Paper 2015/1228

Privacy protection in electronic education based on polymorphic pseudonymization

Eric R. Verheul

Abstract

In [13.] Dutch government proposes an identity scheme supporting personal data exchange of pupils with private e-textbook publishers. This design propagates sharing personal numbers of pupils among private parties violating the data minimisation principle in privacy laws. We describe a privacy friendly alternative, giving pupils (and parents) control on exchange of their personal data. Three generic forms based on homomorphic encryption are used as building blocks. These forms do not yield personal numbers, or even personal data from a legal perspective, and have strong, unlinkability properties. Only if required a school provides a party with a party-specific {\em pseudonym} identifying a pupil. For this the school is provided an {\em encrypted pseudonym} by a central party based on a {\em polymorphic pseudonym} formed by the school. Only intended parties, not even schools, have access to pseudonyms. Different publishers can send pupil test results to a school without being able to assess whether pupils are identical. We also describe support for privacy friendly attributes and user inspection as required by privacy laws.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
e-textbookshomomorphic encryptionpseudonymsprivacy enhancing technology
Contact author(s)
eric verheul @ keycontrols nl
History
2015-12-28: last of 11 revisions
2015-12-23: received
See all versions
Short URL
https://ia.cr/2015/1228
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/1228,
      author = {Eric R.  Verheul},
      title = {Privacy protection in electronic education based on polymorphic pseudonymization},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/1228},
      year = {2015},
      url = {https://eprint.iacr.org/2015/1228}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.