IACR News item: 23 December 2015
Eric R. Verheul
ePrint Report
In [13.] Dutch government proposes an identity scheme supporting personal data exchange of pupils with private e-textbook publishers.
This design propagates sharing personal numbers of pupils with private parties violating the data minimisation principle in privacy laws.
We describe a privacy friendly alternative, giving pupils (and parents) control on the exchange of their personal data. Three generic forms based on homomorphic encryption are used as building blocks. These forms do not yield personal numbers, or even personal data from a legal perspective, and have strong, unlinkability properties. Only if required a school provides a party with a party-specific {\em pseudonym} identifying a pupil. The school is provided an {\em encrypted pseudonym} by a central party based on a {\em polymorphic pseudonym} formed by the school. Only intended parties, not even schools, have access to pseudonyms. Publishers can send pupil test results to a school without being able to assess whether pupils are identical.
We also describe how the infrastructure can be supplemented with privacy friendly attributes and user inspection as required by law.
We describe a privacy friendly alternative, giving pupils (and parents) control on the exchange of their personal data. Three generic forms based on homomorphic encryption are used as building blocks. These forms do not yield personal numbers, or even personal data from a legal perspective, and have strong, unlinkability properties. Only if required a school provides a party with a party-specific {\em pseudonym} identifying a pupil. The school is provided an {\em encrypted pseudonym} by a central party based on a {\em polymorphic pseudonym} formed by the school. Only intended parties, not even schools, have access to pseudonyms. Publishers can send pupil test results to a school without being able to assess whether pupils are identical.
We also describe how the infrastructure can be supplemented with privacy friendly attributes and user inspection as required by law.
Additional news items may be found on the IACR news page.