Ephemeral Data Trust

Data protection, and more importantly, the right to be forgotten is all the rage. Legislation such as the General Data Protection Regulation (GDPR) is imposing significant penalties to organizations that do not implement robust controls around data privacy. At DataNexus, we think about data and its implications every day. Ingestion, transfer, storage, extraction, masking, and removal are all elements of our platform and integral to the problems we solve.

We’ve recently began prototyping an approach to a data trust using the mechanics of the distributed ledger and built upon the DataNexus platform. Using the ledger, we openly record the events associated with encryption keys and movement of data collections between entities, such as a consumer and business. Each entity is represented by one or more unique wallet addresses. Within each wallet, we store the encryption keys to the collections owned by that entity and shared with other specific entities.

key generation

The above image shows the public key generation flows for both the individual and business entities indicated by the colored arrows: orange for individual and green for business. After creation, each entity uploads their public key to an existing key registry. Note that key registries are not necessarily public, the same flow would apply to a private registry hosted within a larger organization that wished to share data amongst various internal entities. The ledger records the generation events for verification throughout the platform members.

collection generation

Above, we show the creation of data collection:a which is encrypted with the private key from entity:individual and the public key of entity:business1. This ensures that collection:a is only readable by entity:business1. Data collection:a is stored encrypted within entity:business1 and is accessible using the public key from entity:individual from the registry.

data transfer

And finally, the above diagram shows the request to share data collection:a from entity:business1 to entity:business2. The entity:individual allows entity:business1 to share collection:a with entity:business2 in a cross-promotional event for additional incentives. The entity:business1 decrypts collection:a using the key associated with entity:individual and re-encrypts it with the key from entity:business2 before transferring the data via the DataNexus platform.

Stay tuned for a white paper and further details around actions such as key revocation and collection removal. If this sounds interesting, feel free to reach out on twitter to @cnkeller or ckeller@datanexus.org.

Author: Christopher Keller

CTO @ DataNexus

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s