一种最小化个人信息披露的在线服务访问系统

A System to Access Online Services with Minimal Personal Information Disclosure

Information Systems Frontiers · 2021
被引 10
ABS 3

中文导读

提出一种基于区块链的方案,让用户控制访问服务时披露的个人数据,支持撤销授权和必要时猜测用户身份,符合GDPR和eIDAS法规。

Abstract

Abstract The General Data Protection Regulation highlights the principle of data minimization, which means that only data required to successfully accomplish a given task should be processed. In this paper, we propose a Blockchain-based scheme that allows users to have control over the personal data revealed when accessing a service. The proposed solution does not rely on sophisticated cryptographic primitives, provides mechanisms for revoking the authorization to access a service and for guessing the identity of a user only in cases of need, and is compliant with the recent eIDAS Regulation. We prove that the proposed scheme is secure and reaches the expected goal, and we present an Ethereum-based implementation to show the effectiveness of the proposed solution.

计算机科学区块链数据隐私访问控制密码学