Skip to main content

Fujitsu

Global

Archived content

NOTE: this is an archived page and the content is likely to be out of date.

Fujitsu Develops Novel Technologies to Protect Sensor Data Privacy, from Collection to Utilization

Fujitsu Laboratories Ltd.

Kawasaki, Japan, October 22, 2012

Fujitsu Laboratories Limited has developed technologies that protect the privacy of sensor data—such as data from intelligent home appliances and location data—starting from the data collection stage to utilization of the analytic results. Protection of such data is vital, as with its increasing utilization data leaks and other breaches of privacy have become a worrisome social issue.

These technologies consist of: 1) partial decryption technology that takes encrypted sensor data and masks a portion of it, replaces the user ID to an anonymous ID, or converts the encryption key, while maintaining encryption; and 2) anonymous access technology by which users, without divulging their ID to the utilization service, are able to receive their own analytic results from the utilization service.

These technologies enable users to effectively control their private data within the pool of sensor data so that it is safe to use third-party contractors to handle the processing involved in data utilization.

These technologies will be presented at the Computer Security Symposium 2012 (CSS2012), which will be held at KUNIBIKI MESSE (Shimane Prefectural Convention Center) October 30th - November 1st, 2012, sponsored by the Computer Security Group of the Information Processing Society of Japan.

Background

The emergence of the big data era has boosted expectations of a dramatic rise in the collection and utilization of pools of sensor data, such as data from intelligent home appliances, location data, camera monitors and smart meters. Despite a significant amount of data linked to individuals included in these pools, up until now only limited privacy protections have been implemented. Regulations, however, are in the process of being strengthened around the world, as with the EU Data Protection Directive(1). Accordingly, there will be a need to collect and utilize this sensor data while protecting privacy.

Fujitsu Laboratories previously developed and validated data masking technology to enable the secure use of data being transmitted between clouds. Now the application of this technology has been expanded to preserve the privacy of sensor data during collection and utilization.

Figure 1. Example of secure use of sensor data using the new technologies

Technological Issues

Sensor data includes data that identify individuals—user IDs, as well as other sorts of private information, such as the routes people take in transit or whether they are home or not. Accordingly, if these data are linked back to the individuals, all kinds of information about an individual's actions and behavior would become exposed, posing a serious danger. For example, burglars may rob a home if they know the owner is out. Therefore, a need exists for individuals to be able to change their ID in the data and restrict content provided so that only designated service providers can use it.

With conventional encryption technologies, such as SSL communication, users' IDs and data can be protected along the transmission route, but the data is decrypted once the data reach the recipient, making this an inadequate method for protecting privacy. Moreover, for a given set of data, this method does not allow the use ID to be replaced, or the encryption key to be converted for each separate recipient of the data.

The Newly Developed Technology

To resolve these problems, Fujitsu Laboratories developed privacy-protection technologies for sensor data, protecting it from the collection stage to utilization, the first technology of its kind in the world (figure 1). This technology has the following features.

1. Partial Decryption Technology

Partial decryption technology takes encrypted sensor data and enables the masking of a portion of the sensitive data, while also enabling the user IDs to be replaced or encryption keys to be converted, while maintaining encryption. From the time the data leave the home gateway to the time they arrive at the utilization service provider, they never once revert to their raw, unencrypted state (figure 2). With this technology users can for each individual utilization service provider customize the data provision policies of their data by masking a portion of the sensor data or replacing their IDs for the purpose of analytics. In this way, only designated utilization service providers would be able to see the data, enabling individuals' privacy to be preserved.

Figure 2. Overview of Partial Decryption Technology

2. Anonymous Access Technology

Anonymous access technology enables users, without divulging their IDs to the utilization service, to receive their own analytic results from the utilization service. When a utilization service provider receives a request from a user (through an anonymous access application) for the analytic results of the sensor data, it issues an access ticket (like the tickets issued by some retailers to determine who is next in line for service). Upon receiving the access ticket, the user then logs onto a distribution service using his or her user ID and provides the information on the access ticket.

The distribution service provider informs the utilization service provider of the anonymous ID for the analytics corresponding to the user ID and the access ticket information. The utilization service provider analyzes the data of the anonymous ID, and then returns the analytic results to the user to whom it had issued the access ticket (figure 3). In this process, because the utilization service is never informed of the user ID, it is unable to identify the individual user, avoiding the risk, for example, that the analytic results could be used to identify houses where no one is home. There is also a benefit to the utilization service in that it avoids the need to manage unnecessary personal data.

Figure 3. Overview of Anonymous Access Technology

Results

With these technologies, users can control on their own contents of the sensor data they provide and the utilization services to which they wish to provide it. For example, through the use of a smart meter, while keeping all homes anonymous, a household could compare its electricity consumption trends to the average home in its region and optimize the use of electricity within the household. Or, using travel data from automobiles, without identifying individual drivers, it would be possible to analyze areas where it is dangerous to drive.

Future Plans

Fujitsu Laboratories plans to validate the technologies using actual location or other data and, in the future, apply it to network services and cooperative initiatives between multiple cloud services.


  • [1] EU Data Protection Directive:

    A directive that provides a framework for personal data protection in the EU. Individual EU countries are requested to implement domestic regulations that conform to this framework. On January, 2012, draft legislation was presented that, in essence, converts the directive into a regulation and contains new provisions that strengthen the right to control one's own personal data.

About Fujitsu

Fujitsu is the leading Japanese information and communication technology (ICT) company offering a full range of technology products, solutions and services. Over 170,000 Fujitsu people support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE:6702) reported consolidated revenues of 4.5 trillion yen (US$54 billion) for the fiscal year ended March 31, 2012. For more information, please see http://www.fujitsu.com.

About Fujitsu Laboratories

Founded in 1968 as a wholly owned subsidiary of Fujitsu Limited, Fujitsu Laboratories Limited is one of the premier research centers in the world. With a global network of laboratories in Japan, China, the United States and Europe, the organization conducts a wide range of basic and applied research in the areas of Next-generation Services, Computer Servers, Networks, Electronic Devices and Advanced Materials. For more information, please see: http://jp.fujitsu.com/labs/en.

Technical Contacts

Software Systems Laboratories
IT Systems Laboratories

E-mail: E-mail: inquiry_sensordata_privacy@ml.labs.fujitsu.com
Company:Fujitsu Laboratories Ltd.

Press Contacts

Public and Investor Relations Division
Inquiries

Company:Fujitsu Limited


All company or product names mentioned herein are trademarks or registered trademarks of their respective owners. Information provided in this press release is accurate at time of publication and is subject to change without advance notice.

Date: 22 October, 2012
City: Kawasaki, Japan
Company: Fujitsu Laboratories Ltd., , , , , , , , , ,