Abstract
This paper presents a new technique for anonymizing personal data for studies in which the real name of the person has to be hidden. Firstly, the privacy problem is introduced and a set of related terminology is then presented. Then, we suggest a rigorous approach to define anonymization requirements, as well as how to characterize, select and build solutions. This analysis shows that the most important privacy needs can be met by using smartcards to carry out the critical part of the anonymizaton procedure. By supplying his card, the citizen (e.g., the patient in the medical field) gives his consent to exploit his anonymized data; and for each use, a new anonymous identifier is generated within the card. In the same way, reversing the anonymity is possible only if the patient presents his personal smartcard (which implies that he gives his consent). In this way, the use of the smartcard seems be the most suitable means of keeping the secret as well as the anonymization and the disanonymization procedures under the patient control.
Chapter PDF
Similar content being viewed by others
Key words
References
Directive 95/46/CE of the European Parliament and the Council of the European union: “On the protection of individuals”; October 24, 1995.
Recommendations R(97)5 of the Council of Europe, On The Protection of Medical Data Banks, Council of Europe, Strasbourg, 13 February 1997.
A. Pfitzmann, M. Köhntopp, “dAnonimity, Unobservability, and Pseudonymity-A Proposal for Terminology”, International Workshop on Design Issues in Anonymity and Unobservability, Berkley, CA, USA, July 25–26, 2000, Springer.
Trouessin, G (1999). “Dependanility Requirements and Security Architectures for Healthcare/Medical Sector”, 18 th International Conference SAFECOMP’99, Toulouse, France, September 1999, Springer, pp. 445–458.
D. Denning et P. Denning, “Data Security”. ACM Computer Survey, vol. 11, no 3, September 1979, ACM Press, ISBN: 0360-0300, pp. 227–249.
S. Castano, M. G. Fugini, G. Martella, P. Samarati, “Database Security”, 1995, ACM press, ISBN: 0201593750, 456 pp.
A. Abou El Kalam, «Modèles et politiques de sécurité pour les domaines de la santé et des affaires sociales», Thèse de doctoral, Institut National Polytechnique de Toulouse, 190 pp., 4 December 2004.
CEN/TC 251/WG I, Norme prENV 13606-3: Health Informatics-Electronic Healthcare Record Communication, no 99-046, Comité Européen de Normalisation, 27 May 1999.
A. Abou El Kalam, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, R. El-Baida, A. Miège, C. Saurel, G. Trouessin “Organization-Based Access Control”, 4th International Workshop on Policies for Distributed Systems and Networks (Policy’03), Como, Italy, 4–6 June 2003, IEEE Computer Society Press, pp. 120–131.
A. Menezes, P. C. Van Oorshot, S. A. Vanstone, “Handbook of Applied Cryptography”, 1997, CRC press, ISBN: 0849385237, pp. 780.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this paper
Cite this paper
El Kalam, A.A., Deswarte, Y., Trouessin, G., Cordonnier, E. (2004). Smartcard-Based Anonymization. In: Quisquater, JJ., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds) Smart Card Research and Advanced Applications VI. IFIP International Federation for Information Processing, vol 153. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8147-2_4
Download citation
DOI: https://doi.org/10.1007/1-4020-8147-2_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8146-0
Online ISBN: 978-1-4020-8147-7
eBook Packages: Springer Book Archive