With the ever growing number of applications that allow users to carry out operations that rely on remote retrieval of data which is associated with the users who wish to retrieve that data, one of the problems that arise relates to the identity of the users. Even though users fully understand and appreciate the need to have the data that relate to them, associate with their personal details, still, there are many occasions that the users would like to be able to access a database while retaining their anonymity, for example when they want to access data that relates to their utilization of certain resources, and particularly when they need to verify the retrieved data (e.g. verify the appropriate consumption of the utilized resources), while retaining their privacy uncompromised.
Quite a vast number of publications suggest various ways of remote data accessing by users. To name but few, U.S. Pat. No. 7,561,681 describes an interactive system for managing and remotely monitoring and affecting the connection status of a customer utility load network. The interactive system is provided through a web-based application, offering a plurality of selectable services to a user. Such services may include a read service for providing metered customer utility data, a usage and demand notification service for alarming a user when utility usage and demand exceeds a threshold amount, and a connection service for setting a utility load as either connected or disconnected. The information is then relayed from the system controller and web-based utility application to any utility meters linked to the system.
WO 2012104149 describes a utility meter for metering at least one utility consumption that comprises among others: a memory to store a personal key (K), a unique identifier (ID0), a utility consumption value (V) metered by the utility meter, and a remote management key (K0, K1). The utility messages are authenticated by using said personal key (K), and a payload key (Kp) is generated and used to encrypt the utility consumption value (V) therewith. A cryptogram (C0, C1) is formed by the payload key (Kp) encrypted by the remote management key (k0, K1), so that a utility message comprising the encrypted utility consumption value (V) and the cryptogram (C0, C1) may be sent as one or two separated utility messages being encrypted by the personal key (K).
U.S. Pat. No. 5,153,837 describes a system for generating an energy log for instant recall and display. The system is permanently programmed in read-only memory with the task of scanning sensor inputs, performing consumption calculations, updating the non-volatile memory, responding to external commands, and monitoring peripheral performance. The stored information is available for real-time query of individual sensor data or as a composite hard copy report on a month-to-date or month-end basis. The apparatus accepts inputs from analog and digital sensors whose outputs produce information related to data such as current consumption, water consumption, or fuel consumption and provides an optional interface for the control of these functions. Based on the various inputs, data is stored in specified memory locations and consumption rates and costs are computed based on sensor calibration factors and energy cost factors stored in non-volatile memory at the time of calibration. The system is programmed to detect invalid data and failed sensor inputs in addition to automatically calibrating.
U.S. 20110029655 discloses a method for control transmission of messages over a fixed bandwidth link from fixed position communication devices to a central controller in a load management system. The messages include information relating to electric power consumption by power consuming devices located at service points that include the communication devices. The central controller determines an identifier associated with each communication device, a reporting period during which the messages are to be transmitted by the communication devices and transmission increments within the reporting period. The controller allocates each transmission increment to a respective group of communication devices. The controller then determines a transmission time for a message from a particular communication device based on the identifier for the particular device, duration of a transmission increment allocated to a group of communication devices that includes the particular device, and a quantity of communication devices in the particular device's group.
However, one of the problems which arise in such environments is that a user's data privacy might be breached, if an unlawful access is gained to the information stored within a central system's device.