How to control access to personnal information stored on blockchain (with an educational use case)

Question

The following use case would it be possible ?

At a nation level, the government wants its regional educational direction to build a system to certify diplomas. Those diplomas should be stored on a blockchain in such a way that no region could, alone, temper them after they were issued.

The students should be able to give access temporally to his or her diplomas, to anyone (eg. employer wanting to recruit).

Please correct me:

I think this should be possible if the data stored on the blockchain was encrypted and if the DAPP was able to generate temporary key to decrypt that data.

Obviously any employer gaining access to the record could make a copy of it, but the point here is that after the expiration of the key's validity, no employer should be able to prove that he owned the real record.

Does that sound like a valid use case for dapps in general. Does it sound even feasible to you ?

Answer 1

The following scenario can be suggested as the simplest option:

1. We create a smart contract with 3 methods:

• RegistryRequest(bytes32 info_id, bytes32 user_id, string memory public_cert) payeble
• SendInfo(bytes32 info_id, bytes32 user_id, string file_addr)
• GetInfo(bytes32 info_id, bytes32 user_id) view return(string memory retVal)

2. The consumer calls the method RegistryRequest transfers:

• info_id - the identifier of the required data
• user_id - his unique identifier (e-mail, mobile phone, and so on) ()
• public_cert- his public key OpenSSL and attaches a certain amount in Eth to the transaction as payment for the service.

3. Having received the details and payment from the consumer, you:

• create a file with the data he needs
• encrypt this file with the consumer's public key OpenSSL,
• upload it to some web resource or transfer it via IPFS or Ethereum Swarm (or in any other way)
• using the method SendInfo lay out the "address" of the data file (file_addr) in relation to the data and consumer identifiers (info_id, user_id). To pay for the transaction, you use a portion of the amount received from the consumer along with the RegistryRequest.

4. The consumer through the method GetInfo using the data identifier (info_id) and his personal identifier (user_id) receives the "address" of the data file, extracts and decrypts it

5. If the data changes, then their changed state is laid out similarly to point 3

6. After the expiration of the data provision period, you stop releasing their update

More complex solutions can, for example, be discussed with experts for free and simulated on a kekker.com