前述的第一取用訊標及第二取用訊標),最後是由區塊鏈子系統170註銷。換言之,這些資料取用訊標最後是由區塊鏈子系統170回收,而非由第三方服務子系統150來回收。這樣的架構能有效降低第三方服務提供者與資料請求者兩方之間發生糾紛的可能性。 Furthermore, the individual data requester installs the data access beacon used each time (for example, the aforementioned first access beacon and the second access beacon), and is finally logged out by the blockchain subsystem 170 . In other words, these data access beacons are finally recovered by the blockchain subsystem 170 rather than by the third-party service subsystem 150 . Such a structure can effectively reduce the possibility of disputes between third-party service providers and data requesters.

另一方面,去中心化資料授權控管系統100採用的授權政策控管方法,是利用區塊鏈搭配智能合約的架構來自動完成資料取用訊標的申請與移轉程序、授權訊標的有效性驗證程序、資料請求的適格性驗證程序、以及取用訊標的有效性驗證程序,所以能夠大幅提升資料授權控管流程的效率與正確性,並同時大幅減少所需的人力與時間,更能有效避免儲存在區塊鏈子系統170中的相關授權政策密文與取用訊標的時間記錄被惡意人士事後竄改的風險。 On the other hand, the authorization policy control method adopted by the decentralized data authorization control system 100 is to use the blockchain and smart contract architecture to automatically complete the application and transfer procedures of the data access token and the validity of the authorization token. Verification procedures, data request eligibility verification procedures, and access beacon validity verification procedures can greatly improve the efficiency and accuracy of the data authorization control process, and at the same time significantly reduce the manpower and time required, making it more effective This avoids the risk of the relevant authorization policy ciphertext and the time record of accessing the beacon stored in the blockchain subsystem 170 being tampered with by malicious parties afterwards.

實作上,前述去中心化資料授權控管系統100中的第三方服務子系統的數量,可依實際應用環境的需要而增加,並不侷限於前述實施例所繪示的態樣。 In practice, the number of third-party service subsystems in the aforementioned decentralized data authorization and control system 100 can be increased according to the needs of the actual application environment, and is not limited to the form shown in the aforementioned embodiment.

在某些實施例中,可將前述資料擁有者裝置110中的資料庫115和/或區塊鏈運算電路113省略,或是將資料庫115和/或區塊鏈運算電路113獨立於資料擁有者裝置110之外。 In some embodiments, the database 115 and/or the blockchain computing circuit 113 in the aforementioned data owner device 110 can be omitted, or the database 115 and/or the blockchain computing circuit 113 can be made independent of the data owner. or device 110.

另外,在某些實施例中,可將前述資料請求者裝置130中的資料庫135和/或區塊鏈運算電路133省略,或是將資料庫135和/或區塊鏈運算電路133獨立於資料請求者裝置130之外。 In addition, in some embodiments, the database 135 and/or the blockchain computing circuit 133 in the aforementioned data requester device 130 can be omitted, or the database 135 and/or the blockchain computing circuit 133 can be made independent of outside of the data requestor device 130.

同樣地,在某些實施例中,可將前述第三方服務子系統150中的資料庫155和/或區塊鏈運算電路153省略,或是將資料庫155和/或區塊鏈運算電路153獨立於第三方服務子系統150之外。 Similarly, in some embodiments, the database 155 and/or the blockchain computing circuit 153 in the aforementioned third-party service subsystem 150 can be omitted, or the database 155 and/or the blockchain computing circuit 153 can be omitted. Independent from the third-party service subsystem 150.

在說明書及申請專利範圍中使用了某些詞彙來指稱特定的元件,而本領域內的技術人員可能會用不同的名詞來稱呼同樣的元件。本說明書及申請專利範圍並不以名稱的差異來做為區分元件的方式,而是以元件在功能上的差異來做為區分的基準。在說明書及申請專利範圍中所提及的「包含」為開放式的用語,應解釋成「包含但不限定於」。另外,「耦接」一詞在此包含任何直接及間接的連接手段。因此,若文中描述第一元件耦接於第二元件,則代表第一元件可通過電性連接或無線傳輸、光學傳輸等信號連接方式而直接地連接於 第二元件,或通過其它元件或連接手段間接地電性或信號連接至第二元件。 Certain words are used in the specification and patent application to refer to specific components, but those skilled in the art may use different terms to refer to the same component. This specification and patent application do not use differences in names as a way to distinguish components, but differences in functions of components as a basis for distinction. The "include" mentioned in the specification and patent application scope is an open-ended term and should be interpreted as "include but not limited to". In addition, the word "coupling" here includes any direct and indirect connection means. Therefore, if a first element is described as being coupled to a second element, it means that the first element can be directly connected to the second element through electrical connection or signal connection methods such as wireless transmission and optical transmission. The second element may be indirectly electrically or signal-connected to the second element through other elements or connection means.

在說明書中所使用的「和/或」的描述方式,包含所列舉的其中一個項目或多個項目的任意組合。另外,除非說明書中特別指明,否則任何單數格的用語都同時包含複數格的含義。 The description "and/or" used in the specification includes one or any combination of multiple listed items. In addition, unless otherwise specified in the specification, any term in the singular shall also include the plural.

以上僅為本發明的較佳實施例,凡依本發明請求項所做的等效變化與修改,皆應屬本發明的涵蓋範圍。 The above are only preferred embodiments of the present invention, and all equivalent changes and modifications made in accordance with the claims of the present invention shall fall within the scope of the present invention.

100:去中心化資料授權控管系統 100: Decentralized data authorization control system

110、120:資料擁有者裝置 110, 120: Data owner device

111、131、151:通信電路 111, 131, 151: Communication circuit

113、133、153:區塊鏈運算電路 113, 133, 153: Blockchain computing circuit

115、135、155:資料庫 115, 135, 155: database

117、137:控制電路 117, 137: Control circuit

130、140:資料請求者裝置 130, 140: Data requester device

150:第三方服務子系統 150:Third-party service subsystem

157:資料伺服器 157:Data server

160:區塊鏈節點叢集 160: Blockchain node cluster

161~167:區塊鏈節點 161~167: Blockchain node

170:區塊鏈子系統 170:Blockchain subsystem

Claims (8)

一種去中心化資料授權控管系統(100),包含:一資料擁有者裝置(110),設置成提供目標資料;一第三方服務子系統(150),設置成儲存該目標資料;一資料請求者裝置(130),設置成產生與一或多個資料項目相應的一第一資料請求,並產生包含一訊標識別資料的一第一訊標請求;以及一區塊鏈子系統(170),包含多個區塊鏈節點(161~167),設置成執行一訊標管理智能合約(362)以獲取該第一訊標請求所對應的一訊標識別資料,並驗證該訊標識別資料所對應的一授權訊標的有效性,且倘若該授權訊標為有效,則該區塊鏈子系統(170)還設置成產生與該授權訊標相應的一第一取用訊標,其中,該授權訊標是由該區塊鏈子系統(170)執行該訊標管理智能合約(362)所產生並移轉給該資料擁有者裝置(110);其中,該資料請求者裝置(130)還設置成在獲取該第一取用訊標後,傳送該第一資料請求給該第三方服務子系統(150),並移轉該第一取用訊標給該第三方服務子系統(150);其中,該第三方服務子系統(150)還設置成在接收到該第一資料請求後,移轉該第一取用訊標給該區塊鏈子系統(170);其中,該區塊鏈子系統(170)還設置成驗證該第一取用訊標的有效性,且在該區塊鏈子系統(170)判定該第一取用訊標為有效訊標後,該區塊鏈子系統(170)還會產生及傳送一驗證成功通知給該第三方服務子系統(150);其中,該第三方服務子系統(150)還會從該目標資料中找出與該第一資料請求相應的一第一組資料,且若該第三方服務子系統(150)接收到該驗證成功通知,該第三方服務子系統(150) 會傳送該第一組資料給該資料請求者裝置(130);其中,該資料擁有者裝置(110)不會接收該第一資料請求,不會涉入該第一資料請求的處理過程,不會產生該第一取用訊標,不會獲取該第一取用訊標,也不會涉入該第一取用訊標的有效性的驗證過程;其中,該資料請求者裝置(130)所產生的該第一訊標請求,是先由該資料請求者裝置(130)傳送給該第三方服務子系統(150),再由該第三方服務子系統(150)轉傳給該區塊鏈子系統(170)。 A decentralized data authorization control system (100), including: a data owner device (110) configured to provide target data; a third-party service subsystem (150) configured to store the target data; a data request a device (130) configured to generate a first data request corresponding to one or more data items and generate a first beacon request including a beacon identification data; and a blockchain subsystem (170), Contains multiple blockchain nodes (161~167), configured to execute a beacon management smart contract (362) to obtain a beacon identification data corresponding to the first beacon request, and to verify the beacon identification data. The validity of a corresponding authorization beacon, and if the authorization beacon is valid, the blockchain subsystem (170) is also configured to generate a first access beacon corresponding to the authorization beacon, wherein the authorization The beacon is generated by the blockchain subsystem (170) executing the beacon management smart contract (362) and transferred to the data owner device (110); wherein the data requester device (130) is also configured to After obtaining the first access beacon, transmit the first data request to the third-party service subsystem (150), and transfer the first access beacon to the third-party service subsystem (150); wherein , the third-party service subsystem (150) is also configured to transfer the first access token to the blockchain subsystem (170) after receiving the first data request; wherein, the blockchain subsystem (170) 170) is also configured to verify the validity of the first access beacon, and after the blockchain subsystem (170) determines that the first access beacon is a valid beacon, the blockchain subsystem (170) will also Generate and send a verification success notification to the third-party service subsystem (150); wherein the third-party service subsystem (150) will also find a first group corresponding to the first data request from the target data information, and if the third-party service subsystem (150) receives the verification success notification, the third-party service subsystem (150) The first set of data will be sent to the data requester device (130); wherein, the data owner device (110) will not receive the first data request, will not be involved in the processing of the first data request, and will not The first access beacon will be generated, the first access beacon will not be obtained, and the verification process of the validity of the first access beacon will not be involved; wherein, the data requester device (130) The first beacon request generated is first sent by the data requester device (130) to the third-party service subsystem (150), and then forwarded by the third-party service subsystem (150) to the blockchain subsystem System(170). 如請求項1所述的去中心化資料授權控管系統(100),其中,該區塊鏈子系統(170)還會記錄該第一取用訊標的一獲取時間或一驗證時間。 As for the decentralized data authorization control system (100) described in claim 1, the blockchain subsystem (170) will also record an acquisition time or a verification time of the first access beacon. 如請求項1所述的去中心化資料授權控管系統(100),其中,該區塊鏈子系統(170)所產生的該第一取用訊標,是先由該區塊鏈子系統(170)移轉給該第三方服務子系統(150),再由該第三方服務子系統(150)移轉給該資料請求者裝置(130)。 The decentralized data authorization control system (100) as described in claim 1, wherein the first access signal generated by the blockchain subsystem (170) is first generated by the blockchain subsystem (170) ) is transferred to the third-party service subsystem (150), which is then transferred to the data requester device (130). 如請求項1所述的去中心化資料授權控管系統(100),其中,該區塊鏈子系統(170)所產生的該第一取用訊標,是由該區塊鏈子系統(170)移轉給該資料請求者裝置(130)。 The decentralized data authorization control system (100) as described in claim 1, wherein the first access beacon generated by the blockchain subsystem (170) is generated by the blockchain subsystem (170) Transfer to the data requester device (130). 如請求項1所述的去中心化資料授權控管系統(100),其中,該資料擁有者裝置(110)會將一資料授權政策密文傳送給該區塊鏈子系統(170),而該區塊鏈子系統(170)則會將該資料授權政策密文記錄在一授權政策智能合約(364)中。 The decentralized data authorization control system (100) as described in claim 1, wherein the data owner device (110) will transmit a data authorization policy ciphertext to the blockchain subsystem (170), and the The blockchain subsystem (170) will record the data authorization policy ciphertext in an authorization policy smart contract (364). 一種去中心化資料授權控管系統(100),包含:一第三方服務子系統(150),設置成儲存一資料擁有者裝置(110)所提供的目標資料;一資料請求者裝置(130),設置成產生與一或多個資料項目相應 的一第一資料請求,並產生包含一訊標識別資料的一第一訊標請求;以及一區塊鏈子系統(170),包含多個區塊鏈節點(161~167),設置成執行一訊標管理智能合約(362)以獲取該第一訊標請求所對應的一訊標識別資料,並驗證該訊標識別資料所對應的一授權訊標的有效性,且倘若該授權訊標為有效,則該區塊鏈子系統(170)還設置成產生與該授權訊標相應的一第一取用訊標,其中,該授權訊標是由該區塊鏈子系統(170)執行該訊標管理智能合約(362)所產生並移轉給該資料擁有者裝置(110);其中,該資料請求者裝置(130)還設置成在獲取該第一取用訊標後,傳送該第一資料請求給該第三方服務子系統(150),並移轉該第一取用訊標給該第三方服務子系統(150);其中,該第三方服務子系統(150)還設置成在接收到該第一資料請求後,移轉該第一取用訊標給該區塊鏈子系統(170);其中,該區塊鏈子系統(170)還設置成驗證該第一取用訊標的有效性,且在該區塊鏈子系統(170)判定該第一取用訊標為有效訊標後,該區塊鏈子系統(170)還會產生及傳送一驗證成功通知給該第三方服務子系統(150);其中,該第三方服務子系統(150)還會從該目標資料中找出與該第一資料請求相應的一第一組資料,且若該第三方服務子系統(150)接收到該驗證成功通知,該第三方服務子系統(150)會傳送該第一組資料給該資料請求者裝置(130);其中,該第一資料請求的處理過程以及該第一取用訊標的有效性的驗證過程,都無需該資料擁有者裝置(110)涉入;其中,該資料請求者裝置(130)所產生的該第一訊標請求,是先由該資料請求者裝置(130)傳送給該第三方服務子系統(150),再由該第三方服務子系統(150)轉傳給該區塊鏈子 系統(170)。 A decentralized data authorization control system (100), including: a third-party service subsystem (150) configured to store target data provided by a data owner device (110); a data requester device (130) , set to generate data corresponding to one or more data items a first data request and generate a first beacon request including a beacon identification data; and a blockchain subsystem (170), including a plurality of blockchain nodes (161~167), configured to execute a The beacon management smart contract (362) obtains a beacon identification data corresponding to the first beacon request, and verifies the validity of an authorization beacon corresponding to the beacon identification data, and if the authorization beacon is valid , then the blockchain subsystem (170) is also configured to generate a first access beacon corresponding to the authorization beacon, wherein the authorization beacon is managed by the blockchain subsystem (170) Generated by the smart contract (362) and transferred to the data owner device (110); wherein the data requester device (130) is also configured to transmit the first data request after acquiring the first access beacon. to the third-party service subsystem (150), and transfer the first access beacon to the third-party service subsystem (150); wherein, the third-party service subsystem (150) is also configured to receive the After the first data request, transfer the first access beacon to the blockchain subsystem (170); wherein the blockchain subsystem (170) is also configured to verify the validity of the first access beacon, and After the blockchain subsystem (170) determines that the first access token is a valid token, the blockchain subsystem (170) will also generate and transmit a verification success notification to the third-party service subsystem (150) ; Among them, the third-party service subsystem (150) will also find a first set of data corresponding to the first data request from the target data, and if the third-party service subsystem (150) receives the verification Upon successful notification, the third-party service subsystem (150) will transmit the first set of data to the data requester device (130); wherein, the processing of the first data request and the validity of the first access beacon are The verification process does not require the involvement of the data owner device (110); wherein, the first beacon request generated by the data requester device (130) is first sent to the data requester device (130). The third-party service subsystem (150) is then transferred to the blockchain by the third-party service subsystem (150) System(170). 如請求項6所述的去中心化資料授權控管系統(100),其中,該區塊鏈子系統(170)還會記錄該第一取用訊標的一獲取時間或一驗證時間。 As for the decentralized data authorization control system (100) described in claim 6, the blockchain subsystem (170) will also record an acquisition time or a verification time of the first access beacon. 如請求項6所述的去中心化資料授權控管系統(100),其中,該區塊鏈子系統(170)所產生的該第一取用訊標,是由該區塊鏈子系統(170)移轉給該資料請求者裝置(130)。 The decentralized data authorization control system (100) as described in request item 6, wherein the first access beacon generated by the blockchain subsystem (170) is generated by the blockchain subsystem (170) Transfer to the data requester device (130).
TW111123941A 2020-11-10 2020-11-10 De-centralized data authorization control system capable of forwarding token request through third-party service subsystem TWI829216B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW111123941A TWI829216B (en) 2020-11-10 2020-11-10 De-centralized data authorization control system capable of forwarding token request through third-party service subsystem

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW111123941A TWI829216B (en) 2020-11-10 2020-11-10 De-centralized data authorization control system capable of forwarding token request through third-party service subsystem

Publications (2)

Publication Number Publication Date
TW202240442A TW202240442A (en) 2022-10-16
TWI829216B true TWI829216B (en) 2024-01-11

Family

ID=85460450

Family Applications (1)

Application Number Title Priority Date Filing Date
TW111123941A TWI829216B (en) 2020-11-10 2020-11-10 De-centralized data authorization control system capable of forwarding token request through third-party service subsystem

Country Status (1)

Country Link
TW (1) TWI829216B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI829215B (en) * 2020-11-10 2024-01-11 林庠序 De-centralized data authorization control system capable of inspecting transfer history of read token to verify activity of read token

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108256858A (en) * 2016-12-28 2018-07-06 布尔公司 The establishment of the mandate of the decentralization of the object of connection and the system and method for management
CN108418795A (en) * 2018-01-30 2018-08-17 百度在线网络技术(北京)有限公司 Data access method, device, system and the computer-readable medium of transregional piece of chain
CN108810006A (en) * 2018-06-25 2018-11-13 百度在线网络技术(北京)有限公司 resource access method, device, equipment and storage medium
TWI650658B (en) * 2017-09-22 2019-02-11 天逸財金科技服務股份有限公司 Method and system for querying data through verification of identity and authorization
CN110069908A (en) * 2019-04-11 2019-07-30 深圳前海微众银行股份有限公司 A kind of authority control method and device of block chain
US10623398B2 (en) * 2011-06-15 2020-04-14 Microsoft Technology Licensing, Llc Verifying requests for access to a service provider using an authentication component
CN111149332A (en) * 2017-04-28 2020-05-12 数据翼股份有限公司 System and method for implementing centralized privacy control in decentralized systems
CN111767527A (en) * 2020-07-07 2020-10-13 杭州云链趣链数字科技有限公司 Block chain-based data authority control method and device and computer equipment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10623398B2 (en) * 2011-06-15 2020-04-14 Microsoft Technology Licensing, Llc Verifying requests for access to a service provider using an authentication component
CN108256858A (en) * 2016-12-28 2018-07-06 布尔公司 The establishment of the mandate of the decentralization of the object of connection and the system and method for management
CN111149332A (en) * 2017-04-28 2020-05-12 数据翼股份有限公司 System and method for implementing centralized privacy control in decentralized systems
TWI650658B (en) * 2017-09-22 2019-02-11 天逸財金科技服務股份有限公司 Method and system for querying data through verification of identity and authorization
CN108418795A (en) * 2018-01-30 2018-08-17 百度在线网络技术(北京)有限公司 Data access method, device, system and the computer-readable medium of transregional piece of chain
CN108810006A (en) * 2018-06-25 2018-11-13 百度在线网络技术(北京)有限公司 resource access method, device, equipment and storage medium
CN110069908A (en) * 2019-04-11 2019-07-30 深圳前海微众银行股份有限公司 A kind of authority control method and device of block chain
CN111767527A (en) * 2020-07-07 2020-10-13 杭州云链趣链数字科技有限公司 Block chain-based data authority control method and device and computer equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
期刊 N. B.Truong, K. Sun, G. M. Lee and Y. Guo "GDPR compliant personal data management: A blockchain-based solution" IEEE Transactions on Information Forensics and Security vol. 15, IEEE pp. 1746-1761 https://ieeexplore.ieee.org/ 21 October 2019 https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8876647 *

Also Published As

Publication number Publication date
TW202240442A (en) 2022-10-16

Similar Documents

Publication Publication Date Title
CN110915183B (en) Block chain authentication via hard/soft token validation
US10735202B2 (en) Anonymous consent and data sharing on a blockchain
US9948619B2 (en) System and method for encryption key management in a mixed infrastructure stream processing framework
US10671733B2 (en) Policy enforcement via peer devices using a blockchain
CN109492419B (en) Method, device and storage medium for acquiring data in block chain
TWI829219B (en) De-centralized data authorization control system capable of transferring read token from block chain subsystem to data requester device
US10250613B2 (en) Data access method based on cloud computing platform, and user terminal
US20220035950A1 (en) Privacy-preserving mobility as a service supported by blockchain
US10579994B1 (en) Method for routing to mesh network content utilizing blockchain technology
JP5992535B2 (en) Apparatus and method for performing wireless ID provisioning
CN115803735A (en) Database access control service in a network
CN107347073B (en) A kind of resource information processing method
US11113365B2 (en) System and method to limit content distribution
TWI829216B (en) De-centralized data authorization control system capable of forwarding token request through third-party service subsystem
TWI829218B (en) De-centralized data authorization control system capable of indirectly transferring read token through third-party service subsystem
TWI829217B (en) De-centralized data authorization control system capable of flexibly adjusting data authorization policy
US9172711B2 (en) Originator publishing an attestation of a statement
TWI829222B (en) De-centralized data authorization control system capable of utilizing third-party service subsystem to provide accessible data list to data requester device
TWI829221B (en) De-centralized data authorization control system capable of allowing data requestetr device to inspect correctness of data authorization policy stored in block chain subsystem
TWI829220B (en) De-centralized data authorization control system capable of utilizing smart contract to generate and transfer authorization token
TWI829215B (en) De-centralized data authorization control system capable of inspecting transfer history of read token to verify activity of read token
TWI766430B (en) De-centralized data authorization control system capable of dynamically adjusting data authorization policy
TWI802794B (en) Financial business review integration system and method thereof
US11848754B1 (en) Access delegation leveraging private keys on keystores read by provisioned devices
US20240135036A1 (en) Privacy-preserving mobility as a service supported by blockchain