Data protection, and more importantly, the right to be forgotten is all the rage. Legislation such as the General Data Protection Regulation (GDPR) is imposing significant penalties to organizations that do not implement robust controls around data privacy. At DataNexus, we think about data and its implications every day. Ingestion, transfer, storage, extraction, masking, and removal are all elements of our platform and integral to the problems we solve.
We’ve recently began prototyping an approach to a data trust using the mechanics of the distributed ledger and built upon the DataNexus platform. Using the ledger, we openly record the events associated with encryption keys and movement of data collections between entities, such as a consumer and business. Each entity is represented by one or more unique wallet addresses. Within each wallet, we store the encryption keys to the collections owned by that entity and shared with other specific entities.
The above image shows the public key generation flows for both the individual and business entities indicated by the colored arrows: orange for individual and green for business. After creation, each entity uploads their public key to an existing key registry. Note that key registries are not necessarily public, the same flow would apply to a private registry hosted within a larger organization that wished to share data amongst various internal entities. The ledger records the generation events for verification throughout the platform members.
Above, we show the creation of data collection:a which is encrypted with the private key from entity:individual and the public key of entity:business1. This ensures that collection:a is only readable by entity:business1. Data collection:a is stored encrypted within entity:business1 and is accessible using the public key from entity:individual from the registry.
And finally, the above diagram shows the request to share data collection:a from entity:business1 to entity:business2. The entity:individual allows entity:business1 to share collection:a with entity:business2 in a cross-promotional event for additional incentives. The entity:business1 decrypts collection:a using the key associated with entity:individual and re-encrypts it with the key from entity:business2 before transferring the data via the DataNexus platform.
Stay tuned for a white paper and further details around actions such as key revocation and collection removal. If this sounds interesting, feel free to reach out on twitter to @cnkeller or email@example.com.