• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The present invention relates to a method of anonymized storage of personal data and a method of managing access to these data. The anonymization of the data is done by making independent, through the use of a chain of blocks, the identifiers of data sources and users on the one hand, and personal data on the other hand. The personal data is stored at addresses indexed by their hashed values in a first database (115) and the identifiers are stored with their corresponding access profiles in a second database (145). The link between these two independent databases is provided by cryptographic elements recorded in the register of the block chain (150).
    公开号:FR3079323A1
    申请号:FR1852591
    申请日:2018-03-26
    公开日:2019-09-27
    发明作者:Christine Hennebert
    申请人:Commissariat a lEnergie Atomique CEA;Commissariat a lEnergie Atomique et aux Energies Alternatives CEA;
    IPC主号:
    专利说明:

    METHOD AND SYSTEM FOR ACCESSING ANONYMISED DATA
    DESCRIPTION
    TECHNICAL AREA
    The present invention relates generally to a method of accessing personal data, such as that from connected objects. It also relates to the field of block chains (blockchains) and more particularly those which allow the execution of intelligent contracts (smart contracts).
    PRIOR STATE OF THE ART
    The General Data Protection Regulation (GDPR) 2016/679 must enter into force in May 2018. This requires in particular (art. 25) that technical measures be taken from the design of an information system to guarantee the protection of personal data and the restriction of their access according to the specific purpose of each processing.
    In particular, it is necessary to protect access to data which could reveal the behavior or lifestyle of a given user. Thus, for example, the data collected by a network of sensors intended to measure the electricity consumption and / or the water consumption of a user of a loT system (Internet ofThings) could betray his hours of presence at his home and the make them significantly more vulnerable to intrusion.
    Two methods can be used to protect personal data and respect the privacy of users (privacy):
    anonymization of data, i.e. storing and, where appropriate, processing personal data without the possibility of directly or indirectly identifying the person to whom this data belongs;
    data confidentiality, achieved by encrypting personal data using an encryption key.
    The protection of personal data can be obtained either by concealing the identity of the owners of the data or by concealing the data which belongs to them, or even by combining the two techniques in question.
    Anonymization was mainly used for the transport of data. Thus, for example, the fact of hiding or replacing the information located in the message headers (the “metadata”) used for routing frames in a VPN network, makes it impossible to determine the identity of the sender and the recipient of these frames.
    Confidentiality by encryption of data is the most widely used method in the field of loT systems. The data from the sensors are then encrypted using a symmetric cryptography algorithm, the symmetric keys being previously distributed using an asymmetric key infrastructure. The user with access rights can access the personal data thus encrypted and decrypt it with the corresponding symmetric key.
    The article by G. Zyskind et al, entitled “Decentralizing privacy: using blockchain to protect personal data”, published in Security and Privacy Workshop (SPW), pp. 180-184, May 2015, proposes to decentralize the protection of personal data using a blockchain. Access management calls on the one hand for an access control transaction storing the identity of the user and his access authorizations in the block chain and, on the other hand, for a data transaction storing the encrypted data in a distributed manner in the nodes of the network by means of a distributed hash table (DHT). This solution, although no longer requiring a centralized trusted third party, is based on confidentiality of data by encryption.
    The object of the present invention is to provide a method and a system for accessing personal data which make it possible to protect this data by simple anonymization and do not require the use of a trusted third party. The object of the present invention also relates to a method of storing personal data anonymously.
    STATEMENT OF THE INVENTION
    The present invention is defined by a method of anonymized storage of personal data, said personal data belonging to a data owner and being provided by a data generating device, said personal data being intended to be stored in a first database hosted by a data server, the data generator device being connected to the data server by means of a first secure channel, the data generator device and the data server, being interfaced with a blockchain, said method comprising the following steps :
    the data generator generates fingerprints of said data by means of a hash function and registers said fingerprints in the block chain by calling a first intelligent contract (#Print) deployed in this chain, said fingerprints being recorded in the block chain in connection with access parameters;
    the data generator transmits said fingerprints and associated data to the data server via the first secure channel;
    the data server consults the blockchain to read there fingerprints recorded, a data being stored in the first database at an address indexed by its fingerprint if this fingerprint is registered in the blockchain, and not being stored in the first database if this fingerprint is not registered in the block chain.
    According to a variant, the data are stored in the clear in the first database.
    In one embodiment, the data generating device is a border device of a network of sensors, the border device collecting raw data from these sensors via a gateway.
    Said data are advantageously collected in the form of frames, each frame associated with a sensor comprising a header containing the identifier of the sensor and a payload containing raw data from the sensor, the imprint of the raw data being stored in the block chain in relationship with said sensor identifier.
    Advantageously, the following steps are planned:
    (a) an access token server generates access tokens for different users, an access token of a user representing the access rights of this user to personal data for a predetermined use, the token of said user access being identified by a token identifier and transmitted, by means of a second transaction, to a second smart contract (WSubscribe) stored in the blockchain, the second smart contract recording the access token in the chain of blocks;
    (b) a terminal of said user transmits, by means of a third transaction, an access authorization request identified by an authorization request identifier, to a third intelligent contract (WAuthorize) stored in the block chain, the third smart contract interrogating the first smart contract and obtaining the access token by providing it with cryptographic elements making it possible to authenticate the user, then determining whether the access conditions contained in the token are well fulfilled and, if so , recording the access authorization in the block chain;
    (c) the terminal of said user transmits an access request to the data server, the access request comprising said access authorization request identifier, the data server interrogating the third smart contract by providing it with said access identifier. access authorization request, the third intelligent contract returning the token corresponding to this request to the data server if an access authorization corresponding to the identifier of the authorization request is indeed recorded in the block chain;
    (d) the data server reads the fingerprints corresponding to the access parameters specified in the access token obtained in step (c) from the block chain, reads the personal data stored in the first database at the addresses indexed by the fingerprints thus read, and transmits the personal data thus read to the terminal of said user.
    Said access parameters typically include the identifier of a sensor.
    The cryptographic elements typically include a public key of the user as well as a wallet address obtained by hashing said public key.
    According to an advantageous alternative embodiment, before step (b) the token identifier is transmitted to the user's terminal.
    Furthermore, in step (b), the access authorization request can be recorded in the block chain.
    Finally, the access token preferably comprises a first field containing the token identifier, a second field containing an identifier of the user, a third optional field containing an identifier of the owner of the personal data, a fourth optional field containing address of the first contract, and a fifth field containing the access parameters.
    BRIEF DESCRIPTION OF THE DRAWINGS
    Other characteristics and advantages of the invention will appear on reading a preferred embodiment of the invention, with reference to the attached figures among which:
    Fig. 1 schematically represents an information system without a trusted third party centralized, to which the method of anonymizing personal data according to the invention may apply;
    Fig. 2 schematically represents a method of anonymizing personal data for a centralized trusted third party information system, according to one embodiment of the invention;
    Fig. 3 schematically represents the main steps of a method of access to anonymized personal data by the method of FIG. 1;
    Fig. 4 schematically represents the architecture of a first information system implementing the anonymization method of personal data according to FIG. 2 and the method of access to this data according to FIG. 3;
    Fig. 5 schematically represents the messages and transactions exchanged in the system of FIG. 4;
    Fig. 6 schematically represents the architecture of a second information system implementing the anonymization method of personal data according to FIG. 1 and the method of access to this data according to FIG. 2;
    Figs. 7A and 7B schematically represent the messages and transactions exchanged in the information system of FIG. 6.
    DETAILED PRESENTATION OF PARTICULAR EMBODIMENTS
    A first idea underlying the invention is to record personal data in a database anonymously, at addresses indexed by their associated fingerprints.
    By personal data, we mean any information relating to an identified or identifiable natural person, directly or indirectly. This personal data can in particular come from connected devices (sensors of a loT network) located in the environment of the natural person (home for example). To guarantee the privacy of individuals and in particular users of a loT network, it is necessary to protect access to this personal data. In other words, it should not be possible for a third party to be able to access this personal data without having previously obtained the authorization of the corresponding natural person. This natural person will be designated in the following as the owner of the personal data.
    A second idea underlying the present invention is to use an information system without a central security server. The traditional role of the security server is devolved here to smart contracts executed from a block chain (blockchain) / a distributed ledger secured by an automated trust protocol.
    It is recalled that a block chain consists of blocks chained by a cryptographic mechanism at regular time intervals. Chaining is obtained by inserting a hash value (hash) from the previous block, obtained by a hash function (such as SHA-256 for example), into the content of the current block. The blockchain forms a register which is distributed and replicated to all nodes on the network. These can interact with the blockchain and use its content. The integrity of the information included in the blocks of the chain is guaranteed by cryptographic functions.
    We will consider in the following a blockchain capable of storing not only transactions (as in Bitcoin) but also of executing the code of intelligent contracts (smart contracts). An example of such a blockchain is Ethereum. A smart contract is a software code that can be stored in a block of the distributed register. This software code can be addressed by a determined address and can include several functions. The execution of a function of the smart contract or the contract itself can be triggered by sending a transaction sent from a wallet address (also called account address in Ethereum) to the address of the code in question, the transaction comprising the identification of the function to execute and the arguments expected as input.
    Fig. 1 schematically represents an information system without a trusted third party centralized, to which the method of anonymizing personal data according to the invention may apply.
    Personal data is generated by a data generator device 130, for example an edge device of an loT network collecting sensor data or a terminal capable of providing data entered by means of a data interface. GUI type. The data is structured in the form of frames (or files). The data generator 130 is also adapted to calculate fingerprints of these frames (or of these files) by means of a hash function.
    Represented at 120 is the terminal (for example a smartphone, a tablet or a computer) of a user wishing to access personal data. This user can be a natural person or an automaton in the form of software hosted in the terminal in question. This personal data may be that of the user himself or, more often, that of a third party who has authorized access to it. As we will see below, the personal data are stored anonymously in a first database 145 hosted by the data server 140. The user's terminal 120 can communicate with the data server 140 by means of a secure link 147.
    The information system further comprises an access rights generating device, 110, in the form of an access token server connected to a second database 115 in which the access profiles are stored. of different users. The access rights generating device is responsible for generating access tokens for users with an access profile in the second database. Each access token generated for a user contains the access rights of this user, in accordance with the corresponding access profile. The access rights generating device is also responsible for updating the access profiles of the different users, in particular for their creation, modification or deletion.
    If necessary, the system can also involve the owner of the personal data, so that he can express his consent (or his refusal of consent), when the access profile of a user requires to collect the consent of the data owner.
    Once the access token has been generated and, if necessary, the consent of the owner of the data obtained, the user may be granted authorization to access personal data. The user can then avail himself of this authorization from the data server to effectively access the personal data in question.
    The various elements of the system, namely the access token server, 110, the user terminal, 120, the data generator device, 130 and the data server, 140, have an interface enabling them to interact with the blockchain 150. Each element has at least one wallet, identified by a wallet address. This wallet address is generally obtained by hashing the public key of a public key / private key pair belonging to this element. The pair of public key / private key comes from an asymmetric cryptography system, such as a cryptography system on elliptical curves.
    As we will see later, the operations performed by the various elements of the system call for smart contracts (or even a single smart contract grouping together all of their respective functions). These smart contracts are stored in the distributed register of the blockchain.
    The blockchain makes it possible to guarantee the proper execution of security functions and in particular the authentication of the various elements of the system. It also makes it possible to control the generation of data fingerprints, the allocation of access rights to users and the issue of access authorization in their favor.
    Verification of the proper execution of these smart contracts is entrusted to verifying nodes 190 of the network which validate the result of their execution according to a consensus mechanism, for example by means of a proof of work, proof of stake (proof ofstake), proof of authority (proofofauthority) or any other type of proof ensuring trust between the distributed elements of the network if the blockchain is private.
    Fig. 2 schematically represents a method of anonymizing personal data for a centralized information system without trusted third parties, according to one embodiment of the invention.
    For reasons of simplification, only certain elements of the information system have been represented. The data anonymization method involves several steps detailed below.
    In a first step 211, the personal data are collected and the fingerprints of these data are calculated by the data generator device 130. A data fingerprint is obtained, by hashing the payload of the frame, after elimination of the header . Indeed, the header of a frame generally contains information making it possible to trace the identity of the owner of the data, such as an identifier of the source of the data. The hash is performed by a hash function belonging for example to the SHA-2 or SHA-3 family with a footprint size which can typically range from 256 to 1024 bits. The footprint thus calculated represents a condensate of the raw data contained in the payload of the frame in question.
    In a second step 212, the fingerprints are recorded in the block chain, 150. The recording is carried out using a first smart contract (#Print), after the latter has authenticated the generator of data. The execution of this contract is initiated by a transaction sent from the wallet of the data generating device.
    This first transaction has as arguments the identifier of the data generating device (the wallet address of the border device), the fingerprint (of the data frame or of the data file) to be saved, the access parameters and, where appropriate, the location for example in the form of a URL, of the resource where the data are stored (this argument can be omitted when the system comprises only one first database). The access parameters can for example contain the identifier of the sensor from which the data is taken.
    If necessary, the first transaction includes the payment of a price in cryptocurrency to a wallet address of a third party, for example of the company having deployed the sensors or that of an administrator.
    In a third step, 213, the collected data frames and their respective fingerprints are transmitted, via a secure channel, to the data server, to be stored in the first database, at the location indicated (URL for example).
    Before storing a data frame, the data server consults at 214 the distributed register to verify whether the corresponding fingerprint is indeed present in the block chain. If this fingerprint is not present, the corresponding data frame is not stored. If, on the other hand, it is actually present, the data frame is stored in the first database at an address indexed by its fingerprint. It is therefore understood that the data are stored anonymously in the first database.
    Fig. 3 schematically represents the main steps of a method of access to personal data, previously anonymized by means of the method of FIG. 2.
    This access method essentially has three phases. Only certain elements of the information system were represented in the different phases.
    The first phase (phase I) concerns the generation of access rights for different users and their registration in the block chain.
    The access token server ll Generates tokens representing the access rights of different users to personal data. A token relates to a user for a predetermined use. It is defined by a structured set of data comprising several fields and must conform to the access profile specified in the first database.
    The structure of an access token is detailed below.
    A first field contains a token identifier (for example a randomly drawn number), TokUID.
    A second field contains the identifier of the user (or of the automaton, or even of the connected object), owner of the token. This identifier is generally the user's wallet address. However, when different users are likely to have the same wallet address (case of Ethereum where the wallet address includes only 180 bits of the fingerprint (256-bit hash obtained by SHA-256) of the public key obtained), this second field may also include the user's public key.
    A third field contains the identifier of the owner of the personal data. This third field is optional and may be omitted when the owner of the personal data can be deduced unequivocally from the user identifier. As before, in the event of a possible collision between wallet addresses, the third field may also include the public key of the data owner.
    A fourth field includes the address of the #Print contract (or even the WAuthorize contract which will be discussed later). This field is optional since the data server will be able to receive these addresses outside the block chain.
    A fifth field includes the access parameters: an identifier of the data source, an identifier of the access rule and of the use case authorized under this access rule. This set of parameters characterizes the authorized access.
    An optional sixth field gives the expiration date of the token. If necessary, this field can also indicate if the token has been revoked (boolean variable).
    An optional seventh field indicates whether the data owner has given their consent for the use for which the token is intended (boolean variable).
    An optional eighth field indicates whether the amount, if any, associated with the use of the token has been paid.
    The order of the different fields can of course differ from one implementation to another. Other fields may also be envisaged by those skilled in the art without departing from the scope of the present invention.
    The access token server has a wallet address (also known as an account address in Ethereum) @ walletTokserver from which it can send transactions to the blockchain. This wallet address is obtained by hashing its public key using a hash function (such as SHA-256 for example).
    In step 311, the access token server receives the access profiles of the users for the various uses envisaged.
    In step 312, the access token server transmits a second transaction to a second smart contract (#Subscribe), stored in the blockchain at a predetermined account address. This transaction is based on an access token in the above format for the use case in question.
    The access rights server uses a particular function of the #Subscribe contract which contains a locking script (scriptLockPolicy #n where n indexes the use case) associated with the use case considered. This lock script registers the token in the distributed register of the blockchain.
    If applicable, the second transaction includes the payment of a price in cryptocurrency to the owner of the personal data.
    In addition, the owner of personal data may be required to provide his consent to the consultation of personal data, either outside the blockchain (for example by means of a mandate contract signed by the parties), or through the block chain. The consent granted to a user is generally linked to a particular access profile. When consent is to be obtained through the blockchain, that consent is entered into the blockchain using a #Consent smart contract (not shown).
    The access token server 110 then notifies in 313 (notification outside the block chain) to the user that a token in his favor has been created and stored in the block chain and communicates to him the identifier of the token thus created. , TokUID.
    The user is then able to consult the distributed register of the block chain at 314 to read there, from his wallet address (@ walletUser), the token thus stored.
    The proper execution of the #Subscribe and #Consent smart contracts, the registration of the token and, where appropriate, the consent of the owner of the personal data, are verified and validated by the verifying nodes 190, on the basis of the aforementioned consensus mechanism.
    The second phase (Phase II) concerns the issuance by the user of a request for authorization to access personal data and the authorization granted in return, if applicable.
    The user wishing to obtain an authorization to access the owner's personal data issues, in a first step 321, a transaction (hereinafter referred to as the third transaction), from the wallet address @ walletUser and intended for third smart contract (#Authorize) stored in the blockchain. This transaction is identified by an access authorization request identifier in the form of a serial number, IdReq # p, generated by the user.
    The third transaction has as argument the public key of the user {PublicKey), the identifier of the access authorization request (IdReq # p), and a digital signature of the transaction (SigNum) using the private key of the user. By digital signature is meant a cryptographic element making it possible to verify that the author of the transaction is indeed the one identified by the public key. For example, when the blockchain is Ethereum, the digital signature can be provided by the sign function of the Ethereum "util" library.
    The third transaction uses a special function of the #Authorize smart contract, playing the role of unlocking script (scriptUnlockPolicy #n where n indexes the use case) corresponding to the contract locking script, # Subscribe.
    The unlocking script calls in 322 the first smart contract, #Subscribe, by supplying it with the identifier of the token, TokUID. Using this identifier, the #Subscribe smart contract finds the token and transmits it in 323 to the #Authorize smart contract. The unlock script uses the cryptographic elements provided by the user, namely the user's public address, PublicKey, as well as the digital signature of the transaction, SigNum, to unlock the token. If the cryptographic elements correspond to those indicated in the locking script, the token is unlocked and, if it is still valid, an access authorization (AuthZ) is stored in the blockchain with the identifier of the request. access authorization (IdReq # p). This access authorization contains the identifier of the token for which it was granted.
    On the other hand, if the cryptographic elements do not correspond to those expected or if the token is expired, no access authorization is stored in the distributed register of the block chain.
    If applicable, the third transaction will include the payment of an amount in cryptocurrency to compensate the access service and / or the owner of the personal data. The payment of the price may constitute a condition to be fulfilled for obtaining authorization. Payment can be made by the user by means of the third transaction.
    The access authorization includes, if applicable, the parameters for the validity of this authorization: validity period, maximum number of consultations, etc.
    The user is then able to consult the distributed register and read the authorization granted and under what conditions, in 324.
    Again, the proper execution of the #Authorize and #Subscribe smart contracts, unlocking the token, conditions of use, payment of the required price, registration of the access authorization are verified and validated by the nodes verifiers, 190, on the basis of the aforementioned consensus mechanism.
    The third phase (Phase III) concerns actual access to personal data.
    The user transmits at 331, by means of his terminal 120, a request for access to personal data, intended for the data server, 110, via the secure channel, 147. This request includes the identifier of the request for access authorization, IdReq # p.
    The data server then interrogates the second intelligent contract #Authorize by providing it with the access authorization request identifier, IdReq # p in 332. The #Authorize contract verifies that an access authorization corresponding to the number has been successfully has been granted to the user and, in the affirmative, interrogates in 333 the first intelligent contract #Subscribe and obtains in 334 the corresponding token (i.e. the token whose identifier TokUID appears in the authorization d 'access). The #Authorize contract returns, in 335, the token in question to the data server.
    The data server extracts the access parameters and in particular the identifier of the data source from the token. In 336 it interrogates the #Print contract and in 337 retrieves the fingerprints of the data from this source as well as the URL where these data are stored.
    At the URL thus obtained, the data server reads the personal data stored there at the addresses indexed by the fingerprints.
    The data in the database can be stored in encrypted or clear form. When encrypted, the encryption keys can be stored in a digital safe (“secure element”). The access server can access the safe and read the appropriate encryption key to decrypt the data at the address specified by the fingerprint.
    If necessary, if several fingerprints are specified, the personal data read can be aggregated by the data server, before their transmission. In general, the server can carry out a processing on the data thus read before transmitting them to the user.
    In step 338, the data server transmits to the user, via the secure channel, the personal data extracted, after having aggregated them if necessary.
    Fig. 4 schematically represents the architecture of a first information system implementing the anonymization method of personal data according to FIG. 1 and the method of access to this data according to FIG. 3
    In this information system, personal data is provided by connected objects. As an illustration, the connected objects considered here can be sensors for electricity or water consumption in apartments, geolocation sensors, etc.
    The connected objects, 433, are connected to an edge device, 430, via a gateway, 431.
    Objects can form a local network, 435, according to different topologies (star or mesh for example) by communicating via a wireless protocol (WiFi, Bluetooth, BLE, ZigBee, 6L0WPAN, LoRaWAN, SigFox, X3D, EnOcean ...) or a wired protocol (Ethernet or KNX for example). These objects can carry sensors. They can also be constrained in resources, remote and autonomous.
    The gateway 431 has the function of ensuring the interface between the network of connected objects and the border device 430.
    The boundary device, 430, plays the role of a data generator here. It transmits data generated via a first secure channel (typically by an SSH or SSL / TLS protocol), 437, to the data server 440. The border device 430 is equipped with a blockchain interface (BKC) allowing the transmission of fingerprints blockchain data to be saved there using the “#Print” smart contract.
    If necessary, the border device 430 can be integrated into the gateway 431.
    The data server 440 hosts the first database 445 in which the personal data are stored anonymously. Each data frame or set of data is stored in a resource pointed by a URL, at an address indexed by its fingerprint. The data server is also equipped with an interface with the blockchain allowing it to consult the distributed register and in particular to read the access authorizations of users.
    The user terminal, 420 (in practice a client application hosted in this terminal, a smartphone for example), or even a PLC, can connect to the data server 440 via a secure channel 447, to transmit authorization requests to it access as explained in phase II of Fig. 3.
    He can read his access tokens via the “ttSubscribe” smart contract and transmit a request for authorization to access the “ttAuthorize” smart contract.
    The access token server, 410, hosts the "profile" files for users and data sources, 410. Access rights are granted by the access token server, 415, if necessary after collecting the consent of the data owners. It should be noted that the owners of the data can also be users in the previous sense.
    The access token server can communicate with the blockchain and register the access tokens representing the access rights using the registration function of the smart contract "ttSubscribe".
    Conventionally, blocks in the blockchain are validated using a distributed consensus protocol and mined by mining nodes on the basis of proof of work or even proof of authority for private blockchains. The validation of the blocks makes it possible to guarantee the legitimacy, integrity and immutability of the information recorded in the distributed register.
    Each network node with a copy of the block chain (fullnode) can execute smart contracts. Verification of the correct execution of a smart contract is the responsibility of minors or a set of verifier nodes (for example by means of the TrueBit protocol described in the article by J. Teutsch and C. ReitwieRner entitled "A scalable verification solution for blockchains »), The decision of good execution being taken by consensus.
    Advantageously, the execution of smart contracts will require the expenditure of an amount in cryptocurrency (sum in gas on Ethereum), in other words the transactions using these contracts may provide for a payment in cryptocurrency, which will dissuade denial of service attacks.
    Similarly, the verification of the proper execution of contracts may be remunerated in cryptocurrency.
    The distributed register storing the blockchain makes it possible to manage the identifiers of the various actors of the system (the data generator device, the data server, the access token server, the users) and to ensure the link between them without breach of confidentiality. In particular, it makes the link between the personal data stored anonymously in the first database, the access tokens generated according to the user profile sheets, and the access authorizations issued. It thus guarantees by construction (privacy by design) the protection of personal data.
    The blockchain makes it possible to ensure the traceability of anonymized data (storage of fingerprints), user access rights, authorizations which are issued to them and ensures the security of the whole in a distributed manner between all the nodes of the network. .
    The authorization of access to data for the benefit of a user is the result of a verification consensus. Each minor node or verifier of the network can indeed execute the intelligent contract "WSubscribe" with the elements of an access request recorded by a user in the blockchain and check if the authorization issued is indeed valid.
    Fig. 5 schematically represents the messages and transactions exchanged in the information system of FIG. 4.
    Columns have been assigned to the different actors in the system of Fig. 5, namely the data generator (border device), 430, the user (or the machine), 420, the access token server, 410, the data server, 440, and the block chain , 450, support for various smart contracts.
    The data collection and recording phase is shown in 510. This phase implements the data anonymization method as described in relation to FIG. 2.
    The boundary device extracts the payload data from the frames and calculates by means of a hash function the imprint of this data. To register a data fingerprint in the blockchain, the border device forms a transaction having as arguments the fingerprint of the data to be recorded as well as the address of the resource where it is stored (URL of the database or of resource for example) and sends the digitally signed transaction using their private key from their wallet address, @walletEdge.
    The signed transaction is transmitted in 511 to the smart contract "#Print" with the address @SC ttPrint in the block chain. The smart contract authenticates the data sender (using their public key) by verifying that the @walletEdge wallet address is indeed part of a list of legitimate border devices (white list). If so, the fingerprint is recorded in the block chain in association with the location of the resource.
    In parallel, the border device transmits in 512 the raw data and their corresponding fingerprint to the data server for storage in the first database at the address of the resource. The data server then puts the storage request on hold and consults the register distributed from its wallet address, @walletDataServer to check for the presence of the fingerprint of the data it has just received. If the registration of the fingerprint in the block chain is confirmed, that is to say that the fingerprint is indeed contained in a mined block, attached to the chain, the data server 440 proceeds to write the data raw in the first database, to an address indexed by the fingerprint of the data in question. More specifically, the data associated with a fingerprint is stored, within the resource, at an address which is provided unequivocally by the fingerprint. This allows the raw data to be found later and, if necessary, to verify their integrity.
    The data collection and recording phase is followed by phases I, II and III of the access method.
    Phase 520 corresponds to phase I of FIG. 3, that is to say the generation of the access rights (represented by the access tokens) of the different users and their recording in the block chain.
    Access rights are based on access rules (“policy”) indicating which user can access which data under which conditions (context) for which action (purpose, data processing) and optionally for what amount (price to be paid to the various actors and in particular to the owner). The generation of access rights is also based on "profile" files pre-recorded in the second database by an administrator. The second database contains the "profile" files for users, mentioning in particular their role in the system, as well as the "profile" files for devices authorized to generate data for the information system.
    The access token server can directly generate access rights for users (for example if these users own the data to which they wish to access or because their consent is implicit or derives from a legal obligation) or else require the express consent of the owner of the data in question. In the second case, the consent may for example be collected in electronic form by an exchange between the administrator and the owner of the data via a secure channel. Alternatively, consent can be registered next to the "token" in the blockchain registry.
    The access token server generates an access token according to the corresponding profile stored in the second database for the benefit of a user (in this case user #a) or of an automaton. It forms a transaction having as argument the access token and signs it digitally with its private key before sending it in 521, from its wallet address, @walletAccessRight, to the address @SC ttSubscribe of the contract "WSubscribe", more precisely to the address of the lock script it contains. This contract registers the access token in the blockchain.
    Furthermore, the access token server signifies in 522 to the user, by a message or a notification, that new access rights have just been allocated to him.
    The user is then able to read, in 523, from his wallet address, @walletUser #a, the token recorded in the distributed register of the block chain.
    Phase 530 corresponds to phase II of the access method of FIG. 3. It is assumed here that the preliminary phase of collection and the first phase of generation of access rights have been previously carried out.
    In 531, a user can avail himself of the access rights (materialized by an access token) which he has to request and, if necessary, obtain an authorization to access personal data.
    This access authorization request is assigned by the user an IDreq identifier.
    The user #a requests an access authorization using a transaction comprising elements making it possible to verify his identity and his access token. This transaction is issued in 531 from the user's wallet address, @walletUser a #, and includes at least as arguments the request identifier, IDreq and the token identifier, TokUID. After signing this transaction using their private key, the user sends it to the function corresponding to the script for unlocking the smart contract "WAuthorize" stored in the block chain at @ SC # Authorize.
    When the smart contract "WAuthorize" is executed by a node (minor or verifier), the user is identified by means of his wallet address, the unlocking script verifies, using the user's public key, that the token belongs to the user and that the access token is valid (for example if it is expired or not). If the verification is positive, the unlocking script provides an authorization specifying for what use it is granted. Otherwise, authorization is refused.
    When the authorization is granted, the number of the access request, IDreq, is recorded in the block chain by the verifier (or minor) nodes. On the other hand, if the authorization is refused, no registration takes place and the blockchain register containing the states remains unchanged.
    Thus, the authorization in question can be easily verified by all the actors interacting with the block chain. In addition, if a cost is associated with the granting of this authorization, a transaction representing a transfer of amount in cryptocurrency may be issued (for example to the wallet address of the owner of the personal data and / or that of the access rights administrator).
    Phase 540 corresponds to phase III of the access method of FIG. 3.
    This phase includes the actual access to personal data, the possible processing of this data by the data server and the transmission of the result to the user who requested the access.
    The user transmits in 541 to the data server, via the second secure channel (therefore outside the block chain), an access request having as argument the identifier of the authorization previously obtained, IDreq. This request is digitally signed using the user's private wallet key.
    The data server then consults in 542 the block chain from its wallet address, @walletDataServer, in order to read the presence (existence) of the authorization bearing the IDreq number.
    The data server verifies that the access authorization has been granted to user #a for the IDreq request and retrieves the access token corresponding to this authorization.
    It extracts the identifier of the data source from the token and queries the #Print contract to retrieve the URL of the resource and the data fingerprints.
    The data server then reads the personal data stored at the addresses indexed by the data fingerprints, in the resource pointed to by the URL.
    If necessary, the server performs a processing on the data thus read (for example an aggregation of data), the processing being defined by the use appearing in the authorization previously read in the block chain. The result of the processing is then transmitted in 543 to the user via the second secure channel.
    Fig. 6 schematically represents the architecture of a system for managing access to personal data according to a second embodiment of the invention.
    Without loss of generality, the second embodiment will be illustrated in a case of use of the management of access to medical data (patient file) by health professionals (epidemiologists for example).
    In this embodiment, the data does not come from connected objects and collected by a border device but generated by a data generator device, 630, such as the terminal of a healthcare professional Pro b # (attending physician, laboratory medical analyzes, etc.).
    The information system comprises a data server 640 hosting a first database 645 in which the medical data in the clear are stored, each data frame (or data file) being stored at an address indexed by its fingerprint.
    The practitioner's terminal, 630, is connected to the data server, 640, by means of a first secure channel, 635. Similarly, a user device, 620, for example the terminal of a healthcare professional wishing to access medical data, is connected to the data server 640 by means of a second secure channel, 647.
    Each of the actors in the system, namely the user device, the data generator, the data server, includes a BKC interface allowing it to interact with the blockchain 650 from a wallet address.
    As in the first embodiment, the interactions of these actors with the blockchain call on the “#Print”, “WSubscribe” and “WAuthorize” smart contracts described above.
    Figs. 7A and 7B schematically represent the messages and transactions exchanged in the information system of FIG. 6.
    The different actors of the information system are represented in columns: the data generator (eg terminal of Pro b #, such as that of the attending physician), 630, the terminal of the owner of the medical data (patient), the user device (e.g. Pro a # terminal), 620, access rights generator (e.g. College Council terminal), 610, data server, 640, and blockchain, 650, support for the execution of smart contracts (“#Print”, “WSubscribe” and “WAuthorize”).
    In this second information system, the access rights recording phase, 1020, precedes the anonymized data recording phase, 1010. This is necessary here insofar as the access generator (Pro bit) must have previously obtained a write access profile so that personal data can be saved in the first database.
    In phase 1020, the data generator Pro b # and the user Pro a # transmit to the administrator the elements allowing them to be identified and to verify the authenticity of their qualifications (diploma, professional card, etc.). These elements are entered in the form of electronic files, for example.
    Once these elements have been verified, the access token server generates for the data generator Pro b # and the user, Pro a #, access tokens (in write and read respectively) from the profiles stored in the second database. For each of them, it forms a transaction sent from the wallet address of the access rights generating device, @walletAccessRight, containing the access token, then signs this transaction with its private key before transmitting it in 1021 to the address of the @SC WSubscribe registration function of the "WSubscribe" contract.
    This contract records access tokens in the blockchain. The access rights administrator then notifies (in 1022-1 and 1022-2) the data generator Pro b # and the healthcare professional, Pro a #, that they have just been granted new access rights. They collect their respective access tokens in 1023-1 and 1023-2 by consulting the register at the address of the smart contract "WSubscribe".
    In the collection and recording phase 1010, the data generator Pro b # calculates a data fingerprint (for example the fingerprint of a disease data file) and forms a transaction sent from its wallet address, @walletPro b #, including the fingerprint in question, its location in the form of the URL of the resource for example, and, for example, as an access parameter, the identifier of the disease. This transaction is transmitted in 1011 to the address block chain of the recording function @SC #Print of the first intelligent contract "#Print".
    The first smart contract verifies the identity of the Pro b # data generator, if successful, unlocks a write access authorization and then records this authorization in the block chain.
    In 1011-2, the data generator also transmits a request for consent to the owner of the data (patient). The owner's terminal responds by sending a blockchain transaction in 1011-3 by calling the first intelligent contract "#Print". This records the patient's consent in the block chain.
    In addition, the data generator, Pro b #, transmits in 1012 the data (disease data file) as well as the corresponding fingerprints to the data server. This verifies the existence of the write access authorization (of the data generator) and of the consent (of the patient) by consulting, in 1023, the first intelligent contract.
    If the verification is successful, the server saves the data at the addresses indexed by their corresponding fingerprints. Advantageously, the data is time-stamped before being stored. As in the previous embodiment, the data can be stored in clear or encrypted. In the second case, the data server decrypts them on the fly before transmitting them on the second secure channel.
    The data access authorization request phase, 1030, assumes that the first and second phases have been previously executed.
    The Pro a # user (healthcare professional wishing to analyze the data) can request an authorization to access medical data (corresponding to a given disease). This access authorization request is assigned by the user an IDreq identifier.
    The Pro user # requests access authorization (read) using a transaction sent from their wallet address, @ walletPro a #, and including as arguments the identifier of the authorization request, IDreq , and the identifier of its access token (TokUID). After signing this transaction using his private key, the user transmits it in 1031 to the intelligent contract "WAuthorize" registered in the block chain at the address @SC WAuthorize.
    The smart contract "WAuthorize" executes an unlocking script delivering an access authorization if the identity of the user (@walletPro a #) is legitimate, if he is the owner of the token identified by TokUlD and that the token access is valid. If the verification is successful, the unlocking script provides an authorization to access the resource according to the access rule.
    Otherwise, the authorization is refused and nothing is recorded in the block chain.
    As in the first embodiment, the contract is executed by the verifying nodes (or miners) of the network who verify its correct behavior during its execution. In case of consensus between the verifiers on the result of the execution of the contract, the authorization is recorded in the block chain.
    In the data access phase, 1040, the user transmits at 141 to the data server, via the second secure channel, an access request having as argument the request identifier IDreq.
    The data server then consults the blockchain by issuing in 1042, from the wallet address of the data server, @walletDataServer, a transaction comprising the identifier of the authorization request, IDreq, and the identifier of the token (TokUlD). The data server checks that the access authorization has been granted to the user @walletPro a # for the IDreq request, that the consent of the owner (patient) of the data is well recorded, retrieves the address of the contract #Print in the token and reads the fingerprints associated with the data source specified in the access token.
    The data server then reads the data stored in the first database at the addresses indexed by the data fingerprints.
    If necessary, the server performs processing on the data thus read. For example, it can combine multiple data from different sources. It can also only be authorized to process or disclose a part of the data read (accessed), the processing being defined by the use appearing in the token previously read in the block chain.
    The result of the processing is then transmitted in 1043 to the user Pro a # via the second secure channel.
    权利要求:
    Claims (10)
    [1" id="c-fr-0001]
    1. Method for anonymized storage of personal data, said personal data belonging to a data owner and being supplied by a data generating device, said personal data being intended to be stored in a first database hosted by a data server, the data generator device being connected to the data server (140) by means of a first secure channel (147), the data generator device and the data server, being interfaced to a block chain (190), characterized in what:
    the data generator generates fingerprints of said data by means of a hash function and registers (212) said fingerprints in the block chain by calling a first smart contract (#Print) deployed in this chain, said fingerprints being recorded in the blockchain in relation to access parameters;
    the data generator transmits (213) said fingerprints and associated data to the data server via the first secure channel;
    the data server consults (214) the block chain to read recorded fingerprints there, a data item being stored in the first database at an address indexed by its fingerprint if this fingerprint is registered in the block chain, and n ' not being stored in the first database if this fingerprint is not registered in the block chain.
    [2" id="c-fr-0002]
    2. Method for anonymized storage of personal data according to claim 1, characterized in that the data are stored in the clear in the first database.
    [3" id="c-fr-0003]
    3. Method for anonymized storage of personal data according to claim 1 or 2, characterized in that the data generating device is a border device (430) of a network (435) of sensors (433), the border device (430) collecting raw data from these sensors via a gateway (431).
    [4" id="c-fr-0004]
    4. Method for anonymized storage of personal data according to claim 3, characterized in that said data are collected in the form of frames, each frame associated with a sensor comprising a header containing the identifier of the sensor and a payload containing raw data of the sensor, the imprint of the raw data being stored in the block chain in relation to said identifier of the sensor.
    [5" id="c-fr-0005]
    5. Method for managing access to personal data comprising an anonymized storage of this data according to one of the preceding claims, characterized in that:
    (a) an access token server generates access tokens for different users, an access token of a user representing the access rights of this user to personal data for a predetermined use, the token of access of said user being identified by a token identifier and transmitted (312), by means of a second transaction, to a second smart contract (WSubscribe) stored in the blockchain, the second smart contract recording the access token in the block chain;
    (b) a terminal of said user (120) transmits, by means of a third transaction, an access authorization request (321) identified by an authorization request identifier, to a third intelligent contract (WAuthorize) stored in the blockchain, the third smart contract interrogating (322) the first smart contract and obtaining the access token (353) by providing it with cryptographic elements making it possible to authenticate the user, then determining whether the access conditions contained in the token are well filled and, if so, recording the access authorization in the blockchain;
    (c) the terminal of said user transmits an access request to the data server (331), the access request comprising said access authorization request identifier, the data server interrogating (332) the third intelligent contract by providing it with said access authorization request identifier, the third intelligent contract returning (335) to the data server the token corresponding to this request if an access authorization corresponding to the identifier of the authorization request is well recorded in the blockchain;
    (d) the data server reads (336,337) in the block chain the fingerprints corresponding to the access parameters specified in the access token obtained in step (c), reads the personal data stored in the first database data to the addresses indexed by the fingerprints thus read, and transmits (338) the personal data thus read to the terminal of said user.
    [6" id="c-fr-0006]
    6. Method for managing access to personal data according to claim 5, characterized in that said access parameters include the identifier of a sensor.
    [7" id="c-fr-0007]
    7. Method for managing access to personal data according to claim 5 or 6, characterized in that the cryptographic elements comprise a public key of the user as well as a wallet address obtained by hashing of said public key.
    [8" id="c-fr-0008]
    8. Method for managing access to personal data according to one of claims 5 to 7, characterized in that, before step (b) the token identifier is transmitted (313) to the terminal of the user.
    [9" id="c-fr-0009]
    9. Method for managing access to personal data according to one of claims 5 to 8, characterized in that in step (b) the access authorization request is recorded in the block chain.
    [10" id="c-fr-0010]
    10. Method for managing access to personal data according to one of claims 5 to 9, characterized in that the access token has a first field containing the token identifier, a second field containing an identifier of the user, an optional third field containing an identifier of the owner of the personal data, an optional fourth field containing the address of the first contract, and a fifth field containing the access parameters.
    类似技术:
    公开号 | 公开日 | 专利标题
    EP3547202B1|2021-10-20|Method for access to anonymised data
    EP3547203A1|2019-10-02|Method and system for managing access to personal data by means of an intelligent contract
    TWI725793B|2021-04-21|System and method for mapping decentralized identifiers to real-world entities
    JP2020009500A|2020-01-16|Data security service
    US10601789B2|2020-03-24|Session negotiations
    EP3343425B1|2019-03-06|System and method for the creation and management of decentralized authorizations for connected objects
    US10348700B2|2019-07-09|Verifiable trust for data through wrapper composition
    KR20180114942A|2018-10-19|Method and system for protecting computer software using distributed hash tables and block chains
    US9674156B2|2017-06-06|Event-triggered release through third party of pre-encrypted digital data from data owner to data assignee
    JP6678457B2|2020-04-08|Data security services
    US9300639B1|2016-03-29|Device coordination
    FR3041798A1|2017-03-31|IMPROVED AUTHENTICATION METHOD AND DEVICE
    JP2021536698A|2021-12-27|Method and device for managing user identification authentication data
    WO2021101632A1|2021-05-27|Know your customer | and anti-money laundering | verification in a multi-decentralized private blockchains network
    Ullah et al.2013|TCLOUD: A Reliable Data Storage Architecture for Cloud Computing
    同族专利:
    公开号 | 公开日
    EP3547202B1|2021-10-20|
    FR3079323B1|2020-04-17|
    US20190294822A1|2019-09-26|
    US11093643B2|2021-08-17|
    EP3547202A1|2019-10-02|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US20110010563A1|2009-07-13|2011-01-13|Kindsight, Inc.|Method and apparatus for anonymous data processing|
    WO2018019364A1|2016-07-26|2018-02-01|NEC Laboratories Europe GmbH|Method for controlling access to a shared resource|
    US20180060496A1|2016-08-23|2018-03-01|BBM Health LLC|Blockchain-based mechanisms for secure health information resource exchange|
    CA3031133A1|2016-07-18|2018-01-25|Royal Bank Of Canada|Distributed ledger platform for vehicle records|
    WO2018058441A1|2016-09-29|2018-04-05|Nokia Technologies Oy|Method and apparatus for trusted computing|
    CH714242B1|2018-03-12|2019-04-15|Corner Banca Sa|Method and system for generating federated user-identity identities.|
    US20210012013A1|2019-07-11|2021-01-14|Battelle Memorial Institute|Blockchain applicability framework|US11170128B2|2019-02-27|2021-11-09|Bank Of America Corporation|Information security using blockchains|
    US11240003B2|2019-03-26|2022-02-01|International Business Machines Corporation|Consent-based data management|
    WO2019120326A2|2019-03-29|2019-06-27|Alibaba Group Holding Limited|Managing sensitive data elements in a blockchain network|
    US11088828B2|2019-07-18|2021-08-10|Advanced New Technologies Co., Ltd.|Blockchain-based data evidence storage method and apparatus|
    US11252166B2|2019-07-31|2022-02-15|Advanced New Technologies Co., Ltd.|Providing data authorization based on blockchain|
    US20200169407A1|2019-07-31|2020-05-28|Alibaba Group Holding Limited|Blockchain-based data authorization method and apparatus|
    US11057189B2|2019-07-31|2021-07-06|Advanced New Technologies Co., Ltd.|Providing data authorization based on blockchain|
    FR3101454A1|2019-09-30|2021-04-02|Bpce|A method of allowing a user to access an organization's blockchain|
    US20210377028A1|2020-05-27|2021-12-02|Securrency, Inc.|Method, apparatus, and computer-readable medium for secured data transfer over a decentrlaized computer network|
    PL434845A1|2020-07-29|2022-01-31|Dicella Spółka Z Ograniczoną Odpowiedzialnością|Method and system for securing data, especially data from biotechnology laboratories|
    法律状态:
    2019-03-29| PLFP| Fee payment|Year of fee payment: 2 |
    2019-09-27| PLSC| Search report ready|Effective date: 20190927 |
    2020-03-31| PLFP| Fee payment|Year of fee payment: 3 |
    2021-03-30| PLFP| Fee payment|Year of fee payment: 4 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1852591|2018-03-26|
    FR1852591A|FR3079323B1|2018-03-26|2018-03-26|METHOD AND SYSTEM FOR ACCESSING ANONYMISED DATA|FR1852591A| FR3079323B1|2018-03-26|2018-03-26|METHOD AND SYSTEM FOR ACCESSING ANONYMISED DATA|
    EP19164910.2A| EP3547202B1|2018-03-26|2019-03-25|Method for access to anonymised data|
    US16/363,546| US11093643B2|2018-03-26|2019-03-25|Method and system for accessing anonymized data|
    [返回顶部]