Professional Documents
Culture Documents
article info a b s t r a c t
Article history: Open banking brings both opportunities and challenges to banks all over the world especially in
Received 25 September 2018 data management. A blockchain as a continuously growing list of records managed by a peer-
Received in revised form 23 August 2019 to-peer network is widely used in various application scenarios; and it is commonly agreed that
Accepted 6 September 2019
the blockchain technology can improve the protection of financial data privacy. However, current
Available online 4 October 2019
blockchain technology still poses some challenges in fully meeting the needs of financial data privacy
Keywords: protection. In order to address the existing problems, this paper proposes a new data privacy
Blockchain management framework based on the blockchain technology for the financial sector. The framework
Open banking consists of three components: (1) a data privacy classification method according to the characteristics
Nudge theory of financial data; (2) a new collaborative-filtering-based model; and (3) a data disclosure confirmation
Data privacy management
scheme for customer strategies based on the Nudge Theory. We implement a prototype and propose
a set of algorithms for this framework. The framework is validated through field experiments and
laboratory experiments.
© 2019 Elsevier B.V. All rights reserved.
https://doi.org/10.1016/j.future.2019.09.010
0167-739X/© 2019 Elsevier B.V. All rights reserved.
H. Wang, S. Ma, H.-N. Dai et al. / Future Generation Computer Systems 110 (2020) 812–823 813
combination with the Nudge theory. The framework dissolves and the Byzantine general problem [24]. It can solve the double
the default data disclosure schemes of new customers with the payment problem of decentralized systems in the absence of
customer-strategy collaborative filtering model, and then the local agencies through the verification of distributed nodes and
schemes are confirmed in the application scenario of banks. A consensus mechanism, and accomplish the value transfer in the
concrete blockchain-based financial customer data privacy man- process of information transmission [25]. One important applica-
agement prototype is implemented. This paper is divided into tion of the blockchain is the smart contract. Smart contracts are
seven sections. Section 2 introduces the related work in open self-executing and autonomous computing protocols that facili-
banking and highlights the shortcomings in existence data pri- tate the performance and execution of agreements between two
vacy management of blockchain. Section 3 presents a new data or more parties. The advantages of smart contracts are numerous.
privacy management framework with a data privacy classifica- They can provide better security performance than traditional
tion method according to the characteristics of financial data. contract law and reduce transaction costs associated with the
Section 4 describes a new collaborative-filtering-based model negotiation, verification and enforcement of agreements [26].
and a confirmation data disclosure scheme for customer strate- There are two types of blockchains, one is public or per-
gies based on the Nudge Theory. Section 5 presents the smart missionless blockchain (such as Bitcoin) and the other is per-
contracts and data on-chain and off-chain algorithms. Section 6 missioned blockchain [27,28] (such as Hyperledger Fabric). The
evaluates the framework. Finally, we conclude this paper in main differences between them are the privacy and consensus
Section 7. algorithms. In a permissionless blockchain anyone can participate
without a specific identity in the process of block verification to
2. Related work create consensus and also create smart contracts. Permissionless
blockchains typically involve a native cryptocurrency. One major
Pushed by the need of data sharing imposed by Open Banking, issue of permissionless blockchain is the high latency of block
three different management approaches about global data privacy generation. Permissioned blockchain restricts the actors who can
protection emerged: contribute to the consensus of the system state. So, it provides
Firstly, the more restrictive regulations found in the US w.r.t. a way to secure the interactions among a group of entities that
the development of American technology-driven financial orga-
have a common goal but which do not fully trust each other,
nizations. By functional supervision, the US regulations demand
such as businesses that exchange funds (finance), goods (supply
that financial technology should bring the essence of financial
chain), or information (public service). By relying on the identi-
business into existing financial supervision system. Today the
ties of the peers, a permissioned blockchain can use traditional
US’s regulations are being loosened so as to enhance the financial
Byzantine-fault tolerant (BFT) [29], RAFT, or Paxos consensus.
data sharing.
With the blockchain technology, it brings multiple solutions
Secondly, the passive regulations found in China w.r.t. the
for data privacy [30] and open banking can enable multiple ap-
development of China’s market-driven financial organizations.
plication scenarios [31]. The first application scenario is the pro-
Chinese financial technologies are driven by market and business
vision of peer-to-peer (P2P) transactions, such as cross-border
models. At present China’s regulations on financial technologies
payments and remittances based on P2P transactions. The second
are being gradually adjusted in order to solve some problems
scenario is that a blockchain can be used as a reliable database
and risks resulting from the earlier rapid development period.
to record all kinds of information with the characteristics of
The amendment of criminal law in 2017 has explained the in-
credibility and traceability, such as registration of the anti-money
fringement of citizens’ personal information behavior standards,
laundering information. The third scenario is the confirmation
and clearly defined that it is not only the company, but also the
company leaders should bear corresponding responsibility. China of rights, such as land ownership, equity and other contracts or
Banking Regulatory Commission (CBRC) also requires banks to property authenticity verification and transfer. The fourth sce-
carry out data privacy management to enhance the consciousness nario is intelligent management, where smart contracts can be
of the data security, and prevent misuse excessive data, aiming to used to automatically detect the trigger conditions and the con-
protect customer data privacy. tract will be automatically processed in automatic payment, par-
Thirdly, the active regulations found in the UK, EU countries, ticipation in profit, etc.
Singapore, Australia, Hong Kong, Japan and South Korea. In order Even though the data stored in the blockchain allows only
to develop financial technologies, supervision has stepped up to the original user to read and that other users would need au-
become the main guiding and driving force, promoting ‘‘Regula- thorization to access, data privacy management still has many
tory Sandbox’’ and ‘‘Open Bank Project’’. At the same time, GDPR shortcomings:
has come into force in May 2018. It will replace the obsolete Data 1. Through the big data analysis technology, it is easily to
Protection Act that was used for more than 20 years, and provide locate those public keys of big transactions, and then locate the
a good regulation platform for open banking. owner of the public key by the transaction time, counterparties
Currently, existing solutions to financial data privacy manage- and the open bank information, etc.
ment are mainly based on the centralized systems that essentially 2. According to the GDPR, the company must completely
enforce the operation permissions or data permissions across dif- delete their personal data after obtaining the citizens’ require-
ferent financial sectors. If one financial sector initiates a retrieval ments for data erasing. For banks and financial companies that
request for the data contained in other sectors, it must obtain use blockchain technology, the actual removal of this information
the permission from the centralized party first. The throughput is divided into different situations and conditions, and there are
and information security can be guaranteed by the enterprise no clear rules currently.
firewall when the financial data retrieval operations occur within 3. In the data protection acts, banks need to redesign their own
the enterprise intranet. However, the centralized system cannot system, so as to adapt to collaborative work between blockchains
support the extensive tasks as most of current financial trans- and the huge applications of the banks, rather than simply mov-
actions happen throughout the entire Internet. In addition, the ing bank data on or off blockchain. Moreover, the data disclosure
centralized design also results in the single-point-of-failure (SPF) schemes need to be confirmed by each customer, which is costly
or deny-of-service (DoS) attack. for the banks.
Blockchain addresses two important problems that the elec- 4. In some cases, such as the GDPR act, the definition of
tronic coin system has long faced: the dual payment problem personal data is very broad. In principle, it covers any information
814 H. Wang, S. Ma, H.-N. Dai et al. / Future Generation Computer Systems 110 (2020) 812–823
Table 2
Different prompts of different data privacy management policies.
Info. Nudging schemes T in P
Trading p1 : When customers deal with the business, it is necessary to provide a reconciliation
check whether to disclosure the trading record to the third party so as to ensure the
correctness of the client’s funds. If not permitted, the customer should accept the
money criterion is based on the third-party.
p6 : Customers authorize to the bank.
Money p6 : Customers authorize to the bank.
Basic p1 ∼ p6 : When opening an account after the contract signing or products marketing, it
will have tips for confirmation that the basic information of the customer can be
disclosed.
Relation p3 : Customer managers conduct customer information surveys and inquiries and then
ask customers if they are willing to disclose relational information to support the
supply chain information and get better secured loan services.
p5 : When customer consult on some products that are bought by his relations, the
bank tellers inquire the confirmation.
p6 : When a company handles the payroll service, it applies to the bank to disclose
information on its own employees.
Contact p1 : When activating mobile phone banking and other E-bank applications, fill in
contact information and prompt for confirmation.
p2 : The customers are asked through the customer service hotline.
p3 : When handling the loan, the customer manager fills in contact information and
inquires on the confirmation
p4 : The business process triggers the SMS notification procedure and pops up a prompt
p5 : When opening the account, the contact information is confirmed together with the
basic customer information.
Resource p3 : Customer managers inquire when marketing. Or the business process may trigger a
special application to obtain the disclosure of the resource information.
p6 : Customers authorize to the bank.
Contract p1 : When opening the corresponding service on the E-bank, the systems start to
prompt.
p2 : Consulting product information prompt
p3 : Marketing products prompt.
p4 : When the customer enters the branch, the lobby manager will be prompted to
conduct marketing when he obtains the customer’s purchase information.
p5 : Trigger when a business is started.
Risk p6 : Choices made by the banks
Event p2 ∼ p3 : When a customer manager or an online staff does a customer marketing survey,
he asks the customer if information can be disclosed for a particular event record.
on-chain method.
6. Experiments
Table 3
Privacy preservation analysis.
Scenarios Operations Privacy preservation analysis
Add the new customer 1. Create a new customer in Bank B can get the new
bank A; customer.
2. Set the attribute disclosure;
3. Save and consensus;
4. Bank B synchronizes the
smart ledger.
1. Create a new customer in Bank B cannot get the new
bank A; customer.
2. Set the attribute
non-closure;
3. Save and consensus;
4. Bank B synchronizes the
smart ledger.
1. Choose a disclosure Bank B can see the new age
Update a customer customer in bank A; data.
2. Change the age attribute;
3. Save and consensus;
4. Bank B synchronizes the
smart ledger.
1. Choose a disclosure Bank B can see the new age
customer in bank A and money data but cannot see the new
attribute only disclosure to money data.
bank C; Bank C can see all changed
2. Change the age and money data.
attribute;
3. Save and consensus;
4. Bank B synchronizes the
smart ledger;
5. Bank C synchronized the
smart ledger.
1. Choose a non-disclosure Bank B cannot see the new age
customer in bank A; data.
2. Change the age attribute;
3. Save and consensus;
4. Bank B synchronizes the
smart ledger.
1. Choose a non-disclosure Bank B can see the new age
customer in bank A; data.
2. Change the schemes to the
disclosure;
3. Change the age attribute;
4. Save and consensus;
5. Bank B synchronizes the
smart ledger.
Table 4
Results of models.
Precision Improved precision Recall
83% 100% 21%
(2) Use this account to perform the query operation and the
query is successful.
(3) Change the query permission of the account to null.
(4) Use this account to perform the query again. The query fails
and the prompt does not have permission.
The blockchain private information encryption test procedure
is as follows:
Fig. 7. Throughput of the blockchain.
(1) Create an account.
(2) Private data is encrypted using openssl.
(3) View the encrypted cipher text.
case. This result implies that at least two nodes are the necessity
(4) Use openssl to decrypt the cipher text, consistent with the
for the system.
original text before encryption.
The blockchain interface permission control test procedure is: The results are shown in Figs. 10 and 11, respectively.
(1) Create an account and assign the query operation permis- Experiments verify that the chosen blockchain in this paper
sion to the account. meets the security requirements.
H. Wang, S. Ma, H.-N. Dai et al. / Future Generation Computer Systems 110 (2020) 812–823 821
Table 5
Comparison of the technical specifications of Fabric and Ethereum.
Indicator Fabric Ethereum
Consensus Kafka PoW
Smart contract Chainnode EVM
Database Go-leveldb Go-leveldb
Access control CA N/A
Throughput Average:10 000 <100
Peak:30 000
Transaction delay <300 ms 14 s
7. Conclusions
show that the proposed framework meets the reality in banking [18] J.J. Sikorski, J. Haughton, M. Kraft, Blockchain technology in the chemical
data privacy management. industry: Machine-to-machine electricity market, Appl. Energy 195 (2017)
234–246.
Our future work will incorporate the testing of existing secure
[19] P. Sreehari, M. Nandakishore, G. Krishna, et al., Smart will converting
and scalable blockchain and the design of a layered architec- the legal testament into a smart contract, in: Networks & Advances in
ture for financial applications, such as loan management [38], Computational Technologies (NetACT), 2017 International Conference on,
with hybrid blockchain and feature engineering technologies. The IEEE, 2017, pp. 203–207.
nudging schemes will be enhanced to consider the aspects of dif- [20] M. Sharples, J. Domingue, The blockchain and kudos: A distributed system
for educational record, reputation and reward, in: European Conference on
ferent product services [39]. In addition, we would strengthen the
Technology Enhanced Learning, Springer, Cham, 2016, pp. 490–496.
management of third-party data users in the financial blockchain, [21] R. Agrawal, R. Srikant, Privacy-preserving data mining, ACM SIGMOD Rec.
ensuring that the deleted data required by the customer can be 29 (2) (2000) 439–450.
completely erased or frozen in the databases of the third parties [22] W. Dai, M. Qiu, L. Qiu, et al., Who moved my data? privacy protection in
[40]. smartphones, IEEE Commun. Mag. 55 (1) (2017) 20–25.
[23] G. Zyskind, O. Nathan, Decentralizing privacy: Using blockchain to protect
personal data. Security and Privacy Workshops (SPW), in: 2015 IEEE. IEEE,
Declaration of competing interest 2015, pp. 180–184.
[24] A.M. Antonopoulos, Mastering Bitcoin: Unlocking Digital Cryptocurrencies,
The authors declare that they have no known competing finan- O’Reilly Media, Inc, 2014.
cial interests or personal relationships that could have appeared [25] J. Fan, YILT S, Research on the technologies of Byzan-tine system, J. Softw.
24 (6) (2013) 1346–1360.
to influence the work reported in this paper. [26] C.A.C. Maffè, Future of the CIO: Towards an Enterpreneurial Role. CIOs and
the Digital Transformation, Springer, Cham, 2018, pp. 61–68.
Acknowledgments [27] T.T.A. Dinh, R. Liu, M. Zhang, et al., Untangling blockchain: A data
processing view of blockchain systems, IEEE Trans. Knowl. Data Eng. 30
This work is partially funded by the Fujian Fumin Foundation (7) (2018) 1366–1385.
[28] M. Vukolić, Rethinking permissioned blockchains, in: Proceedings of the
and is partially supported by the Science and Technology Planning ACM Workshop on Blockchain, Cryptocurrencies and Contracts, ACM, 2017,
Project of Guangdong Province (No. 2017A050501035), Science pp. 3–7.
and Technology Program of Guangzhou (No. 201807010058), and [29] Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin, Konstanti-
the Deanship of Scientific Research, King Saud University through nos Christidis, Angelo De Caro, David Enyeart, Christopher Ferris, Gennady
Laventman, Yacov Manevich, et al., Hyperledger fabric: a distributed
research group number RG-1435-051.
operating system for permissioned blockchains, in: Proceedings of the
Thirteenth EuroSys Conference, Vol. 30, ACM, 2018.
References [30] G. Feng, L. Zhu, S. Meng, K. Sharif, Z. Wan, A blockchain-based privacy-
preserving payment mechanism for vehicle-to-grid networks, IEEE Netw.
[1] M. Avital, J. Hedman, L. Albinsson, et al., Smart money: Blockchain-based (99) (2018) 1–9.
customizable payments system, Dagstuhl Reports 7 (3) (2017) 104–106. [31] Y. Guo, C. Liang, Blockchain application and outlook in the banking
[2] H. Wang, Guo H., Achieving fairness in wireless environment//emerging industry, Financ. Innov. 2 (1) (2016) 24.
technologies: Frontiers of mobile and wireless communication 2004, in: [32] J. Wilk, Mind, nature and the emerging science of change: An introduction
Proceedings of the IEEE 6th Circuits and Systems Symposium on, Vol. 1, to metamorphology, in: Metadebates on Science, Springer, Dordrecht,
IEEE, 2004, pp. 117–120. 1999, pp. 71–87.
[3] H. Wang, H. Guo, M. Lin, et al., A new dependable exchange protocol, [33] M. Corrales, P. Jurcys, G. Kousiouris, Smart contracts and smart disclosure:
Comput Commun. 29 (15) (2006) 2770–2780. Coding a GDPR compliance framework, 2018.
[4] P. Voigt, A. von dem Bussche, The EU General Data Protection Regulation [34] A. Popescul, D.M. Pennock, S. Lawrence, Probabilistic models for unified
(GDPR). collaborative and content-based recommendation in sparse-data environ-
[5] M. Kröner, API deep dive: Who will thrive in an open banking world? ments, in: Proceedings of the Seventeenth Conference on Uncertainty in
why meeting regulatory requirements is not enough for banks to remain Artificial Intelligence, Morgan Kaufmann Publishers Inc, 2001, pp. 437–444.
relevant, J. Digit. Bank. 2 (3) (2018) 198–203. [35] S. Ma, D. Ye, Research on computing minimum entropy based attribute
[6] Omohundro S., Cryptocurrencies, smart contracts, and artificial intelligence, reduction via stochastic optimization algorithms, Moshi Shibie yu Rengong
AI Matters 1 (2) (2014) 19–21. Zhineng/Pattern Recognit. Artif. Intell. 25 (1) (2012) 96–104.
[7] E. Gaetani, L. Aniello, R. Baldoni, et al., Blockchain-based database to ensure [36] M. Mainelli, M. Smith, Sharing ledgers for sharing economies: an ex-
data integrity in cloud computing environments, 2017. ploration of mutual distributed ledgers (aka blockchain technology),
[8] P.T.S. Liu, Medical record system using blockchain, big data and tokeniza- 2015.
tion, in: International Conference on Information and Communications [37] H. Watanabe, S. Fujimura, A. Nakadaira, et al., Blockchain contract: A
Security, Springer, Cham, 2016, pp. 254–261. complete consensus using blockchain, in: 2015 IEEE 4th Global Conference
[9] M. Conoscenti, A. Vetro, J.C. De Martin, Blockchain for the internet of on Consumer Electronics, GCCE 2015, IEEE, 2015, pp. 577–657.
things: A systematic literature review, in: Computer Systems and Appli- [38] H. Wang, C. Guo, Cheng S., LoC - A New financial loan management system
cations (AICCSA), 2016 IEEE/ACS 13th International Conference of, IEEE, based on smart contracts, Future Gener. Comput. Syst. 100 (November)
2016, pp. 1–6. (2019) 648–655.
[10] H. Hou, The application of blockchain technology in E-Government in [39] H. Wang, S. Ma, H.-N. Dai, A rhombic dodecahedron topology for human-
China, in: Computer Communication and Networks (ICCCN), 2017 26th centric banking big data, IEEE Trans. Comput. Social Syst., IEEE 6 (5)
International Conference on, IEEE, 2017, pp. 1–4. (2019).
[11] R. Frey, D. Wörner, A. Ilic, Collaborative filtering on the blockchain: A [40] G.W. Peters, E. Panayi, Understanding modern banking ledgers through
secure recommender system for e-commerce, 2016. blockchain technologies: Future of transaction processing and smart con-
[12] D. Manset, Big Data and Privacy Fundamentals: Toward a Digital Skin//the tracts on the internet of money, in: Banking beyond Banks and Money,
Digitization of Healthcare, Palgrave Macmillan, London, 2017, pp. 241–255. Springer, Cham, 2016, pp. 239–278.
[13] A. Kosba, A. Miller, E. Shi, et al., Hawk: The blockchain model of cryptog-
raphy and privacy-preserving smart contracts, in: 2016 IEEE Symposium
on Security and Privacy, SP 2016, IEEE, 2016, pp. 839–858.
[14] M. Atzori, Blockchain technology and decentralized governance: Is the state Hao Wang is an associate professor in the Department
still necessary? 2015. of Computer Science in Norwegian University of Sci-
[15] V. Gatteschi, F. Lamberti, C. Demartini, et al., Blockchain and smart ence & Technology, Norway. He has a Ph.D. degree and
contracts for insurance: Is the technology mature enough?, Future Internet a B.Eng. degree, both in computer science and engi-
10 (2) (2018) 20. neering, from South China University of Technology.
[16] X. Yue, H. Wang, D. Jin, et al., Healthcare data gateways: found healthcare His research interests include big data analytics, indus-
intelligence on blockchain with novel privacy risk control, J. Med. Syst. 40 trial internet of things, high performance computing,
(10) (2016) 218. safety-critical systems, and communication security. He
[17] A. Azaria, A. Ekblaw, T. Vieira, et al., Medrec: Using blockchain for medical has published 100+ papers in reputable international
data access and permission management, in: International Conference on journals and conferences. He served as a TPC co-chair
Open and Big Data, OBD, IEEE, 2016, pp. 25–30. for IEEE DataCom 2015, IEEE CIT 2017, ES 2017, a
H. Wang, S. Ma, H.-N. Dai et al. / Future Generation Computer Systems 110 (2020) 812–823 823
senior TPC member for CIKM 2019, and reviewers for journals such as IEEE Muhammad Imran is working as Assistant Professor
TKDE, TII, TBD, TETC, T-IFS, IoTJ, TCSS, and ACM TOMM, TIST. He is a member in the College of Computer and Information Sciences,
of IEEE IES Technical Committee on Industrial Informatics. King Saud University (KSU) since 2011. He is also a
Visiting Scientist at Iowa State University, USA. His
research interest includes Internet of Things, Big Data
Shenglan Ma received the master’s degree in computer Analytics, Intelligent Transportation Systems, Cloud and
science from Fuzhou University, Fujian, China, in 2012. Edge computing, and Security and privacy. His re-
He was with the Fujian Rural Credit Union (FRCU), search is financially supported by several grants and he
Fujian, China, where he is currently a Software Re- has completed a number of international collaborative
quirement Manager. In 2018, he was a Visiting Scholar research projects with reputable universities. He has
with Norwegian University of Science and Technology published more than one hundred research articles
(NTNU), Gjøvik, Norway. His current research interests in top conferences and journals. European Alliance for Innovation (EAI) has
include big data and data mining. appointed him as an Editor in Chief for EAI Transactions on Pervasive Health
and Technology. He also serves as an associate editor for reputable international
journals such as IEEE Communications Magazine, Future Generation Computer
Systems, IEEE Access, Wireless Communication and Mobile Computing Journal
(SCIE, Wiley), Ad Hoc & Sensor Wireless Networks Journal (SCIE), IET Wireless
Sensor Systems, International Journal of Autonomous and Adaptive Commu-
nication Systems (Inderscience). He served/serving as a guest editor for more
Hong-Ning Dai is currently with Faculty of Informa- than a dozen special issues in journals such as IEEE Communications Magazine,
tion Technology at Macau University of Science and Computer Networks (Elsevier), Future Generation Computer Systems (Elsevier),
Technology as an associate professor. He obtained the MDPI Sensors, International Journal of Distributed Sensor Networks (Hindawi),
Ph.D. degree in Computer Science and Engineering from Journal of Internet Technology, and [International Journal of Autonomous and
Department of Computer Science and Engineering at Adaptive Communications Systems]. He has been involved in more than seventy
the Chinese University of Hong Kong. He also received conferences and workshops in various capacities such as a chair, co-chair and
the B.Eng. and M.Eng. degrees in Computer Science technical program committee member.
and Engineering from South China University of Tech-
nology. His current research interests include big data
analytics and internet of things. He has published more Tongsen Wang is professor-level senior engineer in
than 100 peer-reviewed papers in refereed journals and computer science and currently technical responsibility
conferences. He is also a holder of 1 U.S. patent and 1 Australia innovation in banking architecture in Fujian Rural Credit. His
patent. He is the winner of Bank of China (BOC) Excellent Research Award of research interests mainly focus on big data and data
Macau University of Science and Technology in 2015. He holds visiting positions center construction.
at the Hong Kong University of Science and Technology, the University of
New South Wales, Sun Yat-sen University, University of Electronic Science and
Technology of China and Hong Kong Applied Science and Technology Research
Institute, respectively. He has served as a guest editor for IEEE Transactions on
Industrial Informatics and an editor for International Journal of Wireless and
Mobile Communication for Industrial Systems. He is a senior member of the
Institute of Electrical and Electronics Engineers (IEEE) and a professional member
of the Association for Computing Machinery (ACM).