A Decentralized Identity-Based Blockchain Solution for Privacy-Preserving Licensing of Individual-Controlled Data to Prevent Unauthorized Secondary Data Usage

  • Meng Kang School of Engineering, Okanagan Campus, University of British Columbia
  • Victoria L. Lemieux University of British Columbia
Keywords: blockchain, self-sovereign identity, verifiable credentials, privacy, data management, fully homomorphic encryption


This paper presents a design for a blockchain solution aimed at the prevention of unauthorized secondary use of data. This solution brings together advances from the fields of identity management, confidential computing, and advanced data usage control. In the area of identity management, the solution is aligned with emerging decentralized identity standards: decentralized identifiers (DIDs), DID communication and verifiable credentials (VCs). In respect to confidential computing, the Cheon-Kim-Kim-Song (CKKS) fully homomorphic encryption (FHE) scheme is incorporated with the system to protect the privacy of the individual’s data and prevent unauthorized secondary use when being shared with potential users. In the area of advanced data usage control, the solution leverages the PRIV-DRM solution architecture to derive a novel approach to licensing of data usage to prevent unauthorized secondary usage of data held by individuals. Specifically, our design covers necessary roles in the data-sharing ecosystem: the issuer of personal data, the individual holder of the personal data (i.e., the data subject), a trusted data storage manager, a trusted license distributor, and the data consumer. The proof-of-concept implementation utilizes the decentralized identity framework being developed by the Hyperledger Indy/Aries project. A genomic data licensing use case is evaluated, which shows the feasibility and scalability of the solution.


“esatus SSI Wallet.” (2020) (accessed 6 May 2020) https://web.archive.org/web/20210506165649/https://esatus.com/esatus-ssi-wallet-app-ab-sofort-fuer-ios-undandroid-verfuegbar/?lang=en.

“Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191.” 104th Congress of the United States of America (accessed 18 November 2021) https://www.congress.gov/104/plaws/publ191/PLAW-104publ191.pdf.

“Investing in Verified Information.” University of Washington APL and Digital ID and Authentication Council of Canada (DIACC) (academic conference, held 6-7 November 2019 in Seattle, Washington) https://depts.washington.edu/uwconf/wordpress/ivi2019/.

“Sharing an Object with a Presigned URL.” AWS (2021) (accessed 29 March 2021) https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html.

“V4 Signing Process with Your Own Program.” Google Cloud (2021) (accessed 29 March 2021) https://cloud.google.com/storage/docs/access-control/signing-urls-manually.

Allen, C. “The Path to Self-Sovereign Identity.” Life with Alacrity (2016) (accessed 18 November 2021) http://www.lifewithalacrity.com/previous/2016/04/the-path-to-self-soverereignidentity.html.

Amer, K., Noujain, J. “The Great Hack.” Netflix (2019) https://www.netflix.com/ca/title/80117542.

Au, S., Power, T. Tokenomics: The Crypto Shift of Blockchains, ICOs, and Tokens. Birmingham: Packt Publishing Ltd. (2018).

Aydar, M., Ayvaz, S. “Towards a Blockchain Based Digital Identity Verification, Record Attestation and Record Sharing System.” arXiv (accessed 18 November 2021) https://arxiv.org/abs/1906.09791v2.

Beimel, A. “Secret-Sharing Schemes: A Survey.” In International Conference on Coding and Cryptology Springer 11–46 (2011) https://doi.org/10.1007/978-3-642-20901-7_2.

Belchior, R., Putz, B., Pernul, G., Correia, M., Vasconcelos, A., Guerreiro, S. “SSIBAC: Self-Sovereign Identity Based Access Control.” In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 1935–1943 (2020) https://doi.org/10.1109/TrustCom50675.2020.00264.

Benaissa, A., et al. “TenSEAL: A Library for Doing Homomorphic Encryption Operations on Tensors.” GitHub (2020) (accessed 20 November 2021) https://github.com/OpenMined/TenSEAL/.

Blatt, M., Gusev, A., Polyakov, Y., Goldwasser, S. “Secure Large-Scale Genome-Wide Association Studies Using Homomorphic Encryption.” Proceedings of the National Academy of Sciences 117.21 11608–11613 (2020) https://doi.org/10.1073/pnas.1918257117.

Bonawitz, K., et al. “Towards Federated Learning at Scale: System design.” arXiv (2019) (accessed 20 November 2021) https://arxiv.org/abs/1902.01046v2.

Buterin, V. “A Next-Generation Smart Contract and Decentralized Application Platform.” Ethereum.org (2014) (accessed 18 November 2021) https://ethereum.org/en/whitepaper/.

C. Lundkvist, R. Heck, J. Torstensson, Z. Mitton, and M. Sena. “Uport: A Platform for Self-Sovereign Identity.” (2018) (accessed 18 November 2021) https://www.uport.me/.

Camenisch, J., Lysyanskaya, A. “A Signature Scheme with Efficient Protocols.” In Security in Communication Networks, SCN 2002 268–289 (2003) https://doi.org/10.1007/3-540-36413-7_20.

Cavoukian, A. “Privacy by Design: The 7 Foundational Principles.” Information and Privacy Commissioner of Ontario (2011) (accessed 18 November 2021) https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf.

Chen, H., et al. “Logistic Regression Over Encrypted Data from Fully Homomorphic Encryption.” BMC Medical Genomics 11.4 81 (2018) https://doi.org/10.1186/s12920-018-0397-z.

Chen, H., Laine, K., Player, R. “Simple encrypted arithmetic library-SEAL v2. 1.” In International Conference on Financial Cryptography and Data Security, FC2017 Springer 3–18 (2017) https://doi.org/10.1007/978-3-319-70278-0_1.

Cheon, J. H., et al. “Toward a Secure Drone System: Flying with Real-Time Homomorphic Authenticated Encryption.” IEEE Access 6 24325–24339 (2018) https://doi.org/10.1109/ACCESS.2018.2819189.

Cheon, J. H., Kim, A., Kim, M., Song, Y. “Homomorphic Encryption for Arithmetic of Approximate Numbers.” In International Conference on the Theory and Application of Cryptology and Information Security Springer 409–437 (2017) https://doi.org/10.1007/978-3-319-70694-8-_15.

Damgard, I., Geisler, M., Kroigard, M. “Homomorphic Encryption and Secure Comparison.” International Journal of Applied Cryptography 1.1 22–31 (2008) https://doi.org/10.1504/IJACT.2008.017048.

Diffie, W., Hellman, M. “New Directions in Cryptography.” IEEE Transactions on Information Theory 22.6 644–654 (1976) https://doi.org/10.1109/TIT.1976.1055638.

Digital Trust Team, Government of British Columbia, et al. “Hyperledger Aries Cloud Agent Python (ACAPy).” GitHub (accessed 23 February 2021) https://github.com/hyperledger/aries-cloudagentpython.

ElGamal, T. “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms.” IEEE Transactions on Information Theory 31.4 469–472 (1985) https://doi.org/10.1007/3-540-39568-7_2.

Gaber, T., Ahmed, A., Mostafa, A. “PrivDRM: A Privacy-Preserving Secure Digital Right Management System.” In Proceedings of the Evaluation and Assessment in Software Engineering 481–486 (2020) https://doi.org/10.1145/3383219.3383289.

Gentry, C. “Fully Homomorphic Encryption Using Ideal Lattices.” In Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing 169–178 (2009) https://doi.org/10.1145/1536414.1536440.

Goldreich, O. “Secure Multi-Party Computation.” (1998, 2002) Preliminary manuscript (accessed 20 November 2021) https://www.wisdom.weizmann.ac.il/~oded/pp.html.

Graupner, H., Torkura, K., Berger, P., Meinel, C., Schnjakin, M. “Secure Access Control for Multi-Cloud Resources.” In 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops) IEEE 722–729 (2015) https://doi.org/10.1109/LCNW.2015.7365920.

Hardman, D. “Hyperledger Aries RFC 0005: DID Communication.” GitHub (2019) (accessed 20 November 2021) https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0005-didcomm/.

Hardman, D., et al. “Peer DID Method Specification.” GitHub (2019) (accessed 20 November 2021) https://github.com/decentralized-identity/peer-did-method-spec.

Hofman, D., Lemieux, V. L., Joo, A., Batista, D. A. “The Margin Between the Edge of the World and Infinite Possibility: Blockchain, GDPR, and Information Governance.” Records Management Journal 29.1/2 240–257 (2019) https://doi.org/10.1108/RMJ-12-2018-0045.

Huynh, D. “CKKS Explained: Part I, Vanilla Encoding and Decoding.” OpenMined (accessed 14 May 2021) https://blog.openmined.org/ckks-explained-part-1-simple-encoding-and-decoding/.

Kazdin, A. E. “The Token Economy.” In Applications of Conditioning Theory. Routledge (1981, 2017) http://doi.org/10.4324/9781351273084.

Kim, A., Song, Y., Kim, M., Lee, K., Cheon, J. H. “Logistic Regression Model Training Based on the Approximate Homomorphic Encryption.” BMC Medical Genomics 11.4 23–31 (2018) https://doi.org/10.1186/s12920-018-0401-7.

Kim, D., Son, Y., Kim, D., Kim, A., Hong, S., Cheon, J. H. “Privacy-Preserving Approximate GWAS Computation Based on Homomorphic Encryption.” BMC Medical Genomics 13.7 1–12 (2020) https://doi.org/10.1186/s12920-020-0722-1.

Kim, M., Song, Y., Li, B., Micciancio, D. “Semi-Parallel Logistic Regression for GWAS on Encrypted Data.” BMC Medical Genomics 13.7 1–13 (2020) https://doi.org/10.1186/s12920-020-0724-z.

Kim, M., Song, Y., Wang, S., Xia, Y., Jiang, X. “Secure Logistic Regression Based on Homomorphic Encryption: Design and Evaluation.” JMIR Medical Informatics 6.2 e19 (2018) https://doi.org/10.2196/medinform.8805.

Lemieux, V. L., et al. “Having Our “Omic” Cake and Eating It Too?: Evaluating User Response to Using Blockchain Technology for Private and Secure Health Data Management and Sharing.” Frontiers in Blockchain 3 558705 (2021) https://doi.org/10.3389/fbloc.2020.558705.

Liu, Y., Lu, Q., Zhu, C., Yu, Q. “A Blockchain-Based Platform Architecture for Multimedia Data Management.” Multimedia Tools and Applications 80 30707–30723 (2021) https://doi.org/10.1007/s11042-021-10558-z.

Muhle, A., Gruner, A., Gayvoronskaya, T., Meinel, C. “A Survey on Essential Components of a Self-Sovereign Identity.” Computer Science Review 30 80–86 (2018) http://dx.doi.org/10.1016/j.cosrev.2018.10.002.

Nagaratnam, N. “What is Confidential Computing?” IBM (2020) https://www.ibm.com/cloud/learn/confidential-computing.

Naik, N., Jenkins, P. “Governing Principles of Self-Sovereign Identity Applied to Blockchain Enabled Privacy Preserving Identity Management Systems.” In 2020 IEEE International Symposium on Systems Engineering (ISSE) IEEE 1–6 (2020) https://doi.org/10.1109/ISSE49799.2020.9272212.

Naik, N., Jenkins, P. “Your Identity Is Yours: Take Back Control of Your Identity Using GDPR Compatible Self-Sovereign Identity.” In 2020 7th International Conference on Behavioural and Social Computing (BESC) IEEE 1–6 (2020) https://doi.org/10.1109/BESC51023.2020.9348298.

Nakamoto, S. “Bitcoin: A Peer-to-Peer Electronic Cash System.” (2008) (accessed 18 October 2021) https://bitcoin.org/bitcoin.pdf.

No Author. “Hyperledger Indy.” Hyperledger (accessed 22 March 2021) https://www.hyperledger.org/use/hyperledger-indy.

No Author. “Intel Software Guard Extensions.” (accessed 20 November 2021) https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions.html.

No Author. “Starting January 1, Businesses Must Follow More Robust Guidelines on Meaningful Consent for Personal Information.” Office of the Privacy Commisioner of Canada (2018) (accessed 20 November 2021) https://www.priv.gc.ca/en/opc-news/news-and-announcements/2018/an_181221/.

No Author. “TRON Advanced Decentralized Blockchain Platform, Whitepaper v. 2.0, TRON Protocol v. 3.2.” TRON Foundation (2018) (accessed 20 November 2021) https://tron.network/static/doc/white paper v 2 0.pdf.

No Author. “TRUSTZONE.” ARM (accessed 20 November 2021) https://www.arm.com/why-arm/ technologies/trustzone-for-cortex-a.

Papadopoulos, P., Abramson, W., Hall, A. J., Pitropakis, N., Buchanan, W. J. “Privacy and Trust Redefined in Federated Machine Learning.” Machine Learning and Knowledge Extraction 3.2 333–356 (2021) https://doi.org/10.3390/make3020017

Paszke, A., et al. “Pytorch: An Imperative Style, High-Performance Deep Learning Library.” arXiv (2019) (accessed 20 November 2021) https://arxiv.org/abs/1912.01703v1.

Pretschner, A., Hilty, M., Basin, D. “Distributed Usage Control.” Communications of the ACM 49.9 39–44 (2006) https://doi.org/10.1145/1151030.1151053.

Preukschat, A., Reed, D. Self-Sovereign Identity: Decentralized Digital Identity and Verifiable Credentials. New York: Manning Publications Co. (2021).

Reed, D., et al. “Decentralized Identifiers (dids) v1.0.” World Wide Web Consortium (W3C) (2020) (accessed 20 November 2021) Latest draft available at: https://www.w3.org/TR/did-core/.

Rivest, R. L., Adleman, L., Dertouzos, M. L., et al. “On Data Banks and Privacy Homomorphisms.” Foundations of Secure Computation 4.11 169–180 (1978).

Rivest, R. L., Shamir, A., Adleman, L. “A Method for Obtaining Digital Signatures and PublicKey Cryptosystems.” Communications of the ACM 21.2 120–126 (1978) https://doi.org/10.1145/359340.359342.

Romm, T. “U.S. Government Issues Stunning Rebuke, Historic $5 Billion Fine Against Facebook for Repeated Privacy Violations.” The Washington Post (2019) (accessed 20 November 2021) https://www.washingtonpost.com/technology/2019/07/24/us-government-issues-stunningrebuke-historic-billion-fine-against-facebook-repeated-privacy-violations/.

Rosenblatt, B., Trippe, B., Mooney, S. Digital Rights Management. New York: Wiley (2002).

Russinovich, M., et al. “Toward Confidential Cloud Computing.” Communications of the ACM 64.6 54–61 (2021) https://doi.org/10.1145/3454122.3456125.

Sabt, M., Achemlal, M., Bouabdallah, A. “Trusted Execution Environment: What It Is, and What It Is Not.” In 2015 IEEE Trustcom/BigDataSE/ISPA. 1 IEEE 57–64 (2015) https://doi.org/10.1109/Trustcom.2015.357.

Saint-Andre, P., Klensin, J. “Uniform Resource Names (URNs).” Internet Engineering Task Force (IETF) (2017) Internet Requests for Comments 8141 (accessed 20 November 2021) https://www.rfceditor.org/rfc/rfc8141.html.

Tobin, A. “Sovrin: What Goes on the Ledger?” Evernym (2018) (accessed 18 November 2021) https://www.evernym.com/wp-content/uploads/2017/07/What-Goes-On-The-Ledger.pdf.

Tobin, A., Reed, D. “The Inevitable Rise of Self-Sovereign Identity.” The Sovrin Foundation (2017) (accessed 18 November 2021) https://sovrin.org/wp-content/uploads/2017/06/The-InevitableRise-of-Self-Sovereign-Identity.pdf.

Verifiable Credentials Working Group. “Verifiable Credentials Data Model 1.0: Expressing Verifiable Information on the Web.” World Wide Web Consortium (W3C) (2019) (accessed 23 February 2021) https://www.w3.org/TR/vc-data-model/.

Voigt, P., Von dem Bussche, A. The EU General Data Protection Regulation (GDPR), A Practical Guide. Cham: Springer International Publishing (2017).

Yaga, D., Mell, P., Roby, N., Scarfone, K. “Blockchain Technology Overview.” arXiv (accessed 18 November 2021) https://doi.org/10.6028/NIST.IR.8202.

Yao, A. C.-C. “How to Generate and Exchange Secrets.” In 27th Annual Symposium on Foundations of Computer Science (sfcs 1986) IEEE 162–167 (1986) https://doi.org/10.1109/SFCS.1986.25.

How to Cite
Kang, M., & Lemieux, V. (2021). A Decentralized Identity-Based Blockchain Solution for Privacy-Preserving Licensing of Individual-Controlled Data to Prevent Unauthorized Secondary Data Usage. Ledger, 6. https://doi.org/10.5195/ledger.2021.239
Research Articles