An Identity Privacy-Preserving Scheme against Insider Logistics Data Leakage Based on One-Time-Use Accounts

Digital transformation of the logistics industry triggered by the widespread use of Internet of Things (IoT) technology has prompted a significant revolution in logistics companies, further bringing huge dividends to society. However, the concurrent accelerated growth of logistics companies also significantly hinders the safeguarding of individual privacy. Digital identity has ascended to having the status of a prevalent privacy-protection solution, principally due to its efficacy in mitigating privacy compromises. However, the extant schemes fall short of addressing the issue of privacy breaches engendered by insider maleficence. This paper proposes an innovative identity privacy-preserving scheme aimed at addressing the quandary of internal data breaches. In this scheme, the identity provider furnishes one-time-use accounts for logistics users, thereby obviating the protracted retention of logistics data within the internal database. The scheme also employs ciphertext policy attribute-based encryption (CP-ABE) to encrypt address nodes, wherein the access privileges accorded to logistics companies are circumscribed. Therefore, internal logistics staff have to secure unequivocal authorization from users prior to accessing identity-specific data and privacy protection of user information is also concomitantly strengthened. Crucially, this scheme ameliorates internal privacy concerns, rendering it infeasible for internal interlopers to correlate the users' authentic identities with their digital wallets. Finally, the effectiveness and reliability of the scheme are demonstrated through simulation experiments and discussions of security.

Automated summary

The digital transformation of the logistics industry, driven by IoT technology, has brought significant benefits but also raised concerns about privacy. This paper proposes an innovative identity privacy-preserving scheme to address the issues of internal data breaches and privacy breaches, using one-time-use accounts and ciphertext policy attribute-based encryption technology.