研究生: 陳雨沅
論文名稱: 使用區塊鏈強化OAuth機制之方法
Using blockchain technologies to enhance the OAuth protocol on cross domain capabilities
指導教授: 查士朝
Shi-Cho Cha
口試委員: 羅乃維
Nai-Wei Lo
Ying-Hsun Hung
學位類別: 碩士
系所名稱: 管理學院 - 資訊管理系
Department of Information Management
論文出版年: 2019
畢業學年度: 107
語文別: 中文
論文頁數: 40
中文關鍵詞: OAuth區塊鏈智能合約
外文關鍵詞: OAuth, Blockchain, smart contract
OAuth protocol is a cross-domain data exchange standard, which allows users to authorize the third-party to access their protected data. Many large-scale service providers like Google and Facebook, use the OAuth protocol to implement their own authorization services. In the authorization services, the resource providers first need to identify the user’s identity and verify the user’s consent, and then the data consumers can obtain the information from the resource providers. However, resource providers are often in charge of managing the data consumers so that will increase management costs. For example, some small or medium-scale service providers need to provide data but it is difficult to manage those data consumers. Hence, if the abilities of identification and authorization could be separated from the user and the data consumers, and the large-scale organizations are responsible for previous functionalities. It can not only maintain the quality of security, but decrease resource providers’ management cost. However, it is not mentioned before by OAuth protocol that the previous situations are not considered. Therefore, when the resource providers transfer the verification of the users’ authorization to other departments, it is necessary to confirm whether the requirements of the data consumers have been approved by the methods established respectively. In addition, it is necessary to be maintained by entire records to resolve the dispute which users, data consumers, authorization services and resource providers have different cognitions, when the data exchange between all roles.
This paper proposes a method that verify the data exchanged on cross-domain, and record related requests and authorization information through the Blockchain technology and Smart Contract. Using the Blockchain as a non-tamperable and decentralized database, which is trustful to store third-party request authorization and users’ agreement. The relevant evidences are useful to review of responsibilities in the future.However, the transparency of the Blockchain may invade privacy of users. Therefore, in this paper, we consider the issues of users’ privacy. In the Blockchain, all the users’ information is encrypted, so it could avoid revealing the privacy of users. In the end, we implemented a prototype experiment and performance the method of this paper, so the modified OAuth protocol could achieve a better verification mechanism on cross-domain.

摘要 I ABSTRACT II 誌謝 III 目錄 IV 圖目錄 VI 表目錄 VII 符號表 VIII 第1章 緒論 1 1.1 研究背景與動機 1 1.2 研究目的與貢獻 3 1.3 章節介紹 4 第2章 文獻探討與背景知識 5 2.1 區塊鏈 5 2.2 智能合約 7 2.3 OAUTH 8 第3章 問題情境與需求分析 11 3.1 問題情境 11 3.2 需求分析 11 第4章 利用區塊鏈強化OAUTH機制之方法 12 4.1 方法概述 12 4.2 方法流程 14 第5章 方法之實驗驗證與實驗分析 18 5.1 系統環境 18 5.2 流程驗證 20 5.2.1 請求授權 20 5.2.2 授權 21 5.2.3 獲取資料 22 5.3 效能驗證 23 第6章 需求驗證 24 6.1 OAUTH角色間資料驗證 24 6.2 記錄請求與同意資訊 24 6.3 安全與隱私考量 25 第7章 結論 27 7.1 結論 27 7.2 未來研究方向 27 參考文獻 28

