WO2024101715A1 - Method for managing user data by using data processing of trusted execution environment based on smart contract - Google Patents
Method for managing user data by using data processing of trusted execution environment based on smart contract Download PDFInfo
- Publication number
- WO2024101715A1 WO2024101715A1 PCT/KR2023/016461 KR2023016461W WO2024101715A1 WO 2024101715 A1 WO2024101715 A1 WO 2024101715A1 KR 2023016461 W KR2023016461 W KR 2023016461W WO 2024101715 A1 WO2024101715 A1 WO 2024101715A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- execution environment
- trusted execution
- data
- data processing
- smart contract
- Prior art date
Links
- 238000012545 processing Methods 0.000 title claims abstract description 295
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000004044 response Effects 0.000 claims abstract description 9
- 238000013523 data management Methods 0.000 claims description 42
- 230000008569 process Effects 0.000 claims description 9
- 238000013480 data collection Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 12
- 230000006378 damage Effects 0.000 description 11
- 238000004891 communication Methods 0.000 description 10
- 230000005540 biological transmission Effects 0.000 description 3
- 241000271897 Viperidae Species 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000005406 washing Methods 0.000 description 2
- 208000019901 Anxiety disease Diseases 0.000 description 1
- 230000036506 anxiety Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Definitions
- the present invention relates to a user data management method using data processing in a smart contract-based trusted execution environment.
- Blockchain is a decentralized distributed system. Decentralization means that there is no single central organization to perform a function, but rather multiple participants perform the function together. Basically, the blockchain network is composed of a P2P network, and blocks are created through a common process using a consensus algorithm. The use of hash is key in blockchain, and the combination of hash and the fact that multiple participants perform the same processing on the same data prevents forgery and falsification of data.
- a smart contract is a set of programming codes that help automatically execute contracts based on blockchain, which deals with assets and trust.
- the content of the code written by the developer exists in one block of the blockchain, and users can access the smart contract address and execute the code.
- a smart contract is because, like general transaction content, the code content of a smart contract is included in the block information, so it cannot be manipulated, and since the program operates according to the coded content, it is suitable for working with specified content such as a contract.
- Smart contracts written on Ethereum utilize the Solidity language and operate on EVM.
- the virtual machine for professionally executing Ethereum smart contracts is called the Ethereum Virtual Machine (EVM).
- Ethereum smart contracts are written in languages such as solidity and viper, and are widely applied and used in the blockchain field. there is.
- the technical task to be achieved by the present invention is data processing in a smart contract-based trusted execution environment that can block the data processing subject from viewing the data, prevent external leakage of data, and safely protect the privacy of the data provider. It provides a user data management method using .
- the user data management method using data processing in a smart contract-based trusted execution environment is a data processing platform server in response to a data processing request received from a manufacturer terminal according to a smart contract distributed on a blockchain.
- a step of creating a trusted execution environment including a data processing code and a first encryption key the trusted execution environment obtaining first user data encrypted by the first encryption key from a terminal owning the data, and the trust
- the execution environment primarily decrypts the encrypted first user data based on the first encryption key, and the trusted execution environment secondarily decrypts the first user data based on the second encryption key of the manufacturer terminal.
- the trusted execution environment processing the private data according to the data processing code to generate a data processing result, and the trusted execution environment sending the data processing result to the manufacturer terminal. It includes the step of providing to and the step of destroying the trusted execution environment according to the smart contract.
- the user data management method using data processing of the smart contract-based trusted execution environment includes, after the step of creating the trusted execution environment, the trusted execution environment creates a transaction requesting first user data.
- the step of recording in the blockchain may be further included.
- the first encryption key is an asymmetric key consisting of a pair of a first private key and a first public key of the trusted execution environment, and the first public key is generated based on the first private key. , It may be the account address of the trusted execution environment in the blockchain.
- the encrypted first user data may be encrypted using the first public key of the trusted execution environment.
- the second encryption key is an asymmetric key consisting of a pair of a second private key and a second public key of the manufacturer's terminal, and the second public key is generated based on the second private key, It may be the account address of the manufacturer's terminal in the blockchain.
- the first user data may include data encrypted with the private data using the second public key and unencrypted device state data.
- the private data may include personal information of the owner of the target device and the owner's usage information of the target device
- the device status data may include information indicating the objective status of the target device.
- the first user data may be data transmitted and stored from the user data sharing device of the target device to the data-owning terminal.
- the step of generating the private data includes the step of the trusted execution environment obtaining a second private key encrypted by the first public key from the manufacturer terminal, and the trusted execution environment obtaining the first private key Decrypting the encrypted second private key based on the encrypted second private key, and generating the private data by the trusted execution environment decrypting the first user data based on the second private key, and decrypting the first user data based on the second private key.
- the key is an asymmetric key consisting of a pair of the first private key and the first public key of the trusted execution environment
- the second encryption key consists of a pair of the second private key and the second public key of the manufacturer terminal. It may be an asymmetric key.
- the trusted execution environment may be a virtual execution environment that maintains validity only for the period that the smart contract lasts.
- the data processing result may be provided to the manufacturer terminal by encrypting the data processing result using the second encryption key and returning it to the blockchain.
- the step of destroying the smart contract may include executing a destruction command and deleting the trusted execution environment including the data processing code, the first user data, and the private data. You can.
- the step of executing the destroy command may include executing the destroy command, generating a flag indicating execution of the destroy command, and then creating a transaction including the flag and recording it in the blockchain. there is.
- At least one trusted execution environment may be created in the data processing platform server for execution of the smart contract.
- the step of creating the trusted execution environment includes generating a raw trusted execution environment in which no arbitrary data processing code and the first encryption key are generated, and the data based on the raw trusted execution environment. It may include generating the trusted execution environment including the data processing code and the first encryption key corresponding to the processing request.
- the step of creating the raw trusted execution environment includes generating a first image file of the raw trusted execution environment, generating a first hash value for the first image file, and generating the first hash value.
- a transaction containing can be created and recorded on the blockchain.
- the step of generating the trusted execution environment including the data processing code corresponding to the data processing request and the first encryption key includes generating a second image file of the trusted execution environment, and 2 A second hash value for the image file can be generated, and a transaction including the second hash value can be created and recorded in the blockchain.
- the trusted execution environment is destroyed and the stored data is also erased, so that the collected data is not externally transmitted. It is possible to protect the privacy of data subjects by preventing data leakage and fundamentally blocking data viewing by the operator of the data processing platform server.
- multiple smart contracts can be implemented simultaneously using a trusted execution environment that is independently executed for each smart contract.
- the flag of the destruction command is recorded in the blockchain, so that the trusted execution environment that received the data is stably removed and , it can be guaranteed that the data has been safely erased without being leaked to the outside.
- the manufacturer terminal can obtain the desired data processing results without directly collecting or processing data required for data processing, Because the data required for data processing is not exposed to the manufacturer's terminal, the privacy of the subject who provided the data can be safely protected.
- Figure 1 is a schematic block diagram of a user data management system using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
- Figure 2 is a diagram for explaining a user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
- Figure 3 is a diagram illustrating a user data management method using data processing in a smart contract-based trusted execution environment according to another embodiment of the present invention.
- Figure 4 is a diagram for explaining a method of acquiring first user data of a data-owning terminal according to an embodiment of the present invention.
- Figure 5 is a diagram for explaining a method of acquiring first user data of a data-owning terminal according to another embodiment of the present invention.
- Figure 6 is a diagram for explaining a smart contract according to an embodiment of the present invention.
- Figure 7 is a flowchart illustrating a user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
- Figure 1 is a schematic block diagram of a user data management system using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
- the user data management system 10 using data processing of a smart contract-based trusted execution environment includes a data processing platform server 100, a data ownership terminal 200, and a manufacturer terminal ( 300), and a user data sharing device 400.
- the data processing platform server 100 is a device capable of hosting an online network and capable of specifying a network address, and provides the data owning terminal 200 and the manufacturer terminal 300 with a data processing platform where data is shared online. You can.
- the data processing platform server 100 can perform a series of processes such as creation, distribution, implementation, and termination of smart contracts on the blockchain through the data processing platform.
- the data processing platform server 100 can create a smart contract for data processing and distribute it to the blockchain.
- a smart contract for data processing is an electronic contract that is automatically concluded when preset conditions are met on the blockchain.
- the data processing platform server 100 contains a series of contract contents necessary for data processing, such as data collection, analysis, and result derivation. Recorded smart contracts can be created and deployed on the blockchain.
- Smart contracts are recorded in blocks of the blockchain, so smart contracts can be executed on the blockchain.
- the blockchain is implemented with the Ethereum blockchain, and smart contracts written in Solidity, Viper, etc. can be deployed on the blockchain through the Ethereum Virtual Machine (EVM).
- EVM Ethereum Virtual Machine
- all transactions in the blockchain can be hashed with SHA-256 and the hash value can be stored in the block of the blockchain to protect individual privacy and prevent overload.
- the smart contract distributed by the data processing platform server 100 automatically concludes the contract when a data processing request meeting the preset protocol is received from the manufacturer terminal 300, and the data processing result is returned in response to the data processing request. If so, the contract may be terminated.
- the data processing request relates to a data processing request that can be processed by the data processing platform server 100, and the data processing code required for data processing is provided by the manufacturer terminal 300 or by the data processing platform server 100. may be created.
- the data processing platform server 100 acquires the data processing code provided by the manufacturer terminal 300 to the blockchain and processes the data. It is available for use.
- the data processing platform server 100 when a smart contract is established between the data processing platform server 100 and the manufacturer terminal 300, the data processing platform server 100 independently determines the processing model required for the data processing request and then reads the determined processing model. It can be used for data processing.
- the data processing platform operated by the data processing platform server 100 creates a Trusted Execution Environment (TEE) for data processing when a smart contract is concluded. That is, when the data processing platform server 100 receives a data processing request from the manufacturer terminal 300, it creates a trusted execution environment including a data processing code and an encryption key in response to the data processing request.
- TEE Trusted Execution Environment
- the data processing platform server 100 can create a raw trusted execution environment that is the source of creation of the trusted execution environment.
- the native trusted execution environment refers to a virtual execution environment in which no arbitrary data processing code or encryption key is generated.
- the data processing platform server 100 when a raw trusted execution environment implemented as an image file is created, the data processing platform server 100 generates a hash value for the image file, creates a transaction including the hash value, and records it in the blockchain. can do. Accordingly, the data processing platform server 100 may disclose to the outside world that the original trusted execution environment for creating the trusted execution environment has been created.
- the native trusted execution environment is a safe execution environment provided by an independent secure area, and can be created as an image file to implement a virtual execution environment. However, it is not limited to this, and the native trusted execution environment may be implemented as either a hardware-based solution or a hardware/software-based solution.
- the data processing platform server 100 may create a trusted execution environment including a data processing code and a first encryption key corresponding to the data processing request based on the original trusted execution environment.
- the trusted execution environment is a safe execution environment provided by an independent secure area, and can be created as an image file to implement a virtual execution environment.
- the first encryption key of the trusted execution environment includes the account address of the trusted execution environment, and a mechanism based on a public key-private key pair to indicate the uniqueness of blockchain participants can be used to generate the first encryption key.
- the first encryption key includes a public key that is the account address and a private key that controls the public key. For example, if the trusted execution environment operates on the Ethereum blockchain, the public key may be an externally owned address (EOA).
- EOA externally owned address
- the trusted execution environment generates a 256-bit random number when creating an account address and sets it as the first private key. By applying it to the first private key through an elliptic curve cryptography algorithm, a unique first public key can be extracted. there is.
- the trusted execution environment generates random 256-bit data, encodes the generated 256-bit data into a 64-digit Hex column to generate a first private key, and uses an elliptic curve cryptography algorithm based on the first private key. You can generate a public key. Then, the trusted execution environment converts the public key into a Kecak256 hash value to generate 256-bit binary data, removes the first 96 bits of binary data, and encodes the remaining 160-bit binary data into a Hex column value to generate the first You can create an account address that is a public key.
- the encryption algorithm that generates the public key based on the private key may be used not only with the elliptic curve encryption algorithm, but also with other encryption algorithms such as the RSA (Rivest, Shamir and Adleman) encryption algorithm and the ElGamal encryption algorithm.
- RSA Rivest, Shamir and Adleman
- the first public key of the trusted execution environment created through this process is made public to the outside through blockchain, and data encrypted with the first public key is set to be restored only with the first private key of the trusted execution environment.
- the data processing platform server 100 may generate a hash value for the image file, create a transaction including the hash value, and record it in the blockchain. there is. Accordingly, the data processing platform server 100 can disclose to the outside world that the trusted execution environment corresponding to the smart contract has been safely executed without being tampered with or forged.
- the trusted execution environment may request data collection from the data owning terminal 200 to perform data processing corresponding to the data processing code. To this end, the trusted execution environment can create a transaction requesting the first user data from the data-owning terminal 200 and record it in the blockchain. At this time, the trusted execution environment may deploy a separate smart contract for data collection on the blockchain, but may also create a transaction to notify data collection and record it on the blockchain.
- the trusted execution environment may request data transmission to the data collection target.
- the trusted execution environment can specify the account of a specific data-owning terminal and record a transaction requesting data transmission for the designated data-owning terminal in the blockchain.
- the trusted execution environment may record transactions including data types and contents required for data processing in the blockchain and request data transmission from any data-owning terminal 200.
- the trusted execution environment discloses data collection conditions without specifying the data collection subject, and can collect data from all data-owning terminals 200 that have data that satisfies the data collection conditions.
- the trusted execution environment can perform data processing based on data collected from the data owning terminal 200. Since the trusted execution environment has inbound rules and outbound rules set, only data in a format corresponding to the data processing code is received, and the data processing results are returned to the outside in a certain format.
- the trusted execution environment can perform data processing when the first user data collected from the data owning terminal 200 meets the standards required for data processing. However, since the first user data collected from the data-owning terminal 200 is encrypted with the first public key of the trusted execution environment, the trusted execution environment can decrypt it with the first private key and then process the data according to the data processing code. there is.
- the first user data includes private data encrypted with the second encryption key of the manufacturer terminal 300 and unencrypted device state data. Therefore, the trusted execution environment can perform secondary decryption of encrypted private data for data processing.
- the second encryption key is an asymmetric key consisting of a pair of a second private key and a second public key of the manufacturer terminal 300, and the second public key, which is the account address of the manufacturer terminal 300, is based on the second private key. It was created with
- Private data is data containing personal information of the user using the target device, and may include personal information of the owner of the target device and information on the owner's use of the target device.
- the manufacturer's terminal 300 It can be encrypted and protected with a second public key among the second encryption keys.
- the private data includes the target device of the user using the home appliance, such as the personal information of the owner of the home appliance, the main use time of the home appliance, and the usage habits of the home appliance. May include usage information.
- the private data may include personal information related to the operation of the vehicle, such as personal information of the vehicle owner, vehicle operation records of the vehicle owner, and records of places visited while driving the vehicle.
- Device state data relates to information indicating the objective state of the target device, and unlike private data, it is not encrypted with a second encryption key.
- the device status data may include objective state information related to the device, such as the model name, manufacturing date, and product specifications of the home appliance.
- the device status data relates to basic vehicle information and vehicle parts information such as the vehicle model name, year, mileage, and parts replacement record, and refers to information that excludes personal information of the vehicle owner.
- the trusted execution environment may receive a second private key from the manufacturer terminal 300 to decrypt the encrypted private data among the first user data.
- the trusted execution environment can receive the second private key encrypted with the first public key from the manufacturer terminal 300. Additionally, the trusted execution environment can decrypt the encrypted second private key using the first private key and decrypt the encrypted private data based on the second private key.
- the trusted execution environment can perform data processing if private data and device state data meet the standards required for data processing. For example, when the manufacturer terminal 300 requests the average distance driven during the weekend by male drivers born between 1980 and 1989, the trusted execution environment collects the data necessary for data processing among the collected private data and device status data. You can select and generate data processing results.
- the trusted execution environment can provide the data processing results to the manufacturer terminal 300.
- the trusted execution environment can obtain the second public key provided by the manufacturer terminal 300 when signing a smart contract, and encrypts the data processing results using the second public key of the manufacturer terminal 300 and returns it to the blockchain. can do.
- the smart contract between the data processing platform server 100 and the manufacturer terminal 300 is automatically concluded when a data processing request that meets preset conditions is entered, and when the data processing result corresponding to the data processing request is returned, the smart contract is concluded. This can end. Therefore, when the trusted execution environment encrypts the data processing results, creates a transaction including the encrypted data processing results, and records it in a block of the blockchain, this means that the execution of the smart contract is completed.
- the trusted execution environment has a temporary status that maintains validity only for as long as the smart contract lasts.
- the trusted execution environment is created only when a smart contract distributed on the blockchain is established and a data processing request from the manufacturer terminal 300 is received, and data processing consistent with the contents of the smart contract is completed or due to other circumstances.
- the trusted execution environment is destroyed.
- Destruction of the trusted execution environment means that the environment that forms the trusted execution environment itself is initialized, and a series of data related to the trusted execution environment are erased. Accordingly, the data processing code received from the manufacturer terminal 300 as well as the first user data received from the data-owning terminal 200 for data processing in the trusted execution environment are erased together as the trusted execution environment is destroyed.
- the data processing platform server 100 stores data even after data processing is completed, there is a risk that the data may be leaked by an external malicious attack and may be viewed by the operator of the data processing platform server 100. there is.
- the data processing platform server 100 stores the data received from the data-owning terminal 200 only during the period that the smart contract is maintained, and destroys the trusted execution environment when the smart contract is terminated. At the same time, the stored data is also erased. Accordingly, the data processing platform server 100 prevents data from being leaked to the outside and fundamentally blocks data viewing by the operator of the data processing platform server 100 to protect the privacy of the subject who provided the data. You can.
- the trusted execution environment may record a flag in the blockchain indicating that the destruction command has been executed.
- a flag that cannot be arbitrarily tampered with is created.
- the trusted execution environment can create a transaction including the above flag, record it in the blockchain, and then begin the destruction process.
- the trusted execution environment created for data processing is a virtual execution environment, and at least one is created in the data processing platform server 100 for the execution of a smart contract, and is independently created, destroyed, and initialized depending on the establishment and fulfillment of the contract. It can be. In this way, the data processing platform server 100 can simultaneously execute multiple smart contracts using a trusted execution environment that is independently executed for each smart contract.
- the data possession terminal 200 is a communication device that can access a data processing platform, stores data necessary for data processing, and can run a user data management application necessary for managing the stored data.
- the data-possessing terminal 200 may perform data communication with the in-vehicle user data sharing device 400 through a user data management application and receive first user data.
- the first user data includes private data encrypted with the second public key of the manufacturer terminal 300 and unencrypted device state data. Accordingly, the data-owning terminal 200 does not display information about encrypted private data to the user, and can only display information about unencrypted device state data to the user. This is to fundamentally prevent sensitive personal information from being leaked to the outside, and encryption of private data is performed in the user data sharing device 400.
- the data owning terminal 200 may provide the first user data to the data processing platform server 100 through a user data management application. .
- the data-owning terminal 200 may refer to an individual's terminal, but may also refer to a data storage that stores data of multiple subjects.
- the data possessing terminal 200 may be a personal computer (PC), a smart phone, a tablet PC, a mobile internet device (MID), an internet tablet, or an internet of things (IoT) device.
- PC personal computer
- MID mobile internet device
- IoT internet of things
- It may be at least one of an IoE (internet of everything) device, a desktop computer, a laptop computer, a workstation computer, a Wibro (Wireless Broadband Internet) terminal, and a PDA (Personal Digital Assistant). It is not limited.
- An application that scans the blockchain is executed on the data-owning terminal 200, and data requests from the trusted execution environment can be confirmed by checking transactions recorded in the blockchain.
- the data-owning terminal 200 can use applications such as Etherescan and Remix to check data requests for the trusted execution environment recorded in the blockchain.
- the data-possessing terminal 200 may obtain the first encryption key recorded along with the data request of the trusted execution environment from the blockchain and encrypt the stored data using the first encryption key. That is, the data-owning terminal 200 can generate a hash value with 256 bits for the first user data using the first public key of the trusted execution environment.
- the data owning terminal 200 may provide the first user data encrypted with a hash value to a trusted execution environment running on the data processing platform server 100.
- the data owning terminal 200 may transmit encrypted data to a trusted execution environment through a data processing platform, but to ensure reliability, a transaction containing the hash value of the encrypted first user data may be created and recorded on the blockchain. It may be possible.
- the data-owning terminal 200 can acquire blockchain coins as compensation for providing data to the data processing platform server 100, and the quantity of coins that can be acquired can be set by the trusted execution environment.
- the subject of the data-owning terminal 200 is the owner of the vehicle, including basic vehicle information and vehicle parts information such as model name, year, mileage, and parts replacement record, as well as personal information, vehicle operation records, and records of places visited during vehicle operation. Since information related to the user's privacy, such as personal information related to the operation of the user, is provided to the data processing platform server 100, there may be anxiety about exposure of personal information.
- the data-owning terminal 200 can scan the blockchain through an application to check the flag of the destroy command recorded in the blockchain.
- the flag of the destruction command for the trusted execution environment is scanned by the data owning terminal 200, it can be ensured that the trusted execution environment and data have been safely erased.
- the manufacturer terminal 300 is a terminal that creates a data processing request that matches the smart contract, provides a transaction including the data processing request to the blockchain, and concludes a smart contract with the data processing platform server 100.
- the manufacturer terminal 300 may be a personal computer (PC), a smart phone, a tablet PC, a mobile internet device (MID), an internet tablet, an internet of things (IoT) device, It may be at least one of an Internet of Everything (IoE) device, a desktop computer, a laptop computer, a workstation computer, a Wireless Broadband Internet (Wibro) terminal, and a Personal Digital Assistant (PDA).
- PC personal computer
- a smart phone a tablet PC
- MID mobile internet device
- IoT internet of things
- IoE Internet of Everything
- desktop computer a laptop computer
- workstation computer a Wireless Broadband Internet (Wibro) terminal
- Wibro Wireless Broadband Internet
- PDA Personal Digital Assistant
- the manufacturer terminal 300 can provide the data processing code required for data processing when concluding a smart contract as a transaction along with a data processing request, and the account of the specific data-owning terminal 200 can be entered into the transaction to also specify the data collection subject. You can also provide it.
- the manufacturer terminal 300 may provide the second private key of the manufacturer terminal 300 to the trusted execution environment so that the trusted execution environment can decrypt the encrypted private data, using the first public key for data security. After encrypting the second private key, the encrypted second private key may be provided to the trusted execution environment.
- the manufacturer terminal 300 may provide the second public key of the manufacturer terminal 300 as a transaction along with a data processing request when concluding a smart contract.
- the manufacturer terminal 300 can obtain data processing results from the blockchain as the smart contract is implemented, and obtain data processing results that meet the data processing request by decrypting the encrypted data processing results with the second private key. .
- the manufacturer terminal 300 can obtain desired results without directly collecting or processing data required for data processing.
- the data required for data processing is not exposed to the subject of the manufacturer terminal 300, the privacy of the subject who provided the data can be safely protected.
- the user data sharing device 400 is a device that is mounted on a target device and collects user data.
- the target device is a home appliance such as a refrigerator or washing machine, it may be composed of a built-in processor such as a CPU or an application processor (AP). It is not limited to this, and any type of module that performs data collection can be adopted.
- the user data sharing device 400 is connected to the vehicle's CAN (Controller Area Network) bus and transmits and receives data from an ECU (electronic control unit), MCU (Micro Controller Unit) or other lower-level controller. Data can be collected.
- CAN Controller Area Network
- the user data sharing device 400 can collect and store the collected data by dividing it into private data and device status data.
- the user data sharing device 400 encrypts the private data based on the pre-stored second public key of the manufacturer terminal 300, and separates the encrypted private data and the unencrypted data.
- Device status data may be provided to the data-owning terminal 200 as first user data.
- the user data sharing device 400 may perform wired or wireless communication with the data owning terminal 200.
- the user data sharing device 400 communicates with the data-owning terminal 200 through USB communication, Bluetooth, Radio Frequency Identification (RFID), infrared data association (IrDA), Ultra Wideband (UWB), and ZigBee ( Communication technologies such as ZigBee can be used, so it is not limited to any one communication method.
- RFID Radio Frequency Identification
- IrDA infrared data association
- UWB Ultra Wideband
- ZigBee Communication technologies such as ZigBee can be used, so it is not limited to any one communication method.
- Figure 2 is a diagram for explaining a user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
- the data processing platform server 100 can create a smart contract (SC) for data processing and distribute it to the blockchain (BC), and a smart contract (SC) is included in the block of the blockchain (BC). is recorded so that a smart contract (SC) can be executed on the blockchain (BC).
- SC smart contract
- the smart contract automatically concludes the contract when a transaction containing a data processing request (QUE1) that meets the preset protocol is provided to the blockchain (BC) from the manufacturer terminal 300, and the data processing request (QUE1) ) ends when the data processing results that meet the criteria are returned.
- the manufacturer terminal 300 can provide a data processing request (QUE1) conforming to a smart contract (SC) to the blockchain (BC) to obtain data processing results.
- QUE1 data processing request
- SC smart contract
- BC blockchain
- the data processing platform server 100 sends a data processing code and a first encryption key in response to the data processing request (QUE1).
- QUE1 data processing request
- the data processing code may refer to the data processing model provided by the manufacturer terminal 300 to the blockchain.
- the trusted execution environment can create a transaction including a data request (QUE2) to the data-owning terminal 200 and record it in the blockchain (BC).
- QUE2 data request
- BC blockchain
- the data owning terminal 200 can obtain the first encryption key recorded with the data request (QUE2) of the trusted execution environment from the blockchain (BC) and encrypt the stored first user data using the first encryption key. there is.
- the data owning terminal 200 creates a transaction containing the hash value (DAT1') of the encrypted first user data and records it in the blockchain (BC). You can.
- the manufacturer terminal 300 can obtain the first encryption key recorded along with the data request (QUE2) of the trusted execution environment from the blockchain (BC).
- QUE2 data request
- the first encryption key of the data processing platform server 100 may be obtained when entering into a smart contract.
- the manufacturer terminal 300 encrypts the second encryption key based on the first encryption key, and uses a hash value (KEY2) of the encrypted second encryption key to provide the second encryption key encrypted with the hash value as a trusted execution environment. Transactions containing this can be created and recorded on the blockchain (BC).
- KEY2 hash value of the encrypted second encryption key
- the trusted execution environment can perform data processing when the data collected from the data owning terminal 200 meets the standards required for data processing. Since the first user data obtained from the blockchain (BC) is encrypted with the first public key of the trusted execution environment, the trusted execution environment decrypts the hash value (DAT1') of the encrypted data with the first private key to obtain the encrypted private data. and unencrypted device state data can be generated.
- DAT1' hash value
- the trusted execution environment can decrypt the private data encrypted with the second public key with the second private key and then perform data processing according to the data processing code.
- the trusted execution environment can encrypt the data processing results using the second public key of the manufacturer terminal 300 and return the encrypted data processing results (RES) to the blockchain.
- RES encrypted data processing results
- the smart contract (SC) is terminated when the data processing result (RES) matching the data processing request (QUE1) is returned.
- the trusted execution environment can confirm that the execution of the smart contract has been completed by checking whether the data processing result (RES) has been recorded in the blockchain.
- the trusted execution environment running on the data processing platform server 100 enters destruction mode. As the trusted execution environment is destroyed, the data received from the data-owning terminal 200 for data processing is also deleted from the data processing platform server 100.
- the manufacturer terminal 300 acquires the encrypted data processing result (RES) recorded in the blockchain (BC) and decrypts the encrypted data processing result (RES) with the second private key to produce a data processing result that meets the data processing request. can be obtained.
- RES encrypted data processing result
- BC blockchain
- RES encrypted data processing result
- Figure 3 is a diagram illustrating a user data management method using data processing in a smart contract-based trusted execution environment according to another embodiment of the present invention.
- the data processing platform server 100 can create a smart contract (SC) for data processing and distribute it to the blockchain (BC), and a smart contract (SC) is included in the block of the blockchain (BC). is recorded so that a smart contract (SC) can be executed on the blockchain (BC).
- SC smart contract
- the smart contract automatically concludes the contract when a transaction containing a data processing request (QUE1) that meets the preset protocol is provided to the blockchain (BC) from the manufacturer terminal 300, and the data processing request (QUE1) ) ends when a data processing result (RES) that meets the criteria is returned.
- QUE1 data processing request
- RES data processing result
- the manufacturer terminal 300 can provide a data processing request (QUE1) conforming to a smart contract (SC) to the blockchain (BC) to obtain a data processing result (RES).
- QUE1 data processing request
- SC smart contract
- RES data processing result
- the data processing platform server 100 sends a data processing code and a first encryption key in response to the data processing request (QUE1).
- QUE1 data processing request
- the data processing code may refer to the data processing model provided by the manufacturer terminal 300 to the blockchain (BC).
- the trusted execution environment can perform a data request (QUE2') to the data owning terminal 200 through the data processing platform in order to perform data processing corresponding to the data processing code.
- QUE2' data request
- the trusted execution environment can publicly perform a data request (QUE2') for data collection through the data processing platform.
- the data owning terminal 200 may provide the stored first user data (DAT1) to the data processing platform server 100 through the data processing platform in response to the data request (QUE2'). At this time, the data-owning terminal 200 may encrypt the data (DAT1) with the first encryption key of the trusted execution environment and provide only the hash value.
- DAT1 stored first user data
- QUE2' data request
- the data-owning terminal 200 may encrypt the data (DAT1) with the first encryption key of the trusted execution environment and provide only the hash value.
- the first user data (DAT1) includes encrypted private data and unencrypted device state data
- sensitive personal information will be protected even if the first user data (DAT1) is leaked to the outside due to a malicious attack. You can.
- the manufacturer terminal 300 acquires the first encryption key (KEY1) from the data processing platform server at the time of signing the smart contract (SC) or thereafter, and generates the second encryption key based on the first encryption key (KEY1). It can be encrypted.
- the manufacturer terminal 300 creates a transaction containing the hash value (KEY2) of the encrypted second encryption key and records it in the blockchain (BC). can do.
- the trusted execution environment can obtain the hash value (KEY2) of the second encryption key encrypted from the blockchain (BC) and then decrypt the second encryption key based on the first encryption key.
- the trusted execution environment can perform data processing when the first user data (DAT1) collected from the data owning terminal 200 meets the standards required for data processing.
- DAT1 first user data
- the trusted execution environment decrypts the encrypted private data using the second private key, Data processing can be performed according to the data processing code.
- the trusted execution environment can encrypt the data processing results using the second public key of the manufacturer terminal 300 and return the encrypted data processing results (RES) to the blockchain.
- RES encrypted data processing results
- the smart contract (SC) between the data processing platform server 100 and the manufacturer terminal 300 is terminated when the data processing result (RES) matching the data processing request (QUE1) is returned. Therefore, when the data processing result (RES) is returned and the smart contract (SC) is terminated, the trusted execution environment running on the data processing platform server 100 is destroyed. As the trusted execution environment is destroyed, the data received from the data-owning terminal 200 for data processing is also deleted from the data processing platform server 100.
- the manufacturer terminal 300 acquires the encrypted data processing result (RES) recorded in the blockchain (BC) and decrypts the encrypted data processing result (RES) with the second private key to produce a data processing result that meets the data processing request. can be obtained.
- RES encrypted data processing result
- BC blockchain
- RES encrypted data processing result
- FIG 4 is a diagram for explaining a method of acquiring first user data of a data-owning terminal according to an embodiment of the present invention.
- a vehicle CAR
- the target device is not limited to this and the target device may be a home appliance such as a TV or refrigerator in addition to a vehicle.
- the user data sharing device 400 is a device that is mounted on a vehicle (CAR), which is a target device, and collects user data. It is connected to the CAN (Controller Area Network) bus of the vehicle (CAR) and connects to the ECU (electronic Control unit), MCU (Micro Controller Unit), or other sub-controllers can transmit and receive data.
- CAR Vehicle
- CAN Controller Area Network
- the user data sharing device 400 can collect and store the collected data by dividing it into private data (I_DAT) and device status data (P_DAT).
- I_DAT private data
- P_DAT device status data
- the private data may include personal information related to the operation of the vehicle, such as the vehicle owner's personal information, the vehicle owner's vehicle operation record, and records of places visited during vehicle operation.
- the device status data may include information representing the objective status of the vehicle, such as the vehicle model name, year, mileage, and parts replacement record.
- the user data sharing device 400 When receiving a data request from the data-owning terminal 200, the user data sharing device 400 encrypts the private data based on the pre-stored second public key of the manufacturer terminal 300, and separates the encrypted private data and the unencrypted data.
- Device status data may be provided to the data owning terminal 200 as first user data (DAT1).
- the data possession terminal 200 is a communication device that can access a data processing platform, stores data necessary for data processing, and can run a user data management application necessary for managing the stored data.
- the data owning terminal 200 may perform data communication with the user data sharing device 400 in the vehicle (CAR) through a user data management application, and receive and store first user data (DAT1).
- CAR vehicle
- DAT1 first user data
- the data-owning terminal 200 does not display information about encrypted private data to the user, and can only display information about unencrypted device state data to the user. This is to fundamentally prevent an individual's sensitive personal information from being leaked to the outside world.
- FIG. 5 is a diagram for explaining a method of acquiring first user data of a data-owning terminal according to another embodiment of the present invention.
- a refrigerator (REF) is shown as an example of a target device according to an embodiment of the present invention, but the present invention is not limited thereto.
- the user data sharing device 400 is a device mounted on a refrigerator (REF) to collect user data. It may be comprised of a processor such as a built-in CPU or an application processor (AP), but is not limited to this. Any kind of module that performs data collection can be adopted.
- a processor such as a built-in CPU or an application processor (AP)
- AP application processor
- the user data sharing device 400 can collect and store the collected data by dividing it into private data (I_DAT) and device status data (P_DAT).
- I_DAT private data
- P_DAT device status data
- the private data (I_DAT) may include target device usage information of the user using the home appliance, such as personal information of the owner of the refrigerator (REF), main usage time, and usage habits for the refrigerator (REF).
- target device usage information of the user using the home appliance such as personal information of the owner of the refrigerator (REF), main usage time, and usage habits for the refrigerator (REF).
- the device status data (P_DAT) may include objective status information related to the refrigerator (REF), such as the model name, manufacturing date, and product specifications of the refrigerator (REF).
- the user data sharing device 400 When receiving a data request from the data-owning terminal 200, the user data sharing device 400 encrypts the private data based on the pre-stored second public key of the manufacturer terminal 300, and separates the encrypted private data and the unencrypted data.
- Device status data may be provided to the data owning terminal 200 as first user data (DAT1).
- the data possession terminal 200 is a communication device that can access a data processing platform, stores data necessary for data processing, and can run a user data management application necessary for managing the stored data.
- the data owning terminal 200 may perform data communication with the user data sharing device 400 in the refrigerator (REF) through a user data management application, and receive and store first user data (DAT1).
- REF refrigerator
- DAT1 first user data
- the data-owning terminal 200 does not display information about encrypted private data to the user, and can only display information about unencrypted device state data to the user. This is to fundamentally prevent an individual's sensitive personal information from being leaked to the outside world.
- Figure 6 is a diagram for explaining a smart contract according to an embodiment of the present invention.
- the data processing platform server 100 can create a smart contract for data processing and distribute it to the blockchain, and when a smart contract is concluded with the manufacturer terminal 300, a trusted execution environment for data processing is created. can be created.
- the data processing platform server 100 can create multiple smart contracts and distribute them to the blockchain. If multiple different data processing is requested for one smart contract, multiple different trusted execution environments may be created. .
- the trusted execution environment created for data processing is a virtual execution environment, and at least one may be created in the data processing platform server 100 to execute a smart contract. That is, even if 10 smart contracts are distributed on the blockchain, if only 2 smart contracts are concluded, the data processing platform server 100 can execute the two trusted execution environments to fulfill the contract.
- each smart contract may have different settings for whether performance is completed normally, performance period, and performance method, each smart contract undergoes a series of processes of creation and destruction independently depending on the establishment and performance of the contract. .
- the data processing platform server 100 may conclude a first smart contract (SC1) with the first manufacturer terminal (300A) and a second smart contract (SC2) with the second manufacturer terminal (300B).
- the data processing platform server 100 creates a first trusted execution environment (VM1) corresponding to the conclusion of the first smart contract (SC1), and a second trusted execution environment (VM1) corresponding to the conclusion of the second smart contract (SC2).
- VM1 can be created.
- the data processing platform server 100 executes the trusted execution environment only for the concluded smart contracts. do.
- the first trusted execution environment (VM1) and the second trusted execution environment (VM2) are virtual machines created based on different contract details and run independently of each other, so one trusted execution environment does not affect the other trusted execution environment. It is impossible. Therefore, even if the first trusted execution environment (VM1) is destroyed according to the performance of the contract, the second trusted execution environment (VM2) is not affected and continues to perform the data processing process according to the contents of the second smart contract (SC2). can do.
- the data processing platform server 100 can execute multiple smart contracts simultaneously using a trusted execution environment that is independently executed for each smart contract, and by using an independent data processing space that is impossible to intrude, data may be leaked or mixed. risks can be prevented.
- Figure 7 is a flowchart illustrating a user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
- the trusted execution environment running on the data processing platform server 100 can be created in response to a data processing request received from the manufacturer terminal 300 according to a smart contract distributed on a blockchain (BC). and may include data processing code and encryption key (S100).
- BC blockchain
- S100 data processing code and encryption key
- the trusted execution environment can obtain the first user data encrypted by the first encryption key from the data-owning terminal 200, and obtain the hash value recorded in the blockchain (BC) as the first user data or the data Data can be received directly from the data owning terminal 200 through the processing platform (S110).
- the trusted execution environment can primarily decrypt the first user data encrypted based on the first encryption key. That is, the trusted execution environment can decrypt the encrypted first user data using the first public key among the first encryption keys and generate unencrypted first user data (S120).
- the trusted execution environment can generate private data by secondarily decrypting the first user data based on the second encryption key of the manufacturer terminal 300 (S130). That is, the trusted execution environment can decrypt the encrypted private data among the first user data using the second private key of the manufacturer terminal 300.
- the trusted execution environment can generate data processing results by processing the decrypted private data according to the data processing code (S140), and if necessary for data processing, device status data among the first user data is also processed according to the data processing code.
- data processing results can be generated.
- the trusted execution environment can provide the encrypted data processing results to the manufacturer terminal 300 by encrypting the data processing results using the second public key of the manufacturer terminal 300 and returning them to the blockchain (S150). .
- the trusted execution environment can be destroyed by executing a destruction command as the implementation of the smart contract is completed (S160).
- the steps of the user data management method or algorithm using data processing of the smart contract-based trusted execution environment described in relation to the embodiment of the present invention are implemented directly in hardware, implemented in a software module executed by hardware, or one of these. It can be implemented by combination.
- the software module may be RAM (Random Access Memory), ROM (Read Only Memory), EPROM (Erasable Programmable ROM), EEPROM (Electrically Erasable Programmable ROM), Flash Memory, hard disk, removable disk, CD-ROM, or It may reside on any type of computer-readable recording medium well known in the art to which the present invention pertains.
- the trusted execution environment is destroyed and the stored data is also erased, thereby preventing the collected data from being leaked to the outside and preventing data viewing by the operator of the data processing platform server. You can protect the privacy of data subjects by blocking them.
- personal usage information on target devices such as cars, TVs, refrigerators, and vacuum cleaners is fundamentally encrypted and is not disclosed to the data subject, and is used only under specific analysis conditions according to the data subject's will.
- the privacy of individuals related to vehicle operation can be protected.
- multiple smart contracts can be implemented simultaneously using a trusted execution environment that is independently executed for each smart contract.
- the present invention by recording the flag of the destruction command in the blockchain, it is possible to ensure that the trusted execution environment in which the data was provided is stably removed and that the data is safely erased without being leaked to the outside.
- the manufacturer's terminal can obtain the desired data processing results without directly collecting or processing the data required for data processing, and since the data required for data processing is not exposed to the manufacturer's terminal, the subject who provided the data is not exposed. Privacy can be safely protected.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
A method of the present invention for managing user data by using data processing of a trusted execution environment based on a smart contract comprises the steps of: a data processing platform server generating, according to a smart contract distributed on a blockchain, a trusted execution environment including a data processing code and a first encryption key in response to a data processing request received from a manufacturer terminal; the trusted execution environment obtaining, from a data-owned terminal, first user data encoded by the first encryption key; the trusted execution environment primarily decoding the encoded first user data on the basis of the first encryption key; the trusted execution environment generating private data by secondarily decoding the first user data on the basis of a second encryption key of the manufacturer terminal; the trusted execution environment generating a result of data processing by processing the private data according to the data processing code; the trusted execution environment providing the result of data processing to the manufacturer terminal; and the trusted execution environment being canceled according to the smart contract.
Description
본 발명은 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법에 관한 것이다.The present invention relates to a user data management method using data processing in a smart contract-based trusted execution environment.
블록체인(Blockchain): 블록체인은 탈중앙화된 분산 시스템이다. 탈중앙화란 기능 수행을 위해 하나의 중앙기관이 존재하지 않고 다수의 참여자가 함께 수행해 나가는 것을 의미한다. 기본적으로 블록체인 네트워크는 P2P 네트워크로 구성이 되며, 합의 알고리즘을 활용하여 공통된 과정을 거쳐 블록을 생성한다. 해시의 활용은 블록체인에서 핵심적이며 해시와 함께 다수의 참여자가 같은 데이터를 통해 같은 처리를 한다는 점이 결합하여 데이터의 위변조를 방지한다.Blockchain: Blockchain is a decentralized distributed system. Decentralization means that there is no single central organization to perform a function, but rather multiple participants perform the function together. Basically, the blockchain network is composed of a P2P network, and blocks are created through a common process using a consensus algorithm. The use of hash is key in blockchain, and the combination of hash and the fact that multiple participants perform the same processing on the same data prevents forgery and falsification of data.
스마트 계약(smart contract)은 자산 및 신뢰에 대한 부분을 다루는 블록체인을 기반으로 하여 계약의 이행이 자동으로 이루어질 수 있게 도와주는 일련의 프로그래밍 코드이다. 개발자가 작성한 코드 내용이 블록체인의 한 블록에 존재하며, 사용자들은 스마트 계약 주소에 접근하여 해당 코드를 실행시킬 수 있다.A smart contract is a set of programming codes that help automatically execute contracts based on blockchain, which deals with assets and trust. The content of the code written by the developer exists in one block of the blockchain, and users can access the smart contract address and execute the code.
스마트 계약이라고 부르는 이유는 일반적 거래 내용처럼 스마트 컨트랙트의 코드 내용도 블록 정보에 포함되기 때문에 조작이 불가능하고, 코딩된 내용에 따라 프로그램이 동작하므로 계약과 같이 정해진 내용을 작업하기에 적합하기 때문이다.The reason it is called a smart contract is because, like general transaction content, the code content of a smart contract is included in the block information, so it cannot be manipulated, and since the program operates according to the coded content, it is suitable for working with specified content such as a contract.
이더리움에서 작성되는 스마트 컨트랙트는 Solidity 언어를 활용하며, EVM 위에서 동작한다. 이더리움 스마트 계약을 전문적으로 실행하기 위한 가상머신을 이더리움 가상머신(Ethereum Virtual Machine, EVM)이라고 칭하고, 이더리움 스마트 계약은 solidity, viper 등 언어로 작성되며, 블록체인 분야에서 널리 응용되어 사용중에 있다.Smart contracts written on Ethereum utilize the Solidity language and operate on EVM. The virtual machine for professionally executing Ethereum smart contracts is called the Ethereum Virtual Machine (EVM). Ethereum smart contracts are written in languages such as solidity and viper, and are widely applied and used in the blockchain field. there is.
이더리움 네트워크의 스마트 컨트랙트에 대한 정보를 제공하는 방법으로 여러 모니터링 웹어플이케이션이 존재하며, 가장 대표적으로 이더리움에서 자체적으로 제공하는 이더스캔(Etherescan)과, 시각적인 형태로 정보를 제공하는 알비오(Alvio), Solidity IDE인 리믹스(Remix) 등이 존재한다.There are several monitoring web applications that provide information about smart contracts on the Ethereum network, the most representative of which are Ethereum's own Etherscan and RB, which provides information in a visual form. There are Alvio and Remix, a Solidity IDE.
본 발명이 이루고자 하는 기술적인 과제는, 데이터 처리 주체의 데이터 열람을 차단하고, 데이터의 외부 유출을 방지하며, 데이터를 제공한 주체의 프라이버시를 안전하게 보호할 수 있는 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법을 제공하는 것이다.The technical task to be achieved by the present invention is data processing in a smart contract-based trusted execution environment that can block the data processing subject from viewing the data, prevent external leakage of data, and safely protect the privacy of the data provider. It provides a user data management method using .
본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법은, 블록체인 상에 배포된 스마트 계약에 따라 제조자 단말기로부터 수신된 자료처리 요청에 응답하여 데이터 처리 플랫폼 서버에서 자료처리 코드와 제1 암호화키를 포함하는 신뢰실행환경이 생성되는 단계와, 상기 신뢰실행환경이 상기 제1 암호화키에 의해 암호화된 제1 사용자 데이터를 데이터 소유 단말기로부터 획득하는 단계와, 상기 신뢰실행환경이 상기 제1 암호화키를 기초로 상기 암호화된 제1 사용자 데이터를 1차적으로 복호화하는 단계와, 상기 신뢰실행환경이 상기 제조자 단말기의 제2 암호화키를 기초로 제1 사용자 데이터를 2차적으로 복호화하여 프라이빗 데이터를 생성하는 단계와, 상기 신뢰실행환경이 상기 프라이빗 데이터를 상기 자료처리 코드에 따라 처리하여 자료처리 결과를 생성하는 단계와, 상기 신뢰실행환경이 상기 자료처리 결과를 상기 제조자 단말기에 제공하는 단계와, 상기 신뢰실행환경이 상기 스마트 계약에 따라 파기되는 단계를 포함한다.The user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention is a data processing platform server in response to a data processing request received from a manufacturer terminal according to a smart contract distributed on a blockchain. A step of creating a trusted execution environment including a data processing code and a first encryption key, the trusted execution environment obtaining first user data encrypted by the first encryption key from a terminal owning the data, and the trust The execution environment primarily decrypts the encrypted first user data based on the first encryption key, and the trusted execution environment secondarily decrypts the first user data based on the second encryption key of the manufacturer terminal. generating private data by decrypting it, the trusted execution environment processing the private data according to the data processing code to generate a data processing result, and the trusted execution environment sending the data processing result to the manufacturer terminal. It includes the step of providing to and the step of destroying the trusted execution environment according to the smart contract.
실시 예에 따라, 상기 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법은, 상기 신뢰실행환경이 생성되는 단계 이후에, 상기 신뢰실행환경이 제1 사용자 데이터를 요청하는 트랜잭션을 생성하여 상기 블록체인에 기록하는 단계를 더 포함할 수 있다.According to an embodiment, the user data management method using data processing of the smart contract-based trusted execution environment includes, after the step of creating the trusted execution environment, the trusted execution environment creates a transaction requesting first user data. The step of recording in the blockchain may be further included.
실시 예에 따라, 상기 제1 암호화키는 상기 신뢰실행환경의 제1 개인키와 제1 공개키의 쌍으로 이루어진 비대칭키이며, 상기 제1 공개키는 상기 제1 개인키에 기초하여 생성된 것으로서, 상기 블록체인에서 상기 신뢰실행환경의 어카운트 주소일 수 있다.Depending on the embodiment, the first encryption key is an asymmetric key consisting of a pair of a first private key and a first public key of the trusted execution environment, and the first public key is generated based on the first private key. , It may be the account address of the trusted execution environment in the blockchain.
실시 예에 따라, 상기 암호화된 제1 사용자 데이터는 상기 신뢰실행환경의 상기 제1 공개키에 의해서 암호화된 것일 수 있다.Depending on the embodiment, the encrypted first user data may be encrypted using the first public key of the trusted execution environment.
실시 예에 따라, 상기 제2 암호화키는상기 제조자 단말기의 제2 개인키와 제2 공개키의 쌍으로 이루어진 비대칭키이며, 상기 제2 공개키는 상기 제2 개인키에 기초하여 생성된 것으로서, 상기 블록체인에서 상기 제조자 단말기의 어카운트 주소일 수 있다.According to the embodiment, the second encryption key is an asymmetric key consisting of a pair of a second private key and a second public key of the manufacturer's terminal, and the second public key is generated based on the second private key, It may be the account address of the manufacturer's terminal in the blockchain.
실시 예에 따라, 상기 제1 사용자 데이터는 상기 프라이빗 데이터를 상기 제2 공개키로 암호화한 데이터와 암호화되지 않은 기기 상태 데이터를 포함할 수 있다.Depending on the embodiment, the first user data may include data encrypted with the private data using the second public key and unencrypted device state data.
실시 예에 따라, 상기 프라이빗 데이터는 대상 기기의 소유주의 개인 정보와 상기 소유주의 대상 기기 사용정보를 포함하고, 상기 기기 상태 데이터는 상기 대상 기기의 객관적인 상태를 나타내는 정보를 포함할 수 있다.Depending on the embodiment, the private data may include personal information of the owner of the target device and the owner's usage information of the target device, and the device status data may include information indicating the objective status of the target device.
실시 예에 따라, 상기 제1 사용자 데이터는 대상 기기의 사용자 데이터 공유장치에서 상기 데이터 소유 단말기로 전송되어 저장된 데이터일 수 있다Depending on the embodiment, the first user data may be data transmitted and stored from the user data sharing device of the target device to the data-owning terminal.
실시 예에 따라, 상기 프라이빗 데이터를 생성하는 단계는, 상기 신뢰실행환경이 제1 공개키에 의해 암호화된 제2 개인키를 상기 제조자 단말기로부터 획득하는 단계와, 상기 신뢰실행환경이 제1 개인키를 기초로 상기 암호화된 제2 개인키를 복호화하는 단계와, 상기 신뢰실행환경이 제2 개인키를 기초로 제1 사용자 데이터를 복호화하여 상기 프라이빗 데이터를 생성하는 단계를 포함하고, 상기 제1 암호화키는 상기 신뢰실행환경의 상기 제1 개인키와 상기 제1 공개키의 쌍으로 이루어진 비대칭키이며, 상기 제2 암호화키는 상기 제조자 단말기의 상기 제2 개인키와 제2 공개키의 쌍으로 이루어진 비대칭키일 수 있다.According to an embodiment, the step of generating the private data includes the step of the trusted execution environment obtaining a second private key encrypted by the first public key from the manufacturer terminal, and the trusted execution environment obtaining the first private key Decrypting the encrypted second private key based on the encrypted second private key, and generating the private data by the trusted execution environment decrypting the first user data based on the second private key, and decrypting the first user data based on the second private key. The key is an asymmetric key consisting of a pair of the first private key and the first public key of the trusted execution environment, and the second encryption key consists of a pair of the second private key and the second public key of the manufacturer terminal. It may be an asymmetric key.
실시 예에 따라, 상기 신뢰실행환경은 상기 스마트 계약이 존속되는 기간 동안에만 유효성을 유지하는 가상 실행환경일 수 있다Depending on the embodiment, the trusted execution environment may be a virtual execution environment that maintains validity only for the period that the smart contract lasts.
실시 예에 따라, 상기 제조자 단말기에 제공하는 단계는, 상기 제2 암호화키를 이용하여 상기 자료처리 결과를 암호화하고 상기 블록체인에 반환함으로써, 상기 자료처리 결과를 상기 제조자 단말기에 제공할 수 있다.Depending on the embodiment, in the step of providing to the manufacturer terminal, the data processing result may be provided to the manufacturer terminal by encrypting the data processing result using the second encryption key and returning it to the blockchain.
실시 예에 따라, 상기 스마트 계약에 따라 파기되는 단계는, 파기 명령어를 실행하는 단계와, 상기 자료처리 코드, 상기 제1 사용자 데이터, 및 프라이빗 데이터를 포함하는 신뢰실행환경이 삭제되는 단계를 포함할 수 있다.Depending on the embodiment, the step of destroying the smart contract may include executing a destruction command and deleting the trusted execution environment including the data processing code, the first user data, and the private data. You can.
실시 예에 따라, 상기 파기 명령어를 실행하는 단계는, 상기 파기 명령어를 실행하고, 상기 파기 명령어의 실행을 나타내는 플래그를 생성한 후, 상기 플래그를 포함하는 트랜잭션을 생성하여 상기 블록체인에 기록할 수 있다.Depending on the embodiment, the step of executing the destroy command may include executing the destroy command, generating a flag indicating execution of the destroy command, and then creating a transaction including the flag and recording it in the blockchain. there is.
실시 예에 따라, 상기 신뢰실행환경은 상기 데이터 처리 플랫폼 서버에서 상기 스마트 계약의 이행을 위해 적어도 하나가 생성될 수 있다.Depending on the embodiment, at least one trusted execution environment may be created in the data processing platform server for execution of the smart contract.
실시 예에 따라, 상기 신뢰실행환경이 생성되는 단계는, 임의의 자료처리 코드 및 상기 제1 암호화키가 생성되지 않은 원시 신뢰실행환경을 생성하는 단계와, 상기 원시 신뢰실행환경을 기초로 상기 자료처리 요청에 대응하는 상기 자료처리 코드와 상기 제1 암호화키를 포함하는 상기 신뢰실행환경을 생성하는 단계를 포함할 수 있다.According to the embodiment, the step of creating the trusted execution environment includes generating a raw trusted execution environment in which no arbitrary data processing code and the first encryption key are generated, and the data based on the raw trusted execution environment. It may include generating the trusted execution environment including the data processing code and the first encryption key corresponding to the processing request.
실시 예에 따라, 상기 원시 신뢰실행환경을 생성하는 단계는, 상기 원시 신뢰실행환경의 제1 이미지 파일을 생성하고, 상기 제1 이미지 파일에 대한 제1 해시값을 생성하고, 상기 제1 해시값을 포함하는 트랜잭션을 생성하여 상기 블록체인에 기록할 수 있다.According to an embodiment, the step of creating the raw trusted execution environment includes generating a first image file of the raw trusted execution environment, generating a first hash value for the first image file, and generating the first hash value. A transaction containing can be created and recorded on the blockchain.
실시 예에 따라, 상기 자료처리 요청에 대응하는 상기 자료처리 코드와 상기 제1 암호화키를 포함하는 상기 신뢰실행환경을 생성하는 단계는, 상기 신뢰실행환경의 제2 이미지 파일을 생성하고, 상기 제2 이미지 파일에 대한 제2 해시값을 생성하고, 상기 제2 해시값을 포함하는 트랜잭션을 생성하여 상기 블록체인에 기록할 수 있다.According to an embodiment, the step of generating the trusted execution environment including the data processing code corresponding to the data processing request and the first encryption key includes generating a second image file of the trusted execution environment, and 2 A second hash value for the image file can be generated, and a transaction including the second hash value can be created and recorded in the blockchain.
본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법에 의하면, 스마트 계약이 종료되는 경우 신뢰실행환경을 파기함과 동시에 저장된 데이터도 소거함으로써, 수집된 데이터가 외부로 유출되는 것을 방지하고, 데이터 처리 플랫폼 서버의 운영 주체에 의한 데이터 열람을 원천적으로 차단하여 데이터 주체의 프라이버시를 보호할 수 있다.According to the user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention, when the smart contract is terminated, the trusted execution environment is destroyed and the stored data is also erased, so that the collected data is not externally transmitted. It is possible to protect the privacy of data subjects by preventing data leakage and fundamentally blocking data viewing by the operator of the data processing platform server.
또한, 본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법에 의하면, 자동차, TV, 냉장고, 청소기 등 대상 기기에 대한 개인적인 사용정보를 원천적으로 암호화하며 데이터 주체에게도 공개되지 않고, 데이터 주체의 의사에 따라 특정한 분석조건 하에서만 제한적으로 이용함으로써, 차량의 운행과 관련된 개인의 프라이버시를 보호할 수 있다. In addition, according to the user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention, personal usage information on target devices such as cars, TVs, refrigerators, and vacuum cleaners is fundamentally encrypted and is also provided to data subjects. By not making it public and using it only under specific analysis conditions according to the wishes of the data subject, the privacy of individuals related to the operation of the vehicle can be protected.
또한, 본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법에 의하면, 스마트 계약마다 독립적으로 실행되는 신뢰실행환경을 이용하여 다수의 스마트 계약들을 동시에 이행할 수 있다.In addition, according to the user data management method using data processing of a smart contract-based trusted execution environment according to an embodiment of the present invention, multiple smart contracts can be implemented simultaneously using a trusted execution environment that is independently executed for each smart contract. .
또한, 본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법에 의하면, 파기 명령어의 플래그를 블록체인에 기록함으로써, 데이터를 제공받은 신뢰실행환경이 안정적으로 제거되고, 데이터가 외부로 유출되지 않고 안전하게 소거되었음을 보장할 수 있다.In addition, according to the user data management method using data processing of a smart contract-based trusted execution environment according to an embodiment of the present invention, the flag of the destruction command is recorded in the blockchain, so that the trusted execution environment that received the data is stably removed and , it can be guaranteed that the data has been safely erased without being leaked to the outside.
또한, 본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법에 의하면, 제조자 단말기는 자료처리 필요한 데이터를 직접 수집하거나 처리하지 않고도 원하는 데이터 처리 결과를 얻을 수 있으며, 제조자 단말기에 자료처리에 필요한 데이터가 노출되지 않기 때문에, 데이터를 제공한 주체의 프라이버시를 안전하게 보호할 수 있다.In addition, according to the user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention, the manufacturer terminal can obtain the desired data processing results without directly collecting or processing data required for data processing, Because the data required for data processing is not exposed to the manufacturer's terminal, the privacy of the subject who provided the data can be safely protected.
도 1은 본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 시스템의 개략적인 블록도이다.Figure 1 is a schematic block diagram of a user data management system using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
도 2는 본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법을 설명하기 위한 도면이다.Figure 2 is a diagram for explaining a user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
도 3은 본 발명의 다른 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법을 설명하기 위한 도면이다.Figure 3 is a diagram illustrating a user data management method using data processing in a smart contract-based trusted execution environment according to another embodiment of the present invention.
도 4는 본 발명의 실시 예에 따른 데이터 소유 단말기의 제1 사용자 데이터 획득 방법을 설명하기 위한 도면이다.Figure 4 is a diagram for explaining a method of acquiring first user data of a data-owning terminal according to an embodiment of the present invention.
도 5는 본 발명의 다른 실시 예에 따른 데이터 소유 단말기의 제1 사용자 데이터 획득 방법을 설명하기 위한 도면이다.Figure 5 is a diagram for explaining a method of acquiring first user data of a data-owning terminal according to another embodiment of the present invention.
도 6은 본 발명의 실시 예에 따른 스마트 계약을 설명하기 위한 도면이다.Figure 6 is a diagram for explaining a smart contract according to an embodiment of the present invention.
도 7은 본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법을 설명하기 위한 흐름도이다.Figure 7 is a flowchart illustrating a user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
본 발명의 이점 및 특징, 그리고 그것들을 달성하는 방법은 첨부되는 도면과 함께 상세하게 후술되어 있는 실시예들을 참조하면 명확해질 것이다. 그러나, 본 발명은 이하에서 개시되는 실시예들에 제한되는 것이 아니라 서로 다른 다양한 형태로 구현될 수 있으며, 단지 본 실시예들은 본 발명의 개시가 완전하도록 하고, 본 발명이 속하는 기술 분야의 통상의 기술자에게 본 발명의 범주를 완전하게 알려주기 위해 제공되는 것이며, 본 발명은 청구항의 범주에 의해 정의될 뿐이다. The advantages and features of the present invention and methods for achieving them will become clear by referring to the embodiments described in detail below along with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below and may be implemented in various different forms. The present embodiments are merely provided to ensure that the disclosure of the present invention is complete and to provide a general understanding of the technical field to which the present invention pertains. It is provided to fully inform the skilled person of the scope of the present invention, and the present invention is only defined by the scope of the claims.
본 명세서에서 사용된 용어는 실시예들을 설명하기 위한 것이며 본 발명을 제한하고자 하는 것은 아니다. 본 명세서에서, 단수형은 문구에서 특별히 언급하지 않는 한 복수형도 포함한다. 명세서에서 사용되는 "포함한다(comprises)" 및/또는 "포함하는(comprising)"은 언급된 구성요소 외에 하나 이상의 다른 구성요소의 존재 또는 추가를 배제하지 않는다. 명세서 전체에 걸쳐 동일한 도면 부호는 동일한 구성 요소를 지칭하며, "및/또는"은 언급된 구성요소들의 각각 및 하나 이상의 모든 조합을 포함한다. 비록 "제1", "제2" 등이 다양한 구성요소들을 서술하기 위해서 사용되나, 이들 구성요소들은 이들 용어에 의해 제한되지 않음은 물론이다. 이들 용어들은 단지 하나의 구성요소를 다른 구성요소와 구별하기 위하여 사용하는 것이다. 따라서, 이하에서 언급되는 제1 구성요소는 본 발명의 기술적 사상 내에서 제2 구성요소일 수도 있음은 물론이다.The terminology used herein is for describing embodiments and is not intended to limit the invention. As used herein, singular forms also include plural forms, unless specifically stated otherwise in the context. As used in the specification, “comprises” and/or “comprising” does not exclude the presence or addition of one or more other elements in addition to the mentioned elements. Like reference numerals refer to like elements throughout the specification, and “and/or” includes each and every combination of one or more of the referenced elements. Although “first”, “second”, etc. are used to describe various components, these components are of course not limited by these terms. These terms are merely used to distinguish one component from another. Therefore, it goes without saying that the first component mentioned below may also be a second component within the technical spirit of the present invention.
다른 정의가 없다면, 본 명세서에서 사용되는 모든 용어(기술 및 과학적 용어를 포함)는 본 발명이 속하는 기술분야의 통상의 기술자에게 공통적으로 이해될 수 있는 의미로 사용될 수 있을 것이다. 또한, 일반적으로 사용되는 사전에 정의되어 있는 용어들은 명백하게 특별히 정의되어 있지 않는 한 이상적으로 또는 과도하게 해석되지 않는다.Unless otherwise defined, all terms (including technical and scientific terms) used in this specification may be used with meanings commonly understood by those skilled in the art to which the present invention pertains. Additionally, terms defined in commonly used dictionaries are not to be interpreted ideally or excessively unless clearly specifically defined.
도 1은 본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 시스템의 개략적인 블록도이다.Figure 1 is a schematic block diagram of a user data management system using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
도 1을 참조하면, 본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 시스템(10)은 데이터 처리 플랫폼 서버(100), 데이터 소유 단말기(200), 제조자 단말기(300), 및 사용자 데이터 공유장치(400)를 포함한다.Referring to Figure 1, the user data management system 10 using data processing of a smart contract-based trusted execution environment according to an embodiment of the present invention includes a data processing platform server 100, a data ownership terminal 200, and a manufacturer terminal ( 300), and a user data sharing device 400.
데이터 처리 플랫폼 서버(100)는 온라인 네트워크를 호스팅할 수 있고, 네트워크 주소 지정이 가능한 장치로서, 데이터 소유 단말기(200) 및 제조자 단말기(300)에게 온라인 상으로 데이터가 공유되는 데이터 처리 플랫폼을 제공할 수 있다. 데이터 처리 플랫폼 서버(100)는 데이터 처리 플랫폼을 통해 블록체인 상에서 스마트 계약의 생성, 배포, 이행, 및 종료 등의 일련의 과정을 수행할 수 있다.The data processing platform server 100 is a device capable of hosting an online network and capable of specifying a network address, and provides the data owning terminal 200 and the manufacturer terminal 300 with a data processing platform where data is shared online. You can. The data processing platform server 100 can perform a series of processes such as creation, distribution, implementation, and termination of smart contracts on the blockchain through the data processing platform.
데이터 처리 플랫폼 서버(100)는 자료처리를 위한 스마트 계약을 생성하여 블록체인에 배포할 수 있다. 자료처리를 위한 스마트 계약은 블록체인 상에서 기설정된 조건이 만족되면 자동으로 체결되는 전자계약으로서, 데이터 처리 플랫폼 서버(100)는 데이터의 수집, 분석, 결과도출 등 데이터 처리에 필요한 일련의 계약내용이 기록된 스마트 계약을 생성하여 블록체인에 배포할 수 있다.The data processing platform server 100 can create a smart contract for data processing and distribute it to the blockchain. A smart contract for data processing is an electronic contract that is automatically concluded when preset conditions are met on the blockchain. The data processing platform server 100 contains a series of contract contents necessary for data processing, such as data collection, analysis, and result derivation. Recorded smart contracts can be created and deployed on the blockchain.
블록체인의 블록에는 스마트 계약의 기록되어, 블록체인 상에서 스마트 계약이 실행될 수 있다. 예컨대, 블록체인은 이더리움 블록체인으로 구현되며, 솔리디티(solidity), 바이퍼(viper) 등으로 작성된 스마트 계약은 이더리움 가상머신(Ethereum Virtual Machine, EVM)을 통해 블록체인에 배포될 수 있다. 또한, 블록체인 내 모든 트랜잭션은 SHA-256으로 해시되어 해시값이 저장될 수 있으며, 블록체인의 블록에는 개인의 프라이버시를 보호하고 과부하를 방지하기 위해 해시값이 저장될 수 있다.Smart contracts are recorded in blocks of the blockchain, so smart contracts can be executed on the blockchain. For example, the blockchain is implemented with the Ethereum blockchain, and smart contracts written in Solidity, Viper, etc. can be deployed on the blockchain through the Ethereum Virtual Machine (EVM). Additionally, all transactions in the blockchain can be hashed with SHA-256 and the hash value can be stored in the block of the blockchain to protect individual privacy and prevent overload.
데이터 처리 플랫폼 서버(100)가 배포하는 스마트 계약은 제조자 단말기(300)로부터 기설정된 규약에 부합하는 자료처리 요청이 수신되는 경우 자동으로 계약이 성사되고, 자료처리 요청에 응답하여 자료처리 결과가 반환되는 경우 계약이 종료될 수 있다.The smart contract distributed by the data processing platform server 100 automatically concludes the contract when a data processing request meeting the preset protocol is received from the manufacturer terminal 300, and the data processing result is returned in response to the data processing request. If so, the contract may be terminated.
여기서, 자료처리 요청은 데이터 처리 플랫폼 서버(100)에 의해 처리 가능한 데이터 처리 요청에 관한 것으로, 데이터 처리에 필요한 자료처리 코드는 제조자 단말기(300)로부터 제공받거나, 데이터 처리 플랫폼 서버(100)에 의해 생성될 수도 있다. Here, the data processing request relates to a data processing request that can be processed by the data processing platform server 100, and the data processing code required for data processing is provided by the manufacturer terminal 300 or by the data processing platform server 100. may be created.
예컨대, 데이터 처리 플랫폼 서버(100)와 제조자 단말기(300) 사이의 스마트 계약이 성사되면, 데이터 처리 플랫폼 서버(100)는 제조자 단말기(300)가 블록체인에 제공한 자료처리 코드를 획득하여 데이터 처리에 이용할 수 있다.For example, when a smart contract is concluded between the data processing platform server 100 and the manufacturer terminal 300, the data processing platform server 100 acquires the data processing code provided by the manufacturer terminal 300 to the blockchain and processes the data. It is available for use.
예컨대, 데이터 처리 플랫폼 서버(100)와 제조자 단말기(300) 사이의 스마트 계약이 성사되면, 데이터 처리 플랫폼 서버(100)는 자료처리 요청에 필요한 처리 모델을 자체적으로 판단한 후, 판단된 처리 모델을 리드하여 데이터 처리에 이용할 수 있다.For example, when a smart contract is established between the data processing platform server 100 and the manufacturer terminal 300, the data processing platform server 100 independently determines the processing model required for the data processing request and then reads the determined processing model. It can be used for data processing.
데이터 처리 플랫폼 서버(100)에서 운영하는 데이터 처리 플랫폼은 스마트 계약이 체결되면, 자료처리를 위한 신뢰실행환경(Trusted Execution Environment, TEE)을 생성한다. 즉, 데이터 처리 플랫폼 서버(100)는 제조자 단말기(300)로부터 자료처리 요청을 수신받으면, 자료처리 요청에 응답하여 자료처리 코드와 암호화키를 포함하는 신뢰실행환경을 생성한다. The data processing platform operated by the data processing platform server 100 creates a Trusted Execution Environment (TEE) for data processing when a smart contract is concluded. That is, when the data processing platform server 100 receives a data processing request from the manufacturer terminal 300, it creates a trusted execution environment including a data processing code and an encryption key in response to the data processing request.
구체적으로, 데이터 처리 플랫폼 서버(100)는 신뢰실행환경의 생성의 원천이 되는 원시 신뢰실행환경을 생성할 수 있다. 원시 신뢰실행환경은 임의의 자료처리 코드와 암호화키가 생성되지 않은 가상 실행환경을 의미한다.Specifically, the data processing platform server 100 can create a raw trusted execution environment that is the source of creation of the trusted execution environment. The native trusted execution environment refers to a virtual execution environment in which no arbitrary data processing code or encryption key is generated.
실시 예에 따라, 데이터 처리 플랫폼 서버(100)는 이미지 파일로 구현된 원시 신뢰실행환경이 생성되면, 이미지 파일에 대한 해시값을 생성하고, 상기 해시값을 포함하는 트랜잭션을 생성하여 블록체인에 기록할 수 있다. 이에 따라, 데이터 처리 플랫폼 서버(100)는 신뢰실행환경의 생성을 위한 원시 신뢰실행환경이 생성되었음을 외부에 공개할 수 있다. According to the embodiment, when a raw trusted execution environment implemented as an image file is created, the data processing platform server 100 generates a hash value for the image file, creates a transaction including the hash value, and records it in the blockchain. can do. Accordingly, the data processing platform server 100 may disclose to the outside world that the original trusted execution environment for creating the trusted execution environment has been created.
원시 신뢰실행환경은 독립된 보안 영역(Secure Area)이 제공하는 안전한 실행환경으로서, 가상의 실행환경을 구현하기 위한 이미지 파일로 생성될 수 있다. 다만, 이에 한정되는 것은 아니고, 원시 신뢰실행환경은 하드웨어 기반 솔루션 및 하드웨어/소프트웨어 기반 솔루션을 중 어느 하나로 구현될 수도 있다.The native trusted execution environment is a safe execution environment provided by an independent secure area, and can be created as an image file to implement a virtual execution environment. However, it is not limited to this, and the native trusted execution environment may be implemented as either a hardware-based solution or a hardware/software-based solution.
데이터 처리 플랫폼 서버(100)는 원시 신뢰실행환경을 기초로 자료처리 요청에 대응하는 자료처리 코드와 제1 암호화키를 포함하는 신뢰실행환경을 생성할 수 있다. 신뢰실행환경은 원시 실행환경과 마찬가지로 독립된 보안 영역(Secure Area)이 제공하는 안전한 실행환경으로서, 가상의 실행환경을 구현하기 위한 이미지 파일로 생성될 수 있다.The data processing platform server 100 may create a trusted execution environment including a data processing code and a first encryption key corresponding to the data processing request based on the original trusted execution environment. Like the original execution environment, the trusted execution environment is a safe execution environment provided by an independent secure area, and can be created as an image file to implement a virtual execution environment.
신뢰실행환경의 제1 암호화키는 신뢰실행환경의 어카운트 주소를 포함하며, 제1 암호화키의 생성을 위해 블록체인 참여자들의 고유성을 나타내기 위한 공개키-비공개키 쌍 기반의 매커니즘을 사용할 수 있다. 제1 암호화키는 어카운트 주소인 공개키와, 상기 공개키를 통제하는 개인키를 포함한다. 예컨대 신뢰실행환경이 이더리움 블록체인에서 운영되는 경우 공개키는 외부 소유 어카운트(Eternally Owned Address, EOA)일 수 있다.The first encryption key of the trusted execution environment includes the account address of the trusted execution environment, and a mechanism based on a public key-private key pair to indicate the uniqueness of blockchain participants can be used to generate the first encryption key. The first encryption key includes a public key that is the account address and a private key that controls the public key. For example, if the trusted execution environment operates on the Ethereum blockchain, the public key may be an externally owned address (EOA).
신뢰실행환경은 어카운트 주소 생성시 256비트 난수를 생성하여 이를 제1 개인키로 설정하며, 타원 곡선 암호학 알고리즘(elliptic cryptography algorithm)을 통해 제1 개인키에 적용하여 고유한 제1 공개키를 추출할 수 있다. The trusted execution environment generates a 256-bit random number when creating an account address and sets it as the first private key. By applying it to the first private key through an elliptic curve cryptography algorithm, a unique first public key can be extracted. there is.
예컨대, 신뢰실행환경은 랜덤한 256 비트 데이터를 생성하고, 생성된 256 비트 데이터를 64자리의 Hex 열로 인코딩하여 제1 개인키를 생성하고, 제1 개인 키를 기초로 타원 곡선 암호학 알고리즘을 이용하여 공개키를 생성할 수 있다. 그리고, 신뢰실행환경은 공개키를 Kecak256 해시값으로 변환하여 256 비트의 바이너리 데이터를 생성하고, 바이너리 데이터의 앞쪽 96 비트 데이터를 제거한 후 남아있는 160 비트의 바이너리 데이터를 Hex 열 값으로 인코딩하여 제1 공개키인 어카운트 주소를 생성할 수 있다.For example, the trusted execution environment generates random 256-bit data, encodes the generated 256-bit data into a 64-digit Hex column to generate a first private key, and uses an elliptic curve cryptography algorithm based on the first private key. You can generate a public key. Then, the trusted execution environment converts the public key into a Kecak256 hash value to generate 256-bit binary data, removes the first 96 bits of binary data, and encodes the remaining 160-bit binary data into a Hex column value to generate the first You can create an account address that is a public key.
다만, 개인키를 기초로 공개키를 생성하는 암호화 알고리즘은 타원 곡선 암호학 알고리즘뿐만 아니라, RSA(Rivest, Shamir and Adleman) 암호화 알고리즘, ElGamal 암호화 알고리즘 등 다른 암호화 알고리즘이 이용될 수도 있다.However, the encryption algorithm that generates the public key based on the private key may be used not only with the elliptic curve encryption algorithm, but also with other encryption algorithms such as the RSA (Rivest, Shamir and Adleman) encryption algorithm and the ElGamal encryption algorithm.
이와 같은 과정에 의해 생성된 신뢰실행환경의 제1 공개키는 블록체인을 통해 외부에 공개되며, 제1 공개키로 암호화한 데이터는 신뢰실행환경의 제1 개인키로만 복원이 가능하도록 설정된다.The first public key of the trusted execution environment created through this process is made public to the outside through blockchain, and data encrypted with the first public key is set to be restored only with the first private key of the trusted execution environment.
실시 예에 따라, 데이터 처리 플랫폼 서버(100)는 이미지 파일로 구현된 신뢰실행환경이 생성되면, 이미지 파일에 대한 해시값을 생성하고, 해시값을 포함하는 트랜잭션을 생성하여 블록체인에 기록할 수 있다. 이에 따라, 데이터 처리 플랫폼 서버(100)는 스마트 계약에 상응하는 신뢰실행환경이 변조 또는 위조되지 않고 안전하게 실행되었음을 외부에 공개할 수 있다. According to the embodiment, when a trusted execution environment implemented as an image file is created, the data processing platform server 100 may generate a hash value for the image file, create a transaction including the hash value, and record it in the blockchain. there is. Accordingly, the data processing platform server 100 can disclose to the outside world that the trusted execution environment corresponding to the smart contract has been safely executed without being tampered with or forged.
신뢰실행환경은 자료처리 코드에 대응하는 데이터 처리를 수행하기 위해 데이터 소유 단말기(200)에 데이터 수집을 요청할 수 있다. 이를 위해, 신뢰실행환경은 데이터 소유 단말기(200)에 제1 사용자 데이터를 요청하는 트랜잭션을 생성하여 블록체인에 기록할 수 있다. 이때, 신뢰실행환경은 데이터 수집을 위한 별도의 스마트 계약을 블록체인에 배포할 수도 있지만, 데이터 수집을 알리기 위한 트랜잭션만을 생성하여 블록체인에 기록할 수도 있다.The trusted execution environment may request data collection from the data owning terminal 200 to perform data processing corresponding to the data processing code. To this end, the trusted execution environment can create a transaction requesting the first user data from the data-owning terminal 200 and record it in the blockchain. At this time, the trusted execution environment may deploy a separate smart contract for data collection on the blockchain, but may also create a transaction to notify data collection and record it on the blockchain.
실시 예에 따라, 스마트 계약의 체결시 제조자 단말기(300)로부터 데이터 수집 대상을 지정받은 경우, 신뢰실행환경은 데이터 수집 대상에게 데이터 전송을 요청할 수 있다. 즉, 신뢰실행환경은 특정한 데이터 소유 단말기의 어카운트를 지정하고, 지정된 데이터 소유 단말기에 대해 데이터 전송을 요청하는 트랜잭션을 블록체인에 기록할 수 있다.Depending on the embodiment, when a data collection target is designated by the manufacturer terminal 300 when concluding a smart contract, the trusted execution environment may request data transmission to the data collection target. In other words, the trusted execution environment can specify the account of a specific data-owning terminal and record a transaction requesting data transmission for the designated data-owning terminal in the blockchain.
다른 실시 예에 따라, 신뢰실행환경은 자료처리에 필요한 데이터 종류, 내용 등을 포함한 트랜잭션을 블록체인에 기록하여 임의의 데이터 소유 단말기(200)에 데이터 전송을 요청할 수 있다. 즉, 신뢰실행환경은 데이터 수집 주체를 지정하지 않고 데이터 수집 조건을 공개하여, 데이터 수집 조건에 만족하는 데이터를 보유한 모든 데이터 소유 단말기(200)로부터 데이터를 수집할 수 있다.According to another embodiment, the trusted execution environment may record transactions including data types and contents required for data processing in the blockchain and request data transmission from any data-owning terminal 200. In other words, the trusted execution environment discloses data collection conditions without specifying the data collection subject, and can collect data from all data-owning terminals 200 that have data that satisfies the data collection conditions.
신뢰실행환경은 데이터 소유 단말기(200)로부터 수집된 데이터를 기초로 데이터 처리를 수행할 수 있다. 신뢰실행환경은 인바운드 규칙과 아웃바운드 규칙이 설정되어 있기 때문에, 자료처리 코드에 대응하는 형식의 데이터만 수신하고, 일정한 형식으로 자료처리 결과가 외부에 반환된다.The trusted execution environment can perform data processing based on data collected from the data owning terminal 200. Since the trusted execution environment has inbound rules and outbound rules set, only data in a format corresponding to the data processing code is received, and the data processing results are returned to the outside in a certain format.
신뢰실행환경은 데이터 소유 단말기(200)로부터 수집된 제1 사용자 데이터가 데이터 처리에 필요한 기준에 부합하는 경우 데이터 처리를 수행할 수 있다. 하지만, 데이터 소유 단말기(200)로부터 수집된 제1 사용자 데이터는 신뢰실행환경의 제1 공개키로 암호화되어 있으므로, 신뢰실행환경은 제1 개인키로 복호화한 후 자료처리 코드에 따라 데이터 처리를 수행할 수 있다.The trusted execution environment can perform data processing when the first user data collected from the data owning terminal 200 meets the standards required for data processing. However, since the first user data collected from the data-owning terminal 200 is encrypted with the first public key of the trusted execution environment, the trusted execution environment can decrypt it with the first private key and then process the data according to the data processing code. there is.
실시 예에 따라, 제1 사용자 데이터는 제조자 단말기(300)의 제2 암호화키로 암호화한 프라이빗 데이터와, 암호화되지 않은 기기 상태 데이터를 포함한다. 따라서, 신뢰실행환경은 자료처리를 위해 암호화된 프라이빗 데이터에 대한 2차 복호화를 수행할 수 있다. According to the embodiment, the first user data includes private data encrypted with the second encryption key of the manufacturer terminal 300 and unencrypted device state data. Therefore, the trusted execution environment can perform secondary decryption of encrypted private data for data processing.
여기서, 제2 암호화키는 제조자 단말기(300)의 제2 개인키와 제2 공개키의 쌍으로 이루어진 비대칭키로서, 제조자 단말기(300)의 어카운트 주소인 제2 공개키는 제2 개인키를 기초로 생성된 것이다.Here, the second encryption key is an asymmetric key consisting of a pair of a second private key and a second public key of the manufacturer terminal 300, and the second public key, which is the account address of the manufacturer terminal 300, is based on the second private key. It was created with
프라이빗 데이터는 대상 기기를 사용하는 사용자의 개인적인 정보를 포함하는 데이터로서, 대상 기기의 소유주의 개인 정보와 상기 소유주의 대상 기기 사용정보를 포함할 수 있고, 개인의 프라이버시 보호를 위해 제조자 단말기(300)의 제2 암호화키 중 제2 공개키로 암호화되어 보호될 수 있다.Private data is data containing personal information of the user using the target device, and may include personal information of the owner of the target device and information on the owner's use of the target device. To protect personal privacy, the manufacturer's terminal 300 It can be encrypted and protected with a second public key among the second encryption keys.
예컨대, 대상 기기가 냉장고, 세탁기, 텔레비전 등의 가전 제품인 경우, 프라이빗 데이터는 가전 제품의 소유주의 개인 정보, 가전 제품을 주요 사용 시간, 가전 제품에 대한 사용 습관 등 가전제품을 사용하는 사용자의 대상 기기 사용정보를 포함할 수 있다.For example, if the target device is a home appliance such as a refrigerator, washing machine, or television, the private data includes the target device of the user using the home appliance, such as the personal information of the owner of the home appliance, the main use time of the home appliance, and the usage habits of the home appliance. May include usage information.
예컨대, 대상 기기가 차량인 경우, 프라이빗 데이터는 차량 소유주의 개인정보, 차량 소유주의 차량 운행 기록, 차량 운행에 따른 방문 장소 기록 등 차량의 운행과 관련된 개인적인 정보를 포함할 수 있다. For example, if the target device is a vehicle, the private data may include personal information related to the operation of the vehicle, such as personal information of the vehicle owner, vehicle operation records of the vehicle owner, and records of places visited while driving the vehicle.
기기 상태 데이터는 대상 기기의 객관적인 상태를 나타내는 정보에 관한 것으로서, 프라이빗 데이터와 달리 제2 암호화키에 의해 암호화되지 않는다.Device state data relates to information indicating the objective state of the target device, and unlike private data, it is not encrypted with a second encryption key.
예컨대, 대상 기기가 가전 제품인 경우, 기기 상태 데이터는 가전 제품의 모델명, 제조 일자, 제품 스팩 등의 기기와 관련된 객관적인 상태 정보를 포함할 수 있다.For example, if the target device is a home appliance, the device status data may include objective state information related to the device, such as the model name, manufacturing date, and product specifications of the home appliance.
예컨대, 대상 기기가 차량인 경우, 기기 상태 데이터는 차량의 모델명, 연식, 주행거리, 부품 교체 기록 등 기본 차량 정보와 차량 부품 정보에 관한 것으로서, 차량 소유주의 개인적인 정보를 배제한 정보를 의미한다.For example, if the target device is a vehicle, the device status data relates to basic vehicle information and vehicle parts information such as the vehicle model name, year, mileage, and parts replacement record, and refers to information that excludes personal information of the vehicle owner.
신뢰실행환경은 제1 사용자 데이터 중 암호화된 프라이빗 데이터를 복호화하기 위해, 제조자 단말기(300)로부터 제2 개인키를 수신할 수 있다. The trusted execution environment may receive a second private key from the manufacturer terminal 300 to decrypt the encrypted private data among the first user data.
만약, 제2 개인키가 외부로 유출된다면 차량 소유주의 프라이버시가 침해될 수 있기 때문에, 신뢰실행환경은 제1 공개키로 암호화된 제2 개인키를 제조자 단말기(300)로부터 수신할 수 있다. 그리고, 신뢰실행환경은 암호화된 제2 개인키에 대해 제1 개인키를 이용하여 복호화하고, 제2 개인키를 기초로 암호화된 프라이빗 데이터를 복호화할 수 있다.If the second private key is leaked to the outside, the privacy of the vehicle owner may be violated, so the trusted execution environment can receive the second private key encrypted with the first public key from the manufacturer terminal 300. Additionally, the trusted execution environment can decrypt the encrypted second private key using the first private key and decrypt the encrypted private data based on the second private key.
신뢰실행환경은 프라이빗 데이터와 기기 상태 데이터가 데이터 처리에 필요한 기준에 부합하는 경우 데이터 처리를 수행할 수 있다. 예컨대, 제조자 단말기(300)가 1980년 내지 1989년 사이에 출생한 남성 운전자가 주말 기간 동안 운전하는 평균 거리를 요청한 경우, 신뢰실행환경은 수집된 프라이빗 데이터와 기기 상태 데이터 중 데이터 처리에 필요한 데이터들을 선별하여 자료처리 결과를 생성할 수 있다.The trusted execution environment can perform data processing if private data and device state data meet the standards required for data processing. For example, when the manufacturer terminal 300 requests the average distance driven during the weekend by male drivers born between 1980 and 1989, the trusted execution environment collects the data necessary for data processing among the collected private data and device status data. You can select and generate data processing results.
데이터 처리가 완료되면, 신뢰실행환경은 자료처리 결과를 제조자 단말기(300)에 제공할 수 있다. 신뢰실행환경은 스마트 계약의 체결시 제조자 단말기(300)에 의해 제공된 제2 공개키를 획득할 수 있고, 제조자 단말기(300)의 제2 공개키를 이용하여 자료처리 결과를 암호화하여 블록체인에 반환할 수 있다.When data processing is completed, the trusted execution environment can provide the data processing results to the manufacturer terminal 300. The trusted execution environment can obtain the second public key provided by the manufacturer terminal 300 when signing a smart contract, and encrypts the data processing results using the second public key of the manufacturer terminal 300 and returns it to the blockchain. can do.
데이터 처리 플랫폼 서버(100)와 제조자 단말기(300) 사이의 스마트 계약은 기설정된 조건에 부합하는 자료처리 요청이 입력되면 자동으로 계약이 체결되고, 자료처리 요청에 대응하는 자료처리 결과를 반환하면 계약이 종료될 수 있다. 따라서, 신뢰실행환경이 자료처리 결과를 암호화하고, 암호화된 자료처리 결과를 포함한 트랜잭션을 생성하여 블록체인의 블록에 기록하면, 스마트 계약의 이행이 완료됨을 의미한다.The smart contract between the data processing platform server 100 and the manufacturer terminal 300 is automatically concluded when a data processing request that meets preset conditions is entered, and when the data processing result corresponding to the data processing request is returned, the smart contract is concluded. This can end. Therefore, when the trusted execution environment encrypts the data processing results, creates a transaction including the encrypted data processing results, and records it in a block of the blockchain, this means that the execution of the smart contract is completed.
한편, 신뢰실행환경은 스마트 계약이 존속되는 기간 동안에만 유효성을 유지하는 임시적 지위를 가진다. 즉, 신뢰실행환경은 블록체인에 배포된 스마트 계약이 성립되어 제조자 단말기(300)의 자료처리 요청이 수신되는 경우에 한하여 생성되며, 스마트 계약의 내용에 부합하는 자료처리가 완료되거나 다른 사정에 의해 스마트 계약이 종료되는 경우 신뢰실행환경은 파기된다.Meanwhile, the trusted execution environment has a temporary status that maintains validity only for as long as the smart contract lasts. In other words, the trusted execution environment is created only when a smart contract distributed on the blockchain is established and a data processing request from the manufacturer terminal 300 is received, and data processing consistent with the contents of the smart contract is completed or due to other circumstances. When a smart contract is terminated, the trusted execution environment is destroyed.
신뢰실행환경의 파기된다는 의미는 신뢰실행환경을 이루는 환경 자체가 초기화되는 것으로, 신뢰실행환경과 관련된 일련의 데이터가 소거됨을 의미한다. 따라서, 신뢰실행환경이 자료처리를 위해 데이터 소유 단말기(200)로부터 수신된 제1 사용자 데이터뿐만 아니라 제조자 단말기(300)로부터 수신된 자료처리 코드는 신뢰실행환경이 파기됨에 따라 함께 소거된다.Destruction of the trusted execution environment means that the environment that forms the trusted execution environment itself is initialized, and a series of data related to the trusted execution environment are erased. Accordingly, the data processing code received from the manufacturer terminal 300 as well as the first user data received from the data-owning terminal 200 for data processing in the trusted execution environment are erased together as the trusted execution environment is destroyed.
만약, 데이터 처리 플랫폼 서버(100)가 데이터 처리가 완료된 이후에도 데이터를 저장하는 경우, 외부의 악의적인 공격에 의해 데이터가 유출될 위험이 있으며, 데이터 처리 플랫폼 서버(100)의 운영자에 의해 열람될 수도 있다. If the data processing platform server 100 stores data even after data processing is completed, there is a risk that the data may be leaked by an external malicious attack and may be viewed by the operator of the data processing platform server 100. there is.
하지만, 본 발명의 실시 예에 따른 데이터 처리 플랫폼 서버(100)는 스마트 계약이 유지되는 기간 동안에만 데이터 소유 단말기(200)로부터 수신된 데이터를 저장하며, 스마트 계약이 종료되는 경우 신뢰실행환경을 파기 함과 동시에 저장된 데이터도 소거한다. 이에 따라, 데이터 처리 플랫폼 서버(100)는 데이터가 외부로 유출되는 것을 방지하고, 데이터 처리 플랫폼 서버(100)의 운영 주체에 의한 데이터 열람을 원천적으로 차단하여 데이터를 제공한 주체의 프라이버시를 보호할 수 있다.However, the data processing platform server 100 according to an embodiment of the present invention stores the data received from the data-owning terminal 200 only during the period that the smart contract is maintained, and destroys the trusted execution environment when the smart contract is terminated. At the same time, the stored data is also erased. Accordingly, the data processing platform server 100 prevents data from being leaked to the outside and fundamentally blocks data viewing by the operator of the data processing platform server 100 to protect the privacy of the subject who provided the data. You can.
실시 예에 따라, 신뢰실행환경은 파기 명령어가 실행되었음을 나타내는 플래그를 블록체인에 기록할 수 있다. 파기 명령어가 실행되면 임의로 변조할 수 없는 플래그가 생성된다. 신뢰실행환경은 파기 명령어가 실행되는 경우 상기 플래그를 포함하는 트랜잭션을 생성하여 블록체인에 기록한 후, 파기 과정에 돌입할 수 있다.Depending on the embodiment, the trusted execution environment may record a flag in the blockchain indicating that the destruction command has been executed. When the destroy command is executed, a flag that cannot be arbitrarily tampered with is created. When a destruction command is executed, the trusted execution environment can create a transaction including the above flag, record it in the blockchain, and then begin the destruction process.
자료처리를 위해 생성되는 신뢰실행환경은 가상 실행환경으로서, 데이터 처리 플랫폼 서버(100)에서 스마트 계약의 이행을 위해 적어도 하나가 생성되며, 계약의 성립 및 이행여부에 따라 독립적으로 생성되고 파기되어 초기화될 수 있다. 이와 같이, 데이터 처리 플랫폼 서버(100)는 스마트 계약마다 독립적으로 실행되는 신뢰실행환경을 이용하여 다수의 스마트 계약들을 동시에 이행할 수 있다.The trusted execution environment created for data processing is a virtual execution environment, and at least one is created in the data processing platform server 100 for the execution of a smart contract, and is independently created, destroyed, and initialized depending on the establishment and fulfillment of the contract. It can be. In this way, the data processing platform server 100 can simultaneously execute multiple smart contracts using a trusted execution environment that is independently executed for each smart contract.
데이터 소유 단말기(200)는 데이터 처리 플랫폼에 접속할 수 있는 통신 장치로서, 자료처리에 필요한 데이터를 저장하며, 저장된 데이터 관리에 필요한 사용자 데이터 관리 어플리케이션이 실행될 수 있다. The data possession terminal 200 is a communication device that can access a data processing platform, stores data necessary for data processing, and can run a user data management application necessary for managing the stored data.
데이터 소유 단말기(200)는 사용자 데이터 관리 어플리케이션을 통해 차량 내 사용자 데이터 공유장치(400)와 데이터 통신을 수행하고, 제1 사용자 데이터를 수신할 수 있다. The data-possessing terminal 200 may perform data communication with the in-vehicle user data sharing device 400 through a user data management application and receive first user data.
상술한 바와 같이, 제1 사용자 데이터에는 제조자 단말기(300)의 제2 공개키로 암호화한 프라이빗 데이터와, 암호화되지 않은 기기 상태 데이터를 포함한다. 따라서, 데이터 소유 단말기(200)는 암호화된 프라이빗 데이터의 정보를 사용자에게 표시하지 않으며, 암호화되지 않은 기기 상태 데이터의 정보만을 사용자에게 표시할 수 있다. 이는 개인의 민감한 사생활 정보가 외부로 유출되는 것을 원천적으로 차단하기 위한 것으로서, 프라이빗 데이터의 암호화는 사용자 데이터 공유장치(400)에서 이루어진다.As described above, the first user data includes private data encrypted with the second public key of the manufacturer terminal 300 and unencrypted device state data. Accordingly, the data-owning terminal 200 does not display information about encrypted private data to the user, and can only display information about unencrypted device state data to the user. This is to fundamentally prevent sensitive personal information from being leaked to the outside, and encryption of private data is performed in the user data sharing device 400.
데이터 처리 플랫폼 서버(100)가 자료처리를 위해 제1 사용자 데이터를 요청한 경우, 데이터 소유 단말기(200)는 사용자 데이터 관리 어플리케이션을 통해 제1 사용자 데이터를 데이터 처리 플랫폼 서버(100)에 제공할 수 있다.When the data processing platform server 100 requests first user data for data processing, the data owning terminal 200 may provide the first user data to the data processing platform server 100 through a user data management application. .
데이터 소유 단말기(200)는 개인의 단말기를 의미할 수도 있지만, 다수 주체의 데이터를 저장하고 있는 데이터 저장소를 의미할 수도 있다. 예컨대, 데이터 소유 단말기(200)는 PC(personal computer), 스마트 폰(smart phone), 태블릿 (tablet) PC, 모바일 인터넷 장치(mobile internet device(MID)), 인터넷 태블릿, IoT(internet of things) 장치, IoE(internet of everything) 장치, 데스크 탑 컴퓨터(desktop computer), 랩탑(laptop) 컴퓨터, 워크스테이션 컴퓨터, Wibro(Wireless Broadband Internet) 단말, 및 PDA (Personal Digital Assistant) 중 적어도 하나일 수 있으나, 이에 한정되는 것은 아니다.The data-owning terminal 200 may refer to an individual's terminal, but may also refer to a data storage that stores data of multiple subjects. For example, the data possessing terminal 200 may be a personal computer (PC), a smart phone, a tablet PC, a mobile internet device (MID), an internet tablet, or an internet of things (IoT) device. , It may be at least one of an IoE (internet of everything) device, a desktop computer, a laptop computer, a workstation computer, a Wibro (Wireless Broadband Internet) terminal, and a PDA (Personal Digital Assistant). It is not limited.
데이터 소유 단말기(200)에는 블록체인을 스캔하는 어플리케이션이 실행되며, 블록체인에 기록된 트랜잭션을 확인하여 신뢰실행환경의 데이터 요청을 확인할 수 있다. 예컨데, 데이터 소유 단말기(200)는 이더스캔(Etherescan), 리믹스(Remix) 등의 어플리케이션을 이용하여 블록체인에 기록된 신뢰실행환경의 데이터 요청을 확인할 수 있다.An application that scans the blockchain is executed on the data-owning terminal 200, and data requests from the trusted execution environment can be confirmed by checking transactions recorded in the blockchain. For example, the data-owning terminal 200 can use applications such as Etherescan and Remix to check data requests for the trusted execution environment recorded in the blockchain.
데이터 소유 단말기(200)는 신뢰실행환경의 데이터 요청과 함께 기록된 제1 암호화키를 블록체인으로부터 획득하고, 저장된 데이터를 제1 암호화키를 이용하여 암호화할 수 있다. 즉, 데이터 소유 단말기(200)는 신뢰실행환경의 제1 공개키를 이용하여 제1 사용자 데이터에 대한 256비트를 갖는 해시값을 생성할 수 있다.The data-possessing terminal 200 may obtain the first encryption key recorded along with the data request of the trusted execution environment from the blockchain and encrypt the stored data using the first encryption key. That is, the data-owning terminal 200 can generate a hash value with 256 bits for the first user data using the first public key of the trusted execution environment.
데이터 소유 단말기(200)는 해시값으로 암호화된 제1 사용자 데이터를 데이터 처리 플랫폼 서버(100)에서 실행되는 신뢰실행환경으로 제공할 수 있다. 데이터 소유 단말기(200)는 데이터 처리 플랫폼을 통해 신뢰실행환경으로 암호화된 데이터를 전송할 수도 있지만, 신뢰성을 담보하기 위해 암호화된 제1 사용자 데이터의 해시값이 포함된 트랜잭션을 생성하여 블록체인에 기록할 수도 있다.The data owning terminal 200 may provide the first user data encrypted with a hash value to a trusted execution environment running on the data processing platform server 100. The data owning terminal 200 may transmit encrypted data to a trusted execution environment through a data processing platform, but to ensure reliability, a transaction containing the hash value of the encrypted first user data may be created and recorded on the blockchain. It may be possible.
데이터 소유 단말기(200)는 데이터 처리 플랫폼 서버(100)에 데이터를 제공하는 보상으로 블록체인의 코인을 획득할 수 있으며, 획득 가능한 코인의 수량은 신뢰실행환경에 의해 설정될 수 있다.The data-owning terminal 200 can acquire blockchain coins as compensation for providing data to the data processing platform server 100, and the quantity of coins that can be acquired can be set by the trusted execution environment.
데이터 소유 단말기(200)의 주체는 소유한 차량의 모델명, 연식, 주행거리, 부품 교체 기록 등 기본 차량 정보와 차량 부품 정보뿐만 아니라, 개인정보, 차량 운행 기록, 차량 운행에 따른 방문 장소 기록 등 차량의 운행과 관련된 개인적인 정보 등 사용자의 프라이버시와 관련된 정보들을 데이터 처리 플랫폼 서버(100)에 제공하기 때문에, 개인정보 노출에 대한 불안감을 가질 수 있다. The subject of the data-owning terminal 200 is the owner of the vehicle, including basic vehicle information and vehicle parts information such as model name, year, mileage, and parts replacement record, as well as personal information, vehicle operation records, and records of places visited during vehicle operation. Since information related to the user's privacy, such as personal information related to the operation of the user, is provided to the data processing platform server 100, there may be anxiety about exposure of personal information.
이러한 문제를 해결하기 위해, 데이터 소유 단말기(200)는 어플리케이션을 통해 블록체인을 스캔하여 블록체인에 기록된 파기 명령어의 플래그를 확인할 수 있다. 데이터 소유 단말기(200)에 의해 신뢰실행환경에 대한 파기 명령어의 플래그가 스캔되는 경우, 신뢰실행환경과 데이터가 안전하게 소거되었음이 보장될 수 있다.To solve this problem, the data-owning terminal 200 can scan the blockchain through an application to check the flag of the destroy command recorded in the blockchain. When the flag of the destruction command for the trusted execution environment is scanned by the data owning terminal 200, it can be ensured that the trusted execution environment and data have been safely erased.
제조자 단말기(300)는 스마트 계약에 부합하는 자료처리 요청을 생성하고, 자료처리 요청을 포함하는 트랜잭션을 블록체인에 제공하여 데이터 처리 플랫폼 서버(100)와 스마트 계약을 체결하는 단말이다. 예컨대, 제조자 단말기(300)는 PC(personal computer), 스마트 폰(smart phone), 태블릿 (tablet) PC, 모바일 인터넷 장치(mobile internet device(MID)), 인터넷 태블릿, IoT(internet of things) 장치, IoE(internet of everything) 장치, 데스크 탑 컴퓨터(desktop computer), 랩탑(laptop) 컴퓨터, 워크스테이션 컴퓨터, Wibro(Wireless Broadband Internet) 단말, 및 PDA (Personal Digital Assistant) 중 적어도 하나일 수 있다.The manufacturer terminal 300 is a terminal that creates a data processing request that matches the smart contract, provides a transaction including the data processing request to the blockchain, and concludes a smart contract with the data processing platform server 100. For example, the manufacturer terminal 300 may be a personal computer (PC), a smart phone, a tablet PC, a mobile internet device (MID), an internet tablet, an internet of things (IoT) device, It may be at least one of an Internet of Everything (IoE) device, a desktop computer, a laptop computer, a workstation computer, a Wireless Broadband Internet (Wibro) terminal, and a Personal Digital Assistant (PDA).
제조자 단말기(300)는 스마트 계약의 체결시 데이터 처리에 필요한 자료처리 코드를 자료처리 요청과 함께 트랜잭션으로 제공할 수 있으며, 데이터 수집 주체도 지정하기 위해 특정한 데이터 소유 단말기(200)의 어카운트를 트랜잭션으로 제공할 수도 있다. The manufacturer terminal 300 can provide the data processing code required for data processing when concluding a smart contract as a transaction along with a data processing request, and the account of the specific data-owning terminal 200 can be entered into the transaction to also specify the data collection subject. You can also provide it.
제조자 단말기(300)는 신뢰실행환경이 암호화된 프라이빗 데이터를 복호화할 수 있도록 제조자 단말기(300)의 제2 개인키를 신뢰실행환경에 제공할 수 있는데, 데이터 보안을 위해 제1 공개키를 이용하여 제2 개인키를 암호화한 후, 암호화된 제2 개인키를 신뢰실행환경에 제공할 수 있다.The manufacturer terminal 300 may provide the second private key of the manufacturer terminal 300 to the trusted execution environment so that the trusted execution environment can decrypt the encrypted private data, using the first public key for data security. After encrypting the second private key, the encrypted second private key may be provided to the trusted execution environment.
또한, 제조자 단말기(300)는 암호화된 자료처리 결과를 제공받기 위해, 스마트 계약의 체결시 제조자 단말기(300)의 제2 공개키를 자료처리 요청과 함께 트랜잭션으로 제공할 수도 있다.Additionally, in order to receive encrypted data processing results, the manufacturer terminal 300 may provide the second public key of the manufacturer terminal 300 as a transaction along with a data processing request when concluding a smart contract.
제조자 단말기(300)는 스마트 계약이 이행됨에 따라 블록체인으로부터 자료처리 결과를 획득할 수 있고, 암호화된 자료처리 결과를 제2 개인키로 복호화함으로써 자료처리 요청에 부합하는 자료처리 결과를 획득할 수 있다.The manufacturer terminal 300 can obtain data processing results from the blockchain as the smart contract is implemented, and obtain data processing results that meet the data processing request by decrypting the encrypted data processing results with the second private key. .
이와 같이, 제조자 단말기(300)는 자료처리 필요한 데이터를 직접 수집하거나 처리하지 않고도 원하는 결과를 얻을 수 있다. 또한, 제조자 단말기(300)의 주체에게 자료처리에 필요한 데이터가 노출되지 않기 때문에, 데이터를 제공한 주체의 프라이버시를 안전하게 보호할 수 있다.In this way, the manufacturer terminal 300 can obtain desired results without directly collecting or processing data required for data processing. In addition, since the data required for data processing is not exposed to the subject of the manufacturer terminal 300, the privacy of the subject who provided the data can be safely protected.
사용자 데이터 공유장치(400)는 대상 기기에 탑재되어 사용자 데이터를 수집하는 장치로서, 예컨대, 대상 기기가 냉장고, 세탁기 등의 가전 제품인 경우 내장된 CPU, AP(Application Processor) 등의 프로세서로 이루어질 수 있으나 이에 한정되는 것은 아니며 데이터 수집을 수행하는 모든 종류의 모듈이 채택될 수 있다.The user data sharing device 400 is a device that is mounted on a target device and collects user data. For example, if the target device is a home appliance such as a refrigerator or washing machine, it may be composed of a built-in processor such as a CPU or an application processor (AP). It is not limited to this, and any type of module that performs data collection can be adopted.
예컨대, 대상 기기가 차량인 경우, 사용자 데이터 공유장치(400)는 차량의 CAN(Controller Area Network) 버스와 연결되며, ECU(electronic control unit), MCU(Micro Controller Unit) 또는 다른 하위 제어기와 송수신하여 데이터를 수집할 수 있다.For example, if the target device is a vehicle, the user data sharing device 400 is connected to the vehicle's CAN (Controller Area Network) bus and transmits and receives data from an ECU (electronic control unit), MCU (Micro Controller Unit) or other lower-level controller. Data can be collected.
사용자 데이터 공유장치(400)는 수집된 데이터를 프라이빗 데이터와 기기 상태 데이터로 구분하여 수집 및 저장할 수 있다. 사용자 데이터 공유장치(400)는 데이터 소유 단말기(200)로부터 데이터 요청을 수신하는 경우 기저장된 제조자 단말기(300)의 제2 공개키를 기초로 프라이빗 데이터를 암호화하며, 암호화된 프라이빗 데이터와 암호화하지 않은 기기 상태 데이터를 제1 사용자 데이터로서 데이터 소유 단말기(200)에 제공할 수 있다.The user data sharing device 400 can collect and store the collected data by dividing it into private data and device status data. When receiving a data request from the data-owning terminal 200, the user data sharing device 400 encrypts the private data based on the pre-stored second public key of the manufacturer terminal 300, and separates the encrypted private data and the unencrypted data. Device status data may be provided to the data-owning terminal 200 as first user data.
사용자 데이터 공유장치(400)는 데이터 소유 단말기(200)와 유선 또는 무선 통신을 수행할 수 있다. 예컨대, 사용자 데이터 공유장치(400)는 데이터 소유 단말기(200)와 USB 통신, 블루투스(Bluetooth), RFID(Radio Frequency Identification), 적외선 통신(IrDA, infrared Data Association), UWB(Ultra Wideband), 지그비(ZigBee) 등의 통신 기술을 사용할 수 있어, 어느 하나의 통신 방식에 한정되지 아니한다.The user data sharing device 400 may perform wired or wireless communication with the data owning terminal 200. For example, the user data sharing device 400 communicates with the data-owning terminal 200 through USB communication, Bluetooth, Radio Frequency Identification (RFID), infrared data association (IrDA), Ultra Wideband (UWB), and ZigBee ( Communication technologies such as ZigBee can be used, so it is not limited to any one communication method.
도 2는 본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법을 설명하기 위한 도면이다.Figure 2 is a diagram for explaining a user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
도 2를 참조하면, 데이터 처리 플랫폼 서버(100)는 자료처리를 위한 스마트 계약(SC)을 생성하여 블록체인(BC)에 배포할 수 있고, 블록체인(BC)의 블록에는 스마트 계약(SC)의 기록되어 블록체인(BC) 상에서 스마트 계약(SC)이 실행될 수 있다. Referring to Figure 2, the data processing platform server 100 can create a smart contract (SC) for data processing and distribute it to the blockchain (BC), and a smart contract (SC) is included in the block of the blockchain (BC). is recorded so that a smart contract (SC) can be executed on the blockchain (BC).
스마트 계약(SC)은 제조자 단말기(300)로부터 기설정된 규약에 부합하는 자료처리 요청(QUE1)이 포함된 트랜잭션이 블록체인(BC)에 제공되는 경우 자동으로 계약이 성사되고, 자료처리 요청(QUE1)에 부합하는 자료처리 결과가 반환되는 경우 종료된다.The smart contract (SC) automatically concludes the contract when a transaction containing a data processing request (QUE1) that meets the preset protocol is provided to the blockchain (BC) from the manufacturer terminal 300, and the data processing request (QUE1) ) ends when the data processing results that meet the criteria are returned.
제조자 단말기(300)는 자료처리 결과를 획득하기 위해 스마트 계약(SC)에 부합하는 자료처리 요청(QUE1)을 블록체인(BC)에 제공할 수 있다. The manufacturer terminal 300 can provide a data processing request (QUE1) conforming to a smart contract (SC) to the blockchain (BC) to obtain data processing results.
데이터 처리 플랫폼 서버(100)와 제조자 단말기(300) 사이의 스마트 계약(SC)이 성사되면, 데이터 처리 플랫폼 서버(100)는 자료처리 요청(QUE1)에 응답하여 자료처리 코드와 제1 암호화키를 포함하는 신뢰실행환경을 생성한다. 여기서, 자료처리 코드는 제조자 단말기(300)가 블록체인에 제공한 데이터 처리 모델을 의미할 수 있다.When the smart contract (SC) between the data processing platform server 100 and the manufacturer terminal 300 is established, the data processing platform server 100 sends a data processing code and a first encryption key in response to the data processing request (QUE1). Create a trusted execution environment that includes Here, the data processing code may refer to the data processing model provided by the manufacturer terminal 300 to the blockchain.
신뢰실행환경은 자료처리 코드에 대응하는 데이터 처리를 수행하기 위해, 데이터 소유 단말기(200)로의 데이터 요청(QUE2)을 포함하는 트랜잭션을 생성하여 블록체인(BC)에 기록할 수 있다.In order to perform data processing corresponding to the data processing code, the trusted execution environment can create a transaction including a data request (QUE2) to the data-owning terminal 200 and record it in the blockchain (BC).
데이터 소유 단말기(200)는 신뢰실행환경의 데이터 요청(QUE2)과 함께 기록된 제1 암호화키를 블록체인(BC)으로부터 획득하고, 저장된 제1 사용자 데이터를 제1 암호화키를 이용하여 암호화할 수 있다. 데이터 소유 단말기(200)는 해시값으로 암호화된 데이터를 신뢰실행환경으로 제공하기 위해, 암호화된 제1 사용자 데이터의 해시값(DAT1')이 포함된 트랜잭션을 생성하여 블록체인(BC)에 기록할 수 있다.The data owning terminal 200 can obtain the first encryption key recorded with the data request (QUE2) of the trusted execution environment from the blockchain (BC) and encrypt the stored first user data using the first encryption key. there is. In order to provide data encrypted with a hash value as a trusted execution environment, the data owning terminal 200 creates a transaction containing the hash value (DAT1') of the encrypted first user data and records it in the blockchain (BC). You can.
제조자 단말기(300)는 신뢰실행환경의 데이터 요청(QUE2)과 함께 기록된 제1 암호화키를 블록체인(BC)으로부터 획득할 수 있다. 다만, 이에 한정되는 것은 아니며 스마트 계약 체결시 데이터 처리 플랫폼 서버(100)의 제1 암호화키를 획득할 수도 있다.The manufacturer terminal 300 can obtain the first encryption key recorded along with the data request (QUE2) of the trusted execution environment from the blockchain (BC). However, it is not limited to this, and the first encryption key of the data processing platform server 100 may be obtained when entering into a smart contract.
제조자 단말기(300)는 제1 암호화키를 기초로 제2 암호화키를 암호화하고, 해시값으로 암호화된 제2 암호화키를 신뢰실행환경으로 제공하기 위해 암호화된 제2 암호화키의 해시값(KEY2)이 포함된 트랜잭션을 생성하여 블록체인(BC)에 기록할 수 있다.The manufacturer terminal 300 encrypts the second encryption key based on the first encryption key, and uses a hash value (KEY2) of the encrypted second encryption key to provide the second encryption key encrypted with the hash value as a trusted execution environment. Transactions containing this can be created and recorded on the blockchain (BC).
신뢰실행환경은 데이터 소유 단말기(200)로부터 수집된 데이터가 데이터 처리에 필요한 기준에 부합하는 경우 데이터 처리를 수행할 수 있다. 블록체인(BC)으로부터 획득된 제1 사용자 데이터는 신뢰실행환경의 제1 공개키로 암호화되어 있으므로, 신뢰실행환경은 암호화된 데이터의 해시값(DAT1')을 제1 개인키로 복호화하여 암호화된 프라이빗 데이터와 암호화되지 않은 기기 상태 데이터를 생성할 수 있다.The trusted execution environment can perform data processing when the data collected from the data owning terminal 200 meets the standards required for data processing. Since the first user data obtained from the blockchain (BC) is encrypted with the first public key of the trusted execution environment, the trusted execution environment decrypts the hash value (DAT1') of the encrypted data with the first private key to obtain the encrypted private data. and unencrypted device state data can be generated.
그리고, 신뢰실행환경은 제2 공개키로 암호화된 프라이빗 데이터를 제2 개인키로 복호화한 후, 자료처리 코드에 따라 데이터 처리를 수행할 수 있다.In addition, the trusted execution environment can decrypt the private data encrypted with the second public key with the second private key and then perform data processing according to the data processing code.
데이터 처리가 완료되면, 신뢰실행환경은 제조자 단말기(300)의 제2 공개키를 이용하여 자료처리 결과를 암호화하고, 암호화된 자료처리 결과(RES)를 블록체인에 반환할 수 있다.When data processing is completed, the trusted execution environment can encrypt the data processing results using the second public key of the manufacturer terminal 300 and return the encrypted data processing results (RES) to the blockchain.
스마트 계약(SC)은 자료처리 요청(QUE1)에 부합하는 자료처리 결과(RES)가 반환되면 종료된다. 신뢰실행환경은 블록체인에 자료처리 결과(RES)가 기록되었는지를 확인하여 스마트 계약의 이행이 완료되었음을 확인할 수 있다.The smart contract (SC) is terminated when the data processing result (RES) matching the data processing request (QUE1) is returned. The trusted execution environment can confirm that the execution of the smart contract has been completed by checking whether the data processing result (RES) has been recorded in the blockchain.
자료처리 결과(RES)가 반환되어 스마트 계약(SC)이 종료되는 경우, 데이터 처리 플랫폼 서버(100)에서 실행되는 신뢰실행환경은 파기 모드에 돌입한다. 신뢰실행환경이 파기됨에 따라 자료처리를 위해 데이터 소유 단말기(200)로부터 수신된 데이터도 함께 데이터 처리 플랫폼 서버(100)에서 소거된다.When the data processing result (RES) is returned and the smart contract (SC) is terminated, the trusted execution environment running on the data processing platform server 100 enters destruction mode. As the trusted execution environment is destroyed, the data received from the data-owning terminal 200 for data processing is also deleted from the data processing platform server 100.
제조자 단말기(300)는 블록체인(BC)에 기록된 암호화된 자료처리 결과(RES)를 획득하고, 암호화된 자료처리 결과(RES)를 제2 개인키로 복호화함으로써 자료처리 요청에 부합하는 자료처리 결과를 획득할 수 있다.The manufacturer terminal 300 acquires the encrypted data processing result (RES) recorded in the blockchain (BC) and decrypts the encrypted data processing result (RES) with the second private key to produce a data processing result that meets the data processing request. can be obtained.
도 3은 본 발명의 다른 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법을 설명하기 위한 도면이다.Figure 3 is a diagram illustrating a user data management method using data processing in a smart contract-based trusted execution environment according to another embodiment of the present invention.
도 3을 참조하면, 데이터 처리 플랫폼 서버(100)는 자료처리를 위한 스마트 계약(SC)을 생성하여 블록체인(BC)에 배포할 수 있고, 블록체인(BC)의 블록에는 스마트 계약(SC)의 기록되어 블록체인(BC) 상에서 스마트 계약(SC)이 실행될 수 있다. Referring to FIG. 3, the data processing platform server 100 can create a smart contract (SC) for data processing and distribute it to the blockchain (BC), and a smart contract (SC) is included in the block of the blockchain (BC). is recorded so that a smart contract (SC) can be executed on the blockchain (BC).
스마트 계약(SC)은 제조자 단말기(300)로부터 기설정된 규약에 부합하는 자료처리 요청(QUE1)이 포함된 트랜잭션이 블록체인(BC)에 제공되는 경우 자동으로 계약이 성사되고, 자료처리 요청(QUE1)에 부합하는 자료처리 결과(RES)가 반환되는 경우 종료된다.The smart contract (SC) automatically concludes the contract when a transaction containing a data processing request (QUE1) that meets the preset protocol is provided to the blockchain (BC) from the manufacturer terminal 300, and the data processing request (QUE1) ) ends when a data processing result (RES) that meets the criteria is returned.
제조자 단말기(300)는 자료처리 결과(RES)를 획득하기 위해 스마트 계약(SC)에 부합하는 자료처리 요청(QUE1)을 블록체인(BC)에 제공할 수 있다. The manufacturer terminal 300 can provide a data processing request (QUE1) conforming to a smart contract (SC) to the blockchain (BC) to obtain a data processing result (RES).
데이터 처리 플랫폼 서버(100)와 제조자 단말기(300) 사이의 스마트 계약(SC)이 성사되면, 데이터 처리 플랫폼 서버(100)는 자료처리 요청(QUE1)에 응답하여 자료처리 코드와 제1 암호화키를 포함하는 신뢰실행환경을 생성한다. 여기서, 자료처리 코드는 제조자 단말기(300)가 블록체인(BC)에 제공한 데이터 처리 모델을 의미할 수 있다.When the smart contract (SC) between the data processing platform server 100 and the manufacturer terminal 300 is established, the data processing platform server 100 sends a data processing code and a first encryption key in response to the data processing request (QUE1). Create a trusted execution environment that includes Here, the data processing code may refer to the data processing model provided by the manufacturer terminal 300 to the blockchain (BC).
신뢰실행환경은 자료처리 코드에 대응하는 데이터 처리를 수행하기 위해, 데이터 처리 플랫폼을 통해 데이터 소유 단말기(200)에 데이터 요청(QUE2')을 수행할 수 있다. 즉, 신뢰실행환경은 데이터 처리 플랫폼을 통해 데이터 수집을 위한 데이터 요청(QUE2')을 공개적으로 수행할 수 있다.The trusted execution environment can perform a data request (QUE2') to the data owning terminal 200 through the data processing platform in order to perform data processing corresponding to the data processing code. In other words, the trusted execution environment can publicly perform a data request (QUE2') for data collection through the data processing platform.
데이터 소유 단말기(200)는 데이터 요청(QUE2')에 응답하여 저장된 제1 사용자 데이터(DAT1)를 데이터 처리 플랫폼을 통해 데이터 처리 플랫폼 서버(100)에 제공할 수 있다. 이때, 데이터 소유 단말기(200)는 신뢰실행환경의 제1 암호화키로 데이터(DAT1)를 암호화하여 해시값만을 제공할 수도 있다.The data owning terminal 200 may provide the stored first user data (DAT1) to the data processing platform server 100 through the data processing platform in response to the data request (QUE2'). At this time, the data-owning terminal 200 may encrypt the data (DAT1) with the first encryption key of the trusted execution environment and provide only the hash value.
다만, 제1 사용자 데이터(DAT1)는 암호화된 프라이빗 데이터와 암호화되지 않은 기기 상태 데이터를 포함하고 있기 때문에, 제1 사용자 데이터(DAT1)가 악의적인 공격에 의해 외부에 유출되더라도 민감한 개인 정보는 보호될 수 있다.However, because the first user data (DAT1) includes encrypted private data and unencrypted device state data, sensitive personal information will be protected even if the first user data (DAT1) is leaked to the outside due to a malicious attack. You can.
한편, 제조자 단말기(300)는 스마트 계약(SC) 체결시 또는 그 이후에 데이터 처리 플랫폼 서버로부터 제1 암호화키(KEY1)를 획득하고, 제1 암호화키(KEY1)를 기초로 제2 암호화키를 암호화할 수 있다. 제조자 단말기(300)는 해시값으로 암호화된 제2 암호화키를 신뢰실행환경으로 제공하기 위해, 암호화된 제2 암호화키의 해시값(KEY2)이 포함된 트랜잭션을 생성하여 블록체인(BC)에 기록할 수 있다. 신뢰실행환경은 블록체인(BC)으로부터 암호화된 제2 암호화키의 해시값(KEY2)을 획득한 후, 제1 암호화키를 기초로 제2 암호화키를 복호화할 수 있다.Meanwhile, the manufacturer terminal 300 acquires the first encryption key (KEY1) from the data processing platform server at the time of signing the smart contract (SC) or thereafter, and generates the second encryption key based on the first encryption key (KEY1). It can be encrypted. In order to provide a second encryption key encrypted with a hash value as a trusted execution environment, the manufacturer terminal 300 creates a transaction containing the hash value (KEY2) of the encrypted second encryption key and records it in the blockchain (BC). can do. The trusted execution environment can obtain the hash value (KEY2) of the second encryption key encrypted from the blockchain (BC) and then decrypt the second encryption key based on the first encryption key.
신뢰실행환경은 데이터 소유 단말기(200)로부터 수집된 제1 사용자 데이터(DAT1)가 데이터 처리에 필요한 기준에 부합하는 경우 데이터 처리를 수행할 수 있다. The trusted execution environment can perform data processing when the first user data (DAT1) collected from the data owning terminal 200 meets the standards required for data processing.
하지만, 제1 사용자 데이터(DAT1)에 포함된 기기 상태 데이터와 프라이빗 데이터 중 프라이빗 데이터는 제2 공개키로 암호화되어 있으므로, 신뢰실행환경은 암호화된 프라이빗 데이터를 제2 개인키를 이용하여 복호화한 후, 자료처리 코드에 따라 데이터 처리를 수행할 수 있다.However, since the private data among the device state data and private data included in the first user data (DAT1) is encrypted with the second public key, the trusted execution environment decrypts the encrypted private data using the second private key, Data processing can be performed according to the data processing code.
데이터 처리가 완료되면, 신뢰실행환경은 제조자 단말기(300)의 제2 공개키를 이용하여 자료처리 결과를 암호화하고, 암호화된 자료처리 결과(RES)를 블록체인에 반환할 수 있다.When data processing is completed, the trusted execution environment can encrypt the data processing results using the second public key of the manufacturer terminal 300 and return the encrypted data processing results (RES) to the blockchain.
데이터 처리 플랫폼 서버(100)와 제조자 단말기(300) 사이의 스마트 계약(SC)은 자료처리 요청(QUE1)에 부합하는 자료처리 결과(RES)가 반환되면 종료된다. 따라서, 자료처리 결과(RES)가 반환되어 스마트 계약(SC)이 종료되는 경우, 데이터 처리 플랫폼 서버(100)에서 실행되는 신뢰실행환경은 파기된다. 신뢰실행환경이 파기됨에 따라 자료처리를 위해 데이터 소유 단말기(200)로부터 수신된 데이터도 함께 데이터 처리 플랫폼 서버(100)에서 소거된다.The smart contract (SC) between the data processing platform server 100 and the manufacturer terminal 300 is terminated when the data processing result (RES) matching the data processing request (QUE1) is returned. Therefore, when the data processing result (RES) is returned and the smart contract (SC) is terminated, the trusted execution environment running on the data processing platform server 100 is destroyed. As the trusted execution environment is destroyed, the data received from the data-owning terminal 200 for data processing is also deleted from the data processing platform server 100.
제조자 단말기(300)는 블록체인(BC)에 기록된 암호화된 자료처리 결과(RES)를 획득하고, 암호화된 자료처리 결과(RES)를 제2 개인키로 복호화함으로써 자료처리 요청에 부합하는 자료처리 결과를 획득할 수 있다.The manufacturer terminal 300 acquires the encrypted data processing result (RES) recorded in the blockchain (BC) and decrypts the encrypted data processing result (RES) with the second private key to produce a data processing result that meets the data processing request. can be obtained.
도 4는 본 발명의 실시 예에 따른 데이터 소유 단말기의 제1 사용자 데이터 획득 방법을 설명하기 위한 도면이다. 도 4에는 본 발명의 실시 예에 따른 대상 기기의 일 예로서 차량(CAR)이 도시되어 있으나, 이에 한정되는 것은 아니며 대상 기기는 차량 이외에 TV, 냉장고 등 가전 제품일 수도 있다.Figure 4 is a diagram for explaining a method of acquiring first user data of a data-owning terminal according to an embodiment of the present invention. In Figure 4, a vehicle (CAR) is shown as an example of a target device according to an embodiment of the present invention, but the target device is not limited to this and the target device may be a home appliance such as a TV or refrigerator in addition to a vehicle.
도 4를 참조하면, 사용자 데이터 공유장치(400)는 대상 기기인 차량(CAR)에 탑재되어 사용자 데이터를 수집하는 기기로서, 차량(CAR)의 CAN(Controller Area Network) 버스와 연결되어 ECU(electronic control unit), MCU(Micro Controller Unit) 또는 다른 하위 제어기와 데이터를 송수신할 수 있다.Referring to FIG. 4, the user data sharing device 400 is a device that is mounted on a vehicle (CAR), which is a target device, and collects user data. It is connected to the CAN (Controller Area Network) bus of the vehicle (CAR) and connects to the ECU (electronic Control unit), MCU (Micro Controller Unit), or other sub-controllers can transmit and receive data.
사용자 데이터 공유장치(400)는 수집된 데이터를 프라이빗 데이터(I_DAT)와 기기 상태 데이터(P_DAT)로 구분하여 수집 및 저장할 수 있다. The user data sharing device 400 can collect and store the collected data by dividing it into private data (I_DAT) and device status data (P_DAT).
여기서, 프라이빗 데이터(I_DAT)는 차량 소유주의 개인정보, 차량 소유주의 차량 운행 기록, 차량 운행에 따른 방문 장소 기록 등 차량의 운행과 관련된 개인적인 정보를 포함할 수 있다.Here, the private data (I_DAT) may include personal information related to the operation of the vehicle, such as the vehicle owner's personal information, the vehicle owner's vehicle operation record, and records of places visited during vehicle operation.
그리고, 기기 상태 데이터(P_DAT)는 차량의 모델명, 연식, 주행거리, 부품 교체 기록 등 차량의 객관적인 상태를 나타내는 정보를 포함할 수 있다.Additionally, the device status data (P_DAT) may include information representing the objective status of the vehicle, such as the vehicle model name, year, mileage, and parts replacement record.
사용자 데이터 공유장치(400)는 데이터 소유 단말기(200)로부터 데이터 요청을 수신하는 경우 기저장된 제조자 단말기(300)의 제2 공개키를 기초로 프라이빗 데이터를 암호화하며, 암호화된 프라이빗 데이터와 암호화하지 않은 기기 상태 데이터를 제1 사용자 데이터(DAT1)로서 데이터 소유 단말기(200)에 제공할 수 있다.When receiving a data request from the data-owning terminal 200, the user data sharing device 400 encrypts the private data based on the pre-stored second public key of the manufacturer terminal 300, and separates the encrypted private data and the unencrypted data. Device status data may be provided to the data owning terminal 200 as first user data (DAT1).
데이터 소유 단말기(200)는 데이터 처리 플랫폼에 접속할 수 있는 통신 장치로서, 자료처리에 필요한 데이터를 저장하며 저장된 데이터 관리에 필요한 사용자 데이터 관리 어플리케이션이 실행될 수 있다. 데이터 소유 단말기(200)는 사용자 데이터 관리 어플리케이션을 통해 차량(CAR) 내 사용자 데이터 공유장치(400)와 데이터 통신을 수행하고, 제1 사용자 데이터(DAT1)를 수신 및 저장할 수 있다.The data possession terminal 200 is a communication device that can access a data processing platform, stores data necessary for data processing, and can run a user data management application necessary for managing the stored data. The data owning terminal 200 may perform data communication with the user data sharing device 400 in the vehicle (CAR) through a user data management application, and receive and store first user data (DAT1).
데이터 소유 단말기(200)는 암호화된 프라이빗 데이터의 정보를 사용자에게 표시하지 않으며, 암호화되지 않은 기기 상태 데이터의 정보만을 사용자에게 표시할 수 있다. 이는 개인의 민감한 사생활 정보가 외부로 유출되는 것을 원천적으로 차단하기 위함이다.The data-owning terminal 200 does not display information about encrypted private data to the user, and can only display information about unencrypted device state data to the user. This is to fundamentally prevent an individual's sensitive personal information from being leaked to the outside world.
도 5는 본 발명의 다른 실시 예에 따른 데이터 소유 단말기의 제1 사용자 데이터 획득 방법을 설명하기 위한 도면이다. 도 5에는 본 발명의 실시 예에 따른 대상 기기의 일 예로서 냉장고(REF)이 도시되어 있으나, 이에 한정되는 것은 아니다.Figure 5 is a diagram for explaining a method of acquiring first user data of a data-owning terminal according to another embodiment of the present invention. In Figure 5, a refrigerator (REF) is shown as an example of a target device according to an embodiment of the present invention, but the present invention is not limited thereto.
도 5를 참조하면, 사용자 데이터 공유장치(400)는 냉장고(REF)에 탑재되어 사용자 데이터를 수집하는 기기로서, 내장된 CPU, AP(Application Processor) 등의 프로세서로 이루어질 수 있으나 이에 한정되는 것은 아니며 데이터 수집을 수행하는 모든 종류의 모듈이 채택될 수 있다.Referring to FIG. 5, the user data sharing device 400 is a device mounted on a refrigerator (REF) to collect user data. It may be comprised of a processor such as a built-in CPU or an application processor (AP), but is not limited to this. Any kind of module that performs data collection can be adopted.
사용자 데이터 공유장치(400)는 수집된 데이터를 프라이빗 데이터(I_DAT)와 기기 상태 데이터(P_DAT)로 구분하여 수집 및 저장할 수 있다. The user data sharing device 400 can collect and store the collected data by dividing it into private data (I_DAT) and device status data (P_DAT).
여기서, 프라이빗 데이터(I_DAT)는 냉장고(REF)의 소유주의 개인 정보, 주요 사용 시간, 냉장고(REF)에 대한 사용 습관 등 가전 제품을 사용하는 사용자의 대상 기기 사용정보를 포함할 수 있다.Here, the private data (I_DAT) may include target device usage information of the user using the home appliance, such as personal information of the owner of the refrigerator (REF), main usage time, and usage habits for the refrigerator (REF).
그리고, 기기 상태 데이터(P_DAT)는 냉장고(REF)의 모델명, 제조 일자, 제품 스팩 등 냉장고(REF)와 관련된 객관적인 상태 정보를 포함할 수 있다.Additionally, the device status data (P_DAT) may include objective status information related to the refrigerator (REF), such as the model name, manufacturing date, and product specifications of the refrigerator (REF).
사용자 데이터 공유장치(400)는 데이터 소유 단말기(200)로부터 데이터 요청을 수신하는 경우 기저장된 제조자 단말기(300)의 제2 공개키를 기초로 프라이빗 데이터를 암호화하며, 암호화된 프라이빗 데이터와 암호화하지 않은 기기 상태 데이터를 제1 사용자 데이터(DAT1)로서 데이터 소유 단말기(200)에 제공할 수 있다.When receiving a data request from the data-owning terminal 200, the user data sharing device 400 encrypts the private data based on the pre-stored second public key of the manufacturer terminal 300, and separates the encrypted private data and the unencrypted data. Device status data may be provided to the data owning terminal 200 as first user data (DAT1).
데이터 소유 단말기(200)는 데이터 처리 플랫폼에 접속할 수 있는 통신 장치로서, 자료처리에 필요한 데이터를 저장하며 저장된 데이터 관리에 필요한 사용자 데이터 관리 어플리케이션이 실행될 수 있다. 데이터 소유 단말기(200)는 사용자 데이터 관리 어플리케이션을 통해 냉장고(REF) 내 사용자 데이터 공유장치(400)와 데이터 통신을 수행하고, 제1 사용자 데이터(DAT1)를 수신 및 저장할 수 있다.The data possession terminal 200 is a communication device that can access a data processing platform, stores data necessary for data processing, and can run a user data management application necessary for managing the stored data. The data owning terminal 200 may perform data communication with the user data sharing device 400 in the refrigerator (REF) through a user data management application, and receive and store first user data (DAT1).
데이터 소유 단말기(200)는 암호화된 프라이빗 데이터의 정보를 사용자에게 표시하지 않으며, 암호화되지 않은 기기 상태 데이터의 정보만을 사용자에게 표시할 수 있다. 이는 개인의 민감한 사생활 정보가 외부로 유출되는 것을 원천적으로 차단하기 위함이다.The data-owning terminal 200 does not display information about encrypted private data to the user, and can only display information about unencrypted device state data to the user. This is to fundamentally prevent an individual's sensitive personal information from being leaked to the outside world.
도 6은 본 발명의 실시 예에 따른 스마트 계약을 설명하기 위한 도면이다.Figure 6 is a diagram for explaining a smart contract according to an embodiment of the present invention.
도 6을 참조하면, 데이터 처리 플랫폼 서버(100)는 자료처리를 위한 스마트 계약을 생성하여 블록체인이 배포할 수 있고, 제조자 단말기(300)와 스마트 계약이 체결되면 자료처리를 위한 신뢰실행환경을 생성할 수 있다.Referring to FIG. 6, the data processing platform server 100 can create a smart contract for data processing and distribute it to the blockchain, and when a smart contract is concluded with the manufacturer terminal 300, a trusted execution environment for data processing is created. can be created.
데이터 처리 플랫폼 서버(100)는 다수개의 스마트 계약을 생성하여 블록체인에 배포할 수 있는데, 만약 하나의 스마트 계약에 서로 다른 복수의 자료처리가 요청되면 서로 다른 복수의 신뢰실행환경이 생성될 수도 있다.The data processing platform server 100 can create multiple smart contracts and distribute them to the blockchain. If multiple different data processing is requested for one smart contract, multiple different trusted execution environments may be created. .
자료처리를 위해 생성되는 신뢰실행환경은 가상 실행환경으로서, 데이터 처리 플랫폼 서버(100)에서 스마트 계약의 이행을 위해 적어도 하나가 생성될 수 있다. 즉, 블록체인 상에 10개의 스마트 계약이 배포되어 있더라도, 2개의 스마트 계약만 체결된 경우 데이터 처리 플랫폼 서버(100)는 2개의 신뢰실행환경을 실행하여 계약을 이행하게 할 수 있다.The trusted execution environment created for data processing is a virtual execution environment, and at least one may be created in the data processing platform server 100 to execute a smart contract. That is, even if 10 smart contracts are distributed on the blockchain, if only 2 smart contracts are concluded, the data processing platform server 100 can execute the two trusted execution environments to fulfill the contract.
또한, 스마트 계약마다 이행이 정상적으로 완료되는지 여부, 이행기간, 이행방법 등이 모두 상이하게 설정될 수 있으므로, 각 스마트 계약은 계약의 성립 및 이행여부에 따라 생성되고 파기되는 일련의 과정이 독립적으로 이루어진다.In addition, since each smart contract may have different settings for whether performance is completed normally, performance period, and performance method, each smart contract undergoes a series of processes of creation and destruction independently depending on the establishment and performance of the contract. .
예컨대, 데이터 처리 플랫폼 서버(100)는 제1 제조자 단말기(300A)와 제1 스마트 계약(SC1)을 체결하고 제2 제조자 단말기(300B)와 제2 스마트 계약(SC2)을 체결할 수 있다. 데이터 처리 플랫폼 서버(100)는 제1 스마트 계약(SC1)의 체결에 대응하는 제1 신뢰실행환경(VM1)을 생성하고, 제2 스마트 계약(SC2)의 체결에 대응하는 제2 신뢰실행환경(VM2)를 생성할 수 있다. 만약, 블록체인(BC) 상에 제1 및 제2 스마트 계약들(SC1 및 SC2) 외 배포된 스마트 계약이 존재하더라도, 데이터 처리 플랫폼 서버(100)는 체결된 스마트 계약에 한해서만 신뢰실행환경을 실행한다.For example, the data processing platform server 100 may conclude a first smart contract (SC1) with the first manufacturer terminal (300A) and a second smart contract (SC2) with the second manufacturer terminal (300B). The data processing platform server 100 creates a first trusted execution environment (VM1) corresponding to the conclusion of the first smart contract (SC1), and a second trusted execution environment (VM1) corresponding to the conclusion of the second smart contract (SC2). VM2) can be created. Even if there are distributed smart contracts other than the first and second smart contracts (SC1 and SC2) on the blockchain (BC), the data processing platform server 100 executes the trusted execution environment only for the concluded smart contracts. do.
제1 신뢰실행환경(VM1)과 제2 신뢰실행환경(VM2)은 서로 다른 계약 내용을 기초로 생성된 가상머신으로서, 서로 독립적으로 실행되므로 어느 한 신뢰실행환경이 다른 신뢰실행환경에 영향을 주는 것이 불가능하다. 따라서, 제1 신뢰실행환경(VM1)이 계약의 이행에 따라 파기되더라도, 제2 신뢰실행환경(VM2)은 영향을 받지 않고 제2 스마트 계약(SC2)의 내용에 따라 자료처리 과정을 계속하여 수행할 수 있다.The first trusted execution environment (VM1) and the second trusted execution environment (VM2) are virtual machines created based on different contract details and run independently of each other, so one trusted execution environment does not affect the other trusted execution environment. It is impossible. Therefore, even if the first trusted execution environment (VM1) is destroyed according to the performance of the contract, the second trusted execution environment (VM2) is not affected and continues to perform the data processing process according to the contents of the second smart contract (SC2). can do.
이와 같이, 데이터 처리 플랫폼 서버(100)는 스마트 계약마다 독립적으로 실행되는 신뢰실행환경을 이용하여 다수의 스마트 계약들을 동시에 이행할 수 있으며, 침입이 불가능한 독립된 자료처리 공간을 사용함으로써 데이터가 유출되거나 혼용되는 위험을 방지할 수 있다.In this way, the data processing platform server 100 can execute multiple smart contracts simultaneously using a trusted execution environment that is independently executed for each smart contract, and by using an independent data processing space that is impossible to intrude, data may be leaked or mixed. risks can be prevented.
도 7은 본 발명의 실시 예에 따른 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법을 설명하기 위한 흐름도이다.Figure 7 is a flowchart illustrating a user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
도 7을 참조하면, 데이터 처리 플랫폼 서버(100)에서 실행되는 신뢰실행환경은 블록체인(BC) 상에 배포된 스마트 계약에 따라 제조자 단말기(300)로부터 수신된 자료처리 요청에 응답하여 생성될 수 있고, 자료처리 코드와 암호화키를 포함할 수 있다(S100). Referring to FIG. 7, the trusted execution environment running on the data processing platform server 100 can be created in response to a data processing request received from the manufacturer terminal 300 according to a smart contract distributed on a blockchain (BC). and may include data processing code and encryption key (S100).
그리고, 신뢰실행환경은 제1 암호화키에 의해 암호화된 제1 사용자 데이터를 데이터 소유 단말기(200)로부터 획득할 수 있는데, 블록체인(BC)에 기록된 해시값을 제1 사용자 데이터로서 획득하거나 데이터 처리 플랫폼을 통해 데이터 소유 단말기(200)로부터 직접 수신할 수 있다(S110).In addition, the trusted execution environment can obtain the first user data encrypted by the first encryption key from the data-owning terminal 200, and obtain the hash value recorded in the blockchain (BC) as the first user data or the data Data can be received directly from the data owning terminal 200 through the processing platform (S110).
그리고, 신뢰실행환경은 제1 암호화키를 기초로 암호화된 제1 사용자 데이터를 1차적으로 복호화할 수 있다. 즉, 신뢰실행환경은 제1 암호화키 중 제1 공개키를 이용하여 암호화된 제1 사용자 데이터를 복호화할 수 있고, 암호화되지 않은 제1 사용자 데이터를 생성할 수 있다(S120).And, the trusted execution environment can primarily decrypt the first user data encrypted based on the first encryption key. That is, the trusted execution environment can decrypt the encrypted first user data using the first public key among the first encryption keys and generate unencrypted first user data (S120).
그리고, 신뢰실행환경은 제조자 단말기(300)의 제2 암호화키를 기초로 제1 사용자 데이터를 2차적으로 복호화하여 프라이빗 데이터를 생성할 수 있다(S130). 즉, 신뢰실행환경은 제1 사용자 데이터 중 암호화된 프라이빗 데이터를 제조자 단말기(300)의 제2 개인키를 이용하여 복호화할 수 있다.And, the trusted execution environment can generate private data by secondarily decrypting the first user data based on the second encryption key of the manufacturer terminal 300 (S130). That is, the trusted execution environment can decrypt the encrypted private data among the first user data using the second private key of the manufacturer terminal 300.
그리고, 신뢰실행환경은 복호화된 프라이빗 데이터를 자료처리 코드에 따라 처리하여 자료처리 결과를 생성할 수 있으며(S140), 자료처리에 필요한 경우 제1 사용자 데이터 중 기기 상태 데이터도 자료처리 코드에 따라 처리하여 자료처리 결과를 생성할 수 있다.In addition, the trusted execution environment can generate data processing results by processing the decrypted private data according to the data processing code (S140), and if necessary for data processing, device status data among the first user data is also processed according to the data processing code. Thus, data processing results can be generated.
그리고, 신뢰실행환경은 제조자 단말기(300)의 제2 공개키를 이용하여 자료처리 결과를 암호화하고 블록체인에 반환함으로써, 암호화된 자료처리 결과를 제조자 단말기(300)에 제공할 수 있다(S150).In addition, the trusted execution environment can provide the encrypted data processing results to the manufacturer terminal 300 by encrypting the data processing results using the second public key of the manufacturer terminal 300 and returning them to the blockchain (S150). .
*그리고, 신뢰실행환경은 스마트 계약의 이행이 완료됨에 따라 파기 명령어를 실행하여 파기될 수 있다(S160).*And, the trusted execution environment can be destroyed by executing a destruction command as the implementation of the smart contract is completed (S160).
본 발명의 실시 예와 관련하여 설명된 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법 또는 알고리즘의 단계들은 하드웨어로 직접 구현되거나, 하드웨어에 의해 실행되는 소프트웨어 모듈로 구현되거나, 또는 이들의 결합에 의해 구현될 수 있다. 소프트웨어 모듈은 RAM(Random Access Memory), ROM(Read Only Memory), EPROM(Erasable Programmable ROM), EEPROM(Electrically Erasable Programmable ROM), 플래시 메모리(Flash Memory), 하드 디스크, 착탈형 디스크, CD-ROM, 또는 본 발명이 속하는 기술 분야에서 잘 알려진 임의의 형태의 컴퓨터 판독가능 기록매체에 상주할 수도 있다.The steps of the user data management method or algorithm using data processing of the smart contract-based trusted execution environment described in relation to the embodiment of the present invention are implemented directly in hardware, implemented in a software module executed by hardware, or one of these. It can be implemented by combination. The software module may be RAM (Random Access Memory), ROM (Read Only Memory), EPROM (Erasable Programmable ROM), EEPROM (Electrically Erasable Programmable ROM), Flash Memory, hard disk, removable disk, CD-ROM, or It may reside on any type of computer-readable recording medium well known in the art to which the present invention pertains.
이상에서 본 발명의 실시 예에 관하여 설명하였으나, 본 발명이 속하는 기술분야에서 통상의 지식을 가진 자라면 본 발명의 특허청구범위를 벗어남이 없이 다양하게 변형 실시할 수 있을 것으로 이해된다.Although the embodiments of the present invention have been described above, it is understood that those skilled in the art can make various modifications without departing from the scope of the claims of the present invention.
본 발명에 의하면, 스마트 계약이 종료되는 경우 신뢰실행환경을 파기함과 동시에 저장된 데이터도 소거함으로써, 수집된 데이터가 외부로 유출되는 것을 방지하고, 데이터 처리 플랫폼 서버의 운영 주체에 의한 데이터 열람을 원천적으로 차단하여 데이터 주체의 프라이버시를 보호할 수 있다.According to the present invention, when a smart contract is terminated, the trusted execution environment is destroyed and the stored data is also erased, thereby preventing the collected data from being leaked to the outside and preventing data viewing by the operator of the data processing platform server. You can protect the privacy of data subjects by blocking them.
또한, 본 발명에 의하면, 자동차, TV, 냉장고, 청소기 등 대상 기기에 대한 개인적인 사용정보를 원천적으로 암호화하며 데이터 주체에게도 공개되지 않고, 데이터 주체의 의사에 따라 특정한 분석조건 하에서만 제한적으로 이용함으로써, 차량의 운행과 관련된 개인의 프라이버시를 보호할 수 있다. In addition, according to the present invention, personal usage information on target devices such as cars, TVs, refrigerators, and vacuum cleaners is fundamentally encrypted and is not disclosed to the data subject, and is used only under specific analysis conditions according to the data subject's will. The privacy of individuals related to vehicle operation can be protected.
또한, 본 발명에 의하면, 스마트 계약마다 독립적으로 실행되는 신뢰실행환경을 이용하여 다수의 스마트 계약들을 동시에 이행할 수 있다.Additionally, according to the present invention, multiple smart contracts can be implemented simultaneously using a trusted execution environment that is independently executed for each smart contract.
또한, 본 발명에 의하면, 파기 명령어의 플래그를 블록체인에 기록함으로써, 데이터를 제공받은 신뢰실행환경이 안정적으로 제거되고, 데이터가 외부로 유출되지 않고 안전하게 소거되었음을 보장할 수 있다.In addition, according to the present invention, by recording the flag of the destruction command in the blockchain, it is possible to ensure that the trusted execution environment in which the data was provided is stably removed and that the data is safely erased without being leaked to the outside.
또한, 본 발명에 의하면, 제조자 단말기는 자료처리 필요한 데이터를 직접 수집하거나 처리하지 않고도 원하는 데이터 처리 결과를 얻을 수 있으며, 제조자 단말기에 자료처리에 필요한 데이터가 노출되지 않기 때문에, 데이터를 제공한 주체의 프라이버시를 안전하게 보호할 수 있다.In addition, according to the present invention, the manufacturer's terminal can obtain the desired data processing results without directly collecting or processing the data required for data processing, and since the data required for data processing is not exposed to the manufacturer's terminal, the subject who provided the data is not exposed. Privacy can be safely protected.
Claims (18)
- 블록체인 상에 배포된 스마트 계약에 따라 제조자 단말기로부터 수신된 자료처리 요청에 응답하여 데이터 처리 플랫폼 서버에서 자료처리 코드와 제1 암호화키를 포함하는 신뢰실행환경이 생성되는 단계;Creating a trusted execution environment including a data processing code and a first encryption key in the data processing platform server in response to a data processing request received from the manufacturer terminal according to a smart contract distributed on the blockchain;상기 신뢰실행환경이 상기 제1 암호화키에 의해 암호화된 제1 사용자 데이터를 데이터 소유 단말기로부터 획득하는 단계;obtaining, by the trusted execution environment, first user data encrypted by the first encryption key from a data-owning terminal;상기 신뢰실행환경이 상기 제1 암호화키를 기초로 상기 암호화된 제1 사용자 데이터를 1차적으로 복호화하는 단계;the trusted execution environment primarily decrypting the encrypted first user data based on the first encryption key;상기 신뢰실행환경이 상기 제조자 단말기의 제2 암호화키를 기초로 제1 사용자 데이터를 2차적으로 복호화하여 프라이빗 데이터를 생성하는 단계;generating private data by having the trusted execution environment secondarily decrypt first user data based on a second encryption key of the manufacturer terminal;상기 신뢰실행환경이 상기 프라이빗 데이터를 상기 자료처리 코드에 따라 처리하여 자료처리 결과를 생성하는 단계;The trusted execution environment processes the private data according to the data processing code to generate a data processing result;상기 신뢰실행환경이 상기 자료처리 결과를 상기 제조자 단말기에 제공하는 단계; 및providing, by the trusted execution environment, the data processing results to the manufacturer terminal; and상기 신뢰실행환경이 상기 스마트 계약에 따라 파기되는 단계를 포함하는 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.A user data management method using data processing in a smart contract-based trusted execution environment, including the step of destroying the trusted execution environment according to the smart contract.
- 제1항에 있어서, 상기 신뢰실행환경이 생성되는 단계 이후에, The method of claim 1, wherein after the step of creating the trusted execution environment,상기 신뢰실행환경이 제1 사용자 데이터를 요청하는 트랜잭션을 생성하여 상기 블록체인에 기록하는 단계를 더 포함하는 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.A user data management method using data processing in a smart contract-based trusted execution environment, further comprising the step of the trusted execution environment generating a transaction requesting first user data and recording it in the blockchain.
- 제1항에 있어서,According to paragraph 1,상기 제1 암호화키는 상기 신뢰실행환경의 제1 개인키와 제1 공개키의 쌍으로 이루어진 비대칭키이며, The first encryption key is an asymmetric key consisting of a pair of a first private key and a first public key of the trusted execution environment,상기 제1 공개키는 상기 제1 개인키에 기초하여 생성된 것으로서, 상기 블록체인에서 상기 신뢰실행환경의 어카운트 주소인 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.The first public key is generated based on the first private key, and a user data management method using data processing of a smart contract-based trusted execution environment, which is an account address of the trusted execution environment in the blockchain.
- 제3항에 있어서,According to paragraph 3,상기 암호화된 제1 사용자 데이터는 상기 신뢰실행환경의 상기 제1 공개키에 의해서 암호화된 것인 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.A user data management method using data processing in a smart contract-based trusted execution environment, wherein the encrypted first user data is encrypted by the first public key of the trusted execution environment.
- 제1항에 있어서,According to paragraph 1,상기 제2 암호화키는 상기 제조자 단말기의 제2 개인키와 제2 공개키의 쌍으로 이루어진 비대칭키이며, The second encryption key is an asymmetric key consisting of a pair of a second private key and a second public key of the manufacturer's terminal,상기 제2 공개키는 상기 제2 개인키에 기초하여 생성된 것으로서, 상기 블록체인에서 상기 제조자 단말기의 어카운트 주소인 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.The second public key is generated based on the second private key, and the user data management method uses data processing in a smart contract-based trusted execution environment, which is the account address of the manufacturer terminal in the blockchain.
- 제5항에 있어서,According to clause 5,상기 제1 사용자 데이터는 상기 프라이빗 데이터를 상기 제2 공개키로 암호화한 데이터와 암호화되지 않은 기기 상태 데이터를 포함하는 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.The first user data is a user data management method using data processing in a smart contract-based trusted execution environment where the private data is encrypted with the second public key and includes unencrypted device state data.
- 제6항에 있어서,According to clause 6,상기 프라이빗 데이터는 대상 기기의 소유주의 개인 정보와 상기 소유주의 대상 기기 사용정보를 포함하고, 상기 기기 상태 데이터는 상기 대상 기기의 객관적인 상태를 나타내는 정보를 포함하는 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.The private data includes the personal information of the owner of the target device and the owner's usage information of the target device, and the device status data includes information representing the objective status of the target device. Data processing in a smart contract-based trusted execution environment User data management method used.
- 제1항에 있어서, According to paragraph 1,상기 제1 사용자 데이터는 대상 기기의 사용자 데이터 공유장치에서 상기 데이터 소유 단말기로 전송되어 저장된 데이터인 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.The first user data is data transmitted and stored from the user data sharing device of the target device to the data-owning terminal. A user data management method using data processing in a smart contract-based trusted execution environment.
- 제1항에 있어서, 상기 프라이빗 데이터를 생성하는 단계는,The method of claim 1, wherein generating the private data comprises:상기 신뢰실행환경이 제1 공개키에 의해 암호화된 제2 개인키를 상기 제조자 단말기로부터 획득하는 단계;the trusted execution environment obtaining a second private key encrypted with the first public key from the manufacturer terminal;상기 신뢰실행환경이 제1 개인키를 기초로 상기 암호화된 제2 개인키를 복호화하는 단계; 및decrypting, by the trusted execution environment, the encrypted second private key based on the first private key; and상기 신뢰실행환경이 제2 개인키를 기초로 제1 사용자 데이터를 복호화하여 상기 프라이빗 데이터를 생성하는 단계를 포함하고,The trusted execution environment includes decrypting the first user data based on a second private key to generate the private data,상기 제1 암호화키는 상기 신뢰실행환경의 상기 제1 개인키와 상기 제1 공개키의 쌍으로 이루어진 비대칭키이며, 상기 제2 암호화키는 상기 제조자 단말기의 상기 제2 개인키와 제2 공개키의 쌍으로 이루어진 비대칭키인 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.The first encryption key is an asymmetric key consisting of a pair of the first private key and the first public key of the trusted execution environment, and the second encryption key is the second private key and the second public key of the manufacturer terminal. User data management method using data processing in a smart contract-based trusted execution environment, which is an asymmetric key consisting of a pair of.
- 제1항에 있어서,According to paragraph 1,상기 신뢰실행환경은 상기 스마트 계약이 존속되는 기간 동안에만 유효성을 유지하는 가상 실행환경인 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.A user data management method using data processing in a smart contract-based trusted execution environment, where the trusted execution environment is a virtual execution environment that maintains validity only during the period that the smart contract lasts.
- 제1항에 있어서, 상기 제조자 단말기에 제공하는 단계는, The method of claim 1, wherein the step of providing to the manufacturer terminal,상기 제2 암호화키를 이용하여 상기 자료처리 결과를 암호화하고 상기 블록체인에 반환함으로써, 상기 자료처리 결과를 상기 제조자 단말기에 제공하는 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.A user data management method using data processing in a smart contract-based trusted execution environment that provides the data processing results to the manufacturer terminal by encrypting the data processing results using the second encryption key and returning them to the blockchain.
- 제1항에 있어서, 상기 스마트 계약에 따라 파기되는 단계는,The method of claim 1, wherein the step of destroying according to the smart contract is,파기 명령어를 실행하는 단계; 및executing a destroy command; and상기 자료처리 코드, 상기 제1 사용자 데이터, 및 프라이빗 데이터를 포함하는 신뢰실행환경이 삭제되는 단계를 포함하는 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.A user data management method using data processing in a smart contract-based trusted execution environment, including the step of deleting a trusted execution environment including the data processing code, the first user data, and private data.
- 제12항에 있어서, 상기 파기 명령어를 실행하는 단계는, The method of claim 12, wherein executing the destroy command includes:상기 파기 명령어를 실행하고, 상기 파기 명령어의 실행을 나타내는 플래그를 생성한 후, 상기 플래그를 포함하는 트랜잭션을 생성하여 상기 블록체인에 기록하는 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.A user data management method using data processing in a smart contract-based trusted execution environment that executes the destroy command, generates a flag indicating execution of the destroy command, and then creates a transaction including the flag and records it in the blockchain. .
- 제1항에 있어서,According to paragraph 1,상기 신뢰실행환경은 상기 데이터 처리 플랫폼 서버에서 상기 스마트 계약의 이행을 위해 적어도 하나가 생성되는 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.The user data management method using data processing of a smart contract-based trusted execution environment in which at least one of the trusted execution environments is created in the data processing platform server for execution of the smart contract.
- 제1항에 있어서, 상기 신뢰실행환경이 생성되는 단계는,The method of claim 1, wherein the step of creating the trusted execution environment includes:임의의 자료처리 코드 및 상기 제1 암호화키가 생성되지 않은 원시 신뢰실행환경을 생성하는 단계; 및creating a native trusted execution environment in which no data processing code and the first encryption key are generated; and상기 원시 신뢰실행환경을 기초로 상기 자료처리 요청에 대응하는 상기 자료처리 코드와 상기 제1 암호화키를 포함하는 상기 신뢰실행환경을 생성하는 단계를 포함하는 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.Using data processing of a smart contract-based trusted execution environment, including the step of generating the trusted execution environment including the data processing code and the first encryption key corresponding to the data processing request based on the raw trusted execution environment. How to manage user data.
- 제15항에 있어서, 상기 원시 신뢰실행환경을 생성하는 단계는, The method of claim 15, wherein the step of creating the raw trusted execution environment includes:상기 원시 신뢰실행환경의 제1 이미지 파일을 생성하고, 상기 제1 이미지 파일에 대한 제1 해시값을 생성하고, 상기 제1 해시값을 포함하는 트랜잭션을 생성하여 상기 블록체인에 기록하는 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.Based on a smart contract that generates a first image file of the raw trusted execution environment, generates a first hash value for the first image file, creates a transaction including the first hash value, and records it in the blockchain. User data management method using data processing in a trusted execution environment.
- 제14항에 있어서, 상기 자료처리 요청에 대응하는 상기 자료처리 코드와 상기 제1 암호화키를 포함하는 상기 신뢰실행환경을 생성하는 단계는, The method of claim 14, wherein the step of creating the trusted execution environment including the data processing code and the first encryption key corresponding to the data processing request,상기 신뢰실행환경의 제2 이미지 파일을 생성하고, 상기 제2 이미지 파일에 대한 제2 해시값을 생성하고, 상기 제2 해시값을 포함하는 트랜잭션을 생성하여 상기 블록체인에 기록하는 스마트 계약 기반 신뢰실행환경의 데이터 처리를 이용한 사용자 데이터 관리 방법.Smart contract-based trust that generates a second image file of the trusted execution environment, generates a second hash value for the second image file, creates a transaction including the second hash value, and records it in the blockchain. User data management method using data processing in the execution environment.
- 하나 이상의 프로그램을 저장하는 컴퓨터 판독가능 저장매체로서, 상기 하나 이상의 프로그램은, 전자 장치의 하나 이상의 프로세서에 의해 실행되도록 구성되고, 상기 하나 이상의 프로그램은, 제1항 내지 제17항 중 임의의 한 항의 방법을 수행하기 위한 명령어들을 포함하는 컴퓨터 판독가능 기록매체.A computer-readable storage medium storing one or more programs, wherein the one or more programs are configured to be executed by one or more processors of an electronic device, and the one or more programs are configured to be executed by one or more processors of an electronic device, the one or more programs according to any one of claims 1 to 17. A computer-readable recording medium containing instructions for performing a method.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2022-0147260 | 2022-11-07 | ||
KR1020220147260A KR20240065940A (en) | 2022-11-07 | 2022-11-07 | Method for managing user data using data processing of trust execution environment based on smart contract |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2024101715A1 true WO2024101715A1 (en) | 2024-05-16 |
Family
ID=91032750
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2023/016461 WO2024101715A1 (en) | 2022-11-07 | 2023-10-23 | Method for managing user data by using data processing of trusted execution environment based on smart contract |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR20240065940A (en) |
WO (1) | WO2024101715A1 (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190086172A (en) * | 2018-01-12 | 2019-07-22 | 전북대학교산학협력단 | Method and System for Resource Managing of Clinical Trial using Block Chain |
US20200036519A1 (en) * | 2016-09-29 | 2020-01-30 | Nokia Technologies Oy | Method and apparatus for trusted computing |
KR20200126321A (en) * | 2019-04-26 | 2020-11-06 | 알리바바 그룹 홀딩 리미티드 | How to securely execute smart contract actions in a trusted execution environment |
KR20220125130A (en) * | 2021-03-04 | 2022-09-14 | 주식회사 한컴코드게이트 | Electronic contract processing server that processes electronic contracts between parties by utilizing the two-dimensional code and operating method thereof |
KR20220130429A (en) * | 2021-03-18 | 2022-09-27 | 인하대학교 산학협력단 | Blockchain-based crowdsensing method providing automatic quality verification |
-
2022
- 2022-11-07 KR KR1020220147260A patent/KR20240065940A/en unknown
-
2023
- 2023-10-23 WO PCT/KR2023/016461 patent/WO2024101715A1/en unknown
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200036519A1 (en) * | 2016-09-29 | 2020-01-30 | Nokia Technologies Oy | Method and apparatus for trusted computing |
KR20190086172A (en) * | 2018-01-12 | 2019-07-22 | 전북대학교산학협력단 | Method and System for Resource Managing of Clinical Trial using Block Chain |
KR20200126321A (en) * | 2019-04-26 | 2020-11-06 | 알리바바 그룹 홀딩 리미티드 | How to securely execute smart contract actions in a trusted execution environment |
KR20220125130A (en) * | 2021-03-04 | 2022-09-14 | 주식회사 한컴코드게이트 | Electronic contract processing server that processes electronic contracts between parties by utilizing the two-dimensional code and operating method thereof |
KR20220130429A (en) * | 2021-03-18 | 2022-09-27 | 인하대학교 산학협력단 | Blockchain-based crowdsensing method providing automatic quality verification |
Also Published As
Publication number | Publication date |
---|---|
KR20240065940A (en) | 2024-05-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8918633B2 (en) | Information processing device, information processing system, and program | |
CN107113286B (en) | Cross-device roaming content erase operation | |
WO2021095998A1 (en) | A trusted computing method and system | |
CN1209718C (en) | System and method for operating computer documents and/or programme | |
CN106716914B (en) | Secure key management for roaming protected content | |
US8233627B2 (en) | Method and system for managing a key for encryption or decryption of data | |
WO2020147383A1 (en) | Process examination and approval method, device and system employing blockchain system, and non-volatile storage medium | |
WO2018151390A1 (en) | Internet of things device | |
WO2021075867A1 (en) | Method for storing and recovering key for blockchain-based system, and device therefor | |
WO2020050424A1 (en) | BLOCK CHAIN-BASED SYSTEM AND METHOD FOR MULTIPLE SECURITY AUTHENTICATION BETWEEN MOBILE TERMINAL AND IoT DEVICE | |
WO2020189926A1 (en) | Method and server for managing user identity by using blockchain network, and method and terminal for user authentication using blockchain network-based user identity | |
US8145895B2 (en) | Information transmission apparatus and method, information reception apparatus and method, and information-providing system | |
WO2020189927A1 (en) | Method and server for managing identity of user by using blockchain network, and method and terminal for authenticating user by using user identity on basis of blockchain network | |
WO2020022700A1 (en) | Secure element for processing and authenticating digital key and operation method therefor | |
WO2023146308A1 (en) | System for controlling network access on basis of controller, and method therefor | |
WO2021060720A1 (en) | Blockchain system supporting change in plain text data included in transaction | |
CN115065472B (en) | Security chip encryption and decryption method and device based on multi-key encryption and decryption | |
CN102986162A (en) | License dynamic management method, device and system based on TCM or TPM | |
WO2019182377A1 (en) | Method, electronic device, and computer-readable recording medium for generating address information used for transaction of blockchain-based cryptocurrency | |
WO2019098790A1 (en) | Electronic device and method for transmitting and receiving data on the basis of security operating system in electronic device | |
WO2020111517A1 (en) | Server and method for identifying integrity of application | |
WO2024101715A1 (en) | Method for managing user data by using data processing of trusted execution environment based on smart contract | |
WO2021020918A1 (en) | Method for providing logical internal network, and mobile terminal and application for implementing same | |
WO2020218708A1 (en) | Method for encrypting and decrypting prescription information for providing home rehabilitation service, and doctor terminal | |
WO2020171466A1 (en) | Electronic device, and authentication method in electronic device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 23888978 Country of ref document: EP Kind code of ref document: A1 |