SlideShare ist ein Scribd-Unternehmen logo

Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy

S
Sven Wohlgemuth

Honored as one of the best papers of IFIP SEC 2010 Security & Privacy - Silver Linings in the Cloud Privacy in cloud computing is at the moment simply a promise to be kept by the software service providers. Users are neither able to control the disclosure of personal data to third parties nor to check if the software service providers have followed the agreed-upon privacy policy. Therefore, disclosure of the users‘ data to the software service providers of the cloud raises privacy risks. In this article, we show a privacy risk by the example of using electronic health records abroad. As a countermeasure by an ex post enforcement of privacy policies, we propose to observe disclosures of personal data to third parties by using data provenance history and digital watermarking.

Internet
1 von 14
Downloaden Sie, um offline zu lesen
1Sven Wohlgemuth On Privacy by Observable Delegation of Personal Data National Institute of Informatics Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy 25th International Information Security Conference (SEC 2010) Security & Privacy – Silver Linings in the Cloud Session: SEC: Access control and privacy September 23rd, 2010 Dr. Sven Wohlgemuth Prof. Dr. Isao Echizen Prof. Dr. Noboru Sonehara National Institute of Informatics, Japan Prof. Dr. Günter Müller University of Freiburg, Germany National Institute of Informatics
Access control No usage control for the disclosure of personal data 2 National Institute of Informatics Privacy and Disclosure of Personal Data to Third Parties User d Privacy legislation: „Privacy is the claim of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others.“ (Westin, 1967 è regulations of Germany/EU, Japan and HIPAA) DP = Data provider DC = Data consumer d, d’ = Personal data Disclosure of personal data to third parties d, d’ d Services d, d’ d, d’ DP DC / DP DC / DP DC / DP DC Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N. and Müller, G., 2009 Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
National Institute of Informatics Agenda 1. Shift to a new Scenario 2. User becomes a Target 3. Usage Control by Data Provenance 4. DETECTIVE: Data Provenance with Digital Watermarking 5. Safety of Data and Liveness of Services 3Dr. Sven Wohlgemuth Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
National Institute of Informatics 1. Shift to a new Scenario (e.g. Electronic Health Records, Gematik in Germany) All data about the patient stored in one location: A central EHR Patient is in charge of this data. Patient’s data is stored in many medical systems. Each medical system is in charge of patient’s data. Hospital Laboratory Examination Dentist Pharmacy Current scenario New scenario Patient 4Dr. Sven Wohlgemuth Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
National Institute of Informatics Patient “inherits” responsibility and risk. Dishonest parties may modify or disclose personal data to 3rd parties without authorization. Ø Privacy Problem How can the patient control the disclosure of medical data to 3rd parties? Hospital Examination Dentist Pharmacy Laboratory Advertiser Employer Patient 5Dr. Sven Wohlgemuth 2. User becomes a Target (e.g. Patient) Haas, S., Wohlgemuth, S., Echizen. I, Sonehara, N. and Müller, G., 2009 Drug maker Different data protection legislations (e.g. EC 95/46/EC, Japan, HIPAA) Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
National Institute of Informatics 3. Usage Control by Data Provenance (1/2) ReactivePreventive Mechanisms & Methods Before the execution During the execution After the execution Policies - Process Rewriting - Workflow Patterns - Vulnerability Analysis - Enterprise Privacy Authorization Language (EPAL) - Extended Privacy Definition Tools (ExPDT) - Model Reconstruction - Audits / Forensics - Architectures for Data Provenance - Execution Monitoring - Non-linkable Delegation of Rights 6Dr. Sven Wohlgemuth Müller, G., Accorsi, R., Höhn, S. and Sackmann, S., 2010 Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
National Institute of Informatics Usage Control by Data Provenance (2/2) - Data provenance – Information to determine the derivation history - In an audit, data provenance can be used to restore the information flow. Example Medical Data Patient Advertiser Medical Data Patient Advertiser Medical Data Patient Advertiser Laboratory Medical Data Patient Advertiser Laboratory Data Provenance AdvertiserLaboratoryDrug maker Drug maker 7Dr. Sven Wohlgemuth Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
National Institute of Informatics 4. DETECTIVE: Data Provenance with Digital Watermarking Watermarking is a method to bind provenance information as a tag to data. The EHR/Medical system must enforce that – disclosed data is tagged with updated provenance information – provenance information is authentic. EHR/Medical system Data Data consumer (e.g. Laboratory) Watermarking Service 2) Fetch data 3) Apply tag 4) Deliver tagged data Steps of a disclosure: 1) Access request Data provider (e.g. Advertiser) 8Dr. Sven Wohlgemuth Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
National Institute of Informatics è No identification of last data provider Both service providers have same digital watermark Digital Watermarking and Disclosure of Personal Data Drug maker Advertiser Laboratory Patient Patient Advertiser Laboratory Patient Advertiser Laboratory Patient Advertiser Laboratory Patient Advertiser Laboratory Patient Advertiser Laboratory 9Dr. Sven Wohlgemuth Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
National Institute of Informatics Data provenance information – Linking identities of data provider and data consumer with access to personal data. Detection by the patient via delegated rights (privacy policy) to personal data. Data provider Data consumer Apply Tag Patient Data provider Verify Tag Data consumer Patient Advertiser Laboratory Patient (rights) Advertiser Laboratory Patient (rights) Patient Advertiser Laboratory Advertiser Laboratory Laboratory Advertiser DETECTIVE: Digital Watermarking Scheme Patient Advertiser LaboratoryLaboratory Advertiser 10Dr. Sven Wohlgemuth Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
11 Sven Wohlgemuth National Institute of Informatics DETECTIVE: Protocol Tag On Privacy for Observable Delegation of Personal Data by Digital Watermarking 11Privatsphäre durch die Delegation von Rechten Tagging disclosure of personal data Commitmen t to identity of DC Data consumer Revealing tag Data provider 9: reveal tag := tag’ / blinding factorDC Computing with commitments 7: link commitments to d: tag’ := embedsym(anonCredentialDC, comDP_BLIND(kDP)comDC_BLIND(kDC), d) 5: verify signatureDC 6: blind comDP(kDP): comDP_BLIND(kDP) and confirm by signarureDP 8: tag’, signatureDP Digital watermarking 1: pkDP_COM for commitments 2: commit to kDC & blinding: comDC_BLIND(kDC) 4: comDC_BLIND(kDC), signatureDC(comDC_BLIND(kDC) 3: confirm comDC(kDC): signatureDC (comDC_BLIND(kDC)) Commitments Digital signature
12 National Institute of Informatics DETECTIVE: Protocol Verify Reconstruct delegation chain Verify enforcement of embedding Data providerCA Data consumer 1: request anonCredentials (rightsDC) for delegated rights 2: request comDP_BLINDED(kDP), pkDP_COM, and signatureDC 3: comDP_BLINDED(kDP), pkDP_COM, and signatureDC 4: request open(comDP_BLINDED(kDP)) 5: blinded kDP 6: verify comDP_BLINDED(kDP) 7: verify signatureDC 8: extract comDC(kDC) from tag 9: check correctness of comDC(kDC) by zero-knowledge proof PKI Commitments Digital signature Zero-knowledge proof User
National Institute of Informatics DETECTIVE: Proof-of-Concept Implementation 13Dr. Sven Wohlgemuth Case study: Telemedicine – Consulting a clinic abroad Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
National Institute of Informatics 5. Safety of Data and Liveness of Services 14Dr. Sven Wohlgemuth Transparency by Policy Enforcement Mechanisms (e.g. DETECTIVE) Safety: Authorized execution Liveness: Reachable states t Provisions request access Provisions: cover the time up to the access (“past and present”) Obligations Obligations: cover the time after the access (“future”) Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy

Empfohlen

First Report on PharmaLedger Workshops and Events
First Report on PharmaLedger Workshops and EventsFirst Report on PharmaLedger Workshops and Events
First Report on PharmaLedger Workshops and EventsPharmaLedger
 
Privacy in Business Processes - Disclosure of Personal Data to 3rd Parties
Privacy in Business Processes - Disclosure of Personal Data to 3rd PartiesPrivacy in Business Processes - Disclosure of Personal Data to 3rd Parties
Privacy in Business Processes - Disclosure of Personal Data to 3rd PartiesSven Wohlgemuth
 
EN 6.3: 4 Kryptographie
EN 6.3: 4 KryptographieEN 6.3: 4 Kryptographie
EN 6.3: 4 KryptographieSven Wohlgemuth
 
EN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleEN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleSven Wohlgemuth
 
Resilience as a new Enforcement Model for IT Security based on Usage Control
Resilience as a new Enforcement Model for IT Security based on Usage ControlResilience as a new Enforcement Model for IT Security based on Usage Control
Resilience as a new Enforcement Model for IT Security based on Usage ControlSven Wohlgemuth
 
Privacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningPrivacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningSven Wohlgemuth
 
PersoApp - An Open Source Community for the new German national ID card
PersoApp - An Open Source Community for the new German national ID cardPersoApp - An Open Source Community for the new German national ID card
PersoApp - An Open Source Community for the new German national ID cardSven Wohlgemuth
 
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementEN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementSven Wohlgemuth
 

Empfohlen

First Report on PharmaLedger Workshops and Events
First Report on PharmaLedger Workshops and EventsFirst Report on PharmaLedger Workshops and Events
First Report on PharmaLedger Workshops and EventsPharmaLedger
 
Privacy in Business Processes - Disclosure of Personal Data to 3rd Parties
Privacy in Business Processes - Disclosure of Personal Data to 3rd PartiesPrivacy in Business Processes - Disclosure of Personal Data to 3rd Parties
Privacy in Business Processes - Disclosure of Personal Data to 3rd PartiesSven Wohlgemuth
 
EN 6.3: 4 Kryptographie
EN 6.3: 4 KryptographieEN 6.3: 4 Kryptographie
EN 6.3: 4 KryptographieSven Wohlgemuth
 
EN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleEN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleSven Wohlgemuth
 
Resilience as a new Enforcement Model for IT Security based on Usage Control
Resilience as a new Enforcement Model for IT Security based on Usage ControlResilience as a new Enforcement Model for IT Security based on Usage Control
Resilience as a new Enforcement Model for IT Security based on Usage ControlSven Wohlgemuth
 
Privacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningPrivacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningSven Wohlgemuth
 
PersoApp - An Open Source Community for the new German national ID card
PersoApp - An Open Source Community for the new German national ID cardPersoApp - An Open Source Community for the new German national ID card
PersoApp - An Open Source Community for the new German national ID cardSven Wohlgemuth
 
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementEN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementSven Wohlgemuth
 
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzEN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzSven Wohlgemuth
 
Sichere IT-Systeme
Sichere IT-SystemeSichere IT-Systeme
Sichere IT-SystemeSven Wohlgemuth
 
IDC: Peplink Adds Resilience to IoT Networks
IDC: Peplink Adds Resilience to IoT NetworksIDC: Peplink Adds Resilience to IoT Networks
IDC: Peplink Adds Resilience to IoT NetworksEric Wong
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSven Wohlgemuth
 
Der IT-Sicherheitskatalog ist da!
Der IT-Sicherheitskatalog ist da!Der IT-Sicherheitskatalog ist da!
Der IT-Sicherheitskatalog ist da!Torben Haagh
 
ICT Resilience in EU
ICT Resilience in EUICT Resilience in EU
ICT Resilience in EUSven Wohlgemuth
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable SecuritySven Wohlgemuth
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationSven Wohlgemuth
 
PersoApp - Secure and User-Friendly Internet Applications
PersoApp - Secure and User-Friendly Internet ApplicationsPersoApp - Secure and User-Friendly Internet Applications
PersoApp - Secure and User-Friendly Internet ApplicationsSven Wohlgemuth
 
PersoApp - Sichere und benutzerfreundliche Internetanwendungen
PersoApp - Sichere und benutzerfreundliche InternetanwendungenPersoApp - Sichere und benutzerfreundliche Internetanwendungen
PersoApp - Sichere und benutzerfreundliche InternetanwendungenSven Wohlgemuth
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
Track 3 session 4 - st dev con 2016 - sensortile
Track 3 session 4 - st dev con 2016 - sensortileTrack 3 session 4 - st dev con 2016 - sensortile
Track 3 session 4 - st dev con 2016 - sensortileST_World
 
Digitalisierte bAV
Digitalisierte bAV Digitalisierte bAV
Digitalisierte bAV Torben Haagh
 
Effizienter mit Kooperationen bei Integra-Partnern
Effizienter mit Kooperationen bei Integra-PartnernEffizienter mit Kooperationen bei Integra-Partnern
Effizienter mit Kooperationen bei Integra-PartnernTorben Haagh
 
Privacy in e-Health
Privacy in e-HealthPrivacy in e-Health
Privacy in e-HealthSven Wohlgemuth
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsSven Wohlgemuth
 
Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMAProtecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMADomenico Catalano
 
Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMA Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMAkantarainitiative
 
EHLP - July 2015 pg 6-8
EHLP - July 2015 pg 6-8EHLP - July 2015 pg 6-8
EHLP - July 2015 pg 6-8Caroline Rivett
 
Personalised Medicine | Topic #4 of PharmaLedger's 2nd Open Webinar
Personalised Medicine | Topic #4 of PharmaLedger's 2nd Open Webinar Personalised Medicine | Topic #4 of PharmaLedger's 2nd Open Webinar
Personalised Medicine | Topic #4 of PharmaLedger's 2nd Open Webinar PharmaLedger
 
European Journal Epractice Volume 8.6
European Journal Epractice Volume 8.6European Journal Epractice Volume 8.6
European Journal Epractice Volume 8.6ePractice.eu
 
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldAnonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldTed Myerson
 

Weitere ähnliche Inhalte

Andere mochten auch

EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzEN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzSven Wohlgemuth
 
IDC: Peplink Adds Resilience to IoT Networks
IDC: Peplink Adds Resilience to IoT NetworksIDC: Peplink Adds Resilience to IoT Networks
IDC: Peplink Adds Resilience to IoT NetworksEric Wong
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSven Wohlgemuth
 
Der IT-Sicherheitskatalog ist da!
Der IT-Sicherheitskatalog ist da!Der IT-Sicherheitskatalog ist da!
Der IT-Sicherheitskatalog ist da!Torben Haagh
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable SecuritySven Wohlgemuth
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationSven Wohlgemuth
 
PersoApp - Secure and User-Friendly Internet Applications
PersoApp - Secure and User-Friendly Internet ApplicationsPersoApp - Secure and User-Friendly Internet Applications
PersoApp - Secure and User-Friendly Internet ApplicationsSven Wohlgemuth
 
PersoApp - Sichere und benutzerfreundliche Internetanwendungen
PersoApp - Sichere und benutzerfreundliche InternetanwendungenPersoApp - Sichere und benutzerfreundliche Internetanwendungen
PersoApp - Sichere und benutzerfreundliche InternetanwendungenSven Wohlgemuth
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
Track 3 session 4 - st dev con 2016 - sensortile
Track 3 session 4 - st dev con 2016 - sensortileTrack 3 session 4 - st dev con 2016 - sensortile
Track 3 session 4 - st dev con 2016 - sensortileST_World
 
Digitalisierte bAV
Digitalisierte bAV Digitalisierte bAV
Digitalisierte bAV Torben Haagh
 
Effizienter mit Kooperationen bei Integra-Partnern
Effizienter mit Kooperationen bei Integra-PartnernEffizienter mit Kooperationen bei Integra-Partnern
Effizienter mit Kooperationen bei Integra-PartnernTorben Haagh
 

Andere mochten auch (14)

EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzEN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
 
Sichere IT-Systeme
Sichere IT-SystemeSichere IT-Systeme
Sichere IT-Systeme
 
IDC: Peplink Adds Resilience to IoT Networks
IDC: Peplink Adds Resilience to IoT NetworksIDC: Peplink Adds Resilience to IoT Networks
IDC: Peplink Adds Resilience to IoT Networks
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
 
Der IT-Sicherheitskatalog ist da!
Der IT-Sicherheitskatalog ist da!Der IT-Sicherheitskatalog ist da!
Der IT-Sicherheitskatalog ist da!
 
ICT Resilience in EU
ICT Resilience in EUICT Resilience in EU
ICT Resilience in EU
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable Security
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal Information
 
PersoApp - Secure and User-Friendly Internet Applications
PersoApp - Secure and User-Friendly Internet ApplicationsPersoApp - Secure and User-Friendly Internet Applications
PersoApp - Secure and User-Friendly Internet Applications
 
PersoApp - Sichere und benutzerfreundliche Internetanwendungen
PersoApp - Sichere und benutzerfreundliche InternetanwendungenPersoApp - Sichere und benutzerfreundliche Internetanwendungen
PersoApp - Sichere und benutzerfreundliche Internetanwendungen
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Track 3 session 4 - st dev con 2016 - sensortile
Track 3 session 4 - st dev con 2016 - sensortileTrack 3 session 4 - st dev con 2016 - sensortile
Track 3 session 4 - st dev con 2016 - sensortile
 
Digitalisierte bAV
Digitalisierte bAV Digitalisierte bAV
Digitalisierte bAV
 
Effizienter mit Kooperationen bei Integra-Partnern
Effizienter mit Kooperationen bei Integra-PartnernEffizienter mit Kooperationen bei Integra-Partnern
Effizienter mit Kooperationen bei Integra-Partnern
 

Ähnlich wie Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy

On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsSven Wohlgemuth
 
Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMAProtecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMADomenico Catalano
 
Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMA Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMAkantarainitiative
 
Personalised Medicine | Topic #4 of PharmaLedger's 2nd Open Webinar
Personalised Medicine | Topic #4 of PharmaLedger's 2nd Open Webinar Personalised Medicine | Topic #4 of PharmaLedger's 2nd Open Webinar
Personalised Medicine | Topic #4 of PharmaLedger's 2nd Open Webinar PharmaLedger
 
European Journal Epractice Volume 8.6
European Journal Epractice Volume 8.6European Journal Epractice Volume 8.6
European Journal Epractice Volume 8.6ePractice.eu
 
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldAnonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldTed Myerson
 
Solutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySolutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySven Wohlgemuth
 
A Trust-Centric Healthcare Journey Part II | Full Presentation of PharmaLedge...
A Trust-Centric Healthcare Journey Part II | Full Presentation of PharmaLedge...A Trust-Centric Healthcare Journey Part II | Full Presentation of PharmaLedge...
A Trust-Centric Healthcare Journey Part II | Full Presentation of PharmaLedge...PharmaLedger
 
[DSC MENA 24] Amal_Elgammal_-_QUALITOP_presentation.pptx
[DSC MENA 24] Amal_Elgammal_-_QUALITOP_presentation.pptx[DSC MENA 24] Amal_Elgammal_-_QUALITOP_presentation.pptx
[DSC MENA 24] Amal_Elgammal_-_QUALITOP_presentation.pptxDataScienceConferenc1
 
Clinical Trial eRecruitment | Topic #1 of PharmaLedger's 2nd Open Webinar
Clinical Trial eRecruitment | Topic #1 of PharmaLedger's 2nd Open Webinar Clinical Trial eRecruitment | Topic #1 of PharmaLedger's 2nd Open Webinar
Clinical Trial eRecruitment | Topic #1 of PharmaLedger's 2nd Open Webinar PharmaLedger
 
security and privacy for medical implantable devices
security and privacy for medical implantable devicessecurity and privacy for medical implantable devices
security and privacy for medical implantable devicesAjay Ohri
 
Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Arete-Zoe, LLC
 
Data for EMR systems
Data for EMR systemsData for EMR systems
Data for EMR systemsSteven Fritz
 
Towards Privacy by Design in Personal e-Health Systems
Towards Privacy by Design in Personal e-Health SystemsTowards Privacy by Design in Personal e-Health Systems
Towards Privacy by Design in Personal e-Health SystemsCARRE project
 
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Ted Myerson
 
IoT Medical Devices | Topic #3 of PharmaLedger's 2nd Open Webinar
IoT Medical Devices | Topic #3 of PharmaLedger's 2nd Open Webinar IoT Medical Devices | Topic #3 of PharmaLedger's 2nd Open Webinar
IoT Medical Devices | Topic #3 of PharmaLedger's 2nd Open Webinar PharmaLedger
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextNawanan Theera-Ampornpunt
 

Ähnlich wie Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy (20)

Privacy in e-Health
Privacy in e-HealthPrivacy in e-Health
Privacy in e-Health
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health Records
 
Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMAProtecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMA
 
Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMA Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMA
 
EHLP - July 2015 pg 6-8
EHLP - July 2015 pg 6-8EHLP - July 2015 pg 6-8
EHLP - July 2015 pg 6-8
 
Personalised Medicine | Topic #4 of PharmaLedger's 2nd Open Webinar
Personalised Medicine | Topic #4 of PharmaLedger's 2nd Open Webinar Personalised Medicine | Topic #4 of PharmaLedger's 2nd Open Webinar
Personalised Medicine | Topic #4 of PharmaLedger's 2nd Open Webinar
 
European Journal Epractice Volume 8.6
European Journal Epractice Volume 8.6European Journal Epractice Volume 8.6
European Journal Epractice Volume 8.6
 
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldAnonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
 
Solutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySolutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and Usability
 
A Trust-Centric Healthcare Journey Part II | Full Presentation of PharmaLedge...
A Trust-Centric Healthcare Journey Part II | Full Presentation of PharmaLedge...A Trust-Centric Healthcare Journey Part II | Full Presentation of PharmaLedge...
A Trust-Centric Healthcare Journey Part II | Full Presentation of PharmaLedge...
 
[DSC MENA 24] Amal_Elgammal_-_QUALITOP_presentation.pptx
[DSC MENA 24] Amal_Elgammal_-_QUALITOP_presentation.pptx[DSC MENA 24] Amal_Elgammal_-_QUALITOP_presentation.pptx
[DSC MENA 24] Amal_Elgammal_-_QUALITOP_presentation.pptx
 
Clinical Trial eRecruitment | Topic #1 of PharmaLedger's 2nd Open Webinar
Clinical Trial eRecruitment | Topic #1 of PharmaLedger's 2nd Open Webinar Clinical Trial eRecruitment | Topic #1 of PharmaLedger's 2nd Open Webinar
Clinical Trial eRecruitment | Topic #1 of PharmaLedger's 2nd Open Webinar
 
security and privacy for medical implantable devices
security and privacy for medical implantable devicessecurity and privacy for medical implantable devices
security and privacy for medical implantable devices
 
Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...
 
Data for EMR systems
Data for EMR systemsData for EMR systems
Data for EMR systems
 
Towards Privacy by Design in Personal e-Health Systems
Towards Privacy by Design in Personal e-Health SystemsTowards Privacy by Design in Personal e-Health Systems
Towards Privacy by Design in Personal e-Health Systems
 
ϵ-DIFFERENTIAL PRIVACY MODEL FOR VERTICALLY PARTITIONED DATA TO SECURE THE PR...
ϵ-DIFFERENTIAL PRIVACY MODEL FOR VERTICALLY PARTITIONED DATA TO SECURE THE PR...ϵ-DIFFERENTIAL PRIVACY MODEL FOR VERTICALLY PARTITIONED DATA TO SECURE THE PR...
ϵ-DIFFERENTIAL PRIVACY MODEL FOR VERTICALLY PARTITIONED DATA TO SECURE THE PR...
 
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
 
IoT Medical Devices | Topic #3 of PharmaLedger's 2nd Open Webinar
IoT Medical Devices | Topic #3 of PharmaLedger's 2nd Open Webinar IoT Medical Devices | Topic #3 of PharmaLedger's 2nd Open Webinar
IoT Medical Devices | Topic #3 of PharmaLedger's 2nd Open Webinar
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's Context
 

Mehr von Sven Wohlgemuth

A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementSven Wohlgemuth
 
Competitive Compliance with Blockchain
Competitive Compliance with BlockchainCompetitive Compliance with Blockchain
Competitive Compliance with BlockchainSven Wohlgemuth
 
Secure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with BlockchainsSecure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with BlockchainsSven Wohlgemuth
 
個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information) 個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information)Sven Wohlgemuth
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementSven Wohlgemuth
 
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...Sven Wohlgemuth
 
International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009Sven Wohlgemuth
 
Durchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenDurchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenSven Wohlgemuth
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementSven Wohlgemuth
 
Privacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementPrivacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementSven Wohlgemuth
 
Sicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSven Wohlgemuth
 
iManager - nutzer-zentrierter Identitätsmanager
iManager - nutzer-zentrierter IdentitätsmanageriManager - nutzer-zentrierter Identitätsmanager
iManager - nutzer-zentrierter IdentitätsmanagerSven Wohlgemuth
 
ATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable SecurityATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable SecuritySven Wohlgemuth
 
FIDIS D3.3 Study on Mobile Identity Management
FIDIS D3.3 Study on Mobile Identity ManagementFIDIS D3.3 Study on Mobile Identity Management
FIDIS D3.3 Study on Mobile Identity ManagementSven Wohlgemuth
 
iManager - nutzer-zentrierter Identitätsmanager
iManager - nutzer-zentrierter IdentitätsmanageriManager - nutzer-zentrierter Identitätsmanager
iManager - nutzer-zentrierter IdentitätsmanagerSven Wohlgemuth
 
Integriertes Sicherheitssystem für mobile Geraete
Integriertes Sicherheitssystem für mobile GeraeteIntegriertes Sicherheitssystem für mobile Geraete
Integriertes Sicherheitssystem für mobile GeraeteSven Wohlgemuth
 

Mehr von Sven Wohlgemuth (17)

A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity Management
 
Competitive Compliance with Blockchain
Competitive Compliance with BlockchainCompetitive Compliance with Blockchain
Competitive Compliance with Blockchain
 
Secure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with BlockchainsSecure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with Blockchains
 
個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information) 個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information)
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity Management
 
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
 
International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009
 
Durchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenDurchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in Dienstenetzen
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity Management
 
Privacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementPrivacy in Business Processes by Identity Management
Privacy in Business Processes by Identity Management
 
Sicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten Welt
 
iManager - nutzer-zentrierter Identitätsmanager
iManager - nutzer-zentrierter IdentitätsmanageriManager - nutzer-zentrierter Identitätsmanager
iManager - nutzer-zentrierter Identitätsmanager
 
ATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable SecurityATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable Security
 
FIDIS D3.3 Study on Mobile Identity Management
FIDIS D3.3 Study on Mobile Identity ManagementFIDIS D3.3 Study on Mobile Identity Management
FIDIS D3.3 Study on Mobile Identity Management
 
iManager - nutzer-zentrierter Identitätsmanager
iManager - nutzer-zentrierter IdentitätsmanageriManager - nutzer-zentrierter Identitätsmanager
iManager - nutzer-zentrierter Identitätsmanager
 
On Resilient Computing
On Resilient ComputingOn Resilient Computing
On Resilient Computing
 
Integriertes Sicherheitssystem für mobile Geraete
Integriertes Sicherheitssystem für mobile GeraeteIntegriertes Sicherheitssystem für mobile Geraete
Integriertes Sicherheitssystem für mobile Geraete
 

Kürzlich hochgeladen

AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goahorny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goasexy call girls service in goa
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663Call Girls Mumbai
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 

Kürzlich hochgeladen (20)

AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goahorny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 

Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy

  • 1. 1Sven Wohlgemuth On Privacy by Observable Delegation of Personal Data National Institute of Informatics Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy 25th International Information Security Conference (SEC 2010) Security & Privacy – Silver Linings in the Cloud Session: SEC: Access control and privacy September 23rd, 2010 Dr. Sven Wohlgemuth Prof. Dr. Isao Echizen Prof. Dr. Noboru Sonehara National Institute of Informatics, Japan Prof. Dr. Günter Müller University of Freiburg, Germany National Institute of Informatics
  • 2. Access control No usage control for the disclosure of personal data 2 National Institute of Informatics Privacy and Disclosure of Personal Data to Third Parties User d Privacy legislation: „Privacy is the claim of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others.“ (Westin, 1967 è regulations of Germany/EU, Japan and HIPAA) DP = Data provider DC = Data consumer d, d’ = Personal data Disclosure of personal data to third parties d, d’ d Services d, d’ d, d’ DP DC / DP DC / DP DC / DP DC Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N. and Müller, G., 2009 Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
  • 3. National Institute of Informatics Agenda 1. Shift to a new Scenario 2. User becomes a Target 3. Usage Control by Data Provenance 4. DETECTIVE: Data Provenance with Digital Watermarking 5. Safety of Data and Liveness of Services 3Dr. Sven Wohlgemuth Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
  • 4. National Institute of Informatics 1. Shift to a new Scenario (e.g. Electronic Health Records, Gematik in Germany) All data about the patient stored in one location: A central EHR Patient is in charge of this data. Patient’s data is stored in many medical systems. Each medical system is in charge of patient’s data. Hospital Laboratory Examination Dentist Pharmacy Current scenario New scenario Patient 4Dr. Sven Wohlgemuth Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
  • 5. National Institute of Informatics Patient “inherits” responsibility and risk. Dishonest parties may modify or disclose personal data to 3rd parties without authorization. Ø Privacy Problem How can the patient control the disclosure of medical data to 3rd parties? Hospital Examination Dentist Pharmacy Laboratory Advertiser Employer Patient 5Dr. Sven Wohlgemuth 2. User becomes a Target (e.g. Patient) Haas, S., Wohlgemuth, S., Echizen. I, Sonehara, N. and Müller, G., 2009 Drug maker Different data protection legislations (e.g. EC 95/46/EC, Japan, HIPAA) Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
  • 6. National Institute of Informatics 3. Usage Control by Data Provenance (1/2) ReactivePreventive Mechanisms & Methods Before the execution During the execution After the execution Policies - Process Rewriting - Workflow Patterns - Vulnerability Analysis - Enterprise Privacy Authorization Language (EPAL) - Extended Privacy Definition Tools (ExPDT) - Model Reconstruction - Audits / Forensics - Architectures for Data Provenance - Execution Monitoring - Non-linkable Delegation of Rights 6Dr. Sven Wohlgemuth Müller, G., Accorsi, R., Höhn, S. and Sackmann, S., 2010 Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
  • 7. National Institute of Informatics Usage Control by Data Provenance (2/2) - Data provenance – Information to determine the derivation history - In an audit, data provenance can be used to restore the information flow. Example Medical Data Patient Advertiser Medical Data Patient Advertiser Medical Data Patient Advertiser Laboratory Medical Data Patient Advertiser Laboratory Data Provenance AdvertiserLaboratoryDrug maker Drug maker 7Dr. Sven Wohlgemuth Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
  • 8. National Institute of Informatics 4. DETECTIVE: Data Provenance with Digital Watermarking Watermarking is a method to bind provenance information as a tag to data. The EHR/Medical system must enforce that – disclosed data is tagged with updated provenance information – provenance information is authentic. EHR/Medical system Data Data consumer (e.g. Laboratory) Watermarking Service 2) Fetch data 3) Apply tag 4) Deliver tagged data Steps of a disclosure: 1) Access request Data provider (e.g. Advertiser) 8Dr. Sven Wohlgemuth Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
  • 9. National Institute of Informatics è No identification of last data provider Both service providers have same digital watermark Digital Watermarking and Disclosure of Personal Data Drug maker Advertiser Laboratory Patient Patient Advertiser Laboratory Patient Advertiser Laboratory Patient Advertiser Laboratory Patient Advertiser Laboratory Patient Advertiser Laboratory 9Dr. Sven Wohlgemuth Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
  • 10. National Institute of Informatics Data provenance information – Linking identities of data provider and data consumer with access to personal data. Detection by the patient via delegated rights (privacy policy) to personal data. Data provider Data consumer Apply Tag Patient Data provider Verify Tag Data consumer Patient Advertiser Laboratory Patient (rights) Advertiser Laboratory Patient (rights) Patient Advertiser Laboratory Advertiser Laboratory Laboratory Advertiser DETECTIVE: Digital Watermarking Scheme Patient Advertiser LaboratoryLaboratory Advertiser 10Dr. Sven Wohlgemuth Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
  • 11. 11 Sven Wohlgemuth National Institute of Informatics DETECTIVE: Protocol Tag On Privacy for Observable Delegation of Personal Data by Digital Watermarking 11Privatsphäre durch die Delegation von Rechten Tagging disclosure of personal data Commitmen t to identity of DC Data consumer Revealing tag Data provider 9: reveal tag := tag’ / blinding factorDC Computing with commitments 7: link commitments to d: tag’ := embedsym(anonCredentialDC, comDP_BLIND(kDP)comDC_BLIND(kDC), d) 5: verify signatureDC 6: blind comDP(kDP): comDP_BLIND(kDP) and confirm by signarureDP 8: tag’, signatureDP Digital watermarking 1: pkDP_COM for commitments 2: commit to kDC & blinding: comDC_BLIND(kDC) 4: comDC_BLIND(kDC), signatureDC(comDC_BLIND(kDC) 3: confirm comDC(kDC): signatureDC (comDC_BLIND(kDC)) Commitments Digital signature
  • 12. 12 National Institute of Informatics DETECTIVE: Protocol Verify Reconstruct delegation chain Verify enforcement of embedding Data providerCA Data consumer 1: request anonCredentials (rightsDC) for delegated rights 2: request comDP_BLINDED(kDP), pkDP_COM, and signatureDC 3: comDP_BLINDED(kDP), pkDP_COM, and signatureDC 4: request open(comDP_BLINDED(kDP)) 5: blinded kDP 6: verify comDP_BLINDED(kDP) 7: verify signatureDC 8: extract comDC(kDC) from tag 9: check correctness of comDC(kDC) by zero-knowledge proof PKI Commitments Digital signature Zero-knowledge proof User
  • 13. National Institute of Informatics DETECTIVE: Proof-of-Concept Implementation 13Dr. Sven Wohlgemuth Case study: Telemedicine – Consulting a clinic abroad Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy
  • 14. National Institute of Informatics 5. Safety of Data and Liveness of Services 14Dr. Sven Wohlgemuth Transparency by Policy Enforcement Mechanisms (e.g. DETECTIVE) Safety: Authorized execution Liveness: Reachable states t Provisions request access Provisions: cover the time up to the access (“past and present”) Obligations Obligations: cover the time after the access (“future”) Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy