How to Share Identifiers and Not Reveal More Than Necessary

The Cross-CPP project defines a new concept of identification services that enable users to share their identity and the identity of related entities with service providers (for example, to be able to get a cheaper vehicle insurance plan if the insurance company is allowed to monitor user’s driving behaviour) but, at the same time, let the user have a full control on the information that does not directly identify an entity (such as a geo-located temperature measurement) but could reveal user’s identity when combined with other data (for example, a regular travel from a distant place in a specific time). The following figure describes an overall schema of the system and positions it in the context of other Cross-CPP modules.

Identification services primarily interact with the CPP Cloud storage and CPP Big data marketplace and interlink the data with additional information. Service providers or, potentially, Cyber-physical products can ask for particular functions by invoking relevant services and reading results. The data access policy is managed by the Cross-CPP Security module but the policy can also specify that the only way a particular service provider could receive a data is in a privacy-aware transformed form (for example, data aggregated for relevant map tiles rather than exact GPS locations).

Similarly, a rule for data filtration can employ a context (by invoking the Context awareness module) to deliver only a relevant subset of the data agreed upon a contract between the data owner (for example, a building operator or a vehicle owner) and a service provider (for example, a weather forecast service asking only for plausible measurements of the outside temperature). The implemented functionality will help Cross-CPP guarantee privacy-aware data sharing in the CPP Big Data Marketplace.