TWM596924U - Device of identity management and authorization - Google Patents
Device of identity management and authorization Download PDFInfo
- Publication number
- TWM596924U TWM596924U TW108216119U TW108216119U TWM596924U TW M596924 U TWM596924 U TW M596924U TW 108216119 U TW108216119 U TW 108216119U TW 108216119 U TW108216119 U TW 108216119U TW M596924 U TWM596924 U TW M596924U
- Authority
- TW
- Taiwan
- Prior art keywords
- business
- personal
- module
- blockchain
- mentioned
- Prior art date
Links
Images
Abstract
Description
本新型涉及一種身份管理與授權裝置,特別是一種可由主管共同參與之區塊鏈智能合約的身份管理與授權裝置。The present invention relates to an identity management and authorization device, especially an identity management and authorization device for a blockchain smart contract that can be jointly participated by supervisors.
現今具有各式金融需求的客戶,若到舉凡保險、銀行或各種具有會員制度的任何機構,申辦包括存款或貸款等金融業務時,常需填寫許多個人資料表,或是簽訂各種紙本合約書。因此,除了浪費紙張、手續複雜且合約難以保存外,相關業務人員還須在客戶填妥紙本資料或合約後,再將客戶所提供及授權的資訊,鍵入或掃描至電腦裝置中。上述這樣的二次動作,會耗費許多時間及人力在處理不必要的程序上,無形中便提高了人力成本及程序時間。Nowadays, customers with various financial needs need to fill out many personal information forms or sign various paper contracts when applying for insurance, bank or any organization with membership system, when applying for financial services including deposits or loans. . Therefore, in addition to wasting paper, complicated procedures and difficult to save contracts, relevant business personnel must also enter or scan the information provided and authorized by the customer into the computer device after the customer completes the paper information or contract. The above-mentioned secondary action will consume a lot of time and manpower in dealing with unnecessary procedures, which invisibly increases the manpower cost and the procedure time.
就以銀行機構為例,如果一客戶同時具有10間銀行的帳戶,在申辦相關金融業務時,即須重複填寫上述10間銀行各種不同的申請資料表與合約,相當耗時且費力。Taking a banking institution as an example, if a customer has accounts of 10 banks at the same time, when applying for related financial services, it is necessary to repeatedly fill out the various application forms and contracts of the above 10 banks, which is quite time-consuming and laborious.
同時,因為時下詐騙手法不斷更新,應運而生的「認識你的客戶 (Know your customer, KYC)」相關法規政策,即在保護上述這些客戶授權並儲存在銀行的個人資料 (下簡稱個資),例如聯絡電話或密碼等。這些客戶及銀行對於這些個資,都需時常預防地或不定期地更新,才能滿足相關法規要求、降低客戶投資風險以及達到洗錢防制的目的。也就是說,銀行如果沒有充分認識或驗證客戶的資料,便會讓銀行或客戶都暴露在極大的損失風險下,甚至為金融機構或公司造成營業上的困境。At the same time, because of the continuous updating of fraud methods, the relevant laws and policies of "Know your customer (KYC)", which is in response, are protecting the personal data authorized by these customers and stored in the bank (hereinafter referred to as personal information). ), such as contact numbers or passwords. These clients and banks need to update these assets frequently or preventively, in order to meet the requirements of relevant laws and regulations, reduce the investment risk of customers and achieve the purpose of preventing money laundering. In other words, if the bank does not fully understand or verify the customer's information, it will expose the bank or the customer to a great risk of loss, and even cause financial difficulties for the financial institution or company.
如上所述,KYC可能進一步要求各銀行用戶,事先採取預防性的資料更新,包括如個人的身份證字號、聯絡方式、信用紀錄、收入證明等資料。而此些資料的收集及個別驗證,本身即已耗費客戶或銀行大量的時間及人力。除此之外,當客戶在10間中某一間銀行有最新的資訊異動時,其他剩餘9間銀行所儲存的 KYC 資料,即會因為已經變成舊的、尚未更新的 KYC 資料,而失去參考價值。As mentioned above, KYC may further require each bank user to take precautionary information updates in advance, including such information as personal ID number, contact information, credit history, income certificate, etc. The collection and individual verification of such data consumes a lot of time and manpower of customers or banks. In addition, when the customer has the latest information changes in one of the 10 banks, the KYC data stored in the remaining 9 banks will lose their reference because they have become old and have not been updated. value.
此時,剩餘9間銀行又將再次通知客戶更新他的 KYC 資料,也就是重新更新個資的表格或合約手續,實際上會造成不管是客戶或金融機構不必要且巨大的成本浪費及時間浪費。At this time, the remaining 9 banks will again notify customers to update his KYC information, that is, to renew the forms or contract procedures of personal assets, which will actually cause unnecessary and huge cost and time waste for both customers and financial institutions. .
如何解決此種變更次數頻繁且不可避免的資料填寫及後續鍵入電子裝置的動作,便是任何金融機構目前所應解決的問題,且急需找出所對應的解決辦法。How to solve such frequent and unavoidable data changes and subsequent input of electronic devices is a problem that any financial institution should solve at present, and it is urgent to find a corresponding solution.
為解決上述問題,本新型發展出一種建立在區塊鏈 (Blockchain) 網路概念上的身份管理及授權裝置。這種裝置可提供客戶 (下稱個人端) 以數位電子方式輸入個資,再將其對應個資,例如透過非對稱式加密 (Asymmetric cryptography) 的方式,以個人端專屬且唯一的個人私鑰對其個資加密。因此,透過這種個資的加密方式,不管個人端是否選擇上傳已經加密的個資到區塊鏈網路上,任何區塊鏈網路中的裝置使用者或機構,皆無法辨識或獲得任何已經加密的客戶個資。另外,在當政府端 (下稱主管端) 為防止詐騙或洗錢,而提出例如KYC個資的更新要求時,個人端即可透過其個人私鑰,解密所屬的個資,以進行個資更新,然後再加密上傳其個資。In order to solve the above problems, the present invention has developed an identity management and authorization device based on the concept of Blockchain network. This device can provide customers (hereinafter referred to as the personal end) to enter personal data digitally, and then correspond to the personal data, for example, through asymmetric cryptography (Asymmetric cryptography), using the personal end unique and unique personal private key Encrypt its assets. Therefore, through this personal asset encryption method, no matter whether the personal end chooses to upload encrypted personal assets to the blockchain network, any device user or organization in the blockchain network cannot identify or obtain any Encrypted client assets. In addition, when the government side (hereinafter referred to as the supervisor side) proposes, for example, KYC personal information update request to prevent fraud or money laundering, the personal side can decrypt the belonging personal information through its personal private key for personal information update , And then upload their assets encrypted.
除此之外,金融機構端 (下稱業務端) 可研擬一電腦裝置化的交易協議,在此稱其為智能合約 (Smart contract)。業務端透過這種智能合約,在合約上載明所能對個人端提供的業務內容,並將上述智能合約以程式碼的資料形式,上傳至區塊鏈網路。因此,這種智能合約與傳統紙本合約,或任何電子形式的合約不同,而能在區塊鏈網路中,以數位式且裝置自動化的方式執行合約內容。In addition, the financial institution side (hereinafter referred to as the business side) can develop a computerized transaction agreement, which is referred to herein as a smart contract. Through this kind of smart contract, the business end specifies the business content that can be provided to the personal end on the contract, and uploads the above smart contract in the form of code data to the blockchain network. Therefore, this kind of smart contract is different from the traditional paper contract, or any electronic form of contract, and can execute the contract content in a digital and automatic way in the blockchain network.
當個人端對上述業務端有其所屬意的業務需求,且這樣的業務需求是可由上述業務端所提供及承辦時,即可透過上述區塊鏈網路,與上述業務端簽署智能合約,個人端並以對應的許可鑰加密授權其個資,允許上述業務端使用個人端所屬的個資,以承辦所簽署的合約內容所涉及的業務範圍。When the personal end has its intended business needs for the above-mentioned business end, and such business needs can be provided and undertaken by the above-mentioned business end, the smart contract can be signed with the above-mentioned business end through the above-mentioned blockchain network. The client end encrypts and authorizes its personal assets with the corresponding license key, allowing the above-mentioned business end to use the personal assets to which the personal end belongs to undertake the business scope involved in the content of the contract signed.
藉由本新型,除可省卻各個人端到各業務端,進行繁複的申請或更新手續之外,主管端還另可透過同樣簡便且有效的區塊鏈網路方式,公佈個人端及業務端需更新所屬個資的要求,而能實質防止洗錢或詐騙等情事發生。With this new model, in addition to eliminating the need for individual end-to-end business, and making complicated application or update procedures, the supervisor can also publish the personal and business needs through the same simple and effective blockchain network. Updating the requirements of the individual’s assets can substantially prevent money laundering or fraud.
具體而言,本新型提供一種身份管理與授權裝置,應用在執行智能合約的一區塊鏈網路,上述裝置包括一主管端、至少一業務端,以及至少一個人端。Specifically, the present invention provides an identity management and authorization device, which is applied to a blockchain network that executes smart contracts. The device includes a supervisor terminal, at least one business terminal, and at least one personal terminal.
上述主管端包括一主管區塊鏈模組,以及一主管公佈模組。上述主管區塊鏈模組,包括一主管資料庫,上述主管區塊鏈模組用於通訊連結上述區塊鏈網路,並更新上述區塊鏈網路的所有資料至上述主管資料庫;以及上述主管公佈模組,通過上述主管區塊鏈模組,公佈一更新要求至上述區塊鏈網路上。The above supervisor includes a supervisor blockchain module and a supervisor announcement module. The above-mentioned supervisor blockchain module includes a supervisor database, and the supervisor blockchain module is used for communicating with the blockchain network and updating all the data of the blockchain network to the supervisor database; and The above supervisor announcement module, through the above supervisor blockchain module, announces an update request to the above blockchain network.
上述每一該些業務端包括:一業務區塊鏈模組,包括一業務資料庫,上述業務區塊鏈模組用於通訊連結上述區塊鏈網路,並更新上述區塊鏈網路的所有資料至上述業務資料庫;一業務合約模組,透過上述業務區塊鏈模組提供一業務智能合約至上述區塊鏈網路上;以及一業務解密模組。Each of these services includes: a business blockchain module, including a business database, and the business blockchain module is used to communicate with the blockchain network and update the blockchain network All data to the above-mentioned business database; a business contract module, providing a business smart contract to the above-mentioned blockchain network through the above-mentioned business blockchain module; and a business decryption module.
上述至少一個人端,位於上述區塊鏈網路上,每一該些個人端包括:一個人區塊鏈模組,包括一個人資料庫,上述個人區塊鏈模組用於通訊連結上述區塊鏈網路,並更新上述區塊鏈網路的所有資料至上述個人資料庫;上述個人管理模組,維護上述個人端的一個資;一個人加密模組,在上傳上述個資至上述區塊鏈網路前,加密上述個資;一個人解密模組,使用一個人私鑰,以解密該個資以及上述業務端透過上述個人區塊鏈模組傳遞給上述個人端之上述業務智能合約;以及一個人合約模組,透過上述個人區塊鏈模組簽署已解密的上述業務智能合約,並提供一許可鑰給上述業務端之上述業務解密模組,以許可上述業務端取得上述個資。The at least one personal end is located on the blockchain network, and each of the personal ends includes: a personal blockchain module, including a personal database, and the personal blockchain module is used to communicate with the blockchain network , And update all the data of the above-mentioned blockchain network to the above-mentioned personal database; the above-mentioned personal management module, maintain one asset of the above-mentioned personal end; one-person encryption module, before uploading the above-mentioned asset to the above-mentioned blockchain network, Encrypt the above assets; a person decryption module, use a person's private key to decrypt the asset and the business smart contract that the business end passed to the individual end through the personal blockchain module; and a person contract module, through The personal blockchain module signs the decrypted business smart contract, and provides a license key to the business decryption module of the business end, so as to permit the business end to obtain the personal resources.
依據一實施例,上述身份管理與授權裝置中,上述更新要求係要求上述至少一個人端分別更新所屬的上述個資。According to an embodiment, in the above-mentioned identity management and authorization device, the above-mentioned update request requires the at least one personal terminal to update the above-mentioned individual assets respectively.
依據另一實施例,上述身份管理與授權裝置中,上述業務智能合約,更包括一個資取用合約,上述個資取用合約規定包括上述業務端所能取用之上述個資的一範圍及一取用期限。According to another embodiment, in the above-mentioned identity management and authorization device, the above-mentioned business smart contract further includes a capital withdrawal contract, and the above-mentioned individual capital withdrawal contract stipulates to include a range of the above-mentioned individual capital available to the business end and One access period.
依據又一實施例,上述身份管理與授權裝置中,上述業務端使用上述許可鑰並透過上述個資取用合約取得上述個資的上述範圍與上述取用期限。According to yet another embodiment, in the above-mentioned identity management and authorization device, the business end uses the license key and obtains the above-mentioned range of the above-mentioned individual assets and the above-mentioned withdrawal period through the individual asset withdrawal contract.
依據又一實施例,上述身份管理與授權裝置中,上述個人區塊鏈模組,更新以上述個資加密模組加密的上述個資,並連結至上述區塊鏈網路,確保上述主管資料庫、上述該些業務資料庫以及上述該些個人資料庫內之所有資料含有更新且經加密的上述個資。According to yet another embodiment, in the identity management and authorization device, the personal blockchain module updates the individual assets encrypted with the individual asset encryption module and connects to the blockchain network to ensure the supervisor data All the data in the database, the above-mentioned business databases and the above-mentioned personal databases contain the updated and encrypted assets.
本新型除提供一種身份管理與授權裝置,還進一步提供一種身份管理與授權方法,上述方法係使用上述之身份管理與授權裝置,並包含以下步驟:上述主管端上傳上述更新要求;上述業務端上傳上述業務智能合約,供上述個人端簽署上述業務智能合約;以及當上述個人端依據上述更新要求更新上述個資後,上述業務端執行上述業務智能合約。In addition to providing an identity management and authorization device, the present invention further provides an identity management and authorization method. The above method uses the above identity management and authorization device and includes the following steps: the above-mentioned supervisor uploads the above-mentioned update request; the above-mentioned business uploads The above-mentioned business intelligence contract is for the above-mentioned personal end to sign the above-mentioned business intelligence contract; and when the above-mentioned personal end updates the above-mentioned personal assets according to the above-mentioned update request, the above-mentioned business end executes the above-mentioned business intelligence contract.
依據一實施例,上述身份管理與授權的方法中,上述更新要求係要求上述至少一個人端分別更新所屬的上述個資。。According to an embodiment, in the method of identity management and authorization, the update request requires the at least one personal terminal to update the personal assets to which it belongs. .
依據另一實施例,上述身份管理與授權的方法中,上述業務智能合約包括一個資取用合約,上述個資取用合約規定包括上述業務端所能取用之上述個資的一範圍及一取用期限。According to another embodiment, in the above-mentioned identity management and authorization method, the business intelligence contract includes a capital withdrawal contract, and the provisions of the individual capital withdrawal contract include a range and a portion of the individual capital available to the business end Access period.
依據又一實施例,上述身份管理與授權的方法中,上述業務智能合約包括一個資取用合約,其中上述業務端使用上述許可鑰並透過上述個資取用合約取得上述個資的一範圍與一取用期限。According to yet another embodiment, in the above-mentioned identity management and authorization method, the business smart contract includes a capital acquisition contract, wherein the business end uses the license key and obtains a range of the individual capital through the capital acquisition contract. One access period.
依據又一實施例,上述身份管理與授權的方法中,透過上述個人區塊鏈模組,更新以上述個資加密模組加密的上述個資,並連結至上述區塊鏈網路,以確保上述主管資料庫、上述該些業務資料庫以及上述該些個人資料庫內之所有資料含有更新且經加密的上述個資。According to yet another embodiment, in the above-mentioned identity management and authorization method, through the personal blockchain module, the individual assets encrypted by the individual asset encryption module are updated and connected to the blockchain network to ensure All the data in the above-mentioned competent database, the above-mentioned business databases and the above-mentioned personal databases contain the updated and encrypted assets.
透過上述區塊鏈網路的資料傳送及儲存概念,可以將傳統資料統一集中或儲存至單一資料庫或電腦裝置的技術方法,轉為去中心化 (Decentralized) 裝置或稱第三方裝置的資料管理及資訊交換方式。上述傳統集中式的資料管理方法,在安全上有很大的考量疑慮,例如資料庫裝置可能被入侵或是資料毀損的風險性高等。因此,區塊鏈網路的技術導入,使資料儲存於區塊鏈網路中的多個節點,具有使用端同時多節點的資料輸入、資料多節點位置的備份以及多節點擷取資料等獨特性,故能改善資料的集中式管理無法克服的缺點。Through the above-mentioned concept of data transmission and storage on the blockchain network, the traditional data technology can be centralized or stored in a single database or computer device, and it can be transferred to a decentralized device or third-party device for data management. And information exchange methods. The above-mentioned traditional centralized data management method has great security concerns, for example, the risk that the database device may be invaded or the data is damaged is high. Therefore, the introduction of the technology of the blockchain network enables data to be stored in multiple nodes in the blockchain network, with unique multi-node data input at the user end, data multi-node location backup, and multi-node data retrieval. It can improve the shortcomings that the centralized management of data cannot overcome.
有鑑於上述待克服的問題,本新型提供一種應用在區塊鏈智能合約的身份管理與授權裝置,透過上述裝置,個人端 (例如客戶) 可隨時建立,或於必要時一次性更新所需個人資料,並將上述個人資料以專屬對應的個人私鑰進行加密。任何欲查詢或使用上述加密之個人資料者,僅能在持有由對應的個人端所授權的許可鑰,才能查詢或使用上述個人資料,確實達成本新型所主張在安全、匿名及保密上的裝置特色。In view of the above-mentioned problems to be overcome, the present invention provides an identity management and authorization device applied to blockchain smart contracts. Through the above-mentioned device, an individual (such as a customer) can be established at any time, or update the required individual at a time if necessary Data, and encrypt the personal data with the corresponding private key. Anyone who wants to query or use the above encrypted personal data can only query or use the above personal data while holding the license key authorized by the corresponding personal end. Device characteristics.
更進一步而言,主管端 (例如政府機關) 另可發佈 KYC 或更新個資的要求,以防止社會充斥各種金融亂象,例如洗錢、詐騙、可疑交易以及資助恐怖主義 (簡稱資恐) 等情事。此時,個人端亦可透過上述區塊鏈網路的裝置平台,進行個資的更新及加密保存,迅速完成主管端所要求的公佈內容,以利個人端辦理後續其他業務需求的申請。Furthermore, competent authorities (such as government agencies) can also issue KYC or update personal capital requirements to prevent society from being flooded with various financial chaos, such as money laundering, fraud, suspicious transactions, and terrorist financing (referred to as capital terrorism). . At this time, the personal end can also update and encrypt the personal assets through the above-mentioned blockchain network device platform, and quickly complete the announcement content required by the supervisor side, so that the personal end can handle subsequent applications for other business needs.
再者,個人端透過上述裝置所上傳的個資,可與各業務端 (例如銀行機構、證券機構或保險機構) 依其所欲辦理的業務內容,簽訂對應的合約。上述的合約內容會以電腦程式碼寫成一智能合約。在個人端簽署上述智能合約後,需透過專屬的許可鑰加密,且業務端僅在持有上述許可鑰時,才可獲取個人端的個資,以執行相關的業務內容。上述這種智能合約的簽訂,即是在利用區塊鏈中個資的匿名及即時性,免除更新個資的過程中,個資需再填寫、更新或驗證等不必要的繁複手續。因此,這種裝置可以快速且準確地達成個人端的業務需求,提高各端因縮減手續時間所創造的經濟利益。Furthermore, the personal data uploaded by the personal end through the above-mentioned device can sign corresponding contracts with various business ends (such as banking institutions, securities institutions or insurance institutions) according to the business content they want to handle. The content of the above contract will be written into a smart contract with computer program code. After the above-mentioned smart contract is signed on the personal side, it needs to be encrypted with a dedicated license key, and the business side can only obtain the personal resources of the personal side to carry out relevant business content when holding the above-mentioned license key. The signing of the above-mentioned smart contract is to use the anonymity and immediacy of personal assets in the blockchain to avoid unnecessary complicated procedures such as re-filling, updating or verifying personal assets in the process of updating personal assets. Therefore, this device can quickly and accurately meet the business needs of the personal end, and improve the economic benefits created by reducing the time of procedures at each end.
為更清楚說明本新型之實施方式,請參閱圖1,圖1所繪為身份管理與授權裝置的架構示意圖。本新型提供一種身份管理與授權裝置10,應用在執行智能合約的一區塊鏈網路20,上述裝置10包括:一主管端30、至少一業務端40,以及至少一個人端50。To more clearly illustrate the implementation of the present invention, please refer to FIG. 1, which is a schematic diagram of the identity management and authorization device. The present invention provides an identity management and
關於上述主管端30,進一步敘述如下。仍請參閱圖1,上述主管端30為上述區塊鏈網路20中的一個單位節點,操作權限可授予主管或監管相關業務的政府機關,例如金融監督管理委員會 (簡稱金管會)、法務部調查局或聯徵中心等機關。The above-mentioned
仍請參閱圖1,上述主管端30進一步包括一主管區塊鏈模組31,以及一主管公佈模組32。上述主管區塊鏈模組31包括一主管資料庫,上述主管區塊鏈模組31用於通訊連結上述區塊鏈網路20,使上述主管端30成為上述區塊鏈網路20中的一個單位節點,以更新上述區塊鏈網路20中的所有資料至上述主管資料庫。即上述主管端30,透過上述主管區塊鏈模組31,可確保當下所操作的上述裝置10,是基於上述區塊鏈網路20中已同步且為最新的所有資料。Still referring to FIG. 1, the above-mentioned
仍請參閱圖1,上述主管公佈模組32,通過上述主管區塊鏈模組31連通至上述區塊鏈網路20,保持所有資料是已同步且為最新的,並公佈一更新要求33至上述區塊鏈網路20上。上述更新要求33的內容,可以進一步包括上述主管端30公佈且要求受有上述主管端30主管或監管的機構單位及其客戶,更新相關資料或其格式,例如填寫上述至少一個人端50的個資,或以主管機關公佈的最新模板,更新上述至少一個人端50的個資等要求。Still referring to FIG. 1, the above-mentioned supervisor announcement module 32 communicates with the above-mentioned
另外,仍請參閱圖1,如果受有上述主管端30主管或監管的機構單位及其客戶,未根據上述更新要求33更新上述主管端30所要求的資料或其格式,將無法繼續透過上述裝置10進行後續的業務操作,甚至有因觸犯相關法律規定或因此受有損害賠償義務等裝置操作程序的違反機制。In addition, please refer to FIG. 1, if the institutions or their clients supervised or supervised by the above-mentioned
仍請參閱圖1,上述更新要求33需再以程式語言編碼,形成上述區塊鏈網路20所能辨識、讀取、計算或執行的語言,儲存至上述主管資料庫,以上傳至上述區塊鏈網路20。其中,上述程式語言包括任何合約導向式語言,例如Solidity、Serpent、Lisp Like Language (LLL) 或Viper等語言。Still referring to FIG. 1, the above update request 33 needs to be coded in programming language to form a language that can be recognized, read, calculated or executed by the above-mentioned
關於上述至少一業務端40,進一步敘述如下。仍請參閱圖1,上述每一業務端40,皆為上述區塊鏈網路20中的一個單位節點,操作權限可授予任何具有承辦相關業務能力的機構,例如就金融機構而言,可為銀行單位、證券單位、保險單位、其他經營金融業務的公司單位,或任何具有會員制度的機構單位。上述的金融機構另應受有,並履行其主管或監管機關公佈的相關規範之義務。The at least one
仍請參閱圖1,上述每一該些業務端40進一步包括一業務區塊鏈模組41、一業務合約模組42,以及一業務解密模組43。上述業務區塊鏈模組41包括一業務資料庫,上述業務區塊鏈模組41用於通訊連結上述區塊鏈網路20,使上述每一該些業務端40皆成為上述區塊鏈網路20中的一個單位節點,以更新上述區塊鏈網路20中的所有資料至上述業務資料庫。即上述每一該些業務端40,透過上述業務區塊鏈模組41,可確保當下所操作的上述裝置10,是基於上述區塊鏈網路20中已同步且為最新的所有資料。Still referring to FIG. 1, each of the above-mentioned
仍請參閱圖1,上述業務合約模組42,通過上述業務區塊鏈模組41連通至上述區塊鏈網路20,保持所有資料是已同步且為最新的,並提供一業務智能合約44至上述區塊鏈網路20上。上述業務智能合約44的內容,可以進一步包括上述任一該些業務端40能提供的任何業務內容,例如就金融機構而言,可為存款、轉帳、貸款、跨行匯款、基金投資或跨境匯款等業務內容。Still referring to FIG. 1, the above-mentioned business contract module 42 is connected to the above-mentioned
根據某些實施例,上述業務智能合約44更進一步包括有一個資取用合約,上述個資取用合約規定包括上述業務端40所能取用之上述個資57的一範圍及一取用期限。其中,上述範圍,係明訂包括上述業務端40因承辦已受有上述個人端50授權同意的合約內容時,所能取用上述個人端50的個資範圍,可為全部個資授權或僅部份個資授權。例如在所有上述個人端50所授權的個資範圍中,僅能使用上述個人端50的所得資料或身份證字號等。According to some embodiments, the business intelligence contract 44 further includes a capital withdrawal contract, and the individual capital withdrawal contract specifies a range and a withdrawal period including the individual capital 57 that the
上述取用期限,則明訂包括上述業務端40因承辦上述個人端50授權同意的合約內容時,所能取用上述個人端50的個資之取用期限。例如在洗錢防制法中,金融機構在與客戶間的業務關係終止後,仍應保存客戶的所得資料5年時間;但若簽署有上述個資57的取用期限為1年,即便仍在金融機構保存的5年內,亦無法再取用上述個資57。The above-mentioned withdrawal period clearly specifies the withdrawal period that the above-mentioned
仍請參閱圖1,上述業務智能合約44需再透過上述業務合約模組42以任何程式語言編碼,形成上述區塊鏈網路20所能辨識、讀取、計算或執行的語言,儲存至上述業務資料庫,以上傳至上述區塊鏈網路20。其中,上述程式語言包括任何合約導向式語言,例如Solidity、Serpent、Lisp Like Language (LLL) 或Viper等語言。Still referring to FIG. 1, the business smart contract 44 needs to be encoded in any programming language through the business contract module 42 to form a language that the
上述業務合約模組42可進一步加密上述業務智能合約44後,再上傳上述業務智能合約44至上述區塊鏈網路20。其中,上述加密方式可為上述任何程式語言包括雜湊函數 (Hash function)、非對稱式加密,或任何能變更數位資料,將上述數位資料變更為難以讀取的密文內容,而須經解密過程,才能將密文還原為可讀內容的各種方法。上述雜湊函數包括摘要演算法 (Message-Digest-Algorithm 5, MD5) 或安全雜湊演算法 (Secure Hash Algorithm, SHA,例如SHA-1、SHA-224、SHA-256、SHA-384或SHA-512)。上述非對稱式加密包括RSA演算法 (Rivest-Shamir-Adleman Algorithm)。The business contract module 42 may further encrypt the business smart contract 44 before uploading the business smart contract 44 to the
仍請參閱圖1,上述業務解密模組43,能用以解密上述業務資料庫內的所有資料,因上述所有資料已由任意使用端加密。Still referring to FIG. 1, the above-mentioned business decryption module 43 can be used to decrypt all the data in the above-mentioned business database, because all the above-mentioned data has been encrypted by any user end.
根據某些實施例,上述個人端50所簽署並加密的上述業務智能合約44,即是透過非對稱式加密的方法加密。其中,上述非對稱式加密能提供任何可連結至上述區塊鏈網路20的上述主管端30、上述每一該些業務端40,以及上述任一該些個人端50 (下總稱使用端) 一專屬公鑰 (Public key) 及一專屬私鑰 (Private key)。上述業務合約模組42是透過上述業務端和個人端使用其各自的上述專屬公鑰,來加密上述業務智能合約44。According to some embodiments, the business intelligence contract 44 signed and encrypted by the
根據一些實施例,上述業務智能合約44更包括有一個資取用合約,上述個資取用合約規定包括上述業務端40所能取用之上述個人端50之個資的一範圍及一取用期限。因此,待上述個人端50回傳經非對稱式加密的上述業務智能合約44後,上述業務解密模組43再透過上述業務端40對應的專屬私鑰,或再輔以上述使用端所提供的上述個人端50之對應公鑰 (或稱簽章公鑰),進行上述個人端50之個資的解密,並使用上述個資的上述範圍及上述取用期限。例如,請參閱圖2,圖2所繪為身份管理與授權裝置的業務端與個人端之個資取用示意圖,上述業務解密模組43是透過一業務私鑰及如下述個人合約模組55中提到的一許可鑰58,分別解密由上述個人端50所簽署且加密的上述業務智能合約44及其中一個資57,且在上述取用期限內,取用所授權個資的上述範圍,進行上述業務端40所承辦的相關業務。According to some embodiments, the business intelligence contract 44 further includes a capital withdrawal contract, and the individual capital withdrawal contract specifies a range and a withdrawal including the capital of the
關於上述至少一個人端50,進一步敘述如下。仍請參閱圖1,上述每一個人端50,皆為上述區塊鏈網路20中的一個單位節點,操作權限可授予任何法人或自然人。上述法人或自然人可進一步是具有對上述任一該些業務端40所承辦的業務內容有需求者,例如某直轄市政府之法定代表人、某財團法人、某自然人,或其他如中華民國民法中符合自然人或法人資格者。上述每一法人或自然人另應受有並履行其主管或監管機關公佈的相關規範之義務。The at least one
仍請參閱圖1,上述每一該些個人端50進一步包括一個人區塊鏈模組51、一個人管理模組52、一個人加密模組53、一個人解密模組54,以及一個人合約模組55。上述個人區塊鏈模組51包括一個人資料庫,上述個人區塊鏈模組51用於通訊連結上述區塊鏈網路20,使上述每一該些個人端50皆成為上述區塊鏈網路20中的一個單位節點,以更新上述區塊鏈網路20中的所有資料至上述個人資料庫。即上述每一該些個人端50,透過上述個人區塊鏈模組51,可確保當下所操作的上述裝置10,是基於上述區塊鏈網路20中已同步且為最新的所有資料。Still referring to FIG. 1, each of the above-mentioned
根據某些實施例,上述個人區塊鏈模組51可進一步在無論有無上述主管端30的上述更新要求33下,主動更新加密一個資57,並連結至上述區塊鏈網路20,使該主管資料庫、該些業務資料庫以及該些個人資料庫內之所有資料能含有更新且經加密的上述個資57。According to some embodiments, the personal blockchain module 51 may further actively encrypt and update a resource 57 with or without the update request 33 of the
仍請參閱圖1,上述個人管理模組52用以維護上述個人端50所屬的個資57。例如上述個人端50透過上述個人區塊鏈模組51連結至上述區塊鏈網路20,接著再建立、更新或變更上述個資57。上述個資57需再透過上述個人管理模組52以任何程式語言編碼,形成上述區塊鏈網路20所能辨識、讀取、計算或執行的語言,以儲存至上述個人資料庫,再上傳至上述區塊鏈網路20。上述任何程式語言包括雜湊函數 (Hash function),例如摘要演算法 (Message-Digest-Algorithm 5, MD5) 或安全雜湊演算法 (Secure Hash Algorithm, SHA,例如SHA-1、SHA-224、SHA-256、SHA-384或SHA-512) 等。Still referring to FIG. 1, the personal management module 52 is used to maintain the personal assets 57 to which the
仍請參閱圖1,上述個人加密模組53在上述個人端50上傳上述個資57至上述區塊鏈網路20前,需加密上述個資57。上述加密方式可為非對稱式加密,或其他任何能變更數位資料,將上述數位資料變更為難以讀取的密文內容,而須經解密過程,才能將密文還原為可讀內容的各種方法。上述非對稱式加密包括RSA演算法 (Rivest-Shamir-Adleman Algorithm)。Still referring to FIG. 1, the personal encryption module 53 needs to encrypt the personal assets 57 before uploading the personal assets 57 to the
根據某些實施例,上述個人端50透過上述個人加密模組53加密上述個資57時,是透過欲接收上述個資57之使用端的專屬公鑰進行加密。以上述個資57為例,上述個人端50即透過其欲辦理業務的對應上述業務端40之專屬公鑰,對上述個資57進行加密。According to some embodiments, when the
根據某些實施例,請參閱圖2。上述個人端50透過上述個人加密模組53加密上述個資57時,除以欲接收上述個資57之使用端的專屬公鑰進行加密之外,更進一步是以一種數位簽章 (Digital signature) 的方式對上述個資57進行非對稱式加密,再透過上述個人區塊鏈模組51上傳加密後的上述個資57至上述區塊鏈網路20。其中,上述非對稱式加密能提供任何可連結至上述區塊鏈網路20的使用端一專屬公鑰及一專屬私鑰。According to some embodiments, please refer to FIG. 2. When the
仍請參閱圖2,例如上述任一個人端50,即具有專屬的一個人公鑰及一個人私鑰56,透過個人專屬且唯一的數位簽章 (即上述個人私鑰56) 以RSA演算法加密明文 (例如上述個資57)。任何連結至上述區塊鏈網路20的使用端,皆可透過上述使用端所屬且對應的公鑰,解密上述加密明文 (例如上述個資57)。Still referring to FIG. 2, for example, any one of the above
仍請參閱圖2,以上述個資57為例,由於上述個資57是透過上述個人端50專屬的上述個人私鑰56加密,即上述個人私鑰56只會唯一對應至上述個人端50,因此具有上述提到的數位簽章功用,能用以辨識上述加密明文 (上述個資57) 是由何使用端所擁有,並直接對應至所簽署的使用端,以達身份確認的功效。Still referring to FIG. 2, taking the above-mentioned personal asset 57 as an example, since the personal asset 57 is encrypted by the personal
根據某些實施例,請再參閱圖1,在上述個人端50欲以上述個人管理模組52進一步維護上述個人端50所屬的上述個資57時,需先透過上述個人解密模組54,以上述個人私鑰56進行解密,才能再以上述個人管理模組52編輯上述個資57。According to some embodiments, please refer to FIG. 1 again, when the
請再參閱圖1,上述個人解密模組54藉由上述個人私鑰56,解密上述業務端40透過上述個人區塊鏈模組51傳遞給上述個人端50之上述業務智能合約44。由於上述業務智能合約44也是透過非對稱式加密方式,並以上述個人端50的上述個人公鑰,加密上述業務智能合約44,因此上述個人端50可透過其專屬的上述個人私鑰56,解密上述業務智能合約44。Referring again to FIG. 1, the personal decryption module 54 decrypts the business smart contract 44 that the
仍請參閱圖1,上述個人合約模組55,透過上述個人區塊鏈模組51,簽署已經解密的上述業務智能合約44,並以非對稱式加密方式加密上述業務能合約44且提供一許可鑰58給上述業務端40之上述業務解密模組43,以授權許可上述業務端40所能取得全部或部份之上述個資57。Still referring to FIG. 1, the personal contract module 55, through the personal blockchain module 51, signs the decrypted business smart contract 44 and encrypts the business contract 44 with asymmetric encryption and provides a license The key 58 is given to the business decryption module 43 of the
根據某些實施例,上述之非對稱式加密方式,係上述個人端50僅透過業務端40對應的專屬公鑰,或再輔以個人私鑰56,加密已同意簽署的上述業務智能合約44,並於上述業務能合約44中,附有上述許可鑰58。上述業務端40透過上述業務端40對應的專屬私鑰,可開啟上述個人端50所同意簽署的上述業務智能合約44。另,上述業務端40再透過上述個人端50所提供的上述許可鑰58,即可取用所對應之全部或部份的上述個資57。According to some embodiments, the asymmetric encryption method described above is that the
另外,請參閱圖3,圖3所繪為身份管理與授權的方法之步驟流程圖。與上述之身份管理與授權裝置相對應,本新型再揭露另一種身份管理與授權方法60,上述身份管理與授權方法60是使用上述身份管理與授權裝置10,並包含以下步驟:In addition, please refer to FIG. 3, which depicts a flowchart of steps of the identity management and authorization method. Corresponding to the above-mentioned identity management and authorization device, the present invention further discloses another identity management and
首先,仍請參閱圖3,如步驟S63,上述主管端30上傳上述更新要求33。上述更新要求33的內容,可以進一步包括上述主管端30公佈且要求受有上述主管端30主管或監管的機構單位及其客戶,更新相關資料或其格式,例如填寫上述至少一個人端50的個資57,或以上述主管端30公佈的最新模板,更新上述至少一個人端50的個資57等要求。First, please still refer to FIG. 3, in step S63, the above-mentioned
仍請參閱圖3,如步驟S62,上述業務端40上傳上述業務智能合約44,以提供上述個人端50簽署上述業務智能合約44。值得一提的是,上述業務端40在任何時機點,皆可上傳上述業務智能合約44,意即在步驟順序上與步驟S63 (上述主管端30上傳上述更新要求33) 的時間點,並不相關聯,而無先後順序之分,甚至可同時上傳。Still referring to FIG. 3, in step S62, the
根據某些實施例,上述業務智能合約44的內容,可進一步包括上述任一該些業務端40能提供的任何業務內容,例如就金融機構而言,可為存款、轉帳、貸款、跨行匯款、基金投資或跨境匯款等業務內容。According to some embodiments, the content of the above-mentioned business smart contract 44 may further include any business content that any of the above-mentioned
仍請參閱圖3,如步驟S64,上述個人端50確認是否完成由上述主管端30上傳之更新要求33,若未完成更新,則無法進行後續其他所欲辦理的業務內容,直接將流程導至步驟S67,結束上述身份管理與授權的方法60流程。若完成更新,則流程繼續導至步驟S65。Still referring to FIG. 3, in step S64, the
仍請參閱圖3,如步驟S65,上述個人端50若完成更新,則獲取所欲辦理業務對應的上述業務智能合約44,若不同意或未簽署上述業務智能合約44的內容,則無法進行後續其他所欲辦理的業務內容,直接將流程導至步驟S67,結束上述身份管理與授權的方法60流程。若同意並簽署上述業務智能合約44的內容,則流程繼續導致步驟S66。Still referring to FIG. 3, in step S65, if the
根據某些實施例,在步驟S65中,上述個人端50若同意並簽署上述業務智能合約44,上述簽署將進一步透過非對稱式加密方式,以上述個人端50僅透過業務端40對應的專屬公鑰,或再輔以個人私鑰56,加密已同意簽署的上述業務智能合約44,並於上述業務能合約44中,附有上述許可鑰58。According to some embodiments, in step S65, if the
仍請參閱圖3,如步驟S66,上述個人端50若同意並簽署上述業務智能合約44,上述業務端40即可根據所授權的上述業務智能合約44,取得上述個人端50的上述個資57,以辦理與上述個人端50相關之業務內容,並將流程導至S67,結束上述身份管理與授權的方法60流程。Still referring to FIG. 3, in step S66, if the
根據某些實施例,上述業務智能合約44還可進一步包括上述個資取用合約,上述個資取用合約規定包括上述業務端40所能取用之上述個資57的一範圍及一取用期限。上述範圍,係明訂包括上述業務端40因承辦已受有上述個人端50授權同意的合約內容時,所能取用上述個人端50的個資範圍,可為全部個資授權或僅部份個資授權。上述取用期限,則明訂包括上述業務端40因承辦已經上述個人端50授權同意的合約內容時,所能取用上述個人端50的個資之取用期限,並將流程導至S67,結束上述身份管理與授權的方法60流程。According to some embodiments, the business smart contract 44 may further include the individual asset withdrawal contract, and the individual asset withdrawal contract stipulates to include a range and an withdrawal of the individual asset 57 that the
根據某些實施例,因有上述個資取用合約之合約內容規範,上述業務解密模組43透過上述業務私鑰及上述許可鑰58,分別解密由上述個人端50所簽署且加密的上述業務智能合約44及上述個資57,且在上述取用期限內,取用所授權個資的上述範圍,進行上述業務端40所承辦的相關業務,並將流程導至S67,結束上述身份管理與授權的方法60流程。According to some embodiments, due to the contract content specification of the individual capital use contract, the business decryption module 43 decrypts the business signed and encrypted by the
綜合以上身份授權與管理裝置以及身份授權與管理的方法,因區塊鏈網路的本身技術,係具有資料能不斷寫入、去中心化 (即分散式)、即時同步更新,且資料是以資料歷程紀錄而具可追溯性及不可否認性等特色。再透過相關智能合約的建立及簽署,即能解決客戶須經常性重複更新個資、耗費承辦業務機構的人力等問題。Combining the above identity authorization and management devices and identity authorization and management methods, due to the inherent technology of the blockchain network, data can be continuously written, decentralized (that is, decentralized), and updated in real time, and the data is The data history record has the characteristics of traceability and non-repudiation. Then through the establishment and signing of relevant smart contracts, it can solve the problems that customers have to repeatedly update their capital and consume the manpower of the undertaking business organization.
另外,上傳至區塊鏈網路的資料,例如客戶的個資,若經非對稱式加密,則加密後的資料歷程便能具有不可更改的特性。相較於傳統銀行機構中的紙本客戶資料,或已統一由中央裝置管理的電子客戶資料,而更具有效率且資料保管相對安全的特色。再者,政府機關亦能參與並成為區塊鏈網路中的單位節點,透過區塊鏈網路的即時性,以及智能合約的強制性,有效且全面地達成目的性防制,創造一安全且可靠的智慧金融操作平台。In addition, the data uploaded to the blockchain network, such as the customer's personal data, if asymmetrically encrypted, the encrypted data history can have unchangeable characteristics. Compared with paper customer data in traditional banking institutions, or electronic customer data that has been managed by a central device, it is more efficient and has relatively safe data storage. In addition, government agencies can also participate and become unit nodes in the blockchain network. Through the immediacy of the blockchain network and the compulsion of smart contracts, the purposeful prevention can be effectively and comprehensively achieved, creating a security And reliable smart financial operation platform.
本新型在本文中僅以較佳實施例揭露,然任何熟習本技術領域者應能理解的是,上述實施例僅用於描述本新型,並非用以限定本新型所主張之專利權利範圍。舉凡與上述實施例均等或等效之變化或置換,皆應解讀為涵蓋於本新型之精神或範疇內。因此,本新型之保護範圍應以下述之申請專利範圍所界定者為準。The present invention is disclosed in the preferred embodiments herein. However, any person skilled in the art should understand that the above embodiments are only used to describe the present invention and are not intended to limit the scope of the patent rights claimed by the present invention. Any changes or replacements that are equivalent or equivalent to the above embodiments should be interpreted as being covered within the spirit or scope of the present invention. Therefore, the scope of protection of this new model shall be subject to the scope defined in the following patent application.
10:身份管理與授權裝置 20:區塊鏈網路 30:主管端 31:主管區塊鏈模組 32:主管公佈模組 33:更新要求 40:業務端 41:業務區塊鏈模組 42:業務合約模組 43:業務解密模組 44:業務智能合約 50:個人端 51:個人區塊鏈模組 52:個人管理模組 53:個人加密模組 54:個人解密模組 55:個人合約模組 56:個人私鑰 57:個資 58:許可鑰 60:身份管理與授權的方法 S61-S67:步驟 10: Identity management and authorization device 20: Blockchain network 30: supervisor 31: Competent blockchain module 32: Supervisor announces the module 33: Update requirements 40: Business side 41: Business Blockchain Module 42: Business contract module 43: Business decryption module 44: Business Smart Contract 50: Personal side 51: Personal blockchain module 52: Personal management module 53: Personal encryption module 54: Personal decryption module 55: Personal contract module 56: personal private key 57: Personal 58: License key 60: Methods of identity management and authorization S61-S67: Step
為讓本新型之上述和其他目的、特徵、優點與實施例能更明顯易懂,所附附圖之說明如下: 圖1所繪為身份管理與授權裝置的架構示意圖。 圖2所繪為身份管理與授權裝置的業務端與個人端之個資取用示意圖。 圖3所繪為身份管理與授權的方法之步驟流程圖。 In order to make the above and other objects, features, advantages and embodiments of the present invention more obvious and understandable, the attached drawings are described as follows: FIG. 1 is a schematic structural diagram of an identity management and authorization device. FIG. 2 is a schematic diagram of individual resource access of the business end and personal end of the identity management and authorization device. Figure 3 depicts a flowchart of the steps of the identity management and authorization method.
10:身份管理與授權裝置 10: Identity management and authorization device
20:區塊鏈網路 20: Blockchain network
30:主管端 30: supervisor
31:主管區塊鏈模組 31: Competent blockchain module
32:主管公佈模組 32: Supervisor announces the module
33:更新要求 33: Update requirements
40:業務端 40: Business side
41:業務區塊鏈模組 41: Business Blockchain Module
42:業務合約模組 42: Business contract module
43:業務解密模組 43: Business decryption module
44:業務智能合約 44: Business Smart Contract
50:個人端 50: Personal side
51:個人區塊鏈模組 51: Personal blockchain module
Claims (5)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW108216119U TWM596924U (en) | 2019-12-03 | 2019-12-03 | Device of identity management and authorization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW108216119U TWM596924U (en) | 2019-12-03 | 2019-12-03 | Device of identity management and authorization |
Publications (1)
Publication Number | Publication Date |
---|---|
TWM596924U true TWM596924U (en) | 2020-06-11 |
Family
ID=72176811
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW108216119U TWM596924U (en) | 2019-12-03 | 2019-12-03 | Device of identity management and authorization |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWM596924U (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI724667B (en) * | 2019-12-03 | 2021-04-11 | 臺灣銀行股份有限公司 | System of identity management and authorization and method thereof |
TWI783265B (en) * | 2020-09-10 | 2022-11-11 | 天宿智能科技股份有限公司 | Data encryption entry and multi-party authentication and authorization system based on blockchain and method thereof |
TWI810106B (en) * | 2022-11-03 | 2023-07-21 | 國立臺灣科技大學 | Dynamic consent management platform and personal information management method thereof |
-
2019
- 2019-12-03 TW TW108216119U patent/TWM596924U/en unknown
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI724667B (en) * | 2019-12-03 | 2021-04-11 | 臺灣銀行股份有限公司 | System of identity management and authorization and method thereof |
TWI783265B (en) * | 2020-09-10 | 2022-11-11 | 天宿智能科技股份有限公司 | Data encryption entry and multi-party authentication and authorization system based on blockchain and method thereof |
TWI810106B (en) * | 2022-11-03 | 2023-07-21 | 國立臺灣科技大學 | Dynamic consent management platform and personal information management method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20230026665A1 (en) | Digital fiat currency | |
JP6524347B2 (en) | Information sharing system | |
CN108418680B (en) | Block chain key recovery method and medium based on secure multi-party computing technology | |
CA2766491C (en) | A method and system for securely and automatically downloading a master key in a bank card payment system | |
KR20180115768A (en) | Encryption method and system for secure extraction of data from a block chain | |
CN107358440B (en) | Method and system for customized tracking of digital currency | |
CN109447647A (en) | A kind of safety payment system based on block chain | |
CN111324881B (en) | Data security sharing system and method fusing Kerberos authentication server and block chain | |
KR20010043332A (en) | System and method for electronic transmission, storage and retrieval of authenticated documents | |
CN111461712B (en) | Transaction privacy protection and hierarchical supervision in blockchain supply chain financial scenarios | |
TWI724667B (en) | System of identity management and authorization and method thereof | |
TWM596924U (en) | Device of identity management and authorization | |
CN111418184A (en) | Credible insurance letter based on block chain | |
CN111357026B (en) | Credible insurance letter based on block chain | |
CN111373431A (en) | Credible insurance letter based on block chain | |
CN111417945B (en) | Credible insurance letter based on block chain | |
CN107171787B (en) | Data blind signing and storing method and system based on multiple Hash algorithm | |
WO2023010932A1 (en) | Cloud-edge collaborative multi-mode private data transfer method based on smart contract | |
CN113065868B (en) | Financial digital identity management method, system, equipment and medium for supply chain enterprise | |
CN111433798B (en) | Credible insurance letter based on block chain | |
WO2018088475A1 (en) | Electronic authentication method and program | |
CN112991045A (en) | Medical health consumption financing method, device, equipment and medium based on block chain | |
KR102131206B1 (en) | Method, service server and authentication server for providing corporate-related services, supporting the same | |
CN113628042B (en) | Bank warranty optimization method, device and equipment based on blockchain and federal learning | |
CN114020847A (en) | Network resource sharing method based on block chain technology |