An efficient blind filter: Location privacy protection and the access control in FinTech

Abstract

Abstract Financial technology(FinTech) is a new item in the financial industry, which has become a popular item that describes novel technologies adopted by the financial service institutions. This term covers a large range of techniques, from data security to financial service. Specially, user privacy protection is generally considered one of the most significant aspects in the financial security domain and preserving data carrying privacy is a critical task in producing a privacy protection strategy, e.g., one of the crucial issues in mobile finance is to ensure the legitimate mobile device users can efficiently search inclusive information from servers without leaking the user privacy. More precisely, more and more mobile finance APP(e.g., AliPay, China Unionpay Quick Pass) has the auxiliary tool or third-party services function that enable users make a location-based services(LBS) query, while the LBS usually carry users’ location privacy and that data of service providers should be accessed by legitimate users. In order to address this problem, in this paper, we propose a privacy-preserving LBS framework which supports the query area is a square area based on the user’s location, and achieves fine-grained access control on the financial service provider data, user’s privacy(especially location privacy), confidentiality of the service provider data, and accurate query result. More precisely, our framework also uses redundant point-of-interesting(POI) records to protect privacy against LBS provider(LBSP), but employs a semi-trusted third party(called proxy) to filter out redundant POI records. We propose a novel blind filter protocol based on comparable attribute-based encryption(CABE) and “transformation” technique, which can filter out the encrypted POI records under the condition that both LBSP and proxy without knowing the user’s location information. In comparison with existing solutions, our framework not only realize access control on service provider data innately, but also incurs lower communication and computation overhead on the user side. The analysis and the experiments indicate that our framework is secure and efficient for mobile devices in terms of computation and the communication overhead.