Search

EP-4742065-A1 - NON-TRANSITORY COMPUTER READABLE MEDIUM, APPARATUS

EP4742065A1EP 4742065 A1EP4742065 A1EP 4742065A1EP-4742065-A1

Abstract

Provided is a non-transitory machine-readable medium including machine-readable instructions. The machine-readable instructions cause, when executed on an apparatus, the apparatus to receive, by a trusted authority, a request for access to user data stored on a distributed network. The machine-readable instructions further cause the apparatus to search, by the trusted authority, an immutable ledger for an entry related to the user data. The machine-readable instructions further cause the apparatus to selectively decide, by the trusted authority and based on an access policy for the user data indicated by the entry, whether to grant access to the user data.

Inventors

  • ZMIJEWSKI, Piotr
  • BERENT, ARKADIUSZ
  • BRONK, Mateusz
  • MATUSIEWICZ, KRYSTIAN

Assignees

  • INTEL Corporation

Dates

Publication Date
20260513
Application Date
20251028

Claims (15)

  1. A non-transitory machine-readable medium comprising machine-readable instructions which, when executed on an apparatus, cause the apparatus to: receive, by a trusted authority, a request for access to user data stored on a distributed network; search, by the trusted authority, an immutable ledger for an entry related to the user data; selectively decide, by the trusted authority and based on an access policy for the user data indicated by the entry, whether to grant access to the user data.
  2. The non-transitory machine-readable medium of claim 1, wherein the machine-readable instructions further comprise instructions to: receive, by the trusted authority, an updated access policy; and selectively revoke the user data based on the updated access policy.
  3. The non-transitory machine-readable medium of claim 2, wherein, for selectively revoking the user data, the machine-readable instructions further comprise (i) instructions to selectively invalidate a key provided for the user data, (ii) instructions to revoke access to the user data for at least one participant in the distributed network, and/or (iii) instructions to revoke access to third party data, wherein the third party data are generated by a participant in the distributed network based on the user data.
  4. The non-transitory machine-readable medium of claim 3, wherein the third-party data is derived data or is included in aggregated data.
  5. The non-transitory machine-readable medium of claim 4, wherein, if the third-party data is included in aggregated data and access to the third-party data is revoked, other data of the aggregated data remains accessible.
  6. The non-transitory machine-readable medium as in any one of claims 1-5, wherein, if access to the user data is granted, the machine-readable instructions further comprise instructions to: provision, by the trusted authority, a key to access the user data based on a remote attestation.
  7. A non-transitory machine-readable medium comprising machine-readable instructions which, when executed on an apparatus, cause the apparatus to: receive, by a trusted authority, key data related to user data, wherein the user data are stored or are to be stored on a distributed network; create, by the trusted authority, a tree-structure of an immutable ledger, wherein a root of the tree-structure indicates at least an identifier for the user data; and when a participant of the distributed network generates third party data based on the user data, create, by the trusted authority, a node in the tree-structure indicating at least an identifier for the third-party data.
  8. The non-transitory machine-readable medium of claim 7, wherein the user data are generated by a first participant and the third-party data are generated by a second participant of the distributed network, and wherein the machine-readable instructions further comprise instructions to: in response to a revocation of the user data, create a node in the tree-structure indicating at least an identifier for amended third party data corresponding to the third-party data with indications to the user data being removed from the third-party data.
  9. The non-transitory machine-readable medium of claim 7 or 8, wherein the identifier for the user data includes a key for decrypting the user data.
  10. An apparatus comprising interface circuitry, machine-readable instructions, and processing circuitry to execute the machine-readable instructions to: receive, by a trusted authority, a request for access to user data stored on a distributed network; search, by the trusted authority, an immutable ledger for an entry related to the user data; and decide, by the trusted authority and based on an access policy for the user data indicated by the entry, whether to grant access to the user data.
  11. The apparatus of claim 10, wherein the machine-readable instructions further comprise instructions to: receive, by the trusted authority, an updated access policy; and selectively revoke the user data based on the updated access policy.
  12. The apparatus of claim 11, wherein, for selectively revoking the user data, the machine-readable instructions further comprise (i) instructions to selectively invalidate a key provided for the user data, (ii) instructions to revoke access to the user data for at least one participant in the distributed network, and/or (iii) instructions to revoke access to third party data, wherein the third party data are generated by a participant in the distributed network based on the user data.
  13. The apparatus of claim 12, wherein the third-party data is derived data or is included in aggregated data.
  14. The apparatus of claim 13, wherein, if the third-party data is included in aggregated data and access to the third-party data is revoked, other data of the aggregated data remains accessible.
  15. The apparatus as in any one of claims 10-14, wherein, if access to the user data is granted, the machine-readable instructions further comprise instructions to: provision, by the trusted authority, a key to access the user data based on a remote attestation.

Description

Background Users using services among distributed networks (e.g., the Internet) may be required to share personal data in order to be able to use the services. On the other hand, the user may need to be able to request removal of the personal data from the network (e.g., effectively requesting it to be "forgotten", for example to fulfill GDPR's (general data protection regulation) "right to be forgotten", or to fulfill other regulations or laws). The request may cause to restrict access to the data, or to truly/completely remove the data. In the latter case, all the data sets that came into life as the result of processing the original data set (be it a subset, superset or new data derived based on the original data) may need to be altered or removed as well, effectively bringing the state of the network back to a point where that original data fictionally never existed. Brief description of the Figures Some examples of apparatuses and/or methods will be described in the following by way of example only, and with reference to the accompanying figures, in which Fig. 1 illustrates a block diagram of an apparatus according to the present disclosure;Fig. 2 illustrates a block diagram of an apparatus according to the present disclosure;Fig. 3 depicts a flowchart of a method according to the present disclosure;Fig. 4 depicts a flowchart of a method according to the present disclosure;Fig. 5 depicts a flowchart of a method for data creation and registration according to the present disclosure;Fig. 6 depicts a flowchart of a method for revoking access to data according to the present disclosure;Fig. 7 depicts a sequence diagram of a method for data creation according to the present disclosure;Fig. 8 depicts a sequence diagram of a method for data access and derivate creation according to the present disclosure; andFig. 9 depicts a sequence diagram of a method for data revocation according to the present disclosure. Detailed Description Some examples are now described in more detail with reference to the enclosed figures. However, other possible examples are not limited to the features of these embodiments described in detail. Other examples may include modifications of the features as well as equivalents and alternatives to the features. Furthermore, the terminology used herein to describe certain examples should not be restrictive of further possible examples. Throughout the description of the figures same or similar reference numerals refer to same or similar elements and/or features, which may be identical or implemented in a modified form while providing the same or a similar function. The thickness of lines, layers and/or areas in the figures may also be exaggerated for clarification. When two elements A and B are combined using an "or", this is to be understood as disclosing all possible combinations, i.e. only A, only B as well as A and B, unless expressly defined otherwise in the individual case. As an alternative wording for the same combinations, "at least one of A and B" or "A and/or B" may be used. This applies equivalently to combinations of more than two elements. If a singular form, such as "a", "an" and "the" is used and the use of only a single element is not defined as mandatory either explicitly or implicitly, further examples may also use several elements to implement the same function. If a function is described below as implemented using multiple elements, further examples may implement the same function using a single element or a single processing entity. It is further understood that the terms "include", "including", "comprise" and/or "comprising", when used, describe the presence of the specified features, integers, steps, operations, processes, elements, components and/or a group thereof, but do not exclude the presence or addition of one or more other features, integers, steps, operations, processes, elements, components and/or a group thereof. Fig. 1 illustrates a block diagram of an example of an apparatus 100 (or device 100). The apparatus 100 includes circuitry that is configured to provide the functionality of the apparatus 100. For example, the apparatus 100 of Fig. 1 includes interface circuitry 120, processing circuitry 130 and (optional) storage circuitry 140. For example, the processing circuitry 130 may be coupled with the interface circuitry 120 and optionally with the storage circuitry 140. For example, the processing circuitry 130 may be configured to provide the functionality of the apparatus 100, in conjunction with the interface circuitry 120. For example, the interface circuitry 120 is configured to exchange information, e.g., with other components inside or outside the apparatus 100 and the storage circuitry 140. Likewise, the device 100 may include means configured to provide the functionality of the device 100. The components of the device 100 are defined as component means, which may correspond to, or implemented by, the respective structural components of the appar