KR20240065940A - Method for managing user data using data processing of trust execution environment based on smart contract - Google Patents

Abstract

The user data management method using data processing in a smart contract-based trusted execution environment of the present invention includes data processing code and generating a trusted execution environment including a first encryption key; obtaining, by the trusted execution environment, first user data encrypted by the first encryption key from a terminal owning the data; and Primarily decrypting the encrypted first user data based on a first encryption key, and the trusted execution environment secondarily decrypting the first user data based on the second encryption key of the manufacturer terminal to obtain private data. generating data, the trusted execution environment processing the private data according to the data processing code to generate a data processing result, and the trusted execution environment providing the data processing result to the manufacturer terminal. and the step of destroying the trusted execution environment according to the smart contract.

Description

User data management method using data processing in smart contract-based trusted execution environment {METHOD FOR MANAGING USER DATA USING DATA PROCESSING OF TRUST EXECUTION ENVIRONMENT BASED ON SMART CONTRACT}

The present invention relates to a user data management method using data processing in a smart contract-based trusted execution environment.

Blockchain: Blockchain is a decentralized distributed system. Decentralization means that there is no single central organization to perform a function, but rather multiple participants perform the function together. Basically, the blockchain network is composed of a P2P network, and blocks are created through a common process using a consensus algorithm. The use of hash is key in blockchain, and the combination of hash and the fact that multiple participants perform the same processing on the same data prevents forgery and falsification of data.

A smart contract is a set of programming codes that help automatically execute contracts based on blockchain, which deals with assets and trust. The content of the code written by the developer exists in one block of the blockchain, and users can access the smart contract address and execute the code.

The reason it is called a smart contract is because, like general transaction content, the code content of a smart contract is included in the block information, so it cannot be manipulated, and since the program operates according to the coded content, it is suitable for working with specified content such as a contract.

Smart contracts written on Ethereum utilize the Solidity language and operate on EVM. The virtual machine for professionally executing Ethereum smart contracts is called the Ethereum Virtual Machine (EVM). Ethereum smart contracts are written in languages such as solidity and viper, and are widely applied and used in the blockchain field. there is.

There are several monitoring web applications that provide information about smart contracts on the Ethereum network, the most representative of which are Ethereum's own Etherscan and RB, which provides information in a visual form. There are Alvio and Remix, a Solidity IDE.

The technical task to be achieved by the present invention is data processing in a smart contract-based trusted execution environment that can block the data processing subject from viewing the data, prevent external leakage of data, and safely protect the privacy of the data provider. It provides a user data management method using .

The user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention is a data processing platform server in response to a data processing request received from a manufacturer terminal according to a smart contract distributed on a blockchain. A step of creating a trusted execution environment including a data processing code and a first encryption key, the trusted execution environment obtaining first user data encrypted by the first encryption key from a terminal owning the data, and the trust The execution environment primarily decrypts the encrypted first user data based on the first encryption key, and the trusted execution environment secondarily decrypts the first user data based on the second encryption key of the manufacturer terminal. generating private data by decrypting it, the trusted execution environment processing the private data according to the data processing code to generate a data processing result, and the trusted execution environment sending the data processing result to the manufacturer terminal. It includes the step of providing to and the step of destroying the trusted execution environment according to the smart contract.

According to an embodiment, the user data management method using data processing of the smart contract-based trusted execution environment includes, after the step of creating the trusted execution environment, the trusted execution environment creates a transaction requesting first user data. The step of recording in the blockchain may be further included.

Depending on the embodiment, the first encryption key is an asymmetric key consisting of a pair of a first private key and a first public key of the trusted execution environment, and the first public key is generated based on the first private key. , It may be the account address of the trusted execution environment in the blockchain.

Depending on the embodiment, the encrypted first user data may be encrypted using the first public key of the trusted execution environment.

According to the embodiment, the second encryption key is an asymmetric key consisting of a pair of a second private key and a second public key of the manufacturer's terminal, and the second public key is generated based on the second private key, It may be the account address of the manufacturer's terminal in the blockchain.

Depending on the embodiment, the first user data may include data encrypted with the private data using the second public key and unencrypted device state data.

Depending on the embodiment, the private data may include personal information of the owner of the target device and the owner's usage information of the target device, and the device status data may include information indicating the objective status of the target device.

Depending on the embodiment, the first user data may be data transmitted and stored from the user data sharing device of the target device to the data-owning terminal.

According to an embodiment, the step of generating the private data includes the step of the trusted execution environment obtaining a second private key encrypted by the first public key from the manufacturer terminal, and the trusted execution environment obtaining the first private key Decrypting the encrypted second private key based on the encrypted second private key, and generating the private data by the trusted execution environment decrypting the first user data based on the second private key, and decrypting the first user data based on the second private key. The key is an asymmetric key consisting of a pair of the first private key and the first public key of the trusted execution environment, and the second encryption key consists of a pair of the second private key and the second public key of the manufacturer terminal. It may be an asymmetric key.

Depending on the embodiment, the trusted execution environment may be a virtual execution environment that maintains validity only for the period that the smart contract lasts.

Depending on the embodiment, in the step of providing to the manufacturer terminal, the data processing result may be provided to the manufacturer terminal by encrypting the data processing result using the second encryption key and returning it to the blockchain.

Depending on the embodiment, the step of destroying the smart contract may include executing a destruction command and deleting the trusted execution environment including the data processing code, the first user data, and the private data. You can.

Depending on the embodiment, the step of executing the destroy command may include executing the destroy command, generating a flag indicating execution of the destroy command, and then creating a transaction including the flag and recording it in the blockchain. there is.

Depending on the embodiment, at least one trusted execution environment may be created in the data processing platform server for execution of the smart contract.

According to the embodiment, the step of creating the trusted execution environment includes generating a raw trusted execution environment in which no arbitrary data processing code and the first encryption key are generated, and the data based on the raw trusted execution environment. It may include generating the trusted execution environment including the data processing code and the first encryption key corresponding to the processing request.

According to an embodiment, the step of creating the raw trusted execution environment includes generating a first image executable file of the raw trusted execution environment, generating a first hash value for the first image executable file, and generating the first image executable file. A transaction containing a hash value can be created and recorded on the blockchain.

According to an embodiment, the step of generating the trusted execution environment including the data processing code corresponding to the data processing request and the first encryption key includes generating a second image executable file of the trusted execution environment, A second hash value for the second image executable file can be generated, and a transaction including the second hash value can be created and recorded in the blockchain.

According to the user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention, when the smart contract is terminated, the trusted execution environment is destroyed and the stored data is also erased, so that the collected data is not externally transmitted. It is possible to protect the privacy of data subjects by preventing data leakage and fundamentally blocking data viewing by the operator of the data processing platform server.

In addition, according to the user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention, personal usage information on target devices such as cars, TVs, refrigerators, and vacuum cleaners is fundamentally encrypted and is also provided to data subjects. By not making it public and using it only under specific analysis conditions according to the wishes of the data subject, the privacy of individuals related to the operation of the vehicle can be protected.

In addition, according to the user data management method using data processing of a smart contract-based trusted execution environment according to an embodiment of the present invention, multiple smart contracts can be implemented simultaneously using a trusted execution environment that is independently executed for each smart contract. .

In addition, according to the user data management method using data processing of a smart contract-based trusted execution environment according to an embodiment of the present invention, the flag of the destruction command is recorded in the blockchain, so that the trusted execution environment that received the data is stably removed and , it can be guaranteed that the data has been safely erased without being leaked to the outside.

In addition, according to the user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention, the manufacturer terminal can obtain the desired data processing results without directly collecting or processing data required for data processing, Because the data required for data processing is not exposed to the manufacturer's terminal, the privacy of the subject who provided the data can be safely protected.

Figure 1 is a schematic block diagram of a user data management system using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
Figure 2 is a diagram for explaining a user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.
Figure 3 is a diagram illustrating a user data management method using data processing in a smart contract-based trusted execution environment according to another embodiment of the present invention.
Figure 4 is a diagram for explaining a method of acquiring first user data of a data-owning terminal according to an embodiment of the present invention.
Figure 5 is a diagram for explaining a method of acquiring first user data of a data-owning terminal according to another embodiment of the present invention.
Figure 6 is a diagram for explaining a smart contract according to an embodiment of the present invention.
Figure 7 is a flowchart illustrating a user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.

The advantages and features of the present invention and methods for achieving them will become clear by referring to the embodiments described in detail below along with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below and may be implemented in various different forms. The present embodiments are merely provided to ensure that the disclosure of the present invention is complete and to provide a general understanding of the technical field to which the present invention pertains. It is provided to fully inform the skilled person of the scope of the present invention, and the present invention is only defined by the scope of the claims.

The terminology used herein is for describing embodiments and is not intended to limit the invention. As used herein, singular forms also include plural forms, unless specifically stated otherwise in the context. As used in the specification, “comprises” and/or “comprising” does not exclude the presence or addition of one or more other elements in addition to the mentioned elements. Like reference numerals refer to like elements throughout the specification, and “and/or” includes each and every combination of one or more of the referenced elements. Although “first”, “second”, etc. are used to describe various components, these components are of course not limited by these terms. These terms are merely used to distinguish one component from another. Therefore, it goes without saying that the first component mentioned below may also be a second component within the technical spirit of the present invention.

Unless otherwise defined, all terms (including technical and scientific terms) used in this specification may be used with meanings commonly understood by those skilled in the art to which the present invention pertains. Additionally, terms defined in commonly used dictionaries are not to be interpreted ideally or excessively unless clearly specifically defined.

Figure 1 is a schematic block diagram of a user data management system using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.

Referring to Figure 1, the user data management system 10 using data processing of a smart contract-based trusted execution environment according to an embodiment of the present invention includes a data processing platform server 100, a data ownership terminal 200, and a manufacturer terminal ( 300), and a user data sharing device 400.

The data processing platform server 100 is a device capable of hosting an online network and capable of specifying a network address, and provides the data owning terminal 200 and the manufacturer terminal 300 with a data processing platform where data is shared online. You can. The data processing platform server 100 can perform a series of processes such as creation, distribution, implementation, and termination of smart contracts on the blockchain through the data processing platform.

The data processing platform server 100 can create a smart contract for data processing and distribute it to the blockchain. A smart contract for data processing is an electronic contract that is automatically concluded when preset conditions are met on the blockchain. The data processing platform server 100 contains a series of contract contents necessary for data processing, such as data collection, analysis, and result derivation. Recorded smart contracts can be created and deployed on the blockchain.

Smart contracts are recorded in blocks of the blockchain, so smart contracts can be executed on the blockchain. For example, the blockchain is implemented with the Ethereum blockchain, and smart contracts written in Solidity, Viper, etc. can be deployed on the blockchain through the Ethereum Virtual Machine (EVM). Additionally, all transactions in the blockchain can be hashed with SHA-256 and the hash value can be stored in the block of the blockchain to protect individual privacy and prevent overload.

The smart contract distributed by the data processing platform server 100 automatically concludes the contract when a data processing request meeting the preset protocol is received from the manufacturer terminal 300, and the data processing result is returned in response to the data processing request. If so, the contract may be terminated.

Here, the data processing request relates to a data processing request that can be processed by the data processing platform server 100, and the data processing code required for data processing is provided by the manufacturer terminal 300 or by the data processing platform server 100. may be created.

For example, when a smart contract is concluded between the data processing platform server 100 and the manufacturer terminal 300, the data processing platform server 100 acquires the data processing code provided by the manufacturer terminal 300 to the blockchain and processes the data. It is available for use.

For example, when a smart contract is established between the data processing platform server 100 and the manufacturer terminal 300, the data processing platform server 100 independently determines the processing model required for the data processing request and then reads the determined processing model. It can be used for data processing.

The data processing platform operated by the data processing platform server 100 creates a Trusted Execution Environment (TEE) for data processing when a smart contract is concluded. That is, when the data processing platform server 100 receives a data processing request from the manufacturer terminal 300, it creates a trusted execution environment including a data processing code and an encryption key in response to the data processing request.

Specifically, the data processing platform server 100 can create a raw trusted execution environment that is the source of creation of the trusted execution environment. The native trusted execution environment refers to a virtual execution environment in which no arbitrary data processing code or encryption key is generated.

According to the embodiment, when the raw trusted execution environment implemented as an image executable file is created, the data processing platform server 100 generates a hash value for the image executable file and generates a transaction including the hash value to chain the blockchain. can be recorded in Accordingly, the data processing platform server 100 may disclose to the outside world that the original trusted execution environment for creating the trusted execution environment has been created.

The native trusted execution environment is a safe execution environment provided by an independent secure area, and can be created as an image executable file to implement a virtual execution environment. However, it is not limited to this, and the native trusted execution environment may be implemented as either a hardware-based solution or a hardware/software-based solution.

The data processing platform server 100 may create a trusted execution environment including a data processing code and a first encryption key corresponding to the data processing request based on the original trusted execution environment. Like the native execution environment, the trusted execution environment is a safe execution environment provided by an independent secure area, and can be created as an image executable file to implement a virtual execution environment.

The first encryption key of the trusted execution environment includes the account address of the trusted execution environment, and a mechanism based on a public key-private key pair to indicate the uniqueness of blockchain participants can be used to generate the first encryption key. The first encryption key includes a public key that is the account address and a private key that controls the public key. For example, if the trusted execution environment operates on the Ethereum blockchain, the public key may be an externally owned address (EOA).

The trusted execution environment generates a 256-bit random number when creating an account address and sets it as the first private key. By applying it to the first private key through an elliptic curve cryptography algorithm, a unique first public key can be extracted. there is.

For example, the trusted execution environment generates random 256-bit data, encodes the generated 256-bit data into a 64-digit Hex column to generate a first private key, and uses an elliptic curve cryptography algorithm based on the first private key. You can generate a public key. Then, the trusted execution environment converts the public key into a Kecak256 hash value to generate 256-bit binary data, removes the first 96 bits of binary data, and encodes the remaining 160-bit binary data into a Hex column value to generate the first You can create an account address that is a public key.

However, the encryption algorithm that generates the public key based on the private key may be used not only with the elliptic curve encryption algorithm, but also with other encryption algorithms such as the RSA (Rivest, Shamir and Adleman) encryption algorithm and the ElGamal encryption algorithm.

The first public key of the trusted execution environment created through this process is made public to the outside through blockchain, and data encrypted with the first public key is set to be restored only with the first private key of the trusted execution environment.

According to the embodiment, when a trusted execution environment implemented as an image executable file is created, the data processing platform server 100 generates a hash value for the image executable file, creates a transaction including the hash value, and records it in the blockchain. can do. Accordingly, the data processing platform server 100 can disclose to the outside world that the trusted execution environment corresponding to the smart contract has been safely executed without being tampered with or forged.

The trusted execution environment may request data collection from the data owning terminal 200 to perform data processing corresponding to the data processing code. To this end, the trusted execution environment can create a transaction requesting the first user data from the data-owning terminal 200 and record it in the blockchain. At this time, the trusted execution environment may deploy a separate smart contract for data collection on the blockchain, but may also create a transaction to notify data collection and record it on the blockchain.

Depending on the embodiment, when a data collection target is designated by the manufacturer terminal 300 when concluding a smart contract, the trusted execution environment may request data transmission to the data collection target. In other words, the trusted execution environment can specify the account of a specific data-owning terminal and record a transaction requesting data transmission for the designated data-owning terminal in the blockchain.

According to another embodiment, the trusted execution environment may record transactions including data types and contents required for data processing in the blockchain and request data transmission from any data-owning terminal 200. In other words, the trusted execution environment discloses data collection conditions without specifying the data collection subject, and can collect data from all data-owning terminals 200 that have data that satisfies the data collection conditions.

The trusted execution environment can perform data processing based on data collected from the data owning terminal 200. Since the trusted execution environment has inbound rules and outbound rules set, only data in a format corresponding to the data processing code is received, and the data processing results are returned to the outside in a certain format.

The trusted execution environment can perform data processing when the first user data collected from the data owning terminal 200 meets the standards required for data processing. However, since the first user data collected from the data-owning terminal 200 is encrypted with the first public key of the trusted execution environment, the trusted execution environment can decrypt it with the first private key and then process the data according to the data processing code. there is.

According to the embodiment, the first user data includes private data encrypted with the second encryption key of the manufacturer terminal 300 and unencrypted device state data. Therefore, the trusted execution environment can perform secondary decryption of encrypted private data for data processing.

Here, the second encryption key is an asymmetric key consisting of a pair of a second private key and a second public key of the manufacturer terminal 300, and the second public key, which is the account address of the manufacturer terminal 300, is based on the second private key. It was created with

Private data is data containing personal information of the user using the target device, and may include personal information of the owner of the target device and information on the owner's use of the target device. To protect personal privacy, the manufacturer's terminal 300 It can be encrypted and protected with a second public key among the second encryption keys.

For example, if the target device is a home appliance such as a refrigerator, washing machine, or television, the private data includes the target device of the user using the home appliance, such as the personal information of the owner of the home appliance, the main use time of the home appliance, and the usage habits of the home appliance. May include usage information.

For example, if the target device is a vehicle, the private data may include personal information related to the operation of the vehicle, such as personal information of the vehicle owner, vehicle operation records of the vehicle owner, and records of places visited while driving the vehicle.

Device state data relates to information indicating the objective state of the target device, and unlike private data, it is not encrypted with a second encryption key.

For example, if the target device is a home appliance, the device status data may include objective state information related to the device, such as the model name, manufacturing date, and product specifications of the home appliance.

For example, if the target device is a vehicle, the device status data relates to basic vehicle information and vehicle parts information such as the vehicle model name, year, mileage, and parts replacement record, and refers to information that excludes personal information of the vehicle owner.

The trusted execution environment may receive a second private key from the manufacturer terminal 300 to decrypt the encrypted private data among the first user data.

If the second private key is leaked to the outside, the privacy of the vehicle owner may be violated, so the trusted execution environment can receive the second private key encrypted with the first public key from the manufacturer terminal 300. Additionally, the trusted execution environment can decrypt the encrypted second private key using the first private key and decrypt the encrypted private data based on the second private key.

The trusted execution environment can perform data processing if private data and device state data meet the standards required for data processing. For example, when the manufacturer terminal 300 requests the average distance driven during the weekend by male drivers born between 1980 and 1989, the trusted execution environment collects the data necessary for data processing among the collected private data and device status data. You can select and generate data processing results.

When data processing is completed, the trusted execution environment can provide the data processing results to the manufacturer terminal 300. The trusted execution environment can obtain the second public key provided by the manufacturer terminal 300 when signing a smart contract, and encrypts the data processing results using the second public key of the manufacturer terminal 300 and returns it to the blockchain. can do.

The smart contract between the data processing platform server 100 and the manufacturer terminal 300 is automatically concluded when a data processing request that meets preset conditions is entered, and when the data processing result corresponding to the data processing request is returned, the smart contract is concluded. This can end. Therefore, when the trusted execution environment encrypts the data processing results, creates a transaction including the encrypted data processing results, and records it in a block of the blockchain, this means that the execution of the smart contract is completed.

Meanwhile, the trusted execution environment has a temporary status that maintains validity only for as long as the smart contract lasts. In other words, the trusted execution environment is created only when a smart contract distributed on the blockchain is established and a data processing request from the manufacturer terminal 300 is received, and data processing consistent with the contents of the smart contract is completed or due to other circumstances. When a smart contract is terminated, the trusted execution environment is destroyed.

Destruction of the trusted execution environment means that the environment that forms the trusted execution environment itself is initialized, and a series of data related to the trusted execution environment are erased. Accordingly, the data processing code received from the manufacturer terminal 300 as well as the first user data received from the data-owning terminal 200 for data processing in the trusted execution environment are erased together as the trusted execution environment is destroyed.

If the data processing platform server 100 stores data even after data processing is completed, there is a risk that the data may be leaked by an external malicious attack and may be viewed by the operator of the data processing platform server 100. there is.

However, the data processing platform server 100 according to an embodiment of the present invention stores the data received from the data-owning terminal 200 only during the period that the smart contract is maintained, and destroys the trusted execution environment when the smart contract is terminated. At the same time, the stored data is also erased. Accordingly, the data processing platform server 100 prevents data from being leaked to the outside and fundamentally blocks data viewing by the operator of the data processing platform server 100 to protect the privacy of the subject who provided the data. You can.

Depending on the embodiment, the trusted execution environment may record a flag in the blockchain indicating that the destruction command has been executed. When the destroy command is executed, a flag that cannot be arbitrarily tampered with is created. When a destruction command is executed, the trusted execution environment can create a transaction including the above flag, record it in the blockchain, and then begin the destruction process.

The trusted execution environment created for data processing is a virtual execution environment, and at least one is created in the data processing platform server 100 for the execution of a smart contract, and is independently created, destroyed, and initialized depending on the establishment and fulfillment of the contract. It can be. In this way, the data processing platform server 100 can simultaneously execute multiple smart contracts using a trusted execution environment that is independently executed for each smart contract.

The data possession terminal 200 is a communication device that can access a data processing platform, stores data necessary for data processing, and can run a user data management application necessary for managing the stored data.

The data-possessing terminal 200 may perform data communication with the in-vehicle user data sharing device 400 through a user data management application and receive first user data.

As described above, the first user data includes private data encrypted with the second public key of the manufacturer terminal 300 and unencrypted device state data. Accordingly, the data-owning terminal 200 does not display information about encrypted private data to the user, and can only display information about unencrypted device state data to the user. This is to fundamentally prevent sensitive personal information from being leaked to the outside, and encryption of private data is performed in the user data sharing device 400.

When the data processing platform server 100 requests first user data for data processing, the data owning terminal 200 may provide the first user data to the data processing platform server 100 through a user data management application. .

The data-owning terminal 200 may refer to an individual's terminal, but may also refer to a data storage that stores data of multiple subjects. For example, the data possessing terminal 200 may be a personal computer (PC), a smart phone, a tablet PC, a mobile internet device (MID), an internet tablet, or an internet of things (IoT) device. , It may be at least one of an IoE (internet of everything) device, a desktop computer, a laptop computer, a workstation computer, a Wibro (Wireless Broadband Internet) terminal, and a PDA (Personal Digital Assistant). It is not limited.

An application that scans the blockchain is executed on the data-owning terminal 200, and data requests from the trusted execution environment can be confirmed by checking transactions recorded in the blockchain. For example, the data-owning terminal 200 can use applications such as Etherescan and Remix to check data requests for the trusted execution environment recorded in the blockchain.

The data-possessing terminal 200 may obtain the first encryption key recorded along with the data request of the trusted execution environment from the blockchain and encrypt the stored data using the first encryption key. That is, the data-owning terminal 200 can generate a hash value with 256 bits for the first user data using the first public key of the trusted execution environment.

The data owning terminal 200 may provide the first user data encrypted with a hash value to a trusted execution environment running on the data processing platform server 100. The data owning terminal 200 may transmit encrypted data to a trusted execution environment through a data processing platform, but to ensure reliability, a transaction containing the hash value of the encrypted first user data may be created and recorded on the blockchain. It may be possible.

The data-owning terminal 200 can acquire blockchain coins as compensation for providing data to the data processing platform server 100, and the quantity of coins that can be acquired can be set by the trusted execution environment.

The subject of the data-owning terminal 200 is the owner of the vehicle, including basic vehicle information and vehicle parts information such as model name, year, mileage, and parts replacement record, as well as personal information, vehicle operation records, and records of places visited during vehicle operation. Since information related to the user's privacy, such as personal information related to the operation of the user, is provided to the data processing platform server 100, there may be anxiety about exposure of personal information.

To solve this problem, the data-owning terminal 200 can scan the blockchain through an application to check the flag of the destroy command recorded in the blockchain. When the flag of the destruction command for the trusted execution environment is scanned by the data owning terminal 200, it can be ensured that the trusted execution environment and data have been safely erased.

The manufacturer terminal 300 is a terminal that creates a data processing request that matches the smart contract, provides a transaction including the data processing request to the blockchain, and concludes a smart contract with the data processing platform server 100. For example, the manufacturer terminal 300 may be a personal computer (PC), a smart phone, a tablet PC, a mobile internet device (MID), an internet tablet, an internet of things (IoT) device, It may be at least one of an Internet of Everything (IoE) device, a desktop computer, a laptop computer, a workstation computer, a Wireless Broadband Internet (Wibro) terminal, and a Personal Digital Assistant (PDA).

The manufacturer terminal 300 can provide the data processing code required for data processing when concluding a smart contract as a transaction along with a data processing request, and the account of the specific data-owning terminal 200 can be entered into the transaction to also specify the data collection subject. You can also provide it.

The manufacturer terminal 300 may provide the second private key of the manufacturer terminal 300 to the trusted execution environment so that the trusted execution environment can decrypt the encrypted private data, using the first public key for data security. After encrypting the second private key, the encrypted second private key may be provided to the trusted execution environment.

Additionally, in order to receive encrypted data processing results, the manufacturer terminal 300 may provide the second public key of the manufacturer terminal 300 as a transaction along with a data processing request when concluding a smart contract.

The manufacturer terminal 300 can obtain data processing results from the blockchain as the smart contract is implemented, and obtain data processing results that meet the data processing request by decrypting the encrypted data processing results with the second private key. .

In this way, the manufacturer terminal 300 can obtain desired results without directly collecting or processing data required for data processing. In addition, since the data required for data processing is not exposed to the subject of the manufacturer terminal 300, the privacy of the subject who provided the data can be safely protected.

The user data sharing device 400 is a device that is mounted on a target device and collects user data. For example, if the target device is a home appliance such as a refrigerator or washing machine, it may be composed of a built-in processor such as a CPU or an application processor (AP). It is not limited to this, and any type of module that performs data collection can be adopted.

For example, if the target device is a vehicle, the user data sharing device 400 is connected to the vehicle's CAN (Controller Area Network) bus and transmits and receives data from an ECU (electronic control unit), MCU (Micro Controller Unit) or other lower-level controller. Data can be collected.

The user data sharing device 400 can collect and store the collected data by dividing it into private data and device status data. When receiving a data request from the data-owning terminal 200, the user data sharing device 400 encrypts the private data based on the pre-stored second public key of the manufacturer terminal 300, and separates the encrypted private data and the unencrypted data. Device status data may be provided to the data-owning terminal 200 as first user data.

The user data sharing device 400 may perform wired or wireless communication with the data owning terminal 200. For example, the user data sharing device 400 communicates with the data-owning terminal 200 through USB communication, Bluetooth, Radio Frequency Identification (RFID), infrared data association (IrDA), Ultra Wideband (UWB), and ZigBee ( Communication technologies such as ZigBee can be used, so it is not limited to any one communication method.

Figure 2 is a diagram for explaining a user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.

Referring to Figure 2, the data processing platform server 100 can create a smart contract (SC) for data processing and distribute it to the blockchain (BC), and a smart contract (SC) is included in the block of the blockchain (BC). is recorded so that a smart contract (SC) can be executed on the blockchain (BC).

The smart contract (SC) automatically concludes the contract when a transaction containing a data processing request (QUE1) that meets the preset protocol is provided to the blockchain (BC) from the manufacturer terminal 300, and the data processing request (QUE1) ) ends when the data processing results that meet the criteria are returned.

The manufacturer terminal 300 can provide a data processing request (QUE1) conforming to a smart contract (SC) to the blockchain (BC) to obtain data processing results.

When the smart contract (SC) between the data processing platform server 100 and the manufacturer terminal 300 is established, the data processing platform server 100 sends a data processing code and a first encryption key in response to the data processing request (QUE1). Create a trusted execution environment that includes Here, the data processing code may refer to the data processing model provided by the manufacturer terminal 300 to the blockchain.

In order to perform data processing corresponding to the data processing code, the trusted execution environment can create a transaction including a data request (QUE2) to the data-owning terminal 200 and record it in the blockchain (BC).

The data owning terminal 200 can obtain the first encryption key recorded with the data request (QUE2) of the trusted execution environment from the blockchain (BC) and encrypt the stored first user data using the first encryption key. there is. In order to provide data encrypted with a hash value as a trusted execution environment, the data owning terminal 200 creates a transaction containing the hash value (DAT1') of the encrypted first user data and records it in the blockchain (BC). You can.

The manufacturer terminal 300 can obtain the first encryption key recorded along with the data request (QUE2) of the trusted execution environment from the blockchain (BC). However, it is not limited to this, and the first encryption key of the data processing platform server 100 may be obtained when entering into a smart contract.

The manufacturer terminal 300 encrypts the second encryption key based on the first encryption key, and uses a hash value (KEY2) of the encrypted second encryption key to provide the second encryption key encrypted with the hash value as a trusted execution environment. Transactions containing this can be created and recorded on the blockchain (BC).

The trusted execution environment can perform data processing when the data collected from the data owning terminal 200 meets the standards required for data processing. Since the first user data obtained from the blockchain (BC) is encrypted with the first public key of the trusted execution environment, the trusted execution environment decrypts the hash value (DAT1') of the encrypted data with the first private key to obtain the encrypted private data. and unencrypted device state data can be generated.

In addition, the trusted execution environment can decrypt the private data encrypted with the second public key with the second private key and then perform data processing according to the data processing code.

When data processing is completed, the trusted execution environment can encrypt the data processing results using the second public key of the manufacturer terminal 300 and return the encrypted data processing results (RES) to the blockchain.

The smart contract (SC) is terminated when the data processing result (RES) matching the data processing request (QUE1) is returned. The trusted execution environment can confirm that the execution of the smart contract has been completed by checking whether the data processing result (RES) has been recorded in the blockchain.

When the data processing result (RES) is returned and the smart contract (SC) is terminated, the trusted execution environment running on the data processing platform server 100 enters destruction mode. As the trusted execution environment is destroyed, the data received from the data-owning terminal 200 for data processing is also deleted from the data processing platform server 100.

The manufacturer terminal 300 acquires the encrypted data processing result (RES) recorded in the blockchain (BC) and decrypts the encrypted data processing result (RES) with the second private key to produce a data processing result that meets the data processing request. can be obtained.

Figure 3 is a diagram illustrating a user data management method using data processing in a smart contract-based trusted execution environment according to another embodiment of the present invention.

Referring to FIG. 3, the data processing platform server 100 can create a smart contract (SC) for data processing and distribute it to the blockchain (BC), and a smart contract (SC) is included in the block of the blockchain (BC). is recorded so that a smart contract (SC) can be executed on the blockchain (BC).

The smart contract (SC) automatically concludes the contract when a transaction containing a data processing request (QUE1) that meets the preset protocol is provided to the blockchain (BC) from the manufacturer terminal 300, and the data processing request (QUE1) ) ends when a data processing result (RES) that meets the criteria is returned.

The manufacturer terminal 300 can provide a data processing request (QUE1) conforming to a smart contract (SC) to the blockchain (BC) to obtain a data processing result (RES).

When the smart contract (SC) between the data processing platform server 100 and the manufacturer terminal 300 is established, the data processing platform server 100 sends a data processing code and a first encryption key in response to the data processing request (QUE1). Create a trusted execution environment that includes Here, the data processing code may refer to the data processing model provided by the manufacturer terminal 300 to the blockchain (BC).

The trusted execution environment can perform a data request (QUE2') to the data owning terminal 200 through the data processing platform in order to perform data processing corresponding to the data processing code. In other words, the trusted execution environment can publicly perform a data request (QUE2') for data collection through the data processing platform.

The data owning terminal 200 may provide the stored first user data (DAT1) to the data processing platform server 100 through the data processing platform in response to the data request (QUE2'). At this time, the data-owning terminal 200 may encrypt the data (DAT1) with the first encryption key of the trusted execution environment and provide only the hash value.

However, because the first user data (DAT1) includes encrypted private data and unencrypted device state data, sensitive personal information will be protected even if the first user data (DAT1) is leaked to the outside due to a malicious attack. You can.

Meanwhile, the manufacturer terminal 300 acquires the first encryption key (KEY1) from the data processing platform server at the time of signing the smart contract (SC) or thereafter, and generates the second encryption key based on the first encryption key (KEY1). It can be encrypted. In order to provide a second encryption key encrypted with a hash value as a trusted execution environment, the manufacturer terminal 300 creates a transaction containing the hash value (KEY2) of the encrypted second encryption key and records it in the blockchain (BC). can do. The trusted execution environment can obtain the hash value (KEY2) of the second encryption key encrypted from the blockchain (BC) and then decrypt the second encryption key based on the first encryption key.

The trusted execution environment can perform data processing when the first user data (DAT1) collected from the data owning terminal 200 meets the standards required for data processing.

However, since the private data among the device state data and private data included in the first user data (DAT1) is encrypted with the second public key, the trusted execution environment decrypts the encrypted private data using the second private key, Data processing can be performed according to the data processing code.

When data processing is completed, the trusted execution environment can encrypt the data processing results using the second public key of the manufacturer terminal 300 and return the encrypted data processing results (RES) to the blockchain.

The smart contract (SC) between the data processing platform server 100 and the manufacturer terminal 300 is terminated when the data processing result (RES) matching the data processing request (QUE1) is returned. Therefore, when the data processing result (RES) is returned and the smart contract (SC) is terminated, the trusted execution environment running on the data processing platform server 100 is destroyed. As the trusted execution environment is destroyed, the data received from the data-owning terminal 200 for data processing is also deleted from the data processing platform server 100.

The manufacturer terminal 300 acquires the encrypted data processing result (RES) recorded in the blockchain (BC) and decrypts the encrypted data processing result (RES) with the second private key to produce a data processing result that meets the data processing request. can be obtained.

Figure 4 is a diagram for explaining a method of acquiring first user data of a data-owning terminal according to an embodiment of the present invention. In Figure 4, a vehicle (CAR) is shown as an example of a target device according to an embodiment of the present invention, but the target device is not limited to this and the target device may be a home appliance such as a TV or refrigerator in addition to a vehicle.

Referring to FIG. 4, the user data sharing device 400 is a device that is mounted on a vehicle (CAR), which is a target device, and collects user data. It is connected to the CAN (Controller Area Network) bus of the vehicle (CAR) and connects to the ECU (electronic Control unit), MCU (Micro Controller Unit), or other sub-controllers can transmit and receive data.

The user data sharing device 400 can collect and store the collected data by dividing it into private data (I_DAT) and device status data (P_DAT).

Here, the private data (I_DAT) may include personal information related to the operation of the vehicle, such as the vehicle owner's personal information, the vehicle owner's vehicle operation record, and records of places visited during vehicle operation.

Additionally, the device status data (P_DAT) may include information representing the objective status of the vehicle, such as the vehicle model name, year, mileage, and parts replacement record.

When receiving a data request from the data-owning terminal 200, the user data sharing device 400 encrypts the private data based on the pre-stored second public key of the manufacturer terminal 300, and separates the encrypted private data and the unencrypted data. Device status data may be provided to the data owning terminal 200 as first user data (DAT1).

The data possession terminal 200 is a communication device that can access a data processing platform, stores data necessary for data processing, and can run a user data management application necessary for managing the stored data. The data owning terminal 200 may perform data communication with the user data sharing device 400 in the vehicle (CAR) through a user data management application, and receive and store first user data (DAT1).

The data-owning terminal 200 does not display information about encrypted private data to the user, and can only display information about unencrypted device state data to the user. This is to fundamentally prevent an individual's sensitive personal information from being leaked to the outside world.

Figure 5 is a diagram for explaining a method of acquiring first user data of a data-owning terminal according to another embodiment of the present invention. In Figure 5, a refrigerator (REF) is shown as an example of a target device according to an embodiment of the present invention, but the present invention is not limited thereto.

Referring to FIG. 5, the user data sharing device 400 is a device mounted on a refrigerator (REF) to collect user data. It may be comprised of a processor such as a built-in CPU or an application processor (AP), but is not limited to this. Any kind of module that performs data collection can be adopted.

The user data sharing device 400 can collect and store the collected data by dividing it into private data (I_DAT) and device status data (P_DAT).

Here, the private data (I_DAT) may include target device usage information of the user using the home appliance, such as personal information of the owner of the refrigerator (REF), main usage time, and usage habits for the refrigerator (REF).

Additionally, the device status data (P_DAT) may include objective status information related to the refrigerator (REF), such as the model name, manufacturing date, and product specifications of the refrigerator (REF).

When receiving a data request from the data-owning terminal 200, the user data sharing device 400 encrypts the private data based on the pre-stored second public key of the manufacturer terminal 300, and separates the encrypted private data and the unencrypted data. Device status data may be provided to the data owning terminal 200 as first user data (DAT1).

The data possession terminal 200 is a communication device that can access a data processing platform, stores data necessary for data processing, and can run a user data management application necessary for managing the stored data. The data owning terminal 200 may perform data communication with the user data sharing device 400 in the refrigerator (REF) through a user data management application, and receive and store first user data (DAT1).

The data-owning terminal 200 does not display information about encrypted private data to the user, and can only display information about unencrypted device state data to the user. This is to fundamentally prevent an individual's sensitive personal information from being leaked to the outside world.

Figure 6 is a diagram for explaining a smart contract according to an embodiment of the present invention.

Referring to FIG. 6, the data processing platform server 100 can create a smart contract for data processing and distribute it to the blockchain, and when a smart contract is concluded with the manufacturer terminal 300, a trusted execution environment for data processing is created. can be created.

The data processing platform server 100 can create multiple smart contracts and distribute them to the blockchain. If multiple different data processing is requested for one smart contract, multiple different trusted execution environments may be created. .

The trusted execution environment created for data processing is a virtual execution environment, and at least one may be created in the data processing platform server 100 to execute a smart contract. That is, even if 10 smart contracts are distributed on the blockchain, if only 2 smart contracts are concluded, the data processing platform server 100 can execute the two trusted execution environments to fulfill the contract.

In addition, since each smart contract may have different settings for whether performance is completed normally, performance period, and performance method, each smart contract undergoes a series of processes of creation and destruction independently depending on the establishment and performance of the contract. .

For example, the data processing platform server 100 may conclude a first smart contract (SC1) with the first manufacturer terminal (300A) and a second smart contract (SC2) with the second manufacturer terminal (300B). The data processing platform server 100 creates a first trusted execution environment (VM1) corresponding to the conclusion of the first smart contract (SC1), and a second trusted execution environment (VM1) corresponding to the conclusion of the second smart contract (SC2). VM2) can be created. Even if there are distributed smart contracts other than the first and second smart contracts (SC1 and SC2) on the blockchain (BC), the data processing platform server 100 executes the trusted execution environment only for the concluded smart contracts. do.

The first trusted execution environment (VM1) and the second trusted execution environment (VM2) are virtual machines created based on different contract details and run independently of each other, so one trusted execution environment does not affect the other trusted execution environment. It is impossible. Therefore, even if the first trusted execution environment (VM1) is destroyed according to the performance of the contract, the second trusted execution environment (VM2) is not affected and continues to perform the data processing process according to the contents of the second smart contract (SC2). can do.

In this way, the data processing platform server 100 can execute multiple smart contracts simultaneously using a trusted execution environment that is independently executed for each smart contract, and by using an independent data processing space that is impossible to intrude, data may be leaked or mixed. risks can be prevented.

Figure 7 is a flowchart illustrating a user data management method using data processing in a smart contract-based trusted execution environment according to an embodiment of the present invention.

Referring to FIG. 7, the trusted execution environment running on the data processing platform server 100 can be created in response to a data processing request received from the manufacturer terminal 300 according to a smart contract distributed on a blockchain (BC). and may include data processing code and encryption key (S100).

In addition, the trusted execution environment can obtain the first user data encrypted by the first encryption key from the data-owning terminal 200, and obtain the hash value recorded in the blockchain (BC) as the first user data or the data Data can be received directly from the data owning terminal 200 through the processing platform (S110).

And, the trusted execution environment can primarily decrypt the first user data encrypted based on the first encryption key. That is, the trusted execution environment can decrypt the encrypted first user data using the first public key among the first encryption keys and generate unencrypted first user data (S120).

And, the trusted execution environment can generate private data by secondarily decrypting the first user data based on the second encryption key of the manufacturer terminal 300 (S130). That is, the trusted execution environment can decrypt the encrypted private data among the first user data using the second private key of the manufacturer terminal 300.

In addition, the trusted execution environment can generate data processing results by processing the decrypted private data according to the data processing code (S140), and if necessary for data processing, device status data among the first user data is also processed according to the data processing code. Thus, data processing results can be generated.

In addition, the trusted execution environment can provide the encrypted data processing results to the manufacturer terminal 300 by encrypting the data processing results using the second public key of the manufacturer terminal 300 and returning them to the blockchain (S150). .

Additionally, the trusted execution environment can be destroyed by executing a destruction command as the implementation of the smart contract is completed (S160).

The steps of the user data management method or algorithm using data processing of the smart contract-based trusted execution environment described in relation to the embodiment of the present invention are implemented directly in hardware, implemented in a software module executed by hardware, or one of these. It can be implemented by combination. The software module may be RAM (Random Access Memory), ROM (Read Only Memory), EPROM (Erasable Programmable ROM), EEPROM (Electrically Erasable Programmable ROM), Flash Memory, hard disk, removable disk, CD-ROM, or It may reside on any type of computer-readable recording medium well known in the art to which the present invention pertains.

Although the embodiments of the present invention have been described above, it is understood that those skilled in the art can make various modifications without departing from the scope of the claims of the present invention.

100: Data processing platform server
200: Data owning terminal
300: Manufacturer terminal
400: User data sharing device

Claims (18)

Creating a trusted execution environment including a data processing code and a first encryption key in the data processing platform server in response to a data processing request received from the manufacturer terminal according to a smart contract distributed on the blockchain;
obtaining, by the trusted execution environment, first user data encrypted by the first encryption key from a data-owning terminal;
the trusted execution environment primarily decrypting the encrypted first user data based on the first encryption key;
generating private data by having the trusted execution environment secondarily decrypt first user data based on a second encryption key of the manufacturer terminal;
The trusted execution environment processes the private data according to the data processing code to generate a data processing result;
providing, by the trusted execution environment, the data processing results to the manufacturer terminal; and
A user data management method using data processing in a smart contract-based trusted execution environment, including the step of destroying the trusted execution environment according to the smart contract. The method of claim 1, wherein after the step of creating the trusted execution environment,
A user data management method using data processing in a smart contract-based trusted execution environment, further comprising the step of the trusted execution environment generating a transaction requesting first user data and recording it in the blockchain. According to paragraph 1,
The first encryption key is an asymmetric key consisting of a pair of a first private key and a first public key of the trusted execution environment,
The first public key is generated based on the first private key, and a user data management method using data processing of a smart contract-based trusted execution environment, which is an account address of the trusted execution environment in the blockchain. According to paragraph 3,
A user data management method using data processing in a smart contract-based trusted execution environment, wherein the encrypted first user data is encrypted by the first public key of the trusted execution environment. According to paragraph 1,
The second encryption key is an asymmetric key consisting of a pair of a second private key and a second public key of the manufacturer's terminal,
The second public key is generated based on the second private key, and the user data management method uses data processing in a smart contract-based trusted execution environment, which is the account address of the manufacturer terminal in the blockchain. According to clause 5,
The first user data is a user data management method using data processing in a smart contract-based trusted execution environment where the private data is encrypted with the second public key and includes unencrypted device state data. According to clause 6,
The private data includes the personal information of the owner of the target device and the owner's usage information of the target device, and the device status data includes information representing the objective status of the target device. Data processing in a smart contract-based trusted execution environment User data management method used. According to paragraph 1,
The first user data is data transmitted and stored from the user data sharing device of the target device to the data-owning terminal. A user data management method using data processing in a smart contract-based trusted execution environment. The method of claim 1, wherein generating the private data comprises:
the trusted execution environment obtaining a second private key encrypted with the first public key from the manufacturer terminal;
decrypting, by the trusted execution environment, the encrypted second private key based on the first private key; and
The trusted execution environment includes decrypting the first user data based on a second private key to generate the private data,
The first encryption key is an asymmetric key consisting of a pair of the first private key and the first public key of the trusted execution environment, and the second encryption key is the second private key and the second public key of the manufacturer terminal. User data management method using data processing in a smart contract-based trusted execution environment, which is an asymmetric key consisting of a pair of. According to paragraph 1,
A user data management method using data processing in a smart contract-based trusted execution environment, where the trusted execution environment is a virtual execution environment that maintains validity only during the period that the smart contract lasts. The method of claim 1, wherein the step of providing to the manufacturer terminal,
A user data management method using data processing in a smart contract-based trusted execution environment that provides the data processing results to the manufacturer terminal by encrypting the data processing results using the second encryption key and returning them to the blockchain. The method of claim 1, wherein the step of destroying according to the smart contract is,
executing a destroy command; and
A user data management method using data processing in a smart contract-based trusted execution environment, including the step of deleting a trusted execution environment including the data processing code, the first user data, and private data. The method of claim 12, wherein executing the destroy command includes:
A user data management method using data processing in a smart contract-based trusted execution environment that executes the destroy command, generates a flag indicating execution of the destroy command, and then creates a transaction including the flag and records it in the blockchain. . According to paragraph 1,
The user data management method using data processing of a smart contract-based trusted execution environment in which at least one of the trusted execution environments is created in the data processing platform server for execution of the smart contract. The method of claim 1, wherein the step of creating the trusted execution environment includes:
creating a native trusted execution environment in which no data processing code and the first encryption key are generated; and
Using data processing of a smart contract-based trusted execution environment, including the step of generating the trusted execution environment including the data processing code and the first encryption key corresponding to the data processing request based on the raw trusted execution environment. How to manage user data. The method of claim 15, wherein the step of creating the raw trusted execution environment includes:
A smart device that generates a first image executable file of the raw trusted execution environment, generates a first hash value for the first image executable file, generates a transaction including the first hash value, and records it in the blockchain. User data management method using data processing in a contract-based trusted execution environment. The method of claim 14, wherein the step of creating the trusted execution environment including the data processing code and the first encryption key corresponding to the data processing request,
A smart contract that creates a second image executable file of the trusted execution environment, generates a second hash value for the second image executable file, creates a transaction including the second hash value, and records it in the blockchain. User data management method using data processing in a trusted execution environment. A computer-readable storage medium storing one or more programs, wherein the one or more programs are configured to be executed by one or more processors of an electronic device, and the one or more programs are configured to be executed by one or more processors of an electronic device, the one or more programs according to any one of claims 1 to 17. A computer-readable recording medium containing instructions for performing a method.