Friday, 20th September 2019
Logo

Improving the reliability of data distribution

Enables unified management of such information as data source, processing history, and consent status for personal information.

Fujitsu Laboratories Ltd. today announced that it has developed "ChainedLineage," a blockchain extension technology that enables the safe use of data obtained from a variety of companies and individuals, confirming its provenance and processing history. Data that can be used by companies often consists of data from multiple sources, and in many cases has been processed in stages by multiple companies. For companies using such data, it is important to ensure the reliability of the data they obtain, and they currently need to trace back the provenance of each data. There are also issues with obtaining data that complies with regulations such as Japan's Act on the Protection of Personal Information or Europe's GDPR(1). Because this newly developed technology enables uniform management of information on the provenance of data published by companies and other organizations, users can easily trace the history of data processing as it passed through multiple companies and efficiently obtain data from individuals who have provided their consent. Fujitsu Laboratories aims to create a society with trustworthy data by applying this technology to various fields that utilize data.

Development Background

In recent years, there has been an increasing trend toward the creation of new services using the massive amounts of data generated by various devices, from individual smartphones to corporate IoT systems. In addition, governments have promoted municipalities, companies and organizations to proactively use their data across industries. The activities of data utilization are therefore expected to expand even further going forward. As technologies for using and analyzing large volumes of data, such as big data and AI, gain prominence, the accountability of related services will be compromised if inadequate data is mixed into those used by companies. Moreover, with the implementation of laws protecting personal information, particularly the GDPR, it has become necessary to confirm individual consent before providing personal information to third party companies. This has in turn made it essential to find a way to proactively use data while preserving transparency. As multiple companies and organizations become involved in the different stages of generation or processing of data that contains personal information, the amount of diverse useful data is increasing, while there are concerns regarding data reliability due to the growing number of people handling the data. As a result, there has been more demand to understand the origin of data.

Issues

Because the majority of data that can be used amongst companies has been processed or combined with other data in some way, it is important to manage information on the provenance of data, including whether it has been processed or analyzed, in what ways, and using what sort of data, in order to ensure the reliability of the data. Conventionally, the management of records relating to the processing and analysis of data was done within each company, and there was no method for integrating and managing the record information scattered across the companies. In addition, in the event there were changes to the objectives of use, content, or destination of the data held by each company, it was necessary to revise the personal consent status of the person providing the data. Moreover, based on the outcome of that consent result, the user of the data needed to spend time to obtain each individual's personal data.

About the Newly Developed Technology

Now, Fujitsu Laboratories has developed a technology for companies to safely manage and share provenance information, from the original source of the data to its current state. This information includes records of data generation and processing, as well as the details for individual consent on providing personal data. The features of this technology are as follows.

1. Technology links recorded data of generated, processed data across multiple companies

Fujitsu Laboratories developed a technology to connect conventional data processing record information scattered across various companies with data transaction information amongst companies shared via blockchain technology in a way that other companies can also confirm, using the hash values(2) of the processing records and the data transaction information themselves. In a data use environment where data generated or processed by one company is used by another company, the data processing record information is linked in a chain across companies. Because this data structure is constituted in such a way that the hash value of the processing record information from the original, data-providing company is included in the transaction record information of the data-receiving company, while the hash value of the transaction record information is included in the processing record information of the data-receiving company, this technology can trace data across companies and detect falsifications.

2. Technology batch collects personal data through condition-specific requests

A consent portal for permission to utilize personal information has been deployed on the data exchange platform of Fujitsu VPX Technology(3) network, using UMA2.0(4), an access management protocol standard. This will grant data access rights after confirming individual consent for companies requesting their data. In addition, by linking a request to obtain data with specific conditions (such as sex or age) at the time of the request, it becomes possible to collect batches of personal data for multiple people who have already given permission for use of their data.

Effects

With the newly developed technology, companies can now simply and safely check the provenance of information across companies, while improving the reliability of data utilization. The technology also enables companies to obtain data that has already received the individual consent required under GDPR.

Future Plans

Fujitsu Laboratories aims to implement the personal consent control technology supporting the requirements of GDPR as an expanded functionality for Fujitsu Intelligent Data Service Virtuora DX Data Distribution and Utilization Service, a cloud service using blockchain technology for data utilization, within fiscal 2018. The company also plans to conduct field trials of the entire ChainedLineage system, including provenance management across companies, with the goal of commercialization during fiscal 2019.
WorldStream has launched its next-generation anti-DDoS platform, WorldStream DDoS Shield. WorldStrea...
NetApp survey shows that visibility into cloud usage and spending are still major concerns; only 31%...
Autonomous endpoint security thoroughbred wins race to protect global digital content provider.
Barracuda’s Secure SD-WAN platform delivers industry-leading security, connectivity, and automation...
F-Secure's global honeynet measured twelve times more attack events in H1 2019 than in H1 last year.
Half of professionals also admitted concerns around their current cloud providers.
Hogarth selected Pulse Secure’s VPN and NAC solutions to ensure workforce is authenticated, authoris...
Nearly one-third (32%) of IT group employees in SMBs and mid-market enterprises globally said their...