KR102345748B1 - Method and system for providing data compliance - Google Patents

Abstract

A method and system for providing data compliance are disclosed. Method for data compliance provided is information security properties of compliance (compliance) containing the laws or regulations, and applying the compliance to the data corresponding to the request of the system user within its data (1 ^st party data), and the It provides a function to export data to which the above compliance has been applied for system users.

Description

METHOD AND SYSTEM FOR PROVIDING DATA COMPLIANCE

The description below relates to techniques for providing data compliance.

The transmission performance through the network is increasing, and the demand for data transmission is rapidly increasing due to the development of IT technology.

Recently, traffic demands for various types of information data and ultra-low latency real-time data such as health care information for individual users, traffic data, smart energy management, and environmental information sensing data are increasing.

In addition, data traffic according to autonomous vehicle technology or virtual reality (VR)/augmented reality (AR) services is also increasing.

Various types of information data distribution environments are being formed due to the overflow of big data and the surge in personalized information services.

In this environment, as various services move from B2B (business to business) to B2C (business to consumer) or people-centered, the problem of personal information leakage due to personalized services is rapidly increasing.

Accordingly, there is a need for an optimal balance between the activation of data ecosystems such as the data-based 4th industry and the needs of individuals to protect privacy.

It provides its data (1 ^st party data) utilized upon whether the compliance of the system user to export data for decision-making, ie PCM (privacy control matrix) to ensure compliance automatically architecture.

To check data compliance, we provide a compliance evaluation technology that can provide different risk management according to data risk after calculating data risk based on machine learning.

A computer system comprising: at least one processor configured to execute computer readable instructions contained in a memory, the at least one processor comprising: registering for compliance with an information protection law or regulation; The process of applying the compliance to the data corresponding to the request of the system user within its data (1 ^st party data); And it provides a computer system that processes the process of providing a function to export the data to which the compliance has been applied to the system user.

According to one aspect, the at least one processor may provide a function of confirming whether or not the personal information collected through a service or application as the company data complies with laws according to each country's information protection law.

According to another aspect, the at least one processor may register the information protection law for each country as a compliance item in the form of a pre-template.

According to another aspect, the at least one processor may generate a query according to a request of the system user and then provide raw data corresponding to the query.

According to another aspect, the at least one processor may provide the data to which the compliance is applied as a location-based result value on a map according to a country in which the data is collected.

According to another aspect, the at least one processor may provide a function of verifying data characteristics for each individual data field with respect to the data to which the compliance is applied.

According to another aspect, the at least one processor may perform data de-identification on at least a portion of data when the data to which the compliance is applied is exported.

According to another aspect, the at least one processor, the personal information collected and the degree of information security-related topics, based on the rights guaranteed if the personal information providers, personal information use policies and third party (3 ^rd party) share whether It can be provided by evaluating the reliability of system users.

According to another aspect, the at least one processor may perform data de-identification on at least a portion of data to be exported based on the reliability of the system user.

According to another aspect, the at least one processor may analyze the compliance through machine learning to generate a matrix for decision making when using the company data.

According to another aspect, the at least one processor may provide a function of monitoring compliance requirements of regulatory and standardization organizations and evaluating compliance levels.

According to another aspect, the at least one processor may provide a function of managing a life cycle of compliance information and maintaining the latest compliance information.

According to another aspect, the at least one processor may provide a function of modeling and analyzing trust information of the system user.

A method executed in a computer system, the computer system comprising at least one processor configured to execute computer readable instructions contained in a memory, the method comprising, by the at least one processor, an information protection law or regulation Registering a compliance comprising a; applying, by the at least one processor, the compliance to data corresponding to a system user's request within the company's data; and providing, by the at least one processor, a function of exporting the data to which the compliance is applied to the system user.

According to embodiments of the present invention, it is possible to provide an optimal balance between the activation of a data ecosystem such as the data-based fourth industry and the demand for personal privacy protection.

1 is a block diagram for explaining an example of an internal configuration of a computer system according to an embodiment of the present invention.
2 is a flowchart illustrating an example of a data compliance providing method that can be performed by a computer system according to an embodiment of the present invention.
3 illustrates a framework architecture for trust-based personal data management according to an embodiment of the present invention.
4 to 6 are flowcharts illustrating an example of a trust-based personal data management process according to an embodiment of the present invention.
7 to 16 are diagrams illustrating an example of a service screen for providing data compliance according to an embodiment of the present invention.
17 illustrates an example of a process of generating a personal information utilization decision matrix according to an embodiment of the present invention.
18 is a flowchart illustrating an example of a personal information management process according to an embodiment of the present invention.
19 shows an example of a process of recording and managing personal data used by a service provider according to an embodiment of the present invention.
20 shows an example of real service configuration according to an embodiment of the present invention.
21 is a flowchart illustrating an example of a data privacy-related contract process according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

Embodiments of the present invention relate to methods and systems for providing data compliance.

Embodiments including those specifically disclosed herein refer to various laws or guides related to data management in the distribution of own data, including personal information, to generate a matrix (PCM) for decision-making when exporting data, and to create a final decision It can provide a data compliance management environment for use in decision making.

1 is a block diagram for explaining an example of an internal configuration of a computer system according to an embodiment of the present invention. For example, a system for providing data compliance according to embodiments of the present invention may be implemented through the computer system 100 of FIG. 1 . As shown in FIG. 1 , the computer system 100 is a component for executing the data compliance providing method, including a processor 110 , a memory 120 , a persistent storage device 130 , a bus 140 , an input/output interface ( 150 ) and a network interface 160 .

Processor 110 may include or be part of any device capable of processing a sequence of instructions as a component for providing data compliance. Processor 110 may include, for example, a computer processor, a processor in a mobile device, or other electronic device and/or a digital processor. The processor 110 may be included in, for example, a server computing device, a server computer, a series of server computers, a server farm, a cloud computer, a content platform, and the like. The processor 110 may be connected to the memory 120 through the bus 140 .

Memory 120 may include volatile memory, persistent, virtual, or other memory for storing information used by or output by computer system 100 . The memory 120 may include, for example, random access memory (RAM) and/or dynamic RAM (DRAM). Memory 120 may be used to store any information, such as state information of computer system 100 . Memory 120 may also be used to store instructions of computer system 100 including, for example, instructions for providing data compliance. Computer system 100 may include one or more processors 110 as needed or appropriate.

Bus 140 may include a communications infrastructure that enables interaction between various components of computer system 100 . Bus 140 may carry data between, for example, components of computer system 100 , such as between processor 110 and memory 120 . Bus 140 may include wireless and/or wired communication media between components of computer system 100 and may include parallel, serial, or other topological arrangements.

Persistent storage 130 is a component, such as memory or other persistent storage, as used by computer system 100 to store data for an extended period of time (eg, compared to memory 120 ). may include Persistent storage 130 may include non-volatile main memory as used by processor 110 in computer system 100 . Persistent storage 130 may include, for example, flash memory, a hard disk, an optical disk, or other computer-readable medium.

The input/output interface 150 may include interfaces to a keyboard, mouse, voice command input, display, or other input or output device. Input to provide configuration commands and/or data compliance may be received via input/output interface 150 .

Network interface 160 may include one or more interfaces to networks such as a local area network or the Internet. Network interface 160 may include interfaces for wired or wireless connections. Input to provide configuration commands and/or data compliance may be received via network interface 160 .

Also, in other embodiments, computer system 100 may include more components than those of FIG. 1 . However, there is no need to clearly show most of the prior art components. For example, the computer system 100 is implemented to include at least some of the input/output devices connected to the input/output interface 150 described above, or a transceiver, a global positioning system (GPS) module, a camera, various sensors, It may further include other components such as a database and the like.

2 is a flowchart illustrating an example of a method for providing data compliance that can be performed by a computer system according to an embodiment of the present invention.

The processor 110 may load the program code stored in the program file for the data compliance providing method into the memory 120 . For example, a program file for the data compliance providing method may be stored in the persistent storage device 130 described with reference to FIG. 1 , and the processor 110 is stored in the persistent storage device 130 via the bus 140 . The computer system 100 may be controlled to load program code from a program file into the memory 120 . In this case, in order to execute the data compliance providing method, the processor 110 and components of the processor 110 may directly process an operation according to a control command or control the computer system 100 .

Hereinafter, specific embodiments will be described using personal information (or personal data) as an example. However, it is not limited to personal information, and as data that is subject to distribution between companies or between companies and individuals, it can be extended and applied to all types of company data owned by the company.

In the present embodiment, when personal information is distributed in an Internet of Things environment (eg, smart home, smart office, wearable healthcare, etc.), the individual who can determine compliance, such as whether or not the General Data Protection Regulation (GDPR) policy is satisfied, and can satisfy it We provide a new personal information management platform that fits the personal information distribution paradigm through the information management framework.

Referring to FIG. 2 , in step S210 , the processor 110 may register country-specific information protection laws or regulations related to personal information as a compliance item on the platform. The processor 110 may register each of the information protection laws such as EU GDPR, Korea Personal Information Protection Act, and US HIPAA in the form of a pre-template. The system user can automatically check the compliance of the data by selecting the function suitable for the data collection and utilization environment. The processor 110 binds the personal information collected in various service environments with the user profile and service contract information (including whether the user agrees or not), and then provides a function of checking compliance in accordance with the information protection laws of each collection country.

In step S220 , the processor 110 may provide a data set to which the compliance pre-registered on the platform is applied to data corresponding to the request of the system user. The processor 110 may generate a query for the data request, check raw data corresponding to the query, and then provide a location-based result value based on a country in which the raw data is collected. The processor 110 may provide a data set to which compliance is applied by applying pre-registered compliance to raw data on the platform.

In step S230, the processor 110 provides a function of exporting the data to which the compliance has been applied. The processor 110 provides a function of verifying data characteristic information on the platform, and provides a function of confirming the data characteristic of an individual data field when data is exported. The processor 110 may apply data de-identification to individual data fields when exporting data. For example, as a data masking method, the processor 110 may apply de-identification by masking at least a portion of data with a symbol (eg, an asterisk) that cannot be identified as data. As another example, the processor 110 may de-identify the exported data field through unit conversion for data as a categorization method. For example, you can convert your actual age into age units such as teenagers and 20s, or convert to last name units such as Kim and Lee by excluding your first name from your full name. The processor 110 can de-identify data using categorization, generalization, data masking methods, etc., as well as de-identification using homomorphic encryption. Accordingly, the system user can acquire data in a form that complies with the compliance.

The processor 110 may provide reliability for each company in a scored form when personal information is distributed between companies on the platform. As an example, the processor 110 may evaluate the reliability based on the reliability evaluation target's ability (ability), relationship (benevolence), consistency (integrity), tendency (inclination), and the like. Capability includes the degree of personal information collection and information security-related items, and may include the personal information collection scope, personal information processing security, etc. Relationship includes whether the rights of the personal information provider are guaranteed or not, and it is the nature of the attitude of the person subject to reliability evaluation to work or act with the personal information provider. It may include whether to deliver and how to deliver. Consistency includes personal information use policy and whether or not to share with a third party Consistency of use may be included. The trend indicates the importance of trust indicators in evaluating the reliability of personal information providers. The trend can be expressed as a weight in the reliability calculation, and the value may be different for each service domain or reliability evaluation target based on the provider's experience and reputation. This is the accumulated information of the credibility evaluator's experience and reputation, including personal opinions. The actual evaluation of each item (capability, relationship, consistency, tendency) used for reliability evaluation can be evaluated using a personal information policy book and mobile application access right information data set.

The processor 110 may determine a guide for de-identification of data to be exported based on the reliability of the company requesting the data export. The processor 110 may apply de-identification according to the column-by-column de-identification guide for the data when it is exported outside after matching compliance with the data requested by a specific company.

The personal data management environment for implementing the data compliance provision system is as follows.

3 illustrates a framework architecture for trust-based personal data management according to an embodiment of the present invention. Each component in FIG. 3 is provided as a functional module that meets specific requirements.

The TPDM (Trust Based Personal Data Management) framework 300 according to an embodiment of the present invention may be divided into a data plane functional module and a management plane functional module.

The data dimension is directly related to personal data transactions between personal data stakeholders. Services and applications that have collected personal data sets may process personal data and decide whether to conduct personal data transactions based on the results of management-level compliance checks and trust evaluations. In accordance with this determination, personal data may be processed to meet personal compliance requirements and guidelines prior to transmission and transaction, subject to the level of trust and compliance of the personal data stakeholders.

At the management level, personal compliance management is performed by evaluating the compliance guidelines of internal personal data stakeholders and external regulatory/standardization agencies on the use of personal data. In addition, trust information can be evaluated according to criteria related to the use of personal data, and the evaluation results are provided to personal data stakeholders related to TPDM through the trust provision function.

A detailed description of each function is as follows.

Trust information management functions 310 provide trust information of personal data stakeholders (eg, trust attributes, trust indicators, trust scores and trust levels) related to all relevant information about personal data usage and transactions. model, analyze and manage

Trust attributes monitoring functions 311 recognize characteristics and factors that influence personal data stakeholders' trust in personal data utilization and transactions, and determine appropriate trust attributes for trust modeling, analysis and evaluation. do.

Trust modeling functions 312 are used to measure trust with trust attributes obtained by specifying, annotating, and building trust relationships between personal data stakeholders.

The trust information analysis functions 313 analyze trust information by combining trust attributes and trust models to evaluate trust and provide trust information.

Trust information lifecycle management functions 314 create, update, and destroy trust information at appropriate times to manage trust information and manage context for trust establishment, trust update, and trust revocation.

Trust information provision functions 315 provide trust information to each personal data stakeholder in trust information management function 310 to evaluate trust and trust indicators as criteria for measuring trust scores (eg, trust scores). confidence index), which is a benchmark measure for The form of trust provisioning results may vary depending on the environment (eg, numbers, dashboards, notifications, etc.).

Privacy compliance management functions 320 monitor the relevant compliance requirements of internal personal data stakeholders and external regulatory and standardization bodies and evaluate compliance levels during the personal data evaluation process.

Privacy compliance monitoring functions 321 can be used by internal personal data stakeholders (e.g., rules, contracts, service level agreements, policies, etc.) and external regulatory/standardization bodies (e.g., privacy policies, regulations). or standards) to monitor individual compliance requirements and guidelines. It regularly monitors for changes in personal compliance requirements and guidelines and triggers the personal compliance assessment function 322 for updates.

The privacy compliance assessment functions 322 evaluate the level of personal compliance according to a compliance verification requirement during a personal data evaluation process and a compliance application requirement during a personal data transaction.

The privacy compliance information provision functions 323 provide the compliance evaluation result of the personal compliance evaluation function 322 to each individual data stakeholder. The form of regulatory information may vary depending on the environment (eg, figures, dashboards, notifications, texts, etc.).

Privacy compliance information lifecycle management functions 324 manage the lifecycle of personal compliance information (eg, creation, use, destruction, etc.) and Maintains up-to-date personal compliance information for verification of data stakeholders (302).

Personal data transaction management functions 330 process personal data in accordance with the requirements of personal compliance management and transmit personal data to target personal data stakeholders for personal data transactions. In addition, you agree to keep records of your personal data transactions and verify the authenticity of your transactions.

Personal data transaction lifecycle management functions 331 monitor personal data transactions and provide storage for transactions and all logs and contexts related to them for future trust evaluation and internal compliance evaluation. keep records In addition, it coordinates the entire transaction of the TPDM framework 300 (eg, transaction lifecycle management, transaction coordination of multiple resources, etc.).

Personal data compliance application functions (332) meet the personal compliance guidelines of personal compliance assessment function (322) prior to transmission of personal data based on the results of the compliance assessment and trust assessment of the target personal data stakeholders Appropriate treatment methods are applied to

personal data transfer management functions 333 secure the processed personal data in accordance with the requirements/contract or the trust of interested parties with appropriate security measures (e.g. end-to-end encryption, authentication mechanisms, etc.); Transmit your target personal data to stakeholders using

Personal data evaluation functions 340 monitor and filter personal data from various data sources and verify personal data compliance and trust evaluations of personal data stakeholders prior to actual personal data transactions.

Personal data monitoring functions 341 identify personal data from input datasets and process them in TPDM to extract personal data for processing from various data sources of services and applications.

Personal data filtering functions 342 filter and classify personal data according to the importance of the personal information (eg, quasi-PII or PII) and the sensitivity to personal information exposure. The personal data format is not limited thereto, and may include any form of data such as text, images, audio, and video. Depending on the scope of the service/application or personal data format, TPDM supports the relevant processing methods (ie monitoring and filtering of personal data) prior to the personal data transaction.

Privacy compliance verification functions 343 verify the personal compliance of the filtered personal data based on the results of the personal compliance management function 320 for the personal data transaction. If the collected personal data does not comply with the privacy policy (for example, if it violates internal or external privacy guidelines), the personal data must be deleted immediately and TPDM will take the necessary action with the personal data stakeholders (e.g. For example, notifications, etc.).

Personal data stakeholder trust evaluation functions 344 are configured to select the target personal data stakeholder (the person receiving the personal data) for the personal data transaction based on the results of the trust information management function 310 . Evaluate trust.

Based on the results of the personal compliance check function 343 and the personal data stakeholder trust evaluation function 344, the TPDM may inform the personal data provider (i.e., the service application) of the results and determine whether or not to proceed with the personal data transaction. .

Personal data lifecycle management functions 345 manage the lifecycle of personal data and determine appropriate actions (eg, analyze, use, dispose, etc.) for processing the personal data. In particular, expired personal data is deleted by TPDM.

The TPDM may monitor and evaluate personal data for a personal data evaluation function 340 of services/applications 301 that collects personal data using a reference point Ta.

The reference point Ts may transmit the appropriately processed personal data (ie, personal data originally monitored by Ta) to the personal data stakeholder 302 based on the personal compliance assessment and trust assessment.

The reference point Tc is based on the compliance guidelines of external regulatory/standardization bodies 303 for the personal compliance management function 320 and the trust information management function 310, respectively, to other third-party personal data stakeholders. You can monitor personal compliance information and trust information.

The personal compliance evaluation result and trust information may be provided to the personal data stakeholder 302 through the reference point Tp.

A trust-based personal data management process using the TPDM framework 300 will be described as follows.

4 shows an example of a trust provision process, which is one of the main processes for trust-based personal data management in an embodiment of the present invention.

The trust provision process provides trust information of each stakeholder 302 in the TPDM framework 300 . The trust information providing function 315 collects relevant trust attributes that can contribute to trust information evaluation and evaluation, and provides trust information to the stakeholders 302 through the trust information providing function 315 .

The detailed process for providing trust is as follows.

1. The stakeholder 302 of the TPDM framework 300 requests trust information of another stakeholder with the trust information provision function 315 .

2. The trust information providing function 315 checks trust information in its own storage and requests a trust information update function to the trust information management function 310 .

3. The trust attribute monitoring function 311 may include various sources (eg, personal compliance management function 320 , trust information lifecycle management function 314 , personal data transaction management) according to the request of the trust information providing function 315 . function 330, etc.) collects data and information for evaluating stakeholder trust and extracts relevant attributes for trust evaluation. Then, the extracted attributes are aggregated for the trust modeling function 312 .

4. The trust modeling function 312 applies an appropriate model for evaluating trust based on the aggregated attributes and transmits the model to the trust information analysis function 313 for trust information analysis.

5. Analyzes and generates newly updated trust information through the trust information analysis function 313 . The newly updated trust information is recorded by the trust information lifecycle management function 314 and also transmitted to the trust information providing function 315 . Finally, the stakeholder 302 receives a response to the newly updated trust information from the trust information provision function 315 .

5 shows an example of a compliance evaluation process that is another one of the main processes for trust-based personal data management in an embodiment of the present invention.

Compliance assessment is a TPDM process by analyzing internal stakeholders' internal compliance assessments (e.g. rules, stakeholder agreements, personal policies, etc.) and external compliance assessments of external third parties (e.g. regulations, statutes, standards, etc.) Provides information about the individual compliance assessment of the framework 300 .

The detailed process for compliance evaluation is as follows.

1. The stakeholder 302 requests compliance evaluation information from the individual compliance evaluation function 322 .

2. The personal compliance evaluation function 322 requests an update of the internal compliance evaluation information to the internal compliance evaluation function 3221 . The internal compliance evaluation function 3221 collects internal compliance information from the personal data transaction management function 330 , updates the internal compliance evaluation, and returns the evaluation result to the personal compliance evaluation function 322 .

3. Similarly, the personal compliance evaluation function 322 requests the external compliance evaluation function 3222 to update the external compliance evaluation information. The external compliance evaluation function 3222 collects external compliance information from an external third party, updates the external compliance evaluation, and returns the evaluation result to the personal compliance evaluation function 322 .

The personal compliance evaluation function 322 may simultaneously request compliance evaluation information for the internal compliance evaluation function 3221 and the external compliance evaluation function 3222 .

4. The personal compliance evaluation function 322 aggregates the newly updated internal and external compliance evaluation information and provides the corresponding compliance evaluation information to the stakeholder 302 as a response.

6 shows an example of a personal data transaction process, which is another one of the main processes for trust-based personal data management according to an embodiment of the present invention.

One of the important information flows in TPDM is to support personal data transactions from services or applications 301 (including personal data) with aggregated datasets to stakeholders 302 who need personal data.

The TPDM framework 300 imports the dataset through the personal data evaluation function 340 . The personal data evaluation function 340 monitors and filters personal data from the dataset, then checks the personal compliance of the personal data and evaluates the stakeholder's trust in the personal data transaction. If the verification and evaluation are successful, the personal data is processed by the personal data transaction management function 330 . Personal data is processed to meet personal data processing requirements and trust requirements, and the processed personal data is transmitted to stakeholders 302 in a secure manner.

The detailed process for personal data transaction is as follows.

0. Personal data monitoring function 341 fetches datasets from services or applications 301 at the request of stakeholders 302 who need personal data for the purpose.

1. Personal data monitoring function 341 monitors and captures personal data with personal data filtering function 342 . In addition, the personal data monitoring result is transmitted to the personal data lifecycle management function 345 to perform additional management.

2. The personal data filtering function 342 applies the pre-processing and filtering method to the personal data and sends the filtered personal data to the personal compliance check function 343 . In addition, the personal data filtering result is transmitted to the personal data lifecycle management function 345 to perform additional management.

3. Personal compliance check function 343 receives the filtered personal data and requests compliance evaluation instructions for personal compliance management function 320 . The personal compliance management function 320 performs internal and external compliance assessments and returns instructions to the personal compliance check function 343 . The personal compliance check function 343 checks the personal compliance of the filtered personal data. If the verification fails, the transaction is stopped, and if the verification succeeds, the next step for evaluating the trust of the stakeholder 302 is performed.

4. Personal data stakeholder trust evaluation function 344 requests trust information for evaluating stakeholder trust to trust trust information management function 310 . The trust information management function 310 analyzes and evaluates the trust information and returns it to the personal data stakeholder trust evaluation function 344 . With the received trust information, the personal data stakeholder trust evaluation function 344 evaluates the stakeholder's trust and proceeds to the personal data transaction phase if the evaluation satisfies certain criteria.

5. The personal data transaction management function 330 applies an appropriate method to the personal data to process the personal data based on the personal compliance guidelines of the personal compliance management function 320 and the trust information of the trust information management function 310 . Thereafter, the processed result is sent to the personal data lifecycle management function 345 for further management and proceeds to the personal data transfer management function 333 ;

6. The personal data transmission management function 333 checks various conditions for transmitting personal information to the interested parties 302, and finally transmits the personal information when the conditions are satisfied. The transaction results are sent to the personal data transaction management function 330 and the personal compliance management function 320 (particularly for internal compliance assessment) for further management.

7 to 16 are diagrams illustrating an example of a service screen for providing data compliance according to an embodiment of the present invention.

The data compliance providing system provides a web-based user interface.

Service users can be broadly classified into two groups, and can be divided into data managers who have the authority to directly manage internal data and data requesters who want to use data from external or internal organizations.

The data compliance providing system may support a web-based ID/password service login method.

Referring to FIG. 7 , main functions of the dashboard are as follows.

The dashboard page 700 may include a 'data management' menu 701 and a 'compliance evaluation' menu 702 .

The 'data management' menu 701 includes a function for managing internal or external data requests and exporting data under the approval of the data manager.

The 'compliance evaluation' menu 702 includes a function of managing information on compliance provided on the platform. At this time, compliance means a series of functions that check its suitability in accordance with specific data export standards. may include Individual countries or institutions' privacy-related rules or standards can be registered as an additional form of compliance.

In addition, the 'compliance evaluation' menu 702 includes a function of providing a guideline for safe data export through reliability evaluation of the company when data is exported.

At the top of the dashboard page 700, the logged-in user and authority, and the available access time are displayed.

In the dashboard page 700, the new data request history 710 can be checked through the 'Data export request' menu of the 'Data management' menu 701, and the data request processing history 720 through the 'Data export status' menu )can confirm.

The data manager may check the new data request details 710 on the dashboard page 700 and select and process the request to be processed by using the 'selection' menu 711 .

In the case of a new data request, the data requester may log in with a previously issued user account for data request on the login page and proceed with the new data request process.

8 shows an example of an information input screen 800 for a new data request.

The information input screen 800 includes information input fields required when requesting data, and includes a title 801, a requester 802, a exporting company 803, data request content 804, data utilization purpose 805, data It may include an interface for inputting a usage period 806 , a country or region 807 , and the like. The data request content 804 is a field for entering a detailed description of the data to be actually used, and the data utilization purpose 805 is a field for entering a specific utilization purpose such as a research purpose or a commercial analysis purpose. The data usage period 806 is a field for entering the data usage period in order to comply with GDPR regulations, etc., and the country or region 807 is an input field necessary to apply the data protection law appropriate to the country or region when exporting data. to be.

The data manager's new data request processing process will be described as follows.

9 illustrates a request processing screen 900 selected by the data manager using the 'selection' menu 711 .

The processor 110 generates a query 901 for data extraction based on the request written in the data request through the information input screen 800 and displays it on the data request processing screen 900 . It is also possible to provide a search term for data extraction in the form of a workbench rather than a query form.

The data request processing screen 900 includes a 'query' menu 902 for executing the query 901, a 'compliance application' menu 903 for applying compliance to the raw data retrieved by the query 901, etc. can

When the data manager selects the 'query' menu 902, the processor 110 may provide a data search result 1001 corresponding to the query 901 on the map 1010 as shown in FIG. have.

The processor 110 may provide the data search result 1001 on the map 1010 in the form of data distribution for each country (or region) based on the country (or region) in which the corresponding data is collected for each data. The provision of the data search result 1001 based on the map 1010 is to preferentially filter international laws or privacy-related laws because they have regional characteristics. By showing the overall data volume by country (or region), it is possible to quickly recognize the utilization of data.

As a search result screen, the processor 110 may provide a raw data check screen 1120 for checking raw data included in a search result corresponding to the query 901 as shown in FIG. 11 .

On the raw data confirmation screen 1120, data retrieved through a query based on raw data may be displayed on a field basis. In other words, it provides the ability to directly check the raw data for data extraction from the data manager side.

The processor 110 provides a function for applying compliance to the basic searched raw data.

The data manager may check the basic properties of the searched data through the query 901 and then apply compliance to the searched data in order to actually export the corresponding data to the outside.

When the data manager selects the 'compliance application' menu 903 , the processor 110 may provide a pre-registered compliance list 1201 as shown in FIG. 12 . The data manager can create a compliance that complies with the user terms for each product and the laws of each country of data collection, which are the characteristics of the data to be collected. Pre-generated compliance can be applied directly to raw data.

The processor 110 may apply the compliance selected by the data manager from the compliance list 1201 to the basic searched raw data.

As shown in FIG. 13 , the processor 110 may provide a function for confirming the result 1301 to which the compliance is applied, and similarly to the basic search result ( FIGS. 10 and 11 ), the result 1301 of the compliance application is displayed. It can be displayed on a map or as a raw data list.

After confirming the result 1301 to which the compliance is applied, the data manager may proceed with the actual export operation.

When the data manager selects the 'Apply Compliance' menu 903, the 'Export' menu 1402 is displayed on the data request processing screen 900 along with the result 1401 to which the compliance has been applied, as shown in FIG. 14 . can be If there is a prior export history for the currently displayed data, the corresponding export history 1403 may be displayed on the data request processing screen 900 .

In addition to the export history 1403, a function of visually providing characteristics for each field through a graph is included.

The processor 110 may provide a result of applying de-identification to each data field included in the compliance application result to be exported.

The data manager can apply de-identification to the exported data at the field level, and can selectively set the de-identification type. For example, de-identification can be applied to the 'gender' field, and the graph at the top can visually show what kind of data distribution by gender. In the case of the 'age' field, a method of completely de-identifying a level in which a numeric value cannot be read, a method of randomly increasing/decreasing in a certain unit, a method of converting a unit into an age group type, etc. can be applied.

For this de-identification function, a predefined de-identification function can be applied according to the characteristics of the data field. In addition, it is also possible for the data manager to directly input de-identified data.

The data request processing screen 900 includes a function by which the data manager can finally check export information before exporting data. This is a function for the data manager to check the final data request before processing. Map-based data distribution information, requester information, request date information, person in charge (data export) information, processing date information (data export), applied compliance Information and key issuance information (key information issued to prove that the data requester accesses the data they want to export) can be checked. The data manager can write and input the export confirmation phrase together with the key issuance, and can proceed with the export of data after the key issuance procedure and the export confirmation procedure through the user's direct input.

The data export case performed through the above process may be displayed in addition to the data request processing history 720 on the dashboard page 700 . In this case, the processor 110 may highlight and display a newly created case newly added to the data request processing history 720 to be distinguished from other cases.

The 'compliance evaluation' menu 702 in the dashboard page 700 is a function for managing compliance information provided on the platform, and may provide a function for providing compliance in a data compliance solution.

15 shows the compliance management screen 1500 by the 'compliance evaluation' menu 702 .

Referring to FIG. 15 , the data manager can check the compliance list 1502 through the 'compliance control' menu 1501 on the compliance management screen 1500 , so that the previously created compliance can be managed. In addition, the 'add compliance' menu 1503 may be included as a function for the data manager to directly create compliance.

Pre-registered compliance means a set of laws or regulations to be applied to company data. Each compliance clause includes one or more clauses, and it can be expressed by scoring it as a whole according to each compliance or non-compliance. An item of data evaluated (confirmed) by the data manager for each compliance included in the pre-registered compliance list 1502 may be provided together.

The data manager can add a new compliance by using the 'Add compliance' menu 1503. In this case, if you want to add a compliance, select and apply the desired compliance from the interface for entering the compliance title and the predefined compliance list for each region. An interface for doing so may be provided.

As a management function for the pre-registered compliance list 1502, for each of the compliances included in the compliance list 1502, as shown in FIG. 16, a 'job review' menu 1601 for reviewing the compliance items, the title of the compliance A 'group name change' menu 1602 for changing the 'group name' menu 1602, a 'group deletion' menu 1603 for deleting compliance, and the like may be provided.

The 'job review' menu 1601 is a function for evaluating individual items of compliance, and an administrator who added compliance may evaluate each of the compliance rules.

The service page according to the 'job review' menu 1601 may provide information on terms of use at the time of data collection. In this case, the service or device that collects personal data presents contract information with the user, and the data manager can determine the usability of the data collected from the service or device based on the terms and conditions information at the time of data collection.

The data manager may request information on terms of use related to compliance through the service page according to the 'job review' menu 1601 to check the terms of use information of a target service or device to which compliance is to be applied. It provides the ability to easily and conveniently judge compliance by providing information on terms of use at the time of collection for the personal data of the data owner.

In addition, when applying compliance, it is possible to provide a function to check the specific text of related provisions together. It provides the ability for data controllers to check and evaluate the original text of each relevant provision to be applied for compliance.

The service page according to the 'compliance evaluation' menu 702 may include a 'custom compliance' function for managing information on compliance items managed by itself in order to apply and manage the overall PCM on the compliance management system. The data manager can define rules on the data compliance solution through the 'custom compliance' function. In addition to the 'custom compliance' function, a function to register and utilize data-related laws and provisions for each region in advance, a function to manage user rights, and a function to manage a list of operators who want to export data may be further included.

17 illustrates an example of a process of generating a personal information utilization decision matrix according to an embodiment of the present invention.

Referring to FIG. 17 , the processor 110 may generate a matrix (PCM) for decision-making when using personal information based on various compliances related to personal information management including the personal information security analysis 1701, and finally An overall function for use in decision making 1702 may be provided.

The processor 110 may construct a matrix by extracting data for personal information use decision making from the personal information security analysis 1701 and each region raw data, and may update the final decision 1702 using this. .

The processor 110 analyzes the compliance 1701 based on machine learning in consideration of the continuous update of related laws and guide information, and as a final decision 1702, the decision to use personal information according to the decision of the data manager as well as In addition, it is possible to verify the suitability of compliance (personal information protection guideline setting) through evaluation of individual items of compliance, and to provide different risk management according to the level of risk after calculating the risk of personal data.

The present embodiments may include a blockchain architecture that complies with compliance for personal information management.

18 is a flowchart illustrating an example of a personal information management process according to an embodiment of the present invention.

The computer system 100 according to the present embodiment may implement a controller node on a blockchain network.

Referring to FIG. 18 , in step S1810, the computer system 100 separates personal data received from a user node from a controller node on the blockchain network into personally identifiable information (PII) and potential personally identifiable information (PPII). have.

In step S1820, the computer system 100 may store personal identification information in a local database. Among personal data, PII can be stored in the local database of the controller node, and the hash of this PII and PPII can be stored in the blockchain.

In step S1830, the computer system 100 may generate a hash value of personal identification information. Since only the hash value of PII is stored in the blockchain, if PII is deleted from the local database, the hash value of PII stored in the blockchain becomes useless.

In step S1840, the computer system 100 generates a smart contract generated by consensus, potential personal identification information, a generated hash value, and a user corresponding to the user node when a consensus is reached between nodes on the block chain network. A block containing the identifier and the controller identifier corresponding to the controller node can be created and stored in the blockchain. At this time, the computer system 100 may publish a list of personal data to nodes on the blockchain network. In addition, the conditions for the agreement may be based on compliance applicable to personal data, for example GDPR regulations.

Meanwhile, when sharing personal data with a processor node on a block chain network, the computer system 100 may notify the user node of whether personal data is shared and the purpose of sharing personal data. At this time, the processor node separates the personal data into personally identifiable information and potential personally identifiable information, stores the personally identifiable information in the local database of the processor node, generates a hash value of the personally identifiable information, When consensus is reached, a block containing a smart contract generated by consensus, potential personally identifiable information, a generated hash value, a user identifier corresponding to a user node, a controller identifier corresponding to a controller node, and a processor identifier corresponding to a processor node can be implemented to create and store in the blockchain.

In addition, each of the nodes on the blockchain network can delete the personal data of the user node stored in their local database by checking the smart contract stored on the blockchain as a request to delete personal data from the user node is received. .

In addition, each of the nodes on the blockchain network can modify the personal data of the user node stored in their local database by checking the smart contract stored on the blockchain as a request for modification of personal data from the user node is received. , at this time, a node that has modified the user node's personal data in its local database can create a new block containing the modified personal identification information hash and add it to the blockchain.

The present embodiments may include a BCP (Blockchain Controller for Privacy) architecture that can provide personal data by using a contract with a blockchain controller having access rights.

The computer system 100 according to the present embodiment may implement BCP as a personal information providing system.

When a service provider such as social service, search service, mail service, media service, etc. wants to use personal data, by accessing the personal data using a contract with the BCP with personal data access rights, the usage record and usage information for personal data can be verified. can

19 shows an example of a process of recording and managing personal data used by a service provider according to an embodiment of the present invention.

As shown in FIG. 19 , for example, real user data is moved to the cloud platform through the social service provider #B. Other social service providers #A and #C may collect personal data through BCP #2.

In this case, using the BCP (#1, #2) authenticated by the user, the usage details of the personal identification information (PII) of the services can be verified, and service providers must also use the BCP type function. .

20 is a diagram showing a real service configuration example according to an embodiment of the present invention, wherein the user delegates access to his/her data to the BCP, and the service provider uses personal data through a contract with the BCP delegated by the user. can

The functional characteristics of the BCP according to the present invention are as follows.

1. BCP performs data privacy-related contracts with users.

2. BCP provides its own private data storage (storage or vault).

3. BCP concludes a contract function with the online data storage used by the user.

4. BCP provides interworking interface function with online data storage used by users.

5. BCP provides BCP agent for monitoring user service usage environment (personal information related data generation environment).

First, the data privacy-related contract process between the BCP and the user is as follows.

BCP provides contracts for data privacy as a way to clearly monitor personal data at the various touchpoints where it is exposed online.

Regarding the main online data that can be exposed by the user, depending on the contract with the user (1) only the part that can be provided in the form of SDK (Software Development Kit) or API (Application Program Interface) for major exposure points, or (2) network At the level of monitoring (Network Monitoring), personal information can be distinguished through overall monitoring.

In this case, in the case of a web- or App-based server, it falls under (1) above, and the corresponding service providers should be able to provide information on the authority for data monitoring as well.

21 is a flowchart illustrating an example of a data privacy-related contract process between a BCP and a user.

Referring to FIG. 21 , for a smart contract, a user may access a BCP to which the user wants to delegate access to his/her data (S2101), and the corresponding BCP may receive a contract request from the connected user.

The BCP may receive a selection for the service (online data store or service provider) used by the user (S2102).

The BCP determines whether it is linked with the service selected by the user (S2103). If the service used by the user is not linked with the BCP, the blockchain-based personal information provision service cannot be provided.

When the service used by the user is linked with the BCP, the BCP may perform user authentication for data interworking with the service (S2104). For example, the BCP may request to allow access to a service used by the user, such as an Oauth (Open Authorization) method.

BCP may set the contract right scope when user authentication is completed (S2105). The contract rights scope means the scope of access rights, and may include, for example, data items, monitoring and tracking periods, and the like. The service provider may provide information on the scope of data provision agreed upon by the user at the time of subscription, the timing of consent, etc. In this case, the BCP may set data accessibility such as access using API and direct file access (DFA). In addition, the BCP may set data coverage including whether to access different data in grades such as Potential Personal Identifiable Information (PPII) and Personal Identifiable Information (PII). In addition, the BCP can set data anonymization according to the user's request.

When the service used by the user is a new service or data is collected from the user terminal, information connected to the BCP can be set in the user environment (terminal, application, IoT, etc.), and the BCP can receive connection information with the user environment. It can be (S2106). For this, the BCP side can provide a separate API gateway address to upload the user's data.

In the case of an online-based service provider, such as when personal data already exists online, the setting process with the terminal ( S2106 ) may be omitted.

The BCP may store information set through the above processes (S2101 to S2106) for the service used by the user as contract information with the user (S2107).

A user may proceed with subscribing to a specific web service that he/she wants to use on a browser through various user environments.

For example, in a web service, it is possible to confirm whether or not to use BCP in the user registration process. If the user inputs his/her intention to use BCP, the BCP login process can be provided, and through this, the user can log in to the BCP used by the user.

The BCP side provides the user with a list of data that can be monitored for the user's personal information requested by the web service the user wants to subscribe to, and then can set the data item selected by the user through the list as the monitoring target.

BCP can itself provide the function of private data storage.

For example, existing personal cloud data storage operators or providers of productivity tools provide monitoring and smart contract-based third-party services for data input/output in a data management environment. It is possible to extend to the BCP form by adding the monitoring function of authority control and provision to the input/output of personal data. By establishing a contract with a separate BCP and only BCP manages the contact point of exposure with a third-party service, it is also possible to exclusively link and provide its own BCP function.

Accordingly, the present embodiments can provide a data distribution environment in which privacy is guaranteed as well as a data management environment that complies with the compliance based on the compliance related to personal data.

As such, according to the embodiments of the present invention, it is possible to provide an optimal balance between the activation of a data ecosystem such as the data-based fourth industry and the demand for personal privacy protection.

The device described above may be implemented as a hardware component, a software component, and/or a combination of the hardware component and the software component. For example, the apparatus and components described in the embodiments may include a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate array (FPGA), and a programmable logic unit (PLU). It may be implemented using one or more general purpose or special purpose computers, such as a logic unit, microprocessor, or any other device capable of executing and responding to instructions. The processing device may execute an operating system (OS) and one or more software applications executed on the operating system. A processing device may also access, store, manipulate, process, and generate data in response to execution of the software. For convenience of understanding, although one processing device is sometimes described as being used, one of ordinary skill in the art will recognize that the processing device includes a plurality of processing elements and/or a plurality of types of processing elements. It can be seen that can include For example, the processing device may include a plurality of processors or one processor and one controller. Other processing configurations are also possible, such as parallel processors.

Software may comprise a computer program, code, instructions, or a combination of one or more thereof, which configures a processing device to operate as desired or is independently or collectively processed You can command the device. The software and/or data may be embodied in any tangible machine, component, physical device, computer storage medium or device for interpretation by or providing instructions or data to the processing device. have. The software may be distributed over networked computer systems and stored or executed in a distributed manner. Software and data may be stored in one or more computer-readable recording media.

The method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium. In this case, the medium may be to continuously store a program executable by a computer, or to temporarily store it for execution or download. In addition, the medium may be various recording means or storage means in the form of a single or several hardware combined, it is not limited to a medium directly connected to any computer system, and may exist distributed over a network. Examples of the medium include a hard disk, a magnetic medium such as a floppy disk and a magnetic tape, an optical recording medium such as CD-ROM and DVD, a magneto-optical medium such as a floppy disk, and those configured to store program instructions, including ROM, RAM, flash memory, and the like. In addition, examples of other media may include recording media or storage media managed by an app store that distributes applications, sites that supply or distribute other various software, and servers.

As described above, although the embodiments have been described with reference to the limited embodiments and drawings, various modifications and variations are possible from the above description by those skilled in the art. For example, the described techniques are performed in an order different from the described method, and/or the described components of the system, structure, apparatus, circuit, etc. are combined or combined in a different form than the described method, or other components Or substituted or substituted by equivalents may achieve an appropriate result.

Therefore, other implementations, other embodiments, and equivalents to the claims are also within the scope of the following claims.

Claims (20)

In a computer system,
at least one processor configured to execute computer readable instructions contained in memory
including,
the at least one processor,
the process of registering for compliance, including data protection laws or regulations;
The process of applying the compliance to the data corresponding to the request of the system user within its data (1 ^st party data); and
The process of providing a function for exporting the data to which the compliance has been applied to the users of the system
process the
the at least one processor,
By performing data de-identification when exporting the data to which the above compliance has been applied,
Personal information collected and the degree of information security-related topics, privacy rights guaranteed whether the providers, personal information utilization policies and third party (3 ^rd party) shares, whether personal information on the basis of confidence indicators for the provider confidence in the system user the process of evaluating; and
The process of performing data de-identification for at least a portion of the data to be exported based on the reliability of the system user
process the
the at least one processor,
The process of generating a matrix for decision-making when using the company data by analyzing the compliance through machine learning
process the
As a final decision based on the matrix, the use of the company data is determined, the conformity of the compliance is verified through evaluation of individual items of the compliance, and the risk calculation of the company data and different risk management according to the risk are included.
A computer system characterized by a. According to claim 1,
the at least one processor,
Providing a function to check whether the personal information collected through the service or application as the company data is complied with in accordance with the information protection laws of each country
A computer system characterized by a. According to claim 1,
the at least one processor,
Registering country-specific information protection laws as a compliance item in the form of a pre-template
A computer system characterized by a. According to claim 1,
the at least one processor,
After generating a query according to the request of the system user, providing raw data corresponding to the query
A computer system characterized by a. According to claim 1,
the at least one processor,
Providing the data to which the above compliance has been applied as a location-based result value on the map according to the country where the data was collected
A computer system characterized by a. According to claim 1,
the at least one processor,
Providing a function to check the data characteristics for each data field for the data to which the above compliance has been applied
A computer system characterized by a. According to claim 1,
the at least one processor,
Performing data de-identification of at least a portion of data when exporting the data to which the compliance has been applied
A computer system characterized by a. delete delete delete According to claim 1,
the at least one processor,
To provide the ability to monitor the compliance requirements of regulatory and standardization bodies and assess their level of compliance.
A computer system characterized by a. According to claim 1,
the at least one processor,
To provide the ability to manage the lifecycle of compliance information and maintain up-to-date compliance information.
A computer system characterized by a. According to claim 1,
the at least one processor,
Providing a function of modeling and analyzing the trust information of the system user
A computer system characterized by a. A method executed on a computer system, comprising:
the computer system comprising at least one processor configured to execute computer readable instructions contained in a memory;
The method is
registering, by the at least one processor, compliance including information protection laws or regulations;
applying, by the at least one processor, the compliance to data corresponding to a system user's request within the company's data; and
providing, by the at least one processor, a function to export data to which the compliance has been applied to the system user;
including,
The step of providing the export function for the data to which the compliance has been applied comprises:
performing data de-identification when exporting the data to which the compliance has been applied
including,
The step of performing the data de-identification comprises:
Personal information collected and the degree of information security-related topics, privacy rights guaranteed whether the providers, personal information utilization policies and third party (3 ^rd party) shares, whether personal information on the basis of confidence indicators for the provider confidence in the system user to evaluate; and
performing de-identification of at least a portion of data to be exported based on the reliability of the system user
including,
The method is
generating, by the at least one processor, a matrix for decision-making when using the company data by analyzing the compliance through machine learning
further comprising,
As a final decision based on the matrix, the use of the company data is determined, the conformity of the compliance is verified through evaluation of individual items of the compliance, and the risk calculation of the company data and different risk management according to the risk are included.
How to characterize. 15. The method of claim 14,
The step of registering the compliance is
Registering country-specific information protection laws as a compliance item in the form of a pre-template
How to characterize. 15. The method of claim 14,
The step of applying the compliance is
providing raw data corresponding to the query after generating a query according to the request of the system user;
How to include. 15. The method of claim 14,
The step of applying the compliance is
providing the data to which the compliance has been applied as a location-based result value on the map according to the country where the data was collected;
How to include. 15. The method of claim 14,
The step of applying the compliance is
Providing a data characteristic check function for each data field for the data to which the compliance has been applied
How to include. delete delete

Images