Privacy Patterns for Pseudonymity

  • Alexander GabelEmail author
  • Ina Schiering
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 547)


To implement the principle of Privacy by Design mentioned in the European General Data Protection Regulation one important measurement stated there is pseudonymisation. Pseudonymous data is widely used in medical applications and is investigated e.g. for vehicular ad-hoc networks and Smart Grid. The concepts used there address a broad range of important aspects and are therefore often specific and complex. Some privacy patterns are already addressing pseudonymity, but they are mostly abstract or rather very specific. This paper proposes privacy patterns for the development of pseudonymity concepts based on the analysis of pseudonymity solutions in use cases.


Privacy by Design Privacy patterns Pseudonymity Anonymity 



This work was supported by the Ministry for Science and Culture of Lower Saxony as part of SecuRIn (VWZN3224).


  1. 1.
    Regulation (EU) 2016/679 of the european parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
  2. 2.
    Biskup, J., Flegel, U.: On pseudonymization of audit data for intrusion detection. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 161–180. Springer, Heidelberg (2001). Scholar
  3. 3.
    Caiza, J.C., Martín, Y.S., Del Alamo, J.M., Guamán, D.S.: Organizing design patterns for privacy: a taxonomy of types of relationships. In: Proceedings of the 22nd European Conference on Pattern Languages of Programs, EuroPLoP 2017, pp. 32:1–32:11. ACM, New York (2017)Google Scholar
  4. 4.
    Camenisch, J., Lehmann, A.: Privacy-preserving user-auditable pseudonym systems. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 269–284, April 2017Google Scholar
  5. 5.
    Caumanns, J.: Der Patient bleibt Herr seiner Daten Realisierung des eGK-Berechtigungskonzepts über ein ticketbasiertes, virtuelles Dateisystem. Informatik-Spektrum 29(5), 323–331 (2006)CrossRefGoogle Scholar
  6. 6.
    Colesky, M., et al.: Privacy patterns. Accessed 1 Aug 2018
  7. 7.
    Drozd, O.: Privacy pattern catalogue: a tool for integrating privacy principles of ISO/IEC 29100 into the software development process. In: Aspinall, D., Camenisch, J., Hansen, M., Fischer-Hübner, S., Raab, C. (eds.) Privacy and Identity 2015. IAICT, vol. 476, pp. 129–140. Springer, Cham (2016). Scholar
  8. 8.
    Falletta, V., Teofili, S., Proto, S., Bianchi, G.: P-DIBS: Pseudonymised DIstributed billing system for improved privacy protection. In: 2007 16th IST Mobile and Wireless Communications Summit, pp. 1–5, July 2007Google Scholar
  9. 9.
    Finster, S., Baumgart, I.: Pseudonymous smart metering without a trusted third party. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 1723–1728, July 2013Google Scholar
  10. 10.
    Gong, Y., Cai, Y., Guo, Y., Fang, Y.: A privacy-preserving scheme for incentive-based demand response in the smart grid. IEEE Trans. Smart Grid 7(3), 1304–1313 (2016)CrossRefGoogle Scholar
  11. 11.
    Gudymenko, I.: A privacy-preserving e-ticketing system for public transportation supporting fine-granular billing and local validation. In: Proceedings of the 7th International Conference on Security of Information and Networks, SIN 2014, pp. 101:101–101:108. ACM, New York (2014)Google Scholar
  12. 12.
    Hafiz, M.: A pattern language for developing privacy enhancing technologies. Softw.: Pract. Exp. 43(7), 769–787 (2013)Google Scholar
  13. 13.
    Henrici, D., Gotze, J., Muller, P.: A hash-based pseudonymization infrastructure for RFID systems. In: Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU 2006), pp. 6-27, June 2006Google Scholar
  14. 14.
    Heurix, J., Karlinger, M., Neubauer, T.: Pseudonymization with metadata encryption for privacy-preserving searchable documents. In: 2012 45th Hawaii International Conference on System Sciences, pp. 3011–3020, January 2012Google Scholar
  15. 15.
    Hillen, C.: The pseudonym broker privacy pattern in medical data collection. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 999–1005, August 2015Google Scholar
  16. 16.
    Hussain, R., Son, J., Kim, D., Nogueira, M., Oh, H., Tokuta, A.O., Seo, J.: PBF: a new privacy-aware billing framework for online electric vehicles with bidirectional auditability. Wirel. Commun. Mob. Comput. 2017 (2017)CrossRefGoogle Scholar
  17. 17.
    IBM Research - Zürich: Specification of the identity mixer cryptographic library version 2.4.43. Accessed 1st Aug 2018
  18. 18.
    Lenhard, J., Fritsch, L., Herold, S.: A literature study on privacy patterns research. In: 2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pp. 194–201. IEEE (2017)Google Scholar
  19. 19.
    Liu, H., Ning, H., Zhang, Y., Guizani, M.: Battery status-aware authentication scheme for V2G networks in smart grid. IEEE Trans. Smart Grid 4(1), 99–110 (2013)CrossRefGoogle Scholar
  20. 20.
    Lu, R., Lin, X., Luan, T.H., Liang, X., Shen, X.: Pseudonym changing at social spots: an effective strategy for location privacy in VANETs. IEEE Trans. Veh. Technol. 61(1), 86–96 (2012)CrossRefGoogle Scholar
  21. 21.
    Mano, K., Minami, K., Maruyama, H.: Privacy-preserving publishing of pseudonym-based trajectory location data set. In: 2013 International Conference on Availability, Reliability and Security, pp. 615–624, September 2013Google Scholar
  22. 22.
    Martinez-Pelaez, R., Rico-Novella, F., Satizabal, C.: Mobile payment protocol for micropayments: withdrawal and payment anonymous. In: 2008 New Technologies, Mobility and Security, pp. 1–5, November 2008Google Scholar
  23. 23.
    Narayanan, A., Shmatikov, V.: Robust De-anonymization of Large Sparse Datasets. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy, SP 2008, pp. 111–125. IEEE Computer Society, Washington, DC, USA (2008)Google Scholar
  24. 24.
    Neubauer, T., Kolb, M.: Technologies for the pseudonymization of medical data: a legal evaluation. In: 2009 Fourth International Conference on Systems, pp. 7–12, March 2009Google Scholar
  25. 25.
    Neubauer, T., Heurix, J.: A methodology for the pseudonymization of medical data. Int. J. Med. Inform. 80(3), 190–204 (2011)CrossRefGoogle Scholar
  26. 26.
    Noumeir, R., Lemay, A., Lina, J.M.: Pseudonymization of radiology data for research purposes. J. Digit. Imaging 20(3), 284–295 (2007)CrossRefGoogle Scholar
  27. 27.
    PCI Security Standards Council: Tokenization product security guidelines. Technical report 1.0, PCI Security Standards Council, April 2015.
  28. 28.
    Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (2010)Google Scholar
  29. 29.
    Pommerening, K., Reng, M.: Secondary use of the EHR via pseudonymisation. Stud. Health Technol. Inform. 103, 441–446 (2004)Google Scholar
  30. 30.
    Rahim, Y.A., Sahib, S., Ghani, M.K.A.: Pseudonmization techniques for clinical data: Privacy study in Sultan Ismail Hospital Johor Bahru. In: 7th International Conference on Networked Computing, pp. 74–77, September 2011Google Scholar
  31. 31.
    Riedl, B., Grascher, V., Neubauer, T.: Applying a threshold scheme to the pseudonymization of health data. In: 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), pp. 397–400, December 2007Google Scholar
  32. 32.
    Rottondi, C., Mauri, G., Verticale, G.: A data pseudonymization protocol for smart grids. In: 2012 IEEE Online Conference on Green Communications (GreenCom), pp. 68–73, September 2012Google Scholar
  33. 33.
    Schumacher, M.: Security patterns and security standards - with selected security patterns for anonymity and privacy. In: Privacy, European Conference on Pattern Languages of Programs (EuroPLoP 2003) (2003)Google Scholar
  34. 34.
    Seigneur, J.M., Jensen, C.D.: Trust enhanced ubiquitous payment without too much privacy loss. In: Proceedings of the 2004 ACM Symposium on Applied Computing, SAC 2004, pp. 1593–1599. ACM, New York (2004)Google Scholar
  35. 35.
    Stingl, C., Slamanig, D.: Berechtigungskonzept für ein ehealth-portal. na (2007)Google Scholar
  36. 36.
    Sweeney, L.: Simple demographics often identify people uniquely. Health (San Franc.) 671, 1–34 (2000)Google Scholar
  37. 37.
    Thenmozhi, T., Somasundaram, R.M.: Pseudonyms based blind signature approach for an improved secured communication at social spots in VANETs. Wirel. Pers. Commun. 82(1), 643–658 (2015)CrossRefGoogle Scholar
  38. 38.
    Zhao, X., Li, H.: Privacy preserving authenticating and billing scheme for video streaming service. In: Wen, S., Wu, W., Castiglione, A. (eds.) CSS 2017. LNCS, vol. 10581, pp. 396–410. Springer, Cham (2017). Scholar

Copyright information

© IFIP International Federation for Information Processing 2019

Authors and Affiliations

  1. 1.Ostfalia University of Applied SciencesWolfenbüttelGermany

Personalised recommendations