Nowadays, unstoppable growing of communication techniques involves several advantages and new ways of transmitting data which were unthinkable not long ago. It is common collecting any kind of data from anywhere just by adding a communication module to any device.
One may think in tracking systems used by the postal service or delivery companies, the big amount of data collected in the cities by means of different sensors placed on the streets or the health devices used for monitoring chronic patients allowing supervision from hospitals.
As the number of communications is increasing and more and more data are travelling through the air, the risk of non-authorized people catching data is also a fact.
Thus, security of data or data protection turns in a main issue in the current context, concerning both people (protective with their own data) and governments (legislating to protect people anonymity to certain extent).
It is known from prior art a bunch of solutions related to send health measurements of patients who use a wide variety of health devices like blood pressures, weight scales or glucometers with capacity to send said measurements remotely to doctors for their supervision from hospitals and assistance centres or patient's homes. Or according to a feasible scenario where a single health device is used by several users in a public space, as a nursing home, it is needed to associate each medical measurement with the person and it is here where the problem about anonymity, and the specific requirements of many cases, arises.
The prior art discloses some inventions regarding this item, for example US201209676 (A1) “Multiuser health monitoring using biometric identification” where it is presented a health monitoring hub, system and method for remotely monitoring a person's health. This patent provides a method to pair the measurement with the identifier of the person either in a local or remote hub. However, this method may be valid when the requirements about privacy and data protection laws are relaxed, but certainly it is insufficient for strict Privacy bills, as most European countries where medical data is considered extremely sensible and thus requiring specific methods of protection.
Also the patents US20120030229A1 and US20110313774A1 describe a method to associate measures to a user using time stamps, but the main problem of these patents is that a solution based on time stamps is only valid for a reduced group of users and the users anonymity cannot be guaranteed.
Another solution proposed in the prior art is US2009205042A “External user interface based measurement association”, where the patient “Identifies herself” and there is a step of associate measurements with patients ID (this uses a “remote device” against an “Identification device” that communicates with an “Association device” that after the association, transfers the data to the “measurement server”, but all this process implies a single channel of communication or at least, two channels closely related, what may put the anonymity at risk. The binding user-measurement is done locally in the “patient station” despite the session method described. The purpose of this solution is far from fulfilling strict data protection bills but it seems a method for allowing many measurements from a single user that are useful for purposes of a rehabilitation session, as for example physiotherapy exercises for recovering a damaged member.
Same problem with anonymity is repeated in many cities where they have deployed sensor networks, cameras and all kind of measurement devices to monitor for example the traffic of certain streets, the influx of people in certain locations of the city . . . all these data are highly valuable and need to be protected. The classical solution is resorting to complex coding techniques which are not suitable for these cases where actually all these data are useless if they cannot be correctly matched with the associated source. Therefore the focus should be on the matching.
In general, any system working with big amounts of sensitive data associated to sources, resort to complex coding algorithms to send the data, but these solutions are not actually avoiding the risk of a third person catching the data since they often use the same channel to be transmitted.
Even, if the data of the sources are not sent together with the identification of the sources, the links are almost obvious for any one skill in the art and interested in obtaining certain unauthorized data.
Besides the anonymity issue, the protection of data associated to the user prevents for robberies. For example delivery companies often use tracking systems monitoring their goods, as it is also used in containers or trucks. Data related with the content and progressing of a shipment in containers/packets/trucks need to be associated in some way to the source (an identifier for the container/packet/truck for example) but once the data and the identifier are sent to a control system they are exposed to be intercepted by a third party.
Therefore, it is missing in the prior art a method for anonymously associating users to the measurements taken by measurements devices. Measurements and identification travel together or obviously linked in all the solutions commented before or even a matching is done locally, which is highly inappropriate to guarantee the anonymity of the service.