The Trusted Server: Concept and reference implementation of a fully autonomous and trustworthy computational server providing an advanced level of Privacy by Design through mac
share
Privacy by Design is a core element of the EU General Data Protection Regulation and of similar legislation in other countries. It both proposes and demands the use of appropriate methods to protect personal data and the privacy of individuals whose data is stored and processed in computing environments. These requirements are currently met through anonymization, pseudonymization and encryption. Multi-stage pseudonymization enhances privacy by assuring no single institution or person is in possession of sufficient data to identify an individual. This means privacy is not ensured by design, but rather based on workflow complexity and trust on individuals, especially that of system administrators who have unlimited access to systems and data under their governance. Secure Multiparty Computation using full data encryption is a promising method that has made substantial progress, though real-world cases are rare and highly specific. The Trusted Server is a completely autonomous and generic implementation of Privacy by Design. Once set up and running, it is irrevocably sealed for its whole lifecycle allowing only explicitly imple-mented data input, access, processing and output. Being unlimitedly validatable and verifiable, it supersedes trust built upon human individuals thus acting as trustworthy entity itself. It is strictly standard compliant, easy to set up and use, and is suitable for almost any computational service or processing task other than persistent storage. The Trusted Server allows implementation of straightforward solutions with full privacy protection for otherwise complex problems, as demonstrated in the following examples: first, a reference implementation of a fully-anonymous yet access-controlled web feedback submission server; second, a solution for Yao's Millionaires' Problem is given, which requires just a few simple scripts.
READ FULL TEXT