Enhancing OAuth With Blockchain Technologies for Data Portability

Shi Cho Cha, Chun Lin Chang, Yang Xiang, Tzu Jia Huang, Kuo Hui Yeh*

*此作品的通信作者

研究成果: Article同行評審

2 引文 斯高帕斯(Scopus)

摘要

To satisfy the requirement of data portability, current service providers (or resource servers) usually provide OAuth-based schemes for third party applications (or clients) to access user data with the user's consent. To shoulder the costs of maintaining relationships with potential third party applications, a service provider may adopt delegate the task of authentication and authorization to an authorization server. However, current OAuth specification does not specify the interactions between an authorization server and a resource server. To address this limitation, this study proposes the MyDataChain framework to enhance the existing OAuth specification with blockchain technology. The proposed framework utilizes smart contracts to establish the standard interface to support the processes of authorization requesting, granting, and revocation. As blockchain technologies can ensure data integrity, the framework can use the data stored in the blockchain to resolve disputes among different parities. Moreover, as the proposed framework uses the Non-Interactive Zero-Knowledge (NIZK) scheme, the proposed framework can achieve its purpose without storing any personal identifiable or traceable data in the blockchain. Therefore, people cannot utilize information stored in the blockchain to compromise user privacy. Furthermore, this study implements a prototype system using Quorum blockchain technology. The experimental results show that the framework can be realized with existing blockchain technologies. Therefore, this study can provide a feasible privacy preserving means of achieving data portability and providing individuals the rights to be forgotten considering dispute resolution.

原文English
頁(從 - 到)349-366
頁數18
期刊IEEE Transactions on Cloud Computing
11
發行號1
DOIs
出版狀態Published - 1 1月 2023

指紋

深入研究「Enhancing OAuth With Blockchain Technologies for Data Portability」主題。共同形成了獨特的指紋。

引用此