Data Privacy in Enterprise Blockchain Solutions
Enterprise blockchain designers face an interesting conundrum when faced with building a system. On the one hand, blockchains are all about transparent auditability, achieving trust through shared distributed ledgers. On the other hand, enterprise transactions often deal with sensitive data that should not be shared amongst all participants for a number of reasons.
Therefore, finding the right balance between transparency and data-protection is one of the hardest parts of designing enterprise blockchains. The resulting solutions must protect participants data and fulfill any applicable regulatory requirements, whilst at the same time maintaining the advantages of using a blockchain. These advantages are decentralized trust and transparency.
We have previously discussed how Black Insurance is implemented as a dual-blockchain solution for data protection and privacy reasons. In this article, we dig slightly deeper and use the platform as an example to demonstrate how enterprise blockchain solutions can deal with privacy internally, protecting different stakeholders of the system.
Permissioned Blockchain and Data Protection
Privacy matters in all IT systems, of course. Nevertheless, blockchain applications constitute a special case, because of the transparent and distributed nature of the implementation. Any data stored on a distributed ledger set up between organizations, or even completely publicly, is essentially shared and leaves the organization’s own network.
It is therefore important to ensure no personal or confidential data is accidentally made public. Even, if encryption is used, some unanswered questions remain. For instance, how can an immutable distributed ledger function in the context of data protection legislation, such as Europe’s General Data Protection Regulation (GDPR), with the “right to be forgotten”?
Typically, enterprise blockchains provide mechanisms to deal with data privacy. We have previously published a comparison of blockchain platforms. Black Insurance uses Hyperledger Fabric to implement its protected consortium chain and Ethereum for its public components.
Hyperledger Fabric, for example, provides three levels of data privacy management:
- Data channels are effectively separate ledgers limited for authorized participants. Setting up a channel for a subset of the application allows the grouping of relevant data into protected domains. Channels encapsulate smart contracts (chain code), transactions and ledger state.
- Private transactions within a channel provide more fine-grained ways of keeping individual transactions between two or more participants of a channel private.
- Zero-knowledge proofs are cryptographic tools that allow a participant to prove certain aspects of data items, without revealing the actual data. This may sound complicated, but a simple example could be proving the validity of an id to gain access to part of the system, without actually revealing the identity.
Black Insurance Data Channels
The Black Insurance blockchain platform makes intensive use of data channels. The Black eco-system includes a number of stakeholders that can be organized into different user groups with their own privacy needs.
Platform users are authenticated through x.509 certificates and public keys. All authenticated users can access the Platform Core data channel. This channel manages some sensitive data, such as account balances, user details, payment histories, product information, and cash flow models. Some of this data, such as identifiable user data, is not directly stored on the channel. Instead, hashes are stores, representing digital fingerprints that can be used to verify the integrity of off-chain data.
Policy Admin channels are created for each insurance product when an agreement is reached between insurance brokers and insurance syndicates. As the data on claims and policies is very sensitive, only relevant brokers, handlers and regulator can join a policy admin channel for their products.
Each insurance syndicate also operates on its own Investment channel. These channels are open to the relevant investors, syndicate operators and regulators, and store information on investment and underwriting agreements.
Atomic movements of assets between channels and to the public Ethereum blockchain is a required feature of the Black Insurance platform. To facilitate this, the system implements the Black Token Gateway. This inter-blockchain communication channel uses hashed time-lock contracts to allow assets to be transferred between ledgers, whilst maintaining overall consistency.
Early Design Decisions
The Black Insurance platform demonstrates that data privacy is one of the driving forces behind enterprise blockchain design. The whole architecture is built around the concept of different stakeholders and the data they share. Since enterprise blockchain applications are all about working across institutional boundaries, their whole concept relies on data sharing. It is therefore inevitable to build such a solution around data privacy and make extensive use of the underlying cryptographic primitives that allow granular control of data accessibility.