CNR-ISTI, 56124 Pisa, Italy.
Engineering Ingegneria Informatica S.p.A., 90146 Palermo, Italy.
Sensors (Basel). 2021 Oct 28;21(21):7154. doi: 10.3390/s21217154.
The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR's provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users' consents, while ensuring selective and minimal disclosure of personal information as well as user's unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.
移动设备的日益普及促使智能城市服务蓬勃发展,这些服务共享大量(个人)信息和数据。如果没有准确和经过验证的管理,它们可能成为安全和隐私的严重后门。在本文中,我们提出了一种智能城市基础设施,能够集成基于属性证书的分布式隐私保护身份管理解决方案(p-ABC)、以用户为中心的同意管理器和基于 GDPR 的访问控制机制,以保证 GDPR 规定的执行。因此,该基础设施支持特定目的的定义、数据的收集、对个人数据的访问的规定以及用户的同意,同时确保个人信息的选择性和最小披露以及用户在服务和身份提供方之间的不可链接性。该提案已在由 Murcia 市的智能城市项目 MiMurcia、工业同意管理系统 CaPe 和基于学术 GDPR 的访问控制系统 GENERAL_D 组成的成熟环境中实现、集成和评估,展示了其可行性。
