This paper presents a new technique for anonymizing personal data for studies in which the real name of the person has to be hidden. Firstly, the privacy problem is introduced and a set of related terminology is then presented. Then, we suggest a rigorous approach to define anonymization requirements, as well as how to characterize, select and build solutions. This analysis shows that the most important privacy needs can be met by using smartcards to carry out the critical part of the anonymizaton procedure. By supplying his card, the citizen (e.g., the patient in the medical field) gives his consent to exploit his anonymized data; and for each use, a new anonymous identifier is generated within the card. In the same way, reversing the anonymity is possible only if the patient presents his personal smartcard (which implies that he gives his consent). In this way, the use of the smartcard seems be the most suitable means of keeping the secret as well as the anonymization and the disanonymization procedures under the patient control.
[1]
Peter J. Denning,et al.
Data Security
,
1979,
CSUR.
[2]
Anas Abou El Kalam,et al.
Modèles et politiques de securite pour les domaines de la SANTE et des Affaires sociales. (Security policies and models for Health Care Computing and Communication Systems)
,
2003
.
[3]
Alfred Menezes,et al.
Handbook of Applied Cryptography
,
2018
.
[4]
Frédéric Cuppens,et al.
Organization based access control
,
2003,
Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.
[5]
Gilles Trouessin.
Dependability Requirements and Security Architectures for the Healthcare/Medical Sector
,
1999,
SAFECOMP.
[6]
Silvana Castano,et al.
Database Security
,
1997,
IFIP Advances in Information and Communication Technology.
[7]
Andreas Pfitzmann,et al.
Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology
,
2000,
Workshop on Design Issues in Anonymity and Unobservability.