TWM596924U - Device of identity management and authorization - Google Patents

Device of identity management and authorization Download PDF

Info

Publication number
TWM596924U
TWM596924U TW108216119U TW108216119U TWM596924U TW M596924 U TWM596924 U TW M596924U TW 108216119 U TW108216119 U TW 108216119U TW 108216119 U TW108216119 U TW 108216119U TW M596924 U TWM596924 U TW M596924U
Authority
TW
Taiwan
Prior art keywords
business
personal
module
blockchain
mentioned
Prior art date
Application number
TW108216119U
Other languages
Chinese (zh)
Inventor
鄭宇廷
Original Assignee
臺灣銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣銀行股份有限公司 filed Critical 臺灣銀行股份有限公司
Priority to TW108216119U priority Critical patent/TWM596924U/en
Publication of TWM596924U publication Critical patent/TWM596924U/en

Links

Images

Abstract

The invention provides a device of identity management and authorization applied to a blockchain network that executes smart contacts, which includes a manager end, at least one business end and at least one personal end. The manager end communicatively connects to the blockchain network and announces a renewal request. Each of the at least one business end communicatively connects to the blockchain network and provides a business smart contract. Each of the at least one personal end communicatively connects to the blockchain network and updates a personal information encrypted by a personal private key. Each of the at least one personal end then decrypts the business smart contract for signing thereon, and updates the business smart contract encrypted by the personal private key with a permission key attached. The business end gets the personal information through the permission key and handles the business content written in the business smart contract.

Description

身份管理與授權裝置Identity management and authorization device

本新型涉及一種身份管理與授權裝置,特別是一種可由主管共同參與之區塊鏈智能合約的身份管理與授權裝置。The present invention relates to an identity management and authorization device, especially an identity management and authorization device for a blockchain smart contract that can be jointly participated by supervisors.

現今具有各式金融需求的客戶,若到舉凡保險、銀行或各種具有會員制度的任何機構,申辦包括存款或貸款等金融業務時,常需填寫許多個人資料表,或是簽訂各種紙本合約書。因此,除了浪費紙張、手續複雜且合約難以保存外,相關業務人員還須在客戶填妥紙本資料或合約後,再將客戶所提供及授權的資訊,鍵入或掃描至電腦裝置中。上述這樣的二次動作,會耗費許多時間及人力在處理不必要的程序上,無形中便提高了人力成本及程序時間。Nowadays, customers with various financial needs need to fill out many personal information forms or sign various paper contracts when applying for insurance, bank or any organization with membership system, when applying for financial services including deposits or loans. . Therefore, in addition to wasting paper, complicated procedures and difficult to save contracts, relevant business personnel must also enter or scan the information provided and authorized by the customer into the computer device after the customer completes the paper information or contract. The above-mentioned secondary action will consume a lot of time and manpower in dealing with unnecessary procedures, which invisibly increases the manpower cost and the procedure time.

就以銀行機構為例,如果一客戶同時具有10間銀行的帳戶,在申辦相關金融業務時,即須重複填寫上述10間銀行各種不同的申請資料表與合約,相當耗時且費力。Taking a banking institution as an example, if a customer has accounts of 10 banks at the same time, when applying for related financial services, it is necessary to repeatedly fill out the various application forms and contracts of the above 10 banks, which is quite time-consuming and laborious.

同時,因為時下詐騙手法不斷更新,應運而生的「認識你的客戶 (Know your customer, KYC)」相關法規政策,即在保護上述這些客戶授權並儲存在銀行的個人資料 (下簡稱個資),例如聯絡電話或密碼等。這些客戶及銀行對於這些個資,都需時常預防地或不定期地更新,才能滿足相關法規要求、降低客戶投資風險以及達到洗錢防制的目的。也就是說,銀行如果沒有充分認識或驗證客戶的資料,便會讓銀行或客戶都暴露在極大的損失風險下,甚至為金融機構或公司造成營業上的困境。At the same time, because of the continuous updating of fraud methods, the relevant laws and policies of "Know your customer (KYC)", which is in response, are protecting the personal data authorized by these customers and stored in the bank (hereinafter referred to as personal information). ), such as contact numbers or passwords. These clients and banks need to update these assets frequently or preventively, in order to meet the requirements of relevant laws and regulations, reduce the investment risk of customers and achieve the purpose of preventing money laundering. In other words, if the bank does not fully understand or verify the customer's information, it will expose the bank or the customer to a great risk of loss, and even cause financial difficulties for the financial institution or company.

如上所述,KYC可能進一步要求各銀行用戶,事先採取預防性的資料更新,包括如個人的身份證字號、聯絡方式、信用紀錄、收入證明等資料。而此些資料的收集及個別驗證,本身即已耗費客戶或銀行大量的時間及人力。除此之外,當客戶在10間中某一間銀行有最新的資訊異動時,其他剩餘9間銀行所儲存的 KYC 資料,即會因為已經變成舊的、尚未更新的 KYC 資料,而失去參考價值。As mentioned above, KYC may further require each bank user to take precautionary information updates in advance, including such information as personal ID number, contact information, credit history, income certificate, etc. The collection and individual verification of such data consumes a lot of time and manpower of customers or banks. In addition, when the customer has the latest information changes in one of the 10 banks, the KYC data stored in the remaining 9 banks will lose their reference because they have become old and have not been updated. value.

此時,剩餘9間銀行又將再次通知客戶更新他的 KYC 資料,也就是重新更新個資的表格或合約手續,實際上會造成不管是客戶或金融機構不必要且巨大的成本浪費及時間浪費。At this time, the remaining 9 banks will again notify customers to update his KYC information, that is, to renew the forms or contract procedures of personal assets, which will actually cause unnecessary and huge cost and time waste for both customers and financial institutions. .

如何解決此種變更次數頻繁且不可避免的資料填寫及後續鍵入電子裝置的動作,便是任何金融機構目前所應解決的問題,且急需找出所對應的解決辦法。How to solve such frequent and unavoidable data changes and subsequent input of electronic devices is a problem that any financial institution should solve at present, and it is urgent to find a corresponding solution.

為解決上述問題,本新型發展出一種建立在區塊鏈 (Blockchain) 網路概念上的身份管理及授權裝置。這種裝置可提供客戶 (下稱個人端) 以數位電子方式輸入個資,再將其對應個資,例如透過非對稱式加密 (Asymmetric cryptography) 的方式,以個人端專屬且唯一的個人私鑰對其個資加密。因此,透過這種個資的加密方式,不管個人端是否選擇上傳已經加密的個資到區塊鏈網路上,任何區塊鏈網路中的裝置使用者或機構,皆無法辨識或獲得任何已經加密的客戶個資。另外,在當政府端 (下稱主管端) 為防止詐騙或洗錢,而提出例如KYC個資的更新要求時,個人端即可透過其個人私鑰,解密所屬的個資,以進行個資更新,然後再加密上傳其個資。In order to solve the above problems, the present invention has developed an identity management and authorization device based on the concept of Blockchain network. This device can provide customers (hereinafter referred to as the personal end) to enter personal data digitally, and then correspond to the personal data, for example, through asymmetric cryptography (Asymmetric cryptography), using the personal end unique and unique personal private key Encrypt its assets. Therefore, through this personal asset encryption method, no matter whether the personal end chooses to upload encrypted personal assets to the blockchain network, any device user or organization in the blockchain network cannot identify or obtain any Encrypted client assets. In addition, when the government side (hereinafter referred to as the supervisor side) proposes, for example, KYC personal information update request to prevent fraud or money laundering, the personal side can decrypt the belonging personal information through its personal private key for personal information update , And then upload their assets encrypted.

除此之外,金融機構端 (下稱業務端) 可研擬一電腦裝置化的交易協議,在此稱其為智能合約 (Smart contract)。業務端透過這種智能合約,在合約上載明所能對個人端提供的業務內容,並將上述智能合約以程式碼的資料形式,上傳至區塊鏈網路。因此,這種智能合約與傳統紙本合約,或任何電子形式的合約不同,而能在區塊鏈網路中,以數位式且裝置自動化的方式執行合約內容。In addition, the financial institution side (hereinafter referred to as the business side) can develop a computerized transaction agreement, which is referred to herein as a smart contract. Through this kind of smart contract, the business end specifies the business content that can be provided to the personal end on the contract, and uploads the above smart contract in the form of code data to the blockchain network. Therefore, this kind of smart contract is different from the traditional paper contract, or any electronic form of contract, and can execute the contract content in a digital and automatic way in the blockchain network.

當個人端對上述業務端有其所屬意的業務需求,且這樣的業務需求是可由上述業務端所提供及承辦時,即可透過上述區塊鏈網路,與上述業務端簽署智能合約,個人端並以對應的許可鑰加密授權其個資,允許上述業務端使用個人端所屬的個資,以承辦所簽署的合約內容所涉及的業務範圍。When the personal end has its intended business needs for the above-mentioned business end, and such business needs can be provided and undertaken by the above-mentioned business end, the smart contract can be signed with the above-mentioned business end through the above-mentioned blockchain network. The client end encrypts and authorizes its personal assets with the corresponding license key, allowing the above-mentioned business end to use the personal assets to which the personal end belongs to undertake the business scope involved in the content of the contract signed.

藉由本新型,除可省卻各個人端到各業務端,進行繁複的申請或更新手續之外,主管端還另可透過同樣簡便且有效的區塊鏈網路方式,公佈個人端及業務端需更新所屬個資的要求,而能實質防止洗錢或詐騙等情事發生。With this new model, in addition to eliminating the need for individual end-to-end business, and making complicated application or update procedures, the supervisor can also publish the personal and business needs through the same simple and effective blockchain network. Updating the requirements of the individual’s assets can substantially prevent money laundering or fraud.

具體而言,本新型提供一種身份管理與授權裝置,應用在執行智能合約的一區塊鏈網路,上述裝置包括一主管端、至少一業務端,以及至少一個人端。Specifically, the present invention provides an identity management and authorization device, which is applied to a blockchain network that executes smart contracts. The device includes a supervisor terminal, at least one business terminal, and at least one personal terminal.

上述主管端包括一主管區塊鏈模組,以及一主管公佈模組。上述主管區塊鏈模組,包括一主管資料庫,上述主管區塊鏈模組用於通訊連結上述區塊鏈網路,並更新上述區塊鏈網路的所有資料至上述主管資料庫;以及上述主管公佈模組,通過上述主管區塊鏈模組,公佈一更新要求至上述區塊鏈網路上。The above supervisor includes a supervisor blockchain module and a supervisor announcement module. The above-mentioned supervisor blockchain module includes a supervisor database, and the supervisor blockchain module is used for communicating with the blockchain network and updating all the data of the blockchain network to the supervisor database; and The above supervisor announcement module, through the above supervisor blockchain module, announces an update request to the above blockchain network.

上述每一該些業務端包括:一業務區塊鏈模組,包括一業務資料庫,上述業務區塊鏈模組用於通訊連結上述區塊鏈網路,並更新上述區塊鏈網路的所有資料至上述業務資料庫;一業務合約模組,透過上述業務區塊鏈模組提供一業務智能合約至上述區塊鏈網路上;以及一業務解密模組。Each of these services includes: a business blockchain module, including a business database, and the business blockchain module is used to communicate with the blockchain network and update the blockchain network All data to the above-mentioned business database; a business contract module, providing a business smart contract to the above-mentioned blockchain network through the above-mentioned business blockchain module; and a business decryption module.

上述至少一個人端,位於上述區塊鏈網路上,每一該些個人端包括:一個人區塊鏈模組,包括一個人資料庫,上述個人區塊鏈模組用於通訊連結上述區塊鏈網路,並更新上述區塊鏈網路的所有資料至上述個人資料庫;上述個人管理模組,維護上述個人端的一個資;一個人加密模組,在上傳上述個資至上述區塊鏈網路前,加密上述個資;一個人解密模組,使用一個人私鑰,以解密該個資以及上述業務端透過上述個人區塊鏈模組傳遞給上述個人端之上述業務智能合約;以及一個人合約模組,透過上述個人區塊鏈模組簽署已解密的上述業務智能合約,並提供一許可鑰給上述業務端之上述業務解密模組,以許可上述業務端取得上述個資。The at least one personal end is located on the blockchain network, and each of the personal ends includes: a personal blockchain module, including a personal database, and the personal blockchain module is used to communicate with the blockchain network , And update all the data of the above-mentioned blockchain network to the above-mentioned personal database; the above-mentioned personal management module, maintain one asset of the above-mentioned personal end; one-person encryption module, before uploading the above-mentioned asset to the above-mentioned blockchain network, Encrypt the above assets; a person decryption module, use a person's private key to decrypt the asset and the business smart contract that the business end passed to the individual end through the personal blockchain module; and a person contract module, through The personal blockchain module signs the decrypted business smart contract, and provides a license key to the business decryption module of the business end, so as to permit the business end to obtain the personal resources.

依據一實施例,上述身份管理與授權裝置中,上述更新要求係要求上述至少一個人端分別更新所屬的上述個資。According to an embodiment, in the above-mentioned identity management and authorization device, the above-mentioned update request requires the at least one personal terminal to update the above-mentioned individual assets respectively.

依據另一實施例,上述身份管理與授權裝置中,上述業務智能合約,更包括一個資取用合約,上述個資取用合約規定包括上述業務端所能取用之上述個資的一範圍及一取用期限。According to another embodiment, in the above-mentioned identity management and authorization device, the above-mentioned business smart contract further includes a capital withdrawal contract, and the above-mentioned individual capital withdrawal contract stipulates to include a range of the above-mentioned individual capital available to the business end and One access period.

依據又一實施例,上述身份管理與授權裝置中,上述業務端使用上述許可鑰並透過上述個資取用合約取得上述個資的上述範圍與上述取用期限。According to yet another embodiment, in the above-mentioned identity management and authorization device, the business end uses the license key and obtains the above-mentioned range of the above-mentioned individual assets and the above-mentioned withdrawal period through the individual asset withdrawal contract.

依據又一實施例,上述身份管理與授權裝置中,上述個人區塊鏈模組,更新以上述個資加密模組加密的上述個資,並連結至上述區塊鏈網路,確保上述主管資料庫、上述該些業務資料庫以及上述該些個人資料庫內之所有資料含有更新且經加密的上述個資。According to yet another embodiment, in the identity management and authorization device, the personal blockchain module updates the individual assets encrypted with the individual asset encryption module and connects to the blockchain network to ensure the supervisor data All the data in the database, the above-mentioned business databases and the above-mentioned personal databases contain the updated and encrypted assets.

本新型除提供一種身份管理與授權裝置,還進一步提供一種身份管理與授權方法,上述方法係使用上述之身份管理與授權裝置,並包含以下步驟:上述主管端上傳上述更新要求;上述業務端上傳上述業務智能合約,供上述個人端簽署上述業務智能合約;以及當上述個人端依據上述更新要求更新上述個資後,上述業務端執行上述業務智能合約。In addition to providing an identity management and authorization device, the present invention further provides an identity management and authorization method. The above method uses the above identity management and authorization device and includes the following steps: the above-mentioned supervisor uploads the above-mentioned update request; the above-mentioned business uploads The above-mentioned business intelligence contract is for the above-mentioned personal end to sign the above-mentioned business intelligence contract; and when the above-mentioned personal end updates the above-mentioned personal assets according to the above-mentioned update request, the above-mentioned business end executes the above-mentioned business intelligence contract.

依據一實施例,上述身份管理與授權的方法中,上述更新要求係要求上述至少一個人端分別更新所屬的上述個資。。According to an embodiment, in the method of identity management and authorization, the update request requires the at least one personal terminal to update the personal assets to which it belongs. .

依據另一實施例,上述身份管理與授權的方法中,上述業務智能合約包括一個資取用合約,上述個資取用合約規定包括上述業務端所能取用之上述個資的一範圍及一取用期限。According to another embodiment, in the above-mentioned identity management and authorization method, the business intelligence contract includes a capital withdrawal contract, and the provisions of the individual capital withdrawal contract include a range and a portion of the individual capital available to the business end Access period.

依據又一實施例,上述身份管理與授權的方法中,上述業務智能合約包括一個資取用合約,其中上述業務端使用上述許可鑰並透過上述個資取用合約取得上述個資的一範圍與一取用期限。According to yet another embodiment, in the above-mentioned identity management and authorization method, the business smart contract includes a capital acquisition contract, wherein the business end uses the license key and obtains a range of the individual capital through the capital acquisition contract. One access period.

依據又一實施例,上述身份管理與授權的方法中,透過上述個人區塊鏈模組,更新以上述個資加密模組加密的上述個資,並連結至上述區塊鏈網路,以確保上述主管資料庫、上述該些業務資料庫以及上述該些個人資料庫內之所有資料含有更新且經加密的上述個資。According to yet another embodiment, in the above-mentioned identity management and authorization method, through the personal blockchain module, the individual assets encrypted by the individual asset encryption module are updated and connected to the blockchain network to ensure All the data in the above-mentioned competent database, the above-mentioned business databases and the above-mentioned personal databases contain the updated and encrypted assets.

透過上述區塊鏈網路的資料傳送及儲存概念,可以將傳統資料統一集中或儲存至單一資料庫或電腦裝置的技術方法,轉為去中心化 (Decentralized) 裝置或稱第三方裝置的資料管理及資訊交換方式。上述傳統集中式的資料管理方法,在安全上有很大的考量疑慮,例如資料庫裝置可能被入侵或是資料毀損的風險性高等。因此,區塊鏈網路的技術導入,使資料儲存於區塊鏈網路中的多個節點,具有使用端同時多節點的資料輸入、資料多節點位置的備份以及多節點擷取資料等獨特性,故能改善資料的集中式管理無法克服的缺點。Through the above-mentioned concept of data transmission and storage on the blockchain network, the traditional data technology can be centralized or stored in a single database or computer device, and it can be transferred to a decentralized device or third-party device for data management. And information exchange methods. The above-mentioned traditional centralized data management method has great security concerns, for example, the risk that the database device may be invaded or the data is damaged is high. Therefore, the introduction of the technology of the blockchain network enables data to be stored in multiple nodes in the blockchain network, with unique multi-node data input at the user end, data multi-node location backup, and multi-node data retrieval. It can improve the shortcomings that the centralized management of data cannot overcome.

有鑑於上述待克服的問題,本新型提供一種應用在區塊鏈智能合約的身份管理與授權裝置,透過上述裝置,個人端 (例如客戶) 可隨時建立,或於必要時一次性更新所需個人資料,並將上述個人資料以專屬對應的個人私鑰進行加密。任何欲查詢或使用上述加密之個人資料者,僅能在持有由對應的個人端所授權的許可鑰,才能查詢或使用上述個人資料,確實達成本新型所主張在安全、匿名及保密上的裝置特色。In view of the above-mentioned problems to be overcome, the present invention provides an identity management and authorization device applied to blockchain smart contracts. Through the above-mentioned device, an individual (such as a customer) can be established at any time, or update the required individual at a time if necessary Data, and encrypt the personal data with the corresponding private key. Anyone who wants to query or use the above encrypted personal data can only query or use the above personal data while holding the license key authorized by the corresponding personal end. Device characteristics.

更進一步而言,主管端 (例如政府機關) 另可發佈 KYC 或更新個資的要求,以防止社會充斥各種金融亂象,例如洗錢、詐騙、可疑交易以及資助恐怖主義 (簡稱資恐) 等情事。此時,個人端亦可透過上述區塊鏈網路的裝置平台,進行個資的更新及加密保存,迅速完成主管端所要求的公佈內容,以利個人端辦理後續其他業務需求的申請。Furthermore, competent authorities (such as government agencies) can also issue KYC or update personal capital requirements to prevent society from being flooded with various financial chaos, such as money laundering, fraud, suspicious transactions, and terrorist financing (referred to as capital terrorism). . At this time, the personal end can also update and encrypt the personal assets through the above-mentioned blockchain network device platform, and quickly complete the announcement content required by the supervisor side, so that the personal end can handle subsequent applications for other business needs.

再者,個人端透過上述裝置所上傳的個資,可與各業務端 (例如銀行機構、證券機構或保險機構) 依其所欲辦理的業務內容,簽訂對應的合約。上述的合約內容會以電腦程式碼寫成一智能合約。在個人端簽署上述智能合約後,需透過專屬的許可鑰加密,且業務端僅在持有上述許可鑰時,才可獲取個人端的個資,以執行相關的業務內容。上述這種智能合約的簽訂,即是在利用區塊鏈中個資的匿名及即時性,免除更新個資的過程中,個資需再填寫、更新或驗證等不必要的繁複手續。因此,這種裝置可以快速且準確地達成個人端的業務需求,提高各端因縮減手續時間所創造的經濟利益。Furthermore, the personal data uploaded by the personal end through the above-mentioned device can sign corresponding contracts with various business ends (such as banking institutions, securities institutions or insurance institutions) according to the business content they want to handle. The content of the above contract will be written into a smart contract with computer program code. After the above-mentioned smart contract is signed on the personal side, it needs to be encrypted with a dedicated license key, and the business side can only obtain the personal resources of the personal side to carry out relevant business content when holding the above-mentioned license key. The signing of the above-mentioned smart contract is to use the anonymity and immediacy of personal assets in the blockchain to avoid unnecessary complicated procedures such as re-filling, updating or verifying personal assets in the process of updating personal assets. Therefore, this device can quickly and accurately meet the business needs of the personal end, and improve the economic benefits created by reducing the time of procedures at each end.

為更清楚說明本新型之實施方式,請參閱圖1,圖1所繪為身份管理與授權裝置的架構示意圖。本新型提供一種身份管理與授權裝置10,應用在執行智能合約的一區塊鏈網路20,上述裝置10包括:一主管端30、至少一業務端40,以及至少一個人端50。To more clearly illustrate the implementation of the present invention, please refer to FIG. 1, which is a schematic diagram of the identity management and authorization device. The present invention provides an identity management and authorization device 10, which is applied to a blockchain network 20 that executes smart contracts. The device 10 includes: a supervisor terminal 30, at least one service terminal 40, and at least one personal terminal 50.

關於上述主管端30,進一步敘述如下。仍請參閱圖1,上述主管端30為上述區塊鏈網路20中的一個單位節點,操作權限可授予主管或監管相關業務的政府機關,例如金融監督管理委員會 (簡稱金管會)、法務部調查局或聯徵中心等機關。The above-mentioned main tube end 30 is further described as follows. Still referring to FIG. 1, the above-mentioned supervisor terminal 30 is a unit node in the above-mentioned blockchain network 20, and the operation authority may be granted to the supervisory or government agency that supervises related businesses, such as the Financial Supervisory Commission (referred to as the Financial Management Commission), the Legal Department Bureaus of investigation or joint collection centers.

仍請參閱圖1,上述主管端30進一步包括一主管區塊鏈模組31,以及一主管公佈模組32。上述主管區塊鏈模組31包括一主管資料庫,上述主管區塊鏈模組31用於通訊連結上述區塊鏈網路20,使上述主管端30成為上述區塊鏈網路20中的一個單位節點,以更新上述區塊鏈網路20中的所有資料至上述主管資料庫。即上述主管端30,透過上述主管區塊鏈模組31,可確保當下所操作的上述裝置10,是基於上述區塊鏈網路20中已同步且為最新的所有資料。Still referring to FIG. 1, the above-mentioned supervisor terminal 30 further includes a supervisor blockchain module 31 and a supervisor announcement module 32. The supervisor blockchain module 31 includes a supervisor database. The supervisor blockchain module 31 is used to communicate with the blockchain network 20 so that the supervisor terminal 30 becomes one of the blockchain networks 20. The unit node updates all the data in the blockchain network 20 to the supervisor database. That is, the master terminal 30, through the master blockchain module 31, can ensure that the currently operated device 10 is based on all the latest and synchronized data in the blockchain network 20.

仍請參閱圖1,上述主管公佈模組32,通過上述主管區塊鏈模組31連通至上述區塊鏈網路20,保持所有資料是已同步且為最新的,並公佈一更新要求33至上述區塊鏈網路20上。上述更新要求33的內容,可以進一步包括上述主管端30公佈且要求受有上述主管端30主管或監管的機構單位及其客戶,更新相關資料或其格式,例如填寫上述至少一個人端50的個資,或以主管機關公佈的最新模板,更新上述至少一個人端50的個資等要求。Still referring to FIG. 1, the above-mentioned supervisor announcement module 32 communicates with the above-mentioned blockchain network 20 through the above-mentioned supervisor blockchain module 31, keeps all data synchronized and up-to-date, and publishes an update request 33 to On the aforementioned blockchain network 20. The content of the above update request 33 may further include the institutional units and their clients announced by the above-mentioned competent terminal 30 and required to be supervised or supervised by the above-mentioned competent terminal 30, to update relevant materials or their formats, for example, to fill in the above-mentioned personal information of at least one personal terminal 50 , Or use the latest template published by the competent authority to update the requirements of at least one personal terminal 50.

另外,仍請參閱圖1,如果受有上述主管端30主管或監管的機構單位及其客戶,未根據上述更新要求33更新上述主管端30所要求的資料或其格式,將無法繼續透過上述裝置10進行後續的業務操作,甚至有因觸犯相關法律規定或因此受有損害賠償義務等裝置操作程序的違反機制。In addition, please refer to FIG. 1, if the institutions or their clients supervised or supervised by the above-mentioned terminal 30 do not update the data or the format required by the above-mentioned terminal 30 in accordance with the above-mentioned update request 33, they will not be able to continue through the above-mentioned device 10 Follow-up business operations, even there are violations of device operation procedures due to violations of relevant laws and regulations or due to damage compensation obligations.

仍請參閱圖1,上述更新要求33需再以程式語言編碼,形成上述區塊鏈網路20所能辨識、讀取、計算或執行的語言,儲存至上述主管資料庫,以上傳至上述區塊鏈網路20。其中,上述程式語言包括任何合約導向式語言,例如Solidity、Serpent、Lisp Like Language (LLL) 或Viper等語言。Still referring to FIG. 1, the above update request 33 needs to be coded in programming language to form a language that can be recognized, read, calculated or executed by the above-mentioned blockchain network 20, and stored in the above-mentioned supervisor database for upload to the above-mentioned area Blockchain network 20. Among them, the above programming languages include any contract-oriented languages, such as Solidity, Serpent, Lisp Like Language (LLL) or Viper.

關於上述至少一業務端40,進一步敘述如下。仍請參閱圖1,上述每一業務端40,皆為上述區塊鏈網路20中的一個單位節點,操作權限可授予任何具有承辦相關業務能力的機構,例如就金融機構而言,可為銀行單位、證券單位、保險單位、其他經營金融業務的公司單位,或任何具有會員制度的機構單位。上述的金融機構另應受有,並履行其主管或監管機關公佈的相關規範之義務。The at least one service terminal 40 is further described as follows. Still referring to FIG. 1, each of the above-mentioned business ends 40 is a unit node in the above-mentioned blockchain network 20, and the operation authority can be granted to any institution with the ability to undertake related business, for example, for financial institutions, it can be Banking unit, securities unit, insurance unit, other company units engaged in financial business, or any institutional unit with membership system. The above-mentioned financial institutions shall also be subject to and fulfill the obligations of relevant regulations promulgated by their supervisors or regulatory authorities.

仍請參閱圖1,上述每一該些業務端40進一步包括一業務區塊鏈模組41、一業務合約模組42,以及一業務解密模組43。上述業務區塊鏈模組41包括一業務資料庫,上述業務區塊鏈模組41用於通訊連結上述區塊鏈網路20,使上述每一該些業務端40皆成為上述區塊鏈網路20中的一個單位節點,以更新上述區塊鏈網路20中的所有資料至上述業務資料庫。即上述每一該些業務端40,透過上述業務區塊鏈模組41,可確保當下所操作的上述裝置10,是基於上述區塊鏈網路20中已同步且為最新的所有資料。Still referring to FIG. 1, each of the above-mentioned business terminals 40 further includes a business blockchain module 41, a business contract module 42, and a business decryption module 43. The business blockchain module 41 includes a business database, and the business blockchain module 41 is used to communicate with the blockchain network 20 so that each of the business terminals 40 becomes the blockchain network. A unit node in the way 20 to update all the data in the blockchain network 20 to the business database. That is, each of the service terminals 40, through the service blockchain module 41, can ensure that the currently operated device 10 is based on all data synchronized and up-to-date in the blockchain network 20.

仍請參閱圖1,上述業務合約模組42,通過上述業務區塊鏈模組41連通至上述區塊鏈網路20,保持所有資料是已同步且為最新的,並提供一業務智能合約44至上述區塊鏈網路20上。上述業務智能合約44的內容,可以進一步包括上述任一該些業務端40能提供的任何業務內容,例如就金融機構而言,可為存款、轉帳、貸款、跨行匯款、基金投資或跨境匯款等業務內容。Still referring to FIG. 1, the above-mentioned business contract module 42 is connected to the above-mentioned blockchain network 20 through the above-mentioned business blockchain module 41, keeping all data synchronized and up-to-date, and providing a business smart contract 44 To the aforementioned blockchain network 20. The content of the above business smart contract 44 may further include any business content that any of these business terminals 40 can provide, for example, for financial institutions, it can be deposits, transfers, loans, cross-bank remittances, fund investments or cross-border remittances And other business content.

根據某些實施例,上述業務智能合約44更進一步包括有一個資取用合約,上述個資取用合約規定包括上述業務端40所能取用之上述個資57的一範圍及一取用期限。其中,上述範圍,係明訂包括上述業務端40因承辦已受有上述個人端50授權同意的合約內容時,所能取用上述個人端50的個資範圍,可為全部個資授權或僅部份個資授權。例如在所有上述個人端50所授權的個資範圍中,僅能使用上述個人端50的所得資料或身份證字號等。According to some embodiments, the business intelligence contract 44 further includes a capital withdrawal contract, and the individual capital withdrawal contract specifies a range and a withdrawal period including the individual capital 57 that the business terminal 40 can access. . Among them, the above-mentioned range is defined to include the above-mentioned business end 40 because it has undertaken the contract content that has been authorized and agreed by the above-mentioned personal end 50. Some personal authorization. For example, in all the personal funds authorized by the personal terminal 50, only the data or ID number of the personal terminal 50 can be used.

上述取用期限,則明訂包括上述業務端40因承辦上述個人端50授權同意的合約內容時,所能取用上述個人端50的個資之取用期限。例如在洗錢防制法中,金融機構在與客戶間的業務關係終止後,仍應保存客戶的所得資料5年時間;但若簽署有上述個資57的取用期限為1年,即便仍在金融機構保存的5年內,亦無法再取用上述個資57。The above-mentioned withdrawal period clearly specifies the withdrawal period that the above-mentioned business terminal 40 can withdraw the personal resources of the above-mentioned personal terminal 50 when undertaking the contract content authorized by the above-mentioned personal terminal 50. For example, in the money laundering prevention law, after the business relationship between the financial institution and the client is terminated, the client’s information should still be kept for 5 years; but if the signature of the above-mentioned capital 57 is used, the withdrawal period is 1 year, even if it is still in Within 5 years of being kept by a financial institution, the above-mentioned personal resources can no longer be used57.

仍請參閱圖1,上述業務智能合約44需再透過上述業務合約模組42以任何程式語言編碼,形成上述區塊鏈網路20所能辨識、讀取、計算或執行的語言,儲存至上述業務資料庫,以上傳至上述區塊鏈網路20。其中,上述程式語言包括任何合約導向式語言,例如Solidity、Serpent、Lisp Like Language (LLL) 或Viper等語言。Still referring to FIG. 1, the business smart contract 44 needs to be encoded in any programming language through the business contract module 42 to form a language that the blockchain network 20 can recognize, read, calculate, or execute, and store it in the above Business database to upload to the above-mentioned blockchain network 20. Among them, the above programming languages include any contract-oriented languages, such as Solidity, Serpent, Lisp Like Language (LLL) or Viper.

上述業務合約模組42可進一步加密上述業務智能合約44後,再上傳上述業務智能合約44至上述區塊鏈網路20。其中,上述加密方式可為上述任何程式語言包括雜湊函數 (Hash function)、非對稱式加密,或任何能變更數位資料,將上述數位資料變更為難以讀取的密文內容,而須經解密過程,才能將密文還原為可讀內容的各種方法。上述雜湊函數包括摘要演算法 (Message-Digest-Algorithm 5, MD5) 或安全雜湊演算法 (Secure Hash Algorithm, SHA,例如SHA-1、SHA-224、SHA-256、SHA-384或SHA-512)。上述非對稱式加密包括RSA演算法 (Rivest-Shamir-Adleman Algorithm)。The business contract module 42 may further encrypt the business smart contract 44 before uploading the business smart contract 44 to the blockchain network 20. Among them, the above-mentioned encryption method can be any of the above-mentioned programming languages including Hash function, asymmetric encryption, or any digital data that can be changed, and the above-mentioned digital data is changed into ciphertext content that is difficult to read without going through the decryption process , In order to restore the ciphertext to various methods of readable content. The above hash functions include a digest algorithm (Message-Digest-Algorithm 5, MD5) or a secure hash algorithm (Secure Hash Algorithm, SHA, such as SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512) . The asymmetric encryption includes the RSA algorithm (Rivest-Shamir-Adleman Algorithm).

仍請參閱圖1,上述業務解密模組43,能用以解密上述業務資料庫內的所有資料,因上述所有資料已由任意使用端加密。Still referring to FIG. 1, the above-mentioned business decryption module 43 can be used to decrypt all the data in the above-mentioned business database, because all the above-mentioned data has been encrypted by any user end.

根據某些實施例,上述個人端50所簽署並加密的上述業務智能合約44,即是透過非對稱式加密的方法加密。其中,上述非對稱式加密能提供任何可連結至上述區塊鏈網路20的上述主管端30、上述每一該些業務端40,以及上述任一該些個人端50 (下總稱使用端) 一專屬公鑰 (Public key) 及一專屬私鑰 (Private key)。上述業務合約模組42是透過上述業務端和個人端使用其各自的上述專屬公鑰,來加密上述業務智能合約44。According to some embodiments, the business intelligence contract 44 signed and encrypted by the personal terminal 50 is encrypted by asymmetric encryption. Among them, the asymmetric encryption can provide any of the master terminal 30, each of the service terminals 40, and any of the personal terminals 50 (hereinafter collectively referred to as user terminals) that can be connected to the blockchain network 20. A private key (Public key) and a private key (Private key). The business contract module 42 encrypts the business smart contract 44 through the business end and the personal end using their respective exclusive public keys.

根據一些實施例,上述業務智能合約44更包括有一個資取用合約,上述個資取用合約規定包括上述業務端40所能取用之上述個人端50之個資的一範圍及一取用期限。因此,待上述個人端50回傳經非對稱式加密的上述業務智能合約44後,上述業務解密模組43再透過上述業務端40對應的專屬私鑰,或再輔以上述使用端所提供的上述個人端50之對應公鑰 (或稱簽章公鑰),進行上述個人端50之個資的解密,並使用上述個資的上述範圍及上述取用期限。例如,請參閱圖2,圖2所繪為身份管理與授權裝置的業務端與個人端之個資取用示意圖,上述業務解密模組43是透過一業務私鑰及如下述個人合約模組55中提到的一許可鑰58,分別解密由上述個人端50所簽署且加密的上述業務智能合約44及其中一個資57,且在上述取用期限內,取用所授權個資的上述範圍,進行上述業務端40所承辦的相關業務。According to some embodiments, the business intelligence contract 44 further includes a capital withdrawal contract, and the individual capital withdrawal contract specifies a range and a withdrawal including the capital of the personal terminal 50 that the business terminal 40 can access. the term. Therefore, after the personal terminal 50 returns the asymmetrically encrypted business smart contract 44, the business decryption module 43 then uses the private key corresponding to the business terminal 40 or supplemented by the user terminal. The corresponding public key (or signature public key) of the personal terminal 50 decrypts the personal assets of the personal terminal 50, and uses the above range and the withdrawal period of the personal assets. For example, please refer to FIG. 2. FIG. 2 is a schematic diagram of the personal and business use of the identity management and authorization device. The business decryption module 43 uses a business private key and a personal contract module 55 as described below A license key 58 mentioned in the above decrypts the business smart contract 44 and one of its assets 57 signed and encrypted by the personal terminal 50, and within the above-mentioned access period, accesses the above-mentioned range of authorized assets, Carry out the relevant business undertaken by the above-mentioned business terminal 40.

關於上述至少一個人端50,進一步敘述如下。仍請參閱圖1,上述每一個人端50,皆為上述區塊鏈網路20中的一個單位節點,操作權限可授予任何法人或自然人。上述法人或自然人可進一步是具有對上述任一該些業務端40所承辦的業務內容有需求者,例如某直轄市政府之法定代表人、某財團法人、某自然人,或其他如中華民國民法中符合自然人或法人資格者。上述每一法人或自然人另應受有並履行其主管或監管機關公佈的相關規範之義務。The at least one personal terminal 50 described above is further described as follows. Still referring to FIG. 1, each of the above-mentioned personal terminals 50 is a unit node in the above-mentioned blockchain network 20, and the operation authority can be granted to any legal or natural person. The above-mentioned legal person or natural person may further have a need for the business content undertaken by any of these business units 40, such as the legal representative of a municipal government, a legal person of a consortium, a natural person, or other such as Natural person or legal person. Each of the above legal or natural persons shall also be subject to and fulfill the obligations of the relevant regulations promulgated by its supervisor or supervisory authority.

仍請參閱圖1,上述每一該些個人端50進一步包括一個人區塊鏈模組51、一個人管理模組52、一個人加密模組53、一個人解密模組54,以及一個人合約模組55。上述個人區塊鏈模組51包括一個人資料庫,上述個人區塊鏈模組51用於通訊連結上述區塊鏈網路20,使上述每一該些個人端50皆成為上述區塊鏈網路20中的一個單位節點,以更新上述區塊鏈網路20中的所有資料至上述個人資料庫。即上述每一該些個人端50,透過上述個人區塊鏈模組51,可確保當下所操作的上述裝置10,是基於上述區塊鏈網路20中已同步且為最新的所有資料。Still referring to FIG. 1, each of the above-mentioned personal terminals 50 further includes a personal blockchain module 51, a personal management module 52, a personal encryption module 53, a personal decryption module 54, and a personal contract module 55. The personal blockchain module 51 includes a personal database. The personal blockchain module 51 is used to communicate with the blockchain network 20 so that each of the personal terminals 50 becomes the blockchain network. A unit node in 20 to update all the data in the blockchain network 20 to the personal database. That is, each of the personal terminals 50, through the personal blockchain module 51, can ensure that the currently operated device 10 is based on all data synchronized and up-to-date in the blockchain network 20.

根據某些實施例,上述個人區塊鏈模組51可進一步在無論有無上述主管端30的上述更新要求33下,主動更新加密一個資57,並連結至上述區塊鏈網路20,使該主管資料庫、該些業務資料庫以及該些個人資料庫內之所有資料能含有更新且經加密的上述個資57。According to some embodiments, the personal blockchain module 51 may further actively encrypt and update a resource 57 with or without the update request 33 of the supervisor 30, and connect to the blockchain network 20 to make the All data in the supervisor database, the business databases, and the personal databases can contain the above-mentioned assets that are updated and encrypted57.

仍請參閱圖1,上述個人管理模組52用以維護上述個人端50所屬的個資57。例如上述個人端50透過上述個人區塊鏈模組51連結至上述區塊鏈網路20,接著再建立、更新或變更上述個資57。上述個資57需再透過上述個人管理模組52以任何程式語言編碼,形成上述區塊鏈網路20所能辨識、讀取、計算或執行的語言,以儲存至上述個人資料庫,再上傳至上述區塊鏈網路20。上述任何程式語言包括雜湊函數 (Hash function),例如摘要演算法 (Message-Digest-Algorithm 5, MD5) 或安全雜湊演算法 (Secure Hash Algorithm, SHA,例如SHA-1、SHA-224、SHA-256、SHA-384或SHA-512) 等。Still referring to FIG. 1, the personal management module 52 is used to maintain the personal assets 57 to which the personal terminal 50 belongs. For example, the personal terminal 50 is connected to the blockchain network 20 through the personal blockchain module 51, and then the personal resource 57 is created, updated, or changed. The above-mentioned personal resources 57 need to be encoded in any programming language through the above-mentioned personal management module 52 to form a language that can be recognized, read, calculated or executed by the above-mentioned blockchain network 20 to be stored in the above-mentioned personal database and then uploaded To the aforementioned blockchain network 20. Any of the above programming languages include Hash functions, such as Digest Algorithm (Message-Digest-Algorithm 5, MD5) or Secure Hash Algorithm (SHA, such as SHA-1, SHA-224, SHA-256 , SHA-384 or SHA-512), etc.

仍請參閱圖1,上述個人加密模組53在上述個人端50上傳上述個資57至上述區塊鏈網路20前,需加密上述個資57。上述加密方式可為非對稱式加密,或其他任何能變更數位資料,將上述數位資料變更為難以讀取的密文內容,而須經解密過程,才能將密文還原為可讀內容的各種方法。上述非對稱式加密包括RSA演算法 (Rivest-Shamir-Adleman Algorithm)。Still referring to FIG. 1, the personal encryption module 53 needs to encrypt the personal assets 57 before uploading the personal assets 57 to the blockchain network 20 on the personal terminal 50. The above encryption method can be asymmetric encryption, or any other method that can change the digital data and change the digital data into ciphertext content that is difficult to read, and the decryption process is required to restore the ciphertext to readable content. . The asymmetric encryption includes the RSA algorithm (Rivest-Shamir-Adleman Algorithm).

根據某些實施例,上述個人端50透過上述個人加密模組53加密上述個資57時,是透過欲接收上述個資57之使用端的專屬公鑰進行加密。以上述個資57為例,上述個人端50即透過其欲辦理業務的對應上述業務端40之專屬公鑰,對上述個資57進行加密。According to some embodiments, when the personal terminal 50 encrypts the personal asset 57 through the personal encryption module 53, it is encrypted by the exclusive public key of the user terminal that wants to receive the personal asset 57. Taking the above-mentioned personal asset 57 as an example, the personal terminal 50 encrypts the personal asset 57 through the exclusive public key corresponding to the business terminal 40 of the business to which it intends to conduct business.

根據某些實施例,請參閱圖2。上述個人端50透過上述個人加密模組53加密上述個資57時,除以欲接收上述個資57之使用端的專屬公鑰進行加密之外,更進一步是以一種數位簽章 (Digital signature) 的方式對上述個資57進行非對稱式加密,再透過上述個人區塊鏈模組51上傳加密後的上述個資57至上述區塊鏈網路20。其中,上述非對稱式加密能提供任何可連結至上述區塊鏈網路20的使用端一專屬公鑰及一專屬私鑰。According to some embodiments, please refer to FIG. 2. When the personal terminal 50 encrypts the personal asset 57 through the personal encryption module 53, in addition to encrypting with the exclusive public key of the user terminal that wants to receive the personal asset 57, it is further a digital signature (Digital signature) Asymmetric encryption is performed on the individual assets 57 in a manner, and then the encrypted individual assets 57 are uploaded to the blockchain network 20 through the personal blockchain module 51. Among them, the asymmetric encryption can provide an exclusive public key and an exclusive private key for any user end that can be connected to the blockchain network 20.

仍請參閱圖2,例如上述任一個人端50,即具有專屬的一個人公鑰及一個人私鑰56,透過個人專屬且唯一的數位簽章 (即上述個人私鑰56) 以RSA演算法加密明文 (例如上述個資57)。任何連結至上述區塊鏈網路20的使用端,皆可透過上述使用端所屬且對應的公鑰,解密上述加密明文 (例如上述個資57)。Still referring to FIG. 2, for example, any one of the above personal terminals 50, which has an exclusive one public key and one private key 56, through the personal exclusive and unique digital signature (that is, the above private key 56) encrypts the plain text with the RSA algorithm ( For example, the above mentioned assets 57). Any user end connected to the above-mentioned blockchain network 20 can decrypt the encrypted plaintext (for example, the above-mentioned individual 57) through the corresponding public key to which the user end belongs.

仍請參閱圖2,以上述個資57為例,由於上述個資57是透過上述個人端50專屬的上述個人私鑰56加密,即上述個人私鑰56只會唯一對應至上述個人端50,因此具有上述提到的數位簽章功用,能用以辨識上述加密明文 (上述個資57) 是由何使用端所擁有,並直接對應至所簽署的使用端,以達身份確認的功效。Still referring to FIG. 2, taking the above-mentioned personal asset 57 as an example, since the personal asset 57 is encrypted by the personal private key 56 exclusive to the personal terminal 50, that is, the personal private key 56 only corresponds to the personal terminal 50, Therefore, it has the digital signature function mentioned above, which can be used to identify the user end of the encrypted plaintext (the above-mentioned personal resource 57), and directly correspond to the signed user end, so as to achieve the effect of identity confirmation.

根據某些實施例,請再參閱圖1,在上述個人端50欲以上述個人管理模組52進一步維護上述個人端50所屬的上述個資57時,需先透過上述個人解密模組54,以上述個人私鑰56進行解密,才能再以上述個人管理模組52編輯上述個資57。According to some embodiments, please refer to FIG. 1 again, when the personal terminal 50 wants to further maintain the personal assets 57 to which the personal terminal 50 belongs by using the personal management module 52, the personal decryption module 54 needs to be Only after the personal secret key 56 is decrypted can the personal asset 57 be edited by the personal management module 52.

請再參閱圖1,上述個人解密模組54藉由上述個人私鑰56,解密上述業務端40透過上述個人區塊鏈模組51傳遞給上述個人端50之上述業務智能合約44。由於上述業務智能合約44也是透過非對稱式加密方式,並以上述個人端50的上述個人公鑰,加密上述業務智能合約44,因此上述個人端50可透過其專屬的上述個人私鑰56,解密上述業務智能合約44。Referring again to FIG. 1, the personal decryption module 54 decrypts the business smart contract 44 that the business terminal 40 transmits to the personal terminal 50 through the personal blockchain module 51 through the personal private key 56. Since the business smart contract 44 is also asymmetrically encrypted and uses the personal public key of the personal terminal 50 to encrypt the business smart contract 44, the personal terminal 50 can decrypt it through its private personal key 56. The above business smart contract 44.

仍請參閱圖1,上述個人合約模組55,透過上述個人區塊鏈模組51,簽署已經解密的上述業務智能合約44,並以非對稱式加密方式加密上述業務能合約44且提供一許可鑰58給上述業務端40之上述業務解密模組43,以授權許可上述業務端40所能取得全部或部份之上述個資57。Still referring to FIG. 1, the personal contract module 55, through the personal blockchain module 51, signs the decrypted business smart contract 44 and encrypts the business contract 44 with asymmetric encryption and provides a license The key 58 is given to the business decryption module 43 of the business terminal 40 to authorize the business terminal 40 to obtain all or part of the personal assets 57.

根據某些實施例,上述之非對稱式加密方式,係上述個人端50僅透過業務端40對應的專屬公鑰,或再輔以個人私鑰56,加密已同意簽署的上述業務智能合約44,並於上述業務能合約44中,附有上述許可鑰58。上述業務端40透過上述業務端40對應的專屬私鑰,可開啟上述個人端50所同意簽署的上述業務智能合約44。另,上述業務端40再透過上述個人端50所提供的上述許可鑰58,即可取用所對應之全部或部份的上述個資57。According to some embodiments, the asymmetric encryption method described above is that the personal terminal 50 only encrypts the business smart contract 44 that has been signed with the private public key corresponding to the business terminal 40, or supplemented with a personal private key 56, In the above-mentioned business capability contract 44, the above-mentioned license key 58 is attached. The business terminal 40 can open the business smart contract 44 signed by the personal terminal 50 through the private key corresponding to the business terminal 40. In addition, the service terminal 40 can access all or part of the corresponding personal resources 57 through the license key 58 provided by the personal terminal 50.

另外,請參閱圖3,圖3所繪為身份管理與授權的方法之步驟流程圖。與上述之身份管理與授權裝置相對應,本新型再揭露另一種身份管理與授權方法60,上述身份管理與授權方法60是使用上述身份管理與授權裝置10,並包含以下步驟:In addition, please refer to FIG. 3, which depicts a flowchart of steps of the identity management and authorization method. Corresponding to the above-mentioned identity management and authorization device, the present invention further discloses another identity management and authorization method 60. The above-mentioned identity management and authorization method 60 uses the above-mentioned identity management and authorization device 10 and includes the following steps:

首先,仍請參閱圖3,如步驟S63,上述主管端30上傳上述更新要求33。上述更新要求33的內容,可以進一步包括上述主管端30公佈且要求受有上述主管端30主管或監管的機構單位及其客戶,更新相關資料或其格式,例如填寫上述至少一個人端50的個資57,或以上述主管端30公佈的最新模板,更新上述至少一個人端50的個資57等要求。First, please still refer to FIG. 3, in step S63, the above-mentioned supervisor 30 uploads the above-mentioned update request 33. The content of the above update request 33 may further include the institutional units and their clients announced by the above-mentioned competent terminal 30 and required to be supervised or supervised by the above-mentioned competent terminal 30, to update relevant materials or their formats, for example, to fill in the above-mentioned personal information of at least one personal terminal 50 57, or update the above requirements of at least one personal terminal 50 with the latest template published by the above-mentioned supervisor terminal 30.

仍請參閱圖3,如步驟S62,上述業務端40上傳上述業務智能合約44,以提供上述個人端50簽署上述業務智能合約44。值得一提的是,上述業務端40在任何時機點,皆可上傳上述業務智能合約44,意即在步驟順序上與步驟S63 (上述主管端30上傳上述更新要求33) 的時間點,並不相關聯,而無先後順序之分,甚至可同時上傳。Still referring to FIG. 3, in step S62, the business terminal 40 uploads the business smart contract 44 to provide the personal terminal 50 to sign the business smart contract 44. It is worth mentioning that the above-mentioned business terminal 40 can upload the above-mentioned business smart contract 44 at any time, which means that the step sequence and step S63 (the above-mentioned supervisor terminal 30 uploads the above-mentioned update request 33) are not Related, without any order, even uploading at the same time.

根據某些實施例,上述業務智能合約44的內容,可進一步包括上述任一該些業務端40能提供的任何業務內容,例如就金融機構而言,可為存款、轉帳、貸款、跨行匯款、基金投資或跨境匯款等業務內容。According to some embodiments, the content of the above-mentioned business smart contract 44 may further include any business content that any of the above-mentioned business terminals 40 can provide, for example, for financial institutions, deposits, transfers, loans, cross-bank remittances, Fund investment or cross-border remittance and other business content.

仍請參閱圖3,如步驟S64,上述個人端50確認是否完成由上述主管端30上傳之更新要求33,若未完成更新,則無法進行後續其他所欲辦理的業務內容,直接將流程導至步驟S67,結束上述身份管理與授權的方法60流程。若完成更新,則流程繼續導至步驟S65。Still referring to FIG. 3, in step S64, the personal terminal 50 confirms whether the update request 33 uploaded by the supervisor terminal 30 is completed. If the update is not completed, the follow-up other business content cannot be processed, and the process is directly directed to Step S67, the process of the method 60 of identity management and authorization described above ends. If the update is completed, the flow continues to step S65.

仍請參閱圖3,如步驟S65,上述個人端50若完成更新,則獲取所欲辦理業務對應的上述業務智能合約44,若不同意或未簽署上述業務智能合約44的內容,則無法進行後續其他所欲辦理的業務內容,直接將流程導至步驟S67,結束上述身份管理與授權的方法60流程。若同意並簽署上述業務智能合約44的內容,則流程繼續導致步驟S66。Still referring to FIG. 3, in step S65, if the personal terminal 50 completes the update, the business smart contract 44 corresponding to the business to be processed is obtained. If the content of the business smart contract 44 is not agreed or not signed, the follow-up cannot be performed For other business content to be handled, the process is directly directed to step S67, and the process of the above-mentioned method 60 of identity management and authorization is ended. If the content of the above-mentioned business smart contract 44 is agreed and signed, the flow continues to step S66.

根據某些實施例,在步驟S65中,上述個人端50若同意並簽署上述業務智能合約44,上述簽署將進一步透過非對稱式加密方式,以上述個人端50僅透過業務端40對應的專屬公鑰,或再輔以個人私鑰56,加密已同意簽署的上述業務智能合約44,並於上述業務能合約44中,附有上述許可鑰58。According to some embodiments, in step S65, if the personal terminal 50 agrees and signs the business smart contract 44, the signing will be further through an asymmetric encryption method, and the personal terminal 50 only uses the exclusive public corresponding to the business terminal 40 The key, or supplemented with a personal private key 56, encrypts the above-mentioned business smart contract 44 that has been agreed to be signed, and the above-mentioned permission key 58 is attached to the above-mentioned business capability contract 44.

仍請參閱圖3,如步驟S66,上述個人端50若同意並簽署上述業務智能合約44,上述業務端40即可根據所授權的上述業務智能合約44,取得上述個人端50的上述個資57,以辦理與上述個人端50相關之業務內容,並將流程導至S67,結束上述身份管理與授權的方法60流程。Still referring to FIG. 3, in step S66, if the personal terminal 50 agrees and signs the business smart contract 44, the business terminal 40 can obtain the personal assets of the personal terminal 50 according to the authorized business smart contract 44 In order to handle the business content related to the above personal terminal 50, and guide the flow to S67, the above method 60 of identity management and authorization is ended.

根據某些實施例,上述業務智能合約44還可進一步包括上述個資取用合約,上述個資取用合約規定包括上述業務端40所能取用之上述個資57的一範圍及一取用期限。上述範圍,係明訂包括上述業務端40因承辦已受有上述個人端50授權同意的合約內容時,所能取用上述個人端50的個資範圍,可為全部個資授權或僅部份個資授權。上述取用期限,則明訂包括上述業務端40因承辦已經上述個人端50授權同意的合約內容時,所能取用上述個人端50的個資之取用期限,並將流程導至S67,結束上述身份管理與授權的方法60流程。According to some embodiments, the business smart contract 44 may further include the individual asset withdrawal contract, and the individual asset withdrawal contract stipulates to include a range and an withdrawal of the individual asset 57 that the business terminal 40 can access. the term. The above scope is defined to include the scope of the personal resources of the personal terminal 50 that can be used when the business terminal 40 has undertaken the contract content that has been authorized by the personal terminal 50. Personal authorization. The above-mentioned withdrawal period clearly specifies the withdrawal period that the above-mentioned business terminal 40 can withdraw the personal funds of the above-mentioned personal terminal 50 because it undertakes the contract content that has been authorized and agreed by the above-mentioned personal terminal 50, and leads the process to S67, ending The above method 60 of identity management and authorization.

根據某些實施例,因有上述個資取用合約之合約內容規範,上述業務解密模組43透過上述業務私鑰及上述許可鑰58,分別解密由上述個人端50所簽署且加密的上述業務智能合約44及上述個資57,且在上述取用期限內,取用所授權個資的上述範圍,進行上述業務端40所承辦的相關業務,並將流程導至S67,結束上述身份管理與授權的方法60流程。According to some embodiments, due to the contract content specification of the individual capital use contract, the business decryption module 43 decrypts the business signed and encrypted by the personal terminal 50 through the business private key and the license key 58, respectively. Smart contract 44 and the above-mentioned personal assets 57, and within the above-mentioned withdrawal period, withdraw the above-mentioned range of authorized personal assets, carry out the related business undertaken by the above-mentioned business end 40, and guide the process to S67, ending the above-mentioned identity management and Authorized method 60 flow.

綜合以上身份授權與管理裝置以及身份授權與管理的方法,因區塊鏈網路的本身技術,係具有資料能不斷寫入、去中心化 (即分散式)、即時同步更新,且資料是以資料歷程紀錄而具可追溯性及不可否認性等特色。再透過相關智能合約的建立及簽署,即能解決客戶須經常性重複更新個資、耗費承辦業務機構的人力等問題。Combining the above identity authorization and management devices and identity authorization and management methods, due to the inherent technology of the blockchain network, data can be continuously written, decentralized (that is, decentralized), and updated in real time, and the data is The data history record has the characteristics of traceability and non-repudiation. Then through the establishment and signing of relevant smart contracts, it can solve the problems that customers have to repeatedly update their capital and consume the manpower of the undertaking business organization.

另外,上傳至區塊鏈網路的資料,例如客戶的個資,若經非對稱式加密,則加密後的資料歷程便能具有不可更改的特性。相較於傳統銀行機構中的紙本客戶資料,或已統一由中央裝置管理的電子客戶資料,而更具有效率且資料保管相對安全的特色。再者,政府機關亦能參與並成為區塊鏈網路中的單位節點,透過區塊鏈網路的即時性,以及智能合約的強制性,有效且全面地達成目的性防制,創造一安全且可靠的智慧金融操作平台。In addition, the data uploaded to the blockchain network, such as the customer's personal data, if asymmetrically encrypted, the encrypted data history can have unchangeable characteristics. Compared with paper customer data in traditional banking institutions, or electronic customer data that has been managed by a central device, it is more efficient and has relatively safe data storage. In addition, government agencies can also participate and become unit nodes in the blockchain network. Through the immediacy of the blockchain network and the compulsion of smart contracts, the purposeful prevention can be effectively and comprehensively achieved, creating a security And reliable smart financial operation platform.

本新型在本文中僅以較佳實施例揭露,然任何熟習本技術領域者應能理解的是,上述實施例僅用於描述本新型,並非用以限定本新型所主張之專利權利範圍。舉凡與上述實施例均等或等效之變化或置換,皆應解讀為涵蓋於本新型之精神或範疇內。因此,本新型之保護範圍應以下述之申請專利範圍所界定者為準。The present invention is disclosed in the preferred embodiments herein. However, any person skilled in the art should understand that the above embodiments are only used to describe the present invention and are not intended to limit the scope of the patent rights claimed by the present invention. Any changes or replacements that are equivalent or equivalent to the above embodiments should be interpreted as being covered within the spirit or scope of the present invention. Therefore, the scope of protection of this new model shall be subject to the scope defined in the following patent application.

10:身份管理與授權裝置 20:區塊鏈網路 30:主管端 31:主管區塊鏈模組 32:主管公佈模組 33:更新要求 40:業務端 41:業務區塊鏈模組 42:業務合約模組 43:業務解密模組 44:業務智能合約 50:個人端 51:個人區塊鏈模組 52:個人管理模組 53:個人加密模組 54:個人解密模組 55:個人合約模組 56:個人私鑰 57:個資 58:許可鑰 60:身份管理與授權的方法 S61-S67:步驟 10: Identity management and authorization device 20: Blockchain network 30: supervisor 31: Competent blockchain module 32: Supervisor announces the module 33: Update requirements 40: Business side 41: Business Blockchain Module 42: Business contract module 43: Business decryption module 44: Business Smart Contract 50: Personal side 51: Personal blockchain module 52: Personal management module 53: Personal encryption module 54: Personal decryption module 55: Personal contract module 56: personal private key 57: Personal 58: License key 60: Methods of identity management and authorization S61-S67: Step

為讓本新型之上述和其他目的、特徵、優點與實施例能更明顯易懂,所附附圖之說明如下: 圖1所繪為身份管理與授權裝置的架構示意圖。 圖2所繪為身份管理與授權裝置的業務端與個人端之個資取用示意圖。 圖3所繪為身份管理與授權的方法之步驟流程圖。 In order to make the above and other objects, features, advantages and embodiments of the present invention more obvious and understandable, the attached drawings are described as follows: FIG. 1 is a schematic structural diagram of an identity management and authorization device. FIG. 2 is a schematic diagram of individual resource access of the business end and personal end of the identity management and authorization device. Figure 3 depicts a flowchart of the steps of the identity management and authorization method.

10:身份管理與授權裝置 10: Identity management and authorization device

20:區塊鏈網路 20: Blockchain network

30:主管端 30: supervisor

31:主管區塊鏈模組 31: Competent blockchain module

32:主管公佈模組 32: Supervisor announces the module

33:更新要求 33: Update requirements

40:業務端 40: Business side

41:業務區塊鏈模組 41: Business Blockchain Module

42:業務合約模組 42: Business contract module

43:業務解密模組 43: Business decryption module

44:業務智能合約 44: Business Smart Contract

50:個人端 50: Personal side

51:個人區塊鏈模組 51: Personal blockchain module

Claims (5)

一種身份管理與授權裝置,應用在執行智能合約的一區塊鏈網路,該裝置包括: 一主管端,包括: 一主管區塊鏈模組,包括一主管資料庫,該主管區塊鏈模組用於通訊連結該區塊鏈網路,並更新該區塊鏈網路的所有資料至該主管資料庫;以及 一主管公佈模組,通過該主管區塊鏈模組,公佈一更新要求至該區塊鏈網路上; 至少一業務端,每一該些業務端包括: 一業務區塊鏈模組,包括一業務資料庫,該業務區塊鏈模組用於通訊連結該區塊鏈網路,並更新該區塊鏈網路的所有資料至該業務資料庫; 一業務合約模組,透過該業務區塊鏈模組提供一業務智能合約至該區塊鏈網路上;以及 一業務解密模組;以及 至少一個人端,位於該區塊鏈網路上,每一該些個人端包括: 一個人區塊鏈模組,包括一個人資料庫,該個人區塊鏈模組用於通訊連結該區塊鏈網路,並更新該區塊鏈網路的所有資料至該個人資料庫; 一個人管理模組,維護該個人端的一個資; 一個人加密模組,在上傳該個資至該區塊鏈網路前,加密該個資; 一個人解密模組,使用一個人私鑰,以解密該個資以及該業務端透過該個人區塊鏈模組傳遞給該個人端之該業務智能合約;以及 一個人合約模組,透過該個人區塊鏈模組簽署已解密的該業務智能合約,並提供一許可鑰給該業務端之該業務解密模組,以許可該業務端取得該個資。 An identity management and authorization device applied to a blockchain network that executes smart contracts. The device includes: A supervisor, including: A supervisor blockchain module, including a supervisor database, the supervisor blockchain module is used to communicate with the blockchain network and update all data of the blockchain network to the supervisor database; and A supervisor announces the module, and through the supervisor blockchain module, announces an update request to the blockchain network; At least one service end, each of these service ends includes: A business blockchain module, including a business database, the business blockchain module is used to communicate with the blockchain network and update all data of the blockchain network to the business database; A business contract module, providing a business smart contract to the blockchain network through the business blockchain module; and A business decryption module; and At least one personal end is located on the blockchain network, and each of the personal ends includes: A personal blockchain module, including a personal database, the personal blockchain module is used to communicate with the blockchain network and update all data of the blockchain network to the personal database; A person management module to maintain a resource on the personal side; A person encryption module encrypts the asset before uploading it to the blockchain network; A person decryption module uses a person's private key to decrypt the asset and the business smart contract that the business side passed to the individual side through the personal blockchain module; and A person contract module signs the decrypted business smart contract through the personal blockchain module, and provides a license key to the business decryption module of the business end to permit the business end to obtain the capital. 如請求項1的身份管理與授權裝置,其中該更新要求係要求該至少一個人端分別更新所屬的該個資。For example, the identity management and authorization device of claim 1, wherein the update request requires the at least one personal terminal to update the asset to which it belongs. 如請求項1的身份管理與授權裝置,其中該業務智能合約,更包括一個資取用合約,該個資取用合約規定包括該業務端所能取用之該個資的一範圍及一取用期限。For example, the identity management and authorization device of claim 1, wherein the business smart contract further includes a capital withdrawal contract, and the capital withdrawal contract stipulates to include a range and a withdrawal of the capital available to the business end Expiry date. 如請求項3的身份管理與授權裝置,其中該業務端使用該許可鑰並透過該個資取用合約取得該個資的該範圍與該取用期限。For example, the identity management and authorization device of claim 3, wherein the business end uses the license key and obtains the range and the withdrawal period of the asset through the asset withdrawal contract. 如請求項1的身份管理與授權裝置,其中該個人區塊鏈模組,更新以該個資加密模組加密的該個資,並連結至該區塊鏈網路,確保該主管資料庫、該些業務資料庫以及該些個人資料庫內之所有資料含有更新且經加密的該個資。For example, the identity management and authorization device of claim 1, wherein the personal blockchain module updates the asset encrypted with the asset encryption module and connects to the blockchain network to ensure that the supervisor database, All the data in the business databases and the personal databases contain the updated and encrypted assets.
TW108216119U 2019-12-03 2019-12-03 Device of identity management and authorization TWM596924U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108216119U TWM596924U (en) 2019-12-03 2019-12-03 Device of identity management and authorization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108216119U TWM596924U (en) 2019-12-03 2019-12-03 Device of identity management and authorization

Publications (1)

Publication Number Publication Date
TWM596924U true TWM596924U (en) 2020-06-11

Family

ID=72176811

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108216119U TWM596924U (en) 2019-12-03 2019-12-03 Device of identity management and authorization

Country Status (1)

Country Link
TW (1) TWM596924U (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI724667B (en) * 2019-12-03 2021-04-11 臺灣銀行股份有限公司 System of identity management and authorization and method thereof
TWI783265B (en) * 2020-09-10 2022-11-11 天宿智能科技股份有限公司 Data encryption entry and multi-party authentication and authorization system based on blockchain and method thereof
TWI810106B (en) * 2022-11-03 2023-07-21 國立臺灣科技大學 Dynamic consent management platform and personal information management method thereof

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI724667B (en) * 2019-12-03 2021-04-11 臺灣銀行股份有限公司 System of identity management and authorization and method thereof
TWI783265B (en) * 2020-09-10 2022-11-11 天宿智能科技股份有限公司 Data encryption entry and multi-party authentication and authorization system based on blockchain and method thereof
TWI810106B (en) * 2022-11-03 2023-07-21 國立臺灣科技大學 Dynamic consent management platform and personal information management method thereof

Similar Documents

Publication Publication Date Title
US20230026665A1 (en) Digital fiat currency
JP6524347B2 (en) Information sharing system
CN108418680B (en) Block chain key recovery method and medium based on secure multi-party computing technology
CA2766491C (en) A method and system for securely and automatically downloading a master key in a bank card payment system
KR20180115768A (en) Encryption method and system for secure extraction of data from a block chain
CN107358440B (en) Method and system for customized tracking of digital currency
CN109447647A (en) A kind of safety payment system based on block chain
CN111324881B (en) Data security sharing system and method fusing Kerberos authentication server and block chain
KR20010043332A (en) System and method for electronic transmission, storage and retrieval of authenticated documents
CN111461712B (en) Transaction privacy protection and hierarchical supervision in blockchain supply chain financial scenarios
TWI724667B (en) System of identity management and authorization and method thereof
TWM596924U (en) Device of identity management and authorization
CN111418184A (en) Credible insurance letter based on block chain
CN111357026B (en) Credible insurance letter based on block chain
CN111373431A (en) Credible insurance letter based on block chain
CN111417945B (en) Credible insurance letter based on block chain
CN107171787B (en) Data blind signing and storing method and system based on multiple Hash algorithm
WO2023010932A1 (en) Cloud-edge collaborative multi-mode private data transfer method based on smart contract
CN113065868B (en) Financial digital identity management method, system, equipment and medium for supply chain enterprise
CN111433798B (en) Credible insurance letter based on block chain
WO2018088475A1 (en) Electronic authentication method and program
CN112991045A (en) Medical health consumption financing method, device, equipment and medium based on block chain
KR102131206B1 (en) Method, service server and authentication server for providing corporate-related services, supporting the same
CN113628042B (en) Bank warranty optimization method, device and equipment based on blockchain and federal learning
CN114020847A (en) Network resource sharing method based on block chain technology