WO2015185999A1 - Procede pour l'envoi d'un message a une personne anonyme specifique, permettant le maintien de l'anonymat de cette personne - Google Patents

Procede pour l'envoi d'un message a une personne anonyme specifique, permettant le maintien de l'anonymat de cette personne Download PDF

Info

Publication number
WO2015185999A1
WO2015185999A1 PCT/IB2015/001438 IB2015001438W WO2015185999A1 WO 2015185999 A1 WO2015185999 A1 WO 2015185999A1 IB 2015001438 W IB2015001438 W IB 2015001438W WO 2015185999 A1 WO2015185999 A1 WO 2015185999A1
Authority
WO
WIPO (PCT)
Prior art keywords
anonymous
receiver
sender
data
encrypted code
Prior art date
Application number
PCT/IB2015/001438
Other languages
English (en)
Inventor
Jan Jaap Nietfeld
Original Assignee
Intresco B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intresco B.V. filed Critical Intresco B.V.
Priority to EP15771707.5A priority Critical patent/EP3164961A1/fr
Publication of WO2015185999A1 publication Critical patent/WO2015185999A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/88Medical equipments

Definitions

  • the present invention relates to a method for sending a message from a sender to an anonymous receiver, wherein the anonymity of the receiver is maintained and wherein the sender is a person or an automated system like a computer or another electronic, electric, mechanical, or electromechanical system capable of sending a message and wherein the receiver is a specific anonymous individual, comprising several steps.
  • a uniquely distinguishing anonymous characteristic of that receiver is determined, preferably by the receiver him/herself, or by the sender, or by another party on behalf of either receiver or sender and wherein the values of the one or more parameters defining the characteristic are measured.
  • the values of said parameters are established, they are used in a following step to produce an encrypted anonymous numerical or alphanumerical code, which is uniquely distinguishing the anonymous receiver as well, in order to advance maintaining the anonymity of the receiver.
  • the anonymous encrypted code is produced by either the receiver or the sender and made available to the other of those two parties, or said code is produced by each of those two parties separately.
  • the receiver deposits said code with a trusted third party and furthermore the receiver agrees with that party on a way of communication by which the receiver can receive messages from that party while the anonymity of the receiver is maintained. For a detailed description of the way of communication, see below.
  • the sender After the sender has checked whether the anonymous encrypted code has been deposited with the trusted third party by the receiver, the sender in a next step attaches the anonymous encrypted code to a message for the anonymous receiver and sends it to the trusted third party, which trusted third party in turn forwards that message to the appropriate receiver, after matching the anonymous encrypted code sent by the sender and the anonymous encrypted code deposited by the receiver.
  • a compression is performed of the data resulting from the preceding step, in order to reduce the number of characters or symbols which is in the end required to depict the encrypted anonymous code.
  • the data used for the production of the anonymous encrypted code are transformed in a way that the number of characters or symbols which is in the end required for the anonymous encrypted code is uniform and independent of the number of characters needed for said established values.
  • the anonymous receiver makes anonymous data related to him/her available to the sender and/or an anonymous sample of biological material originating from the anonymous receiver.
  • said anonymous data and/or anonymous sample is/are stored by the sender under a temporary random administration number which is shared with the receiver and not disclosed to anyone else.
  • the random number consists of 64 bytes or more.
  • the temporary random administration number is generated by using a random number generator running on a computer.
  • said uniquely distinguishing anonymous characteristic of said anonymous receiver is determined by the receiver him/herself, or on his/her behalf, he/she can produce said anonymous encrypted code him/herself by using an encryption method that is agreed upon between receiver and sender. For further details of the encryption, see below.
  • said uniquely distinguishing anonymous characteristic of said anonymous receiver is determined by the sender, or on behalf of the sender, and the uniquely distinguishing characteristic is a physical characteristic, that requires the presence of the anonymous receiver. Therefore, in case the receiver makes his/her anonymous data and/or one or more anonymous biological samples originating from him/her available to the sender, said physical characteristic is preferably determined at the time the first of said anonymous data and/or said anonymous samples are made available to the sender, together with the generation and sharing of said temporary random administration number.
  • the sender can determine the uniquely distinguishing biological characteristic in the biological sample or have that characteristic determined by another party. The determination can take place at a later time than when the anonymous receiver is making his/her anonymous sample available to the sender, because for the determination of said biological characteristic in such a sample the presence of the anonymous receiver is not required.
  • the sender can produce the appropriate anonymous encrypted code, as described above for the receiver, wherein exactly the same procedure has to be used by sender and receiver, in order to arrive at exactly the same anonymous encrypted code when starting with the same uniquely distinguishing characteristic. Then the anonymous encrypted code is stored with the appropriate anonymous data and/or anonymous sample if any have been made available to the sender by the receiver.
  • the anonymous encrypted code uniquely distinguishing said anonymous receiver which is produced by the sender can be made available to the receiver, when the latter presents the appropriate temporary random administration number that the sender and receiver shared at the time the receiver made his/her anonymous data and/or biological sample available to the sender and under which number those items were stored. Because of the above mentioned storage of the anonymous encrypted code that code and the temporary random administration number are associated and comparison of the presented temporary random administration number with the stored temporary random administration number can assure that the right anonymous encrypted code is made available to the right anonymous receiver.
  • the receiver can make the anonymous encrypted code he/she produced available to the sender, when the latter presents the appropriate temporary random administration number that the sender and receiver shared at the time the receiver made his/her anonymous data and/or biological sample available to the sender and a comparison of those numbers was made as described above to ensure the appropriate anonymous encrypted code was stored by the sender with the right anonymous data and/or sample of biological material.
  • the anonymous receiver has produced the anonymous encrypted code which uniquely distinguishes him/her, he/she makes it available to the sender in combination with said temporary random administration number. Since the sender is not anonymous any means of communication can be used to send those combined items to the sender, provided said anonymous receiver will remain anonymous. Or said anonymous receiver delivers said anonymous encrypted code together with said temporary random administration number in person, while remaining anonymous.
  • the receiver deletes his/her temporary random administration number and the sender deletes the temporary administration number from the storage and further administers any anonymous data and/or anonymous sample(s) of biological material related to the anonymous receiver under the anonymous encrypted code uniquely distinguishing the anonymous receiver.
  • the anonymous characteristic uniquely distinguishing that anonymous receiver can be determined again and the anonymous encrypted code can be re-produced on the basis of that redetermined characteristic.
  • the sender can start sending messages to the anonymous receiver after the following prerequisite has been fulfilled.
  • the receiver registers said anonymous encrypted code together with a communication channel for receiving messages at a service provider acting as a trusted third party, or in a system performing as such a trusted third party, which is preferably an electronic system that is connected to the world wide web, or a wide area network (WAN), or a local area network (LAN).
  • a service provider acting as a trusted third party or in a system performing as such a trusted third party, which is preferably an electronic system that is connected to the world wide web, or a wide area network (WAN), or a local area network (LAN).
  • WAN wide area network
  • LAN local area network
  • the sender can send a message labeled with said anonymous encrypted code to the service provider acting as trusted third party, where the message is forwarded to the anonymous receiver for whom the anonymous encrypted code is registered that is identical to the anonymous encrypted code that accompanies the message from the sender, via the communication channel that was agreed between the trusted third party and the anonymous receiver.
  • Fig. 1A is an illustration of a collection of 3-dimensional bodies or forms with a distinct number of arrays formed which differ from one another and which coliection is large enough for representation of the various possibilities of the anonymous code;
  • Fig. 1 B is an illustration of collections of 2 -dimensional arrays with a distinct number of arrays formed which differ from one another and which collection is large enough for representation of the various possibilities of the anonymous code;
  • Fig. 1C is an illustration of a collection of RGB (red, green, blue) colors from a collection of colors wherein each of the composing Red, Green and Blue values can vary from 0 to 255.
  • the characteristic used in the present invention needs to be uniquely distinguishing the anonymous individual it is determined for.
  • Such a characteristic can be either physical or biological or a combination of those.
  • the characteristic is physical, it will be based on one or more bodily properties of said anonymous individual which is/are unaltered during the lifetime of said anonymous individual or at least unaltered for as long as is required to operate the method of the present invention.
  • said physical characteristic can have various forms known to be uniquely distinguishing an individual from others, comprising data of one or more of the following categories: skeletal data, footprint data, hand palm print data or other hand geometry data, dactyloscopic fingerprint data, dental treatment data, dental cast data, ear geometry data, facial recognition data, iris scan data, voice recognition data, gait pattern data, handwriting data, EEG data, ECG data and biometric data in the form of light induced or x-ray induced photographs, Computer Tomographic scans, or Magnetic Resonance imaging scans, or their digitaiized equivalents.
  • the values of the parameters) of the physical characteristic will be determined as physical quantities and expressed in units of measurement, for which the 7 basic SI units will be used (length, mass, time, electric current, temperature, luminous intensity and amount of substance as outlined in the International System of Quantities and the ISO/IEC 80000) and/or units derived from the 7 basic SI units and/or units which are known to be used in conjunction with said SI units.
  • the characteristic is biological it is derived from a sample of biological material originating from said anonymous individual.
  • Said sample of biological material is chosen from the group consisting of a body part, organ, placenta, umbilical cord, tissue, body fiuid, blood, celi(s), intracellular organelle(s), intracellular components), cell membrane(s), extracellular matrix, hair(s), extracellular component(s), secreted fluid(s), secreted gaseous or volatile compound(s), cell product(s) and combinations thereof.
  • Said biological characteristic is chosen from the group consisting of tissue composition, tissue morphology, body fluid composition, body odor/scent composition, blood composition, cell composition, cell morphology, genomic organization, genomic mutations, genomic deletions, genomic insertions, gene expression patterns, DNA fingerprinting patterns, Restriction Fragment Length Polymorphism (RFLP) patterns, Polymerase Chain Reaction (PCR) products, Real Time Polymerase Chain Reaction (RTPCR) products, Single Nucleotide Polymorphisms (SNPs), RNA structures, patterns of RNA levels, protein expression patterns, extracellular matrix composition, extracellular matrix morphology, protein structures, protein levels, lipid structures, lipid levels, carbohydrate structures, carbohydrate ievels, proteoglycan structures, proteoglycan levels, glycoprotein structures, glycoprotein Ievels, glycolipid structures, glycoiipid ievels, lipoprotein structures, lipoprotein levels, nucleotide structures, nucleotide Ievels, and combinations thereof
  • the encryption of the established value(s) of the parameter(s) of the characteristic that is uniquely distinguishing the anonymous receiver into an anonymous code several methods are known to those skilled in the art of cryptology which to data have been able to withstand attacks to break the code that is resulting from them, like AES and SHA.
  • an algorithm is used that can be run on a computer.
  • the encrypted anonymous code is preferably based on the ASCII character table, or the Windows 1252 character table, or the CP437 character table, or characters from one or more of those tables in combination with characters of alphabets like the Greek alphabet or the Cyrillic alphabet, either directly, or after digitalization, or after translating said values into computer readable data in another way.
  • the encryption is computer assisted and irreversible, meaning that after such encryption there is no key for decryption and that decryption is not possible with presently known means and not within a time frame that is limited by the lifetime of the receiver.
  • Such encryption is performed by for example using SHA 256, which can freely be run via the Internet, in order to enhance the prevention of re-identification of the anonymous receiver and/or the anonymous data related to the anonymous receiver.
  • a transformation takes place of the anonymous numerical or alphanumerica! code into a linear bar code, or 2-dimensional bar code, or into other symbols, wherein the symbols can be chosen from
  • fast communication channels like the Internet, SMS, MMS or other messaging systems, or radio signals, or other fast signals that can carry information.
  • fast communication channels like the Internet, SMS, MMS or other messaging systems, or radio signals, or other fast signals that can carry information.
  • the sender deposits a message accompanied by the appropriate anonymous encrypted code in a P.O. Box arranged by the service provider, of which the sender receives 2 keys from the service provider and passes on one of the keys to the anonymous receiver, for example when the receiver makes anonymous data and/or an anonymous sample of biological material available to the sender.
  • Messages in the P.O. Box can have the form of textual, visual, auditive and/or audiovisual communications and be registered in photo's, or other printed material, tapes, CD's DVD's, memory sticks, or other information carriers known to those skilled in the art.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

La présente invention concerne un procédé pour l'envoi d'un message depuis un expéditeur vers un destinataire anonyme, l'anonymat du destinataire étant maintenu et l'expéditeur étant une personne ou un système automatisé tel qu'un ordinateur ou un autre système électronique, électrique, ou électromécanique capable de l'envoi d'un message et le destinataire étant une personne anonyme spécifique, ledit procédé comprenant plusieurs étapes. Pour permettre l'envoi par l'expéditeur d'un message à un destinataire anonyme spécifique, lors d'une première étape une caractéristique anonyme distinctive de ce destinataire est déterminée, de préférence par le/la destinataire lui-même/elle-même, ou par l'expéditeur, ou par un tiers agissant au nom du destinataire ou de l'expéditeur, les valeurs d'un ou plusieurs paramètre(s) définissant la caractéristique étant mesurées. Suite à l'établissement desdits paramètres, ceux-ci sont utilisés dans une étape suivante pour produire un code numérique ou alphanumérique anonyme chiffré, qui est uniquement distinctif du destinataire anonyme également, pour améliorer le maintien de l'anonymat du destinataire.
PCT/IB2015/001438 2014-06-03 2015-06-03 Procede pour l'envoi d'un message a une personne anonyme specifique, permettant le maintien de l'anonymat de cette personne WO2015185999A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP15771707.5A EP3164961A1 (fr) 2014-06-03 2015-06-03 Procede pour l'envoi d'un message a une personne anonyme specifique, permettant le maintien de l'anonymat de cette personne

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201462006993P 2014-06-03 2014-06-03
US62/006,993 2014-06-03

Publications (1)

Publication Number Publication Date
WO2015185999A1 true WO2015185999A1 (fr) 2015-12-10

Family

ID=54207616

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2015/001438 WO2015185999A1 (fr) 2014-06-03 2015-06-03 Procede pour l'envoi d'un message a une personne anonyme specifique, permettant le maintien de l'anonymat de cette personne

Country Status (2)

Country Link
EP (1) EP3164961A1 (fr)
WO (1) WO2015185999A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001070023A1 (fr) * 2000-02-25 2001-09-27 Jan Jaap Nietfeld Procede d'enregistrement, de memorisation et d'utilisation anonyme de materiau anatomique et/ou d'information derivee de ce materiau
WO2010108929A2 (fr) * 2009-03-23 2010-09-30 Intresco B.V. Procédés d'obtention d'un groupe de symboles distinguant de manière unique un organisme, par exemple l'homme
US20130291060A1 (en) * 2006-02-01 2013-10-31 Newsilike Media Group, Inc. Security facility for maintaining health care data pools

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001070023A1 (fr) * 2000-02-25 2001-09-27 Jan Jaap Nietfeld Procede d'enregistrement, de memorisation et d'utilisation anonyme de materiau anatomique et/ou d'information derivee de ce materiau
US20130291060A1 (en) * 2006-02-01 2013-10-31 Newsilike Media Group, Inc. Security facility for maintaining health care data pools
WO2010108929A2 (fr) * 2009-03-23 2010-09-30 Intresco B.V. Procédés d'obtention d'un groupe de symboles distinguant de manière unique un organisme, par exemple l'homme

Also Published As

Publication number Publication date
EP3164961A1 (fr) 2017-05-10

Similar Documents

Publication Publication Date Title
Feng et al. Private key generation from on‐line handwritten signatures
KR102403295B1 (ko) 동형적으로 암호화된 데이터의 유효성 확인 및 이에 대한 연산을 수행하기 위한 시스템 및 방법
Quantin et al. How to ensure data security of an epidemiological follow-up: quality assessment of an anonymous record linkage procedure
US20130144539A1 (en) Embedded Data DNA Sequence Security System
US9984220B2 (en) Method of authenticating a user holding a biometric certificate
Jain et al. Securing E‐Healthcare Images Using an Efficient Image Encryption Model
McAteer et al. Integration of biometrics and steganography: a comprehensive review
CN104683114A (zh) 基于指纹信息的身份认证方法
Esther Omolara et al. HoneyDetails: A prototype for ensuring patient’s information privacy and thwarting electronic health record threats based on decoys
Kamal et al. Facilitating and securing offline e‐medicine service through image steganography
Dinca et al. User-centric key entropy: Study of biometric key derivation subject to spoofing attacks
Borst et al. The Swiss solution for anonymously chaining patient files
JP2019519874A (ja) 静脈網に基づく生体認証システム、およびツリー構造の唯一で反証可能性のないエンコーディング、及び関連する方法
CN115801382A (zh) 一种用户信息认证方法及系统
Kasat et al. A novel security framework for healthcare data through IOT sensors
JP2024502512A (ja) 個人遺伝子識別情報の取得、制御、アクセス及び/又は表示の方法及びシステム
CN107743119A (zh) 一种电子政务电子证照共享平台及共享方法
Omotosho et al. A secure electronic prescription system using steganography with encryption key implementation
Osho et al. AbsoluteSecure: a tri-layered data security system
Meenakshi et al. Securing revocable iris and retinal templates using combined user and soft biometric based password hardened multimodal fuzzy vault
EP3164961A1 (fr) Procede pour l'envoi d'un message a une personne anonyme specifique, permettant le maintien de l'anonymat de cette personne
CN108334577A (zh) 一种安全多方数值型记录匹配方法
CN115001687B (zh) 一种基于秘密共享的身份隐私数据分布式存储方法和系统
Sahoo et al. A new COVID-19 medical image steganography based on dual encrypted data insertion into minimum mean intensity window of LSB of X-ray scans
JP2007179500A (ja) 匿名化識別情報生成システム、及び、プログラム。

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15771707

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

REEP Request for entry into the european phase

Ref document number: 2015771707

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2015771707

Country of ref document: EP