Description:TECHNICAL FIELD
[0001] The present disclosure relates, in general, to blockchain technology, and more specifically, relates to a system and method for blockchain-based identity management and secure file sharing.

BACKGROUND
[0002] The requirement of file sharing between independent organizations monitored by a governing organization poses technological hindrances. Individual organizations possess self-efficient systems to address their identity management and file-sharing systems. Orchestration of these plurality systems and establishing a secure file-sharing platform across organizations leads to trust issues, data redundancies and falsity. The solution to this demands a reliable system delivering trust, data integrity, data availability, visibility and security. The procedure for establishing such a system includes the generation of a verifiable trusted identity for each user after the user identity gets approved by its organization and controller or governing organization. The trusted user can access or share data with other trusted users in a secure and controlled manner.
[0003] One of the methods to address this issue is to establish a centralized system to provide restricted access and file sharing across organizations. This approach has a single point of failure and causes loss of critical data there forth makes this approach inefficient. Moreover, storage of sensitive data centrally is not preferred by organizations. Centralized systems are more vulnerable to attacks like Fraggle attack, Smurf attack etc. The most desirable method is to establish a trusted distributed system with restricted access to authenticated users for securely sharing the data. Blockchain provides trusted distributed data storage for identity management, however, blockchain is not efficient for storing large files. It is both costly and time-consuming to try to store large amounts of data. To address this issue, distributed storage system like inter-planetary file systems (IPFS) is used along with blockchain. These distributed technologies are self-efficient when leveraged independently.
[0004] An example is recited in a patent US10749684B2, entitled "Method and Apparatus for Blockchain Participant Identity Binding". The invention provides a method to bind the public encryption key and public verification key with the identity. An entity "Registration Authority" registers a user by binding the user identity with public encryption and verification keys. The identity-keys binding is recorded in the blockchain and is available to all the participants of the blockchain. When the originator wants to send data to a recipient, he queries the blockchain for recipient identity and encryption public key. The originator encrypts the transaction with his private key and encrypts the transaction with the public keys of all the recipients and posts the transaction as a block in the blockchain. The recipient retrieves the block and verifies the transaction with the binder's public key, then the recipient decrypts the transaction with his private key and processes the transaction.
[0005] An example is recited in a patent CN107273410B, entitled “Blockchain-based distributed storage”. The patent describes an approach to adding a file to distributed storage (IPFS) using blockchain. Here the client selects the file to be stored and uploads it to the distributed storage, the system divides it into blocks and stores it on different IPFS nodes and returns a hash value pointing to the file. The file blocks are retrieved using Distributed Hash Table (DHT).The digital fingerprint obtained from each file stored is recorded in the blockchain. The blockchain transaction recorded comprises the digital signature of the file sender. Each transaction made between the sender machine and IPFS storage is recorded in the blockchain.
[0006] Therefore, it is desired to overcome the drawbacks, shortcomings, and limitations associated with existing solutions, and develop a system where blockchain and IPFS are orchestrated to provide trusted identity management and secure file sharing.

OBJECTS OF THE PRESENT DISCLOSURE
[0007] An object of the present disclosure relates, in general, to blockchain technology, and more specifically, relates to a system and method for blockchain-based identity management and secure file sharing.
[0008] Another object of the present disclosure is to provide a system that ensures shared file security and access restriction by two-stage encryption and decryption.
[0009] Another object of the present disclosure is to provide a system that ensures confidentiality, integrity, and availability of files.
[0010] Yet another object of the present disclosure is to provide an efficient system that collaborates and shares files in a transparent manner.

SUMMARY
[0011] The present disclosure relates, in general, to blockchain technology, and more specifically, relates to a system and method for blockchain-based identity management and secure file sharing. The main objective of the present disclosure is to overcome the drawback, limitations, and shortcomings of the existing system and solution, by providing a system for secure and transparent inter-organizational identity management and file sharing. The present disclosure can be useful for a consortium of organizations that want to collaborate and transparently share files.
[0012] The present disclosure relates to a system for blockchain-based identity management and file sharing, the system can include a plurality of computing devices in a computer network. Each computing device is associated with at least one organization of a plurality of organizations. The plurality of organizations has at least one controller organization, wherein at least one user of a plurality of users from each organization is designated as approver and at least one user from the controller organization is designated as controller. A processor operatively coupled to the plurality of computing devices, the processor configured to perform user identity registration, authentication of user identity, update of user identity, deletion of user identity, sharing of the file, retrieval of file and deletion of the file, thereby ensuring confidentiality, integrity, and availability of files, stores a large amount of data in less time and is cost-efficient.
[0013] The processor can register the plurality of users associated with the plurality of organizations using sequential approval from the approver and the controller. The user identity is registered on the blockchain and is available across all the organizations for identity verification. The user identity is validated by an approver from its organization and a controller from the controller organization in a sequential manner during the user identity registration method.
[0014] Accordingly, the processor can authenticate the plurality of users with user credentials and user identity data is verified through the blockchain. The processor can update the user identity data using a sequential approval process from the approver and the controller and delete transaction in the blockchain using sequential approval from the approver and the controller to provide inaccessibility of the user identity data to the requested user.
[0015] In addition, the processor can share files securely among the registered users of the plurality of organizations using the blockchain interface and distributed storage interface. To share files among the users of the consortium, a distributed peer-to-peer storage system can be used for storing and accessing files. The file to be shared is stored in IPFS, where each of the organizations may host a distributed node to form a peer-to-peer resilient distributed storage system. The file to be shared from the sender to the receiver is encrypted using the symmetric key at the sender machine and the encrypted file is uploaded to the distributed storage. The distributed storage returns the Content Identifier (CID) for the uploaded file, which is generated based on the file content. The CID of the file and the symmetric key are added to a meta file. The meta file is encrypted with the public key of the recipient. The encrypted metafile is stored on the blockchain. When there are multiple recipients, separate metafile can be created for each recipient.
[0016] Moreover, the processor can retrieve the files from the distributed storage by determining the file access right through the blockchain. In the file retrieval method, the recipient queries the blockchain for the list of files he/she is allowed to access.The recipient selects a file from the list. The metafile corresponding to the selected file may be retrieved from the blockchain. The recipient may decrypt the metafile with his/her private key. The plain metafile contains the CID of the file and the symmetric key. The desired file may be retrieved from the IPFS using the CID from the metafile. The file is decrypted using the symmetric key and the desired file is obtained in plain form, thus ensuring shared file security and access restriction by two-stage encryption and decryption. Further, the processor can provide an entry for file deletion in the blockchain and unpinning the files from the distributed storage.
[0017] Various objects, features, aspects, and advantages of the inventive subject matter will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which like numerals represent like components.

BRIEF DESCRIPTION OF THE DRAWINGS
[0018] The following drawings form part of the present specification and are included to further illustrate aspects of the present disclosure. The disclosure may be better understood by reference to the drawings in combination with the detailed description of the specific embodiments presented herein.
[0019] FIG. 1 illustrates an exemplary system architecture of inter-organizational blockchain and distributed storage network with user identity operations and file operations, in accordance with an embodiment of the present disclosure.
[0020] FIG. 2 illustrates an exemplary framework of user identity registration, in accordance with an embodiment of the present disclosure.
[0021] FIG. 3 illustrates an exemplary framework of user authentication using user credentials and blockchain, in accordance with an embodiment of the present disclosure.
[0022] FIG. 4 illustrates an exemplary framework of the user identity update, in accordance with an embodiment of the present disclosure.
[0023] FIG. 5 illustrates an exemplary framework of the user identity deletion using AIMS and blockchain, in accordance with an embodiment of the present disclosure.
[0024] FIG. 6 illustrates an exemplary framework of secure file sharing using blockchain and IPFS in accordance with an embodiment of the present disclosure.
[0025] FIG. 7 illustrates an exemplary framework of the file retrieval using blockchain and IPFS in accordance with an embodiment of the present disclosure.
[0026] FIG. 8 illustrates an exemplary framework of file deletion using blockchain and IPFS in accordance with an embodiment of the present disclosure.
[0027] FIG. 9 illustrates an exemplary flow chart of a method for blockchain-based identity management and secure file sharing in accordance with an embodiment of the present disclosure.

DETAILED DESCRIPTION
[0028] The following is a detailed description of embodiments of the disclosure depicted in the accompanying drawings. The embodiments are in such detail as to clearly communicate the disclosure. If the specification states a component or feature “may”, “can”, “could”, or “might” be included or have a characteristic, that particular component or feature is not required to be included or have the characteristic.
[0029] As used in the description herein and throughout the claims that follow, the meaning of “a,” “an,” and “the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise.
[0030] The present disclosure relates, in general, to blockchain technology, and more specifically, relates to a system and method for blockchain-based identity management and secure file sharing. The proposed system disclosed in the present disclosure overcomes the drawbacks, shortcomings, and limitations associated with the conventional system by providing a system for secure and transparent inter-organizational identity management and file sharing. The present disclosure aims to render identity management, secure and trusted file sharing for a consortium of organizations using blockchain and distributed storage (IPFS). The system includes identity management involving user identities, which are sequentially approved by their own organization and controller organization. The approved user identity may be written to the blockchain ledger and is available across all the organizations of the consortium for user identity verification. The user identity is verified using a blockchain smart contract. The authenticated user can encrypt and share file(s) with any other user(s) of the consortium. The shared file can be stored on the IPFS and the content identifier (CID) of the corresponding shared file returned by IPFS and symmetric key may be stored in metafile which is encrypted with receiver public key and encrypted metafile is recorded as a transaction in the tamper-proof blockchain ledger. The present disclosure can be described in enabling detail in the following examples, which may represent more than one embodiment of the present disclosure.
[0031] The advantages achieved by the system of the present disclosure can be clear from the embodiments provided herein. The system ensures shared file security and access restriction through two-stage encryption and decryption. The system ensures confidentiality, integrity, and availability of files. Further, the present disclosure provides an efficient system that collaborates and transparently shares files. The description of terms and features related to the present disclosure shall be clear from the embodiments that are illustrated and described; however, the invention is not limited to these embodiments only. Numerous modifications, changes, variations, substitutions, and equivalents of the embodiments are possible within the scope of the present disclosure. Additionally, the invention can include other embodiments that are within the scope of the claims but are not described in detail with respect to the following description.
[0032] FIG. 1 illustrates an exemplary system architecture of inter-organizational blockchain and distributed storage network with user identity operations and file operations, in accordance with an embodiment of the present disclosure.
[0033] Referring to FIG. 1, system 100 is configured for secure and transparent inter-organizational identity management and file sharing. The system 100 can include two or more organizations (102-1 to 102-4 (which are collectively referred to as organizations 102, herein)).The system 100 can include two or more computing devices 116 in a computer network. Each computing device 116 is associated with two or more organizations i.e., organizations of the consortium. The two or more organizations 102 that include at least one controller organization 102-4. At least one user from each organization is designated as approver and at least one user from the controller organization is designated as controller. Each organization may have a blockchain ledger 104, Authentication and Interfacing Management Server (AIMS) 106, IdentityDatabase (IDB) 108, a smart contract 110, a Certificate Authority (CA) 112 and a distributed storage 114. The distributed storage can be an Interplanetary File System (IPFS), where IPFS is a peer-to-peer distributed storage system. IPFS is content-addressable storage, i.e., a document uploaded on the IPFS is accessed by a Content Identifier (CID), which is a cryptographic hash of the contents at that address. IPFS allows us to store files in a distributed way across all the organizations of the consortium.
[0034] The system 100 with sequential authentication of users and a secure file sharing mechanism for a consortium of organizations using blockchain and IPFS. The user identities of the approver and controller may be created by the blockchain administrator and written to the blockchain ledger. Certificates are generated for both approver and controller. In the user identity registration method, each user identity needs to be approved by the approver and the controller. The approved user identity may be written to the blockchain ledger and is available across all the organizations of the consortium. Once the user is authenticated, he/she can share files with any other user of the consortium. The file may be stored on the IPFS and the shared file details may be recorded as a transaction in the tamper-proof blockchain ledger.
[0035] Seven types of transactions can be performed on the blockchain i.e., user identity registration, authentication of user identity, update of user identity, deletion of user identity ,sharing of the file, retrieval of file and deletion of the file. The blockchain ledger 104 and distributed storage 114may be maintained by each of the organizations in the consortium. The AIMS server 106 provides the interface between the sender, receiver, blockchain network and the distributed storage. The IDB 108 is used by the AIMS 106 to store the user identity data along with user credentials like password hash.
[0036] In an embodiment, the smart contract 110 is a program on blockchain that execute automatically when a predefined set of conditions are met. The smart contract 110 in the proposed system automates the identity management and file operations through verification from the approver and controller. The certification authority may be used to issue user certificates. The blockchain is a distributed ledger technology, which records each transaction taking place on the blockchain network. A block consists of a list of transactions and a hash. Once a transaction is recorded in the blockchain, it cannot be modified, because the hash of a block is used for the calculation of the hash of the subsequent block, forming a chain of blocks through hashes. Blockchain allows the transactions to be carried out without the need of any trusted third party or intermediary. The underlying cryptography ensures the security of the transactions.
[0037] In an embodiment, the processor 118 is configured to register the user associated with the two or more organizations 102 as shown in FIG.2 by generating a public key or private key and sending a registration request with user identity data, where the user identity data can include name, email, organization, user certificate, a hash of user identity data and signature of the user on hash. Processor118 can verify the signature of the user through the smart contract in the blockchain 608. Processor 118 can create a blockchain ID for the requested user when the approver and controller sequentially approve the user identity data, where the user identity registration transaction is created in the blockchain with the blockchain ID, user identity data, and approver signature, controller signature and user public key.
[0038] The processor 118 can authenticate the user with user credentials and the user identity data is verified through blockchain 608 as shown in FIG. 3. The processor is configured to authenticate the user by sending the blockchain ID, user credentials, user identity data, signature of blockchain ID associated with the organization, where the signature of blockchain ID is verified through the smart contract in the blockchain.
[0039] The processor118 is configured to update the user identity data using a sequential approval process from the approver and the controller depicted in FIG. 4. Processor 118 is configured to update the user identity data by sending the identity update request. The processor 118 can verify the updated user identity data, updated user identity data hash and user signature on the hash by the approver through the smart contract and verify the user signature and approver signature on the hash of the updated data by the controller through the smart contract. The updated user identity data is written as a transaction in blockchain 608.
[0040] The processor 118 is configured to delete the transaction in the blockchain (608) using sequential approval from the approver and the controller to provide inaccessibility of the user identity data to the user as shown in FIG. 5.The processor 118 is configured to delete the user identity data by initiating the delete request. The processor 118 can verify the signature of the user on the blockchain ID by the approver using the smart contract, and further verify the signature of the user and approvers signature on the blockchain ID by the controller using the smart contract, wherein the deletion entry for the user is made as a transaction in the blockchain (608).
[0041] In another embodiment, the processor 118 is configured to share files securely among the registered users of two or more organizations using the blockchain interface and distributed storage interface depicted in FIG. 6. The processor 118 can share the files by encrypting the files using a symmetric key to generate a file ID by concatenating the filename, sender blockchain ID and timestamp. The processor 118 can send the encrypted file to the distributed storage interface of the AIMS. The processor 118 can upload, by the distributed storage interface, the encrypted file to the distributed storage, which returns the CID for the uploaded encrypted file to the distributed storage interface and generate a metafile with the CID and the symmetric key. The processor 118 can encrypt the metafile using the corresponding public key of the sender and the receiver. The file-sharing transaction entry is made in the blockchain with file ID, encrypted metafiles, sender blockchain ID, receivers blockchain ID, shared file attributes and senders’ signature on the file ID.
[0042] The processor 118 is configured to retrieve the files from the distributed storage by determining the file access right through the blockchain. The processor 118 is configured to retrieve the files by submitting a file retrieval request with file ID and signature on the file ID to the smart contract of the blockchain depicted in FIG. 7. The processor can verify, by the smart contract, the signature of the sender and receiver to retrieve the metafile corresponding to the file to be retrieved from the blockchain 608 and decrypt the encrypted metafile using the private key of the receiver such that the symmetric key and the CID of the encrypted file are retrieved, where the target file is retrieved from the distributed storage by using the CID. The processor 118 can decrypt the retrieved target file using the symmetric key and the decrypted file is made available to the receiver.
[0043] The processor 118 is configured to provide an entry for file deletion in the blockchain and unpinning the files from the distributed storage depicted in FIG. 8. The processor can request file deletion by sending the file ID and signature of the file ID to the smart contract of the blockchain. The processor can verify, by the smart contract, the signature of the user to retrieve the metafile corresponding to the file to be deleted from blockchain 608 and make an entry for deletion of the file as a transaction in the blockchain. The processor can decrypt the encrypted metafile using the private key of the user and the CID of the encrypted file is retrieved, wherein the target file is deleted from the distributed storage by using the CID.
[0044] Thus, the present invention overcomes the drawbacks, shortcomings, and limitations associated with existing solutions, and provides a system that ensures shared file security and access restriction by two-stage encryption and decryption. The system ensures confidentiality, integrity, and availability of files and stores a large amount of data. Further, the present disclosure provides an efficient system that collaborates and shares files in a transparent manner.
[0045] FIG. 2 illustrates an exemplary framework of user identity registration, in accordance with an embodiment of the present disclosure. As depicted in FIG.2, in the user identity registration method, the certification authority (CA) certificate of the respective organization is generated 202 and written to the Blockchain ledger through the uploadCACertificate function of the smart contract. The approver certificate is generated 204 and signed by CA is written to the blockchain ledger using, the uploadApproverCertificate function of the smart contract. The controller certificate is generated 206 and signed by controller organization CA that is written to the blockchain ledger using, the uploadControllerCertificate function of the smart contract.
[0046] The uploading of certificates is a one-time activity before the first user identityregistration. The user as presented in the example depicts a user from any organization of the consortium. The user generates 208 public/private keypairs on his/her machine and sends the registration request 210 with user identity data i.e., name, email, organization, a hash of user data, signed hash and user’s public key. The CA verifies the user data, hash and signature using the user’s public key 212. The CA sends the user identity verification status to user 214. The user sends the certificate signing request 216 to CA. The CA processes the certificate signing request 218 and sends the CA-signed certificate to the user. The user sends the registration request 220 to AIMS with name, email, organization, password hash, user certificate, the hash of user identity data and signature of hash. The AIMS server verifies 222of the user data and records the same in IDB after successful verification.
[0047] The AIMS sends the registration request 224 with user identity data i.e., name, email, organization, user certificate, the hash of user identity data and signature of the user on the hash of the user identity data to the approver. The approver verifies 226 user signatures on the hash of user identity data through the approverVerificationForRegistration function of the smart contract and sends the registration request to the controller. After verification, user data, hash, user certificate, approval status (success/failure) and approver's signature on the hash of user identity data is written 228 to the blockchain ledger. The controller verifies 230 the approver and user's signature on hash using the public keys of approver and user. If verification is successful 232 then the controller generates the Blockchain ID based on user identity data and writes the blockchain ID, user's approval status, user data, approver signature and controller signature to the blockchain ledger and sends 234 the registration request status and Blockchain ID to the AIMS, using the controllerVerificationForRegistration function of the smart contract. AIMS may update 236 the IDB, and send registration request status 238 and blockchain ID to the user.
[0048] FIG. 3 illustrates an exemplary framework of user authentication using user credentials and blockchain, in accordance with an embodiment of the present disclosure. The user sends 302 the blockchain ID, user credentials, signature of blockchain ID and nonce to AIMS. The AIMS verifies 304 the user credentials through the IDB. The AIMS sends the authentication request 306 with blockchain ID, the signature of blockchain ID+nonce and nonce to the authenticateIdentity function of the smart contract. The smart contract verifies 308 of the Blockchain ID and the signature of the Blockchain ID. The smart contract returns the identity verification status 310. Depending on the verification status the user is notified 312 about the login.
[0049] FIG. 4 illustrates an exemplary framework of the user identity update, in accordance with an embodiment of the present disclosure. The authenticated user 402 sends the identity update request 406 with updated user identity data i.e., Blockchain ID, name, email, hash(user identity data) and signature of the hash 404. The approverVerificationForUpdate function of the smart contract verifies 408 the user signature on hash, the hash of user identity data and sends the update transaction with the approval status (success/failure) to the controller. The approver writes 410 the user identity data, hash, and approval status (success/failure) to the blockchain ledger with the approver's signature on the hash of the user data. The controller verifies 412 the approver and user's signature on the hash of the user identity data and writes the Blockchain ID, user's identity update approval status (success/failure), user's identity data, approver's signature, and controller signature to the blockchain ledger using controllerVerificationForUpdate function of the smart contract. The user identity update status notification 414 may be sent to the AIMS 106. AIMS 106 sends the identity update status notification to the user.
[0050] FIG. 5 illustrates an exemplary framework of the user identity deletion using AIMS and blockchain, in accordance with an embodiment of the present disclosure. The authenticated user 502 initiates the delete request 504 with Blockchain ID, a signature on the blockchain ID and user credentials 506. AIMS can verify 508 the user credentials and sends the user identity deletion request with blockchain ID and user signature on blockchain ID to the approver. The approver verifies the user signature with the user certificate using the approverVerificationForDelete function of the smart contract. After verification, the approver sends the delete approver status (success/failure) to the controller. The approver writes 510 the blockchain ID, approval status (success/failure), user's signature and approver's signature to the blockchain ledger. The controller verifies 512 the user's signature and approver's signature and if verification 514 is successful then deletion entry for that user is written to the ledger with delete transaction using controllerVerificationForDelete function of the smart contract. The smart contract notifies 516 AIMS about the status of the deletion request. AIMS notifies 518 users about the delete request status.
[0051] FIG. 6 illustrates an exemplary framework for secure file sharing using blockchain and IPFSin accordance with an embodiment of the present disclosure. The file-sharing system consists of the blockchain network 608, IPFS network 606,AIMS 604, an encryption module or/and a decryption module 602. The blockchain network is a network of all the organizations in the consortium. Each organization in the blockchain network represents a node. The node contains the blockchain ledger and a smart contract that may have functions for queryFilesForIdentity, fileSharing, fileRetrieval and fileDeletion.
[0052] The IPFS is distributed peer-to-peer storage system. Each organization may host an IPFS node for creating the IPFS node cluster. The AIMS 604 provides an interface between the user i.e., sender/receiver/file owner end encryption/decryption module 602, IPFS storage 606 and Blockchain network 608. The user end encryption/decryption module 602 is used for the encryption/decryption of the input file and the meta file. AIMS mainly consists of IPFS interface 610 and blockchain interface 612.
[0053] The sender or file sender login with Blockchain ID and valid credentials. The sender selects the file to be shared, lists of recipients, and shares the file. A symmetric key K may be generated at the sender end. The K is referred to as the combination of initialization vector (IV) and random key used during the encryption/decryption of a file. The input file can be encrypted using a symmetric encryption algorithm with key K. A fileID is generated for the encrypted file by concatenating the filename, sender’s blockchain ID and timestamp. The encrypted file is sent to the IPFS interface 610 of the AIMS 604. IPFS interface 610 may upload the encrypted file to the IPFS distributed storage 606. The IPFS storage may return the CID for the uploaded encrypted file to the IPFS interface. The IPFS interface 610 may return this CID to the encryption module 602. A metafile may be created with symmetric key K and CID received from the IPFS interface. The encryption module requests the public key(s) of the recipient(s) from the blockchain interface 612.
[0054] The blockchain interface 612 queries for the public key(s) through the queryIdentities function of the smart contract. The blockchain interface 612 returns the public key(s) of the recipient(s) to the encryption module 602. The metafile can be encrypted with each of the recipient's public keys and encrypted metafile may be created for each recipient. The file ID, encrypted metafile(s), sender ID, recipient(s) ID, file name, file size, and Signature of FileID may be sent to the blockchain interface 612 of AIMS 604. The blockchain interface 612 of AIMS 604 may invoke the fileSharing function of the smart contract with the received inputs. The fileSharing function of the smart contract may verify the sender’s signature and creates a file-sharing transaction with the File ID, encrypted metafile(s), sender ID, recipient(s) ID, file name, file size, and Signature of FileID in the blockchain ledger. The sender identity and receiver(s) identity for the shared file may be linked with the File ID in the blockchain. After a successful transaction, a notification may be sent to the blockchain interface 612 of AIMS. The blockchain interface 612 sends the file-sharing status to the sender. In secure file sharing, two-stage encryption is used by encrypting the file to be shared with the symmetric key, storing the symmetric key in metafile and encrypting the meta file with the receiver's public key.
[0055] FIG. 7 illustrates an exemplary framework of the file retrieval using blockchain and IPFS in accordance with an embodiment of the present disclosure. The receiver or file recipient login with the blockchain ID and valid credentials. The Blockchain interface 612 of the AIMS 604 queries the list of the files the recipient is allowed to access through the queryFilesForIdentity function of the smart contract. The queryFilesForIdentity function returns a list of files with their File IDs. AIMS 604 may use this list of files to populate the file browser of the receiver. The receiver selects a file from the file browser to retrieve the file. The receiver requests the selected file by sending the File ID and signature on the File ID to the blockchain interface. Using the File ID of the requested file, the Blockchain interface 612 queries the metafile of the requested file through the retrieveFile function of the smart contract. The retrieveFile function verifies the sender and receiver's signatures and returns the encrypted metafile.
[0056] The receiver end decryption module decrypts the metafile using the recipient's private key. The plain metafile contains CID and Symmetric key K is retrieved. The CID is sent to the IPFS interface 610 of AIMS 604. The IPFS interface 610 requests the encrypted file from IPFS. IPFS returns the encrypted file. The encrypted file is decrypted using the symmetric key K. In file retrieval, two-stage decryption is performed by decrypting the metafile with the private key of the receiver, obtaining the symmetric key from the metafile, and decrypting the encrypted file with the symmetric key. The decrypted plain file is shared with the recipient.
[0057] FIG. 8 illustrates an exemplary framework of file deletion using blockchain and IPFS in accordance with an embodiment of the present disclosure. The user or file owner login using Blockchain ID and credentials. The AIMS 604 queries the blockchain for the list of files that the user is allowed to delete. The queryFilesForIdentity function of the smart contract returns the list of files. The filebrowser of the user is populated with the list of files. The user selects the file to be deleted. The fileowner requests file deletion with File ID and signature of File ID. The Blockchain interface of AIMS requests the metafile of the selected file from the blockchain using the retrieveFile function of the smart contract. The smart contract verifies the users i.e., file owner signature, retrieves the metafile for the requested file and makes a delete file entry in the blockchain and returns the encrypted metafile. The metafile is decrypted using the file owner’s private key. CID of the file is retrieved from the metafile. A file deletes or unpin request is sent to the IPFS interface. IPFS interface sends the file delete request to the IPFS. The IPFS performs the file delete operation and sends the file deletion status to the IPFS interface. The IPFS interface sends the file deletion status to the user.
[0058] FIG. 9 illustrates an exemplary flow chart of a method for blockchain-based identity management and secure file sharing in accordance with an embodiment of the present disclosure.
[0059] Referring to FIG. 9, method 900 includes block 902, the processor can register a plurality of users associated with the plurality of organizations using sequential approval from the approver and the controller, where the processor operatively coupled to the plurality of computing devices, each computing device is associated with at least one organization of a plurality of organizations, the plurality of organizations having at least one controller organization, wherein at least one user of a plurality of users from each organization is designated as approver and at least one user from the controller organization is designated as controller;
[0060] At block 904, authenticate the plurality of users with user credentials and user identity data is verified through the blockchain ledger. At block 906 update the user identity data using a sequential approval process from the approver and the controller. At block 908, delete the transaction in the blockchain ledger using sequential approval from the approver and the controller to provide inaccessibility of the user identity data to the requested user. At block 910, share files securely among the registered users of the plurality of organizations using blockchain interface and distributed storage interface. At block 912 retrieve the files from the distributed storage by determining the file access right through the blockchain ledger and block 914 provide an entry for file deletion in the blockchain ledger and unpinning the files from the distributed storage.
[0061] It will be apparent to those skilled in the art that the system 100 of the disclosure may be provided using some or all of the mentioned features and components without departing from the scope of the present disclosure. While various embodiments of the present disclosure have been illustrated and described herein, it will be clear that the disclosure is not limited to these embodiments only. Numerous modifications, changes, variations, substitutions, and equivalents will be apparent to those skilled in the art, without departing from the spirit and scope of the disclosure, as described in the claims.

ADVANTAGES OF THE PRESENT INVENTION
[0062] The present disclosure provides a system that ensures shared file security and access restriction by two-stage encryption and decryption.
[0063] The present disclosure provides a system that ensures confidentiality, integrity, and availability of files.
[0064] The present disclosure provides an efficient system that collaborates and transparently shares files.
 
, Claims:1. A system (100) for blockchain-based identity management and file sharing, the system comprising:
a plurality of computing devices (116) in a computer network, each computing device is associated with at least one organization of a plurality of organizations (102), the plurality of organizations having at least one controller organization, wherein at least one user of a plurality of users from each organization is designated as approver and at least one user from the controller organization is designated as controller; and
a processor (118) operatively coupled to the plurality of computing devices, the processor configured to:
register the plurality of users associated with the plurality of organizations (102) using sequential approval from the approver and the controller;
authenticate the plurality of users with user credentials and user identity data is verified through blockchain (608);
update the user identity data using a sequential approval process from the approver and the controller;
delete transaction in the blockchain (608) using sequential approval from the approver and the controller to provide inaccessibility of the user identity data;
share files securely among the registered users of the plurality of organizations using the blockchain (608) and distributed storage (606);
retrieve the files from distributed storage (606) by determining the file access right through the blockchain (608); and
providing an entry for file deletion in the blockchain (608) and unpinning the files from the distributed storage (606).
2. The system as claimed in claim 1, wherein each computing device (116) associated with the corresponding organization comprises a blockchain ledger (104), an authentication and interfacing management server (AIMS) (106), an identity database (IDB) (108), a smart contract (110), a certificate authority (CA) (112) and a distributed storage (114), wherein the AIMS server (106) provides the interface between the sender, receiver, blockchain (608) and the distributed storage (606).
3. The system as claimed in claim 1, wherein the processor (118) is configured to:
register the plurality of users associated with the plurality of organizations (102) by generating a public key and private key and sending a registration request with user identity data, the user identity data comprises name, email, organization, user certificate, a hash of user identity data and user signature on hash;
verify the user signature through the smart contract in the blockchain (608); and
create a blockchain ID for the requested user when the approver and controller sequentially approve the user identity data, wherein the user identity registration transaction is created in the blockchain (608) with the blockchain ID, user identity data, approver signature, controller signature and the user public key.
4. The system as claimed in claim 1, wherein the processor (118) is configured to:
authenticate the plurality of users by sending the blockchain ID, user credentials, user identity data, and signature of blockchain ID associated with the organization, wherein the blockchain ID and the signature of blockchain ID are verified through the smart contract in the blockchain.
5. The system as claimed in claim 1, wherein the processor (118) is configured to:
update the user identity data by sending the identity update request;
verify the updated user identity data, updated user identity data hash and user signature on the hash by the approver through the smart contract; and
verify the user signature and approver signature on the hash of the updated data by the controller through the smart contract, wherein the updated user identity data is written as a transaction in the blockchain.
6. The system as claimed in claim 1, wherein the processor (118) is configured to:
delete the user identity data by initiating the delete request; and
verify the user signature on the blockchain ID by the approver using the smart contract;
verify the user signature, and approvers signature on the blockchain ID by the controller using the smart contract, wherein the deletion entry for the user is made as a transaction in the blockchain (608).
7. The system as claimed in claim 1, wherein the processor (118) is configured to:
share the files by encrypting the files using a symmetric key to generate a file ID by concatenating filename, sender blockchain ID and timestamp;
send the encrypted file to the distributed storage interface (610) of the AIMS (604);
upload, by the distributed storage interface (610), the encrypted file to the distributed storage (606), which returns the content identifier (CID) for the uploaded encrypted file to the distributed storage interface;
generate a metafile with the CID and the symmetric key; and
encrypt the metafile using a corresponding public key of the sender and the receivers, wherein a file-sharing transaction entry is made in the blockchain with file ID, encrypted metafiles, sender blockchain ID, receivers blockchain ID, shared file attributes and senders signature on the file ID.
8. The system as claimed in claim 1, wherein the processor (118) is configured to:
retrieve the files by submitting a file retrieval request with the file ID and signature on the file ID to the smart contract of the blockchain (608);
verifies, by the smart contract of the blockchain, the signature of the sender and receiver to retrieve the metafile corresponding to the file to be retrieved from the blockchain (608); and
decrypt the encrypted metafile using the private key of the receiver such that the symmetric key and the CID of the encrypted file are retrieved;
retrieve the target file from the distributed storage by using the CID;
decrypt the retrieved target file using the symmetric key and the decrypted file is made available to the receiver.
9. The system as claimed in claim 1, wherein the processor (118) is configured to:
request file deletion by sending the file ID and signature of the file ID to the smart contract of the blockchain;
verifies, by the smart contract of the blockchain (608), the signature of the sender to retrieve the metafile corresponding to the file to be deleted from the blockchain (608) and make an entry for deletion of the file as a transaction in the blockchain;
decrypt the encrypted metafile using the private key of the sender and such that the symmetric key and the CID of the encrypted file are retrieved, wherein the target file is deleted from the distributed storage by using the CID.
10. A method (900) for blockchain-based identity management and file sharing, the method comprising:
registering (902), at a processor, a plurality of users associated with the plurality of organizations using sequential approval from the approver and the controller, wherein the processor operatively coupled to the plurality of computing devices, each computing device is associated with at least one organization of a plurality of organizations, the plurality of organizations having at least one controller organization, wherein at least one user of a plurality of users from each organization is designated as approver and at least one user from the controller organization is designated as controller;
authenticating (904) the plurality of users with user credentials and user identity data is verified through blockchain;
updating (906) the user identity data using a sequential approval process from the approver and the controller;
deleting (908) transaction in the blockchain using sequential approval from the approver and the controller to provide inaccessibility of the user identity data;
sharing (910) files securely among the registered users of the plurality of organizations using blockchain interface and distributed storage interface;
retrieving (912) the files from the distributed storage by determining the file access right through the blockchain; and
providing (914) an entry for file deletion in the blockchain and unpinning the files from the distributed storage.