{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T10:59:56Z","timestamp":1761562796114,"version":"3.37.3"},"reference-count":42,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2021,7,19]],"date-time":"2021-07-19T00:00:00Z","timestamp":1626652800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,7,19]],"date-time":"2021-07-19T00:00:00Z","timestamp":1626652800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100016111","name":"Universit\u00e0 degli Studi Mediterranea di Reggio Calabria","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100016111","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2022,10]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The General Data Protection Regulation highlights the principle of data minimization, which means that only data required to successfully accomplish a given task should be processed. In this paper, we propose a Blockchain-based scheme that allows users to have control over the personal data revealed when accessing a service. The proposed solution does not rely on sophisticated cryptographic primitives, provides mechanisms for revoking the authorization to access a service and for guessing the identity of a user only in cases of need, and is compliant with the recent eIDAS Regulation. We prove that the proposed scheme is secure and reaches the expected goal, and we present an Ethereum-based implementation to show the effectiveness of the proposed solution.<\/jats:p>","DOI":"10.1007\/s10796-021-10150-8","type":"journal-article","created":{"date-parts":[[2021,7,19]],"date-time":"2021-07-19T15:03:40Z","timestamp":1626707020000},"page":"1563-1575","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["A System to Access Online Services with Minimal Personal Information Disclosure"],"prefix":"10.1007","volume":"24","author":[{"given":"Antonia","family":"Russo","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5226-0870","authenticated-orcid":false,"given":"Gianluca","family":"Lax","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Baptiste","family":"Dromard","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Menad","family":"Mezred","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,7,19]]},"reference":[{"key":"10150_CR1","doi-asserted-by":"crossref","unstructured":"Attrapadung, N, & Imai, H (2009). Dual-policy attribute based encryption. In M. Abdalla, D. Pointcheval, P.A. Fouque, & D. Vergnaud (Eds.) Applied cryptography and network security (pp. 168\u2013185). Berlin: Springer.","DOI":"10.1007\/978-3-642-01957-9_11"},{"key":"10150_CR2","unstructured":"Bertoni, G, Daemen, J, Peeters, M, & Van Assche, G. (2009). Keccak specifications. Submission to nist (round 2), pp 320\u2013337."},{"key":"10150_CR3","doi-asserted-by":"publisher","unstructured":"Bethencourt, J, Sahai, A, & Waters, B (2007). Ciphertext-policy attribute-based encryption. In 2007 IEEE Symposium on Security and Privacy (SP \u201907). https:\/\/doi.org\/10.1109\/SP.2007.11 (pp. 321\u2013334).","DOI":"10.1109\/SP.2007.11"},{"key":"10150_CR4","unstructured":"CEF Digital. (2019). eID Profile. https:\/\/ec.europa.eu\/cefdigital\/wiki\/display\/CEFDIGITAL\/eIDAS+eID+Profile, Accessed 13 January 2021."},{"key":"10150_CR5","unstructured":"eIDAS eID Technical Subgroup. (2019). eIDAS SAML Message Format. https:\/\/ec.europa.eu\/cefdigital\/wiki\/download\/attachments\/82773108\/eIDAS%20SAML%20Attribute%20Profile%20v1.2%20Final.pdf, Accessed 13 January 2021."},{"key":"10150_CR6","unstructured":"Ethereum. (2020). https:\/\/www.ethereum.org, Accessed 13 January 2021."},{"key":"10150_CR7","unstructured":"Ethereum and IPFS APIs. (2020). https:\/\/infura.io\/, Accessed 13 January 2021."},{"key":"10150_CR8","unstructured":"Ethereum dApps. (2020). Explore Decentralized Applications. https:\/\/www.stateofthedapps.com, Accessed 13 January 2021."},{"key":"10150_CR9","unstructured":"European Commission. (2016). eIDAS Regulation (Regulation (EU) N 910\/2014). https:\/\/ec.europa.eu\/futurium\/en\/content\/eidas-regulation-regulation-eu-ndeg9102014, Accessed 13 January 2021."},{"key":"10150_CR10","unstructured":"European Parliament. (2016). General data protection regulation. https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679, Accessed 13 January 2021."},{"key":"10150_CR11","doi-asserted-by":"crossref","unstructured":"Goyal, V, Pandey, O, Sahai, A, & Waters, B (2006). Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on Computer and communications security (pp. 89\u201398). ACM.","DOI":"10.1145\/1180405.1180418"},{"key":"10150_CR12","doi-asserted-by":"publisher","first-page":"11676","DOI":"10.1109\/ACCESS.2018.2801266","volume":"6","author":"R Guo","year":"2018","unstructured":"Guo, R, Shi, H, Zhao, Q, & Zheng, D (2018). Secure attribute-based signature scheme with multiple authorities for blockchain in electronic health records systems. IEEE Access, 6, 11676\u201311686.","journal-title":"IEEE Access"},{"key":"10150_CR13","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1016\/j.comcom.2018.08.010","volume":"130","author":"JL Hern\u00e1ndez-Ramos","year":"2018","unstructured":"Hern\u00e1ndez-Ramos, JL, P\u00e9rez, S, Hennebert, C, Bernab\u00e9, J B, Denis, B, Macabies, A, & Skarmeta, A F (2018). Protecting personal data in IoT platform scenarios through encryption-based selective disclosure. Computer Communications, 130, 20\u201337.","journal-title":"Computer Communications"},{"key":"10150_CR14","doi-asserted-by":"crossref","unstructured":"Hu, V C, Ferraiolo, D, Kuhn, R, Friedman, A R, Lang, A J, Cogdell, M M, Schnitzer, A, Sandlin, K, Miller, R, Scarfone, K, & et al. (2013). Guide to attribute based access control (abac) definition and considerations (draft). NIST special publication, 800(162).","DOI":"10.6028\/NIST.SP.800-162"},{"issue":"7","key":"10150_CR15","doi-asserted-by":"publisher","first-page":"1214","DOI":"10.1109\/TPDS.2010.203","volume":"22","author":"J Hur","year":"2010","unstructured":"Hur, J, & Noh, D K (2010). Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Transactions on Parallel and Distributed Systems, 22(7), 1214\u20131221.","journal-title":"IEEE Transactions on Parallel and Distributed Systems"},{"issue":"3","key":"10150_CR16","doi-asserted-by":"publisher","first-page":"177","DOI":"10.4236\/jis.2018.93013","volume":"9","author":"I Karamitsos","year":"2018","unstructured":"Karamitsos, I, Papadaki, M, & Al Barghuthi, NB (2018). Design of the blockchain smart contract: a use case for real estate. Journal of Information Security, 9(3), 177\u2013190.","journal-title":"Journal of Information Security"},{"key":"10150_CR17","doi-asserted-by":"crossref","unstructured":"Kim, J, Baskerville, R L, & Ding, Y. (2018). Breaking the privacy kill chain: Protecting individual and group privacy online. Information Systems Frontiers, 1\u201315.","DOI":"10.1007\/s10796-018-9856-5"},{"key":"10150_CR18","doi-asserted-by":"crossref","unstructured":"Lee, J K, Chang, Y, Kwon, H Y, & Kim, B. (2020). Reconciliation of privacy with preventive cybersecurity: the bright internet approach. Information Systems Frontiers, 1\u201313.","DOI":"10.1007\/s10796-020-09984-5"},{"key":"10150_CR19","doi-asserted-by":"publisher","unstructured":"Liang, X, Cao, Z, Lin, H, & Shao, J (2009). Attribute based proxy re-encryption with delegating capabilities. In Proceedings of the 4th international symposium on information, computer, and communications security (pp. 276\u2013286 ), DOI https:\/\/doi.org\/10.1145\/1533057.1533094, (to appear in print).","DOI":"10.1145\/1533057.1533094"},{"key":"10150_CR20","doi-asserted-by":"crossref","unstructured":"Lor\u00fcnser, T, Slamanig, D, L\u00e4nger, T, & P\u00f6hls, HC (2016). Prismacloud tools: a cryptographic toolbox for increasing security in cloud services. In 2016 11Th international conference on availability, reliability and security (ARES) (pp. 733\u2013741). IEEE.","DOI":"10.1109\/ARES.2016.62"},{"key":"10150_CR21","doi-asserted-by":"crossref","unstructured":"Maesa, DDF, Mori, P, & Ricci, L (2017). Blockchain based access control. In IFIP international conference on distributed applications and interoperable systems (pp. 206\u2013220). Springer.","DOI":"10.1007\/978-3-319-59665-5_15"},{"key":"10150_CR22","unstructured":"Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. https:\/\/bitcoin.org\/bitcoin.pdf."},{"issue":"18","key":"10150_CR23","doi-asserted-by":"publisher","first-page":"5943","DOI":"10.1002\/sec.1748","volume":"9","author":"A Ouaddah","year":"2016","unstructured":"Ouaddah, A, Abou Elkalam, A, & Ait Ouahman, A (2016). Fairaccess: a new blockchain-based access control framework for the internet of things. Security and Communication Networks, 9(18), 5943\u20135964.","journal-title":"Security and Communication Networks"},{"key":"10150_CR24","doi-asserted-by":"crossref","unstructured":"Pinno, O J A, Gregio, A R A, & De Bona, L C (2017). Controlchain: Blockchain as a central enabler for access control authorizations in the IoT. In GLOBECOM 2017\u20132017 IEEE Global Communications Conference (pp. 1\u20136). IEEE.","DOI":"10.1109\/GLOCOM.2017.8254521"},{"key":"10150_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.future.2018.09.025","volume":"92","author":"W Priesnitz Filho","year":"2019","unstructured":"Priesnitz Filho, W, Ribeiro, C, & Zefferer, T (2019). Privacy-preserving attribute aggregation in eid federations. Future Generation Computer Systems, 92, 1\u201316.","journal-title":"Future Generation Computer Systems"},{"key":"10150_CR26","unstructured":"Provable blockchain. (2020). The Provable blockchain oracle for modern DApps. http:\/\/provable.xyz\/, Accessed 13 January 2021."},{"key":"10150_CR27","unstructured":"RIPEMD160. (2020). https:\/\/en.wikipedia.org\/wiki\/RIPEMD, Accessed 13 January 2021."},{"key":"10150_CR28","unstructured":"Ropsten Testnet Explorer. (2020). https:\/\/ropsten.etherscan.io, Accessed 13 January 2021."},{"key":"10150_CR29","doi-asserted-by":"crossref","unstructured":"Sahai, A, & Waters, B (2005). Fuzzy identity-based encryption. In Annual international conference on the theory and applications of cryptographic techniques (pp. 457\u2013473). Springer.","DOI":"10.1007\/11426639_27"},{"key":"10150_CR30","unstructured":"SAML. (2020). https:\/\/en.wikipedia.org\/wiki\/SAML_2.0, Accessed 13 January 2021."},{"issue":"9","key":"10150_CR31","doi-asserted-by":"publisher","first-page":"1788","DOI":"10.3390\/app9091788","volume":"9","author":"S Sayeed","year":"2019","unstructured":"Sayeed, S, & Marco-Gisbert, H (2019). Assessing blockchain consensus and security mechanisms against the 51% attack. Applied Sciences, 9(9), 1788.","journal-title":"Applied Sciences"},{"key":"10150_CR32","unstructured":"SHA-2. (2020). https:\/\/en.wikipedia.org\/wiki\/SHA-2, Accessed 13 January 2021."},{"key":"10150_CR33","doi-asserted-by":"crossref","unstructured":"Shin, D, & Hwang, Y. (2020). The effects of security and traceability of blockchain on digital affordance. Online Information Review.","DOI":"10.1108\/OIR-01-2019-0013"},{"key":"10150_CR34","doi-asserted-by":"crossref","unstructured":"Shin, D, & Ibahrine, M. (2020). The socio-technical assemblages of blockchain system: How blockchains are framed and how the framing reflects societal contexts. Digital Policy, Regulation and Governance.","DOI":"10.1108\/DPRG-11-2019-0095"},{"key":"10150_CR35","doi-asserted-by":"publisher","first-page":"101278","DOI":"10.1016\/j.tele.2019.101278","volume":"45","author":"DD Shin","year":"2019","unstructured":"Shin, D D (2019). Blockchain: The emerging technology of digital trust. Telematics and Informatics, 45, 101278.","journal-title":"Telematics and Informatics"},{"key":"10150_CR36","doi-asserted-by":"crossref","unstructured":"Shin, D D, Fotiadis, A, & Yu, H. (2019). Prospectus and limitations of algorithmic governance: an ecological evaluation of algorithmic trends. Digital Policy, Regulation and Governance.","DOI":"10.1108\/DPRG-03-2019-0017"},{"issue":"5","key":"10150_CR37","doi-asserted-by":"publisher","first-page":"428","DOI":"10.1016\/j.intcom.2010.05.001","volume":"22","author":"DH Shin","year":"2010","unstructured":"Shin, D H (2010). The effects of trust, security and privacy in social networking: a security-based approach to understand the pattern of adoption. Interacting with computers, 22(5), 428\u2013438.","journal-title":"Interacting with computers"},{"key":"10150_CR38","unstructured":"Solidity. (2020). https:\/\/solidity.readthedocs.io\/en\/v0.5.8, Accessed 13 January 2021."},{"key":"10150_CR39","volume-title":"Blockchain: Blueprint for a new economy","author":"M Swan","year":"2015","unstructured":"Swan, M. (2015). Blockchain: Blueprint for a new economy. Boston: O\u2019Reilly Media Inc."},{"key":"10150_CR40","doi-asserted-by":"crossref","unstructured":"Wang, G, Liu, Q, & Wu, J (2010). Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 735\u2013737). ACM.","DOI":"10.1145\/1866307.1866414"},{"key":"10150_CR41","doi-asserted-by":"publisher","first-page":"38437","DOI":"10.1109\/ACCESS.2018.2851611","volume":"6","author":"S Wang","year":"2018","unstructured":"Wang, S, Zhang, Y, & Zhang, Y (2018). A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems. IEEE Access, 6, 38437\u201338450.","journal-title":"IEEE Access"},{"key":"10150_CR42","unstructured":"Web3j SDK. (2020). https:\/\/web3j.io\/, Accessed 13 January 2021."}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-021-10150-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10796-021-10150-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-021-10150-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,5]],"date-time":"2022-12-05T17:29:22Z","timestamp":1670261362000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10796-021-10150-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,19]]},"references-count":42,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2022,10]]}},"alternative-id":["10150"],"URL":"https:\/\/doi.org\/10.1007\/s10796-021-10150-8","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"type":"print","value":"1387-3326"},{"type":"electronic","value":"1572-9419"}],"subject":[],"published":{"date-parts":[[2021,7,19]]},"assertion":[{"value":"21 May 2021","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 July 2021","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"<!--Emphasis Type='Bold' removed-->Conflict of Interests"}}]}}