The main idea of PlugDB is to embed in secure hardware (e.g., smart cards with large storage capacity) software components capable of acquiring, storing and managing various forms of personal data (e.g., payment slips, bills, bank statements, medical data, geolocation traces, etc.) depending on the target applications.
PlugDB organizes the personal space of an individual under the form of a relational database containing the data itself and/or links to encrypted data stored on a PC or on external servers.
Sharing rules are then defined by the individual. Some of these rules can be predefined (e.g., in the medical field, strict prerogatives are defined for each role: physician, nurse, physiotherapist, etc.) and can be enriched by the individual if needed.
When a user (or an application)connects to the personal server of an individual (see figure), it authenticates (e.g., with its biometric fingerprint) and can then query the data. The PlugDB engine embedded in the secure chip calculates the result of these queries based on the authorized view of the user/application.
Thus, Jules’ data can be displayed in different ways depending on the querier. Jules’s personal server can even allow a user/application to see the result of a calculation (e.g., an average), while the data itself remain secret. The PlugDB engine inherits the physical security of the smart card, providing strong guarantees against the circumvention of the access rules.
An encrypted archive of the personal server content is maintained on a server, so the personal data can be restored in case of loss or accidental destruction of the personal server. The key to decrypt the archive is stored via an escrow mechanism to which only the data owner has access.
Click to enlarge
Next: Hardware security
