🧬 BioFS: Blockchain-Verified Genomic Data Access

How PIL licenses enable GDPR-compliant data sharing with complete audit trails

What is BioFS?

BioFS is GenoBank's command-line interface (CLI) that enables researchers to securely download genomic data files using blockchain-verified licenses. Instead of traditional password-based access, BioFS uses Story Protocol's Programmable IP Licenses (PIL) to manage permissions.

MetaMask Web3 Wallet

🌐 World's First Web3 Biodata Filesystem

Authenticate with your MetaMask wallet (or any Web3 wallet) to access genomic data. No passwords, no centralized servers - just cryptographic signatures verifying your identity and blockchain-validated licenses proving your access rights to S3 bucket objects.

🔐 Passwordless Web3 Authentication

📦 Quick Install

npm install -g @genobank/biofs
biofs login
biofs download 0xYourIPAssetID .

How It Works

Let's follow a real example: Daniel owns a VCF file and grants Dra. Claudia (a researcher) permission to download it using License Token #40205.

1️⃣ Authentication

Researcher authenticates with Web3 wallet signature - no passwords needed.

2️⃣ License Verification

Story Protocol smart contract verifies the researcher holds a valid license token.

3️⃣ Secure Download

AWS S3 presigned URL generated for time-limited, signature-protected access.

4️⃣ Audit Trail

Every download logged to MongoDB for GDPR compliance tracking.

Architecture Overview

The BioFS architecture represents a paradigm shift in genomic data access control. Unlike traditional systems that rely on centralized authentication servers and database permissions, BioFS implements a fully decentralized stack where blockchain smart contracts serve as the source of truth for access rights.

BioFS Architecture Diagram

Figure 1: BioFS end-to-end architecture showing how Web3 authentication, Story Protocol licenses, and AWS S3 storage work together to enable secure, auditable genomic data downloads.

The diagram above illustrates the complete data flow when a researcher uses BioFS to download a genomic file. Let's break down each component:

🔍 Reading the Architecture Diagram

Top Layer (User): Researcher authenticates using their Web3 wallet (MetaMask, WalletConnect, etc.) by signing a challenge message. This creates a cryptographic signature that proves wallet ownership without exposing private keys.

Middle Layer (Verification): The BioFS CLI and GenoBank API work together to verify the signature and check Story Protocol smart contracts on-chain. The smart contract returns whether the user holds a valid License Token for the requested IP Asset.

Bottom Layer (Storage & Compliance): Once verified, AWS S3 generates a time-limited presigned URL (valid for 1 hour) that grants temporary access to the encrypted genomic file. Simultaneously, the download is logged to MongoDB for GDPR compliance and audit trail purposes.

What makes this architecture powerful is the separation of concerns: Story Protocol handles permission logic on-chain (immutable, transparent), AWS S3 handles secure storage (encrypted at rest), and MongoDB provides a queryable audit log (GDPR Article 15 compliance). No single point of failure can compromise the entire system.

BioFS Protocol Stack

Layer 1: User Interface
BioFS CLI (TypeScript) → User commands via terminal
Layer 2: Authentication
Web3 Wallet Signature → ECDSA verification without private keys
Layer 3: Blockchain Verification
Story Protocol Smart Contracts → License token validation on-chain
Layer 4: Access Control API
GenoBank API (Python/Flask) → Permission checking & logging
Layer 5: Storage Layer
AWS S3 BioNFT-Gated Buckets → Encrypted genomic data storage
Layer 6: Audit & Compliance
MongoDB → Download logs for GDPR Article 15 (right to access audit)

Key Features

🔐 GDPR Compliant by Design

  • Right to Erasure (Article 17): Revoke License Token → Delete S3 file
  • Right to Access (Article 15): Complete download audit trail for IRB and Regulators
  • Data Portability (Article 20): Patient-owned biodata connects to multiple research labs - Anti-Silos
  • Purpose Limitation (Article 5): License terms encode permitted uses

The Download Flow

Here's what happens when Dra. Claudia downloads a VCF file:

  1. 1
    CLI Request: biofs download 0xCCe14315eE3D6a41596EeB4a2839eE50A8ec59f7 .
  2. 2
    Signature Verification: API recovers wallet address from ECDSA signature
  3. 3
    License Check: Story Protocol verifies License Token #40205 is active
  4. 4
    Access Grant: S3 presigned URL generated (valid 1 hour)
  5. 5
    Download & Log: File downloaded with original name, access logged to MongoDB

📊 What Gets Logged

  • IP Asset ID and BioCID
  • Downloader wallet address
  • License Token ID used
  • Original filename and file type
  • Timestamp (UTC)
  • S3 path accessed

Why This Matters

Traditional genomic data sharing relies on centralized databases with username/password authentication. This creates several problems:

  • No Verifiable Consent: Can't prove researcher had permission at download time
  • Difficult Revocation: Password changes don't retroactively invalidate access
  • Limited Audit Trail: Hard to track who accessed what data when
  • GDPR Compliance Risk: Challenging to honor right to erasure requests

BioFS solves these by:

✅ Blockchain Proof

License tokens provide immutable proof of permission

✅ Instant Revocation

Revoke license token → Access immediately denied

✅ Complete Audit

Every access logged with blockchain verification

✅ GDPR Native

Right to erasure: revoke license + delete S3 file

Getting Started

BioFS is available as an npm package for researchers and institutions:

# Install
npm install -g @genobank/biofs

# Authenticate with Web3 wallet
biofs login

# Check access to an IP Asset
biofs access check 0xYourIPAssetID

# Download file
biofs download 0xYourIPAssetID ./destination/

🔗 Resources

Conclusion

BioFS demonstrates how blockchain technology can solve real problems in genomic data management. By using Story Protocol's PIL framework, we achieve:

  • Verifiable, blockchain-recorded consent
  • GDPR-compliant data access with complete audit trails
  • Instant permission revocation without centralized control
  • Preservation of data integrity with original filenames

This is the future of genomic data sharing: transparent, verifiable, and built on Web3 principles.

Built with 🧬 by GenoBank.io

© 2025 GenoBank.io - Empowering genomic data ownership through blockchain technology