BPDIMS:A Blockchain-based Personal Data and Identity Management System

Faber, Benedict; Michelet, Georg Cappelen; Weidmann, Niklas; Mukkamala, Raghava Rao; Vatrapu, Ravi

doi:10.24251/hicss.2019.821

Cited by 73 publications

(35 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the context of the personal data management, a c-ID of a dataset m comprises an asymmetric key pair of the DS, an asymmetric key pair the DC, and an asymmetric key pair of the data pointer (denoted as p m ) of m. As the data usage policy depends on the requester's role (i.e., DS, DC, or DP), the way we define c-ID specifies the entities associated with m, and simplifies the process of verification. Any digital signature scheme such as Digital Signature Algorithm (DSA) or Elliptic Curve Digital Signature Algorithm (ECDSA) 10 can be used to generate and manage the c-ID, which is formally defined as a triple of probabilistic polynomial-time algorithms (G, S, V):…”

Section: ) Identity Managementmentioning

confidence: 99%

See 1 more Smart Citation

GDPR-Compliant Personal Data Management: A Blockchain-Based Solution

Truong

Sun

Lee

et al. 2020

IEEE Trans.Inform.Forensic Secur.

230

100

View full text Add to dashboard Cite

The General Data Protection Regulation (GDPR) gives control of personal data back to the owners by appointing higher requirements and obligations on service providers who manage and process personal data. As the verification of GDPRcompliance, handled by a supervisory authority, is irregularly conducted; it is challenging to be certified that a service provider has been continuously adhering to the GDPR. Furthermore, it is beyond the data owner's capability to perceive whether a service provider complies with the GDPR and effectively protects her personal data. This motivates us to envision a design concept for developing a GDPR-compliant personal data management platform leveraging the emerging blockchain and smart contract technologies. The goals of the platform are to provide decentralised mechanisms to both service providers and data owners for processing personal data; meanwhile, empower data provenance and transparency by leveraging advanced features of the blockchain technology. The platform enables data owners to impose data usage consent, ensures only designated parties can process personal data, and logs all data activities in an immutable distributed ledger using smart contract and cryptography techniques. By honestly participating in the platform, a service provider can be endorsed by the blockchain network that it is fully GDPR-compliant; otherwise, any violation is immutably recorded and is easily figured out by associated parties. We then demonstrate the feasibility and efficiency of the proposed design concept by developing a profile management platform implemented on top of the Hyperledger Fabric permissioned blockchain framework, following by valuable analysis and discussion.

show abstract

Section: ) Identity Managementmentioning

confidence: 99%

“…Hash is a type of the data pointer used in a content-addressed storage system such as DHT, IPFS, and Stoij 10. https://en.wikipedia.org/wiki/Elliptic Curve Digital Signature Algorithm…”

mentioning

confidence: 99%

GDPR-Compliant Personal Data Management: A Blockchain-Based Solution

Truong

Sun

Lee

et al. 2020

IEEE Trans.Inform.Forensic Secur.

230

100

View full text Add to dashboard Cite

show abstract

“…A consortium blockchain makes data more private [57] by restricting access to it to selected organizations [58]. The Blockchain-based Personal Data and Identity Management System (BPDIMS) [59] is a proposed solution that uses multiple blockchains to share personal data-whereas the blockchain is publicly-visible, contributions to it are permissioned. Grishin et al [60] achieve a similar model using the Exonum [61] blockchain.…”

Section: Blockchain In Healthcarementioning

confidence: 99%

“…In the case of My Health My Data, which plans to store consent information in the blockchain, this characteristic clashes with the GDPR to the point that the right to erasure is not planned to be offered to patients [72]. However, the general trend of storing data offchain helps make existing or prospective systems more compliant [59]. For example, MedRec is primarily a blockchain solution, but it stores sensitive personal information in a more traditional, centralized off-chain database from wherein data can be removed.…”

Section: Blockchain In Healthcarementioning

confidence: 99%

Dwarna: a blockchain solution for dynamic consent in biobanking

et al. 2019

View full text Add to dashboard Cite

Dynamic consent aims to empower research partners and facilitate active participation in the research process. Used within the context of biobanking, it gives individuals access to information and control to determine how and where their biospecimens and data should be used. We present Dwarna-a web portal for 'dynamic consent' that acts as a hub connecting the different stakeholders of the Malta Biobank: biobank managers, researchers, research partners, and the general public. The portal stores research partners' consent in a blockchain to create an immutable audit trail of research partners' consent changes. Dwarna's structure also presents a solution to the European Union's General Data Protection Regulation's right to erasure-a right that is seemingly incompatible with the blockchain model. Dwarna's transparent structure increases trustworthiness in the biobanking process by giving research partners more control over which research studies they participate in, by facilitating the withdrawal of consent and by making it possible to request that the biospecimen and associated data are destroyed.

show abstract

“…Igor et al propose the use of blockchain technology to ensure the integrity of files on the cloud. Hashes of the files are added on the blockchain as a reference of the change [25]. Though the authors do not deal directly with personal data, the files may contain personal data, indicating a change in personal data whenever a new hash is posted.…”

Section: Blockchain For Data Integritymentioning

confidence: 99%

Managing Gender Change Information on Immutable Blockchain in Context of GDPR

Shahaab¹,

Maude²,

Hewage³

et al. 2020

The JBBA

View full text Add to dashboard Cite

The transgender community faces serious socioeconomic predicaments due to the discrepancy that its members face between their current gender expression and the assigned gender identity at birth. Even though, a considerable amount of work has been done to protect their basic human rights such as security, equality and social acceptance; trans people are still large victims of hate-related crimes. With general data protection regulation (GDPR) and other data protection laws and policies in place, now it is ever more important to protect the confidentiality of gender change information as well as to establish technical solutions that can prevent from inferring any sense of gender change from historical data. In this context, distributed ledger technologies such as blockchain present great opportunities for information integrity, security, privacy and access. However, at the same time provenance information extracted from immutable blockchain can be exploited to infer gender change. Addressing this paradox here, we propose recommendations for managing gender change information in the blockchain environment in the context of the present socio-political, legislative and technical challenges associated with gender change.

show abstract

BPDIMS:A Blockchain-based Personal Data and Identity Management System

Cited by 73 publications

References 20 publications

GDPR-Compliant Personal Data Management: A Blockchain-Based Solution

GDPR-Compliant Personal Data Management: A Blockchain-Based Solution

Dwarna: a blockchain solution for dynamic consent in biobanking

Managing Gender Change Information on Immutable Blockchain in Context of GDPR

Contact Info

Product

Resources

About