KR102160664B1 - General Data Protection Regulation Complied Blockchain Architecture for Personally Identifiable Information Management - Google Patents

Abstract

The surveillance and confidentiality incidents of users' privacy invasion lead to questioning the current data collection procedures of third parties. Personally Identifiable Information (PII) is being abused for medical incidents, identity theft, spam, phishing, and cyber espionage. A large amount of data is flowing from users to companies for data-driven market analysis and forecasting. As a result, it is difficult to trace the flow and genuineness of PII. Blockchain technology, a'immutable' distributed ledger, can efficiently track PII exchange, storage and distribution. In contrast, the ongoing EU General Data Protection Regulation (GDPR) calls for the right to'forget' and'must be erasable'. However, this specification proposes an off-chain blockchain architecture that uses both a local database and a distributed ledger to ensure a reliable PII lifecycle.

Description

Blockchain architecture that complies with general data protection regulations for personally identifiable information management {General Data Protection Regulation Complied Blockchain Architecture for Personally Identifiable Information Management}

The present invention relates to a blockchain architecture that complies with general data protection regulations for managing personally identifiable information.

In order to provide user-centered services, the website collects a significant amount of PII (eg age, race, social security number, home location, driver's license, etc.). Currently, more than 50 million people use several social networking sites (SNS), and they provide a vast amount of PII for these sites. All of these SNS sites, other web sites and mobile applications provide login or registration for premium services. PII is often used by organizations to verify the identity of customers. Since most of these SNS sites and applications are free, several studies have found violations of PII by these groups. In fact, these organizations store, distribute and analyze critical PII information to create business models through user profiling. Technology giants use third-party services, which are companies that provide customer PII. Ultimately, these subsidiaries collect, analyze, and distribute data from multiple organizations. After all, the user doesn't know where the data ends. We all enjoy the benefits of a data-centric industry, but the illegal use of PII is the dark side of the data-centric industry. Guardian revealed in April 2018 that Facebook, the largest social media site, violated 87 million personal information and users' PII. Constant data breaches occur in the age of big data mentioned in several studies. According to Armoring, different organizations such as Yahoo (3 billion), eBay (14.5 billion), Adobe (38 million), JP Morgan (76 million), and the U.S. Human Resources Administration (22 million) A data breach has occurred. According to Gemalto's Violation Level Index (BLI), there are 4 million leaks each year, of which 74% were identity theft. Forbes magazine made data a new currency for trade marketing. It is reported that about $200 million is being invested to exchange PII. Companies are exchanging customer data to make a profit. Communication between companies is expected to be widely applied, and this requires consideration of PII management and tracking.

Blockchain technology is being used beyond the field of cryptocurrency, receiving a lot of attention from various researchers. Blockchain is made up of a series of blocks, and these blocks can accommodate any data in a block like an existing public ledger. In addition, these blocks are linked together and protected using encryption. Several researchers have used blockchain to manage PII. However, the motivation of the recently implemented General Data Protection Regulation (GDPR) is to protect personal data, so institutions should pay special attention to personal consent and data sharing. There is a need to obtain consent before personal data can be analyzed, and there is also a responsibility to independently withdraw or delete this data (aka'right to be forgotten'). Blockchain PII storage architecture is based on the'immutability' of data. Conversely, the General Data Protection Regulation (GDPR) requires that personal data be changeable and erasable at the request of the data owner.

It provides an off-chain blockchain architecture that uses both a local database and a distributed ledger to ensure a reliable PII lifecycle.

In the personally identifiable information management method of the Blockchain based Personally Identifiable Information Management System (BcPIIMS), the personally identifiable user data received from the user node at the controller node on the blockchain network is personally identifiable. Separating into Information, PII) and Potential Personally Identifiable Information (PPII); Storing the personal identification information in a local database of the controller node at the controller node; Generating a hash value of the personal identification information in the controller node; And when agreement between nodes on the blockchain network is reached, a smart contract generated by the agreement, the potential personal identification information, the generated hash value, a user identifier corresponding to the user node, and the controller. It provides a personal identification information management method comprising the step of generating a block including a controller identifier corresponding to the node and storing it in a blockchain.

According to one side, the personal identification information management method may further include posting a list of the user personal data to nodes on the blockchain network in the controller node.

According to another aspect, when the controller node shares the user personal data with a processor node on the blockchain network, the controller node may share the user personal data and the user personal data. It may further include informing the user node of the purpose of sharing.

According to another aspect, the processor node separates the user personal data into personal identification information and potential personal identification information, stores the personal identification information in a local database of the processor node, and a hash value of the personal identification information And, when agreement between nodes on the blockchain network is reached, a smart contract generated by the agreement, the potential personal identification information, the generated hash value, a user identifier corresponding to the user node, the controller node It may be characterized in that it is implemented to generate a block including a controller identifier corresponding to and a processor identifier corresponding to the processor node and store it in the blockchain.

According to another aspect, the conditions for the agreement may be characterized in that it is based on General Data Protection Regulation (GDPR) regulations.

In another aspect, each of the nodes on the blockchain network checks the smart contract stored on the blockchain as a request to delete user personal data from the user node is received, and stores the user in their local database. It may be characterized in that the user's personal data of the node is deleted.

In another aspect, each of the nodes on the blockchain network checks the smart contract stored on the blockchain and stores the user in their local database as a request to modify user personal data is received from the user node. A node that modifies the user personal data of the node and the user personal data of the user node in its own local database creates a new block containing a hash of the modified personal identification information and adds it to the blockchain. can do.

In another aspect, the consensus may be characterized in that it is made when more than n (where n is a natural number) percent of all nodes on the blockchain network agree.

It is combined with a computer device to provide a computer program stored in a computer-readable recording medium for executing the personal identification information management method on the computer device.

It provides a computer-readable recording medium, characterized in that a computer program for executing the personal identification information management method on a computer device is recorded.

A computer device corresponding to a controller node on a blockchain network, comprising at least one processor implemented to execute a command readable in a computer, and received from a user node on the blockchain network by the at least one processor. Separating user personal data into Personally Identifiable Information (PII) and Potential Personally Identifiable Information (PPII), storing the personally identifiable information in a local database, and storing the hash value of the personally identifiable information And, when an agreement between nodes on the blockchain network is reached, a smart contract generated by the agreement, the potential personal identification information, the generated hash value, a user identifier corresponding to the user node, and It provides a computer device, characterized in that it generates a block including a controller identifier corresponding to the controller node and stores it in a blockchain.

By using both a local database and a distributed ledger, you can ensure a reliable PII lifecycle.

1 is a diagram showing an example of the overall structure of a system proposed according to an embodiment of the present invention.
2 is a diagram illustrating an example of a user and controller scenario according to an embodiment of the present invention.
3 is a diagram illustrating an example of user, controller, and processor scenarios in an embodiment of the present invention.
4 is a diagram showing an example of a scenario in which PII is deleted according to an embodiment of the present invention.
5 is a diagram illustrating an example of a scenario for modifying PII according to an embodiment of the present invention.
6 is a diagram illustrating an example of comparing block chain data and actual data according to an embodiment of the present invention.
7 is a diagram showing an example of an internal configuration of a computer device according to an embodiment of the present invention.
8 is a flowchart illustrating an example of a method for managing personal identification information according to an embodiment of the present invention.

The present invention may apply various transformations and may have various embodiments. Hereinafter, specific embodiments will be described in detail based on the accompanying drawings.

In describing the present invention, when it is determined that a detailed description of a related known technology may obscure the subject matter of the present invention, a detailed description thereof will be omitted.

Due to the surveillance of users' privacy and the breach of confidentiality, questions have been raised about the third-party data collection procedure. Massive amounts of Personally Identifiable Information (PII) are being exploited due to medical incidents, identity theft, spam, phishing and cyber attacks. For data-driven market analysis and forecasting, large amounts of data flow from users to companies. Therefore, it is difficult to trace the flow and authenticity of PII. Blockchain technology is a'immutable' distributed ledger that can efficiently track PII exchange, storage and distribution. In contrast, the ongoing EU General Data Protection Regulation (GDPR) requires'right to forget' and'must be erasable'. However, embodiments of the present invention propose an off-chain blockchain architecture that guarantees a reliable PII life cycle using a local database and a distributed ledger. Taking into account the core elements of GDPR, the dominant blockchain architecture was modified, and a prototype was created to verify the proposed architecture using multichain 2.0. The proposed architecture stores PII and non-PII in physically separate locations. Finally, users of the proposed architecture will be guaranteed the privacy and rigor of the blockchain along with the privacy regulations of the GDPR. Verification is done by comparing the proposed system with the existing methodology in terms of technology, and future research topics are presented.

1. Introduction

Embodiments of the present invention propose a Blockchain-based Personally Identifiable Information Management System (BcPIIMS) designed for PII management throughout an organization. A separate procedure for storing the PII and the rest of the data is proposed. In embodiments of the present invention, PII is stored in a local database, and non-PII having a hash of PII is stored in a blockchain. A prototype was developed to verify the performance of the proposed model. Research directions to raise awareness of PII management will also be mentioned. The proposed method uses blockchain technology in one aspect to provide a transparent and immutable system, and in the other aspect, it is possible to delete the PII of the local database stored separately at any time. As a result, the proposed blockchain-based personally identifiable information management system (BcPIIMS) can comply with GDPR.

2. Related research

는 데이터 마이닝 기법을 사용하여 PII의 위험 요소를 확인하였다. Brill은 빅 데이터 최종 사용자의 프라이버시 누출에 대한 다음과 같은 세가지 주요 요인을 확인하였다. a) 클라우드에서 누출되는 정보의 위험, b) 실제로 필요한 것보다 많은 정보 수집으로 인한 데이터 유출 및 c) 분석을 위한 데이터 배포로 인해 누출되는 데이터. Alduaij는 대부분 프라이버시 규정들에 기반한 여러 신원 관리 기법을 분석하였다. 일반 정보 보호 규정(General Data Protection Regulation, GDPR), 호주 정보에 의한 프라이버시 보호 개정(Privacy Protection amendment), 캐나다 개인 정보 보호, ISO 의 ISO27001은 데이터 흐름을 보호하거나 관리하기 위해 실행된다. 프라이버시에서, 몇몇 연구들은 디지털 식별자를 사용자 식별자의 소스로 식별하였다. Pfitzmann과 Hansen은 PII를 "신원이란 개인의 모든 속성 집합의 하위 집합으로서, 모든 개인의 집합 안에서 이 개인을 충분히 식별할 수 있다"라고 정의하였다. NIST(National Institute of Standards and Technology)는 PII를 "에이전시에 의해 개인적으로 유지되는 정보, 개인의 신분을 구별하거나 추적하는 데 사용할 수 있는 정보(예: 이름, 사회 보장 번호, 생년월일, 어머니의 결혼 전 성 또는 생체 인식 기록) 및 의학적, 교육적, 재정적 및 고용 정보와 같이 개인에게 연결되거나 연결될 수 있는 기타 모든 정보"로 정의한다. 몇 가지 PII가 표 I에 나열되어 있다.Several solutions and regulations exist to protect and track PII. To protect privacy, major countries and large corporations have begun implementing their own rules. Proprietary verification at the software level has been proposed that operates on the Open Authorization (OAuth) protocol. Regarding the aforementioned problem, several researchers have conducted studies to reduce PII violations or track the flow of user PII.

Used data mining techniques to identify risk factors for PII. Brill identified three major factors behind the privacy leaks of big data end users: a) the risk of information leaking from the cloud, b) data leakage due to collecting more information than is actually needed, and c) data leaking due to data distribution for analysis. Alduaij analyzed several identity management techniques, mostly based on privacy regulations. The General Data Protection Regulation (GDPR), the Privacy Protection amendment for Australian Data, Canada Privacy and ISO 27001 of ISO are implemented to protect or manage data flows. In privacy, several studies have identified digital identifiers as the source of user identifiers. Pfitzmann and Hansen defined PII as "identity is a subset of the set of all attributes of an individual, capable of sufficiently identifying this individual within the set of all individuals." The National Institute of Standards and Technology (NIST) refers to PII as "information that is kept privately by an agency, information that can be used to identify or track an individual's identity (e.g., name, social security number, date of birth, mother's pre-marriage). Gender or biometric records) and any other information that may or may be linked to an individual, such as medical, educational, financial and employment information. Several PIIs are listed in Table I.

Personally Identifiable Information (PII) Full Name, Home or Office Address, Email, National Identification Number, Passport, Vehicle ID, Driving License, Fingerprints, Handwriting, Credit Card Numbers, Digital Identity, Birth date, Birthplace, Biological Information, Phone Number, Login Name, Social Security Number (SSN).

Due to the growing number of PII-related security breaches, millions of information have been leaked over the past few years. PII risk is dangerous for both groups and individuals. Privacy by design has been mentioned by several studies to safely manage PII. Posey has done the work of classifying systematic PII violations into text mining and cluster analysis. This study discovered eight major types of PII spills. On the contrary, NPII (Non-Personally Identifiable Information) is a form of sharable and risk-free PII. The first venture of the blockchain is Bitcoin by Satoshi Nakamoto, which offers fast, inexpensive and transparent P2P transactions. ) This is a white paper. The terminology frequently used in blockchain technology is as follows.

Node: A node is a computer device owned by a participating organization or user. The node's main activity is to confirm transactions with other nodes before the block is added.

Consensus Algorithm: Consensus is an algorithm used to approve all decisions required by a node.

Block: After a successful consensus, data containing information of a transaction or decision is added to the current chain as a block.

Blockchain has been used for identity management in several different studies. However, the newly imposed EU-GDPR introduced a set of new rules that could directly affect the way previous studies store PII. Joshi combines data privacy and protection ontology with blockchain technology. This study proposed a Linkshare system specially designed for big data that users can apply customized rules. Other studies have also used blockchain technology to store PII. Benhamouda used multiparty computation (MPC) and hyper ledger to store sensitive information. Zyskind has created a platform that provides personalized, user-centric services by combining blockchain with an access control consensus mechanism. Chen explained a framework based on cloud privacy managed by a blockchain. This method suggests traceability of data and access to healthcare resources after the approval process.

The GDPR came into effect on May 25, 2018 as a new privacy regulation in the European Union. The GDPR implies that when dealing with data from EU residents, all businesses, organizations and individuals outside the EU must comply with the regulations. According to a recent survey of about 2,000 IT professionals in the UK, only 47% of respondents are fully aware of the GDPR, while 41% say they know about the GDPR but need more understanding, and 9% They responded that they did not recognize it at all. GDPR categorizes data processing organizations into controllers and processors, and controllers and processors are defined as follows.

Controller: A controller is a legal entity or public entity that processes PII for citizens of the EU or member states.

Processor: A processor is a legal entity or public entity that processes PII information on behalf of the controller.

3. Proposed method

This section describes the proposed methodology for a privacy blockchain-based PII management system (BcPIIMS). First, the structural overview and functional characteristics of the proposed method are discussed. The final part provides detailed usage example scenarios for detailed use.

A. Proposed Architecture

1 is a diagram showing an example of the overall structure of a system proposed according to an embodiment of the present invention. The system according to this embodiment mainly handles three predefined parts of the GDPR, which are users, controllers and processors. The proposed system provides a safe, transparent and GDPR-friendly PII management system. The node and consensus algorithm is as follows.

Node: User, controller and processor are the three types of nodes used in this embodiment. In general, PII data flows between the three node types. In addition, it is assumed that blockchain nodes exist within the legal boundaries of GDPR.

Consensus Algorithm: This embodiment uses a round robin (consensus algorithm) scheduling system. In this system, allowed nodes (users, controllers, and processors) to create a valid blockchain must generate circular blocks. For the robustness of the system, the mining versatility is set to 0.75 out of 0 to 1. In other words, if a new block is approved as a blockchain, at least 75% of all nodes must agree or respond. This way, the system will not hang if any minor set is inactive for a long time. The overall work procedure is as follows.

또한, 블록체인의 새 블록에 데이터 흐름의 기록으로서 추가될 수 있다.First, users produce enormous amounts of PII and NPII every day while using various services provided by various organizations. Typically, organizations collect PII to provide service or market analysis and forecasts. The proposed system transfers a list of PII, ρ, or NPII, σ, from the user μ to the controllers α _1-n . While the information flows from μ to α, a smart contract between α _1-n and μ is signed. We mentioned that GDPR does not allow ρ to be preserved in the blockchain β. Therefore, the proposed system is designed in such a way that β only stores σ obtained from μ. On the other hand, all other information except for smart contracts η and σ and PII is stored in the local database Ω of each node (μ and α). Terms and conditions between the two parties (μ and α) are signed with the smart contract η. Here, data privacy regulations, data using practices, data distribution procedures, notification processes and mining techniques are mentioned in detail. Alternatively, the consensus between nodes (μ and α) will ensure the creation of a new smart contract η, which can be added to β as a new block (except PII). Hash of local database

It can also be added as a record of data flow to new blocks in the blockchain.

That is, the user's PII is stored in the controller's off-chain local database. Similarly, the blockchain stores the rest of the information using a hash of PII stored in a local database. If you change the local database on the controller side, you can easily identify it. Likewise, in the event of a PII violation, the set of responsible controllers can be easily identified. So, if list PII is passed from all users to the controller data store, as shown below,

Local database Ω = {ρ},

= {η, σ,

, μ, α}이다.Blockchain

= {η, σ,

, μ, α}.

_1-n에게 제공해야 한다. 이 때, 모든 노드들(μ, α 및

)는 합의를 거친다. 이전 절차와 마찬가지로, 블록체인은 PII의 모든 non-PII 정보 및 해시를 저장한다. 반대로, 각 노드들(μ, α 및

)의 로컬 데이터베이스는 사용자 PII를 저장하고, 해당 PII의 해시를 블록체인에 전송한다. 즉, 모든 파티들이 데이터 공유 조건에 동의하면, 새로운 블록이 공유된 PII의 해시 및 NPII를 가지는 기존 블록체인에 추가된다. 따라서, 다음과 같이, 목록 PII가 모든 컨트롤러로부터 프로세서의 데이터 저장소로 전달되면,Second, the controller uses several different processors for detailed analysis, market forecasting, profiling, business model generation, consumer estimation, etc. Therefore, the controller α processes the list of ρ, which is the user μ's PII.

Should be given to _1-n . At this time, all nodes (μ, α and

) Agrees. Like the previous procedure, the blockchain stores all non-PII information and hashes of PII. Conversely, each of the nodes (μ, α and

)'S local database stores user PII and transmits the hash of the PII to the blockchain. In other words, if all parties agree to the data sharing conditions, a new block is added to the existing blockchain with a shared PII hash and NPII. So, if list PII is passed from all controllers to the processor's data store, like this:

Local database Ω = {ρ},

= {η, σ,

, μ, α,

} 이다.Blockchain

= {η, σ,

, μ, α,

} to be.

At this time, as shown in FIG. 1, when a successful agreement is established between the user and the controller, a new block may be added. Similarly, in the case of a processor, blocks can be added only after successful agreement from the user, the controller and the associated processor.

B. PII from user to controller

1) Personal data processing

Users will share personal data with the controller. The controller can separate this data into PII and NPII to perform separate storage mechanisms. Thereafter, the controller stores PII in a local database as shown in FIG. 1, then generates a hash value of the shared PII, and stores it in the blockchain after consensus is reached. Then, a list of data (PII, NPII) will be posted between the nodes along with the hash value and contract terms.

Through this, consent information related to the user's contract terms and conditions is managed transparently and explicitly.

2) Consensus and Smart Contract:

Along with the user agreement, contract terms for the use of the user's personal information are created in the smart contract, and these terms must comply with the GDPR or similar data sharing rules and regulations.

3) Add a new block to the blockchain:

The third step is to create a block containing the hash values of the smart contract, NPII and PII, and add a new block to the blockchain.

C. PII from controller to processor

1) Sharing personal data

The controller shares user personal data with the connected processor, and informs the user of these updates and the purpose of sharing the data with the processor. The processor can separate user personal data into PII and NPII and store them separately. Then, this data will be published among all nodes.

2) Consensus and Smart Contract

All nodes must create a new smart contract that holds the terms of the contract and the user's agreement on the use of personal information. After the processor agrees to all conditions provided by the controller and the user, the processor may allow processing of the PII for data analysis.

3) Create a new block

After all the above steps are completed, a new block is created in the last step. This new block holds the hash values of all smart contracts, NPII, and PII. Then, the new block is added to the existing blockchain.

D. User's personal information sharing scenario

The usage example scenario is described in detail. Three additional scenarios have been added: the user-controller scenario, the user-controller-processor scenario, and the deletion and modification of the scenario.

1) User-controller scenario

2 is a diagram illustrating an example of a user and controller scenario according to an embodiment of the present invention. In the first step (01), the user provides information to the controller, and in the second step (02), the controller separates the data into PII and NPII and generates a hash value of the shared PII. After separating the data, in a third process (03), a data list (PII, NPII) along with the hash value will be posted between the nodes. Then, in the fourth process (04), agreement of the contract terms and conditions and agreement of the user will be reached between the users. These agreements with the controller must be compatible with the GDPR regulations in order to become a smart contract. In the final fifth step (05), the controller will create a block with all this information (smart contract, hash value of NPII and PII) and add a new block to the current blockchain. To add a new block 1, an agreement from both the user and the controller is considered, as shown in FIG. 2.

2) User-controller-processor scenario:

3 is a diagram illustrating an example of user, controller, and processor scenarios in an embodiment of the present invention. After the user-controller scenario of FIG. 2, in a sixth step (06), the controller may share the PII with the processor for user data analysis. After separating PII and NPII, the processor informs the user, and the user, controller and processor reach an agreement. Then, in a seventh process (07), a data list (PII, NPII) together with a hash value may be posted among the nodes. This consensus can be converted into a smart contract and newly stored in the blockchain. As shown in Fig. 3, to add block number 2, consensus from all parties can be considered.

3) Deletion and modification scenario

4 is a diagram showing an example of a scenario for deleting PII in an embodiment of the present invention, and FIG. 5 is a diagram showing an example of a scenario for modifying PII in an embodiment of the present invention.

Users can inform all nodes of the need to delete/modify their personal data from the database. All nodes can check the smart contract for consensus between all nodes and users stored in the blockchain. After that, each of all modes can delete/modify the user's data. At that time, a list of deleted/modified data (PII, NPII) along with the hash value may be posted among the nodes. As shown in Fig. 4, the hash of the blockchain is not changed, so it is the same, but the actual data no longer exists. Thus, a hash without actual data is useless. This makes the proposed system consistent with the GDPR regulations for data erasure. In the case of modification, as shown in FIG. 5, after the modification is completed in the local database, it may be updated in the blockchain as a new block containing a hash of the modified PII. The user can cross-check the modification of the user's personal data by comparing the hash of the PII stored in the local database with the hash of the blockchain data.

IV. Implementation and discussion

This section presents the implementation of the proposed system and describes some of its advantages compared to existing PII management and protection systems.

1) System implementation:

We implemented a prototype of the proposed system on 10 computers (Windows 10, i7-7700HQ CPU @ 2.8GHZ Samsung Inc. Korea), each of which represents a different participating entity such as users, controllers and processors. In this case, Multichain 2.0, an open source blockchain implementation platform, can be used. The proposed method architecture is a privacy blockchain that requires minimal difficulty for network consensus to be achieved, and this blockchain maintains a third-ranked trust with participants (round robin). Nodes may be defined or restricted. Nevertheless, mining diversity is set at 0.75, reflecting the guidelines for implementing Multichain. An example of the proposed system data storage (blockchain data vs. actual contract) is shown in FIG. 6.

2) Discussion:

The architectural differences obtained in this study and their advantages are explained.

a) storage

The proposed method provides users with a copy of their data directly from the controller and provides a hash value of their data, so that users can check and compare two hash values (e.g., one user can (Has a hash)). Finally, this procedure ensures data integrity.

b) deletion and modification

Users have the right to delete personal data from the controller and processor at any time they wish. The GDPR allows the "right to be deleted". In other words, the new rules allow users to modify or delete PII. To comply with the GDPR, the proposed BcPIIMS architecture can allow users to modify and delete. A simple scenario is shown in FIGS. 4 and 5. Since off-chain data is erasable and allows on-chain where hashes of PII and NPII are stored, this is how the proposed system is fully GDPR compliant.

c) security

Since the agreement between users, controllers and processors is stored securely in the blockchain, this agreement cannot be changed or altered. Thus, users can be sure through the "data immutability" of the blockchain that the consensus is secure and cannot be modified by adding or removing certain rules. If any controller intends to distribute PII or NPII related information, a new agreement from all parties is required. Users can transparently see the data stored by the controller and processor, which can certainly increase the overall security of the user's PII.

d) Transparency and verification

The proposed system is transparent about everything related to their data, and can convince users of why their data is used, who needs their personal data, and with whom. All of this information must be known to the user from start to finish. In addition, the rules of consensus must be understandable, easily accessible and supported by all parties.

As such, some of the key contributions according to the embodiments of the present invention are as follows.

First, after sharing information from the user to the controller or processor, the proposed prototype can successfully track all kinds of data manipulation. This is because the proposed architecture maintains a hash of all PII data present in the immutable blockchain after the agreement of all parties. When the controller or processor modifies the user PII, the user can easily recognize the change and take the necessary action.

Second, users can easily predict which controller or processor data is being compromised. Users can share their PII with others. Eventually, the user can charge the controller and processor for PII violations. Some of the benefits of the proposed BcPIIMS are described below.

Finally, the proposed system provides additional data tracking and security enhancements for using blockchain technology along with a partial off-chain data storage mechanism. General data storage mechanism technology regards data and related conditions with the same priority. However, network attacks, data purpose, and privacy issues fall into several scopes. The proposed off-chain blockchain emphasizes the rules for storing data or data processing rules on the chain. PII information is stored off-chain, but the hash of PII information is stored on the chain according to the global approval procedure, which makes it difficult to change (manipulate). Due to the above reasons, it is justified to use off-chain data storage and blockchain together, which is not implemented in general cases.

7 is a diagram showing an example of an internal configuration of a computer device according to an embodiment of the present invention. Each of the aforementioned nodes may be performed by the computer device 700 described in FIG. 7. The computer device 700 may include a memory 710, a processor 720, a communication interface 730, and an input/output interface 740, as shown in FIG. 7. The memory 710 is a computer-readable recording medium and may include a permanent mass storage device such as a random access memory (RAM), a read only memory (ROM), and a disk drive. Here, a non-destructive large-capacity recording device such as a ROM and a disk drive may be included in the computer device 700 as a separate permanent storage device separated from the memory 710. In addition, an operating system and at least one program code may be stored in the memory 710. These software components may be loaded into the memory 710 from a computer-readable recording medium separate from the memory 710. Such a separate computer-readable recording medium may include a computer-readable recording medium such as a floppy drive, disk, tape, DVD/CD-ROM drive, and memory card. In another embodiment, software components may be loaded into the memory 710 through a communication interface 730 other than a computer-readable recording medium. For example, software components may be loaded into the memory 710 of the computer device 700 based on a computer program installed by files received through the network 760.

The processor 720 may be configured to process instructions of a computer program by performing basic arithmetic, logic, and input/output operations. The instructions may be provided to the processor 720 by the memory 710 or the communication interface 730. For example, the processor 720 may be configured to execute a command received according to a program code stored in a recording device such as the memory 710.

The communication interface 730 may provide a function for the computer device 700 to communicate with other devices (eg, storage devices described above) through the network 760. For example, a request, command, data, file, etc., generated by the processor 720 of the computer device 700 according to a program code stored in a recording device such as the memory 710, is transmitted to the network ( It can be transferred to other devices via 760. Conversely, signals, commands, data, files, etc. from other devices may be received by the computer device 700 through the communication interface 730 of the computer device 700 via the network 760. Signals, commands, data, etc. received through the communication interface 730 may be transmitted to the processor 720 or the memory 710, and the file may be a storage medium (described above) that the computer device 700 may further include. Permanent storage).

The input/output interface 740 may be a means for an interface with the input/output device 750. For example, the input device may include a device such as a microphone, a keyboard, or a mouse, and the output device may include a device such as a display or a speaker. As another example, the input/output interface 740 may be a means for an interface with a device in which input and output functions are integrated into one, such as a touch screen. The input/output device 750 may be configured with the computer device 700 and one device.

Further, in other embodiments, the computer device 700 may include fewer or more components than the components of FIG. 7. However, there is no need to clearly show most of the prior art components. For example, the computer device 700 may be implemented to include at least a portion of the aforementioned input/output device 750 or may further include other components such as a transceiver and a database.

8 is a flowchart illustrating an example of a method for managing personal identification information according to an embodiment of the present invention. The personal identification information management method according to the present embodiment may be performed by the computer device 700 described with reference to FIG. 7. In this case, the computer device 700 according to the present embodiment may implement a controller node on a blockchain network. For example, the processor 720 of the computer device 700 may be implemented to execute a code of an operating system included in the memory 710 or a control instruction according to the code of at least one computer program. Here, the processor 720 causes the computer device 700 to perform the steps 810 to 840 included in the method of FIG. 8 according to a control command provided by the code stored in the computer device 700. Can be controlled.

In step 810, the computer device 700 may separate the user personal data received from the user node at the controller node on the blockchain network into personal identification information and potential personal identification information.

In step 820, the computer device 700 may store personal identification information in a local database. As already explained, PII of user personal data can be stored in the local database of the controller node, and the hash of PII and PPII can be stored in the blockchain.

In step 830, the computer device 700 may generate a hash value of personal identification information. Since only the hash value of PII is stored in the blockchain, if PII is deleted from the local database, the hash value of PII stored in the blockchain becomes useless.

In step 840, when an agreement between nodes on the blockchain network is reached, the computer device 700 corresponds to a smart contract generated by agreement, potential personal identification information, generated hash value, and user node. A block including a user identifier and a controller identifier corresponding to the controller node can be created and stored in the blockchain. In this case, the computer device 700 may post a list of user personal data to nodes on the blockchain network. In addition, the conditions for consensus can be based on General Data Protection Regulation (GDPR) regulations.

Meanwhile, when the computer device 700 shares user personal data with a processor node on a blockchain network, the computer device 700 may inform the user node whether or not to share the user personal data and the purpose of sharing the user personal data. At this time, the processor node separates the user personal data into personal identification information and potential personal identification information, stores the personal identification information in a local database of the processor node, generates a hash value of the personal identification information, and generates a node on the blockchain network. When an agreement is reached, the smart contract generated by the agreement, potential personal identification information, the generated hash value, the user identifier corresponding to the user node, the controller identifier corresponding to the controller node, and the processor identifier corresponding to the processor node are included. It can be implemented to create a block and store it in the blockchain.

In addition, as each node on the blockchain network receives a request to delete user personal data from the user node, it checks the smart contract stored on the blockchain and deletes the user's personal data stored in its local database. I can.

In addition, as each node on the blockchain network receives a request to modify the user's personal data from the user node, it checks the smart contract stored on the blockchain and modifies the user's personal data stored in its local database. At this time, a node that has modified user personal data of a user node in its own local database can create a new block containing a hash of the modified personal identification information and add it to the blockchain.

As described above, according to embodiments of the present invention, by using both the local database and the distributed ledger, it is possible to ensure a reliable PII life cycle.

The system or device described above may be implemented as a hardware component, a software component, or a combination of a hardware component and a software component. For example, the devices and components described in the embodiments are, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate array (FPGA). , A programmable logic unit (PLU), a microprocessor, or any other device capable of executing and responding to instructions, such as one or more general purpose computers or special purpose computers. The processing device may execute an operating system (OS) and one or more software applications executed on the operating system. In addition, the processing device may access, store, manipulate, process, and generate data in response to the execution of software. For the convenience of understanding, although it is sometimes described that one processing device is used, one of ordinary skill in the art, the processing device is a plurality of processing elements and/or multiple types of processing elements. It can be seen that it may include. For example, the processing device may include a plurality of processors or one processor and one controller. In addition, other processing configurations are possible, such as a parallel processor.

The software may include a computer program, code, instructions, or a combination of one or more of these, configuring the processing unit to behave as desired or processed independently or collectively. You can command the device. Software and/or data may be interpreted by a processing device or to provide instructions or data to a processing device, of any type of machine, component, physical device, virtual equipment, computer storage medium or device. Can be embodyed in The software may be distributed over networked computer systems and stored or executed in a distributed manner. Software and data may be stored on one or more computer-readable recording media.

The method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like alone or in combination. The medium may be one that continuously stores a program executable by a computer, or temporarily stores a program for execution or download. In addition, the medium may be a variety of recording means or storage means in a form in which a single piece of hardware or several pieces of hardware are combined, but is not limited to a medium directly connected to a computer system, and may be distributed on a network. Examples of media include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical recording media such as CD-ROMs and DVDs, magnetic-optical media such as floptical disks, and And ROM, RAM, flash memory, and the like may be configured to store program instructions. In addition, examples of other media include an app store that distributes applications, a site that supplies or distributes various software, and a recording medium or a storage medium managed by a server. Examples of the program instructions include not only machine language codes such as those produced by a compiler, but also high-level language codes that can be executed by a computer using an interpreter or the like.

As described above, although the embodiments have been described by the limited embodiments and drawings, various modifications and variations are possible from the above description by those of ordinary skill in the art. For example, the described techniques are performed in a different order from the described method, and/or components such as a system, structure, device, circuit, etc. described are combined or combined in a form different from the described method, or other components Alternatively, even if substituted or substituted by an equivalent, an appropriate result can be achieved.

Therefore, other implementations, other embodiments, and claims and equivalents fall within the scope of the claims to be described later.

Claims (16)

In the personal identification information management method of the Blockchain based Personally Identifiable Information Management System (BcPIIMS),
Separating user personal data received from the user node in a controller node on a blockchain network into Personally Identifiable Information (PII) and Potential Personally Identifiable Information (PPII);
Storing the personal identification information in a local database of the controller node at the controller node;
Generating a hash value of the personal identification information in the controller node;
When an agreement between nodes on the blockchain network is reached, a smart contract generated by the agreement, the potential personal identification information, the generated hash value, a user identifier corresponding to the user node, and the controller node Generating a block including a controller identifier corresponding to and storing it in a block chain; And
When the controller node shares the user personal data with the processor node on the blockchain network, informing the user node whether the controller node shares the user personal data and the purpose of sharing the user personal data
Personally identifiable information management method comprising a. The method of claim 1,
Posting the list of user personal data to nodes on the blockchain network in the controller node
Personally identifiable information management method comprising a further. delete The method of claim 1,
The processor node,
Separating the user personal data into personally identifiable information and potential personally identifiable information,
Storing the personal identification information in a local database of the processor node,
Generate a hash value of the personal identification information,
When an agreement between nodes on the blockchain network is reached, a smart contract generated by the agreement, the potential personal identification information, the generated hash value, a user identifier corresponding to the user node, a controller corresponding to the controller node Implemented to create a block including an identifier and a processor identifier corresponding to the processor node and store it in the blockchain
Personal identification information management method, characterized in that. The method of claim 1,
The conditions for the agreement are personally identifiable information management method, characterized in that based on GDPR (General Data Protection Regulation) regulations. The method of claim 1,
Each of the nodes on the blockchain network checks the smart contract stored on the blockchain as a request to delete user personal data from the user node is received, and stores the user personal data of the user node in their local database. Personal identification information management method, characterized in that to delete. The method of claim 1,
Each of the nodes on the blockchain network checks the smart contract stored on the blockchain as a request to modify user personal data from the user node is received, and stores the user personal data of the user node in its own local database. Modify it,
A method for managing personal identification information, characterized in that a node that has modified user personal data of the user node in its own local database creates a new block including a hash of the modified personal identification information and adds it to the blockchain. The method of claim 1,
The personal identification information management method, characterized in that the agreement is made when n (where n is a natural number) percent or more of all nodes on the blockchain network agree. A computer program combined with a computer device and stored on a computer-readable recording medium for executing the method of any one of claims 1, 2 or 4 to 8 on a computer device. A computer-readable recording medium storing a computer program for executing the method of claim 1, 2, or 4 to 8 on a computer device. In a computer device corresponding to a controller node on a blockchain network,
At least one processor implemented to execute computer-readable instructions
Including,
By the at least one processor,
Separating user personal data received from the user node on the blockchain network into Personally Identifiable Information (PII) and Potential Personally Identifiable Information (PPII),
Store the personal identification information in a local database,
Generate a hash value of the personal identification information,
When an agreement between nodes on the blockchain network is reached, a smart contract generated by the agreement, the potential personal identification information, the generated hash value, a user identifier corresponding to the user node, and the controller node Create a block containing the controller identifier corresponding to and store it in the blockchain,
When the controller node shares the user personal data with the processor node on the blockchain network,
By the at least one processor,
Informing the user node whether the user personal data is shared and the purpose of sharing the user personal data
Computer device, characterized in that. The method of claim 11,
By the at least one processor,
Posting the list of user personal data to nodes on the blockchain network
Computer device, characterized in that. delete The method of claim 11,
The processor node,
Separating the user personal data into personally identifiable information and potential personally identifiable information,
Storing the personal identification information in a local database of the processor node,
Generate a hash value of the personal identification information,
When an agreement between nodes on the blockchain network is reached, a smart contract generated by the agreement, the potential personal identification information, the generated hash value, a user identifier corresponding to the user node, a controller corresponding to the controller node Implemented to create a block including an identifier and a processor identifier corresponding to the processor node and store it in the blockchain
Computer device, characterized in that. The method of claim 11,
Each of the nodes on the blockchain network checks the smart contract stored on the blockchain as a request to delete user personal data from the user node is received, and stores the user personal data of the user node in their local database. To delete
Computer device, characterized in that. The method of claim 11,
Each of the nodes on the blockchain network checks the smart contract stored on the blockchain as a request to modify user personal data from the user node is received, and stores the user personal data of the user node in its own local database. Modify it,
A node that has modified user personal data of the user node in its own local database creates a new block containing a hash of the modified personal identification information and adds it to the blockchain.
Computer device, characterized in that.

Images