Personal data anonymization for security and privacy in collaborative environments

Abstract

Nowadays, more and more applications use sensitive and personal information. Subsequently, hiding identities and respecting citizens' privacy are becoming extremely important. Dedicated to this issue, this paper is organized as follows: after defining the topic through an example of collaborative complex and heterogeneous system, this paper analyzes the most typical anonymization procedures. Afterwards it proposes a rigorous approach to define anonymization requirements, as well as how to characterize, select and build solutions. Finally, a new generic procedure to anonymize and link identities is proposed. We suggest that a critical part of this procedure is carried out in a smart card. According to needs, anonymized data are processed through cryptographic transformations in several organizations. Our solution is suitable to collaborative environments; guarantees the user's consent; resists dictionary attacks; respects the least privilege principle and thus fulfils the legislation requirements. Moreover, it remains flexible, adaptable to different fields, and supports some organizational changes like the merging of several systems