[go: up one dir, main page]

WO2020002366A1 - Decentralised data management - Google Patents

Decentralised data management Download PDF

Info

Publication number
WO2020002366A1
WO2020002366A1 PCT/EP2019/066900 EP2019066900W WO2020002366A1 WO 2020002366 A1 WO2020002366 A1 WO 2020002366A1 EP 2019066900 W EP2019066900 W EP 2019066900W WO 2020002366 A1 WO2020002366 A1 WO 2020002366A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
blockchain
transaction
encrypted
data item
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2019/066900
Other languages
French (fr)
Inventor
Chunming Rong
Antorweep CHAKRAVORTY
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bityoga As
Original Assignee
Bityoga As
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bityoga As filed Critical Bityoga As
Priority to EP19734743.8A priority Critical patent/EP3814971A1/en
Publication of WO2020002366A1 publication Critical patent/WO2020002366A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/108Transfer of content, software, digital rights or licenses
    • G06F21/1086Superdistribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key

Definitions

  • the present invention generally relates to the field of human-centered computing.
  • the present invention specifically relates to the fields of social networking sites, collaborative and social computing devices, collaborative and social computing devices, security and privacy, cryptography, and database and storage security.
  • Disruptive technologies has led the computing space towards a decentralized, autonomous, and distributed paradigm. Users are also becoming conscious of their online presence and expect to have more control, traceability, accountability, and ownership of their data.
  • Blockchains can be defined as a chronological database of transactions grouped in a block and validated by a network of computers, with multiple blocks added one after another in a chain. An iteration of the technology is employed in the crypto currency Bitcoin. Other applications has also emerged taking advantage of the decentralization, traceability, accountability and security of the technology.
  • Blockchains can be divided into two types, permissioned and permissionless.
  • blockchain is based on the authorization requirements for nodes in a network to act as validators and have access to the
  • Permissionless blockchains are public and allow anonymous users to participate and contribute their
  • Permissioned blockchains are restricted and users participate after verification from a centralized third party. This kind of blockchains is usually private.
  • Transactions that are broadcasted or added to a blockchain are grouped into blocks. These blocks are validated by a
  • the node that first validates a block of transactions is rewarded in some form.
  • the mechanisms used for validating blocks can be described as proof-of-work, proof-of-stake, or through a consensus- or Paxos-based solution. Any blockchain can use these mechanisms to validate its blocks.
  • Proof-of-stake validates blocks by randomly choosing nodes to contribute their block to the chain. This form of validation chooses a node based on their stake or reputation, randomness, or through distributed voting.
  • Consensus- or Paxos-based solutions are designed to solved problems in unreliable distributed systems where multiple isolated computing processing needs to agree. Such algorithms are well suited to address transaction validation requirements of blockchains. This approach has advantage to both proof-of- work and proof-of-stake based approaches as the participating nodes are provided equal weightage and they do not have to pool in their computational power or have a greater stake.
  • the nodes in a blockchain network are incentivized to
  • Smart Contracts consists of a program code, a storage file and an account value. It allows any user to create a contract by broadcasting a transaction. Once a contract gets created it cannot be altered.
  • Blockchains are designed to operate without the need of a central authority. They depend on the consensus of peers in the network who validate the transactions and their lineage. It becomes particularly suitable for authentication of ownership rights as all history of transactions are validated, accepted and added to the blockchain by the whole network allowing ownership to be forever validated and traced. Data confidentiality, availability and integrity are other key features of blockchains. Permissioned blockchains protect unauthorized disclosures as the blockchain remains private among the participating nodes and transactions are accountable.
  • Blockchains are peer-to-peer systems with each participating node possessing the complete blockchain or parts of it.
  • a method for distributing a data item from a first terminal, or owner, to a plurality of second terminals, or allowed first recipients is provided.
  • Each of the first terminal and the second terminals has a unique user identifier and a unique pair of public and private keys for encryption and decryption.
  • the first terminal has access to a data storage and a blockchain, and the method comprises the following steps performed by the first terminal: generating a randomly generated key; generating an encrypted data item by encrypting the data item using the randomly generated key; and generating, or providing, a file identifier associated with, or uniquely identifying, the data item.
  • this means that the file identifier is associated with the raw unencrypted data item.
  • the method further comprises the following steps performed by the first terminal: uploading, or sending, the encrypted data item and the file identifier to the data storage, wherein the encrypted data item is paired with the file identifier. This allows for data item to be identified in the data storage by using the file identifier.
  • the method further comprises the following steps performed by the first terminal: generating a first encrypted randomly generated key by encrypting the randomly generated key using the public key of the first terminal; generating a plurality of second encrypted randomly generated keys by individually
  • the method may further comprise the step: traversing the blockchain and determining if the user identifier of the first terminal and/or the file identifier are present in the first content of the first transaction. If the user identifier of the first terminal and/or the file identifier are present in the first content, the method further comprises the following steps performed by the first terminal: generating, or defining or adding, a second transaction, state, or block, in the blockchain with a second content comprising the plurality of second
  • the user identifiers of the plurality of second terminals and/or the file identifier wherein the user identifier of each second terminal is paired with, or connected to, the second encrypted randomly generated key generated by the public key of that second terminal.
  • the generating of the second transaction may be performed without first traversing of the blockchain.
  • the blockchain indicates an allowed transaction and the presence of the user identifier of the first terminal and/or the file identifier is a condition that must be fulfilled before
  • the proposed method allows for the encrypted data item to be stored at a data storage, such as a server or cloud-based service, that can handle large data items, such as videos and images.
  • the second terminals can then access the encrypted data item in the data storage.
  • access to the contents of the encrypted data item is possible only after traversing the blockchain and obtained the first encrypted randomly generated.
  • the latter is typically small in size compared with the data item.
  • the method allows for large data item to be
  • the first transaction is with the first terminal, which allows the first terminal to access the content of the encrypted data item in the data storage after traversing the blockchain and by using its private key. This means that the first terminal does not need to keep the randomly generated key to have access to the contents of the encrypted data item.
  • the first terminal has access to a blockchain.
  • the method may further comprise the following step performed by the first terminal: generating a blockchain.
  • each of the plurality of second terminals may have access to the data storage and the blockchain, and the method may further comprise the following steps performed by a second terminal of the plurality of second terminals: traversing the blockchain and identifying the second transaction in the blockchain using the user identifier of the second terminal and/or the file
  • the new state also contains the information on previous transactions and it is possible to refer to the history to verify the stated information for a particular state.
  • the method may further comprise the following steps performed by the second terminal: retrieving the second encrypted randomly generated key paired with the user identifier of the second terminal from the blockchain, or from the second transaction of the blockchain; decrypting the second encrypted randomly
  • a method for receiving a data item in a second
  • the second terminal has a unique user identifier and a unique pair of public and private keys for encryption and decryption, the second terminal has access to a data storage and a blockchain.
  • the data storage contains an encrypted data item and a file identifier associated with, or uniquely identifying, the data item, and the encrypted data item has been encrypted using a randomly generated key and is paired with the file identifier.
  • the blockchain contains a second transaction, state, or block with a second content comprising a second encrypted randomly generated key, and the user identifier of the second terminal and/or the file identifier.
  • the second encrypted randomly generated key has been generated by encrypting the randomly generated key using the public key of the second terminal.
  • the user identifier of the second terminal is paired with the second encrypted randomly generated key.
  • the method according to the second aspect of the proposed technology comprises the following steps performed by the second terminal: traversing the blockchain and identifying the second transaction in the blockchain using the user identifier of the second terminal and/or the file identifier; retrieving the second encrypted randomly generated key paired with the user identifier of the second terminal, and optionally the file identifier, from the blockchain, or from the second transaction of the blockchain.
  • traversing the file traversing the blockchain and identifying the second transaction in the blockchain using the user identifier of the second terminal and/or the file identifier; retrieving the second encrypted randomly generated key paired with the user identifier of the second terminal, and optionally the file identifier, from the blockchain, or from the second transaction of the blockchain.
  • the method may comprise: receiving the file
  • the second terminal may have the file identifier, for example stored in its memory.
  • the method according to the second aspect of the proposed technology further comprises the following steps performed by the second terminal: decrypting the second encrypted randomly generated key using the private key of the second terminal;
  • any number of transactions may have been performed before the second transactions.
  • the numbering of the second transactions is not to be construed as a limitation, but is only used for the sake of clarity with respect to the first aspect of the proposed technology.
  • the same reasoning applies to all the numbering in the second aspect, for example more than one encrypted randomly generated keys may have been used in relation to the blockchain before the second encrypted randomly generated key.
  • the method may further distribute the data item to a plurality of third terminals, or allowed second recipients.
  • Each of the third terminals has unique user identifier and a unique pair of public and private keys for encryption and decryption.
  • the method may further comprise the following steps performed by the second terminal: generating a plurality of third encrypted randomly generated keys by individually encrypting the randomly generated key using the public keys of each third terminal
  • the method may further comprise the steps: traversing the blockchain and determining if the user identifier of the second terminal and/or the file identifier are present in the second content of the second transaction. If the user identifier of the second terminal and/or the file identifier are present in the second content, the method may further comprise: generating, or defining, or adding, a third transaction, state, or block, in the blockchain with a third content comprising the plurality of third encrypted randomly generated keys and the user identifiers of the plurality of third terminals, wherein the user identifier of each third terminal is paired with the third encrypted randomly generated key generated by the public key of that third terminal.
  • the generating of the third transaction may be performed without first traversing of the blockchain.
  • a system comprising a first terminal, a plurality of second terminals, a data storage, and a blockchain.
  • Each of the first terminal and the second terminals has a unique user identifier and a unique pair of public and private keys for encryption and decryption.
  • the first terminal has access to a data storage and a blockchain, the first terminal comprises a processor and a memory, and the memory contains instructions executable by the processor whereby the system is operative to perform the steps of the method according to the first aspect of the proposed technology that relates to the first terminal.
  • each of the plurality of second terminals may have access to the data storage and the blockchain, each of the plurality of second terminal may comprise a processor and a memory, and the memory may contain instructions executable by the processor whereby the system is operative to perform the steps of the method according to the first aspect of the proposed technology that relates to a second terminal .
  • the system may further comprise a plurality of third terminals.
  • Each of the plurality of third terminals may have access to the data storage and the blockchain.
  • Each second terminal may comprise a processor and a memory, and the memory may contain instructions executable by the processor whereby the system is operative to perform the steps of the method according to the first aspect of the proposed technology that relate to a third terminal.
  • a first terminal configured to access, or gain access to, a data storage and a blockchain.
  • the first terminal is provided configured to access, or gain access to, a data storage and a blockchain.
  • the memory contains a unique user identifier and a unique pair of public and private keys for encryption and decryption for or by each of the first terminal and a plurality of second terminals, and the memory further contains instructions executable by the processor whereby the first terminal is operative to perform the steps of the method according to the first aspect of the proposed technology that relate to the first terminal.
  • a second terminal configured to access, or gain access to, a data storage and a blockchain.
  • the second terminal is provided configured to access, or gain access to, a data storage and a blockchain.
  • the memory comprises a processor and a memory
  • the memory contains a unique user identifier and a unique pair of public and private keys for encryption and decryption for or by the second terminal.
  • the memory may further contain a unique user identifier and a unique pair of public and private keys for encryption and decryption for or by a plurality of third terminals.
  • the memory further contains instructions executable by the processor whereby the second terminal is operative to perform the steps of the method according to the first aspect of the proposed technology that relate to the second terminal, or to perform the method
  • a computer program which, when executed in a first terminal, causes the first terminal to carry out the method according to the first aspect of the proposed technology, or to carry out the steps associated with the first terminal in the first aspect of the proposed technology.
  • a computer program which, when executed in a second terminal, causes the second terminal to carry out the method according to the second aspect of the proposed technology, or to carry out the steps associated with the second terminal in the first aspect of the proposed technology.
  • a carrier comprising the computer program of the sixth aspect of the proposed technology, wherein the carrier is one of an electronic signal, an optical signal, a radio signal and a computer readable storage medium.
  • a carrier comprising the computer program of the seventh aspect of the proposed technology, wherein the carrier is one of an electronic signal, an optical signal, a radio signal and a computer readable storage medium.
  • Each of the terminals may have access to the data storage via a network or a web-service, such as the internet.
  • the data storage may be remote from or at a different location than each terminal.
  • the blockchain may be a permissioned or permissionless blockchain.
  • Each terminal may be considered a node in the blockchain.
  • the validations of the blockchains may be consensus based.
  • Each transaction in the blockchain may be regarded as a contract, or a smart contract.
  • the file identifier may be, or may comprise, a first hashtag, a first hash key, or a public key generated from or for the data item. This means that the file identifier identifies a contract created for a content in the blockchain that is linked to the data item, which in extension allows for conditions of a
  • the method may further comprise the following steps performed by the first terminal: uploading, or sending, the user identifier of the first terminal to the data storage, wherein the user identifier of the first terminal is paired with the file identifier or the encrypted data item.
  • the data storage only contains one copy of the encrypted data item irrespective of the number of shares performed with it.
  • the paired user identifier of the first terminal associates the owner of the data item content with the data item, which allows for a transaction to a new owner of the data item content.
  • the second content of the second transaction may further comprise the first content of the first transaction.
  • the second content of the second transaction may further comprise the first content of the first transaction.
  • the transaction may further comprise the content of the proceeding transaction, of one or more earlier transactions, or of all earlier transactions, generated in the blockchain. This allows for all transactions can be traced in the blockchain, including the transaction from the owner of the data item, which allows it to be used as a smart contract.
  • the third content of the third transaction may comprise the second content of the second transaction.
  • the user identifier of a terminal may be the public key of that terminal.
  • the user identifier of the first terminal may the public key of the first terminal
  • the user identifier of a second terminal, or each second terminal may the public key of that second terminal. This way, the number of different
  • the method may further comprise the following steps: generating, defining, or adding, a first state condition, or token, in the first transaction in the blockchain, wherein the first state condition indicates the number of further transactions, or transactions related to or associated with the file identifier or the data item, that can be generated in the blockchain.
  • the state condition defines the allowed degree of separation of the content, or of the data item.
  • the traversing of the blockchain may further determine the first state condition of the first transaction, and the
  • the method may further comprise the following steps performed by the first terminal: generating, defining or adding a second state condition, or token, in the second transaction in the blockchain, wherein the second state condition indicates the number of further transactions, or transactions related to or associated with the file identifier or the data item, that can be generated in the blockchain, and the second state condition indicates one less further transaction than the first state condition .
  • the second transaction may comprise a second state condition that indicates the number of further transactions, or transactions related to or associated with the file identifier or the data item, that can be generated in the blockchain.
  • the traversing of the blockchain by the second terminal may further determine the second state condition of the second transaction, and the generating of the third transaction is performed if the second state condition indicates that further transactions can be generated.
  • the method may further comprise the following steps performed by the second terminal: generating, defining or adding a third state condition, or token in, the third transaction in the blockchain, wherein the third state condition indicates the number of further transactions, or transactions related to or associated with the file identifier or the data item, that can be generated in the blockchain, and the third state conditions indicates one less further
  • the second state condition or the third state condition may indicate that no further transactions are allowed and the generating of a further transaction is then not
  • any number of state conditions may have been used before the second state condition.
  • the numbering of the second state condition is not to be construed as a limitation, but is only used for the sake of clarity in the general context of the first aspect.
  • Fig. 1 is a schematic illustration of an embodiment of a system implementing the proposed technology
  • Fig. 2 is a schematic flowchart illustrating an embodiment of a method performed by a first terminal in the system described in relation to Fig. 1, and
  • Fig. 3 is a schematic flowchart illustrating an embodiment of a method performed by a second terminal in the system described in relation to Fig. 1.
  • Fig. 1 illustrates a system 10 in which a number of terminals 12 are connected to and can access a data storage 14 via a web- service 16.
  • Each of the terminals 12 has a processor 18 and a memory 20 with computer programs that, when executed by the processor 18, controls the terminal.
  • the data storage 14 has a processor 22 and a memory 24 with computer programs that when executed by the processor 22 controls the function of the data storage 14.
  • the terminals 12 can for example be smart phones or personal computer, and the data storage 14 can for example form part of a cloud service or be a computer server.
  • the web-service 16 can for example be the internet and the terminals 12 and the data storage 14 are connected to the internet by established means, including wireless services.
  • Each terminal 12 has a unique pair of public and private keys for encryption and decryption and the public key of each
  • terminal is used as a user identifier for the terminal. These are stored in the memories 20 of the terminals 12. A method is described below in which a data item is distributed between the terminals 12, and primes are used in the indexing of the
  • the memory 20" of a first terminal 12" contains a computer program 26", which means that the memory 20" constitutes a carrier 28" of the computer program 26".
  • the computer program 26" is executed by the processor 18", which causes the first terminal 12" to perform a number of steps that are schematically illustrated in the flowchart of Fig. 2.
  • a randomly generated key is generated 102 and a data item is encrypted 104 using the randomly generated key to produce an encrypted data item.
  • the data item can be a digital image, audio, video or any type of digital text.
  • the identifier is then generated 106 in the form of a hash of the raw unencrypted data item, which means that the file identifier is associated with, or uniquely identifies, the data item. It also means that the file identifier is generated from or for the data item.
  • the encrypted data item, the file identifier and the user identifier of the first terminal are uploaded 108a to the data storage 14 via the web-service 16.
  • the encrypted data item is paired with the file identifier in the data storage 14 such that the encrypted data item can be identified using the file identifier.
  • the user identifier of the first terminal is also paired with the encrypted data item such that the encrypted data item can be identified using the user identifier.
  • a first encrypted randomly generated key is then generated 110 by the first terminal 12" using its public key.
  • One or more second encrypted randomly generated keys are also generated 112 by individually encrypting the randomly generated key using the public keys of one or more second terminals 12"".
  • a first transaction is then generated 114 in a blockchain by the first terminal 12".
  • the first transaction is with the first terminal 12" itself.
  • the first content of the first transaction includes the file identifier, the first encrypted randomly generated key, the user identifier of the first terminal 12", and a first state condition, for example a first token value, indicating the number of further transactions relating to the data item that can be generated in the blockchain.
  • the first terminal 12" then traverses 116 the blockchain and determines 116a if the user identifier of the first terminal and the file identifier are present in the first content of the first transaction. It also determines the first state condition of the first transaction. For example, this may be done by determining if the token value is greater than a set number.
  • the first terminal If the user identifier of the first terminal and the file identifier are present 116a in the first content, and if the first state condition indicates 116b that further transactions can be generated, the first terminal generates 118 a second transaction in the blockchain with a second content including the one or more second encrypted randomly generated keys and the user identifiers of the one or more second terminals.
  • the user identifier of each second terminal is paired with the second encrypted randomly generated key generated by the public key of that second terminal. This way the second terminals 12"" are identified as allowed recipients of the encrypted data item in the blockchain and each second terminal 12"" can gain access to the contents of the encrypted data item by decrypting the encrypted randomly generated key in the blockchain that has been generated with its public key.
  • the first terminal 12" also generates 118b a second state condition in the second
  • the second content of the second transaction also includes the content of the first transaction.
  • each second terminal 12"" contains a computer program 26"", which means that the memory 20""
  • the computer program 26"" is executed by the processor 18"", which causes the second terminals 12"" to perform a number of steps. The steps performed by a single second terminal 12"" are
  • the second terminal 12"" traverses 202 the blockchain and identifies the second transaction in the blockchain using the user identifier of the second terminal and the file identifier.
  • the file identifier is sent from the first terminal 12" to the second terminal 12"" through an independent communication channel, such as en email or a social network application in a smartphone, thus triggering or prompting the second terminal 12"" to traverse the blockchain.
  • the second terminal 12"" retrieves 204 the second encrypted randomly generated key paired with the user identifier of the second terminal and the file identifier from the second
  • the second encrypted randomly generated key is then decrypted 206 using the private key of the second terminal 12"", and the encrypted data item is identified 208 in the data storage using the file identifier.
  • the second terminal 12"" continues with downloading 210 the encrypted data item from the data storage and decrypting 212 the encrypted data item using the randomly generated key.
  • the second terminal 12"" now has full access to the content of the data item.
  • Each second terminal 12"" can further distribute the data item to one or more third terminals 12""” in a similar manner as the first terminal 12".
  • the second terminal 12"" generates one or more third encrypted randomly generated keys by individually encrypting the randomly generated key using the public keys of each third terminal 12""".
  • the blockchain is then traversed 216 and the second terminal determines if the user identifier of the second terminal and the file identifier are present in the second content of the second transaction. It also determines the second state condition of the second transaction, for example by comparing the token value with a set number. If the second state condition indicates that no further transactions can be
  • the second terminal 12"" takes no further actions.
  • the second terminal continues with generating 218 a third transaction in the blockchain with a third content including the content of the second transaction, the plurality of third encrypted randomly generated keys and the user
  • the user identifier of each third terminal is paired with the third encrypted randomly generated key generated by the public key of that third terminal 12""".
  • the second terminal 12"" also generates 218b a second state condition in the second transaction that indicates that one less transaction can be generated in the blockchain. For example, this can be done by reducing the above mentioned token value by one.
  • the third terminals 12""" can continue with obtaining the contents of the data item in the same manners as described for the second terminals 12"".
  • the third terminals 12""” can also continue with distributing the data item to further terminals 12""" in the same manner as a second terminal 12"", provided that there is a state condition that indicates that further transactions can be made.
  • the state condition is updated for each further transaction such that it indicates that one less transaction can be made.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A technology is provided for distributing a data item. A first terminal (12´) encrypts (104) the data item using a randomly generated key and uploads (108a) the encrypted data item to a data storage. A plurality of second encrypted randomly generated keys is generated (112) by individually encrypting the randomly generated key using the public keys of a plurality of second terminals. A second transaction is generated (118) in the blockchain with a second content comprising the second encrypted randomly generated keys. A second terminal (12´´) traverses (202) the blockchain, identifies the second transaction, retrieves (204) the second encrypted randomly generated key from the second transaction, and decrypts the second encrypted randomly generated key using its private key. It then downloads (210) the encrypted data item from the data storage (14) and decrypts (212) the encrypted data item using the randomly generated key.

Description

DECENTRALISED DATA MANAGEMENT
Technical field
The present invention generally relates to the field of human-centered computing. The present invention specifically relates to the fields of social networking sites, collaborative and social computing devices, collaborative and social computing devices, security and privacy, cryptography, and database and storage security.
Background
The world is increasingly becoming driven by data. Users and corporations are now connected and share at an increasing pace. The infrastructure of such services has traditionally been supported by centralized networks. However, lack of trust, transparency and control over organizations that furnish such networks has brought to light the adverse aspects of
centralization.
Disruptive technologies has led the computing space towards a decentralized, autonomous, and distributed paradigm. Users are also becoming conscious of their online presence and expect to have more control, traceability, accountability, and ownership of their data.
There is a need for a technology that enables users to create a secure, permanent and unbreakable link with their data when sharing it within a circle of users, such as between friends or family members. There is also a need to be able to control the number of further shares or transactions to other users outside the circle of the original content creator. There is also a need for a technology that allow ownership of data to be verified, tracked, and controlled in a social network, and that secures the content of the data from any central authority, third parties or individuals who do not have rights to view the content. In addition, the technologies should be able to handle large data items, such as digital videos and images, in
environments with limited computing power and bandwidth.
Blockchains can be defined as a chronological database of transactions grouped in a block and validated by a network of computers, with multiple blocks added one after another in a chain. An iteration of the technology is employed in the crypto currency Bitcoin. Other applications has also emerged taking advantage of the decentralization, traceability, accountability and security of the technology.
Blockchains can be divided into two types, permissioned and permissionless. The main differentiator for the type of
blockchain is based on the authorization requirements for nodes in a network to act as validators and have access to the
blockchain data. Permissionless blockchains are public and allow anonymous users to participate and contribute their
computational power. Permissioned blockchains are restricted and users participate after verification from a centralized third party. This kind of blockchains is usually private.
Transactions that are broadcasted or added to a blockchain are grouped into blocks. These blocks are validated by a
competing network of peer nodes. The node that first validates a block of transactions is rewarded in some form. The mechanisms used for validating blocks can be described as proof-of-work, proof-of-stake, or through a consensus- or Paxos-based solution. Any blockchain can use these mechanisms to validate its blocks.
The early blockchains were built around the concept of proof- of-work. The amount of work performed is measured in terms of computational contributions, also called as mining. All nodes in the network compete to mine for a new block by solving for some partial collision using hash functions. The miner that computes it first is rewarded. However, this form of validation could be extremely inefficient in term of energy and, therefore, also very expensive as the work done by miners that do not get validated first are wasted. This incentivizes nodes to
centralize the hashing power into pools, which obviously is not desirable for a network whose goal is to minimize the need to trust third parties.
Proof-of-stake validates blocks by randomly choosing nodes to contribute their block to the chain. This form of validation chooses a node based on their stake or reputation, randomness, or through distributed voting.
Consensus- or Paxos-based solutions are designed to solved problems in unreliable distributed systems where multiple isolated computing processing needs to agree. Such algorithms are well suited to address transaction validation requirements of blockchains. This approach has advantage to both proof-of- work and proof-of-stake based approaches as the participating nodes are provided equal weightage and they do not have to pool in their computational power or have a greater stake.
Transactions are accepted to the blockchain based on the
majority votes of the participating nodes.
The nodes in a blockchain network are incentivized to
contribute their computing power. Each time a node verifies a block and it is accepted into the blockchain, they get some form of reward. In the crypto-currency world, they are rewarded in those currencies by materializing a coin, providing a percentage of the transaction, or allocating the unspent transactions. This facilitates the activeness and decentralization of the
blockchain network.
Smart Contracts consists of a program code, a storage file and an account value. It allows any user to create a contract by broadcasting a transaction. Once a contract gets created it cannot be altered.
Blockchains are designed to operate without the need of a central authority. They depend on the consensus of peers in the network who validate the transactions and their lineage. It becomes particularly suitable for authentication of ownership rights as all history of transactions are validated, accepted and added to the blockchain by the whole network allowing ownership to be forever validated and traced. Data confidentiality, availability and integrity are other key features of blockchains. Permissioned blockchains protect unauthorized disclosures as the blockchain remains private among the participating nodes and transactions are accountable.
Blockchains are peer-to-peer systems with each participating node possessing the complete blockchain or parts of it.
Availability of data in such a decentralized system remains high, even with a catastrophic failure, as there would always be some nodes possessing the blockchain. Data integrity ensures that data accepted or available in the blockchain is protected from invalid modification, insertion or deletion. Mechanisms, such as proof of work, proof of stake, and consensus- or Paxos- based solutions, are key features in ensuring that the data integrity is maintained. Blockchains inherently preserve data integrity as any malicious activity on the blockchain needs control of more than half of the network's computing power.
Obj ect
It is an object of the proposed technology to meet the above described needs. It is also an object to provide a user with an improved control of the distribution of a data item over the internet or in a network, such as a social network, and in particular to allow the user to trace the distribution and claim ownership of the data item. Additionally, it is an object to provide a technology that requires less in terms of computing power and bandwidth.
Summary
According to a first aspect of the proposed technology, a method for distributing a data item from a first terminal, or owner, to a plurality of second terminals, or allowed first recipients, is provided. Each of the first terminal and the second terminals has a unique user identifier and a unique pair of public and private keys for encryption and decryption. The first terminal has access to a data storage and a blockchain, and the method comprises the following steps performed by the first terminal: generating a randomly generated key; generating an encrypted data item by encrypting the data item using the randomly generated key; and generating, or providing, a file identifier associated with, or uniquely identifying, the data item. In extension this means that the file identifier is associated with the raw unencrypted data item.
The method further comprises the following steps performed by the first terminal: uploading, or sending, the encrypted data item and the file identifier to the data storage, wherein the encrypted data item is paired with the file identifier. This allows for data item to be identified in the data storage by using the file identifier.
The method further comprises the following steps performed by the first terminal: generating a first encrypted randomly generated key by encrypting the randomly generated key using the public key of the first terminal; generating a plurality of second encrypted randomly generated keys by individually
encrypting the randomly generated key using the public keys of each second terminal; generating, or defining or adding, a first transaction, state, or block, in the blockchain with a first content comprising the user identifier of the first terminal and/or the file identifier, and the first encrypted randomly generated key.
The method may further comprise the step: traversing the blockchain and determining if the user identifier of the first terminal and/or the file identifier are present in the first content of the first transaction. If the user identifier of the first terminal and/or the file identifier are present in the first content, the method further comprises the following steps performed by the first terminal: generating, or defining or adding, a second transaction, state, or block, in the blockchain with a second content comprising the plurality of second
encrypted randomly generated keys, the user identifiers of the plurality of second terminals and/or the file identifier, wherein the user identifier of each second terminal is paired with, or connected to, the second encrypted randomly generated key generated by the public key of that second terminal.
Alternatively, the generating of the second transaction may be performed without first traversing of the blockchain. This means the blockchain indicates an allowed transaction and the presence of the user identifier of the first terminal and/or the file identifier is a condition that must be fulfilled before
generating the second transaction.
The proposed method allows for the encrypted data item to be stored at a data storage, such as a server or cloud-based service, that can handle large data items, such as videos and images. The second terminals can then access the encrypted data item in the data storage. However, access to the contents of the encrypted data item is possible only after traversing the blockchain and obtained the first encrypted randomly generated. The latter is typically small in size compared with the data item. Thus, the method allows for large data item to be
distributed with the control provided by blockchains, but without the large data items straining the traversing of the blockchain .
According to the method of the first aspect of the proposed technology, the first transaction is with the first terminal, which allows the first terminal to access the content of the encrypted data item in the data storage after traversing the blockchain and by using its private key. This means that the first terminal does not need to keep the randomly generated key to have access to the contents of the encrypted data item.
According to the first aspect of the proposed technology, the first terminal has access to a blockchain. Alternatively, the method may further comprise the following step performed by the first terminal: generating a blockchain.
In the first aspect of the proposed technology, each of the plurality of second terminals may have access to the data storage and the blockchain, and the method may further comprise the following steps performed by a second terminal of the plurality of second terminals: traversing the blockchain and identifying the second transaction in the blockchain using the user identifier of the second terminal and/or the file
identifier. This means that the first transaction is identified by the second terminal and that there is a state change, since the previous information is concatenated with the new
information. The new state also contains the information on previous transactions and it is possible to refer to the history to verify the stated information for a particular state.
The method may further comprise the following steps performed by the second terminal: retrieving the second encrypted randomly generated key paired with the user identifier of the second terminal from the blockchain, or from the second transaction of the blockchain; decrypting the second encrypted randomly
generated key using the private key of the second terminal;
identifying the encrypted data item in the data storage using the file identifier; downloading the encrypted data item from the data storage; and decrypting the encrypted data item using the randomly generated key. This way the second terminal has gained access to the contents of the data item.
According to a second aspect of the proposed technology, a method is provided for receiving a data item in a second
terminal, or by an allowed first recipient, and/or for
distributing a data item from a second terminal to a plurality of third terminals, or allowed second recipients. The second terminal has a unique user identifier and a unique pair of public and private keys for encryption and decryption, the second terminal has access to a data storage and a blockchain.
The data storage contains an encrypted data item and a file identifier associated with, or uniquely identifying, the data item, and the encrypted data item has been encrypted using a randomly generated key and is paired with the file identifier.
The blockchain contains a second transaction, state, or block with a second content comprising a second encrypted randomly generated key, and the user identifier of the second terminal and/or the file identifier. The second encrypted randomly generated key has been generated by encrypting the randomly generated key using the public key of the second terminal. The user identifier of the second terminal is paired with the second encrypted randomly generated key.
The method according to the second aspect of the proposed technology comprises the following steps performed by the second terminal: traversing the blockchain and identifying the second transaction in the blockchain using the user identifier of the second terminal and/or the file identifier; retrieving the second encrypted randomly generated key paired with the user identifier of the second terminal, and optionally the file identifier, from the blockchain, or from the second transaction of the blockchain. Alternatively to retrieving the file
identifier, the method may comprise: receiving the file
identifier from the first terminal or obtaining the file
identifier, for example from another terminal or through a web service, such as a social network application. Alternatively, the second terminal may have the file identifier, for example stored in its memory.
The method according to the second aspect of the proposed technology further comprises the following steps performed by the second terminal: decrypting the second encrypted randomly generated key using the private key of the second terminal;
identifying the encrypted data item in the data storage using the file identifier; downloading the encrypted data item from the data storage; and decrypting the encrypted data item using the randomly generated key.
In the second aspect of the proposed technology, any number of transactions may have been performed before the second transactions. The numbering of the second transactions is not to be construed as a limitation, but is only used for the sake of clarity with respect to the first aspect of the proposed technology. The same reasoning applies to all the numbering in the second aspect, for example more than one encrypted randomly generated keys may have been used in relation to the blockchain before the second encrypted randomly generated key.
In the method according to the first or second aspects the method may further distribute the data item to a plurality of third terminals, or allowed second recipients. Each of the third terminals has unique user identifier and a unique pair of public and private keys for encryption and decryption. The method may further comprise the following steps performed by the second terminal: generating a plurality of third encrypted randomly generated keys by individually encrypting the randomly generated key using the public keys of each third terminal
The method may further comprise the steps: traversing the blockchain and determining if the user identifier of the second terminal and/or the file identifier are present in the second content of the second transaction. If the user identifier of the second terminal and/or the file identifier are present in the second content, the method may further comprise: generating, or defining, or adding, a third transaction, state, or block, in the blockchain with a third content comprising the plurality of third encrypted randomly generated keys and the user identifiers of the plurality of third terminals, wherein the user identifier of each third terminal is paired with the third encrypted randomly generated key generated by the public key of that third terminal. Alternatively, the generating of the third transaction may be performed without first traversing of the blockchain.
According to a third aspect of the proposed technology, a system is provided comprising a first terminal, a plurality of second terminals, a data storage, and a blockchain. Each of the first terminal and the second terminals has a unique user identifier and a unique pair of public and private keys for encryption and decryption. The first terminal has access to a data storage and a blockchain, the first terminal comprises a processor and a memory, and the memory contains instructions executable by the processor whereby the system is operative to perform the steps of the method according to the first aspect of the proposed technology that relates to the first terminal.
In the third aspect of the proposed technology, each of the plurality of second terminals may have access to the data storage and the blockchain, each of the plurality of second terminal may comprise a processor and a memory, and the memory may contain instructions executable by the processor whereby the system is operative to perform the steps of the method according to the first aspect of the proposed technology that relates to a second terminal .
Further, in the third aspect of the proposed technology, the system may further comprise a plurality of third terminals. Each of the plurality of third terminals may have access to the data storage and the blockchain. Each second terminal may comprise a processor and a memory, and the memory may contain instructions executable by the processor whereby the system is operative to perform the steps of the method according to the first aspect of the proposed technology that relate to a third terminal.
According to a fourth aspect of the proposed technology, a first terminal is provided configured to access, or gain access to, a data storage and a blockchain. The first terminal
comprises a processor and a memory, the memory contains a unique user identifier and a unique pair of public and private keys for encryption and decryption for or by each of the first terminal and a plurality of second terminals, and the memory further contains instructions executable by the processor whereby the first terminal is operative to perform the steps of the method according to the first aspect of the proposed technology that relate to the first terminal.
According to a fifth aspect of the proposed technology, a second terminal is provided configured to access, or gain access to, a data storage and a blockchain. The second terminal
comprises a processor and a memory, the memory contains a unique user identifier and a unique pair of public and private keys for encryption and decryption for or by the second terminal. The memory may further contain a unique user identifier and a unique pair of public and private keys for encryption and decryption for or by a plurality of third terminals. The memory further contains instructions executable by the processor whereby the second terminal is operative to perform the steps of the method according to the first aspect of the proposed technology that relate to the second terminal, or to perform the method
according to the second aspect of the proposed technology.
According to a sixth aspect of the proposed technology, a computer program is provided which, when executed in a first terminal, causes the first terminal to carry out the method according to the first aspect of the proposed technology, or to carry out the steps associated with the first terminal in the first aspect of the proposed technology.
According to a seventh aspect of the proposed technology, a computer program is provided which, when executed in a second terminal, causes the second terminal to carry out the method according to the second aspect of the proposed technology, or to carry out the steps associated with the second terminal in the first aspect of the proposed technology.
According to an eighth aspect of the proposed technology, a carrier is provided comprising the computer program of the sixth aspect of the proposed technology, wherein the carrier is one of an electronic signal, an optical signal, a radio signal and a computer readable storage medium.
According to an ninth aspect of the proposed technology, a carrier is provided comprising the computer program of the seventh aspect of the proposed technology, wherein the carrier is one of an electronic signal, an optical signal, a radio signal and a computer readable storage medium.
Each of the terminals may have access to the data storage via a network or a web-service, such as the internet. The data storage may be remote from or at a different location than each terminal. The blockchain may be a permissioned or permissionless blockchain. Each terminal may be considered a node in the blockchain. The validations of the blockchains may be consensus based. Each transaction in the blockchain may be regarded as a contract, or a smart contract.
Detailed description
In the different aspects of the proposed technology, the file identifier may be, or may comprise, a first hashtag, a first hash key, or a public key generated from or for the data item. This means that the file identifier identifies a contract created for a content in the blockchain that is linked to the data item, which in extension allows for conditions of a
contract to be defined, such as the maximum number of shares or degrees of separation for the content. All transactions
performed with the content, such as further sharing, is then done with the conditions of the contract.
In the first aspect of the proposed technology, the method may further comprise the following steps performed by the first terminal: uploading, or sending, the user identifier of the first terminal to the data storage, wherein the user identifier of the first terminal is paired with the file identifier or the encrypted data item. The data storage only contains one copy of the encrypted data item irrespective of the number of shares performed with it. The paired user identifier of the first terminal associates the owner of the data item content with the data item, which allows for a transaction to a new owner of the data item content.
In the first aspect of the proposed technology, the second content of the second transaction may further comprise the first content of the first transaction. In the second aspect of the proposed technology, the second content of the second
transaction may further comprise the content of the proceeding transaction, of one or more earlier transactions, or of all earlier transactions, generated in the blockchain. This allows for all transactions can be traced in the blockchain, including the transaction from the owner of the data item, which allows it to be used as a smart contract. In the first aspect and the second aspect of the proposed technology the third content of the third transaction may comprise the second content of the second transaction.
In the different aspects of the proposed technology, the user identifier of a terminal may be the public key of that terminal. For example, the user identifier of the first terminal may the public key of the first terminal, and the user identifier of a second terminal, or each second terminal, may the public key of that second terminal. This way, the number of different
operating parameters is reduced, and it allows for one key to be used in the different operations, which contributes to an improved efficiency.
In the first aspect of the proposed technology, the method may further comprise the following steps: generating, defining, or adding, a first state condition, or token, in the first transaction in the blockchain, wherein the first state condition indicates the number of further transactions, or transactions related to or associated with the file identifier or the data item, that can be generated in the blockchain. Thus, the state condition defines the allowed degree of separation of the content, or of the data item.
The traversing of the blockchain may further determine the first state condition of the first transaction, and the
generating of the second transaction is performed if the first state condition indicates that further transactions can be generated. The method may further comprise the following steps performed by the first terminal: generating, defining or adding a second state condition, or token, in the second transaction in the blockchain, wherein the second state condition indicates the number of further transactions, or transactions related to or associated with the file identifier or the data item, that can be generated in the blockchain, and the second state condition indicates one less further transaction than the first state condition .
In the second aspect of the proposed technology, the second transaction may comprise a second state condition that indicates the number of further transactions, or transactions related to or associated with the file identifier or the data item, that can be generated in the blockchain.
In the first aspect and the second aspect of the proposed technology, the traversing of the blockchain by the second terminal may further determine the second state condition of the second transaction, and the generating of the third transaction is performed if the second state condition indicates that further transactions can be generated. The method may further comprise the following steps performed by the second terminal: generating, defining or adding a third state condition, or token in, the third transaction in the blockchain, wherein the third state condition indicates the number of further transactions, or transactions related to or associated with the file identifier or the data item, that can be generated in the blockchain, and the third state conditions indicates one less further
transaction than the second state condition. Here, it is
understood that the second state condition or the third state condition may indicate that no further transactions are allowed and the generating of a further transaction is then not
performed .
In the second aspect of the proposed technology, any number of state conditions may have been used before the second state condition. The numbering of the second state condition is not to be construed as a limitation, but is only used for the sake of clarity in the general context of the first aspect.
Brief description of the drawings
A more complete understanding of the abovementioned and other features and advantages of the proposed technology will be apparent from the following detailed description of preferred embodiments in conjunction with the appended drawings, wherein:
Fig. 1 is a schematic illustration of an embodiment of a system implementing the proposed technology,
Fig. 2 is a schematic flowchart illustrating an embodiment of a method performed by a first terminal in the system described in relation to Fig. 1, and
Fig. 3 is a schematic flowchart illustrating an embodiment of a method performed by a second terminal in the system described in relation to Fig. 1.
Description of the drawings
Fig. 1 illustrates a system 10 in which a number of terminals 12 are connected to and can access a data storage 14 via a web- service 16. Each of the terminals 12 has a processor 18 and a memory 20 with computer programs that, when executed by the processor 18, controls the terminal. Similarly, the data storage 14 has a processor 22 and a memory 24 with computer programs that when executed by the processor 22 controls the function of the data storage 14. The terminals 12 can for example be smart phones or personal computer, and the data storage 14 can for example form part of a cloud service or be a computer server.
The web-service 16 can for example be the internet and the terminals 12 and the data storage 14 are connected to the internet by established means, including wireless services.
Each terminal 12 has a unique pair of public and private keys for encryption and decryption and the public key of each
terminal is used as a user identifier for the terminal. These are stored in the memories 20 of the terminals 12. A method is described below in which a data item is distributed between the terminals 12, and primes are used in the indexing of the
terminals 12 to distinguish them according to their contribution in the method. The memory 20" of a first terminal 12" contains a computer program 26", which means that the memory 20" constitutes a carrier 28" of the computer program 26". The computer program 26" is executed by the processor 18", which causes the first terminal 12" to perform a number of steps that are schematically illustrated in the flowchart of Fig. 2.
A randomly generated key is generated 102 and a data item is encrypted 104 using the randomly generated key to produce an encrypted data item. For example, the data item can be a digital image, audio, video or any type of digital text. A file
identifier is then generated 106 in the form of a hash of the raw unencrypted data item, which means that the file identifier is associated with, or uniquely identifies, the data item. It also means that the file identifier is generated from or for the data item. The encrypted data item, the file identifier and the user identifier of the first terminal are uploaded 108a to the data storage 14 via the web-service 16.
The encrypted data item is paired with the file identifier in the data storage 14 such that the encrypted data item can be identified using the file identifier. The user identifier of the first terminal is also paired with the encrypted data item such that the encrypted data item can be identified using the user identifier. A first encrypted randomly generated key is then generated 110 by the first terminal 12" using its public key.
One or more second encrypted randomly generated keys are also generated 112 by individually encrypting the randomly generated key using the public keys of one or more second terminals 12"".
A first transaction is then generated 114 in a blockchain by the first terminal 12". The first transaction is with the first terminal 12" itself. The first content of the first transaction includes the file identifier, the first encrypted randomly generated key, the user identifier of the first terminal 12", and a first state condition, for example a first token value, indicating the number of further transactions relating to the data item that can be generated in the blockchain. The first terminal 12" then traverses 116 the blockchain and determines 116a if the user identifier of the first terminal and the file identifier are present in the first content of the first transaction. It also determines the first state condition of the first transaction. For example, this may be done by determining if the token value is greater than a set number.
If the user identifier of the first terminal and the file identifier are present 116a in the first content, and if the first state condition indicates 116b that further transactions can be generated, the first terminal generates 118 a second transaction in the blockchain with a second content including the one or more second encrypted randomly generated keys and the user identifiers of the one or more second terminals. The user identifier of each second terminal is paired with the second encrypted randomly generated key generated by the public key of that second terminal. This way the second terminals 12"" are identified as allowed recipients of the encrypted data item in the blockchain and each second terminal 12"" can gain access to the contents of the encrypted data item by decrypting the encrypted randomly generated key in the blockchain that has been generated with its public key. The first terminal 12" also generates 118b a second state condition in the second
transaction of the blockchain, such that it indicated that one less transaction can be generated in the blockchain. For example, this can be done by reducing the above mentioned token value by one. The second content of the second transaction also includes the content of the first transaction.
The memory 20"" of each second terminal 12"" contains a computer program 26"", which means that the memory 20""
constitutes a carrier 28"" of the computer program 26"". The computer program 26"" is executed by the processor 18"", which causes the second terminals 12"" to perform a number of steps. The steps performed by a single second terminal 12"" are
schematically illustrated in the flowchart of Fig. 3. The second terminal 12"" traverses 202 the blockchain and identifies the second transaction in the blockchain using the user identifier of the second terminal and the file identifier. In one scenario the file identifier is sent from the first terminal 12" to the second terminal 12"" through an independent communication channel, such as en email or a social network application in a smartphone, thus triggering or prompting the second terminal 12"" to traverse the blockchain.
The second terminal 12"" retrieves 204 the second encrypted randomly generated key paired with the user identifier of the second terminal and the file identifier from the second
transaction of the blockchain. The second encrypted randomly generated key is then decrypted 206 using the private key of the second terminal 12"", and the encrypted data item is identified 208 in the data storage using the file identifier. The second terminal 12"" continues with downloading 210 the encrypted data item from the data storage and decrypting 212 the encrypted data item using the randomly generated key. The second terminal 12"" now has full access to the content of the data item.
Each second terminal 12"" can further distribute the data item to one or more third terminals 12""" in a similar manner as the first terminal 12". The second terminal 12"" generates one or more third encrypted randomly generated keys by individually encrypting the randomly generated key using the public keys of each third terminal 12""". The blockchain is then traversed 216 and the second terminal determines if the user identifier of the second terminal and the file identifier are present in the second content of the second transaction. It also determines the second state condition of the second transaction, for example by comparing the token value with a set number. If the second state condition indicates that no further transactions can be
generated, the second terminal 12"" takes no further actions.
If the user identifier of the second terminal and the file identifier are present 216a in the second content, and if the second state condition indicates 216b that further transactions can be generated, the second terminal continues with generating 218 a third transaction in the blockchain with a third content including the content of the second transaction, the plurality of third encrypted randomly generated keys and the user
identifiers of the plurality of third terminals. In the third content, the user identifier of each third terminal is paired with the third encrypted randomly generated key generated by the public key of that third terminal 12""". The second terminal 12"" also generates 218b a second state condition in the second transaction that indicates that one less transaction can be generated in the blockchain. For example, this can be done by reducing the above mentioned token value by one.
The third terminals 12""" can continue with obtaining the contents of the data item in the same manners as described for the second terminals 12"". The third terminals 12""" can also continue with distributing the data item to further terminals 12"""" in the same manner as a second terminal 12"", provided that there is a state condition that indicates that further transactions can be made. The state condition is updated for each further transaction such that it indicates that one less transaction can be made.
Item List
10 system
12 terminal
14 data storage
16 web-service
18 processor of terminal
20 memory of terminal
22 processor of data storage
24 memory of data storage
26 computer program
28 carrrer

Claims

Claims
1. A method for distributing a data item from a first terminal (12") to a plurality of second terminals (12""), wherein each of the first terminal (12") and the second terminals (12"") has a unique user identifier and a unique pair of public and private keys for encryption and decryption, the first terminal (12") has access to a data storage (14) and a blockchain, and the method comprises the following steps performed by the first terminal: generating (102) a randomly generated key;
generating (104) an encrypted data item by encrypting the data item using the randomly generated key;
generating (106) a file identifier associated with the data item;
uploading (108a) the encrypted data item and the file identifier to the data storage (14), wherein the encrypted data item is paired with the file identifier;
generating (110) a first encrypted randomly generated key by encrypting the randomly generated key using the public key of the first terminal;
generating (112) a plurality of second encrypted randomly generated keys by individually encrypting the randomly generated key using the public keys of each second terminal;
generating (114) a first transaction in the blockchain with a first content comprising the user identifier of the first terminal and/or the file identifier, and the first encrypted randomly generated key;
traversing (116) the blockchain and determining (116a) if the user identifier of the first terminal (12") and/or the file identifier are present in the first content of the first
transaction; and if the user identifier of the first terminal (12") and/or the file identifier are present in the first content :
generating (118) a second transaction in the blockchain with a second content comprising the plurality of second encrypted randomly generated keys, and the user identifiers of the plurality of second terminals and/or the file identifier, wherein the user identifier of each second terminal (12"") is paired with the second encrypted randomly generated key
generated by the public key of that second terminal (12"") .
2. The method according to claims 1, wherein the file
identifier is a first hashtag generated from or for the data item.
3. The method according to claim 1 or 2, wherein the method further comprises the following steps performed by the first terminal :
uploading (108b) the user identifier of the first terminal (12") to the data storage (14), wherein the user identifier of the first terminal (12") is paired with the file identifier or the encrypted data item.
4. The method according to any of the claims 1-3, wherein the method further comprises the following steps performed by the first terminal:
generating (114a) a first state condition in the first transaction in the blockchain, wherein the first state condition indicates the number of further transactions that can be
generated in the blockchain.
5. The method according to claim 4, wherein the traversing of the blockchain further determines the first state condition of the first transaction, and the generating the second transaction is performed if the first state condition indicates that further transactions can be generated.
6. The method according to claim 4 or 5, wherein the method further comprises the following steps performed by the first terminal : generating (118b) a second state condition in the second transaction in the blockchain, wherein the second state
condition indicates the number of further transactions that can be generated in the blockchain, and the second state condition indicates one less further transaction than the first state condition .
7. The method according to any of the claims 1-6, wherein each of the plurality of second terminals (12"") has access to the data storage (14) and the blockchain, and the method further comprises the following steps performed by a second terminal (12"") of the plurality of second terminals:
traversing (202) the blockchain and identifying the second transaction in the blockchain using the user identifier of the second terminal (12"") and/or the file identifier;
retrieving (204) the second encrypted randomly generated key paired with the user identifier of the second terminal;
decrypting (206) the second encrypted randomly generated key using the private key of the second terminal;
identifying (208) the encrypted data item in the data storage (14) using the file identifier;
downloading (210) the encrypted data item from the data storage (14); and
decrypting (212) the encrypted data item using the randomly generated key.
8. The method according to claim 7, wherein the method further distributes the data item to a plurality of third terminals each of the third terminals (12""") has unique user identifier and a unique pair of public and private keys for encryption and decryption, and the method comprises the following steps performed by the second terminal:
generating (214) a plurality of third encrypted randomly generated keys by individually encrypting the randomly generated key using the public keys of each third terminal; traversing (216) the blockchain and determining if the user identifier of the second terminal (12"") and/or the file identifier are present in the second content of the second transaction; and if the user identifier of the second terminal (12"") and/or the file identifier are present (216a) in the second content:
generating (218) a third transaction in the blockchain with a third content comprising the plurality of third encrypted randomly generated keys and the user identifiers of the
plurality of third terminals, wherein the user identifier of each third terminal (12""") is paired with the third encrypted randomly generated key generated by the public key of that third terminal ( 12 " " " ) .
9. The method according to claim 8, wherein the traversing of the blockchain further determines the second state condition of the second transaction, and the generating (216b) of the third transaction is performed if the second state condition indicates that further transactions can be generated.
10. The method according to claim 9, wherein the method further comprises the following steps performed by the second terminal: generating (218b) a third state condition in the third transaction in the blockchain, wherein the third state condition indicates the number of further transactions that can be
generated in the blockchain, and the third state conditions indicates one less further transaction than the second state condition .
PCT/EP2019/066900 2018-06-26 2019-06-25 Decentralised data management Ceased WO2020002366A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP19734743.8A EP3814971A1 (en) 2018-06-26 2019-06-25 Decentralised data management

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE1850790 2018-06-26
SE1850790-5 2018-06-26

Publications (1)

Publication Number Publication Date
WO2020002366A1 true WO2020002366A1 (en) 2020-01-02

Family

ID=67137927

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2019/066900 Ceased WO2020002366A1 (en) 2018-06-26 2019-06-25 Decentralised data management

Country Status (2)

Country Link
EP (1) EP3814971A1 (en)
WO (1) WO2020002366A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111447174A (en) * 2020-02-19 2020-07-24 江苏荣泽信息科技股份有限公司 Data encryption method based on block chain
US20210234686A1 (en) * 2020-01-27 2021-07-29 Fujitsu Limited Information processing device, information processing method, and storage medium
WO2022007243A1 (en) * 2020-07-07 2022-01-13 杭州云链趣链数字科技有限公司 Data processing method and apparatus for blockchain privacy protection, and computer device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070198417A1 (en) * 2003-10-24 2007-08-23 Nokia Corporation Method and system for content distribution
US10320843B1 (en) * 2017-12-08 2019-06-11 Symbiont.Io, Inc. Methods, systems, and devices for encrypted electronic storage and confidential network transfer of private data through a trustless distributed ledger technology system
KR20190069759A (en) * 2017-12-12 2019-06-20 주식회사 디지캡 Method for managing and distributing content cryptographic keys in blockchain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070198417A1 (en) * 2003-10-24 2007-08-23 Nokia Corporation Method and system for content distribution
US10320843B1 (en) * 2017-12-08 2019-06-11 Symbiont.Io, Inc. Methods, systems, and devices for encrypted electronic storage and confidential network transfer of private data through a trustless distributed ledger technology system
KR20190069759A (en) * 2017-12-12 2019-06-20 주식회사 디지캡 Method for managing and distributing content cryptographic keys in blockchain

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210234686A1 (en) * 2020-01-27 2021-07-29 Fujitsu Limited Information processing device, information processing method, and storage medium
US11496304B2 (en) * 2020-01-27 2022-11-08 Fujitsu Limited Information processing device, information processing method, and storage medium
CN111447174A (en) * 2020-02-19 2020-07-24 江苏荣泽信息科技股份有限公司 Data encryption method based on block chain
WO2022007243A1 (en) * 2020-07-07 2022-01-13 杭州云链趣链数字科技有限公司 Data processing method and apparatus for blockchain privacy protection, and computer device

Also Published As

Publication number Publication date
EP3814971A1 (en) 2021-05-05

Similar Documents

Publication Publication Date Title
US11113410B2 (en) User controlled, decentralized, distributed, and secure content distribution
JP7635225B2 (en) Communication protocol using blockchain transactions
CN109120639B (en) Data cloud storage encryption method and system based on block chain
US20200084027A1 (en) Systems and methods for encryption of data on a blockchain
EP3324355B1 (en) Contract agreement method, agreement verification method, contract agreement system, agreement verification device, contract agreement device, contract agreement program and agreement verification program
US20210051003A1 (en) Digital Transaction Signing for Multiple Client Devices Using Secured Encrypted Private Keys
CN110046521A (en) Decentralization method for secret protection
WO2019246599A1 (en) Systems and methods for permissioned blockchain infrastructure with fine-grained access control and confidentiality-preserving publish/subscribe messaging
US9148419B2 (en) User administering a trustworthy workspace
JP7596373B2 (en) A request and response protocol using blockchain transactions
JP2023504535A (en) Identity (ID) based public key generation protocol
US11856092B2 (en) Limiting data availability on distributed ledger
US20210035090A1 (en) System and method for secure data delivery
US11343085B2 (en) Threshold encryption for broadcast content
WO2021154157A1 (en) Blockchain-based data exchange
Hashemi et al. Decentralized user-centric access control using pubsub over blockchain
Chougule et al. Digital evidence management system for cybercrime investigation using proxy re-encryption and blockchain
CN111327426B (en) Data sharing method and related device, equipment and system
EP3814971A1 (en) Decentralised data management
Sharma et al. Maximizing blockchain security: Merkle tree hash values generated through advanced vectorized elliptic curve cryptography mechanisms
Egorov et al. Nucypher: A proxy re-encryption network to empower privacy in decentralized systems
Ramachandran et al. Secure and efficient data forwarding in untrusted cloud environment
Alniamy et al. Blockchain-based secure collaboration platform for sharing and accessing scientific research data
shaher Alslman et al. Exchanging digital documents using blockchain technology
Narkedimilli et al. FL-DABE-BC: A Privacy-Enhanced Decentralized Authentication and Secure Communication Framework for FL in IoT-Enabled Smart Cities

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19734743

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2019734743

Country of ref document: EP

Effective date: 20210126