Open Pseudonymiser Project Julia Hippisley-Cox, 2011 www.openpseudonymiser.org.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure and Applications

Advertisements

Computer Technology Timpview High School. A collection of local, regional, national, and international computer networks that are linked together to exchange.

The Data Linkage Service 1. New service launched in September 2012 Brought together two established data linkage services with over 50 years’ experience.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Confidentiality and Privacy Controls

Pseudonymisation at source “preserving patient confidentiality & public trust in doctors” Julia Hippisley-Cox 11 th July 2013 BMA House JGPIT.

Wireless access Nottingham, 23 rd April 2013 Pseudonymisation workshop.

Open Pseudonymisation Project Julia Hippisley-Cox,

Information Sharing Options Phil Walker. Outline I have been asked to present a range of options for lawful data sharing. There is unlikely to be one.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Copyright Justin Klein Keane InfoSec Training Encryption.

Online Security Tuesday April 8, 2003 Maxence Crossley.

Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

NHS e-Lab Nottingham, September 2010 John Ainsworth

Encryption Methods By: Michael A. Scott

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Public Key Encryption An example of how a bank might accomplish encryption.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Research Databases for NRES London 29 th Feb 2012.

Security SIG August 19, 2010 Justin C. Klein Keane

What’s new in Q new tools for commissioning & early diagnosis Professor Julia Hippisley-Cox EMIS NUG, Warwick 2011.

Chapter 31 Network Security

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

Open Pseudonymisation workshop Nottingham 22 nd Sept 2011.

Running A Profitable Web Site. Even with the web authoring tools and so many other resources at your disposal, it will still require a lot of work and.

CIS 450 – Network Security Chapter 8 – Password Security.

SODA Archiving October 2013

Databases and security continued CMSC 461 Michael Wilson.

Masked Ballot Voting for Receipt-Free Online Elections Sam Heinith, David Humphrey, and Maggie Watkins.

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

CPS 82, Fall Open Source, Copyright, Copyleft.

Julia Hippisley-Cox University of Nottingham June 2013 Open Pseudonymisation.

PGP ENCRYPTION Prepared by Noel Kigaraba. Introduction This presentation explains the basic information about PGP encryption software. It discusses the.

Case Study II: A Web Server CSCI 8710 September 30 th, 2008.

Types of Electronic Infection

Professor Julia Hippisley-Cox GP Clinical Epidemiologist Director QResearch Director ClinRisk Ltd Member ECC NIGB London July 2011.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded.

Altman IM Ltd | | process | verify | convert | route | connect Prism Software’s solutions provide advanced workflow.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

WSV Problem Background 3. Accelerated Protocols and Workloads 4. Deployment and Management 2. BranchCache Solution Modes 5. BranchCache Protocols.

OARN Database UPDATE – SEPTEMBER We’re Live – and Testing  The site is up and running in Google’s data centers:  The site has been secured: 

GNOME, KDE and X Windows. The GNOME Project was started in 1997 to produce a free (as in freedom) desktop environment. GNU Network Object Model Environment.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential outline What is a VPN? What is a VPN?  Types of VPN.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Security SIG August 19, 2010 Justin C. Klein Keane

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.

Pseudonymisation at source “preserving patient confidentiality & public trust in doctors” Julia Hippisley-Cox & Hasib Ur Rub Richmond House 29 th Nov 2013.

Security of, privacy of and access to personal/confidential information/data.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

ENGR 101 Compression and Encryption. Todays Lecture  Encryption  Symmetric Ciphers  Public Key Cryptography  Hashing.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

A Seminar On. What is Cloud Computing? Distributed computing on internet Or delivery of computing service over the internet. Eg: Yahoo!, GMail, Hotmail-

Cryptographic Hash Function

NET 311 Information Security

Lesson Objectives Aims You should know about: 1.3.1:

Install AD Certificate Services

Electronic Payment Security Technologies

Cryptography Fundamentals

Pseudonymised Matching: Robustly Linking Molecular and Prescription Data to Cancer Registry Data in England Brian Shand, Fiona McRonald, Katherine Henson,

Presentation transcript:

Open Pseudonymiser Project Julia Hippisley-Cox,

Open pseudonymiser approach Need approach which doesn’t extract identifiable data but still allows linkageNeed approach which doesn’t extract identifiable data but still allows linkage Legal ethical and NIGB approvalsLegal ethical and NIGB approvals Secure, ScalableSecure, Scalable Reliable, AffordableReliable, Affordable Generates ID which are Unique to projectGenerates ID which are Unique to project Can be used by any set of organisations wishing to share dataCan be used by any set of organisations wishing to share data Pseudoymisation applied as close as possible to identifiable data ie within clinical systemsPseudoymisation applied as close as possible to identifiable data ie within clinical systems

Pseudonymisation: method Scrambles NHS number BEFORE extraction from clinical systemScrambles NHS number BEFORE extraction from clinical system Takes NHS number + project specific encrypted ‘salt code’ One way hashing algorithm (SHA2-256) – no collisions and US standard from 2010 Applied twice - before leaving clinical system & on receipt by next organisation Apply identical software to second datasetApply identical software to second dataset Allows two pseudonymised datasets to be linkedAllows two pseudonymised datasets to be linked Cant be reversed engineeredCant be reversed engineered

Wed tool to create encrypted salt: proof of concept Web site private key used to encrypt user defined project specific saltWeb site private key used to encrypt user defined project specific salt Encrypted salt distributed to relevant data supplier with identifiable dataEncrypted salt distributed to relevant data supplier with identifiable data Public key in supplier’s software to decrypt salt at run time and concatenate to NHS number (or equivalent)Public key in supplier’s software to decrypt salt at run time and concatenate to NHS number (or equivalent) Hash then appliedHash then applied Resulting ID then unique to patient within projectResulting ID then unique to patient within project

Openpseudonymiser.org Website for evaluation and testing withWebsite for evaluation and testing with Desktop applicationDesktop application DLL for integrationDLL for integration Test dataTest data DocumentationDocumentation Utility to generate encrypted salt codesUtility to generate encrypted salt codes Source code GNU GPLSource code GNU GPL (note: currently undertaking freedom to operate checks)(note: currently undertaking freedom to operate checks)

Key points Pseudonymisation at sourcePseudonymisation at source Instead of extracting identifiers and storing lookup tables/keys centrally, then technology to generate key is stored within the clinical systemsInstead of extracting identifiers and storing lookup tables/keys centrally, then technology to generate key is stored within the clinical systems Use of project specific encrypted salted hash ensures secure sets of ID unique to projectUse of project specific encrypted salted hash ensures secure sets of ID unique to project Full control of data controllerFull control of data controller Can work in addition to existing approachesCan work in addition to existing approaches Open source technology so transparent & freeOpen source technology so transparent & free