Personal information refers to information that can identify each individual directly or indirectly among information about the individual. The personal information is at the center of a conflict between protection of privacy of the individual and collection and use of the personal information for marketing of a company, and thus a risk of infringement of the privacy is increasing accordingly.
Recently, IoT (Internet of Things) devices have been commercialized, and the risk of infringement of individual information of the IoT devices corresponding to the individual's personal information is also increasing.
In addition, if private data of users such as the personal information and the individual information of the IoT devices are collected in a centralized manner and stored in a database, the risk of infringement or leakage of the personal information by the company on purpose or due to its mistakes will not disappear. Therefore, there is a need for a method for preventing wide exposure of the private data of subjects.
In order to solve the problem of the centralized data collection, a method of managing information by using a blockchain technology with security and stability is emerging.
The blockchain uses a distributed ledger that allows a large number of participants to manage a series of synchronized ledgers jointly. Although there is no risk of hacking or the like, since data of the distributed ledger is open to all of the participants, the private data is encrypted, for example, converted into a hash value, and registered in the distributed ledger.
However, in a conventional method of registering and managing the private data of a subject, e.g., the user or a user device, in the distributed ledger of the blockchain, a hash value of the entire private data of the subject is registered in the distributed ledger, and in order to confirm authenticity of the subject's private data, a hash value of a presented private data for comparison and the hash value registered in the distributed ledger are compared, to thereby confirm whether the presented private data for comparison is authentic, that is, whether the subject has permission.
Therefore, if there are a plurality of pieces of the private data of the subject, it is necessary to present all the private data registered in the distributed ledger so as to confirm the authenticity using the hash value. Therefore, the private data are disclosed unnecessarily and the risk of exposure of the private data is increased accordingly.