信息网络安全 ›› 2020, Vol. 20 ›› Issue (11): 22-31.doi: 10.3969/j.issn.1671-1122.2020.11.004

• 技术研究 • 上一篇    下一篇

基于智能合约的个人隐私数据保护方法研究

姜楠1,2,3(), 王玮琦1, 王健4,5   

  1. 1.北京工业大学信息学部,北京 100124
    2.可信计算北京市重点实验室,北京 100124
    3.信息安全等级保护关键技术国家工程实验室,北京 100124
    4.智能交通数据安全与隐私保护技术北京市重点实验室,北京 100044
    5.北京交通大学计算机与信息技术学院,北京 100044
  • 收稿日期:2020-05-24 出版日期:2020-11-10 发布日期:2020-12-31
  • 通讯作者: 姜楠 E-mail:wangjian@bjtu.edu.cn
  • 作者简介:姜楠(1977—),女,山东,副教授,博士,主要研究方向为信息安全|王玮琦(1994—),女,河南,硕士研究生,主要研究方向为区块链|王健(1975—),男,山东,副教授,博士,主要研究方向为网络安全、密码应用、智能计算
  • 基金资助:
    国家自然科学基金(61502016);教育部-中国移动科研基金(MCM20170402);教育部-中国移动科研基金(MCM20180503)

Research on Personal Information Protection Method Based on Smart Contract

JIANG Nan1,2,3(), WANG Weiqi1, WANG Jian4,5   

  1. 1. Faculty of Information Technology, Beijing University of Technology, Beijing 100124, China
    2. Beijing Key Laboratory of Trusted Computing, Beijing 100124, China
    3. National Engineering Laboratory for Critical Technologies of Information Security Classified Protection, Beijing 100124, China
    4. Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing 100044, China
    5. School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
  • Received:2020-05-24 Online:2020-11-10 Published:2020-12-31
  • Contact: JIANG Nan E-mail:wangjian@bjtu.edu.cn

摘要:

文章提出一种基于智能合约的个人隐私数据保护方法,利用区块链技术,在无须可信中心的前提下,将用户与服务提供商之间的个人交易记录存储在区块链上,作为交易存在性的可靠法律凭证,防止利用用户取证困难而实施个人信息盗窃的犯罪行为。个人信息的实际内容不会存储在区块链上,只有交易记录在区块链上加密存储,只有交易相关方可以进行解密查看,保障了用户隐私。同时,针对个人信息的交易创建、交易失效、交易修改设计了3种智能合约,对交易进行失效和修改并不会使之前的交易信息丢失,个人交易记录一经上链即可永久作为交易存在性的可靠证明。最后,通过NS-3网络模拟器进行仿真实验,结果表明该方法具有可行性。

关键词: 区块链, 智能合约, 隐私数据, 个人信息保护

Abstract:

This paper proposes a personal information management method based on smart contracts. Using blockchain technology, it can store personal information transaction records between users and service providers on the blockchain without a trusted center. It can provide reliable legal evidence for the existence of the transaction, to prevent third parties from using the user's difficulty of obtaining evidence to commit criminal acts of personal information theft. The specific content of personal information is not stored on the blockchain, only the transaction records are encrypted and stored on the blockchain, and only the transaction-related parties can decrypt and view, which effectively protects the privacy of users. At the same time, this paper designs three smart contracts for personal information transaction creation, transaction invalidation, and transaction modification. The invalidation and modification of the transaction does not cause the previous transaction information to be lost, and the personal information transaction record can be permanently used as a reliable proof of the existence of the transaction once it is uploaded to the blockchain. Finally, the NS-3 network simulator is used to conduct simulation experiments, the experimental results prove that the method is feasible.

Key words: blockchain, smart contract, privacy data, personal information protection

中图分类号: