안전한 비식별화 및 데이터 외부 공유를 제공하는 탈중앙형 자기 주권 신원 모델

Abstract

As digital services increased, a digital identity solution that can accurately identify an offline human or device on an online network has been required. The existing digital identity adopted a centralized form based on PKI (Public Key Infrastructure), so there were problems such as SPoF (Single Point of Failure), performance bottleneck, and dishonest TTP (Trusted Third Party). Decentralized identities, such as DID solve this problem by issuing digital identities over a decentralized network. However, there was a problem in that it has difficult to guarantee strong ownership of personal information. Decentralized identity works presented in this background is a SSI (Self-Sovereign Identity) solution, which can guarantee the strongest self-sovereignty according to the life cycle of identity data, including the right to consent, erasure, and rectification. However, it only depended on ZKP (Zero Knowledge Proof)'s prior agreement for de-identification of identity data, and there is a problem that it is impossible to provide de-identification data without the consent of the data subject due to excessively strong self-sovereignty. These shortcomings are not suitable for the latest digital processing standards trends such as GDPR (General Data Protection Regulation) and the big data industry. In this thesis, we propose a system model that generates restructured VC (Verifiable Crdential) to realize secure de-identification of credentials including identity attributes and external sharing of data in a decentralized SSI service. In the proposed model, the holder creates a hash digest that will act as proof of the transaction, and verifier whether a transaction is made by passing it to the entities that come into contact with the holder, such as the issuer and the verifier. Also, after verification of the normal credential is finished, the verifier can issue the restructured VC in which the holder's DID is replaced with the verifier's DID through ZKP verification result. The restructured VCs are information that replaces the holder's DID, and can be think of as non-identification data with the identifier removed, and can be provided to external entities for non-profit purposes (research, academic, statistics, etc.) without consent. We provide a detailed process and use case for the proposed model. In addition, it is finally determined whether the proposed model is suitable for the actual SSI architecture through qualitative analysis based on GDPR and domestic personal information protection act and quantitative analysis of the increasing issuing time required.